diff options
Diffstat (limited to 'server/setup/05-service-settings/etc/apache2/apache2.diff')
| -rw-r--r-- | server/setup/05-service-settings/etc/apache2/apache2.diff | 1528 |
1 files changed, 1528 insertions, 0 deletions
diff --git a/server/setup/05-service-settings/etc/apache2/apache2.diff b/server/setup/05-service-settings/etc/apache2/apache2.diff new file mode 100644 index 0000000..f4aa836 --- /dev/null +++ b/server/setup/05-service-settings/etc/apache2/apache2.diff @@ -0,0 +1,1528 @@ +diff -Nur apache2.orig/apache2.conf apache2/apache2.conf +--- apache2.orig/apache2.conf 2013-03-04 22:00:37.000000000 +0100 ++++ apache2/apache2.conf 2013-06-06 07:21:33.251843000 +0200 +@@ -117,7 +117,9 @@ + # KeepAliveTimeout: Number of seconds to wait for the next request from the + # same client on the same connection. + # +-KeepAliveTimeout 5 ++# default: 5 ++KeepAliveTimeout 10 ++ + + ## + ## Server-Pool Size Regulation (MPM specific) +@@ -130,10 +132,17 @@ + # MaxClients: maximum number of server processes allowed to start + # MaxRequestsPerChild: maximum number of requests a server process serves + <IfModule mpm_prefork_module> +- StartServers 5 ++ # defaults: ++ # StartServers 5 ++ # MinSpareServers 5 ++ # MaxSpareServers 10 ++ # MaxClients 150 ++ # MaxRequestsPerChild 0 ++ ++ StartServers 8 + MinSpareServers 5 +- MaxSpareServers 10 +- MaxClients 150 ++ MaxSpareServers 20 ++ MaxClients 256 + MaxRequestsPerChild 0 + </IfModule> + +diff -Nur apache2.orig/mods-enabled/cgid.conf apache2/mods-enabled/cgid.conf +--- apache2.orig/mods-enabled/cgid.conf 1970-01-01 01:00:00.000000000 +0100 ++++ apache2/mods-enabled/cgid.conf 2013-03-03 12:14:45.000000000 +0100 +@@ -0,0 +1,2 @@ ++# Socket for cgid communication ++ScriptSock ${APACHE_RUN_DIR}/cgisock +diff -Nur apache2.orig/mods-enabled/cgid.load apache2/mods-enabled/cgid.load +--- apache2.orig/mods-enabled/cgid.load 1970-01-01 01:00:00.000000000 +0100 ++++ apache2/mods-enabled/cgid.load 2012-10-21 20:41:12.000000000 +0200 +@@ -0,0 +1 @@ ++LoadModule cgid_module /usr/lib/apache2/modules/mod_cgid.so +diff -Nur apache2.orig/mods-enabled/headers.load apache2/mods-enabled/headers.load +--- apache2.orig/mods-enabled/headers.load 1970-01-01 01:00:00.000000000 +0100 ++++ apache2/mods-enabled/headers.load 2012-10-21 20:41:12.000000000 +0200 +@@ -0,0 +1 @@ ++LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so +diff -Nur apache2.orig/mods-enabled/proxy_ajp.load apache2/mods-enabled/proxy_ajp.load +--- apache2.orig/mods-enabled/proxy_ajp.load 1970-01-01 01:00:00.000000000 +0100 ++++ apache2/mods-enabled/proxy_ajp.load 2012-10-21 20:41:12.000000000 +0200 +@@ -0,0 +1,2 @@ ++# Depends: proxy ++LoadModule proxy_ajp_module /usr/lib/apache2/modules/mod_proxy_ajp.so +diff -Nur apache2.orig/mods-enabled/proxy_balancer.conf apache2/mods-enabled/proxy_balancer.conf +--- apache2.orig/mods-enabled/proxy_balancer.conf 1970-01-01 01:00:00.000000000 +0100 ++++ apache2/mods-enabled/proxy_balancer.conf 2013-03-03 12:14:45.000000000 +0100 +@@ -0,0 +1,16 @@ ++<IfModule mod_proxy_balancer.c> ++ ++# Balancer manager enables dynamic update of balancer members ++# (needs mod_status). Uncomment to enable. ++# ++#<IfModule mod_status.c> ++#<Location /balancer-manager> ++# SetHandler balancer-manager ++# Order deny,allow ++# Deny from all ++# Allow from 127.0.0.1 ::1 ++# Satisfy all ++#</Location> ++#</IfModule> ++ ++</IfModule> +diff -Nur apache2.orig/mods-enabled/proxy_balancer.load apache2/mods-enabled/proxy_balancer.load +--- apache2.orig/mods-enabled/proxy_balancer.load 1970-01-01 01:00:00.000000000 +0100 ++++ apache2/mods-enabled/proxy_balancer.load 2013-03-03 12:14:45.000000000 +0100 +@@ -0,0 +1,2 @@ ++# Depends: proxy ++LoadModule proxy_balancer_module /usr/lib/apache2/modules/mod_proxy_balancer.so +diff -Nur apache2.orig/mods-enabled/proxy.conf apache2/mods-enabled/proxy.conf +--- apache2.orig/mods-enabled/proxy.conf 1970-01-01 01:00:00.000000000 +0100 ++++ apache2/mods-enabled/proxy.conf 2013-03-03 12:14:45.000000000 +0100 +@@ -0,0 +1,26 @@ ++<IfModule mod_proxy.c> ++ ++# If you want to use apache2 as a forward proxy, uncomment the ++# 'ProxyRequests On' line and the <Proxy *> block below. ++# WARNING: Be careful to restrict access inside the <Proxy *> block. ++# Open proxy servers are dangerous both to your network and to the ++# Internet at large. ++# ++# If you only want to use apache2 as a reverse proxy/gateway in ++# front of some web application server, you DON'T need ++# 'ProxyRequests On'. ++ ++#ProxyRequests On ++#<Proxy *> ++# AddDefaultCharset off ++# Order deny,allow ++# Deny from all ++# #Allow from .example.com ++#</Proxy> ++ ++# Enable/disable the handling of HTTP/1.1 "Via:" headers. ++# ("Full" adds the server version; "Block" removes all outgoing Via: headers) ++# Set to one of: Off | On | Full | Block ++#ProxyVia Off ++ ++</IfModule> +diff -Nur apache2.orig/mods-enabled/proxy_connect.load apache2/mods-enabled/proxy_connect.load +--- apache2.orig/mods-enabled/proxy_connect.load 1970-01-01 01:00:00.000000000 +0100 ++++ apache2/mods-enabled/proxy_connect.load 2012-10-21 20:41:12.000000000 +0200 +@@ -0,0 +1,2 @@ ++# Depends: proxy ++LoadModule proxy_connect_module /usr/lib/apache2/modules/mod_proxy_connect.so +diff -Nur apache2.orig/mods-enabled/proxy_ftp.conf apache2/mods-enabled/proxy_ftp.conf +--- apache2.orig/mods-enabled/proxy_ftp.conf 1970-01-01 01:00:00.000000000 +0100 ++++ apache2/mods-enabled/proxy_ftp.conf 2013-03-03 12:14:45.000000000 +0100 +@@ -0,0 +1,6 @@ ++<IfModule mod_proxy_ftp.c> ++ ++# Define the character set for proxied FTP listings. Default is ISO-8859-1 ++ProxyFtpDirCharset UTF-8 ++ ++</IfModule> +diff -Nur apache2.orig/mods-enabled/proxy_ftp.load apache2/mods-enabled/proxy_ftp.load +--- apache2.orig/mods-enabled/proxy_ftp.load 1970-01-01 01:00:00.000000000 +0100 ++++ apache2/mods-enabled/proxy_ftp.load 2012-10-21 20:41:12.000000000 +0200 +@@ -0,0 +1,2 @@ ++# Depends: proxy ++LoadModule proxy_ftp_module /usr/lib/apache2/modules/mod_proxy_ftp.so +diff -Nur apache2.orig/mods-enabled/proxy_http.load apache2/mods-enabled/proxy_http.load +--- apache2.orig/mods-enabled/proxy_http.load 1970-01-01 01:00:00.000000000 +0100 ++++ apache2/mods-enabled/proxy_http.load 2012-10-21 20:41:12.000000000 +0200 +@@ -0,0 +1,2 @@ ++# Depends: proxy ++LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so +diff -Nur apache2.orig/mods-enabled/proxy.load apache2/mods-enabled/proxy.load +--- apache2.orig/mods-enabled/proxy.load 1970-01-01 01:00:00.000000000 +0100 ++++ apache2/mods-enabled/proxy.load 2012-10-21 20:41:12.000000000 +0200 +@@ -0,0 +1 @@ ++LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so +diff -Nur apache2.orig/mods-enabled/proxy_scgi.load apache2/mods-enabled/proxy_scgi.load +--- apache2.orig/mods-enabled/proxy_scgi.load 1970-01-01 01:00:00.000000000 +0100 ++++ apache2/mods-enabled/proxy_scgi.load 2012-10-21 20:41:12.000000000 +0200 +@@ -0,0 +1,2 @@ ++# Depends: proxy ++LoadModule proxy_scgi_module /usr/lib/apache2/modules/mod_proxy_scgi.so +diff -Nur apache2.orig/mods-enabled/rewrite.load apache2/mods-enabled/rewrite.load +--- apache2.orig/mods-enabled/rewrite.load 1970-01-01 01:00:00.000000000 +0100 ++++ apache2/mods-enabled/rewrite.load 2012-10-21 20:41:12.000000000 +0200 +@@ -0,0 +1 @@ ++LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so +diff -Nur apache2.orig/mods-enabled/ssl.conf apache2/mods-enabled/ssl.conf +--- apache2.orig/mods-enabled/ssl.conf 1970-01-01 01:00:00.000000000 +0100 ++++ apache2/mods-enabled/ssl.conf 2013-03-04 22:00:37.000000000 +0100 +@@ -0,0 +1,82 @@ ++<IfModule mod_ssl.c> ++# ++# Pseudo Random Number Generator (PRNG): ++# Configure one or more sources to seed the PRNG of the SSL library. ++# The seed data should be of good random quality. ++# WARNING! On some platforms /dev/random blocks if not enough entropy ++# is available. This means you then cannot use the /dev/random device ++# because it would lead to very long connection times (as long as ++# it requires to make more entropy available). But usually those ++# platforms additionally provide a /dev/urandom device which doesn't ++# block. So, if available, use this one instead. Read the mod_ssl User ++# Manual for more details. ++# ++SSLRandomSeed startup builtin ++SSLRandomSeed startup file:/dev/urandom 512 ++SSLRandomSeed connect builtin ++SSLRandomSeed connect file:/dev/urandom 512 ++ ++## ++## SSL Global Context ++## ++## All SSL configuration in this context applies both to ++## the main server and all SSL-enabled virtual hosts. ++## ++ ++# ++# Some MIME-types for downloading Certificates and CRLs ++# ++AddType application/x-x509-ca-cert .crt ++AddType application/x-pkcs7-crl .crl ++ ++# Pass Phrase Dialog: ++# Configure the pass phrase gathering process. ++# The filtering dialog program (`builtin' is a internal ++# terminal dialog) has to provide the pass phrase on stdout. ++SSLPassPhraseDialog builtin ++ ++# Inter-Process Session Cache: ++# Configure the SSL Session Cache: First the mechanism ++# to use and second the expiring timeout (in seconds). ++# (The mechanism dbm has known memory leaks and should not be used). ++#SSLSessionCache dbm:${APACHE_RUN_DIR}/ssl_scache ++SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000) ++SSLSessionCacheTimeout 300 ++ ++# Semaphore: ++# Configure the path to the mutual exclusion semaphore the ++# SSL engine uses internally for inter-process synchronization. ++SSLMutex file:${APACHE_RUN_DIR}/ssl_mutex ++ ++# SSL Cipher Suite: ++# List the ciphers that the client is permitted to negotiate. See the ++# ciphers(1) man page from the openssl package for list of all available ++# options. ++# Enable only secure ciphers: ++SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 ++ ++# Speed-optimized SSL Cipher configuration: ++# If speed is your main concern (on busy HTTPS servers e.g.), ++# you might want to force clients to specific, performance ++# optimized ciphers. In this case, prepend those ciphers ++# to the SSLCipherSuite list, and enable SSLHonorCipherOrder. ++# Caveat: by giving precedence to RC4-SHA and AES128-SHA ++# (as in the example below), most connections will no longer ++# have perfect forward secrecy - if the server's key is ++# compromised, captures of past or future traffic must be ++# considered compromised, too. ++#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 ++#SSLHonorCipherOrder on ++ ++# enable only secure protocols: SSLv3 and TLSv1, but not SSLv2 ++SSLProtocol all -SSLv2 ++ ++# Allow insecure renegotiation with clients which do not yet support the ++# secure renegotiation protocol. Default: Off ++#SSLInsecureRenegotiation on ++ ++# Whether to forbid non-SNI clients to access name based virtual hosts. ++# Default: Off ++#SSLStrictSNIVHostCheck On ++ ++</IfModule> +diff -Nur apache2.orig/mods-enabled/ssl.load apache2/mods-enabled/ssl.load +--- apache2.orig/mods-enabled/ssl.load 1970-01-01 01:00:00.000000000 +0100 ++++ apache2/mods-enabled/ssl.load 2013-03-03 12:14:45.000000000 +0100 +@@ -0,0 +1 @@ ++LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so +diff -Nur apache2.orig/ports.conf apache2/ports.conf +--- apache2.orig/ports.conf 2013-03-03 12:14:45.000000000 +0100 ++++ apache2/ports.conf 2013-06-06 07:46:07.326283000 +0200 +@@ -6,9 +6,11 @@ + # README.Debian.gz + + NameVirtualHost *:80 ++# NameVirtualHost * + Listen 80 + + <IfModule mod_ssl.c> ++ NameVirtualHost *:443 + # If you add NameVirtualHost *:443 here, you will also have to change + # the VirtualHost statement in /etc/apache2/sites-available/default-ssl + # to <VirtualHost *:443> +diff -Nur apache2.orig/sites-available/jausoft.com-ssl apache2/sites-available/jausoft.com-ssl +--- apache2.orig/sites-available/jausoft.com-ssl 1970-01-01 01:00:00.000000000 +0100 ++++ apache2/sites-available/jausoft.com-ssl 2013-06-06 07:36:27.650753118 +0200 +@@ -0,0 +1,204 @@ ++<IfModule mod_ssl.c> ++<VirtualHost jausoft.com:443> ++ ++ # General setup for the virtual host, inherited from global configuration ++ ServerName jausoft.com ++ ServerPath /jausoft.com/ ++ RewriteEngine On ++ DocumentRoot /srv/www/jausoft.com ++ ++ # Use separate log files for the SSL virtual host; note that LogLevel ++ # is not inherited from httpd.conf. ++ ErrorLog ${APACHE_LOG_DIR}/jausoft.com-ssl-error.log ++ TransferLog ${APACHE_LOG_DIR}/jausoft.com-ssl-access.log ++ LogLevel warn ++ ++ # SSL Engine Switch: ++ # Enable/Disable SSL for this virtual host. ++ SSLEngine on ++ ++ # SSL Protocol support: ++ # List the enable protocol levels with which clients will be able to ++ # connect. Disable SSLv2 access by default: ++ SSLProtocol all -SSLv2 ++ ++ # SSL Cipher Suite: ++ # List the ciphers that the client is permitted to negotiate. ++ # See the mod_ssl documentation for a complete list. ++ SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW ++ ++ # A self-signed (snakeoil) certificate can be created by installing ++ # the ssl-cert package. See ++ # /usr/share/doc/apache2.2-common/README.Debian.gz for more info. ++ # If both key and certificate are stored in the same file, only the ++ # SSLCertificateFile directive is needed. ++ # SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem ++ # SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key ++ ++ SSLCertificateFile /etc/ssl/local/jausoft2013-hostcert.pem ++ SSLCertificateKeyFile /etc/ssl/local/jausoft2013-hostkey.apache.pem ++ ++ # Server Certificate Chain: ++ # Point SSLCertificateChainFile at a file containing the ++ # concatenation of PEM encoded CA certificates which form the ++ # certificate chain for the server certificate. Alternatively ++ # the referenced file can be the same as SSLCertificateFile ++ # when the CA certificates are directly appended to the server ++ # certificate for convinience. ++ #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt ++ ++ SSLCertificateChainFile /etc/ssl/local/thawte-SSL123_CA_Bundle.pem ++ ++ # Certificate Authority (CA): ++ # Set the CA certificate verification path where to find CA ++ # certificates for client authentication or alternatively one ++ # huge file containing all of them (file must be PEM encoded) ++ # Note: Inside SSLCACertificatePath you need hash symlinks ++ # to point to the certificate files. Use the provided ++ # Makefile to update the hash symlinks after changes. ++ #SSLCACertificatePath /etc/ssl/certs/ ++ #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt ++ ++ # Certificate Revocation Lists (CRL): ++ # Set the CA revocation path where to find CA CRLs for client ++ # authentication or alternatively one huge file containing all ++ # of them (file must be PEM encoded) ++ # Note: Inside SSLCARevocationPath you need hash symlinks ++ # to point to the certificate files. Use the provided ++ # Makefile to update the hash symlinks after changes. ++ #SSLCARevocationPath /etc/apache2/ssl.crl/ ++ #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl ++ ++ # Client Authentication (Type): ++ # Client certificate verification type and depth. Types are ++ # none, optional, require and optional_no_ca. Depth is a ++ # number which specifies how deeply to verify the certificate ++ # issuer chain before deciding the certificate is not valid. ++ #SSLVerifyClient require ++ #SSLVerifyDepth 10 ++ ++ # Access Control: ++ # With SSLRequire you can do per-directory access control based ++ # on arbitrary complex boolean expressions containing server ++ # variable checks and other lookup directives. The syntax is a ++ # mixture between C and Perl. See the mod_ssl documentation ++ # for more details. ++ #<Location /> ++ #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ ++ # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ ++ # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ ++ # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ ++ # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ ++ # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ ++ #</Location> ++ ++ # SSL Engine Options: ++ # Set various options for the SSL engine. ++ # o FakeBasicAuth: ++ # Translate the client X.509 into a Basic Authorisation. This means that ++ # the standard Auth/DBMAuth methods can be used for access control. The ++ # user name is the `one line' version of the client's X.509 certificate. ++ # Note that no password is obtained from the user. Every entry in the user ++ # file needs this password: `xxj31ZMTZzkVA'. ++ # o ExportCertData: ++ # This exports two additional environment variables: SSL_CLIENT_CERT and ++ # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the ++ # server (always existing) and the client (only existing when client ++ # authentication is used). This can be used to import the certificates ++ # into CGI scripts. ++ # o StdEnvVars: ++ # This exports the standard SSL/TLS related `SSL_*' environment variables. ++ # Per default this exportation is switched off for performance reasons, ++ # because the extraction step is an expensive operation and is usually ++ # useless for serving static content. So one usually enables the ++ # exportation for CGI and SSI requests only. ++ # o StrictRequire: ++ # This denies access when "SSLRequireSSL" or "SSLRequire" applied even ++ # under a "Satisfy any" situation, i.e. when it applies access is denied ++ # and no other module can change it. ++ # o OptRenegotiate: ++ # This enables optimized SSL connection renegotiation handling when SSL ++ # directives are used in per-directory context. ++ #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire ++ <Files ~ "\.(cgi|shtml|phtml|php3?)$"> ++ SSLOptions +StdEnvVars ++ </Files> ++ ++ # SSL Protocol Adjustments: ++ # The safe and default but still SSL/TLS standard compliant shutdown ++ # approach is that mod_ssl sends the close notify alert but doesn't wait for ++ # the close notify alert from client. When you need a different shutdown ++ # approach you can use one of the following variables: ++ # o ssl-unclean-shutdown: ++ # This forces an unclean shutdown when the connection is closed, i.e. no ++ # SSL close notify alert is send or allowed to received. This violates ++ # the SSL/TLS standard but is needed for some brain-dead browsers. Use ++ # this when you receive I/O errors because of the standard approach where ++ # mod_ssl sends the close notify alert. ++ # o ssl-accurate-shutdown: ++ # This forces an accurate shutdown when the connection is closed, i.e. a ++ # SSL close notify alert is send and mod_ssl waits for the close notify ++ # alert of the client. This is 100% SSL/TLS standard compliant, but in ++ # practice often causes hanging connections with brain-dead browsers. Use ++ # this only for browsers where you know that their SSL implementation ++ # works correctly. ++ # Notice: Most problems of broken clients are also related to the HTTP ++ # keep-alive facility, so you usually additionally want to disable ++ # keep-alive for those clients, too. Use variable "nokeepalive" for this. ++ # Similarly, one has to force some clients to use HTTP/1.0 to workaround ++ # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and ++ # "force-response-1.0" for this. ++ BrowserMatch "MSIE [2-6]" \ ++ nokeepalive ssl-unclean-shutdown \ ++ downgrade-1.0 force-response-1.0 ++ # MSIE 7 and newer should be able to use keepalive ++ BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown ++ ++ # Per-Server Logging: ++ # The home of a custom SSL log file. Use this when you want a ++ # compact non-error SSL logfile on a virtual host basis. ++ CustomLog /var/log/apache2/ssl_request_log \ ++ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" ++ ++ ErrorLog ${APACHE_LOG_DIR}/jausoft.com-ssl-error.log ++ CustomLog ${APACHE_LOG_DIR}/jausoft.com-ssl-access.log common ++ ++ # configures the footer on server-generated documents ++ ServerSignature On ++ ++ <Directory "/srv/www/jausoft.com"> ++ Options Indexes FollowSymLinks ++ AllowOverride All ++ Order allow,deny ++ Allow from all ++ </Directory> ++ ++ ++ SetEnv GIT_PROJECT_ROOT /srv/scm ++ SetEnv GIT_HTTP_EXPORT_ALL ++ ScriptAlias /srv/scm/ /usr/lib/git-core/git-http-backend/ ++ <Directory "/srv/www/jausoft.com/git"> ++ DirectoryIndex gitweb.cgi ++ Allow from all ++ AllowOverride all ++ Order allow,deny ++ Options ExecCGI ++ <Files gitweb.cgi> ++ SetHandler cgi-script ++ </Files> ++ SetEnv GITWEB_CONFIG /srv/scm/gitweb.conf ++ </Directory> ++ ++ Alias /icons/ "/srv/www/jausoft.com/icons/" ++ ++ <Directory "/srv/www/jausoft.com/icons"> ++ Options Indexes MultiViews ++ AllowOverride None ++ Order allow,deny ++ Allow from all ++ </Directory> ++ ++ ++</VirtualHost> ++</IfModule> ++ +diff -Nur apache2.orig/sites-available/jogamp.org apache2/sites-available/jogamp.org +--- apache2.orig/sites-available/jogamp.org 1970-01-01 01:00:00.000000000 +0100 ++++ apache2/sites-available/jogamp.org 2013-06-06 07:29:00.470204000 +0200 +@@ -0,0 +1,247 @@ ++# ++# Almost any Apache directive may go into a VirtualHost container. ++# The first VirtualHost section is used for requests without a known ++# server name. ++# ++<VirtualHost *:80> ++ ServerAdmin [email protected] ++ ServerName jogamp.org ++ ServerAlias www.jogamp.org ++ ServerPath /jogamp.org/ ++ RewriteEngine On ++ ++ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log ++ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined ++ ++ DocumentRoot /srv/www/jogamp.org ++ ++ # don't loose time with IP address lookups ++ HostnameLookups Off ++ ++ # needed for named virtual hosts ++ UseCanonicalName Off ++ ++ # configures the footer on server-generated documents ++ ServerSignature On ++ ++ <Directory "/srv/www/jogamp.org"> ++ Options Indexes FollowSymLinks ++ AllowOverride All ++ Order allow,deny ++ Allow from all ++ </Directory> ++ ++ RewriteCond %{HTTP_HOST} ^www.jogamp\.org$ [NC] ++ RewriteRule ^/(.*)$ http://jogamp.org/$1 [R=301,L,NE] ++ ++ #RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] ++ #RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE] ++ ++ RewriteCond %{REQUEST_URI} ^/wiki/index.php$ ++ RewriteCond %{QUERY_STRING} ^title=Special:UserLogin ++ RewriteCond %{REQUEST_METHOD} ^GET$ ++ RewriteRule ^(.*)$ https://%{SERVER_NAME}/$1 [R=301,L,NE] ++ ++ # ++ # Due to security concerns, session hijacking .. etc .. the whole ++ # bugzilla stream will go over https ++ # ++ RewriteCond %{REQUEST_URI} ^/bugzilla ++ RewriteRule ^/bugzilla/(.*)$ https://%{SERVER_NAME}/bugzilla/$1 [R=301,L,NE] ++ ++ SetEnv GIT_PROJECT_ROOT /srv/scm ++ SetEnv GIT_HTTP_EXPORT_ALL ++ ScriptAlias /srv/scm/ /usr/lib/git-core/git-http-backend/ ++ <Directory "/srv/www/jogamp.org/git"> ++ DirectoryIndex gitweb.cgi ++ Allow from all ++ AllowOverride all ++ Order allow,deny ++ Options ExecCGI ++ <Files gitweb.cgi> ++ SetHandler cgi-script ++ </Files> ++ SetEnv GITWEB_CONFIG /srv/scm/gitweb.conf ++ </Directory> ++ ++ Alias /icons/ "/srv/www/jogamp.org/icons/" ++ ++ <Directory "/srv/www/jogamp.org/icons"> ++ Options Indexes MultiViews ++ AllowOverride None ++ Order allow,deny ++ Allow from all ++ </Directory> ++ ++ # ++ # Due to security concerns, session hijacking .. etc .. the whole ++ # hudson and bugzilla stream will go over https ++ # ++ RewriteCond %{REQUEST_URI} ^/chuck ++ RewriteRule ^/chuck/(.*)$ https://%{SERVER_NAME}/chuck/$1 [R=301,L,NE] ++ ++ #RewriteCond %{REQUEST_URI} ^/chuck ++ #RewriteRule ^/chuck/login(.*)$ https://%{SERVER_NAME}/chuck/login$1 [R=301,L,NE] ++ # ++ #RewriteCond %{REQUEST_URI} ^/chuck ++ #RewriteCond %{HTTP_COOKIE} JSESSIONID=(.*) [NC,OR] ++ #RewriteCond %{HTTP_COOKIE} ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE [NC] ++ #RewriteRule ^/chuck/(.*)$ https://%{SERVER_NAME}/chuck/$1 [R=301,L,NE] ++ # ++ # Cookies: ++ # wikidb_mw_LoggedOut / ++ # wikidb_mw__session / ++ # wikidb_mw_Token / ++ # wikidb_mw_UserID / ++ # wikidb_mw_UserName / ++ # ++ # Bugzilla_login /bugzilla ++ # Bugzilla_logincookie /bugzilla ++ # DEFAULTFORMAT /bugzilla ++ # ++ # ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE /chuck ++ # JSESSIONID /chuck ++ # ++ ++ # ++ # http://wiki.hudson-ci.org/display/HUDSON/Running+Hudson+behind+Apache ++ # ++ #ProxyRequests Off ++ #ProxyPreserveHost On ++ ++ # Local reverse proxy authorization override ++ # Most unix distribution deny proxy by default (ie /etc/apache2/mods-enabled/proxy.conf in Ubuntu) ++ #<Proxy http://localhost:8089/chuck*> ++ # Order deny,allow ++ # Allow from all ++ #</Proxy> ++ #ProxyPass /chuck http://localhost:8080/chuck ++ #ProxyPassReverse /chuck http://localhost:8080/chuck ++</VirtualHost> ++ ++<VirtualHost *:80> ++ ServerName blog.jogamp.org ++ ServerPath /jogamp.org/ ++ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log ++ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined ++ RewriteEngine On ++ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] ++ RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE] ++</VirtualHost> ++ ++<VirtualHost *:80> ++ ServerName bugzilla.jogamp.org ++ ServerPath /jogamp.org/ ++ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log ++ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined ++ RewriteEngine On ++ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] ++ RewriteRule ^/(.*)$ https://jogamp.org/%1/$1 [R=301,L,NE] ++</VirtualHost> ++ ++<VirtualHost *:80> ++ ServerName wiki.jogamp.org ++ ServerPath /jogamp.org/ ++ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log ++ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined ++ RewriteEngine On ++ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] ++ RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE] ++</VirtualHost> ++ ++<VirtualHost *:80> ++ ServerName scm.jogamp.org ++ ServerPath /jogamp.org/ ++ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log ++ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined ++ RewriteEngine On ++ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] ++ RewriteRule ^/(.*)$ http://jogamp.org/git/$1 [R=301,L,NE] ++</VirtualHost> ++ ++<VirtualHost *:80> ++ ServerName jogl.jogamp.org ++ ServerPath /jogamp.org/ ++ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log ++ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined ++ RewriteEngine On ++ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] ++ RewriteRule ^/(.*)$ http://jogamp.org/%1/www/$1 [R=301,L,NE] ++</VirtualHost> ++ ++<VirtualHost *:80> ++ ServerName jocl.jogamp.org ++ ServerPath /jogamp.org/ ++ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log ++ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined ++ RewriteEngine On ++ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] ++ RewriteRule ^/(.*)$ http://jogamp.org/%1/www/$1 [R=301,L,NE] ++</VirtualHost> ++ ++<VirtualHost *:80> ++ ServerName joal.jogamp.org ++ ServerPath /jogamp.org/ ++ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log ++ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined ++ RewriteEngine On ++ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] ++ RewriteRule ^/(.*)$ http://jogamp.org/%1/www/$1 [R=301,L,NE] ++</VirtualHost> ++ ++<VirtualHost *:80> ++ ServerName demos.jogamp.org ++ ServerPath /jogamp.org/ ++ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log ++ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined ++ RewriteEngine On ++ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] ++ RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE] ++</VirtualHost> ++ ++<VirtualHost *:80> ++ ServerName chuck.jogamp.org ++ ServerPath /jogamp.org/ ++ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log ++ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined ++ RewriteEngine On ++ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] ++ RewriteRule ^/(.*)$ https://jogamp.org/%1/$1 [R=301,L,NE] ++</VirtualHost> ++ ++<VirtualHost *:80> ++ ServerName jogamp.com ++ ServerAlias *.jogamp.com ++ ServerPath /jogamp.org/ ++ ErrorLog ${APACHE_LOG_DIR}/jogamp.com-error_log ++ CustomLog ${APACHE_LOG_DIR}/jogamp.com-access_log combined ++ ++ RewriteEngine On ++ RewriteCond %{HTTP_HOST} ^www.jogamp\.com$ [NC] ++ RewriteRule ^/(.*)$ http://jogamp.org/$1 [R=301,L,NE] ++ ++ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.com$ [NC] ++ RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE] ++ ++ RewriteCond %{HTTP_HOST} ^jogamp\.com$ [NC] ++ RewriteRule ^/(.*)$ http://jogamp.org/$1 [R=301,L,NE] ++</VirtualHost> ++ ++# ++# Directives to allow use of AWStats as a CGI ++# ++#Alias /awstatsclasses "/usr/local/awstats/wwwroot/classes/" ++#Alias /awstatscss "/usr/local/awstats/wwwroot/css/" ++#Alias /awstatsicons "/usr/local/awstats/wwwroot/icon/" ++#ScriptAlias /awstats/ "/usr/local/awstats/wwwroot/cgi-bin/" ++ ++# ++# This is to permit URL access to scripts/files in AWStats directory. ++# ++<Directory "/usr/local/awstats/wwwroot"> ++ Options None ++ AllowOverride None ++ Order allow,deny ++ Allow from all ++</Directory> ++ +diff -Nur apache2.orig/sites-available/jogamp.org-ssl apache2/sites-available/jogamp.org-ssl +--- apache2.orig/sites-available/jogamp.org-ssl 1970-01-01 01:00:00.000000000 +0100 ++++ apache2/sites-available/jogamp.org-ssl 2013-06-06 07:53:58.298005000 +0200 +@@ -0,0 +1,256 @@ ++<IfModule mod_ssl.c> ++<VirtualHost *:443> ++ ++ # General setup for the virtual host, inherited from global configuration ++ ServerName jogamp.org ++ ServerPath /jogamp.org/ ++ RewriteEngine On ++ DocumentRoot /srv/www/jogamp.org ++ ++ # Use separate log files for the SSL virtual host; note that LogLevel ++ # is not inherited from httpd.conf. ++ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-ssl-error.log ++ TransferLog ${APACHE_LOG_DIR}/jogamp.org-ssl-access.log ++ LogLevel warn ++ ++ # SSL Engine Switch: ++ # Enable/Disable SSL for this virtual host. ++ SSLEngine on ++ ++ # SSL Protocol support: ++ # List the enable protocol levels with which clients will be able to ++ # connect. Disable SSLv2 access by default: ++ SSLProtocol all -SSLv2 ++ ++ # SSL Cipher Suite: ++ # List the ciphers that the client is permitted to negotiate. ++ # See the mod_ssl documentation for a complete list. ++ SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW ++ ++ # A self-signed (snakeoil) certificate can be created by installing ++ # the ssl-cert package. See ++ # /usr/share/doc/apache2.2-common/README.Debian.gz for more info. ++ # If both key and certificate are stored in the same file, only the ++ # SSLCertificateFile directive is needed. ++ # SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem ++ # SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key ++ ++ SSLCertificateFile /etc/ssl/local/jogamp2013-hostcert.pem ++ SSLCertificateKeyFile /etc/ssl/local/jogamp2013-hostkey.apache.pem ++ ++ # Server Certificate Chain: ++ # Point SSLCertificateChainFile at a file containing the ++ # concatenation of PEM encoded CA certificates which form the ++ # certificate chain for the server certificate. Alternatively ++ # the referenced file can be the same as SSLCertificateFile ++ # when the CA certificates are directly appended to the server ++ # certificate for convinience. ++ #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt ++ ++ SSLCertificateChainFile /etc/ssl/local/thawte-SSL123_CA_Bundle.pem ++ ++ # Certificate Authority (CA): ++ # Set the CA certificate verification path where to find CA ++ # certificates for client authentication or alternatively one ++ # huge file containing all of them (file must be PEM encoded) ++ # Note: Inside SSLCACertificatePath you need hash symlinks ++ # to point to the certificate files. Use the provided ++ # Makefile to update the hash symlinks after changes. ++ #SSLCACertificatePath /etc/ssl/certs/ ++ #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt ++ ++ # Certificate Revocation Lists (CRL): ++ # Set the CA revocation path where to find CA CRLs for client ++ # authentication or alternatively one huge file containing all ++ # of them (file must be PEM encoded) ++ # Note: Inside SSLCARevocationPath you need hash symlinks ++ # to point to the certificate files. Use the provided ++ # Makefile to update the hash symlinks after changes. ++ #SSLCARevocationPath /etc/apache2/ssl.crl/ ++ #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl ++ ++ # Client Authentication (Type): ++ # Client certificate verification type and depth. Types are ++ # none, optional, require and optional_no_ca. Depth is a ++ # number which specifies how deeply to verify the certificate ++ # issuer chain before deciding the certificate is not valid. ++ #SSLVerifyClient require ++ #SSLVerifyDepth 10 ++ ++ # Access Control: ++ # With SSLRequire you can do per-directory access control based ++ # on arbitrary complex boolean expressions containing server ++ # variable checks and other lookup directives. The syntax is a ++ # mixture between C and Perl. See the mod_ssl documentation ++ # for more details. ++ #<Location /> ++ #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ ++ # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ ++ # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ ++ # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ ++ # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ ++ # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ ++ #</Location> ++ ++ # SSL Engine Options: ++ # Set various options for the SSL engine. ++ # o FakeBasicAuth: ++ # Translate the client X.509 into a Basic Authorisation. This means that ++ # the standard Auth/DBMAuth methods can be used for access control. The ++ # user name is the `one line' version of the client's X.509 certificate. ++ # Note that no password is obtained from the user. Every entry in the user ++ # file needs this password: `xxj31ZMTZzkVA'. ++ # o ExportCertData: ++ # This exports two additional environment variables: SSL_CLIENT_CERT and ++ # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the ++ # server (always existing) and the client (only existing when client ++ # authentication is used). This can be used to import the certificates ++ # into CGI scripts. ++ # o StdEnvVars: ++ # This exports the standard SSL/TLS related `SSL_*' environment variables. ++ # Per default this exportation is switched off for performance reasons, ++ # because the extraction step is an expensive operation and is usually ++ # useless for serving static content. So one usually enables the ++ # exportation for CGI and SSI requests only. ++ # o StrictRequire: ++ # This denies access when "SSLRequireSSL" or "SSLRequire" applied even ++ # under a "Satisfy any" situation, i.e. when it applies access is denied ++ # and no other module can change it. ++ # o OptRenegotiate: ++ # This enables optimized SSL connection renegotiation handling when SSL ++ # directives are used in per-directory context. ++ #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire ++ <Files ~ "\.(cgi|shtml|phtml|php3?)$"> ++ SSLOptions +StdEnvVars ++ </Files> ++ ++ # SSL Protocol Adjustments: ++ # The safe and default but still SSL/TLS standard compliant shutdown ++ # approach is that mod_ssl sends the close notify alert but doesn't wait for ++ # the close notify alert from client. When you need a different shutdown ++ # approach you can use one of the following variables: ++ # o ssl-unclean-shutdown: ++ # This forces an unclean shutdown when the connection is closed, i.e. no ++ # SSL close notify alert is send or allowed to received. This violates ++ # the SSL/TLS standard but is needed for some brain-dead browsers. Use ++ # this when you receive I/O errors because of the standard approach where ++ # mod_ssl sends the close notify alert. ++ # o ssl-accurate-shutdown: ++ # This forces an accurate shutdown when the connection is closed, i.e. a ++ # SSL close notify alert is send and mod_ssl waits for the close notify ++ # alert of the client. This is 100% SSL/TLS standard compliant, but in ++ # practice often causes hanging connections with brain-dead browsers. Use ++ # this only for browsers where you know that their SSL implementation ++ # works correctly. ++ # Notice: Most problems of broken clients are also related to the HTTP ++ # keep-alive facility, so you usually additionally want to disable ++ # keep-alive for those clients, too. Use variable "nokeepalive" for this. ++ # Similarly, one has to force some clients to use HTTP/1.0 to workaround ++ # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and ++ # "force-response-1.0" for this. ++ BrowserMatch "MSIE [2-6]" \ ++ nokeepalive ssl-unclean-shutdown \ ++ downgrade-1.0 force-response-1.0 ++ # MSIE 7 and newer should be able to use keepalive ++ BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown ++ ++ # Per-Server Logging: ++ # The home of a custom SSL log file. Use this when you want a ++ # compact non-error SSL logfile on a virtual host basis. ++ CustomLog /var/log/apache2/jogamp.org-ssl-request.log \ ++ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" ++ ++ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-ssl-error.log ++ CustomLog ${APACHE_LOG_DIR}/jogamp.org-ssl-access.log combined ++ ++ # configures the footer on server-generated documents ++ ServerSignature On ++ ++ <Directory "/srv/www/jogamp.org"> ++ Options Indexes FollowSymLinks ++ AllowOverride All ++ Order allow,deny ++ Allow from all ++ </Directory> ++ ++# ScriptAlias /cgi-bin/ "/srv/www/jogamp.org/bugzilla" ++ <Directory /srv/www/jogamp.org/bugzilla> ++ AddHandler cgi-script .cgi ++ Options +Indexes +ExecCGI -MultiViews +FollowSymLinks ++ DirectoryIndex index.cgi ++ AllowOverride Limit FileInfo Indexes ++ </Directory> ++ ++ SetEnv GIT_PROJECT_ROOT /srv/scm ++ SetEnv GIT_HTTP_EXPORT_ALL ++ ScriptAlias /srv/scm/ /usr/lib/git-core/git-http-backend/ ++ <Directory "/srv/www/jogamp.org/git"> ++ DirectoryIndex gitweb.cgi ++ Allow from all ++ AllowOverride all ++ Order allow,deny ++ Options ExecCGI ++ <Files gitweb.cgi> ++ SetHandler cgi-script ++ </Files> ++ SetEnv GITWEB_CONFIG /srv/scm/gitweb.conf ++ </Directory> ++ ++ Alias /icons/ "/srv/www/jogamp.org/icons/" ++ ++ <Directory "/srv/www/jogamp.org/icons"> ++ Options Indexes MultiViews ++ AllowOverride None ++ Order allow,deny ++ Allow from all ++ </Directory> ++ ++ # ++ # http://wiki.hudson-ci.org/display/HUDSON/Running+Hudson+behind+Apache ++ # ++ ProxyRequests Off ++ ProxyPreserveHost On ++ ++ # Local reverse proxy authorization override ++ # Most unix distribution deny proxy by default (ie /etc/apache2/mods-enabled/proxy.conf in Ubuntu) ++ <Proxy http://127.0.0.1:8080/chuck*> ++ Order deny,allow ++ Allow from all ++ </Proxy> ++ ++ ProxyPass /chuck http://127.0.0.1:8080/chuck ++ ProxyPassReverse /chuck http://127.0.0.1:8080/chuck ++ ProxyPassReverse /chuck http://jogamp.org/chuck ++ ++# ProxyPass /chuck/ http://127.0.0.1:8080/chuck/ ++# <Location /chuck/> ++# ProxyPassReverse / ++# Order deny,allow ++# Allow from all ++# </Location> ++ Header edit Location ^http://jogamp.org/chuck/ https://jogamp.org/chuck/ ++ ++</VirtualHost> ++ ++<VirtualHost *:443> ++ ServerName jogamp.com ++ ServerAlias *.jogamp.com ++ ServerPath /jogamp.org/ ++ SSLEngine on ++ ErrorLog ${APACHE_LOG_DIR}/jogamp.com-ssl-error.log ++ CustomLog ${APACHE_LOG_DIR}/jogamp.com-ssl-access.log combined ++ ++ SSLCertificateFile /etc/ssl/local/jogamp2013-hostcert.pem ++ SSLCertificateKeyFile /etc/ssl/local/jogamp2013-hostkey.apache.pem ++ ++ RewriteEngine On ++ RewriteCond %{HTTP_HOST} ^www.jogamp\.com$ [NC] ++ RewriteRule ^/(.*)$ https://jogamp.org/$1 [R=301,L,NE] ++ ++ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.com$ [NC] ++ RewriteRule ^/(.*)$ https://jogamp.org/%1/$1 [R=301,L,NE] ++ ++ RewriteCond %{HTTP_HOST} ^jogamp\.com$ [NC] ++ RewriteRule ^/(.*)$ https://jogamp.org/$1 [R=301,L,NE] ++</VirtualHost> ++ +diff -Nur apache2.orig/sites-enabled/000-default apache2/sites-enabled/000-default +--- apache2.orig/sites-enabled/000-default 2013-03-03 12:14:45.000000000 +0100 ++++ apache2/sites-enabled/000-default 1970-01-01 01:00:00.000000000 +0100 +@@ -1,31 +0,0 @@ +-<VirtualHost *:80> +- ServerAdmin webmaster@localhost +- +- DocumentRoot /var/www +- <Directory /> +- Options FollowSymLinks +- AllowOverride None +- </Directory> +- <Directory /var/www/> +- Options Indexes FollowSymLinks MultiViews +- AllowOverride None +- Order allow,deny +- allow from all +- </Directory> +- +- ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ +- <Directory "/usr/lib/cgi-bin"> +- AllowOverride None +- Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch +- Order allow,deny +- Allow from all +- </Directory> +- +- ErrorLog ${APACHE_LOG_DIR}/error.log +- +- # Possible values include: debug, info, notice, warn, error, crit, +- # alert, emerg. +- LogLevel warn +- +- CustomLog ${APACHE_LOG_DIR}/access.log combined +-</VirtualHost> +diff -Nur apache2.orig/sites-enabled/000-jogamp.org apache2/sites-enabled/000-jogamp.org +--- apache2.orig/sites-enabled/000-jogamp.org 1970-01-01 01:00:00.000000000 +0100 ++++ apache2/sites-enabled/000-jogamp.org 2013-06-06 07:29:00.470204000 +0200 +@@ -0,0 +1,247 @@ ++# ++# Almost any Apache directive may go into a VirtualHost container. ++# The first VirtualHost section is used for requests without a known ++# server name. ++# ++<VirtualHost *:80> ++ ServerAdmin [email protected] ++ ServerName jogamp.org ++ ServerAlias www.jogamp.org ++ ServerPath /jogamp.org/ ++ RewriteEngine On ++ ++ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log ++ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined ++ ++ DocumentRoot /srv/www/jogamp.org ++ ++ # don't loose time with IP address lookups ++ HostnameLookups Off ++ ++ # needed for named virtual hosts ++ UseCanonicalName Off ++ ++ # configures the footer on server-generated documents ++ ServerSignature On ++ ++ <Directory "/srv/www/jogamp.org"> ++ Options Indexes FollowSymLinks ++ AllowOverride All ++ Order allow,deny ++ Allow from all ++ </Directory> ++ ++ RewriteCond %{HTTP_HOST} ^www.jogamp\.org$ [NC] ++ RewriteRule ^/(.*)$ http://jogamp.org/$1 [R=301,L,NE] ++ ++ #RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] ++ #RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE] ++ ++ RewriteCond %{REQUEST_URI} ^/wiki/index.php$ ++ RewriteCond %{QUERY_STRING} ^title=Special:UserLogin ++ RewriteCond %{REQUEST_METHOD} ^GET$ ++ RewriteRule ^(.*)$ https://%{SERVER_NAME}/$1 [R=301,L,NE] ++ ++ # ++ # Due to security concerns, session hijacking .. etc .. the whole ++ # bugzilla stream will go over https ++ # ++ RewriteCond %{REQUEST_URI} ^/bugzilla ++ RewriteRule ^/bugzilla/(.*)$ https://%{SERVER_NAME}/bugzilla/$1 [R=301,L,NE] ++ ++ SetEnv GIT_PROJECT_ROOT /srv/scm ++ SetEnv GIT_HTTP_EXPORT_ALL ++ ScriptAlias /srv/scm/ /usr/lib/git-core/git-http-backend/ ++ <Directory "/srv/www/jogamp.org/git"> ++ DirectoryIndex gitweb.cgi ++ Allow from all ++ AllowOverride all ++ Order allow,deny ++ Options ExecCGI ++ <Files gitweb.cgi> ++ SetHandler cgi-script ++ </Files> ++ SetEnv GITWEB_CONFIG /srv/scm/gitweb.conf ++ </Directory> ++ ++ Alias /icons/ "/srv/www/jogamp.org/icons/" ++ ++ <Directory "/srv/www/jogamp.org/icons"> ++ Options Indexes MultiViews ++ AllowOverride None ++ Order allow,deny ++ Allow from all ++ </Directory> ++ ++ # ++ # Due to security concerns, session hijacking .. etc .. the whole ++ # hudson and bugzilla stream will go over https ++ # ++ RewriteCond %{REQUEST_URI} ^/chuck ++ RewriteRule ^/chuck/(.*)$ https://%{SERVER_NAME}/chuck/$1 [R=301,L,NE] ++ ++ #RewriteCond %{REQUEST_URI} ^/chuck ++ #RewriteRule ^/chuck/login(.*)$ https://%{SERVER_NAME}/chuck/login$1 [R=301,L,NE] ++ # ++ #RewriteCond %{REQUEST_URI} ^/chuck ++ #RewriteCond %{HTTP_COOKIE} JSESSIONID=(.*) [NC,OR] ++ #RewriteCond %{HTTP_COOKIE} ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE [NC] ++ #RewriteRule ^/chuck/(.*)$ https://%{SERVER_NAME}/chuck/$1 [R=301,L,NE] ++ # ++ # Cookies: ++ # wikidb_mw_LoggedOut / ++ # wikidb_mw__session / ++ # wikidb_mw_Token / ++ # wikidb_mw_UserID / ++ # wikidb_mw_UserName / ++ # ++ # Bugzilla_login /bugzilla ++ # Bugzilla_logincookie /bugzilla ++ # DEFAULTFORMAT /bugzilla ++ # ++ # ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE /chuck ++ # JSESSIONID /chuck ++ # ++ ++ # ++ # http://wiki.hudson-ci.org/display/HUDSON/Running+Hudson+behind+Apache ++ # ++ #ProxyRequests Off ++ #ProxyPreserveHost On ++ ++ # Local reverse proxy authorization override ++ # Most unix distribution deny proxy by default (ie /etc/apache2/mods-enabled/proxy.conf in Ubuntu) ++ #<Proxy http://localhost:8089/chuck*> ++ # Order deny,allow ++ # Allow from all ++ #</Proxy> ++ #ProxyPass /chuck http://localhost:8080/chuck ++ #ProxyPassReverse /chuck http://localhost:8080/chuck ++</VirtualHost> ++ ++<VirtualHost *:80> ++ ServerName blog.jogamp.org ++ ServerPath /jogamp.org/ ++ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log ++ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined ++ RewriteEngine On ++ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] ++ RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE] ++</VirtualHost> ++ ++<VirtualHost *:80> ++ ServerName bugzilla.jogamp.org ++ ServerPath /jogamp.org/ ++ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log ++ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined ++ RewriteEngine On ++ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] ++ RewriteRule ^/(.