swarmlab registry

docker-compose.yaml

@@ -0,0 +1,40 @@
+  proxy:
+    image: lzrbear/docker-apache2-ubuntu:16.04
+    restart: always
+    container_name: proxy
+    ports:
+      - 5080:8080
+      - 5043:443
+    links:
+      - registry:registry
+    volumes:
+      - "/var/lab/registry/etc/apache2/domain.crt:/usr/local/apache2/conf/domain.crt"
+      - "/var/lab/registry/etc/apache2/domain.key:/usr/local/apache2/conf/domain.key"
+      - "/var/lab/registry/etc/apache2/httpd.groups:/usr/local/apache2/conf/httpd.groups"
+      - "/var/lab/registry/etc/apache2/httpd.htpasswd:/usr/local/apache2/conf/httpd.htpasswd"
+      - "/var/lab/registry/modules/apache2.conf:/etc/apache2/apache2.conf"
+      - "/var/lab/registry/modules/000-default.conf:/etc/apache2/sites-enabled/000-default.conf"
+      - "/var/lab/registry/modules/ports.conf:/etc/apache2/ports.conf"
+      - "/var/lab/registry/modules/headers.load:/etc/apache2/mods-enabled/headers.load"
+      - "/var/lab/registry/modules/mod_ssl.load:/etc/apache2/mods-enabled/mod_ssl.load"
+      - "/var/lab/registry/modules/mod_ssl.conf:/etc/apache2/mods-enabled/mod_ssl.conf"
+      - "/var/lab/registry/modules/authz_groupfile.load:/etc/apache2/mods-enabled/authz_groupfile.load"
+      - "/var/lab/registry/modules/proxy.load:/etc/apache2/mods-enabled/proxy.load"
+      - "/var/lab/registry/modules/proxy_http.load:/etc/apache2/mods-enabled/proxy_http.load"
+      - "/var/lab/registry/modules/authn_file.load:/etc/apache2/mods-enabled/authn_file.load"
+      - "/var/lab/registry/modules/authn_core.load:/etc/apache2/mods-enabled/authn_core.load"
+      - "/var/lab/registry/modules/authz_user.load:/etc/apache2/mods-enabled/authz_user.load"
+      - "/var/lab/registry/modules/authz_core.load:/etc/apache2/mods-enabled/authz_core.load"
+      - "/var/lab/registry/modules/auth_basic.load:/etc/apache2/mods-enabled/auth_basic.load"
+      - "/var/lab/registry/modules/access_compat.load:/etc/apache2/mods-enabled/access_compat.load"
+
+
+  registry:
+    image: registry:2
+    restart: always
+    container_name: registry
+    ports:
+      - 5000:5000
+    volumes:
+      - "/var/lab/registry-data:/var/lib/registry"
+

files/create.auth-files.sh

@@ -0,0 +1,8 @@
+# create a password file for "testuser" and "testpassword"
+docker run --entrypoint htpasswd httpd:2.4 -Bbn testuser testpassword > httpd.htpasswd
+# Create another one for "testuserpush" and "testpasswordpush"
+docker run --entrypoint htpasswd httpd:2.4 -Bbn testuserpush testpasswordpush >> httpd.htpasswd
+
+# Create your group file
+echo "pusher: testuserpush" > httpd.groups
+

files/create.ertificate-files.sh

@@ -0,0 +1,9 @@
+# Important
+# Add your IP in subjectAltName in the openssl.cnf before generating i
+# certssudo vi /etc/ssl/openssl.cnf
+# Add this line
+#subjectAltName=IP:192.168.0.2
+mkdir -p ./certs
+openssl req \
+  -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
+  -x509 -days 365 -out certs/domain.crt

files/etc/apache2/domain.crt

@@ -0,0 +1,3 @@
+-----BEGIN CERTIFICATE-----
+paste here crt
+-----END CERTIFICATE-----

files/etc/apache2/domain.key

@@ -0,0 +1,3 @@
+-----BEGIN PRIVATE KEY-----
+paste here you key
+-----END PRIVATE KEY-----

