diff -Nur apache2.orig/apache2.conf apache2/apache2.conf
--- apache2.orig/apache2.conf 2013-03-04 22:00:37.000000000 +0100
+++ apache2/apache2.conf 2013-06-06 07:21:33.251843000 +0200
@@ -117,7 +117,9 @@
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
-KeepAliveTimeout 5
+# default: 5
+KeepAliveTimeout 10
+
##
## Server-Pool Size Regulation (MPM specific)
@@ -130,10 +132,17 @@
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
- StartServers 5
+ # defaults:
+ # StartServers 5
+ # MinSpareServers 5
+ # MaxSpareServers 10
+ # MaxClients 150
+ # MaxRequestsPerChild 0
+
+ StartServers 8
MinSpareServers 5
- MaxSpareServers 10
- MaxClients 150
+ MaxSpareServers 20
+ MaxClients 256
MaxRequestsPerChild 0
diff -Nur apache2.orig/mods-enabled/cgid.conf apache2/mods-enabled/cgid.conf
--- apache2.orig/mods-enabled/cgid.conf 1970-01-01 01:00:00.000000000 +0100
+++ apache2/mods-enabled/cgid.conf 2013-03-03 12:14:45.000000000 +0100
@@ -0,0 +1,2 @@
+# Socket for cgid communication
+ScriptSock ${APACHE_RUN_DIR}/cgisock
diff -Nur apache2.orig/mods-enabled/cgid.load apache2/mods-enabled/cgid.load
--- apache2.orig/mods-enabled/cgid.load 1970-01-01 01:00:00.000000000 +0100
+++ apache2/mods-enabled/cgid.load 2012-10-21 20:41:12.000000000 +0200
@@ -0,0 +1 @@
+LoadModule cgid_module /usr/lib/apache2/modules/mod_cgid.so
diff -Nur apache2.orig/mods-enabled/headers.load apache2/mods-enabled/headers.load
--- apache2.orig/mods-enabled/headers.load 1970-01-01 01:00:00.000000000 +0100
+++ apache2/mods-enabled/headers.load 2012-10-21 20:41:12.000000000 +0200
@@ -0,0 +1 @@
+LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so
diff -Nur apache2.orig/mods-enabled/proxy_ajp.load apache2/mods-enabled/proxy_ajp.load
--- apache2.orig/mods-enabled/proxy_ajp.load 1970-01-01 01:00:00.000000000 +0100
+++ apache2/mods-enabled/proxy_ajp.load 2012-10-21 20:41:12.000000000 +0200
@@ -0,0 +1,2 @@
+# Depends: proxy
+LoadModule proxy_ajp_module /usr/lib/apache2/modules/mod_proxy_ajp.so
diff -Nur apache2.orig/mods-enabled/proxy_balancer.conf apache2/mods-enabled/proxy_balancer.conf
--- apache2.orig/mods-enabled/proxy_balancer.conf 1970-01-01 01:00:00.000000000 +0100
+++ apache2/mods-enabled/proxy_balancer.conf 2013-03-03 12:14:45.000000000 +0100
@@ -0,0 +1,16 @@
+
+
+# Balancer manager enables dynamic update of balancer members
+# (needs mod_status). Uncomment to enable.
+#
+#
+#
+# SetHandler balancer-manager
+# Order deny,allow
+# Deny from all
+# Allow from 127.0.0.1 ::1
+# Satisfy all
+#
+#
+
+
diff -Nur apache2.orig/mods-enabled/proxy_balancer.load apache2/mods-enabled/proxy_balancer.load
--- apache2.orig/mods-enabled/proxy_balancer.load 1970-01-01 01:00:00.000000000 +0100
+++ apache2/mods-enabled/proxy_balancer.load 2013-03-03 12:14:45.000000000 +0100
@@ -0,0 +1,2 @@
+# Depends: proxy
+LoadModule proxy_balancer_module /usr/lib/apache2/modules/mod_proxy_balancer.so
diff -Nur apache2.orig/mods-enabled/proxy.conf apache2/mods-enabled/proxy.conf
--- apache2.orig/mods-enabled/proxy.conf 1970-01-01 01:00:00.000000000 +0100
+++ apache2/mods-enabled/proxy.conf 2013-03-03 12:14:45.000000000 +0100
@@ -0,0 +1,26 @@
+
+
+# If you want to use apache2 as a forward proxy, uncomment the
+# 'ProxyRequests On' line and the block below.
+# WARNING: Be careful to restrict access inside the block.
+# Open proxy servers are dangerous both to your network and to the
+# Internet at large.
+#
+# If you only want to use apache2 as a reverse proxy/gateway in
+# front of some web application server, you DON'T need
+# 'ProxyRequests On'.
+
+#ProxyRequests On
+#
+# AddDefaultCharset off
+# Order deny,allow
+# Deny from all
+# #Allow from .example.com
+#
+
+# Enable/disable the handling of HTTP/1.1 "Via:" headers.
+# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
+# Set to one of: Off | On | Full | Block
+#ProxyVia Off
+
+
diff -Nur apache2.orig/mods-enabled/proxy_connect.load apache2/mods-enabled/proxy_connect.load
--- apache2.orig/mods-enabled/proxy_connect.load 1970-01-01 01:00:00.000000000 +0100
+++ apache2/mods-enabled/proxy_connect.load 2012-10-21 20:41:12.000000000 +0200
@@ -0,0 +1,2 @@
+# Depends: proxy
+LoadModule proxy_connect_module /usr/lib/apache2/modules/mod_proxy_connect.so
diff -Nur apache2.orig/mods-enabled/proxy_ftp.conf apache2/mods-enabled/proxy_ftp.conf
--- apache2.orig/mods-enabled/proxy_ftp.conf 1970-01-01 01:00:00.000000000 +0100
+++ apache2/mods-enabled/proxy_ftp.conf 2013-03-03 12:14:45.000000000 +0100
@@ -0,0 +1,6 @@
+
+
+# Define the character set for proxied FTP listings. Default is ISO-8859-1
+ProxyFtpDirCharset UTF-8
+
+
diff -Nur apache2.orig/mods-enabled/proxy_ftp.load apache2/mods-enabled/proxy_ftp.load
--- apache2.orig/mods-enabled/proxy_ftp.load 1970-01-01 01:00:00.000000000 +0100
+++ apache2/mods-enabled/proxy_ftp.load 2012-10-21 20:41:12.000000000 +0200
@@ -0,0 +1,2 @@
+# Depends: proxy
+LoadModule proxy_ftp_module /usr/lib/apache2/modules/mod_proxy_ftp.so
diff -Nur apache2.orig/mods-enabled/proxy_http.load apache2/mods-enabled/proxy_http.load
--- apache2.orig/mods-enabled/proxy_http.load 1970-01-01 01:00:00.000000000 +0100
+++ apache2/mods-enabled/proxy_http.load 2012-10-21 20:41:12.000000000 +0200
@@ -0,0 +1,2 @@
+# Depends: proxy
+LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
diff -Nur apache2.orig/mods-enabled/proxy.load apache2/mods-enabled/proxy.load
--- apache2.orig/mods-enabled/proxy.load 1970-01-01 01:00:00.000000000 +0100
+++ apache2/mods-enabled/proxy.load 2012-10-21 20:41:12.000000000 +0200
@@ -0,0 +1 @@
+LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
diff -Nur apache2.orig/mods-enabled/proxy_scgi.load apache2/mods-enabled/proxy_scgi.load
--- apache2.orig/mods-enabled/proxy_scgi.load 1970-01-01 01:00:00.000000000 +0100
+++ apache2/mods-enabled/proxy_scgi.load 2012-10-21 20:41:12.000000000 +0200
@@ -0,0 +1,2 @@
+# Depends: proxy
+LoadModule proxy_scgi_module /usr/lib/apache2/modules/mod_proxy_scgi.so
diff -Nur apache2.orig/mods-enabled/rewrite.load apache2/mods-enabled/rewrite.load
--- apache2.orig/mods-enabled/rewrite.load 1970-01-01 01:00:00.000000000 +0100
+++ apache2/mods-enabled/rewrite.load 2012-10-21 20:41:12.000000000 +0200
@@ -0,0 +1 @@
+LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so
diff -Nur apache2.orig/mods-enabled/ssl.conf apache2/mods-enabled/ssl.conf
--- apache2.orig/mods-enabled/ssl.conf 1970-01-01 01:00:00.000000000 +0100
+++ apache2/mods-enabled/ssl.conf 2013-03-04 22:00:37.000000000 +0100
@@ -0,0 +1,82 @@
+
+#
+# Pseudo Random Number Generator (PRNG):
+# Configure one or more sources to seed the PRNG of the SSL library.
