apr 19 update
This commit is contained in:
parent
a0a9496aef
commit
18dd3d9761
@ -13,7 +13,7 @@
|
||||
# references must include a dollar sign '$' in front of the
|
||||
# name to be expanded properly.
|
||||
#
|
||||
# $FreeBSD: releng/12.2/sbin/devfs/devfs.rules 338204 2018-08-22 15:55:23Z brd $
|
||||
# $FreeBSD: releng/12.3/sbin/devfs/devfs.rules 338204 2018-08-22 15:55:23Z brd $
|
||||
#
|
||||
|
||||
# Very basic and secure ruleset: Hide everything.
|
||||
|
@ -13,7 +13,7 @@
|
||||
# For a more detailed explanation of all the periodic.conf variables, please
|
||||
# refer to the periodic.conf(5) manual page.
|
||||
#
|
||||
# $FreeBSD: releng/12.2/usr.sbin/periodic/periodic.conf 337648 2018-08-11 17:11:08Z brd $
|
||||
# $FreeBSD: releng/12.3/usr.sbin/periodic/periodic.conf 370770 2021-10-07 19:46:04Z asomers $
|
||||
#
|
||||
|
||||
# What files override these defaults ?
|
||||
@ -77,6 +77,29 @@ daily_backup_passwd_enable="YES" # Backup passwd & group
|
||||
# 210.backup-aliases
|
||||
daily_backup_aliases_enable="YES" # Backup mail aliases
|
||||
|
||||
# 221.backup-gpart
|
||||
if [ $(sysctl -n security.jail.jailed) = 0 ]; then
|
||||
# Backup partition table/boot partition/MBR
|
||||
daily_backup_gpart_enable="YES"
|
||||
else
|
||||
daily_backup_gpart_enable="NO"
|
||||
fi
|
||||
daily_backup_gpart_verbose="NO" # Be verbose if new backup differs from the old one
|
||||
daily_backup_efi_enable="NO" # Backup EFI system partition (ESP)
|
||||
|
||||
# 222.backup-gmirror
|
||||
daily_backup_gmirror_enable="NO" # Backup of gmirror info (i.e., output of `gmirror list`)
|
||||
daily_backup_gmirror_verbose="NO" # Log diff if new backup differs from the old one
|
||||
|
||||
# 223.backup-zfs
|
||||
daily_backup_zfs_enable="NO" # Backup output from zpool/zfs list
|
||||
daily_backup_zfs_props_enable="NO" # Backup zpool/zfs filesystem properties
|
||||
daily_backup_zfs_get_flags="all" # flags passed to `zfs get`
|
||||
daily_backup_zfs_list_flags="" # flags passed to `zfs list`
|
||||
daily_backup_zpool_get_flags="all" # flags passed to `zpool get`
|
||||
daily_backup_zpool_list_flags="-v" # flags passed to `zpool list`
|
||||
daily_backup_zfs_verbose="NO" # Report diff between the old and new backups.
|
||||
|
||||
# 300.calendar
|
||||
daily_calendar_enable="NO" # Run calendar -a
|
||||
|
||||
@ -118,7 +141,7 @@ daily_status_mfi_enable="NO" # Check mfiutil(8)
|
||||
# 420.status-network
|
||||
daily_status_network_enable="NO" # Check network status
|
||||
daily_status_network_usedns="YES" # DNS lookups are ok
|
||||
daily_status_network_netstat_flags="-d" # netstat(1) flags
|
||||
daily_status_network_netstat_flags="-d -W" # netstat(1) flags
|
||||
|
||||
# 430.status-uptime
|
||||
daily_status_uptime_enable="YES" # Check system uptime
|
||||
|
@ -1,4 +1,4 @@
|
||||
# $FreeBSD: releng/12.2/usr.sbin/freebsd-update/freebsd-update.conf 337338 2018-08-04 22:25:41Z brd $
|
||||
# $FreeBSD: releng/12.3/usr.sbin/freebsd-update/freebsd-update.conf 370439 2021-08-29 16:58:35Z kevans $
|
||||
|
||||
# Trusted keyprint. Changing this is a Bad Idea unless you've received
|
||||
# a PGP-signed email from <security-officer@FreeBSD.org> telling you to
|
||||
@ -17,7 +17,7 @@ ServerName update.FreeBSD.org
|
||||
# Example for updating the userland and the kernel source code only:
|
||||
#Components src world
|
||||
Components world
|
||||
# manually run - svnlite update /usr/src - before recompiling the kernel
|
||||
# manually run - git pull in /usr/src - before recompiling the kernel
|
||||
|
||||
# Paths which start with anything matching an entry in an IgnorePaths
|
||||
# statement will be ignored.
|
||||
@ -76,3 +76,6 @@ MergeChanges /etc/ /boot/device.hints
|
||||
|
||||
# When backing up a kernel also back up debug symbol files?
|
||||
# BackupKernelSymbolFiles no
|
||||
|
||||
# Create a new boot environment when installing patches
|
||||
# CreateBootEnv yes
|
||||
|
@ -1,4 +1,4 @@
|
||||
# $FreeBSD: releng/12.2/lib/libc/net/hosts 338729 2018-09-17 18:56:47Z brd $
|
||||
# $FreeBSD: releng/12.3/lib/libc/net/hosts 338729 2018-09-17 18:56:47Z brd $
|
||||
#
|
||||
# Host Database
|
||||
#
|
||||
@ -24,7 +24,7 @@ fd09::10 nas nas.ahlawat.com
|
||||
192.168.10.10 nas nas.ahlawat.com
|
||||
fd0a::10 nas nas.ahlawat.com
|
||||
192.168.48.10 nas nas.ahlawat.com
|
||||
2001:470:82a9::10 nas nas.ahlawat.com
|
||||
2001:470:480a::10 nas nas.ahlawat.com
|
||||
|
||||
#
|
||||
# Imaginary network. 10.0.0.2 myname.my.domain myname 10.0.0.3 myfriend.my.domain myfriend
|
||||
|
@ -7,7 +7,7 @@
|
||||
# This file controls resource limits, accounting limits and
|
||||
# default user environment settings.
|
||||
#
|
||||
# $FreeBSD: releng/12.2/usr.bin/login/login.conf 357789 2020-02-12 02:04:03Z kevans $
|
||||
# $FreeBSD: releng/12.3/usr.bin/login/login.conf 369215 2021-02-04 03:15:28Z kevans $
|
||||
#
|
||||
|
||||
# Default settings effectively disable resource limits, see the
|
||||
@ -63,7 +63,13 @@ xuser:\
|
||||
:tc=default:
|
||||
staff:\
|
||||
:tc=default:
|
||||
|
||||
# This PATH may be clobbered by individual applications. Notably, by default,
|
||||
# rc(8), service(8), and cron(8) will all override it with a default PATH that
|
||||
# may not include /usr/local/sbin and /usr/local/bin when starting services or
|
||||
# jobs.
|
||||
daemon:\
|
||||
:path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin:\
|
||||
:mail@:\
|
||||
:memorylocked=128M:\
|
||||
:tc=default:
|
||||
|
@ -1,5 +1,5 @@
|
||||
#
|
||||
# $FreeBSD: releng/12.2/usr.sbin/ntp/ntpd/ntp.conf 352865 2019-09-29 03:36:50Z cy $
|
||||
# $FreeBSD: releng/12.3/usr.sbin/ntp/ntpd/ntp.conf 365704 2020-09-14 01:20:57Z emaste $
|
||||
#
|
||||
# Default NTP servers for the FreeBSD operating system.
|
||||
#
|
||||
@ -15,7 +15,7 @@
|
||||
# or discovered dynamically via mechanisms such as broadcast and manycast.
|
||||
# Ntpd automatically adds maxclock-1 servers from configured pools, and may
|
||||
# add as many as maxclock*2 if necessary to ensure that at least minclock
|
||||
# servers are providing good consistant time.
|
||||
# servers are providing good consistent time.
|
||||
#
|
||||
tos minclock 3 maxclock 6
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
# $FreeBSD: releng/12.2/bin/sh/profile 363525 2020-07-25 11:57:39Z pstef $
|
||||
# $FreeBSD: releng/12.3/bin/sh/profile 363525 2020-07-25 11:57:39Z pstef $
|
||||
#
|
||||
# System-wide .profile file for sh(1).
|
||||
#
|
||||
|
@ -1,6 +1,6 @@
|
||||
zfs_enable="YES"
|
||||
|
||||
kld_list="nmdm vmm ipfw ipdivert linux64"
|
||||
kld_list="nmdm vmm ipfw ipdivert linux64 wg"
|
||||
|
||||
# Do not mark to autodetach otherwise ZFS gets very unhappy.
|
||||
geli_autodetach="NO"
|
||||
@ -34,7 +34,7 @@ firewall_logif="YES"
|
||||
cloned_interfaces_sticky="YES"
|
||||
cloned_interfaces="lagg0 bridge1 bridge2 bridge5 bridge9 bridge10 bridge48"
|
||||
|
||||
ifconfig_lagg0="laggproto lacp laggport igb0 laggport igb1 up"
|
||||
ifconfig_lagg0="laggproto loadbalance laggport igb0 laggport igb1 up"
|
||||
ifconfig_igb0="up -rxcsum -rxcsum6 -txcsum -txcsum6 -lro -tso -vlanhwtso"
|
||||
ifconfig_igb1="up -rxcsum -rxcsum6 -txcsum -txcsum6 -lro -tso -vlanhwtso"
|
||||
|
||||
@ -54,7 +54,7 @@ ifconfig_lagg0_9_ipv6="inet6 fd09::10/64 auto_linklocal accept_rtadv"
|
||||
ifconfig_lagg0_10="inet 192.168.10.10/24"
|
||||
ifconfig_lagg0_10_ipv6="inet6 fd0a::10/64 auto_linklocal accept_rtadv"
|
||||
ifconfig_lagg0_48="inet 192.168.48.10/24"
|
||||
ifconfig_lagg0_48_ipv6="inet6 2001:470:82a9::10/64 auto_linklocal accept_rtadv"
|
||||
ifconfig_lagg0_48_ipv6="inet6 2001:470:480a::10/64 auto_linklocal accept_rtadv"
|
||||
|
||||
ifconfig_bridge1="addm lagg0.1 up"
|
||||
ifconfig_bridge2="addm lagg0.2 up"
|
||||
|
@ -1,4 +1,4 @@
|
||||
# $FreeBSD: releng/12.2/sbin/sysctl/sysctl.conf 337624 2018-08-11 13:28:03Z brd $
|
||||
# $FreeBSD: releng/12.3/sbin/sysctl/sysctl.conf 337624 2018-08-11 13:28:03Z brd $
|
||||
#
|
||||
# This file is read when going to multi-user and its contents piped thru
|
||||
# ``sysctl'' to adjust kernel values. ``man 5 sysctl.conf'' for details.
|
||||
|
@ -1,17 +1,17 @@
|
||||
FreeBSD: {
|
||||
url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest",
|
||||
enabled: yes
|
||||
enabled: no
|
||||
}
|
||||
|
||||
pkgp-freebsd-pkg: {
|
||||
url: "http://pkgp-freebsd-pkg.ahlawat.com/${ABI}/latest",
|
||||
mirror_type: "http",
|
||||
enabled: no,
|
||||
enabled: yes,
|
||||
priority: 10
|
||||
}
|
||||
|
||||
pkgp121: {
|
||||
url: "http://pkgp.ahlawat.com/packages/pj121-default/",
|
||||
pkgp123: {
|
||||
url: "http://pkgp.ahlawat.com/packages/pj123-default/",
|
||||
mirror_type: "http",
|
||||
signature_type: "pubkey",
|
||||
pubkey: "/mnt/data/apps/certs/poudriere.cert",
|
||||
|
@ -19,7 +19,7 @@
|
||||
name=gstat_exporter
|
||||
rcvar=${name}_enable
|
||||
|
||||
GSTATEXPORTER="nohup /usr/local/bin/python3.7 /root/FreeBSD/scripts/gstat_exporter.py"
|
||||
GSTATEXPORTER="nohup /usr/local/bin/python3.8 /root/FreeBSD/scripts/gstat_exporter.py"
|
||||
|
||||
start_cmd="${name}_start"
|
||||
stop_cmd="${name}_stop"
|
||||
|
@ -1,11 +1,11 @@
|
||||
ZPOOL=""
|
||||
SERVER=""
|
||||
PYTHON?=/usr/local/bin/python3.7
|
||||
PYTHON?=/usr/local/bin/python3.8
|
||||
|
||||
depends:
|
||||
@(pkg -vv | grep -e "url.*/latest") > /dev/null 2>&1 || (echo "It is advised pkg url is using \"latest\" instead of \"quarterly\" in /etc/pkg/FreeBSD.conf.";)
|
||||
@test -s ${PYTHON} || (echo "Python binary ${PYTHON} not found, iocage will install python37"; pkg install -q -y python37)
|
||||
pkg install -q -y py37-libzfs
|
||||
@test -s ${PYTHON} || (echo "Python binary ${PYTHON} not found, iocage will install python38"; pkg install -q -y python38)
|
||||
pkg install -q -y py38-libzfs
|
||||
${PYTHON} -m ensurepip
|
||||
${PYTHON} -m pip install -Ur requirements.txt
|
||||
|
||||
|
@ -1,3 +1,3 @@
|
||||
pkg install python37 py37-cython py37-pip py37-libzfs py37-six
|
||||
python3.7 -m pip install pip==19.3.1
|
||||
pkg install python38 py38-cython py38-pip py38-libzfs py38-six
|
||||
python3.8 -m pip install pip==19.3.1
|
||||
# iocage install does not work with pip 20.x
|
||||
|
@ -1,6 +1,6 @@
|
||||
#
|
||||
# nsswitch.conf(5) - name service switch configuration file
|
||||
# $FreeBSD: releng/12.1/lib/libc/net/nsswitch.conf 338729 2018-09-17 18:56:47Z brd $
|
||||
# $FreeBSD: releng/12.2/lib/libc/net/nsswitch.conf 338729 2018-09-17 18:56:47Z brd $
|
||||
#
|
||||
#group: compat
|
||||
group: files ldap
|
||||
|
6
jails/config/atm/pkg-list-details.txt
Normal file
6
jails/config/atm/pkg-list-details.txt
Normal file
@ -0,0 +1,6 @@
|
||||
pkgp122____netatalk3-3.1.12_4,1
|
||||
pkgp123____nss-pam-ldapd-sasl-0.9.12_1
|
||||
pkgp-freebsd-pkg____bash-5.1.16
|
||||
pkgp-freebsd-pkg____bash-completion-2.11_1,2
|
||||
pkgp-freebsd-pkg____nano-6.0
|
||||
pkgp-freebsd-pkg____pkg-1.17.5_1
|
1
jails/config/atm/pkg-list.txt
Normal file
1
jails/config/atm/pkg-list.txt
Normal file
@ -0,0 +1 @@
|
||||
bash bash-completion nano netatalk3 nss-pam-ldapd-sasl pkg
|
@ -10,8 +10,8 @@ pkgp-freebsd-pkg: {
|
||||
priority: 10
|
||||
}
|
||||
|
||||
pkgp122: {
|
||||
url: "http://pkgp.ahlawat.com/packages/pj122-default/",
|
||||
pkgp123: {
|
||||
url: "http://pkgp.ahlawat.com/packages/pj123-default",
|
||||
mirror_type: "http",
|
||||
signature_type: "pubkey",
|
||||
pubkey: "/mnt/certs/poudriere.cert",
|
||||
|
@ -1,5 +1,5 @@
|
||||
#
|
||||
# $FreeBSD: releng/12.1/lib/libpam/pam.d/sshd 197769 2009-10-05 09:28:54Z des $
|
||||
# $FreeBSD: releng/12.2/lib/libpam/pam.d/sshd 197769 2009-10-05 09:28:54Z des $
|
||||
#
|
||||
# PAM configuration for the "sshd" service
|
||||
#
|
||||
|
14
jails/config/auto/pkg-list-details.txt
Normal file
14
jails/config/auto/pkg-list-details.txt
Normal file
@ -0,0 +1,14 @@
|
||||
pkgp-freebsd-pkg____bash-5.1.16
|
||||
pkgp-freebsd-pkg____bash-completion-2.11_1,2
|
||||
pkgp-freebsd-pkg____mc-4.8.28
|
||||
pkgp-freebsd-pkg____nano-6.0
|
||||
pkgp-freebsd-pkg____nginx-1.20.2_9,2
|
||||
pkgp-freebsd-pkg____pkg-1.17.5_1
|
||||
pkgp-freebsd-pkg____postgresql14-client-14.2
|
||||
pkgp-freebsd-pkg____py38-ansible-5.5.0
|
||||
pkgp-freebsd-pkg____py38-django32-3.2.12
|
||||
pkgp-freebsd-pkg____py38-gunicorn-20.1.0
|
||||
pkgp-freebsd-pkg____py38-pillow-9.0.1_1
|
||||
pkgp-freebsd-pkg____py38-pip-20.3.4
|
||||
pkgp-freebsd-pkg____py38-tkinter-3.8.13_6
|
||||
pkgp-freebsd-pkg____sudo-1.9.10
|
1
jails/config/auto/pkg-list.txt
Normal file
1
jails/config/auto/pkg-list.txt
Normal file
@ -0,0 +1 @@
|
||||
bash bash-completion mc nano nginx pkg postgresql14-client py38-ansible py38-django32 py38-gunicorn py38-pillow py38-pip py38-tkinter sudo
|
@ -1,6 +1,4 @@
|
||||
#!/bin/sh
|
||||
|
||||
# Copyright (c) 2018-2021, diyIT.org
|
||||
# Copyright (c) 2018-2022, diyIT.org
|
||||
# All rights reserved.
|
||||
#
|
||||
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
||||
@ -8,6 +6,8 @@
|
||||
#
|
||||
#
|
||||
|
||||
#!/bin/sh
|
||||
|
||||
# the two lines below are not just comments but required by rcorder; service -e
|
||||
# PROVIDE: cpsserver
|
||||
# REQUIRE: NETWORKING DAEMON
|
||||
@ -19,7 +19,8 @@
|
||||
name=cpsserver
|
||||
rcvar=${name}_enable
|
||||
|
||||
CPSSERVER="nohup /usr/local/bin/python3.7 /data/calibre-web/cps.py"
|
||||
#CPSSERVER="nohup /usr/local/bin/python3.8 /data/calibre-web/cps.py"
|
||||
CPSSERVER="nohup /usr/local/bin/cps"
|
||||
|
||||
start_cmd="${name}_start"
|
||||
stop_cmd="${name}_stop"
|
||||
|
10
jails/config/book/pkg-list-details.txt
Normal file
10
jails/config/book/pkg-list-details.txt
Normal file
@ -0,0 +1,10 @@
|
||||
pkgp123____libxml2-2.9.13_2
|
||||
pkgp123____libxslt-1.1.35_3
|
||||
pkgp-freebsd-pkg____bash-5.1.16
|
||||
pkgp-freebsd-pkg____bash-completion-2.11_1,2
|
||||
pkgp-freebsd-pkg____nano-6.0
|
||||
pkgp-freebsd-pkg____pkg-1.17.5_1
|
||||
pkgp-freebsd-pkg____py38-ldap-3.4.0
|
||||
pkgp-freebsd-pkg____py38-pip-20.3.4
|
||||
pkgp-freebsd-pkg____py38-sqlite3-3.8.13_7
|
||||
pkgp-freebsd-pkg____rust-1.59.0
|
1
jails/config/book/pkg-list.txt
Normal file
1
jails/config/book/pkg-list.txt
Normal file
@ -0,0 +1 @@
|
||||
bash bash-completion libxml2 libxslt nano pkg py38-ldap py38-pip py38-sqlite3 rust
|
20
jails/config/book/pkgp.conf
Normal file
20
jails/config/book/pkgp.conf
Normal file
@ -0,0 +1,20 @@
|
||||
FreeBSD: {
|
||||
url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest",
|
||||
enabled: no
|
||||
}
|
||||
|
||||
pkgp-freebsd-pkg: {
|
||||
url: "http://pkgp-freebsd-pkg.ahlawat.com/${ABI}/latest",
|
||||
mirror_type: "http",
|
||||
enabled: yes,
|
||||
priority: 10
|
||||
}
|
||||
|
||||
pkgp123: {
|
||||
url: "http://pkgp.ahlawat.com/packages/pj123-default",
|
||||
mirror_type: "http",
|
||||
signature_type: "pubkey",
|
||||
pubkey: "/mnt/certs/poudriere.cert",
|
||||
enabled: yes,
|
||||
priority: 100
|
||||
}
|
11
jails/config/calibre/pkg-list-details.txt
Normal file
11
jails/config/calibre/pkg-list-details.txt
Normal file
@ -0,0 +1,11 @@
|
||||
pkgp-freebsd-pkg____bash-5.1.16
|
||||
pkgp-freebsd-pkg____bash-completion-2.11_1,2
|
||||
pkgp-freebsd-pkg____calibre-5.40.0
|
||||
pkgp-freebsd-pkg____fluxbox-1.3.7_5
|
||||
pkgp-freebsd-pkg____nano-6.0
|
||||
pkgp-freebsd-pkg____pkg-1.17.5_1
|
||||
pkgp-freebsd-pkg____sudo-1.9.10
|
||||
pkgp-freebsd-pkg____tigervnc-server-1.12.0_4
|
||||
pkgp-freebsd-pkg____xauth-1.1
|
||||
pkgp-freebsd-pkg____xpdf-4.03_1,1
|
||||
pkgp-freebsd-pkg____xterm-372
|
1
jails/config/calibre/pkg-list.txt
Normal file
1
jails/config/calibre/pkg-list.txt
Normal file
@ -0,0 +1 @@
|
||||
bash bash-completion calibre fluxbox nano pkg sudo tigervnc-server xauth xpdf xterm
|
7
jails/config/cam/pkg-list-details.txt
Normal file
7
jails/config/cam/pkg-list-details.txt
Normal file
@ -0,0 +1,7 @@
|
||||
pkgp-freebsd-pkg____bash-5.1.16
|
||||
pkgp-freebsd-pkg____bash-completion-2.11_1,2
|
||||
pkgp-freebsd-pkg____curl-7.82.0
|
||||
pkgp-freebsd-pkg____motion-4.3.2_3
|
||||
pkgp-freebsd-pkg____nano-6.0
|
||||
pkgp-freebsd-pkg____pkg-1.17.5_1
|
||||
pkgp-freebsd-pkg____py27-pip-20.2.3
|
1
jails/config/cam/pkg-list.txt
Normal file
1
jails/config/cam/pkg-list.txt
Normal file
@ -0,0 +1 @@
|
||||
bash bash-completion curl motion nano pkg py27-pip
|
44
jails/config/cert/acmedns
Executable file
44
jails/config/cert/acmedns
Executable file
@ -0,0 +1,44 @@
|
||||
#!/bin/sh
|
||||
|
||||
# Copyright (c) 2018-2021, diyIT.org
|
||||
# All rights reserved.
|
||||
#
|
||||
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
||||
# https://diyit.org/license/
|
||||
#
|
||||
#
|
||||
|
||||
# the two lines below are not just comments but required by rcorder; service -e
|
||||
# PROVIDE: acmedns
|
||||
# REQUIRE: NETWORKING DAEMON
|
||||
|
||||
. /etc/rc.subr
|
||||
|
||||
: ${acmedns_enable="NO"}
|
||||
|
||||
name=acmedns
|
||||
rcvar=${name}_enable
|
||||
|
||||
ACMEDNS="/usr/local/bin/acme-dns"
|
||||
|
||||
start_cmd="${name}_start"
|
||||
stop_cmd="${name}_stop"
|
||||
restart_cmd="${name}_restart"
|
||||
|
||||
acmedns_start()
|
||||
{
|
||||
$ACMEDNS -c /etc/acme-dns/config.cfg &
|
||||
}
|
||||
|
||||
acmedns_stop()
|
||||
{
|
||||
ps ax | grep -ie acme-dns | grep -v grep | awk '{print $1}' | xargs kill -9
|
||||
}
|
||||
acmedns_restart()
|
||||
{
|
||||
acmedns_stop
|
||||
acmedns_start
|
||||
}
|
||||
|
||||
load_rc_config ${name}
|
||||
run_rc_command "$1"
|
65
jails/config/cert/config.cfg
Normal file
65
jails/config/cert/config.cfg
Normal file
@ -0,0 +1,65 @@
|
||||
[general]
|
||||
# DNS interface. Note that systemd-resolved may reserve port 53 on 127.0.0.53
|
||||
# In this case acme-dns will error out and you will need to define the listening interface
|
||||
# for example: listen = "127.0.0.1:53"
|
||||
listen = "0.0.0.0:53"
|
||||
# protocol, "both", "both4", "both6", "udp", "udp4", "udp6" or "tcp", "tcp4", "tcp6"
|
||||
protocol = "both4"
|
||||
# domain name to serve the requests off of
|
||||
domain = "dns-auth.ahlawat.com"
|
||||
# zone name server
|
||||
nsname = "dns-auth.ahlawat.com"
|
||||
# admin email address, where @ is substituted with .
|
||||
nsadmin = "sharad.ahlawat.com"
|
||||
# predefined records served in addition to the TXT
|
||||
records = [
|
||||
# domain pointing to the public IP of your acme-dns server
|
||||
"dns-auth.ahlawat.com. A 216.139.40.20",
|
||||
# specify that auth.example.org will resolve any *.auth.example.org records
|
||||
"dns-auth.ahlawat.com. NS dns-auth.ahlawat.com.",
|
||||
]
|
||||
# debug messages from CORS etc
|
||||
debug = false
|
||||
|
||||
[database]
|
||||
# Database engine to use, sqlite3 or postgres
|
||||
engine = "sqlite3"
|
||||
# Connection string, filename for sqlite3 and postgres://$username:$password@$host/$db_name for postgres
|
||||
# Please note that the default Docker image uses path /var/lib/acme-dns/acme-dns.db for sqlite3
|
||||
connection = "/usr/local/lib/acme-dns/acme-dns.db"
|
||||
# connection = "postgres://user:password@localhost/acmedns_db"
|
||||
|
||||
[api]
|
||||
# listen ip eg. 127.0.0.1
|
||||
ip = "0.0.0.0"
|
||||
# disable registration endpoint
|
||||
disable_registration = false
|
||||
# listen port, eg. 443 for default HTTPS
|
||||
port = "443"
|
||||
# possible values: "letsencrypt", "letsencryptstaging", "cert", "none"
|
||||
tls = "cert"
|
||||
# only used if tls = "cert"
|
||||
tls_cert_privkey = "/mnt/certs/privkey.pem"
|
||||
tls_cert_fullchain = "/mnt/certs/fullchain.pem"
|
||||
# only used if tls = "letsencrypt"
|
||||
acme_cache_dir = "api-certs"
|
||||
# optional e-mail address to which Let's Encrypt will send expiration notices for the API's cert
|
||||
notification_email = ""
|
||||
# CORS AllowOrigins, wildcards can be used
|
||||
corsorigins = [
|
||||
"*"
|
||||
]
|
||||
# use HTTP header to get the client ip
|
||||
use_header = false
|
||||
# header name to pull the ip address / list of ip addresses from
|
||||
header_name = "X-Forwarded-For"
|
||||
|
||||
[logconfig]
|
||||
# logging level: "error", "warning", "info" or "debug"
|
||||
loglevel = "debug"
|
||||
# possible values: stdout, TODO file & integrations
|
||||
logtype = "stdout"
|
||||
# file path for logfile TODO
|
||||
# logfile = "./acme-dns.log"
|
||||
# format, either "json" or "text"
|
||||
logformat = "text"
|
65
jails/config/cert/config.cfg-80
Normal file
65
jails/config/cert/config.cfg-80
Normal file
@ -0,0 +1,65 @@
|
||||
[general]
|
||||
# DNS interface. Note that systemd-resolved may reserve port 53 on 127.0.0.53
|
||||
# In this case acme-dns will error out and you will need to define the listening interface
|
||||
# for example: listen = "127.0.0.1:53"
|
||||
listen = "0.0.0.0:53"
|
||||
# protocol, "both", "both4", "both6", "udp", "udp4", "udp6" or "tcp", "tcp4", "tcp6"
|
||||
protocol = "both"
|
||||
# domain name to serve the requests off of
|
||||
domain = "dns-auth.ahlawat.com"
|
||||
# zone name server
|
||||
nsname = "dns-auth.ahlawat.com"
|
||||
# admin email address, where @ is substituted with .
|
||||
nsadmin = "sharad.ahlawat.com"
|
||||
# predefined records served in addition to the TXT
|
||||
records = [
|
||||
# domain pointing to the public IP of your acme-dns server
|
||||
"dns-auth.ahlawat.com. A 216.139.40.20",
|
||||
# specify that auth.example.org will resolve any *.auth.example.org records
|
||||
"dns-auth.ahlawat.com. NS dns-auth.ahlawat.com.",
|
||||
]
|
||||
# debug messages from CORS etc
|
||||
debug = false
|
||||
|
||||
[database]
|
||||
# Database engine to use, sqlite3 or postgres
|
||||
engine = "sqlite3"
|
||||
# Connection string, filename for sqlite3 and postgres://$username:$password@$host/$db_name for postgres
|
||||
# Please note that the default Docker image uses path /var/lib/acme-dns/acme-dns.db for sqlite3
|
||||
connection = "/usr/local/lib/acme-dns/acme-dns.db"
|
||||
# connection = "postgres://user:password@localhost/acmedns_db"
|
||||
|
||||
[api]
|
||||
# listen ip eg. 127.0.0.1
|
||||
ip = "0.0.0.0"
|
||||
# disable registration endpoint
|
||||
disable_registration = false
|
||||
# listen port, eg. 443 for default HTTPS
|
||||
port = "80"
|
||||
# possible values: "letsencrypt", "letsencryptstaging", "cert", "none"
|
||||
tls = "none"
|
||||
# only used if tls = "cert"
|
||||
tls_cert_privkey = "/mnt/certs/privkey.pem"
|
||||
tls_cert_fullchain = "/mnt/certs/fullchain.pem"
|
||||
# only used if tls = "letsencrypt"
|
||||
acme_cache_dir = "api-certs"
|
||||
# optional e-mail address to which Let's Encrypt will send expiration notices for the API's cert
|
||||
notification_email = ""
|
||||
# CORS AllowOrigins, wildcards can be used
|
||||
corsorigins = [
|
||||
"*"
|
||||
]
|
||||
# use HTTP header to get the client ip
|
||||
use_header = false
|
||||
# header name to pull the ip address / list of ip addresses from
|
||||
header_name = "X-Forwarded-For"
|
||||
|
||||
[logconfig]
|
||||
# logging level: "error", "warning", "info" or "debug"
|
||||
loglevel = "debug"
|
||||
# possible values: stdout, TODO file & integrations
|
||||
logtype = "stdout"
|
||||
# file path for logfile TODO
|
||||
# logfile = "./acme-dns.log"
|
||||
# format, either "json" or "text"
|
||||
logformat = "text"
|
7
jails/config/cert/pkg-list-details.txt
Normal file
7
jails/config/cert/pkg-list-details.txt
Normal file
@ -0,0 +1,7 @@
|
||||
pkgp-freebsd-pkg____bash-5.1.16
|
||||
pkgp-freebsd-pkg____bash-completion-2.11_1,2
|
||||
pkgp-freebsd-pkg____curl-7.82.0
|
||||
pkgp-freebsd-pkg____git-lite-2.35.1
|
||||
pkgp-freebsd-pkg____go-1.18,1
|
||||
pkgp-freebsd-pkg____nano-6.0
|
||||
pkgp-freebsd-pkg____pkg-1.17.5_1
|
1
jails/config/cert/pkg-list.txt
Normal file
1
jails/config/cert/pkg-list.txt
Normal file
@ -0,0 +1 @@
|
||||
bash bash-completion curl git-lite go nano pkg
|
5
jails/config/ci/pkg-list-details.txt
Normal file
5
jails/config/ci/pkg-list-details.txt
Normal file
@ -0,0 +1,5 @@
|
||||
pkgp-freebsd-pkg____bash-5.1.16
|
||||
pkgp-freebsd-pkg____bash-completion-2.11_1,2
|
||||
pkgp-freebsd-pkg____jenkins-2.341
|
||||
pkgp-freebsd-pkg____nano-6.0
|
||||
pkgp-freebsd-pkg____pkg-1.17.5_1
|
1
jails/config/ci/pkg-list.txt
Normal file
1
jails/config/ci/pkg-list.txt
Normal file
@ -0,0 +1 @@
|
||||
bash bash-completion jenkins nano pkg
|
51
jails/config/cloud/config.php
Normal file
51
jails/config/cloud/config.php
Normal file
@ -0,0 +1,51 @@
|
||||
<?php
|
||||
$CONFIG = array (
|
||||
'passwordsalt' => '5OBfApfc/+tJzU/4n+F8e+PzOfAStP',
|
||||
'secret' => 'IFX9kjXwOk4L21503pLACwa2Dadv9JzHNSu8XsnTogmwb5Tr',
|
||||
'trusted_domains' =>
|
||||
array (
|
||||
0 => 'localhost',
|
||||
1 => 'cloud.ahlawat.com',
|
||||
2 => '192.168.0.59',
|
||||
3 => 'fd01::59',
|
||||
),
|
||||
'datadirectory' => '/mnt/cloud',
|
||||
'overwrite.cli.url' => 'https://cloud.ahlawat.com/',
|
||||
'dbtype' => 'mysql',
|
||||
'version' => '21.0.3.1',
|
||||
'dbname' => 'nextcloud',
|
||||
'dbhost' => 'db.ahlawat.com',
|
||||
'dbport' => '3306',
|
||||
'dbtableprefix' => 'oc_',
|
||||
'mysql.utf8mb4' => true,
|
||||
'dbuser' => 'nextcloud',
|
||||
'dbpassword' => 'mysql__nextcloud',
|
||||
'installed' => true,
|
||||
'instanceid' => 'oc7suxvjiy9s',
|
||||
'htaccess.RewriteBase' => '/',
|
||||
'filelocking.enabled' => 'true',
|
||||
'memcache.locking' => '\\OC\\Memcache\\Redis',
|
||||
'redis' =>
|
||||
array (
|
||||
'host' => '/tmp/redis.sock',
|
||||
'port' => 0,
|
||||
),
|
||||
'logtimezone' => 'America/Los_Angeles',
|
||||
'default_phone_region' => 'US',
|
||||
'log_type' => 'file',
|
||||
'logfile' => '/var/log/nextcloud.log',
|
||||
'loglevel' => 0,
|
||||
'logrotate_size' => '104847600',
|
||||
'ldapIgnoreNamingRules' => false,
|
||||
'ldapProviderFactory' => '\\OCA\\User_LDAP\\LDAPProviderFactory',
|
||||
'mail_smtpmode' => 'smtp',
|
||||
'mail_from_address' => 'nobody',
|
||||
'mail_domain' => 'ahlawat.com',
|
||||
'mail_smtphost' => '192.168.0.100',
|
||||
'mail_smtpport' => '25',
|
||||
'maintenance' => false,
|
||||
'theme' => '',
|
||||
'encryption.legacy_format_support' => false,
|
||||
'encryption.key_storage_migrated' => false,
|
||||
'updater.secret' => '$2y$10$jAnC4Ha3RI2CL.IlhYluSeeOuKMT4itq/ViSiH1Q9DciUXfB3YSYS',
|
||||
);
|
51
jails/config/cloud/config.php.20
Normal file
51
jails/config/cloud/config.php.20
Normal file
@ -0,0 +1,51 @@
|
||||
<?php
|
||||
$CONFIG = array (
|
||||
'passwordsalt' => '5OBfApfc/+tJzU/4n+F8e+PzOfAStP',
|
||||
'secret' => 'IFX9kjXwOk4L21503pLACwa2Dadv9JzHNSu8XsnTogmwb5Tr',
|
||||
'trusted_domains' =>
|
||||
array (
|
||||
0 => 'localhost',
|
||||
1 => 'cloud.ahlawat.com',
|
||||
2 => '192.168.0.59',
|
||||
3 => 'fd01::59',
|
||||
),
|
||||
'datadirectory' => '/mnt/cloud',
|
||||
'overwrite.cli.url' => 'https://cloud.ahlawat.com/',
|
||||
'dbtype' => 'mysql',
|
||||
'version' => '21.0.3.1',
|
||||
'dbname' => 'nextcloud',
|
||||
'dbhost' => 'db.ahlawat.com',
|
||||
'dbport' => '3306',
|
||||
'dbtableprefix' => 'oc_',
|
||||
'mysql.utf8mb4' => true,
|
||||
'dbuser' => 'nextcloud',
|
||||
'dbpassword' => 'mysql__nextcloud',
|
||||
'installed' => true,
|
||||
'instanceid' => 'oc7suxvjiy9s',
|
||||
'htaccess.RewriteBase' => '/',
|
||||
'filelocking.enabled' => 'true',
|
||||
'memcache.local' => '\\OC\\Memcache\\APCu',
|
||||
'memcache.locking' => '\\OC\\Memcache\\Redis',
|
||||
'redis' =>
|
||||
array (
|
||||
'host' => '/tmp/redis.sock',
|
||||
'port' => 0,
|
||||
),
|
||||
'logtimezone' => 'America/Los_Angeles',
|
||||
'log_type' => 'file',
|
||||
'logfile' => '/var/log/nextcloud.log',
|
||||
'loglevel' => 0,
|
||||
'logrotate_size' => '104847600',
|
||||
'ldapIgnoreNamingRules' => false,
|
||||
'ldapProviderFactory' => '\\OCA\\User_LDAP\\LDAPProviderFactory',
|
||||
'mail_smtpmode' => 'smtp',
|
||||
'mail_from_address' => 'nobody',
|
||||
'mail_domain' => 'ahlawat.com',
|
||||
'mail_smtphost' => '192.168.0.100',
|
||||
'mail_smtpport' => '25',
|
||||
'maintenance' => false,
|
||||
'theme' => '',
|
||||
'encryption.legacy_format_support' => false,
|
||||
'encryption.key_storage_migrated' => false,
|
||||
'updater.secret' => '$2y$10$jAnC4Ha3RI2CL.IlhYluSeeOuKMT4itq/ViSiH1Q9DciUXfB3YSYS',
|
||||
);
|
@ -49,7 +49,7 @@ ServerRoot "/usr/local"
|
||||
# prevent Apache from glomming onto all bound IP addresses.
|
||||
#
|
||||
#Listen 12.34.56.78:80
|
||||
Listen 80
|
||||
#Listen 80
|
||||
|
||||
#
|
||||
# Dynamic Shared Object (DSO) Support
|
||||
@ -108,7 +108,7 @@ LoadModule filter_module libexec/apache24/mod_filter.so
|
||||
#LoadModule substitute_module libexec/apache24/mod_substitute.so
|
||||
#LoadModule sed_module libexec/apache24/mod_sed.so
|
||||
#LoadModule charset_lite_module libexec/apache24/mod_charset_lite.so
|
||||
#LoadModule deflate_module libexec/apache24/mod_deflate.so
|
||||
LoadModule deflate_module libexec/apache24/mod_deflate.so
|
||||
#LoadModule xml2enc_module libexec/apache24/mod_xml2enc.so
|
||||
#LoadModule proxy_html_module libexec/apache24/mod_proxy_html.so
|
||||
LoadModule mime_module libexec/apache24/mod_mime.so
|
||||
@ -119,7 +119,7 @@ LoadModule log_config_module libexec/apache24/mod_log_config.so
|
||||
LoadModule env_module libexec/apache24/mod_env.so
|
||||
#LoadModule mime_magic_module libexec/apache24/mod_mime_magic.so
|
||||
#LoadModule cern_meta_module libexec/apache24/mod_cern_meta.so
|
||||
#LoadModule expires_module libexec/apache24/mod_expires.so
|
||||
LoadModule expires_module libexec/apache24/mod_expires.so
|
||||
LoadModule headers_module libexec/apache24/mod_headers.so
|
||||
#LoadModule usertrack_module libexec/apache24/mod_usertrack.so
|
||||
#LoadModule unique_id_module libexec/apache24/mod_unique_id.so
|
||||
@ -178,7 +178,6 @@ LoadModule dir_module libexec/apache24/mod_dir.so
|
||||
#LoadModule userdir_module libexec/apache24/mod_userdir.so
|
||||
LoadModule alias_module libexec/apache24/mod_alias.so
|
||||
LoadModule rewrite_module libexec/apache24/mod_rewrite.so
|
||||
#LoadModule php7_module libexec/apache24/libphp7.so
|
||||
|
||||
# Third party modules
|
||||
IncludeOptional etc/apache24/modules.d/[0-9][0-9][0-9]_*.conf
|
||||
@ -223,7 +222,7 @@ ServerAdmin sharad@ahlawat.com
|
||||
#
|
||||
# If your host doesn't have a registered DNS name, enter its IP address here.
|
||||
#
|
||||
#ServerName www.example.com:80
|
||||
ServerName cloud.ahlawat.com
|
||||
|
||||
#
|
||||
# Deny access to the entirety of your server's filesystem. You must
|
||||
@ -250,9 +249,10 @@ ServerAdmin sharad@ahlawat.com
|
||||
DocumentRoot "/usr/local/www/apache24/data"
|
||||
<Directory "/usr/local/www/apache24/data">
|
||||
|
||||
RewriteEngine on
|
||||
RewriteRule ^/\.well-known/ - [L]
|
||||
RewriteRule (.*) https://cloud.ahlawat.com [R,L]
|
||||
# can't set this if traffic is passing through haproxy and being redirected to ssl already
|
||||
# RewriteEngine on
|
||||
# RewriteRule ^/\.well-known/ - [L]
|
||||
# RewriteRule (.*) https://cloud.ahlawat.com [R,L]
|
||||
|
||||
#
|
||||
# Possible values for the Options directive are "None", "All",
|
||||
@ -554,27 +554,25 @@ Include etc/apache24/Includes/*.conf
|
||||
<VirtualHost *:443>
|
||||
ServerName cloud.ahlawat.com
|
||||
ServerAlias *.ahlawat.com
|
||||
ServerAlias cloud
|
||||
|
||||
Protocols h2 h2c http/1.1
|
||||
Protocols h2 http/1.1
|
||||
|
||||
DocumentRoot "/usr/local/www/apache24/data/nextcloud/"
|
||||
DirectoryIndex /index.php index.php
|
||||
|
||||
SSLEngine on
|
||||
SSLCertificateFile "/mnt/certs/fullchain.pem"
|
||||
SSLCertificateKeyFile "/mnt/certs/privkey.pem"
|
||||
#SSLCertificateChainFile "/mnt/certs/fullchain.pem"
|
||||
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
||||
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
|
||||
SSLHonorCipherOrder on
|
||||
SSLCompression off
|
||||
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||
SSLHonorCipherOrder off
|
||||
SSLSessionTickets off
|
||||
SSLOptions +StrictRequire
|
||||
# SSLCompression off
|
||||
|
||||
RewriteEngine On
|
||||
RewriteCond %{HTTP:Authorization} ^(.*)
|
||||
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
|
||||
RewriteEngine On
|
||||
RewriteCond %{HTTP:Authorization} ^(.*)
|
||||
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
|
||||
|
||||
<FilesMatch "\.(cgi|shtml|phtml|php)$">
|
||||
SetHandler "proxy:fcgi://127.0.0.1:9000"
|
||||
@ -589,7 +587,8 @@ Include etc/apache24/Includes/*.conf
|
||||
CustomLog "/var/log/ssl-request.log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
|
||||
|
||||
<Directory "/usr/local/www/apache24/data/nextcloud/">
|
||||
Options +FollowSymLinks
|
||||
Require all granted
|
||||
Options FollowSymLinks MultiViews
|
||||
AllowOverride All
|
||||
|
||||
<IfModule mod_dav.c>
|
||||
@ -601,11 +600,116 @@ Include etc/apache24/Includes/*.conf
|
||||
|
||||
</Directory>
|
||||
|
||||
<Directory "/usr/local/www/apache24/data/">
|
||||
Options Indexes FollowSymLinks MultiViews
|
||||
## IndexOptions FancyIndexing FoldersFirst IgnoreCase VersionSort SuppressHTMLPreamble NameWidth=96 DescriptionWidth=16
|
||||
IndexOptions FancyIndexing FoldersFirst IgnoreCase NameWidth=96
|
||||
|
||||
#AllowOverride controls what directives may be placed in .htaccess files.
|
||||
#AllowOverride All
|
||||
#AllowOverride AuthConfig
|
||||
#Controls who can get stuff from this server file
|
||||
#Require all granted
|
||||
</Directory>
|
||||
|
||||
ErrorLog "/var/log/ssl-error.log"
|
||||
CustomLog "/var/log/ssl-access_log" combined
|
||||
|
||||
<IfModule mod_headers.c>
|
||||
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
|
||||
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
|
||||
</IfModule>
|
||||
|
||||
<IfModule mod_expires.c>
|
||||
ExpiresActive On
|
||||
ExpiresDefault A0
|
||||
|
||||
<FilesMatch "\.(txt|xml|js)$">
|
||||
ExpiresDefault A31536000
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.(css)$">
|
||||
ExpiresDefault A31536000
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|woff2|svg)$">
|
||||
ExpiresDefault A31536000
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.(jpg|jpeg|png|gif|swf|webp)$">
|
||||
ExpiresDefault A31536000
|
||||
</FilesMatch>
|
||||
</IfModule>
|
||||
|
||||
<IfModule mod_headers.c>
|
||||
<FilesMatch "\.(txt|xml|js)$">
|
||||
Header set Cache-Control "max-age=31536000"
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.(css)$">
|
||||
Header set Cache-Control "max-age=31536000"
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|woff2|svg)$">
|
||||
Header set Cache-Control "max-age=31536000"
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.(jpg|jpeg|png|gif|swf|webp)$">
|
||||
Header set Cache-Control "max-age=31536000"
|
||||
</FilesMatch>
|
||||
</IfModule>
|
||||
|
||||
<IfModule mod_deflate.c>
|
||||
SetOutputFilter DEFLATE
|
||||
<IfModule mod_setenvif.c>
|
||||
<IfModule mod_headers.c>
|
||||
SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
|
||||
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
|
||||
</IfModule>
|
||||
</IfModule>
|
||||
<IfModule mod_filter.c>
|
||||
AddOutputFilterByType DEFLATE "application/atom+xml" \
|
||||
"application/javascript" \
|
||||
"application/json" \
|
||||
"application/ld+json" \
|
||||
"application/manifest+json" \
|
||||
"application/rdf+xml" \
|
||||
"application/rss+xml" \
|
||||
"application/schema+json" \
|
||||
"application/vnd.geo+json" \
|
||||
"application/vnd.ms-fontobject" \
|
||||
"application/x-font-ttf" \
|
||||
"application/x-font-opentype" \
|
||||
"application/x-font-truetype" \
|
||||
"application/x-javascript" \
|
||||
"application/x-web-app-manifest+json" \
|
||||
"application/xhtml+xml" \
|
||||
"application/xml" \
|
||||
"font/eot" \
|
||||
"font/opentype" \
|
||||
"font/otf" \
|
||||
"image/bmp" \
|
||||
"image/svg+xml" \
|
||||
"image/vnd.microsoft.icon" \
|
||||
"image/x-icon" \
|
||||
"text/cache-manifest" \
|
||||
"text/css" \
|
||||
"text/html" \
|
||||
"text/javascript" \
|
||||
"text/plain" \
|
||||
"text/vcard" \
|
||||
"text/vnd.rim.location.xloc" \
|
||||
"text/vtt" \
|
||||
"text/x-component" \
|
||||
"text/x-cross-domain-policy" \
|
||||
"text/xml"
|
||||
|
||||
</IfModule>
|
||||
<IfModule mod_mime.c>
|
||||
AddEncoding gzip svgz
|
||||
</IfModule>
|
||||
</IfModule>
|
||||
|
||||
</VirtualHost>
|
||||
|
||||
SSLUseStapling On
|
||||
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
|
||||
|
@ -1774,7 +1774,7 @@ opcache.enable_cli=1
|
||||
opcache.memory_consumption=128
|
||||
|
||||
; The amount of memory for interned strings in Mbytes.
|
||||
opcache.interned_strings_buffer=8
|
||||
opcache.interned_strings_buffer=32
|
||||
|
||||
; The maximum number of keys (scripts) in the OPcache hash table.
|
||||
; Only numbers between 200 and 1000000 are allowed.
|
||||
@ -1796,7 +1796,7 @@ opcache.max_accelerated_files=10000
|
||||
; How often (in seconds) to check file timestamps for changes to the shared
|
||||
; memory storage allocation. ("1" means validate once per second, but only
|
||||
; once per request. "0" means always validate)
|
||||
opcache.revalidate_freq=1
|
||||
opcache.revalidate_freq=60
|
||||
|
||||
; Enables or disables file search in include_path optimization
|
||||
;opcache.revalidate_path=0
|
||||
|
44
jails/config/cloud/pkg-list-details.txt
Normal file
44
jails/config/cloud/pkg-list-details.txt
Normal file
@ -0,0 +1,44 @@
|
||||
pkgp-freebsd-pkg____apache24-2.4.53
|
||||
pkgp-freebsd-pkg____bash-5.1.16
|
||||
pkgp-freebsd-pkg____bash-completion-2.11_1,2
|
||||
pkgp-freebsd-pkg____ffmpeg-4.4.1_11,1
|
||||
pkgp-freebsd-pkg____mod_php80-8.0.17_1
|
||||
pkgp-freebsd-pkg____nano-6.0
|
||||
pkgp-freebsd-pkg____php80-8.0.17_2
|
||||
pkgp-freebsd-pkg____php80-bcmath-8.0.17_2
|
||||
pkgp-freebsd-pkg____php80-bz2-8.0.17_2
|
||||
pkgp-freebsd-pkg____php80-ctype-8.0.17_2
|
||||
pkgp-freebsd-pkg____php80-curl-8.0.17_2
|
||||
pkgp-freebsd-pkg____php80-dom-8.0.17_1
|
||||
pkgp-freebsd-pkg____php80-exif-8.0.17_2
|
||||
pkgp-freebsd-pkg____php80-fileinfo-8.0.17_2
|
||||
pkgp-freebsd-pkg____php80-filter-8.0.17_2
|
||||
pkgp-freebsd-pkg____php80-ftp-8.0.17_2
|
||||
pkgp-freebsd-pkg____php80-gd-8.0.17_2
|
||||
pkgp-freebsd-pkg____php80-gmp-8.0.17_2
|
||||
pkgp-freebsd-pkg____php80-iconv-8.0.17_2
|
||||
pkgp-freebsd-pkg____php80-imap-8.0.17_2
|
||||
pkgp-freebsd-pkg____php80-intl-8.0.17_2
|
||||
pkgp-freebsd-pkg____php80-ldap-8.0.17_2
|
||||
pkgp-freebsd-pkg____php80-mbstring-8.0.17_2
|
||||
pkgp-freebsd-pkg____php80-mysqli-8.0.17_2
|
||||
pkgp-freebsd-pkg____php80-opcache-8.0.17_2
|
||||
pkgp-freebsd-pkg____php80-pcntl-8.0.17_2
|
||||
pkgp-freebsd-pkg____php80-pdo-8.0.17_2
|
||||
pkgp-freebsd-pkg____php80-pdo_mysql-8.0.17_2
|
||||
pkgp-freebsd-pkg____php80-pecl-APCu-5.1.21
|
||||
pkgp-freebsd-pkg____php80-pecl-imagick-3.5.1
|
||||
pkgp-freebsd-pkg____php80-pecl-mcrypt-1.0.4
|
||||
pkgp-freebsd-pkg____php80-pecl-redis-5.3.5
|
||||
pkgp-freebsd-pkg____php80-posix-8.0.17_2
|
||||
pkgp-freebsd-pkg____php80-session-8.0.17_2
|
||||
pkgp-freebsd-pkg____php80-simplexml-8.0.17_1
|
||||
pkgp-freebsd-pkg____php80-xml-8.0.17_1
|
||||
pkgp-freebsd-pkg____php80-xmlreader-8.0.17_1
|
||||
pkgp-freebsd-pkg____php80-xmlwriter-8.0.17_1
|
||||
pkgp-freebsd-pkg____php80-xsl-8.0.17_1
|
||||
pkgp-freebsd-pkg____php80-zip-8.0.17_2
|
||||
pkgp-freebsd-pkg____php80-zlib-8.0.17_2
|
||||
pkgp-freebsd-pkg____pkg-1.17.5_1
|
||||
pkgp-freebsd-pkg____redis-6.2.6
|
||||
pkgp-freebsd-pkg____sudo-1.9.10
|
1
jails/config/cloud/pkg-list.txt
Normal file
1
jails/config/cloud/pkg-list.txt
Normal file
@ -0,0 +1 @@
|
||||
apache24 bash bash-completion ffmpeg mod_php80 nano php80 php80-bcmath php80-bz2 php80-ctype php80-curl php80-dom php80-exif php80-fileinfo php80-filter php80-ftp php80-gd php80-gmp php80-iconv php80-imap php80-intl php80-ldap php80-mbstring php80-mysqli php80-opcache php80-pcntl php80-pdo php80-pdo_mysql php80-pecl-APCu php80-pecl-imagick php80-pecl-mcrypt php80-pecl-redis php80-posix php80-session php80-simplexml php80-xml php80-xmlreader php80-xmlwriter php80-xsl php80-zip php80-zlib pkg redis sudo
|
BIN
jails/config/common/12.3-RELEASE.bzip2
Normal file
BIN
jails/config/common/12.3-RELEASE.bzip2
Normal file
Binary file not shown.
Binary file not shown.
