charles@hal:/var/log/apache2 $ sudo service apache2 status[sudo] password for

1. charles@hal:/var/log/apache2 $ sudo service apache2 status
2. [sudo] password for charles:
3. * apache2.service - LSB: Apache2 web server
4. Loaded: loaded (/etc/init.d/apache2; generated; vendor preset: enabled)
5. Active: active (exited) since Wed 2018-11-28 04:00:24 GMT; 15h ago
6. Docs: man:systemd-sysv-generator(8)
7. CGroup: /system.slice/apache2.service
8.  
9. Nov 28 04:00:24 hal systemd[1]: Starting LSB: Apache2 web server...
10. Nov 28 04:00:24 hal systemd[1]: Started LSB: Apache2 web server.
11. charles@hal:/var/log/apache2 $ sudo service apache2 status
12. * apache2.service - LSB: Apache2 web server
13. Loaded: loaded (/etc/init.d/apache2; generated; vendor preset: enabled)
14. Active: active (exited) since Wed 2018-11-28 04:00:24 GMT; 15h ago
15. Docs: man:systemd-sysv-generator(8)
16. CGroup: /system.slice/apache2.service
17.  
18. Nov 28 04:00:24 hal systemd[1]: Starting LSB: Apache2 web server...
19. Nov 28 04:00:24 hal systemd[1]: Started LSB: Apache2 web server.
20. charles@hal:/var/log/apache2 $ sudo service samba-ad-dc status
21. * samba-ad-dc.service
22. Loaded: masked (/dev/null; bad)
23. Active: inactive (dead)
24. charles@hal:/var/log/apache2 $ sudo service samba status
25. Unit samba.service could not be found.
26. charles@hal:/var/log/apache2 $ sudo service sambad status
27. Unit sambad.service could not be found.
28. charles@hal:/var/log/apache2 $ sudo ufw status
29. ERROR: problem running ip6tables
30. charles@hal:/var/log/apache2 $ sudo ufw status
31. ERROR: problem running ip6tables
32. charles@hal:/var/log/apache2 $ sudo ufw enable
33. Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
34. Firewall is active and enabled on system startup
35. charles@hal:/var/log/apache2 $ sudo ufw status
36. ERROR: problem running ip6tables
37. charles@hal:/var/log/apache2 $ sudo ufw disable
38. Firewall stopped and disabled on system startup
39. charles@hal:/var/log/apache2 $ sudo ufw status
40. Status: inactive
41. charles@hal:/var/log/apache2 $ sudo ufw enable
42. Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
43. Firewall is active and enabled on system startup
44. charles@hal:/var/log/apache2 $ sudo ufw status
45. Status: active
46.  
47. To Action From
48. -- ------ ----
49. 1194 DENY Anywhere
50. 80 ALLOW Anywhere
51. 22/tcp ALLOW Anywhere
52. Samba ALLOW Anywhere
53. 5900 ALLOW Anywhere
54. Anywhere ALLOW 10.8.0.0/24
55. 443/tcp ALLOW Anywhere
56. 4443 ALLOW Anywhere
57. 443 ALLOW Anywhere
58. 80/tcp ALLOW Anywhere
59. 4443 (v6) ALLOW Anywhere (v6)
60. 443 (v6) ALLOW Anywhere (v6)
61. 80/tcp (v6) ALLOW Anywhere (v6)
62. 443/tcp (v6) ALLOW Anywhere (v6)
63.  
64. charles@hal:/var/log/apache2 $ cd /etc/samba/
65. charles@hal:/etc/samba $ cat smb.conf
66. #
67. # Sample configuration file for the Samba suite for Debian GNU/Linux.
68. #
69. #
70. # This is the main Samba configuration file. You should read the
71. # smb.conf(5) manual page in order to understand the options listed
72. # here. Samba has a huge number of configurable options most of which
73. # are not shown in this example
74. #
75. # Some options that are often worth tuning have been included as
76. # commented-out examples in this file.
77. # - When such options are commented with ";", the proposed setting
78. # differs from the default Samba behaviour
79. # - When commented with "#", the proposed setting is the default
80. # behaviour of Samba but the option is considered important
81. # enough to be mentioned here
82. #
83. # NOTE: Whenever you modify this file you should run the command
84. # "testparm" to check that you have not made any basic syntactic
85. # errors.
86.  
87. #======================= Global Settings =======================
88.  
89. [global]
90. protocol = SMB3
91.  
92. #client max protocol = SMB2 # by me to try to make it work
93. #bind to interfaces only = yes
94.  
95. ## Browsing/Identification ###
96.  
97. # Change this to the workgroup/NT-domain name your Samba server will part of
98. workgroup = WORKGROUP
99.  
100. # Windows Internet Name Serving Support Section:
101. # WINS Support - Tells the NMBD component of Samba to enable its WINS Server
102. # wins support = no
103.  
