diyIT/FreeBSD
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

apr 19 update

Browse Source
This commit is contained in:
Sharad Ahlawat
2022-04-19 13:38:56 -07:00
parent a0a9496aef
commit 18dd3d9761
208 changed files with 12435 additions and 1112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

128
jails/config/web-datavpc/httpd.conf
View File

@ -49,7 +49,7 @@ ServerRoot "/usr/local"
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 80
#Listen 80
#
# Dynamic Shared Object (DSO) Support
@ -108,7 +108,7 @@ LoadModule filter_module libexec/apache24/mod_filter.so
#LoadModule substitute_module libexec/apache24/mod_substitute.so
#LoadModule sed_module libexec/apache24/mod_sed.so
#LoadModule charset_lite_module libexec/apache24/mod_charset_lite.so
#LoadModule deflate_module libexec/apache24/mod_deflate.so
LoadModule deflate_module libexec/apache24/mod_deflate.so
#LoadModule xml2enc_module libexec/apache24/mod_xml2enc.so
#LoadModule proxy_html_module libexec/apache24/mod_proxy_html.so
LoadModule mime_module libexec/apache24/mod_mime.so
@ -119,7 +119,7 @@ LoadModule log_config_module libexec/apache24/mod_log_config.so
LoadModule env_module libexec/apache24/mod_env.so
#LoadModule mime_magic_module libexec/apache24/mod_mime_magic.so
#LoadModule cern_meta_module libexec/apache24/mod_cern_meta.so
#LoadModule expires_module libexec/apache24/mod_expires.so
LoadModule expires_module libexec/apache24/mod_expires.so
LoadModule headers_module libexec/apache24/mod_headers.so
#LoadModule usertrack_module libexec/apache24/mod_usertrack.so
#LoadModule unique_id_module libexec/apache24/mod_unique_id.so
@ -178,7 +178,6 @@ LoadModule dir_module libexec/apache24/mod_dir.so
#LoadModule userdir_module libexec/apache24/mod_userdir.so
LoadModule alias_module libexec/apache24/mod_alias.so
LoadModule rewrite_module libexec/apache24/mod_rewrite.so
#LoadModule php7_module libexec/apache24/libphp7.so
# Third party modules
IncludeOptional etc/apache24/modules.d/[0-9][0-9][0-9]_*.conf
@ -223,7 +222,7 @@ ServerAdmin sharad@ahlawat.com
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
#ServerName www.example.com:80
ServerName www.datavpc.com
#
# Deny access to the entirety of your server's filesystem. You must
@ -560,24 +559,24 @@ Include etc/apache24/Includes/*.conf
ServerAlias *.mydatavpc.com
ServerAlias mydatavpc.com
Protocols h2 h2c http/1.1
Protocols h2 http/1.1
DocumentRoot "/usr/local/www/apache24/data/"
SSLEngine on
SSLCertificateFile "/mnt/certs/diyfullchain.pem"
SSLCertificateKeyFile "/mnt/certs/diyprivkey.pem"
#SSLCertificateChainFile "/mnt/certs/diyfullchain.pem"
SSLCertificateFile "/mnt/certs/dvpcfullchain.pem"
SSLCertificateKeyFile "/mnt/certs/dvpcprivkey.pem"
#SSLCertificateChainFile "/mnt/certs/dvpcfullchain.pem"
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder on
SSLCompression off
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLSessionTickets off
SSLOptions +StrictRequire
# SSLCompression off
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SetHandler "proxy:fcgi://127.0.0.1:9000"
@ -597,17 +596,110 @@ Include etc/apache24/Includes/*.conf
IndexOptions FancyIndexing FoldersFirst IgnoreCase NameWidth=96
#AllowOverride controls what directives may be placed in .htaccess files.
AllowOverride All
#AllowOverride All
#AllowOverride AuthConfig
#Controls who can get stuff from this server file
Require all granted
#Require all granted
</Directory>
ErrorLog "/var/log/ssl-error.log"
CustomLog "/var/log/ssl-access_log" combined
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
</IfModule>
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault A0
<FilesMatch "\.(txt|xml|js)$">
ExpiresDefault A31536000
</FilesMatch>
<FilesMatch "\.(css)$">
ExpiresDefault A31536000
</FilesMatch>
<FilesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|woff2|svg)$">
ExpiresDefault A31536000
</FilesMatch>
<FilesMatch "\.(jpg|jpeg|png|gif|swf|webp)$">
ExpiresDefault A31536000
</FilesMatch>
</IfModule>
<IfModule mod_headers.c>
<FilesMatch "\.(txt|xml|js)$">
Header set Cache-Control "max-age=31536000"
</FilesMatch>
<FilesMatch "\.(css)$">
Header set Cache-Control "max-age=31536000"
</FilesMatch>
<FilesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|woff2|svg)$">
Header set Cache-Control "max-age=31536000"
</FilesMatch>
<FilesMatch "\.(jpg|jpeg|png|gif|swf|webp)$">
Header set Cache-Control "max-age=31536000"
</FilesMatch>
</IfModule>
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
<IfModule mod_setenvif.c>
<IfModule mod_headers.c>
SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
</IfModule>
</IfModule>
<IfModule mod_filter.c>
AddOutputFilterByType DEFLATE "application/atom+xml" \
"application/javascript" \
"application/json" \
"application/ld+json" \
"application/manifest+json" \
"application/rdf+xml" \
"application/rss+xml" \
"application/schema+json" \
"application/vnd.geo+json" \
"application/vnd.ms-fontobject" \
"application/x-font-ttf" \
"application/x-font-opentype" \
"application/x-font-truetype" \
"application/x-javascript" \
"application/x-web-app-manifest+json" \
"application/xhtml+xml" \
"application/xml" \
"font/eot" \
"font/opentype" \
"font/otf" \
"image/bmp" \
"image/svg+xml" \
"image/vnd.microsoft.icon" \
"image/x-icon" \
"text/cache-manifest" \
"text/css" \
"text/html" \
"text/javascript" \
"text/plain" \
"text/vcard" \
"text/vnd.rim.location.xloc" \
"text/vtt" \
"text/x-component" \
"text/x-cross-domain-policy" \
"text/xml"
</IfModule>
<IfModule mod_mime.c>
AddEncoding gzip svgz
</IfModule>
</IfModule>
</VirtualHost>
SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"

9
jails/config/web-datavpc/pkg-list-details.txt Normal file
View File

@ -0,0 +1,9 @@
pkgp-freebsd-pkg____apache24-2.4.53
pkgp-freebsd-pkg____bash-5.1.16
pkgp-freebsd-pkg____bash-completion-2.11_1,2
pkgp-freebsd-pkg____mod_php81-8.1.4_1
pkgp-freebsd-pkg____nano-6.0
pkgp-freebsd-pkg____php81-8.1.4_2
pkgp-freebsd-pkg____php81-mysqli-8.1.4_2
pkgp-freebsd-pkg____php81-session-8.1.4_2
pkgp-freebsd-pkg____pkg-1.17.5_1

1
jails/config/web-datavpc/pkg-list.txt Normal file
View File

@ -0,0 +1 @@
apache24 bash bash-completion mod_php81 nano php81 php81-mysqli php81-session pkg