diff options
author | Donny Davies <woodchip@gentoo.org> | 2002-04-09 23:57:52 +0000 |
---|---|---|
committer | Donny Davies <woodchip@gentoo.org> | 2002-04-09 23:57:52 +0000 |
commit | c88ee90f2a8f77b791713e30678756ecb1336b43 (patch) | |
tree | 756568f730f9c4a1cf87db5489e054dee3ef7c71 /net-www/mod_ssl | |
parent | rewritten apache package; see changelog (diff) | |
download | historical-c88ee90f2a8f77b791713e30678756ecb1336b43.tar.gz historical-c88ee90f2a8f77b791713e30678756ecb1336b43.tar.bz2 historical-c88ee90f2a8f77b791713e30678756ecb1336b43.zip |
add a healthy selection of third-party modules to go along with the great apache rewrite ;)
Diffstat (limited to 'net-www/mod_ssl')
-rw-r--r-- | net-www/mod_ssl/ChangeLog | 9 | ||||
-rw-r--r-- | net-www/mod_ssl/files/digest-mod_ssl-2.8.8 | 1 | ||||
-rw-r--r-- | net-www/mod_ssl/files/gentestcrt.sh | 242 | ||||
-rw-r--r-- | net-www/mod_ssl/files/mod_ssl.conf | 69 | ||||
-rw-r--r-- | net-www/mod_ssl/files/ssl.default-vhost.conf | 151 | ||||
-rw-r--r-- | net-www/mod_ssl/mod_ssl-2.8.8.ebuild | 73 |
6 files changed, 545 insertions, 0 deletions
diff --git a/net-www/mod_ssl/ChangeLog b/net-www/mod_ssl/ChangeLog new file mode 100644 index 000000000000..a1d518931a8a --- /dev/null +++ b/net-www/mod_ssl/ChangeLog @@ -0,0 +1,9 @@ +# ChangeLog for net-www/mod_ssl +# Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL +# $Header: /var/cvsroot/gentoo-x86/net-www/mod_ssl/ChangeLog,v 1.1 2002/04/09 23:57:52 woodchip Exp $ + +*mod_ssl-2.8.8 (9 Apr 2002) + + 9 Apr 2002; Donny Davies <woodchip@gentoo.org> : + + New package to go along with the rewritten apache ebuild. diff --git a/net-www/mod_ssl/files/digest-mod_ssl-2.8.8 b/net-www/mod_ssl/files/digest-mod_ssl-2.8.8 new file mode 100644 index 000000000000..a66efcbff2ff --- /dev/null +++ b/net-www/mod_ssl/files/digest-mod_ssl-2.8.8 @@ -0,0 +1 @@ +MD5 a48e8b5878f221694983747e60973662 mod_ssl-2.8.8-1.3.24.tar.gz 752322 diff --git a/net-www/mod_ssl/files/gentestcrt.sh b/net-www/mod_ssl/files/gentestcrt.sh new file mode 100644 index 000000000000..d1e9e11facd9 --- /dev/null +++ b/net-www/mod_ssl/files/gentestcrt.sh @@ -0,0 +1,242 @@ +#!/bin/sh +## +## gentestcrt -- Create self-signed test certificate +## (C) 2001 Jean-Michel Dault <jmdault@mandrakesoft.com> and Mandrakesoft +## Based on cca.sh script by Ralf S. Engelschall +## + +# external tools +openssl="/usr/bin/openssl" + +# some optional terminal sequences +case $TERM in + xterm|xterm*|vt220|vt220*) + T_MD=`echo dummy | awk '{ printf("%c%c%c%c", 27, 91, 49, 109); }'` + T_ME=`echo dummy | awk '{ printf("%c%c%c", 27, 91, 109); }'` + ;; + vt100|vt100*) + T_MD=`echo dummy | awk '{ printf("%c%c%c%c%c%c", 27, 91, 49, 109, 0, 0); }'` + T_ME=`echo dummy | awk '{ printf("%c%c%c%c%c", 27, 91, 109, 0, 0); }'` + ;; + default) + T_MD='' + T_ME='' + ;; +esac + +# find some random files +# (do not use /dev/random here, because this device +# doesn't work as expected on all platforms) +randfiles='' +for file in /var/log/messages /var/adm/messages \ + /kernel /vmunix /vmlinuz \ + /etc/hosts /etc/resolv.conf; do + if [ -f $file ]; then + if [ ".$randfiles" = . ]; then + randfiles="$file" + else + randfiles="${randfiles}:$file" + fi + fi +done + + +echo "${T_MD}maketestcrt -- Create self-signed test certificate${T_ME}" +echo "(C) 2001 Jean-Michel Dault <jmdault@mandrakesoft.com> and Mandrakesoft" +echo "Based on cca.sh script by Ralf S. Engelschall" +echo "" + +grep -q -s DUMMY server.crt && mv server.crt server.crt.dummy +grep -q -s DUMMY server.key && mv server.key server.key.dummy + +echo "" +echo "" + +if [ ! -e ./server.crt -a ! -e ./server.key ];then + echo "Will create server.key and server.crt in `pwd`" +else + echo "server.key and server.crt already exist, dying" + exit +fi + +echo "" + + +mkdir -p /tmp/tmpssl-$$ +pushd /tmp/tmpssl-$$ > /dev/null + + + echo "${T_MD}INITIALIZATION${T_ME}" + + echo "" + echo "${T_MD}Generating custom Certificate Authority (CA)${T_ME}" + echo "______________________________________________________________________" + echo "" + echo "${T_MD}STEP 1: Generating RSA private key for CA (1024 bit)${T_ME}" + cp /dev/null ca.rnd + echo '01' >ca.ser + if [ ".$randfiles" != . ]; then + $openssl genrsa -rand $randfiles -out ca.key 1024 + else + $openssl genrsa -out ca.key 1024 + fi + if [ $? -ne 0 ]; then + echo "cca:Error: Failed to generate RSA private key" 1>&2 + exit 1 + fi + echo "______________________________________________________________________" + echo "" + echo "${T_MD}STEP 2: Generating X.509 certificate signing request for CA${T_ME}" + cat >.cfg <<EOT +[ req ] +default_bits = 1024 +distinguished_name = req_DN +RANDFILE = ca.rnd +[ req_DN ] +countryName = "1. Country Name (2 letter code)" +#countryName_default = CA +#countryName_min = 2 +countryName_max = 2 +stateOrProvinceName = "2. State or Province Name (full name) " +#stateOrProvinceName_default = "Quebec" +localityName = "3. Locality Name (eg, city) " +#localityName_default = "Montreal" +0.organizationName = "4. Organization Name (eg, company) " +0.organizationName_default = "Apache HTTP Server" +organizationalUnitName = "5. Organizational Unit Name (eg, section) " +organizationalUnitName_default = "For testing purposes only" +commonName = "6. Common Name (eg, CA name) " +commonName_max = 64 +commonName_default = "localhost" +emailAddress = "7. Email Address (eg, name@FQDN)" +emailAddress_max = 40 +#emailAddress_default = "root@localhost" +EOT + $openssl req -config .cfg -new -key ca.key -out ca.csr + if [ $? -ne 0 ]; then + echo "cca:Error: Failed to generate certificate signing request" 1>&2 + exit 1 + fi + echo "______________________________________________________________________" + echo "" + echo "${T_MD}STEP 3: Generating X.509 certificate for CA signed by itself${T_ME}" + cat >.cfg <<EOT +#extensions = x509v3 +#[ x509v3 ] +#subjectAltName = email:copy +#basicConstraints = CA:true,pathlen:0 +#nsComment = "CCA generated custom CA certificate" +#nsCertType = sslCA +EOT + $openssl x509 -extfile .cfg -req -days 365 -signkey ca.key -in ca.csr -out ca.crt + if [ $? -ne 0 ]; then + echo "cca:Error: Failed to generate self-signed CA certificate" 1>&2 + exit 1 + fi + echo "______________________________________________________________________" + echo "" + echo "${T_MD}RESULT:${T_ME}" + $openssl verify ca.crt + if [ $? -ne 0 ]; then + echo "cca:Error: Failed to verify resulting X.509 certificate" 1>&2 + exit 1 + fi + $openssl x509 -text -in ca.crt + $openssl rsa -text -in ca.key + + echo "${T_MD}CERTIFICATE GENERATION${T_ME}" + user="server" + + echo "" + echo "${T_MD}Generating custom USER${T_ME} [$user]" + echo "______________________________________________________________________" + echo "" + echo "${T_MD}STEP 5: Generating RSA private key for USER (1024 bit)${T_ME}" + if [ ".$randfiles" != . ]; then + $openssl genrsa -rand $randfiles -out $user.key 1024 + else + $openssl genrsa -out $user.key 1024 + fi + if [ $? -ne 0 ]; then + echo "cca:Error: Failed to generate RSA private key" 1>&2 + exit 1 + fi + echo "______________________________________________________________________" + echo "" + echo "${T_MD}STEP 6: Generating X.509 certificate signing request for USER${T_ME}" + cat >.cfg <<EOT +[ req ] +default_bits = 1024 +distinguished_name = req_DN +RANDFILE = ca.rnd +[ req_DN ] +countryName = "1. Country Name (2 letter code)" +#countryName_default = XY +#countryName_min = 2 +countryName_max = 2 +stateOrProvinceName = "2. State or Province Name (full name) " +#stateOrProvinceName_default = "Unknown" +localityName = "3. Locality Name (eg, city) " +#localityName_default = "Server Room" +0.organizationName = "4. Organization Name (eg, company) " +0.organizationName_default = "Apache HTTP Server" +organizationalUnitName = "5. Organizational Unit Name (eg, section) " +organizationalUnitName_default = "Test Certificate" +commonName = "6. Common Name (eg, DOMAIN NAME) " +commonName_max = 64 +commonName_default = "localhost" +emailAddress = "7. Email Address (eg, name@fqdn)" +emailAddress_max = 40 +#emailAddress_default = "root@localhost" +EOT + $openssl req -config .cfg -new -key $user.key -out $user.csr + if [ $? -ne 0 ]; then + echo "cca:Error: Failed to generate certificate signing request" 1>&2 + exit 1 + fi + rm -f .cfg + echo "______________________________________________________________________" + echo "" + echo "${T_MD}STEP 7: Generating X.509 certificate signed by own CA${T_ME}" + cat >.cfg <<EOT +#extensions = x509v3 +#[ x509v3 ] +#subjectAltName = email:copy +#basicConstraints = CA:false,pathlen:0 +#nsComment = "CCA generated client certificate" +#nsCertType = client +EOT + $openssl x509 -extfile .cfg -days 365 -CAserial ca.ser -CA ca.crt -CAkey ca.key -in $user.csr -req -out $user.crt + if [ $? -ne 0 ]; then + echo "cca:Error: Failed to generate X.509 certificate" 1>&2 + exit 1 + fi + caname="`$openssl x509 -noout -text -in ca.crt |\ + grep Subject: | sed -e 's;.*CN=;;' -e 's;/Em.*;;'`" + username="`$openssl x509 -noout -text -in $user.crt |\ + grep Subject: | sed -e 's;.*CN=;;' -e 's;/Em.*;;'`" +# echo "Assembling PKCS#12 package" +# $openssl pkcs12 -export -in $user.crt -inkey $user.key -certfile ca.crt -name "$username" -caname "$caname" -out $user.p12 + echo "______________________________________________________________________" + echo "" + echo "${T_MD}RESULT:${T_ME}" + $openssl verify -CAfile ca.crt $user.crt + if [ $? -ne 0 ]; then + echo "cca:Error: Failed to verify resulting X.509 certificate" 1>&2 + exit 1 + fi + $openssl x509 -text -in $user.crt + $openssl rsa -text -in $user.key + + +popd >/dev/null + + +rm -f /tmp/tmpssl-$$/*.csr +rm -f /tmp/tmpssl-$$/ca.* +chmod 400 /tmp/tmpssl-$$/* + +echo "Certificate creation done!" +cp /tmp/tmpssl-$$/server.* . + +rm -rf /tmp/tmpssl-$$ diff --git a/net-www/mod_ssl/files/mod_ssl.conf b/net-www/mod_ssl/files/mod_ssl.conf new file mode 100644 index 000000000000..90ff9a0219d1 --- /dev/null +++ b/net-www/mod_ssl/files/mod_ssl.conf @@ -0,0 +1,69 @@ +<IfModule mod_ssl.c> + +##-------------------------------------------------------------------------- +## Add additional SSL configuration directives which provide a +## robust default configuration: virtual server on port 443 +## which speaks SSL. +##-------------------------------------------------------------------------- +## +## SSL Support +## +## When we also provide SSL we have to listen to the +## standard HTTP port (see above) and to the HTTPS port +## +Listen 443 + +## +## SSL Global Context +## +## All SSL configuration in this context applies both to +## the main server and all SSL-enabled virtual hosts. +## + +# +# Some MIME-types for downloading Certificates and CRLs +# +AddType application/x-x509-ca-cert .crt +AddType application/x-pkcs7-crl .crl + +# Pass Phrase Dialog: +# Configure the pass phrase gathering process. +# The filtering dialog program (`builtin' is a internal +# terminal dialog) has to provide the pass phrase on stdout. +SSLPassPhraseDialog builtin + +# Inter-Process Session Cache: +# Configure the SSL Session Cache: First either `none' +# or `dbm:/path/to/file' for the mechanism to use and +# second the expiring timeout (in seconds). +#SSLSessionCache none +#SSLSessionCache dbm:logs/ssl_scache +SSLSessionCache shm:logs/ssl_scache(512000) +SSLSessionCacheTimeout 300 + +# Semaphore: +# Configure the path to the mutual explusion semaphore the +# SSL engine uses internally for inter-process synchronization. +SSLMutex sem + +# Pseudo Random Number Generator (PRNG): +# Configure one or more sources to seed the PRNG of the +# SSL library. The seed data should be of good random quality. +SSLRandomSeed startup builtin +SSLRandomSeed connect builtin +#SSLRandomSeed startup file:/dev/random 512 +#SSLRandomSeed startup file:/dev/urandom 512 +#SSLRandomSeed connect file:/dev/random 512 +#SSLRandomSeed connect file:/dev/urandom 512 + +# Logging: +# The home of the dedicated SSL protocol logfile. Errors are +# additionally duplicated in the general error log file. Put +# this somewhere where it cannot be used for symlink attacks on +# a real server (i.e. somewhere where only root can write). +# Log levels are (ascending order: higher ones include lower ones): +# none, error, warn, info, trace, debug. +SSLLog logs/ssl_engine_log +SSLLogLevel info + +</IfModule> diff --git a/net-www/mod_ssl/files/ssl.default-vhost.conf b/net-www/mod_ssl/files/ssl.default-vhost.conf new file mode 100644 index 000000000000..3f5edaec28c0 --- /dev/null +++ b/net-www/mod_ssl/files/ssl.default-vhost.conf @@ -0,0 +1,151 @@ +<IfModule mod_ssl.c> + +## +## SSL Virtual Host Context +## + +<VirtualHost _default_:443> + +# General setup for the virtual host +DocumentRoot /home/httpd/htdocs +#ServerName new.host.name +#ServerAdmin you@your.address +ErrorLog logs/ssl-error_log +TransferLog logs/ssl-access_log + +# SSL Engine Switch: +# Enable/Disable SSL for this virtual host. +SSLEngine on + +# SSL Cipher Suite: +# List the ciphers that the client is permitted to negotiate. +# See the mod_ssl documentation for a complete list. +SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL + +# Server Certificate: +# Point SSLCertificateFile at a PEM encoded certificate. If +# the certificate is encrypted, then you will be prompted for a +# pass phrase. Note that a kill -HUP will prompt again. A test +# certificate can be generated with `make certificate' under +# built time. +SSLCertificateFile conf/ssl/server.crt + +# Server Private Key: +# If the key is not combined with the certificate, use this +# directive to point at the key file. +SSLCertificateKeyFile conf/ssl/server.key + +# Server Certificate Chain: +# Point SSLCertificateChainFile at a file containing the +# concatenation of PEM encoded CA certificates which form the +# certificate chain for the server certificate. Alternatively +# the referenced file can be the same as SSLCertificateFile +# when the CA certificates are directly appended to the server +# certificate for convinience. +#SSLCertificateChainFile @@ServerRoot@@/conf/ssl/ssl.crt/ca.crt + +# Certificate Authority (CA): +# Set the CA certificate verification path where to find CA +# certificates for client authentication or alternatively one +# huge file containing all of them (file must be PEM encoded) +# Note: Inside SSLCACertificatePath you need hash symlinks +# to point to the certificate files. Use the provided +# Makefile to update the hash symlinks after changes. +#SSLCACertificatePath @@ServerRoot@@/conf/ssl/ssl.crt +#SSLCACertificateFile @@ServerRoot@@/conf/sssl/sl.crt/ca-bundle.crt + +# Certificate Revocation Lists (CRL): +# Set the CA revocation path where to find CA CRLs for client +# authentication or alternatively one huge file containing all +# of them (file must be PEM encoded) +# Note: Inside SSLCARevocationPath you need hash symlinks +# to point to the certificate files. Use the provided +# Makefile to update the hash symlinks after changes. +#SSLCARevocationPath @@ServerRoot@@/conf/ssl/ssl.crl +#SSLCARevocationFile @@ServerRoot@@/conf/ssl/ssl.crl/ca-bundle.crl + +# Client Authentication (Type): +# Client certificate verification type and depth. Types are +# none, optional, require and optional_no_ca. Depth is a +# number which specifies how deeply to verify the certificate +# issuer chain before deciding the certificate is not valid. +#SSLVerifyClient require +#SSLVerifyDepth 10 + +# Access Control: +# With SSLRequire you can do per-directory access control based +# on arbitrary complex boolean expressions containing server +# variable checks and other lookup directives. The syntax is a +# mixture between C and Perl. See the mod_ssl documentation +# for more details. +#<Location /> +#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \ +# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ +# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ +# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ +# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ +# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ +#</Location> + +# SSL Engine Options: +# Set various options for the SSL engine. +# FakeBasicAuth: +# Translate the client X.509 into a Basic Authorisation. This means that +# the standard Auth/DBMAuth methods can be used for access control. The +# user name is the `one line' version of the client's X.509 certificate. +# Note that no password is obtained from the user. Every entry in the user +# file needs this password: `xxj31ZMTZzkVA'. +# ExportCertData: +# This exports two additional environment variables: SSL_CLIENT_CERT and +# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the +# server (always existing) and the client (only existing when client +# authentication is used). This can be used to import the certificates +# into CGI scripts. +# CompatEnvVars: +# This exports obsolete environment variables for backward compatibility +# to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. Use this +# to provide compatibility to existing CGI scripts. +# StrictRequire: +# This denies access when "SSLRequireSSL" or "SSLRequire" applied even +# under a "Satisfy any" situation, i.e. when it applies access is denied +# and no other module can change it. +# OptRenegotiate: +# This enables optimized SSL connection renegotiation handling when SSL +# directives are used in per-directory context. +#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire + +# SSL Protocol Adjustments: +# The safe and default but still SSL/TLS standard compliant shutdown +# approach is that mod_ssl sends the close notify alert but doesn't wait for +# the close notify alert from client. When you need a different shutdown +# approach you can use one of the following variables: +# ssl-unclean-shutdown: +# This forces an unclean shutdown when the connection is closed, i.e. no +# SSL close notify alert is send or allowed to received. This violates +# the SSL/TLS standard but is needed for some brain-dead browsers. Use +# this when you receive I/O errors because of the standard approach where +# mod_ssl sends the close notify alert. +# ssl-accurate-shutdown: +# This forces an accurate shutdown when the connection is closed, i.e. a +# SSL close notify alert is send and mod_ssl waits for the close notify +# alert of the client. This is 100% SSL/TLS standard compliant, but in +# practice often causes hanging connections with brain-dead browsers. Use +# this only for browsers where you know that their SSL implementation +# works correctly. +# Notice: Most problems of broken clients are also related to the HTTP +# keep-alive facility, so you usually additionally want to disable +# keep-alive for those clients, too. Use variable "nokeepalive" for this. +SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown + +# Per-Server Logging: +# The home of a custom SSL log file. Use this when you want a +# compact non-error SSL logfile on a virtual host basis. +CustomLog logs/ssl_request_log \ + "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" + +RewriteEngine On +RewriteOptions inherit + +</VirtualHost> + +</IfModule> diff --git a/net-www/mod_ssl/mod_ssl-2.8.8.ebuild b/net-www/mod_ssl/mod_ssl-2.8.8.ebuild new file mode 100644 index 000000000000..6f30bf4799ac --- /dev/null +++ b/net-www/mod_ssl/mod_ssl-2.8.8.ebuild @@ -0,0 +1,73 @@ +# Copyright 1999-2002 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License, v2 or later +# Maintainer: Donny Davies <woodchip@gentoo.org> +# $Header: /var/cvsroot/gentoo-x86/net-www/mod_ssl/mod_ssl-2.8.8.ebuild,v 1.1 2002/04/09 23:57:52 woodchip Exp $ + +MY_P=${P}-1.3.24 + +DESCRIPTION="An SSL module for the Apache Web server" +HOMEPAGE="http://www.modssl.org" + +S=${WORKDIR}/${MY_P} +SRC_URI="http://www.modssl.org/source/${MY_P}.tar.gz" + +DEPEND="virtual/glibc >=net-www/apache-1.3.24 >=dev-libs/openssl-0.9.6c" + +src_unpack() { + unpack ${A} ; cd ${S} + # proper path to openssl + cp pkg.contrib/cca.sh pkg.contrib/cca.sh.orig + sed -e 's%^\(openssl=\).*%\1"/usr/bin/openssl"%' \ + pkg.contrib/cca.sh.orig > pkg.contrib/cca.sh +} + +src_compile() { + SSL_BASE=SYSTEM \ + ./configure \ + --with-apxs=/usr/sbin/apxs || die "bad ./configure" + make || die "compile problem" +} + +src_install() { + exeinto /usr/lib/apache-extramodules + doexe pkg.sslmod/libssl.so + + exeinto /usr/lib/ssl/mod_ssl + doexe pkg.contrib/*.sh ${FILESDIR}/gentestcrt.sh + + dodoc ANNOUNCE CHANGES CREDITS LICENSE NEWS README* + mkdir -p ${D}/usr/share/doc/${PF}/html + cp -a pkg.ssldoc/* ${D}/usr/share/doc/${PF}/html + + insinto /etc/apache/conf/vhosts + doins ${FILESDIR}/ssl.default-vhost.conf + + insinto /etc/apache/conf/addon-modules + doins ${FILESDIR}/mod_ssl.conf +} + +pkg_postinst() { + install -d -o root -g root -m0755 ${ROOT}/etc/apache/conf/ssl + + einfo + einfo "Execute ebuild /var/db/pkg/${CATEGORY}/${PF}/${PF}.ebuild config" + einfo "to have your apache.conf auto-updated for use with this module." + einfo "You should then edit your /etc/conf.d/apache file to suit." + einfo + + cd ${ROOT}/etc/apache/conf/ssl + einfo "Generating self-signed test certificate in /etc/apache/conf/ssl..." + einfo "(Ignore any message from the yes command below)" + yes "" | ${ROOT}/usr/lib/ssl/mod_ssl/gentestcrt.sh >/dev/null 2>&1 + einfo +} + +pkg_config() { + ${ROOT}/usr/sbin/apacheaddmod \ + ${ROOT}/etc/apache/conf/apache.conf \ + extramodules/libssl.so mod_ssl.c ssl_module \ + define=SSL addconf=conf/addon-modules/mod_ssl.conf + + echo "Include conf/vhosts/ssl.default-vhost.conf" \ + >> ${ROOT}/etc/apache/conf/apache.conf +} |