API tools faq
paste
UAnton

conf

UAnton
Feb 13th, 2025
44
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.03 KB | None | 0 0
raw download clone embed print report
  1. RewriteEngine On
  2. RewriteCond %{HTTPS} =on
  3. RewriteCond %{REQUEST_METHOD} =POST
  4. RewriteRule ^/upload/(.*) http://127.0.0.1:8210/upload?uuid=$1 [P,L]
  5. Header always set Access-Control-Allow-Origin "*"
  6. Header always set Access-Control-Allow-Methods "POST, OPTIONS"
  7. Header always set Access-Control-Allow-Headers "x-requested-with, content-type, origin, authorization, accept, client-security-token, x-signature, x-metadata, x-expires"
  8. root@s-114-VM:~# cat /etc/apache2/httpd.conf
  9. # Empty
  10. root@s-114-VM:~# cat /etc/apache2/sites-enabled/vhost-10.1.0.1.conf
  11. <VirtualHost 10.1.0.1:80>
  12. ServerAdmin webmaster@localhost
  13.  
  14. DocumentRoot /var/www/html
  15. ServerName cloudinternal.com
  16. <Directory />
  17. Options FollowSymLinks
  18. AllowOverride None
  19. </Directory>
  20. <Directory /var/www/html>
  21. Options Indexes FollowSymLinks MultiViews
  22. AllowOverride All
  23. Order allow,deny
  24. allow from all
  25. </Directory>
  26.  
  27. ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
  28. <Directory "/usr/lib/cgi-bin">
  29. AllowOverride None
  30. Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
  31. Order allow,deny
  32. Allow from all
  33. </Directory>
  34.  
  35. ErrorLog ${APACHE_LOG_DIR}/error.log
  36.  
  37. # Possible values include: debug, info, notice, warn, error, crit,
  38. # alert, emerg.
  39. LogLevel warn
  40.  
  41. CustomLog ${APACHE_LOG_DIR}/access.log combined
  42.  
  43. Alias /doc/ "/usr/share/doc/"
  44. <Directory "/usr/share/doc/">
  45. Options Indexes MultiViews FollowSymLinks
  46. AllowOverride None
  47. Order deny,allow
  48. Deny from all
  49. Allow from 127.0.0.0/255.0.0.0 ::1/128
  50. </Directory>
  51.  
  52. # Include HTTP configuration **IF SET**
  53. IncludeOptional /etc/apache2/http.conf
  54.  
  55. </VirtualHost>
  56.  
  57. <IfModule mod_ssl.c>
  58. <VirtualHost 10.1.0.1:443>
  59. ServerAdmin webmaster@localhost
  60.  
  61. DocumentRoot /var/www/html
  62. ServerName cloudinternal.com
  63. <Directory />
  64. Options FollowSymLinks
  65. AllowOverride None
  66. </Directory>
  67. <Directory /var/www/html>
  68. Options Indexes FollowSymLinks MultiViews
  69. AllowOverride all
  70. Order allow,deny
  71. allow from all
  72. </Directory>
  73.  
  74. ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
  75. <Directory "/usr/lib/cgi-bin">
  76. AllowOverride None
  77. Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
  78. Order allow,deny
  79. Allow from all
  80. </Directory>
  81.  
  82. ErrorLog ${APACHE_LOG_DIR}/error.log
  83.  
  84. # Possible values include: debug, info, notice, warn, error, crit,
  85. # alert, emerg.
  86. LogLevel warn
  87.  
  88. CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
  89.  
  90. Alias /doc/ "/usr/share/doc/"
  91. <Directory "/usr/share/doc/">
  92. Options Indexes MultiViews FollowSymLinks
  93. AllowOverride None
  94. Order deny,allow
  95. Deny from all
  96. Allow from 127.0.0.0/255.0.0.0 ::1/128
  97. </Directory>
  98.  
  99. # Include HTTPS configuration **IF SET**
  100. IncludeOptional /etc/apache2/https.conf
  101.  
  102. # SSL Engine Switch:
  103. # Enable/Disable SSL for this virtual host.
  104. SSLEngine on
  105. SSLProtocol TLSv1.2
  106. SSLCipherSuite @SECLEVEL=0:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
  107. SSLHonorCipherOrder on
  108.  
  109. # A self-signed (snakeoil) certificate can be created by installing
  110. # the ssl-cert package. See
  111. # /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
  112. # If both key and certificate are stored in the same file, only the
  113. # SSLCertificateFile directive is needed.
  114. SSLCertificateFile /etc/ssl/certs/cert_apache.crt
  115. SSLCertificateKeyFile /etc/ssl/private/cert_apache.key
  116.  
  117. # Server Certificate Chain:
  118. # Point SSLCertificateChainFile at a file containing the
  119. # concatenation of PEM encoded CA certificates which form the
  120. # certificate chain for the server certificate. Alternatively
  121. # the referenced file can be the same as SSLCertificateFile
  122. # when the CA certificates are directly appended to the server
  123. # certificate for convinience.
  124. SSLCertificateChainFile /etc/ssl/certs/cert_apache_chain.crt
  125.  
  126. # Certificate Authority (CA):
  127. # Set the CA certificate verification path where to find CA
  128. # certificates for client authentication or alternatively one
  129. # huge file containing all of them (file must be PEM encoded)
  130. # Note: Inside SSLCACertificatePath you need hash symlinks
  131. # to point to the certificate files. Use the provided
  132. # Makefile to update the hash symlinks after changes.