+# The seed data should be of good random quality.
+# WARNING! On some platforms /dev/random blocks if not enough entropy
+# is available. This means you then cannot use the /dev/random device
+# because it would lead to very long connection times (as long as
+# it requires to make more entropy available). But usually those
+# platforms additionally provide a /dev/urandom device which doesn't
+# block. So, if available, use this one instead. Read the mod_ssl User
+# Manual for more details.
+#
+SSLRandomSeed startup builtin
+SSLRandomSeed startup file:/dev/urandom 512
+SSLRandomSeed connect builtin
+SSLRandomSeed connect file:/dev/urandom 512
+
+##
+## SSL Global Context
+##
+## All SSL configuration in this context applies both to
+## the main server and all SSL-enabled virtual hosts.
+##
+
+#
+# Some MIME-types for downloading Certificates and CRLs
+#
+AddType application/x-x509-ca-cert .crt
+AddType application/x-pkcs7-crl .crl
+
+# Pass Phrase Dialog:
+# Configure the pass phrase gathering process.
+# The filtering dialog program (`builtin' is a internal
+# terminal dialog) has to provide the pass phrase on stdout.
+SSLPassPhraseDialog builtin
+
+# Inter-Process Session Cache:
+# Configure the SSL Session Cache: First the mechanism
+# to use and second the expiring timeout (in seconds).
+# (The mechanism dbm has known memory leaks and should not be used).
+#SSLSessionCache dbm:${APACHE_RUN_DIR}/ssl_scache
+SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
+SSLSessionCacheTimeout 300
+
+# Semaphore:
+# Configure the path to the mutual exclusion semaphore the
+# SSL engine uses internally for inter-process synchronization.
+SSLMutex file:${APACHE_RUN_DIR}/ssl_mutex
+
+# SSL Cipher Suite:
+# List the ciphers that the client is permitted to negotiate. See the
+# ciphers(1) man page from the openssl package for list of all available
+# options.
+# Enable only secure ciphers:
+SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
+
+# Speed-optimized SSL Cipher configuration:
+# If speed is your main concern (on busy HTTPS servers e.g.),
+# you might want to force clients to specific, performance
+# optimized ciphers. In this case, prepend those ciphers
+# to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
+# Caveat: by giving precedence to RC4-SHA and AES128-SHA
+# (as in the example below), most connections will no longer
+# have perfect forward secrecy - if the server's key is
+# compromised, captures of past or future traffic must be
+# considered compromised, too.
+#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
+#SSLHonorCipherOrder on
+
+# enable only secure protocols: SSLv3 and TLSv1, but not SSLv2
+SSLProtocol all -SSLv2
+
+# Allow insecure renegotiation with clients which do not yet support the
+# secure renegotiation protocol. Default: Off
+#SSLInsecureRenegotiation on
+
+# Whether to forbid non-SNI clients to access name based virtual hosts.
+# Default: Off
+#SSLStrictSNIVHostCheck On
+
+
diff -Nur apache2.orig/mods-enabled/ssl.load apache2/mods-enabled/ssl.load
--- apache2.orig/mods-enabled/ssl.load 1970-01-01 01:00:00.000000000 +0100
+++ apache2/mods-enabled/ssl.load 2013-03-03 12:14:45.000000000 +0100
@@ -0,0 +1 @@
+LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
diff -Nur apache2.orig/ports.conf apache2/ports.conf
--- apache2.orig/ports.conf 2013-03-03 12:14:45.000000000 +0100
+++ apache2/ports.conf 2013-06-06 07:46:07.326283000 +0200
@@ -6,9 +6,11 @@
# README.Debian.gz
NameVirtualHost *:80
+# NameVirtualHost *
Listen 80
+ NameVirtualHost *:443
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to
diff -Nur apache2.orig/sites-available/jausoft.com-ssl apache2/sites-available/jausoft.com-ssl
--- apache2.orig/sites-available/jausoft.com-ssl 1970-01-01 01:00:00.000000000 +0100
+++ apache2/sites-available/jausoft.com-ssl 2013-06-06 07:36:27.650753118 +0200
@@ -0,0 +1,204 @@
+
+
+
+ # General setup for the virtual host, inherited from global configuration
+ ServerName jausoft.com
+ ServerPath /jausoft.com/
+ RewriteEngine On
+ DocumentRoot /srv/www/jausoft.com
+
+ # Use separate log files for the SSL virtual host; note that LogLevel
+ # is not inherited from httpd.conf.
+ ErrorLog ${APACHE_LOG_DIR}/jausoft.com-ssl-error.log
+ TransferLog ${APACHE_LOG_DIR}/jausoft.com-ssl-access.log
+ LogLevel warn
+
+ # SSL Engine Switch:
+ # Enable/Disable SSL for this virtual host.
+ SSLEngine on
+
+ # SSL Protocol support:
+ # List the enable protocol levels with which clients will be able to
+ # connect. Disable SSLv2 access by default:
+ SSLProtocol all -SSLv2
+
+ # SSL Cipher Suite:
+ # List the ciphers that the client is permitted to negotiate.
+ # See the mod_ssl documentation for a complete list.
+ SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
+
+ # A self-signed (snakeoil) certificate can be created by installing
+ # the ssl-cert package. See
+ # /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
+ # If both key and certificate are stored in the same file, only the
+ # SSLCertificateFile directive is needed.
+ # SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
+ # SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+
+ SSLCertificateFile /etc/ssl/local/jausoft2013-hostcert.pem
+ SSLCertificateKeyFile /etc/ssl/local/jausoft2013-hostkey.apache.pem
+
+ # Server Certificate Chain:
+ # Point SSLCertificateChainFile at a file containing the
+ # concatenation of PEM encoded CA certificates which form the
+ # certificate chain for the server certificate. Alternatively
+ # the referenced file can be the same as SSLCertificateFile
+ # when the CA certificates are directly appended to the server
+ # certificate for convinience.
