apr 19 update

2022-04-19 13:38:56 -07:00
parent a0a9496aef
commit 18dd3d9761
208 changed files with 12435 additions and 1112 deletions
--- a/jails/config/cloud/config.php
+++ b/jails/config/cloud/config.php
@ -0,0 +1,51 @@
+<?php
+$CONFIG = array (
+  'passwordsalt' => '5OBfApfc/+tJzU/4n+F8e+PzOfAStP',
+  'secret' => 'IFX9kjXwOk4L21503pLACwa2Dadv9JzHNSu8XsnTogmwb5Tr',
+  'trusted_domains' => 
+  array (
+    0 => 'localhost',
+    1 => 'cloud.ahlawat.com',
+    2 => '192.168.0.59',
+    3 => 'fd01::59',
+  ),
+  'datadirectory' => '/mnt/cloud',
+  'overwrite.cli.url' => 'https://cloud.ahlawat.com/',
+  'dbtype' => 'mysql',
+  'version' => '21.0.3.1',
+  'dbname' => 'nextcloud',
+  'dbhost' => 'db.ahlawat.com',
+  'dbport' => '3306',
+  'dbtableprefix' => 'oc_',
+  'mysql.utf8mb4' => true,
+  'dbuser' => 'nextcloud',
+  'dbpassword' => 'mysql__nextcloud',
+  'installed' => true,
+  'instanceid' => 'oc7suxvjiy9s',
+  'htaccess.RewriteBase' => '/',
+  'filelocking.enabled' => 'true',
+  'memcache.locking' => '\\OC\\Memcache\\Redis',
+  'redis' => 
+  array (
+    'host' => '/tmp/redis.sock',
+    'port' => 0,
+  ),
+  'logtimezone' => 'America/Los_Angeles',
+  'default_phone_region' => 'US',
+  'log_type' => 'file',
+  'logfile' => '/var/log/nextcloud.log',
+  'loglevel' => 0,
+  'logrotate_size' => '104847600',
+  'ldapIgnoreNamingRules' => false,
+  'ldapProviderFactory' => '\\OCA\\User_LDAP\\LDAPProviderFactory',
+  'mail_smtpmode' => 'smtp',
+  'mail_from_address' => 'nobody',
+  'mail_domain' => 'ahlawat.com',
+  'mail_smtphost' => '192.168.0.100',
+  'mail_smtpport' => '25',
+  'maintenance' => false,
+  'theme' => '',
+  'encryption.legacy_format_support' => false,
+  'encryption.key_storage_migrated' => false,
+  'updater.secret' => '$2y$10$jAnC4Ha3RI2CL.IlhYluSeeOuKMT4itq/ViSiH1Q9DciUXfB3YSYS',
+);
--- a/jails/config/cloud/config.php.20
+++ b/jails/config/cloud/config.php.20
@ -0,0 +1,51 @@
+<?php
+$CONFIG = array (
+  'passwordsalt' => '5OBfApfc/+tJzU/4n+F8e+PzOfAStP',
+  'secret' => 'IFX9kjXwOk4L21503pLACwa2Dadv9JzHNSu8XsnTogmwb5Tr',
+  'trusted_domains' => 
+  array (
+    0 => 'localhost',
+    1 => 'cloud.ahlawat.com',
+    2 => '192.168.0.59',
+    3 => 'fd01::59',
+  ),
+  'datadirectory' => '/mnt/cloud',
+  'overwrite.cli.url' => 'https://cloud.ahlawat.com/',
+  'dbtype' => 'mysql',
+  'version' => '21.0.3.1',
+  'dbname' => 'nextcloud',
+  'dbhost' => 'db.ahlawat.com',
+  'dbport' => '3306',
+  'dbtableprefix' => 'oc_',
+  'mysql.utf8mb4' => true,
+  'dbuser' => 'nextcloud',
+  'dbpassword' => 'mysql__nextcloud',
+  'installed' => true,
+  'instanceid' => 'oc7suxvjiy9s',
+  'htaccess.RewriteBase' => '/',
+  'filelocking.enabled' => 'true',
+  'memcache.local' => '\\OC\\Memcache\\APCu',
+  'memcache.locking' => '\\OC\\Memcache\\Redis',
+  'redis' => 
+  array (
+    'host' => '/tmp/redis.sock',
+    'port' => 0,
+  ),
+  'logtimezone' => 'America/Los_Angeles',
+  'log_type' => 'file',
+  'logfile' => '/var/log/nextcloud.log',
+  'loglevel' => 0,
+  'logrotate_size' => '104847600',
+  'ldapIgnoreNamingRules' => false,
+  'ldapProviderFactory' => '\\OCA\\User_LDAP\\LDAPProviderFactory',
+  'mail_smtpmode' => 'smtp',
+  'mail_from_address' => 'nobody',
+  'mail_domain' => 'ahlawat.com',
+  'mail_smtphost' => '192.168.0.100',
+  'mail_smtpport' => '25',
+  'maintenance' => false,
+  'theme' => '',
+  'encryption.legacy_format_support' => false,
+  'encryption.key_storage_migrated' => false,
+  'updater.secret' => '$2y$10$jAnC4Ha3RI2CL.IlhYluSeeOuKMT4itq/ViSiH1Q9DciUXfB3YSYS',
+);
--- a/jails/config/cloud/httpd.conf
+++ b/jails/config/cloud/httpd.conf
@ -49,7 +49,7 @@ ServerRoot "/usr/local"
 # prevent Apache from glomming onto all bound IP addresses.
 #
 #Listen 12.34.56.78:80
-Listen 80
+#Listen 80

 #
 # Dynamic Shared Object (DSO) Support
@ -108,7 +108,7 @@ LoadModule filter_module libexec/apache24/mod_filter.so
 #LoadModule substitute_module libexec/apache24/mod_substitute.so
 #LoadModule sed_module libexec/apache24/mod_sed.so
 #LoadModule charset_lite_module libexec/apache24/mod_charset_lite.so
-#LoadModule deflate_module libexec/apache24/mod_deflate.so
+LoadModule deflate_module libexec/apache24/mod_deflate.so
 #LoadModule xml2enc_module libexec/apache24/mod_xml2enc.so
 #LoadModule proxy_html_module libexec/apache24/mod_proxy_html.so
 LoadModule mime_module libexec/apache24/mod_mime.so
@ -119,7 +119,7 @@ LoadModule log_config_module libexec/apache24/mod_log_config.so
 LoadModule env_module libexec/apache24/mod_env.so
 #LoadModule mime_magic_module libexec/apache24/mod_mime_magic.so
 #LoadModule cern_meta_module libexec/apache24/mod_cern_meta.so
-#LoadModule expires_module libexec/apache24/mod_expires.so
+LoadModule expires_module libexec/apache24/mod_expires.so
 LoadModule headers_module libexec/apache24/mod_headers.so
 #LoadModule usertrack_module libexec/apache24/mod_usertrack.so
 #LoadModule unique_id_module libexec/apache24/mod_unique_id.so
@ -178,7 +178,6 @@ LoadModule dir_module libexec/apache24/mod_dir.so
 #LoadModule userdir_module libexec/apache24/mod_userdir.so
 LoadModule alias_module libexec/apache24/mod_alias.so
 LoadModule rewrite_module libexec/apache24/mod_rewrite.so
-#LoadModule php7_module        libexec/apache24/libphp7.so

 # Third party modules
 IncludeOptional etc/apache24/modules.d/[0-9][0-9][0-9]_*.conf
@ -223,7 +222,7 @@ ServerAdmin sharad@ahlawat.com
 #
 # If your host doesn't have a registered DNS name, enter its IP address here.
 #
-#ServerName www.example.com:80
+ServerName cloud.ahlawat.com

 #
 # Deny access to the entirety of your server's filesystem. You must
@ -250,9 +249,10 @@ ServerAdmin sharad@ahlawat.com
 DocumentRoot "/usr/local/www/apache24/data"
 <Directory "/usr/local/www/apache24/data">

-  RewriteEngine on
-  RewriteRule ^/\.well-known/ - [L]
-  RewriteRule (.*) https://cloud.ahlawat.com [R,L]
+# can't set this if traffic is passing through haproxy and being redirected to ssl already
+#  RewriteEngine on
+#  RewriteRule ^/\.well-known/ - [L]
+#  RewriteRule (.*) https://cloud.ahlawat.com [R,L]

    #
    # Possible values for the Options directive are "None", "All",
@ -554,27 +554,25 @@ Include etc/apache24/Includes/*.conf
 <VirtualHost *:443>
    ServerName cloud.ahlawat.com
    ServerAlias *.ahlawat.com
-    ServerAlias cloud

-    Protocols h2 h2c http/1.1
+    Protocols h2 http/1.1

    DocumentRoot "/usr/local/www/apache24/data/nextcloud/"
-    DirectoryIndex /index.php index.php

    SSLEngine on
    SSLCertificateFile "/mnt/certs/fullchain.pem"
    SSLCertificateKeyFile "/mnt/certs/privkey.pem"
    #SSLCertificateChainFile "/mnt/certs/fullchain.pem"
    SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
-    SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
-    SSLHonorCipherOrder on
-    SSLCompression off
+    SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+    SSLHonorCipherOrder off
    SSLSessionTickets off
    SSLOptions +StrictRequire
+#    SSLCompression off

-  RewriteEngine On
-  RewriteCond %{HTTP:Authorization} ^(.*)
-  RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
+    RewriteEngine On
+    RewriteCond %{HTTP:Authorization} ^(.*)
+    RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

  <FilesMatch "\.(cgi|shtml|phtml|php)$">
    SetHandler "proxy:fcgi://127.0.0.1:9000"
@ -589,7 +587,8 @@ Include etc/apache24/Includes/*.conf
  CustomLog "/var/log/ssl-request.log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

  <Directory "/usr/local/www/apache24/data/nextcloud/">
-    Options +FollowSymLinks
+    Require all granted
+    Options FollowSymLinks MultiViews
    AllowOverride All

    <IfModule mod_dav.c>
@ -601,11 +600,116 @@ Include etc/apache24/Includes/*.conf

  </Directory>

+  <Directory "/usr/local/www/apache24/data/">
+    Options Indexes FollowSymLinks MultiViews
+    ## IndexOptions FancyIndexing FoldersFirst IgnoreCase VersionSort SuppressHTMLPreamble NameWidth=96 DescriptionWidth=16
+    IndexOptions FancyIndexing FoldersFirst IgnoreCase NameWidth=96
+
+    #AllowOverride controls what directives may be placed in .htaccess files.
+    #AllowOverride All
+    #AllowOverride AuthConfig
+    #Controls who can get stuff from this server file
+    #Require all granted
+  </Directory>
+
  ErrorLog "/var/log/ssl-error.log"
  CustomLog "/var/log/ssl-access_log" combined

  <IfModule mod_headers.c>
-    Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
+    Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
  </IfModule>

+<IfModule mod_expires.c>
+ExpiresActive On
+ExpiresDefault A0
+
+<FilesMatch "\.(txt|xml|js)$">
+ExpiresDefault A31536000
+</FilesMatch>
+
+<FilesMatch "\.(css)$">
+ExpiresDefault A31536000
+</FilesMatch>
+
+<FilesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|woff2|svg)$">
+ExpiresDefault A31536000
+</FilesMatch>
+
+<FilesMatch "\.(jpg|jpeg|png|gif|swf|webp)$">
+ExpiresDefault A31536000
+</FilesMatch>
+</IfModule>
+
+<IfModule mod_headers.c>
+  <FilesMatch "\.(txt|xml|js)$">
+   Header set Cache-Control "max-age=31536000"
+  </FilesMatch>
+
+  <FilesMatch "\.(css)$">
+   Header set Cache-Control "max-age=31536000"
+  </FilesMatch>
+
+  <FilesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|woff2|svg)$">
+   Header set Cache-Control "max-age=31536000"
+  </FilesMatch>
+
+  <FilesMatch "\.(jpg|jpeg|png|gif|swf|webp)$">
+   Header set Cache-Control "max-age=31536000"
+  </FilesMatch>
+</IfModule>
+
+<IfModule mod_deflate.c>
+	SetOutputFilter DEFLATE
+    <IfModule mod_setenvif.c>
+        <IfModule mod_headers.c>
+            SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
+            RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
+        </IfModule>
+    </IfModule>
+    <IfModule mod_filter.c>
+        AddOutputFilterByType DEFLATE "application/atom+xml" \
+                                      "application/javascript" \
+                                      "application/json" \
+                                      "application/ld+json" \
+                                      "application/manifest+json" \
+                                      "application/rdf+xml" \
+                                      "application/rss+xml" \
+                                      "application/schema+json" \
+                                      "application/vnd.geo+json" \
+                                      "application/vnd.ms-fontobject" \
+                                      "application/x-font-ttf" \
+                                      "application/x-font-opentype" \
+                                      "application/x-font-truetype" \
+                                      "application/x-javascript" \
+                                      "application/x-web-app-manifest+json" \
+                                      "application/xhtml+xml" \
+                                      "application/xml" \
+                                      "font/eot" \
+                                      "font/opentype" \
+                                      "font/otf" \
+                                      "image/bmp" \
+                                      "image/svg+xml" \
+                                      "image/vnd.microsoft.icon" \
+                                      "image/x-icon" \
+                                      "text/cache-manifest" \
+                                      "text/css" \
+                                      "text/html" \
+                                      "text/javascript" \
+                                      "text/plain" \
+                                      "text/vcard" \
+                                      "text/vnd.rim.location.xloc" \
+                                      "text/vtt" \
+                                      "text/x-component" \
+                                      "text/x-cross-domain-policy" \
+                                      "text/xml"
+
+    </IfModule>
+    <IfModule mod_mime.c>
+        AddEncoding gzip              svgz
+    </IfModule>
+</IfModule>
+
 </VirtualHost>
+
+SSLUseStapling On
+SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
--- a/jails/config/cloud/php.ini
+++ b/jails/config/cloud/php.ini
@ -1774,7 +1774,7 @@ opcache.enable_cli=1
 opcache.memory_consumption=128

 ; The amount of memory for interned strings in Mbytes.
-opcache.interned_strings_buffer=8
+opcache.interned_strings_buffer=32

 ; The maximum number of keys (scripts) in the OPcache hash table.
 ; Only numbers between 200 and 1000000 are allowed.
@ -1796,7 +1796,7 @@ opcache.max_accelerated_files=10000
 ; How often (in seconds) to check file timestamps for changes to the shared
 ; memory storage allocation. ("1" means validate once per second, but only
 ; once per request. "0" means always validate)
-opcache.revalidate_freq=1
+opcache.revalidate_freq=60

 ; Enables or disables file search in include_path optimization
 ;opcache.revalidate_path=0
--- a/jails/config/cloud/pkg-list-details.txt
+++ b/jails/config/cloud/pkg-list-details.txt
@ -0,0 +1,44 @@
+pkgp-freebsd-pkg____apache24-2.4.53
+pkgp-freebsd-pkg____bash-5.1.16
+pkgp-freebsd-pkg____bash-completion-2.11_1,2
+pkgp-freebsd-pkg____ffmpeg-4.4.1_11,1
+pkgp-freebsd-pkg____mod_php80-8.0.17_1
+pkgp-freebsd-pkg____nano-6.0
+pkgp-freebsd-pkg____php80-8.0.17_2
+pkgp-freebsd-pkg____php80-bcmath-8.0.17_2
+pkgp-freebsd-pkg____php80-bz2-8.0.17_2
+pkgp-freebsd-pkg____php80-ctype-8.0.17_2
+pkgp-freebsd-pkg____php80-curl-8.0.17_2
+pkgp-freebsd-pkg____php80-dom-8.0.17_1
+pkgp-freebsd-pkg____php80-exif-8.0.17_2
+pkgp-freebsd-pkg____php80-fileinfo-8.0.17_2
+pkgp-freebsd-pkg____php80-filter-8.0.17_2
+pkgp-freebsd-pkg____php80-ftp-8.0.17_2
+pkgp-freebsd-pkg____php80-gd-8.0.17_2
+pkgp-freebsd-pkg____php80-gmp-8.0.17_2
+pkgp-freebsd-pkg____php80-iconv-8.0.17_2
+pkgp-freebsd-pkg____php80-imap-8.0.17_2
+pkgp-freebsd-pkg____php80-intl-8.0.17_2
+pkgp-freebsd-pkg____php80-ldap-8.0.17_2
+pkgp-freebsd-pkg____php80-mbstring-8.0.17_2
+pkgp-freebsd-pkg____php80-mysqli-8.0.17_2
+pkgp-freebsd-pkg____php80-opcache-8.0.17_2
+pkgp-freebsd-pkg____php80-pcntl-8.0.17_2
+pkgp-freebsd-pkg____php80-pdo-8.0.17_2
+pkgp-freebsd-pkg____php80-pdo_mysql-8.0.17_2
+pkgp-freebsd-pkg____php80-pecl-APCu-5.1.21
+pkgp-freebsd-pkg____php80-pecl-imagick-3.5.1
+pkgp-freebsd-pkg____php80-pecl-mcrypt-1.0.4
+pkgp-freebsd-pkg____php80-pecl-redis-5.3.5
+pkgp-freebsd-pkg____php80-posix-8.0.17_2
+pkgp-freebsd-pkg____php80-session-8.0.17_2
+pkgp-freebsd-pkg____php80-simplexml-8.0.17_1
+pkgp-freebsd-pkg____php80-xml-8.0.17_1
+pkgp-freebsd-pkg____php80-xmlreader-8.0.17_1
+pkgp-freebsd-pkg____php80-xmlwriter-8.0.17_1
+pkgp-freebsd-pkg____php80-xsl-8.0.17_1
+pkgp-freebsd-pkg____php80-zip-8.0.17_2
+pkgp-freebsd-pkg____php80-zlib-8.0.17_2
+pkgp-freebsd-pkg____pkg-1.17.5_1
+pkgp-freebsd-pkg____redis-6.2.6
+pkgp-freebsd-pkg____sudo-1.9.10
--- a/jails/config/cloud/pkg-list.txt
+++ b/jails/config/cloud/pkg-list.txt
@ -0,0 +1 @@
+apache24 bash bash-completion ffmpeg mod_php80 nano php80 php80-bcmath php80-bz2 php80-ctype php80-curl php80-dom php80-exif php80-fileinfo php80-filter php80-ftp php80-gd php80-gmp php80-iconv php80-imap php80-intl php80-ldap php80-mbstring php80-mysqli php80-opcache php80-pcntl php80-pdo php80-pdo_mysql php80-pecl-APCu php80-pecl-imagick php80-pecl-mcrypt php80-pecl-redis php80-posix php80-session php80-simplexml php80-xml php80-xmlreader php80-xmlwriter php80-xsl php80-zip php80-zlib pkg redis sudo
				`@ -0,0 +1 @@`
				apache24 bash bash-completion ffmpeg mod_php80 nano php80 php80-bcmath php80-bz2 php80-ctype php80-curl php80-dom php80-exif php80-fileinfo php80-filter php80-ftp php80-gd php80-gmp php80-iconv php80-imap php80-intl php80-ldap php80-mbstring php80-mysqli php80-opcache php80-pcntl php80-pdo php80-pdo_mysql php80-pecl-APCu php80-pecl-imagick php80-pecl-mcrypt php80-pecl-redis php80-posix php80-session php80-simplexml php80-xml php80-xmlreader php80-xmlwriter php80-xsl php80-zip php80-zlib pkg redis sudo