-
Notifications
You must be signed in to change notification settings - Fork 118
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This commit: - provides a more strict access controll for the httpd ditectories - blocks access to the ftp directories via http paths - removes unused legacy code (mainly related to ignition and coreOS) - where possible 'sed' commands have been removed and replaced with jinja templates - httpd configuration has been modifed to better utilize the modular nature of apache configuration files - environment variable controlled switch has been introduced to the allow/block serving /shared/html/images when "runhttpd" is in use
- Loading branch information
Showing
12 changed files
with
115 additions
and
132 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,82 @@ | ||
ServerRoot "/etc/httpd" | ||
{%- if env.LISTEN_ALL_INTERFACES %} | ||
Listen [::]:{{ env.HTTP_PORT }} | ||
{% else %} | ||
Listen {{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }} | ||
{% endif %} | ||
Include conf.modules.d/*.conf | ||
User apache | ||
Group apache | ||
|
||
ServerAdmin root@localhost | ||
ServerName www.example.com:80 | ||
|
||
<Directory /> | ||
AllowOverride none | ||
Require all denied | ||
</Directory> | ||
|
||
DocumentRoot "/shared/html" | ||
|
||
<Directory "/shared/html"> | ||
Options Indexes FollowSymLinks | ||
AllowOverride None | ||
Require all granted | ||
</Directory> | ||
|
||
{%- if env.HTTPD_SERVE_NODE_IMAGES %} | ||
<Directory "/shared/html/images"> | ||
Options Indexes FollowSymLinks | ||
AllowOverride None | ||
Require all granted | ||
</Directory> | ||
{% endif %} | ||
|
||
<IfModule dir_module> | ||
DirectoryIndex index.html | ||
</IfModule> | ||
|
||
<Files ".ht*"> | ||
Require all denied | ||
</Files> | ||
|
||
ErrorLog "/dev/stderr" | ||
|
||
LogLevel warn | ||
|
||
<IfModule log_config_module> | ||
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined | ||
LogFormat "%h %l %u %t \"%r\" %>s %b" common | ||
<IfModule logio_module> | ||
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio | ||
</IfModule> | ||
CustomLog "/dev/stderr" combined | ||
</IfModule> | ||
|
||
<IfModule mime_module> | ||
TypesConfig /etc/mime.types | ||
AddType application/x-compress .Z | ||
AddType application/x-gzip .gz .tgz | ||
AddType text/html .shtml | ||
AddOutputFilter INCLUDES .shtml | ||
</IfModule> | ||
|
||
AddDefaultCharset UTF-8 | ||
|
||
<IfModule mime_magic_module> | ||
MIMEMagicFile conf/magic | ||
</IfModule> | ||
|
||
PidFile /var/tmp/httpd.pid | ||
|
||
EnableSendfile on | ||
|
||
# http TRACE can be subjected to abuse and should be disabled | ||
TraceEnable off | ||
|
||
# provide minimal server information | ||
ServerTokens Prod | ||
ServerSignature Off | ||
|
||
IncludeOptional conf.d/*.conf | ||
|
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters