Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- charles@hal:/var/log/apache2 $ sudo service apache2 status
- [sudo] password for charles:
- * apache2.service - LSB: Apache2 web server
- Loaded: loaded (/etc/init.d/apache2; generated; vendor preset: enabled)
- Active: active (exited) since Wed 2018-11-28 04:00:24 GMT; 15h ago
- Docs: man:systemd-sysv-generator(8)
- CGroup: /system.slice/apache2.service
- Nov 28 04:00:24 hal systemd[1]: Starting LSB: Apache2 web server...
- Nov 28 04:00:24 hal systemd[1]: Started LSB: Apache2 web server.
- charles@hal:/var/log/apache2 $ sudo service apache2 status
- * apache2.service - LSB: Apache2 web server
- Loaded: loaded (/etc/init.d/apache2; generated; vendor preset: enabled)
- Active: active (exited) since Wed 2018-11-28 04:00:24 GMT; 15h ago
- Docs: man:systemd-sysv-generator(8)
- CGroup: /system.slice/apache2.service
- Nov 28 04:00:24 hal systemd[1]: Starting LSB: Apache2 web server...
- Nov 28 04:00:24 hal systemd[1]: Started LSB: Apache2 web server.
- charles@hal:/var/log/apache2 $ sudo service samba-ad-dc status
- * samba-ad-dc.service
- Loaded: masked (/dev/null; bad)
- Active: inactive (dead)
- charles@hal:/var/log/apache2 $ sudo service samba status
- Unit samba.service could not be found.
- charles@hal:/var/log/apache2 $ sudo service sambad status
- Unit sambad.service could not be found.
- charles@hal:/var/log/apache2 $ sudo ufw status
- ERROR: problem running ip6tables
- charles@hal:/var/log/apache2 $ sudo ufw status
- ERROR: problem running ip6tables
- charles@hal:/var/log/apache2 $ sudo ufw enable
- Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
- Firewall is active and enabled on system startup
- charles@hal:/var/log/apache2 $ sudo ufw status
- ERROR: problem running ip6tables
- charles@hal:/var/log/apache2 $ sudo ufw disable
- Firewall stopped and disabled on system startup
- charles@hal:/var/log/apache2 $ sudo ufw status
- Status: inactive
- charles@hal:/var/log/apache2 $ sudo ufw enable
- Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
- Firewall is active and enabled on system startup
- charles@hal:/var/log/apache2 $ sudo ufw status
- Status: active
- To Action From
- -- ------ ----
- 1194 DENY Anywhere
- 80 ALLOW Anywhere
- 22/tcp ALLOW Anywhere
- Samba ALLOW Anywhere
- 5900 ALLOW Anywhere
- Anywhere ALLOW 10.8.0.0/24
- 443/tcp ALLOW Anywhere
- 4443 ALLOW Anywhere
- 443 ALLOW Anywhere
- 80/tcp ALLOW Anywhere
- 4443 (v6) ALLOW Anywhere (v6)
- 443 (v6) ALLOW Anywhere (v6)
- 80/tcp (v6) ALLOW Anywhere (v6)
- 443/tcp (v6) ALLOW Anywhere (v6)
- charles@hal:/var/log/apache2 $ cd /etc/samba/
- charles@hal:/etc/samba $ cat smb.conf
- #
- # Sample configuration file for the Samba suite for Debian GNU/Linux.
- #
- #
- # This is the main Samba configuration file. You should read the
- # smb.conf(5) manual page in order to understand the options listed
- # here. Samba has a huge number of configurable options most of which
- # are not shown in this example
- #
- # Some options that are often worth tuning have been included as
- # commented-out examples in this file.
- # - When such options are commented with ";", the proposed setting
- # differs from the default Samba behaviour
- # - When commented with "#", the proposed setting is the default
- # behaviour of Samba but the option is considered important
- # enough to be mentioned here
- #
- # NOTE: Whenever you modify this file you should run the command
- # "testparm" to check that you have not made any basic syntactic
- # errors.
- #======================= Global Settings =======================
- [global]
- protocol = SMB3
- #client max protocol = SMB2 # by me to try to make it work
- #bind to interfaces only = yes
- ## Browsing/Identification ###
- # Change this to the workgroup/NT-domain name your Samba server will part of
- workgroup = WORKGROUP
- # Windows Internet Name Serving Support Section:
- # WINS Support - Tells the NMBD component of Samba to enable its WINS Server
- # wins support = no
- # WINS Server - Tells the NMBD components of Samba to be a WINS Client
- # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
- ; wins server = w.x.y.z
- # This will prevent nmbd to search for NetBIOS names through DNS.
- dns proxy = no
- #### Networking ####
- # The specific set of interfaces / networks to bind to
- # This can be either the interface name or an IP address/netmask;
- # interface names are normally preferred
- ; interfaces = 127.0.0.0/8 eth0
- # Only bind to the named interfaces and/or networks; you must use the
- # 'interfaces' option above to use this.
- # It is recommended that you enable this feature if your Samba machine is
- # not protected by a firewall or is a firewall itself. However, this
- # option cannot handle dynamic or non-broadcast interfaces correctly.
- ; bind interfaces only = yes
- #### Debugging/Accounting ####
- # This tells Samba to use a separate log file for each machine
- # that connects
- log file = /var/log/samba/log.%m
- # Cap the size of the individual log files (in KiB).
- max log size = 1000
- # If you want Samba to only log through syslog then set the following
- # parameter to 'yes'.
- # syslog only = no
- # We want Samba to log a minimum amount of information to syslog. Everything
- # should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log
- # through syslog you should set the following parameter to something higher.
- syslog = 0
- # Do something sensible when Samba crashes: mail the admin a backtrace
- panic action = /usr/share/samba/panic-action %d
- ####### Authentication #######
- # Server role. Defines in which mode Samba will operate. Possible
- # values are "standalone server", "member server", "classic primary
- # domain controller", "classic backup domain controller", "active
- # directory domain controller".
- #
- # Most people will want "standalone sever" or "member server".
- # Running as "active directory domain controller" will require first
- # running "samba-tool domain provision" to wipe databases and create a
- # new domain.
- server role = standalone server
- # If you are using encrypted passwords, Samba will need to know what
- # password database type you are using.
- passdb backend = tdbsam
- obey pam restrictions = yes
- # This boolean parameter controls whether Samba attempts to sync the Unix
- # password with the SMB password when the encrypted SMB password in the
- # passdb is changed.
- unix password sync = yes
- # For Unix password sync to work on a Debian GNU/Linux system, the following
- # parameters must be set (thanks to Ian Kahan <<kahan@informatik.tu-muenchen.de> for
- # sending the correct chat script for the passwd program in Debian Sarge).
- passwd program = /usr/bin/passwd %u
- passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
- # This boolean controls whether PAM will be used for password changes
- # when requested by an SMB client instead of the program listed in
- # 'passwd program'. The default is 'no'.
- pam password change = yes
- # This option controls how unsuccessful authentication attempts are mapped
- # to anonymous connections
- map to guest = bad user
- ########## Domains ###########
- #
- # The following settings only takes effect if 'server role = primary
- # classic domain controller', 'server role = backup domain controller'
- # or 'domain logons' is set
- #
- # It specifies the location of the user's
- # profile directory from the client point of view) The following
- # required a [profiles] share to be setup on the samba server (see
- # below)
- ; logon path = \\%N\profiles\%U
- # Another common choice is storing the profile in the user's home directory
- # (this is Samba's default)
- # logon path = \\%N\%U\profile
- # The following setting only takes effect if 'domain logons' is set
- # It specifies the location of a user's home directory (from the client
- # point of view)
- ; logon drive = H:
- # logon home = \\%N\%U
- # The following setting only takes effect if 'domain logons' is set
- # It specifies the script to run during logon. The script must be stored
- # in the [netlogon] share
- # NOTE: Must be store in 'DOS' file format convention
- ; logon script = logon.cmd
- # This allows Unix users to be created on the domain controller via the SAMR
- # RPC pipe. The example command creates a user account with a disabled Unix
- # password; please adapt to your needs
- ; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
- # This allows machine accounts to be created on the domain controller via the
- # SAMR RPC pipe.
- # The following assumes a "machines" group exists on the system
- ; add machine script = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u
- # This allows Unix groups to be created on the domain controller via the SAMR
- # RPC pipe.
- ; add group script = /usr/sbin/addgroup --force-badname %g
- ############ Misc ############
- # Using the following line enables you to customise your configuration
- # on a per machine basis. The %m gets replaced with the netbios name
- # of the machine that is connecting
- ; include = /home/samba/etc/smb.conf.%m
- # Some defaults for winbind (make sure you're not using the ranges
- # for something else.)
