[root@waproxy1 lib]# cat httpd.ini
ServerRoot ${ROOT}
PidFile ${ROOT}/temp/waproxy.pid
ServerLimit ${HTTPD_WORKERS}
ThreadsPerChild 64
Listen ${INTERFACE}:${PORT_STD} http
Listen ${INTERFACE}:${PORT_SSL} https
${LISTEN_IPV6_STD}
${LISTEN_IPV6_SSL}
${LISTEN_WEBSRVS4}
${LISTEN_WEBSRVS6}
LoadModule alias_module ${ROOT}/lib/modules/mod_alias.so
LoadModule authz_core_module ${ROOT}/lib/modules/mod_authz_core.so
LoadModule cache_module ${ROOT}/lib/modules/mod_cache.so
LoadModule cache_socache_module ${ROOT}/lib/modules/mod_cache_socache.so
LoadModule deflate_module ${ROOT}/lib/modules/mod_deflate.so
LoadModule dir_module ${ROOT}/lib/modules/mod_dir.so
LoadModule log_config_module ${ROOT}/lib/modules/mod_log_config.so
LoadModule mime_module ${ROOT}/lib/modules/mod_mime.so
LoadModule mime_magic_module ${ROOT}/lib/modules/mod_mime_magic.so
LoadModule rewrite_module ${ROOT}/lib/modules/mod_rewrite.so
LoadModule setenvif_module ${ROOT}/lib/modules/mod_setenvif.so
LoadModule ssl_module ${ROOT}/lib/modules/mod_ssl.so
LoadModule status_module ${ROOT}/lib/modules/mod_status.so
LoadModule headers_module ${ROOT}/lib/modules/mod_headers.so
LoadModule unixd_module ${ROOT}/lib/modules/mod_unixd.so
LoadModule proxy_module ${ROOT}/lib/modules/mod_proxy.so
LoadModule proxy_balancer_module ${ROOT}/lib/modules/mod_proxy_balancer.so
LoadModule proxy_http_module ${ROOT}/lib/modules/mod_proxy_http.so
LoadModule proxy_connect_module ${ROOT}/lib/modules/mod_proxy_connect.so
LoadModule socache_dbm_module ${ROOT}/lib/modules/mod_socache_dbm.so
LoadModule socache_shmcb_module ${ROOT}/lib/modules/mod_socache_shmcb.so
LoadModule slotmem_shm_module ${ROOT}/lib/modules/mod_slotmem_shm.so
LoadModule lbmethod_byrequests_module ${ROOT}/lib/modules/mod_lbmethod_byrequests.so
LoadModule evasive24_module ${ROOT}/lib/modules/mod_evasive24.so
LoadModule reqtimeout_module ${ROOT}/lib/modules/mod_reqtimeout.so
User ${USER}
Group ${USER}
ServerName ${HOSTNAME}
UseCanonicalName Off
DocumentRoot ${ROOT}/lib/htdocs/
<Directory />
Require all denied
AllowOverride None
Options FollowSymLinks
</Directory>
DirectoryIndex index.php
AccessFileName ${ROOT}/lib/.htaccess
TypesConfig ${ROOT}/lib/httpd.mimes
ExtendedStatus Off
HostnameLookups Off
EnableMMAP On
EnableSendfile On
AcceptFilter http none
AcceptFilter https none
ErrorLog ${ROOT}/logs/waproxy.log
ErrorLogFormat "[%{c}t] [%a] %M"
LogLevel warn
LogFormat "%a %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
LogFormat "%a %t \"%r\" %>s %b" common
${CUSTOM_LOG}
ServerTokens Prod
ServerSignature Off
TraceEnable Off
DOSHashTableSize 2048
DOSPageCount 5
DOSSiteCount 100
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
DOSLogDir ${ROOT}/temp
RequestReadTimeout header=10 body=20
CacheSocache shmcb:${ROOT}/temp/page_cache(512000)
CacheSocacheMaxSize 102400
CacheSocacheMaxTime 86400
CacheSocacheMinTime 600
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLSessionCache shmcb:${ROOT}/temp/ssl_cache(512000)
SSLSessionCacheTimeout 300
SSLUseStapling On
SSLStaplingCache shmcb:${ROOT}/temp/ssl_stapling(128000)
SSLProtocol ${SSL_PROTOCOL}
SSLHonorCipherOrder On
SSLCipherSuite ${SSL_CIPHERSUITE}
SSLCompression Off
SSLSessionTickets Off
SSLCertificateFile ${ROOT}/conf/waproxy.crt
SSLCertificateKeyFile ${ROOT}/conf/waproxy.key
SSLCACertificateFile ${ROOT}/conf/trusted.crt
SSLProxyCACertificateFile ${ROOT}/conf/ca.crt
SSLVerifyClient None
SSLVerifyDepth 10
<VirtualHost *:${PORT_STD}>
DirectorySlash On
RewriteEngine On
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
SetOutputFilter DEFLATE
RewriteCond ${PORT_SSL} ^443$
RewriteRule !^/(cacert|calist|ocsp|crl)(/.*)?$ https://%{SERVER_NAME}%{REQUEST_URI} [L]
RewriteRule !^/(cacert|calist|ocsp|crl)(/.*)?$ https://%{SERVER_NAME}:${PORT_SSL}%{REQUEST_URI}
<Location /cacert/>
ProxyPass balancer://backend_cluster/cacert/
ProxyPassReverse balancer://backend_cluster/cacert/
</Location>
<Location /calist/>
ProxyPass balancer://backend_cluster/calist/
ProxyPassReverse balancer://backend_cluster/calist/
</Location>
<Location /ocsp/>
ProxyPass balancer://backend_cluster/ocsp/
ProxyPassReverse balancer://backend_cluster/ocsp/
</Location>
<Location /crl/>
ProxyPass balancer://backend_cluster/crl/
ProxyPassReverse balancer://backend_cluster/crl/
</Location>
<Proxy balancer://backend_cluster>
BalancerMember https://${SERVER_ADDR1}/ responsefieldsize=200000 connectiontimeout=5 timeout=60 retry=10
${WEBAPPS_CLUSTER_EXT}
</Proxy>
</VirtualHost>
<VirtualHost *:${PORT_SSL}>
DirectorySlash On
KeepAlive On
SSLEngine On
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
SSLCertificateFile ${WAPROXY_CRT}
SSLCertificateKeyFile ${WAPROXY_KEY}
SetOutputFilter DEFLATE
CacheEnable socache /
<Location />
ProxyPass balancer://backend_cluster/webapps/
ProxyPassReverse balancer://backend_cluster/webapps/
ProxyAddHeaders on
</Location>
<Location "/admin/>
ProxyPass balancer://backend_cluster/admin/
ProxyPassReverse balancer://backend_cluster/admin/
ProxyAddHeaders on
</Location>
ProxyPass /robots.txt !
ProxyPass /favicon.png !
ProxyPass /favicon.ico !
ProxyPass /.well-known/acme-challenge/ !
<LocationMatch "^/\w+/.+_pki.php$">
SSLVerifyClient Optional
</LocationMatch>
<Location /.well-known/openid-configuration/>
ProxyPass balancer://backend_cluster/webapps/openid/.well-known/openid-configuration/
ProxyPassReverse balancer://backend_cluster/webapps/openid/.well-known/openid-configuration/
</Location>
<Location /cacert/>
ProxyPass balancer://backend_cluster/cacert/
ProxyPassReverse balancer://backend_cluster/cacert/
</Location>
<Location /calist/>
ProxyPass balancer://backend_cluster/calist/
ProxyPassReverse balancer://backend_cluster/calist/
</Location>
<Location /ocsp/>
ProxyPass balancer://backend_cluster/ocsp/
ProxyPassReverse balancer://backend_cluster/ocsp/
</Location>
<Location /crl/>
ProxyPass balancer://backend_cluster/crl/
ProxyPassReverse balancer://backend_cluster/crl/
</Location>
<Location /ws/>
ProxyPass balancer://backend_cluster/ws/
ProxyPassReverse balancer://backend_cluster/ws/
</Location>
<Proxy balancer://backend_cluster>
BalancerMember https://${SERVER_ADDR1}/ responsefieldsize=200000 connectiontimeout=5 timeout=60 retry=10
${WEBAPPS_CLUSTER_EXT}
</Proxy>
</VirtualHost>
<VirtualHost *:${PORT_SRV}>
DirectorySlash Off
KeepAlive Off
SSLEngine On
SSLProxyEngine On
SSLProxyVerify Optional
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
SSLVerifyClient Optional
<Location />
ProxyPass balancer://websrvs_cluster/
ProxyPassReverse balancer://websrvs_cluster/
ProxyAddHeaders on
RequestHeader unset WA-API-Version
#RequestHeader unset X-Forwarded-for
</Location>
<Proxy balancer://websrvs_cluster>
BalancerMember https://${WEBSRV_ADDR1}/ responsefieldsize=200000 connectiontimeout=5 timeout=60 retry=10
${WEBSRVS_CLUSTER_EXT}
</Proxy>
</VirtualHost>