1 |
# Hydra v0.0.2 configuration file |
2 |
# File format has is similar but no identical to the format of Boa v0.94 |
3 |
# version changes are noted in the comments |
4 |
# |
5 |
# The Hydra configuration file is parsed with a lex/yacc or flex/bison |
6 |
# generated parser. If it reports an error, the line number will be |
7 |
# provided; it should be easy to spot. The syntax of each of these |
8 |
# rules is very simple, and they can occur in any order. Where possible |
9 |
# these directives mimic those of NCSA httpd 1.3; I saw no reason to |
10 |
# introduce gratuitous differences. |
11 |
|
12 |
# $Id: hydra.conf,v 1.21 2003/01/22 07:51:49 nmav Exp $ |
13 |
|
14 |
# ServerRoot: The directory the .html (and related) files are placed. |
15 |
ServerRoot /var/www |
16 |
|
17 |
# number of threads to spawn |
18 |
# One thread might be ok for a single CPU system, but in some systems, |
19 |
# performance may be increased by using a pool of 4-5 threads. |
20 |
Threads 4 |
21 |
|
22 |
# Maximum number of concurent connections. If connections arrive after |
23 |
# the given limit has been reached, then they will not be served, until |
24 |
# some established connections close. If you do not set it, or set it to |
25 |
# 0, then the default behaviour takes effect, which is to try to serve |
26 |
# as much connections as possible (depends on system limits). |
27 |
#MaxConnections 0 |
28 |
#MaxSSLConnections 0 |
29 |
|
30 |
# Port: The port Hydra runs on. The default port for http servers is 80. |
31 |
# If it is less than 1024, the server must be started as root. |
32 |
|
33 |
Port 80 |
34 |
|
35 |
# Listen: the Internet address to bind(2) to. If you leave it out, |
36 |
# it takes the behavior before 0.93.17.2, which is to bind to all |
37 |
# addresses (INADDR_ANY). You only get one "Listen" directive, |
38 |
# if you want service on multiple IP addresses, you have three choices: |
39 |
# 1. Run hydra without a "Listen" directive |
40 |
# a. All addresses are treated the same; makes sense if the addresses |
41 |
# are localhost, ppp, and eth0. |
42 |
# b. Use the VirtualHost directive below to point requests to different |
43 |
# files. Should be good for a very large number of addresses (web |
44 |
# hosting clients). |
45 |
# 2. Run one copy of hydra per IP address, each has its own configuration |
46 |
# with a "Listen" directive. No big deal up to a few tens of addresses. |
47 |
# Nice separation between clients. |
48 |
# The name you provide gets run through inet_aton(3), so you have to use dotted |
49 |
# quad notation. This configuration is too important to trust some DNS. |
50 |
|
51 |
#Listen 192.68.0.5 |
52 |
|
53 |
# User: The name or UID the server should run as. |
54 |
# Group: The group name or GID the server should run as. |
55 |
|
56 |
User nobody |
57 |
Group nogroup |
58 |
|
59 |
# ServerAdmin: The email address where server problems should be sent. |
60 |
# Note: this is not currently used, except as an environment variable |
61 |
# for CGIs. |
62 |
|
63 |
#ServerAdmin root@localhost |
64 |
|
65 |
# PidFile: where to put the pid of the process. |
66 |
# Comment out to write no pid file. |
67 |
# Note: Because Boa drops priviledges at startup, and the |
68 |
# pid file is written by the UID/GID before doing so, Boa |
69 |
# does not attempt removal of the pid file. |
70 |
# PidFile /var/run/hydra.pid |
71 |
|
72 |
# ErrorLog: The location of the error log file. If this does not start |
73 |
# with /, it is considered relative to the server root. |
74 |
# Set to /dev/null if you don't want errors logged. |
75 |
# If unset, defaults to /dev/stderr |
76 |
|
77 |
ErrorLog /var/log/hydra/error_log |
78 |
# Please NOTE: Sending the logs to a pipe ('|'), as shown below, |
79 |
# is somewhat experimental and might fail under heavy load. |
80 |
# "Usual libc implementations of printf will stall the whole |
81 |
# process if the receiving end of a pipe stops reading." |
82 |
#ErrorLog "|/usr/sbin/cronolog --symlink=/var/log/hydra/error_log /var/log/hydra/error-%Y%m%d.log" |
83 |
|
84 |
# AccessLog: The location of the access log file. If this does not |
85 |
# start with /, it is considered relative to the server root. |
86 |
# Comment out or set to /dev/null (less effective) to disable |
87 |
# Access logging. |
88 |
|
89 |
AccessLog /var/log/hydra/access_log |
90 |
# Please NOTE: Sending the logs to a pipe ('|'), as shown below, |
91 |
# is somewhat experimental and might fail under heavy load. |
92 |
# "Usual libc implementations of printf will stall the whole |
93 |
# process if the receiving end of a pipe stops reading." |
94 |
#AccessLog "|/usr/sbin/cronolog --symlink=/var/log/hydra/access_log /var/log/hydra/access-%Y%m%d.log" |
95 |
|
96 |
# CGILog /var/log/hydra/cgi_log |
97 |
# CGILog: The location of the CGI stderr log file. If this does not |
98 |
# start with /, it is considered relative to the server root. |
99 |
# The log file would contain any contents send to /dev/stderr |
100 |
# by the CGI. If this is commented out, it defaults to whatever |
101 |
# ErrorLog points. Set to /dev/null to disable CGI stderr logging. |
102 |
# Please NOTE: Sending the logs to a pipe ('|'), as shown below, |
103 |
# is somewhat experimental and might fail under heavy load. |
104 |
# "Usual libc implementations of printf will stall the whole |
105 |
# process if the receiving end of a pipe stops reading." |
106 |
#CGILog "|/usr/sbin/cronolog --symlink=/var/log/hydra/cgi_log /var/log/hydra/cgi-%Y%m%d.log" |
107 |
|
108 |
# CGIumask 027 (no mask for user, read-only for group, and nothing for user) |
109 |
# CGIumask 027 |
110 |
# The CGIumask is set immediately before execution of the CGI. |
111 |
|
112 |
# UseLocaltime: Logical switch. Uncomment to use localtime |
113 |
# instead of UTC time |
114 |
#UseLocaltime |
115 |
|
116 |
# VerboseCGILogs: this is just a logical switch. |
117 |
# It simply notes the start and stop times of cgis in the error log |
118 |
# Comment out to disable. |
119 |
|
120 |
#VerboseCGILogs |
121 |
|
122 |
# ServerName: the name of this server that should be sent back to |
123 |
# clients if different than that returned by gethostname + gethostbyname |
124 |
|
125 |
#ServerName www.your.org.here |
126 |
|
127 |
# VirtualHost: Setup any virtual hosts (host based) |
128 |
# Comment out to disable. |
129 |
# It needs to specify the HostName, the IP (use '*' if all), |
130 |
# the DocumentRoot and the UserDir (if any). |
131 |
# UserDir is the name of the directory which is appended onto a user's home |
132 |
# directory if a ~user request is received. |
133 |
# |
134 |
# Example: |
135 |
# VirtualHost www.dot.com * /var/www public_html |
136 |
# VirtualHost www.dot.com 127.0.0.1 /var/www "" |
137 |
# |
138 |
|
139 |
#VirtualHost www.dot.com * /var/www "" |
140 |
|
141 |
# DocumentRoot: The root directory of the HTML documents. |
142 |
# Comment out to disable server non user files. |
143 |
# |
144 |
# Note that if VirtualHost is enabled, this will be the fallback |
145 |
# for the clients that did not supply any host. |
146 |
|
147 |
DocumentRoot /var/www |
148 |
|
149 |
# DirectoryIndex: Name of the file to use as a pre-written HTML |
150 |
# directory index. Please MAKE AND USE THESE FILES. On the |
151 |
# fly creation of directory indexes can be _slow_. |
152 |
# You can use more than one directory index by adding this |
153 |
# directive several times. |
154 |
# Comment out to always use DirectoryMaker |
155 |
|
156 |
DirectoryIndex index.html |
157 |
|
158 |
# DirectoryMaker: Name of program used to create a directory listing. |
159 |
# Comment out to disable directory listings. If both this and |
160 |
# DirectoryIndex are commented out, accessing a directory will give |
161 |
# an error (though accessing files in the directory are still ok). |
162 |
|
163 |
DirectoryMaker /usr/lib/hydra/boa_indexer |
164 |
|
165 |
# DirectoryCache: If DirectoryIndex doesn't exist, and DirectoryMaker |
166 |
# has been commented out, the the on-the-fly indexing of Hydra can be used |
167 |