- ; idmap uid = 10000-20000
- ; idmap gid = 10000-20000
- ; template shell = /bin/bash
- # Setup usershare options to enable non-root users to share folders
- # with the net usershare command.
- # Maximum number of usershare. 0 (default) means that usershare is disabled.
- ; usershare max shares = 100
- # Allow users who've been granted usershare privileges to create
- # public shares, not just authenticated ones
- usershare allow guests = yes
- #======================= Share Definitions =======================
- #[homes_disabled_ncp]
- [home]
- comment = Home Directories
- browseable = no
- # By default, the home directories are exported read-only. Change the
- # next parameter to 'no' if you want to be able to write to them.
- read only = yes
- # File creation mask is set to 0700 for security reasons. If you want to
- # create files with group=rw permissions, set next parameter to 0775.
- create mask = 0700
- # Directory creation mask is set to 0700 for security reasons. If you want to
- # create dirs. with group=rw permissions, set next parameter to 0775.
- directory mask = 0700
- # By default, \\server\username shares can be connected to by anyone
- # with access to the samba server.
- # The following parameter makes sure that only "username" can connect
- # to \\server\username
- # This might need tweaking when using external authentication schemes
- valid users = %S
- # Un-comment the following and create the netlogon directory for Domain Logons
- # (you need to configure Samba to act as a domain controller too.)
- ;[netlogon]
- ; comment = Network Logon Service
- ; path = /home/samba/netlogon
- ; guest ok = yes
- ; read only = yes
- # Un-comment the following and create the profiles directory to store
- # users profiles (see the "logon path" option above)
- # (you need to configure Samba to act as a domain controller too.)
- # The path below should be writable by all users so that their
- # profile directory may be created the first time they log on
- ;[profiles]
- ; comment = Users profiles
- ; path = /home/samba/profiles
- ; guest ok = no
- ; browseable = no
- ; create mask = 0600
- ; directory mask = 0700
- [printers]
- comment = All Printers
- browseable = no
- path = /var/spool/samba
- printable = yes
- guest ok = no
- read only = yes
- create mask = 0700
- # Windows clients look for this share name as a source of downloadable
- # printer drivers
- [print$]
- comment = Printer Drivers
- path = /var/lib/samba/printers
- browseable = yes
- read only = yes
- guest ok = no
- # Uncomment to allow remote administration of Windows print drivers.
- # You may need to replace 'lpadmin' with the name of the group your
- # admin users are members of.
- # Please note that you also need to set appropriate Unix permissions
- # to the drivers directory for these users to have write rights in it
- ; write list = root, @lpadmin
- [share]
- Comment = HAL shared folder
- #Path = /share
- Path = /mnt/ultra/share
- Browseable = yes
- Writeable = Yes
- only guest = no
- create mask = 0777
- directory mask = 0777
- Public = yes
- Guest ok = yes
- # NextCloudPi automatically generated from here. Do not remove this comment
- [ncp-ncp]
- path = /var/www/nextcloud/data/ncp/files
- writeable = yes
- ; browseable = yes
- valid users = ncp
- force user = www-data
- force group = www-data
- create mask = 0770
- directory mask = 0771
- force create mode = 0660
- force directory mode = 0770
- charles@hal:/etc/samba $ netstat -tulpn
- (No info could be read for "-p": geteuid()=1000 but you should be root.)