104. # WINS Server - Tells the NMBD components of Samba to be a WINS Client
105. # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
106. ; wins server = w.x.y.z
107.  
108. # This will prevent nmbd to search for NetBIOS names through DNS.
109. dns proxy = no
110.  
111. #### Networking ####
112.  
113. # The specific set of interfaces / networks to bind to
114. # This can be either the interface name or an IP address/netmask;
115. # interface names are normally preferred
116. ; interfaces = 127.0.0.0/8 eth0
117.  
118. # Only bind to the named interfaces and/or networks; you must use the
119. # 'interfaces' option above to use this.
120. # It is recommended that you enable this feature if your Samba machine is
121. # not protected by a firewall or is a firewall itself. However, this
122. # option cannot handle dynamic or non-broadcast interfaces correctly.
123. ; bind interfaces only = yes
124.  
125.  
126.  
127. #### Debugging/Accounting ####
128.  
129. # This tells Samba to use a separate log file for each machine
130. # that connects
131. log file = /var/log/samba/log.%m
132.  
133. # Cap the size of the individual log files (in KiB).
134. max log size = 1000
135.  
136. # If you want Samba to only log through syslog then set the following
137. # parameter to 'yes'.
138. # syslog only = no
139.  
140. # We want Samba to log a minimum amount of information to syslog. Everything
141. # should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log
142. # through syslog you should set the following parameter to something higher.
143. syslog = 0
144.  
145. # Do something sensible when Samba crashes: mail the admin a backtrace
146. panic action = /usr/share/samba/panic-action %d
147.  
148.  
149. ####### Authentication #######
150.  
151. # Server role. Defines in which mode Samba will operate. Possible
152. # values are "standalone server", "member server", "classic primary
153. # domain controller", "classic backup domain controller", "active
154. # directory domain controller".
155. #
156. # Most people will want "standalone sever" or "member server".
157. # Running as "active directory domain controller" will require first
158. # running "samba-tool domain provision" to wipe databases and create a
159. # new domain.
160. server role = standalone server
161.  
162. # If you are using encrypted passwords, Samba will need to know what
163. # password database type you are using.
164. passdb backend = tdbsam
165.  
166. obey pam restrictions = yes
167.  
168. # This boolean parameter controls whether Samba attempts to sync the Unix
169. # password with the SMB password when the encrypted SMB password in the
170. # passdb is changed.
171. unix password sync = yes
172.  
173. # For Unix password sync to work on a Debian GNU/Linux system, the following
174. # parameters must be set (thanks to Ian Kahan <<kahan@informatik.tu-muenchen.de> for
175. # sending the correct chat script for the passwd program in Debian Sarge).
176. passwd program = /usr/bin/passwd %u
177. passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
178.  
179. # This boolean controls whether PAM will be used for password changes
180. # when requested by an SMB client instead of the program listed in
181. # 'passwd program'. The default is 'no'.
182. pam password change = yes
183.  
184. # This option controls how unsuccessful authentication attempts are mapped
185. # to anonymous connections
186. map to guest = bad user
187.  
188. ########## Domains ###########
189.  
190. #
191. # The following settings only takes effect if 'server role = primary
192. # classic domain controller', 'server role = backup domain controller'
193. # or 'domain logons' is set
194. #
195.  
196. # It specifies the location of the user's
197. # profile directory from the client point of view) The following
198. # required a [profiles] share to be setup on the samba server (see
199. # below)
200. ; logon path = \\%N\profiles\%U
201. # Another common choice is storing the profile in the user's home directory
202. # (this is Samba's default)
203. # logon path = \\%N\%U\profile
204.  
205. # The following setting only takes effect if 'domain logons' is set
206. # It specifies the location of a user's home directory (from the client
207. # point of view)
208. ; logon drive = H:
209. # logon home = \\%N\%U
210.  
211. # The following setting only takes effect if 'domain logons' is set
212. # It specifies the script to run during logon. The script must be stored
213. # in the [netlogon] share
214. # NOTE: Must be store in 'DOS' file format convention
215. ; logon script = logon.cmd
216.  
217. # This allows Unix users to be created on the domain controller via the SAMR
218. # RPC pipe. The example command creates a user account with a disabled Unix
219. # password; please adapt to your needs
220. ; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
221.  
222. # This allows machine accounts to be created on the domain controller via the
223. # SAMR RPC pipe.
224. # The following assumes a "machines" group exists on the system
225. ; add machine script = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u
226.  
227. # This allows Unix groups to be created on the domain controller via the SAMR
228. # RPC pipe.
229. ; add group script = /usr/sbin/addgroup --force-badname %g
230.  
231. ############ Misc ############
232.  
