diff --git a/config/httpd/conf.d/php5.conf b/config/httpd/conf.d/php5.conf
new file mode 100644
index 000000000..5136b15d3
--- /dev/null
+++ b/config/httpd/conf.d/php5.conf
@@ -0,0 +1,14 @@
+
+ AddType application/x-httpd-php .php3
+ AddType application/x-httpd-php .php4
+ AddType application/x-httpd-php .php5
+ AddType application/x-httpd-php .php
+ AddType application/x-httpd-php-source .php3s
+ AddType application/x-httpd-php-source .php4s
+ AddType application/x-httpd-php-source .php5s
+ AddType application/x-httpd-php-source .phps
+ DirectoryIndex index.php3
+ DirectoryIndex index.php4
+ DirectoryIndex index.php5
+ DirectoryIndex index.php
+
diff --git a/config/httpd/default-server.conf b/config/httpd/default-server.conf
new file mode 100644
index 000000000..824176fa6
--- /dev/null
+++ b/config/httpd/default-server.conf
@@ -0,0 +1,8 @@
+#
+# Global configuration that will be applicable for all virtual hosts, unless
+# deleted here, or overriden elswhere.
+#
+
+DocumentRoot /home/httpd/html
+
+#Include /etc/httpd/conf/conf.d/*.conf
diff --git a/config/httpd/global.conf b/config/httpd/global.conf
new file mode 100644
index 000000000..42bfaf37c
--- /dev/null
+++ b/config/httpd/global.conf
@@ -0,0 +1,9 @@
+Timeout 300
+ServerSignature on
+UseCanonicalName off
+ServerTokens OS
+LogLevel warn
+CustomLog /var/log/httpd/access_log combined
+Include /etc/httpd/conf/hostname.conf
+HostnameLookups off
+AddHandler cgi-script .cgi
diff --git a/config/httpd/httpd.conf b/config/httpd/httpd.conf
index 9422040eb..7e00b8826 100644
--- a/config/httpd/httpd.conf
+++ b/config/httpd/httpd.conf
@@ -1,159 +1,120 @@
-##
-## httpd.conf -- Apache HTTP server configuration file
-##
-ServerType standalone
-ServerRoot /etc/httpd
-
-LockFile /var/lock/httpd.lock
-PidFile /var/run/httpd.pid
-ScoreBoardFile /var/run/httpd.scoreboard
-Timeout 900
-KeepAlive On
-MaxKeepAliveRequests 100
-KeepAliveTimeout 15
-MinSpareServers 1
-MaxSpareServers 2
-StartServers 2
-MaxClients 10
-MaxRequestsPerChild 100
-Port 81
-Listen 81
-Listen 444
-User nobody
-Group nobody
-ServerAdmin root@localhost
-ServerTokens Prod
-DocumentRoot /home/httpd/html
-# Limit track/trace requests
-RewriteEngine on
-RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
-RewriteRule .* - [F]
-
-
- Options None
- AllowOverride None
-
-
- Options ExecCGI
- AllowOverride None
- Order allow,deny
- Allow from all
-
-
- AuthName "IPFire - Restricted"
- AuthType Basic
- AuthUserFile /var/ipfire/auth/users
- Require user admin
-
-ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/
-
- AllowOverride None
- Options None
- AuthName "IPFire - Restricted"
- AuthType Basic
- AuthUserFile /var/ipfire/auth/users
- Require user admin
-
- Satisfy Any
- Allow from All
-
-
- Satisfy Any
- Allow from All
-
-
- Satisfy Any
- Allow from All
-
-
- Require user admin
-
-
-
- AllowOverride None
- Options None
- AuthName "IPFire - Restricted"
- AuthType Basic
- AuthUserFile /var/ipfire/auth/users
- Require user dial admin
-
-
- DirectoryIndex index.html index.htm index.shtml index.cgi
-
-AccessFileName .htaccess
-
- Order allow,deny
- Deny from all
-
-
- TypesConfig /etc/mime.types
-
-DefaultType text/plain
-
-HostnameLookups Off
-ErrorLog /var/log/httpd/error_log
-LogLevel warn
-LogFormat "%h %l %u %t \"%r\" %>s %b" common
-CustomLog /var/log/httpd/access_log common
-ServerSignature Off
-AddHandler cgi-script .cgi
-
- BrowserMatch "Mozilla/2" nokeepalive
- BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
- BrowserMatch "RealPlayer 4\.0" force-response-1.0
- BrowserMatch "Java/1\.0" force-response-1.0
- BrowserMatch "JDK/1\.0" force-response-1.0
-
-
-###
-### SSL Configuration
-###
-AddType application/x-x509-ca-cert .crt
-AddType application/x-pkcs7-crl .crl
-
-SSLPassPhraseDialog builtin
-SSLSessionCache dbm:/var/log/httpd/ssl_scache
-SSLSessionCacheTimeout 900
-SSLMutex file:/var/log/httpd/ssl_mutex
-SSLRandomSeed startup builtin
-SSLRandomSeed connect builtin
-SSLLog /var/log/httpd/ssl_engine_log
-SSLLogLevel info
-
-
- RewriteEngine on
- RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
- RewriteRule .* - [F]
- DocumentRoot /home/httpd/html
- ServerAdmin root@localhost
- ErrorLog /var/log/httpd/error_log
- TransferLog /var/log/httpd/access_log
- SSLEngine on
- SSLProtocol all -SSLv2
- SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP
- SSLCertificateFile /etc/httpd/server.crt
- SSLCertificateKeyFile /etc/httpd/server.key
-
- SSLOptions +StdEnvVars
-
-
- SSLOptions +StdEnvVars
-
- SetEnv HOME /home/nobody
- SetEnvIf User-Agent ".*MSIE.*" \
- nokeepalive ssl-unclean-shutdown \
- downgrade-1.0 force-response-1.0
- CustomLog /var/log/httpd/ssl_request_log \
- "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
-
-
-
- Options None
- AllowOverride None
- AuthName "IPFire - Restricted"
- AuthType Basic
- AuthUserFile /var/ipfire/auth/users
- require user admin
-
-
-include /etc/httpd/conf/hostname.conf
+#
+# /etc/httpd/conf/httpd.conf
+#
+# This is the main Apache2 server configuration file for IPFire.
+# Plese do not change this file!
+
+# Overview of include files, chronologically:
+#
+# httpd.conf
+# |
+# |-- uid.conf . . . . . . . . . . . . . . UserID/GroupID to run under
+# |-- server-tuning.conf . . . . . . . . . sizing of the server (how many processes to start, ...)
+# |-- loadmodule.conf . . . . . . . . . . . load these modules
+# |-- listen.conf . . . . . . . . . . . . . IP adresses / ports to listen on
+# |-- mod_log_config.conf . . . . . . . . . define logging formats
+# |-- sysconfig.d/global.conf . . . . . . . server-wide general settings
+# |-- mod_status.conf . . . . . . . . . . . restrict access to mod_status (server monitoring)
+# |-- mod_info.conf . . . . . . . . . . . . restrict access to mod_info
+# |-- mod_usertrack.conf . . . . . . . . . defaults for cookie-based user tracking
+# |-- mod_autoindex-defaults.conf . . . . . defaults for displaying of server-generated directory listings
+# |-- mod_mime-defaults.conf . . . . . . . defaults for mod_mime configuration
+# |-- errors.conf . . . . . . . . . . . . . customize error responses
+# |-- ssl-global.conf . . . . . . . . . . . SSL conf that applies to default server _and all_ virtual hosts
+# |
+# |-- default-server.conf . . . . . . . . . set up the default server that replies to non-virtual-host requests
+# |
+# `-- vhosts.d/ . . . . . . . . . . . . . . for each virtual host, place one file here
+# `-- *.conf . . . . . . . . . . . . . (*.conf is automatically included)
+#
+
+### Global Environment ######################################################
+#
+# The directives in this section affect the overall operation of Apache,
+# such as the number of concurrent requests.
+
+# run under this user/group id
+Include /etc/httpd/conf/uid.conf
+
+# - how many server processes to start (server pool regulation)
+# - usage of KeepAlive
+Include /etc/httpd/conf/server-tuning.conf
+
+# ErrorLog: The location of the error log file.
+# If you do not specify an ErrorLog directive within a
+# container, error messages relating to that virtual host will be
+# logged here. If you *do* define an error logfile for a
+# container, that host's errors will be logged there and not here.
+ErrorLog /var/log/httpd/error_log
+
+# Load Modules here
+Include /etc/httpd/conf/loadmodule.conf
+
+# IP addresses / ports to listen on
+Include /etc/httpd/conf/listen.conf
+
+# predefined logging formats
+Include /etc/httpd/conf/mod_log_config.conf
+
+# global settings
+Include /etc/httpd/conf/global.conf
+
+# optional mod_status, mod_info
+#Include /etc/httpd/conf/mod_status.conf
+#Include /etc/httpd/conf/mod_info.conf
+
+# associate MIME types with filename extensions
+TypesConfig /etc/mime.types
+DefaultType text/plain
+
+# global (server-wide) SSL configuration, that is not specific to
+# any virtual host
+Include /etc/httpd/conf/ssl-global.conf
+
+
+ Options None
+ AllowOverride None
+
+
+# use .htaccess files for overriding,
+AccessFileName .htaccess
+# and never show them
+
+ Order allow,deny
+ Deny from all
+
+
+# List of resources to look for when the client requests a directory
+DirectoryIndex index.html index.htm index.shtml index.cgi
+
+### 'Main' server configuration #############################################
+#
+# The directives in this section set up the values used by the 'main'
+# server, which responds to any requests that aren't handled by a
+# definition. These values also provide defaults for
+# any containers you may define later in the file.
+#
+# All of these directives may appear inside containers,
+# in which case these default settings will be overridden for the
+# virtual host being defined.
+#
+Include /etc/httpd/conf/default-server.conf
+
+
+### Virtual server configuration ############################################
+#
+# VirtualHost: If you want to maintain multiple domains/hostnames on your
+# machine you can setup VirtualHost containers for them. Most configurations
+# use only name-based virtual hosts so the server doesn't need to worry about
+# IP addresses. This is indicated by the asterisks in the directives below.
+#
+# Please see the documentation at
+#
+# for further details before you try to setup virtual hosts.
+#
+# You may use the command line option '-S' to verify your virtual host
+# configuration.
+#
+Include /etc/httpd/conf/vhosts.d/*.conf
+
+
diff --git a/config/httpd/listen.conf b/config/httpd/listen.conf
new file mode 100644
index 000000000..cefce5396
--- /dev/null
+++ b/config/httpd/listen.conf
@@ -0,0 +1,2 @@
+Listen 81
+Listen 444
diff --git a/config/httpd/loadmodule.conf b/config/httpd/loadmodule.conf
new file mode 100644
index 000000000..88112b44e
--- /dev/null
+++ b/config/httpd/loadmodule.conf
@@ -0,0 +1,51 @@
+LoadModule authn_file_module /usr/lib/apache/mod_authn_file.so
+LoadModule authn_dbm_module /usr/lib/apache/mod_authn_dbm.so
+LoadModule authn_anon_module /usr/lib/apache/mod_authn_anon.so
+LoadModule authn_dbd_module /usr/lib/apache/mod_authn_dbd.so
+LoadModule authn_default_module /usr/lib/apache/mod_authn_default.so
+LoadModule authz_host_module /usr/lib/apache/mod_authz_host.so
+LoadModule authz_groupfile_module /usr/lib/apache/mod_authz_groupfile.so
+LoadModule authz_user_module /usr/lib/apache/mod_authz_user.so
+LoadModule authz_dbm_module /usr/lib/apache/mod_authz_dbm.so
+LoadModule authz_owner_module /usr/lib/apache/mod_authz_owner.so
+LoadModule authz_default_module /usr/lib/apache/mod_authz_default.so
+LoadModule auth_basic_module /usr/lib/apache/mod_auth_basic.so
+LoadModule auth_digest_module /usr/lib/apache/mod_auth_digest.so
+#LoadModule dbd_module /usr/lib/apache/mod_dbd.so
+LoadModule dumpio_module /usr/lib/apache/mod_dumpio.so
+LoadModule ext_filter_module /usr/lib/apache/mod_ext_filter.so
+LoadModule include_module /usr/lib/apache/mod_include.so
+LoadModule filter_module /usr/lib/apache/mod_filter.so
+LoadModule deflate_module /usr/lib/apache/mod_deflate.so
+LoadModule log_config_module /usr/lib/apache/mod_log_config.so
+LoadModule log_forensic_module /usr/lib/apache/mod_log_forensic.so
+LoadModule logio_module /usr/lib/apache/mod_logio.so
+LoadModule env_module /usr/lib/apache/mod_env.so
+LoadModule mime_magic_module /usr/lib/apache/mod_mime_magic.so
+LoadModule cern_meta_module /usr/lib/apache/mod_cern_meta.so
+LoadModule expires_module /usr/lib/apache/mod_expires.so
+LoadModule headers_module /usr/lib/apache/mod_headers.so
+LoadModule ident_module /usr/lib/apache/mod_ident.so
+LoadModule usertrack_module /usr/lib/apache/mod_usertrack.so
+LoadModule unique_id_module /usr/lib/apache/mod_unique_id.so
+LoadModule setenvif_module /usr/lib/apache/mod_setenvif.so
+LoadModule version_module /usr/lib/apache/mod_version.so
+LoadModule mime_module /usr/lib/apache/mod_mime.so
+LoadModule dav_module /usr/lib/apache/mod_dav.so
+LoadModule status_module /usr/lib/apache/mod_status.so
+LoadModule autoindex_module /usr/lib/apache/mod_autoindex.so
+LoadModule asis_module /usr/lib/apache/mod_asis.so
+LoadModule info_module /usr/lib/apache/mod_info.so
+LoadModule cgi_module /usr/lib/apache/mod_cgi.so
+LoadModule dav_fs_module /usr/lib/apache/mod_dav_fs.so
+LoadModule vhost_alias_module /usr/lib/apache/mod_vhost_alias.so
+LoadModule negotiation_module /usr/lib/apache/mod_negotiation.so
+LoadModule dir_module /usr/lib/apache/mod_dir.so
+LoadModule imagemap_module /usr/lib/apache/mod_imagemap.so
+LoadModule actions_module /usr/lib/apache/mod_actions.so
+LoadModule speling_module /usr/lib/apache/mod_speling.so
+LoadModule userdir_module /usr/lib/apache/mod_userdir.so
+LoadModule alias_module /usr/lib/apache/mod_alias.so
+LoadModule rewrite_module /usr/lib/apache/mod_rewrite.so
+LoadModule ssl_module /usr/lib/apache/mod_ssl.so
+LoadModule php5_module /usr/lib/apache/libphp5.so
diff --git a/config/httpd/mod_info.conf b/config/httpd/mod_info.conf
new file mode 100644
index 000000000..f19885b73
--- /dev/null
+++ b/config/httpd/mod_info.conf
@@ -0,0 +1,14 @@
+#
+# Allow remote server configuration reports, with the URL of
+# http://servername/server-info (requires that mod_info.c be loaded).
+#
+# see http://httpd.apache.org/docs-2.0/mod/mod_info.html
+#
+
+
+ SetHandler server-info
+ Order deny,allow
+ Deny from all
+ Allow from localhost
+
+
diff --git a/config/httpd/mod_log_config.conf b/config/httpd/mod_log_config.conf
new file mode 100644
index 000000000..89ad09a80
--- /dev/null
+++ b/config/httpd/mod_log_config.conf
@@ -0,0 +1,31 @@
+#
+# The following directives define some format nicknames for use with
+# a CustomLog directive.
+#
+
+#
+# Format string: Nickname:
+#
+LogFormat "%h %l %u %t \"%r\" %>s %b" common
+LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
+LogFormat "%{Referer}i -> %U" referer
+LogFormat "%{User-agent}i" agent
+LogFormat "%h %l %u %t \"%r\" %>s %b \
+\"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%v %h %l %u %t \"%r\" %>s %b \
+\"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+
+# To use %I and %O, you need to enable mod_logio
+
+LogFormat "%h %l %u %t \"%r\" %>s %b \
+\"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
+
+
+# Use one of these when you want a compact non-error SSL logfile on a virtual
+# host basis:
+
+Logformat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \
+\"%r\" %b" ssl_common
+Logformat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \
+\"%r\" %b \"%{Referer}i\" \"%{User-Agent}i\"" ssl_combined
+
diff --git a/config/httpd/mod_status.conf b/config/httpd/mod_status.conf
new file mode 100644
index 000000000..dc7312227
--- /dev/null
+++ b/config/httpd/mod_status.conf
@@ -0,0 +1,14 @@
+#
+# Allow server status reports generated by mod_status,
+# with the URL of http://servername/server-status
+#
+# see http://httpd.apache.org/docs-2.0/mod/mod_status.html
+#
+
+
+ SetHandler server-status
+ Order deny,allow
+ Deny from all
+ Allow from localhost
+
+
diff --git a/config/httpd/server-tuning.conf b/config/httpd/server-tuning.conf
new file mode 100644
index 000000000..9cb766232
--- /dev/null
+++ b/config/httpd/server-tuning.conf
@@ -0,0 +1,34 @@
+#
+# KeepAlive: Whether or not to allow persistent connections (more than
+# one request per connection). Set to "Off" to deactivate.
+#
+KeepAlive On
+
+#
+# MaxKeepAliveRequests: The maximum number of requests to allow
+# during a persistent connection. Set to 0 to allow an unlimited amount.
+# We recommend you leave this number high, for maximum performance.
+#
+MaxKeepAliveRequests 100
+
+#
+# KeepAliveTimeout: Number of seconds to wait for the next request from the
+# same client on the same connection.
+#
+KeepAliveTimeout 15
+
+MinSpareServers 1
+MaxSpareServers 2
+StartServers 2
+MaxClients 10
+MaxRequestsPerChild 100
+
+#
+# The following directives modify normal HTTP response behavior to
+# handle known problems with browser implementations.
+#
+BrowserMatch "Mozilla/2" nokeepalive
+BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
+BrowserMatch "RealPlayer 4\.0" force-response-1.0
+BrowserMatch "Java/1\.0" force-response-1.0
+BrowserMatch "JDK/1\.0" force-response-1.0
diff --git a/config/httpd/ssl-global.conf b/config/httpd/ssl-global.conf
new file mode 100644
index 000000000..458339add
--- /dev/null
+++ b/config/httpd/ssl-global.conf
@@ -0,0 +1,69 @@
+##
+## SSL Global Context
+##
+## All SSL configuration in this context applies both to
+## the main server and all SSL-enabled virtual hosts.
+##
+
+# These are the configuration directives to instruct the server how to
+# serve pages over an https connection. For detailing information about these
+# directives see
+#
+# Do NOT simply read the instructions in here without understanding
+# what they do. They're here only as hints or reminders. If you are unsure
+# consult the online docs. You have been warned.
+
+# This global SSL configuration is ignored if
+# "SSL" is not defined, or if "NOSSL" is defined.
+
+
+
+
+ #
+ # Some MIME-types for downloading Certificates and CRLs
+ #
+ AddType application/x-x509-ca-cert .crt
+ AddType application/x-pkcs7-crl .crl
+
+ # Pass Phrase Dialog:
+ # Configure the pass phrase gathering process.
+ # The filtering dialog program (`builtin' is a internal
+ # terminal dialog) has to provide the pass phrase on stdout.
+ SSLPassPhraseDialog builtin
+
+ # Inter-Process Session Cache:
+ # Configure the SSL Session Cache: First the mechanism
+ # to use and second the expiring timeout (in seconds).
+ # shm means the same as shmht.
+ # Note that on most platforms shared memory segments are not allowed to be on
+ # network-mounted drives, so in that case you need to use the dbm method.
+ #SSLSessionCache none
+ #SSLSessionCache dbm:/var/log/httpd/ssl_scache
+ #SSLSessionCache shmht:/var/log/httpd/ssl_scache(512000)
+ SSLSessionCache shmcb:/var/log/httpd/ssl_scache(512000)
+ SSLSessionCacheTimeout 900
+
+ # Semaphore:
+ # Configure the path to the mutual exclusion semaphore the
+ # SSL engine uses internally for inter-process synchronization.
+ SSLMutex file:/var/log/httpd/ssl_mutex
+
+ # Pseudo Random Number Generator (PRNG):
+ # Configure one or more sources to seed the PRNG of the
+ # SSL library. The seed data should be of good random quality.
+ # WARNING! On some platforms /dev/random blocks if not enough entropy
+ # is available. This means you then cannot use the /dev/random device
+ # because it would lead to very long connection times (as long as
+ # it requires to make more entropy available). But usually those
+ # platforms additionally provide a /dev/urandom device which doesn't
+ # block. So, if available, use this one instead. Read the mod_ssl User
+ # Manual for more details.
+ SSLRandomSeed startup builtin
+ SSLRandomSeed connect builtin
+
+ SSLLog /var/log/httpd/ssl_engine_log
+ SSLLogLevel info
+
+
+
+
diff --git a/config/httpd/uid.conf b/config/httpd/uid.conf
new file mode 100644
index 000000000..cb6963733
--- /dev/null
+++ b/config/httpd/uid.conf
@@ -0,0 +1,2 @@
+User nobody
+Group nobody
diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
new file mode 100644
index 000000000..830d3125c
--- /dev/null
+++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf
@@ -0,0 +1,71 @@
+
+
+ RewriteEngine on
+ RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
+ RewriteRule .* - [F]
+ DocumentRoot /home/httpd/html
+ ServerAdmin root@localhost
+ ErrorLog /var/log/httpd/error_log
+ TransferLog /var/log/httpd/access_log
+ SSLEngine on
+ SSLProtocol all -SSLv2
+ SSLCipherSuite ALL:!ADH:!EXPORT56:!eNULL:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP
+ SSLCertificateFile /etc/httpd/server.crt
+ SSLCertificateKeyFile /etc/httpd/server.key
+
+ Options ExecCGI
+ AllowOverride None
+ Order allow,deny
+ Allow from all
+
+
+ AuthName "IPFire - Restricted"
+ AuthType Basic
+ AuthUserFile /var/ipfire/auth/users
+ Require user admin
+
+ ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/
+
+ AllowOverride None
+ Options None
+ AuthName "IPFire - Restricted"
+ AuthType Basic
+ AuthUserFile /var/ipfire/auth/users
+ Require user admin
+
+ Satisfy Any
+ Allow from All
+
+
+ Satisfy Any
+ Allow from All
+
+
+ Satisfy Any
+ Allow from All
+
+
+ Require user admin
+
+
+
+ AllowOverride None
+ Options None
+ AuthName "IPFire - Restricted"
+ AuthType Basic
+ AuthUserFile /var/ipfire/auth/users
+ Require user dial admin
+
+
+ SSLOptions +StdEnvVars
+
+
+ SSLOptions +StdEnvVars
+
+ SetEnv HOME /home/nobody
+ SetEnvIf User-Agent ".*MSIE.*" \
+ nokeepalive ssl-unclean-shutdown \
+ downgrade-1.0 force-response-1.0
+ CustomLog /var/log/httpd/ssl_request_log \
+ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
diff --git a/config/httpd/vhosts.d/ipfire-interface.conf b/config/httpd/vhosts.d/ipfire-interface.conf
new file mode 100644
index 000000000..85dea4c72
--- /dev/null
+++ b/config/httpd/vhosts.d/ipfire-interface.conf
@@ -0,0 +1,54 @@
+
+
+ DocumentRoot /home/httpd/html
+
+ RewriteEngine on
+ RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
+ RewriteRule .* - [F]
+
+
+ Options ExecCGI
+ AllowOverride None
+ Order allow,deny
+ Allow from all
+
+
+ AuthName "IPFire - Restricted"
+ AuthType Basic
+ AuthUserFile /var/ipfire/auth/users
+ Require user admin
+
+ ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/
+
+ AllowOverride None
+ Options None
+ AuthName "IPFire - Restricted"
+ AuthType Basic
+ AuthUserFile /var/ipfire/auth/users
+ Require user admin
+
+ Satisfy Any
+ Allow from All
+
+
+ Satisfy Any
+ Allow from All
+
+
+ Satisfy Any
+ Allow from All
+
+
+ Require user admin
+
+
+
+ AllowOverride None
+ Options None
+ AuthName "IPFire - Restricted"
+ AuthType Basic
+ AuthUserFile /var/ipfire/auth/users
+ Require user dial admin
+
+
+
\ No newline at end of file
diff --git a/lfs/apache2 b/lfs/apache2
index aee81502c..2e79faf85 100644
--- a/lfs/apache2
+++ b/lfs/apache2
@@ -117,7 +117,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
/usr/share/man/man8/{ab,apachectl,apxs,htcacheclean,httpd}.8 \
/usr/share/man/man8/{logresolve,rotatelogs,suexec}.8
- sed 's+CONFIG_ROOT+$(CONFIG_ROOT)+g' $(DIR_SRC)/config/httpd/httpd.conf > /etc/httpd/conf/httpd.conf
+ cp -rf $(DIR_CONF)/httpd/* /etc/httpd/conf
ln -sf $(CONFIG_ROOT)/main/hostname.conf /etc/httpd/conf/
# Copy all html/cgi-bin files
diff --git a/lfs/cdrom b/lfs/cdrom
index b346f10b8..a94a739e3 100644
--- a/lfs/cdrom
+++ b/lfs/cdrom
@@ -89,8 +89,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
mkdir -p /install/cdrom/{doc,dosutils,images}
sed -e "s/KVER/$(KVER)/g" $(DIR_SRC)/src/ROOTFILES.$(MACHINE) > /tmp/ROOTFILES
tar -c -C / --files-from=/tmp/ROOTFILES \
- -f /$(SNAME).tar --exclude='#*' --exclude='dev/pts/*' \
- --exclude='proc/*'
+ -f /$(SNAME).tar --exclude='#*' --exclude='dev/pts/*' \
+ --exclude='proc/*' --exclude='tmp/ROOTFILES'
rm -f /tmp/ROOTFILES
tar -x -C /tmp -f /$(SNAME).tar
rm -f /$(SNAME).tar
diff --git a/lfs/linux b/lfs/linux
index d6e227a4a..59a0b9b31 100644
--- a/lfs/linux
+++ b/lfs/linux
@@ -27,6 +27,7 @@
include Config
VER = 2.4.33
+PATCHLEVEL = 2.4.33.3
THISAPP = linux-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,19 +41,19 @@ CXXFLAGS =
ifeq "$(ROOT)" ""
ifeq "$(LFS_PASS)" "ipfire"
ifeq "$(SMP)" ""
- TARGET = $(DIR_INFO)/$(THISAPP)-ipfire
+ TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)-ipfire
endif
ifeq "$(SMP)" "1"
- TARGET = $(DIR_INFO)/$(THISAPP)-ipfire-smp
+ TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)-ipfire-smp
endif
ifeq "$(SMP)" "installer"
- TARGET = $(DIR_INFO)/$(THISAPP)-ipfire-installer
+ TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)-ipfire-installer
endif
else
- TARGET = $(DIR_INFO)/$(THISAPP)
+ TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)
endif
else
- TARGET = $(DIR_INFO)/$(THISAPP)-tools
+ TARGET = $(DIR_INFO)/linux-$(PATCHLEVEL)-tools
endif
###############################################################################
@@ -64,25 +65,26 @@ objects =$(DL_FILE) \
patch-o-matic-ng-20060206.tar.bz2 \
kbc_option_2420.patch \
net4801.kernel.patch_2.4.31 \
- netfilter-layer7-v2.1.tar.gz
+ netfilter-layer7-v2.1.tar.gz \
+ patch-$(PATCHLEVEL).bz2
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+patch-$(PATCHLEVEL).bz2 = $(DL_FROM)/patch-$(PATCHLEVEL).bz2
openswan-1.0.10rc2.tar.gz = $(URL_IPFIRE)/openswan-1.0.10rc2.tar.gz
patch-o-matic-ng-20060206.tar.bz2 = $(URL_IPFIRE)/patch-o-matic-ng-20060206.tar.bz2
iptables-1.3.5.tar.bz2 = $(URL_IPFIRE)/iptables-1.3.5.tar.bz2
kbc_option_2420.patch = $(URL_IPFIRE)/kbc_option_2420.patch
net4801.kernel.patch_2.4.31 = $(URL_IPFIRE)/net4801.kernel.patch_2.4.31
netfilter-layer7-v2.1.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.1.tar.gz
-#bootsplash-3.0.7-2.4.31-vanilla.diff = $(URL_IPFIRE)/bootsplash-3.0.7-2.4.31-vanilla.diff
$(DL_FILE)_MD5 = 4d258d4267de64f0a22e23f6ab026990
+patch-$(PATCHLEVEL).bz2_MD5 = 3597da59e82a495d97e1f0ecd8fc5d4d
openswan-1.0.10rc2.tar.gz_MD5 = 20d51ff963da78f826f4e0f0ebc4bcef
patch-o-matic-ng-20060206.tar.bz2_MD5 = eca9893afb753e331caddfe63142b566
iptables-1.3.5.tar.bz2_MD5 = 00fb916fa8040ca992a5ace56d905ea5
kbc_option_2420.patch_MD5 = 6d37870344f7fcf97ace1fbf43323c60
net4801.kernel.patch_2.4.31_MD5 = c7d64e3caedb2f2b10e1c11db7f73a04
netfilter-layer7-v2.1.tar.gz_MD5 = 551626a158c2a2cbfd937d27ecc7fac1
-#bootsplash-3.0.7-2.4.31-vanilla.diff = 767c263d1d28827d51abc83945e4b893
install : $(TARGET)
@@ -112,6 +114,11 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) $(DIR_SRC)/linux && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && bzcat $(DIR_DL)/patch-$(PATCHLEVEL).bz2 | patch -p1
+ # Remove patch level in EXTRAVERSION.
+ # We want to avoid the need to supply a full kernel
+ # (installed in a different place) if only one part could be updated
+ cd $(DIR_APP) && sed -i -e 's/EXTRAVERSION\ =.*/EXTRAVERSION\ =/' Makefile
cd $(DIR_SRC) && ln -sf linux-$(VER) linux
cd $(DIR_APP) && sed -i -e 's/-Werror//' drivers/scsi/aic7xxx/Makefile
diff --git a/lfs/openssl b/lfs/openssl
index fe40b7356..5beb4a24a 100644
--- a/lfs/openssl
+++ b/lfs/openssl
@@ -72,11 +72,12 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ @rm -rf /etc/ssl
cd $(DIR_APP) && sed -i -e 's/-O3/-O2/' -e 's/-m486/-mcpu=i386/' Configure
cd $(DIR_APP) && chmod 755 Configure
cd $(DIR_APP) && ./config --openssldir=/etc/ssl --prefix=/usr 386 \
no-idea no-threads no-mdc2 no-rc5 no-ec zlib-dynamic shared
- cd $(DIR_APP) && sed -i 's%SHLIBDIRS= fips crypto ssl%SHLIBDIRS= crypto ssl%g' Makefile
+ cd $(DIR_APP) && sed -i 's/^PROCESSOR= 386/PROCESSOR=386/g' Makefile
cd $(DIR_APP) && make depend
cd $(DIR_APP) && make MANDIR=/usr/share/man
cd $(DIR_APP) && make MANDIR=/usr/share/man install
diff --git a/lfs/syslinux b/lfs/syslinux
index 94035d511..a22f13f59 100644
--- a/lfs/syslinux
+++ b/lfs/syslinux
@@ -22,7 +22,7 @@
# ??-12-2003 Mark Wormgoor < mark@wormgoor.com> #
# - Modified Makefile for IPCop build #
# #
-# $Id: syslinux,v 1.6.2.9 2005/02/05 15:38:16 gespinasse Exp $
+# $Id: syslinux,v 1.6.2.11 2006/09/18 06:23:26 gespinasse Exp $
# #
###############################################################################
@@ -32,11 +32,11 @@
include Config
-VER = 2.11
+VER = 3.20
THISAPP = syslinux-$(VER)
DL_FILE = $(THISAPP).tar.gz
-DL_FROM = $(URL_KERNEL)/linux/utils/boot/syslinux/Old
+DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = a73c4b32629c925676660c468ef3cf1a
+$(DL_FILE)_MD5 = dbb7c5acfa58220a158cd67854ef4625
install : $(TARGET)
@@ -78,8 +78,7 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP)/sample && sed -i 's%^CFLAGS.*$$%CFLAGS = $(CFLAGS) -fno-stack-protector -fomit-frame-pointer -I../com32/include%' Makefile
- cd $(DIR_APP) && sed -i 's%^CFLAGS.*$$%CFLAGS = $(CFLAGS) -fno-stack-protector -fomit-frame-pointer -D_FILE_OFFSET_BITS=64%' Makefile
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/syslinux-3.11-nossp.patch
cd $(DIR_APP) && make install
@rm -rf $(DIR_APP)
@$(POSTBUILD)
diff --git a/src/ROOTFILES.i386 b/src/ROOTFILES.i386
index 929ac2909..2b101fe4e 100644
--- a/src/ROOTFILES.i386
+++ b/src/ROOTFILES.i386
@@ -20995,6 +20995,22 @@ usr/sbin/Fw-usb_A.bin
#etc/httpd/conf/extra/httpd-userdir.conf
#etc/httpd/conf/extra/httpd-vhosts.conf
etc/httpd/conf/httpd.conf
+etc/httpd/conf/conf.d
+etc/httpd/conf/default-server.conf
+etc/httpd/conf/global.conf
+etc/httpd/conf/hostname.conf
+etc/httpd/conf/httpd.conf
+etc/httpd/conf/listen.conf
+etc/httpd/conf/loadmodule.conf
+etc/httpd/conf/mod_info.conf
+etc/httpd/conf/mod_log_config.conf
+etc/httpd/conf/mod_status.conf
+etc/httpd/conf/server-tuning.conf
+etc/httpd/conf/ssl-global.conf
+etc/httpd/conf/uid.conf
+#etc/httpd/conf/vhosts.d
+etc/httpd/conf/vhosts.d/ipfire-interface.conf
+etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf
#etc/httpd/conf/magic
#etc/httpd/conf/mime.types
#etc/httpd/conf/original
diff --git a/src/install+setup/setup/passwords.c b/src/install+setup/setup/passwords.c
index 37e855cc5..a2f28f97f 100644
--- a/src/install+setup/setup/passwords.c
+++ b/src/install+setup/setup/passwords.c
@@ -1,123 +1,123 @@
-/* SmoothWall setup program.
- *
- * This program is distributed under the terms of the GNU General Public
- * Licence. See the file COPYING for details.
- *
- * (c) Lawrence Manning, 2001
- * Password stuff.
- *
- * $Id: passwords.c,v 1.5.2.1 2004/04/14 22:05:41 gespinasse Exp $
- *
- */
-
-#include "setup.h"
-
-extern FILE *flog;
-extern char *mylog;
-
-extern char **ctr;
-
-extern int automode;
-
-int getpassword(char *password, char *text);
-
-/* Root password. */
-int handlerootpassword(void)
-{
- char password[STRING_SIZE];
- char commandstring[STRING_SIZE];
-
- /* Root password. */
- if (getpassword(password, ctr[TR_ENTER_ROOT_PASSWORD]) == 2)
- return 0;
-
- snprintf(commandstring, STRING_SIZE,
- "/bin/echo 'root:%s' | /usr/sbin/chpasswd", password);
- if (runhiddencommandwithstatus(commandstring, ctr[TR_SETTING_ROOT_PASSWORD]))
- {
- errorbox(ctr[TR_PROBLEM_SETTING_ROOT_PASSWORD]);
- return 0;
- }
-
- return 1;
-}
-
-int handleadminpassword(void)
-{
- char password[STRING_SIZE];
- char commandstring[STRING_SIZE];
- char message[1000];
-
- /* web interface admin password. */
- sprintf(message, ctr[TR_ENTER_ADMIN_PASSWORD], NAME, NAME);
- if (getpassword(password, message) == 2)
- return 0;
-
- snprintf(commandstring, STRING_SIZE,
- "/usr/bin/htpasswd -c -m -b " CONFIG_ROOT "/auth/users admin '%s'", password);
- sprintf(message, ctr[TR_SETTING_ADMIN_PASSWORD], NAME);
- if (runhiddencommandwithstatus(commandstring, message))
- {
- sprintf(message, ctr[TR_PROBLEM_SETTING_ADMIN_PASSWORD], NAME);
- errorbox(message);
- return 0;
- }
-
- return 1;
-}
-
-/* Taken from the cdrom one. */
-int getpassword(char *password, char *text)
-{
- char *values[] = { NULL, NULL, NULL }; /* pointers for the values. */
- struct newtWinEntry entries[] =
- {
- { ctr[TR_PASSWORD_PROMPT], &values[0], 2 },
- { ctr[TR_AGAIN_PROMPT], &values[1], 2 },
- { NULL, NULL, 0 }
- };
- char title[STRING_SIZE];
- int rc;
- int done;
-
- do
- {
- done = 1;
- sprintf (title, "%s v%s - %s", NAME, VERSION, SLOGAN);
- rc = newtWinEntries(title, text,
- 50, 5, 5, 20, entries, ctr[TR_OK], ctr[TR_CANCEL], NULL);
-
- if (rc != 2)
- {
- if (strlen(values[0]) == 0 || strlen(values[1]) == 0)
- {
- errorbox(ctr[TR_PASSWORD_CANNOT_BE_BLANK]);
- done = 0;
- strcpy(values[0], "");
- strcpy(values[1], "");
- }
- else if (strcmp(values[0], values[1]) != 0)
- {
- errorbox(ctr[TR_PASSWORDS_DO_NOT_MATCH]);
- done = 0;
- strcpy(values[0], "");
- strcpy(values[1], "");
- }
- else if (strchr(values[0], ' '))
- {
- errorbox(ctr[TR_PASSWORD_CANNOT_CONTAIN_SPACES]);
- done = 0;
- strcpy(values[0], "");
- strcpy(values[1], "");
- }
- }
- }
- while (!done);
-
- strncpy(password, values[0], STRING_SIZE);
-
- if (values[0]) free(values[0]);
- if (values[1]) free(values[1]);
-
- return rc;
-}
+/* SmoothWall setup program.
+ *
+ * This program is distributed under the terms of the GNU General Public
+ * Licence. See the file COPYING for details.
+ *
+ * (c) Lawrence Manning, 2001
+ * Password stuff.
+ *
+ * $Id: passwords.c,v 1.5.2.1 2004/04/14 22:05:41 gespinasse Exp $
+ *
+ */
+
+#include "setup.h"
+
+extern FILE *flog;
+extern char *mylog;
+
+extern char **ctr;
+
+extern int automode;
+
+int getpassword(char *password, char *text);
+
+/* Root password. */
+int handlerootpassword(void)
+{
+ char password[STRING_SIZE];
+ char commandstring[STRING_SIZE];
+
+ /* Root password. */
+ if (getpassword(password, ctr[TR_ENTER_ROOT_PASSWORD]) == 2)
+ return 0;
+
+ snprintf(commandstring, STRING_SIZE,
+ "/bin/echo 'root:%s' | /usr/sbin/chpasswd", password);
+ if (runhiddencommandwithstatus(commandstring, ctr[TR_SETTING_ROOT_PASSWORD]))
+ {
+ errorbox(ctr[TR_PROBLEM_SETTING_ROOT_PASSWORD]);
+ return 0;
+ }
+
+ return 1;
+}
+
+int handleadminpassword(void)
+{
+ char password[STRING_SIZE];
+ char commandstring[STRING_SIZE];
+ char message[1000];
+
+ /* web interface admin password. */
+ sprintf(message, ctr[TR_ENTER_ADMIN_PASSWORD], NAME, NAME);
+ if (getpassword(password, message) == 2)
+ return 0;
+
+ snprintf(commandstring, STRING_SIZE,
+ "/usr/sbin/htpasswd -c -m -b " CONFIG_ROOT "/auth/users admin '%s'", password);
+ sprintf(message, ctr[TR_SETTING_ADMIN_PASSWORD], NAME);
+ if (runhiddencommandwithstatus(commandstring, message))
+ {
+ sprintf(message, ctr[TR_PROBLEM_SETTING_ADMIN_PASSWORD], NAME);
+ errorbox(message);
+ return 0;
+ }
+
+ return 1;
+}
+
+/* Taken from the cdrom one. */
+int getpassword(char *password, char *text)
+{
+ char *values[] = { NULL, NULL, NULL }; /* pointers for the values. */
+ struct newtWinEntry entries[] =
+ {
+ { ctr[TR_PASSWORD_PROMPT], &values[0], 2 },
+ { ctr[TR_AGAIN_PROMPT], &values[1], 2 },
+ { NULL, NULL, 0 }
+ };
+ char title[STRING_SIZE];
+ int rc;
+ int done;
+
+ do
+ {
+ done = 1;
+ sprintf (title, "%s v%s - %s", NAME, VERSION, SLOGAN);
+ rc = newtWinEntries(title, text,
+ 50, 5, 5, 20, entries, ctr[TR_OK], ctr[TR_CANCEL], NULL);
+
+ if (rc != 2)
+ {
+ if (strlen(values[0]) == 0 || strlen(values[1]) == 0)
+ {
+ errorbox(ctr[TR_PASSWORD_CANNOT_BE_BLANK]);
+ done = 0;
+ strcpy(values[0], "");
+ strcpy(values[1], "");
+ }
+ else if (strcmp(values[0], values[1]) != 0)
+ {
+ errorbox(ctr[TR_PASSWORDS_DO_NOT_MATCH]);
+ done = 0;
+ strcpy(values[0], "");
+ strcpy(values[1], "");
+ }
+ else if (strchr(values[0], ' '))
+ {
+ errorbox(ctr[TR_PASSWORD_CANNOT_CONTAIN_SPACES]);
+ done = 0;
+ strcpy(values[0], "");
+ strcpy(values[1], "");
+ }
+ }
+ }
+ while (!done);
+
+ strncpy(password, values[0], STRING_SIZE);
+
+ if (values[0]) free(values[0]);
+ if (values[1]) free(values[1]);
+
+ return rc;
+}