saving uncommitted changes in /etc prior to emerge run

apache2/vhosts.d/._cfg0000_00_default_ssl_vhost.conf

@@ -0,0 +1,191 @@
+<IfDefine SSL>
+<IfDefine SSL_DEFAULT_VHOST>
+<IfModule ssl_module>
+# see bug #178966 why this is in here
+
+# When we also provide SSL we have to listen to the HTTPS port
+# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
+# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
+Listen 443
+
+<VirtualHost _default_:443>
+	ServerName localhost
+	Include /etc/apache2/vhosts.d/default_vhost.include
+	ErrorLog /var/log/apache2/ssl_error_log
+
+	<IfModule log_config_module>
+		TransferLog /var/log/apache2/ssl_access_log
+	</IfModule>
+
+	## SSL Engine Switch:
+	# Enable/Disable SSL for this virtual host.
+	SSLEngine on
+
+	## SSLProtocol:
+	# Don't use SSLv2 anymore as it's considered to be broken security-wise.
+	# Also disable SSLv3 as most modern browsers are capable of TLS.
+	SSLProtocol ALL -SSLv2 -SSLv3
+
+	## SSL Cipher Suite:
+	# List the ciphers that the client is permitted to negotiate.
+	# See the mod_ssl documentation for a complete list.
+	# This list of ciphers is recommended by mozilla and was stripped off
+	# its RC4 ciphers. (bug #506924)
+	SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:HIGH:!RC4:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK
+
+	## SSLHonorCipherOrder:
+	# Prefer the server's cipher preference order as the client may have a
+	# weak default order.
+	SSLHonorCipherOrder On
+
+	## Server Certificate:
+	# Point SSLCertificateFile at a PEM encoded certificate. If the certificate
+	# is encrypted, then you will be prompted for a pass phrase. Note that a 
+	# kill -HUP will prompt again. Keep in mind that if you have both an RSA
+	# and a DSA certificate you can configure both in parallel (to also allow
+	# the use of DSA ciphers, etc.)
+	SSLCertificateFile /etc/ssl/apache2/server.crt
+
+	## Server Private Key:
+	# If the key is not combined with the certificate, use this directive to
+	# point at the key file. Keep in mind that if you've both a RSA and a DSA
+	# private key you can configure both in parallel (to also allow the use of
+	# DSA ciphers, etc.)
+	SSLCertificateKeyFile /etc/ssl/apache2/server.key
+
+	## Server Certificate Chain:
+	# Point SSLCertificateChainFile at a file containing the concatenation of 
+	# PEM encoded CA certificates which form the certificate chain for the
+	# server certificate. Alternatively the referenced file can be the same as
+	# SSLCertificateFile when the CA certificates are directly appended to the
+	# server certificate for convinience.
+	#SSLCertificateChainFile /etc/ssl/apache2/ca.crt
+
+	## Certificate Authority (CA):
+	# Set the CA certificate verification path where to find CA certificates
+	# for client authentication or alternatively one huge file containing all
+	# of them (file must be PEM encoded).
+	# Note: Inside SSLCACertificatePath you need hash symlinks to point to the
+	# certificate files. Use the provided Makefile to update the hash symlinks
+	# after changes.
+	#SSLCACertificatePath /etc/ssl/apache2/ssl.crt
+	#SSLCACertificateFile /etc/ssl/apache2/ca-bundle.crt
+
+	## Certificate Revocation Lists (CRL):
+	# Set the CA revocation path where to find CA CRLs for client authentication
+	# or alternatively one huge file containing all of them (file must be PEM 
+	# encoded).
+	# Note: Inside SSLCARevocationPath you need hash symlinks to point to the
+	# certificate files. Use the provided Makefile to update the hash symlinks
+	# after changes.
+	#SSLCARevocationPath /etc/ssl/apache2/ssl.crl
+	#SSLCARevocationFile /etc/ssl/apache2/ca-bundle.crl
+
+	## Client Authentication (Type):
+	# Client certificate verification type and depth. Types are none, optional,
+	# require and optional_no_ca. Depth is a number which specifies how deeply
+	# to verify the certificate issuer chain before deciding the certificate is
+	# not valid.
+	#SSLVerifyClient require
+	#SSLVerifyDepth  10
+
+	## Access Control:
+	# With SSLRequire you can do per-directory access control based on arbitrary
+	# complex boolean expressions containing server variable checks and other
+	# lookup directives. The syntax is a mixture between C and Perl. See the
+	# mod_ssl documentation for more details.
+	#<Location />
+	#	#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+	#	and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+	#	and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+	#	and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+	#	and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
+	#	or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+	#</Location>
+
+	## SSL Engine Options:
+	# Set various options for the SSL engine.
+
+	## FakeBasicAuth:
+	# Translate the client X.509 into a Basic Authorisation. This means that the
+	# standard Auth/DBMAuth methods can be used for access control. The user 
+	# name is the `one line' version of the client's X.509 certificate. 
+	# Note that no password is obtained from the user. Every entry in the user 
+	# file needs this password: `xxj31ZMTZzkVA'.
+
+	## ExportCertData:
+	# This exports two additional environment variables: SSL_CLIENT_CERT and 
+	# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the server
+	# (always existing) and the client (only existing when client 
+	# authentication is used). This can be used to import the certificates into
+	# CGI scripts.
+
+	## StdEnvVars:
+	# This exports the standard SSL/TLS related `SSL_*' environment variables. 
+	# Per default this exportation is switched off for performance reasons, 
+	# because the extraction step is an expensive operation and is usually 
+	# useless for serving static content. So one usually enables the exportation
+	# for CGI and SSI requests only.
+
+	## StrictRequire:
+	# This denies access when "SSLRequireSSL" or "SSLRequire" applied even under
+	# a "Satisfy any" situation, i.e. when it applies access is denied and no
+	# other module can change it.
+
+	## OptRenegotiate:
+	# This enables optimized SSL connection renegotiation handling when SSL 
+	# directives are used in per-directory context.
+	#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+	<FilesMatch "\.(cgi|shtml|phtml|php)$">
+		SSLOptions +StdEnvVars
+	</FilesMatch>
+
+	<Directory "/var/www/localhost/cgi-bin">
+		SSLOptions +StdEnvVars
+	</Directory>
+
+	## SSL Protocol Adjustments:
+	# The safe and default but still SSL/TLS standard compliant shutdown
+	# approach is that mod_ssl sends the close notify alert but doesn't wait
+	# for the close notify alert from client. When you need a different
+	# shutdown approach you can use one of the following variables:
+
+	## ssl-unclean-shutdown:
+	# This forces an unclean shutdown when the connection is closed, i.e. no
+	# SSL close notify alert is send or allowed to received.  This violates the
+	# SSL/TLS standard but is needed for some brain-dead browsers. Use this when
+	# you receive I/O errors because of the standard approach where mod_ssl
+	# sends the close notify alert.
+
+	## ssl-accurate-shutdown:
+	# This forces an accurate shutdown when the connection is closed, i.e. a
+	# SSL close notify alert is send and mod_ssl waits for the close notify
+	# alert of the client. This is 100% SSL/TLS standard compliant, but in
+	# practice often causes hanging connections with brain-dead browsers. Use
+	# this only for browsers where you know that their SSL implementation works
+	# correctly. 
+	# Notice: Most problems of broken clients are also related to the HTTP 
+	# keep-alive facility, so you usually additionally want to disable 
+	# keep-alive for those clients, too. Use variable "nokeepalive" for this.
+	# Similarly, one has to force some clients to use HTTP/1.0 to workaround
+	# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+	# "force-response-1.0" for this.
+	<IfModule setenvif_module>
+		BrowserMatch ".*MSIE.*" \
+			nokeepalive ssl-unclean-shutdown \
+			downgrade-1.0 force-response-1.0
+	</IfModule>
+
+	## Per-Server Logging:
+	# The home of a custom SSL log file. Use this when you want a compact 
+	# non-error SSL logfile on a virtual host basis.
+	<IfModule log_config_module>
+		CustomLog /var/log/apache2/ssl_request_log \
+			"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+	</IfModule>
+</VirtualHost>
+</IfModule>
+</IfDefine>
+</IfDefine>
+
+# vim: ts=4 filetype=apache

