config { var.PID = 569 var.CWD = "/root" server.document-root = "/usr/www" server.groupname = "nobody" server.username = "nobody" server.modules = ( "mod_cgi", "mod_fastcgi", "mod_setenv", "mod_rewrite", "mod_access", "mod_openssl", # 6 ) server.max-request-size = 1024 server.max-read-idle = 30 server.max-write-idle = 30 server.stream-request-body = 2 server.stream-response-body = 2 server.tag = "" server.upload-dirs = ("/dev/shm") server.errorlog-use-syslog = "enable" cgi.execute-x-only = "enable" dir-listing.set-footer = " " url.rewrite = ( "(^/extjs/ext-all\.js$)" => "$1.gz", "(^/extjs/resources/css/ext-all-gray\.css$)" => "$1.gz", # 2 ) index-file.names = ("index.html") ssl.honor-cipher-order = "disable" server.port = 80 server.bind = "127.0.0.1" ssl.pemfile = "/cfg/etc/ssl.pem2" ssl.dh-file = "/etc/ssl/ffdhe2048.pem" ssl.read-ahead = "disable" ssl.ca-file = "/etc/ssl/ca-certs.crt" ssl.cipher-list = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" fastcgi.server = ( "/" => ( ( "socket" => "/var/umi-fastcgi-auth.sock", "mode" => "authorizer", "check-local" => "disable", # 3 ), ), "/index.html" => ( ( "socket" => "/var/umi-fastcgi.sock", "check-local" => "disable", # 2 ), ), "/umi/" => ( ( "socket" => "/var/umi-fastcgi.sock", "check-local" => "disable", # 2 ), ), # 3 ) mimetype.use-xattr = "disable" mimetype.assign = ( ".pdf" => "application/pdf", ".sig" => "application/pgp-signature", ".spl" => "application/futuresplash", ".json" => "application/json", ".map" => "application/json", # 5 ".class" => "application/octet-stream", ".ps" => "application/postscript", ".wasm" => "application/wasm", ".torrent" => "application/x-bittorrent", ".dvi" => "application/x-dvi", # 10 ".pac" => "application/x-ns-proxy-autoconfig", ".swf" => "application/x-shockwave-flash", ".tar.gz" => "application/x-tgz", ".tgz" => "application/x-tgz", ".tar" => "application/x-tar", # 15 ".zip" => "application/zip", ".mp3" => "audio/mpeg", ".m3u" => "audio/x-mpegurl", ".wma" => "audio/x-ms-wma", ".wax" => "audio/x-ms-wax", # 20 ".ogg" => "application/ogg", ".wav" => "audio/x-wav", ".ttc" => "font/collection", ".otf" => "font/otf", ".ttf" => "font/ttf", # 25 ".woff" => "font/woff", ".woff2" => "font/woff2", ".gif" => "image/gif", ".jpg" => "image/jpeg", ".jpeg" => "image/jpeg", # 30 ".png" => "image/png", ".svg" => "image/svg+xml", ".svgz" => "image/svg+xml", ".ico" => "image/x-icon", ".xbm" => "image/x-xbitmap", # 35 ".xpm" => "image/x-xpixmap", ".xwd" => "image/x-xwindowdump", ".ics" => "text/calendar", ".ifb" => "text/calendar", ".css" => "text/css", # 40 ".csv" => "text/csv", ".html" => "text/html", ".htm" => "text/html", ".shtml" => "text/html", ".js" => "text/javascript", # 45 ".mjs" => "text/javascript", ".markdown" => "text/markdown", ".md" => "text/markdown", ".asc" => "text/plain", ".c" => "text/plain", # 50 ".cpp" => "text/plain", ".log" => "text/plain", ".log.1" => "text/plain", ".log.2" => "text/plain", ".log.3" => "text/plain", # 55 ".log.4" => "text/plain", ".log.5" => "text/plain", ".conf" => "text/plain", ".text" => "text/plain", ".txt" => "text/plain", # 60 ".spec" => "text/plain", ".tsv" => "text/tab-separated-values", ".dtd" => "text/xml", ".xml" => "text/xml", ".yaml" => "text/yaml", # 65 ".yml" => "text/yaml", ".mpeg" => "video/mpeg", ".mpg" => "video/mpeg", ".mov" => "video/quicktime", ".qt" => "video/quicktime", # 70 ".avi" => "video/x-msvideo", ".asf" => "video/x-ms-asf", ".asx" => "video/x-ms-asf", ".wmv" => "video/x-ms-wmv", ".tbz" => "application/x-bzip-compressed-tar", # 75 ".tar.bz2" => "application/x-bzip-compressed-tar", ".odt" => "application/vnd.oasis.opendocument.text", ".ods" => "application/vnd.oasis.opendocument.spreadsheet", ".odp" => "application/vnd.oasis.opendocument.presentation", ".odg" => "application/vnd.oasis.opendocument.graphics", # 80 ".odc" => "application/vnd.oasis.opendocument.chart", ".odf" => "application/vnd.oasis.opendocument.formula", ".odi" => "application/vnd.oasis.opendocument.image", ".odm" => "application/vnd.oasis.opendocument.text-master", ".ott" => "application/vnd.oasis.opendocument.text-template", # 85 ".ots" => "application/vnd.oasis.opendocument.spreadsheet-template", ".otp" => "application/vnd.oasis.opendocument.presentation-template", ".otg" => "application/vnd.oasis.opendocument.graphics-template", ".otc" => "application/vnd.oasis.opendocument.chart-template", ".oti" => "application/vnd.oasis.opendocument.image-template", # 90 ".oth" => "application/vnd.oasis.opendocument.text-web", ".gz" => "application/x-gzip", ".bz2" => "application/x-bzip", "" => "application/octet-stream", # 94 ) $HTTP["url"] =~ "^/umi/" { # block 1 server.max-request-size = 102400 } # end of $HTTP["url"] =~ "^/umi/" $HTTP["request-method"] !~ "^(HEAD|GET|POST|PUT|DELETE)$" { # block 2 url.access-deny = ("") } # end of $HTTP["request-method"] !~ "^(HEAD|GET|POST|PUT|DELETE)$" $HTTP["url"] =~ "^/cgi-bin" { # block 3 cgi.assign = ( "" => "", ) } # end of $HTTP["url"] =~ "^/cgi-bin" $HTTP["url"] =~ "^/jobdata/" { # block 4 dir-listing.activate = "enable" } # end of $HTTP["url"] =~ "^/jobdata/" $HTTP["url"] =~ "^/pkgdb/" { # block 5 dir-listing.activate = "enable" } # end of $HTTP["url"] =~ "^/pkgdb/" $HTTP["url"] =~ "^/extjs/ext-all\.js\.gz$" { # block 6 mimetype.assign = ( "" => "text/javascript", ) setenv.add-response-header = ( "Content-Encoding" => "gzip", ) } # end of $HTTP["url"] =~ "^/extjs/ext-all\.js\.gz$" $HTTP["url"] =~ "^/extjs/resources/css/ext-all-gray\.css\.gz$" { # block 7 mimetype.assign = ( "" => "text/css", ) setenv.add-response-header = ( "Content-Encoding" => "gzip", ) } # end of $HTTP["url"] =~ "^/extjs/resources/css/ext-all-gray\.css\.gz$" $SERVER["socket"] == "169.254.10.1:443" { # block 8 ssl.engine = "enable" } # end of $SERVER["socket"] == "169.254.10.1:443" $SERVER["socket"] == "192.168.237.13:443" { # block 9 ssl.engine = "enable" } # end of $SERVER["socket"] == "192.168.237.13:443" $SERVER["socket"] == "[::]:443" { # block 10 ssl.engine = "enable" } # end of $SERVER["socket"] == "[::]:443" $HTTP["url"] =~ "\.svgz$" { # block 11 setenv.add-response-header = ( "Content-Encoding" => "gzip", ) } # end of $HTTP["url"] =~ "\.svgz$" }