@ -1,4 +1,4 @@
|
||||
# $FreeBSD: releng/12.2/usr.sbin/freebsd-update/freebsd-update.conf 337338 2018-08-04 22:25:41Z brd $
|
||||
# $FreeBSD: releng/12.3/usr.sbin/freebsd-update/freebsd-update.conf 370439 2021-08-29 16:58:35Z kevans $
|
||||
|
||||
# Trusted keyprint. Changing this is a Bad Idea unless you've received
|
||||
# a PGP-signed email from <security-officer@FreeBSD.org> telling you to
|
||||
@ -10,6 +10,8 @@ KeyPrint 800651ef4b4c71c27e60786d7b487188970f4b4169cc055784e21eb71d410cc5
|
||||
# using a "nearby" server won't provide a measurable improvement in
|
||||
# performance.
|
||||
ServerName update.FreeBSD.org
|
||||
# caching not used as I am mounting the /var/db/freebsd-update/files directory into every jail
|
||||
#ServerName pkgp-freebsd-update.ahlawat.com
|
||||
|
||||
# Components of the base system which should be kept updated.
|
||||
#Components src world
|
||||
@ -75,3 +77,6 @@ MergeChanges /etc/ /boot/device.hints
|
||||
|
||||
# When backing up a kernel also back up debug symbol files?
|
||||
# BackupKernelSymbolFiles no
|
||||
|
||||
# Create a new boot environment when installing patches
|
||||
# CreateBootEnv yes
|
||||
|
705
jails/config/common/httpd-ldap.conf
Normal file
705
jails/config/common/httpd-ldap.conf
Normal file
@ -0,0 +1,705 @@
|
||||
#
|
||||
# This is the main Apache HTTP server configuration file. It contains the
|
||||
# configuration directives that give the server its instructions.
|
||||
# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
|
||||
# In particular, see
|
||||
# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
|
||||
# for a discussion of each configuration directive.
|
||||
#
|
||||
# Do NOT simply read the instructions in here without understanding
|
||||
# what they do. They're here only as hints or reminders. If you are unsure
|
||||
# consult the online docs. You have been warned.
|
||||
#
|
||||
# Configuration and logfile names: If the filenames you specify for many
|
||||
# of the server's control files begin with "/" (or "drive:/" for Win32), the
|
||||
# server will use that explicit path. If the filenames do *not* begin
|
||||
# with "/", the value of ServerRoot is prepended -- so "logs/access_log"
|
||||
# with ServerRoot set to "/usr/local/apache2" will be interpreted by the
|
||||
# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log"
|
||||
# will be interpreted as '/logs/access_log'.
|
||||
|
||||
#
|
||||
# ServerRoot: The top of the directory tree under which the server's
|
||||
# configuration, error, and log files are kept.
|
||||
#
|
||||
# Do not add a slash at the end of the directory path. If you point
|
||||
# ServerRoot at a non-local disk, be sure to specify a local disk on the
|
||||
# Mutex directive, if file-based mutexes are used. If you wish to share the
|
||||
# same ServerRoot for multiple httpd daemons, you will need to change at
|
||||
# least PidFile.
|
||||
#
|
||||
ServerRoot "/usr/local"
|
||||
|
||||
#
|
||||
# Mutex: Allows you to set the mutex mechanism and mutex file directory
|
||||
# for individual mutexes, or change the global defaults
|
||||
#
|
||||
# Uncomment and change the directory if mutexes are file-based and the default
|
||||
# mutex file directory is not on a local disk or is not appropriate for some
|
||||
# other reason.
|
||||
#
|
||||
# Mutex default:/var/run
|
||||
|
||||
#
|
||||
# Listen: Allows you to bind Apache to specific IP addresses and/or
|
||||
# ports, instead of the default. See also the <VirtualHost>
|
||||
# directive.
|
||||
#
|
||||
# Change this to Listen on specific IP addresses as shown below to
|
||||
# prevent Apache from glomming onto all bound IP addresses.
|
||||
#
|
||||
#Listen 12.34.56.78:80
|
||||
#Listen 80
|
||||
|
||||
#
|
||||
# Dynamic Shared Object (DSO) Support
|
||||
#
|
||||
# To be able to use the functionality of a module which was built as a DSO you
|
||||
# have to place corresponding `LoadModule' lines at this location so the
|
||||
# directives contained in it are actually available _before_ they are used.
|
||||
# Statically compiled modules (those listed by `httpd -l') do not need
|
||||
# to be loaded here.
|
||||
#
|
||||
# Example:
|
||||
# LoadModule foo_module modules/mod_foo.so
|
||||
#
|
||||
LoadModule mpm_event_module libexec/apache24/mod_mpm_event.so
|
||||
#LoadModule mpm_prefork_module libexec/apache24/mod_mpm_prefork.so
|
||||
#LoadModule mpm_worker_module libexec/apache24/mod_mpm_worker.so
|
||||
LoadModule authn_file_module libexec/apache24/mod_authn_file.so
|
||||
#LoadModule authn_dbm_module libexec/apache24/mod_authn_dbm.so
|
||||
#LoadModule authn_anon_module libexec/apache24/mod_authn_anon.so
|
||||
#LoadModule authn_dbd_module libexec/apache24/mod_authn_dbd.so
|
||||
#LoadModule authn_socache_module libexec/apache24/mod_authn_socache.so
|
||||
LoadModule authn_core_module libexec/apache24/mod_authn_core.so
|
||||
LoadModule authz_host_module libexec/apache24/mod_authz_host.so
|
||||
LoadModule authz_groupfile_module libexec/apache24/mod_authz_groupfile.so
|
||||
LoadModule authz_user_module libexec/apache24/mod_authz_user.so
|
||||
#LoadModule authz_dbm_module libexec/apache24/mod_authz_dbm.so
|
||||
#LoadModule authz_owner_module libexec/apache24/mod_authz_owner.so
|
||||
#LoadModule authz_dbd_module libexec/apache24/mod_authz_dbd.so
|
||||
LoadModule authz_core_module libexec/apache24/mod_authz_core.so
|
||||
#LoadModule authnz_fcgi_module libexec/apache24/mod_authnz_fcgi.so
|
||||
LoadModule access_compat_module libexec/apache24/mod_access_compat.so
|
||||
LoadModule auth_basic_module libexec/apache24/mod_auth_basic.so
|
||||
#LoadModule auth_form_module libexec/apache24/mod_auth_form.so
|
||||
#LoadModule auth_digest_module libexec/apache24/mod_auth_digest.so
|
||||
#LoadModule allowmethods_module libexec/apache24/mod_allowmethods.so
|
||||
#LoadModule file_cache_module libexec/apache24/mod_file_cache.so
|
||||
#LoadModule cache_module libexec/apache24/mod_cache.so
|
||||
#LoadModule cache_disk_module libexec/apache24/mod_cache_disk.so
|
||||
#LoadModule cache_socache_module libexec/apache24/mod_cache_socache.so
|
||||
LoadModule authnz_ldap_module libexec/apache24/mod_authnz_ldap.so
|
||||
LoadModule ldap_module libexec/apache24/mod_ldap.so
|
||||
LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so
|
||||
#LoadModule socache_dbm_module libexec/apache24/mod_socache_dbm.so
|
||||
#LoadModule socache_memcache_module libexec/apache24/mod_socache_memcache.so
|
||||
#LoadModule watchdog_module libexec/apache24/mod_watchdog.so
|
||||
#LoadModule macro_module libexec/apache24/mod_macro.so
|
||||
#LoadModule dbd_module libexec/apache24/mod_dbd.so
|
||||
#LoadModule dumpio_module libexec/apache24/mod_dumpio.so
|
||||
#LoadModule buffer_module libexec/apache24/mod_buffer.so
|
||||
#LoadModule data_module libexec/apache24/mod_data.so
|
||||
#LoadModule ratelimit_module libexec/apache24/mod_ratelimit.so
|
||||
LoadModule reqtimeout_module libexec/apache24/mod_reqtimeout.so
|
||||
#LoadModule ext_filter_module libexec/apache24/mod_ext_filter.so
|
||||
#LoadModule request_module libexec/apache24/mod_request.so
|
||||
#LoadModule include_module libexec/apache24/mod_include.so
|
||||
LoadModule filter_module libexec/apache24/mod_filter.so
|
||||
#LoadModule reflector_module libexec/apache24/mod_reflector.so
|
||||
#LoadModule substitute_module libexec/apache24/mod_substitute.so
|
||||
#LoadModule sed_module libexec/apache24/mod_sed.so
|
||||
#LoadModule charset_lite_module libexec/apache24/mod_charset_lite.so
|
||||
LoadModule deflate_module libexec/apache24/mod_deflate.so
|
||||
#LoadModule xml2enc_module libexec/apache24/mod_xml2enc.so
|
||||
#LoadModule proxy_html_module libexec/apache24/mod_proxy_html.so
|
||||
LoadModule mime_module libexec/apache24/mod_mime.so
|
||||
LoadModule log_config_module libexec/apache24/mod_log_config.so
|
||||
#LoadModule log_debug_module libexec/apache24/mod_log_debug.so
|
||||
#LoadModule log_forensic_module libexec/apache24/mod_log_forensic.so
|
||||
#LoadModule logio_module libexec/apache24/mod_logio.so
|
||||
LoadModule env_module libexec/apache24/mod_env.so
|
||||
#LoadModule mime_magic_module libexec/apache24/mod_mime_magic.so
|
||||
#LoadModule cern_meta_module libexec/apache24/mod_cern_meta.so
|
||||
LoadModule expires_module libexec/apache24/mod_expires.so
|
||||
LoadModule headers_module libexec/apache24/mod_headers.so
|
||||
#LoadModule usertrack_module libexec/apache24/mod_usertrack.so
|
||||
#LoadModule unique_id_module libexec/apache24/mod_unique_id.so
|
||||
LoadModule setenvif_module libexec/apache24/mod_setenvif.so
|
||||
LoadModule version_module libexec/apache24/mod_version.so
|
||||
#LoadModule remoteip_module libexec/apache24/mod_remoteip.so
|
||||
LoadModule proxy_module libexec/apache24/mod_proxy.so
|
||||
#LoadModule proxy_connect_module libexec/apache24/mod_proxy_connect.so
|
||||
#LoadModule proxy_ftp_module libexec/apache24/mod_proxy_ftp.so
|
||||
#LoadModule proxy_http_module libexec/apache24/mod_proxy_http.so
|
||||
LoadModule proxy_fcgi_module libexec/apache24/mod_proxy_fcgi.so
|
||||
#LoadModule proxy_scgi_module libexec/apache24/mod_proxy_scgi.so
|
||||
#LoadModule proxy_uwsgi_module libexec/apache24/mod_proxy_uwsgi.so
|
||||
#LoadModule proxy_fdpass_module libexec/apache24/mod_proxy_fdpass.so
|
||||
#LoadModule proxy_wstunnel_module libexec/apache24/mod_proxy_wstunnel.so
|
||||
#LoadModule proxy_ajp_module libexec/apache24/mod_proxy_ajp.so
|
||||
#LoadModule proxy_balancer_module libexec/apache24/mod_proxy_balancer.so
|
||||
#LoadModule proxy_express_module libexec/apache24/mod_proxy_express.so
|
||||
#LoadModule proxy_hcheck_module libexec/apache24/mod_proxy_hcheck.so
|
||||
#LoadModule session_module libexec/apache24/mod_session.so
|
||||
#LoadModule session_cookie_module libexec/apache24/mod_session_cookie.so
|
||||
#LoadModule session_crypto_module libexec/apache24/mod_session_crypto.so
|
||||
#LoadModule session_dbd_module libexec/apache24/mod_session_dbd.so
|
||||
#LoadModule slotmem_shm_module libexec/apache24/mod_slotmem_shm.so
|
||||
#LoadModule slotmem_plain_module libexec/apache24/mod_slotmem_plain.so
|
||||
LoadModule ssl_module libexec/apache24/mod_ssl.so
|
||||
#LoadModule dialup_module libexec/apache24/mod_dialup.so
|
||||
LoadModule http2_module libexec/apache24/mod_http2.so
|
||||
LoadModule proxy_http2_module libexec/apache24/mod_proxy_http2.so
|
||||
#LoadModule lbmethod_byrequests_module libexec/apache24/mod_lbmethod_byrequests.so
|
||||
#LoadModule lbmethod_bytraffic_module libexec/apache24/mod_lbmethod_bytraffic.so
|
||||
#LoadModule lbmethod_bybusyness_module libexec/apache24/mod_lbmethod_bybusyness.so
|
||||
#LoadModule lbmethod_heartbeat_module libexec/apache24/mod_lbmethod_heartbeat.so
|
||||
LoadModule unixd_module libexec/apache24/mod_unixd.so
|
||||
#LoadModule heartbeat_module libexec/apache24/mod_heartbeat.so
|
||||
#LoadModule heartmonitor_module libexec/apache24/mod_heartmonitor.so
|
||||
#LoadModule dav_module libexec/apache24/mod_dav.so
|
||||
LoadModule status_module libexec/apache24/mod_status.so
|
||||
LoadModule autoindex_module libexec/apache24/mod_autoindex.so
|
||||
#LoadModule asis_module libexec/apache24/mod_asis.so
|
||||
#LoadModule info_module libexec/apache24/mod_info.so
|
||||
<IfModule !mpm_prefork_module>
|
||||
#LoadModule cgid_module libexec/apache24/mod_cgid.so
|
||||
</IfModule>
|
||||
<IfModule mpm_prefork_module>
|
||||
#LoadModule cgi_module libexec/apache24/mod_cgi.so
|
||||
</IfModule>
|
||||
#LoadModule dav_fs_module libexec/apache24/mod_dav_fs.so
|
||||
#LoadModule dav_lock_module libexec/apache24/mod_dav_lock.so
|
||||
#LoadModule vhost_alias_module libexec/apache24/mod_vhost_alias.so
|
||||
#LoadModule negotiation_module libexec/apache24/mod_negotiation.so
|
||||
LoadModule dir_module libexec/apache24/mod_dir.so
|
||||
#LoadModule imagemap_module libexec/apache24/mod_imagemap.so
|
||||
#LoadModule actions_module libexec/apache24/mod_actions.so
|
||||
#LoadModule speling_module libexec/apache24/mod_speling.so
|
||||
#LoadModule userdir_module libexec/apache24/mod_userdir.so
|
||||
LoadModule alias_module libexec/apache24/mod_alias.so
|
||||
LoadModule rewrite_module libexec/apache24/mod_rewrite.so
|
||||
#LoadModule php_module libexec/apache24/libphp.so
|
||||
|
||||
# Third party modules
|
||||
IncludeOptional etc/apache24/modules.d/[0-9][0-9][0-9]_*.conf
|
||||
|
||||
<IfModule unixd_module>
|
||||
#
|
||||
# If you wish httpd to run as a different user or group, you must run
|
||||
# httpd as root initially and it will switch.
|
||||
#
|
||||
# User/Group: The name (or #number) of the user/group to run httpd as.
|
||||
# It is usually good practice to create a dedicated user and group for
|
||||
# running httpd, as with most system services.
|
||||
#
|
||||
User www
|
||||
Group www
|
||||
|
||||
</IfModule>
|
||||
|
||||
# 'Main' server configuration
|
||||
#
|
||||
# The directives in this section set up the values used by the 'main'
|
||||
# server, which responds to any requests that aren't handled by a
|
||||
# <VirtualHost> definition. These values also provide defaults for
|
||||
# any <VirtualHost> containers you may define later in the file.
|
||||
#
|
||||
# All of these directives may appear inside <VirtualHost> containers,
|
||||
# in which case these default settings will be overridden for the
|
||||
# virtual host being defined.
|
||||
#
|
||||
|
||||
#
|
||||
# ServerAdmin: Your address, where problems with the server should be
|
||||
# e-mailed. This address appears on some server-generated pages, such
|
||||
# as error documents. e.g. admin@your-domain.com
|
||||
#
|
||||
ServerAdmin sharad@ahlawat.com
|
||||
|
||||
#
|
||||
# ServerName gives the name and port that the server uses to identify itself.
|
||||
# This can often be determined automatically, but we recommend you specify
|
||||
# it explicitly to prevent problems during startup.
|
||||
#
|
||||
# If your host doesn't have a registered DNS name, enter its IP address here.
|
||||
#
|
||||
ServerName www.ahlawat.com
|
||||
|
||||
#
|
||||
# Deny access to the entirety of your server's filesystem. You must
|
||||
# explicitly permit access to web content directories in other
|
||||
# <Directory> blocks below.
|
||||
#
|
||||
<Directory />
|
||||
AllowOverride none
|
||||
Require all denied
|
||||
</Directory>
|
||||
|
||||
#
|
||||
# Note that from this point forward you must specifically allow
|
||||
# particular features to be enabled - so if something's not working as
|
||||
# you might expect, make sure that you have specifically enabled it
|
||||
# below.
|
||||
#
|
||||
|
||||
#
|
||||
# DocumentRoot: The directory out of which you will serve your
|
||||
# documents. By default, all requests are taken from this directory, but
|
||||
# symbolic links and aliases may be used to point to other locations.
|
||||
#
|
||||
DocumentRoot "/usr/local/www/apache24/data"
|
||||
<Directory "/usr/local/www/apache24/data">
|
||||
|
||||
# can't set this if traffic is passing through haproxy and being redirected to ssl already
|
||||
# RewriteEngine on
|
||||
# RewriteRule ^/\.well-known/ - [L]
|
||||
# RewriteRule (.*) https://www.ahlawat.com [R,L]
|
||||
|
||||
#
|
||||
# Possible values for the Options directive are "None", "All",
|
||||
# or any combination of:
|
||||
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
|
||||
#
|
||||
# Note that "MultiViews" must be named *explicitly* --- "Options All"
|
||||
# doesn't give it to you.
|
||||
#
|
||||
# The Options directive is both complicated and important. Please see
|
||||
# http://httpd.apache.org/docs/2.4/mod/core.html#options
|
||||
# for more information.
|
||||
#
|
||||
Options Indexes FollowSymLinks
|
||||
|
||||
#
|
||||
# AllowOverride controls what directives may be placed in .htaccess files.
|
||||
# It can be "All", "None", or any combination of the keywords:
|
||||
# AllowOverride FileInfo AuthConfig Limit
|
||||
#
|
||||
AllowOverride None
|
||||
|
||||
#
|
||||
# Controls who can get stuff from this server.
|
||||
#
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
#
|
||||
# DirectoryIndex: sets the file that Apache will serve if a directory
|
||||
# is requested.
|
||||
#
|
||||
<IfModule dir_module>
|
||||
DirectoryIndex index.php index.html
|
||||
<FilesMatch "\.php$">
|
||||
SetHandler application/x-httpd-php
|
||||
</FilesMatch>
|
||||
<FilesMatch "\.phps$">
|
||||
SetHandler application/x-httpd-php-source
|
||||
</FilesMatch>
|
||||
</IfModule>
|
||||
|
||||
#
|
||||
# The following lines prevent .htaccess and .htpasswd files from being
|
||||
# viewed by Web clients.
|
||||
#
|
||||
<Files ".ht*">
|
||||
Require all denied
|
||||
</Files>
|
||||
|
||||
#
|
||||
# ErrorLog: The location of the error log file.
|
||||
# If you do not specify an ErrorLog directive within a <VirtualHost>
|
||||
# container, error messages relating to that virtual host will be
|
||||
# logged here. If you *do* define an error logfile for a <VirtualHost>
|
||||
# container, that host's errors will be logged there and not here.
|
||||
#
|
||||
ErrorLog "/var/log/httpd-error.log"
|
||||
|
||||
#
|
||||
# LogLevel: Control the number of messages logged to the error_log.
|
||||
# Possible values include: debug, info, notice, warn, error, crit,
|
||||
# alert, emerg.
|
||||
#
|
||||
LogLevel warn
|
||||
|
||||
<IfModule log_config_module>
|
||||
#
|
||||
# The following directives define some format nicknames for use with
|
||||
# a CustomLog directive (see below).
|
||||
#
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %b" common
|
||||
|
||||
<IfModule logio_module>
|
||||
# You need to enable mod_logio.c to use %I and %O
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
|
||||
</IfModule>
|
||||
|
||||
#
|
||||
# The location and format of the access logfile (Common Logfile Format).
|
||||
# If you do not define any access logfiles within a <VirtualHost>
|
||||
# container, they will be logged here. Contrariwise, if you *do*
|
||||
# define per-<VirtualHost> access logfiles, transactions will be
|
||||
# logged therein and *not* in this file.
|
||||
#
|
||||
CustomLog "/var/log/httpd-access.log" common
|
||||
|
||||
#
|
||||
# If you prefer a logfile with access, agent, and referer information
|
||||
# (Combined Logfile Format) you can use the following directive.
|
||||
#
|
||||
#CustomLog "/var/log/httpd-access.log" combined
|
||||
</IfModule>
|
||||
|
||||
<IfModule alias_module>
|
||||
#
|
||||
# Redirect: Allows you to tell clients about documents that used to
|
||||
# exist in your server's namespace, but do not anymore. The client
|
||||
# will make a new request for the document at its new location.
|
||||
# Example:
|
||||
# Redirect permanent /foo http://www.example.com/bar
|
||||
|
||||
#
|
||||
# Alias: Maps web paths into filesystem paths and is used to
|
||||
# access content that does not live under the DocumentRoot.
|
||||
# Example:
|
||||
# Alias /webpath /full/filesystem/path
|
||||
#
|
||||
# If you include a trailing / on /webpath then the server will
|
||||
# require it to be present in the URL. You will also likely
|
||||
# need to provide a <Directory> section to allow access to
|
||||
# the filesystem path.
|
||||
|
||||
#
|
||||
# ScriptAlias: This controls which directories contain server scripts.
|
||||
# ScriptAliases are essentially the same as Aliases, except that
|
||||
# documents in the target directory are treated as applications and
|
||||
# run by the server when requested rather than as documents sent to the
|
||||
# client. The same rules about trailing "/" apply to ScriptAlias
|
||||
# directives as to Alias.
|
||||
#
|
||||
ScriptAlias /cgi-bin/ "/usr/local/www/apache24/cgi-bin/"
|
||||
|
||||
</IfModule>
|
||||
|
||||
<IfModule cgid_module>
|
||||
#
|
||||
# ScriptSock: On threaded servers, designate the path to the UNIX
|
||||
# socket used to communicate with the CGI daemon of mod_cgid.
|
||||
#
|
||||
#Scriptsock cgisock
|
||||
</IfModule>
|
||||
|
||||
#
|
||||
# "/usr/local/www/apache24/cgi-bin" should be changed to whatever your ScriptAliased
|
||||
# CGI directory exists, if you have that configured.
|
||||
#
|
||||
<Directory "/usr/local/www/apache24/cgi-bin">
|
||||
AllowOverride None
|
||||
Options None
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
<IfModule headers_module>
|
||||
#
|
||||
# Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
|
||||
# backend servers which have lingering "httpoxy" defects.
|
||||
# 'Proxy' request header is undefined by the IETF, not listed by IANA
|
||||
#
|
||||
RequestHeader unset Proxy early
|
||||
</IfModule>
|
||||
|
||||
<IfModule mime_module>
|
||||
#
|
||||
# TypesConfig points to the file containing the list of mappings from
|
||||
# filename extension to MIME-type.
|
||||
#
|
||||
TypesConfig etc/apache24/mime.types
|
||||
|
||||
#
|
||||
# AddType allows you to add to or override the MIME configuration
|
||||
# file specified in TypesConfig for specific file types.
|
||||
#
|
||||
#AddType application/x-gzip .tgz
|
||||
#
|
||||
# AddEncoding allows you to have certain browsers uncompress
|
||||
# information on the fly. Note: Not all browsers support this.
|
||||
#
|
||||
#AddEncoding x-compress .Z
|
||||
#AddEncoding x-gzip .gz .tgz
|
||||
#
|
||||
# If the AddEncoding directives above are commented-out, then you
|
||||
# probably should define those extensions to indicate media types:
|
||||
#
|
||||
AddType application/x-compress .Z
|
||||
AddType application/x-gzip .gz .tgz
|
||||
|
||||
#
|
||||
# AddHandler allows you to map certain file extensions to "handlers":
|
||||
# actions unrelated to filetype. These can be either built into the server
|
||||
# or added with the Action directive (see below)
|
||||
#
|
||||
# To use CGI scripts outside of ScriptAliased directories:
|
||||
# (You will also need to add "ExecCGI" to the "Options" directive.)
|
||||
#
|
||||
#AddHandler cgi-script .cgi
|
||||
|
||||
# For type maps (negotiated resources):
|
||||
#AddHandler type-map var
|
||||
|
||||
#
|
||||
# Filters allow you to process content before it is sent to the client.
|
||||
#
|
||||
# To parse .shtml files for server-side includes (SSI):
|
||||
# (You will also need to add "Includes" to the "Options" directive.)
|
||||
#
|
||||
#AddType text/html .shtml
|
||||
#AddOutputFilter INCLUDES .shtml
|
||||
|
||||
AddType application/x-httpd-php .php
|
||||
AddType application/x-httpd-php-source .phps
|
||||
|
||||
</IfModule>
|
||||
|
||||
#
|
||||
# The mod_mime_magic module allows the server to use various hints from the
|
||||
# contents of the file itself to determine its type. The MIMEMagicFile
|
||||
# directive tells the module where the hint definitions are located.
|
||||
#
|
||||
#MIMEMagicFile etc/apache24/magic
|
||||
|
||||
#
|
||||
# Customizable error responses come in three flavors:
|
||||
# 1) plain text 2) local redirects 3) external redirects
|
||||
#
|
||||
# Some examples:
|
||||
#ErrorDocument 500 "The server made a boo boo."
|
||||
#ErrorDocument 404 /missing.html
|
||||
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
|
||||
#ErrorDocument 402 http://www.example.com/subscription_info.html
|
||||
#
|
||||
|
||||
#
|
||||
# MaxRanges: Maximum number of Ranges in a request before
|
||||
# returning the entire resource, or one of the special
|
||||
# values 'default', 'none' or 'unlimited'.
|
||||
# Default setting is to accept 200 Ranges.
|
||||
#MaxRanges unlimited
|
||||
|
||||
#
|
||||
# EnableMMAP and EnableSendfile: On systems that support it,
|
||||
# memory-mapping or the sendfile syscall may be used to deliver
|
||||
# files. This usually improves server performance, but must
|
||||
# be turned off when serving from networked-mounted
|
||||
# filesystems or if support for these functions is otherwise
|
||||
# broken on your system.
|
||||
# Defaults: EnableMMAP On, EnableSendfile Off
|
||||
#
|
||||
#EnableMMAP off
|
||||
#EnableSendfile on
|
||||
|
||||
# Supplemental configuration
|
||||
#
|
||||
# The configuration files in the etc/apache24/extra/ directory can be
|
||||
# included to add extra features or to modify the default configuration of
|
||||
# the server, or you may simply copy their contents here and change as
|
||||
# necessary.
|
||||
|
||||
# Server-pool management (MPM specific)
|
||||
#Include etc/apache24/extra/httpd-mpm.conf
|
||||
|
||||
# Multi-language error messages
|
||||
#Include etc/apache24/extra/httpd-multilang-errordoc.conf
|
||||
|
||||
# Fancy directory listings
|
||||
#Include etc/apache24/extra/httpd-autoindex.conf
|
||||
|
||||
# Language settings
|
||||
#Include etc/apache24/extra/httpd-languages.conf
|
||||
|
||||
# User home directories
|
||||
#Include etc/apache24/extra/httpd-userdir.conf
|
||||
|
||||
# Real-time info on requests and configuration
|
||||
#Include etc/apache24/extra/httpd-info.conf
|
||||
|
||||
# Virtual hosts
|
||||
#Include etc/apache24/extra/httpd-vhosts.conf
|
||||
|
||||
# Local access to the Apache HTTP Server Manual
|
||||
#Include etc/apache24/extra/httpd-manual.conf
|
||||
|
||||
# Distributed authoring and versioning (WebDAV)
|
||||
#Include etc/apache24/extra/httpd-dav.conf
|
||||
|
||||
# Various default settings
|
||||
#Include etc/apache24/extra/httpd-default.conf
|
||||
|
||||
# Configure mod_proxy_html to understand HTML4/XHTML1
|
||||
<IfModule proxy_html_module>
|
||||
Include etc/apache24/extra/proxy-html.conf
|
||||
</IfModule>
|
||||
|
||||
# Secure (SSL/TLS) connections
|
||||
#Include etc/apache24/extra/httpd-ssl.conf
|
||||
#
|
||||
# Note: The following must must be present to support
|
||||
# starting without SSL on platforms with no /dev/random equivalent
|
||||
# but a statically compiled-in mod_ssl.
|
||||
#
|
||||
<IfModule ssl_module>
|
||||
SSLRandomSeed startup builtin
|
||||
SSLRandomSeed connect builtin
|
||||
</IfModule>
|
||||
|
||||
Include etc/apache24/Includes/*.conf
|
||||
|
||||
<VirtualHost *:443>
|
||||
ServerName www.ahlawat.com
|
||||
ServerAlias *.ahlawat.com
|
||||
ServerAlias ahlawat.com
|
||||
|
||||
Protocols h2 http/1.1
|
||||
|
||||
DocumentRoot "/usr/local/www/apache24/data/"
|
||||
|
||||
SSLEngine on
|
||||
SSLCertificateFile "/mnt/certs/fullchain.pem"
|
||||
SSLCertificateKeyFile "/mnt/certs/privkey.pem"
|
||||
#SSLCertificateChainFile "/mnt/certs/fullchain.pem"
|
||||
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
||||
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||
SSLHonorCipherOrder off
|
||||
SSLSessionTickets off
|
||||
SSLOptions +StrictRequire
|
||||
# SSLCompression off
|
||||
|
||||
RewriteEngine On
|
||||
RewriteCond %{HTTP:Authorization} ^(.*)
|
||||
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
|
||||
|
||||
<FilesMatch "\.(cgi|shtml|phtml|php)$">
|
||||
SetHandler "proxy:fcgi://127.0.0.1:9000"
|
||||
SSLOptions +StdEnvVars
|
||||
</FilesMatch>
|
||||
|
||||
<Directory "/usr/local/www/apache24/cgi-bin">
|
||||
SSLOptions +StdEnvVars
|
||||
</Directory>
|
||||
|
||||
BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
|
||||
CustomLog "/var/log/ssl-request.log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
|
||||
|
||||
<Directory "/usr/local/www/apache24/data/">
|
||||
Options Indexes FollowSymLinks MultiViews
|
||||
## IndexOptions FancyIndexing FoldersFirst IgnoreCase VersionSort SuppressHTMLPreamble NameWidth=96 DescriptionWidth=16
|
||||
IndexOptions FancyIndexing FoldersFirst IgnoreCase NameWidth=96
|
||||
|
||||
#AllowOverride controls what directives may be placed in .htaccess files.
|
||||
AllowOverride All
|
||||
#AllowOverride AuthConfig
|
||||
#Controls who can get stuff from this server file
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
ErrorLog "/var/log/ssl-error.log"
|
||||
CustomLog "/var/log/ssl-access_log" combined
|
||||
|
||||
<IfModule mod_headers.c>
|
||||
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
|
||||
</IfModule>
|
||||
|
||||
<IfModule mod_expires.c>
|
||||
ExpiresActive On
|
||||
ExpiresDefault A0
|
||||
|
||||
<FilesMatch "\.(txt|xml|js)$">
|
||||
ExpiresDefault A31536000
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.(css)$">
|
||||
ExpiresDefault A31536000
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|woff2|svg)$">
|
||||
ExpiresDefault A31536000
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.(jpg|jpeg|png|gif|swf|webp)$">
|
||||
ExpiresDefault A31536000
|
||||
</FilesMatch>
|
||||
</IfModule>
|
||||
|
||||
<IfModule mod_headers.c>
|
||||
<FilesMatch "\.(txt|xml|js)$">
|
||||
Header set Cache-Control "max-age=31536000"
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.(css)$">
|
||||
Header set Cache-Control "max-age=31536000"
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|woff2|svg)$">
|
||||
Header set Cache-Control "max-age=31536000"
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.(jpg|jpeg|png|gif|swf|webp)$">
|
||||
Header set Cache-Control "max-age=31536000"
|
||||
</FilesMatch>
|
||||
</IfModule>
|
||||
|
||||
<IfModule mod_deflate.c>
|
||||
SetOutputFilter DEFLATE
|
||||
<IfModule mod_setenvif.c>
|
||||
<IfModule mod_headers.c>
|
||||
SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
|
||||
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
|
||||
</IfModule>
|
||||
</IfModule>
|
||||
<IfModule mod_filter.c>
|
||||
AddOutputFilterByType DEFLATE "application/atom+xml" \
|
||||
"application/javascript" \
|
||||
"application/json" \
|
||||
"application/ld+json" \
|
||||
"application/manifest+json" \
|
||||
"application/rdf+xml" \
|
||||
"application/rss+xml" \
|
||||
"application/schema+json" \
|
||||
"application/vnd.geo+json" \
|
||||
"application/vnd.ms-fontobject" \
|
||||
"application/x-font-ttf" \
|
||||
"application/x-font-opentype" \
|
||||
"application/x-font-truetype" \
|
||||
"application/x-javascript" \
|
||||
"application/x-web-app-manifest+json" \
|
||||
"application/xhtml+xml" \
|
||||
"application/xml" \
|
||||
"font/eot" \
|
||||
"font/opentype" \
|
||||
"font/otf" \
|
||||
"image/bmp" \
|
||||
"image/svg+xml" \
|
||||
"image/vnd.microsoft.icon" \
|
||||
"image/x-icon" \
|
||||
"text/cache-manifest" \
|
||||
"text/css" \
|
||||
"text/html" \
|
||||
"text/javascript" \
|
||||
"text/plain" \
|
||||
"text/vcard" \
|
||||
"text/vnd.rim.location.xloc" \
|
||||
"text/vtt" \
|
||||
"text/x-component" \
|
||||
"text/x-cross-domain-policy" \
|
||||
"text/xml"
|
||||
|
||||
</IfModule>
|
||||
<IfModule mod_mime.c>
|
||||
AddEncoding gzip svgz
|
||||
</IfModule>
|
||||
</IfModule>
|
||||
|
||||
</VirtualHost>
|
||||
|
||||
SSLUseStapling On
|
||||
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
|
703
jails/config/common/httpd.conf
Normal file
703
jails/config/common/httpd.conf
Normal file
@ -0,0 +1,703 @@
|
||||
#
|
||||
# This is the main Apache HTTP server configuration file. It contains the
|
||||
# configuration directives that give the server its instructions.
|
||||
# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
|
||||
# In particular, see
|
||||
# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
|
||||
# for a discussion of each configuration directive.
|
||||
#
|
||||
# Do NOT simply read the instructions in here without understanding
|
||||
# what they do. They're here only as hints or reminders. If you are unsure
|
||||
# consult the online docs. You have been warned.
|
||||
#
|
||||
# Configuration and logfile names: If the filenames you specify for many
|
||||
# of the server's control files begin with "/" (or "drive:/" for Win32), the
|
||||
# server will use that explicit path. If the filenames do *not* begin
|
||||
# with "/", the value of ServerRoot is prepended -- so "logs/access_log"
|
||||
# with ServerRoot set to "/usr/local/apache2" will be interpreted by the
|
||||
# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log"
|
||||
# will be interpreted as '/logs/access_log'.
|
||||
|
||||
#
|
||||
# ServerRoot: The top of the directory tree under which the server's
|
||||
# configuration, error, and log files are kept.
|
||||
#
|
||||
# Do not add a slash at the end of the directory path. If you point
|
||||
# ServerRoot at a non-local disk, be sure to specify a local disk on the
|
||||
# Mutex directive, if file-based mutexes are used. If you wish to share the
|
||||
# same ServerRoot for multiple httpd daemons, you will need to change at
|
||||
# least PidFile.
|
||||
#
|
||||
ServerRoot "/usr/local"
|
||||
|
||||
#
|
||||
# Mutex: Allows you to set the mutex mechanism and mutex file directory
|
||||
# for individual mutexes, or change the global defaults
|
||||
#
|
||||
# Uncomment and change the directory if mutexes are file-based and the default
|
||||
# mutex file directory is not on a local disk or is not appropriate for some
|
||||
# other reason.
|
||||
#
|
||||
# Mutex default:/var/run
|
||||
|
||||
#
|
||||
# Listen: Allows you to bind Apache to specific IP addresses and/or
|
||||
# ports, instead of the default. See also the <VirtualHost>
|
||||
# directive.
|
||||
#
|
||||
# Change this to Listen on specific IP addresses as shown below to
|
||||
# prevent Apache from glomming onto all bound IP addresses.
|
||||
#
|
||||
#Listen 12.34.56.78:80
|
||||
#Listen 80
|
||||
|
||||
#
|
||||
# Dynamic Shared Object (DSO) Support
|
||||
#
|
||||
# To be able to use the functionality of a module which was built as a DSO you
|
||||
# have to place corresponding `LoadModule' lines at this location so the
|
||||
# directives contained in it are actually available _before_ they are used.
|
||||
# Statically compiled modules (those listed by `httpd -l') do not need
|
||||
# to be loaded here.
|
||||
#
|
||||
# Example:
|
||||
# LoadModule foo_module modules/mod_foo.so
|
||||
#
|
||||
LoadModule mpm_event_module libexec/apache24/mod_mpm_event.so
|
||||
#LoadModule mpm_prefork_module libexec/apache24/mod_mpm_prefork.so
|
||||
#LoadModule mpm_worker_module libexec/apache24/mod_mpm_worker.so
|
||||
LoadModule authn_file_module libexec/apache24/mod_authn_file.so
|
||||
#LoadModule authn_dbm_module libexec/apache24/mod_authn_dbm.so
|
||||
#LoadModule authn_anon_module libexec/apache24/mod_authn_anon.so
|
||||
#LoadModule authn_dbd_module libexec/apache24/mod_authn_dbd.so
|
||||
#LoadModule authn_socache_module libexec/apache24/mod_authn_socache.so
|
||||
LoadModule authn_core_module libexec/apache24/mod_authn_core.so
|
||||
LoadModule authz_host_module libexec/apache24/mod_authz_host.so
|
||||
LoadModule authz_groupfile_module libexec/apache24/mod_authz_groupfile.so
|
||||
LoadModule authz_user_module libexec/apache24/mod_authz_user.so
|
||||
#LoadModule authz_dbm_module libexec/apache24/mod_authz_dbm.so
|
||||
#LoadModule authz_owner_module libexec/apache24/mod_authz_owner.so
|
||||
#LoadModule authz_dbd_module libexec/apache24/mod_authz_dbd.so
|
||||
LoadModule authz_core_module libexec/apache24/mod_authz_core.so
|
||||
#LoadModule authnz_fcgi_module libexec/apache24/mod_authnz_fcgi.so
|
||||
LoadModule access_compat_module libexec/apache24/mod_access_compat.so
|
||||
LoadModule auth_basic_module libexec/apache24/mod_auth_basic.so
|
||||
#LoadModule auth_form_module libexec/apache24/mod_auth_form.so
|
||||
#LoadModule auth_digest_module libexec/apache24/mod_auth_digest.so
|
||||
#LoadModule allowmethods_module libexec/apache24/mod_allowmethods.so
|
||||
#LoadModule file_cache_module libexec/apache24/mod_file_cache.so
|
||||
#LoadModule cache_module libexec/apache24/mod_cache.so
|
||||
#LoadModule cache_disk_module libexec/apache24/mod_cache_disk.so
|
||||
#LoadModule cache_socache_module libexec/apache24/mod_cache_socache.so
|
||||
LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so
|
||||
#LoadModule socache_dbm_module libexec/apache24/mod_socache_dbm.so
|
||||
#LoadModule socache_memcache_module libexec/apache24/mod_socache_memcache.so
|
||||
#LoadModule watchdog_module libexec/apache24/mod_watchdog.so
|
||||
#LoadModule macro_module libexec/apache24/mod_macro.so
|
||||
#LoadModule dbd_module libexec/apache24/mod_dbd.so
|
||||
#LoadModule dumpio_module libexec/apache24/mod_dumpio.so
|
||||
#LoadModule buffer_module libexec/apache24/mod_buffer.so
|
||||
#LoadModule data_module libexec/apache24/mod_data.so
|
||||
#LoadModule ratelimit_module libexec/apache24/mod_ratelimit.so
|
||||
LoadModule reqtimeout_module libexec/apache24/mod_reqtimeout.so
|
||||
#LoadModule ext_filter_module libexec/apache24/mod_ext_filter.so
|
||||
#LoadModule request_module libexec/apache24/mod_request.so
|
||||
#LoadModule include_module libexec/apache24/mod_include.so
|
||||
LoadModule filter_module libexec/apache24/mod_filter.so
|
||||
#LoadModule reflector_module libexec/apache24/mod_reflector.so
|
||||
#LoadModule substitute_module libexec/apache24/mod_substitute.so
|
||||
#LoadModule sed_module libexec/apache24/mod_sed.so
|
||||
#LoadModule charset_lite_module libexec/apache24/mod_charset_lite.so
|
||||
LoadModule deflate_module libexec/apache24/mod_deflate.so
|
||||
#LoadModule xml2enc_module libexec/apache24/mod_xml2enc.so
|
||||
#LoadModule proxy_html_module libexec/apache24/mod_proxy_html.so
|
||||
LoadModule mime_module libexec/apache24/mod_mime.so
|
||||
LoadModule log_config_module libexec/apache24/mod_log_config.so
|
||||
#LoadModule log_debug_module libexec/apache24/mod_log_debug.so
|
||||
#LoadModule log_forensic_module libexec/apache24/mod_log_forensic.so
|
||||
#LoadModule logio_module libexec/apache24/mod_logio.so
|
||||
LoadModule env_module libexec/apache24/mod_env.so
|
||||
#LoadModule mime_magic_module libexec/apache24/mod_mime_magic.so
|
||||
#LoadModule cern_meta_module libexec/apache24/mod_cern_meta.so
|
||||
LoadModule expires_module libexec/apache24/mod_expires.so
|
||||
LoadModule headers_module libexec/apache24/mod_headers.so
|
||||
#LoadModule usertrack_module libexec/apache24/mod_usertrack.so
|
||||
#LoadModule unique_id_module libexec/apache24/mod_unique_id.so
|
||||
LoadModule setenvif_module libexec/apache24/mod_setenvif.so
|
||||
LoadModule version_module libexec/apache24/mod_version.so
|
||||
#LoadModule remoteip_module libexec/apache24/mod_remoteip.so
|
||||
LoadModule proxy_module libexec/apache24/mod_proxy.so
|
||||
#LoadModule proxy_connect_module libexec/apache24/mod_proxy_connect.so
|
||||
#LoadModule proxy_ftp_module libexec/apache24/mod_proxy_ftp.so
|
||||
#LoadModule proxy_http_module libexec/apache24/mod_proxy_http.so
|
||||
LoadModule proxy_fcgi_module libexec/apache24/mod_proxy_fcgi.so
|
||||
#LoadModule proxy_scgi_module libexec/apache24/mod_proxy_scgi.so
|
||||
#LoadModule proxy_uwsgi_module libexec/apache24/mod_proxy_uwsgi.so
|
||||
#LoadModule proxy_fdpass_module libexec/apache24/mod_proxy_fdpass.so
|
||||
#LoadModule proxy_wstunnel_module libexec/apache24/mod_proxy_wstunnel.so
|
||||
#LoadModule proxy_ajp_module libexec/apache24/mod_proxy_ajp.so
|
||||
#LoadModule proxy_balancer_module libexec/apache24/mod_proxy_balancer.so
|
||||
#LoadModule proxy_express_module libexec/apache24/mod_proxy_express.so
|
||||
#LoadModule proxy_hcheck_module libexec/apache24/mod_proxy_hcheck.so
|
||||
#LoadModule session_module libexec/apache24/mod_session.so
|
||||
#LoadModule session_cookie_module libexec/apache24/mod_session_cookie.so
|
||||
#LoadModule session_crypto_module libexec/apache24/mod_session_crypto.so