233. # Using the following line enables you to customise your configuration
234. # on a per machine basis. The %m gets replaced with the netbios name
235. # of the machine that is connecting
236. ; include = /home/samba/etc/smb.conf.%m
237.  
238. # Some defaults for winbind (make sure you're not using the ranges
239. # for something else.)
240. ; idmap uid = 10000-20000
241. ; idmap gid = 10000-20000
242. ; template shell = /bin/bash
243.  
244. # Setup usershare options to enable non-root users to share folders
245. # with the net usershare command.
246.  
247. # Maximum number of usershare. 0 (default) means that usershare is disabled.
248. ; usershare max shares = 100
249.  
250. # Allow users who've been granted usershare privileges to create
251. # public shares, not just authenticated ones
252. usershare allow guests = yes
253.  
254. #======================= Share Definitions =======================
255.  
256. #[homes_disabled_ncp]
257. [home]
258. comment = Home Directories
259. browseable = no
260.  
261. # By default, the home directories are exported read-only. Change the
262. # next parameter to 'no' if you want to be able to write to them.
263. read only = yes
264.  
265. # File creation mask is set to 0700 for security reasons. If you want to
266. # create files with group=rw permissions, set next parameter to 0775.
267. create mask = 0700
268.  
269. # Directory creation mask is set to 0700 for security reasons. If you want to
270. # create dirs. with group=rw permissions, set next parameter to 0775.
271. directory mask = 0700
272.  
273. # By default, \\server\username shares can be connected to by anyone
274. # with access to the samba server.
275. # The following parameter makes sure that only "username" can connect
276. # to \\server\username
277. # This might need tweaking when using external authentication schemes
278. valid users = %S
279.  
280. # Un-comment the following and create the netlogon directory for Domain Logons
281. # (you need to configure Samba to act as a domain controller too.)
282. ;[netlogon]
283. ; comment = Network Logon Service
284. ; path = /home/samba/netlogon
285. ; guest ok = yes
286. ; read only = yes
287.  
288. # Un-comment the following and create the profiles directory to store
289. # users profiles (see the "logon path" option above)
290. # (you need to configure Samba to act as a domain controller too.)
291. # The path below should be writable by all users so that their
292. # profile directory may be created the first time they log on
293. ;[profiles]
294. ; comment = Users profiles
295. ; path = /home/samba/profiles
296. ; guest ok = no
297. ; browseable = no
298. ; create mask = 0600
299. ; directory mask = 0700
300.  
301. [printers]
302. comment = All Printers
303. browseable = no
304. path = /var/spool/samba
305. printable = yes
306. guest ok = no
307. read only = yes
308. create mask = 0700
309.  
310. # Windows clients look for this share name as a source of downloadable
311. # printer drivers
312. [print$]
313. comment = Printer Drivers
314. path = /var/lib/samba/printers
315. browseable = yes
316. read only = yes
317. guest ok = no
318. # Uncomment to allow remote administration of Windows print drivers.
319. # You may need to replace 'lpadmin' with the name of the group your
320. # admin users are members of.
321. # Please note that you also need to set appropriate Unix permissions
322. # to the drivers directory for these users to have write rights in it
323. ; write list = root, @lpadmin
324.  
325. [share]
326. Comment = HAL shared folder
327. #Path = /share
328. Path = /mnt/ultra/share
329. Browseable = yes
330. Writeable = Yes
331. only guest = no
332. create mask = 0777
333. directory mask = 0777
334. Public = yes
335. Guest ok = yes
336.  
337. # NextCloudPi automatically generated from here. Do not remove this comment
338.  
339. [ncp-ncp]
340. path = /var/www/nextcloud/data/ncp/files
341. writeable = yes
342. ; browseable = yes
343. valid users = ncp
344. force user = www-data
345. force group = www-data
346. create mask = 0770
347. directory mask = 0771
348. force create mode = 0660
349. force directory mode = 0770
350.  
351. charles@hal:/etc/samba $ netstat -tulpn
352. (No info could be read for "-p": geteuid()=1000 but you should be root.)