files/etc/apache2/httpd.conf

@@ -0,0 +1,188 @@
+LoadModule headers_module modules/mod_headers.so
+
+LoadModule authn_file_module modules/mod_authn_file.so
+LoadModule authn_core_module modules/mod_authn_core.so
+LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
+LoadModule authz_user_module modules/mod_authz_user.so
+LoadModule authz_core_module modules/mod_authz_core.so
+LoadModule auth_basic_module modules/mod_auth_basic.so
+LoadModule access_compat_module modules/mod_access_compat.so
+
+LoadModule log_config_module modules/mod_log_config.so
+
+LoadModule ssl_module modules/mod_ssl.so
+
+LoadModule proxy_module modules/mod_proxy.so
+LoadModule proxy_http_module modules/mod_proxy_http.so
+
+LoadModule unixd_module modules/mod_unixd.so
+
+LoadModule mpm_event_module modules/mod_mpm_event.so
+LoadModule authz_host_module modules/mod_authz_host.so
+LoadModule reqtimeout_module modules/mod_reqtimeout.so
+LoadModule filter_module modules/mod_filter.so
+LoadModule mime_module modules/mod_mime.so
+LoadModule env_module modules/mod_env.so
+LoadModule setenvif_module modules/mod_setenvif.so
+LoadModule version_module modules/mod_version.so
+LoadModule status_module modules/mod_status.so
+LoadModule autoindex_module modules/mod_autoindex.so
+<IfModule ssl_module>
+    SSLRandomSeed startup builtin
+    SSLRandomSeed connect builtin
+</IfModule>
+
+<IfModule unixd_module>
+    User daemon
+    Group daemon
+</IfModule>
+
+ServerAdmin you@example.com
+
+ErrorLog /proc/self/fd/2
+
+LogLevel warn
+
+<IfModule log_config_module>
+    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+    LogFormat "%h %l %u %t \"%r\" %>s %b" common
+
+    <IfModule logio_module>
+      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
+    </IfModule>
+
+    CustomLog /proc/self/fd/1 common
+</IfModule>
+
+ServerRoot "/usr/local/apache2"
+
+Listen 443
+
+<Directory />
+    AllowOverride none
+    Require all denied
+</Directory>
+
+<IfModule !mpm_prefork_module>
+	#LoadModule cgid_module modules/mod_cgid.so
+</IfModule>
+<IfModule mpm_prefork_module>
+	#LoadModule cgi_module modules/mod_cgi.so
+</IfModule>
+LoadModule dir_module modules/mod_dir.so
+LoadModule alias_module modules/mod_alias.so
+
+<Directory />
+    AllowOverride none
+    Require all denied
+</Directory>
+
+DocumentRoot "/usr/local/apache2/htdocs"
+<Directory "/usr/local/apache2/htdocs">
+    Options Indexes FollowSymLinks
+
+    AllowOverride None
+
+    Require all granted
+</Directory>
+
+<IfModule dir_module>
+    DirectoryIndex index.html
+</IfModule>
+
+<Files ".ht*">
+    Require all denied
+</Files>
+
+
+<IfModule alias_module>
+    ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/"
+
+</IfModule>
+
+<IfModule cgid_module>
+    #Scriptsock cgisock
+</IfModule>
+
+#
+<Directory "/usr/local/apache2/cgi-bin">
+    AllowOverride None
+    Options None
+    Require all granted
+</Directory>
+
+<IfModule headers_module>
+    RequestHeader unset Proxy early
+</IfModule>
+
+<IfModule mime_module>
+    TypesConfig conf/mime.types
+
+    AddType application/x-compress .Z
+    AddType application/x-gzip .gz .tgz
+
+
+</IfModule>
+
+<IfModule proxy_html_module>
+#Include conf/extra/proxy-html.conf
+</IfModule>
+
+<VirtualHost *:443>
+
+  ServerName localhost
+
+  SSLEngine on
+  SSLCertificateFile /usr/local/apache2/conf/domain.crt
+  SSLCertificateKeyFile /usr/local/apache2/conf/domain.key
+
+  ## SSL settings recommendation from: https://raymii.org/s/tutorials/Strong_SSL_Security_On_Apache2.html
+  # Anti CRIME
+  SSLCompression off
+
+  # POODLE and other stuff
+  SSLProtocol all -SSLv2 -SSLv3 -TLSv1
+
+  # Secure cypher suites
+  SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
+  SSLHonorCipherOrder on
+
+  Header always set "Docker-Distribution-Api-Version" "registry/2.0"
+  Header onsuccess set "Docker-Distribution-Api-Version" "registry/2.0"
+Header always set Strict-Transport-Security "max-age=max-age=15552000; includeSubdomains; preload"
+Header set Public-Key-Pins "pin-sha256=\"redacted=\"; max-age=15552000; includeSubdomains;"
+  # add for uknow blob
+  Header add X-Forwarded-Proto "https"
+  RequestHeader add X-Forwarded-Proto "https"
+  RequestHeader set X-Forwarded-Proto "https"
+
+  ProxyRequests     off
+  ProxyPreserveHost on
+
+  # no proxy for /error/ (Apache HTTPd errors messages)
+  ProxyPass /error/ !
+
+  ProxyPass        /v2 http://registry:5000/v2
+  ProxyPassReverse /v2 http://registry:5000/v2
+
+  <Location /v2>
+    Order deny,allow
+    Allow from all
+    AuthName "Registry Authentication"
+    AuthType basic
+    AuthUserFile "/usr/local/apache2/conf/httpd.htpasswd"
+    AuthGroupFile "/usr/local/apache2/conf/httpd.groups"
+
+    # Read access to authentified users
+    <Limit GET HEAD>
+      Require valid-user
+    </Limit>
+
+    # Write access to docker-deployer only
+    <Limit POST PUT DELETE PATCH>
+      Require group pusher
+    </Limit>
+
+  </Location>
+
+</VirtualHost>

files/etc/apache2/httpd.groups

@@ -0,0 +1 @@
+pusher: username

files/etc/apache2/httpd.htpasswd

@@ -0,0 +1,3 @@
+user1:password
+...
+usern:password

files/modules/000-default.conf

@@ -0,0 +1,106 @@
+ServerName localhost
+<IfModule ssl_module>
+    SSLRandomSeed startup builtin
+    SSLRandomSeed connect builtin
+</IfModule>
+<VirtualHost *:8080>
+    ServerName registry.vlabs.uniwa.gr
+
+        ErrorLog ${APACHE_LOG_DIR}/error.log
+        CustomLog ${APACHE_LOG_DIR}/access.log combined
+    SSLEngine On
+  SSLCertificateFile /usr/local/apache2/conf/domain.crt
+  SSLCertificateKeyFile /usr/local/apache2/conf/domain.key
+
+    SSLCompression off
+    SSLProtocol all -SSLv2 -SSLv3 -TLSv1
+    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
+    SSLHonorCipherOrder on
+
+    Header always set "Docker-Distribution-Api-Version" "registry/2.0"
+    Header onsuccess set "Docker-Distribution-Api-Version" "registry/2.0"
+    RequestHeader set X-Forwarded-Proto "https"
+
+    ProxyRequests     Off
+    ProxyPreserveHost On
+    ProxyPass /error/ !
+    ProxyPass        /v2 http://registry.vlabs.uniwa.gr:5000/v2
+    ProxyPassReverse /v2 http://registry.vlabs.uniwa.gr:5000/v2
+
+  <Location /v2>
+        #SSLRequireSSL
+
+       # Order allow,deny
+       # Allow from all
+    # Read access to authentified users
+    <Limit GET HEAD>
+        Order allow,deny
+        Allow from all
+      #Require valid-user
+    </Limit>
+
+    # Write access to docker-deployer only
+    <Limit POST PUT DELETE PATCH>
+            Order deny,allow
+            Deny from all
+      #Require group pusher
+    </Limit>
+
+  </Location>
+
+
+</VirtualHost>
+
+
+
+
+
+
+<VirtualHost *:443>
+    ServerName registry.vlabs.uniwa.gr
+
+        ErrorLog ${APACHE_LOG_DIR}/error5043.log
+        CustomLog ${APACHE_LOG_DIR}/access5043.log combined
+    SSLEngine On
+  SSLCertificateFile /usr/local/apache2/conf/domain.crt
+  SSLCertificateKeyFile /usr/local/apache2/conf/domain.key
+
+    SSLCompression off
+    SSLProtocol all -SSLv2 -SSLv3 -TLSv1
+    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
+    SSLHonorCipherOrder on
+
+    Header always set "Docker-Distribution-Api-Version" "registry/2.0"
+    Header onsuccess set "Docker-Distribution-Api-Version" "registry/2.0"
+    RequestHeader set X-Forwarded-Proto "https"
+
+    ProxyRequests     Off
+    ProxyPreserveHost On
+    ProxyPass /error/ !
+    ProxyPass        /v2 http://registry.vlabs.uniwa.gr:5000/v2
+    ProxyPassReverse /v2 http://registry.vlabs.uniwa.gr:5000/v2
+
+  <Location /v2>
+        #SSLRequireSSL
+
+    Order deny,allow
+    Allow from all
+    AuthName "Registry Authentication"
+    AuthType basic
+    AuthUserFile "/usr/local/apache2/conf/httpd.htpasswd"
+    AuthGroupFile "/usr/local/apache2/conf/httpd.groups"
+
+    # Read access to authentified users
+    <Limit GET HEAD>
+      Require valid-user
+    </Limit>
+
+    # Write access to docker-deployer only
+    <Limit POST PUT DELETE PATCH>
+      Require group pusher
+    </Limit>
+
+  </Location>
+
+
+</VirtualHost>