# to generate indexes of directories. Be warned that the output is |
168 |
# extremely minimal and can cause delays when slow disks are used. |
169 |
# Note: The DirectoryCache must be writable by the same user/group that |
170 |
# Hydra runs as. |
171 |
|
172 |
# DirectoryCache /var/spool/hydra/dircache |
173 |
|
174 |
# MaxFilesCache: Number of files to keep in file cache memory |
175 |
# Set to 0 to disable file caching. |
176 |
|
177 |
MaxFilesCache 256 |
178 |
|
179 |
# MaxFileSizeCache: The maximum size that a file should have in order to |
180 |
# be added to the file cache. |
181 |
# Comment out, to use the default value. |
182 |
|
183 |
MaxFileSizeCache 131072 |
184 |
|
185 |
# KeepAliveMax: Number of KeepAlive requests to allow per connection |
186 |
# Comment out, or set to 0 to disable keepalive processing |
187 |
|
188 |
KeepAliveMax 1000 |
189 |
|
190 |
# KeepAliveTimeout: seconds to wait before keepalive connection times out |
191 |
|
192 |
KeepAliveTimeout 10 |
193 |
|
194 |
# MimeTypes: This is the file that is used to generate mime type pairs |
195 |
# and Content-Type fields for hydra. |
196 |
# Set to /dev/null if you do not want to load a mime types file. |
197 |
# Do *not* comment out (better use AddType!) |
198 |
|
199 |
MimeTypes /etc/mime.types |
200 |
|
201 |
# DefaultType: MIME type used if the file extension is unknown, or there |
202 |
# is no file extension. |
203 |
|
204 |
DefaultType text/plain |
205 |
|
206 |
# DefaultCharset: The default character set used in text MIME types. |
207 |
|
208 |
DefaultCharset ISO-8859-1 |
209 |
|
210 |
# CGIPath: The value of the $PATH environment variable given to CGI progs. |
211 |
|
212 |
CGIPath /bin:/usr/bin:/usr/local/bin |
213 |
|
214 |
# SinglePostLimit: The maximum allowable number of bytes in |
215 |
# a single POST. Default is normally 1MB. |
216 |
|
217 |
# AddType: adds types without editing mime.types |
218 |
# Example: AddType type extension [extension ...] |
219 |
|
220 |
# Uncomment the next line if you want .cgi files to execute from anywhere |
221 |
#AddType application/x-httpd-cgi cgi |
222 |
|
223 |
|
224 |
# Uncomment the following lines if you want .php files to execute from |
225 |
# anywhere, using the HIC (internally handled CGI). This is much faster |
226 |
# than CGIs, since it is handled internally by the server (no fork). |
227 |
|
228 |
# Use this if you have enabled HIC support, and you have compiled |
229 |
# PHP as a Hydra (HIC) module. |
230 |
#HICModule /usr/lib/libphp4.so "_php" "application/x-httpd-php" |
231 |
|
232 |
|
233 |
# Use this if you want CGIs to execute from anywhere, using the CGIAction. |
234 |
# This will not try to execute the given scripts, but will associate the |
235 |
# content type with the given executable. |
236 |
#CGIAction "/usr/bin/php4" "application/x-httpd-php" |
237 |
|
238 |
|
239 |
# You may also need these: |
240 |
#AddType application/x-httpd-php php |
241 |
#AddType application/x-httpd-php phtml |
242 |
|
243 |
# number of HIC threads to spawn |
244 |
# A HIC thread handles requests one after the other. Having several HIC threads |
245 |
# increases performance in servers that serve a lot of dynamic content. |
246 |
HICThreads 3 |
247 |
|
248 |
# Redirect, Alias, and ScriptAlias all have the same semantics -- they |
249 |
# match the beginning of a request and take appropriate action. Use |
250 |
# Redirect for other servers, Alias for the same server, and ScriptAlias |
251 |
# to enable directories for script execution. |
252 |
|
253 |
# The first argument of Redirect and friends is the virtual server hostname, |
254 |
# and the directive only applies to the given virtual server. If the directive |
255 |
# equals "" then the default server is assumed. |
256 |
|
257 |
# Redirect allows you to tell clients about documents which used to exist in |
258 |
# your server's namespace, but do not anymore. This allows you to tell the |
259 |
# clients where to look for the relocated document. |
260 |