+ #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
+
+ SSLCertificateChainFile /etc/ssl/local/thawte-SSL123_CA_Bundle.pem
+
+ # Certificate Authority (CA):
+ # Set the CA certificate verification path where to find CA
+ # certificates for client authentication or alternatively one
+ # huge file containing all of them (file must be PEM encoded)
+ # Note: Inside SSLCACertificatePath you need hash symlinks
+ # to point to the certificate files. Use the provided
+ # Makefile to update the hash symlinks after changes.
+ #SSLCACertificatePath /etc/ssl/certs/
+ #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
+
+ # Certificate Revocation Lists (CRL):
+ # Set the CA revocation path where to find CA CRLs for client
+ # authentication or alternatively one huge file containing all
+ # of them (file must be PEM encoded)
+ # Note: Inside SSLCARevocationPath you need hash symlinks
+ # to point to the certificate files. Use the provided
+ # Makefile to update the hash symlinks after changes.
+ #SSLCARevocationPath /etc/apache2/ssl.crl/
+ #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
+
+ # Client Authentication (Type):
+ # Client certificate verification type and depth. Types are
+ # none, optional, require and optional_no_ca. Depth is a
+ # number which specifies how deeply to verify the certificate
+ # issuer chain before deciding the certificate is not valid.
+ #SSLVerifyClient require
+ #SSLVerifyDepth 10
+
+ # Access Control:
+ # With SSLRequire you can do per-directory access control based
+ # on arbitrary complex boolean expressions containing server
+ # variable checks and other lookup directives. The syntax is a
+ # mixture between C and Perl. See the mod_ssl documentation
+ # for more details.
+ #
+ #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+ # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+ # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+ # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+ # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
+ # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+ #
+
+ # SSL Engine Options:
+ # Set various options for the SSL engine.
+ # o FakeBasicAuth:
+ # Translate the client X.509 into a Basic Authorisation. This means that
+ # the standard Auth/DBMAuth methods can be used for access control. The
+ # user name is the `one line' version of the client's X.509 certificate.
+ # Note that no password is obtained from the user. Every entry in the user
+ # file needs this password: `xxj31ZMTZzkVA'.
+ # o ExportCertData:
+ # This exports two additional environment variables: SSL_CLIENT_CERT and
+ # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+ # server (always existing) and the client (only existing when client
+ # authentication is used). This can be used to import the certificates
+ # into CGI scripts.
+ # o StdEnvVars:
+ # This exports the standard SSL/TLS related `SSL_*' environment variables.
+ # Per default this exportation is switched off for performance reasons,
+ # because the extraction step is an expensive operation and is usually
+ # useless for serving static content. So one usually enables the
+ # exportation for CGI and SSI requests only.
+ # o StrictRequire:
+ # This denies access when "SSLRequireSSL" or "SSLRequire" applied even
+ # under a "Satisfy any" situation, i.e. when it applies access is denied
+ # and no other module can change it.
+ # o OptRenegotiate:
+ # This enables optimized SSL connection renegotiation handling when SSL
+ # directives are used in per-directory context.
+ #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+
+ SSLOptions +StdEnvVars
+
+
+ # SSL Protocol Adjustments:
+ # The safe and default but still SSL/TLS standard compliant shutdown
+ # approach is that mod_ssl sends the close notify alert but doesn't wait for
+ # the close notify alert from client. When you need a different shutdown
+ # approach you can use one of the following variables:
+ # o ssl-unclean-shutdown:
+ # This forces an unclean shutdown when the connection is closed, i.e. no
+ # SSL close notify alert is send or allowed to received. This violates
+ # the SSL/TLS standard but is needed for some brain-dead browsers. Use
+ # this when you receive I/O errors because of the standard approach where
+ # mod_ssl sends the close notify alert.
+ # o ssl-accurate-shutdown:
+ # This forces an accurate shutdown when the connection is closed, i.e. a
+ # SSL close notify alert is send and mod_ssl waits for the close notify
+ # alert of the client. This is 100% SSL/TLS standard compliant, but in
+ # practice often causes hanging connections with brain-dead browsers. Use
+ # this only for browsers where you know that their SSL implementation
+ # works correctly.
+ # Notice: Most problems of broken clients are also related to the HTTP
+ # keep-alive facility, so you usually additionally want to disable
+ # keep-alive for those clients, too. Use variable "nokeepalive" for this.
+ # Similarly, one has to force some clients to use HTTP/1.0 to workaround
+ # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+ # "force-response-1.0" for this.
+ BrowserMatch "MSIE [2-6]" \
+ nokeepalive ssl-unclean-shutdown \
+ downgrade-1.0 force-response-1.0
+ # MSIE 7 and newer should be able to use keepalive
+ BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+
+ # Per-Server Logging:
+ # The home of a custom SSL log file. Use this when you want a
+ # compact non-error SSL logfile on a virtual host basis.
+ CustomLog /var/log/apache2/ssl_request_log \
+ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+ ErrorLog ${APACHE_LOG_DIR}/jausoft.com-ssl-error.log
+ CustomLog ${APACHE_LOG_DIR}/jausoft.com-ssl-access.log common
+
+ # configures the footer on server-generated documents
+ ServerSignature On
+
+
+ Options Indexes FollowSymLinks
+ AllowOverride All
+ Order allow,deny
+ Allow from all
+
+
+
+ SetEnv GIT_PROJECT_ROOT /srv/scm
+ SetEnv GIT_HTTP_EXPORT_ALL
+ ScriptAlias /srv/scm/ /usr/lib/git-core/git-http-backend/
+
+ DirectoryIndex gitweb.cgi
+ Allow from all
+ AllowOverride all
+ Order allow,deny
+ Options ExecCGI
+
+ SetHandler cgi-script
+
+ SetEnv GITWEB_CONFIG /srv/scm/gitweb.conf
+
+
+ Alias /icons/ "/srv/www/jausoft.com/icons/"
+
+
+ Options Indexes MultiViews
+ AllowOverride None
+ Order allow,deny
+ Allow from all
+
+
+
+
+
+
diff -Nur apache2.orig/sites-available/jogamp.org apache2/sites-available/jogamp.org
--- apache2.orig/sites-available/jogamp.org 1970-01-01 01:00:00.000000000 +0100
+++ apache2/sites-available/jogamp.org 2013-06-06 07:29:00.470204000 +0200
@@ -0,0 +1,247 @@
+#
+# Almost any Apache directive may go into a VirtualHost container.
+# The first VirtualHost section is used for requests without a known
+# server name.
+#
+
+ ServerAdmin jausoft@jausoft.com
+ ServerName jogamp.org
+ ServerAlias www.jogamp.org
+ ServerPath /jogamp.org/
+ RewriteEngine On
+
+ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+
+ DocumentRoot /srv/www/jogamp.org
+
+ # don't loose time with IP address lookups
+ HostnameLookups Off
+
+ # needed for named virtual hosts
+ UseCanonicalName Off
+
+ # configures the footer on server-generated documents
+ ServerSignature On
+
+
+ Options Indexes FollowSymLinks
+ AllowOverride All
+ Order allow,deny
+ Allow from all
+
+
+ RewriteCond %{HTTP_HOST} ^www.jogamp\.org$ [NC]
+ RewriteRule ^/(.*)$ http://jogamp.org/$1 [R=301,L,NE]
+
+ #RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+ #RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE]
+
+ RewriteCond %{REQUEST_URI} ^/wiki/index.php$
+ RewriteCond %{QUERY_STRING} ^title=Special:UserLogin
+ RewriteCond %{REQUEST_METHOD} ^GET$
+ RewriteRule ^(.*)$ https://%{SERVER_NAME}/$1 [R=301,L,NE]
+
+ #
+ # Due to security concerns, session hijacking .. etc .. the whole
+ # bugzilla stream will go over https
+ #
+ RewriteCond %{REQUEST_URI} ^/bugzilla
+ RewriteRule ^/bugzilla/(.*)$ https://%{SERVER_NAME}/bugzilla/$1 [R=301,L,NE]
+
+ SetEnv GIT_PROJECT_ROOT /srv/scm
+ SetEnv GIT_HTTP_EXPORT_ALL
+ ScriptAlias /srv/scm/ /usr/lib/git-core/git-http-backend/
+
+ DirectoryIndex gitweb.cgi
+ Allow from all
+ AllowOverride all
+ Order allow,deny
+ Options ExecCGI
+
+ SetHandler cgi-script
+
+ SetEnv GITWEB_CONFIG /srv/scm/gitweb.conf
+
+
+ Alias /icons/ "/srv/www/jogamp.org/icons/"
+
+
+ Options Indexes MultiViews
+ AllowOverride None
+ Order allow,deny
+ Allow from all
+
+
+ #
+ # Due to security concerns, session hijacking .. etc .. the whole
+ # hudson and bugzilla stream will go over https
+ #
+ RewriteCond %{REQUEST_URI} ^/chuck
+ RewriteRule ^/chuck/(.*)$ https://%{SERVER_NAME}/chuck/$1 [R=301,L,NE]
+
+ #RewriteCond %{REQUEST_URI} ^/chuck
+ #RewriteRule ^/chuck/login(.*)$ https://%{SERVER_NAME}/chuck/login$1 [R=301,L,NE]
+ #
+ #RewriteCond %{REQUEST_URI} ^/chuck
+ #RewriteCond %{HTTP_COOKIE} JSESSIONID=(.*) [NC,OR]
+ #RewriteCond %{HTTP_COOKIE} ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE [NC]
+ #RewriteRule ^/chuck/(.*)$ https://%{SERVER_NAME}/chuck/$1 [R=301,L,NE]
+ #
+ # Cookies:
+ # wikidb_mw_LoggedOut /
+ # wikidb_mw__session /
+ # wikidb_mw_Token /
+ # wikidb_mw_UserID /
+ # wikidb_mw_UserName /
+ #
+ # Bugzilla_login /bugzilla
+ # Bugzilla_logincookie /bugzilla
+ # DEFAULTFORMAT /bugzilla
+ #
+ # ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE /chuck
+ # JSESSIONID /chuck
+ #
+
+ #
+ # http://wiki.hudson-ci.org/display/HUDSON/Running+Hudson+behind+Apache
+ #
+ #ProxyRequests Off
+ #ProxyPreserveHost On
+
+ # Local reverse proxy authorization override
+ # Most unix distribution deny proxy by default (ie /etc/apache2/mods-enabled/proxy.conf in Ubuntu)
+ #
+ # Order deny,allow
+ # Allow from all
+ #
+ #ProxyPass /chuck http://localhost:8080/chuck
+ #ProxyPassReverse /chuck http://localhost:8080/chuck
+
+
+
+ ServerName blog.jogamp.org
+ ServerPath /jogamp.org/
+ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+ RewriteEngine On
+ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+ RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE]
+
+
+
+ ServerName bugzilla.jogamp.org
+ ServerPath /jogamp.org/
+ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+ RewriteEngine On
+ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+ RewriteRule ^/(.*)$ https://jogamp.org/%1/$1 [R=301,L,NE]
+
+
+
+ ServerName wiki.jogamp.org
+ ServerPath /jogamp.org/
+ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+ RewriteEngine On
+ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+ RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE]
+
+
+
+ ServerName scm.jogamp.org
+ ServerPath /jogamp.org/
+ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+ RewriteEngine On
+ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+ RewriteRule ^/(.*)$ http://jogamp.org/git/$1 [R=301,L,NE]
+
+
+
+ ServerName jogl.jogamp.org
+ ServerPath /jogamp.org/
+ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+ RewriteEngine On
+ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+ RewriteRule ^/(.*)$ http://jogamp.org/%1/www/$1 [R=301,L,NE]
+
+
+
+ ServerName jocl.jogamp.org
+ ServerPath /jogamp.org/
+ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+ RewriteEngine On
+ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+ RewriteRule ^/(.*)$ http://jogamp.org/%1/www/$1 [R=301,L,NE]
+
+
+
+ ServerName joal.jogamp.org
+ ServerPath /jogamp.org/
+ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+ RewriteEngine On
+ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+ RewriteRule ^/(.*)$ http://jogamp.org/%1/www/$1 [R=301,L,NE]
+
+
+
+ ServerName demos.jogamp.org
+ ServerPath /jogamp.org/
+ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+ RewriteEngine On
+ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+ RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE]
+
+
+
+ ServerName chuck.jogamp.org
+ ServerPath /jogamp.org/
+ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+ RewriteEngine On
+ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+ RewriteRule ^/(.*)$ https://jogamp.org/%1/$1 [R=301,L,NE]
+
+
+
+ ServerName jogamp.com
+ ServerAlias *.jogamp.com
+ ServerPath /jogamp.org/
+ ErrorLog ${APACHE_LOG_DIR}/jogamp.com-error_log
+ CustomLog ${APACHE_LOG_DIR}/jogamp.com-access_log combined
+
+ RewriteEngine On
+ RewriteCond %{HTTP_HOST} ^www.jogamp\.com$ [NC]
+ RewriteRule ^/(.*)$ http://jogamp.org/$1 [R=301,L,NE]
+
+ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.com$ [NC]
+ RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE]
+
+ RewriteCond %{HTTP_HOST} ^jogamp\.com$ [NC]
+ RewriteRule ^/(.*)$ http://jogamp.org/$1 [R=301,L,NE]
+
+
+#
+# Directives to allow use of AWStats as a CGI
+#
+#Alias /awstatsclasses "/usr/local/awstats/wwwroot/classes/"
+#Alias /awstatscss "/usr/local/awstats/wwwroot/css/"
+#Alias /awstatsicons "/usr/local/awstats/wwwroot/icon/"
+#ScriptAlias /awstats/ "/usr/local/awstats/wwwroot/cgi-bin/"
+
+#
+# This is to permit URL access to scripts/files in AWStats directory.
+#
+
+ Options None
+ AllowOverride None
+ Order allow,deny
+ Allow from all
+
+
diff -Nur apache2.orig/sites-available/jogamp.org-ssl apache2/sites-available/jogamp.org-ssl
--- apache2.orig/sites-available/jogamp.org-ssl 1970-01-01 01:00:00.000000000 +0100
+++ apache2/sites-available/jogamp.org-ssl 2013-06-06 07:53:58.298005000 +0200
@@ -0,0 +1,256 @@
+
+
+
+ # General setup for the virtual host, inherited from global configuration
+ ServerName jogamp.org
+ ServerPath /jogamp.org/
+ RewriteEngine On
+ DocumentRoot /srv/www/jogamp.org
+
+ # Use separate log files for the SSL virtual host; note that LogLevel
+ # is not inherited from httpd.conf.
+ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-ssl-error.log
+ TransferLog ${APACHE_LOG_DIR}/jogamp.org-ssl-access.log
+ LogLevel warn
+
+ # SSL Engine Switch:
+ # Enable/Disable SSL for this virtual host.
+ SSLEngine on
+
+ # SSL Protocol support:
+ # List the enable protocol levels with which clients will be able to
+ # connect. Disable SSLv2 access by default:
+ SSLProtocol all -SSLv2
+
+ # SSL Cipher Suite:
+ # List the ciphers that the client is permitted to negotiate.
+ # See the mod_ssl documentation for a complete list.
+ SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
+
+ # A self-signed (snakeoil) certificate can be created by installing
+ # the ssl-cert package. See
+ # /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
+ # If both key and certificate are stored in the same file, only the
+ # SSLCertificateFile directive is needed.
+ # SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
+ # SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+
+ SSLCertificateFile /etc/ssl/local/jogamp2013-hostcert.pem
+ SSLCertificateKeyFile /etc/ssl/local/jogamp2013-hostkey.apache.pem
+
+ # Server Certificate Chain:
+ # Point SSLCertificateChainFile at a file containing the
+ # concatenation of PEM encoded CA certificates which form the
+ # certificate chain for the server certificate. Alternatively
+ # the referenced file can be the same as SSLCertificateFile
+ # when the CA certificates are directly appended to the server
+ # certificate for convinience.
+ #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
+
+ SSLCertificateChainFile /etc/ssl/local/thawte-SSL123_CA_Bundle.pem
+
+ # Certificate Authority (CA):
+ # Set the CA certificate verification path where to find CA
+ # certificates for client authentication or alternatively one
+ # huge file containing all of them (file must be PEM encoded)
+ # Note: Inside SSLCACertificatePath you need hash symlinks
+ # to point to the certificate files. Use the provided
+ # Makefile to update the hash symlinks after changes.
+ #SSLCACertificatePath /etc/ssl/certs/
+ #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
+
+ # Certificate Revocation Lists (CRL):
+ # Set the CA revocation path where to find CA CRLs for client
+ # authentication or alternatively one huge file containing all
+ # of them (file must be PEM encoded)
+ # Note: Inside SSLCARevocationPath you need hash symlinks
+ # to point to the certificate files. Use the provided
+ # Makefile to update the hash symlinks after changes.
+ #SSLCARevocationPath /etc/apache2/ssl.crl/
+ #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
+
+ # Client Authentication (Type):
+ # Client certificate verification type and depth. Types are
+ # none, optional, require and optional_no_ca. Depth is a
+ # number which specifies how deeply to verify the certificate
+ # issuer chain before deciding the certificate is not valid.
+ #SSLVerifyClient require
+ #SSLVerifyDepth 10
+
+ # Access Control:
+ # With SSLRequire you can do per-directory access control based
+ # on arbitrary complex boolean expressions containing server
+ # variable checks and other lookup directives. The syntax is a
+ # mixture between C and Perl. See the mod_ssl documentation
+ # for more details.
+ #
+ #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+ # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+ # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+ # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+ # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
+ # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+ #
+
+ # SSL Engine Options:
+ # Set various options for the SSL engine.
+ # o FakeBasicAuth:
+ # Translate the client X.509 into a Basic Authorisation. This means that
+ # the standard Auth/DBMAuth methods can be used for access control. The
+ # user name is the `one line' version of the client's X.509 certificate.
+ # Note that no password is obtained from the user. Every entry in the user
+ # file needs this password: `xxj31ZMTZzkVA'.
+ # o ExportCertData:
+ # This exports two additional environment variables: SSL_CLIENT_CERT and
+ # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+ # server (always existing) and the client (only existing when client
+ # authentication is used). This can be used to import the certificates
+ # into CGI scripts.
+ # o StdEnvVars:
+ # This exports the standard SSL/TLS related `SSL_*' environment variables.
+ # Per default this exportation is switched off for performance reasons,
+ # because the extraction step is an expensive operation and is usually
+ # useless for serving static content. So one usually enables the
+ # exportation for CGI and SSI requests only.
+ # o StrictRequire:
+ # This denies access when "SSLRequireSSL" or "SSLRequire" applied even
+ # under a "Satisfy any" situation, i.e. when it applies access is denied
+ # and no other module can change it.
+ # o OptRenegotiate:
+ # This enables optimized SSL connection renegotiation handling when SSL
+ # directives are used in per-directory context.
+ #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+
+ SSLOptions +StdEnvVars
+
+
+ # SSL Protocol Adjustments:
+ # The safe and default but still SSL/TLS standard compliant shutdown
+ # approach is that mod_ssl sends the close notify alert but doesn't wait for
+ # the close notify alert from client. When you need a different shutdown
+ # approach you can use one of the following variables:
+ # o ssl-unclean-shutdown:
+ # This forces an unclean shutdown when the connection is closed, i.e. no
+ # SSL close notify alert is send or allowed to received. This violates
+ # the SSL/TLS standard but is needed for some brain-dead browsers. Use
+ # this when you receive I/O errors because of the standard approach where
+ # mod_ssl sends the close notify alert.
+ # o ssl-accurate-shutdown:
+ # This forces an accurate shutdown when the connection is closed, i.e. a
+ # SSL close notify alert is send and mod_ssl waits for the close notify
+ # alert of the client. This is 100% SSL/TLS standard compliant, but in
+ # practice often causes hanging connections with brain-dead browsers. Use
+ # this only for browsers where you know that their SSL implementation
+ # works correctly.
+ # Notice: Most problems of broken clients are also related to the HTTP
+ # keep-alive facility, so you usually additionally want to disable
+ # keep-alive for those clients, too. Use variable "nokeepalive" for this.
+ # Similarly, one has to force some clients to use HTTP/1.0 to workaround
+ # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+ # "force-response-1.0" for this.
+ BrowserMatch "MSIE [2-6]" \
+ nokeepalive ssl-unclean-shutdown \
+ downgrade-1.0 force-response-1.0
+ # MSIE 7 and newer should be able to use keepalive
+ BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+
+ # Per-Server Logging:
+ # The home of a custom SSL log file. Use this when you want a
+ # compact non-error SSL logfile on a virtual host basis.
+ CustomLog /var/log/apache2/jogamp.org-ssl-request.log \
+ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-ssl-error.log
+ CustomLog ${APACHE_LOG_DIR}/jogamp.org-ssl-access.log combined
+
+ # configures the footer on server-generated documents
+ ServerSignature On
+
+
+ Options Indexes FollowSymLinks
+ AllowOverride All
+ Order allow,deny
+ Allow from all
+
+
+# ScriptAlias /cgi-bin/ "/srv/www/jogamp.org/bugzilla"
+
+ AddHandler cgi-script .cgi
+ Options +Indexes +ExecCGI -MultiViews +FollowSymLinks
+ DirectoryIndex index.cgi
+ AllowOverride Limit FileInfo Indexes
+
+
+ SetEnv GIT_PROJECT_ROOT /srv/scm
+ SetEnv GIT_HTTP_EXPORT_ALL
+ ScriptAlias /srv/scm/ /usr/lib/git-core/git-http-backend/
+
+ DirectoryIndex gitweb.cgi
+ Allow from all
+ AllowOverride all
+ Order allow,deny
+ Options ExecCGI
+
+ SetHandler cgi-script
+
+ SetEnv GITWEB_CONFIG /srv/scm/gitweb.conf
+
+
+ Alias /icons/ "/srv/www/jogamp.org/icons/"
+
+
+ Options Indexes MultiViews
+ AllowOverride None
+ Order allow,deny
+ Allow from all
+
+
+ #
+ # http://wiki.hudson-ci.org/display/HUDSON/Running+Hudson+behind+Apache
+ #
+ ProxyRequests Off
+ ProxyPreserveHost On
+
+ # Local reverse proxy authorization override
+ # Most unix distribution deny proxy by default (ie /etc/apache2/mods-enabled/proxy.conf in Ubuntu)
+
+ Order deny,allow
+ Allow from all
+
+
+ ProxyPass /chuck http://127.0.0.1:8080/chuck
+ ProxyPassReverse /chuck http://127.0.0.1:8080/chuck
+ ProxyPassReverse /chuck http://jogamp.org/chuck
+
+# ProxyPass /chuck/ http://127.0.0.1:8080/chuck/
+#
+# ProxyPassReverse /
+# Order deny,allow
+# Allow from all
+#
+ Header edit Location ^http://jogamp.org/chuck/ https://jogamp.org/chuck/
+
+
+
+
+ ServerName jogamp.com
+ ServerAlias *.jogamp.com
+ ServerPath /jogamp.org/
+ SSLEngine on
+ ErrorLog ${APACHE_LOG_DIR}/jogamp.com-ssl-error.log
+ CustomLog ${APACHE_LOG_DIR}/jogamp.com-ssl-access.log combined
+
+ SSLCertificateFile /etc/ssl/local/jogamp2013-hostcert.pem
+ SSLCertificateKeyFile /etc/ssl/local/jogamp2013-hostkey.apache.pem
+
+ RewriteEngine On
+ RewriteCond %{HTTP_HOST} ^www.jogamp\.com$ [NC]
+ RewriteRule ^/(.*)$ https://jogamp.org/$1 [R=301,L,NE]
+
+ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.com$ [NC]
+ RewriteRule ^/(.*)$ https://jogamp.org/%1/$1 [R=301,L,NE]
+
+ RewriteCond %{HTTP_HOST} ^jogamp\.com$ [NC]
+ RewriteRule ^/(.*)$ https://jogamp.org/$1 [R=301,L,NE]
+
+
diff -Nur apache2.orig/sites-enabled/000-default apache2/sites-enabled/000-default
--- apache2.orig/sites-enabled/000-default 2013-03-03 12:14:45.000000000 +0100
+++ apache2/sites-enabled/000-default 1970-01-01 01:00:00.000000000 +0100
@@ -1,31 +0,0 @@
-
- ServerAdmin webmaster@localhost
-
- DocumentRoot /var/www
-
- Options FollowSymLinks
- AllowOverride None
-
-
- Options Indexes FollowSymLinks MultiViews
- AllowOverride None
- Order allow,deny
- allow from all
-
-
- ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
-
- AllowOverride None
- Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
- Order allow,deny
- Allow from all
-
-
- ErrorLog ${APACHE_LOG_DIR}/error.log
-
- # Possible values include: debug, info, notice, warn, error, crit,
- # alert, emerg.
- LogLevel warn
-
- CustomLog ${APACHE_LOG_DIR}/access.log combined
-
diff -Nur apache2.orig/sites-enabled/000-jogamp.org apache2/sites-enabled/000-jogamp.org
--- apache2.orig/sites-enabled/000-jogamp.org 1970-01-01 01:00:00.000000000 +0100
+++ apache2/sites-enabled/000-jogamp.org 2013-06-06 07:29:00.470204000 +0200
@@ -0,0 +1,247 @@
+#
+# Almost any Apache directive may go into a VirtualHost container.
+# The first VirtualHost section is used for requests without a known
+# server name.
+#
+
+ ServerAdmin jausoft@jausoft.com
+ ServerName jogamp.org
+ ServerAlias www.jogamp.org
+ ServerPath /jogamp.org/
+ RewriteEngine On
+
+ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+
+ DocumentRoot /srv/www/jogamp.org
+
+ # don't loose time with IP address lookups
+ HostnameLookups Off
+
+ # needed for named virtual hosts
+ UseCanonicalName Off
+
+ # configures the footer on server-generated documents
+ ServerSignature On
+
+
+ Options Indexes FollowSymLinks
+ AllowOverride All
+ Order allow,deny
+ Allow from all
+
+
+ RewriteCond %{HTTP_HOST} ^www.jogamp\.org$ [NC]
+ RewriteRule ^/(.*)$ http://jogamp.org/$1 [R=301,L,NE]
+
+ #RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+ #RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE]
+
+ RewriteCond %{REQUEST_URI} ^/wiki/index.php$
+ RewriteCond %{QUERY_STRING} ^title=Special:UserLogin
+ RewriteCond %{REQUEST_METHOD} ^GET$
+ RewriteRule ^(.*)$ https://%{SERVER_NAME}/$1 [R=301,L,NE]
+
+ #
+ # Due to security concerns, session hijacking .. etc .. the whole
+ # bugzilla stream will go over https
+ #
+ RewriteCond %{REQUEST_URI} ^/bugzilla
+ RewriteRule ^/bugzilla/(.*)$ https://%{SERVER_NAME}/bugzilla/$1 [R=301,L,NE]
+
+ SetEnv GIT_PROJECT_ROOT /srv/scm
+ SetEnv GIT_HTTP_EXPORT_ALL
+ ScriptAlias /srv/scm/ /usr/lib/git-core/git-http-backend/
+
+ DirectoryIndex gitweb.cgi
+ Allow from all
+ AllowOverride all
+ Order allow,deny
+ Options ExecCGI
+
+ SetHandler cgi-script
+
+ SetEnv GITWEB_CONFIG /srv/scm/gitweb.conf
+
+
+ Alias /icons/ "/srv/www/jogamp.org/icons/"
+
+
+ Options Indexes MultiViews
+ AllowOverride None
+ Order allow,deny
+ Allow from all
+
+
+ #
+ # Due to security concerns, session hijacking .. etc .. the whole
+ # hudson and bugzilla stream will go over https
+ #
+ RewriteCond %{REQUEST_URI} ^/chuck
+ RewriteRule ^/chuck/(.*)$ https://%{SERVER_NAME}/chuck/$1 [R=301,L,NE]
+
+ #RewriteCond %{REQUEST_URI} ^/chuck
+ #RewriteRule ^/chuck/login(.*)$ https://%{SERVER_NAME}/chuck/login$1 [R=301,L,NE]
+ #
+ #RewriteCond %{REQUEST_URI} ^/chuck
+ #RewriteCond %{HTTP_COOKIE} JSESSIONID=(.*) [NC,OR]
+ #RewriteCond %{HTTP_COOKIE} ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE [NC]
+ #RewriteRule ^/chuck/(.*)$ https://%{SERVER_NAME}/chuck/$1 [R=301,L,NE]
+ #
+ # Cookies:
+ # wikidb_mw_LoggedOut /
+ # wikidb_mw__session /
+ # wikidb_mw_Token /
+ # wikidb_mw_UserID /
+ # wikidb_mw_UserName /
+ #
+ # Bugzilla_login /bugzilla
+ # Bugzilla_logincookie /bugzilla
+ # DEFAULTFORMAT /bugzilla
+ #
+ # ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE /chuck
+ # JSESSIONID /chuck
+ #
+
+ #
+ # http://wiki.hudson-ci.org/display/HUDSON/Running+Hudson+behind+Apache
+ #
+ #ProxyRequests Off
+ #ProxyPreserveHost On
+
+ # Local reverse proxy authorization override
+ # Most unix distribution deny proxy by default (ie /etc/apache2/mods-enabled/proxy.conf in Ubuntu)
+ #
+ # Order deny,allow
+ # Allow from all
+ #
+ #ProxyPass /chuck http://localhost:8080/chuck
+ #ProxyPassReverse /chuck http://localhost:8080/chuck
+
+
+
+ ServerName blog.jogamp.org
+ ServerPath /jogamp.org/
+ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+ RewriteEngine On
+ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+ RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE]
+
+
+
+ ServerName bugzilla.jogamp.org
+ ServerPath /jogamp.org/
+ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+ RewriteEngine On
+ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+ RewriteRule ^/(.*)$ https://jogamp.org/%1/$1 [R=301,L,NE]
+
+
+
+ ServerName wiki.jogamp.org
+ ServerPath /jogamp.org/
+ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+ RewriteEngine On
+ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+ RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE]
+
+
+
+ ServerName scm.jogamp.org
+ ServerPath /jogamp.org/
+ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+ RewriteEngine On
+ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+ RewriteRule ^/(.*)$ http://jogamp.org/git/$1 [R=301,L,NE]
+
+
+
+ ServerName jogl.jogamp.org
+ ServerPath /jogamp.org/
+ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+ RewriteEngine On
+ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+ RewriteRule ^/(.*)$ http://jogamp.org/%1/www/$1 [R=301,L,NE]
+
+
+
+ ServerName jocl.jogamp.org
+ ServerPath /jogamp.org/
+ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+ RewriteEngine On
+ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+ RewriteRule ^/(.*)$ http://jogamp.org/%1/www/$1 [R=301,L,NE]
+
+
+
+ ServerName joal.jogamp.org
+ ServerPath /jogamp.org/
+ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+ RewriteEngine On
+ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+ RewriteRule ^/(.*)$ http://jogamp.org/%1/www/$1 [R=301,L,NE]
+
+
+
+ ServerName demos.jogamp.org
+ ServerPath /jogamp.org/
+ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+ RewriteEngine On
+ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+ RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE]
+
+
+
+ ServerName chuck.jogamp.org
+ ServerPath /jogamp.org/
+ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-error_log
+ CustomLog ${APACHE_LOG_DIR}/jogamp.org-access_log combined
+ RewriteEngine On
+ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.org$ [NC]
+ RewriteRule ^/(.*)$ https://jogamp.org/%1/$1 [R=301,L,NE]
+
+
+
+ ServerName jogamp.com
+ ServerAlias *.jogamp.com
+ ServerPath /jogamp.org/
+ ErrorLog ${APACHE_LOG_DIR}/jogamp.com-error_log
+ CustomLog ${APACHE_LOG_DIR}/jogamp.com-access_log combined
+
+ RewriteEngine On
+ RewriteCond %{HTTP_HOST} ^www.jogamp\.com$ [NC]
+ RewriteRule ^/(.*)$ http://jogamp.org/$1 [R=301,L,NE]
+
+ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.com$ [NC]
+ RewriteRule ^/(.*)$ http://jogamp.org/%1/$1 [R=301,L,NE]
+
+ RewriteCond %{HTTP_HOST} ^jogamp\.com$ [NC]
+ RewriteRule ^/(.*)$ http://jogamp.org/$1 [R=301,L,NE]
+
+
+#
+# Directives to allow use of AWStats as a CGI
+#
+#Alias /awstatsclasses "/usr/local/awstats/wwwroot/classes/"
+#Alias /awstatscss "/usr/local/awstats/wwwroot/css/"
+#Alias /awstatsicons "/usr/local/awstats/wwwroot/icon/"
+#ScriptAlias /awstats/ "/usr/local/awstats/wwwroot/cgi-bin/"
+
+#
+# This is to permit URL access to scripts/files in AWStats directory.
+#
+
+ Options None
+ AllowOverride None
+ Order allow,deny
+ Allow from all
+
+
diff -Nur apache2.orig/sites-enabled/001-jogamp.org-ssl apache2/sites-enabled/001-jogamp.org-ssl
--- apache2.orig/sites-enabled/001-jogamp.org-ssl 1970-01-01 01:00:00.000000000 +0100
+++ apache2/sites-enabled/001-jogamp.org-ssl 2013-06-06 07:53:58.298005000 +0200
@@ -0,0 +1,256 @@
+
+
+
+ # General setup for the virtual host, inherited from global configuration
+ ServerName jogamp.org
+ ServerPath /jogamp.org/
+ RewriteEngine On
+ DocumentRoot /srv/www/jogamp.org
+
+ # Use separate log files for the SSL virtual host; note that LogLevel
+ # is not inherited from httpd.conf.
+ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-ssl-error.log
+ TransferLog ${APACHE_LOG_DIR}/jogamp.org-ssl-access.log
+ LogLevel warn
+
+ # SSL Engine Switch:
+ # Enable/Disable SSL for this virtual host.
+ SSLEngine on
+
+ # SSL Protocol support:
+ # List the enable protocol levels with which clients will be able to
+ # connect. Disable SSLv2 access by default:
+ SSLProtocol all -SSLv2
+
+ # SSL Cipher Suite:
+ # List the ciphers that the client is permitted to negotiate.
+ # See the mod_ssl documentation for a complete list.
+ SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
+
+ # A self-signed (snakeoil) certificate can be created by installing
+ # the ssl-cert package. See
+ # /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
+ # If both key and certificate are stored in the same file, only the
+ # SSLCertificateFile directive is needed.
+ # SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
+ # SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+
+ SSLCertificateFile /etc/ssl/local/jogamp2013-hostcert.pem
+ SSLCertificateKeyFile /etc/ssl/local/jogamp2013-hostkey.apache.pem
+
+ # Server Certificate Chain:
+ # Point SSLCertificateChainFile at a file containing the
+ # concatenation of PEM encoded CA certificates which form the
+ # certificate chain for the server certificate. Alternatively
+ # the referenced file can be the same as SSLCertificateFile
+ # when the CA certificates are directly appended to the server
+ # certificate for convinience.
+ #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
+
+ SSLCertificateChainFile /etc/ssl/local/thawte-SSL123_CA_Bundle.pem
+
+ # Certificate Authority (CA):
+ # Set the CA certificate verification path where to find CA
+ # certificates for client authentication or alternatively one
+ # huge file containing all of them (file must be PEM encoded)
+ # Note: Inside SSLCACertificatePath you need hash symlinks
+ # to point to the certificate files. Use the provided
+ # Makefile to update the hash symlinks after changes.
+ #SSLCACertificatePath /etc/ssl/certs/
+ #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
+
+ # Certificate Revocation Lists (CRL):
+ # Set the CA revocation path where to find CA CRLs for client
+ # authentication or alternatively one huge file containing all
+ # of them (file must be PEM encoded)
+ # Note: Inside SSLCARevocationPath you need hash symlinks
+ # to point to the certificate files. Use the provided
+ # Makefile to update the hash symlinks after changes.
+ #SSLCARevocationPath /etc/apache2/ssl.crl/
+ #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
+
+ # Client Authentication (Type):
+ # Client certificate verification type and depth. Types are
+ # none, optional, require and optional_no_ca. Depth is a
+ # number which specifies how deeply to verify the certificate
+ # issuer chain before deciding the certificate is not valid.
+ #SSLVerifyClient require
+ #SSLVerifyDepth 10
+
+ # Access Control:
+ # With SSLRequire you can do per-directory access control based
+ # on arbitrary complex boolean expressions containing server
+ # variable checks and other lookup directives. The syntax is a
+ # mixture between C and Perl. See the mod_ssl documentation
+ # for more details.
+ #
+ #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+ # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+ # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+ # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+ # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
+ # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+ #
+
+ # SSL Engine Options:
+ # Set various options for the SSL engine.
+ # o FakeBasicAuth:
+ # Translate the client X.509 into a Basic Authorisation. This means that
+ # the standard Auth/DBMAuth methods can be used for access control. The
+ # user name is the `one line' version of the client's X.509 certificate.
+ # Note that no password is obtained from the user. Every entry in the user
+ # file needs this password: `xxj31ZMTZzkVA'.
+ # o ExportCertData:
+ # This exports two additional environment variables: SSL_CLIENT_CERT and
+ # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+ # server (always existing) and the client (only existing when client
+ # authentication is used). This can be used to import the certificates
+ # into CGI scripts.
+ # o StdEnvVars:
+ # This exports the standard SSL/TLS related `SSL_*' environment variables.
+ # Per default this exportation is switched off for performance reasons,
+ # because the extraction step is an expensive operation and is usually
+ # useless for serving static content. So one usually enables the
+ # exportation for CGI and SSI requests only.
+ # o StrictRequire:
+ # This denies access when "SSLRequireSSL" or "SSLRequire" applied even
+ # under a "Satisfy any" situation, i.e. when it applies access is denied
+ # and no other module can change it.
+ # o OptRenegotiate:
+ # This enables optimized SSL connection renegotiation handling when SSL
+ # directives are used in per-directory context.
+ #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+
+ SSLOptions +StdEnvVars
+
+
+ # SSL Protocol Adjustments:
+ # The safe and default but still SSL/TLS standard compliant shutdown
+ # approach is that mod_ssl sends the close notify alert but doesn't wait for
+ # the close notify alert from client. When you need a different shutdown
+ # approach you can use one of the following variables:
+ # o ssl-unclean-shutdown:
+ # This forces an unclean shutdown when the connection is closed, i.e. no
+ # SSL close notify alert is send or allowed to received. This violates
+ # the SSL/TLS standard but is needed for some brain-dead browsers. Use
+ # this when you receive I/O errors because of the standard approach where
+ # mod_ssl sends the close notify alert.
+ # o ssl-accurate-shutdown:
+ # This forces an accurate shutdown when the connection is closed, i.e. a
+ # SSL close notify alert is send and mod_ssl waits for the close notify
+ # alert of the client. This is 100% SSL/TLS standard compliant, but in
+ # practice often causes hanging connections with brain-dead browsers. Use
+ # this only for browsers where you know that their SSL implementation
+ # works correctly.
+ # Notice: Most problems of broken clients are also related to the HTTP
+ # keep-alive facility, so you usually additionally want to disable
+ # keep-alive for those clients, too. Use variable "nokeepalive" for this.
+ # Similarly, one has to force some clients to use HTTP/1.0 to workaround
+ # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+ # "force-response-1.0" for this.
+ BrowserMatch "MSIE [2-6]" \
+ nokeepalive ssl-unclean-shutdown \
+ downgrade-1.0 force-response-1.0
+ # MSIE 7 and newer should be able to use keepalive
+ BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+
+ # Per-Server Logging:
+ # The home of a custom SSL log file. Use this when you want a
+ # compact non-error SSL logfile on a virtual host basis.
+ CustomLog /var/log/apache2/jogamp.org-ssl-request.log \
+ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+ ErrorLog ${APACHE_LOG_DIR}/jogamp.org-ssl-error.log
+ CustomLog ${APACHE_LOG_DIR}/jogamp.org-ssl-access.log combined
+
+ # configures the footer on server-generated documents
+ ServerSignature On
+
+
+ Options Indexes FollowSymLinks
+ AllowOverride All
+ Order allow,deny
+ Allow from all
+
+
+# ScriptAlias /cgi-bin/ "/srv/www/jogamp.org/bugzilla"
+
+ AddHandler cgi-script .cgi
+ Options +Indexes +ExecCGI -MultiViews +FollowSymLinks
+ DirectoryIndex index.cgi
+ AllowOverride Limit FileInfo Indexes
+
+
+ SetEnv GIT_PROJECT_ROOT /srv/scm
+ SetEnv GIT_HTTP_EXPORT_ALL
+ ScriptAlias /srv/scm/ /usr/lib/git-core/git-http-backend/
+
+ DirectoryIndex gitweb.cgi
+ Allow from all
+ AllowOverride all
+ Order allow,deny
+ Options ExecCGI
+
+ SetHandler cgi-script
+
+ SetEnv GITWEB_CONFIG /srv/scm/gitweb.conf
+
+
+ Alias /icons/ "/srv/www/jogamp.org/icons/"
+
+
+ Options Indexes MultiViews
+ AllowOverride None
+ Order allow,deny
+ Allow from all
+
+
+ #
+ # http://wiki.hudson-ci.org/display/HUDSON/Running+Hudson+behind+Apache
+ #
+ ProxyRequests Off
+ ProxyPreserveHost On
+
+ # Local reverse proxy authorization override
+ # Most unix distribution deny proxy by default (ie /etc/apache2/mods-enabled/proxy.conf in Ubuntu)
+
+ Order deny,allow
+ Allow from all
+
+
+ ProxyPass /chuck http://127.0.0.1:8080/chuck
+ ProxyPassReverse /chuck http://127.0.0.1:8080/chuck
+ ProxyPassReverse /chuck http://jogamp.org/chuck
+
+# ProxyPass /chuck/ http://127.0.0.1:8080/chuck/
+#
+# ProxyPassReverse /
+# Order deny,allow
+# Allow from all
+#
+ Header edit Location ^http://jogamp.org/chuck/ https://jogamp.org/chuck/
+
+
+
+
+ ServerName jogamp.com
+ ServerAlias *.jogamp.com
+ ServerPath /jogamp.org/
+ SSLEngine on
+ ErrorLog ${APACHE_LOG_DIR}/jogamp.com-ssl-error.log
+ CustomLog ${APACHE_LOG_DIR}/jogamp.com-ssl-access.log combined
+
+ SSLCertificateFile /etc/ssl/local/jogamp2013-hostcert.pem
+ SSLCertificateKeyFile /etc/ssl/local/jogamp2013-hostkey.apache.pem
+
+ RewriteEngine On
+ RewriteCond %{HTTP_HOST} ^www.jogamp\.com$ [NC]
+ RewriteRule ^/(.*)$ https://jogamp.org/$1 [R=301,L,NE]
+
+ RewriteCond %{HTTP_HOST} ^(.*)\.jogamp\.com$ [NC]
+ RewriteRule ^/(.*)$ https://jogamp.org/%1/$1 [R=301,L,NE]
+
+ RewriteCond %{HTTP_HOST} ^jogamp\.com$ [NC]
+ RewriteRule ^/(.*)$ https://jogamp.org/$1 [R=301,L,NE]
+
+