diff options
| -rw-r--r-- | etc/examples/httpd.conf | 96 |
1 files changed, 22 insertions, 74 deletions
diff --git a/etc/examples/httpd.conf b/etc/examples/httpd.conf index c26d4ce5353..4e2e243bd65 100644 --- a/etc/examples/httpd.conf +++ b/etc/examples/httpd.conf @@ -1,81 +1,29 @@ -# $OpenBSD: httpd.conf,v 1.17 2017/04/16 08:50:49 ajacoutot Exp $ - -# -# Macros -# -ext_addr="*" - -# -# Global Options -# -# prefork 3 - -# -# Servers -# - -# A minimal default server -server "default" { - listen on $ext_addr port 80 +# $OpenBSD: httpd.conf,v 1.18 2018/03/23 11:36:41 florian Exp $ + +server "example.com" { + listen on * port 80 + listen on :: port 80 + location "/.well-known/acme-challenge/*" { + root "/acme" + root strip 2 + } + location * { + block return 302 "https://$HTTP_HOST$REQUEST_URI" + } } -# A name-based "virtual" server on the same address -server "www.example.com" { - listen on $ext_addr port 80 - - # Logging is enabled by default, but it can be turned off per server - #no log - +server "example.com" { + listen on * tls port 443 + listen on :: tls port 443 + tls { + certificate "/etc/ssl/example.com.fullchain.pem" + key "/etc/ssl/private/example.com.key" + } location "/pub/*" { directory auto index - log style combined - } - - location "*.php" { - fastcgi socket "/run/php-fpm.sock" } - - location "/cgi-bin/*" { - fastcgi - - # The /cgi-bin directory is outside of the document root - root "/" + location "/.well-known/acme-challenge/*" { + root "/acme" + root strip 2 } - - root "/htdocs/www.example.com" -} - -# An HTTPS server using SSL/TLS -server "secure.example.com" { - listen on 127.0.0.1 tls port 443 - - # TLS certificate and key files created with acme-client(1) - tls certificate "/etc/ssl/example.com.fullchain.pem" - tls key "/etc/ssl/private/example.com.key" - - # Define server-specific log files relative to /logs - log { access "secure-access.log", error "secure-error.log" } - - # Increase connection limits to extend the lifetime - connection { max requests 500, timeout 3600 } - - root "/htdocs/secure.example.com" -} - -# Another server on a different internal IPv4 address -server "intranet.example.com" { - listen on 10.0.0.1 port 80 - directory { auto index, index "default.htm" } - root "/htdocs/intranet.example.com" -} - -# An IPv6-based server on a non-standard port -server "ipv6.example.com" { - listen on 2001:db8::53f6:3eab port 81 - root "/htdocs/ipv6.example.com" -} - -# Include MIME types instead of the built-in ones -types { - include "/usr/share/misc/mime.types" } |