Browse Source

Provide an example httpd.conf that's actually useful.

With & OK deraadt
input sthen
looks better to beck
OK benno
OPENBSD_6_3
florian 6 years ago
parent
commit
26292f37a1
1 changed files with 22 additions and 74 deletions
  1. +22
    -74
      src/etc/examples/httpd.conf

+ 22
- 74
src/etc/examples/httpd.conf View File

@ -1,81 +1,29 @@
# $OpenBSD: httpd.conf,v 1.17 2017/04/16 08:50:49 ajacoutot Exp $
#
# Macros
#
ext_addr="*"
#
# Global Options
#
# prefork 3
#
# Servers
#
# A minimal default server
server "default" {
listen on $ext_addr port 80
# $OpenBSD: httpd.conf,v 1.18 2018/03/23 11:36:41 florian Exp $
server "example.com" {
listen on * port 80
listen on :: port 80
location "/.well-known/acme-challenge/*" {
root "/acme"
root strip 2
}
location * {
block return 302 "https://$HTTP_HOST$REQUEST_URI"
}
}
# A name-based "virtual" server on the same address
server "www.example.com" {
listen on $ext_addr port 80
# Logging is enabled by default, but it can be turned off per server
#no log
server "example.com" {
listen on * tls port 443
listen on :: tls port 443
tls {
certificate "/etc/ssl/example.com.fullchain.pem"
key "/etc/ssl/private/example.com.key"
}
location "/pub/*" {
directory auto index
log style combined
}
location "*.php" {
fastcgi socket "/run/php-fpm.sock"
}
location "/cgi-bin/*" {
fastcgi
# The /cgi-bin directory is outside of the document root
root "/"
location "/.well-known/acme-challenge/*" {
root "/acme"
root strip 2
}
root "/htdocs/www.example.com"
}
# An HTTPS server using SSL/TLS
server "secure.example.com" {
listen on 127.0.0.1 tls port 443
# TLS certificate and key files created with acme-client(1)
tls certificate "/etc/ssl/example.com.fullchain.pem"
tls key "/etc/ssl/private/example.com.key"
# Define server-specific log files relative to /logs
log { access "secure-access.log", error "secure-error.log" }
# Increase connection limits to extend the lifetime
connection { max requests 500, timeout 3600 }
root "/htdocs/secure.example.com"
}
# Another server on a different internal IPv4 address
server "intranet.example.com" {
listen on 10.0.0.1 port 80
directory { auto index, index "default.htm" }
root "/htdocs/intranet.example.com"
}
# An IPv6-based server on a non-standard port
server "ipv6.example.com" {
listen on 2001:db8::53f6:3eab port 81
root "/htdocs/ipv6.example.com"
}
# Include MIME types instead of the built-in ones
types {
include "/usr/share/misc/mime.types"
}

Loading…
Cancel
Save