diff --git a/SPECS/00-base.conf b/SPECS/00-base.conf
new file mode 100644
index 0000000..28dacb3
--- /dev/null
+++ b/SPECS/00-base.conf
@@ -0,0 +1,68 @@
+#
+# This file loads most of the modules included with the Apache HTTP
+# Server itself.
+#
+
+LoadModule access_compat_module modules/mod_access_compat.so
+LoadModule actions_module modules/mod_actions.so
+LoadModule alias_module modules/mod_alias.so
+LoadModule allowmethods_module modules/mod_allowmethods.so
+LoadModule auth_basic_module modules/mod_auth_basic.so
+LoadModule auth_digest_module modules/mod_auth_digest.so
+LoadModule authn_anon_module modules/mod_authn_anon.so
+LoadModule authn_core_module modules/mod_authn_core.so
+LoadModule authn_dbd_module modules/mod_authn_dbd.so
+LoadModule authn_dbm_module modules/mod_authn_dbm.so
+LoadModule authn_file_module modules/mod_authn_file.so
+LoadModule authn_socache_module modules/mod_authn_socache.so
+LoadModule authz_core_module modules/mod_authz_core.so
+LoadModule authz_dbd_module modules/mod_authz_dbd.so
+LoadModule authz_dbm_module modules/mod_authz_dbm.so
+LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
+LoadModule authz_host_module modules/mod_authz_host.so
+LoadModule authz_owner_module modules/mod_authz_owner.so
+LoadModule authz_user_module modules/mod_authz_user.so
+LoadModule autoindex_module modules/mod_autoindex.so
+LoadModule brotli_module modules/mod_brotli.so
+LoadModule cache_module modules/mod_cache.so
+LoadModule cache_disk_module modules/mod_cache_disk.so
+LoadModule cache_socache_module modules/mod_cache_socache.so
+LoadModule data_module modules/mod_data.so
+LoadModule dbd_module modules/mod_dbd.so
+LoadModule deflate_module modules/mod_deflate.so
+LoadModule dir_module modules/mod_dir.so
+LoadModule dumpio_module modules/mod_dumpio.so
+LoadModule echo_module modules/mod_echo.so
+LoadModule env_module modules/mod_env.so
+LoadModule expires_module modules/mod_expires.so
+LoadModule ext_filter_module modules/mod_ext_filter.so
+LoadModule filter_module modules/mod_filter.so
+LoadModule headers_module modules/mod_headers.so
+LoadModule include_module modules/mod_include.so
+LoadModule info_module modules/mod_info.so
+LoadModule log_config_module modules/mod_log_config.so
+LoadModule logio_module modules/mod_logio.so
+LoadModule macro_module modules/mod_macro.so
+LoadModule mime_magic_module modules/mod_mime_magic.so
+LoadModule mime_module modules/mod_mime.so
+LoadModule negotiation_module modules/mod_negotiation.so
+LoadModule remoteip_module modules/mod_remoteip.so
+LoadModule reqtimeout_module modules/mod_reqtimeout.so
+LoadModule request_module modules/mod_request.so
+LoadModule rewrite_module modules/mod_rewrite.so
+LoadModule setenvif_module modules/mod_setenvif.so
+LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
+LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
+LoadModule socache_dbm_module modules/mod_socache_dbm.so
+LoadModule socache_memcache_module modules/mod_socache_memcache.so
+LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
+LoadModule status_module modules/mod_status.so
+LoadModule substitute_module modules/mod_substitute.so
+LoadModule suexec_module modules/mod_suexec.so
+LoadModule unique_id_module modules/mod_unique_id.so
+LoadModule unixd_module modules/mod_unixd.so
+LoadModule userdir_module modules/mod_userdir.so
+LoadModule version_module modules/mod_version.so
+LoadModule vhost_alias_module modules/mod_vhost_alias.so
+LoadModule watchdog_module modules/mod_watchdog.so
+
diff --git a/SPECS/00-dav.conf b/SPECS/00-dav.conf
new file mode 100644
index 0000000..e6af8de
--- /dev/null
+++ b/SPECS/00-dav.conf
@@ -0,0 +1,3 @@
+LoadModule dav_module modules/mod_dav.so
+LoadModule dav_fs_module modules/mod_dav_fs.so
+LoadModule dav_lock_module modules/mod_dav_lock.so
diff --git a/SPECS/00-lua.conf b/SPECS/00-lua.conf
new file mode 100644
index 0000000..9e0d0db
--- /dev/null
+++ b/SPECS/00-lua.conf
@@ -0,0 +1 @@
+LoadModule lua_module modules/mod_lua.so
diff --git a/SPECS/00-mpm.conf b/SPECS/00-mpm.conf
new file mode 100644
index 0000000..a4a70b8
--- /dev/null
+++ b/SPECS/00-mpm.conf
@@ -0,0 +1,23 @@
+# Select the MPM module which should be used by uncommenting exactly
+# one of the following LoadModule lines. See the httpd.conf(5) man
+# page for more information on changing the MPM.
+
+# prefork MPM: Implements a non-threaded, pre-forking web server
+# See: http://httpd.apache.org/docs/2.4/mod/prefork.html
+#
+# NOTE: If enabling prefork, the httpd_graceful_shutdown SELinux
+# boolean should be enabled, to allow graceful stop/shutdown.
+#
+#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
+
+# worker MPM: Multi-Processing Module implementing a hybrid
+# multi-threaded multi-process web server
+# See: http://httpd.apache.org/docs/2.4/mod/worker.html
+#
+#LoadModule mpm_worker_module modules/mod_mpm_worker.so
+
+# event MPM: A variant of the worker MPM with the goal of consuming
+# threads only for connections with active processing
+# See: http://httpd.apache.org/docs/2.4/mod/event.html
+#
+#LoadModule mpm_event_module modules/mod_mpm_event.so
diff --git a/SPECS/00-optional.conf b/SPECS/00-optional.conf
new file mode 100644
index 0000000..ef584ec
--- /dev/null
+++ b/SPECS/00-optional.conf
@@ -0,0 +1,18 @@
+#
+# This file lists modules included with the Apache HTTP Server
+# which are not enabled by default.
+#
+
+#LoadModule asis_module modules/mod_asis.so
+#LoadModule buffer_module modules/mod_buffer.so
+#LoadModule heartbeat_module modules/mod_heartbeat.so
+#LoadModule heartmonitor_module modules/mod_heartmonitor.so
+#LoadModule usertrack_module modules/mod_usertrack.so
+#LoadModule dialup_module modules/mod_dialup.so
+#LoadModule charset_lite_module modules/mod_charset_lite.so
+#LoadModule log_debug_module modules/mod_log_debug.so
+#LoadModule log_forensic_module modules/mod_log_forensic.so
+#LoadModule ratelimit_module modules/mod_ratelimit.so
+#LoadModule reflector_module modules/mod_reflector.so
+#LoadModule sed_module modules/mod_sed.so
+#LoadModule speling_module modules/mod_speling.so
diff --git a/SPECS/00-proxy.conf b/SPECS/00-proxy.conf
new file mode 100644
index 0000000..f0f84c2
--- /dev/null
+++ b/SPECS/00-proxy.conf
@@ -0,0 +1,18 @@
+# This file configures all the proxy modules:
+LoadModule proxy_module modules/mod_proxy.so
+LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
+LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
+LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
+LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so
+LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
+LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
+LoadModule proxy_connect_module modules/mod_proxy_connect.so
+LoadModule proxy_express_module modules/mod_proxy_express.so
+LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
+LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so
+LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
+LoadModule proxy_http_module modules/mod_proxy_http.so
+LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so
+LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
+LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
+LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
diff --git a/SPECS/00-proxyhtml.conf b/SPECS/00-proxyhtml.conf
new file mode 100644
index 0000000..9a9b107
--- /dev/null
+++ b/SPECS/00-proxyhtml.conf
@@ -0,0 +1,3 @@
+# This file configures mod_proxy_html and mod_xml2enc:
+LoadModule xml2enc_module modules/mod_xml2enc.so
+LoadModule proxy_html_module modules/mod_proxy_html.so
diff --git a/SPECS/00-ssl.conf b/SPECS/00-ssl.conf
new file mode 100644
index 0000000..53235cd
--- /dev/null
+++ b/SPECS/00-ssl.conf
@@ -0,0 +1 @@
+LoadModule ssl_module modules/mod_ssl.so
diff --git a/SPECS/00-systemd.conf b/SPECS/00-systemd.conf
new file mode 100644
index 0000000..b208c97
--- /dev/null
+++ b/SPECS/00-systemd.conf
@@ -0,0 +1,2 @@
+# This file configures systemd module:
+LoadModule systemd_module modules/mod_systemd.so
diff --git a/SPECS/01-cgi.conf b/SPECS/01-cgi.conf
new file mode 100644
index 0000000..5b8b936
--- /dev/null
+++ b/SPECS/01-cgi.conf
@@ -0,0 +1,14 @@
+# This configuration file loads a CGI module appropriate to the MPM
+# which has been configured in 00-mpm.conf. mod_cgid should be used
+# with a threaded MPM; mod_cgi with the prefork MPM.
+
+
+ LoadModule cgid_module modules/mod_cgid.so
+
+
+ LoadModule cgid_module modules/mod_cgid.so
+
+
+ LoadModule cgi_module modules/mod_cgi.so
+
+
diff --git a/SPECS/01-ldap.conf b/SPECS/01-ldap.conf
new file mode 100644
index 0000000..f2ac2a2
--- /dev/null
+++ b/SPECS/01-ldap.conf
@@ -0,0 +1,3 @@
+# This file configures the LDAP modules:
+LoadModule ldap_module modules/mod_ldap.so
+LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
diff --git a/SPECS/01-session.conf b/SPECS/01-session.conf
new file mode 100644
index 0000000..f8d4d92
--- /dev/null
+++ b/SPECS/01-session.conf
@@ -0,0 +1,6 @@
+LoadModule session_module modules/mod_session.so
+LoadModule session_cookie_module modules/mod_session_cookie.so
+LoadModule session_dbd_module modules/mod_session_dbd.so
+LoadModule auth_form_module modules/mod_auth_form.so
+
+#LoadModule session_crypto_module modules/mod_session_crypto.so
diff --git a/SPECS/10-listen443.conf b/SPECS/10-listen443.conf
new file mode 100644
index 0000000..7e2df97
--- /dev/null
+++ b/SPECS/10-listen443.conf
@@ -0,0 +1,5 @@
+# This file is part of mod_ssl. It enables listening on port 443 when
+# socket activation is used.
+
+[Socket]
+ListenStream=443
diff --git a/SPECS/README.confd b/SPECS/README.confd
new file mode 100644
index 0000000..6071deb
--- /dev/null
+++ b/SPECS/README.confd
@@ -0,0 +1,9 @@
+
+This directory holds configuration files for the Apache HTTP Server;
+any files in this directory which have the ".conf" extension will be
+processed as httpd configuration files. The directory is used in
+addition to the directory /etc/httpd/conf.modules.d/, which contains
+configuration files necessary to load modules.
+
+Files are processed in sorted order. See httpd.conf(5) for more
+information.
diff --git a/SPECS/README.confmod b/SPECS/README.confmod
new file mode 100644
index 0000000..f4b055d
--- /dev/null
+++ b/SPECS/README.confmod
@@ -0,0 +1,10 @@
+
+This directory holds configuration files for the Apache HTTP Server;
+any files in this directory which have the ".conf" extension will be
+processed as httpd configuration files. This directory contains
+configuration fragments necessary only to load modules.
+Administrators should use the directory "/etc/httpd/conf.d" to modify
+the configuration of httpd, or any modules.
+
+Files are processed in sorted order and should have a two digit
+numeric prefix. See httpd.conf(5) for more information.
diff --git a/SPECS/action-configtest.sh b/SPECS/action-configtest.sh
new file mode 100644
index 0000000..6685b0a
--- /dev/null
+++ b/SPECS/action-configtest.sh
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /sbin/apachectl configtest "$@"
diff --git a/SPECS/action-graceful.sh b/SPECS/action-graceful.sh
new file mode 100644
index 0000000..dc68b2e
--- /dev/null
+++ b/SPECS/action-graceful.sh
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /sbin/apachectl graceful "$@"
diff --git a/SPECS/centos-noindex-8.0.tar.gz b/SPECS/centos-noindex-8.0.tar.gz
new file mode 100644
index 0000000..0beaccc
Binary files /dev/null and b/SPECS/centos-noindex-8.0.tar.gz differ
diff --git a/SPECS/config.layout b/SPECS/config.layout
new file mode 100644
index 0000000..3a9f6c8
--- /dev/null
+++ b/SPECS/config.layout
@@ -0,0 +1,24 @@
+# Layout used in Fedora httpd packaging.
+
+ prefix: /etc/httpd
+ localstatedir: /var
+ exec_prefix: /usr
+ bindir: ${exec_prefix}/bin
+ sbindir: ${exec_prefix}/sbin
+ libdir: ${exec_prefix}/lib
+ libexecdir: ${exec_prefix}/libexec
+ mandir: ${exec_prefix}/man
+ sysconfdir: /etc/httpd/conf
+ datadir: ${exec_prefix}/share/httpd
+ installbuilddir: ${libdir}/httpd/build
+ errordir: ${datadir}/error
+ iconsdir: ${datadir}/icons
+ htdocsdir: ${localstatedir}/www/html
+ manualdir: ${datadir}/manual
+ cgidir: ${localstatedir}/www/cgi-bin
+ includedir: ${exec_prefix}/include/httpd
+ runtimedir: ${prefix}/run
+ logfiledir: ${localstatedir}/log/httpd
+ statedir: ${prefix}/state
+ proxycachedir: ${localstatedir}/cache/httpd/proxy
+
diff --git a/SPECS/htcacheclean.service b/SPECS/htcacheclean.service
new file mode 100644
index 0000000..d1e9d60
--- /dev/null
+++ b/SPECS/htcacheclean.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Disk Cache Cleaning Daemon for the Apache HTTP Server
+After=httpd.service
+Documentation=man:htcacheclean.service(8)
+
+[Service]
+Type=forking
+User=apache
+PIDFile=/run/httpd/htcacheclean/pid
+EnvironmentFile=/etc/sysconfig/htcacheclean
+ExecStart=/usr/sbin/htcacheclean -P /run/httpd/htcacheclean/pid -d $INTERVAL -p $CACHE_ROOT -l $LIMIT $OPTIONS
diff --git a/SPECS/htcacheclean.service.xml b/SPECS/htcacheclean.service.xml
new file mode 100644
index 0000000..01b68e4
--- /dev/null
+++ b/SPECS/htcacheclean.service.xml
@@ -0,0 +1,123 @@
+
+
+
+
+
+ htcacheclean systemd unit
+ httpd
+ AuthorOrtonJoejorton@redhat.com
+
+
+
+ htcacheclean.service
+ 8
+
+
+
+ htcacheclean.service
+ htcacheclean unit file for systemd
+
+
+
+
+ /usr/lib/systemd/system/htcacheclean.service
+
+
+
+
+ Description
+
+ This manual page describes the systemd
+ unit file for the htcacheclean daemon. This
+ unit file provides a service which runs
+ htcacheclean in daemon mode,
+ periodically cleaning the disk cache root to ensure disk space
+ usage is within configured limits.
+
+
+
+
+ Options
+
+ The service is configured by configuration file
+ /etc/sysconfig/htcacheclean. The following
+ variables are used, following standard systemd
+ EnvironmentFile= syntax:
+
+
+
+ INTERVAL=
+
+ Sets the interval between cache clean runs, in
+ minutes. By default this is configured as
+ 15.
+
+
+
+ CACHE_ROOT=
+
+ Sets the directory name used for the cache
+ root. By default this is configured as
+ /var/cache/httpd/proxy.
+
+
+
+ LIMIT=
+
+ Sets the total disk cache space limit, in
+ bytes. Use a K or M
+ suffix to signify kilobytes or megabytes. By default this is
+ set to 100M.
+
+
+
+ OPTIONS=
+
+ Any other options to pass to
+ htcacheclean.
+
+
+
+
+
+ Files
+
+ /usr/lib/systemd/system/htcacheclean.service,
+ /etc/sysconfig/htcacheclean
+
+
+
+ See also
+
+
+ htcacheclean8,
+ httpd8,
+ httpd.service8,
+ systemd.exec8
+
+
+
+
+
+
diff --git a/SPECS/htcacheclean.sysconf b/SPECS/htcacheclean.sysconf
new file mode 100644
index 0000000..fffa17b
--- /dev/null
+++ b/SPECS/htcacheclean.sysconf
@@ -0,0 +1,16 @@
+#
+# Configuration options for systemd service, htcacheclean.service.
+# See htcacheclean(8) for more information on available options.
+#
+
+# Interval between cache clean runs, in minutes
+INTERVAL=15
+
+# Default cache root.
+CACHE_ROOT=/var/cache/httpd/proxy
+
+# Cache size limit in bytes (K=Kbytes, M=Mbytes)
+LIMIT=100M
+
+# Any other options...
+OPTIONS=
diff --git a/SPECS/httpd-2.4.37.tar.bz2 b/SPECS/httpd-2.4.37.tar.bz2
new file mode 100644
index 0000000..7fb32f9
Binary files /dev/null and b/SPECS/httpd-2.4.37.tar.bz2 differ
diff --git a/SPECS/httpd-init.service b/SPECS/httpd-init.service
new file mode 100644
index 0000000..3074778
--- /dev/null
+++ b/SPECS/httpd-init.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=One-time temporary TLS key generation for httpd.service
+Documentation=man:httpd-init.service(8)
+
+ConditionPathExists=|!/etc/pki/tls/certs/localhost.crt
+ConditionPathExists=|!/etc/pki/tls/private/localhost.key
+
+[Service]
+Type=oneshot
+RemainAfterExit=no
+
+ExecStart=/usr/libexec/httpd-ssl-gencerts
diff --git a/SPECS/httpd-ssl-gencerts b/SPECS/httpd-ssl-gencerts
new file mode 100755
index 0000000..350f5b5
--- /dev/null
+++ b/SPECS/httpd-ssl-gencerts
@@ -0,0 +1,39 @@
+#!/usr/bin/bash
+
+set -e
+
+FQDN=`hostname`
+ssldotconf=/etc/httpd/conf.d/ssl.conf
+
+if test -f /etc/pki/tls/certs/localhost.crt -a \
+ -f /etc/pki/tls/private/localhost.key; then
+ exit 0
+fi
+
+if test -f /etc/pki/tls/certs/localhost.crt -a \
+ ! -f /etc/pki/tls/private/localhost.key; then
+ echo "Missing certificate key!"
+ exit 1
+fi
+
+if test ! -f /etc/pki/tls/certs/localhost.crt -a \
+ -f /etc/pki/tls/private/localhost.key; then
+ echo "Missing certificate, but key is present!"
+ exit 1
+fi
+
+if ! test -f ${ssldotconf} || \
+ ! grep -q '^SSLCertificateFile /etc/pki/tls/certs/localhost.crt' ${ssldotconf} || \
+ ! grep -q '^SSLCertificateKeyFile /etc/pki/tls/private/localhost.key' ${ssldotconf}; then
+ # Non-default configuration, do nothing.
+ exit 0
+fi
+
+sscg -q \
+ --cert-file /etc/pki/tls/certs/localhost.crt \
+ --cert-key-file /etc/pki/tls/private/localhost.key \
+ --ca-file /etc/pki/tls/certs/localhost.crt \
+ --lifetime 365 \
+ --hostname $FQDN \
+ --email root@$FQDN
+
diff --git a/SPECS/httpd-ssl-pass-dialog b/SPECS/httpd-ssl-pass-dialog
new file mode 100755
index 0000000..79318a6
--- /dev/null
+++ b/SPECS/httpd-ssl-pass-dialog
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+exec /bin/systemd-ask-password "Enter TLS private key passphrase for $1 ($2) : "
diff --git a/SPECS/httpd.conf b/SPECS/httpd.conf
new file mode 100644
index 0000000..6ab68cb
--- /dev/null
+++ b/SPECS/httpd.conf
@@ -0,0 +1,356 @@
+#
+# This is the main Apache HTTP server configuration file. It contains the
+# configuration directives that give the server its instructions.
+# See for detailed information.
+# In particular, see
+#
+# for a discussion of each configuration directive.
+#
+# See the httpd.conf(5) man page for more information on this configuration,
+# and httpd.service(8) on using and configuring the httpd service.
+#
+# Do NOT simply read the instructions in here without understanding
+# what they do. They're here only as hints or reminders. If you are unsure
+# consult the online docs. You have been warned.
+#
+# Configuration and logfile names: If the filenames you specify for many
+# of the server's control files begin with "/" (or "drive:/" for Win32), the
+# server will use that explicit path. If the filenames do *not* begin
+# with "/", the value of ServerRoot is prepended -- so 'log/access_log'
+# with ServerRoot set to '/www' will be interpreted by the
+# server as '/www/log/access_log', where as '/log/access_log' will be
+# interpreted as '/log/access_log'.
+
+#
+# ServerRoot: The top of the directory tree under which the server's
+# configuration, error, and log files are kept.
+#
+# Do not add a slash at the end of the directory path. If you point
+# ServerRoot at a non-local disk, be sure to specify a local disk on the
+# Mutex directive, if file-based mutexes are used. If you wish to share the
+# same ServerRoot for multiple httpd daemons, you will need to change at
+# least PidFile.
+#
+ServerRoot "/etc/httpd"
+
+#
+# Listen: Allows you to bind Apache to specific IP addresses and/or
+# ports, instead of the default. See also the
+# directive.
+#
+# Change this to Listen on specific IP addresses as shown below to
+# prevent Apache from glomming onto all bound IP addresses.
+#
+#Listen 12.34.56.78:80
+Listen 80
+
+#
+# Dynamic Shared Object (DSO) Support
+#
+# To be able to use the functionality of a module which was built as a DSO you
+# have to place corresponding `LoadModule' lines at this location so the
+# directives contained in it are actually available _before_ they are used.
+# Statically compiled modules (those listed by `httpd -l') do not need
+# to be loaded here.
+#
+# Example:
+# LoadModule foo_module modules/mod_foo.so
+#
+Include conf.modules.d/*.conf
+
+#
+# If you wish httpd to run as a different user or group, you must run
+# httpd as root initially and it will switch.
+#
+# User/Group: The name (or #number) of the user/group to run httpd as.
+# It is usually good practice to create a dedicated user and group for
+# running httpd, as with most system services.
+#
+User apache
+Group apache
+
+# 'Main' server configuration
+#
+# The directives in this section set up the values used by the 'main'
+# server, which responds to any requests that aren't handled by a
+# definition. These values also provide defaults for
+# any containers you may define later in the file.
+#
+# All of these directives may appear inside containers,
+# in which case these default settings will be overridden for the
+# virtual host being defined.
+#
+
+#
+# ServerAdmin: Your address, where problems with the server should be
+# e-mailed. This address appears on some server-generated pages, such
+# as error documents. e.g. admin@your-domain.com
+#
+ServerAdmin root@localhost
+
+#
+# ServerName gives the name and port that the server uses to identify itself.
+# This can often be determined automatically, but we recommend you specify
+# it explicitly to prevent problems during startup.
+#
+# If your host doesn't have a registered DNS name, enter its IP address here.
+#
+#ServerName www.example.com:80
+
+#
+# Deny access to the entirety of your server's filesystem. You must
+# explicitly permit access to web content directories in other
+# blocks below.
+#
+
+ AllowOverride none
+ Require all denied
+
+
+#
+# Note that from this point forward you must specifically allow
+# particular features to be enabled - so if something's not working as
+# you might expect, make sure that you have specifically enabled it
+# below.
+#
+
+#
+# DocumentRoot: The directory out of which you will serve your
+# documents. By default, all requests are taken from this directory, but
+# symbolic links and aliases may be used to point to other locations.
+#
+DocumentRoot "/var/www/html"
+
+#
+# Relax access to content within /var/www.
+#
+
+ AllowOverride None
+ # Allow open access:
+ Require all granted
+
+
+# Further relax access to the default document root:
+
+ #
+ # Possible values for the Options directive are "None", "All",
+ # or any combination of:
+ # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
+ #
+ # Note that "MultiViews" must be named *explicitly* --- "Options All"
+ # doesn't give it to you.
+ #
+ # The Options directive is both complicated and important. Please see
+ # http://httpd.apache.org/docs/2.4/mod/core.html#options
+ # for more information.
+ #
+ Options Indexes FollowSymLinks
+
+ #
+ # AllowOverride controls what directives may be placed in .htaccess files.
+ # It can be "All", "None", or any combination of the keywords:
+ # Options FileInfo AuthConfig Limit
+ #
+ AllowOverride None
+
+ #
+ # Controls who can get stuff from this server.
+ #
+ Require all granted
+
+
+#
+# DirectoryIndex: sets the file that Apache will serve if a directory
+# is requested.
+#
+
+ DirectoryIndex index.html
+
+
+#
+# The following lines prevent .htaccess and .htpasswd files from being
+# viewed by Web clients.
+#
+
+ Require all denied
+
+
+#
+# ErrorLog: The location of the error log file.
+# If you do not specify an ErrorLog directive within a
+# container, error messages relating to that virtual host will be
+# logged here. If you *do* define an error logfile for a
+# container, that host's errors will be logged there and not here.
+#
+ErrorLog "logs/error_log"
+
+#
+# LogLevel: Control the number of messages logged to the error_log.
+# Possible values include: debug, info, notice, warn, error, crit,
+# alert, emerg.
+#
+LogLevel warn
+
+
+ #
+ # The following directives define some format nicknames for use with
+ # a CustomLog directive (see below).
+ #
+ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+ LogFormat "%h %l %u %t \"%r\" %>s %b" common
+
+
+ # You need to enable mod_logio.c to use %I and %O
+ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
+
+
+ #
+ # The location and format of the access logfile (Common Logfile Format).
+ # If you do not define any access logfiles within a
+ # container, they will be logged here. Contrariwise, if you *do*
+ # define per- access logfiles, transactions will be
+ # logged therein and *not* in this file.
+ #
+ #CustomLog "logs/access_log" common
+
+ #
+ # If you prefer a logfile with access, agent, and referer information
+ # (Combined Logfile Format) you can use the following directive.
+ #
+ CustomLog "logs/access_log" combined
+
+
+
+ #
+ # Redirect: Allows you to tell clients about documents that used to
+ # exist in your server's namespace, but do not anymore. The client
+ # will make a new request for the document at its new location.
+ # Example:
+ # Redirect permanent /foo http://www.example.com/bar
+
+ #
+ # Alias: Maps web paths into filesystem paths and is used to
+ # access content that does not live under the DocumentRoot.
+ # Example:
+ # Alias /webpath /full/filesystem/path
+ #
+ # If you include a trailing / on /webpath then the server will
+ # require it to be present in the URL. You will also likely
+ # need to provide a section to allow access to
+ # the filesystem path.
+
+ #
+ # ScriptAlias: This controls which directories contain server scripts.
+ # ScriptAliases are essentially the same as Aliases, except that
+ # documents in the target directory are treated as applications and
+ # run by the server when requested rather than as documents sent to the
+ # client. The same rules about trailing "/" apply to ScriptAlias
+ # directives as to Alias.
+ #
+ ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
+
+
+
+#
+# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
+# CGI directory exists, if you have that configured.
+#
+
+ AllowOverride None
+ Options None
+ Require all granted
+
+
+
+ #
+ # TypesConfig points to the file containing the list of mappings from
+ # filename extension to MIME-type.
+ #
+ TypesConfig /etc/mime.types
+
+ #
+ # AddType allows you to add to or override the MIME configuration
+ # file specified in TypesConfig for specific file types.
+ #
+ #AddType application/x-gzip .tgz
+ #
+ # AddEncoding allows you to have certain browsers uncompress
+ # information on the fly. Note: Not all browsers support this.
+ #
+ #AddEncoding x-compress .Z
+ #AddEncoding x-gzip .gz .tgz
+ #
+ # If the AddEncoding directives above are commented-out, then you
+ # probably should define those extensions to indicate media types:
+ #
+ AddType application/x-compress .Z
+ AddType application/x-gzip .gz .tgz
+
+ #
+ # AddHandler allows you to map certain file extensions to "handlers":
+ # actions unrelated to filetype. These can be either built into the server
+ # or added with the Action directive (see below)
+ #
+ # To use CGI scripts outside of ScriptAliased directories:
+ # (You will also need to add "ExecCGI" to the "Options" directive.)
+ #
+ #AddHandler cgi-script .cgi
+
+ # For type maps (negotiated resources):
+ #AddHandler type-map var
+
+ #
+ # Filters allow you to process content before it is sent to the client.
+ #
+ # To parse .shtml files for server-side includes (SSI):
+ # (You will also need to add "Includes" to the "Options" directive.)
+ #
+ AddType text/html .shtml
+ AddOutputFilter INCLUDES .shtml
+
+
+#
+# Specify a default charset for all content served; this enables
+# interpretation of all content as UTF-8 by default. To use the
+# default browser choice (ISO-8859-1), or to allow the META tags
+# in HTML content to override this choice, comment out this
+# directive:
+#
+AddDefaultCharset UTF-8
+
+
+ #
+ # The mod_mime_magic module allows the server to use various hints from the
+ # contents of the file itself to determine its type. The MIMEMagicFile
+ # directive tells the module where the hint definitions are located.
+ #
+ MIMEMagicFile conf/magic
+
+
+#
+# Customizable error responses come in three flavors:
+# 1) plain text 2) local redirects 3) external redirects
+#
+# Some examples:
+#ErrorDocument 500 "The server made a boo boo."
+#ErrorDocument 404 /missing.html
+#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
+#ErrorDocument 402 http://www.example.com/subscription_info.html
+#
+
+#
+# EnableMMAP and EnableSendfile: On systems that support it,
+# memory-mapping or the sendfile syscall may be used to deliver
+# files. This usually improves server performance, but must
+# be turned off when serving from networked-mounted
+# filesystems or if support for these functions is otherwise
+# broken on your system.
+# Defaults if commented: EnableMMAP On, EnableSendfile Off
+#
+#EnableMMAP off
+EnableSendfile on
+
+# Supplemental configuration
+#
+# Load config files in the "/etc/httpd/conf.d" directory, if any.
+IncludeOptional conf.d/*.conf
diff --git a/SPECS/httpd.conf.xml b/SPECS/httpd.conf.xml
new file mode 100644
index 0000000..705e527
--- /dev/null
+++ b/SPECS/httpd.conf.xml
@@ -0,0 +1,259 @@
+
+
+
+
+
+
+ httpd.conf
+ httpd
+ AuthorOrtonJoejorton@redhat.com
+
+
+
+ httpd.conf
+ 5
+
+
+
+ httpd.conf
+ Configuration files for httpd
+
+
+
+
+ /etc/httpd/conf/httpd.conf,
+ /etc/httpd/conf.modules.d,
+ /etc/httpd/conf.d
+
+
+
+
+ Description
+
+ The main configuration file for the httpd daemon is
+ /etc/httpd/conf/httpd.conf. The syntax of
+ this file is described at , and
+ the full set of available directives is listed at .
+
+
+
+ Configuration structure
+
+ The main configuration file
+ (httpd.conf) sets up various defaults and
+ includes configuration files from two directories -
+ /etc/httpd/conf.modules.d and
+ /etc/httpd/conf.d. Packages containing
+ loadable modules (like ) place files
+ in the conf.modules.d directory with the
+ appropriate directive so that module
+ is loaded by default.
+
+ Some notable configured defaults are:.
+
+
+
+
+ The default document root from which content
+ is served.
+
+
+
+ The daemon lists on TCP port 80.
+
+
+
+ Error messages are logged to
+ @LOGDIR@/error_log.
+
+
+
+ CGI scripts are served via the URL-path .
+
+
+
+
+ To remove any of the default configuration provided in
+ separate files covered below, replace that file with an empty
+ file rather than removing it from the filesystem, otherwise it
+ may be restored to the original when the package which provides
+ it is upgraded.
+
+
+
+
+ MPM configuration
+
+ The configuration file at
+ /etc/httpd/conf.modules.d/00-mpm.conf is
+ used to select the multi-processing module (MPM), which governs
+ how httpd divides work between processes
+ and/or threads at run-time. Exactly one
+ directive must be uncommented in
+ this file; by default the MPM is enabled.
+ For more information on MPMs, see .
+
+ If using the prefork MPM, the
+ "httpd_graceful_shutdown" SELinux boolean should also be
+ enabled, since with this MPM, httpd needs to establish TCP
+ connections to local ports to successfully complete a graceful
+ restart or shutdown. This boolean can be enabled by running the
+ command: semanage boolean -m --on
+ httpd_graceful_shutdown
+
+
+
+ Module configuration files
+
+ Module configuration files are provided in the
+ /etc/httpd/conf.modules.d/ directory. Filenames
+ in this directory are by convention prefixed with two digit numeric
+ prefix to ensure they are processed in the desired order. Core
+ modules provide with the httpd package are
+ loaded by files with a prefix to ensure
+ these are loaded first. Only filenames with a
+ suffix in this directory will be
+ processed.
+
+ Other provided configuration files are listed below.
+
+
+
+ /etc/httpd/conf.modules.d/00-base.conf
+ The set of core modules included with
+ httpd which are all loaded by
+ default.
+
+
+
+ /etc/httpd/conf.modules.d/00-optional.conf
+ The set of non-core modules included with
+ httpd which are not
+ loaded by default.
+
+
+
+
+ /etc/httpd/conf.modules.d/00-systemd.conf
+ This file loads
+ which is necessary for the correct operation of the
+ httpd.service service, and should not be
+ removed or disabled.
+
+
+
+
+
+
+ Other configuration files
+
+ Default module configuration files and site-specific
+ configuration files are loaded from the
+ /etc/httpd/conf.d/ directory. Only files
+ with a suffix will be loaded. The
+ following files are provided:
+
+
+
+ /etc/httpd/conf.d/userdir.conf
+ This file gives an example configuration for
+ to map URLs such as
+ to
+ /home/jim/public_html/. Userdir mapping
+ is disabled by default.
+
+
+
+ /etc/httpd/conf.d/autoindex.conf
+ This file provides the default configuration
+ for which generates HTML
+ directory listings when enabled. It also makes file icon
+ image files available at the
+ URL-path.
+
+
+
+ /etc/httpd/conf.d/welcome.conf
+ This file enables a "welcome page" at
+ if no content is present
+ in the default documentation root
+ /var/www/html.
+
+
+
+ /etc/httpd/conf.d/ssl.conf (present only if is installed)
+ This file configures a TLS
+ listening on port
+ . If the default configuration is used,
+ the referenced test certificate and private key are
+ generated the first time httpd.service is
+ started; see
+ httpd-init.service8
+ for more information.
+
+
+
+
+
+
+ Instantiated services
+
+ As an alternative to (or in addition to) the
+ httpd.service unit, the instantiated template
+ service httpd@.service unit file can be used,
+ which starts httpd using a different
+ configuration file to the default. For example,
+ systemctl start httpd@foobar.service will
+ start httpd using the configuration file
+ /etc/httpd/conf/foobar.conf. See httpd@.service8 for more information.
+
+
+
+
+ Files
+
+
+ /etc/httpd/conf/httpd.conf,
+ /etc/httpd/conf.d,
+ /etc/httpd/conf.modules.d
+
+
+
+
+ See also
+
+
+ httpd8,
+ httpd.service8,
+ ,
+
+
+
+
+
+
+
diff --git a/SPECS/httpd.logrotate b/SPECS/httpd.logrotate
new file mode 100644
index 0000000..28c9730
--- /dev/null
+++ b/SPECS/httpd.logrotate
@@ -0,0 +1,9 @@
+/var/log/httpd/*log {
+ missingok
+ notifempty
+ sharedscripts
+ delaycompress
+ postrotate
+ /bin/systemctl reload httpd.service > /dev/null 2>/dev/null || true
+ endscript
+}
diff --git a/SPECS/httpd.service b/SPECS/httpd.service
new file mode 100644
index 0000000..6ff4e8b
--- /dev/null
+++ b/SPECS/httpd.service
@@ -0,0 +1,32 @@
+# See httpd.service(8) for more information on using the httpd service.
+
+# Modifying this file in-place is not recommended, because changes
+# will be overwritten during package upgrades. To customize the
+# behaviour, run "systemctl edit httpd" to create an override unit.
+
+# For example, to pass additional options (such as -D definitions) to
+# the httpd binary at startup, create an override unit (as is done by
+# systemctl edit) and enter the following:
+
+# [Service]
+# Environment=OPTIONS=-DMY_DEFINE
+
+[Unit]
+Description=The Apache HTTP Server
+Wants=httpd-init.service
+After=network.target remote-fs.target nss-lookup.target httpd-init.service
+Documentation=man:httpd.service(8)
+
+[Service]
+Type=notify
+Environment=LANG=C
+
+ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND
+ExecReload=/usr/sbin/httpd $OPTIONS -k graceful
+# Send SIGWINCH for graceful stop
+KillSignal=SIGWINCH
+KillMode=mixed
+PrivateTmp=true
+
+[Install]
+WantedBy=multi-user.target
diff --git a/SPECS/httpd.service.xml b/SPECS/httpd.service.xml
new file mode 100644
index 0000000..b2c72dd
--- /dev/null
+++ b/SPECS/httpd.service.xml
@@ -0,0 +1,332 @@
+
+
+
+
+
+
+ httpd systemd units
+ httpd
+ AuthorOrtonJoejorton@redhat.com
+
+
+
+ httpd.service
+ 8
+
+
+
+ httpd.service
+ httpd@.service
+ httpd.socket
+ httpd-init.service
+ httpd unit files for systemd
+
+
+
+
+ /usr/lib/systemd/system/httpd.service,
+ /usr/lib/systemd/system/httpd@.service,
+ /usr/lib/systemd/system/httpd-init.service,
+ /usr/lib/systemd/system/httpd.socket
+
+
+
+
+ Description
+
+ This manual page describes the systemd
+ unit files used to integrate the httpd daemon
+ with systemd. Two main unit files are
+ available: httpd.service allows the
+ httpd daemon to be run as a system service, and
+ httpd.socket allows httpd to be started via
+ socket-based activation. Most systems will use
+ httpd.service.
+
+ The apachectl command has been modified
+ to invoke systemctl for most uses, so for
+ example, running apachectl start is equivalent
+ to running systemctl start httpd.service. This
+ ensures that the running httpd daemon is tracked and managed by
+ systemd. In contrast, running
+ httpd directly from a root shell will start the
+ service outside of systemd; in this case,
+ default security restrictions described below (including, but not
+ limited to, SELinux) will not be enforced.
+
+
+ Changing default behaviour
+
+ To change the default behaviour of the httpd service, an
+ over-ride file should be created, rather
+ than changing
+ /usr/lib/systemd/system/httpd.service
+ directly, since such changes would be lost over package
+ upgrades. Running systemctl edit
+ httpd.service or systemctl edit
+ httpd.socket as root will create a drop-in file (in
+ the former case, in
+ /etc/systemd/system/httpd.service.d) which
+ over-rides the system defaults.
+
+ For example, to set the
+ environment variable for the daemon, run systemctl edit
+ httpd.service and enter:
+
+ [Service]
+Environment=LD_LIBRARY_PATH=/opt/vendor/lib
+
+
+
+ Starting the service at boot time
+
+ The httpd.service and httpd.socket units are
+ disabled by default. To start the httpd
+ service at boot time, run: systemctl enable
+ httpd.service. In the default configuration, the
+ httpd daemon will accept connections on port 80 (and, if mod_ssl
+ is installed, TLS connections on port 443) for any configured
+ IPv4 or IPv6 address.
+
+ If httpd is configured to depend on any specific IP
+ address (for example, with a "Listen" directive) which may only
+ become available during start-up, or if httpd depends on other
+ services (such as a database daemon), the service
+ must be configured to ensure correct
+ start-up ordering.
+
+ For example, to ensure httpd is only running after all
+ configured network interfaces are configured, create a drop-in
+ file (as described above) with the following section:
+
+ [Unit]
+After=network-online.target
+Wants=network-online.target
+
+ See
+ for more information on start-up ordering with systemd.
+
+
+
+
+ SSL/TLS certificate generation
+
+ The httpd-init.service unit is provided
+ with the mod_ssl package. This oneshot unit automatically
+ creates a TLS server certificate and key (using a generated
+ self-signed CA certificate and key) for testing purposes before
+ httpd is started. To inhibit certificate generation, use
+ systemctl mask httpd-init.service after
+ installing mod_ssl, and adjust the mod_ssl configuration to use
+ an appropriate certificate and key.
+
+
+
+
+ Reloading and stopping the service
+
+ When running systemctl reload
+ httpd.service, a graceful
+ restart is used, which sends a signal to the httpd parent
+ process to reload the configuration and re-open log files. Any
+ children with open connections at the time of reload will
+ terminate only once they have completed serving requests. This
+ prevents users of the server seeing errors (or potentially
+ losing data) due to the reload, but means some there is some
+ delay before any configuration changes take effect for all
+ users.
+
+ Similarly, a graceful stop is used
+ when systemctl stop httpd.service is run,
+ which terminates the server only once active connections have
+ been processed.
+
+ To "ungracefully" stop the server without waiting for
+ requests to complete, use systemctl kill
+ --kill-who=main httpd; similarly to "ungracefully"
+ reload the configuration, use systemctl kill
+ --kill-who=main --signal=HUP httpd.
+
+
+
+ Automated service restarts
+
+ System packages (including the httpd package itself) may
+ restart the httpd service automatically after packages are
+ upgraded, installed, or removed. This is done using the
+ systemctl reload httpd.service, which
+ produces a graceful restart by default as
+ described above.
+
+ To suppress automatic reloads entirely, create the file
+ /etc/sysconfig/httpd-disable-posttrans.
+
+
+
+ Changing the default MPM (Multi-Processing Module)
+
+ httpd offers a choice of multi-processing modules (MPMs),
+ which can be configured in
+ /etc/httpd/conf.modules.d/00-mpm.conf.
+ See
+ httpd.conf5
+ for more information on changing the MPM.
+
+
+
+ systemd integration and mod_systemd
+
+ The httpd service uses the systemd
+ service type. The mod_systemd module must be
+ loaded (as in the default configuration) for this to work
+ correctly - the service will fail if this module is not
+ loaded. mod_systemd also makes worker and
+ request statistics available when running systemctl status
+ httpd. See
+ systemd.exec5
+ for more information on systemd service types.
+
+
+
+ Security and SELinux
+
+ The default SELinux policy restricts the httpd service in
+ various ways. For example, the default policy limits the ports
+ to which httpd can bind (using the Listen
+ directive), which parts of the filesystem can be accessed, and
+ whether outgoing TCP connections are possible. Many of these
+ restrictions can be relaxed or adjusted by using
+ semanage to change booleans or other
+ types. See
+ httpd_selinux8
+ for more information.
+
+ The httpd service enables PrivateTmp
+ by default. The /tmp and
+ /var/tmp directories available within the
+ httpd process (and CGI scripts, etc) are not shared by other
+ processes. See
+ systemd.exec5
+ for more information.
+
+
+
+
+ Socket activation
+
+ Socket activation (see
+ systemd.socket5
+ for more information) can be used with httpd
+ by enabling the httpd.socket unit. The
+ httpd listener configuration must exactly
+ match the ListenStream options configured for
+ the httpd.socket unit. The default
+ httpd.socket has a
+ ListenStream=80 and, if mod_ssl is installed,
+ ListenStream=443 by a drop-in file. If
+ additional Listen directives are added to the
+ httpd configuration, corresponding
+ ListenStream options should be added via
+ drop-in files, for example via systemctl edit
+ httpd.socket.
+
+ If using socket activation with httpd, only one listener
+ on any given TCP port is supported; a configuration with both
+ "Listen 127.0.0.1:80" and "Listen
+ 192.168.1.2:80" will not work.
+
+
+
+ Instantiated services
+
+ The httpd@.service unit is an
+ instantiated template service. An instance of this unit will be
+ started using the configuration file
+ /etc/httpd/conf/INSTANCE.conf, where
+ INSTANCE is replaced with the instance
+ name. For example, systemctl start
+ httpd@foobar.service will start httpd using the
+ configuration file
+ /etc/httpd/conf/foobar.conf. The
+ environment variable is set to
+ the instance name by the unit and is available for use within
+ the configuration file.
+
+ To allow multiple instances of httpd to run
+ simultaneously, a number of configuration directives must be
+ changed, such as PidFile and
+ DefaultRuntimeDir to pick non-conflicting
+ paths, and Listen to choose different ports.
+ The example configuration file
+ /usr/share/doc/httpd/instance.conf
+ demonstrates how to make such changes using
+ variable.
+
+ It can be useful to configure instances of
+ httpd@.service to reload when
+ httpd.service is reloaded; for example,
+ logrotate will reload only
+ httpd.service when logs are rotated. If this
+ behaviour is required, create a drop-in file for the instance as
+ follows:
+
+ [Unit]
+ReloadPropagatedFrom=httpd.service
+
+ As with normal units, drop-in files for instances can be created
+ using systemctl edit, e.g. systemctl edit
+ httpd@foobar.service.
+
+
+
+
+
+ Files
+
+ /usr/lib/systemd/system/httpd.service,
+ /usr/lib/systemd/system/httpd.socket,
+ /usr/lib/systemd/system/httpd@.service,
+ /etc/systemd/systemd/httpd.service.d
+
+
+
+ See also
+
+
+ httpd8,
+ httpd.conf5,
+ systemd1,
+ systemctl1,
+ systemd.service5,
+ systemd.exec5,
+ systemd.socket5,
+ httpd_selinux8,
+ semanage8
+
+
+
+
+
+
diff --git a/SPECS/httpd.socket b/SPECS/httpd.socket
new file mode 100644
index 0000000..074695e
--- /dev/null
+++ b/SPECS/httpd.socket
@@ -0,0 +1,13 @@
+# See httpd.socket(8) for more information on using the httpd service.
+
+[Unit]
+Description=Apache httpd Server Socket
+Documentation=man:httpd.socket(8)
+
+[Socket]
+ListenStream=80
+NoDelay=true
+DeferAcceptSec=30
+
+[Install]
+WantedBy=sockets.target
diff --git a/SPECS/httpd.tmpfiles b/SPECS/httpd.tmpfiles
new file mode 100644
index 0000000..f148886
--- /dev/null
+++ b/SPECS/httpd.tmpfiles
@@ -0,0 +1,2 @@
+d /run/httpd 710 root apache
+d /run/httpd/htcacheclean 700 apache apache
diff --git a/SPECS/httpd@.service b/SPECS/httpd@.service
new file mode 100644
index 0000000..c58ae88
--- /dev/null
+++ b/SPECS/httpd@.service
@@ -0,0 +1,23 @@
+# This is a template for httpd instances.
+# See httpd@.service(8) for more information.
+
+[Unit]
+Description=The Apache HTTP Server
+After=network.target remote-fs.target nss-lookup.target
+Documentation=man:httpd@.service(8)
+
+[Service]
+Type=notify
+Environment=LANG=C
+Environment=HTTPD_INSTANCE=%i
+ExecStartPre=/bin/mkdir -m 710 -p /run/httpd/instance-%i
+ExecStartPre=/bin/chown root.apache /run/httpd/instance-%i
+ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND -f conf/%i.conf
+ExecReload=/usr/sbin/httpd $OPTIONS -k graceful -f conf/%i.conf
+# Send SIGWINCH for graceful stop
+KillSignal=SIGWINCH
+KillMode=mixed
+PrivateTmp=true
+
+[Install]
+WantedBy=multi-user.target
diff --git a/SPECS/instance.conf b/SPECS/instance.conf
new file mode 100644
index 0000000..f2b03f7
--- /dev/null
+++ b/SPECS/instance.conf
@@ -0,0 +1,23 @@
+#
+# This is an example instance-specific configuration file. See the
+# httpd.service(8) man page for detailed information on using the
+# the httpd@.service with instances.
+#
+# To use this example, copy instance.conf to /etc/httpd/conf/foobar.conf
+# This config will then used as the default configuration when
+# running:
+#
+# # systemctl start httpd@foobar.service
+#
+# The changes compared to the default are:
+# - DefaultRuntime and Pidfile renamed to be instance-specific
+# - default logfile names are prefixed with the instance name
+# - /etc/httpd/conf.d is NOT included by default (conf.modules.d still is)
+#
+# Further customisations will be required for an instance to run
+# simultaneously to httpd.service under the default configuration,
+# e.g. changing the port used with Listen.
+#
+
+DefaultRuntimeDir /run/httpd/instance-${HTTPD_INSTANCE}
+PidFile /run/httpd/instance-${HTTPD_INSTANCE}.pid
diff --git a/SPECS/manual.conf b/SPECS/manual.conf
new file mode 100644
index 0000000..133652b
--- /dev/null
+++ b/SPECS/manual.conf
@@ -0,0 +1,13 @@
+#
+# This configuration file allows the manual to be accessed at
+# http://localhost/manual/
+#
+Alias /manual /usr/share/httpd/manual
+
+
+ Options Indexes
+ AllowOverride None
+ Require all granted
+
+ RedirectMatch 301 ^/manual/(?:da|de|en|es|fr|ja|ko|pt-br|ru|tr|zh-cn)(/.*)$ "/manual$1"
+
diff --git a/SPECS/ssl.conf b/SPECS/ssl.conf
new file mode 100644
index 0000000..d28adf3
--- /dev/null
+++ b/SPECS/ssl.conf
@@ -0,0 +1,203 @@
+#
+# When we also provide SSL we have to listen to the
+# standard HTTPS port in addition.
+#
+Listen 443 https
+
+##
+## SSL Global Context
+##
+## All SSL configuration in this context applies both to
+## the main server and all SSL-enabled virtual hosts.
+##
+
+# Pass Phrase Dialog:
+# Configure the pass phrase gathering process.
+# The filtering dialog program (`builtin' is a internal
+# terminal dialog) has to provide the pass phrase on stdout.
+SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
+
+# Inter-Process Session Cache:
+# Configure the SSL Session Cache: First the mechanism
+# to use and second the expiring timeout (in seconds).
+SSLSessionCache shmcb:/run/httpd/sslcache(512000)
+SSLSessionCacheTimeout 300
+
+#
+# Use "SSLCryptoDevice" to enable any supported hardware
+# accelerators. Use "openssl engine -v" to list supported
+# engine names. NOTE: If you enable an accelerator and the
+# server does not start, consult the error logs and ensure
+# your accelerator is functioning properly.
+#
+SSLCryptoDevice builtin
+#SSLCryptoDevice ubsec
+
+##
+## SSL Virtual Host Context
+##
+
+
+
+# General setup for the virtual host, inherited from global configuration
+#DocumentRoot "/var/www/html"
+#ServerName www.example.com:443
+
+# Use separate log files for the SSL virtual host; note that LogLevel
+# is not inherited from httpd.conf.
+ErrorLog logs/ssl_error_log
+TransferLog logs/ssl_access_log
+LogLevel warn
+
+# SSL Engine Switch:
+# Enable/Disable SSL for this virtual host.
+SSLEngine on
+
+# List the protocol versions which clients are allowed to connect with.
+# The OpenSSL system profile is used by default. See
+# update-crypto-policies(8) for more details.
+#SSLProtocol all -SSLv3
+#SSLProxyProtocol all -SSLv3
+
+# User agents such as web browsers are not configured for the user's
+# own preference of either security or performance, therefore this
+# must be the prerogative of the web server administrator who manages
+# cpu load versus confidentiality, so enforce the server's cipher order.
+SSLHonorCipherOrder on
+
+# SSL Cipher Suite:
+# List the ciphers that the client is permitted to negotiate.
+# See the mod_ssl documentation for a complete list.
+# The OpenSSL system profile is configured by default. See
+# update-crypto-policies(8) for more details.
+SSLCipherSuite PROFILE=SYSTEM
+SSLProxyCipherSuite PROFILE=SYSTEM
+
+# Point SSLCertificateFile at a PEM encoded certificate. If
+# the certificate is encrypted, then you will be prompted for a
+# pass phrase. Note that restarting httpd will prompt again. Keep
+# in mind that if you have both an RSA and a DSA certificate you
+# can configure both in parallel (to also allow the use of DSA
+# ciphers, etc.)
+# Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt)
+# require an ECC certificate which can also be configured in
+# parallel.
+SSLCertificateFile /etc/pki/tls/certs/localhost.crt
+
+# Server Private Key:
+# If the key is not combined with the certificate, use this
+# directive to point at the key file. Keep in mind that if
+# you've both a RSA and a DSA private key you can configure
+# both in parallel (to also allow the use of DSA ciphers, etc.)
+# ECC keys, when in use, can also be configured in parallel
+SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
+
+# Server Certificate Chain:
+# Point SSLCertificateChainFile at a file containing the
+# concatenation of PEM encoded CA certificates which form the
+# certificate chain for the server certificate. Alternatively
+# the referenced file can be the same as SSLCertificateFile
+# when the CA certificates are directly appended to the server
+# certificate for convenience.
+#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
+
+# Certificate Authority (CA):
+# Set the CA certificate verification path where to find CA
+# certificates for client authentication or alternatively one
+# huge file containing all of them (file must be PEM encoded)
+#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
+
+# Client Authentication (Type):
+# Client certificate verification type and depth. Types are
+# none, optional, require and optional_no_ca. Depth is a
+# number which specifies how deeply to verify the certificate
+# issuer chain before deciding the certificate is not valid.
+#SSLVerifyClient require
+#SSLVerifyDepth 10
+
+# Access Control:
+# With SSLRequire you can do per-directory access control based
+# on arbitrary complex boolean expressions containing server
+# variable checks and other lookup directives. The syntax is a
+# mixture between C and Perl. See the mod_ssl documentation
+# for more details.
+#
+#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
+# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+#
+
+# SSL Engine Options:
+# Set various options for the SSL engine.
+# o FakeBasicAuth:
+# Translate the client X.509 into a Basic Authorisation. This means that
+# the standard Auth/DBMAuth methods can be used for access control. The
+# user name is the `one line' version of the client's X.509 certificate.
+# Note that no password is obtained from the user. Every entry in the user
+# file needs this password: `xxj31ZMTZzkVA'.
+# o ExportCertData:
+# This exports two additional environment variables: SSL_CLIENT_CERT and
+# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+# server (always existing) and the client (only existing when client
+# authentication is used). This can be used to import the certificates
+# into CGI scripts.
+# o StdEnvVars:
+# This exports the standard SSL/TLS related `SSL_*' environment variables.
+# Per default this exportation is switched off for performance reasons,
+# because the extraction step is an expensive operation and is usually
+# useless for serving static content. So one usually enables the
+# exportation for CGI and SSI requests only.
+# o StrictRequire:
+# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
+# under a "Satisfy any" situation, i.e. when it applies access is denied
+# and no other module can change it.
+# o OptRenegotiate:
+# This enables optimized SSL connection renegotiation handling when SSL
+# directives are used in per-directory context.
+#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+
+ SSLOptions +StdEnvVars
+
+
+ SSLOptions +StdEnvVars
+
+
+# SSL Protocol Adjustments:
+# The safe and default but still SSL/TLS standard compliant shutdown
+# approach is that mod_ssl sends the close notify alert but doesn't wait for
+# the close notify alert from client. When you need a different shutdown
+# approach you can use one of the following variables:
+# o ssl-unclean-shutdown:
+# This forces an unclean shutdown when the connection is closed, i.e. no
+# SSL close notify alert is sent or allowed to be received. This violates
+# the SSL/TLS standard but is needed for some brain-dead browsers. Use
+# this when you receive I/O errors because of the standard approach where
+# mod_ssl sends the close notify alert.
+# o ssl-accurate-shutdown:
+# This forces an accurate shutdown when the connection is closed, i.e. a
+# SSL close notify alert is sent and mod_ssl waits for the close notify
+# alert of the client. This is 100% SSL/TLS standard compliant, but in
+# practice often causes hanging connections with brain-dead browsers. Use
+# this only for browsers where you know that their SSL implementation
+# works correctly.
+# Notice: Most problems of broken clients are also related to the HTTP
+# keep-alive facility, so you usually additionally want to disable
+# keep-alive for those clients, too. Use variable "nokeepalive" for this.
+# Similarly, one has to force some clients to use HTTP/1.0 to workaround
+# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+# "force-response-1.0" for this.
+BrowserMatch "MSIE [2-5]" \
+ nokeepalive ssl-unclean-shutdown \
+ downgrade-1.0 force-response-1.0
+
+# Per-Server Logging:
+# The home of a custom SSL log file. Use this when you want a
+# compact non-error SSL logfile on a virtual host basis.
+CustomLog logs/ssl_request_log \
+ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+
+
diff --git a/SPECS/userdir.conf b/SPECS/userdir.conf
new file mode 100644
index 0000000..b5d7a49
--- /dev/null
+++ b/SPECS/userdir.conf
@@ -0,0 +1,36 @@
+#
+# UserDir: The name of the directory that is appended onto a user's home
+# directory if a ~user request is received.
+#
+# The path to the end user account 'public_html' directory must be
+# accessible to the webserver userid. This usually means that ~userid
+# must have permissions of 711, ~userid/public_html must have permissions
+# of 755, and documents contained therein must be world-readable.
+# Otherwise, the client will only receive a "403 Forbidden" message.
+#
+
+ #
+ # UserDir is disabled by default since it can confirm the presence
+ # of a username on the system (depending on home directory
+ # permissions).
+ #
+ UserDir disabled
+
+ #
+ # To enable requests to /~user/ to serve the user's public_html
+ # directory, remove the "UserDir disabled" line above, and uncomment
+ # the following line instead:
+ #
+ #UserDir public_html
+
+
+#
+# Control access to UserDir directories. The following is an example
+# for a site where these directories are restricted to read-only.
+#
+
+ AllowOverride FileInfo AuthConfig Limit Indexes
+ Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
+ Require method GET POST OPTIONS
+
+
diff --git a/SPECS/welcome.conf b/SPECS/welcome.conf
new file mode 100644
index 0000000..44d6a56
--- /dev/null
+++ b/SPECS/welcome.conf
@@ -0,0 +1,30 @@
+#
+# This configuration file enables the default "Welcome" page if there
+# is no default index page present for the root URL. To disable the
+# Welcome page, comment out all the lines below.
+#
+# NOTE: if this file is removed, it will be restored on upgrades.
+#
+
+ Options -Indexes
+ ErrorDocument 403 /noindex/index.html
+
+
+
+ Options MultiViews
+ DirectoryIndex index.html
+
+ AddLanguage en-US .en-US
+ AddLanguage es-ES .es-ES
+ AddLanguage zh-CN .zh-CN
+ AddLanguage zh-HK .zh-HK
+ AddLanguage zh-TW .zh-TW
+
+ LanguagePriority en
+ ForceLanguagePriority Fallback
+
+ AllowOverride None
+ Require all granted
+
+
+Alias /noindex /usr/share/httpd/noindex