353. Active Internet connections (only servers)
354. Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
355. tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN -
356. tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN -
357. tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN -
358. tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN -
359. tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
360. tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN -
361. tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN -
362. tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN -
363. tcp6 0 0 :::139 :::* LISTEN -
364. tcp6 0 0 :::5900 :::* LISTEN -
365. tcp6 0 0 :::53 :::* LISTEN -
366. tcp6 0 0 :::22 :::* LISTEN -
367. tcp6 0 0 :::445 :::* LISTEN -
368. udp 0 0 0.0.0.0:47621 0.0.0.0:* -
369. udp 0 0 0.0.0.0:53 0.0.0.0:* -
370. udp 0 0 0.0.0.0:68 0.0.0.0:* -
371. udp 0 0 192.168.1.255:137 0.0.0.0:* -
372. udp 0 0 192.168.1.99:137 0.0.0.0:* -
373. udp 0 0 0.0.0.0:137 0.0.0.0:* -
374. udp 0 0 192.168.1.255:138 0.0.0.0:* -
375. udp 0 0 192.168.1.99:138 0.0.0.0:* -
376. udp 0 0 0.0.0.0:138 0.0.0.0:* -
377. udp 0 0 0.0.0.0:5353 0.0.0.0:* -
378. udp6 0 0 :::53244 :::* -
379. udp6 0 0 :::53 :::* -
380. udp6 0 0 :::5353 :::* -
381. charles@hal:/etc/samba $ sudo netstat -tulpn
382. Active Internet connections (only servers)
383. Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
384. tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 1209/mysqld
385. tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 1187/smbd
386. tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 591/vncserver-x11-c
387. tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 617/dnsmasq
388. tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 615/sshd
389. tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1054/master
390. tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 361/openvpn
391. tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 1187/smbd
392. tcp6 0 0 :::139 :::* LISTEN 1187/smbd
393. tcp6 0 0 :::5900 :::* LISTEN 591/vncserver-x11-c
394. tcp6 0 0 :::53 :::* LISTEN 617/dnsmasq
395. tcp6 0 0 :::22 :::* LISTEN 615/sshd
396. tcp6 0 0 :::445 :::* LISTEN 1187/smbd
397. udp 0 0 0.0.0.0:47621 0.0.0.0:* 320/avahi-daemon: r
398. udp 0 0 0.0.0.0:53 0.0.0.0:* 617/dnsmasq
399. udp 0 0 0.0.0.0:68 0.0.0.0:* 338/dhcpcd
400. udp 0 0 192.168.1.255:137 0.0.0.0:* 563/nmbd
401. udp 0 0 192.168.1.99:137 0.0.0.0:* 563/nmbd
402. udp 0 0 0.0.0.0:137 0.0.0.0:* 563/nmbd
403. udp 0 0 192.168.1.255:138 0.0.0.0:* 563/nmbd
404. udp 0 0 192.168.1.99:138 0.0.0.0:* 563/nmbd
405. udp 0 0 0.0.0.0:138 0.0.0.0:* 563/nmbd
406. udp 0 0 0.0.0.0:5353 0.0.0.0:* 320/avahi-daemon: r
407. udp6 0 0 :::53244 :::* 320/avahi-daemon: r
408. udp6 0 0 :::53 :::* 617/dnsmasq
409. udp6 0 0 :::5353 :::* 320/avahi-daemon: r
410. charles@hal:/etc/samba $ cd ../apache2/
411. charles@hal:/etc/apache2 $ cd sites-enabled/
412. charles@hal:/etc/apache2/sites-enabled $ ls
413. 000-default.conf ncp.conf ota.charles-iv.uk.conf
414. d.charles-iv.uk.conf nextcloud.conf stuff.charles-iv.uk.conf
415. charles@hal:/etc/apache2/sites-enabled $ cat *
416. <VirtualHost _default_:80>
417. DocumentRoot /var/www/html
418. <IfModule mod_rewrite.c>
419. RewriteEngine Off
420. RewriteCond %{HTTPS} !=on
421. RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
422. </IfModule>
423. RewriteEngine On
424. RewriteRule ^/?soochwiki(/.*)?$ %{DOCUMENT_ROOT}/mediawiki/index.php [L]
425. RewriteRule ^/*$ %{DOCUMENT_ROOT}/mediawiki/index.php [L]
426. </VirtualHost>
427. <VirtualHost *:80>
428. # The ServerName directive sets the request scheme, hostname and port that
429. # the server uses to identify itself. This is used when creating
430. # redirection URLs. In the context of virtual hosts, the ServerName
431. # specifies what hostname must appear in the request's Host: header to
432. # match this virtual host. For the default virtual host (this file) this
433. # value is not decisive as it is used as a last resort host regardless.
434. # However, you must set it for any further virtual host explicitly.
435. ServerName d.charles-iv.uk
436.  
437. ServerAdmin webmaster@localhost
438. DocumentRoot /var/www/d
439. <Directory "/var/www/d">
440. AllowOverride All
441. </Directory>
442.  
443. # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
444. # error, crit, alert, emerg.
445. # It is also possible to configure the loglevel for particular
446. # modules, e.g.
447. #LogLevel info ssl:warn
448.  
449. ErrorLog ${APACHE_LOG_DIR}/error.log
450. CustomLog ${APACHE_LOG_DIR}/access.log combined
451.  
452. # For most configuration files from conf-available/, which are
453. # enabled or disabled at a global level, it is possible to
454. # include a line for only one particular virtual host. For example the
455. # following line enables the CGI configuration for this host only
456. # after it has been globally disabled with "a2disconf".