  133. #SSLCACertificatePath /etc/ssl/certs/
  134. #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
  135.  
  136. # Certificate Revocation Lists (CRL):
  137. # Set the CA revocation path where to find CA CRLs for client
  138. # authentication or alternatively one huge file containing all
  139. # of them (file must be PEM encoded)
  140. # Note: Inside SSLCARevocationPath you need hash symlinks
  141. # to point to the certificate files. Use the provided
  142. # Makefile to update the hash symlinks after changes.
  143. #SSLCARevocationPath /etc/apache2/ssl.crl/
  144. #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
  145.  
  146. # Client Authentication (Type):
  147. # Client certificate verification type and depth. Types are
  148. # none, optional, require and optional_no_ca. Depth is a
  149. # number which specifies how deeply to verify the certificate
  150. # issuer chain before deciding the certificate is not valid.
  151. #SSLVerifyClient require
  152. #SSLVerifyDepth 10
  153.  
  154. # Access Control:
  155. # With SSLRequire you can do per-directory access control based
  156. # on arbitrary complex boolean expressions containing server
  157. # variable checks and other lookup directives. The syntax is a
  158. # mixture between C and Perl. See the mod_ssl documentation
  159. # for more details.
  160. #<Location />
  161. #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
  162. # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
  163. # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
  164. # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
  165. # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
  166. # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
  167. #</Location>
  168.  
  169. # SSL Engine Options:
  170. # Set various options for the SSL engine.
  171. # o FakeBasicAuth:
  172. # Translate the client X.509 into a Basic Authorisation. This means that
  173. # the standard Auth/DBMAuth methods can be used for access control. The
  174. # user name is the `one line' version of the client's X.509 certificate.
  175. # Note that no password is obtained from the user. Every entry in the user
  176. # file needs this password: `xxj31ZMTZzkVA'.
  177. # o ExportCertData:
  178. # This exports two additional environment variables: SSL_CLIENT_CERT and
  179. # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
  180. # server (always existing) and the client (only existing when client
  181. # authentication is used). This can be used to import the certificates
  182. # into CGI scripts.
  183. # o StdEnvVars:
  184. # This exports the standard SSL/TLS related `SSL_*' environment variables.
  185. # Per default this exportation is switched off for performance reasons,
  186. # because the extraction step is an expensive operation and is usually
  187. # useless for serving static content. So one usually enables the
  188. # exportation for CGI and SSI requests only.
  189. # o StrictRequire:
  190. # This denies access when "SSLRequireSSL" or "SSLRequire" applied even
  191. # under a "Satisfy any" situation, i.e. when it applies access is denied
  192. # and no other module can change it.
  193. # o OptRenegotiate:
  194. # This enables optimized SSL connection renegotiation handling when SSL
  195. # directives are used in per-directory context.
  196. #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
  197. <FilesMatch "\.(cgi|shtml|phtml|php)$">
  198. SSLOptions +StdEnvVars
  199. </FilesMatch>
  200. <Directory /usr/lib/cgi-bin>
  201. SSLOptions +StdEnvVars
  202. </Directory>
  203.  
  204. # SSL Protocol Adjustments:
  205. # The safe and default but still SSL/TLS standard compliant shutdown
  206. # approach is that mod_ssl sends the close notify alert but doesn't wait for
  207. # the close notify alert from client. When you need a different shutdown
  208. # approach you can use one of the following variables:
  209. # o ssl-unclean-shutdown:
  210. # This forces an unclean shutdown when the connection is closed, i.e. no
  211. # SSL close notify alert is send or allowed to received. This violates
  212. # the SSL/TLS standard but is needed for some brain-dead browsers. Use
  213. # this when you receive I/O errors because of the standard approach where
  214. # mod_ssl sends the close notify alert.
  215. # o ssl-accurate-shutdown:
  216. # This forces an accurate shutdown when the connection is closed, i.e. a
  217. # SSL close notify alert is send and mod_ssl waits for the close notify
  218. # alert of the client. This is 100% SSL/TLS standard compliant, but in
  219. # practice often causes hanging connections with brain-dead browsers. Use
  220. # this only for browsers where you know that their SSL implementation
  221. # works correctly.
  222. # Notice: Most problems of broken clients are also related to the HTTP
  223. # keep-alive facility, so you usually additionally want to disable
  224. # keep-alive for those clients, too. Use variable "nokeepalive" for this.
  225. # Similarly, one has to force some clients to use HTTP/1.0 to workaround
  226. # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
  227. # "force-response-1.0" for this.
  228. BrowserMatch "MSIE [2-6]" \
  229. nokeepalive ssl-unclean-shutdown \
  230. downgrade-1.0 force-response-1.0
  231. # MSIE 7 and newer should be able to use keepalive
  232. BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
  233.  
  234. </VirtualHost>
  235. </IfModule>
  236. # If you just change the port or add more ports here, you will likely also
  237. # have to change the VirtualHost statement in
  238. # /etc/apache2/sites-enabled/000-default
  239. # This is also true if you have upgraded from before 2.2.9-3 (i.e. from
  240. # Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
  241. # README.Debian.gz
  242.  
  243. Listen 10.1.0.1:80
  244.  
  245. <IfModule mod_ssl.c>
  246. # Server Name Indication for SSL named virtual hosts is currently not
  247. # supported by MSIE on Windows XP.
  248. Listen 10.1.0.1:443
  249. </IfModule>
  250.  
  251. <IfModule mod_gnutls.c>
  252. Listen 10.1.0.1:443
  253. </IfModule>
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!