apache: Redirect all logs to systemd journal

- Redirect with separate identifiers so that they can retrieved separately.

- Enable virtual host log format that include name of the domain accessed so
that that information is preserved.

- There is no need to increment the apache app's version number as it has been
incremented earlier in the patch series (for this release).

Tests:

- In a fresh container, setup succeeds. Default apache sites 000-default.conf
and default-ssl.conf are disabled. freedombox-default.conf is enabled. Apache
access logs and error logs are sent to systemd journal.

- Without the patch applied, create a container. Run setup and access Plinth
interface. Apply the patches. Apache setup is run. a2query -s default and
a2query -s 000-default show that sites are not enabled. a2query -s
freedombox-default shows that site is enabled. Apache access logs and error logs
are sent to systemd journal.

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>

actions/apache

@@ -168,11 +168,12 @@ def subcommand_setup(arguments):
         webserver.enable('javascript-common', kind='config')
 
         # default sites
-        webserver.enable('000-default', kind='site')
+        webserver.disable('000-default', kind='site')
         webserver.disable('default-tls', kind='site')
-        webserver.enable('default-ssl', kind='site')
+        webserver.disable('default-ssl', kind='site')
         webserver.disable('plinth', kind='site')
         webserver.disable('plinth-ssl', kind='site')
+        webserver.enable('freedombox-default', kind='site')
 
 
 # TODO: Check that the (name, kind) is a managed by FreedomBox before

data/etc/apache2/conf-available/freedombox.conf

@@ -129,3 +129,20 @@ RedirectMatch "^/$" "/plinth"
 <IfModule mod_deflate.c>
   AddOutputFilterByType DEFLATE image/svg+xml
 </IfModule>
+
+##
+## Send all logs to systemd journal by default. This may be overridden per host
+## in <VirtualHost>. With all system logs in journald, it is possible to turn
+## off persistent logging to improve SD card lifetime and performance. It is
+## also easy to improve privacy by turning off logging altogether.
+##
+## - To obtain the old style access log run the following command (note that the
+## first field is the name of the virtual host accessed as Apache format logged
+## is vhost_combined):
+##   journalctl --identifier apache-access --output cat > access.log
+##
+## - To obtain the old style error log run the following command:
+##   journalctl --identifier apache-error --output cat > error.log
+##
+ErrorLog "|/usr/bin/systemd-cat --identifier=apache-error"
+CustomLog "|/usr/bin/systemd-cat --identifier=apache-access" vhost_combined

data/etc/apache2/sites-available/freedombox-default.conf

@@ -0,0 +1,35 @@
+## SPDX-License-Identifier: AGPL-3.0-or-later
+##
+## DO NOT EDIT. If you do, FreedomBox will not automatically upgrade.
+##
+## Apache configuration managed by FreedomBox. If customization is needed,
+## create a new configuration file with higher priority and override directives.
+##
+## Default apache sites default.conf and 000-default-ssl.conf will be disabled
+## for the sake of the following configuration. This is primarily to override
+## the logging directives (to allow default values to prevail).
+##
+
+# Keep this in sync with apache default 000-default.conf
+<VirtualHost *:80>
+    ServerAdmin webmaster@localhost
+    DocumentRoot /var/www/html
+</VirtualHost>
+
+# Keep this in sync with apache default default-ssl.conf
+<IfModule mod_ssl.c>
+    <VirtualHost _default_:443>
+        ServerAdmin webmaster@localhost
+        DocumentRoot /var/www/html
+
+        SSLEngine on
+        SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
+        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+        <FilesMatch "\.(?:cgi|shtml|phtml|php)$">
+            SSLOptions +StdEnvVars
+        </FilesMatch>
+        <Directory /usr/lib/cgi-bin>
+            SSLOptions +StdEnvVars
+        </Directory>
+    </VirtualHost>
+</IfModule>