diff options
Diffstat (limited to 'lib/inets/examples/server_root/conf/httpd.conf')
-rw-r--r-- | lib/inets/examples/server_root/conf/httpd.conf | 472 |
1 files changed, 224 insertions, 248 deletions
diff --git a/lib/inets/examples/server_root/conf/httpd.conf b/lib/inets/examples/server_root/conf/httpd.conf index e44a45c02c..d74e00bf4a 100644 --- a/lib/inets/examples/server_root/conf/httpd.conf +++ b/lib/inets/examples/server_root/conf/httpd.conf @@ -1,269 +1,245 @@ -# -# %CopyrightBegin% -# -# Copyright Ericsson AB 1997-2022. All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# %CopyrightEnd% -# -# - -# Port: The port the standalone listens to. For ports < 1023, you will -# need httpd to be run as root initially. - -Port 8888 - -# BindAddress: This directive is used to tell the server which IP address -# to listen to. It can either contain "*", an IP address, or a fully -# qualified Internet domain name. -# -# It is also possible to specify the ip-family with the directive. -# There ar three possible value: inet, inet6 and inet6fb4 -# inet: Use IpFamily inet when retrieving the address and -# fail if that does not work. -# inet6: Use IpFamily inet6 when retrieving the address and -# fail if that does not work. -# inet6fb4: First IpFamily inet6 is tried and if that does not work, -# inet is used as fallback. -# Default value for ip-family is inet6fb4 -# -# The syntax is: <address>[|<ip-family>] -# -#BindAddress * -#BindAddress *|inet - - -# ServerName allows you to set a host name which is sent back to clients for -# your server if it's different than the one the program would get (i.e. use -# "www" instead of the host's real name). -# -# Note: You cannot just invent host names and hope they work. The name you -# define here must be a valid DNS name for your host. If you don't understand -# this, ask your network administrator. - -#ServerName your.server.net - -# SocketType is either ip_comm, sockets or ssl. - -SocketType ip_comm - -# Modules: Server run-time plug-in modules written using the Erlang -# Web Server API (EWSAPI). The server API make it easy to add functionality -# to the server. Read more about EWSAPI in the Reference Manual. -# WARNING! Do not tamper with this directive unless you are familiar with -# EWSAPI. - -Modules mod_alias mod_auth mod_esi mod_actions mod_cgi mod_responsecontrol mod_trace mod_range mod_head mod_dir mod_get mod_log mod_disk_log - -# ServerAdmin: Your address, where problems with the server should be -# e-mailed. +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 1997-2023. All Rights Reserved. +%% +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. +%% +%% %CopyrightEnd% +%% +%% +%% +%% Port: The port the standalone listens to. For ports < 1023, you will +%% need httpd to be run as root initially. + +[{port, 8888}, + +%% BindAddress: This directive is used to tell the server which IP address +%% to listen to. It can either contain "*", an IP address, or a fully +%% qualified Internet domain name. +%% +%% It is also possible to specify the ip-family with the directive. +%% There ar three possible value: inet, inet6 and inet6fb4 +%% inet: Use IpFamily inet when retrieving the address and +%% fail if that does not work. +%% inet6: Use IpFamily inet6 when retrieving the address and +%% fail if that does not work. +%% inet6fb4: First IpFamily inet6 is tried and if that does not work, +%% inet is used as fallback. +%% Default value for ip-family is inet6fb4 +%% +%% The syntax is: <address>[|<ip-family>] +%% +%%BindAddress * +%%BindAddress *|inet + + +%% ServerName allows you to set a host name which is sent back to clients for +%% your server if it's different than the one the program would get (i.e. use +%% "www" instead of the host's real name). +%% +%% Note: You cannot just invent host names and hope they work. The name you +%% define here must be a valid DNS name for your host. If you don't understand +%% this, ask your network administrator. + +{server_name, "your.server.net"}, + +%% SocketType is either ip_comm, sockets or ssl. + +{socket_type, ip_comm}, + +%% Point certfile to a PEM encoded certificate. If the key is not combined +%% with the certificate, use keyfile directive to point to the key file. +%{socket_type, {ssl, [{certfile, "/var/tmp/server_root/ssl/ssl_server.pem"}, +% {keyfile, "/var/tmp/server_root/ssl/ssl_server.pem"}, +% {verify, verify_none}]}}, + +%% Modules: Server run-time plug-in modules written using the Erlang +%% Web Server API (EWSAPI). The server API make it easy to add functionality +%% to the server. Read more about EWSAPI in the Reference Manual. +%% WARNING! Do not tamper with this directive unless you are familiar with +%% EWSAPI. + +{modules, [mod_alias,mod_auth,mod_esi,mod_actions,mod_cgi,mod_responsecontrol, + mod_trace,mod_range,mod_head,mod_dir,mod_get,mod_log,mod_disk_log]}, + +%% ServerAdmin: Your address, where problems with the server should be +%% e-mailed. + +{server_admin, "jocke@erix.ericsson.se"}, + +%% ServerRoot: The directory the server's config, error, and log files +%% are kept in + +{server_root, "/var/tmp/server_root"}, + +%% ErrorLog: The location of the error log file. If this does not start +%% with /, ServerRoot is prepended to it. + +{error_log, "logs/error_log"}, + +%% TransferLog: The location of the transfer log file. If this does not +%% start with /, ServerRoot is prepended to it. + +{transfer_log, "logs/access_log"} + +%% SecurityLog: The location of the security log file (mod_security required) + +{security_log, "logs/security_log"}, + +%% ErrorDiskLog: The location of the error log file. If this does not +%% start with /, ServerRoot is prepended to it. This log file is managed +%% with the disk_log module [See disk_log(3)]. The ErrorDiskLogSize directive +%% takes two argument, i.e. MaxBytes and MaxFiles. The wrap log writes at most +%% MaxBytes bytes on each file, and it uses MaxFiles files before it wraps, and +%% truncates the first file. + +{error_disk_log, "logs/error_disk_log"}, +{error_disk_log_size, {200000,10}}, -ServerAdmin jocke@erix.ericsson.se +%% TransferDiskLog: The location of the transfer log file. If this does not +%% start with /, ServerRoot is prepended to it. This log file is managed +%% with the disk_log module [See disk_log(3)]. The TransferDiskLogSize directive +%% takes two argument, i.e. MaxBytes and MaxFiles. The wrap log writes at most +%% MaxBytes bytes on each file, and it uses MaxFiles files before it wraps, and +%% truncates the first file. -# ServerRoot: The directory the server's config, error, and log files -# are kept in - -ServerRoot /var/tmp/server_root - -# ErrorLog: The location of the error log file. If this does not start -# with /, ServerRoot is prepended to it. +{transfer_disk_log, "logs/access_disk_log"}, +{transfer_disk_log_size, {200000,10}}, -ErrorLog logs/error_log +%% SecurityDiskLog: The location of the security log file. If this does not +%% start with /, ServerRoot is prepended to it. This log file is managed +%% with the disk_log module [See disk_log(3)]. The SecurityDiskLogSize directive +%% takes two argument, i.e. MaxBytes and MaxFiles. The wrap log writes at most +%% MaxBytes bytes on each file, and it uses MaxFiles files before it wraps, and +%% truncates the first file. -# TransferLog: The location of the transfer log file. If this does not -# start with /, ServerRoot is prepended to it. +{security_disk_log, "logs/security_disk_log"}, +{security_disk_log_size, {200000,10}}, -TransferLog logs/access_log +%% Limit on total number of servers running, i.e., limit on the number +%% of clients who can simultaneously connect --- if this limit is ever +%% reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW. +%% It is intended mainly as a brake to keep a runaway server from taking +%% the server with it as it spirals down... -# SecurityLog: The location of the security log file (mod_security required) -# -SecurityLog logs/security_log +{max_clients, 50}, -# ErrorDiskLog: The location of the error log file. If this does not -# start with /, ServerRoot is prepended to it. This log file is managed -# with the disk_log module [See disk_log(3)]. The ErrorDiskLogSize directive -# takes two argument, i.e. MaxBytes and MaxFiles. The wrap log writes at most -# MaxBytes bytes on each file, and it uses MaxFiles files before it wraps, and -# truncates the first file. +%% KeepAlive set the flag for persistent connections. For persistent connections +%% set KeepAlive to on. To use One request per connection set the flag to off +%% Note: The value has changed since previous version of INETS. +{keep_alive, false}, -ErrorDiskLog logs/error_disk_log -ErrorDiskLogSize 200000 10 +%% KeepAliveTimeout sets the number of seconds before a persistent connection +%% times out and closes. +{keep_alive_timeout, 10}, -# TransferDiskLog: The location of the transfer log file. If this does not -# start with /, ServerRoot is prepended to it. This log file is managed -# with the disk_log module [See disk_log(3)]. The TransferDiskLogSize directive -# takes two argument, i.e. MaxBytes and MaxFiles. The wrap log writes at most -# MaxBytes bytes on each file, and it uses MaxFiles files before it wraps, and -# truncates the first file. +%% MaxKeepAliveRequests sets the number of seconds