457. #Include conf-available/serve-cgi-bin.conf
458. </VirtualHost>
459.  
460. # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
461. Listen 4443
462. <VirtualHost _default_:4443>
463. DocumentRoot /var/www/ncp-web
464. SSLEngine on
465. SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
466. SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
467.  
468. # 2 days to avoid very big backups requests to timeout
469. TimeOut 172800
470.  
471. <IfModule mod_authnz_external.c>
472. DefineExternalAuth pwauth pipe /usr/sbin/pwauth
473. </IfModule>
474.  
475. </VirtualHost>
476. <Directory /var/www/ncp-web/>
477.  
478. AuthType Basic
479. AuthName "ncp-web login"
480. AuthBasicProvider external
481. AuthExternal pwauth
482.  
483. SetEnvIf Request_URI "^" noauth
484. SetEnvIf Request_URI "^index\.php$" !noauth
485. SetEnvIf Request_URI "^/$" !noauth
486. SetEnvIf Request_URI "^/wizard/index.php$" !noauth
487. SetEnvIf Request_URI "^/wizard/$" !noauth
488.  
489. <RequireAll>
490.  
491. <RequireAny>
492. Require host localhost
493. Require local
494. Require ip 192.168
495. Require ip 172
496. Require ip 10
497. </RequireAny>
498.  
499. <RequireAny>
500. Require env noauth
501. Require user ncp
502. </RequireAny>
503.  
504. </RequireAll>
505.  
506. </Directory>
507. <IfModule mod_ssl.c>
508. <VirtualHost _default_:4545>
509. DocumentRoot /var/www/nextcloud
510. CustomLog /var/log/apache2/nc-access.log combined
511. ErrorLog /var/log/apache2/nc-error.log
512. SSLEngine on
513. SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
514. SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
515. </VirtualHost>
516. <Directory /var/www/nextcloud/>
517. Options +FollowSymlinks
518. AllowOverride All
519. <IfModule mod_dav.c>
520. Dav off
521. </IfModule>
522. LimitRequestBody 0
523. SSLRenegBufferSize 10486000
524. </Directory>
525. </IfModule>
526. <VirtualHost *:80>
527. # The ServerName directive sets the request scheme, hostname and port that
528. # the server uses to identify itself. This is used when creating
529. # redirection URLs. In the context of virtual hosts, the ServerName
530. # specifies what hostname must appear in the request's Host: header to
531. # match this virtual host. For the default virtual host (this file) this
532. # value is not decisive as it is used as a last resort host regardless.
533. # However, you must set it for any further virtual host explicitly.
534. ServerName ota.charles-iv.uk
535.  
536. ServerAdmin webmaster@localhost
537. DocumentRoot /var/www/LineageOTA
538. <Directory "/var/www/LineageOTA">
539. AllowOverride All
540. </Directory>
541.  
542. # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
543. # error, crit, alert, emerg.
544. # It is also possible to configure the loglevel for particular
545. # modules, e.g.
546. #LogLevel info ssl:warn
547.  
548. ErrorLog ${APACHE_LOG_DIR}/error.log
549. CustomLog ${APACHE_LOG_DIR}/access.log combined
550.  
551. # For most configuration files from conf-available/, which are
552. # enabled or disabled at a global level, it is possible to
553. # include a line for only one particular virtual host. For example the
554. # following line enables the CGI configuration for this host only
555. # after it has been globally disabled with "a2disconf".
556. #Include conf-available/serve-cgi-bin.conf
557. </VirtualHost>
558.  
559. # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
560. <VirtualHost *:80>
561. # The ServerName directive sets the request scheme, hostname and port that
562. # the server uses to identify itself. This is used when creating
563. # redirection URLs. In the context of virtual hosts, the ServerName
564. # specifies what hostname must appear in the request's Host: header to
565. # match this virtual host. For the default virtual host (this file) this
566. # value is not decisive as it is used as a last resort host regardless.
567. # However, you must set it for any further virtual host explicitly.
568. ServerName stuff.charles-iv.uk
569.  
570. ServerAdmin webmaster@localhost
571. DocumentRoot /var/www/stuff
572. <Directory "/var/www/stuff">
573. AllowOverride All
574. </Directory>
575.  
576. # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
577. # error, crit, alert, emerg.
578. # It is also possible to configure the loglevel for particular
579. # modules, e.g.
580. #LogLevel info ssl:warn
581.  
582. ErrorLog ${APACHE_LOG_DIR}/error.log
583. CustomLog ${APACHE_LOG_DIR}/access.log combined
584.  
585. # For most configuration files from conf-available/, which are
586. # enabled or disabled at a global level, it is possible to
587. # include a line for only one particular virtual host. For example the
588. # following line enables the CGI configuration for this host only
589. # after it has been globally disabled with "a2disconf".