apache2/vhosts.d/._cfg0000_00_default_vhost.conf

@@ -0,0 +1,45 @@
+# Virtual Hosts
+#
+# If you want to maintain multiple domains/hostnames on your
+# machine you can setup VirtualHost containers for them. Most configurations
+# use only name-based virtual hosts so the server doesn't need to worry about
+# IP addresses. This is indicated by the asterisks in the directives below.
+#
+# Please see the documentation at
+# <URL:http://httpd.apache.org/docs/2.4/vhosts/>
+# for further details before you try to setup virtual hosts.
+#
+# You may use the command line option '-S' to verify your virtual host
+# configuration.
+
+<IfDefine DEFAULT_VHOST>
+# see bug #178966 why this is in here
+
+# Listen: Allows you to bind Apache to specific IP addresses and/or
+# ports, instead of the default. See also the <VirtualHost>
+# directive.
+#
+# Change this to Listen on specific IP addresses as shown below to
+# prevent Apache from glomming onto all bound IP addresses.
+#
+#Listen 12.34.56.78:80
+Listen 80
+
+# When virtual hosts are enabled, the main host defined in the default
+# httpd.conf configuration will go away. We redefine it here so that it is
+# still available.
+#
+# If you disable this vhost by removing -D DEFAULT_VHOST from
+# /etc/conf.d/apache2, the first defined virtual host elsewhere will be
+# the default.
+<VirtualHost *:80>
+	ServerName localhost
+	Include /etc/apache2/vhosts.d/default_vhost.include
+
+	<IfModule mpm_peruser_module>
+		ServerEnvironment apache apache
+	</IfModule>
+</VirtualHost>
+</IfDefine>
+
+# vim: ts=4 filetype=apache

apache2/vhosts.d/._cfg0000_default_vhost.include

@@ -0,0 +1,71 @@
+# ServerAdmin: Your address, where problems with the server should be
+# e-mailed.  This address appears on some server-generated pages, such
+# as error documents.  e.g. admin@your-domain.com
+ServerAdmin root@localhost
+
+# DocumentRoot: The directory out of which you will serve your
+# documents. By default, all requests are taken from this directory, but
+# symbolic links and aliases may be used to point to other locations.
+#
+# If you change this to something that isn't under /var/www then suexec
+# will no longer work.
+DocumentRoot "/var/www/localhost/htdocs"
+
+# This should be changed to whatever you set DocumentRoot to.
+<Directory "/var/www/localhost/htdocs">
+	# Possible values for the Options directive are "None", "All",
+	# or any combination of:
+	#   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
+	#
+	# Note that "MultiViews" must be named *explicitly* --- "Options All"
+	# doesn't give it to you.
+	#
+	# The Options directive is both complicated and important.  Please see
+	# http://httpd.apache.org/docs/2.4/mod/core.html#options
+	# for more information.
+	Options Indexes FollowSymLinks
+
+	# AllowOverride controls what directives may be placed in .htaccess files.
+	# It can be "All", "None", or any combination of the keywords:
+	#   Options FileInfo AuthConfig Limit
+	AllowOverride All
+
+	# Controls who can get stuff from this server.
+	Require all granted
+</Directory>
+
+<IfModule alias_module>
+	# Redirect: Allows you to tell clients about documents that used to
+	# exist in your server's namespace, but do not anymore. The client
+	# will make a new request for the document at its new location.
+	# Example:
+	#   Redirect permanent /foo http://www.example.com/bar
+
+	# Alias: Maps web paths into filesystem paths and is used to
+	# access content that does not live under the DocumentRoot.
+	# Example:
+	#   Alias /webpath /full/filesystem/path
+	#
+	# If you include a trailing / on /webpath then the server will
+	# require it to be present in the URL.  You will also likely
+	# need to provide a <Directory> section to allow access to
+	# the filesystem path.
+
+	# ScriptAlias: This controls which directories contain server scripts.
+	# ScriptAliases are essentially the same as Aliases, except that
+	# documents in the target directory are treated as applications and
+	# run by the server when requested rather than as documents sent to the
+	# client.  The same rules about trailing "/" apply to ScriptAlias
+	# directives as to Alias.
+	ScriptAlias /cgi-bin/ "/var/www/localhost/cgi-bin/"
+</IfModule>
+
+# "/var/www/localhost/cgi-bin" should be changed to whatever your ScriptAliased
+# CGI directory exists, if you have that configured.
+<Directory "/var/www/localhost/cgi-bin">
+	AllowOverride None
+	Options None
+	Require all granted
+</Directory>
+
+# vim: ts=4 filetype=apache

apache2/vhosts.d/00_default_ssl_vhost.conf

@@ -0,0 +1,179 @@
+<IfDefine SSL>
+<IfDefine SSL_DEFAULT_VHOST>
+<IfModule ssl_module>
+# see bug #178966 why this is in here
+
+# When we also provide SSL we have to listen to the HTTPS port
+# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
+# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
+Listen 443
+
+<VirtualHost _default_:443>
+	ServerName localhost
+	Include /etc/apache2/vhosts.d/default_vhost.include
+	ErrorLog /var/log/apache2/ssl_error_log
+
+	<IfModule log_config_module>
+		TransferLog /var/log/apache2/ssl_access_log
+	</IfModule>
+
+	## SSL Engine Switch:
+	# Enable/Disable SSL for this virtual host.
+	SSLEngine on
+
+	## SSL Cipher Suite:
+	# List the ciphers that the client is permitted to negotiate.
+	# See the mod_ssl documentation for a complete list.
+	SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+
+	## Server Certificate:
+	# Point SSLCertificateFile at a PEM encoded certificate. If the certificate
+	# is encrypted, then you will be prompted for a pass phrase. Note that a 
+	# kill -HUP will prompt again. Keep in mind that if you have both an RSA
+	# and a DSA certificate you can configure both in parallel (to also allow
+	# the use of DSA ciphers, etc.)
+	SSLCertificateFile /etc/ssl/apache2/server.crt
+
+	## Server Private Key:
+	# If the key is not combined with the certificate, use this directive to
+	# point at the key file. Keep in mind that if you've both a RSA and a DSA
+	# private key you can configure both in parallel (to also allow the use of
+	# DSA ciphers, etc.)
+	SSLCertificateKeyFile /etc/ssl/apache2/server.key
+
+	## Server Certificate Chain:
+	# Point SSLCertificateChainFile at a file containing the concatenation of 
+	# PEM encoded CA certificates which form the certificate chain for the
+	# server certificate. Alternatively the referenced file can be the same as
+	# SSLCertificateFile when the CA certificates are directly appended to the
+	# server certificate for convinience.
+	#SSLCertificateChainFile /etc/ssl/apache2/ca.crt
+
+	## Certificate Authority (CA):
+	# Set the CA certificate verification path where to find CA certificates
+	# for client authentication or alternatively one huge file containing all
+	# of them (file must be PEM encoded).
+	# Note: Inside SSLCACertificatePath you need hash symlinks to point to the
+	# certificate files. Use the provided Makefile to update the hash symlinks
+	# after changes.
+	#SSLCACertificatePath /etc/ssl/apache2/ssl.crt
+	#SSLCACertificateFile /etc/ssl/apache2/ca-bundle.crt
+
+	## Certificate Revocation Lists (CRL):
+	# Set the CA revocation path where to find CA CRLs for client authentication
+	# or alternatively one huge file containing all of them (file must be PEM 
+	# encoded).
+	# Note: Inside SSLCARevocationPath you need hash symlinks to point to the
+	# certificate files. Use the provided Makefile to update the hash symlinks
+	# after changes.
+	#SSLCARevocationPath /etc/ssl/apache2/ssl.crl
+	#SSLCARevocationFile /etc/ssl/apache2/ca-bundle.crl
+
+	## Client Authentication (Type):
+	# Client certificate verification type and depth. Types are none, optional,
+	# require and optional_no_ca. Depth is a number which specifies how deeply
+	# to verify the certificate issuer chain before deciding the certificate is
+	# not valid.
+	#SSLVerifyClient require
+	#SSLVerifyDepth  10
+
+	## Access Control:
+	# With SSLRequire you can do per-directory access control based on arbitrary
+	# complex boolean expressions containing server variable checks and other
+	# lookup directives. The syntax is a mixture between C and Perl. See the
+	# mod_ssl documentation for more details.
+	#<Location />
+	#	#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+	#	and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+	#	and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+	#	and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+	#	and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
+	#	or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+	#</Location>
+
+	## SSL Engine Options:
+	# Set various options for the SSL engine.
+
+	## FakeBasicAuth:
+	# Translate the client X.509 into a Basic Authorisation. This means that the
+	# standard Auth/DBMAuth methods can be used for access control. The user 
+	# name is the `one line' version of the client's X.509 certificate. 
+	# Note that no password is obtained from the user. Every entry in the user 
+	# file needs this password: `xxj31ZMTZzkVA'.
+
+	## ExportCertData:
+	# This exports two additional environment variables: SSL_CLIENT_CERT and 
+	# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the server
+	# (always existing) and the client (only existing when client 
+	# authentication is used). This can be used to import the certificates into
+	# CGI scripts.
+
+	## StdEnvVars:
+	# This exports the standard SSL/TLS related `SSL_*' environment variables. 
+	# Per default this exportation is switched off for performance reasons, 
+	# because the extraction step is an expensive operation and is usually 
+	# useless for serving static content. So one usually enables the exportation
+	# for CGI and SSI requests only.
+
+	## StrictRequire:
+	# This denies access when "SSLRequireSSL" or "SSLRequire" applied even under
+	# a "Satisfy any" situation, i.e. when it applies access is denied and no
+	# other module can change it.
+
+	## OptRenegotiate:
+	# This enables optimized SSL connection renegotiation handling when SSL 
+	# directives are used in per-directory context.
+	#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+	<FilesMatch "\.(cgi|shtml|phtml|php)$">
+		SSLOptions +StdEnvVars
+	</FilesMatch>
+
+	<Directory "/var/www/localhost/cgi-bin">
+		SSLOptions +StdEnvVars
+	</Directory>
+
+	## SSL Protocol Adjustments:
+	# The safe and default but still SSL/TLS standard compliant shutdown
+	# approach is that mod_ssl sends the close notify alert but doesn't wait
+	# for the close notify alert from client. When you need a different
+	# shutdown approach you can use one of the following variables:
+
+	## ssl-unclean-shutdown:
+	# This forces an unclean shutdown when the connection is closed, i.e. no
+	# SSL close notify alert is send or allowed to received.  This violates the
+	# SSL/TLS standard but is needed for some brain-dead browsers. Use this when
+	# you receive I/O errors because of the standard approach where mod_ssl
+	# sends the close notify alert.
+
+	## ssl-accurate-shutdown:
+	# This forces an accurate shutdown when the connection is closed, i.e. a
+	# SSL close notify alert is send and mod_ssl waits for the close notify
+	# alert of the client. This is 100% SSL/TLS standard compliant, but in
+	# practice often causes hanging connections with brain-dead browsers. Use
+	# this only for browsers where you know that their SSL implementation works
+	# correctly. 
+	# Notice: Most problems of broken clients are also related to the HTTP 
+	# keep-alive facility, so you usually additionally want to disable 
+	# keep-alive for those clients, too. Use variable "nokeepalive" for this.
+	# Similarly, one has to force some clients to use HTTP/1.0 to workaround
+	# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+	# "force-response-1.0" for this.
+	<IfModule setenvif_module>
+		BrowserMatch ".*MSIE.*" \
+			nokeepalive ssl-unclean-shutdown \
+			downgrade-1.0 force-response-1.0
+	</IfModule>
+
+	## Per-Server Logging:
+	# The home of a custom SSL log file. Use this when you want a compact 
+	# non-error SSL logfile on a virtual host basis.
+	<IfModule log_config_module>
+		CustomLog /var/log/apache2/ssl_request_log \
+			"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+	</IfModule>
+</VirtualHost>
+</IfModule>
+</IfDefine>
+</IfDefine>
+
+# vim: ts=4 filetype=apache

apache2/vhosts.d/00_default_vhost.conf

@@ -0,0 +1,48 @@
+# Virtual Hosts
+#
+# If you want to maintain multiple domains/hostnames on your
+# machine you can setup VirtualHost containers for them. Most configurations
+# use only name-based virtual hosts so the server doesn't need to worry about
+# IP addresses. This is indicated by the asterisks in the directives below.
+#
+# Please see the documentation at
+# <URL:http://httpd.apache.org/docs/2.2/vhosts/>
+# for further details before you try to setup virtual hosts.
+#
+# You may use the command line option '-S' to verify your virtual host
+# configuration.
+
+<IfDefine DEFAULT_VHOST>
+# see bug #178966 why this is in here
+
+# Listen: Allows you to bind Apache to specific IP addresses and/or
+# ports, instead of the default. See also the <VirtualHost>
+# directive.
+#
+# Change this to Listen on specific IP addresses as shown below to
+# prevent Apache from glomming onto all bound IP addresses.
+#
+#Listen 12.34.56.78:80
+Listen 80
+
+# Use name-based virtual hosting.
+NameVirtualHost *:80
+
+# When virtual hosts are enabled, the main host defined in the default
+# httpd.conf configuration will go away. We redefine it here so that it is
+# still available.
+#
+# If you disable this vhost by removing -D DEFAULT_VHOST from
+# /etc/conf.d/apache2, the first defined virtual host elsewhere will be
+# the default.
+<VirtualHost *:80>
+	ServerName localhost
+	Include /etc/apache2/vhosts.d/default_vhost.include
+
+	<IfModule mpm_peruser_module>
+		ServerEnvironment apache apache
+	</IfModule>
+</VirtualHost>
+</IfDefine>
+
+# vim: ts=4 filetype=apache

apache2/vhosts.d/default_vhost.include

@@ -0,0 +1,73 @@
+# ServerAdmin: Your address, where problems with the server should be
+# e-mailed.  This address appears on some server-generated pages, such
+# as error documents.  e.g. admin@your-domain.com
+ServerAdmin root@localhost
+
+# DocumentRoot: The directory out of which you will serve your
+# documents. By default, all requests are taken from this directory, but
+# symbolic links and aliases may be used to point to other locations.
+#
+# If you change this to something that isn't under /var/www then suexec
+# will no longer work.
+DocumentRoot "/var/www/localhost/htdocs"
+
+# This should be changed to whatever you set DocumentRoot to.
+<Directory "/var/www/localhost/htdocs">
+	# Possible values for the Options directive are "None", "All",
+	# or any combination of:
+	#   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
+	#
+	# Note that "MultiViews" must be named *explicitly* --- "Options All"
+	# doesn't give it to you.
+	#
+	# The Options directive is both complicated and important.  Please see
+	# http://httpd.apache.org/docs/2.2/mod/core.html#options
+	# for more information.
+	Options Indexes FollowSymLinks
+
+	# AllowOverride controls what directives may be placed in .htaccess files.
+	# It can be "All", "None", or any combination of the keywords:
+	#   Options FileInfo AuthConfig Limit
+	AllowOverride All
+
+	# Controls who can get stuff from this server.
+	Order allow,deny
+	Allow from all
+</Directory>
+
+<IfModule alias_module>
+	# Redirect: Allows you to tell clients about documents that used to
+	# exist in your server's namespace, but do not anymore. The client
+	# will make a new request for the document at its new location.
+	# Example:
+	#   Redirect permanent /foo http://www.example.com/bar
+
+	# Alias: Maps web paths into filesystem paths and is used to
+	# access content that does not live under the DocumentRoot.
+	# Example:
+	#   Alias /webpath /full/filesystem/path
+	#
+	# If you include a trailing / on /webpath then the server will
+	# require it to be present in the URL.  You will also likely
+	# need to provide a <Directory> section to allow access to
+	# the filesystem path.
+
+	# ScriptAlias: This controls which directories contain server scripts.
+	# ScriptAliases are essentially the same as Aliases, except that
+	# documents in the target directory are treated as applications and
+	# run by the server when requested rather than as documents sent to the
+	# client.  The same rules about trailing "/" apply to ScriptAlias
+	# directives as to Alias.
+	ScriptAlias /cgi-bin/ "/var/www/localhost/cgi-bin/"
+</IfModule>
+
+# "/var/www/localhost/cgi-bin" should be changed to whatever your ScriptAliased
+# CGI directory exists, if you have that configured.
+<Directory "/var/www/localhost/cgi-bin">
+	AllowOverride None
+	Options None
+	Order allow,deny
+	Allow from all
+</Directory>
+
+# vim: ts=4 filetype=apache