before a persistent connection +%% times out and closes. +{max_keep_alive_requests, "10"}, -TransferDiskLog logs/access_disk_log -TransferDiskLogSize 200000 10 +%% DocumentRoot: The directory out of which you will serve your +%% documents. By default, all requests are taken from this directory, but +%% symbolic links and aliases may be used to point to other locations. -# SecurityDiskLog: The location of the security log file. If this does not -# start with /, ServerRoot is prepended to it. This log file is managed -# with the disk_log module [See disk_log(3)]. The SecurityDiskLogSize directive -# takes two argument, i.e. MaxBytes and MaxFiles. The wrap log writes at most -# MaxBytes bytes on each file, and it uses MaxFiles files before it wraps, and -# truncates the first file. +{document_root, "/var/tmp/server_root/htdocs"}, -SecurityDiskLog logs/security_disk_log -SecurityDiskLogSize 200000 10 +%% DirectoryIndex: Name of the file or files to use as a pre-written HTML +%% directory index. Separate multiple entries with spaces. -# Limit on total number of servers running, i.e., limit on the number -# of clients who can simultaneously connect --- if this limit is ever -# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW. -# It is intended mainly as a brake to keep a runaway server from taking -# the server with it as it spirals down... +{directory_index, ["index.html","welcome.html"]}, -MaxClients 50 +%% DefaultType is the default MIME type for documents which the server +%% cannot find the type of from filename extensions. -# KeepAlive set the flag for persistent connections. For persistent connections -# set KeepAlive to on. To use One request per connection set the flag to off -# Note: The value has changed since previous version of INETS. -KeepAlive on +{default_type, "text/plain"}, -# KeepAliveTimeout sets the number of seconds before a persistent connection -# times out and closes. -KeepAliveTimeout 10 +%% Aliases: Add here as many aliases as you need (with no limit). The format is +%% Alias fakename realname -# MaxKeepAliveRequests sets the number of seconds before a persistent connection -# times out and closes. -MaxKeepAliveRequests 10 +{alias, {"/icons/", "/var/tmp/server_root/icons/"}}, +{alias, {"/pics/", "/var/tmp/server_root/icons/"}}, +%% ScriptAlias: This controls which directories contain server scripts. +%% Format: ScriptAlias fakename realname +{script_alias, {"/cgi-bin/", "/var/tmp/server_root/cgi-bin/"}}, +{script_alias, {"/htbin/", "/var/tmp/server_root/cgi-bin/"}}, -# DocumentRoot: The directory out of which you will serve your -# documents. By default, all requests are taken from this directory, but -# symbolic links and aliases may be used to point to other locations. +%% This directive adds an action, which will activate cgi-script when a +%% file is requested using the method of method, which can be one of +%% GET, POST and HEAD. It sends the URL and file path of the requested +%% document using the standard CGI PATH_INFO and PATH_TRANSLATED +%% environment variables. -DocumentRoot /var/tmp/server_root/htdocs - -# DirectoryIndex: Name of the file or files to use as a pre-written HTML -# directory index. Separate multiple entries with spaces. - -DirectoryIndex index.html welcome.html - -# DefaultType is the default MIME type for documents which the server -# cannot find the type of from filename extensions. - -DefaultType text/plain - -# Aliases: Add here as many aliases as you need (with no limit). The format is -# Alias fakename realname - -Alias /icons/ /var/tmp/server_root/icons/ -Alias /pics/ /var/tmp/server_root/icons/ - -# ScriptAlias: This controls which directories contain server scripts. -# Format: ScriptAlias fakename realname - -ScriptAlias /cgi-bin/ /var/tmp/server_root/cgi-bin/ -ScriptAlias /htbin/ /var/tmp/server_root/cgi-bin/ - -# This directive adds an action, which will activate cgi-script when a -# file is requested using the method of method, which can be one of -# GET, POST and HEAD. It sends the URL and file path of the requested -# document using the standard CGI PATH_INFO and PATH_TRANSLATED -# environment variables. - -#Script HEAD /cgi-bin/printenv.sh - -# This directive adds an action, which will activate cgi-script when a -# file of content type mime-type is requested. It sends the URL and -# file path of the requested document using the standard CGI PATH_INFO -# and PATH_TRANSLATED environment variables. - -#Action image/gif /cgi-bin/printenv.sh - -# ErlScriptAlias: This specifies how "Erl" server scripts are called. -# Format: ErlScriptAlias fakename realname allowed_modules - -ErlScriptAlias /down/erl httpd_example io - -# EvalScriptAlias: This specifies how "Eval" server scripts are called. -# Format: EvalScriptAlias fakename realname allowed_modules - -EvalScriptAlias /eval httpd_example io - -# Point SSLCertificateFile at a PEM encoded certificate. - -SSLCertificateFile /var/tmp/server_root/ssl/ssl_server.pem - -# If the key is not combined with the certificate, use this directive to -# point at the key file. - -SSLCertificateKeyFile /var/tmp/server_root/ssl/ssl_server.pem - -# Set SSLVerifyClient to: -# 0 if no certificate is required -# 1 if the client may present a valid certificate -# 2 if the client must present a valid certificate -# 3 if the client may present a valid certificate but it is not required to -# have a valid CA - -SSLVerifyClient 0 - -# Each directory to which INETS has access, can be configured with respect -# to which services and features are allowed and/or disabled in that -# directory (and its subdirectories). - -<Directory /var/tmp/server_root/htdocs/open> -AuthDBType plain -AuthName Open Area -AuthUserFile /var/tmp/server_root/auth/passwd -AuthGroupFile /var/tmp/server_root/auth/group -require user one Aladdin -</Directory> - -<Directory /var/tmp/server_root/htdocs/secret> -AuthDBType plain -AuthName Secret Area -AuthUserFile /var/tmp/server_root/auth/passwd -AuthGroupFile /var/tmp/server_root/auth/group -require group group1 group2 -</Directory> - -<Directory /var/tmp/server_root/htdocs/secret/top_secret> -AuthDBType plain -AuthName Top Secret Area -AuthUserFile /var/tmp/server_root/auth/passwd -AuthGroupFile /var/tmp/server_root/auth/group -require group group3 -</Directory> - -<Directory /var/tmp/server_root/htdocs/mnesia_open> -AuthDBType mnesia -AuthName Open Area -require user one Aladdin -</Directory> - -<Directory /var/tmp/server_root/htdocs/mnesia_secret> -AuthDBType mnesia -AuthName Secret Area -require group group1 group2 -</Directory> - -<Directory /var/tmp/server_root/htdocs/mnesia_secret/top_secret> -AuthDBType mnesia -AuthName Top Secret Area -require group group3 -allow from 130.100.34 130.100.35 -deny from 100.234.22.12 194.100.34.1 130.100.34.25 -SecurityDataFile logs/security_data -SecurityMaxRetries 3 -SecurityBlockTime 10 -SecurityFailExpireTime 1 -SecurityAuthTimeout 1 -SecurityCallbackModule security_callback -</Directory> +%%{script, {"HEAD", "/cgi-bin/printenv.sh"}} + +%% This directive adds an action, which will activate cgi-script when a +%% file of content type mime-type is requested. It sends the URL and +%% file path of the requested document using the standard CGI PATH_INFO +%% and PATH_TRANSLATED environment variables. + +%%{action, {"image/gif", "/cgi-bin/printenv.sh"}}, + +%% ErlScriptAlias: This specifies how "Erl" server scripts are called. +%% Format: ErlScriptAlias fakename realname allowed_modules + +{erl_script_alias, {"/down/erl", [httpd_example]}}, + +%% Each directory to which INETS has access, can be configured with respect +%% to which services and features are allowed and/or disabled in that +%% directory (and its subdirectories). + +{directory, {"/var/tmp/server_root/htdocs/open", + [{require,["user","one","Aladdin"]}, + {auth_group_file,"/var/tmp/server_root/auth/group"}, + {auth_user_file,"/var/tmp/server_root/auth/passwd"}, + {auth_name,"Open Area"}, + {auth_type,"plain"}]}}, + +{directory, {"/var/tmp/server_root/htdocs/secret", + [{require,["group","group1","group2"]}, + {auth_group_file,"/var/tmp/server_root/auth/group"}, + {auth_user_file,"/var/tmp/server_root/auth/passwd"}, + {auth_name,"Secret Area"}, + {auth_type,"plain"}]}}, + +{directory, {"/var/tmp/server_root/htdocs/secret/top_secret", + [{require,["group","group3"]}, + {auth_group_file,"/var/tmp/server_root/auth/group"}, + {auth_user_file,"/var/tmp/server_root/auth/passwd"}, + {auth_name,"Top Secret Area"}, + {auth_type,"plain"}]}}, + +{directory, {"/var/tmp/server_root/htdocs/mnesia_open", + [{require,["user","one","Aladdin"]}, + {auth_name,"Open Area"}, + {auth_type,"mnesia"}]}}, + +{directory, {"/var/tmp/server_root/htdocs/mnesia_secret", + [{require,["group","group1","group2"]}, + {auth_name,"Secret Area"}, + {auth_type,"mnesia"}]}}, + +{directory, {"/var/tmp/server_root/htdocs/mnesia_secret/top_secret", + [{security_callback_module,"security_callback"}, + {security_auth_timeout,1}, + {security_fail_expire_time,1}, + {security_block_time,10}, + {security_max_retries,3}, + {security_data_file,"logs/security_data"}, + {deny_from,["100.234.22.12","194.100.34.1","130.100.34.25"]}, + {allow_from,["130.100.34","130.100.35"]}, + {require,["group","group3"]}, + {auth_name,"Top Secret Area"}, + {auth_type,"mnesia"}]}}]. |