files/modules/access_compat.load

@@ -0,0 +1,2 @@
+# Depends: authn_core
+LoadModule access_compat_module /usr/lib/apache2/modules/mod_access_compat.so

files/modules/actions.conf

@@ -0,0 +1,11 @@
+# a2enmod-note: needs-configuration
+
+#
+# Action lets you define media types that will execute a script whenever
+# a matching file is called. This eliminates the need for repeated URL
+# pathnames for oft-used CGI file processors.
+# Format: Action media/type /cgi-script/location
+# Format: Action handler-name /cgi-script/location
+#
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

files/modules/actions.load

@@ -0,0 +1 @@
+LoadModule actions_module /usr/lib/apache2/modules/mod_actions.so

files/modules/alias.conf

@@ -0,0 +1,24 @@
+<IfModule alias_module>
+	# Aliases: Add here as many aliases as you need (with no limit). The format is
+	# Alias fakename realname
+	#
+	# Note that if you include a trailing / on fakename then the server will
+	# require it to be present in the URL.  So "/icons" isn't aliased in this
+	# example, only "/icons/".  If the fakename is slash-terminated, then the
+	# realname must also be slash terminated, and if the fakename omits the
+	# trailing slash, the realname must also omit it.
+	#
+	# We include the /icons/ alias for FancyIndexed directory listings.  If
+	# you do not use FancyIndexing, you may comment this out.
+
+	Alias /icons/ "/usr/share/apache2/icons/"
+
+	<Directory "/usr/share/apache2/icons">
+		Options FollowSymlinks
+		AllowOverride None
+		Require all granted
+	</Directory>
+
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

files/modules/alias.load

@@ -0,0 +1 @@
+LoadModule alias_module /usr/lib/apache2/modules/mod_alias.so

files/modules/allowmethods.load

@@ -0,0 +1 @@
+LoadModule allowmethods_module /usr/lib/apache2/modules/mod_allowmethods.so

files/modules/apache2.conf

@@ -0,0 +1,227 @@
+# This is the main Apache server configuration file.  It contains the
+# configuration directives that give the server its instructions.
+# See http://httpd.apache.org/docs/2.4/ for detailed information about
+# the directives and /usr/share/doc/apache2/README.Debian about Debian specific
+# hints.
+#
+#
+# Summary of how the Apache 2 configuration works in Debian:
+# The Apache 2 web server configuration in Debian is quite different to
+# upstream's suggested way to configure the web server. This is because Debian's
+# default Apache2 installation attempts to make adding and removing modules,
+# virtual hosts, and extra configuration directives as flexible as possible, in
+# order to make automating the changes and administering the server as easy as
+# possible.
+
+# It is split into several files forming the configuration hierarchy outlined
+# below, all located in the /etc/apache2/ directory:
+#
+#	/etc/apache2/
+#	|-- apache2.conf
+#	|	`--  ports.conf
+#	|-- mods-enabled
+#	|	|-- *.load
+#	|	`-- *.conf
+#	|-- conf-enabled
+#	|	`-- *.conf
+# 	`-- sites-enabled
+#	 	`-- *.conf
+#
+#
+# * apache2.conf is the main configuration file (this file). It puts the pieces
+#   together by including all remaining configuration files when starting up the
+#   web server.
+#
+# * ports.conf is always included from the main configuration file. It is
+#   supposed to determine listening ports for incoming connections which can be
+#   customized anytime.
+#
+# * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/
+#   directories contain particular configuration snippets which manage modules,
+#   global configuration fragments, or virtual host configurations,
+#   respectively.
+#
+#   They are activated by symlinking available configuration files from their
+#   respective *-available/ counterparts. These should be managed by using our
+#   helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See
+#   their respective man pages for detailed information.
+#
+# * The binary is called apache2. Due to the use of environment variables, in
+#   the default configuration, apache2 needs to be started/stopped with
+#   /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not
+#   work with the default configuration.
+
+
+# Global configuration
+#
+
+#
+# ServerRoot: The top of the directory tree under which the server's
+# configuration, error, and log files are kept.
+#
+# NOTE!  If you intend to place this on an NFS (or otherwise network)
+# mounted filesystem then please read the Mutex documentation (available
+# at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>);
+# you will save yourself a lot of trouble.
+#
+# Do NOT add a slash at the end of the directory path.
+#
+#ServerRoot "/etc/apache2"
+
+#
+# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
+#
+#Mutex file:${APACHE_LOCK_DIR} default
+
+#
+# The directory where shm and other runtime files will be stored.
+#
+
+DefaultRuntimeDir ${APACHE_RUN_DIR}
+
+#
+# PidFile: The file in which the server should record its process
+# identification number when it starts.
+# This needs to be set in /etc/apache2/envvars
+#
+PidFile ${APACHE_PID_FILE}
+
+#
+# Timeout: The number of seconds before receives and sends time out.
+#
+Timeout 300
+
+#
+# KeepAlive: Whether or not to allow persistent connections (more than
+# one request per connection). Set to "Off" to deactivate.
+#
+KeepAlive On
+
+#
+# MaxKeepAliveRequests: The maximum number of requests to allow
+# during a persistent connection. Set to 0 to allow an unlimited amount.
+# We recommend you leave this number high, for maximum performance.
+#
+MaxKeepAliveRequests 100
+
+#
+# KeepAliveTimeout: Number of seconds to wait for the next request from the
+# same client on the same connection.
+#
+KeepAliveTimeout 5
+
+
+# These need to be set in /etc/apache2/envvars
+User ${APACHE_RUN_USER}
+Group ${APACHE_RUN_GROUP}
+
+#
+# HostnameLookups: Log the names of clients or just their IP addresses
+# e.g., www.apache.org (on) or 204.62.129.132 (off).
+# The default is off because it'd be overall better for the net if people
+# had to knowingly turn this feature on, since enabling it means that
+# each client request will result in AT LEAST one lookup request to the
+# nameserver.
+#
+HostnameLookups Off
+
+# ErrorLog: The location of the error log file.
+# If you do not specify an ErrorLog directive within a <VirtualHost>
+# container, error messages relating to that virtual host will be
+# logged here.  If you *do* define an error logfile for a <VirtualHost>
+# container, that host's errors will be logged there and not here.
+#
+ErrorLog ${APACHE_LOG_DIR}/error.log
+
+#
+# LogLevel: Control the severity of messages logged to the error_log.
+# Available values: trace8, ..., trace1, debug, info, notice, warn,
+# error, crit, alert, emerg.
+# It is also possible to configure the log level for particular modules, e.g.
+# "LogLevel info ssl:warn"
+#
+LogLevel warn
+
+# Include module configuration:
+IncludeOptional mods-enabled/*.load
+IncludeOptional mods-enabled/*.conf
+
+# Include list of ports to listen on
+Include ports.conf
+
+
+# Sets the default security model of the Apache2 HTTPD server. It does
+# not allow access to the root filesystem outside of /usr/share and /var/www.
+# The former is used by web applications packaged in Debian,
+# the latter may be used for local directories served by the web server. If
+# your system is serving content from a sub-directory in /srv you must allow
+# access here, or in any related virtual host.
+<Directory />
+	Options FollowSymLinks
+	AllowOverride None
+	Require all denied
+</Directory>
+
+<Directory /usr/share>
+	AllowOverride None
+	Require all granted
+</Directory>
+
+<Directory /var/www/>
+	Options Indexes FollowSymLinks
+	AllowOverride None
+	Require all granted
+</Directory>
+
+#<Directory /srv/>
+#	Options Indexes FollowSymLinks
+#	AllowOverride None
+#	Require all granted
+#</Directory>
+
+
+
+
+# AccessFileName: The name of the file to look for in each directory
+# for additional configuration directives.  See also the AllowOverride
+# directive.
+#
+AccessFileName .htaccess
+
+#
+# The following lines prevent .htaccess and .htpasswd files from being
+# viewed by Web clients.
+#
+<FilesMatch "^\.ht">
+	Require all denied
+</FilesMatch>
+
+
+#
+# The following directives define some format nicknames for use with
+# a CustomLog directive.
+#
+# These deviate from the Common Log Format definitions in that they use %O
+# (the actual bytes sent including headers) instead of %b (the size of the
+# requested file), because the latter makes it impossible to detect partial
+# requests.
+#
+# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
+# Use mod_remoteip instead.
+#
+LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%h %l %u %t \"%r\" %>s %O" common
+LogFormat "%{Referer}i -> %U" referer
+LogFormat "%{User-agent}i" agent
+
+# Include of directories ignores editors' and dpkg's backup files,
+# see README.Debian for details.
+
+# Include generic snippets of statements
+IncludeOptional conf-enabled/*.conf
+
+# Include the virtual host configurations:
+IncludeOptional sites-enabled/*.conf
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

