# Apache httpd target sidecar — Bundle 10 of the 2026-05-02 deployment-target audit.
#
# Self-contained httpd.conf that the httpd:2.4-alpine image will use as its
# main configuration. Loads the minimum module set required for an HTTPS
# server + serves a single SSL-enabled vhost backed by the starter cert
# written by target-tls-init.

ServerRoot "/usr/local/apache2"
Listen 443

# Module set is the minimum required for the SSL vhost below + the
# directives Apache parses elsewhere in its bootstrap.
LoadModule mpm_event_module modules/mod_mpm_event.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule filter_module modules/mod_filter.so
LoadModule mime_module modules/mod_mime.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule headers_module modules/mod_headers.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule dir_module modules/mod_dir.so
LoadModule alias_module modules/mod_alias.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so

User daemon
Group daemon

ServerName apache-target
ServerAdmin loadtest@certctl.local

# Quiet log so the run log stays diff-able. Errors still go to stderr
# (/proc/self/fd/2) so docker compose logs surfaces them on startup
# failure.
ErrorLog /proc/self/fd/2
LogLevel warn

DocumentRoot "/usr/local/apache2/htdocs"

# Bundle 10: starter cert+key from target-tls-init's shared volume.
SSLEngine On
SSLCertificateFile     /usr/local/apache2/conf/certs/target.crt
SSLCertificateKeyFile  /usr/local/apache2/conf/certs/target.key
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite HIGH:!aNULL:!MD5
SSLHonorCipherOrder on

<Directory "/usr/local/apache2/htdocs">
    AllowOverride None
    Require all granted
</Directory>

# Quiet response — the loadtest scenarios only care that the handshake
# completes. The body content is irrelevant.
<Location />
    Require all granted
</Location>