httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ajay Garg <ajaygargn...@gmail.com>
Subject Re: [users@httpd] Problems in setting up a "HTTPS" based WebDAV server
Date Fri, 23 Mar 2012 14:14:08 GMT
Posted a query to openssl mailing list as well.


=========================== MESSAGE TO openssl BEGINS HERE
======================================
Hi all.

I have been trying lately to debug a startup issue in APACHE's httpd
service; and the last logs I receive in "/etc/httpd/logs_error_log" is

##############################
#######################################################################################
[error] SSL Library Error: 185073780 error:0B080074:x509 certificate
routines:X509_check_private_key:key values mismatch
#####################################################################################################################






As part of some desperate attempts, I downloaded source-rpms of "httpd" and
"openssl", and tracked down the source from where error-emanates.
Following is the code-snippet from "crypto/x509/x509_cmp.c"

######################################################################################################################
int X509_check_private_key(X509 *x, EVP_PKEY *k)
    {
    EVP_PKEY *xk;
    int ret;

    xk=X509_get_pubkey(x);

    if (xk)
        ret = EVP_PKEY_cmp(xk, k);
    else
        ret = -2;

    switch (ret)
        {
    case 1:
        break;
    case 0:
        X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
        break;
    case -1:
        X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
        break;
    case -2:
            X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
        }
    if (xk)
        EVP_PKEY_free(xk);
    if (ret > 0)
        return 1;
    return 0;
    }
######################################################################################################################

After the call to " ret = EVP_PKEY_cmp(xk, k);", 0 is being returned as
return value.

So, my query is ::

_What do the parameters "X509 *x, EVP_PKEY *k" correspond to_ ?


My guess is that "x" corresponds to a ".crt" file, while "k" corresponds to
a "key" file.
The values at my side are ::



ssl.crt
---------


#######################################################################################################################
-----BEGIN CERTIFICATE-----
MIICUDCCAbmgAwIBAgIJAOupq9QBcIRCMA0GCSqGSIb3DQEBBQUAMEExFjAUBgNV
BAMMDWFqYXkuZ2FyZy5jb20xJzAlBgkqhkiG9w0BCQEWGGFqYXlAYWN0aXZpdHlj
ZW50cmFsLmNvbTAeFw0xMjAzMjIxNDAwMzVaFw0xMzAzMjIxNDAwMzVaMEExFjAU
BgNVBAMMDWFqYXkuZ2FyZy5jb20xJzAlBgkqhkiG9w0BCQEWGGFqYXlAYWN0aXZp
dHljZW50cmFsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAntF9ouTD
HNXB4k/phcTbyAp6EP0a3r6CjEGFrD424Yi8eeOgXCwo4s/hh9tadl/8uLxw50y+
0kQz+IGDCZMmfm3HjBgSM6E14Ju3exQE9VD+1W61FD2nwAXBNIXRUd01/E+OEk28
9nVHm7iSEsLOGEBjpbQnim3o0iBLsdAg/y8CAwEAAaNQME4wHQYDVR0OBBYEFOd+
nLQpcOK2zq5+wZwf5uV2/UngMB8GA1UdIwQYMBaAFOd+nLQpcOK2zq5+wZwf5uV2
/UngMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAUsx+2loW96Aq6fG5
/TBx99Uwnf0p3b52RQ+99CQQj3MQqiuvvvkn1w3joGLK51Xc3sR7/T6bn5BR1vBk
p2g/HmmAHZlTLOJeV9fEofyGf0/Gv7OqpO4NAtBfCd6crdrv3Q37SPppsQ0dkLOs
wQAMLtx4u7QQWze0P7FPCAjE+ZQ=
-----END CERTIFICATE-----
#######################################################################################################################





ssl.key
----------

########################################################################################################################
-----BEGIN PRIVATE KEY-----
MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAJ7RfaLkwxzVweJP
6YXE28gKehD9Gt6+goxBhaw+NuGIvHnjoFwsKOLP4YfbWnZf/Li8cOdMvtJEM/iB
gwmTJn5tx4wYEjOhNeCbt3sUBPVQ/tVutRQ9p8AFwTSF0VHdNfxPjhJNvPZ1R5u4
khLCzhhAY6W0J4pt6NIgS7HQIP8vAgMBAAECgYApRPrGx3dEGO/G5Ukjb6JE+yP5
IixHUW4PED+yIICWXrfLXLEhAoClX6uVaBS7yfmb76vPDwxPC1YN72mjpU9NBmDt
DxGloXEulrHyCtULykVfpWFxQ/sDgxyve7OhmDJPANELkyUKz4bCfcItML3jY3Si
wyjfA/xyCmmOt1xOQQJBAMv5WDFqmk0r9HCM0RHaxxKvPtH37CJjtkzQMVacneZT
0gePS+pwmTTvh58h4vND+IBIfsVfrqFPRx9fXUKPstECQQDHU6r8pr8iFtmPe/Ka
TiiZ/YsWEC9zcObn3os4iglwy/1RWDYTMmtQImm3LVbCtz+/vrM/TJdUShT1Bgxx
vhH/AkAt8cpFx0deXqo+t9lX9jmlIcg6r2eHD4K+pp6Wbcy7VuIWRdbJxfccj1+z
HoTqWsMc0jeL6dOCDkNs86QkHA4hAkA0QH6mVJ/uM8c8keV7Bdom5Aw98Gg//uzJ
A9HDNIxdAVyaomEqjyEKlLrZxgzkZl1Tyo36nf1dnz33LWq9tnHJAkBO2h8KJbWh
9SzvU0xH9neKRVGRL7XppIVGrNOVKIok4zvm5I9SoC/3u9vbG+LtlBdbRKTn5s0E
IvP7lBIUuBOg
-----END PRIVATE KEY-----
########################################################################################################################


So, is a return value of "0" expected for these?


Looking forward to a reply.


Thanks and Regards,
Ajay

=========================== MESSAGE TO openssl ENDS HERE
========================================



Regards,
Ajay


On Thu, Mar 22, 2012 at 7:40 PM, Ajay Garg <ajaygargnsit@gmail.com> wrote:

> Thanks Mathijs for the reply.
>
> 1)
> It's ok, I am just in the test-up phase; I have already generated new keys
> and certificates more than a dozen times :)
>
>
>
>
>
> 2)
> Thanks for the help.
> I used this command, and generated a new pair of keys and certificates
> (without a passphrase).
> As expected, I wasn't asked for any passphrase now, when starting "httpd";
> however, the service showed "FAILED" at startup, and I got the same logs in
> "/etc/httpd/logs/error_log" as follows ::
>
>
> ################################################################################################################
> [Thu Mar 22 19:31:16 2012] [notice] SELinux policy enabled; httpd running
> as context unconfined_u:system_r:httpd_t:s0
> [Thu Mar 22 19:31:16 2012] [notice] suEXEC mechanism enabled (wrapper:
> /usr/sbin/suexec)
> [Thu Mar 22 19:31:16 2012] [notice] SSL FIPS mode disabled
> [Thu Mar 22 19:31:17 2012] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Thu Mar 22 19:31:17 2012] [error] Unable to configure RSA server private
> key
> [Thu Mar 22 19:31:17 2012] [error] SSL Library Error: 185073780
> error:0B080074:x509 certificate routines:X509_check_private_key:key values
> mismatch
>
> ################################################################################################################
>
>
>
> For brevity, here is the startup script output too ::
>
>
>
> ################################################################################################################
> [ajay@ajay certs]$ sudo service httpd start
> Starting httpd: [Thu Mar 22 19:31:16 2012] [warn] module ssl_module is
> already loaded, skipping
>                                                            [FAILED]
>
> ################################################################################################################
>
>
>
>
>
>
> 3) Mathijs, I think this is a step too far to consider at this point, as
> the service hasn't started as yet.
>     Anyways, I have already made the following values are the same across
> all ::
>
>     (i)    "ServerName" in "/etc/httpd/conf/httpd.conf"
>     (ii)   "CN" in the certificate
>
>
> And sorry for kinda spamming the mailing list; but I had thought this
> might turn out to be first-time-newbie question.
> My heartlful apologies .. :(
>
> Finally, thanks for the irc link :)
>
>
>
> Sorry, Thanks and Regards,
> Ajay
>
>
>
>
> On Thu, Mar 22, 2012 at 6:31 PM, Mathijs <mathijssch@gmail.com> wrote:
>
>> Hi and welcome to Apache,
>>
>> Some notes about your questions:
>>
>> 1) You probably shouldn't post private keys to public mailing lists
>>
>> 2) Try generating the self-signed key and certificate pair with this
>> command:
>> openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout ssl.key
>> -out ssl.crt
>> (No need for a passphrase either.)
>>
>> 3) The CN or Common Name in a SSL certificate should always match the
>> Host header in the http request. You are setting the Common Name to
>> 127.0.0.1 and accessing the server with 'localhost', which causes a
>> mismatch.
>>
>> And finally, if you need urgent help, its often a better idea to join the
>> apache httpd channel on irc (#httpd on irc.freenode.net) instead of
>> repeatedly posting to the mailinglist.
>>
>> On Thu, Mar 22, 2012 at 1:45 PM, Ajay Garg <ajaygargnsit@gmail.com>wrote:
>>
>>> Ping .. :-)
>>>
>>> (On a serious note, I really need some help).
>>>
>>> Thanks and Regards,
>>> Ajay
>>>
>>>
>>> On Thu, Mar 22, 2012 at 10:14 AM, Ajay Garg <ajaygargnsit@gmail.com>wrote:
>>>
>>>> I came across talks wherein it was mentioned that there could be
>>>> mismatches in the "modulus" and "public exponent" of "server.key" and
>>>> "server.crt". I have done the tests (using "openssl" command), but both -
>>>> "modulus" and "public exponent" appear to be the same.
>>>>
>>>> For brevity, I am posting the contents ::
>>>>
>>>> server.key ::
>>>>
>>>>
>>>> ####################################################################################################################
>>>> -----BEGIN RSA PRIVATE KEY-----
>>>> Proc-Type: 4,ENCRYPTED
>>>> DEK-Info: AES-128-CBC,06A5864C289A29E8133ECDC689F27D91
>>>>
>>>> PYvc38+2ReDk6ZrWBIkl6kkfFzob56ZXNMjcB/Iz0yHhKj2NI79h5wli+TLD30PP
>>>> BdsFgF4GTjHuLseD80EulX1JpcfHWgGEL92/flO9eRpxUeu9UgE+BcMyxaa2q3HO
>>>> mHgozrTf+GNRJ+r6ApNDVAGPv2ysf8t78nHvS16m4NuX01Asc6v9+3A5jpLgZ8L/
>>>> /eXbE5OVCOgdU4pULrfRb79N2rcpfk9+dWKfHkAdFNpMLqK0tmyp/pzn/V9PDcQe
>>>> 5L2xxTHnw3A9TZYwW3YG0buKeFLInt1w9ZRyJ81XfmsVtrcaZiwtNH2oEfwLtxVo
>>>> rWDPGeIJbdPNRwCgsT8ysRFC8H6K47UN5EM95Fnn/SW/VuFo7nFtTDP73s9sJiwT
>>>> P//PZbUxW1kAsj0KmWN70zfJIwZoQ2ar79r6aa4BS8buqumSuzVGJGEGzFD6CbuE
>>>> 3YXnyflANuA8zvhS0x44+yqd+x2DQUb80S3tZebAyEakBqeGNQGbWwI2/VgA/mDL
>>>> 5O8niB9wu4CoC6z4PIFlhER5Pwo5MrYVPLzmak8/Ouw2Vo+a9lRrmr6BiSTHReMr
>>>> QZ3FMax+ZH8cWBzfd2/tp0uGu4kh0fik6JzPOY6wvOIvB6Q6nylOY0DiVkmEryt+
>>>> z4BzpxweNd0jd6x68fl3ZfK7a9GYrUr33Dan7Z1VUZm9iuusOgIQ3IxEO74gAvOU
>>>> +RabEs3VbeKCb9c32zAfYWnmZuqBgHRTKc0prSx/LANnjkG8VoMslXY0Uw4965Hd
>>>> JPzQ5FGuKTK+21eLtPelMye2uXFmkzpsPi/8/2Zk91UmasuMoJWK1hlSiztEP3I7
>>>> slbGdk2yJiC6JTCZltoAWVYH4Fr/QQasn36WwBnTTEgABXUsz+UqwIaSZK192L0Z
>>>> yOTuxYNE4loc3cUcUDPT9e8T6L9X6qcvNMkkY4E/HdvGizXB1scb6X9+Xn3s2aTS
>>>> cCO2udxWnBDJ21t7f8yVkRUt93dQ9JlLUEFgjWFkHkippj9N6PXE7aHnXt9LiUKs
>>>> Ooc9iEZFIhxICw51t/NXmq/2seoV1GgwysYdTdXbN0b1C7PVP2Nsy12zpcNbyCPT
>>>> XAqclsCGnBVU1FKA7Rjwua2uiPd05kE85pail6wRrMx0/8NnveVmQpVA1B5lcQb+
>>>> EL2baH9MnDkuMB02UHi/x+s+qBEHKUBQ0x4zK0Fb7sxw9Hr5XejxkAfZj4vOSLem
>>>> STajY7jcGNIcXlTkv4Uj2u065I+jiWzEI9DWZVU+AR0GnEXoTT5RzR+Dj15DjUYt
>>>> UqawF4vXWZh9egaygNxx/PBGnSKjtUEW4mTb13xW/0ZV+WrMntFPG8JqZyZeMDPI
>>>> 9gMW6PCr/KidIfDC8d0NRz1rWrSEVWqZ12UJJny0xvw3dnbvJ/T652iYo743owBl
>>>> 8yIKHFBtLv5muBQ52AYrOrYlD8E55B+25jwoY7z/5Ct9kjxCMPWjRiGDdDJIkg3g
>>>> y/LljDRLp4SFvLPAESJ6gepLPFOTuuAdiI3rQd94pTsGHCGLRamro1HW11bJ4nsk
>>>> vPw+MDFHebycRrEHTryL5+DOrbuwo14KbQGQxbT4JC0lEx/5W7w0KwfOp5p1f3zm
>>>> -----END RSA PRIVATE KEY-----
>>>>
>>>> ####################################################################################################################
>>>>
>>>>
>>>>
>>>>
>>>> server.crt ::
>>>>
>>>>
>>>> ####################################################################################################################
>>>> -----BEGIN CERTIFICATE-----
>>>> MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMCSU4x
>>>> DjAMBgNVBAgMBURlbGhpMQ4wDAYDVQQHDAVEZWxoaTEOMAwGA1UECgwFRGVsaGkx
>>>> DjAMBgNVBAsMBURlbGhpMRIwEAYDVQQDDAkxMjcuMC4wLjExJTAjBgkqhkiG9w0B
>>>> CQEWFmFqYXlnYXJnbnNpdEBnbWFpbC5jb20wHhcNMTIwMzIxMTMyMTUyWhcNMTMw
>>>> MzIxMTMyMTUyWjCBiDELMAkGA1UEBhMCSU4xDjAMBgNVBAgMBURlbGhpMQ4wDAYD
>>>> VQQHDAVEZWxoaTEOMAwGA1UECgwFRGVsaGkxDjAMBgNVBAsMBURlbGhpMRIwEAYD
>>>> VQQDDAkxMjcuMC4wLjExJTAjBgkqhkiG9w0BCQEWFmFqYXlnYXJnbnNpdEBnbWFp
>>>> bC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCU8htaaJnsOTPD
>>>> AZQkNE7SHGvQ5RFsTqZOZeaNEV2F6LUqvK8ysmCnKVGE8F9+2we1I/W1bxNsx5f2
>>>> 2ifd2u/pROOPzO0xhlJzWJmJy0xeIcWceMNXUDLXr2ix8+b6LCPbzsyEGbg6IQAE
>>>> AyIMaFv3pA1nYjfEV9ntyF4SEkMgSQdCGfhqQY4ILvWoqbRZwQwKhPxzM6NXmPxW
>>>> kxelx6QUAlAwjqgMaHI+Fa2dk6NNTk9GWB3QYN24Cw+kFGv9f2UkJQlQ0qiC8R+d
>>>> Bh63oNdvZG5YR4QycqCFoPEdwcL2ak5hr8TfVx1sTA/75sswkKUrZYSrAbGgerN2
>>>> KsSWu6utAgMBAAGjUDBOMB0GA1UdDgQWBBQGl2ejA7PJlpC2bwp9gP0NlOwEgDAf
>>>> BgNVHSMEGDAWgBQGl2ejA7PJlpC2bwp9gP0NlOwEgDAMBgNVHRMEBTADAQH/MA0G
>>>> CSqGSIb3DQEBBQUAA4IBAQA93Hkimjlm5g8j7+rZq4sfVhBO7Opx7IoMtkcrmClM
>>>> AECUrzWnQfJoSWQCzW+Gaj9F/CXtQYKt0VnAdGD212CJ6dzhJR1UfTzwSVdzK4gl
>>>> C0Q7YqLZMp7GrpTSOB1rwxNAQwuhcJWiOQP1dRJF8OqSu8ywE5y2hNeCTiXZlLlH
>>>> p+RBxdtG30NJHDDoosx76fUVE4S2Ll3UKKBqXfrQmtF+QnHPEtSHk8cesVFymNU3
>>>> WtQhiAy58RYoU24RX/AcvV/PfFcEpXAVVNndwuZkhV+9uD2NzvkxhcVUx0CDSy/J
>>>> xdsjcda59LByv1K0J46hsWb5AuRbVos6u+O2CpcOj028
>>>> -----END CERTIFICATE-----
>>>>
>>>> ####################################################################################################################
>>>>
>>>>
>>>>
>>>> Regards,
>>>> Ajay
>>>>
>>>>
>>>> On Wed, Mar 21, 2012 at 6:55 PM, Ajay Garg <ajaygargnsit@gmail.com>wrote:
>>>>
>>>>> Well, I looked into "/etc/httpd/logs/error_log", and found that were
>>>>> some errors related to server-name not matching (don't remember the exact
>>>>> statement). But even then the service startup showed "OK", which apparently
>>>>> is a misnomer.
>>>>>
>>>>> Anyways, I regenerated "server.key" and "server.crt" by ::
>>>>>
>>>>>
>>>>> ##################################################################################################################
>>>>> [ajay@ajay ~]$ cd /etc/ssl/certs/
>>>>> [ajay@ajay certs]$ ls
>>>>> localhost.crt  make-dummy-cert  Makefile  server.crt  server.key
>>>>> [ajay@ajay certs]$ pwd
>>>>> /etc/ssl/certs
>>>>> [ajay@ajay certs]$ sudo rm server.key
>>>>> [ajay@ajay certs]$ sudo rm server.crt
>>>>> [ajay@ajay certs]$ sudo make server.key
>>>>> umask 77 ; \
>>>>> /usr/bin/openssl genrsa -aes128 2048 > server.key
>>>>> Generating RSA private key, 2048 bit long modulus
>>>>>
>>>>> ...........................................................................................+++
>>>>> .........................................+++
>>>>> e is 65537 (0x10001)
>>>>> Enter pass phrase:
>>>>> Verifying - Enter pass phrase:
>>>>> [ajay@ajay certs]$ sudo make server.crt
>>>>> umask 77 ; \
>>>>> /usr/bin/openssl req -utf8 -new -key server.key -x509 -days 365 -out
>>>>> server.crt -set_serial 0
>>>>> Enter pass phrase for server.key:
>>>>> You are about to be asked to enter information that will be
>>>>> incorporated
>>>>> into your certificate request.
>>>>> What you are about to enter is what is called a Distinguished Name or
>>>>> a DN.
>>>>> There are quite a few fields but you can leave some blank
>>>>> For some fields there will be a default value,
>>>>> If you enter '.', the field will be left blank.
>>>>> -----
>>>>> Country Name (2 letter code) [XX]:IN
>>>>> State or Province Name (full name) []:Delhi
>>>>> Locality Name (eg, city) [Default City]:Delhi
>>>>> Organization Name (eg, company) [Default Company Ltd]:Delhi
>>>>> Organizational Unit Name (eg, section) []:Delhi
>>>>> Common Name (eg, your name or your server's hostname) []:127.0.0.1
>>>>> Email Address []:ajaygargnsit@gmail.com
>>>>>
>>>>> ##################################################################################################################
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> I then tried to start "httpd" ::
>>>>>
>>>>>
>>>>> ##################################################################################################################
>>>>> [ajay@ajay certs]$ sudo service httpd start
>>>>> Starting httpd: [Wed Mar 21 18:52:00 2012] [warn] module ssl_module is
>>>>> already loaded, skipping
>>>>>
>>>>> Apache/2.2.17 mod_ssl/2.2.17 (Pass Phrase Dialog)
>>>>> Some of your private key files are encrypted for security reasons.
>>>>> In order to read them you have to provide the pass phrases.
>>>>>
>>>>> Server 127.0.0.1:443 (RSA)
>>>>>
>>>>> Enter pass phrase:
>>>>>
>>>>> OK: Pass Phrase Dialog successful.
>>>>>                                                            [FAILED]
>>>>>
>>>>> ##################################################################################################################
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> and "/etc/httpd/logs/error_log" showed ::
>>>>>
>>>>>
>>>>> ##################################################################################################################
>>>>> [Wed Mar 21 18:52:00 2012] [notice] SELinux policy enabled; httpd
>>>>> running as context unconfined_u:system_r:httpd_t:s0
>>>>> [Wed Mar 21 18:52:00 2012] [notice] suEXEC mechanism enabled (wrapper:
>>>>> /usr/sbin/suexec)
>>>>> [Wed Mar 21 18:52:00 2012] [notice] SSL FIPS mode disabled
>>>>> [Wed Mar 21 18:52:02 2012] [warn] RSA server certificate is a CA
>>>>> certificate (BasicConstraints: CA == TRUE !?)
>>>>> [Wed Mar 21 18:52:02 2012] [error] Unable to configure RSA server
>>>>> private key
>>>>> [Wed Mar 21 18:52:02 2012] [error] SSL Library Error: 185073780
>>>>> error:0B080074:x509 certificate routines:X509_check_private_key:key values
>>>>> mismatch
>>>>>
>>>>> ##################################################################################################################
>>>>>
>>>>>
>>>>>
>>>>> Ideas.. ??
>>>>>
>>>>>
>>>>> Thanks and Regards,
>>>>> Ajay
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Wed, Mar 21, 2012 at 5:37 PM, Ajay Garg <ajaygargnsit@gmail.com>wrote:
>>>>>
>>>>>> Hi all.
>>>>>>
>>>>>> I am afraid I am a newbie to Apache; and have been trying to setup a
>>>>>> HTTPS based WebDAV server using Apache2 on Fedora 14.
>>>>>>
>>>>>> Prior to this, I could get the HTTP based WebDAV server working, and
>>>>>> accessing the shares via gnome-nautilus worked like a charm :-)
>>>>>> Thus, I will present whatever I have tried to setup the HTTPS variant.
>>>>>>
>>>>>>
>>>>>> 1.
>>>>>> Following are the contents of "/etc/httpd/conf/httpd.conf"
>>>>>>
>>>>>> ##############################
>>>>>>
>>>>>> ###############################################################################################
>>>>>> #
>>>>>> # This is the main Apache server configuration file.  It contains the
>>>>>> # configuration directives that give the server its instructions.
>>>>>> # See <URL:http://httpd.apache.org/docs/2.2/> for detailed
>>>>>> information.
>>>>>> # In particular, see
>>>>>> # <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
>>>>>> # for a discussion of each configuration directive.
>>>>>> #
>>>>>> #
>>>>>> # Do NOT simply read the instructions in here without understanding
>>>>>> # what they do.  They're here only as hints or reminders.  If you are
>>>>>> unsure
>>>>>> # consult the online docs. You have been warned.
>>>>>> #
>>>>>> # The configuration directives are grouped into three basic sections:
>>>>>> #  1. Directives that control the operation of the Apache server
>>>>>> process as a
>>>>>> #     whole (the 'global environment').
>>>>>> #  2. Directives that define the parameters of the 'main' or
>>>>>> 'default' server,
>>>>>> #     which responds to requests that aren't handled by a virtual
>>>>>> host.
>>>>>> #     These directives also provide default values for the settings
>>>>>> #     of all virtual hosts.
>>>>>> #  3. Settings for virtual hosts, which allow Web requests to be sent
>>>>>> to
>>>>>> #     different IP addresses or hostnames and have them handled by the
>>>>>> #     same Apache server process.
>>>>>> #
>>>>>> # Configuration and logfile names: If the filenames you specify for
>>>>>> many
>>>>>> # of the server's control files begin with "/" (or "drive:/" for
>>>>>> Win32), the
>>>>>> # server will use that explicit path.  If the filenames do *not* begin
>>>>>> # with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
>>>>>> # with ServerRoot set to "/etc/httpd" will be interpreted by the
>>>>>> # server as "/etc/httpd/logs/foo.log".
>>>>>> #
>>>>>>
>>>>>> ### Section 1: Global Environment
>>>>>> #
>>>>>> # The directives in this section affect the overall operation of
>>>>>> Apache,
>>>>>> # such as the number of concurrent requests it can handle or where it
>>>>>> # can find its configuration files.
>>>>>> #
>>>>>>
>>>>>> #
>>>>>> # Don't give away too much information about all the subcomponents
>>>>>> # we are running.  Comment out this line if you don't mind remote
>>>>>> sites
>>>>>> # finding out what major optional modules you are running
>>>>>> ServerTokens OS
>>>>>>
>>>>>> #
>>>>>> # ServerRoot: The top of the directory tree under which the server's
>>>>>> # configuration, error, and log files are kept.
>>>>>> #
>>>>>> # NOTE!  If you intend to place this on an NFS (or otherwise network)
>>>>>> # mounted filesystem then please read the LockFile documentation
>>>>>> # (available at <URL:
>>>>>> http://httpd.apache.org/docs/2.2/mod/mpm_common.html#lockfile>);
>>>>>> # you will save yourself a lot of trouble.
>>>>>> #
>>>>>> # Do NOT add a slash at the end of the directory path.
>>>>>> #
>>>>>> ServerRoot "/etc/httpd"
>>>>>>
>>>>>> #
>>>>>> # PidFile: The file in which the server should record its process
>>>>>> # identification number when it starts.  Note the PIDFILE variable in
>>>>>> # /etc/sysconfig/httpd must be set appropriately if this location is
>>>>>> # changed.
>>>>>> #
>>>>>> PidFile run/httpd.pid
>>>>>>
>>>>>> #
>>>>>> # Timeout: The number of seconds before receives and sends time out.
>>>>>> #
>>>>>> Timeout 60
>>>>>>
>>>>>> #
>>>>>> # KeepAlive: Whether or not to allow persistent connections (more than
>>>>>> # one request per connection). Set to "Off" to deactivate.
>>>>>> #
>>>>>> KeepAlive Off
>>>>>>
>>>>>> #
>>>>>> # MaxKeepAliveRequests: The maximum number of requests to allow
>>>>>> # during a persistent connection. Set to 0 to allow an unlimited
>>>>>> amount.
>>>>>> # We recommend you leave this number high, for maximum performance.
>>>>>> #
>>>>>> MaxKeepAliveRequests 100
>>>>>>
>>>>>> #
>>>>>> # KeepAliveTimeout: Number of seconds to wait for the next request
>>>>>> from the
>>>>>> # same client on the same connection.
>>>>>> #
>>>>>> KeepAliveTimeout 5
>>>>>>
>>>>>> ##
>>>>>> ## Server-Pool Size Regulation (MPM specific)
>>>>>> ##
>>>>>>
>>>>>> # prefork MPM
>>>>>> # StartServers: number of server processes to start
>>>>>> # MinSpareServers: minimum number of server processes which are kept
>>>>>> spare
>>>>>> # MaxSpareServers: maximum number of server processes which are kept
>>>>>> spare
>>>>>> # ServerLimit: maximum value for MaxClients for the lifetime of the
>>>>>> server
>>>>>> # MaxClients: maximum number of server processes allowed to start
>>>>>> # MaxRequestsPerChild: maximum number of requests a server process
>>>>>> serves
>>>>>> <IfModule prefork.c>
>>>>>> StartServers       8
>>>>>> MinSpareServers    5
>>>>>> MaxSpareServers   20
>>>>>> ServerLimit      256
>>>>>> MaxClients       256
>>>>>> MaxRequestsPerChild  4000
>>>>>> </IfModule>
>>>>>>
>>>>>> # worker MPM
>>>>>> # StartServers: initial number of server processes to start
>>>>>> # MaxClients: maximum number of simultaneous client connections
>>>>>> # MinSpareThreads: minimum number of worker threads which are kept
>>>>>> spare
>>>>>> # MaxSpareThreads: maximum number of worker threads which are kept
>>>>>> spare
>>>>>> # ThreadsPerChild: constant number of worker threads in each server
>>>>>> process
>>>>>> # MaxRequestsPerChild: maximum number of requests a server process
>>>>>> serves
>>>>>> <IfModule worker.c>
>>>>>> StartServers         4
>>>>>> MaxClients         300
>>>>>> MinSpareThreads     25
>>>>>> MaxSpareThreads     75
>>>>>> ThreadsPerChild     25
>>>>>> MaxRequestsPerChild  0
>>>>>> </IfModule>
>>>>>>
>>>>>> #
>>>>>> # Listen: Allows you to bind Apache to specific IP addresses and/or
>>>>>> # ports, in addition to the default. See also the <VirtualHost>
>>>>>> # directive.
>>>>>> #
>>>>>> # Change this to Listen on specific IP addresses as shown below to
>>>>>> # prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
>>>>>> #
>>>>>> #Listen 12.34.56.78:80 <http://12.34.56.78/>
>>>>>> Listen 80
>>>>>>
>>>>>> #
>>>>>> # Dynamic Shared Object (DSO) Support
>>>>>> #
>>>>>> # To be able to use the functionality of a module which was built as
>>>>>> a DSO you
>>>>>> # have to place corresponding `LoadModule' lines at this location so
>>>>>> the
>>>>>> # directives contained in it are actually available _before_ they are
>>>>>> used.
>>>>>> # Statically compiled modules (those listed by `httpd -l') do not need
>>>>>> # to be loaded here.
>>>>>> #
>>>>>> # Example:
>>>>>> # LoadModule foo_module modules/mod_foo.so
>>>>>> #
>>>>>> LoadModule auth_basic_module modules/mod_auth_basic.so
>>>>>> LoadModule auth_digest_module modules/mod_auth_digest.so
>>>>>> LoadModule authn_file_module modules/mod_authn_file.so
>>>>>> LoadModule authn_alias_module modules/mod_authn_alias.so
>>>>>> LoadModule authn_anon_module modules/mod_authn_anon.so
>>>>>> LoadModule authn_dbm_module modules/mod_authn_dbm.so
>>>>>> LoadModule authn_default_module modules/mod_authn_default.so
>>>>>> LoadModule authz_host_module modules/mod_authz_host.so
>>>>>> LoadModule authz_user_module modules/mod_authz_user.so
>>>>>> LoadModule authz_owner_module modules/mod_authz_owner.so
>>>>>> LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
>>>>>> LoadModule authz_dbm_module modules/mod_authz_dbm.so
>>>>>> LoadModule authz_default_module modules/mod_authz_default.so
>>>>>> LoadModule ldap_module modules/mod_ldap.so
>>>>>> LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
>>>>>> LoadModule include_module modules/mod_include.so
>>>>>> LoadModule log_config_module modules/mod_log_config.so
>>>>>> LoadModule logio_module modules/mod_logio.so
>>>>>> LoadModule env_module modules/mod_env.so
>>>>>> LoadModule ext_filter_module modules/mod_ext_filter.so
>>>>>> LoadModule mime_magic_module modules/mod_mime_magic.so
>>>>>> LoadModule expires_module modules/mod_expires.so
>>>>>> LoadModule deflate_module modules/mod_deflate.so
>>>>>> LoadModule headers_module modules/mod_headers.so
>>>>>> LoadModule usertrack_module modules/mod_usertrack.so
>>>>>> LoadModule setenvif_module modules/mod_setenvif.so
>>>>>> LoadModule mime_module modules/mod_mime.so
>>>>>> LoadModule dav_module modules/mod_dav.so
>>>>>> LoadModule status_module modules/mod_status.so
>>>>>> LoadModule autoindex_module modules/mod_autoindex.so
>>>>>> LoadModule info_module modules/mod_info.so
>>>>>> LoadModule dav_fs_module modules/mod_dav_fs.so
>>>>>> LoadModule vhost_alias_module modules/mod_vhost_alias.so
>>>>>> LoadModule negotiation_module modules/mod_negotiation.so
>>>>>> LoadModule dir_module modules/mod_dir.so
>>>>>> LoadModule actions_module modules/mod_actions.so
>>>>>> LoadModule speling_module modules/mod_speling.so
>>>>>> LoadModule userdir_module modules/mod_userdir.so
>>>>>> LoadModule alias_module modules/mod_alias.so
>>>>>> LoadModule substitute_module modules/mod_substitute.so
>>>>>> LoadModule rewrite_module modules/mod_rewrite.so
>>>>>> LoadModule proxy_module modules/mod_proxy.so
>>>>>> LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
>>>>>> LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
>>>>>> LoadModule proxy_http_module modules/mod_proxy_http.so
>>>>>> LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
>>>>>> LoadModule proxy_connect_module modules/mod_proxy_connect.so
>>>>>> LoadModule cache_module modules/mod_cache.so
>>>>>> LoadModule suexec_module modules/mod_suexec.so
>>>>>> LoadModule disk_cache_module modules/mod_disk_cache.so
>>>>>> LoadModule cgi_module modules/mod_cgi.so
>>>>>> LoadModule version_module modules/mod_version.so
>>>>>> LoadModule ssl_module modules/mod_ssl.so
>>>>>>
>>>>>> #
>>>>>> # The following modules are not loaded by default:
>>>>>> #
>>>>>> #LoadModule asis_module modules/mod_asis.so
>>>>>> #LoadModule authn_dbd_module modules/mod_authn_dbd.so
>>>>>> #LoadModule cern_meta_module modules/mod_cern_meta.so
>>>>>> #LoadModule cgid_module modules/mod_cgid.so
>>>>>> #LoadModule dbd_module modules/mod_dbd.so
>>>>>> #LoadModule dumpio_module modules/mod_dumpio.so
>>>>>> #LoadModule filter_module modules/mod_filter.so
>>>>>> #LoadModule ident_module modules/mod_ident.so
>>>>>> #LoadModule log_forensic_module modules/mod_log_forensic.so
>>>>>> #LoadModule unique_id_module modules/mod_unique_id.so
>>>>>> #
>>>>>>
>>>>>> #
>>>>>> # Load config files from the config directory "/etc/httpd/conf.d".
>>>>>> #
>>>>>> Include conf.d/*.conf
>>>>>>
>>>>>> #
>>>>>> # ExtendedStatus controls whether Apache will generate "full" status
>>>>>> # information (ExtendedStatus On) or just basic information
>>>>>> (ExtendedStatus
>>>>>> # Off) when the "server-status" handler is called. The default is Off.
>>>>>> #
>>>>>> #ExtendedStatus On
>>>>>>
>>>>>> #
>>>>>> # If you wish httpd to run as a different user or group, you must run
>>>>>> # httpd as root initially and it will switch.
>>>>>> #
>>>>>> # User/Group: The name (or #number) of the user/group to run httpd as.
>>>>>> #  . On SCO (ODT 3) use "User nouser" and "Group nogroup".
>>>>>> #  . On HPUX you may not be able to use shared memory as nobody, and
>>>>>> the
>>>>>> #    suggested workaround is to create a user www and use that user.
>>>>>> #  NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
>>>>>> #  when the value of (unsigned)Group is above 60000;
>>>>>> #  don't use Group #-1 on these systems!
>>>>>> #
>>>>>> User apache
>>>>>> Group apache
>>>>>>
>>>>>> ### Section 2: 'Main' server configuration
>>>>>> #
>>>>>> # The directives in this section set up the values used by the 'main'
>>>>>> # server, which responds to any requests that aren't handled by a
>>>>>> # <VirtualHost> definition.  These values also provide defaults for
>>>>>> # any <VirtualHost> containers you may define later in the file.
>>>>>> #
>>>>>> # All of these directives may appear inside <VirtualHost> containers,
>>>>>> # in which case these default settings will be overridden for the
>>>>>> # virtual host being defined.
>>>>>> #
>>>>>>
>>>>>> #
>>>>>> # ServerAdmin: Your address, where problems with the server should be
>>>>>> # e-mailed.  This address appears on some server-generated pages, such
>>>>>> # as error documents.  e.g. admin@your-domain.com
>>>>>> #
>>>>>> ServerAdmin root@localhost
>>>>>>
>>>>>> #
>>>>>> # ServerName gives the name and port that the server uses to identify
>>>>>> itself.
>>>>>> # This can often be determined automatically, but we recommend you
>>>>>> specify
>>>>>> # it explicitly to prevent problems during startup.
>>>>>> #
>>>>>> # If this is not set to valid DNS name for your host, server-generated
>>>>>> # redirections will not work.  See also the UseCanonicalName
>>>>>> directive.
>>>>>> #
>>>>>> # If your host doesn't have a registered DNS name, enter its IP
>>>>>> address here.
>>>>>> # You will have to access it by its address anyway, and this will
>>>>>> make
>>>>>> # redirections work in a sensible way.
>>>>>> #
>>>>>> #ServerName www.example.com:80 <http://www.example.com/>
>>>>>>
>>>>>> #
>>>>>> # UseCanonicalName: Determines how Apache constructs self-referencing
>>>>>> # URLs and the SERVER_NAME and SERVER_PORT variables.
>>>>>> # When set "Off", Apache will use the Hostname and Port supplied
>>>>>> # by the client.  When set "On", Apache will use the value of the
>>>>>> # ServerName directive.
>>>>>> #
>>>>>> UseCanonicalName Off
>>>>>>
>>>>>> #
>>>>>> # DocumentRoot: The directory out of which you will serve your
>>>>>> # documents. By default, all requests are taken from this directory,
>>>>>> but
>>>>>> # symbolic links and aliases may be used to point to other locations.
>>>>>> #
>>>>>> DocumentRoot "/var/www/html"
>>>>>>
>>>>>> #
>>>>>> # Each directory to which Apache has access can be configured with
>>>>>> respect
>>>>>> # to which services and features are allowed and/or disabled in that
>>>>>> # directory (and its subdirectories).
>>>>>> #
>>>>>> # First, we configure the "default" to be a very restrictive set of
>>>>>> # features.
>>>>>> #
>>>>>> <Directory />
>>>>>>     Options FollowSymLinks
>>>>>>     AllowOverride None
>>>>>> </Directory>
>>>>>>
>>>>>> #
>>>>>> # Note that from this point forward you must specifically allow
>>>>>> # particular features to be enabled - so if something's not working as
>>>>>> # you might expect, make sure that you have specifically enabled it
>>>>>> # below.
>>>>>> #
>>>>>>
>>>>>> #
>>>>>> # This should be changed to whatever you set DocumentRoot to.
>>>>>> #
>>>>>> <Directory "/var/www/html">
>>>>>>
>>>>>> #
>>>>>> # Possible values for the Options directive are "None", "All",
>>>>>> # or any combination of:
>>>>>> #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI
>>>>>> MultiViews
>>>>>> #
>>>>>> # Note that "MultiViews" must be named *explicitly* --- "Options All"
>>>>>> # doesn't give it to you.
>>>>>> #
>>>>>> # The Options directive is both complicated and important.  Please see
>>>>>> # http://httpd.apache.org/docs/2.2/mod/core.html#options
>>>>>> # for more information.
>>>>>> #
>>>>>>     Options Indexes FollowSymLinks
>>>>>>
>>>>>> #
>>>>>> # AllowOverride controls what directives may be placed in .htaccess
>>>>>> files.
>>>>>> # It can be "All", "None", or any combination of the keywords:
>>>>>> #   Options FileInfo AuthConfig Limit
>>>>>> #
>>>>>>     AllowOverride None
>>>>>>
>>>>>> #
>>>>>> # Controls who can get stuff from this server.
>>>>>> #
>>>>>>     Order allow,deny
>>>>>>     Allow from all
>>>>>>
>>>>>> </Directory>
>>>>>>
>>>>>> #
>>>>>> # UserDir: The name of the directory that is appended onto a user's
>>>>>> home
>>>>>> # directory if a ~user request is received.
>>>>>> #
>>>>>> # The path to the end user account 'public_html' directory must be
>>>>>> # accessible to the webserver userid.  This usually means that ~userid
>>>>>> # must have permissions of 711, ~userid/public_html must have
>>>>>> permissions
>>>>>> # of 755, and documents contained therein must be world-readable.
>>>>>> # Otherwise, the client will only receive a "403 Forbidden" message.
>>>>>> #
>>>>>> # See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden
>>>>>> #
>>>>>> <IfModule mod_userdir.c>
>>>>>>     #
>>>>>>     # UserDir is disabled by default since it can confirm the presence
>>>>>>     # of a username on the system (depending on home directory
>>>>>>     # permissions).
>>>>>>     #
>>>>>>     UserDir disabled
>>>>>>
>>>>>>     #
>>>>>>     # To enable requests to /~user/ to serve the user's public_html
>>>>>>     # directory, remove the "UserDir disabled" line above, and
>>>>>> uncomment
>>>>>>     # the following line instead:
>>>>>>     #
>>>>>>     #UserDir public_html
>>>>>>
>>>>>> </IfModule>
>>>>>>
>>>>>> #
>>>>>> # Control access to UserDir directories.  The following is an example
>>>>>> # for a site where these directories are restricted to read-only.
>>>>>> #
>>>>>> #<Directory /home/*/public_html>
>>>>>> #    AllowOverride FileInfo AuthConfig Limit
>>>>>> #    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
>>>>>> #    <Limit GET POST OPTIONS>
>>>>>> #        Order allow,deny
>>>>>> #        Allow from all
>>>>>> #    </Limit>
>>>>>> #    <LimitExcept GET POST OPTIONS>
>>>>>> #        Order deny,allow
>>>>>> #        Deny from all
>>>>>> #    </LimitExcept>
>>>>>> #</Directory>
>>>>>>
>>>>>> #
>>>>>> # DirectoryIndex: sets the file that Apache will serve if a directory
>>>>>> # is requested.
>>>>>> #
>>>>>> # The index.html.var file (a type-map) is used to deliver content-
>>>>>> # negotiated documents.  The MultiViews Option can be used for the
>>>>>> # same purpose, but it is much slower.
>>>>>> #
>>>>>> DirectoryIndex index.html index.html.var
>>>>>>
>>>>>> #
>>>>>> # AccessFileName: The name of the file to look for in each directory
>>>>>> # for additional configuration directives.  See also the AllowOverride
>>>>>> # directive.
>>>>>> #
>>>>>> AccessFileName .htaccess
>>>>>>
>>>>>> #
>>>>>> # The following lines prevent .htaccess and .htpasswd files from
>>>>>> being
>>>>>> # viewed by Web clients.
>>>>>> #
>>>>>> <Files ~ "^\.ht">
>>>>>>     Order allow,deny
>>>>>>     Deny from all
>>>>>>     Satisfy All
>>>>>> </Files>
>>>>>>
>>>>>> #
>>>>>> # TypesConfig describes where the mime.types file (or equivalent) is
>>>>>> # to be found.
>>>>>> #
>>>>>> TypesConfig /etc/mime.types
>>>>>>
>>>>>> #
>>>>>> # DefaultType is the default MIME type the server will use for a
>>>>>> document
>>>>>> # if it cannot otherwise determine one, such as from filename
>>>>>> extensions.
>>>>>> # If your server contains mostly text or HTML documents, "text/plain"
>>>>>> is
>>>>>> # a good value.  If most of your content is binary, such as
>>>>>> applications
>>>>>> # or images, you may want to use "application/octet-stream" instead to
>>>>>> # keep browsers from trying to display binary files as though they are
>>>>>> # text.
>>>>>> #
>>>>>> DefaultType text/plain
>>>>>>
>>>>>> #
>>>>>> # The mod_mime_magic module allows the server to use various hints
>>>>>> from the
>>>>>> # contents of the file itself to determine its type.  The
>>>>>> MIMEMagicFile
>>>>>> # directive tells the module where the hint definitions are located.
>>>>>> #
>>>>>> <IfModule mod_mime_magic.c>
>>>>>> #   MIMEMagicFile /usr/share/magic.mime
>>>>>>     MIMEMagicFile conf/magic
>>>>>> </IfModule>
>>>>>>
>>>>>> #
>>>>>> # HostnameLookups: Log the names of clients or just their IP addresses
>>>>>> # e.g., www.apache.org (on) or 204.62.129.132 (off).
>>>>>> # The default is off because it'd be overall better for the net if
>>>>>> people
>>>>>> # had to knowingly turn this feature on, since enabling it means that
>>>>>> # each client request will result in AT LEAST one lookup request to
>>>>>> the
>>>>>> # nameserver.
>>>>>> #
>>>>>> HostnameLookups Off
>>>>>>
>>>>>> #
>>>>>> # EnableMMAP: Control whether memory-mapping is used to deliver
>>>>>> # files (assuming that the underlying OS supports it).
>>>>>> # The default is on; turn this off if you serve from NFS-mounted
>>>>>> # filesystems.  On some systems, turning it off (regardless of
>>>>>> # filesystem) can improve performance; for details, please see
>>>>>> # http://httpd.apache.org/docs/2.2/mod/core.html#enablemmap
>>>>>> #
>>>>>> #EnableMMAP off
>>>>>>
>>>>>> #
>>>>>> # EnableSendfile: Control whether the sendfile kernel support is
>>>>>> # used to deliver files (assuming that the OS supports it).
>>>>>> # The default is on; turn this off if you serve from NFS-mounted
>>>>>> # filesystems.  Please see
>>>>>> # http://httpd.apache.org/docs/2.2/mod/core.html#enablesendfile
>>>>>> #
>>>>>> #EnableSendfile off
>>>>>>
>>>>>> #
>>>>>> # ErrorLog: The location of the error log file.
>>>>>> # If you do not specify an ErrorLog directive within a <VirtualHost>
>>>>>> # container, error messages relating to that virtual host will be
>>>>>> # logged here.  If you *do* define an error logfile for a
>>>>>> <VirtualHost>
>>>>>> # container, that host's errors will be logged there and not here.
>>>>>> #
>>>>>> ErrorLog logs/error_log
>>>>>>
>>>>>> #
>>>>>> # LogLevel: Control the number of messages logged to the error_log.
>>>>>> # Possible values include: debug, info, notice, warn, error, crit,
>>>>>> # alert, emerg.
>>>>>> #
>>>>>> LogLevel warn
>>>>>>
>>>>>> #
>>>>>> # The following directives define some format nicknames for use with
>>>>>> # a CustomLog directive (see below).
>>>>>> #
>>>>>> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
>>>>>> \"%{User-Agent}i\"" combined
>>>>>> LogFormat "%h %l %u %t \"%r\" %>s %b" common
>>>>>> LogFormat "%{Referer}i -> %U" referer
>>>>>> LogFormat "%{User-agent}i" agent
>>>>>>
>>>>>> # "combinedio" includes actual counts of actual bytes received (%I)
>>>>>> and sent (%O); this
>>>>>> # requires the mod_logio module to be loaded.
>>>>>> #LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
>>>>>> \"%{User-Agent}i\" %I %O" combinedio
>>>>>>
>>>>>> #
>>>>>> # The location and format of the access logfile (Common Logfile
>>>>>> Format).
>>>>>> # If you do not define any access logfiles within a <VirtualHost>
>>>>>> # container, they will be logged here.  Contrariwise, if you *do*
>>>>>> # define per-<VirtualHost> access logfiles, transactions will be
>>>>>> # logged therein and *not* in this file.
>>>>>> #
>>>>>> #CustomLog logs/access_log common
>>>>>>
>>>>>> #
>>>>>> # If you would like to have separate agent and referer logfiles,
>>>>>> uncomment
>>>>>> # the following directives.
>>>>>> #
>>>>>> #CustomLog logs/referer_log referer
>>>>>> #CustomLog logs/agent_log agent
>>>>>>
>>>>>> #
>>>>>> # For a single logfile with access, agent, and referer information
>>>>>> # (Combined Logfile Format), use the following directive:
>>>>>> #
>>>>>> CustomLog logs/access_log combined
>>>>>>
>>>>>> #
>>>>>> # Optionally add a line containing the server version and virtual host
>>>>>> # name to server-generated pages (internal error documents, FTP
>>>>>> directory
>>>>>> # listings, mod_status and mod_info output etc., but not CGI generated
>>>>>> # documents or custom error documents).
>>>>>> # Set to "EMail" to also include a mailto: link to the ServerAdmin.
>>>>>> # Set to one of:  On | Off | EMail
>>>>>> #
>>>>>> ServerSignature On
>>>>>>
>>>>>> #
>>>>>> # Aliases: Add here as many aliases as you need (with no limit). The
>>>>>> format is
>>>>>> # Alias fakename realname
>>>>>> #
>>>>>> # Note that if you include a trailing / on fakename then the server
>>>>>> will
>>>>>> # require it to be present in the URL.  So "/icons" isn't aliased in
>>>>>> this
>>>>>> # example, only "/icons/".  If the fakename is slash-terminated, then
>>>>>> the
>>>>>> # realname must also be slash terminated, and if the fakename omits
>>>>>> the
>>>>>> # trailing slash, the realname must also omit it.
>>>>>> #
>>>>>> # We include the /icons/ alias for FancyIndexed directory listings.
>>>>>> If you
>>>>>> # do not use FancyIndexing, you may comment this out.
>>>>>> #
>>>>>> Alias /icons/ "/var/www/icons/"
>>>>>>
>>>>>> <Directory "/var/www/icons">
>>>>>>     Options Indexes MultiViews FollowSymLinks
>>>>>>     AllowOverride None
>>>>>>     Order allow,deny
>>>>>>     Allow from all
>>>>>> </Directory>
>>>>>>
>>>>>> #
>>>>>> # WebDAV module configuration section.
>>>>>> #
>>>>>> <IfModule mod_dav_fs.c>
>>>>>>     # Location of the WebDAV lock database.
>>>>>>     DAVLockDB /var/lib/dav/lockdb
>>>>>> </IfModule>
>>>>>>
>>>>>> #
>>>>>> # ScriptAlias: This controls which directories contain server scripts.
>>>>>> # ScriptAliases are essentially the same as Aliases, except that
>>>>>> # documents in the realname directory are treated as applications and
>>>>>> # run by the server when requested rather than as documents sent to
>>>>>> the client.
>>>>>> # The same rules about trailing "/" apply to ScriptAlias directives
>>>>>> as to
>>>>>> # Alias.
>>>>>> #
>>>>>> ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
>>>>>>
>>>>>> #
>>>>>> # "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
>>>>>> # CGI directory exists, if you have that configured.
>>>>>> #
>>>>>> <Directory "/var/www/cgi-bin">
>>>>>>     AllowOverride None
>>>>>>     Options None
>>>>>>     Order allow,deny
>>>>>>     Allow from all
>>>>>> </Directory>
>>>>>>
>>>>>> #
>>>>>> # Redirect allows you to tell clients about documents which used to
>>>>>> exist in
>>>>>> # your server's namespace, but do not anymore. This allows you to
>>>>>> tell the
>>>>>> # clients where to look for the relocated document.
>>>>>> # Example:
>>>>>> # Redirect permanent /foo http://www.example.com/bar
>>>>>>
>>>>>> #
>>>>>> # Directives controlling the display of server-generated directory
>>>>>> listings.
>>>>>> #
>>>>>>
>>>>>> #
>>>>>> # IndexOptions: Controls the appearance of server-generated directory
>>>>>> # listings.
>>>>>> #
>>>>>> IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable
>>>>>> Charset=UTF-8
>>>>>>
>>>>>> #
>>>>>> # AddIcon* directives tell the server which icon to show for different
>>>>>> # files or filename extensions.  These are only displayed for
>>>>>> # FancyIndexed directories.
>>>>>> #
>>>>>> AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
>>>>>>
>>>>>> AddIconByType (TXT,/icons/text.gif) text/*
>>>>>> AddIconByType (IMG,/icons/image2.gif) image/*
>>>>>> AddIconByType (SND,/icons/sound2.gif) audio/*
>>>>>> AddIconByType (VID,/icons/movie.gif) video/*
>>>>>>
>>>>>> AddIcon /icons/binary.gif .bin .exe
>>>>>> AddIcon /icons/binhex.gif .hqx
>>>>>> AddIcon /icons/tar.gif .tar
>>>>>> AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
>>>>>> AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
>>>>>> AddIcon /icons/a.gif .ps .ai .eps
>>>>>> AddIcon /icons/layout.gif .html .shtml .htm .pdf
>>>>>> AddIcon /icons/text.gif .txt
>>>>>> AddIcon /icons/c.gif .c
>>>>>> AddIcon /icons/p.gif .pl .py
>>>>>> AddIcon /icons/f.gif .for
>>>>>> AddIcon /icons/dvi.gif .dvi
>>>>>> AddIcon /icons/uuencoded.gif .uu
>>>>>> AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
>>>>>> AddIcon /icons/tex.gif .tex
>>>>>> AddIcon /icons/bomb.gif core
>>>>>>
>>>>>> AddIcon /icons/back.gif ..
>>>>>> AddIcon /icons/hand.right.gif README
>>>>>> AddIcon /icons/folder.gif ^^DIRECTORY^^
>>>>>> AddIcon /icons/blank.gif ^^BLANKICON^^
>>>>>>
>>>>>> #
>>>>>> # DefaultIcon is which icon to show for files which do not have an
>>>>>> icon
>>>>>> # explicitly set.
>>>>>> #
>>>>>> DefaultIcon /icons/unknown.gif
>>>>>>
>>>>>> #
>>>>>> # AddDescription allows you to place a short description after a file
>>>>>> in
>>>>>> # server-generated indexes.  These are only displayed for FancyIndexed
>>>>>> # directories.
>>>>>> # Format: AddDescription "description" filename
>>>>>> #
>>>>>> #AddDescription "GZIP compressed document" .gz
>>>>>> #AddDescription "tar archive" .tar
>>>>>> #AddDescription "GZIP compressed tar archive" .tgz
>>>>>>
>>>>>> #
>>>>>> # ReadmeName is the name of the README file the server will look for
>>>>>> by
>>>>>> # default, and append to directory listings.
>>>>>> #
>>>>>> # HeaderName is the name of a file which should be prepended to
>>>>>> # directory indexes.
>>>>>> ReadmeName README.html
>>>>>> HeaderName HEADER.html
>>>>>>
>>>>>> #
>>>>>> # IndexIgnore is a set of filenames which directory indexing should
>>>>>> ignore
>>>>>> # and not include in the listing.  Shell-style wildcarding is
>>>>>> permitted.
>>>>>> #
>>>>>> IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
>>>>>>
>>>>>> #
>>>>>> # DefaultLanguage and AddLanguage allows you to specify the language
>>>>>> of
>>>>>> # a document. You can then use content negotiation to give a browser
>>>>>> a
>>>>>> # file in a language the user can understand.
>>>>>> #
>>>>>> # Specify a default language. This means that all data
>>>>>> # going out without a specific language tag (see below) will
>>>>>> # be marked with this one. You probably do NOT want to set
>>>>>> # this unless you are sure it is correct for all cases.
>>>>>> #
>>>>>> # * It is generally better to not mark a page as
>>>>>> # * being a certain language than marking it with the wrong
