|
@ -1,81 +1,29 @@ |
|
|
# $OpenBSD: httpd.conf,v 1.17 2017/04/16 08:50:49 ajacoutot Exp $ |
|
|
|
|
|
|
|
|
|
|
|
# |
|
|
|
|
|
# Macros |
|
|
|
|
|
# |
|
|
|
|
|
ext_addr="*" |
|
|
|
|
|
|
|
|
|
|
|
# |
|
|
|
|
|
# Global Options |
|
|
|
|
|
# |
|
|
|
|
|
# prefork 3 |
|
|
|
|
|
|
|
|
|
|
|
# |
|
|
|
|
|
# Servers |
|
|
|
|
|
# |
|
|
|
|
|
|
|
|
|
|
|
# A minimal default server |
|
|
|
|
|
server "default" { |
|
|
|
|
|
listen on $ext_addr port 80 |
|
|
|
|
|
|
|
|
# $OpenBSD: httpd.conf,v 1.18 2018/03/23 11:36:41 florian Exp $ |
|
|
|
|
|
|
|
|
|
|
|
server "example.com" { |
|
|
|
|
|
listen on * port 80 |
|
|
|
|
|
listen on :: port 80 |
|
|
|
|
|
location "/.well-known/acme-challenge/*" { |
|
|
|
|
|
root "/acme" |
|
|
|
|
|
root strip 2 |
|
|
|
|
|
} |
|
|
|
|
|
location * { |
|
|
|
|
|
block return 302 "https://$HTTP_HOST$REQUEST_URI" |
|
|
|
|
|
} |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
# A name-based "virtual" server on the same address |
|
|
|
|
|
server "www.example.com" { |
|
|
|
|
|
listen on $ext_addr port 80 |
|
|
|
|
|
|
|
|
|
|
|
# Logging is enabled by default, but it can be turned off per server |
|
|
|
|
|
#no log |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
server "example.com" { |
|
|
|
|
|
listen on * tls port 443 |
|
|
|
|
|
listen on :: tls port 443 |
|
|
|
|
|
tls { |
|
|
|
|
|
certificate "/etc/ssl/example.com.fullchain.pem" |
|
|
|
|
|
key "/etc/ssl/private/example.com.key" |
|
|
|
|
|
} |
|
|
location "/pub/*" { |
|
|
location "/pub/*" { |
|
|
directory auto index |
|
|
directory auto index |
|
|
log style combined |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
location "*.php" { |
|
|
|
|
|
fastcgi socket "/run/php-fpm.sock" |
|
|
|
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
location "/cgi-bin/*" { |
|
|
|
|
|
fastcgi |
|
|
|
|
|
|
|
|
|
|
|
# The /cgi-bin directory is outside of the document root |
|
|
|
|
|
root "/" |
|
|
|
|
|
|
|
|
location "/.well-known/acme-challenge/*" { |
|
|
|
|
|
root "/acme" |
|
|
|
|
|
root strip 2 |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
root "/htdocs/www.example.com" |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
# An HTTPS server using SSL/TLS |
|
|
|
|
|
server "secure.example.com" { |
|
|
|
|
|
listen on 127.0.0.1 tls port 443 |
|
|
|
|
|
|
|
|
|
|
|
# TLS certificate and key files created with acme-client(1) |
|
|
|
|
|
tls certificate "/etc/ssl/example.com.fullchain.pem" |
|
|
|
|
|
tls key "/etc/ssl/private/example.com.key" |
|
|
|
|
|
|
|
|
|
|
|
# Define server-specific log files relative to /logs |
|
|
|
|
|
log { access "secure-access.log", error "secure-error.log" } |
|
|
|
|
|
|
|
|
|
|
|
# Increase connection limits to extend the lifetime |
|
|
|
|
|
connection { max requests 500, timeout 3600 } |
|
|
|
|
|
|
|
|
|
|
|
root "/htdocs/secure.example.com" |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
# Another server on a different internal IPv4 address |
|
|
|
|
|
server "intranet.example.com" { |
|
|
|
|
|
listen on 10.0.0.1 port 80 |
|
|
|
|
|
directory { auto index, index "default.htm" } |
|
|
|
|
|
root "/htdocs/intranet.example.com" |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
# An IPv6-based server on a non-standard port |
|
|
|
|
|
server "ipv6.example.com" { |
|
|
|
|
|
listen on 2001:db8::53f6:3eab port 81 |
|
|
|
|
|
root "/htdocs/ipv6.example.com" |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
# Include MIME types instead of the built-in ones |
|
|
|
|
|
types { |
|
|
|
|
|
include "/usr/share/misc/mime.types" |
|
|
|
|
|
} |
|
|
} |