590. #Include conf-available/serve-cgi-bin.conf
591.  
592. RewriteEngine On
593. RewriteRule ^/?soochwiki(/.*)?$ %{DOCUMENT_ROOT}/mediawiki/index.php [L]
594. RewriteRule ^/*$ %{DOCUMENT_ROOT}/mediawiki/index.php [L]
595. </VirtualHost>
596.  
597. # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
598. charles@hal:/etc/apache2/sites-enabled $ cd ../sites-available/
599. charles@hal:/etc/apache2/sites-available $ ls
600. 000-default.conf ncp-activation.conf ota.charles-iv.uk.conf
601. d.charles-iv.uk.conf ncp.conf stuff.charles-iv.uk.conf
602. default-ssl.conf nextcloud.conf
603. charles@hal:/etc/apache2/sites-available $ cat *
604. <VirtualHost _default_:80>
605. DocumentRoot /var/www/html
606. <IfModule mod_rewrite.c>
607. RewriteEngine Off
608. RewriteCond %{HTTPS} !=on
609. RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
610. </IfModule>
611. RewriteEngine On
612. RewriteRule ^/?soochwiki(/.*)?$ %{DOCUMENT_ROOT}/mediawiki/index.php [L]
613. RewriteRule ^/*$ %{DOCUMENT_ROOT}/mediawiki/index.php [L]
614. </VirtualHost>
615. <VirtualHost *:80>
616. # The ServerName directive sets the request scheme, hostname and port that
617. # the server uses to identify itself. This is used when creating
618. # redirection URLs. In the context of virtual hosts, the ServerName
619. # specifies what hostname must appear in the request's Host: header to
620. # match this virtual host. For the default virtual host (this file) this
621. # value is not decisive as it is used as a last resort host regardless.
622. # However, you must set it for any further virtual host explicitly.
623. ServerName d.charles-iv.uk
624.  
625. ServerAdmin webmaster@localhost
626. DocumentRoot /var/www/d
627. <Directory "/var/www/d">
628. AllowOverride All
629. </Directory>
630.  
631. # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
632. # error, crit, alert, emerg.
633. # It is also possible to configure the loglevel for particular
634. # modules, e.g.
635. #LogLevel info ssl:warn
636.  
637. ErrorLog ${APACHE_LOG_DIR}/error.log
638. CustomLog ${APACHE_LOG_DIR}/access.log combined
639.  
640. # For most configuration files from conf-available/, which are
641. # enabled or disabled at a global level, it is possible to
642. # include a line for only one particular virtual host. For example the
643. # following line enables the CGI configuration for this host only
644. # after it has been globally disabled with "a2disconf".
645. #Include conf-available/serve-cgi-bin.conf
646. </VirtualHost>
647.  
648. # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
649. <IfModule mod_ssl.c>
650. <VirtualHost _default_:4545>
651. ServerAdmin webmaster@localhost
652.  
653. DocumentRoot /var/www/html
654.  
655. # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
656. # error, crit, alert, emerg.
657. # It is also possible to configure the loglevel for particular
658. # modules, e.g.
659. #LogLevel info ssl:warn
660.  
661. ErrorLog ${APACHE_LOG_DIR}/error.log
662. CustomLog ${APACHE_LOG_DIR}/access.log combined
663.  
664. # For most configuration files from conf-available/, which are
665. # enabled or disabled at a global level, it is possible to
666. # include a line for only one particular virtual host. For example the
667. # following line enables the CGI configuration for this host only
668. # after it has been globally disabled with "a2disconf".
669. #Include conf-available/serve-cgi-bin.conf
670.  
671. # SSL Engine Switch:
672. # Enable/Disable SSL for this virtual host.
673. SSLEngine on
674.  
675. # A self-signed (snakeoil) certificate can be created by installing
676. # the ssl-cert package. See
677. # /usr/share/doc/apache2/README.Debian.gz for more info.
678. # If both key and certificate are stored in the same file, only the
679. # SSLCertificateFile directive is needed.
680. SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
681. SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
682.  
683. # Server Certificate Chain:
684. # Point SSLCertificateChainFile at a file containing the
685. # concatenation of PEM encoded CA certificates which form the
686. # certificate chain for the server certificate. Alternatively
687. # the referenced file can be the same as SSLCertificateFile
688. # when the CA certificates are directly appended to the server
689. # certificate for convinience.
690. #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
691.  
692. # Certificate Authority (CA):
693. # Set the CA certificate verification path where to find CA
694. # certificates for client authentication or alternatively one
695. # huge file containing all of them (file must be PEM encoded)
696. # Note: Inside SSLCACertificatePath you need hash symlinks
697. # to point to the certificate files. Use the provided
698. # Makefile to update the hash symlinks after changes.
