Browse Source
Provide an example httpd.conf that's actually useful.
With & OK deraadt input sthen looks better to beck OK bennoOPENBSD_6_3
florian
6 years ago
1 changed files with 22 additions and 74 deletions
Split View
Diff Options
-
+22 -74src/etc/examples/httpd.conf
+ 22
- 74
src/etc/examples/httpd.conf
View File
| @ -1,81 +1,29 @@ | |||
| # $OpenBSD: httpd.conf,v 1.17 2017/04/16 08:50:49 ajacoutot Exp $ | |||
| # | |||
| # Macros | |||
| # | |||
| ext_addr="*" | |||
| # | |||
| # Global Options | |||
| # | |||
| # prefork 3 | |||
| # | |||
| # Servers | |||
| # | |||
| # A minimal default server | |||
| server "default" { | |||
| listen on $ext_addr port 80 | |||
| # $OpenBSD: httpd.conf,v 1.18 2018/03/23 11:36:41 florian Exp $ | |||
| server "example.com" { | |||
| listen on * port 80 | |||
| listen on :: port 80 | |||
| location "/.well-known/acme-challenge/*" { | |||
| root "/acme" | |||
| root strip 2 | |||
| } | |||
| location * { | |||
| block return 302 "https://$HTTP_HOST$REQUEST_URI" | |||
| } | |||
| } | |||
| # A name-based "virtual" server on the same address | |||
| server "www.example.com" { | |||
| listen on $ext_addr port 80 | |||
| # Logging is enabled by default, but it can be turned off per server | |||
| #no log | |||
| server "example.com" { | |||
| listen on * tls port 443 | |||
| listen on :: tls port 443 | |||
| tls { | |||
| certificate "/etc/ssl/example.com.fullchain.pem" | |||
| key "/etc/ssl/private/example.com.key" | |||
| } | |||
| location "/pub/*" { | |||
| directory auto index | |||
| log style combined | |||
| } | |||
| location "*.php" { | |||
| fastcgi socket "/run/php-fpm.sock" | |||
| } | |||
| location "/cgi-bin/*" { | |||
| fastcgi | |||
| # The /cgi-bin directory is outside of the document root | |||
| root "/" | |||
| location "/.well-known/acme-challenge/*" { | |||
| root "/acme" | |||
| root strip 2 | |||
| } | |||
| root "/htdocs/www.example.com" | |||
| } | |||
| # An HTTPS server using SSL/TLS | |||
| server "secure.example.com" { | |||
| listen on 127.0.0.1 tls port 443 | |||
| # TLS certificate and key files created with acme-client(1) | |||
| tls certificate "/etc/ssl/example.com.fullchain.pem" | |||
| tls key "/etc/ssl/private/example.com.key" | |||
| # Define server-specific log files relative to /logs | |||
| log { access "secure-access.log", error "secure-error.log" } | |||
| # Increase connection limits to extend the lifetime | |||
| connection { max requests 500, timeout 3600 } | |||
| root "/htdocs/secure.example.com" | |||
| } | |||
| # Another server on a different internal IPv4 address | |||
| server "intranet.example.com" { | |||
| listen on 10.0.0.1 port 80 | |||
| directory { auto index, index "default.htm" } | |||
| root "/htdocs/intranet.example.com" | |||
| } | |||
| # An IPv6-based server on a non-standard port | |||
| server "ipv6.example.com" { | |||
| listen on 2001:db8::53f6:3eab port 81 | |||
| root "/htdocs/ipv6.example.com" | |||
| } | |||
| # Include MIME types instead of the built-in ones | |||
| types { | |||
| include "/usr/share/misc/mime.types" | |||
| } | |||