>>>>>> # * language!
>>>>>> #
>>>>>> # DefaultLanguage nl
>>>>>> #
>>>>>> # Note 1: The suffix does not have to be the same as the language
>>>>>> # keyword --- those with documents in Polish (whose net-standard
>>>>>> # language code is pl) may wish to use "AddLanguage pl .po" to
>>>>>> # avoid the ambiguity with the common suffix for perl scripts.
>>>>>> #
>>>>>> # Note 2: The example entries below illustrate that in some cases
>>>>>> # the two character 'Language' abbreviation is not identical to
>>>>>> # the two character 'Country' code for its country,
>>>>>> # E.g. 'Danmark/dk' versus 'Danish/da'.
>>>>>> #
>>>>>> # Note 3: In the case of 'ltz' we violate the RFC by using a three
>>>>>> char
>>>>>> # specifier. There is 'work in progress' to fix this and get
>>>>>> # the reference data for rfc1766 cleaned up.
>>>>>> #
>>>>>> # Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
>>>>>> # English (en) - Esperanto (eo) - Estonian (et) - French (fr) -
>>>>>> German (de)
>>>>>> # Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
>>>>>> # Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
>>>>>> # Norwegian (no) - Polish (pl) - Portugese (pt)
>>>>>> # Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
>>>>>> # Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese
>>>>>> (zh-TW)
>>>>>> #
>>>>>> AddLanguage ca .ca
>>>>>> AddLanguage cs .cz .cs
>>>>>> AddLanguage da .dk
>>>>>> AddLanguage de .de
>>>>>> AddLanguage el .el
>>>>>> AddLanguage en .en
>>>>>> AddLanguage eo .eo
>>>>>> AddLanguage es .es
>>>>>> AddLanguage et .et
>>>>>> AddLanguage fr .fr
>>>>>> AddLanguage he .he
>>>>>> AddLanguage hr .hr
>>>>>> AddLanguage it .it
>>>>>> AddLanguage ja .ja
>>>>>> AddLanguage ko .ko
>>>>>> AddLanguage ltz .ltz
>>>>>> AddLanguage nl .nl
>>>>>> AddLanguage nn .nn
>>>>>> AddLanguage no .no
>>>>>> AddLanguage pl .po
>>>>>> AddLanguage pt .pt
>>>>>> AddLanguage pt-BR .pt-br
>>>>>> AddLanguage ru .ru
>>>>>> AddLanguage sv .sv
>>>>>> AddLanguage zh-CN .zh-cn
>>>>>> AddLanguage zh-TW .zh-tw
>>>>>>
>>>>>> #
>>>>>> # LanguagePriority allows you to give precedence to some languages
>>>>>> # in case of a tie during content negotiation.
>>>>>> #
>>>>>> # Just list the languages in decreasing order of preference. We have
>>>>>> # more or less alphabetized them here. You probably want to change
>>>>>> this.
>>>>>> #
>>>>>> LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl
>>>>>> nn no pl pt pt-BR ru sv zh-CN zh-TW
>>>>>>
>>>>>> #
>>>>>> # ForceLanguagePriority allows you to serve a result page rather than
>>>>>> # MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE
>>>>>> (Fallback)
>>>>>> # [in case no accepted languages matched the available variants]
>>>>>> #
>>>>>> ForceLanguagePriority Prefer Fallback
>>>>>>
>>>>>> #
>>>>>> # Specify a default charset for all content served; this enables
>>>>>> # interpretation of all content as UTF-8 by default.  To use the
>>>>>> # default browser choice (ISO-8859-1), or to allow the META tags
>>>>>> # in HTML content to override this choice, comment out this
>>>>>> # directive:
>>>>>> #
>>>>>> AddDefaultCharset UTF-8
>>>>>>
>>>>>> #
>>>>>> # AddType allows you to add to or override the MIME configuration
>>>>>> # file mime.types for specific file types.
>>>>>> #
>>>>>> #AddType application/x-tar .tgz
>>>>>>
>>>>>> #
>>>>>> # AddEncoding allows you to have certain browsers uncompress
>>>>>> # information on the fly. Note: Not all browsers support this.
>>>>>> # Despite the name similarity, the following Add* directives have
>>>>>> nothing
>>>>>> # to do with the FancyIndexing customization directives above.
>>>>>> #
>>>>>> #AddEncoding x-compress .Z
>>>>>> #AddEncoding x-gzip .gz .tgz
>>>>>>
>>>>>> # If the AddEncoding directives above are commented-out, then you
>>>>>> # probably should define those extensions to indicate media types:
>>>>>> #
>>>>>> AddType application/x-compress .Z
>>>>>> AddType application/x-gzip .gz .tgz
>>>>>>
>>>>>> #
>>>>>> #   MIME-types for downloading Certificates and CRLs
>>>>>> #
>>>>>> AddType application/x-x509-ca-cert .crt
>>>>>> AddType application/x-pkcs7-crl    .crl
>>>>>>
>>>>>> #
>>>>>> # AddHandler allows you to map certain file extensions to "handlers":
>>>>>> # actions unrelated to filetype. These can be either built into the
>>>>>> server
>>>>>> # or added with the Action directive (see below)
>>>>>> #
>>>>>> # To use CGI scripts outside of ScriptAliased directories:
>>>>>> # (You will also need to add "ExecCGI" to the "Options" directive.)
>>>>>> #
>>>>>> #AddHandler cgi-script .cgi
>>>>>>
>>>>>> #
>>>>>> # For files that include their own HTTP headers:
>>>>>> #
>>>>>> #AddHandler send-as-is asis
>>>>>>
>>>>>> #
>>>>>> # For type maps (negotiated resources):
>>>>>> # (This is enabled by default to allow the Apache "It Worked" page
>>>>>> #  to be distributed in multiple languages.)
>>>>>> #
>>>>>> AddHandler type-map var
>>>>>>
>>>>>> #
>>>>>> # Filters allow you to process content before it is sent to the
>>>>>> client.
>>>>>> #
>>>>>> # To parse .shtml files for server-side includes (SSI):
>>>>>> # (You will also need to add "Includes" to the "Options" directive.)
>>>>>> #
>>>>>> AddType text/html .shtml
>>>>>> AddOutputFilter INCLUDES .shtml
>>>>>>
>>>>>> #
>>>>>> # Action lets you define media types that will execute a script
>>>>>> whenever
>>>>>> # a matching file is called. This eliminates the need for repeated URL
>>>>>> # pathnames for oft-used CGI file processors.
>>>>>> # Format: Action media/type /cgi-script/location
>>>>>> # Format: Action handler-name /cgi-script/location
>>>>>> #
>>>>>>
>>>>>> #
>>>>>> # Customizable error responses come in three flavors:
>>>>>> # 1) plain text 2) local redirects 3) external redirects
>>>>>> #
>>>>>> # Some examples:
>>>>>> #ErrorDocument 500 "The server made a boo boo."
>>>>>> #ErrorDocument 404 /missing.html
>>>>>> #ErrorDocument 404 "/cgi-bin/missing_handler.pl"
>>>>>> #ErrorDocument 402 http://www.example.com/subscription_info.html
>>>>>> #
>>>>>>
>>>>>> #
>>>>>> # Putting this all together, we can internationalize error responses.
>>>>>> #
>>>>>> # We use Alias to redirect any /error/HTTP_<error>.html.var response
>>>>>> to
>>>>>> # our collection of by-error message multi-language collections.  We
>>>>>> use
>>>>>> # includes to substitute the appropriate text.
>>>>>> #
>>>>>> # You can modify the messages' appearance without changing any of the
>>>>>> # default HTTP_<error>.html.var files by adding the line:
>>>>>> #
>>>>>> #   Alias /error/include/ "/your/include/path/"
>>>>>> #
>>>>>> # which allows you to create your own set of files by starting with
>>>>>> the
>>>>>> # /var/www/error/include/ files and
>>>>>> # copying them to /your/include/path/, even on a per-VirtualHost
>>>>>> basis.
>>>>>> #
>>>>>>
>>>>>> Alias /error/ "/var/www/error/"
>>>>>>
>>>>>> <IfModule mod_negotiation.c>
>>>>>> <IfModule mod_include.c>
>>>>>>     <Directory "/var/www/error">
>>>>>>         AllowOverride None
>>>>>>         Options IncludesNoExec
>>>>>>         AddOutputFilter Includes html
>>>>>>         AddHandler type-map var
>>>>>>         Order allow,deny
>>>>>>         Allow from all
>>>>>>         LanguagePriority en es de fr
>>>>>>         ForceLanguagePriority Prefer Fallback
>>>>>>     </Directory>
>>>>>>
>>>>>> #    ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
>>>>>> #    ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
>>>>>> #    ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
>>>>>> #    ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
>>>>>> #    ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
>>>>>> #    ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
>>>>>> #    ErrorDocument 410 /error/HTTP_GONE.html.var
>>>>>> #    ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
>>>>>> #    ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
>>>>>> #    ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
>>>>>> #    ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
>>>>>> #    ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
>>>>>> #    ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
>>>>>> #    ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
>>>>>> #    ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
>>>>>> #    ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
>>>>>> #    ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
>>>>>>
>>>>>> </IfModule>
>>>>>> </IfModule>
>>>>>>
>>>>>> #
>>>>>> # The following directives modify normal HTTP response behavior to
>>>>>> # handle known problems with browser implementations.
>>>>>> #
>>>>>> BrowserMatch "Mozilla/2" nokeepalive
>>>>>> BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0
>>>>>> force-response-1.0
>>>>>> BrowserMatch "RealPlayer 4\.0" force-response-1.0
>>>>>> BrowserMatch "Java/1\.0" force-response-1.0
>>>>>> BrowserMatch "JDK/1\.0" force-response-1.0
>>>>>>
>>>>>> #
>>>>>> # The following directive disables redirects on non-GET requests for
>>>>>> # a directory that does not include the trailing slash.  This fixes a
>>>>>> # problem with Microsoft WebFolders which does not appropriately
>>>>>> handle
>>>>>> # redirects for folders with DAV methods.
>>>>>> # Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
>>>>>> #
>>>>>> BrowserMatch "Microsoft Data Access Internet Publishing Provider"
>>>>>> redirect-carefully
>>>>>> BrowserMatch "MS FrontPage" redirect-carefully
>>>>>> BrowserMatch "^WebDrive" redirect-carefully
>>>>>> BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
>>>>>> BrowserMatch "^gnome-vfs/1.0" redirect-carefully
>>>>>> BrowserMatch "^XML Spy" redirect-carefully
>>>>>> BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
>>>>>>
>>>>>> #
>>>>>> # Allow server status reports generated by mod_status,
>>>>>> # with the URL of http://servername/server-status
>>>>>> # Change the ".example.com" to match your domain to enable.
>>>>>> #
>>>>>> #<Location /server-status>
>>>>>> #    SetHandler server-status
>>>>>> #    Order deny,allow
>>>>>> #    Deny from all
>>>>>> #    Allow from .example.com
>>>>>> #</Location>
>>>>>>
>>>>>> #
>>>>>> # Allow remote server configuration reports, with the URL of
>>>>>> #  http://servername/server-info (requires that mod_info.c be
>>>>>> loaded).
>>>>>> # Change the ".example.com" to match your domain to enable.
>>>>>> #
>>>>>> #<Location /server-info>
>>>>>> #    SetHandler server-info
>>>>>> #    Order deny,allow
>>>>>> #    Deny from all
>>>>>> #    Allow from .example.com
>>>>>> #</Location>
>>>>>>
>>>>>> #
>>>>>> # Proxy Server directives. Uncomment the following lines to
>>>>>> # enable the proxy server:
>>>>>> #
>>>>>> #<IfModule mod_proxy.c>
>>>>>> #ProxyRequests On
>>>>>> #
>>>>>> #<Proxy *>
>>>>>> #    Order deny,allow
>>>>>> #    Deny from all
>>>>>> #    Allow from .example.com
>>>>>> #</Proxy>
>>>>>>
>>>>>> #
>>>>>> # Enable/disable the handling of HTTP/1.1 "Via:" headers.
>>>>>> # ("Full" adds the server version; "Block" removes all outgoing Via:
>>>>>> headers)
>>>>>> # Set to one of: Off | On | Full | Block
>>>>>> #
>>>>>> #ProxyVia On
>>>>>>
>>>>>> #
>>>>>> # To enable a cache of proxied content, uncomment the following lines.
>>>>>> # See http://httpd.apache.org/docs/2.2/mod/mod_cache.html for more
>>>>>> details.
>>>>>> #
>>>>>> #<IfModule mod_disk_cache.c>
>>>>>> #   CacheEnable disk /
>>>>>> #   CacheRoot "/var/cache/mod_proxy"
>>>>>> #</IfModule>
>>>>>> #
>>>>>>
>>>>>> #</IfModule>
>>>>>> # End of proxy directives.
>>>>>>
>>>>>> ### Section 3: Virtual Hosts
>>>>>> #
>>>>>> # VirtualHost: If you want to maintain multiple domains/hostnames on
>>>>>> your
>>>>>> # machine you can setup VirtualHost containers for them. Most
>>>>>> configurations
>>>>>> # use only name-based virtual hosts so the server doesn't need to
>>>>>> worry about
>>>>>> # IP addresses. This is indicated by the asterisks in the directives
>>>>>> below.
>>>>>> #
>>>>>> # Please see the documentation at
>>>>>> # <URL:http://httpd.apache.org/docs/2.2/vhosts/>
>>>>>> # for further details before you try to setup virtual hosts.
>>>>>> #
>>>>>> # You may use the command line option '-S' to verify your virtual host
>>>>>> # configuration.
>>>>>>
>>>>>> #
>>>>>> # Use name-based virtual hosting.
>>>>>> #
>>>>>> #NameVirtualHost *:80
>>>>>> #
>>>>>> # NOTE: NameVirtualHost cannot be used without a port specifier
>>>>>> # (e.g. :80) if mod_ssl is being used, due to the nature of the
>>>>>> # SSL protocol.
>>>>>> #
>>>>>>
>>>>>> #
>>>>>> # VirtualHost example:
>>>>>> # Almost any Apache directive may go into a VirtualHost container.
>>>>>> # The first VirtualHost section is used for requests without a known
>>>>>> # server name.
>>>>>> #
>>>>>> #<VirtualHost *:80>
>>>>>> #    ServerAdmin webmaster@dummy-host.example.com
>>>>>> #    DocumentRoot /www/docs/dummy-host.example.com
>>>>>> #    ServerName dummy-host.example.com
>>>>>> #    ErrorLog logs/dummy-host.example.com-error_log
>>>>>> #    CustomLog logs/dummy-host.example.com-access_log common
>>>>>> #</VirtualHost>
>>>>>>
>>>>>> NameVirtualHost *:443
>>>>>> <VirtualHost *:443>
>>>>>>         SSLEngine on
>>>>>>         SSLCipherSuite
>>>>>> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
>>>>>>
>>>>>>         SSLCertificateFile      /etc/ssl/certs/server.crt
>>>>>>         SSLCertificateKeyFile   /etc/ssl/certs/server.key
>>>>>>
>>>>>>         DocumentRoot /var/www/web1/web/
>>>>>>         <Directory /var/www/web1/web/>
>>>>>>                 Options Indexes MultiViews
>>>>>>                 AllowOverride None
>>>>>>                 Order allow,deny
>>>>>>                 allow from all
>>>>>>         </Directory>
>>>>>>
>>>>>>         Alias /webdav /var/www/web1/web
>>>>>>
>>>>>>         <Location /webdav>
>>>>>>            DAV On
>>>>>>            AuthType Basic
>>>>>>            AuthName "webdav"
>>>>>>            AuthUserFile /var/www/web1/passwd.dav
>>>>>>            Require valid-user
>>>>>>        </Location>
>>>>>>
>>>>>> </VirtualHost>
>>>>>>
>>>>>> ##########################################################################################################################
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> 2.
>>>>>> Following is the startup info when I do "sudo service httpd start" ::
>>>>>>
>>>>>>
>>>>>> ##########################################################################################################################
>>>>>> [ajay@ajay ~]$ sudo service httpd start
>>>>>> Starting httpd: [Wed Mar 21 11:20:59 2012] [warn] module ssl_module
>>>>>> is already loaded, skipping
>>>>>> httpd: Could not reliably determine the server's fully qualified
>>>>>> domain name, using ::1 for ServerName
>>>>>> Apache/2.2.17 mod_ssl/2.2.17 (Pass Phrase Dialog)
>>>>>> Some of your private key files are encrypted for security reasons.
>>>>>> In order to read them you have to provide the pass phrases.
>>>>>>
>>>>>> Server ::1:443 (RSA)
>>>>>> Enter pass phrase:
>>>>>>
>>>>>> OK: Pass Phrase Dialog successful.
>>>>>>                                                            [  OK  ]
>>>>>>
>>>>>> ##########################################################################################################################
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> 3.
>>>>>> Following are the parameters I enter in gnome-nautilus ::
>>>>>>
>>>>>>
>>>>>> ###########################################################################################################################
>>>>>> Service type:                       Secure WebDAV (HTTPS)
>>>>>> Server:                                localhost
>>>>>>
>>>>>> Optional information:
>>>>>> Port:                                    443
>>>>>> Folder:                                 webdav
>>>>>> User Name:
>>>>>>
>>>>>> Add bookmark
>>>>>> Bookmark name:
>>>>>>
>>>>>> ###########################################################################################################################
>>>>>>
>>>>>>
>>>>>>
>>>>>> 4.
>>>>>> Finally, upon clikcing "Connect", I get the popup with the following
>>>>>> message ::
>>>>>>
>>>>>>
>>>>>> ###########################################################################################################################
>>>>>> Cannot display location "davs://
>>>>>> localhost/webdav"
>>>>>>
>>>>>> HTTP Error: Cannot connect to destination (localhost)
>>>>>>
>>>>>> ###########################################################################################################################
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> I will be obliged for any pointers. I have been going nuts for three
>>>>>> days :|
>>>>>>
>>>>>> Looking forward to a reply.
>>>>>>
>>>>>>
>>>>>> Regards,
>>>>>> Ajay
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>>
>> --
>> Gr,
>>
>> Mathijs
>>
>
>

Mime
View raw message