# Example: Redirect www.ourhost.com /bar http://elsewhere/feh/bar |
261 |
|
262 |
# Aliases: Aliases one path to another. |
263 |
# Example: Alias www.ourhost.com /path1/bar /absolute/path2/foo |
264 |
|
265 |
#Alias www.localhost.com /doc /usr/doc |
266 |
|
267 |
# ScriptAlias: Maps a virtual path to a directory for serving scripts |
268 |
# Example: ScriptAlias www.ourhost.com /htbin/ /www/htbin/ |
269 |
|
270 |
#ScriptAlias www.localhost.com /cgi-bin/ /usr/lib/cgi-bin/ |
271 |
|
272 |
# An interval, that hydra will be entered in maintenance mode. This |
273 |
# includes an SSL parameter regeneration, and closing of unused |
274 |
# open files. This does not involve any downtime. Set to 0 to disable. |
275 |
MaintenanceInterval 172800 #two days |
276 |
|
277 |
# Access Control lists per virtual host |
278 |
# These two directives (Allow/Deny), allow you to specify file |
279 |
# patterns that will be denied or allowed access. The first argument |
280 |
# of these directives is a virtual host. |
281 |
|
282 |
# deny all files that start with a dot in the default host |
283 |
#Deny "" */.* |
284 |
|
285 |
# deny all the files that finish with '.inc' in www.localhost.com virtual |
286 |
# host, but allow access to the public.inc. |
287 |
#Deny "www.localhost.com" */*.inc |
288 |
#Allow "www.localhost.com" */public.inc |
289 |
|
290 |
# non zero enables SSL support |
291 |
# 0: no SSL support |
292 |
# 1: only SSL support |
293 |
# 2: both SSL and non SSL ports |
294 |
SSL 0 |
295 |
|
296 |
# The port where the SSL server will listen on |
297 |
SSLPort 4443 |
298 |
|
299 |
# read the certificate from |
300 |
SSLCertificate cert.pem |
301 |
|
302 |
# read the private key from |
303 |
SSLKey key.pem |
304 |
|
305 |
# read the trusted CA list from |
306 |
SSLCAList ca.pem |
307 |
|
308 |
# Whether to verify client. Use 0, or comment out to disable. |
309 |
# 1 means request a certificate, and verify if a certificate is sent. |
310 |
# 2 means require a certificate and verify. |
311 |
# 3 means request a certificate and try to verify. Do not fail if the verification |
312 |
# function failed. This is may be useful in CGIs that want to print some error message. |
313 |
SSLVerifyClient 3 |
314 |
|
315 |
# Number of sessions to cache. This is to support session resuming. |
316 |
# Set to 0 to disable. |
317 |
SSLSessionCache 40 |
318 |
|
319 |
# After this time (in seconds) has passed, the stored SSL sessions |
320 |
# will be expired, and will not be resumed. |
321 |
SSLSessionTimeout 3600 #one hour |
322 |
|
323 |
# Set the prime bits used in Diffie Hellman authentication. The parameters |
324 |
# are only generated if the DHE ciphersuites are enabled. |
325 |
# Value should be one of 768, 1024, 2048, 4096 |
326 |
SSLDHBits 768 |
327 |
|
328 |
|
329 |
# A comma separated list of the SSL ciphers. Valid selections are: |
330 |
# ARCFOUR-128, ARCFOUR-40, 3DES, AES |
331 |
# Note that ARCFOUR-40 is a weak algorithm. |
332 |
SSLCiphers "AES, 3DES, ARCFOUR-128, ARCFOUR-40" |
333 |
|
334 |
# A comma separated list of the SSL key exchange methods. Valid selections |
335 |
# are: RSA, DHE-RSA, DHE-DSS, RSA-EXPORT |
336 |
# DHE-DSS can only be used with certificates that hold DSA parameters. |
337 |
# Note that RSA-EXPORT is a weak algorithm. |
338 |
SSLKeyExchangeAlgorithms "RSA, RSA-EXPORT" |
339 |
|
340 |
# This one is by default more secure (offers forward secrecy), |
341 |
# but more expensive in CPU time. |
342 |
#SSLKeyExchangeAlgorithms "DHE-RSA, DHE-DSS, RSA, RSA-EXPORT" |
343 |
|
344 |
# A comma separated list of the SSL MAC algorithms. Valid selections |
345 |
# are: MD5, SHA1, RMD160 |
346 |
SSLMACAlgorithms "SHA1, MD5" |
347 |
|
348 |
# A comma separated list of the SSL compression methods. Valid selections |
349 |
# are: NULL |
350 |
SSLCompressionMethods "NULL" |
351 |
|
352 |
# A comma separated list of the SSL protocol versions. Valid selections |
353 |
# are: TLS1.1, TLS1.0 and SSL3.0 |
354 |
SSLProtocols "TLS 1.1, TLS1.0, SSL3.0" |