files/modules/asis.load

@@ -0,0 +1,2 @@
+# Depends: mime
+LoadModule asis_module /usr/lib/apache2/modules/mod_asis.so

files/modules/auth_basic.load

@@ -0,0 +1,2 @@
+# Depends: authn_core
+LoadModule auth_basic_module /usr/lib/apache2/modules/mod_auth_basic.so

files/modules/auth_digest.load

@@ -0,0 +1,2 @@
+# Depends: authn_core
+LoadModule auth_digest_module /usr/lib/apache2/modules/mod_auth_digest.so

files/modules/auth_form.load

@@ -0,0 +1,2 @@
+# Depends: session authn_core
+LoadModule auth_form_module /usr/lib/apache2/modules/mod_auth_form.so

files/modules/authn_anon.load

@@ -0,0 +1 @@
+LoadModule authn_anon_module /usr/lib/apache2/modules/mod_authn_anon.so

files/modules/authn_core.load

@@ -0,0 +1 @@
+LoadModule authn_core_module /usr/lib/apache2/modules/mod_authn_core.so

files/modules/authn_dbd.load

@@ -0,0 +1,2 @@
+# Depends: dbd
+LoadModule authn_dbd_module /usr/lib/apache2/modules/mod_authn_dbd.so

files/modules/authn_dbm.load

@@ -0,0 +1 @@
+LoadModule authn_dbm_module /usr/lib/apache2/modules/mod_authn_dbm.so

files/modules/authn_file.load

@@ -0,0 +1 @@
+LoadModule authn_file_module /usr/lib/apache2/modules/mod_authn_file.so

files/modules/authn_socache.load

@@ -0,0 +1 @@
+LoadModule authn_socache_module /usr/lib/apache2/modules/mod_authn_socache.so

files/modules/authnz_fcgi.load

@@ -0,0 +1 @@
+LoadModule authnz_fcgi_module /usr/lib/apache2/modules/mod_authnz_fcgi.so

files/modules/authnz_ldap.load

@@ -0,0 +1,2 @@
+# Depends: ldap
+LoadModule authnz_ldap_module /usr/lib/apache2/modules/mod_authnz_ldap.so

files/modules/authz_core.load

@@ -0,0 +1 @@
+LoadModule authz_core_module /usr/lib/apache2/modules/mod_authz_core.so

files/modules/authz_dbd.load

@@ -0,0 +1,2 @@
+# Depends: dbd authz_core
+LoadModule authz_dbd_module /usr/lib/apache2/modules/mod_authz_dbd.so

files/modules/authz_dbm.load

@@ -0,0 +1,2 @@
+# Depends: authz_core
+LoadModule authz_dbm_module /usr/lib/apache2/modules/mod_authz_dbm.so

files/modules/authz_groupfile.load

@@ -0,0 +1,2 @@
+# Depends: authz_core
+LoadModule authz_groupfile_module /usr/lib/apache2/modules/mod_authz_groupfile.so

files/modules/authz_host.load

@@ -0,0 +1,2 @@
+# Depends: authz_core
+LoadModule authz_host_module /usr/lib/apache2/modules/mod_authz_host.so

files/modules/authz_owner.load

@@ -0,0 +1 @@
+LoadModule authz_owner_module /usr/lib/apache2/modules/mod_authz_owner.so

files/modules/authz_user.load

@@ -0,0 +1,2 @@
+# Depends: authz_core
+LoadModule authz_user_module /usr/lib/apache2/modules/mod_authz_user.so

