RE: Apache http / tomcat connectors - source code of web-page is displayed rather than web-page
Mark, Am 06.07.2018 11:27, schrieb Sandels Mark (RTH) OUH: Hi Tomcat users I have now configured the tomcat configuration file (server.xml) to use TLS (see relevant sections of server.xml). I created a keystore (using the jdk keystore command) for my existing certificate. I am getting "This site cannot be reached" from my browser (Chrome) when I enter the URL https://oxnetmdms04:8443/OracleStatus Can anyone tell what I am doing wrong? (wrt: https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html) What do the logfiles say? Really important to check this, as they will lead you the way - before you ask here and we ask what they say ;-) . Keystore command used: "%JAVA_HOME%\bin\keytool" -import -alias mdms04 -file certificate.crt -keystore publicKey.store Relevant sections from Server.xml: protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" certificateKeystoreFile="conf/localhost-rsa.jks" type="RSA" /> To me it looks like you have a config error. If that is the relevant part of your config, you have a double 8443 connector. And mdms04 is not the password it's the keyAlias! Did you use the standard password of changeit? (keystorePass="changeit") Plus if you don't set an alias name in the connector, Tomcat uses the default "tomcat" Now for the new and better config in Tomcat 8.5/9: ciphers="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS"> certificateKeystoreFile="${catalina.home}/conf/keystore/publicKey.store" certificateKeystorePassword="keystore>" certificateKeyAlias="mdms04" type="RSA" /> And from the naming: you should have the *private* key of the server in the publicKey.store ! Hope this helps. Peter PS and BTW: You don't have to use keytool as I told you before. Mark Sandels - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Apache http / tomcat connectors - source code of web-page is displayed rather than web-page
Hi Tomcat users I have now configured the tomcat configuration file (server.xml) to use TLS (see relevant sections of server.xml). I created a keystore (using the jdk keystore command) for my existing certificate. I am getting "This site cannot be reached" from my browser (Chrome) when I enter the URL https://oxnetmdms04:8443/OracleStatus Can anyone tell what I am doing wrong? (wrt: https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html) Keystore command used: "%JAVA_HOME%\bin\keytool" -import -alias mdms04 -file certificate.crt -keystore publicKey.store Relevant sections from Server.xml: Mark Sandels - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Apache http / tomcat connectors - source code of web-page is displayed rather than web-page
Mark, Am 05.07.2018 12:35, schrieb Sandels Mark (RTH) OUH: Hi Peter I would use tomcat to provide https if it could be configured to do this - is this fairly easy to do? The IT Department have given me a Certificate and private key for the server (OXNETMDMS04) but do I need to use "keytool" to create a key store for the Certificate? (I am referring to the link https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html). Tomcat from 8.5 on will let you use PEM-Files to configure TLS. You may find more Information on the correct attributes on: https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support That's the way I use it: sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation" allowTrace="false" maxThreads="150" SSLEnabled="true" compression="off" scheme="https" server="Apache Tomcat" secure="true" defaultSSLHostConfigName="" > ciphers="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS"> certificateKeyFile="${catalina.base}/conf/ssl/cert.key" certificateFile="${catalina.base}/conf/ssl/cert.crt" certificateChainFile="${catalina.base}/conf/ssl/ca-chain.cert.pem" type="RSA" /> Christopher Schultz has maybe more details on how to use this correctly and on the prerequisites. Best regards Peter Kind regards Mark Mark Sandels |Senior Systems Analyst/Programmer|IM & T Services – Integration Services Team |Manor House Annexe Room G22, Oxford University Hospitals NHS Trust , Headley Way, Headington, Oxford OX3 9RR |Phone: 01865 (5) 72103 | Email: mark.sand...@ouh.nhs.uk NHS colleagues can visit the OUH IM Services intranet site at http://ouhimt.oxnet.nhs.uk - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache http / tomcat connectors - source code of web-page is displayed rather than web-page
On 05.07.2018 12:35, Sandels Mark (RTH) OUH wrote: Hi Peter I would use tomcat to provide https if it could be configured to do this - is this fairly easy to do? The IT Department have given me a Certificate and private key for the server (OXNETMDMS04) but do I need to use "keytool" to create a key store for the Certificate? (I am referring to the link https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html). I'll go with André and Peter for the cause - that's the one line that was well hidden in the ~600 other lines of your httpd.conf. With regards to https in Tomcat: https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html and https://tomcat.apache.org/tomcat-9.0-doc/config/http.html are quite good. Alternatively, you can also just map *everything* from Tomcat through JkMount - this way Apache will forward all requests to tomcat, tomcat will handle the allowed/disallowed content (e.g. /WEB-INF/*) and you'll be safe again while still having encryption handled by Apache. I personally like it this way, because this neatly separates various aspects - like read-permissions on the private key: What tomcat doesn't need to read, it can't reveal to the world. And httpd typically knows how to drop root permissions. Too often I see tomcat run as root, because that's the quick fix to serve ports 80 and 443. Not to mention that mod_rewrite has saved my bacon a few times when it took only a minute to configure to work around an application problem. Olaf - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Apache http / tomcat connectors - source code of web-page is displayed rather than web-page
Hi Peter I would use tomcat to provide https if it could be configured to do this - is this fairly easy to do? The IT Department have given me a Certificate and private key for the server (OXNETMDMS04) but do I need to use "keytool" to create a key store for the Certificate? (I am referring to the link https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html). Kind regards Mark Mark Sandels |Senior Systems Analyst/Programmer|IM & T Services – Integration Services Team |Manor House Annexe Room G22, Oxford University Hospitals NHS Trust , Headley Way, Headington, Oxford OX3 9RR |Phone: 01865 (5) 72103 | Email: mark.sand...@ouh.nhs.uk NHS colleagues can visit the OUH IM Services intranet site at http://ouhimt.oxnet.nhs.uk -Original Message- From: logo [mailto:l...@kreuser.name] Sent: 05 July 2018 10:27 To: users@tomcat.apache.org Subject: Re: Apache http / tomcat connectors - source code of web-page is displayed rather than web-page Mark, Am 05.07.2018 10:31, schrieb André Warnier: > Hi. > > I have not looked through all of your configuration lines, but I > believe that the problem is first of all this line : > > On 05.07.2018 09:18, Sandels Mark (RTH) OUH wrote: >> DocumentRoot "C:\Program Files (x86)\apache-tomcat-9.0.6\webapps" > +1 That's most certainly the reason. You can browse down to WEB-INF and see web.xml or any file with credentials... Even worse if you enable indexes! Make yourself familiar how to configure Apache httpd and be aware that any config in the main httpd-file is for the whole server! Put all config into your own virtualhost not the default. You can severly mess up the security of your tomcat webapp if you don't understand httpd. httpd hardening adds just one more complexity. Do you really need httpd fronting tomcat? Tomcat provides pretty much everything you need... Best regards Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache http / tomcat connectors - source code of web-page is displayed rather than web-page
Mark, Am 05.07.2018 10:31, schrieb André Warnier: Hi. I have not looked through all of your configuration lines, but I believe that the problem is first of all this line : On 05.07.2018 09:18, Sandels Mark (RTH) OUH wrote: DocumentRoot "C:\Program Files (x86)\apache-tomcat-9.0.6\webapps" +1 That's most certainly the reason. You can browse down to WEB-INF and see web.xml or any file with credentials... Even worse if you enable indexes! Make yourself familiar how to configure Apache httpd and be aware that any config in the main httpd-file is for the whole server! Put all config into your own virtualhost not the default. You can severly mess up the security of your tomcat webapp if you don't understand httpd. httpd hardening adds just one more complexity. Do you really need httpd fronting tomcat? Tomcat provides pretty much everything you need... Best regards Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Apache http / tomcat connectors - source code of web-page is displayed rather than web-page
