apr 19 update

This commit is contained in:
Sharad Ahlawat 2022-04-19 13:38:56 -07:00
parent a0a9496aef
commit 18dd3d9761
208 changed files with 12435 additions and 1112 deletions

View File

@ -13,7 +13,7 @@
# references must include a dollar sign '$' in front of the
# name to be expanded properly.
#
# $FreeBSD: releng/12.2/sbin/devfs/devfs.rules 338204 2018-08-22 15:55:23Z brd $
# $FreeBSD: releng/12.3/sbin/devfs/devfs.rules 338204 2018-08-22 15:55:23Z brd $
#
# Very basic and secure ruleset: Hide everything.

View File

@ -13,7 +13,7 @@
# For a more detailed explanation of all the periodic.conf variables, please
# refer to the periodic.conf(5) manual page.
#
# $FreeBSD: releng/12.2/usr.sbin/periodic/periodic.conf 337648 2018-08-11 17:11:08Z brd $
# $FreeBSD: releng/12.3/usr.sbin/periodic/periodic.conf 370770 2021-10-07 19:46:04Z asomers $
#
# What files override these defaults ?
@ -77,6 +77,29 @@ daily_backup_passwd_enable="YES" # Backup passwd & group
# 210.backup-aliases
daily_backup_aliases_enable="YES" # Backup mail aliases
# 221.backup-gpart
if [ $(sysctl -n security.jail.jailed) = 0 ]; then
# Backup partition table/boot partition/MBR
daily_backup_gpart_enable="YES"
else
daily_backup_gpart_enable="NO"
fi
daily_backup_gpart_verbose="NO" # Be verbose if new backup differs from the old one
daily_backup_efi_enable="NO" # Backup EFI system partition (ESP)
# 222.backup-gmirror
daily_backup_gmirror_enable="NO" # Backup of gmirror info (i.e., output of `gmirror list`)
daily_backup_gmirror_verbose="NO" # Log diff if new backup differs from the old one
# 223.backup-zfs
daily_backup_zfs_enable="NO" # Backup output from zpool/zfs list
daily_backup_zfs_props_enable="NO" # Backup zpool/zfs filesystem properties
daily_backup_zfs_get_flags="all" # flags passed to `zfs get`
daily_backup_zfs_list_flags="" # flags passed to `zfs list`
daily_backup_zpool_get_flags="all" # flags passed to `zpool get`
daily_backup_zpool_list_flags="-v" # flags passed to `zpool list`
daily_backup_zfs_verbose="NO" # Report diff between the old and new backups.
# 300.calendar
daily_calendar_enable="NO" # Run calendar -a
@ -118,7 +141,7 @@ daily_status_mfi_enable="NO" # Check mfiutil(8)
# 420.status-network
daily_status_network_enable="NO" # Check network status
daily_status_network_usedns="YES" # DNS lookups are ok
daily_status_network_netstat_flags="-d" # netstat(1) flags
daily_status_network_netstat_flags="-d -W" # netstat(1) flags
# 430.status-uptime
daily_status_uptime_enable="YES" # Check system uptime

View File

@ -1,4 +1,4 @@
# $FreeBSD: releng/12.2/usr.sbin/freebsd-update/freebsd-update.conf 337338 2018-08-04 22:25:41Z brd $
# $FreeBSD: releng/12.3/usr.sbin/freebsd-update/freebsd-update.conf 370439 2021-08-29 16:58:35Z kevans $
# Trusted keyprint. Changing this is a Bad Idea unless you've received
# a PGP-signed email from <security-officer@FreeBSD.org> telling you to
@ -17,7 +17,7 @@ ServerName update.FreeBSD.org
# Example for updating the userland and the kernel source code only:
#Components src world
Components world
# manually run - svnlite update /usr/src - before recompiling the kernel
# manually run - git pull in /usr/src - before recompiling the kernel
# Paths which start with anything matching an entry in an IgnorePaths
# statement will be ignored.
@ -76,3 +76,6 @@ MergeChanges /etc/ /boot/device.hints
# When backing up a kernel also back up debug symbol files?
# BackupKernelSymbolFiles no
# Create a new boot environment when installing patches
# CreateBootEnv yes

View File

@ -1,4 +1,4 @@
# $FreeBSD: releng/12.2/lib/libc/net/hosts 338729 2018-09-17 18:56:47Z brd $
# $FreeBSD: releng/12.3/lib/libc/net/hosts 338729 2018-09-17 18:56:47Z brd $
#
# Host Database
#
@ -24,7 +24,7 @@ fd09::10 nas nas.ahlawat.com
192.168.10.10 nas nas.ahlawat.com
fd0a::10 nas nas.ahlawat.com
192.168.48.10 nas nas.ahlawat.com
2001:470:82a9::10 nas nas.ahlawat.com
2001:470:480a::10 nas nas.ahlawat.com
#
# Imaginary network. 10.0.0.2 myname.my.domain myname 10.0.0.3 myfriend.my.domain myfriend

View File

@ -7,7 +7,7 @@
# This file controls resource limits, accounting limits and
# default user environment settings.
#
# $FreeBSD: releng/12.2/usr.bin/login/login.conf 357789 2020-02-12 02:04:03Z kevans $
# $FreeBSD: releng/12.3/usr.bin/login/login.conf 369215 2021-02-04 03:15:28Z kevans $
#
# Default settings effectively disable resource limits, see the
@ -63,7 +63,13 @@ xuser:\
:tc=default:
staff:\
:tc=default:
# This PATH may be clobbered by individual applications. Notably, by default,
# rc(8), service(8), and cron(8) will all override it with a default PATH that
# may not include /usr/local/sbin and /usr/local/bin when starting services or
# jobs.
daemon:\
:path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin:\
:mail@:\
:memorylocked=128M:\
:tc=default:

View File

@ -1,5 +1,5 @@
#
# $FreeBSD: releng/12.2/usr.sbin/ntp/ntpd/ntp.conf 352865 2019-09-29 03:36:50Z cy $
# $FreeBSD: releng/12.3/usr.sbin/ntp/ntpd/ntp.conf 365704 2020-09-14 01:20:57Z emaste $
#
# Default NTP servers for the FreeBSD operating system.
#
@ -15,7 +15,7 @@
# or discovered dynamically via mechanisms such as broadcast and manycast.
# Ntpd automatically adds maxclock-1 servers from configured pools, and may
# add as many as maxclock*2 if necessary to ensure that at least minclock
# servers are providing good consistant time.
# servers are providing good consistent time.
#
tos minclock 3 maxclock 6

View File

@ -1,4 +1,4 @@
# $FreeBSD: releng/12.2/bin/sh/profile 363525 2020-07-25 11:57:39Z pstef $
# $FreeBSD: releng/12.3/bin/sh/profile 363525 2020-07-25 11:57:39Z pstef $
#
# System-wide .profile file for sh(1).
#

View File

@ -1,6 +1,6 @@
zfs_enable="YES"
kld_list="nmdm vmm ipfw ipdivert linux64"
kld_list="nmdm vmm ipfw ipdivert linux64 wg"
# Do not mark to autodetach otherwise ZFS gets very unhappy.
geli_autodetach="NO"
@ -34,7 +34,7 @@ firewall_logif="YES"
cloned_interfaces_sticky="YES"
cloned_interfaces="lagg0 bridge1 bridge2 bridge5 bridge9 bridge10 bridge48"
ifconfig_lagg0="laggproto lacp laggport igb0 laggport igb1 up"
ifconfig_lagg0="laggproto loadbalance laggport igb0 laggport igb1 up"
ifconfig_igb0="up -rxcsum -rxcsum6 -txcsum -txcsum6 -lro -tso -vlanhwtso"
ifconfig_igb1="up -rxcsum -rxcsum6 -txcsum -txcsum6 -lro -tso -vlanhwtso"
@ -54,7 +54,7 @@ ifconfig_lagg0_9_ipv6="inet6 fd09::10/64 auto_linklocal accept_rtadv"
ifconfig_lagg0_10="inet 192.168.10.10/24"
ifconfig_lagg0_10_ipv6="inet6 fd0a::10/64 auto_linklocal accept_rtadv"
ifconfig_lagg0_48="inet 192.168.48.10/24"
ifconfig_lagg0_48_ipv6="inet6 2001:470:82a9::10/64 auto_linklocal accept_rtadv"
ifconfig_lagg0_48_ipv6="inet6 2001:470:480a::10/64 auto_linklocal accept_rtadv"
ifconfig_bridge1="addm lagg0.1 up"
ifconfig_bridge2="addm lagg0.2 up"

View File

@ -1,4 +1,4 @@
# $FreeBSD: releng/12.2/sbin/sysctl/sysctl.conf 337624 2018-08-11 13:28:03Z brd $
# $FreeBSD: releng/12.3/sbin/sysctl/sysctl.conf 337624 2018-08-11 13:28:03Z brd $
#
# This file is read when going to multi-user and its contents piped thru
# ``sysctl'' to adjust kernel values. ``man 5 sysctl.conf'' for details.

View File

@ -1,17 +1,17 @@
FreeBSD: {
url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest",
enabled: yes
enabled: no
}
pkgp-freebsd-pkg: {
url: "http://pkgp-freebsd-pkg.ahlawat.com/${ABI}/latest",
mirror_type: "http",
enabled: no,
enabled: yes,
priority: 10
}
pkgp121: {
url: "http://pkgp.ahlawat.com/packages/pj121-default/",
pkgp123: {
url: "http://pkgp.ahlawat.com/packages/pj123-default/",
mirror_type: "http",
signature_type: "pubkey",
pubkey: "/mnt/data/apps/certs/poudriere.cert",

View File

@ -19,7 +19,7 @@
name=gstat_exporter
rcvar=${name}_enable
GSTATEXPORTER="nohup /usr/local/bin/python3.7 /root/FreeBSD/scripts/gstat_exporter.py"
GSTATEXPORTER="nohup /usr/local/bin/python3.8 /root/FreeBSD/scripts/gstat_exporter.py"
start_cmd="${name}_start"
stop_cmd="${name}_stop"

View File

@ -1,11 +1,11 @@
ZPOOL=""
SERVER=""
PYTHON?=/usr/local/bin/python3.7
PYTHON?=/usr/local/bin/python3.8
depends:
@(pkg -vv | grep -e "url.*/latest") > /dev/null 2>&1 || (echo "It is advised pkg url is using \"latest\" instead of \"quarterly\" in /etc/pkg/FreeBSD.conf.";)
@test -s ${PYTHON} || (echo "Python binary ${PYTHON} not found, iocage will install python37"; pkg install -q -y python37)
pkg install -q -y py37-libzfs
@test -s ${PYTHON} || (echo "Python binary ${PYTHON} not found, iocage will install python38"; pkg install -q -y python38)
pkg install -q -y py38-libzfs
${PYTHON} -m ensurepip
${PYTHON} -m pip install -Ur requirements.txt

View File

@ -1,3 +1,3 @@
pkg install python37 py37-cython py37-pip py37-libzfs py37-six
python3.7 -m pip install pip==19.3.1
pkg install python38 py38-cython py38-pip py38-libzfs py38-six
python3.8 -m pip install pip==19.3.1
# iocage install does not work with pip 20.x

View File

@ -1,6 +1,6 @@
#
# nsswitch.conf(5) - name service switch configuration file
# $FreeBSD: releng/12.1/lib/libc/net/nsswitch.conf 338729 2018-09-17 18:56:47Z brd $
# $FreeBSD: releng/12.2/lib/libc/net/nsswitch.conf 338729 2018-09-17 18:56:47Z brd $
#
#group: compat
group: files ldap

View File

@ -0,0 +1,6 @@
pkgp122____netatalk3-3.1.12_4,1
pkgp123____nss-pam-ldapd-sasl-0.9.12_1
pkgp-freebsd-pkg____bash-5.1.16
pkgp-freebsd-pkg____bash-completion-2.11_1,2
pkgp-freebsd-pkg____nano-6.0
pkgp-freebsd-pkg____pkg-1.17.5_1

View File

@ -0,0 +1 @@
bash bash-completion nano netatalk3 nss-pam-ldapd-sasl pkg

View File

@ -10,8 +10,8 @@ pkgp-freebsd-pkg: {
priority: 10
}
pkgp122: {
url: "http://pkgp.ahlawat.com/packages/pj122-default/",
pkgp123: {
url: "http://pkgp.ahlawat.com/packages/pj123-default",
mirror_type: "http",
signature_type: "pubkey",
pubkey: "/mnt/certs/poudriere.cert",

View File

@ -1,5 +1,5 @@
#
# $FreeBSD: releng/12.1/lib/libpam/pam.d/sshd 197769 2009-10-05 09:28:54Z des $
# $FreeBSD: releng/12.2/lib/libpam/pam.d/sshd 197769 2009-10-05 09:28:54Z des $
#
# PAM configuration for the "sshd" service
#

View File

@ -0,0 +1,14 @@
pkgp-freebsd-pkg____bash-5.1.16
pkgp-freebsd-pkg____bash-completion-2.11_1,2
pkgp-freebsd-pkg____mc-4.8.28
pkgp-freebsd-pkg____nano-6.0
pkgp-freebsd-pkg____nginx-1.20.2_9,2
pkgp-freebsd-pkg____pkg-1.17.5_1
pkgp-freebsd-pkg____postgresql14-client-14.2
pkgp-freebsd-pkg____py38-ansible-5.5.0
pkgp-freebsd-pkg____py38-django32-3.2.12
pkgp-freebsd-pkg____py38-gunicorn-20.1.0
pkgp-freebsd-pkg____py38-pillow-9.0.1_1
pkgp-freebsd-pkg____py38-pip-20.3.4
pkgp-freebsd-pkg____py38-tkinter-3.8.13_6
pkgp-freebsd-pkg____sudo-1.9.10

View File

@ -0,0 +1 @@
bash bash-completion mc nano nginx pkg postgresql14-client py38-ansible py38-django32 py38-gunicorn py38-pillow py38-pip py38-tkinter sudo

View File

@ -1,6 +1,4 @@
#!/bin/sh
# Copyright (c) 2018-2021, diyIT.org
# Copyright (c) 2018-2022, diyIT.org
# All rights reserved.
#
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
@ -8,6 +6,8 @@
#
#
#!/bin/sh
# the two lines below are not just comments but required by rcorder; service -e
# PROVIDE: cpsserver
# REQUIRE: NETWORKING DAEMON
@ -19,7 +19,8 @@
name=cpsserver
rcvar=${name}_enable
CPSSERVER="nohup /usr/local/bin/python3.7 /data/calibre-web/cps.py"
#CPSSERVER="nohup /usr/local/bin/python3.8 /data/calibre-web/cps.py"
CPSSERVER="nohup /usr/local/bin/cps"
start_cmd="${name}_start"
stop_cmd="${name}_stop"

View File

@ -0,0 +1,10 @@
pkgp123____libxml2-2.9.13_2
pkgp123____libxslt-1.1.35_3
pkgp-freebsd-pkg____bash-5.1.16
pkgp-freebsd-pkg____bash-completion-2.11_1,2
pkgp-freebsd-pkg____nano-6.0
pkgp-freebsd-pkg____pkg-1.17.5_1
pkgp-freebsd-pkg____py38-ldap-3.4.0
pkgp-freebsd-pkg____py38-pip-20.3.4
pkgp-freebsd-pkg____py38-sqlite3-3.8.13_7
pkgp-freebsd-pkg____rust-1.59.0

View File

@ -0,0 +1 @@
bash bash-completion libxml2 libxslt nano pkg py38-ldap py38-pip py38-sqlite3 rust

View File

@ -0,0 +1,20 @@
FreeBSD: {
url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest",
enabled: no
}
pkgp-freebsd-pkg: {
url: "http://pkgp-freebsd-pkg.ahlawat.com/${ABI}/latest",
mirror_type: "http",
enabled: yes,
priority: 10
}
pkgp123: {
url: "http://pkgp.ahlawat.com/packages/pj123-default",
mirror_type: "http",
signature_type: "pubkey",
pubkey: "/mnt/certs/poudriere.cert",
enabled: yes,
priority: 100
}

View File

@ -0,0 +1,11 @@
pkgp-freebsd-pkg____bash-5.1.16
pkgp-freebsd-pkg____bash-completion-2.11_1,2
pkgp-freebsd-pkg____calibre-5.40.0
pkgp-freebsd-pkg____fluxbox-1.3.7_5
pkgp-freebsd-pkg____nano-6.0
pkgp-freebsd-pkg____pkg-1.17.5_1
pkgp-freebsd-pkg____sudo-1.9.10
pkgp-freebsd-pkg____tigervnc-server-1.12.0_4
pkgp-freebsd-pkg____xauth-1.1
pkgp-freebsd-pkg____xpdf-4.03_1,1
pkgp-freebsd-pkg____xterm-372

View File

@ -0,0 +1 @@
bash bash-completion calibre fluxbox nano pkg sudo tigervnc-server xauth xpdf xterm

View File

@ -0,0 +1,7 @@
pkgp-freebsd-pkg____bash-5.1.16
pkgp-freebsd-pkg____bash-completion-2.11_1,2
pkgp-freebsd-pkg____curl-7.82.0
pkgp-freebsd-pkg____motion-4.3.2_3
pkgp-freebsd-pkg____nano-6.0
pkgp-freebsd-pkg____pkg-1.17.5_1
pkgp-freebsd-pkg____py27-pip-20.2.3

View File

@ -0,0 +1 @@
bash bash-completion curl motion nano pkg py27-pip

44
jails/config/cert/acmedns Executable file
View File

@ -0,0 +1,44 @@
#!/bin/sh
# Copyright (c) 2018-2021, diyIT.org
# All rights reserved.
#
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
# https://diyit.org/license/
#
#
# the two lines below are not just comments but required by rcorder; service -e
# PROVIDE: acmedns
# REQUIRE: NETWORKING DAEMON
. /etc/rc.subr
: ${acmedns_enable="NO"}
name=acmedns
rcvar=${name}_enable
ACMEDNS="/usr/local/bin/acme-dns"
start_cmd="${name}_start"
stop_cmd="${name}_stop"
restart_cmd="${name}_restart"
acmedns_start()
{
$ACMEDNS -c /etc/acme-dns/config.cfg &
}
acmedns_stop()
{
ps ax | grep -ie acme-dns | grep -v grep | awk '{print $1}' | xargs kill -9
}
acmedns_restart()
{
acmedns_stop
acmedns_start
}
load_rc_config ${name}
run_rc_command "$1"