*)$ https://jogamp.org/%1/$1 [R=301,L,NE] ++</VirtualHost> ++ ++<VirtualHost *:80> ++ ServerName wiki.jogamp.org ++ ServerPath /jogamp.org/ ++ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log ++ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined ++ RewriteEngine On ++ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] ++ RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE] ++</VirtualHost> ++ ++<VirtualHost *:80> ++ ServerName scm.jogamp.org ++ ServerPath /jogamp.org/ ++ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log ++ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined ++ RewriteEngine On ++ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] ++ RewriteRule ^/(.*)$ http://jogamp.org/git/$1 [R=301,L,NE] ++</VirtualHost> ++ ++<VirtualHost *:80> ++ ServerName jogl.jogamp.org ++ ServerPath /jogamp.org/ ++ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log ++ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined ++ RewriteEngine On ++ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] ++ RewriteRule ^/(.*)$ http://jogamp.org/%1/www/$1 [R=301,L,NE] ++</VirtualHost> ++ ++<VirtualHost *:80> ++ ServerName jocl.jogamp.org ++ ServerPath /jogamp.org/ ++ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log ++ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined ++ RewriteEngine On ++ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] ++ RewriteRule ^/(.*)$ http://jogamp.org/%1/www/$1 [R=301,L,NE] ++</VirtualHost> ++ ++<VirtualHost *:80> ++ ServerName joal.jogamp.org ++ ServerPath /jogamp.org/ ++ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log ++ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined ++ RewriteEngine On ++ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] ++ RewriteRule ^/(.*)$ http://jogamp.org/%1/www/$1 [R=301,L,NE] ++</VirtualHost> ++ ++<VirtualHost *:80> ++ ServerName demos.jogamp.org ++ ServerPath /jogamp.org/ ++ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log ++ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined ++ RewriteEngine On ++ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] ++ RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE] ++</VirtualHost> ++ ++<VirtualHost *:80> ++ ServerName chuck.jogamp.org ++ ServerPath /jogamp.org/ ++ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log ++ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined ++ RewriteEngine On ++ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC] ++ RewriteRule ^/(.*)$ https://jogamp.org/%1/$1 [R=301,L,NE] ++</VirtualHost> ++ ++<VirtualHost *:80> ++ ServerName jogamp.com ++ ServerAlias *.jogamp.com ++ ServerPath /jogamp.org/ ++ ErrorLog ${APACHE_LOG_DIR}/jogamp.com-error_log ++ CustomLog ${APACHE_LOG_DIR}/jogamp.com-access_log combined ++ ++ RewriteEngine On ++ RewriteCond %{HTTP_HOST} ^www.jogamp\.com$ [NC] ++ RewriteRule ^/(.*)$ http://jogamp.org/$1 [R=301,L,NE] ++ ++ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.com$ [NC] ++ RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE] ++ ++ RewriteCond %{HTTP_HOST} ^jogamp\.com$ [NC] ++ RewriteRule ^/(.*)$ http://jogamp.org/$1 [R=301,L,NE] ++</VirtualHost> ++ ++# ++# Directives to allow use of AWStats as a CGI ++# ++#Alias /awstatsclasses "/usr/local/awstats/wwwroot/classes/" ++#Alias /awstatscss "/usr/local/awstats/wwwroot/css/" ++#Alias /awstatsicons "/usr/local/awstats/wwwroot/icon/" ++#ScriptAlias /awstats/ "/usr/local/awstats/wwwroot/cgi-bin/" ++ ++# ++# This is to permit URL access to scripts/files in AWStats directory. ++# ++<Directory "/usr/local/awstats/wwwroot"> ++ Options None ++ AllowOverride None ++ Order allow,deny ++ Allow from all ++</Directory> ++ +diff -Nur apache2.orig/sites-enabled/001-jogamp.org-ssl apache2/sites-enabled/001-jogamp.org-ssl +--- apache2.orig/sites-enabled/001-jogamp.org-ssl 1970-01-01 01:00:00.000000000 +0100 ++++ apache2/sites-enabled/001-jogamp.org-ssl 2013-06-06 07:53:58.298005000 +0200 +@@ -0,0 +1,256 @@ ++<IfModule mod_ssl.c> ++<VirtualHost *:443> ++ ++ # General setup for the virtual host, inherited from global configuration ++ ServerName jogamp.org ++ ServerPath /jogamp.org/ ++ RewriteEngine On ++ DocumentRoot /srv/www/jogamp.org ++ ++ # Use separate log files for the SSL virtual host; note that LogLevel ++ # is not inherited from httpd.conf. ++ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-ssl-error.log ++ TransferLog ${APACHE_LOG_DIR}/jogamp.org-ssl-access.log ++ LogLevel warn ++ ++ # SSL Engine Switch: ++ # Enable/Disable SSL for this virtual host. ++ SSLEngine on ++ ++ # SSL Protocol support: ++ # List the enable protocol levels with which clients will be able to ++ # connect. Disable SSLv2 access by default: ++ SSLProtocol all -SSLv2 ++ ++ # SSL Cipher Suite: ++ # List the ciphers that the client is permitted to negotiate. ++ # See the mod_ssl documentation for a complete list. ++ SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW ++ ++ # A self-signed (snakeoil) certificate can be created by installing ++ # the ssl-cert package. See ++ # /usr/share/doc/apache2.2-common/README.Debian.gz for more info. ++ # If both key and certificate are stored in the same file, only the ++ # SSLCertificateFile directive is needed. ++ # SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem ++ # SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key ++ ++ SSLCertificateFile /etc/ssl/local/jogamp2013-hostcert.pem ++ SSLCertificateKeyFile /etc/ssl/local/jogamp2013-hostkey.apache.pem ++ ++ # Server Certificate Chain: ++ # Point SSLCertificateChainFile at a file containing the ++ # concatenation of PEM encoded CA certificates which form the ++ # certificate chain for the server certificate. Alternatively ++ # the referenced file can be the same as SSLCertificateFile ++ # when the CA certificates are directly appended to the server ++ # certificate for convinience. ++ #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt ++ ++ SSLCertificateChainFile /etc/ssl/local/thawte-SSL123_CA_Bundle.pem ++ ++ # Certificate Authority (CA): ++ # Set the CA certificate verification path where to find CA ++ # certificates for client authentication or alternatively one ++ # huge file containing all of them (file must be PEM encoded) ++ # Note: Inside SSLCACertificatePath you need hash symlinks ++ # to point to the certificate files. Use the provided ++ # Makefile to update the hash symlinks after changes. ++ #SSLCACertificatePath /etc/ssl/certs/ ++ #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt ++ ++ # Certificate Revocation Lists (CRL): ++ # Set the CA revocation path where to find CA CRLs for client ++ # authentication or alternatively one huge file containing all ++ # of them (file must be PEM encoded) ++ # Note: Inside SSLCARevocationPath you need hash symlinks ++ # to point to the certificate files. Use the provided ++ # Makefile to update the hash symlinks after changes. ++ #SSLCARevocationPath /etc/apache2/ssl.crl/ ++ #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl ++ ++ # Client Authentication (Type): ++ # Client certificate verification type and depth. Types are ++ # none, optional, require and optional_no_ca. Depth is a ++ # number which specifies how deeply to verify the certificate ++ # issuer chain before deciding the certificate is not valid. ++ #SSLVerifyClient require ++ #SSLVerifyDepth 10 ++ ++ # Access Control: ++ # With SSLRequire you can do per-directory access control based ++ # on arbitrary complex boolean expressions containing server ++ # variable checks and other lookup directives. The syntax is a ++ # mixture between C and Perl. See the mod_ssl documentation ++ # for more details. ++ #<Location /> ++ #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ ++ # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ ++ # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ ++ # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ ++ # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ ++ # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ ++ #</Location> ++ ++ # SSL Engine Options: ++ # Set various options for the SSL engine. ++ # o FakeBasicAuth: ++ # Translate the client X.509 into a Basic Authorisation. This means that ++ # the standard Auth/DBMAuth methods can be used for access control. The ++ # user name is the `one line' version of the client's X.509 certificate. ++ # Note that no password is obtained from the user. Every entry in the user ++ # file needs this password: `xxj31ZMTZzkVA'. ++ # o ExportCertData: ++ # This exports two additional environment variables: SSL_CLIENT_CERT and ++ # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the ++ # server (always existing) and the client (only existing when client ++ # authentication is used). This can be used to import the certificates ++ # into CGI scripts. ++ # o StdEnvVars: ++ # This exports the standard SSL/TLS related `SSL_*' environment variables. ++ # Per default this exportation is switched off for performance reasons, ++ # because the extraction step is an expensive operation and is usually ++ # useless for serving static content. So one usually enables the ++ # exportation for CGI and SSI requests only. ++ # o StrictRequire: ++ # This denies access when "SSLRequireSSL" or "SSLRequire" applied even ++ # under a "Satisfy any" situation, i.e. when it applies access is denied ++ # and no other module can change it. ++ # o OptRenegotiate: ++ # This enables optimized SSL connection renegotiation handling when SSL ++ # directives are used in per-directory context. ++ #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire ++ <Files ~ "\.(cgi|shtml|phtml|php3?)$"> ++ SSLOptions +StdEnvVars ++ </Files> ++ ++ # SSL Protocol Adjustments: ++ # The safe and default but still SSL/TLS standard compliant shutdown ++ # approach is that mod_ssl sends the close notify alert but doesn't wait for ++ # the close notify alert from client. When you need a different shutdown ++ # approach you can use one of the following variables: ++ # o ssl-unclean-shutdown: ++ # This forces an unclean shutdown when the connection is closed, i.e. no ++ # SSL close notify alert is send or allowed to received. This violates ++ # the SSL/TLS standard but is needed for some brain-dead browsers. Use ++ # this when you receive I/O errors because of the standard approach where ++ # mod_ssl sends the close notify alert. ++ # o ssl-accurate-shutdown: ++ # This forces an accurate shutdown when the connection is closed, i.e. a ++ # SSL close notify alert is send and mod_ssl waits for the close notify ++ # alert of the client. This is 100% SSL/TLS standard compliant, but in ++ # practice often causes hanging connections with brain-dead browsers. Use ++ # this only for browsers where you know that their SSL implementation ++ # works correctly. ++ # Notice: Most problems of broken clients are also related to the HTTP ++ # keep-alive facility, so you usually additionally want to disable ++ # keep-alive for those clients, too. Use variable "nokeepalive" for this. ++ # Similarly, one has to force some clients to use HTTP/1.0 to workaround ++ # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and ++ # "force-response-1.0" for this. ++ BrowserMatch "MSIE [2-6]" \ ++ nokeepalive ssl-unclean-shutdown \ ++ downgrade-1.0 force-response-1.0 ++ # MSIE 7 and newer should be able to use keepalive ++ BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown ++ ++ # Per-Server Logging: ++ # The home of a custom SSL log file. Use this when you want a ++ # compact non-error SSL logfile on a virtual host basis. ++ CustomLog /var/log/apache2/jogamp.org-ssl-request.log \ ++ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" ++ ++ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-ssl-error.log ++ CustomLog ${APACHE_LOG_DIR}/jogamp.org-ssl-access.log combined ++ ++ # configures the footer on server-generated documents ++ ServerSignature On ++ ++ <Directory "/srv/www/jogamp.org"> ++ Options Indexes FollowSymLinks ++ AllowOverride All ++ Order allow,deny ++ Allow from all ++ </Directory> ++ ++# ScriptAlias /cgi-bin/ "/srv/www/jogamp.org/bugzilla" ++ <Directory /srv/www/jogamp.org/bugzilla> ++ AddHandler cgi-script .cgi ++ Options +Indexes +ExecCGI -MultiViews +FollowSymLinks ++ DirectoryIndex index.cgi ++ AllowOverride Limit FileInfo Indexes ++ </Directory> ++ ++ SetEnv GIT_PROJECT_ROOT /srv/scm ++ SetEnv GIT_HTTP_EXPORT_ALL ++ ScriptAlias /srv/scm/ /usr/lib/git-core/git-http-backend/ ++ <Directory "/srv/www/jogamp.org/git"> ++ DirectoryIndex gitweb.cgi ++ Allow from all ++ AllowOverride all ++ Order allow,deny ++ Options ExecCGI ++ <Files gitweb.cgi> ++ SetHandler cgi-script ++ </Files> ++ SetEnv GITWEB_CONFIG /srv/scm/gitweb.conf ++ </Directory> ++ ++ Alias /icons/ "/srv/www/jogamp.org/icons/" ++ ++ <Directory "/srv/www/jogamp.org/icons"> ++ Options Indexes MultiViews ++ AllowOverride None ++ Order allow,deny ++ Allow from all ++ </Directory> ++ ++ # ++ # http://wiki.hudson-ci.org/display/HUDSON/Running+Hudson+behind+Apache ++ # ++ ProxyRequests Off ++ ProxyPreserveHost On ++ ++ # Local reverse proxy authorization override ++ # Most unix distribution deny proxy by default (ie /etc/apache2/mods-enabled/proxy.conf in Ubuntu) ++ <Proxy http://127.0.0.1:8080/chuck*> ++ Order deny,allow ++ Allow from all ++ </Proxy> ++ ++ ProxyPass /chuck http://127.0.0.1:8080/chuck ++ ProxyPassReverse /chuck http://127.0.0.1:8080/chuck ++ ProxyPassReverse /chuck http://jogamp.org/chuck ++ ++# ProxyPass /chuck/ http://127.0.0.1:8080/chuck/ ++# <Location /chuck/> ++# ProxyPassReverse / ++# Order deny,allow ++# Allow from all ++# </Location> ++ Header edit Location ^http://jogamp.org/chuck/ https://jogamp.org/chuck/ ++ ++</VirtualHost> ++ ++<VirtualHost *:443> ++ ServerName jogamp.com ++ ServerAlias *.jogamp.com ++ ServerPath /jogamp.org/ ++ SSLEngine on ++ ErrorLog ${APACHE_LOG_DIR}/jogamp.com-ssl-error.log ++ CustomLog ${APACHE_LOG_DIR}/jogamp.com-ssl-access.log combined ++ ++ SSLCertificateFile /etc/ssl/local/jogamp2013-hostcert.pem ++ SSLCertificateKeyFile /etc/ssl/local/jogamp2013-hostkey.apache.pem ++ ++ RewriteEngine On ++ RewriteCond %{HTTP_HOST} ^www.jogamp\.com$ [NC] ++ RewriteRule ^/(.*)$ https://jogamp.org/$1 [R=301,L,NE] ++ ++ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.com$ [NC] ++ RewriteRule ^/(.*)$ https://jogamp.org/%1/$1 [R=301,L,NE] ++ ++ RewriteCond %{HTTP_HOST} ^jogamp\.com$ [NC] ++ RewriteRule ^/(.*)$ https://jogamp.org/$1 [R=301,L,NE] ++</VirtualHost> ++ |