Hi Olaf Here are extracts of the relevant configuration files (as requested). Httpd.conf ... Listen 443 ssl ... LoadModule ssl_module modules/mod_ssl.so ... DirectoryIndex index.jsp ServerName OXNETMDMS04.OXNET.NHS.UK SSLEngine on SSLCertificateFile "c:\Apache24\conf\certificate.crt" SSLCertificateKeyFile "c:\Apache24\conf\private_key.key" SSLCertificateChainFile "C:\Apache24\conf\IntCA.cer" ... # Load mod_jk module, pay attention to path of module file LoadModule jk_module modules / mod_jk.so # Declare the location of the workers.properties file JkWorkersFile "C:\Program Files (x86)\apache-tomcat-9.0.6\conf\workers.properties" # Declare the log file location of mod_jk JkLogFile "C:\Program Files (x86)\apache-tomcat-9.0.6\logs\mod_jk2.log" # Declare the log level of mod_jk (optional) JkLogLevel debug # Declare the time stamp format of the mod_jk log (optional) JkLogStampFormat "[%a %b %d %H:%M:%S %Y]" # Assign the /* .action and /*.jsp requests to Tomcat, and the rest of the Apache Http Servers handle them. # Note that the akp13 behind JkMount corresponds to the name of the worker in the worker.list file in the worker.properties file. JKMount /servlet/* ajp13 JkMount /*.jsp ajp13 JkMount /*.do ajp13 Order deny,allow Allow from all Workers.properties.. Workers.tomcat_home=C:\Program Files (x86)\apache-tomcat-9.0.6 #Make mod_jk module aware of Tomcat workers.java_home=C:\Program Files (x86)\Java\jre1.8.0_161 #Make mod_jk module aware of jre ps = \ # Specify the file path separator worker.list=ajp13 worker.ajp13.port=8009 #Workport , this port should match the port used by the AJP/1.3 protocol of the Connector element in server.xml worker.ajp13.host=localhost #Tomcat server address worker.ajp13.type=ajp13 #type tomcat9-stderr 05-Jul-2018 09:59:14.329 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version: Apache Tomcat/9.0.6 05-Jul-2018 09:59:14.329 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built: Mar 5 2018 09:34:35 UTC 05-Jul-2018 09:59:14.345 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server number: 9.0.6.0 05-Jul-2018 09:59:14.345 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name: Windows Server 2008 R2 05-Jul-2018 09:59:14.345 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version:6.1 05-Jul-2018 09:59:14.345 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture: x86 05-Jul-2018 09:59:14.345 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home: c:\program files (x86)\java\jre1.8.0_161 05-Jul-2018 09:59:14.345 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version: 1.8.0_161-b12 05-Jul-2018 09:59:14.345 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor: Oracle Corporation 05-Jul-2018 09:59:14.345 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE: C:\Program Files (x86)\apache-tomcat-9.0.6 05-Jul-2018 09:59:14.345 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME: C:\Program Files (x86)\apache-tomcat-9.0.6 05-Jul-2018 09:59:14.345 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=c:\program files (x86)\apache-tomcat-9.0.6 05-Jul-2018 09:59:14.345 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=c:\program files (x86)\apache-tomcat-9.0.6 05-Jul-2018 09:59:14.345 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dignore.endorsed.dirs=c:\program files (x86)\apache-tomcat-9.0.6\endorsed 05-Jul-2018 09:59:14.345 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=c:\program files (x86)\apache-tomcat-9.0.6\temp 05-Jul-2018 09:59:14.345 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager 05-Jul-2018 09:59:14.345 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=c:\program files (x86)\apache-tomcat-9.0.6\conf\logging.properties 05-Jul-2018 09:59:14.345 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: exit 05-Jul-2018 09:59:14.345 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: abort 05-Jul-2018 09:59:14.345 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Xms128m 05-Jul-2018 09:59:14.345 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Xmx256m 05-Jul-2018 09:59:14.345 INFO [main]
Re: Apache http / tomcat connectors - source code of web-page is displayed rather than web-page
Hi. I have not looked through all of your configuration lines, but I believe that the problem is first of all this line : On 05.07.2018 09:18, Sandels Mark (RTH) OUH wrote: DocumentRoot "C:\Program Files (x86)\apache-tomcat-9.0.6\webapps" That means essentially that you are allowing the Apache httpd front-end to access your entire tomcat web applications pages directory directly, without going through tomcat. And Apache httpd, when it serves one of these pages to a browser requesting it, has absolutely no idea that one of these *files* located in that directory or below, may be a java jsp page, some highly confidential file located in a WEB-INF directory, or whatever, and it just returns the content of these files unfiltered to the browser. That is the default that you get with that DocumentRoot line. So, *unless* you later contradict/override this by some other configuration line somewhere else in the configuration, the above is what will happen. It is thus an extremely unsafe way of configuring Apache httpd in a front-end-to-tomcat scenario, because anything that you forget to remap later explicitly to tomcat, will be served by Apache httpd, without tomcat knowing anything about it. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache http / tomcat connectors - source code of web-page is displayed rather than web-page
On 05.07.2018 09:43, Sandels Mark (RTH) OUH wrote: Hi Olaf The web-page displays correctly when I connect to Tomcat directly. I posted to the tomcat users group as I havn't had any reply to my post to the Apache http user group! In answer to your other question, I do refer to the and elements. The web-page embeds java (I have used NetBeans v8 to write the WAR application) within the html and the complete web-page source is displayed including the java commands. Kind regards Mark Hi Mark, in that case you might want to post some (relevant) tomcat configuration, rather than the httpd configuration. And maybe include your workers.properties. Log files. Please post the relevant parts. Your httpd.conf hat almost 600 lines, and if there were more than 10 relevant lines for a tomcat question, they've been safely buried in the noise. Often it helps to try to reproduce a minimal test case for posting to discover the issue. As we don't have your environment available and will only be able to read, it really helps to boil down to a minimal test case. Or you're lucky and someone has just been through the same experience - but then, the full unfiltered files won't help either. Olaf Olaf - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Apache http / tomcat connectors - source code of web-page is displayed rather than web-page
Hi Olaf The web-page displays correctly when I connect to Tomcat directly. I posted to the tomcat users group as I havn't had any reply to my post to the Apache http user group! In answer to your other question, I do refer to the and elements. The web-page embeds java (I have used NetBeans v8 to write the WAR application) within the html and the complete web-page source is displayed including the java commands. Kind regards Mark Mark Sandels |Senior Systems Analyst/Programmer|IM & T Services - Integration Services Team |Manor House Annexe Room G22, Oxford University Hospitals NHS Trust , Headley Way, Headington, Oxford OX3 9RR |Phone: 01865 (5) 72103 | Email: mark.sand...@ouh.nhs.uk NHS colleagues can visit the OUH IM Services intranet site at http://ouhimt.oxnet.nhs.uk -Original Message- From: Olaf Kock [mailto:tom...@olafkock.de] Sent: 05 July 2018 08:31 To: users@tomcat.apache.org Subject: Re: Apache http / tomcat connectors - source code of web-page is displayed rather than web-page On 05.07.2018 09:18, Sandels Mark (RTH) OUH wrote: > When I go to my web-page using a browser (Chrome), the source code of the > web-page is displayed. I have added the PFX Certificate to Trusted Root > Certification Authorities on my PC from which I launched Chrome. > > Here is the URL I am using - https://oxnetmdms04/OracleStatus/ > > The oxnetmdms04 server is hosting Apache http (v. 2.4). I am also using > Tomcat connectors (Tomcat v 9.0.2) which http users to pass the browser > request to a tomcat service. > There are only a handful of tomcat-related lines in the config you posted - and those don't help too much. So far, it looks like you have a question with regards to Apache httpd, not Apache Tomcat. Check if you get the same result when you connect to Tomcat directly. Also, just to make sure: When you're saying that you get the source code, do you refer to the and elements that you see in your text? Or do you only see the unstyled HTML text? Because you only map "/servlet/*", "/*.jsp" and "/*.do" to your tomcat. In case those documents reference some CSS and/or Javascript that lives in the same webapplication, it won't be served by Apache, as it most likely wouldn't match those URLs. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache http / tomcat connectors - source code of web-page is displayed rather than web-page
On 05.07.2018 09:18, Sandels Mark (RTH) OUH wrote: When I go to my web-page using a browser (Chrome), the source code of the web-page is displayed. I have added the PFX Certificate to Trusted Root Certification Authorities on my PC from which I launched Chrome. Here is the URL I am using - https://oxnetmdms04/OracleStatus/ The oxnetmdms04 server is hosting Apache http (v. 2.4). I am also using Tomcat connectors (Tomcat v 9.0.2) which http users to pass the browser request to a tomcat service. There are only a handful of tomcat-related lines in the config you posted - and those don't help too much. So far, it looks like you have a question with regards to Apache httpd, not Apache Tomcat. Check if you get the same result when you connect to Tomcat directly. Also, just to make sure: When you're saying that you get the source code, do you refer to the and elements that you see in your text? Or do you only see the unstyled HTML text? Because you only map "/servlet/*", "/*.jsp" and "/*.do" to your tomcat. In case those documents reference some CSS and/or Javascript that lives in the same webapplication, it won't be served by Apache, as it most likely wouldn't match those URLs. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Apache http / tomcat connectors - source code of web-page is displayed rather than web-page
Hi Tomcat users When I go to my web-page using a browser (Chrome), the source code of the web-page is displayed. I have added the PFX Certificate to Trusted Root Certification Authorities on my PC from which I launched Chrome. Here is the URL I am using - https://oxnetmdms04/OracleStatus/ The oxnetmdms04 server is hosting Apache http (v. 2.4). I am also using Tomcat connectors (Tomcat v 9.0.2) which http users to pass the browser request to a tomcat service. The O/S is Windows server 2008 R2 64 bit. Here is the http.conf file I am using: # # This is the main Apache HTTP server configuration file. It contains the # configuration directives that give the server its instructions. # See http://httpd.apache.org/docs/2.4/> for detailed information. # In particular, see # http://httpd.apache.org/docs/2.4/mod/directives.html> # for a discussion of each configuration directive. # # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. # # Configuration and logfile names: If the filenames you specify for many # of the server's control files begin with "/" (or "drive:/" for Win32), the # server will use that explicit path. If the filenames do *not* begin # with "/", the value of ServerRoot is prepended -- so "logs/access_log" # with ServerRoot set to "/usr/local/apache2" will be interpreted by the # server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log" # will be interpreted as '/logs/access_log'. # # NOTE: Where filenames are specified, you must use forward slashes # instead of backslashes (e.g., "c:/apache" instead of "c:\apache"). # If a drive letter is omitted, the drive on which httpd.exe is located # will be used by default. It is recommended that you always supply # an explicit drive letter in absolute paths to avoid confusion. # # ServerRoot: The top of the directory tree under which the server's # configuration, error, and log files are kept. # # Do not add a slash at the end of the directory path. If you point # ServerRoot at a non-local disk, be sure to specify a local disk on the # Mutex directive, if file-based mutexes are used. If you wish to share the # same ServerRoot for multiple httpd daemons, you will need to change at # least PidFile. # ServerRoot "c:/Apache24" # # Mutex: Allows you to set the mutex mechanism and mutex file directory # for individual mutexes, or change the global defaults # # Uncomment and change the directory if mutexes are file-based and the default # mutex file directory is not on a local disk or is not appropriate for some # other reason. # # Mutex default:logs # # Listen: Allows you to bind Apache to specific IP addresses and/or # ports, instead of the default. See also the # directive. # # Change this to Listen on specific IP addresses as shown below to # prevent Apache from glomming onto all bound IP addresses. # #Listen 12.34.56.78:80 Listen 443 ssl # # Dynamic Shared Object (DSO) Support # # To be able to use the functionality of a module which was built as a DSO you # have to place corresponding `LoadModule' lines at this location so the # directives contained in it are actually available _before_ they are used. # Statically compiled modules (those listed by `httpd -l') do not need # to be loaded here. # # Example: # LoadModule foo_module modules/mod_foo.so # LoadModule access_compat_module modules/mod_access_compat.so LoadModule actions_module modules/mod_actions.so LoadModule alias_module modules/mod_alias.so LoadModule allowmethods_module modules/mod_allowmethods.so LoadModule asis_module modules/mod_asis.so LoadModule auth_basic_module modules/mod_auth_basic.so #LoadModule auth_digest_module modules/mod_auth_digest.so #LoadModule auth_form_module modules/mod_auth_form.so #LoadModule authn_anon_module modules/mod_authn_anon.so LoadModule authn_core_module modules/mod_authn_core.so #LoadModule authn_dbd_module modules/mod_authn_dbd.so #LoadModule authn_dbm_module modules/mod_authn_dbm.so LoadModule authn_file_module modules/mod_authn_file.so #LoadModule authn_socache_module modules/mod_authn_socache.so #LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so #LoadModule authnz_ldap_module modules/mod_authnz_ldap.so LoadModule authz_core_module modules/mod_authz_core.so #LoadModule authz_dbd_module modules/mod_authz_dbd.so #LoadModule authz_dbm_module modules/mod_authz_dbm.so LoadModule authz_groupfile_module modules/mod_authz_groupfile.so LoadModule authz_host_module modules/mod_authz_host.so #LoadModule authz_owner_module modules/mod_authz_owner.so LoadModule authz_user_module modules/mod_authz_user.so LoadModule autoindex_module modules/mod_autoindex.so #LoadModule brotli_module modules/mod_brotli.so #LoadModule buffer_module modules/mod_buffer.so #LoadModule cache_module modules/mod_cache.so #LoadModule cache_disk_module modules/mod_cache_disk.so #LoadModule cache_socache_module