files/modules/autoindex.conf

@@ -0,0 +1,96 @@
+<IfModule mod_autoindex.c>
+	# Directives controlling the display of server-generated directory listings.
+
+	#
+	# IndexOptions: Controls the appearance of server-generated directory
+	# listings.
+	# Remove/replace the "Charset=UTF-8" if you don't use UTF-8 for your filenames.
+	IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=* Charset=UTF-8
+
+	#
+	# AddIcon* directives tell the server which icon to show for different
+	# files or filename extensions.  These are only displayed for
+	# FancyIndexed directories.
+	AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip x-bzip2
+
+	AddIconByType (TXT,/icons/text.gif) text/*
+	AddIconByType (IMG,/icons/image2.gif) image/*
+	AddIconByType (SND,/icons/sound2.gif) audio/*
+	AddIconByType (VID,/icons/movie.gif) video/*
+
+	AddIcon /icons/binary.gif .bin .exe
+	AddIcon /icons/binhex.gif .hqx
+	AddIcon /icons/tar.gif .tar
+	AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
+	AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
+	AddIcon /icons/a.gif .ps .ai .eps
+	AddIcon /icons/layout.gif .html .shtml .htm .pdf
+	AddIcon /icons/text.gif .txt
+	AddIcon /icons/c.gif .c
+	AddIcon /icons/p.gif .pl .py
+	AddIcon /icons/f.gif .for
+	AddIcon /icons/dvi.gif .dvi
+	AddIcon /icons/uuencoded.gif .uu
+	AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
+	AddIcon /icons/tex.gif .tex
+	# It's a suffix rule, so simply matching "core" matches "score" as well !
+	AddIcon /icons/bomb.gif /core
+	AddIcon (SND,/icons/sound2.gif) .ogg
+	AddIcon (VID,/icons/movie.gif) .ogm
+
+	AddIcon /icons/back.gif ..
+	AddIcon /icons/hand.right.gif README
+	AddIcon /icons/folder.gif ^^DIRECTORY^^
+	AddIcon /icons/blank.gif ^^BLANKICON^^
+
+	# Default icons for OpenDocument format
+	AddIcon /icons/odf6odt-20x22.png .odt
+	AddIcon /icons/odf6ods-20x22.png .ods
+	AddIcon /icons/odf6odp-20x22.png .odp
+	AddIcon /icons/odf6odg-20x22.png .odg
+	AddIcon /icons/odf6odc-20x22.png .odc
+	AddIcon /icons/odf6odf-20x22.png .odf
+	AddIcon /icons/odf6odb-20x22.png .odb
+	AddIcon /icons/odf6odi-20x22.png .odi
+	AddIcon /icons/odf6odm-20x22.png .odm
+
+	AddIcon /icons/odf6ott-20x22.png .ott
+	AddIcon /icons/odf6ots-20x22.png .ots
+	AddIcon /icons/odf6otp-20x22.png .otp
+	AddIcon /icons/odf6otg-20x22.png .otg
+	AddIcon /icons/odf6otc-20x22.png .otc
+	AddIcon /icons/odf6otf-20x22.png .otf
+	AddIcon /icons/odf6oti-20x22.png .oti
+	AddIcon /icons/odf6oth-20x22.png .oth
+
+	#
+	# DefaultIcon is which icon to show for files which do not have an icon
+	# explicitly set.
+	DefaultIcon /icons/unknown.gif
+
+	#
+	# AddDescription allows you to place a short description after a file in
+	# server-generated indexes.  These are only displayed for FancyIndexed
+	# directories.
+	# Format: AddDescription "description" filename
+	#AddDescription "GZIP compressed document" .gz
+	#AddDescription "tar archive" .tar
+	#AddDescription "GZIP compressed tar archive" .tgz
+
+	#
+	# ReadmeName is the name of the README file the server will look for by
+	# default, and append to directory listings.
+	#
+	# HeaderName is the name of a file which should be prepended to
+	# directory indexes
+	ReadmeName README.html
+	HeaderName HEADER.html
+
+	#
+	# IndexIgnore is a set of filenames which directory indexing should ignore
+	# and not include in the listing.  Shell-style wildcarding is permitted.
+	IndexIgnore .??* *~ *# RCS CVS *,v *,t
+
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

files/modules/autoindex.load

@@ -0,0 +1 @@
+LoadModule autoindex_module /usr/lib/apache2/modules/mod_autoindex.so

files/modules/buffer.load

@@ -0,0 +1 @@
+LoadModule buffer_module /usr/lib/apache2/modules/mod_buffer.so

files/modules/cache.load

@@ -0,0 +1 @@
+LoadModule cache_module /usr/lib/apache2/modules/mod_cache.so

files/modules/cache_disk.conf

@@ -0,0 +1,27 @@
+<IfModule mod_cache_disk.c>
+
+	# cache cleaning is done by htcacheclean, which can be configured in
+	# /etc/default/apache2
+	#
+	# For further information, see the comments in that file,
+	# /usr/share/doc/apache2/README.Debian, and the htcacheclean(8)
+	# man page.
+
+	# This path must be the same as the one in /etc/default/apache2
+	CacheRoot /var/cache/apache2/mod_cache_disk
+
+	# This will also cache local documents. It usually makes more sense to
+	# put this into the configuration for just one virtual host.
+	#CacheEnable disk /
+
+
+    # The result of CacheDirLevels * CacheDirLength must not be higher than
+    # 20. Moreover, pay attention on file system limits. Some file systems
+    # do not support more than a certain number of inodes and
+    # subdirectories (e.g. 32000 for ext3)
+    CacheDirLevels 2
+    CacheDirLength 1
+
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

files/modules/cache_disk.load

@@ -0,0 +1,2 @@
+# Depends: cache
+LoadModule cache_disk_module /usr/lib/apache2/modules/mod_cache_disk.so

files/modules/cache_socache.load

@@ -0,0 +1,2 @@
+# Depends: cache
+LoadModule cache_socache_module /usr/lib/apache2/modules/mod_cache_socache.so

files/modules/cgi.load

@@ -0,0 +1 @@
+LoadModule cgi_module /usr/lib/apache2/modules/mod_cgi.so

files/modules/cgid.conf

@@ -0,0 +1,4 @@
+# Socket for cgid communication
+ScriptSock ${APACHE_RUN_DIR}/cgisock
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

files/modules/cgid.load

@@ -0,0 +1 @@
+LoadModule cgid_module /usr/lib/apache2/modules/mod_cgid.so

files/modules/charset_lite.load

@@ -0,0 +1 @@
+LoadModule charset_lite_module /usr/lib/apache2/modules/mod_charset_lite.so

files/modules/data.load

@@ -0,0 +1 @@
+LoadModule data_module /usr/lib/apache2/modules/mod_data.so

files/modules/dav.load

@@ -0,0 +1 @@
+LoadModule dav_module /usr/lib/apache2/modules/mod_dav.so

files/modules/dav_fs.conf

@@ -0,0 +1,3 @@
+DAVLockDB ${APACHE_LOCK_DIR}/DAVLock
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

files/modules/dav_fs.load

@@ -0,0 +1,2 @@
+# Depends: dav
+LoadModule dav_fs_module /usr/lib/apache2/modules/mod_dav_fs.so

files/modules/dav_lock.load

@@ -0,0 +1 @@
+LoadModule dav_lock_module /usr/lib/apache2/modules/mod_dav_lock.so

files/modules/dbd.load

@@ -0,0 +1 @@
+LoadModule dbd_module /usr/lib/apache2/modules/mod_dbd.so

files/modules/deflate.conf

@@ -0,0 +1,14 @@
+<IfModule mod_deflate.c>
+	<IfModule mod_filter.c>
+		# these are known to be safe with MSIE 6
+		AddOutputFilterByType DEFLATE text/html text/plain text/xml
+
+		# everything else may cause problems with MSIE 6
+		AddOutputFilterByType DEFLATE text/css
+		AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript
+		AddOutputFilterByType DEFLATE application/rss+xml
+		AddOutputFilterByType DEFLATE application/xml
+	</IfModule>
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

files/modules/deflate.load

@@ -0,0 +1,2 @@
+# Depends: filter
+LoadModule deflate_module /usr/lib/apache2/modules/mod_deflate.so

files/modules/dialup.load

@@ -0,0 +1 @@
+LoadModule dialup_module /usr/lib/apache2/modules/mod_dialup.so

files/modules/dir.conf

@@ -0,0 +1,5 @@
+<IfModule mod_dir.c>
+	DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