- Active Internet connections (only servers)
- Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
- tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN -
- tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN -
- tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN -
- tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN -
- tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
- tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN -
- tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN -
- tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN -
- tcp6 0 0 :::139 :::* LISTEN -
- tcp6 0 0 :::5900 :::* LISTEN -
- tcp6 0 0 :::53 :::* LISTEN -
- tcp6 0 0 :::22 :::* LISTEN -
- tcp6 0 0 :::445 :::* LISTEN -
- udp 0 0 0.0.0.0:47621 0.0.0.0:* -
- udp 0 0 0.0.0.0:53 0.0.0.0:* -
- udp 0 0 0.0.0.0:68 0.0.0.0:* -
- udp 0 0 192.168.1.255:137 0.0.0.0:* -
- udp 0 0 192.168.1.99:137 0.0.0.0:* -
- udp 0 0 0.0.0.0:137 0.0.0.0:* -
- udp 0 0 192.168.1.255:138 0.0.0.0:* -
- udp 0 0 192.168.1.99:138 0.0.0.0:* -
- udp 0 0 0.0.0.0:138 0.0.0.0:* -
- udp 0 0 0.0.0.0:5353 0.0.0.0:* -
- udp6 0 0 :::53244 :::* -
- udp6 0 0 :::53 :::* -
- udp6 0 0 :::5353 :::* -
- charles@hal:/etc/samba $ sudo netstat -tulpn
- Active Internet connections (only servers)
- Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
- tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 1209/mysqld
- tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 1187/smbd
- tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 591/vncserver-x11-c
- tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 617/dnsmasq
- tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 615/sshd
- tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1054/master
- tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 361/openvpn
- tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 1187/smbd
- tcp6 0 0 :::139 :::* LISTEN 1187/smbd
- tcp6 0 0 :::5900 :::* LISTEN 591/vncserver-x11-c
- tcp6 0 0 :::53 :::* LISTEN 617/dnsmasq
- tcp6 0 0 :::22 :::* LISTEN 615/sshd
- tcp6 0 0 :::445 :::* LISTEN 1187/smbd
- udp 0 0 0.0.0.0:47621 0.0.0.0:* 320/avahi-daemon: r
- udp 0 0 0.0.0.0:53 0.0.0.0:* 617/dnsmasq
- udp 0 0 0.0.0.0:68 0.0.0.0:* 338/dhcpcd
- udp 0 0 192.168.1.255:137 0.0.0.0:* 563/nmbd
- udp 0 0 192.168.1.99:137 0.0.0.0:* 563/nmbd
- udp 0 0 0.0.0.0:137 0.0.0.0:* 563/nmbd
- udp 0 0 192.168.1.255:138 0.0.0.0:* 563/nmbd
- udp 0 0 192.168.1.99:138 0.0.0.0:* 563/nmbd
- udp 0 0 0.0.0.0:138 0.0.0.0:* 563/nmbd
- udp 0 0 0.0.0.0:5353 0.0.0.0:* 320/avahi-daemon: r
- udp6 0 0 :::53244 :::* 320/avahi-daemon: r
- udp6 0 0 :::53 :::* 617/dnsmasq
- udp6 0 0 :::5353 :::* 320/avahi-daemon: r
- charles@hal:/etc/samba $ cd ../apache2/
- charles@hal:/etc/apache2 $ cd sites-enabled/
- charles@hal:/etc/apache2/sites-enabled $ ls
- 000-default.conf ncp.conf ota.charles-iv.uk.conf
- d.charles-iv.uk.conf nextcloud.conf stuff.charles-iv.uk.conf
- charles@hal:/etc/apache2/sites-enabled $ cat *
- <VirtualHost _default_:80>
- DocumentRoot /var/www/html
- <IfModule mod_rewrite.c>
- RewriteEngine Off
- RewriteCond %{HTTPS} !=on
- RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
- </IfModule>
- RewriteEngine On
- RewriteRule ^/?soochwiki(/.*)?$ %{DOCUMENT_ROOT}/mediawiki/index.php [L]
- RewriteRule ^/*$ %{DOCUMENT_ROOT}/mediawiki/index.php [L]
- </VirtualHost>
- <VirtualHost *:80>
- # The ServerName directive sets the request scheme, hostname and port that
- # the server uses to identify itself. This is used when creating
- # redirection URLs. In the context of virtual hosts, the ServerName
- # specifies what hostname must appear in the request's Host: header to
- # match this virtual host. For the default virtual host (this file) this
- # value is not decisive as it is used as a last resort host regardless.
- # However, you must set it for any further virtual host explicitly.
- ServerName d.charles-iv.uk
- ServerAdmin webmaster@localhost
- DocumentRoot /var/www/d
- <Directory "/var/www/d">
- AllowOverride All
- </Directory>
- # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
- # error, crit, alert, emerg.
- # It is also possible to configure the loglevel for particular
- # modules, e.g.
- #LogLevel info ssl:warn
- ErrorLog ${APACHE_LOG_DIR}/error.log
- CustomLog ${APACHE_LOG_DIR}/access.log combined
- # For most configuration files from conf-available/, which are
- # enabled or disabled at a global level, it is possible to
- # include a line for only one particular virtual host. For example the
- # following line enables the CGI configuration for this host only
- # after it has been globally disabled with "a2disconf".
- #Include conf-available/serve-cgi-bin.conf
- </VirtualHost>
- # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
- Listen 4443
- <VirtualHost _default_:4443>
- DocumentRoot /var/www/ncp-web
- SSLEngine on
- SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
- SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
- # 2 days to avoid very big backups requests to timeout
- TimeOut 172800
- <IfModule mod_authnz_external.c>
- DefineExternalAuth pwauth pipe /usr/sbin/pwauth
- </IfModule>
- </VirtualHost>
- <Directory /var/www/ncp-web/>
- AuthType Basic
- AuthName "ncp-web login"
- AuthBasicProvider external
- AuthExternal pwauth
- SetEnvIf Request_URI "^" noauth
- SetEnvIf Request_URI "^index\.php$" !noauth
- SetEnvIf Request_URI "^/$" !noauth
- SetEnvIf Request_URI "^/wizard/index.php$" !noauth
- SetEnvIf Request_URI "^/wizard/$" !noauth
- <RequireAll>
- <RequireAny>
- Require host localhost
- Require local
- Require ip 192.168
- Require ip 172
- Require ip 10
- </RequireAny>
- <RequireAny>
- Require env noauth
- Require user ncp
- </RequireAny>
- </RequireAll>
- </Directory>
- <IfModule mod_ssl.c>
- <VirtualHost _default_:4545>
- DocumentRoot /var/www/nextcloud
- CustomLog /var/log/apache2/nc-access.log combined
- ErrorLog /var/log/apache2/nc-error.log
- SSLEngine on
- SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
- SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
- </VirtualHost>
- <Directory /var/www/nextcloud/>
- Options +FollowSymlinks
- AllowOverride All
- <IfModule mod_dav.c>
- Dav off
- </IfModule>
- LimitRequestBody 0
- SSLRenegBufferSize 10486000
- </Directory>
- </IfModule>
- <VirtualHost *:80>
- # The ServerName directive sets the request scheme, hostname and port that
- # the server uses to identify itself. This is used when creating
- # redirection URLs. In the context of virtual hosts, the ServerName
- # specifies what hostname must appear in the request's Host: header to
- # match this virtual host. For the default virtual host (this file) this
- # value is not decisive as it is used as a last resort host regardless.
- # However, you must set it for any further virtual host explicitly.
- ServerName ota.charles-iv.uk
- ServerAdmin webmaster@localhost
- DocumentRoot /var/www/LineageOTA
- <Directory "/var/www/LineageOTA">
- AllowOverride All
- </Directory>
- # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
- # error, crit, alert, emerg.
- # It is also possible to configure the loglevel for particular
- # modules, e.g.
- #LogLevel info ssl:warn
- ErrorLog ${APACHE_LOG_DIR}/error.log
- CustomLog ${APACHE_LOG_DIR}/access.log combined
- # For most configuration files from conf-available/, which are
- # enabled or disabled at a global level, it is possible to
- # include a line for only one particular virtual host. For example the
- # following line enables the CGI configuration for this host only
- # after it has been globally disabled with "a2disconf".
- #Include conf-available/serve-cgi-bin.conf
- </VirtualHost>
- # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
- <VirtualHost *:80>
- # The ServerName directive sets the request scheme, hostname and port that
- # the server uses to identify itself. This is used when creating
- # redirection URLs. In the context of virtual hosts, the ServerName
- # specifies what hostname must appear in the request's Host: header to
- # match this virtual host. For the default virtual host (this file) this
- # value is not decisive as it is used as a last resort host regardless.
- # However, you must set it for any further virtual host explicitly.
- ServerName stuff.charles-iv.uk
- ServerAdmin webmaster@localhost
- DocumentRoot /var/www/stuff
- <Directory "/var/www/stuff">
- AllowOverride All
- </Directory>
- # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
- # error, crit, alert, emerg.
- # It is also possible to configure the loglevel for particular
- # modules, e.g.
- #LogLevel info ssl:warn
- ErrorLog ${APACHE_LOG_DIR}/error.log
- CustomLog ${APACHE_LOG_DIR}/access.log combined
- # For most configuration files from conf-available/, which are
- # enabled or disabled at a global level, it is possible to
- # include a line for only one particular virtual host. For example the
- # following line enables the CGI configuration for this host only
- # after it has been globally disabled with "a2disconf".
- #Include conf-available/serve-cgi-bin.conf
- RewriteEngine On
- RewriteRule ^/?soochwiki(/.*)?$ %{DOCUMENT_ROOT}/mediawiki/index.php [L]
- RewriteRule ^/*$ %{DOCUMENT_ROOT}/mediawiki/index.php [L]
- </VirtualHost>
- # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
- charles@hal:/etc/apache2/sites-enabled $ cd ../sites-available/
- charles@hal:/etc/apache2/sites-available $ ls
- 000-default.conf ncp-activation.conf ota.charles-iv.uk.conf
- d.charles-iv.uk.conf ncp.conf stuff.charles-iv.uk.conf
- default-ssl.conf nextcloud.conf
- charles@hal:/etc/apache2/sites-available $ cat *
- <VirtualHost _default_:80>
- DocumentRoot /var/www/html
- <IfModule mod_rewrite.c>
- RewriteEngine Off
- RewriteCond %{HTTPS} !=on
- RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
- </IfModule>
- RewriteEngine On
- RewriteRule ^/?soochwiki(/.*)?$ %{DOCUMENT_ROOT}/mediawiki/index.php [L]
- RewriteRule ^/*$ %{DOCUMENT_ROOT}/mediawiki/index.php [L]
- </VirtualHost>
- <VirtualHost *:80>
- # The ServerName directive sets the request scheme, hostname and port that
- # the server uses to identify itself. This is used when creating
- # redirection URLs. In the context of virtual hosts, the ServerName
- # specifies what hostname must appear in the request's Host: header to
- # match this virtual host. For the default virtual host (this file) this
- # value is not decisive as it is used as a last resort host regardless.
- # However, you must set it for any further virtual host explicitly.
- ServerName d.charles-iv.uk
- ServerAdmin webmaster@localhost
- DocumentRoot /var/www/d
- <Directory "/var/www/d">
- AllowOverride All
- </Directory>
- # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
- # error, crit, alert, emerg.
- # It is also possible to configure the loglevel for particular
- # modules, e.g.
- #LogLevel info ssl:warn
- ErrorLog ${APACHE_LOG_DIR}/error.log
- CustomLog ${APACHE_LOG_DIR}/access.log combined
- # For most configuration files from conf-available/, which are
- # enabled or disabled at a global level, it is possible to
- # include a line for only one particular virtual host. For example the
- # following line enables the CGI configuration for this host only
- # after it has been globally disabled with "a2disconf".
- #Include conf-available/serve-cgi-bin.conf
- </VirtualHost>
- # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
- <IfModule mod_ssl.c>
- <VirtualHost _default_:4545>
- ServerAdmin webmaster@localhost
- DocumentRoot /var/www/html
- # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
- # error, crit, alert, emerg.
- # It is also possible to configure the loglevel for particular
- # modules, e.g.
- #LogLevel info ssl:warn
- ErrorLog ${APACHE_LOG_DIR}/error.log
- CustomLog ${APACHE_LOG_DIR}/access.log combined
- # For most configuration files from conf-available/, which are
- # enabled or disabled at a global level, it is possible to
- # include a line for only one particular virtual host. For example the
- # following line enables the CGI configuration for this host only
- # after it has been globally disabled with "a2disconf".
- #Include conf-available/serve-cgi-bin.conf
- # SSL Engine Switch:
- # Enable/Disable SSL for this virtual host.
- SSLEngine on
- # A self-signed (snakeoil) certificate can be created by installing
- # the ssl-cert package. See
- # /usr/share/doc/apache2/README.Debian.gz for more info.
- # If both key and certificate are stored in the same file, only the
- # SSLCertificateFile directive is needed.
- SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
- SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
- # Server Certificate Chain:
- # Point SSLCertificateChainFile at a file containing the
- # concatenation of PEM encoded CA certificates which form the
- # certificate chain for the server certificate. Alternatively
- # the referenced file can be the same as SSLCertificateFile
- # when the CA certificates are directly appended to the server
- # certificate for convinience.
- #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
- # Certificate Authority (CA):
- # Set the CA certificate verification path where to find CA
- # certificates for client authentication or alternatively one
- # huge file containing all of them (file must be PEM encoded)
- # Note: Inside SSLCACertificatePath you need hash symlinks
- # to point to the certificate files. Use the provided
- # Makefile to update the hash symlinks after changes.
- #SSLCACertificatePath /etc/ssl/certs/
- #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
- # Certificate Revocation Lists (CRL):
- # Set the CA revocation path where to find CA CRLs for client
- # authentication or alternatively one huge file containing all
- # of them (file must be PEM encoded)
- # Note: Inside SSLCARevocationPath you need hash symlinks
- # to point to the certificate files. Use the provided
- # Makefile to update the hash symlinks after changes.
- #SSLCARevocationPath /etc/apache2/ssl.crl/
- #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
- # Client Authentication (Type):
- # Client certificate verification type and depth. Types are
- # none, optional, require and optional_no_ca. Depth is a
- # number which specifies how deeply to verify the certificate
- # issuer chain before deciding the certificate is not valid.
- #SSLVerifyClient require
- #SSLVerifyDepth 10
- # SSL Engine Options:
- # Set various options for the SSL engine.
- # o FakeBasicAuth:
- # Translate the client X.509 into a Basic Authorisation. This means that
- # the standard Auth/DBMAuth methods can be used for access control. The
- # user name is the `one line' version of the client's X.509 certificate.
- # Note that no password is obtained from the user. Every entry in the user
- # file needs this password: `xxj31ZMTZzkVA'.
- # o ExportCertData:
- # This exports two additional environment variables: SSL_CLIENT_CERT and
- # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
- # server (always existing) and the client (only existing when client
- # authentication is used). This can be used to import the certificates
- # into CGI scripts.
- # o StdEnvVars:
- # This exports the standard SSL/TLS related `SSL_*' environment variables.
- # Per default this exportation is switched off for performance reasons,
- # because the extraction step is an expensive operation and is usually
- # useless for serving static content. So one usually enables the
- # exportation for CGI and SSI requests only.
- # o OptRenegotiate:
- # This enables optimized SSL connection renegotiation handling when SSL
- # directives are used in per-directory context.
- #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
- <FilesMatch "\.(cgi|shtml|phtml|php)$">
- SSLOptions +StdEnvVars
- </FilesMatch>
- <Directory /usr/lib/cgi-bin>
- SSLOptions +StdEnvVars
- </Directory>
- # SSL Protocol Adjustments:
- # The safe and default but still SSL/TLS standard compliant shutdown
- # approach is that mod_ssl sends the close notify alert but doesn't wait for
- # the close notify alert from client. When you need a different shutdown
- # approach you can use one of the following variables:
- # o ssl-unclean-shutdown:
- # This forces an unclean shutdown when the connection is closed, i.e. no
- # SSL close notify alert is send or allowed to received. This violates
- # the SSL/TLS standard but is needed for some brain-dead browsers. Use
- # this when you receive I/O errors because of the standard approach where
- # mod_ssl sends the close notify alert.
- # o ssl-accurate-shutdown:
- # This forces an accurate shutdown when the connection is closed, i.e. a
- # SSL close notify alert is send and mod_ssl waits for the close notify
- # alert of the client. This is 100% SSL/TLS standard compliant, but in
- # practice often causes hanging connections with brain-dead browsers. Use
- # this only for browsers where you know that their SSL implementation
- # works correctly.
- # Notice: Most problems of broken clients are also related to the HTTP
- # keep-alive facility, so you usually additionally want to disable
- # keep-alive for those clients, too. Use variable "nokeepalive" for this.
- # Similarly, one has to force some clients to use HTTP/1.0 to workaround
- # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
- # "force-response-1.0" for this.
- # BrowserMatch "MSIE [2-6]" \
- # nokeepalive ssl-unclean-shutdown \
- # downgrade-1.0 force-response-1.0
- </VirtualHost>
- </IfModule>
- # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
- <VirtualHost _default_:4545>
- DocumentRoot /var/www/ncp-web/
- SSLEngine on
- SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
- SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
- </VirtualHost>
- <Directory /var/www/ncp-web/>
- <RequireAll>
- <RequireAny>
- Require host localhost
- Require local
- Require ip 192.168
- Require ip 172
- Require ip 10
- </RequireAny>
- </RequireAll>
- </Directory>
- Listen 4443
- <VirtualHost _default_:4443>
- DocumentRoot /var/www/ncp-web
- SSLEngine on
- SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
- SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
- # 2 days to avoid very big backups requests to timeout
- TimeOut 172800
- <IfModule mod_authnz_external.c>
- DefineExternalAuth pwauth pipe /usr/sbin/pwauth
- </IfModule>
- </VirtualHost>
- <Directory /var/www/ncp-web/>
- AuthType Basic
- AuthName "ncp-web login"
- AuthBasicProvider external
- AuthExternal pwauth
- SetEnvIf Request_URI "^" noauth
- SetEnvIf Request_URI "^index\.php$" !noauth
- SetEnvIf Request_URI "^/$" !noauth
- SetEnvIf Request_URI "^/wizard/index.php$" !noauth
- SetEnvIf Request_URI "^/wizard/$" !noauth
- <RequireAll>
- <RequireAny>
- Require host localhost
- Require local
- Require ip 192.168
- Require ip 172
- Require ip 10
- </RequireAny>
- <RequireAny>
- Require env noauth
- Require user ncp
- </RequireAny>
- </RequireAll>
- </Directory>
- <IfModule mod_ssl.c>
- <VirtualHost _default_:4545>
- DocumentRoot /var/www/nextcloud
- CustomLog /var/log/apache2/nc-access.log combined
- ErrorLog /var/log/apache2/nc-error.log
- SSLEngine on
- SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
- SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
- </VirtualHost>
- <Directory /var/www/nextcloud/>
- Options +FollowSymlinks
- AllowOverride All
- <IfModule mod_dav.c>
- Dav off
- </IfModule>
- LimitRequestBody 0
- SSLRenegBufferSize 10486000
- </Directory>
- </IfModule>
- <VirtualHost *:80>
- # The ServerName directive sets the request scheme, hostname and port that
- # the server uses to identify itself. This is used when creating
- # redirection URLs. In the context of virtual hosts, the ServerName
- # specifies what hostname must appear in the request's Host: header to
- # match this virtual host. For the default virtual host (this file) this
- # value is not decisive as it is used as a last resort host regardless.
- # However, you must set it for any further virtual host explicitly.
- ServerName ota.charles-iv.uk
- ServerAdmin webmaster@localhost
- DocumentRoot /var/www/LineageOTA
- <Directory "/var/www/LineageOTA">
- AllowOverride All
- </Directory>
- # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
- # error, crit, alert, emerg.
- # It is also possible to configure the loglevel for particular
- # modules, e.g.
- #LogLevel info ssl:warn
- ErrorLog ${APACHE_LOG_DIR}/error.log
- CustomLog ${APACHE_LOG_DIR}/access.log combined
- # For most configuration files from conf-available/, which are
- # enabled or disabled at a global level, it is possible to
- # include a line for only one particular virtual host. For example the
- # following line enables the CGI configuration for this host only
- # after it has been globally disabled with "a2disconf".
- #Include conf-available/serve-cgi-bin.conf
- </VirtualHost>
- # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
- <VirtualHost *:80>
- # The ServerName directive sets the request scheme, hostname and port that
- # the server uses to identify itself. This is used when creating
- # redirection URLs. In the context of virtual hosts, the ServerName
- # specifies what hostname must appear in the request's Host: header to
- # match this virtual host. For the default virtual host (this file) this
- # value is not decisive as it is used as a last resort host regardless.
- # However, you must set it for any further virtual host explicitly.
- ServerName stuff.charles-iv.uk
- ServerAdmin webmaster@localhost
- DocumentRoot /var/www/stuff
- <Directory "/var/www/stuff">
- AllowOverride All
- </Directory>
- # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
- # error, crit, alert, emerg.
- # It is also possible to configure the loglevel for particular
- # modules, e.g.
- #LogLevel info ssl:warn
- ErrorLog ${APACHE_LOG_DIR}/error.log
- CustomLog ${APACHE_LOG_DIR}/access.log combined
- # For most configuration files from conf-available/, which are
- # enabled or disabled at a global level, it is possible to
- # include a line for only one particular virtual host. For example the
- # following line enables the CGI configuration for this host only
- # after it has been globally disabled with "a2disconf".
- #Include conf-available/serve-cgi-bin.conf
- RewriteEngine On
- RewriteRule ^/?soochwiki(/.*)?$ %{DOCUMENT_ROOT}/mediawiki/index.php [L]
- RewriteRule ^/*$ %{DOCUMENT_ROOT}/mediawiki/index.php [L]
- </VirtualHost>
- # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
- charles@hal:/etc/apache2/sites-available $
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement