apr 19 update

2022-04-19 13:38:56 -07:00
parent a0a9496aef
commit 18dd3d9761
208 changed files with 12435 additions and 1112 deletions
--- a/jails/config/web/httpd.conf
+++ b/jails/config/web/httpd.conf
@ -49,7 +49,7 @@ ServerRoot "/usr/local"
 # prevent Apache from glomming onto all bound IP addresses.
 #
 #Listen 12.34.56.78:80
-Listen 80
+#Listen 80

 #
 # Dynamic Shared Object (DSO) Support
@ -110,7 +110,7 @@ LoadModule filter_module libexec/apache24/mod_filter.so
 #LoadModule substitute_module libexec/apache24/mod_substitute.so
 #LoadModule sed_module libexec/apache24/mod_sed.so
 #LoadModule charset_lite_module libexec/apache24/mod_charset_lite.so
-#LoadModule deflate_module libexec/apache24/mod_deflate.so
+LoadModule deflate_module libexec/apache24/mod_deflate.so
 #LoadModule xml2enc_module libexec/apache24/mod_xml2enc.so
 #LoadModule proxy_html_module libexec/apache24/mod_proxy_html.so
 LoadModule mime_module libexec/apache24/mod_mime.so
@ -121,7 +121,7 @@ LoadModule log_config_module libexec/apache24/mod_log_config.so
 LoadModule env_module libexec/apache24/mod_env.so
 #LoadModule mime_magic_module libexec/apache24/mod_mime_magic.so
 #LoadModule cern_meta_module libexec/apache24/mod_cern_meta.so
-#LoadModule expires_module libexec/apache24/mod_expires.so
+LoadModule expires_module libexec/apache24/mod_expires.so
 LoadModule headers_module libexec/apache24/mod_headers.so
 #LoadModule usertrack_module libexec/apache24/mod_usertrack.so
 #LoadModule unique_id_module libexec/apache24/mod_unique_id.so
@ -180,7 +180,7 @@ LoadModule dir_module libexec/apache24/mod_dir.so
 #LoadModule userdir_module libexec/apache24/mod_userdir.so
 LoadModule alias_module libexec/apache24/mod_alias.so
 LoadModule rewrite_module libexec/apache24/mod_rewrite.so
-#LoadModule php7_module        libexec/apache24/libphp7.so
+#LoadModule php_module        libexec/apache24/libphp.so

 # Third party modules
 IncludeOptional etc/apache24/modules.d/[0-9][0-9][0-9]_*.conf
@ -225,7 +225,7 @@ ServerAdmin sharad@ahlawat.com
 #
 # If your host doesn't have a registered DNS name, enter its IP address here.
 #
-#ServerName www.example.com:80
+ServerName www.ahlawat.com

 #
 # Deny access to the entirety of your server's filesystem. You must
@ -559,7 +559,7 @@ Include etc/apache24/Includes/*.conf
    ServerAlias *.ahlawat.com
    ServerAlias ahlawat.com

-    Protocols h2 h2c http/1.1
+    Protocols h2 http/1.1

    DocumentRoot "/usr/local/www/apache24/data/"

@ -568,15 +568,15 @@ Include etc/apache24/Includes/*.conf
    SSLCertificateKeyFile "/mnt/certs/privkey.pem"
    #SSLCertificateChainFile "/mnt/certs/fullchain.pem"
    SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
-    SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
-    SSLHonorCipherOrder on
-    SSLCompression off
+    SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+    SSLHonorCipherOrder off
    SSLSessionTickets off
    SSLOptions +StrictRequire
+#    SSLCompression off

-  RewriteEngine On
-  RewriteCond %{HTTP:Authorization} ^(.*)
-  RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
+    RewriteEngine On
+    RewriteCond %{HTTP:Authorization} ^(.*)
+    RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

  <FilesMatch "\.(cgi|shtml|phtml|php)$">
    SetHandler "proxy:fcgi://127.0.0.1:9000"
@ -606,7 +606,100 @@ Include etc/apache24/Includes/*.conf
  CustomLog "/var/log/ssl-access_log" combined

  <IfModule mod_headers.c>
-    Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
+    Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
  </IfModule>

+<IfModule mod_expires.c>
+ExpiresActive On
+ExpiresDefault A0
+
+<FilesMatch "\.(txt|xml|js)$">
+ExpiresDefault A31536000
+</FilesMatch>
+
+<FilesMatch "\.(css)$">
+ExpiresDefault A31536000
+</FilesMatch>
+
+<FilesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|woff2|svg)$">
+ExpiresDefault A31536000
+</FilesMatch>
+
+<FilesMatch "\.(jpg|jpeg|png|gif|swf|webp)$">
+ExpiresDefault A31536000
+</FilesMatch>
+</IfModule>
+
+<IfModule mod_headers.c>
+  <FilesMatch "\.(txt|xml|js)$">
+   Header set Cache-Control "max-age=31536000"
+  </FilesMatch>
+
+  <FilesMatch "\.(css)$">
+   Header set Cache-Control "max-age=31536000"
+  </FilesMatch>
+
+  <FilesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|woff2|svg)$">
+   Header set Cache-Control "max-age=31536000"
+  </FilesMatch>
+
+  <FilesMatch "\.(jpg|jpeg|png|gif|swf|webp)$">
+   Header set Cache-Control "max-age=31536000"
+  </FilesMatch>
+</IfModule>
+
+<IfModule mod_deflate.c>
+	SetOutputFilter DEFLATE
+    <IfModule mod_setenvif.c>
+        <IfModule mod_headers.c>
+            SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
+            RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
+        </IfModule>
+    </IfModule>
+    <IfModule mod_filter.c>
+        AddOutputFilterByType DEFLATE "application/atom+xml" \
+                                      "application/javascript" \
+                                      "application/json" \
+                                      "application/ld+json" \
+                                      "application/manifest+json" \
+                                      "application/rdf+xml" \
+                                      "application/rss+xml" \
+                                      "application/schema+json" \
+                                      "application/vnd.geo+json" \
+                                      "application/vnd.ms-fontobject" \
+                                      "application/x-font-ttf" \
+                                      "application/x-font-opentype" \
+                                      "application/x-font-truetype" \
+                                      "application/x-javascript" \
+                                      "application/x-web-app-manifest+json" \
+                                      "application/xhtml+xml" \
+                                      "application/xml" \
+                                      "font/eot" \
+                                      "font/opentype" \
+                                      "font/otf" \
+                                      "image/bmp" \
+                                      "image/svg+xml" \
+                                      "image/vnd.microsoft.icon" \
+                                      "image/x-icon" \
+                                      "text/cache-manifest" \
+                                      "text/css" \
+                                      "text/html" \
+                                      "text/javascript" \
+                                      "text/plain" \
+                                      "text/vcard" \
+                                      "text/vnd.rim.location.xloc" \
+                                      "text/vtt" \
+                                      "text/x-component" \
+                                      "text/x-cross-domain-policy" \
+                                      "text/xml"
+
+    </IfModule>
+    <IfModule mod_mime.c>
+        AddEncoding gzip              svgz
+    </IfModule>
+</IfModule>
+
 </VirtualHost>
+
+SSLUseStapling On
+SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
--- a/jails/config/web/pkg-list-details.txt
+++ b/jails/config/web/pkg-list-details.txt
@ -0,0 +1,25 @@
+pkgp122____openldap24-client-2.4.59_4
+pkgp123____apache24-2.4.53_1
+pkgp123____apr-1.7.0.1.6.1_2
+pkgp123____php81-ldap-8.1.5
+pkgp123____pkg-1.17.5_1
+pkgp-freebsd-pkg____bash-5.1.16
+pkgp-freebsd-pkg____bash-completion-2.11_1,2
+pkgp-freebsd-pkg____nano-6.0
+pkgp-freebsd-pkg____php81-bcmath-8.1.4_2
+pkgp-freebsd-pkg____php81-ctype-8.1.4_2
+pkgp-freebsd-pkg____php81-curl-8.1.4_2
+pkgp-freebsd-pkg____php81-exif-8.1.4_2
+pkgp-freebsd-pkg____php81-fileinfo-8.1.4_2
+pkgp-freebsd-pkg____php81-filter-8.1.4_2
+pkgp-freebsd-pkg____php81-ftp-8.1.4_2
+pkgp-freebsd-pkg____php81-iconv-8.1.4_2
+pkgp-freebsd-pkg____php81-mbstring-8.1.4_2
+pkgp-freebsd-pkg____php81-mysqli-8.1.4_2
+pkgp-freebsd-pkg____php81-pdo_mysql-8.1.4_2
+pkgp-freebsd-pkg____php81-session-8.1.4_2
+pkgp-freebsd-pkg____php81-sockets-8.1.4_2
+pkgp-freebsd-pkg____php81-sodium-8.1.4_2
+pkgp-freebsd-pkg____php81-tokenizer-8.1.4_2
+pkgp-freebsd-pkg____php81-zip-8.1.4_2
+pkgp-freebsd-pkg____php81-zlib-8.1.4_2
--- a/jails/config/web/pkg-list.txt
+++ b/jails/config/web/pkg-list.txt
@ -0,0 +1 @@
+apache24 apr bash bash-completion nano openldap24-client php81-bcmath php81-ctype php81-curl php81-exif php81-fileinfo php81-filter php81-ftp php81-iconv php81-ldap php81-mbstring php81-mysqli php81-pdo_mysql php81-session php81-sockets php81-sodium php81-tokenizer php81-zip php81-zlib pkg
--- a/jails/config/web/pkgp.conf
+++ b/jails/config/web/pkgp.conf
@ -10,8 +10,8 @@ pkgp-freebsd-pkg: {
    priority: 10
 }

-pkgp122: {
-    url: "http://pkgp.ahlawat.com/packages/pj122-default/",
+pkgp123: {
+    url: "http://pkgp.ahlawat.com/packages/pj123-default",
    mirror_type: "http",
    signature_type: "pubkey",
    pubkey: "/mnt/certs/poudriere.cert",
				`@ -0,0 +1 @@`
				`apache24 apr bash bash-completion nano openldap24-client php81-bcmath php81-ctype php81-curl php81-exif php81-fileinfo php81-filter php81-ftp php81-iconv php81-ldap php81-mbstring php81-mysqli php81-pdo_mysql php81-session php81-sockets php81-sodium php81-tokenizer php81-zip php81-zlib pkg`