files/modules/dir.load

@@ -0,0 +1 @@
+LoadModule dir_module /usr/lib/apache2/modules/mod_dir.so

files/modules/dump_io.load

@@ -0,0 +1 @@
+LoadModule dumpio_module /usr/lib/apache2/modules/mod_dumpio.so

files/modules/echo.load

@@ -0,0 +1 @@
+LoadModule echo_module /usr/lib/apache2/modules/mod_echo.so

files/modules/env.load

@@ -0,0 +1 @@
+LoadModule env_module /usr/lib/apache2/modules/mod_env.so

files/modules/expires.load

@@ -0,0 +1 @@
+LoadModule expires_module /usr/lib/apache2/modules/mod_expires.so

files/modules/ext_filter.load

@@ -0,0 +1 @@
+LoadModule ext_filter_module /usr/lib/apache2/modules/mod_ext_filter.so

files/modules/file_cache.load

@@ -0,0 +1,2 @@
+# Depends: cache
+LoadModule file_cache_module /usr/lib/apache2/modules/mod_file_cache.so

files/modules/filter.load

@@ -0,0 +1 @@
+LoadModule filter_module /usr/lib/apache2/modules/mod_filter.so

files/modules/headers.load

@@ -0,0 +1 @@
+LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so

files/modules/heartbeat.load

@@ -0,0 +1,3 @@
+# This module depends on mod_watchdog to be loaded before. In Debian, this
+# module is statically linked.
+LoadModule heartbeat_module /usr/lib/apache2/modules/mod_heartbeat.so

files/modules/heartmonitor.load

@@ -0,0 +1,3 @@
+# This module depends on mod_watchdog to be loaded before. In Debian, this
+# module is statically linked.
+LoadModule heartmonitor_module /usr/lib/apache2/modules/mod_heartmonitor.so

files/modules/ident.load

@@ -0,0 +1 @@
+LoadModule ident_module /usr/lib/apache2/modules/mod_ident.so

files/modules/include.load

@@ -0,0 +1,2 @@
+# Depends: mime
+LoadModule include_module /usr/lib/apache2/modules/mod_include.so

files/modules/info.conf

@@ -0,0 +1,15 @@
+<IfModule mod_info.c>
+
+	# Allow remote server configuration reports, with the URL of
+	#  http://servername/server-info (requires that mod_info.c be loaded).
+	# Uncomment and change the "192.0.2.0/24" to allow access from other hosts.
+	#
+	<Location /server-info>
+		SetHandler server-info
+		Require local
+		#Require ip 192.0.2.0/24
+	</Location>
+
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

files/modules/info.load

@@ -0,0 +1 @@
+LoadModule info_module /usr/lib/apache2/modules/mod_info.so

files/modules/lbmethod_bybusyness.load

@@ -0,0 +1,2 @@
+# Depends: proxy_balancer
+LoadModule lbmethod_bybusyness_module /usr/lib/apache2/modules/mod_lbmethod_bybusyness.so

files/modules/lbmethod_byrequests.load

@@ -0,0 +1,2 @@
+# Depends: proxy_balancer
+LoadModule lbmethod_byrequests_module /usr/lib/apache2/modules/mod_lbmethod_byrequests.so

files/modules/lbmethod_bytraffic.load

@@ -0,0 +1,2 @@
+# Depends: proxy_balancer
+LoadModule lbmethod_bytraffic_module /usr/lib/apache2/modules/mod_lbmethod_bytraffic.so

files/modules/lbmethod_heartbeat.load

@@ -0,0 +1,2 @@
+# Depends: proxy_balancer
+LoadModule lbmethod_heartbeat_module /usr/lib/apache2/modules/mod_lbmethod_heartbeat.so

files/modules/ldap.conf

@@ -0,0 +1,6 @@
+<Location /ldap-status>
+	SetHandler ldap-status
+	Require local
+</Location>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

files/modules/ldap.load

@@ -0,0 +1 @@
+LoadModule ldap_module /usr/lib/apache2/modules/mod_ldap.so

files/modules/log_debug.load

@@ -0,0 +1 @@
+LoadModule log_debug_module /usr/lib/apache2/modules/mod_log_debug.so

files/modules/log_forensic.load

@@ -0,0 +1 @@
+LoadModule log_forensic_module /usr/lib/apache2/modules/mod_log_forensic.so

files/modules/lua.load

@@ -0,0 +1 @@
+LoadModule lua_module /usr/lib/apache2/modules/mod_lua.so

files/modules/macro.load

@@ -0,0 +1 @@
+LoadModule macro_module /usr/lib/apache2/modules/mod_macro.so

files/modules/mime.conf

@@ -0,0 +1,249 @@
+<IfModule mod_mime.c>
+
+	#
+	# TypesConfig points to the file containing the list of mappings from
+	# filename extension to MIME-type.
+	#
+	TypesConfig /etc/mime.types
+
+	#
+	# AddType allows you to add to or override the MIME configuration
+	# file mime.types for specific file types.
+	#
+	#AddType application/x-gzip .tgz
+	#
+	# AddEncoding allows you to have certain browsers uncompress
+	# information on the fly. Note: Not all browsers support this.
+	# Despite the name similarity, the following Add* directives have
+	# nothing to do with the FancyIndexing customization directives above.
+	#
+	#AddEncoding x-compress .Z
+	#AddEncoding x-gzip .gz .tgz
+	#AddEncoding x-bzip2 .bz2
+	#
+	# If the AddEncoding directives above are commented-out, then you
+	# probably should define those extensions to indicate media types:
+	#
+	AddType application/x-compress .Z
+	AddType application/x-gzip .gz .tgz
+	AddType application/x-bzip2 .bz2
+
+	#
+	# DefaultLanguage and AddLanguage allows you to specify the language of 
+	# a document. You can then use content negotiation to give a browser a 
+	# file in a language the user can understand.
+	#
+	# Specify a default language. This means that all data
+	# going out without a specific language tag (see below) will 
+	# be marked with this one. You probably do NOT want to set
+	# this unless you are sure it is correct for all cases.
+	#
+	# * It is generally better to not mark a page as 
+	# * being a certain language than marking it with the wrong
+	# * language!
+	#
+	# DefaultLanguage nl
+	#
+	# Note 1: The suffix does not have to be the same as the language
+	# keyword --- those with documents in Polish (whose net-standard
+	# language code is pl) may wish to use "AddLanguage pl .po" to
+	# avoid the ambiguity with the common suffix for perl scripts.
+	#
+	# Note 2: The example entries below illustrate that in some cases 
+	# the two character 'Language' abbreviation is not identical to 
+	# the two character 'Country' code for its country,
+	# E.g. 'Danmark/dk' versus 'Danish/da'.
+	#
+	# Note 3: In the case of 'ltz' we violate the RFC by using a three char
+	# specifier. There is 'work in progress' to fix this and get
+	# the reference data for rfc1766 cleaned up.
+	#
+	# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
+	# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
+	# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
+	# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
+	# Norwegian (no) - Polish (pl) - Portugese (pt)
+	# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
+	# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
+	#
+	AddLanguage am .amh
+	AddLanguage ar .ara
+	AddLanguage be .be
+	AddLanguage bg .bg
+	AddLanguage bn .bn
+	AddLanguage br .br
+	AddLanguage bs .bs
+	AddLanguage ca .ca
+	AddLanguage cs .cz .cs
+	AddLanguage cy .cy
+	AddLanguage da .dk
+	AddLanguage de .de
+	AddLanguage dz .dz
+	AddLanguage el .el
+	AddLanguage en .en
+	AddLanguage eo .eo
+	# es is ecmascript in /etc/mime.types
+	RemoveType  es
+	AddLanguage es .es
+	AddLanguage et .et
+	AddLanguage eu .eu
+	AddLanguage fa .fa
+	AddLanguage fi .fi
+	AddLanguage fr .fr
+	AddLanguage ga .ga
+	AddLanguage gl .glg
+	AddLanguage gu .gu
+	AddLanguage he .he
+	AddLanguage hi .hi
+	AddLanguage hr .hr
+	AddLanguage hu .hu
+	AddLanguage hy .hy
+	AddLanguage id .id
+	AddLanguage is .is
+	AddLanguage it .it
+	AddLanguage ja .ja
+	AddLanguage ka .ka
+	AddLanguage kk .kk
+	AddLanguage km .km
+	AddLanguage kn .kn
+	AddLanguage ko .ko
+	AddLanguage ku .ku
+	AddLanguage lo .lo
+	AddLanguage lt .lt
+	AddLanguage ltz .ltz
+	AddLanguage lv .lv
+	AddLanguage mg .mg
+	AddLanguage mk .mk
+	AddLanguage ml .ml
+	AddLanguage mr .mr
+	AddLanguage ms .msa
+	AddLanguage nb .nob
+	AddLanguage ne .ne
+	AddLanguage nl .nl
+	AddLanguage nn .nn
+	AddLanguage no .no
+	AddLanguage pa .pa
+	AddLanguage pl .po
+	AddLanguage pt-BR .pt-br
+	AddLanguage pt .pt
+	AddLanguage ro .ro
+	AddLanguage ru .ru
+	AddLanguage sa .sa
+	AddLanguage se .se
+	AddLanguage si .si
+	AddLanguage sk .sk
+	AddLanguage sl .sl
+	AddLanguage sq .sq
+	AddLanguage sr .sr
+	AddLanguage sv .sv
+	AddLanguage ta .ta
+	AddLanguage te .te
+	AddLanguage th .th
+	AddLanguage tl .tl
+	RemoveType  tr
+	# tr is troff in /etc/mime.types
+	AddLanguage tr .tr
+	AddLanguage uk .uk
+	AddLanguage ur .ur
+	AddLanguage vi .vi
+	AddLanguage wo .wo
+	AddLanguage xh .xh
+	AddLanguage zh-CN .zh-cn
+	AddLanguage zh-TW .zh-tw
+
+	#
+	# Commonly used filename extensions to character sets. You probably
+	# want to avoid clashes with the language extensions, unless you
+	# are good at carefully testing your setup after each change.
+	# See http://www.iana.org/assignments/character-sets for the
+	# official list of charset names and their respective RFCs.
+	#
+	AddCharset us-ascii	.ascii .us-ascii
+	AddCharset ISO-8859-1  .iso8859-1  .latin1
+	AddCharset ISO-8859-2  .iso8859-2  .latin2 .cen
+	AddCharset ISO-8859-3  .iso8859-3  .latin3
+	AddCharset ISO-8859-4  .iso8859-4  .latin4
+	AddCharset ISO-8859-5  .iso8859-5  .cyr .iso-ru
+	AddCharset ISO-8859-6  .iso8859-6  .arb .arabic
+	AddCharset ISO-8859-7  .iso8859-7  .grk .greek
+	AddCharset ISO-8859-8  .iso8859-8  .heb .hebrew
+	AddCharset ISO-8859-9  .iso8859-9  .latin5 .trk
+	AddCharset ISO-8859-10  .iso8859-10  .latin6
+	AddCharset ISO-8859-13  .iso8859-13
+	AddCharset ISO-8859-14  .iso8859-14  .latin8
+	AddCharset ISO-8859-15  .iso8859-15  .latin9
+	AddCharset ISO-8859-16  .iso8859-16  .latin10
+	AddCharset ISO-2022-JP .iso2022-jp .jis
+	AddCharset ISO-2022-KR .iso2022-kr .kis
+	AddCharset ISO-2022-CN .iso2022-cn .cis
+	AddCharset Big5		.Big5	   .big5 .b5
+	AddCharset cn-Big5	 .cn-big5
+	# For russian, more than one charset is used (depends on client, mostly):
+	AddCharset WINDOWS-1251 .cp-1251   .win-1251
+	AddCharset CP866	   .cp866
+	AddCharset KOI8	  .koi8
+	AddCharset KOI8-E	  .koi8-e
+	AddCharset KOI8-r	  .koi8-r .koi8-ru
+	AddCharset KOI8-U	  .koi8-u
+	AddCharset KOI8-ru	 .koi8-uk .ua
+	AddCharset ISO-10646-UCS-2 .ucs2
+	AddCharset ISO-10646-UCS-4 .ucs4
+	AddCharset UTF-7	   .utf7
+	AddCharset UTF-8	   .utf8
+	AddCharset UTF-16	  .utf16
+	AddCharset UTF-16BE	.utf16be
+	AddCharset UTF-16LE	.utf16le
+	AddCharset UTF-32	  .utf32
+	AddCharset UTF-32BE	.utf32be
+	AddCharset UTF-32LE	.utf32le
+	AddCharset euc-cn	  .euc-cn
+	AddCharset euc-gb	  .euc-gb
+	AddCharset euc-jp	  .euc-jp
+	AddCharset euc-kr	  .euc-kr
+	#Not sure how euc-tw got in - IANA doesn't list it???
+	AddCharset EUC-TW	  .euc-tw
+	AddCharset gb2312	  .gb2312 .gb
+	AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2
+	AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4
+	AddCharset shift_jis   .shift_jis .sjis
+	AddCharset BRF		 .brf
+
+	#
+	# AddHandler allows you to map certain file extensions to "handlers":
+	# actions unrelated to filetype. These can be either built into the server
+	# or added with the Action directive (see below)
+	#
+	# To use CGI scripts outside of ScriptAliased directories:
+	# (You will also need to add "ExecCGI" to the "Options" directive.)
+	#
+	#AddHandler cgi-script .cgi
+
+	#
+	# For files that include their own HTTP headers:
+	#
+	#AddHandler send-as-is asis
+
+	#
+	# For server-parsed imagemap files:
+	#
+	#AddHandler imap-file map
+
+	#
+	# For type maps (negotiated resources):
+	# (This is enabled by default to allow the Apache "It Worked" page
+	#  to be distributed in multiple languages.)
+	#
+	AddHandler type-map var
+
+	#
+	# Filters allow you to process content before it is sent to the client.
+	#
+	# To parse .shtml files for server-side includes (SSI):
+	# (You will also need to add "Includes" to the "Options" directive.)
+	#
+	AddType text/html .shtml
+	AddOutputFilter INCLUDES .shtml
+
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

files/modules/mime.load

@@ -0,0 +1 @@
+LoadModule mime_module /usr/lib/apache2/modules/mod_mime.so

files/modules/mime_magic.conf

@@ -0,0 +1,5 @@
+<IfModule mod_mime_magic.c>
+	MIMEMagicFile /etc/apache2/magic
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

files/modules/mime_magic.load

@@ -0,0 +1 @@
+LoadModule mime_magic_module /usr/lib/apache2/modules/mod_mime_magic.so

files/modules/mod_ssl.load

@@ -0,0 +1 @@
+LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so

files/modules/mpm_event.conf

@@ -0,0 +1,18 @@
+# event MPM
+# StartServers: initial number of server processes to start
+# MinSpareThreads: minimum number of worker threads which are kept spare
+# MaxSpareThreads: maximum number of worker threads which are kept spare
+# ThreadsPerChild: constant number of worker threads in each server process
+# MaxRequestWorkers: maximum number of worker threads
+# MaxConnectionsPerChild: maximum number of requests a server process serves
+<IfModule mpm_event_module>
+	StartServers			 2
+	MinSpareThreads		 25
+	MaxSpareThreads		 75
+	ThreadLimit			 64
+	ThreadsPerChild		 25
+	MaxRequestWorkers	  150
+	MaxConnectionsPerChild   0
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

files/modules/mpm_event.load

@@ -0,0 +1,2 @@
+# Conflicts: mpm_worker mpm_prefork
+LoadModule mpm_event_module /usr/lib/apache2/modules/mod_mpm_event.so

files/modules/mpm_prefork.conf

@@ -0,0 +1,16 @@
+# prefork MPM
+# StartServers: number of server processes to start
+# MinSpareServers: minimum number of server processes which are kept spare
+# MaxSpareServers: maximum number of server processes which are kept spare
+# MaxRequestWorkers: maximum number of server processes allowed to start
+# MaxConnectionsPerChild: maximum number of requests a server process serves
+
+<IfModule mpm_prefork_module>
+	StartServers			 5
+	MinSpareServers		  5
+	MaxSpareServers		 10
+	MaxRequestWorkers	  150
+	MaxConnectionsPerChild   0
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

files/modules/mpm_prefork.load

@@ -0,0 +1,2 @@
+# Conflicts: mpm_event mpm_worker
+LoadModule mpm_prefork_module /usr/lib/apache2/modules/mod_mpm_prefork.so

files/modules/mpm_worker.conf

@@ -0,0 +1,22 @@
+# worker MPM
+# StartServers: initial number of server processes to start
+# MinSpareThreads: minimum number of worker threads which are kept spare
+# MaxSpareThreads: maximum number of worker threads which are kept spare
+# ThreadLimit: ThreadsPerChild can be changed to this maximum value during a
+#			  graceful restart. ThreadLimit can only be changed by stopping
+#			  and starting Apache.
+# ThreadsPerChild: constant number of worker threads in each server process
+# MaxRequestWorkers: maximum number of threads
+# MaxConnectionsPerChild: maximum number of requests a server process serves
+
+<IfModule mpm_worker_module>
+	StartServers			 2
+	MinSpareThreads		 25
+	MaxSpareThreads		 75
+	ThreadLimit			 64
+	ThreadsPerChild		 25
+	MaxRequestWorkers	  150
+	MaxConnectionsPerChild   0
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

files/modules/mpm_worker.load

@@ -0,0 +1,2 @@
+# Conflicts: mpm_event mpm_prefork
+LoadModule mpm_worker_module /usr/lib/apache2/modules/mod_mpm_worker.so

files/modules/negotiation.conf

@@ -0,0 +1,20 @@
+<IfModule mod_negotiation.c>
+
+	# LanguagePriority allows you to give precedence to some languages
+	# in case of a tie during content negotiation.
+	#
+	# Just list the languages in decreasing order of preference. We have
+	# more or less alphabetized them here. You probably want to change this.
+	#
+	LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW
+
+	#
+	# ForceLanguagePriority allows you to serve a result page rather than
+	# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
+	# [in case no accepted languages matched the available variants]
+	#
+	ForceLanguagePriority Prefer Fallback
+
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

files/modules/negotiation.load

@@ -0,0 +1 @@
+LoadModule negotiation_module /usr/lib/apache2/modules/mod_negotiation.so

files/modules/ports.conf

@@ -0,0 +1,15 @@
+# have to change the VirtualHost statement in
+# /etc/apache2/sites-enabled/000-default.conf
+
+Listen 8080
+
+<IfModule ssl_module>
+        Listen 443
+</IfModule>
+
+<IfModule mod_gnutls.c>
+        Listen 443
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+

files/modules/proxy.conf

@@ -0,0 +1,27 @@
+<IfModule mod_proxy.c>
+
+	# If you want to use apache2 as a forward proxy, uncomment the
+	# 'ProxyRequests On' line and the <Proxy *> block below.
+	# WARNING: Be careful to restrict access inside the <Proxy *> block.
+	# Open proxy servers are dangerous both to your network and to the
+	# Internet at large.
+	#
+	# If you only want to use apache2 as a reverse proxy/gateway in
+	# front of some web application server, you DON'T need
+	# 'ProxyRequests On'.
+
+	#ProxyRequests On
+	#<Proxy *>
+	#   AddDefaultCharset off
+	#   Require all denied
+	#   #Require local
+	#</Proxy>
+
+	# Enable/disable the handling of HTTP/1.1 "Via:" headers.
+	# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
+	# Set to one of: Off | On | Full | Block
+	#ProxyVia Off
+
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

files/modules/proxy.load

@@ -0,0 +1 @@
+LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so

files/modules/proxy_ajp.load

@@ -0,0 +1,2 @@
+# Depends: proxy
+LoadModule proxy_ajp_module /usr/lib/apache2/modules/mod_proxy_ajp.so

files/modules/proxy_balancer.conf

@@ -0,0 +1,15 @@
+<IfModule mod_proxy_balancer.c>
+
+	# Balancer manager enables dynamic update of balancer members
+	# (needs mod_status). Uncomment to enable.
+	#
+	#<IfModule mod_status.c>
+	#   <Location /balancer-manager>
+	#	   SetHandler balancer-manager
+	#	   Require local
+	#   </Location>
+	#</IfModule>
+
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet