public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'apache-httpd-2.4-support'.

Browse Source 
This adds support for Apache HTTP server version 2.4 through conditionals, where
the changes are:

 * Use "Require" instead of Order/Deny/Allow.
 * Set DefaultRuntimeDir to a directory within stateDir.
 * Create DefaultRuntimeDir within Upstart job.
 * Don't add NameVirtualHost directives.
 * Use mod_authn_core instead of mod_authn_alias.
 * Add mod_unixd to support User/Group directives.
 * Load the MPM module specified by multiProcessingModule at runtime.
This commit is contained in:
aszlig 2012-10-17 22:58:40 +02:00
commit da3eaf940b
No known key found for this signature in database
GPG Key ID: D0EBD0EC8C2DC961
1 changed files with 41 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
modules/services/web-servers/apache-httpd/default.nix
View File

@ -8,6 +8,8 @@ let
httpd = mainCfg.package; httpd = mainCfg.package;
version24 = !versionOlder httpd.version "2.4";
httpdConf = mainCfg.configFile; httpdConf = mainCfg.configFile;
php = pkgs.php.override { apacheHttpd = httpd; }; php = pkgs.php.override { apacheHttpd = httpd; };
@ -101,7 +103,8 @@ let
"auth_basic" "auth_digest" "auth_basic" "auth_digest"
# Authentication: is the user who he claims to be? # Authentication: is the user who he claims to be?
"authn_file" "authn_dbm" "authn_anon" "authn_alias" "authn_file" "authn_dbm" "authn_anon"
(if version24 then "authn_core" else "authn_alias")
# Authorization: is the user allowed access? # Authorization: is the user allowed access?
"authz_user" "authz_groupfile" "authz_host" "authz_user" "authz_groupfile" "authz_host"
@ -113,11 +116,31 @@ let
"vhost_alias" "negotiation" "dir" "imagemap" "actions" "speling" "vhost_alias" "negotiation" "dir" "imagemap" "actions" "speling"
"userdir" "alias" "rewrite" "proxy" "proxy_http" "userdir" "alias" "rewrite" "proxy" "proxy_http"
] ]
++ optionals version24 [
"mpm_${mainCfg.multiProcessingModule}"
"authz_core"
"unixd"
]
++ (if mainCfg.multiProcessingModule == "prefork" then [ "cgi" ] else [ "cgid" ]) ++ (if mainCfg.multiProcessingModule == "prefork" then [ "cgi" ] else [ "cgid" ])
++ optional enableSSL "ssl" ++ optional enableSSL "ssl"
++ extraApacheModules; ++ extraApacheModules;
allDenied = if version24 then ''
Require all denied
'' else ''
Order deny,allow
Deny from all
'';
allGranted = if version24 then ''
Require all granted
'' else ''
Order allow,deny
Allow from all
'';
loggingConf = '' loggingConf = ''
ErrorLog ${mainCfg.logDir}/error_log ErrorLog ${mainCfg.logDir}/error_log
@ -186,8 +209,7 @@ let
<Directory "${documentRoot}"> <Directory "${documentRoot}">
Options Indexes FollowSymLinks Options Indexes FollowSymLinks
AllowOverride None AllowOverride None
Order allow,deny ${allGranted}
Allow from all
</Directory> </Directory>
''; '';
@ -241,12 +263,10 @@ let
AllowOverride FileInfo AuthConfig Limit Indexes AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS> <Limit GET POST OPTIONS>
Order allow,deny ${allGranted}
Allow from all
</Limit> </Limit>
<LimitExcept GET POST OPTIONS> <LimitExcept GET POST OPTIONS>
Order deny,allow ${allDenied}
Deny from all
</LimitExcept> </LimitExcept>
</Directory> </Directory>
@ -268,8 +288,7 @@ let
Alias ${elem.urlPath} ${elem.dir}/ Alias ${elem.urlPath} ${elem.dir}/
<Directory ${elem.dir}> <Directory ${elem.dir}>
Options +Indexes Options +Indexes
Order allow,deny ${allGranted}
Allow from all
AllowOverride All AllowOverride All
</Directory> </Directory>
''; '';
@ -286,6 +305,10 @@ let
ServerRoot ${httpd} ServerRoot ${httpd}
${optionalString version24 ''
DefaultRuntimeDir ${mainCfg.stateDir}/runtime
''}
PidFile ${mainCfg.stateDir}/httpd.pid PidFile ${mainCfg.stateDir}/httpd.pid
${optionalString (mainCfg.multiProcessingModule != "prefork") '' ${optionalString (mainCfg.multiProcessingModule != "prefork") ''
@ -321,8 +344,7 @@ let
AddHandler type-map var AddHandler type-map var
<Files ~ "^\.ht"> <Files ~ "^\.ht">
Order allow,deny ${allDenied}
Deny from all
</Files> </Files>
${mimeConf} ${mimeConf}
@ -340,16 +362,14 @@ let
<Directory /> <Directory />
Options FollowSymLinks Options FollowSymLinks
AllowOverride None AllowOverride None
Order deny,allow ${allDenied}
Deny from all
</Directory> </Directory>
# But do allow access to files in the store so that we don't have # But do allow access to files in the store so that we don't have
# to generate <Directory> clauses for every generated file that we # to generate <Directory> clauses for every generated file that we
# want to serve. # want to serve.
<Directory /nix/store> <Directory /nix/store>
Order allow,deny ${allGranted}
Allow from all
</Directory> </Directory>
# Generate directives for the main server. # Generate directives for the main server.
@ -359,7 +379,8 @@ let
${let ${let
ports = map getPort allHosts; ports = map getPort allHosts;
uniquePorts = uniqList {inputList = ports;}; uniquePorts = uniqList {inputList = ports;};
in concatMapStrings (port: "NameVirtualHost *:${toString port}\n") uniquePorts directives = concatMapStrings (port: "NameVirtualHost *:${toString port}\n") uniquePorts;
in optionalString (!version24) directives
} }
${let ${let
@ -620,6 +641,10 @@ in
'' ''
mkdir -m 0750 -p ${mainCfg.stateDir} mkdir -m 0750 -p ${mainCfg.stateDir}
chown root.${mainCfg.group} ${mainCfg.stateDir} chown root.${mainCfg.group} ${mainCfg.stateDir}
${optionalString version24 ''
mkdir -m 0750 -p "${mainCfg.stateDir}/runtime"
chown root.${mainCfg.group} "${mainCfg.stateDir}/runtime"
''}
mkdir -m 0700 -p ${mainCfg.logDir} mkdir -m 0700 -p ${mainCfg.logDir}
${optionalString (mainCfg.documentRoot != null) ${optionalString (mainCfg.documentRoot != null)