View File

@ -0,0 +1,65 @@
[general]
# DNS interface. Note that systemd-resolved may reserve port 53 on 127.0.0.53
# In this case acme-dns will error out and you will need to define the listening interface
# for example: listen = "127.0.0.1:53"
listen = "0.0.0.0:53"
# protocol, "both", "both4", "both6", "udp", "udp4", "udp6" or "tcp", "tcp4", "tcp6"
protocol = "both4"
# domain name to serve the requests off of
domain = "dns-auth.ahlawat.com"
# zone name server
nsname = "dns-auth.ahlawat.com"
# admin email address, where @ is substituted with .
nsadmin = "sharad.ahlawat.com"
# predefined records served in addition to the TXT
records = [
# domain pointing to the public IP of your acme-dns server
"dns-auth.ahlawat.com. A 216.139.40.20",
# specify that auth.example.org will resolve any *.auth.example.org records
"dns-auth.ahlawat.com. NS dns-auth.ahlawat.com.",
]
# debug messages from CORS etc
debug = false
[database]
# Database engine to use, sqlite3 or postgres
engine = "sqlite3"
# Connection string, filename for sqlite3 and postgres://$username:$password@$host/$db_name for postgres
# Please note that the default Docker image uses path /var/lib/acme-dns/acme-dns.db for sqlite3
connection = "/usr/local/lib/acme-dns/acme-dns.db"
# connection = "postgres://user:password@localhost/acmedns_db"
[api]
# listen ip eg. 127.0.0.1
ip = "0.0.0.0"
# disable registration endpoint
disable_registration = false
# listen port, eg. 443 for default HTTPS
port = "443"
# possible values: "letsencrypt", "letsencryptstaging", "cert", "none"
tls = "cert"
# only used if tls = "cert"
tls_cert_privkey = "/mnt/certs/privkey.pem"
tls_cert_fullchain = "/mnt/certs/fullchain.pem"
# only used if tls = "letsencrypt"
acme_cache_dir = "api-certs"
# optional e-mail address to which Let's Encrypt will send expiration notices for the API's cert
notification_email = ""
# CORS AllowOrigins, wildcards can be used
corsorigins = [
"*"
]
# use HTTP header to get the client ip
use_header = false
# header name to pull the ip address / list of ip addresses from
header_name = "X-Forwarded-For"
[logconfig]
# logging level: "error", "warning", "info" or "debug"
loglevel = "debug"
# possible values: stdout, TODO file & integrations
logtype = "stdout"
# file path for logfile TODO
# logfile = "./acme-dns.log"
# format, either "json" or "text"
logformat = "text"

View File

@ -0,0 +1,65 @@
[general]
# DNS interface. Note that systemd-resolved may reserve port 53 on 127.0.0.53
# In this case acme-dns will error out and you will need to define the listening interface
# for example: listen = "127.0.0.1:53"
listen = "0.0.0.0:53"
# protocol, "both", "both4", "both6", "udp", "udp4", "udp6" or "tcp", "tcp4", "tcp6"
protocol = "both"
# domain name to serve the requests off of
domain = "dns-auth.ahlawat.com"
# zone name server
nsname = "dns-auth.ahlawat.com"
# admin email address, where @ is substituted with .
nsadmin = "sharad.ahlawat.com"
# predefined records served in addition to the TXT
records = [
# domain pointing to the public IP of your acme-dns server
"dns-auth.ahlawat.com. A 216.139.40.20",
# specify that auth.example.org will resolve any *.auth.example.org records
"dns-auth.ahlawat.com. NS dns-auth.ahlawat.com.",
]
# debug messages from CORS etc
debug = false
[database]
# Database engine to use, sqlite3 or postgres
engine = "sqlite3"
# Connection string, filename for sqlite3 and postgres://$username:$password@$host/$db_name for postgres
# Please note that the default Docker image uses path /var/lib/acme-dns/acme-dns.db for sqlite3
connection = "/usr/local/lib/acme-dns/acme-dns.db"
# connection = "postgres://user:password@localhost/acmedns_db"
[api]
# listen ip eg. 127.0.0.1
ip = "0.0.0.0"
# disable registration endpoint
disable_registration = false
# listen port, eg. 443 for default HTTPS
port = "80"
# possible values: "letsencrypt", "letsencryptstaging", "cert", "none"
tls = "none"
# only used if tls = "cert"
tls_cert_privkey = "/mnt/certs/privkey.pem"
tls_cert_fullchain = "/mnt/certs/fullchain.pem"
# only used if tls = "letsencrypt"
acme_cache_dir = "api-certs"
# optional e-mail address to which Let's Encrypt will send expiration notices for the API's cert
notification_email = ""
# CORS AllowOrigins, wildcards can be used
corsorigins = [
"*"
]
# use HTTP header to get the client ip
use_header = false
# header name to pull the ip address / list of ip addresses from
header_name = "X-Forwarded-For"
[logconfig]
# logging level: "error", "warning", "info" or "debug"
loglevel = "debug"
# possible values: stdout, TODO file & integrations
logtype = "stdout"
# file path for logfile TODO
# logfile = "./acme-dns.log"
# format, either "json" or "text"
logformat = "text"

View File

@ -0,0 +1,7 @@
pkgp-freebsd-pkg____bash-5.1.16
pkgp-freebsd-pkg____bash-completion-2.11_1,2
pkgp-freebsd-pkg____curl-7.82.0
pkgp-freebsd-pkg____git-lite-2.35.1
pkgp-freebsd-pkg____go-1.18,1
pkgp-freebsd-pkg____nano-6.0
pkgp-freebsd-pkg____pkg-1.17.5_1

View File

@ -0,0 +1 @@
bash bash-completion curl git-lite go nano pkg

View File

@ -0,0 +1,5 @@
pkgp-freebsd-pkg____bash-5.1.16
pkgp-freebsd-pkg____bash-completion-2.11_1,2
pkgp-freebsd-pkg____jenkins-2.341
pkgp-freebsd-pkg____nano-6.0
pkgp-freebsd-pkg____pkg-1.17.5_1

View File

@ -0,0 +1 @@
bash bash-completion jenkins nano pkg

View File

@ -0,0 +1,51 @@
<?php
$CONFIG = array (
'passwordsalt' => '5OBfApfc/+tJzU/4n+F8e+PzOfAStP',
'secret' => 'IFX9kjXwOk4L21503pLACwa2Dadv9JzHNSu8XsnTogmwb5Tr',
'trusted_domains' =>
array (
0 => 'localhost',
1 => 'cloud.ahlawat.com',
2 => '192.168.0.59',
3 => 'fd01::59',
),
'datadirectory' => '/mnt/cloud',
'overwrite.cli.url' => 'https://cloud.ahlawat.com/',
'dbtype' => 'mysql',
'version' => '21.0.3.1',
'dbname' => 'nextcloud',
'dbhost' => 'db.ahlawat.com',
'dbport' => '3306',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'nextcloud',
'dbpassword' => 'mysql__nextcloud',
'installed' => true,
'instanceid' => 'oc7suxvjiy9s',
'htaccess.RewriteBase' => '/',
'filelocking.enabled' => 'true',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => '/tmp/redis.sock',
'port' => 0,
),
'logtimezone' => 'America/Los_Angeles',
'default_phone_region' => 'US',
'log_type' => 'file',
'logfile' => '/var/log/nextcloud.log',
'loglevel' => 0,
'logrotate_size' => '104847600',
'ldapIgnoreNamingRules' => false,
'ldapProviderFactory' => '\\OCA\\User_LDAP\\LDAPProviderFactory',
'mail_smtpmode' => 'smtp',
'mail_from_address' => 'nobody',
'mail_domain' => 'ahlawat.com',
'mail_smtphost' => '192.168.0.100',
'mail_smtpport' => '25',
'maintenance' => false,
'theme' => '',
'encryption.legacy_format_support' => false,
'encryption.key_storage_migrated' => false,
'updater.secret' => '$2y$10$jAnC4Ha3RI2CL.IlhYluSeeOuKMT4itq/ViSiH1Q9DciUXfB3YSYS',
);

View File

@ -0,0 +1,51 @@
<?php
$CONFIG = array (
'passwordsalt' => '5OBfApfc/+tJzU/4n+F8e+PzOfAStP',
'secret' => 'IFX9kjXwOk4L21503pLACwa2Dadv9JzHNSu8XsnTogmwb5Tr',
'trusted_domains' =>
array (
0 => 'localhost',
1 => 'cloud.ahlawat.com',
2 => '192.168.0.59',
3 => 'fd01::59',
),
'datadirectory' => '/mnt/cloud',
'overwrite.cli.url' => 'https://cloud.ahlawat.com/',
'dbtype' => 'mysql',
'version' => '21.0.3.1',
'dbname' => 'nextcloud',
'dbhost' => 'db.ahlawat.com',
'dbport' => '3306',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'nextcloud',
'dbpassword' => 'mysql__nextcloud',
'installed' => true,
'instanceid' => 'oc7suxvjiy9s',
'htaccess.RewriteBase' => '/',
'filelocking.enabled' => 'true',
'memcache.local' => '\\OC\\Memcache\\APCu',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => '/tmp/redis.sock',
'port' => 0,
),
'logtimezone' => 'America/Los_Angeles',
'log_type' => 'file',
'logfile' => '/var/log/nextcloud.log',
'loglevel' => 0,
'logrotate_size' => '104847600',
'ldapIgnoreNamingRules' => false,
'ldapProviderFactory' => '\\OCA\\User_LDAP\\LDAPProviderFactory',
'mail_smtpmode' => 'smtp',
'mail_from_address' => 'nobody',
'mail_domain' => 'ahlawat.com',
'mail_smtphost' => '192.168.0.100',
'mail_smtpport' => '25',
'maintenance' => false,
'theme' => '',
'encryption.legacy_format_support' => false,
'encryption.key_storage_migrated' => false,
'updater.secret' => '$2y$10$jAnC4Ha3RI2CL.IlhYluSeeOuKMT4itq/ViSiH1Q9DciUXfB3YSYS',
);

View File

@ -49,7 +49,7 @@ ServerRoot "/usr/local"
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 80
#Listen 80
#
# Dynamic Shared Object (DSO) Support
@ -108,7 +108,7 @@ LoadModule filter_module libexec/apache24/mod_filter.so
#LoadModule substitute_module libexec/apache24/mod_substitute.so
#LoadModule sed_module libexec/apache24/mod_sed.so
#LoadModule charset_lite_module libexec/apache24/mod_charset_lite.so
#LoadModule deflate_module libexec/apache24/mod_deflate.so
LoadModule deflate_module libexec/apache24/mod_deflate.so
#LoadModule xml2enc_module libexec/apache24/mod_xml2enc.so
#LoadModule proxy_html_module libexec/apache24/mod_proxy_html.so
LoadModule mime_module libexec/apache24/mod_mime.so
@ -119,7 +119,7 @@ LoadModule log_config_module libexec/apache24/mod_log_config.so
LoadModule env_module libexec/apache24/mod_env.so
#LoadModule mime_magic_module libexec/apache24/mod_mime_magic.so
#LoadModule cern_meta_module libexec/apache24/mod_cern_meta.so
#LoadModule expires_module libexec/apache24/mod_expires.so
LoadModule expires_module libexec/apache24/mod_expires.so
LoadModule headers_module libexec/apache24/mod_headers.so
#LoadModule usertrack_module libexec/apache24/mod_usertrack.so
#LoadModule unique_id_module libexec/apache24/mod_unique_id.so
@ -178,7 +178,6 @@ LoadModule dir_module libexec/apache24/mod_dir.so
#LoadModule userdir_module libexec/apache24/mod_userdir.so
LoadModule alias_module libexec/apache24/mod_alias.so
LoadModule rewrite_module libexec/apache24/mod_rewrite.so
#LoadModule php7_module libexec/apache24/libphp7.so
# Third party modules
IncludeOptional etc/apache24/modules.d/[0-9][0-9][0-9]_*.conf
@ -223,7 +222,7 @@ ServerAdmin sharad@ahlawat.com
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
#ServerName www.example.com:80
ServerName cloud.ahlawat.com
#
# Deny access to the entirety of your server's filesystem. You must
@ -250,9 +249,10 @@ ServerAdmin sharad@ahlawat.com
DocumentRoot "/usr/local/www/apache24/data"
<Directory "/usr/local/www/apache24/data">
RewriteEngine on
RewriteRule ^/\.well-known/ - [L]
RewriteRule (.*) https://cloud.ahlawat.com [R,L]
# can't set this if traffic is passing through haproxy and being redirected to ssl already
# RewriteEngine on
# RewriteRule ^/\.well-known/ - [L]
# RewriteRule (.*) https://cloud.ahlawat.com [R,L]
#
# Possible values for the Options directive are "None", "All",
@ -554,27 +554,25 @@ Include etc/apache24/Includes/*.conf
<VirtualHost *:443>
ServerName cloud.ahlawat.com
ServerAlias *.ahlawat.com
ServerAlias cloud
Protocols h2 h2c http/1.1
Protocols h2 http/1.1
DocumentRoot "/usr/local/www/apache24/data/nextcloud/"
DirectoryIndex /index.php index.php
SSLEngine on
SSLCertificateFile "/mnt/certs/fullchain.pem"
SSLCertificateKeyFile "/mnt/certs/privkey.pem"
#SSLCertificateChainFile "/mnt/certs/fullchain.pem"
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder on
SSLCompression off
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLSessionTickets off
SSLOptions +StrictRequire
# SSLCompression off
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SetHandler "proxy:fcgi://127.0.0.1:9000"
@ -589,7 +587,8 @@ Include etc/apache24/Includes/*.conf
CustomLog "/var/log/ssl-request.log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
<Directory "/usr/local/www/apache24/data/nextcloud/">
Options +FollowSymLinks
Require all granted
Options FollowSymLinks MultiViews
AllowOverride All
<IfModule mod_dav.c>
@ -601,11 +600,116 @@ Include etc/apache24/Includes/*.conf
</Directory>
<Directory "/usr/local/www/apache24/data/">
Options Indexes FollowSymLinks MultiViews
## IndexOptions FancyIndexing FoldersFirst IgnoreCase VersionSort SuppressHTMLPreamble NameWidth=96 DescriptionWidth=16
IndexOptions FancyIndexing FoldersFirst IgnoreCase NameWidth=96
#AllowOverride controls what directives may be placed in .htaccess files.
#AllowOverride All
#AllowOverride AuthConfig
#Controls who can get stuff from this server file
#Require all granted
</Directory>
ErrorLog "/var/log/ssl-error.log"
CustomLog "/var/log/ssl-access_log" combined
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
</IfModule>
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault A0
<FilesMatch "\.(txt|xml|js)$">
ExpiresDefault A31536000
</FilesMatch>
<FilesMatch "\.(css)$">
ExpiresDefault A31536000
</FilesMatch>
<FilesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|woff2|svg)$">
ExpiresDefault A31536000
</FilesMatch>
<FilesMatch "\.(jpg|jpeg|png|gif|swf|webp)$">
ExpiresDefault A31536000
</FilesMatch>
</IfModule>
<IfModule mod_headers.c>
<FilesMatch "\.(txt|xml|js)$">
Header set Cache-Control "max-age=31536000"
</FilesMatch>
<FilesMatch "\.(css)$">
Header set Cache-Control "max-age=31536000"
</FilesMatch>
<FilesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|woff2|svg)$">
Header set Cache-Control "max-age=31536000"
</FilesMatch>
<FilesMatch "\.(jpg|jpeg|png|gif|swf|webp)$">
Header set Cache-Control "max-age=31536000"
</FilesMatch>
</IfModule>
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
<IfModule mod_setenvif.c>
<IfModule mod_headers.c>
SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
</IfModule>
</IfModule>
<IfModule mod_filter.c>
AddOutputFilterByType DEFLATE "application/atom+xml" \
"application/javascript" \
"application/json" \
"application/ld+json" \
"application/manifest+json" \
"application/rdf+xml" \
"application/rss+xml" \
"application/schema+json" \
"application/vnd.geo+json" \
"application/vnd.ms-fontobject" \
"application/x-font-ttf" \
"application/x-font-opentype" \
"application/x-font-truetype" \
"application/x-javascript" \
"application/x-web-app-manifest+json" \
"application/xhtml+xml" \
"application/xml" \
"font/eot" \
"font/opentype" \
"font/otf" \
"image/bmp" \
"image/svg+xml" \
"image/vnd.microsoft.icon" \
"image/x-icon" \
"text/cache-manifest" \
"text/css" \
"text/html" \
"text/javascript" \
"text/plain" \
"text/vcard" \
"text/vnd.rim.location.xloc" \
"text/vtt" \
"text/x-component" \
"text/x-cross-domain-policy" \
"text/xml"
</IfModule>
<IfModule mod_mime.c>
AddEncoding gzip svgz
</IfModule>
</IfModule>
</VirtualHost>
SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"

View File

@ -1774,7 +1774,7 @@ opcache.enable_cli=1
opcache.memory_consumption=128
; The amount of memory for interned strings in Mbytes.
opcache.interned_strings_buffer=8
opcache.interned_strings_buffer=32
; The maximum number of keys (scripts) in the OPcache hash table.
; Only numbers between 200 and 1000000 are allowed.
@ -1796,7 +1796,7 @@ opcache.max_accelerated_files=10000
; How often (in seconds) to check file timestamps for changes to the shared
; memory storage allocation. ("1" means validate once per second, but only
; once per request. "0" means always validate)
opcache.revalidate_freq=1
opcache.revalidate_freq=60
; Enables or disables file search in include_path optimization
;opcache.revalidate_path=0

View File

@ -0,0 +1,44 @@
pkgp-freebsd-pkg____apache24-2.4.53
pkgp-freebsd-pkg____bash-5.1.16
pkgp-freebsd-pkg____bash-completion-2.11_1,2
pkgp-freebsd-pkg____ffmpeg-4.4.1_11,1
pkgp-freebsd-pkg____mod_php80-8.0.17_1
pkgp-freebsd-pkg____nano-6.0
pkgp-freebsd-pkg____php80-8.0.17_2
pkgp-freebsd-pkg____php80-bcmath-8.0.17_2
pkgp-freebsd-pkg____php80-bz2-8.0.17_2
pkgp-freebsd-pkg____php80-ctype-8.0.17_2
pkgp-freebsd-pkg____php80-curl-8.0.17_2
pkgp-freebsd-pkg____php80-dom-8.0.17_1
pkgp-freebsd-pkg____php80-exif-8.0.17_2
pkgp-freebsd-pkg____php80-fileinfo-8.0.17_2
pkgp-freebsd-pkg____php80-filter-8.0.17_2
pkgp-freebsd-pkg____php80-ftp-8.0.17_2
pkgp-freebsd-pkg____php80-gd-8.0.17_2
pkgp-freebsd-pkg____php80-gmp-8.0.17_2
pkgp-freebsd-pkg____php80-iconv-8.0.17_2
pkgp-freebsd-pkg____php80-imap-8.0.17_2
pkgp-freebsd-pkg____php80-intl-8.0.17_2
pkgp-freebsd-pkg____php80-ldap-8.0.17_2
pkgp-freebsd-pkg____php80-mbstring-8.0.17_2
pkgp-freebsd-pkg____php80-mysqli-8.0.17_2
pkgp-freebsd-pkg____php80-opcache-8.0.17_2
pkgp-freebsd-pkg____php80-pcntl-8.0.17_2
pkgp-freebsd-pkg____php80-pdo-8.0.17_2
pkgp-freebsd-pkg____php80-pdo_mysql-8.0.17_2
pkgp-freebsd-pkg____php80-pecl-APCu-5.1.21
pkgp-freebsd-pkg____php80-pecl-imagick-3.5.1
pkgp-freebsd-pkg____php80-pecl-mcrypt-1.0.4
pkgp-freebsd-pkg____php80-pecl-redis-5.3.5
pkgp-freebsd-pkg____php80-posix-8.0.17_2
pkgp-freebsd-pkg____php80-session-8.0.17_2
pkgp-freebsd-pkg____php80-simplexml-8.0.17_1
pkgp-freebsd-pkg____php80-xml-8.0.17_1
pkgp-freebsd-pkg____php80-xmlreader-8.0.17_1
pkgp-freebsd-pkg____php80-xmlwriter-8.0.17_1
pkgp-freebsd-pkg____php80-xsl-8.0.17_1
pkgp-freebsd-pkg____php80-zip-8.0.17_2
pkgp-freebsd-pkg____php80-zlib-8.0.17_2
pkgp-freebsd-pkg____pkg-1.17.5_1
pkgp-freebsd-pkg____redis-6.2.6
pkgp-freebsd-pkg____sudo-1.9.10

View File

@ -0,0 +1 @@
apache24 bash bash-completion ffmpeg mod_php80 nano php80 php80-bcmath php80-bz2 php80-ctype php80-curl php80-dom php80-exif php80-fileinfo php80-filter php80-ftp php80-gd php80-gmp php80-iconv php80-imap php80-intl php80-ldap php80-mbstring php80-mysqli php80-opcache php80-pcntl php80-pdo php80-pdo_mysql php80-pecl-APCu php80-pecl-imagick php80-pecl-mcrypt php80-pecl-redis php80-posix php80-session php80-simplexml php80-xml php80-xmlreader php80-xmlwriter php80-xsl php80-zip php80-zlib pkg redis sudo

Binary file not shown.

View File

@ -1,4 +1,4 @@
# $FreeBSD: releng/12.2/usr.sbin/freebsd-update/freebsd-update.conf 337338 2018-08-04 22:25:41Z brd $
# $FreeBSD: releng/12.3/usr.sbin/freebsd-update/freebsd-update.conf 370439 2021-08-29 16:58:35Z kevans $
# Trusted keyprint. Changing this is a Bad Idea unless you've received
# a PGP-signed email from <security-officer@FreeBSD.org> telling you to
@ -10,6 +10,8 @@ KeyPrint 800651ef4b4c71c27e60786d7b487188970f4b4169cc055784e21eb71d410cc5
# using a "nearby" server won't provide a measurable improvement in
# performance.
ServerName update.FreeBSD.org
# caching not used as I am mounting the /var/db/freebsd-update/files directory into every jail
#ServerName pkgp-freebsd-update.ahlawat.com
# Components of the base system which should be kept updated.
#Components src world
@ -75,3 +77,6 @@ MergeChanges /etc/ /boot/device.hints
# When backing up a kernel also back up debug symbol files?
# BackupKernelSymbolFiles no
# Create a new boot environment when installing patches
# CreateBootEnv yes

View File

@ -0,0 +1,705 @@
#
# This is the main Apache HTTP server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "logs/access_log"
# with ServerRoot set to "/usr/local/apache2" will be interpreted by the
# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log"
# will be interpreted as '/logs/access_log'.
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path. If you point
# ServerRoot at a non-local disk, be sure to specify a local disk on the
# Mutex directive, if file-based mutexes are used. If you wish to share the
# same ServerRoot for multiple httpd daemons, you will need to change at
# least PidFile.
#
ServerRoot "/usr/local"
#
# Mutex: Allows you to set the mutex mechanism and mutex file directory
# for individual mutexes, or change the global defaults
#
# Uncomment and change the directory if mutexes are file-based and the default
# mutex file directory is not on a local disk or is not appropriate for some
# other reason.
#
# Mutex default:/var/run
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
#Listen 80
#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
LoadModule mpm_event_module libexec/apache24/mod_mpm_event.so
#LoadModule mpm_prefork_module libexec/apache24/mod_mpm_prefork.so
#LoadModule mpm_worker_module libexec/apache24/mod_mpm_worker.so
LoadModule authn_file_module libexec/apache24/mod_authn_file.so
#LoadModule authn_dbm_module libexec/apache24/mod_authn_dbm.so
#LoadModule authn_anon_module libexec/apache24/mod_authn_anon.so
#LoadModule authn_dbd_module libexec/apache24/mod_authn_dbd.so
#LoadModule authn_socache_module libexec/apache24/mod_authn_socache.so
LoadModule authn_core_module libexec/apache24/mod_authn_core.so
LoadModule authz_host_module libexec/apache24/mod_authz_host.so
LoadModule authz_groupfile_module libexec/apache24/mod_authz_groupfile.so
LoadModule authz_user_module libexec/apache24/mod_authz_user.so
#LoadModule authz_dbm_module libexec/apache24/mod_authz_dbm.so
#LoadModule authz_owner_module libexec/apache24/mod_authz_owner.so
#LoadModule authz_dbd_module libexec/apache24/mod_authz_dbd.so
LoadModule authz_core_module libexec/apache24/mod_authz_core.so
#LoadModule authnz_fcgi_module libexec/apache24/mod_authnz_fcgi.so
LoadModule access_compat_module libexec/apache24/mod_access_compat.so
LoadModule auth_basic_module libexec/apache24/mod_auth_basic.so
#LoadModule auth_form_module libexec/apache24/mod_auth_form.so
#LoadModule auth_digest_module libexec/apache24/mod_auth_digest.so
#LoadModule allowmethods_module libexec/apache24/mod_allowmethods.so
#LoadModule file_cache_module libexec/apache24/mod_file_cache.so
#LoadModule cache_module libexec/apache24/mod_cache.so
#LoadModule cache_disk_module libexec/apache24/mod_cache_disk.so
#LoadModule cache_socache_module libexec/apache24/mod_cache_socache.so
LoadModule authnz_ldap_module libexec/apache24/mod_authnz_ldap.so
LoadModule ldap_module libexec/apache24/mod_ldap.so
LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so
#LoadModule socache_dbm_module libexec/apache24/mod_socache_dbm.so
#LoadModule socache_memcache_module libexec/apache24/mod_socache_memcache.so
#LoadModule watchdog_module libexec/apache24/mod_watchdog.so
#LoadModule macro_module libexec/apache24/mod_macro.so
#LoadModule dbd_module libexec/apache24/mod_dbd.so
#LoadModule dumpio_module libexec/apache24/mod_dumpio.so
#LoadModule buffer_module libexec/apache24/mod_buffer.so
#LoadModule data_module libexec/apache24/mod_data.so
#LoadModule ratelimit_module libexec/apache24/mod_ratelimit.so
LoadModule reqtimeout_module libexec/apache24/mod_reqtimeout.so
#LoadModule ext_filter_module libexec/apache24/mod_ext_filter.so
#LoadModule request_module libexec/apache24/mod_request.so
#LoadModule include_module libexec/apache24/mod_include.so
LoadModule filter_module libexec/apache24/mod_filter.so
#LoadModule reflector_module libexec/apache24/mod_reflector.so
#LoadModule substitute_module libexec/apache24/mod_substitute.so
#LoadModule sed_module libexec/apache24/mod_sed.so
#LoadModule charset_lite_module libexec/apache24/mod_charset_lite.so
LoadModule deflate_module libexec/apache24/mod_deflate.so
#LoadModule xml2enc_module libexec/apache24/mod_xml2enc.so
#LoadModule proxy_html_module libexec/apache24/mod_proxy_html.so
LoadModule mime_module libexec/apache24/mod_mime.so
LoadModule log_config_module libexec/apache24/mod_log_config.so
#LoadModule log_debug_module libexec/apache24/mod_log_debug.so
#LoadModule log_forensic_module libexec/apache24/mod_log_forensic.so
#LoadModule logio_module libexec/apache24/mod_logio.so
LoadModule env_module libexec/apache24/mod_env.so
#LoadModule mime_magic_module libexec/apache24/mod_mime_magic.so
#LoadModule cern_meta_module libexec/apache24/mod_cern_meta.so
LoadModule expires_module libexec/apache24/mod_expires.so
LoadModule headers_module libexec/apache24/mod_headers.so
#LoadModule usertrack_module libexec/apache24/mod_usertrack.so
#LoadModule unique_id_module libexec/apache24/mod_unique_id.so
LoadModule setenvif_module libexec/apache24/mod_setenvif.so
LoadModule version_module libexec/apache24/mod_version.so
#LoadModule remoteip_module libexec/apache24/mod_remoteip.so
LoadModule proxy_module libexec/apache24/mod_proxy.so
#LoadModule proxy_connect_module libexec/apache24/mod_proxy_connect.so
#LoadModule proxy_ftp_module libexec/apache24/mod_proxy_ftp.so
#LoadModule proxy_http_module libexec/apache24/mod_proxy_http.so
LoadModule proxy_fcgi_module libexec/apache24/mod_proxy_fcgi.so
#LoadModule proxy_scgi_module libexec/apache24/mod_proxy_scgi.so
#LoadModule proxy_uwsgi_module libexec/apache24/mod_proxy_uwsgi.so
#LoadModule proxy_fdpass_module libexec/apache24/mod_proxy_fdpass.so
#LoadModule proxy_wstunnel_module libexec/apache24/mod_proxy_wstunnel.so
#LoadModule proxy_ajp_module libexec/apache24/mod_proxy_ajp.so
#LoadModule proxy_balancer_module libexec/apache24/mod_proxy_balancer.so
#LoadModule proxy_express_module libexec/apache24/mod_proxy_express.so
#LoadModule proxy_hcheck_module libexec/apache24/mod_proxy_hcheck.so
#LoadModule session_module libexec/apache24/mod_session.so
#LoadModule session_cookie_module libexec/apache24/mod_session_cookie.so
#LoadModule session_crypto_module libexec/apache24/mod_session_crypto.so
#LoadModule session_dbd_module libexec/apache24/mod_session_dbd.so
#LoadModule slotmem_shm_module libexec/apache24/mod_slotmem_shm.so
#LoadModule slotmem_plain_module libexec/apache24/mod_slotmem_plain.so
LoadModule ssl_module libexec/apache24/mod_ssl.so
#LoadModule dialup_module libexec/apache24/mod_dialup.so
LoadModule http2_module libexec/apache24/mod_http2.so
LoadModule proxy_http2_module libexec/apache24/mod_proxy_http2.so
#LoadModule lbmethod_byrequests_module libexec/apache24/mod_lbmethod_byrequests.so
#LoadModule lbmethod_bytraffic_module libexec/apache24/mod_lbmethod_bytraffic.so
#LoadModule lbmethod_bybusyness_module libexec/apache24/mod_lbmethod_bybusyness.so
#LoadModule lbmethod_heartbeat_module libexec/apache24/mod_lbmethod_heartbeat.so
LoadModule unixd_module libexec/apache24/mod_unixd.so
#LoadModule heartbeat_module libexec/apache24/mod_heartbeat.so
#LoadModule heartmonitor_module libexec/apache24/mod_heartmonitor.so
#LoadModule dav_module libexec/apache24/mod_dav.so
LoadModule status_module libexec/apache24/mod_status.so
LoadModule autoindex_module libexec/apache24/mod_autoindex.so
#LoadModule asis_module libexec/apache24/mod_asis.so
#LoadModule info_module libexec/apache24/mod_info.so
<IfModule !mpm_prefork_module>
#LoadModule cgid_module libexec/apache24/mod_cgid.so
</IfModule>
<IfModule mpm_prefork_module>
#LoadModule cgi_module libexec/apache24/mod_cgi.so
</IfModule>
#LoadModule dav_fs_module libexec/apache24/mod_dav_fs.so
#LoadModule dav_lock_module libexec/apache24/mod_dav_lock.so
#LoadModule vhost_alias_module libexec/apache24/mod_vhost_alias.so
#LoadModule negotiation_module libexec/apache24/mod_negotiation.so
LoadModule dir_module libexec/apache24/mod_dir.so
#LoadModule imagemap_module libexec/apache24/mod_imagemap.so
#LoadModule actions_module libexec/apache24/mod_actions.so
#LoadModule speling_module libexec/apache24/mod_speling.so
#LoadModule userdir_module libexec/apache24/mod_userdir.so
LoadModule alias_module libexec/apache24/mod_alias.so
LoadModule rewrite_module libexec/apache24/mod_rewrite.so
#LoadModule php_module libexec/apache24/libphp.so
# Third party modules
IncludeOptional etc/apache24/modules.d/[0-9][0-9][0-9]_*.conf
<IfModule unixd_module>
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User www
Group www
</IfModule>
# 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. admin@your-domain.com
#
ServerAdmin sharad@ahlawat.com
#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
ServerName www.ahlawat.com
#
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other
# <Directory> blocks below.
#
<Directory />
AllowOverride none
Require all denied
</Directory>
#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/usr/local/www/apache24/data"
<Directory "/usr/local/www/apache24/data">
# can't set this if traffic is passing through haproxy and being redirected to ssl already
# RewriteEngine on
# RewriteRule ^/\.well-known/ - [L]
# RewriteRule (.*) https://www.ahlawat.com [R,L]
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# AllowOverride FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Require all granted
</Directory>
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
<IfModule dir_module>
DirectoryIndex index.php index.html
<FilesMatch "\.php$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
SetHandler application/x-httpd-php-source
</FilesMatch>
</IfModule>
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ".ht*">
Require all denied
</Files>
#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog "/var/log/httpd-error.log"
#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn
<IfModule log_config_module>
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
#
CustomLog "/var/log/httpd-access.log" common
#
# If you prefer a logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#
#CustomLog "/var/log/httpd-access.log" combined
</IfModule>
<IfModule alias_module>
#
# Redirect: Allows you to tell clients about documents that used to
# exist in your server's namespace, but do not anymore. The client
# will make a new request for the document at its new location.
# Example:
# Redirect permanent /foo http://www.example.com/bar
#
# Alias: Maps web paths into filesystem paths and is used to
# access content that does not live under the DocumentRoot.
# Example:
# Alias /webpath /full/filesystem/path
#
# If you include a trailing / on /webpath then the server will
# require it to be present in the URL. You will also likely
# need to provide a <Directory> section to allow access to
# the filesystem path.
#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the target directory are treated as applications and
# run by the server when requested rather than as documents sent to the
# client. The same rules about trailing "/" apply to ScriptAlias
# directives as to Alias.
#
ScriptAlias /cgi-bin/ "/usr/local/www/apache24/cgi-bin/"
</IfModule>
<IfModule cgid_module>
#
# ScriptSock: On threaded servers, designate the path to the UNIX
# socket used to communicate with the CGI daemon of mod_cgid.
#
#Scriptsock cgisock
</IfModule>
#
# "/usr/local/www/apache24/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory "/usr/local/www/apache24/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule headers_module>
#
# Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
# backend servers which have lingering "httpoxy" defects.
# 'Proxy' request header is undefined by the IETF, not listed by IANA
#
RequestHeader unset Proxy early
</IfModule>
<IfModule mime_module>
#
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
#
TypesConfig etc/apache24/mime.types
#
# AddType allows you to add to or override the MIME configuration
# file specified in TypesConfig for specific file types.
#
#AddType application/x-gzip .tgz
#
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
#
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
#
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
#
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
#AddHandler cgi-script .cgi
# For type maps (negotiated resources):
#AddHandler type-map var
#
# Filters allow you to process content before it is sent to the client.
#
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#
#AddType text/html .shtml
#AddOutputFilter INCLUDES .shtml
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
</IfModule>
#
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#
#MIMEMagicFile etc/apache24/magic
#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#
#
# MaxRanges: Maximum number of Ranges in a request before
# returning the entire resource, or one of the special
# values 'default', 'none' or 'unlimited'.
# Default setting is to accept 200 Ranges.
#MaxRanges unlimited
#
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall may be used to deliver
# files. This usually improves server performance, but must
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
# Defaults: EnableMMAP On, EnableSendfile Off
#
#EnableMMAP off
#EnableSendfile on
# Supplemental configuration
#
# The configuration files in the etc/apache24/extra/ directory can be
# included to add extra features or to modify the default configuration of
# the server, or you may simply copy their contents here and change as
# necessary.
# Server-pool management (MPM specific)
#Include etc/apache24/extra/httpd-mpm.conf
# Multi-language error messages
#Include etc/apache24/extra/httpd-multilang-errordoc.conf
# Fancy directory listings
#Include etc/apache24/extra/httpd-autoindex.conf
# Language settings
#Include etc/apache24/extra/httpd-languages.conf
# User home directories
#Include etc/apache24/extra/httpd-userdir.conf
# Real-time info on requests and configuration
#Include etc/apache24/extra/httpd-info.conf
# Virtual hosts
#Include etc/apache24/extra/httpd-vhosts.conf
# Local access to the Apache HTTP Server Manual
#Include etc/apache24/extra/httpd-manual.conf
# Distributed authoring and versioning (WebDAV)
#Include etc/apache24/extra/httpd-dav.conf
# Various default settings
#Include etc/apache24/extra/httpd-default.conf
# Configure mod_proxy_html to understand HTML4/XHTML1
<IfModule proxy_html_module>
Include etc/apache24/extra/proxy-html.conf
</IfModule>
# Secure (SSL/TLS) connections
#Include etc/apache24/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
# starting without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
Include etc/apache24/Includes/*.conf
<VirtualHost *:443>
ServerName www.ahlawat.com
ServerAlias *.ahlawat.com
ServerAlias ahlawat.com
Protocols h2 http/1.1
DocumentRoot "/usr/local/www/apache24/data/"
SSLEngine on
SSLCertificateFile "/mnt/certs/fullchain.pem"
SSLCertificateKeyFile "/mnt/certs/privkey.pem"
#SSLCertificateChainFile "/mnt/certs/fullchain.pem"
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLSessionTickets off
SSLOptions +StrictRequire
# SSLCompression off
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SetHandler "proxy:fcgi://127.0.0.1:9000"
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/www/apache24/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
CustomLog "/var/log/ssl-request.log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
<Directory "/usr/local/www/apache24/data/">
Options Indexes FollowSymLinks MultiViews
## IndexOptions FancyIndexing FoldersFirst IgnoreCase VersionSort SuppressHTMLPreamble NameWidth=96 DescriptionWidth=16
IndexOptions FancyIndexing FoldersFirst IgnoreCase NameWidth=96
#AllowOverride controls what directives may be placed in .htaccess files.
AllowOverride All
#AllowOverride AuthConfig
#Controls who can get stuff from this server file
Require all granted
</Directory>
ErrorLog "/var/log/ssl-error.log"
CustomLog "/var/log/ssl-access_log" combined
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
</IfModule>
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault A0
<FilesMatch "\.(txt|xml|js)$">
ExpiresDefault A31536000
</FilesMatch>
<FilesMatch "\.(css)$">
ExpiresDefault A31536000
</FilesMatch>
<FilesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|woff2|svg)$">
ExpiresDefault A31536000
</FilesMatch>
<FilesMatch "\.(jpg|jpeg|png|gif|swf|webp)$">
ExpiresDefault A31536000
</FilesMatch>
</IfModule>
<IfModule mod_headers.c>
<FilesMatch "\.(txt|xml|js)$">
Header set Cache-Control "max-age=31536000"
</FilesMatch>
<FilesMatch "\.(css)$">
Header set Cache-Control "max-age=31536000"
</FilesMatch>
<FilesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|woff2|svg)$">
Header set Cache-Control "max-age=31536000"
</FilesMatch>
<FilesMatch "\.(jpg|jpeg|png|gif|swf|webp)$">
Header set Cache-Control "max-age=31536000"
</FilesMatch>
</IfModule>
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
<IfModule mod_setenvif.c>
<IfModule mod_headers.c>
SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
</IfModule>
</IfModule>
<IfModule mod_filter.c>
AddOutputFilterByType DEFLATE "application/atom+xml" \
"application/javascript" \
"application/json" \
"application/ld+json" \
"application/manifest+json" \
"application/rdf+xml" \
"application/rss+xml" \
"application/schema+json" \
"application/vnd.geo+json" \
"application/vnd.ms-fontobject" \
"application/x-font-ttf" \
"application/x-font-opentype" \
"application/x-font-truetype" \
"application/x-javascript" \
"application/x-web-app-manifest+json" \
"application/xhtml+xml" \
"application/xml" \
"font/eot" \
"font/opentype" \
"font/otf" \
"image/bmp" \
"image/svg+xml" \
"image/vnd.microsoft.icon" \
"image/x-icon" \
"text/cache-manifest" \
"text/css" \
"text/html" \
"text/javascript" \
"text/plain" \
"text/vcard" \
"text/vnd.rim.location.xloc" \
"text/vtt" \
"text/x-component" \
"text/x-cross-domain-policy" \
"text/xml"
</IfModule>
<IfModule mod_mime.c>
AddEncoding gzip svgz
</IfModule>
</IfModule>
</VirtualHost>
SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"

View File

@ -0,0 +1,703 @@
#
# This is the main Apache HTTP server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "logs/access_log"
# with ServerRoot set to "/usr/local/apache2" will be interpreted by the
# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log"
# will be interpreted as '/logs/access_log'.
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path. If you point
# ServerRoot at a non-local disk, be sure to specify a local disk on the
# Mutex directive, if file-based mutexes are used. If you wish to share the
# same ServerRoot for multiple httpd daemons, you will need to change at
# least PidFile.
#
ServerRoot "/usr/local"
#
# Mutex: Allows you to set the mutex mechanism and mutex file directory
# for individual mutexes, or change the global defaults
#
# Uncomment and change the directory if mutexes are file-based and the default
# mutex file directory is not on a local disk or is not appropriate for some
# other reason.
#
# Mutex default:/var/run
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
#Listen 80
#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
LoadModule mpm_event_module libexec/apache24/mod_mpm_event.so
#LoadModule mpm_prefork_module libexec/apache24/mod_mpm_prefork.so
#LoadModule mpm_worker_module libexec/apache24/mod_mpm_worker.so
LoadModule authn_file_module libexec/apache24/mod_authn_file.so
#LoadModule authn_dbm_module libexec/apache24/mod_authn_dbm.so
#LoadModule authn_anon_module libexec/apache24/mod_authn_anon.so
#LoadModule authn_dbd_module libexec/apache24/mod_authn_dbd.so
#LoadModule authn_socache_module libexec/apache24/mod_authn_socache.so
LoadModule authn_core_module libexec/apache24/mod_authn_core.so
LoadModule authz_host_module libexec/apache24/mod_authz_host.so
LoadModule authz_groupfile_module libexec/apache24/mod_authz_groupfile.so
LoadModule authz_user_module libexec/apache24/mod_authz_user.so
#LoadModule authz_dbm_module libexec/apache24/mod_authz_dbm.so
#LoadModule authz_owner_module libexec/apache24/mod_authz_owner.so
#LoadModule authz_dbd_module libexec/apache24/mod_authz_dbd.so
LoadModule authz_core_module libexec/apache24/mod_authz_core.so
#LoadModule authnz_fcgi_module libexec/apache24/mod_authnz_fcgi.so
LoadModule access_compat_module libexec/apache24/mod_access_compat.so
LoadModule auth_basic_module libexec/apache24/mod_auth_basic.so
#LoadModule auth_form_module libexec/apache24/mod_auth_form.so
#LoadModule auth_digest_module libexec/apache24/mod_auth_digest.so
#LoadModule allowmethods_module libexec/apache24/mod_allowmethods.so
#LoadModule file_cache_module libexec/apache24/mod_file_cache.so
#LoadModule cache_module libexec/apache24/mod_cache.so
#LoadModule cache_disk_module libexec/apache24/mod_cache_disk.so
#LoadModule cache_socache_module libexec/apache24/mod_cache_socache.so
LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so
#LoadModule socache_dbm_module libexec/apache24/mod_socache_dbm.so
#LoadModule socache_memcache_module libexec/apache24/mod_socache_memcache.so
#LoadModule watchdog_module libexec/apache24/mod_watchdog.so
#LoadModule macro_module libexec/apache24/mod_macro.so
#LoadModule dbd_module libexec/apache24/mod_dbd.so
#LoadModule dumpio_module libexec/apache24/mod_dumpio.so
#LoadModule buffer_module libexec/apache24/mod_buffer.so
#LoadModule data_module libexec/apache24/mod_data.so
#LoadModule ratelimit_module libexec/apache24/mod_ratelimit.so
LoadModule reqtimeout_module libexec/apache24/mod_reqtimeout.so
#LoadModule ext_filter_module libexec/apache24/mod_ext_filter.so
#LoadModule request_module libexec/apache24/mod_request.so
#LoadModule include_module libexec/apache24/mod_include.so
LoadModule filter_module libexec/apache24/mod_filter.so
#LoadModule reflector_module libexec/apache24/mod_reflector.so
#LoadModule substitute_module libexec/apache24/mod_substitute.so
#LoadModule sed_module libexec/apache24/mod_sed.so
#LoadModule charset_lite_module libexec/apache24/mod_charset_lite.so
LoadModule deflate_module libexec/apache24/mod_deflate.so
#LoadModule xml2enc_module libexec/apache24/mod_xml2enc.so
#LoadModule proxy_html_module libexec/apache24/mod_proxy_html.so
LoadModule mime_module libexec/apache24/mod_mime.so
LoadModule log_config_module libexec/apache24/mod_log_config.so
#LoadModule log_debug_module libexec/apache24/mod_log_debug.so
#LoadModule log_forensic_module libexec/apache24/mod_log_forensic.so
#LoadModule logio_module libexec/apache24/mod_logio.so
LoadModule env_module libexec/apache24/mod_env.so
#LoadModule mime_magic_module libexec/apache24/mod_mime_magic.so
#LoadModule cern_meta_module libexec/apache24/mod_cern_meta.so
LoadModule expires_module libexec/apache24/mod_expires.so
LoadModule headers_module libexec/apache24/mod_headers.so
#LoadModule usertrack_module libexec/apache24/mod_usertrack.so
#LoadModule unique_id_module libexec/apache24/mod_unique_id.so
LoadModule setenvif_module libexec/apache24/mod_setenvif.so
LoadModule version_module libexec/apache24/mod_version.so
#LoadModule remoteip_module libexec/apache24/mod_remoteip.so
LoadModule proxy_module libexec/apache24/mod_proxy.so
#LoadModule proxy_connect_module libexec/apache24/mod_proxy_connect.so
#LoadModule proxy_ftp_module libexec/apache24/mod_proxy_ftp.so
#LoadModule proxy_http_module libexec/apache24/mod_proxy_http.so
LoadModule proxy_fcgi_module libexec/apache24/mod_proxy_fcgi.so
#LoadModule proxy_scgi_module libexec/apache24/mod_proxy_scgi.so
#LoadModule proxy_uwsgi_module libexec/apache24/mod_proxy_uwsgi.so
#LoadModule proxy_fdpass_module libexec/apache24/mod_proxy_fdpass.so
#LoadModule proxy_wstunnel_module libexec/apache24/mod_proxy_wstunnel.so
#LoadModule proxy_ajp_module libexec/apache24/mod_proxy_ajp.so
#LoadModule proxy_balancer_module libexec/apache24/mod_proxy_balancer.so
#LoadModule proxy_express_module libexec/apache24/mod_proxy_express.so
#LoadModule proxy_hcheck_module libexec/apache24/mod_proxy_hcheck.so
#LoadModule session_module libexec/apache24/mod_session.so
#LoadModule session_cookie_module libexec/apache24/mod_session_cookie.so
#LoadModule session_crypto_module libexec/apache24/mod_session_crypto.so
#LoadModule session_dbd_module libexec/apache24/mod_session_dbd.so
#LoadModule slotmem_shm_module libexec/apache24/mod_slotmem_shm.so
#LoadModule slotmem_plain_module libexec/apache24/mod_slotmem_plain.so
LoadModule ssl_module libexec/apache24/mod_ssl.so
#LoadModule dialup_module libexec/apache24/mod_dialup.so
LoadModule http2_module libexec/apache24/mod_http2.so
LoadModule proxy_http2_module libexec/apache24/mod_proxy_http2.so
#LoadModule lbmethod_byrequests_module libexec/apache24/mod_lbmethod_byrequests.so
#LoadModule lbmethod_bytraffic_module libexec/apache24/mod_lbmethod_bytraffic.so
#LoadModule lbmethod_bybusyness_module libexec/apache24/mod_lbmethod_bybusyness.so
#LoadModule lbmethod_heartbeat_module libexec/apache24/mod_lbmethod_heartbeat.so
LoadModule unixd_module libexec/apache24/mod_unixd.so
#LoadModule heartbeat_module libexec/apache24/mod_heartbeat.so
#LoadModule heartmonitor_module libexec/apache24/mod_heartmonitor.so
#LoadModule dav_module libexec/apache24/mod_dav.so
LoadModule status_module libexec/apache24/mod_status.so
LoadModule autoindex_module libexec/apache24/mod_autoindex.so
#LoadModule asis_module libexec/apache24/mod_asis.so
#LoadModule info_module libexec/apache24/mod_info.so
<IfModule !mpm_prefork_module>
#LoadModule cgid_module libexec/apache24/mod_cgid.so
</IfModule>
<IfModule mpm_prefork_module>
#LoadModule cgi_module libexec/apache24/mod_cgi.so
</IfModule>
#LoadModule dav_fs_module libexec/apache24/mod_dav_fs.so
#LoadModule dav_lock_module libexec/apache24/mod_dav_lock.so
#LoadModule vhost_alias_module libexec/apache24/mod_vhost_alias.so
#LoadModule negotiation_module libexec/apache24/mod_negotiation.so
LoadModule dir_module libexec/apache24/mod_dir.so
#LoadModule imagemap_module libexec/apache24/mod_imagemap.so
#LoadModule actions_module libexec/apache24/mod_actions.so
#LoadModule speling_module libexec/apache24/mod_speling.so
#LoadModule userdir_module libexec/apache24/mod_userdir.so
LoadModule alias_module libexec/apache24/mod_alias.so
LoadModule rewrite_module libexec/apache24/mod_rewrite.so
#LoadModule php_module libexec/apache24/libphp.so
# Third party modules
IncludeOptional etc/apache24/modules.d/[0-9][0-9][0-9]_*.conf
<IfModule unixd_module>
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User www
Group www
</IfModule>
# 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. admin@your-domain.com
#
ServerAdmin sharad@ahlawat.com
#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
ServerName www.ahlawat.com
#
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other
# <Directory> blocks below.
#
<Directory />
AllowOverride none
Require all denied
</Directory>
#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/usr/local/www/apache24/data"
<Directory "/usr/local/www/apache24/data">
# can't set this if traffic is passing through haproxy and being redirected to ssl already
# RewriteEngine on
# RewriteRule ^/\.well-known/ - [L]
# RewriteRule (.*) https://www.ahlawat.com [R,L]
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# AllowOverride FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Require all granted
</Directory>
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
<IfModule dir_module>
DirectoryIndex index.php index.html
<FilesMatch "\.php$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
SetHandler application/x-httpd-php-source
</FilesMatch>
</IfModule>
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ".ht*">
Require all denied
</Files>
#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog "/var/log/httpd-error.log"
#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn
<IfModule log_config_module>
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
#
CustomLog "/var/log/httpd-access.log" common
#
# If you prefer a logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#
#CustomLog "/var/log/httpd-access.log" combined
</IfModule>
<IfModule alias_module>
#
# Redirect: Allows you to tell clients about documents that used to
# exist in your server's namespace, but do not anymore. The client
# will make a new request for the document at its new location.
# Example:
# Redirect permanent /foo http://www.example.com/bar
#
# Alias: Maps web paths into filesystem paths and is used to
# access content that does not live under the DocumentRoot.
# Example:
# Alias /webpath /full/filesystem/path
#
# If you include a trailing / on /webpath then the server will
# require it to be present in the URL. You will also likely
# need to provide a <Directory> section to allow access to
# the filesystem path.
#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the target directory are treated as applications and
# run by the server when requested rather than as documents sent to the
# client. The same rules about trailing "/" apply to ScriptAlias
# directives as to Alias.
#
ScriptAlias /cgi-bin/ "/usr/local/www/apache24/cgi-bin/"
</IfModule>
<IfModule cgid_module>
#
# ScriptSock: On threaded servers, designate the path to the UNIX
# socket used to communicate with the CGI daemon of mod_cgid.
#
#Scriptsock cgisock
</IfModule>
#
# "/usr/local/www/apache24/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory "/usr/local/www/apache24/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule headers_module>
#
# Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
# backend servers which have lingering "httpoxy" defects.
# 'Proxy' request header is undefined by the IETF, not listed by IANA
#
RequestHeader unset Proxy early
</IfModule>
<IfModule mime_module>
#
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
#
TypesConfig etc/apache24/mime.types
#
# AddType allows you to add to or override the MIME configuration
# file specified in TypesConfig for specific file types.
#
#AddType application/x-gzip .tgz
#
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
#
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
#
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
#
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
#AddHandler cgi-script .cgi
# For type maps (negotiated resources):
#AddHandler type-map var
#
# Filters allow you to process content before it is sent to the client.
#
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#
#AddType text/html .shtml
#AddOutputFilter INCLUDES .shtml
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
</IfModule>
#
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#
#MIMEMagicFile etc/apache24/magic
#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#
#
# MaxRanges: Maximum number of Ranges in a request before
# returning the entire resource, or one of the special
# values 'default', 'none' or 'unlimited'.
# Default setting is to accept 200 Ranges.
#MaxRanges unlimited
#
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall may be used to deliver
# files. This usually improves server performance, but must
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
# Defaults: EnableMMAP On, EnableSendfile Off
#
#EnableMMAP off
#EnableSendfile on
# Supplemental configuration
#
# The configuration files in the etc/apache24/extra/ directory can be
# included to add extra features or to modify the default configuration of
# the server, or you may simply copy their contents here and change as
# necessary.
# Server-pool management (MPM specific)
#Include etc/apache24/extra/httpd-mpm.conf
# Multi-language error messages
#Include etc/apache24/extra/httpd-multilang-errordoc.conf
# Fancy directory listings
#Include etc/apache24/extra/httpd-autoindex.conf
# Language settings
#Include etc/apache24/extra/httpd-languages.conf
# User home directories
#Include etc/apache24/extra/httpd-userdir.conf
# Real-time info on requests and configuration
#Include etc/apache24/extra/httpd-info.conf
# Virtual hosts
#Include etc/apache24/extra/httpd-vhosts.conf
# Local access to the Apache HTTP Server Manual
#Include etc/apache24/extra/httpd-manual.conf
# Distributed authoring and versioning (WebDAV)
#Include etc/apache24/extra/httpd-dav.conf
# Various default settings
#Include etc/apache24/extra/httpd-default.conf
# Configure mod_proxy_html to understand HTML4/XHTML1
<IfModule proxy_html_module>
Include etc/apache24/extra/proxy-html.conf
</IfModule>
# Secure (SSL/TLS) connections
#Include etc/apache24/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
# starting without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
Include etc/apache24/Includes/*.conf
<VirtualHost *:443>
ServerName www.ahlawat.com
ServerAlias *.ahlawat.com
ServerAlias ahlawat.com
Protocols h2 http/1.1
DocumentRoot "/usr/local/www/apache24/data/"
SSLEngine on
SSLCertificateFile "/mnt/certs/fullchain.pem"
SSLCertificateKeyFile "/mnt/certs/privkey.pem"
#SSLCertificateChainFile "/mnt/certs/fullchain.pem"
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLSessionTickets off
SSLOptions +StrictRequire
# SSLCompression off
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SetHandler "proxy:fcgi://127.0.0.1:9000"
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/www/apache24/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
CustomLog "/var/log/ssl-request.log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
<Directory "/usr/local/www/apache24/data/">
Options Indexes FollowSymLinks MultiViews
## IndexOptions FancyIndexing FoldersFirst IgnoreCase VersionSort SuppressHTMLPreamble NameWidth=96 DescriptionWidth=16
IndexOptions FancyIndexing FoldersFirst IgnoreCase NameWidth=96
#AllowOverride controls what directives may be placed in .htaccess files.
#AllowOverride All
#AllowOverride AuthConfig
#Controls who can get stuff from this server file
#Require all granted
</Directory>
ErrorLog "/var/log/ssl-error.log"
CustomLog "/var/log/ssl-access_log" combined
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
</IfModule>
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault A0
<FilesMatch "\.(txt|xml|js)$">
ExpiresDefault A31536000
</FilesMatch>
<FilesMatch "\.(css)$">
ExpiresDefault A31536000
</FilesMatch>
<FilesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|woff2|svg)$">
ExpiresDefault A31536000
</FilesMatch>
<FilesMatch "\.(jpg|jpeg|png|gif|swf|webp)$">
ExpiresDefault A31536000
</FilesMatch>
</IfModule>
<IfModule mod_headers.c>
<FilesMatch "\.(txt|xml|js)$">
Header set Cache-Control "max-age=31536000"
</FilesMatch>
<FilesMatch "\.(css)$">
Header set Cache-Control "max-age=31536000"
</FilesMatch>
<FilesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|woff2|svg)$">
Header set Cache-Control "max-age=31536000"
</FilesMatch>
<FilesMatch "\.(jpg|jpeg|png|gif|swf|webp)$">
Header set Cache-Control "max-age=31536000"
</FilesMatch>
</IfModule>
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
<IfModule mod_setenvif.c>
<IfModule mod_headers.c>
SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
</IfModule>
</IfModule>
<IfModule mod_filter.c>
AddOutputFilterByType DEFLATE "application/atom+xml" \
"application/javascript" \
"application/json" \
"application/ld+json" \
"application/manifest+json" \
"application/rdf+xml" \
"application/rss+xml" \
"application/schema+json" \
"application/vnd.geo+json" \
"application/vnd.ms-fontobject" \
"application/x-font-ttf" \
"application/x-font-opentype" \
"application/x-font-truetype" \
"application/x-javascript" \
"application/x-web-app-manifest+json" \
"application/xhtml+xml" \
"application/xml" \
"font/eot" \
"font/opentype" \
"font/otf" \
"image/bmp" \
"image/svg+xml" \
"image/vnd.microsoft.icon" \
"image/x-icon" \
"text/cache-manifest" \
"text/css" \
"text/html" \
"text/javascript" \
"text/plain" \
"text/vcard" \
"text/vnd.rim.location.xloc" \
"text/vtt" \
"text/x-component" \
"text/x-cross-domain-policy" \
"text/xml"
</IfModule>
<IfModule mod_mime.c>
AddEncoding gzip svgz
</IfModule>
</IfModule>
</VirtualHost>
SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"

View File

@ -10,8 +10,8 @@ pkgp-freebsd-pkg: {
priority: 10
}
pkgp122: {
url: "http://pkgp.ahlawat.com/packages/pj122-default/",
pkgp123: {
url: "http://pkgp.ahlawat.com/packages/pj123-default",
mirror_type: "http",
signature_type: "pubkey",
pubkey: "/mnt/certs/poudriere.cert",

View File

@ -0,0 +1,6 @@
pkgp-freebsd-pkg____bash-5.1.16
pkgp-freebsd-pkg____bash-completion-2.11_1,2
pkgp-freebsd-pkg____mariadb105-server-10.5.15_2
pkgp-freebsd-pkg____mysqld_exporter-0.12.1_1
pkgp-freebsd-pkg____nano-6.0
pkgp-freebsd-pkg____pkg-1.17.5_1

View File

@ -0,0 +1 @@
bash bash-completion mariadb105-server mysqld_exporter nano pkg

58
jails/config/dns/dns_update.sh Executable file
View File

@ -0,0 +1,58 @@
#!/usr/local/bin/bash
# Copyright (c) 2018-2021, diyIT.org
# All rights reserved.
#
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
# https://diyit.org/license/
#
#
#SIM="-s"
#SIM=""
#rpl $SIM -v -R "2001:470:480a:a1::" "2001:470:480a:8001::" ./namedb
#rpl $SIM -v -R "100.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.8" "100.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.8" ./namedb
#rpl $SIM -v -R "2021120700" "2022010100" ./namedb
#service $SIM named $SIM restart
service named stop
cd /data/namedb/master
rm /data/namedb/master/*signed*
declare -A ZONE_PEM
ZONE_PEM=(["ahlawat.com"]="" ["beyondbell.com"]="bb" ["diyit.org"]="diy" ["xflow.org"]="xflow" ["datavpc.com"]="dvpc" ["mydatavpc.com"]="mdvpc" ["rockwoodestates.org"]="rwe" ["rockwoodranch.org"]="rwr" ["scvcc-rental.com"]="scvcc")
for ZONE in "${!ZONE_PEM[@]}"
do
PEM=${ZONE_PEM[$ZONE]}
/usr/local/bin/ldns-dane -c "/mnt/certs/"$PEM"fullchain.pem" create mail.$ZONE 25 3 1 1 > /data/namedb/master/tlsa-$ZONE
/usr/local/bin/ldns-dane -c "/mnt/certs/"$PEM"fullchain.pem" create mail-backup.$ZONE 25 3 1 1 >> /data/namedb/master/tlsa-$ZONE
/usr/local/bin/ldns-dane -c "/mnt/certs/"$PEM"fullchain.pem" create $ZONE 443 3 1 1 >> /data/namedb/master/tlsa-$ZONE
/usr/local/bin/ldns-dane -c "/mnt/certs/"$PEM"fullchain.pem" create www.$ZONE 443 3 1 1 >> /data/namedb/master/tlsa-$ZONE
done
NEW_SERIAL=`date -j +%Y%m%d%H`
#NEW_SERIAL="2022022635"
echo $NEW_SERIAL
for DBFILE in `ls /data/namedb/master/*.db`
do
ZONE=`echo $DBFILE | cut -d/ -f 5 | cut -d. -f -2`
/usr/local/sbin/named-checkzone $ZONE $DBFILE
SERIAL=`/usr/local/sbin/named-checkzone $ZONE $DBFILE | egrep -ho '[0-9]{10}'`
echo $SERIAL
sed -i .orig 's/'$SERIAL'/'$(($NEW_SERIAL))'/' $DBFILE
#/usr/local/sbin/dnssec-signzone -S -K /data/namedb/master -t -o $ZONE $DBFILE
/usr/local/sbin/dnssec-signzone -3 $(head -c 1024 /dev/random | sha1sum | cut -b 1-16) -K /data/namedb/master -t -o $ZONE $DBFILE
done
chown bind:bind /data/namedb/master/*
service named start

View File

@ -0,0 +1,29 @@
#### dns_verify-6.sh
#
NETS="2603:3024:3f6:e1: 2603:3024:3f6:e2: 2603:3024:3f6:e5:"
IPS=$(seq 1 254)
#
echo
echo -e "\tip -> hostname -> ip"
echo '--------------------------------------------------------'
for NET in $NETS; do
for n in $IPS; do
A=${NET}:${n}
echo -e "\t$A"
HOST=$(dig -6 -x $A +short)
if test -n "$HOST"; then
ADDR=$(dig -6 -t "AAAA" $HOST +short)
if test "$A" = "$ADDR"; then
echo -e "ok\t$A -> $HOST -> $ADDR"
elif test -n "$ADDR"; then
echo -e "fail\t$A -> $HOST -> $ADDR"
else
echo -e "fail\t$A -> $HOST -> [unassigned]"
fi
fi
done
done
echo ""
echo "DONE."

27
jails/config/dns/dns_verify.sh Executable file
View File

@ -0,0 +1,27 @@
#### dns_verify.sh
#
NETS="192.168.0 192.168.1 192.168.2"
IPS=$(seq 1 254)
#
echo
echo -e "\tip -> hostname -> ip"
echo '--------------------------------------------------------'
for NET in $NETS; do
for n in $IPS; do
A=${NET}.${n}
HOST=$(dig -x $A +short)
if test -n "$HOST"; then
ADDR=$(dig $HOST +short)
if test "$A" = "$ADDR"; then
echo -e "ok\t$A -> $HOST -> $ADDR"
elif test -n "$ADDR"; then
echo -e "fail\t$A -> $HOST -> $ADDR"
else
echo -e "fail\t$A -> $HOST -> [unassigned]"
fi
fi
done
done
echo ""
echo "DONE."

View File

@ -0,0 +1,7 @@
pkgp-freebsd-pkg____bash-5.1.16
pkgp-freebsd-pkg____bash-completion-2.11_1,2
pkgp-freebsd-pkg____bind916-9.16.27
pkgp-freebsd-pkg____ldns-1.8.1
pkgp-freebsd-pkg____nano-6.0
pkgp-freebsd-pkg____pkg-1.17.5_1
pkgp-freebsd-pkg____rpl-1.4.1

View File

@ -0,0 +1 @@
bash bash-completion bind916 ldns nano pkg rpl

View File

@ -1,18 +0,0 @@
#!/usr/local/bin/bash
# Copyright (c) 2018-2021, diyIT.org
# All rights reserved.
#
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
# https://diyit.org/license/
#
#
SIM="-s"
#SIM=""
rpl $SIM -v -R "2603:3024:3f6:21::" "2603:3024:3f6:1::" ./namedb
rpl $SIM -v -R "100.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.2" "100.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1" ./namedb
rpl $SIM -v -R "2021030900" "2021031100" ./namedb
service $SIM named $SIM restart

View File

@ -0,0 +1,10 @@
pkgp-freebsd-pkg____bash-5.1.16
pkgp-freebsd-pkg____bash-completion-2.11_1,2
pkgp-freebsd-pkg____beats7-7.16.3_1
pkgp-freebsd-pkg____curl-7.82.0
pkgp-freebsd-pkg____elasticsearch7-7.16.3
pkgp-freebsd-pkg____kibana7-7.16.3
pkgp-freebsd-pkg____logstash7-7.16.3
pkgp-freebsd-pkg____nano-6.0
pkgp-freebsd-pkg____openjdk11-11.0.14+9.1_1
pkgp-freebsd-pkg____pkg-1.17.5_1

View File

@ -0,0 +1 @@
bash bash-completion beats7 curl elasticsearch7 kibana7 logstash7 nano openjdk11 pkg

View File

@ -8,10 +8,13 @@
#
#
Q=`netstat -LAan | grep 3000 | cut -f3 -d" " | cut -f1 -d/`
Q=`netstat -LAan | grep "*.3000" | cut -f3 -d" " | cut -f1 -d/`
# Q is null if gitea service is not running
if [ ! "$Q" ] || [ $Q -ne 0 ]; then
# 1537 is max stuck recvQ qlen limit when logging start:
# sonewconn: pcb 0xfffff804b9f73d58: Listen queue overflow: 1537 already in queue awaiting acceptance (30 occurrences)
if [ ! "$Q" ] || [ $Q -ge 100 ]; then
echo "restarting gitea stuck at $Q"
tail /var/log/gitea/gitea.log
kill -9 `pgrep gitea` ; sleep 2 ; service gitea start

View File

@ -0,0 +1,6 @@
pkgp-freebsd-pkg____bash-5.1.16
pkgp-freebsd-pkg____bash-completion-2.11_1,2
pkgp-freebsd-pkg____gitea-1.16.5_1
pkgp-freebsd-pkg____nano-6.0
pkgp-freebsd-pkg____openldap-sasl-client-2.4.59
pkgp-freebsd-pkg____pkg-1.17.5_1

View File

@ -0,0 +1 @@
bash bash-completion gitea nano openldap-sasl-client pkg

View File

@ -0,0 +1,17 @@
pkgp-freebsd-pkg____bash-5.1.16
pkgp-freebsd-pkg____bash-completion-2.11_1,2
pkgp-freebsd-pkg____cmake-3.22.2
pkgp-freebsd-pkg____ffmpeg-4.4.1_11,1
pkgp-freebsd-pkg____git-lite-2.35.1
pkgp-freebsd-pkg____gmake-4.3_2
pkgp-freebsd-pkg____heyu2-2.10_1
pkgp-freebsd-pkg____libxslt-1.1.35_1
pkgp-freebsd-pkg____nano-6.0
pkgp-freebsd-pkg____openjpeg-2.4.0
pkgp-freebsd-pkg____pkg-1.17.5_1
pkgp-freebsd-pkg____py38-sqlite3-3.8.13_7
pkgp-freebsd-pkg____py39-sqlite3-3.9.12_7
pkgp-freebsd-pkg____python39-3.9.12
pkgp-freebsd-pkg____rust-1.59.0
pkgp-freebsd-pkg____tmux-3.2a
pkgp-freebsd-pkg____wget-1.21.3

View File

@ -0,0 +1 @@
bash bash-completion cmake ffmpeg git-lite gmake heyu2 libxslt nano openjpeg pkg py38-sqlite3 py39-sqlite3 python39 rust tmux wget

View File

@ -16,7 +16,7 @@
# Serial port to which the CM11a is connected. Default is /dev/ttyS0.
tty /dev/ttyU1
tty /dev/ttyU0
check_ri_line NO
# If you have an X10 compatible RF receiver connected to a second
@ -24,7 +24,7 @@ check_ri_line NO
# and model of receiver. Supported receivers are W800RF32, MR26A,
# and RFXCOM. There are no defaults.
tty_aux /dev/ttyU0 MR26A
tty_aux /dev/ttyU1 MR26A
# The CM19A is both a receiver and transmitter for X10 RF signals.
# The MR26A is a receiver only.

View File

@ -49,7 +49,7 @@ ServerRoot "/usr/local"
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 80
#Listen 80
#
# Dynamic Shared Object (DSO) Support
@ -110,7 +110,7 @@ LoadModule filter_module libexec/apache24/mod_filter.so
#LoadModule substitute_module libexec/apache24/mod_substitute.so
#LoadModule sed_module libexec/apache24/mod_sed.so
#LoadModule charset_lite_module libexec/apache24/mod_charset_lite.so
#LoadModule deflate_module libexec/apache24/mod_deflate.so
LoadModule deflate_module libexec/apache24/mod_deflate.so
#LoadModule xml2enc_module libexec/apache24/mod_xml2enc.so
#LoadModule proxy_html_module libexec/apache24/mod_proxy_html.so
LoadModule mime_module libexec/apache24/mod_mime.so
@ -121,7 +121,7 @@ LoadModule log_config_module libexec/apache24/mod_log_config.so
LoadModule env_module libexec/apache24/mod_env.so
#LoadModule mime_magic_module libexec/apache24/mod_mime_magic.so
#LoadModule cern_meta_module libexec/apache24/mod_cern_meta.so
#LoadModule expires_module libexec/apache24/mod_expires.so
LoadModule expires_module libexec/apache24/mod_expires.so
LoadModule headers_module libexec/apache24/mod_headers.so
#LoadModule usertrack_module libexec/apache24/mod_usertrack.so
#LoadModule unique_id_module libexec/apache24/mod_unique_id.so
@ -180,7 +180,6 @@ LoadModule dir_module libexec/apache24/mod_dir.so
#LoadModule userdir_module libexec/apache24/mod_userdir.so
LoadModule alias_module libexec/apache24/mod_alias.so
LoadModule rewrite_module libexec/apache24/mod_rewrite.so
#LoadModule php7_module libexec/apache24/libphp7.so
# Third party modules
IncludeOptional etc/apache24/modules.d/[0-9][0-9][0-9]_*.conf
@ -225,7 +224,7 @@ ServerAdmin sharad@ahlawat.com
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
#ServerName www.example.com:80
ServerName hub.ahlawat.com
#
# Deny access to the entirety of your server's filesystem. You must
@ -559,7 +558,7 @@ Include etc/apache24/Includes/*.conf
ServerAlias *.ahlawat.com
ServerAlias hub
Protocols h2 h2c http/1.1
Protocols h2 http/1.1
DocumentRoot "/usr/local/www/apache24/data/"
@ -568,15 +567,15 @@ Include etc/apache24/Includes/*.conf
SSLCertificateKeyFile "/mnt/certs/privkey.pem"
#SSLCertificateChainFile "/mnt/certs/fullchain.pem"
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder on
SSLCompression off
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLSessionTickets off
SSLOptions +StrictRequire
# SSLCompression off
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SetHandler "proxy:fcgi://127.0.0.1:9000"
@ -606,7 +605,100 @@ Include etc/apache24/Includes/*.conf
CustomLog "/var/log/ssl-access_log" combined
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
</IfModule>
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault A0
<FilesMatch "\.(txt|xml|js)$">
ExpiresDefault A31536000
</FilesMatch>
<FilesMatch "\.(css)$">
ExpiresDefault A31536000
</FilesMatch>
<FilesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|woff2|svg)$">
ExpiresDefault A31536000
</FilesMatch>
<FilesMatch "\.(jpg|jpeg|png|gif|swf|webp)$">
ExpiresDefault A31536000
</FilesMatch>
</IfModule>
<IfModule mod_headers.c>
<FilesMatch "\.(txt|xml|js)$">
Header set Cache-Control "max-age=31536000"
</FilesMatch>
<FilesMatch "\.(css)$">
Header set Cache-Control "max-age=31536000"
</FilesMatch>
<FilesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|woff2|svg)$">
Header set Cache-Control "max-age=31536000"
</FilesMatch>
<FilesMatch "\.(jpg|jpeg|png|gif|swf|webp)$">
Header set Cache-Control "max-age=31536000"
</FilesMatch>
</IfModule>
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
<IfModule mod_setenvif.c>
<IfModule mod_headers.c>
SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
</IfModule>
</IfModule>
<IfModule mod_filter.c>
AddOutputFilterByType DEFLATE "application/atom+xml" \
"application/javascript" \
"application/json" \
"application/ld+json" \
"application/manifest+json" \
"application/rdf+xml" \
"application/rss+xml" \
"application/schema+json" \
"application/vnd.geo+json" \
"application/vnd.ms-fontobject" \
"application/x-font-ttf" \
"application/x-font-opentype" \
"application/x-font-truetype" \
"application/x-javascript" \
"application/x-web-app-manifest+json" \
"application/xhtml+xml" \
"application/xml" \
"font/eot" \
"font/opentype" \
"font/otf" \
"image/bmp" \
"image/svg+xml" \
"image/vnd.microsoft.icon" \
"image/x-icon" \
"text/cache-manifest" \
"text/css" \
"text/html" \
"text/javascript" \
"text/plain" \
"text/vcard" \
"text/vnd.rim.location.xloc" \
"text/vtt" \
"text/x-component" \
"text/x-cross-domain-policy" \
"text/xml"
</IfModule>
<IfModule mod_mime.c>
AddEncoding gzip svgz
</IfModule>
</IfModule>
</VirtualHost>
SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"

View File

@ -0,0 +1,29 @@
pkgp122____openldap24-client-2.4.59_4
pkgp123____apache24-2.4.53_1
pkgp123____apr-1.7.0.1.6.1_2
pkgp123____php81-ldap-8.1.5
pkgp123____pkg-1.17.5_1
pkgp123____samba413-4.13.17_1
pkgp-freebsd-pkg____bash-5.1.16
pkgp-freebsd-pkg____bash-completion-2.11_1,2
pkgp-freebsd-pkg____compat9x-amd64-9.3.903000.20170608
pkgp-freebsd-pkg____fluxbox-1.3.7_5
pkgp-freebsd-pkg____iperf3-3.11
pkgp-freebsd-pkg____mc-4.8.28
pkgp-freebsd-pkg____nano-6.0
pkgp-freebsd-pkg____openjdk8-8.322.06.1
pkgp-freebsd-pkg____p7zip-16.02_3
pkgp-freebsd-pkg____php81-mysqli-8.1.4_2
pkgp-freebsd-pkg____php81-pgsql-8.1.4_2
pkgp-freebsd-pkg____php81-session-8.1.4_2
pkgp-freebsd-pkg____rename-1.99.2
pkgp-freebsd-pkg____rkhunter-1.4.6_1
pkgp-freebsd-pkg____rsync-3.2.3_1
pkgp-freebsd-pkg____sshguard-2.4.2_2,1
pkgp-freebsd-pkg____sudo-1.9.10
pkgp-freebsd-pkg____tigervnc-1.9.0_4
pkgp-freebsd-pkg____unrar-6.11,6
pkgp-freebsd-pkg____wget-1.21.3
pkgp-freebsd-pkg____xauth-1.1
pkgp-freebsd-pkg____xorriso-1.5.4
pkgp-freebsd-pkg____xterm-372

View File

@ -0,0 +1 @@
apache24 apr bash bash-completion compat9x-amd64 fluxbox iperf3 mc nano openjdk8 openldap24-client p7zip php81-ldap php81-mysqli php81-pgsql php81-session pkg rename rkhunter rsync samba413 sshguard sudo tigervnc unrar wget xauth xorriso xterm

View File

@ -10,8 +10,8 @@ pkgp-freebsd-pkg: {
priority: 10
}
pkgp122: {
url: "http://pkgp.ahlawat.com/packages/pj122-default/",
pkgp123: {
url: "http://pkgp.ahlawat.com/packages/pj123-default",
mirror_type: "http",
signature_type: "pubkey",
pubkey: "/mnt/certs/poudriere.cert",

View File

@ -0,0 +1,9 @@
pkgp-freebsd-pkg____automake-1.16.5
pkgp-freebsd-pkg____bash-5.1.16
pkgp-freebsd-pkg____bash-completion-2.11_1,2
pkgp-freebsd-pkg____cmake-3.22.2
pkgp-freebsd-pkg____git-lite-2.35.1
pkgp-freebsd-pkg____hercules-3.13
pkgp-freebsd-pkg____nano-6.0
pkgp-freebsd-pkg____pkg-1.17.5_1
pkgp-freebsd-pkg____tmux-3.2a

View File

@ -0,0 +1 @@
automake bash bash-completion cmake git-lite hercules nano pkg tmux

View File

@ -1,7 +0,0 @@
sysctl net.inet.ip.forwarding=1
route add 10.1.2.0/24 192.168.55.105
# on remote -
#sudo sysctl net.ipv4.ip_forward=1
#ip route add 192.168.0.0/24 via 192.168.55.1
#OR
#ip route add 192.168.0.0/24 dev tun0

View File

@ -0,0 +1,10 @@
pkgp-freebsd-pkg____bash-5.1.16
pkgp-freebsd-pkg____bash-completion-2.11_1,2
pkgp-freebsd-pkg____guacamole-client-1.4.0
pkgp-freebsd-pkg____guacamole-server-1.4.0
pkgp-freebsd-pkg____libqrencode-4.1.1
pkgp-freebsd-pkg____nano-6.0
pkgp-freebsd-pkg____openldap-sasl-client-2.4.59
pkgp-freebsd-pkg____pkg-1.17.5_1
pkgp-freebsd-pkg____wireguard-2,1
pkgp-freebsd-pkg____zip-3.0_1

View File

@ -0,0 +1 @@
bash bash-completion guacamole-client guacamole-server libqrencode nano openldap-sasl-client pkg wireguard zip

View File

@ -71,6 +71,31 @@
environments. */
# $config->custom->password['no_random_crypt_salt'] = true;
/* If you want to restrict password available types (encryption algorithms)
Should be subset of:
array(
''=>'clear',
'bcrypt'=>'bcrypt',
'blowfish'=>'blowfish',
'crypt'=>'crypt',
'ext_des'=>'ext_des',
'md5'=>'md5',
'k5key'=>'k5key',
'md5crypt'=>'md5crypt',
'sha'=>'sha',
'smd5'=>'smd5',
'ssha'=>'ssha',
'sha256'=>'sha256',
'ssha256'=>'ssha256',
'sha384'=>'sha384',
'ssha384'=>'ssha384',
'sha512'=>'sha512',
'ssha512'=>'ssha512',
'sha256crypt'=>'sha256crypt',
'sha512crypt'=>'sha512crypt',
)*/
# $config->custom->password['available_types'] = array(''=>'clear','md5'=>'md5');
/* PHP script timeout control. If php runs longer than this many seconds then
PHP will stop with an Maximum Execution time error. Increase this value from
the default if queries to your LDAP server are slow. The default is either
@ -173,6 +198,10 @@ $config->custom->commands['script'] = array(
// $config->custom->appearance['tree_width'] = null;
# $config->custom->appearance['tree_width'] = 250;
/* Number of tree command icons to show, 0 = show all icons on 1 row. */
// $config->custom->appearance['tree_icons'] = 0;
# $config->custom->appearance['tree_icons'] = 4;
/* Confirm create and update operations, allowing you to review the changes
and optionally skip attributes during the create/update operation. */
// $config->custom->confirm['create'] = true;
@ -235,7 +264,7 @@ $config->custom->appearance['friendly_attrs'] = array(
*********************************************/
/* Add "modify group members" link to the attribute. */
// $config->custom->modify_member['groupattr'] = array('member','uniqueMember','memberUid');
// $config->custom->modify_member['groupattr'] = array('member','uniqueMember','memberUid','sudoUser');
/* Configure filter for member search. This only applies to "modify group members" feature */
// $config->custom->modify_member['filter'] = '(objectclass=Person)';
@ -310,12 +339,13 @@ $servers->setValue('server','base',array('dc=infra'));
login will be required to use phpLDAPadmin for this server.
5. 'sasl': login will be taken from the webserver's kerberos authentication.
Currently only GSSAPI has been tested (using mod_auth_kerb).
6. 'sasl_external': login will be taken from SASL external mechanism.
Choose wisely to protect your authentication information appropriately for
your situation. If you choose 'cookie', your cookie contents will be
encrypted using blowfish and the secret your specify above as
session['blowfish']. */
$servers->setValue('login','auth_type','cookie');
// $servers->setValue('login','auth_type','session');
/* The DN of the user for phpLDAPadmin to bind with. For anonymous binds or
'cookie','session' or 'sasl' auth_types, LEAVE THE LOGIN_DN AND LOGIN_PASS
@ -334,6 +364,22 @@ $servers->setValue('login','bind_pass','');
/* Use TLS (Transport Layer Security) to connect to the LDAP server. */
$servers->setValue('server','tls',false);
/* TLS Certificate Authority file (overrides ldap.conf, PHP 7.1+) */
// $servers->setValue('server','tls_cacert',null);
# $servers->setValue('server','tls_cacert','/etc/openldap/certs/ca.crt');
/* TLS Certificate Authority hashed directory (overrides ldap.conf, PHP 7.1+) */
// $servers->setValue('server','tls_cacertdir',null);
# $servers->setValue('server','tls_cacertdir','/etc/openldap/certs');
/* TLS Client Certificate file (PHP 7.1+) */
// $servers->setValue('server','tls_cert',null);
# $servers->setValue('server','tls_cert','/etc/pki/tls/certs/ldap_user.crt');
/* TLS Client Certificate Key file (PHP 7.1+) */
// $servers->setValue('server','tls_key',null);
# $servers->setValue('server','tls_key','/etc/pki/tls/private/ldap_user.key');
/************************************
* SASL Authentication *
************************************/
@ -341,11 +387,19 @@ $servers->setValue('server','tls',false);
/* Enable SASL authentication LDAP SASL authentication requires PHP 5.x
configured with --with-ldap-sasl=DIR. If this option is disabled (ie, set to
false), then all other sasl options are ignored. */
// $servers->setValue('login','auth_type','sasl');
# $servers->setValue('login','auth_type','sasl');
/* SASL auth mechanism */
/* SASL GSSAPI auth mechanism (requires auth_type of sasl) */
// $servers->setValue('sasl','mech','GSSAPI');
/* SASL PLAIN support... this mech converts simple binds to SASL
PLAIN binds using any auth_type (or other bind_id/pass) as credentials.
NOTE: auth_type must be simple auth compatible (ie not sasl) */
# $servers->setValue('sasl','mech','PLAIN');
/* SASL EXTERNAL support... really a different auth_type */
# $servers->setValue('login','auth_type','sasl_external');
/* SASL authentication realm name */
// $servers->setValue('sasl','realm','');
# $servers->setValue('sasl','realm','EXAMPLE.COM');
@ -400,6 +454,12 @@ $servers->setValue('server','tls',false);
setup. */
// $servers->setValue('login','class',array());
/* If login_attr was set to 'dn', it is possible to specify a template string to
build the DN from. Use '%s' where user input should be inserted. A user may
still enter the complete DN. In this case the template will not be used. */
// $servers->setValue('login','bind_dn_template',null);
# $servers->setValue('login','bind_dn_template','cn=%s,ou=people,dc=example,dc=com');
/* If you specified something different from 'dn', for example 'uid', as the
login_attr above, you can optionally specify here to fall back to
authentication with dn.
@ -420,6 +480,9 @@ $servers->setValue('server','tls',false);
/* Set to true if you would like to initially open the first level of each tree. */
// $servers->setValue('appearance','open_tree',false);
/* Set to true to display authorization ID in place of login dn (PHP 7.2+) */
// $servers->setValue('appearance','show_authz',false);
/* This feature allows phpLDAPadmin to automatically determine the next
available uidNumber for a new entry. */
// $servers->setValue('auto_number','enable',true);
@ -556,7 +619,7 @@ $servers->setValue('appearance','show_create',true);
$servers->setValue('auto_number','enable',true);
$servers->setValue('auto_number','mechanism','search');
$servers->setValue('auto_number','search_base',null);
$servers->setValue('auto_number','min',array('uidNumber'=>10000,'gidNumber'=>5000));
$servers->setValue('auto_number','min',array('uidNumber'=>1000,'gidNumber'=>500));
$servers->setValue('auto_number','dn',null);
$servers->setValue('auto_number','pass',null);
@ -573,4 +636,19 @@ $servers->setValue('server','custom_sys_attrs',array('passwordExpirationTime','p
$servers->setValue('server','custom_attrs',array('nsRoleDN','nsRole','nsAccountLock'));
$servers->setValue('server','force_may',array('uidNumber','gidNumber','sambaSID'));
*/
/***********************************************************************************
* If you want to configure Google reCAPTCHA on autentication form, do so below. *
* Remove the commented lines and use this section as a template for all *
* reCAPTCHA v2 Generate on https://www.google.com/recaptcha/ *
* *
* IMPORTANT: Select reCAPTCHA v2 on Type of reCAPTCHA *
***********************************************************************************/
$config->custom->session['reCAPTCHA-enable'] = false;
$config->custom->session['reCAPTCHA-key-site'] = '<put-here-key-site>';
$config->custom->session['reCAPTCHA-key-server'] = '<put-here-key-server>';
?>

View File

@ -49,7 +49,7 @@ ServerRoot "/usr/local"
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 80
#Listen 80
#
# Dynamic Shared Object (DSO) Support
@ -178,7 +178,7 @@ LoadModule dir_module libexec/apache24/mod_dir.so
#LoadModule userdir_module libexec/apache24/mod_userdir.so
LoadModule alias_module libexec/apache24/mod_alias.so
#LoadModule rewrite_module libexec/apache24/mod_rewrite.so
LoadModule php7_module libexec/apache24/libphp7.so
LoadModule php_module libexec/apache24/libphp.so
# Third party modules
IncludeOptional etc/apache24/modules.d/[0-9][0-9][0-9]_*.conf
@ -214,7 +214,7 @@ Group www
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. admin@your-domain.com
#
ServerAdmin you@example.com
ServerAdmin sharad@ahlawat.com
#
# ServerName gives the name and port that the server uses to identify itself.
@ -223,7 +223,7 @@ ServerAdmin you@example.com
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
#ServerName www.example.com:80
ServerName ldap-mgr.ahlawat.com
#
# Deny access to the entirety of your server's filesystem. You must
@ -578,7 +578,7 @@ Include etc/apache24/Includes/*.conf
Require all granted
</Directory>
Alias /ssp "/usr/local/www/self-service-password"
Alias /ssp "/usr/local/www/self-service-password/htdocs"
<Directory "/usr/local/www/self-service-password">
AllowOverride None
Require all granted

View File

@ -401,7 +401,7 @@ max_input_time = 60
; Maximum amount of memory a script may consume (128MB)
; http://php.net/memory-limit
memory_limit = 128M
memory_limit = 256M
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Error handling and logging ;

View File

@ -0,0 +1,9 @@
pkgp-freebsd-pkg____apache24-2.4.53
pkgp-freebsd-pkg____bash-5.1.16
pkgp-freebsd-pkg____bash-completion-2.11_1,2
pkgp-freebsd-pkg____ldap-account-manager-7.9
pkgp-freebsd-pkg____mod_php80-8.0.17_1
pkgp-freebsd-pkg____nano-6.0
pkgp-freebsd-pkg____phpldapadmin-php80-1.2.6.3_1
pkgp-freebsd-pkg____pkg-1.17.5_1
pkgp-freebsd-pkg____self-service-password-php80-1.4_1

View File

@ -0,0 +1 @@
apache24 bash bash-completion ldap-account-manager mod_php80 nano phpldapadmin-php80 pkg self-service-password-php80

View File

@ -0,0 +1,7 @@
pkgp122____openldap24-client-2.4.59_4
pkgp123____openldap24-server-2.4.59_9
pkgp123____pkg-1.17.5_1
pkgp-freebsd-pkg____bash-5.1.16
pkgp-freebsd-pkg____bash-completion-2.11_1,2
pkgp-freebsd-pkg____nano-6.0
pkgp-freebsd-pkg____openssl-1.1.1n,1

View File

@ -0,0 +1 @@
bash bash-completion nano openldap24-client openldap24-server openssl pkg

View File

@ -10,8 +10,8 @@ pkgp-freebsd-pkg: {
priority: 10
}
pkgp122: {
url: "http://pkgp.ahlawat.com/packages/pj122-default/",
pkgp123: {
url: "http://pkgp.ahlawat.com/packages/pj123-default",
mirror_type: "http",
signature_type: "pubkey",
pubkey: "/mnt/certs/poudriere.cert",

View File

@ -0,0 +1,30 @@
pkgp-freebsd-pkg____automake-1.16.5
pkgp-freebsd-pkg____bash-5.1.16
pkgp-freebsd-pkg____bash-completion-2.11_1,2
pkgp-freebsd-pkg____cmake-3.22.2
pkgp-freebsd-pkg____dbus-1.12.20_5
pkgp-freebsd-pkg____fluxbox-1.3.7_5
pkgp-freebsd-pkg____git-lite-2.35.1
pkgp-freebsd-pkg____libxslt-1.1.35_1
pkgp-freebsd-pkg____nano-6.0
pkgp-freebsd-pkg____perl5-5.32.1_1
pkgp-freebsd-pkg____pkg-1.17.5_1
pkgp-freebsd-pkg____py38-IBMQuantumExperience-2.0.4
pkgp-freebsd-pkg____py38-jupyterlab-3.1.19
pkgp-freebsd-pkg____py38-matplotlib-3.4.3_3
pkgp-freebsd-pkg____py38-pandas-1.3.5,1
pkgp-freebsd-pkg____py38-pep517-0.12.0
pkgp-freebsd-pkg____py38-pip-20.3.4
pkgp-freebsd-pkg____py38-scikit-learn-1.0.2
pkgp-freebsd-pkg____py38-seaborn-0.11.0_1
pkgp-freebsd-pkg____py38-tensorflow-1.15.5_2
pkgp-freebsd-pkg____rubygem-pkg-config-1.4.7
pkgp-freebsd-pkg____rust-1.59.0
pkgp-freebsd-pkg____sudo-1.9.10
pkgp-freebsd-pkg____suitesparse-cholmod-3.0.14
pkgp-freebsd-pkg____suitesparse-umfpack-5.7.9
pkgp-freebsd-pkg____symengine-0.8.1
pkgp-freebsd-pkg____tigervnc-server-1.12.0_4
pkgp-freebsd-pkg____xauth-1.1
pkgp-freebsd-pkg____xorg-fonts-truetype-7.7_1
pkgp-freebsd-pkg____xterm-372

View File

@ -0,0 +1 @@
automake bash bash-completion cmake dbus fluxbox git-lite libxslt nano perl5 pkg py38-IBMQuantumExperience py38-jupyterlab py38-matplotlib py38-pandas py38-pep517 py38-pip py38-scikit-learn py38-seaborn py38-tensorflow rubygem-pkg-config rust sudo suitesparse-cholmod suitesparse-umfpack symengine tigervnc-server xauth xorg-fonts-truetype xterm

View File

@ -0,0 +1,12 @@
pkgp122____openldap24-client-2.4.59_4
pkgp123____dcc-dccd-2.3.168
pkgp123____dovecot-2.3.18_1
pkgp123____dovecot-pigeonhole-0.5.18
pkgp123____pkg-1.17.5_1
pkgp123____postfix-3.7.0_2,1
pkgp123____rspamd-3.2_1
pkgp-freebsd-pkg____apache-solr-8.11.1
pkgp-freebsd-pkg____bash-5.1.16
pkgp-freebsd-pkg____bash-completion-2.11_1,2
pkgp-freebsd-pkg____nano-6.0
pkgp-freebsd-pkg____redis-6.2.6

View File

@ -0,0 +1 @@
apache-solr bash bash-completion dcc-dccd dovecot dovecot-pigeonhole nano openldap24-client pkg postfix redis rspamd

View File

@ -10,8 +10,8 @@ pkgp-freebsd-pkg: {
priority: 10
}
pkgp122: {
url: "http://pkgp.ahlawat.com/packages/pj122-default/",
pkgp123: {
url: "http://pkgp.ahlawat.com/packages/pj123-default",
mirror_type: "http",
signature_type: "pubkey",
pubkey: "/mnt/certs/poudriere.cert",

View File

@ -0,0 +1,14 @@
#! /bin/sh
certfiles=$(postconf -n | awk -F " = " '$1 ~ /(cert|key)_file/ {print $2}' | sort -u)
reload=false
for f in $certfiles; do
if [ -f "$f" ]; then
if [ /var/spool/postfix/pid/master.pid -ot "$f" ]; then
reload=true
fi
fi
done
if $reload; then
echo "postfix master.pid file older than certificates; restart required!"
service postfix restart
fi

View File

@ -0,0 +1,7 @@
pkgp-freebsd-pkg____bash-5.1.16
pkgp-freebsd-pkg____bash-completion-2.11_1,2
pkgp-freebsd-pkg____nano-6.0
pkgp-freebsd-pkg____npm-8.5.2
pkgp-freebsd-pkg____pkg-1.17.5_1
pkgp-freebsd-pkg____pkgconf-1.8.0,1
pkgp-freebsd-pkg____vips-8.12.2_4

View File

@ -0,0 +1 @@
bash bash-completion nano npm pkg pkgconf vips

View File

@ -1,7 +1,7 @@
{
"default_server_config": {
"m.homeserver": {
"base_url": "https://matrix.ahlawat.com",
"base_url": "https://matrix.ahlawat.com:8448",
"server_name": "matrix.ahlawat.com"
},
"m.identity_server": {
@ -12,7 +12,7 @@
"disable_guests": false,
"disable_login_language_selector": false,
"disable_3pid_login": false,
"brand": "Riot",
"brand": "Ahlawat",
"integrations_ui_url": "https://scalar.vector.im/",
"integrations_rest_url": "https://scalar.vector.im/api",
"integrations_widgets_urls": [
@ -22,23 +22,19 @@
"https://scalar-staging.vector.im/api",
"https://scalar-staging.riot.im/scalar/api"
],
"bug_report_endpoint_url": "https://riot.im/bugreports/submit",
"bug_report_endpoint_url": "https://element.io/bugreports/submit",
"uisi_autorageshake_app": "element-auto-uisi",
"defaultCountryCode": "US",
"showLabsSettings": false,
"features": {
"feature_pinning": "labs",
"feature_custom_status": "labs",
"feature_custom_tags": "labs",
"feature_state_counters": "labs"
},
"features": { },
"default_federate": true,
"default_theme": "light",
"roomDirectory": {
"servers": [
"matrix.ahlawat.com",
"matrix.org"
]
},
"welcomeUserId": "@riot-bot:matrix.org",
"piwik": {
"url": "https://piwik.riot.im/",
"whitelistedHSUrls": ["https://matrix.org"],
@ -54,5 +50,6 @@
},
"jitsi": {
"preferredDomain": "meet.ahlawat.com"
}
},
"map_style_url": "https://api.maptiler.com/maps/streets/style.json?key=fU3vlMsMn4Jb6dnEIFsx"
}

View File

@ -146,7 +146,7 @@ http {
#location /favicon.ico { access_log off; log_not_found off; }
root /usr/local/www/riot;
root /usr/local/www/element;
index index.html;
#error_page 404 /404.html;

View File

@ -0,0 +1,9 @@
pkgp-freebsd-pkg____bash-5.1.16
pkgp-freebsd-pkg____bash-completion-2.11_1,2
pkgp-freebsd-pkg____element-web-1.10.8
pkgp-freebsd-pkg____nano-6.0
pkgp-freebsd-pkg____nginx-1.20.2_9,2
pkgp-freebsd-pkg____pkg-1.17.5_1
pkgp-freebsd-pkg____py38-matrix-synapse-1.55.2
pkgp-freebsd-pkg____py38-matrix-synapse-ldap3-0.2.0
pkgp-freebsd-pkg____py38-psycopg2-2.9.3

View File

@ -0,0 +1 @@
bash bash-completion element-web nano nginx pkg py38-matrix-synapse py38-matrix-synapse-ldap3 py38-psycopg2

View File

@ -0,0 +1,9 @@
pkgp-freebsd-pkg____bash-5.1.16
pkgp-freebsd-pkg____bash-completion-2.11_1,2
pkgp-freebsd-pkg____jicofo-1.0.555_2
pkgp-freebsd-pkg____jitsi-meet-1.0.4048_2
pkgp-freebsd-pkg____jitsi-videobridge-2.1.183_3
pkgp-freebsd-pkg____nano-6.0
pkgp-freebsd-pkg____nginx-1.20.2_9,2
pkgp-freebsd-pkg____pkg-1.17.5_1
pkgp-freebsd-pkg____prosody-0.12.0

View File

@ -0,0 +1 @@
bash bash-completion jicofo jitsi-meet jitsi-videobridge nano nginx pkg prosody

View File

@ -1,549 +0,0 @@
##################### Grafana Configuration Example #####################
#
# Everything has defaults so you only need to uncomment things you want to
# change
# possible values : production, development
;app_mode = production
# instance name, defaults to HOSTNAME environment variable value or hostname if HOSTNAME var is empty
;instance_name = ${HOSTNAME}
instance_name = grafana.diyit.org
#################################### Paths ####################################
[paths]
# Path to where grafana can store temp files, sessions, and the sqlite3 db (if that is used)
data = /var/db/grafana/
# Temporary files in `data` directory older than given duration will be removed
;temp_data_lifetime = 24h
# Directory where grafana can store logs
logs = /var/log/grafana/
# Directory where grafana will automatically scan and look for plugins
plugins = /var/db/grafana/plugins
# folder that contains provisioning config files that grafana will apply on startup and while running.
provisioning = /var/db/grafana/provisioning
#################################### Server ####################################
[server]
# Protocol (http, https, socket)
protocol = https
# The ip address to bind to, empty will bind to all interfaces
;http_addr =
# The http port to use
;http_port = 3000
# The public facing domain name used to access grafana from a browser
;domain = localhost
# Redirect to correct domain if host header does not match domain
# Prevents DNS rebinding attacks
enforce_domain = false
# The full public facing url you use in browser, used for redirects and emails
# If you use reverse proxy and sub path specify full url (with sub path)
root_url = https://grafana.diyit.org
# Log web requests
;router_logging = false
# the path relative working path
;static_root_path = public
# enable gzip
;enable_gzip = false
# https certs & key file
cert_file = /mnt/certs/diyfullchain.pem
cert_key =/mnt/certs/diyprivkeyr.pem
# Unix socket path
;socket =
#################################### Database ####################################
[database]
# You can configure the database connection by specifying type, host, name, user and password
# as separate properties or as on string using the url properties.
# Either "mysql", "postgres" or "sqlite3", it's your choice
;type = sqlite3
;host = 127.0.0.1:3306
;name = grafana
;user = root
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
;password =
# Use either URL or the previous fields to configure the database
# Example: mysql://user:secret@host:port/database
;url =
# For "postgres" only, either "disable", "require" or "verify-full"
;ssl_mode = disable
# For "sqlite3" only, path relative to data_path setting
;path = grafana.db
# Max idle conn setting default is 2
;max_idle_conn = 2
# Max conn setting default is 0 (mean not set)
;max_open_conn =
# Connection Max Lifetime default is 14400 (means 14400 seconds or 4 hours)
;conn_max_lifetime = 14400
# Set to true to log the sql calls and execution times.
log_queries =
# For "sqlite3" only. cache mode setting used for connecting to the database. (private, shared)
;cache_mode = private
#################################### Cache server #############################
[remote_cache]
# Either "redis", "memcached" or "database" default is "database"
;type = database
# cache connectionstring options
# database: will use Grafana primary database.
# redis: config like redis server e.g. `addr=127.0.0.1:6379,pool_size=100,db=grafana`
# memcache: 127.0.0.1:11211
;connstr =
#################################### Session ####################################
[session]
# Either "memory", "file", "redis", "mysql", "postgres", default is "file"
;provider = file
# Provider config options
# memory: not have any config yet
# file: session dir path, is relative to grafana data_path
# redis: config like redis server e.g. `addr=127.0.0.1:6379,pool_size=100,db=grafana`
# mysql: go-sql-driver/mysql dsn config string, e.g. `user:password@tcp(127.0.0.1:3306)/database_name`
# postgres: user=a password=b host=localhost port=5432 dbname=c sslmode=disable
;provider_config = sessions
# Session cookie name
;cookie_name = grafana_sess
# If you use session in https only, default is false
;cookie_secure = false
# Session life time, default is 86400 (means 86400 seconds or 24 hours)
;session_life_time = 86400
#################################### Data proxy ###########################
[dataproxy]
# This enables data proxy logging, default is false
;logging = false
# How long the data proxy should wait before timing out default is 30 (seconds)
;timeout = 30
# If enabled and user is not anonymous, data proxy will add X-Grafana-User header with username into the request, default is false.
;send_user_header = false
#################################### Analytics ####################################
[analytics]
# Server reporting, sends usage counters to stats.grafana.org every 24 hours.
# No ip addresses are being tracked, only simple counters to track
# running instances, dashboard and error counts. It is very helpful to us.
# Change this option to false to disable reporting.
;reporting_enabled = true
# Set to false to disable all checks to https://grafana.net
# for new vesions (grafana itself and plugins), check is used
# in some UI views to notify that grafana or plugin update exists
# This option does not cause any auto updates, nor send any information
# only a GET request to http://grafana.com to get latest versions
;check_for_updates = true
# Google Analytics universal tracking code, only enabled if you specify an id here
;google_analytics_ua_id =
# Google Tag Manager ID, only enabled if you specify an id here
;google_tag_manager_id =
#################################### Security ####################################
[security]
# default admin user, created on startup
;admin_user = admin
# default admin password, can be changed before first start of grafana, or in profile settings
;admin_password = admin
# used for signing
;secret_key = SW2YcwTIb9zpOOhoPsMm
# disable gravatar profile images
;disable_gravatar = false
# data source proxy whitelist (ip_or_domain:port separated by spaces)
;data_source_proxy_whitelist =
# disable protection against brute force login attempts
;disable_brute_force_login_protection = false
# set to true if you host Grafana behind HTTPS. default is false.
cookie_secure = true
# set cookie SameSite attribute. defaults to `lax`. can be set to "lax", "strict" and "none"
cookie_samesite = none
allow_embedding = true
#################################### Snapshots ###########################
[snapshots]
# snapshot sharing options
;external_enabled = true
;external_snapshot_url = https://snapshots-origin.raintank.io
;external_snapshot_name = Publish to snapshot.raintank.io
# remove expired snapshot
;snapshot_remove_expired = true
#################################### Dashboards History ##################
[dashboards]
# Number dashboard versions to keep (per dashboard). Default: 20, Minimum: 1
;versions_to_keep = 20
#################################### Users ###############################
[users]
# disable user signup / registration
;allow_sign_up = true
# Allow non admin users to create organizations
;allow_org_create = true
# Set to true to automatically assign new users to the default organization (id 1)
;auto_assign_org = true
# Default role new users will be automatically assigned (if disabled above is set to true)
;auto_assign_org_role = Viewer
# Background text for the user field on the login page
;login_hint = email or username
;password_hint = password
# Default UI theme ("dark" or "light")
;default_theme = dark
# External user management, these options affect the organization users view
;external_manage_link_url =
;external_manage_link_name =
;external_manage_info =
# Viewers can edit/inspect dashboard settings in the browser. But not save the dashboard.
;viewers_can_edit = false
# Editors can administrate dashboard, folders and teams they create
;editors_can_admin = false
[auth]
# Login cookie name
;login_cookie_name = grafana_session
# The lifetime (days) an authenticated user can be inactive before being required to login at next visit. Default is 7 days,
;login_maximum_inactive_lifetime_days = 7
# The maximum lifetime (days) an authenticated user can be logged in since login time before being required to login. Default is 30 days.
;login_maximum_lifetime_days = 30
# How often should auth tokens be rotated for authenticated users when being active. The default is each 10 minutes.
;token_rotation_interval_minutes = 10
# Set to true to disable (hide) the login form, useful if you use OAuth, defaults to false
;disable_login_form = false
# Set to true to disable the signout link in the side menu. useful if you use auth.proxy, defaults to false
;disable_signout_menu = false
# URL to redirect the user to after sign out
;signout_redirect_url =
# Set to true to attempt login with OAuth automatically, skipping the login screen.
# This setting is ignored if multiple OAuth providers are configured.
;oauth_auto_login = false
#################################### Anonymous Auth ######################
[auth.anonymous]
# enable anonymous access
;enabled = false
# specify organization name that should be used for unauthenticated users
;org_name = Main Org.
# specify role for unauthenticated users
;org_role = Viewer
#################################### Github Auth ##########################
[auth.github]
;enabled = false
;allow_sign_up = true
;client_id = some_id
;client_secret = some_secret
;scopes = user:email,read:org
;auth_url = https://github.com/login/oauth/authorize
;token_url = https://github.com/login/oauth/access_token
;api_url = https://api.github.com/user
;team_ids =
;allowed_organizations =
#################################### Google Auth ##########################
[auth.google]
;enabled = false
;allow_sign_up = true
;client_id = some_client_id
;client_secret = some_client_secret
;scopes = https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email
;auth_url = https://accounts.google.com/o/oauth2/auth
;token_url = https://accounts.google.com/o/oauth2/token
;api_url = https://www.googleapis.com/oauth2/v1/userinfo
;allowed_domains =
#################################### Generic OAuth ##########################
[auth.generic_oauth]
;enabled = false
;name = OAuth
;allow_sign_up = true
;client_id = some_id
;client_secret = some_secret
;scopes = user:email,read:org
;auth_url = https://foo.bar/login/oauth/authorize
;token_url = https://foo.bar/login/oauth/access_token
;api_url = https://foo.bar/user
;team_ids =
;allowed_organizations =
;tls_skip_verify_insecure = false
;tls_client_cert =
;tls_client_key =
;tls_client_ca =
; Set to true to enable sending client_id and client_secret via POST body instead of Basic authentication HTTP header
; This might be required if the OAuth provider is not RFC6749 compliant, only supporting credentials passed via POST payload
;send_client_credentials_via_post = false
#################################### Grafana.com Auth ####################
[auth.grafana_com]
;enabled = false
;allow_sign_up = true
;client_id = some_id
;client_secret = some_secret
;scopes = user:email
;allowed_organizations =
#################################### Auth Proxy ##########################
[auth.proxy]
;enabled = false
;header_name = X-WEBAUTH-USER
;header_property = username
;auto_sign_up = true
;ldap_sync_ttl = 60
;whitelist = 192.168.1.1, 192.168.2.1
;headers = Email:X-User-Email, Name:X-User-Name
#################################### Basic Auth ##########################
[auth.basic]
;enabled = true
#################################### Auth LDAP ##########################
[auth.ldap]
;enabled = false
;config_file = /etc/grafana/ldap.toml
;allow_sign_up = true
#################################### SMTP / Emailing ##########################
[smtp]
;enabled = false
;host = localhost:25
;user =
# If the password contains # or ; you have to wrap it with trippel quotes. Ex """#password;"""
;password =
;cert_file =
;key_file =
;skip_verify = false
;from_address = admin@grafana.localhost
;from_name = Grafana
# EHLO identity in SMTP dialog (defaults to instance_name)
;ehlo_identity = dashboard.example.com
[emails]
;welcome_email_on_sign_up = false
#################################### Logging ##########################
[log]
# Either "console", "file", "syslog". Default is console and file
# Use space to separate multiple modes, e.g. "console file"
;mode = console file
# Either "debug", "info", "warn", "error", "critical", default is "info"
;level = info
# optional settings to set different levels for specific loggers. Ex filters = sqlstore:debug
;filters =
# For "console" mode only
[log.console]
;level =
# log line format, valid options are text, console and json
;format = console
# For "file" mode only
[log.file]
;level =
# log line format, valid options are text, console and json
;format = text
# This enables automated log rotate(switch of following options), default is true
;log_rotate = true
# Max line number of single file, default is 1000000
;max_lines = 1000000
# Max size shift of single file, default is 28 means 1 << 28, 256MB
;max_size_shift = 28
# Segment log daily, default is true
;daily_rotate = true
# Expired days of log file(delete after max days), default is 7
;max_days = 7
[log.syslog]
;level =
# log line format, valid options are text, console and json
;format = text
# Syslog network type and address. This can be udp, tcp, or unix. If left blank, the default unix endpoints will be used.
;network =
;address =
# Syslog facility. user, daemon and local0 through local7 are valid.
;facility =
# Syslog tag. By default, the process' argv[0] is used.
;tag =
#################################### Alerting ############################
[alerting]
# Disable alerting engine & UI features
;enabled = true
# Makes it possible to turn off alert rule execution but alerting UI is visible
;execute_alerts = true
# Default setting for new alert rules. Defaults to categorize error and timeouts as alerting. (alerting, keep_state)
;error_or_timeout = alerting
# Default setting for how Grafana handles nodata or null values in alerting. (alerting, no_data, keep_state, ok)
;nodata_or_nullvalues = no_data
# Alert notifications can include images, but rendering many images at the same time can overload the server
# This limit will protect the server from render overloading and make sure notifications are sent out quickly
;concurrent_render_limit = 5
# Default setting for alert calculation timeout. Default value is 30
;evaluation_timeout_seconds = 30
# Default setting for alert notification timeout. Default value is 30
;notification_timeout_seconds = 30
# Default setting for max attempts to sending alert notifications. Default value is 3
;max_attempts = 3
#################################### Explore #############################
[explore]
# Enable the Explore section
;enabled = true
#################################### Internal Grafana Metrics ##########################
# Metrics available at HTTP API Url /metrics
[metrics]
# Disable / Enable internal metrics
;enabled = true
# Publish interval
;interval_seconds = 10
# Send internal metrics to Graphite
[metrics.graphite]
# Enable by setting the address setting (ex localhost:2003)
;address =
;prefix = prod.grafana.%(instance_name)s.
#################################### Distributed tracing ############
[tracing.jaeger]
# Enable by setting the address sending traces to jaeger (ex localhost:6831)
;address = localhost:6831
# Tag that will always be included in when creating new spans. ex (tag1:value1,tag2:value2)
;always_included_tag = tag1:value1
# Type specifies the type of the sampler: const, probabilistic, rateLimiting, or remote
;sampler_type = const
# jaeger samplerconfig param
# for "const" sampler, 0 or 1 for always false/true respectively
# for "probabilistic" sampler, a probability between 0 and 1
# for "rateLimiting" sampler, the number of spans per second
# for "remote" sampler, param is the same as for "probabilistic"
# and indicates the initial sampling rate before the actual one
# is received from the mothership
;sampler_param = 1
#################################### Grafana.com integration ##########################
# Url used to import dashboards directly from Grafana.com
[grafana_com]
;url = https://grafana.com
#################################### External image storage ##########################
[external_image_storage]
# Used for uploading images to public servers so they can be included in slack/email messages.
# you can choose between (s3, webdav, gcs, azure_blob, local)
;provider =
[external_image_storage.s3]
;bucket =
;region =
;path =
;access_key =
;secret_key =
[external_image_storage.webdav]
;url =
;public_url =
;username =
;password =
[external_image_storage.gcs]
;key_file =
;bucket =
;path =
[external_image_storage.azure_blob]
;account_name =
;account_key =
;container_name =
[external_image_storage.local]
# does not require any configuration
[rendering]
# Options to configure external image rendering server like https://github.com/grafana/grafana-image-renderer
;server_url =
;callback_url =
[enterprise]
# Path to a valid Grafana Enterprise license.jwt file
;license_path =
[panels]
;enable_alpha = false
# If set to true Grafana will allow script tags in text panels. Not recommended as it enable XSS vulnerabilities.
;disable_sanitize_html = false

File diff suppressed because it is too large Load Diff

View File

@ -49,7 +49,7 @@ ServerRoot "/usr/local"
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 80
#Listen 80
#
# Dynamic Shared Object (DSO) Support
@ -108,7 +108,7 @@ LoadModule filter_module libexec/apache24/mod_filter.so
#LoadModule substitute_module libexec/apache24/mod_substitute.so
#LoadModule sed_module libexec/apache24/mod_sed.so
#LoadModule charset_lite_module libexec/apache24/mod_charset_lite.so
#LoadModule deflate_module libexec/apache24/mod_deflate.so
LoadModule deflate_module libexec/apache24/mod_deflate.so
#LoadModule xml2enc_module libexec/apache24/mod_xml2enc.so
#LoadModule proxy_html_module libexec/apache24/mod_proxy_html.so
LoadModule mime_module libexec/apache24/mod_mime.so
@ -119,7 +119,7 @@ LoadModule log_config_module libexec/apache24/mod_log_config.so
LoadModule env_module libexec/apache24/mod_env.so
#LoadModule mime_magic_module libexec/apache24/mod_mime_magic.so
#LoadModule cern_meta_module libexec/apache24/mod_cern_meta.so
#LoadModule expires_module libexec/apache24/mod_expires.so
LoadModule expires_module libexec/apache24/mod_expires.so
LoadModule headers_module libexec/apache24/mod_headers.so
#LoadModule usertrack_module libexec/apache24/mod_usertrack.so
#LoadModule unique_id_module libexec/apache24/mod_unique_id.so
@ -178,7 +178,6 @@ LoadModule dir_module libexec/apache24/mod_dir.so
#LoadModule userdir_module libexec/apache24/mod_userdir.so
LoadModule alias_module libexec/apache24/mod_alias.so
LoadModule rewrite_module libexec/apache24/mod_rewrite.so
#LoadModule php7_module libexec/apache24/libphp7.so
# Third party modules
IncludeOptional etc/apache24/modules.d/[0-9][0-9][0-9]_*.conf
@ -223,7 +222,7 @@ ServerAdmin sharad@ahlawat.com
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
#ServerName www.example.com:80
ServerName monitor.ahlawat.com
#
# Deny access to the entirety of your server's filesystem. You must
@ -555,9 +554,8 @@ Include etc/apache24/Includes/*.conf
<VirtualHost *:443>
ServerName monitor.ahlawat.com
ServerAlias *.ahlawat.com
ServerAlias ahlawat.com
Protocols h2 h2c http/1.1
Protocols h2 http/1.1
DocumentRoot "/usr/local/www/apache24/data/"
@ -566,15 +564,15 @@ Include etc/apache24/Includes/*.conf
SSLCertificateKeyFile "/mnt/certs/privkey.pem"
#SSLCertificateChainFile "/mnt/certs/fullchain.pem"
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder on
SSLCompression off
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLSessionTickets off
SSLOptions +StrictRequire
# SSLCompression off
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SetHandler "proxy:fcgi://127.0.0.1:9000"
@ -612,7 +610,100 @@ Include etc/apache24/Includes/*.conf
CustomLog "/var/log/ssl-access_log" combined
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
</IfModule>
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault A0
<FilesMatch "\.(txt|xml|js)$">
ExpiresDefault A31536000
</FilesMatch>
<FilesMatch "\.(css)$">
ExpiresDefault A31536000
</FilesMatch>
<FilesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|woff2|svg)$">
ExpiresDefault A31536000
</FilesMatch>
<FilesMatch "\.(jpg|jpeg|png|gif|swf|webp)$">
ExpiresDefault A31536000
</FilesMatch>
</IfModule>
<IfModule mod_headers.c>
<FilesMatch "\.(txt|xml|js)$">
Header set Cache-Control "max-age=31536000"
</FilesMatch>
<FilesMatch "\.(css)$">
Header set Cache-Control "max-age=31536000"
</FilesMatch>
<FilesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|woff2|svg)$">
Header set Cache-Control "max-age=31536000"
</FilesMatch>
<FilesMatch "\.(jpg|jpeg|png|gif|swf|webp)$">
Header set Cache-Control "max-age=31536000"
</FilesMatch>
</IfModule>
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
<IfModule mod_setenvif.c>
<IfModule mod_headers.c>
SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
</IfModule>
</IfModule>
<IfModule mod_filter.c>
AddOutputFilterByType DEFLATE "application/atom+xml" \
"application/javascript" \
"application/json" \
"application/ld+json" \
"application/manifest+json" \
"application/rdf+xml" \
"application/rss+xml" \
"application/schema+json" \
"application/vnd.geo+json" \
"application/vnd.ms-fontobject" \
"application/x-font-ttf" \
"application/x-font-opentype" \
"application/x-font-truetype" \
"application/x-javascript" \
"application/x-web-app-manifest+json" \
"application/xhtml+xml" \
"application/xml" \
"font/eot" \
"font/opentype" \
"font/otf" \
"image/bmp" \
"image/svg+xml" \
"image/vnd.microsoft.icon" \
"image/x-icon" \
"text/cache-manifest" \
"text/css" \
"text/html" \
"text/javascript" \
"text/plain" \
"text/vcard" \
"text/vnd.rim.location.xloc" \
"text/vtt" \
"text/x-component" \
"text/x-cross-domain-policy" \
"text/xml"
</IfModule>
<IfModule mod_mime.c>
AddEncoding gzip svgz
</IfModule>
</IfModule>
</VirtualHost>
SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"

View File

@ -0,0 +1,41 @@
pkgp-freebsd-pkg____alertmanager-0.23.0_2
pkgp-freebsd-pkg____apache24-2.4.53
pkgp-freebsd-pkg____bash-5.1.16
pkgp-freebsd-pkg____bash-completion-2.11_1,2
pkgp-freebsd-pkg____grafana8-8.3.6_1
pkgp-freebsd-pkg____influxdb-1.8.10_2
pkgp-freebsd-pkg____iperf3-3.11
pkgp-freebsd-pkg____nano-6.0
pkgp-freebsd-pkg____php81-8.1.4_2
pkgp-freebsd-pkg____php81-bcmath-8.1.4_2
pkgp-freebsd-pkg____php81-bz2-8.1.4_2
pkgp-freebsd-pkg____php81-ctype-8.1.4_2
pkgp-freebsd-pkg____php81-curl-8.1.4_2
pkgp-freebsd-pkg____php81-dom-8.1.4_1
pkgp-freebsd-pkg____php81-fileinfo-8.1.4_2
pkgp-freebsd-pkg____php81-filter-8.1.4_2
pkgp-freebsd-pkg____php81-gd-8.1.4_2
pkgp-freebsd-pkg____php81-iconv-8.1.4_2
pkgp-freebsd-pkg____php81-intl-8.1.4_2
pkgp-freebsd-pkg____php81-mbstring-8.1.4_2
pkgp-freebsd-pkg____php81-mysqli-8.1.4_2
pkgp-freebsd-pkg____php81-opcache-8.1.4_2
pkgp-freebsd-pkg____php81-pdo-8.1.4_2
pkgp-freebsd-pkg____php81-pdo_mysql-8.1.4_2
pkgp-freebsd-pkg____php81-pecl-mcrypt-1.0.4
pkgp-freebsd-pkg____php81-pecl-memcache-8.0
pkgp-freebsd-pkg____php81-posix-8.1.4_2
pkgp-freebsd-pkg____php81-readline-8.1.4_2
pkgp-freebsd-pkg____php81-session-8.1.4_2
pkgp-freebsd-pkg____php81-simplexml-8.1.4_1
pkgp-freebsd-pkg____php81-soap-8.1.4_1
pkgp-freebsd-pkg____php81-sockets-8.1.4_2
pkgp-freebsd-pkg____php81-sqlite3-8.1.4_2
pkgp-freebsd-pkg____php81-tidy-8.1.4_2
pkgp-freebsd-pkg____php81-tokenizer-8.1.4_2
pkgp-freebsd-pkg____php81-xml-8.1.4_1
pkgp-freebsd-pkg____php81-zip-8.1.4_2
pkgp-freebsd-pkg____php81-zlib-8.1.4_2
pkgp-freebsd-pkg____pkg-1.17.5_1
pkgp-freebsd-pkg____prometheus-2.32.1_1
pkgp-freebsd-pkg____telegraf-1.22.0_1

View File

@ -0,0 +1 @@
alertmanager apache24 bash bash-completion grafana8 influxdb iperf3 nano php81 php81-bcmath php81-bz2 php81-ctype php81-curl php81-dom php81-fileinfo php81-filter php81-gd php81-iconv php81-intl php81-mbstring php81-mysqli php81-opcache php81-pdo php81-pdo_mysql php81-pecl-mcrypt php81-pecl-memcache php81-posix php81-readline php81-session php81-simplexml php81-soap php81-sockets php81-sqlite3 php81-tidy php81-tokenizer php81-xml php81-zip php81-zlib pkg prometheus telegraf

View File

@ -49,7 +49,7 @@ ServerRoot "/usr/local"
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 80
#Listen 80
#
# Dynamic Shared Object (DSO) Support
@ -108,7 +108,7 @@ LoadModule filter_module libexec/apache24/mod_filter.so
#LoadModule substitute_module libexec/apache24/mod_substitute.so
#LoadModule sed_module libexec/apache24/mod_sed.so
#LoadModule charset_lite_module libexec/apache24/mod_charset_lite.so
#LoadModule deflate_module libexec/apache24/mod_deflate.so
LoadModule deflate_module libexec/apache24/mod_deflate.so
#LoadModule xml2enc_module libexec/apache24/mod_xml2enc.so
#LoadModule proxy_html_module libexec/apache24/mod_proxy_html.so
LoadModule mime_module libexec/apache24/mod_mime.so
@ -119,7 +119,7 @@ LoadModule log_config_module libexec/apache24/mod_log_config.so
LoadModule env_module libexec/apache24/mod_env.so
#LoadModule mime_magic_module libexec/apache24/mod_mime_magic.so
#LoadModule cern_meta_module libexec/apache24/mod_cern_meta.so
#LoadModule expires_module libexec/apache24/mod_expires.so
LoadModule expires_module libexec/apache24/mod_expires.so
LoadModule headers_module libexec/apache24/mod_headers.so
#LoadModule usertrack_module libexec/apache24/mod_usertrack.so
#LoadModule unique_id_module libexec/apache24/mod_unique_id.so
@ -178,7 +178,6 @@ LoadModule dir_module libexec/apache24/mod_dir.so
#LoadModule userdir_module libexec/apache24/mod_userdir.so
LoadModule alias_module libexec/apache24/mod_alias.so
LoadModule rewrite_module libexec/apache24/mod_rewrite.so
#LoadModule php7_module libexec/apache24/libphp7.so
# Third party modules
IncludeOptional etc/apache24/modules.d/[0-9][0-9][0-9]_*.conf
@ -223,7 +222,7 @@ ServerAdmin sharad@ahlawat.com
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
#ServerName www.example.com:80
ServerName nivi.ahlawat.com
#
# Deny access to the entirety of your server's filesystem. You must
@ -555,9 +554,8 @@ Include etc/apache24/Includes/*.conf
<VirtualHost *:443>
ServerName nivi.ahlawat.com
ServerAlias *.ahlawat.com
ServerAlias nivi
Protocols h2 h2c http/1.1
Protocols h2 http/1.1
DocumentRoot "/usr/local/www/apache24/data/"
@ -566,15 +564,15 @@ Include etc/apache24/Includes/*.conf
SSLCertificateKeyFile "/mnt/certs/privkey.pem"
#SSLCertificateChainFile "/mnt/certs/fullchain.pem"
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder on
SSLCompression off
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLSessionTickets off
SSLOptions +StrictRequire
# SSLCompression off
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SetHandler "proxy:fcgi://127.0.0.1:9000"
@ -591,20 +589,113 @@ Include etc/apache24/Includes/*.conf
<Directory "/usr/local/www/apache24/data/">
Options Indexes FollowSymLinks MultiViews
## IndexOptions FancyIndexing FoldersFirst IgnoreCase VersionSort SuppressHTMLPreamble NameWidth=96 DescriptionWidth=16
#-IndexOptions FancyIndexing FoldersFirst IgnoreCase NameWidth=96
#IndexOptions FancyIndexing FoldersFirst IgnoreCase NameWidth=96
#AllowOverride controls what directives may be placed in .htaccess files.
#AllowOverride All
#-AllowOverride AuthConfig
#AllowOverride AuthConfig
#Controls who can get stuff from this server file
#-Require all granted
#Require all granted
</Directory>
ErrorLog "/var/log/ssl-error.log"
CustomLog "/var/log/ssl-access_log" combined
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
</IfModule>
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault A0
<FilesMatch "\.(txt|xml|js)$">
ExpiresDefault A31536000
</FilesMatch>
<FilesMatch "\.(css)$">
ExpiresDefault A31536000
</FilesMatch>
<FilesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|woff2|svg)$">
ExpiresDefault A31536000
</FilesMatch>
<FilesMatch "\.(jpg|jpeg|png|gif|swf|webp)$">
ExpiresDefault A31536000
</FilesMatch>
</IfModule>
<IfModule mod_headers.c>
<FilesMatch "\.(txt|xml|js)$">
Header set Cache-Control "max-age=31536000"
</FilesMatch>
<FilesMatch "\.(css)$">
Header set Cache-Control "max-age=31536000"
</FilesMatch>
<FilesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|woff2|svg)$">
Header set Cache-Control "max-age=31536000"
</FilesMatch>
<FilesMatch "\.(jpg|jpeg|png|gif|swf|webp)$">
Header set Cache-Control "max-age=31536000"
</FilesMatch>
</IfModule>
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
<IfModule mod_setenvif.c>
<IfModule mod_headers.c>
SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
</IfModule>
</IfModule>
<IfModule mod_filter.c>
AddOutputFilterByType DEFLATE "application/atom+xml" \
"application/javascript" \
"application/json" \
"application/ld+json" \
"application/manifest+json" \
"application/rdf+xml" \
"application/rss+xml" \
"application/schema+json" \
"application/vnd.geo+json" \
"application/vnd.ms-fontobject" \
"application/x-font-ttf" \
"application/x-font-opentype" \
"application/x-font-truetype" \
"application/x-javascript" \
"application/x-web-app-manifest+json" \
"application/xhtml+xml" \
"application/xml" \
"font/eot" \
"font/opentype" \
"font/otf" \
"image/bmp" \
"image/svg+xml" \
"image/vnd.microsoft.icon" \
"image/x-icon" \
"text/cache-manifest" \
"text/css" \
"text/html" \
"text/javascript" \
"text/plain" \
"text/vcard" \
"text/vnd.rim.location.xloc" \
"text/vtt" \
"text/x-component" \
"text/x-cross-domain-policy" \
"text/xml"
</IfModule>
<IfModule mod_mime.c>
AddEncoding gzip svgz
</IfModule>
</IfModule>
</VirtualHost>
SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"

Some files were not shown because too many files have changed in this diff Show More