699. #SSLCACertificatePath /etc/ssl/certs/
700. #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
701.  
702. # Certificate Revocation Lists (CRL):
703. # Set the CA revocation path where to find CA CRLs for client
704. # authentication or alternatively one huge file containing all
705. # of them (file must be PEM encoded)
706. # Note: Inside SSLCARevocationPath you need hash symlinks
707. # to point to the certificate files. Use the provided
708. # Makefile to update the hash symlinks after changes.
709. #SSLCARevocationPath /etc/apache2/ssl.crl/
710. #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
711.  
712. # Client Authentication (Type):
713. # Client certificate verification type and depth. Types are
714. # none, optional, require and optional_no_ca. Depth is a
715. # number which specifies how deeply to verify the certificate
716. # issuer chain before deciding the certificate is not valid.
717. #SSLVerifyClient require
718. #SSLVerifyDepth 10
719.  
720. # SSL Engine Options:
721. # Set various options for the SSL engine.
722. # o FakeBasicAuth:
723. # Translate the client X.509 into a Basic Authorisation. This means that
724. # the standard Auth/DBMAuth methods can be used for access control. The
725. # user name is the `one line' version of the client's X.509 certificate.
726. # Note that no password is obtained from the user. Every entry in the user
727. # file needs this password: `xxj31ZMTZzkVA'.
728. # o ExportCertData:
729. # This exports two additional environment variables: SSL_CLIENT_CERT and
730. # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
731. # server (always existing) and the client (only existing when client
732. # authentication is used). This can be used to import the certificates
733. # into CGI scripts.
734. # o StdEnvVars:
735. # This exports the standard SSL/TLS related `SSL_*' environment variables.
736. # Per default this exportation is switched off for performance reasons,
737. # because the extraction step is an expensive operation and is usually
738. # useless for serving static content. So one usually enables the
739. # exportation for CGI and SSI requests only.
740. # o OptRenegotiate:
741. # This enables optimized SSL connection renegotiation handling when SSL
742. # directives are used in per-directory context.
743. #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
744. <FilesMatch "\.(cgi|shtml|phtml|php)$">
745. SSLOptions +StdEnvVars
746. </FilesMatch>
747. <Directory /usr/lib/cgi-bin>
748. SSLOptions +StdEnvVars
749. </Directory>
750.  
751. # SSL Protocol Adjustments:
752. # The safe and default but still SSL/TLS standard compliant shutdown
753. # approach is that mod_ssl sends the close notify alert but doesn't wait for
754. # the close notify alert from client. When you need a different shutdown
755. # approach you can use one of the following variables:
756. # o ssl-unclean-shutdown:
757. # This forces an unclean shutdown when the connection is closed, i.e. no
758. # SSL close notify alert is send or allowed to received. This violates
759. # the SSL/TLS standard but is needed for some brain-dead browsers. Use
760. # this when you receive I/O errors because of the standard approach where
761. # mod_ssl sends the close notify alert.
762. # o ssl-accurate-shutdown:
763. # This forces an accurate shutdown when the connection is closed, i.e. a
764. # SSL close notify alert is send and mod_ssl waits for the close notify
765. # alert of the client. This is 100% SSL/TLS standard compliant, but in
766. # practice often causes hanging connections with brain-dead browsers. Use
767. # this only for browsers where you know that their SSL implementation
768. # works correctly.
769. # Notice: Most problems of broken clients are also related to the HTTP
770. # keep-alive facility, so you usually additionally want to disable
771. # keep-alive for those clients, too. Use variable "nokeepalive" for this.
772. # Similarly, one has to force some clients to use HTTP/1.0 to workaround
773. # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
774. # "force-response-1.0" for this.
775. # BrowserMatch "MSIE [2-6]" \
776. # nokeepalive ssl-unclean-shutdown \
777. # downgrade-1.0 force-response-1.0
778.  
779. </VirtualHost>
780. </IfModule>
781.  
782. # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
783. <VirtualHost _default_:4545>
784. DocumentRoot /var/www/ncp-web/
785. SSLEngine on
786. SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
787. SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
788.  
789. </VirtualHost>
790. <Directory /var/www/ncp-web/>
791. <RequireAll>
792.  
793. <RequireAny>
794. Require host localhost
795. Require local
796. Require ip 192.168
797. Require ip 172
798. Require ip 10
799. </RequireAny>
800.  
801. </RequireAll>
802. </Directory>
803. Listen 4443
804. <VirtualHost _default_:4443>
805. DocumentRoot /var/www/ncp-web
806. SSLEngine on
807. SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
808. SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
809.  
810. # 2 days to avoid very big backups requests to timeout
811. TimeOut 172800
812.  
813. <IfModule mod_authnz_external.c>
814. DefineExternalAuth pwauth pipe /usr/sbin/pwauth
815. </IfModule>
816.  
817. </VirtualHost>
818. <Directory /var/www/ncp-web/>
819.  
820. AuthType Basic
821. AuthName "ncp-web login"
822. AuthBasicProvider external
823. AuthExternal pwauth
824.  
825. SetEnvIf Request_URI "^" noauth
826. SetEnvIf Request_URI "^index\.php$" !noauth
827. SetEnvIf Request_URI "^/$" !noauth
828. SetEnvIf Request_URI "^/wizard/index.php$" !noauth
829. SetEnvIf Request_URI "^/wizard/$" !noauth
830.  
831. <RequireAll>
832.  
833. <RequireAny>
834. Require host localhost
835. Require local
836. Require ip 192.168
837. Require ip 172
838. Require ip 10
839. </RequireAny>
840.  
841. <RequireAny>
842. Require env noauth
843. Require user ncp
844. </RequireAny>
845.  
846. </RequireAll>
847.  
848. </Directory>
849. <IfModule mod_ssl.c>
850. <VirtualHost _default_:4545>
851. DocumentRoot /var/www/nextcloud
852. CustomLog /var/log/apache2/nc-access.log combined
853. ErrorLog /var/log/apache2/nc-error.log
854. SSLEngine on
855. SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
856. SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
857. </VirtualHost>
858. <Directory /var/www/nextcloud/>
859. Options +FollowSymlinks
860. AllowOverride All
861. <IfModule mod_dav.c>
862. Dav off
863. </IfModule>
864. LimitRequestBody 0
865. SSLRenegBufferSize 10486000
866. </Directory>
867. </IfModule>
868. <VirtualHost *:80>
869. # The ServerName directive sets the request scheme, hostname and port that
870. # the server uses to identify itself. This is used when creating
871. # redirection URLs. In the context of virtual hosts, the ServerName
872. # specifies what hostname must appear in the request's Host: header to
873. # match this virtual host. For the default virtual host (this file) this
874. # value is not decisive as it is used as a last resort host regardless.
875. # However, you must set it for any further virtual host explicitly.
876. ServerName ota.charles-iv.uk
877.  
878. ServerAdmin webmaster@localhost
879. DocumentRoot /var/www/LineageOTA
880. <Directory "/var/www/LineageOTA">
881. AllowOverride All
882. </Directory>
883.  
884. # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
885. # error, crit, alert, emerg.
886. # It is also possible to configure the loglevel for particular
887. # modules, e.g.
888. #LogLevel info ssl:warn
889.  
890. ErrorLog ${APACHE_LOG_DIR}/error.log
891. CustomLog ${APACHE_LOG_DIR}/access.log combined
892.  
893. # For most configuration files from conf-available/, which are
894. # enabled or disabled at a global level, it is possible to
895. # include a line for only one particular virtual host. For example the
896. # following line enables the CGI configuration for this host only
897. # after it has been globally disabled with "a2disconf".
898. #Include conf-available/serve-cgi-bin.conf
899. </VirtualHost>
900.  
901. # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
902. <VirtualHost *:80>
903. # The ServerName directive sets the request scheme, hostname and port that
904. # the server uses to identify itself. This is used when creating
905. # redirection URLs. In the context of virtual hosts, the ServerName
906. # specifies what hostname must appear in the request's Host: header to
907. # match this virtual host. For the default virtual host (this file) this
908. # value is not decisive as it is used as a last resort host regardless.
909. # However, you must set it for any further virtual host explicitly.
910. ServerName stuff.charles-iv.uk
911.  
912. ServerAdmin webmaster@localhost
913. DocumentRoot /var/www/stuff
914. <Directory "/var/www/stuff">
915. AllowOverride All
916. </Directory>
917.  
918. # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
919. # error, crit, alert, emerg.
920. # It is also possible to configure the loglevel for particular
921. # modules, e.g.
922. #LogLevel info ssl:warn
923.  
924. ErrorLog ${APACHE_LOG_DIR}/error.log
925. CustomLog ${APACHE_LOG_DIR}/access.log combined
926.  
927. # For most configuration files from conf-available/, which are
928. # enabled or disabled at a global level, it is possible to
929. # include a line for only one particular virtual host. For example the
930. # following line enables the CGI configuration for this host only
931. # after it has been globally disabled with "a2disconf".
932. #Include conf-available/serve-cgi-bin.conf
933.  
934. RewriteEngine On
935. RewriteRule ^/?soochwiki(/.*)?$ %{DOCUMENT_ROOT}/mediawiki/index.php [L]
936. RewriteRule ^/*$ %{DOCUMENT_ROOT}/mediawiki/index.php [L]
937. </VirtualHost>
938.  
939. # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
940. charles@hal:/etc/apache2/sites-available $