# This is the main server configuration file. See URL http://www.apache.org/
# for instructions.

# Do NOT simply read the instructions in here without understanding
# what they do, if you are unsure consult the online docs. You have been
# warned.  

# Originally by Rob McCool

# ServerType is either inetd, or standalone.

ServerType standalone

# If you are running from inetd, go to "ServerAdmin".

# Port: The port the standalone listens to. For ports < 1023, you will
# need httpd to be run as root initially.

Port 80

# HostnameLookups: Log the names of clients or just their IP numbers
#   e.g.   www.apache.org (on) or 204.62.129.132 (off)
# You should probably turn this off unless you are going to actually
# use the information in your logs, or with a CGI.  Leaving this on
# can slow down access to your site.
HostnameLookups on

# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.  

# User/Group: The name (or #number) of the user/group to run httpd as.
#  On SCO (ODT 3) use User nouser and Group nogroup
#  On HPUX you may not be able to use shared memory as nobody, and the
#  suggested workaround is to create a user www and use that user.
User www
Group webpages

# The following directive disables keepalives and HTTP header flushes for
# Netscape 2.x and browsers which spoof it. There are known problems with
# these

BrowserMatch Mozilla/2 nokeepalive

# ServerAdmin: Your address, where problems with the server should be
# e-mailed.

ServerAdmin webguy@infinex.com

# ServerRoot: The directory the server's config, error, and log files
# are kept in
# NOTE!  If you intend to place this on a NFS (or otherwise network)
# mounted filesystem then please read the LockFile documentation,
# you will save yourself a lot of trouble.

ServerRoot /usr/local/etc/httpd

# BindAddress: You can support virtual hosts with this option. This option
# is used to tell the server which IP address to listen to. It can either
# contain "*", an IP address, or a fully qualified Internet domain name.
# See also the VirtualHost directive.

#BindAddress *

# ErrorLog: The location of the error log file. If this does not start
# with /, ServerRoot is prepended to it.

ErrorLog /var/adm/httpd/error_log

# TransferLog: The location of the transfer log file. If this does not
# start with /, ServerRoot is prepended to it.

TransferLog /var/adm/httpd/access_log

# PidFile: The file the server should log its pid to
PidFile /var/run/httpd.pid

# ScoreBoardFile: File used to store internal server process information.
# Not all architectures require this.  But if yours does (you'll know because
# this file is created when you run Apache) then you *must* ensure that
# no two invocations of Apache share the same scoreboard file.
ScoreBoardFile logs/apache_status

# ServerName allows you to set a host name which is sent back to clients for
# your server if it's different than the one the program would get (i.e. use
# "www" instead of the host's real name).
#
# Note: You cannot just invent host names and hope they work. The name you 
# define here must be a valid DNS name for your host. If you don't understand
# this, ask your network administrator.

ServerName host.domain.com

# CacheNegotiatedDocs: By default, Apache sends Pragma: no-cache with each
# document that was negotiated on the basis of content. This asks proxy
# servers not to cache the document. Uncommenting the following line disables
# this behavior, and proxies will be allowed to cache the documents.

#CacheNegotiatedDocs

# Timeout: The number of seconds before receives and sends time out

Timeout 300

# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.

KeepAlive On

# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We reccomend you leave this number high, for maximum performance.

MaxKeepAliveRequests 100

# KeepAliveTimeout: Number of seconds to wait for the next request

KeepAliveTimeout 15

# Server-pool size regulation.  Rather than making you guess how many
# server processes you need, Apache dynamically adapts to the load it
# sees --- that is, it tries to maintain enough server processes to
# handle the current load, plus a few spare servers to handle transient
# load spikes (e.g., multiple simultaneous requests from a single
# Netscape browser).

# It does this by periodically checking how many servers are waiting
# for a request.  If there are fewer than MinSpareServers, it creates
# a new spare.  If there are more than MaxSpareServers, some of the
# spares die off.  These values are probably OK for most sites ---

MinSpareServers 5
MaxSpareServers 10

# Number of servers to start --- should be a reasonable ballpark figure.

StartServers 5

# Limit on total number of servers running, i.e., limit on the number
# of clients who can simultaneously connect --- if this limit is ever
# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.
# It is intended mainly as a brake to keep a runaway server from taking
# Unix with it as it spirals down...

MaxClients 150

# MaxRequestsPerChild: the number of requests each child process is
#  allowed to process before the child dies.
#  The child will exit so as to avoid problems after prolonged use when
#  Apache (and maybe the libraries it uses) leak.  On most systems, this
#  isn't really needed, but a few (such as Solaris) do have notable leaks
#  in the libraries.

MaxRequestsPerChild 30

# Proxy Server directives. Uncomment the following line to
# enable the proxy server:

#ProxyRequests On

# To enable the cache as well, edit and uncomment the following lines:

#CacheRoot /usr/local/etc/httpd/proxy
#CacheSize 5
#CacheGcInterval 4
#CacheMaxExpire 24
#CacheLastModifiedFactor 0.1
#CacheDefaultExpire 1
#NoCache a_domain.com another_domain.edu joes.garage_sale.com

# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, in addition to the default. See also the VirtualHost command

#Listen 3000
#Listen 12.34.56.78:80
Listen 80
Listen 443

#################################################################
#
# SSL Directives
#
#################################################################
# Note that all SSL options can apply to virtual hosts.
#################################################################
# Disable SSL. Useful in combination with virtual hosts. Note that
# SSLEnable is now also supported. SSL disabled by default.
#################################################################

SSLDisable

#################################################################
# Set the path for the global cache server executable.
# If this facility gives you trouble, you can disable it by
# setting CACHE_SESSIONS to FALSE in apache_ssl.c
#################################################################

SSLCacheServerPath /usr/local/etc/httpd/src/gcache

#################################################################
# Set the global cache server port number
#################################################################

SSLCacheServerPort 1234

#################################################################
# Set the session cache timeout, in seconds (set to 15 for
# testing, use a higher value in real life)
#################################################################

SSLSessionCacheTimeout 15

#################################################################
#Path to where the CA certificate directory.
#SSLCACertificatePath /usr/local/etc/httpsd/SSLconf/conf
#################################################################

SSLCACertificatePath /usr/local/ssl/certs

#################################################################
#Path to CA certificate verification file (must be PEM encoded).
#################################################################

SSLCACertificateFile /usr/local/ssl/certs/virtual.infinex.com.cert

#################################################################
#Path to SSLCertificateFile at a PEM encoded certificate.
#SSLCertificateFile /usr/local/etc/httpsd/SSLconf/conf/httpsd.pem
#################################################################

SSLCertificateFile /usr/local/ssl/certs/virtual.infinex.com.crt

#################################################################
#Path to Certificate Key File
#SSLCertificateKeyFile /usr/local/ssl/private/some.key
#################################################################

SSLCertificateKeyFile /usr/local/ssl/private/virtual.infinex.com.key

#################################################################
# Set SSLVerifyClient to:
# 0 if no certicate is required
# 1 if the client may present a valid certificate
# 2 if the client must present a valid certificate
# 3 if the client may present a valid certificate but it is not
#   required to have a valid CA
#################################################################

SSLVerifyClient 0

#################################################################
# How deeply to verify before deciding they don't have a valid certificate
#################################################################

SSLVerifyDepth 10

#################################################################
# Translate the client X509 into a Basic authorisation. This 
# means that the standard Auth/DBMAuth methods can be used for
# access control. The user name is the "one line" version of the
# client's X509 certificate. Note that no password is obtained
# from the user. Every entry in the user file needs this
# password: xxj31ZMTZzkVA. See the code for further explanation.
#################################################################

SSLFakeBasicAuth

#################################################################
# A home for miscellaneous rubbish generated by SSL. Much of it
# is duplicated in the error log file.
#################################################################

SSLLogFile /tmp/ssl.log

#################################################################
# Custom logging
#################################################################

CustomLog       logs/ssl_log "%t %{version}c %{cipher}c %{clientcert}c"

#################################################################
#
# END of SSL
#
#################################################################

# VirtualHost: Allows the daemon to respond to requests for more than one
# server address, if your server machine is configured to accept IP packets
# for multiple addresses. This can be accomplished with the ifconfig 
# alias flag, or through kernel patches like VIF.

# Any httpd.conf or srm.conf directive may go into a VirtualHost command.
# See also the BindAddress entry.
 
#<VirtualHost host.some_domain.com>
#ServerAdmin webmaster@host.some_domain.com
#DocumentRoot /www/docs/host.some_domain.com
#ServerName host.some_domain.com
#ErrorLog logs/host.some_domain.com-error_log
#TransferLog logs/host.some_domain.com-access_log
#</VirtualHost>

<VirtualHost localhost>
ServerAdmin webmaster@host.some_domain.com
DocumentRoot /www/docs/host.some_domain.com
ServerName hostA.domain.com
</VirtualHost>

<VirtualHost localhost:443>
SSLEnable
SSLCACertificateFile /usr/local/ssl/certs/localhost.cert
SSLCertificateFile /usr/local/ssl/certs/localhost.crt
SSLCertificateKeyFile /usr/local/ssl/private/localhost.key
</VirtualHost>