|
||||
#LoadModule session_dbd_module libexec/apache24/mod_session_dbd.so
|
||||
#LoadModule slotmem_shm_module libexec/apache24/mod_slotmem_shm.so
|
||||
#LoadModule slotmem_plain_module libexec/apache24/mod_slotmem_plain.so
|
||||
LoadModule ssl_module libexec/apache24/mod_ssl.so
|
||||
#LoadModule dialup_module libexec/apache24/mod_dialup.so
|
||||
LoadModule http2_module libexec/apache24/mod_http2.so
|
||||
LoadModule proxy_http2_module libexec/apache24/mod_proxy_http2.so
|
||||
#LoadModule lbmethod_byrequests_module libexec/apache24/mod_lbmethod_byrequests.so
|
||||
#LoadModule lbmethod_bytraffic_module libexec/apache24/mod_lbmethod_bytraffic.so
|
||||
#LoadModule lbmethod_bybusyness_module libexec/apache24/mod_lbmethod_bybusyness.so
|
||||
#LoadModule lbmethod_heartbeat_module libexec/apache24/mod_lbmethod_heartbeat.so
|
||||
LoadModule unixd_module libexec/apache24/mod_unixd.so
|
||||
#LoadModule heartbeat_module libexec/apache24/mod_heartbeat.so
|
||||
#LoadModule heartmonitor_module libexec/apache24/mod_heartmonitor.so
|
||||
#LoadModule dav_module libexec/apache24/mod_dav.so
|
||||
LoadModule status_module libexec/apache24/mod_status.so
|
||||
LoadModule autoindex_module libexec/apache24/mod_autoindex.so
|
||||
#LoadModule asis_module libexec/apache24/mod_asis.so
|
||||
#LoadModule info_module libexec/apache24/mod_info.so
|
||||
<IfModule !mpm_prefork_module>
|
||||
#LoadModule cgid_module libexec/apache24/mod_cgid.so
|
||||
</IfModule>
|
||||
<IfModule mpm_prefork_module>
|
||||
#LoadModule cgi_module libexec/apache24/mod_cgi.so
|
||||
</IfModule>
|
||||
#LoadModule dav_fs_module libexec/apache24/mod_dav_fs.so
|
||||
#LoadModule dav_lock_module libexec/apache24/mod_dav_lock.so
|
||||
#LoadModule vhost_alias_module libexec/apache24/mod_vhost_alias.so
|
||||
#LoadModule negotiation_module libexec/apache24/mod_negotiation.so
|
||||
LoadModule dir_module libexec/apache24/mod_dir.so
|
||||
#LoadModule imagemap_module libexec/apache24/mod_imagemap.so
|
||||
#LoadModule actions_module libexec/apache24/mod_actions.so
|
||||
#LoadModule speling_module libexec/apache24/mod_speling.so
|
||||
#LoadModule userdir_module libexec/apache24/mod_userdir.so
|
||||
LoadModule alias_module libexec/apache24/mod_alias.so
|
||||
LoadModule rewrite_module libexec/apache24/mod_rewrite.so
|
||||
#LoadModule php_module libexec/apache24/libphp.so
|
||||
|
||||
# Third party modules
|
||||
IncludeOptional etc/apache24/modules.d/[0-9][0-9][0-9]_*.conf
|
||||
|
||||
<IfModule unixd_module>
|
||||
#
|
||||
# If you wish httpd to run as a different user or group, you must run
|
||||
# httpd as root initially and it will switch.
|
||||
#
|
||||
# User/Group: The name (or #number) of the user/group to run httpd as.
|
||||
# It is usually good practice to create a dedicated user and group for
|
||||
# running httpd, as with most system services.
|
||||
#
|
||||
User www
|
||||
Group www
|
||||
|
||||
</IfModule>
|
||||
|
||||
# 'Main' server configuration
|
||||
#
|
||||
# The directives in this section set up the values used by the 'main'
|
||||
# server, which responds to any requests that aren't handled by a
|
||||
# <VirtualHost> definition. These values also provide defaults for
|
||||
# any <VirtualHost> containers you may define later in the file.
|
||||
#
|
||||
# All of these directives may appear inside <VirtualHost> containers,
|
||||
# in which case these default settings will be overridden for the
|
||||
# virtual host being defined.
|
||||
#
|
||||
|
||||
#
|
||||
# ServerAdmin: Your address, where problems with the server should be
|
||||
# e-mailed. This address appears on some server-generated pages, such
|
||||
# as error documents. e.g. admin@your-domain.com
|
||||
#
|
||||
ServerAdmin sharad@ahlawat.com
|
||||
|
||||
#
|
||||
# ServerName gives the name and port that the server uses to identify itself.
|
||||
# This can often be determined automatically, but we recommend you specify
|
||||
# it explicitly to prevent problems during startup.
|
||||
#
|
||||
# If your host doesn't have a registered DNS name, enter its IP address here.
|
||||
#
|
||||
ServerName www.ahlawat.com
|
||||
|
||||
#
|
||||
# Deny access to the entirety of your server's filesystem. You must
|
||||
# explicitly permit access to web content directories in other
|
||||
# <Directory> blocks below.
|
||||
#
|
||||
<Directory />
|
||||
AllowOverride none
|
||||
Require all denied
|
||||
</Directory>
|
||||
|
||||
#
|
||||
# Note that from this point forward you must specifically allow
|
||||
# particular features to be enabled - so if something's not working as
|
||||
# you might expect, make sure that you have specifically enabled it
|
||||
# below.
|
||||
#
|
||||
|
||||
#
|
||||
# DocumentRoot: The directory out of which you will serve your
|
||||
# documents. By default, all requests are taken from this directory, but
|
||||
# symbolic links and aliases may be used to point to other locations.
|
||||
#
|
||||
DocumentRoot "/usr/local/www/apache24/data"
|
||||
<Directory "/usr/local/www/apache24/data">
|
||||
|
||||
# can't set this if traffic is passing through haproxy and being redirected to ssl already
|
||||
# RewriteEngine on
|
||||
# RewriteRule ^/\.well-known/ - [L]
|
||||
# RewriteRule (.*) https://www.ahlawat.com [R,L]
|
||||
|
||||
#
|
||||
# Possible values for the Options directive are "None", "All",
|
||||
# or any combination of:
|
||||
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
|
||||
#
|
||||
# Note that "MultiViews" must be named *explicitly* --- "Options All"
|
||||
# doesn't give it to you.
|
||||
#
|
||||
# The Options directive is both complicated and important. Please see
|
||||
# http://httpd.apache.org/docs/2.4/mod/core.html#options
|
||||
# for more information.
|
||||
#
|
||||
Options Indexes FollowSymLinks
|
||||
|
||||
#
|
||||
# AllowOverride controls what directives may be placed in .htaccess files.
|
||||
# It can be "All", "None", or any combination of the keywords:
|
||||
# AllowOverride FileInfo AuthConfig Limit
|
||||
#
|
||||
AllowOverride None
|
||||
|
||||
#
|
||||
# Controls who can get stuff from this server.
|
||||
#
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
#
|
||||
# DirectoryIndex: sets the file that Apache will serve if a directory
|
||||
# is requested.
|
||||
#
|
||||
<IfModule dir_module>
|
||||
DirectoryIndex index.php index.html
|
||||
<FilesMatch "\.php$">
|
||||
SetHandler application/x-httpd-php
|
||||
</FilesMatch>
|
||||
<FilesMatch "\.phps$">
|
||||
SetHandler application/x-httpd-php-source
|
||||
</FilesMatch>
|
||||
</IfModule>
|
||||
|
||||
#
|
||||
# The following lines prevent .htaccess and .htpasswd files from being
|
||||
# viewed by Web clients.
|
||||
#
|
||||
<Files ".ht*">
|
||||
Require all denied
|
||||
</Files>
|
||||
|
||||
#
|
||||
# ErrorLog: The location of the error log file.
|
||||
# If you do not specify an ErrorLog directive within a <VirtualHost>
|
||||
# container, error messages relating to that virtual host will be
|
||||
# logged here. If you *do* define an error logfile for a <VirtualHost>
|
||||
# container, that host's errors will be logged there and not here.
|
||||
#
|
||||
ErrorLog "/var/log/httpd-error.log"
|
||||
|
||||
#
|
||||
# LogLevel: Control the number of messages logged to the error_log.
|
||||
# Possible values include: debug, info, notice, warn, error, crit,
|
||||
# alert, emerg.
|
||||
#
|
||||
LogLevel warn
|
||||
|
||||
<IfModule log_config_module>
|
||||
#
|
||||
# The following directives define some format nicknames for use with
|
||||
# a CustomLog directive (see below).
|
||||
#
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %b" common
|
||||
|
||||
<IfModule logio_module>
|
||||
# You need to enable mod_logio.c to use %I and %O
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
|
||||
</IfModule>
|
||||
|
||||
#
|
||||
# The location and format of the access logfile (Common Logfile Format).
|
||||
# If you do not define any access logfiles within a <VirtualHost>
|
||||
# container, they will be logged here. Contrariwise, if you *do*
|
||||
# define per-<VirtualHost> access logfiles, transactions will be
|
||||
# logged therein and *not* in this file.
|
||||
#
|
||||
CustomLog "/var/log/httpd-access.log" common
|
||||
|
||||
#
|
||||
# If you prefer a logfile with access, agent, and referer information
|
||||
# (Combined Logfile Format) you can use the following directive.
|
||||
#
|
||||
#CustomLog "/var/log/httpd-access.log" combined
|
||||
</IfModule>
|
||||
|
||||
<IfModule alias_module>
|
||||
#
|
||||
# Redirect: Allows you to tell clients about documents that used to
|
||||
# exist in your server's namespace, but do not anymore. The client
|
||||
# will make a new request for the document at its new location.
|
||||
# Example:
|
||||
# Redirect permanent /foo http://www.example.com/bar
|
||||
|
||||
#
|
||||
# Alias: Maps web paths into filesystem paths and is used to
|
||||
# access content that does not live under the DocumentRoot.
|
||||
# Example:
|
||||
# Alias /webpath /full/filesystem/path
|
||||
#
|
||||
# If you include a trailing / on /webpath then the server will
|
||||
# require it to be present in the URL. You will also likely
|
||||
# need to provide a <Directory> section to allow access to
|
||||
# the filesystem path.
|
||||
|
||||
#
|
||||
# ScriptAlias: This controls which directories contain server scripts.
|
||||
# ScriptAliases are essentially the same as Aliases, except that
|
||||
# documents in the target directory are treated as applications and
|
||||
# run by the server when requested rather than as documents sent to the
|
||||
# client. The same rules about trailing "/" apply to ScriptAlias
|
||||
# directives as to Alias.
|
||||
#
|
||||
ScriptAlias /cgi-bin/ "/usr/local/www/apache24/cgi-bin/"
|
||||
|
||||
</IfModule>
|
||||
|
||||
<IfModule cgid_module>
|
||||
#
|
||||
# ScriptSock: On threaded servers, designate the path to the UNIX
|
||||
# socket used to communicate with the CGI daemon of mod_cgid.
|
||||
#
|
||||
#Scriptsock cgisock
|
||||
</IfModule>
|
||||
|
||||
#
|
||||
# "/usr/local/www/apache24/cgi-bin" should be changed to whatever your ScriptAliased
|
||||
# CGI directory exists, if you have that configured.
|
||||
#
|
||||
<Directory "/usr/local/www/apache24/cgi-bin">
|
||||
AllowOverride None
|
||||
Options None
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
<IfModule headers_module>
|
||||
#
|
||||
# Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
|
||||
# backend servers which have lingering "httpoxy" defects.
|
||||
# 'Proxy' request header is undefined by the IETF, not listed by IANA
|
||||
#
|
||||
RequestHeader unset Proxy early
|
||||
</IfModule>
|
||||
|
||||
<IfModule mime_module>
|
||||
#
|
||||
# TypesConfig points to the file containing the list of mappings from
|
||||
# filename extension to MIME-type.
|
||||
#
|
||||
TypesConfig etc/apache24/mime.types
|
||||
|
||||
#
|
||||
# AddType allows you to add to or override the MIME configuration
|
||||
# file specified in TypesConfig for specific file types.
|
||||
#
|
||||
#AddType application/x-gzip .tgz
|
||||
#
|
||||
# AddEncoding allows you to have certain browsers uncompress
|
||||
# information on the fly. Note: Not all browsers support this.
|
||||
#
|
||||
#AddEncoding x-compress .Z
|
||||
#AddEncoding x-gzip .gz .tgz
|
||||
#
|
||||
# If the AddEncoding directives above are commented-out, then you
|
||||
# probably should define those extensions to indicate media types:
|
||||
#
|
||||
AddType application/x-compress .Z
|
||||
AddType application/x-gzip .gz .tgz
|
||||
|
||||
#
|
||||
# AddHandler allows you to map certain file extensions to "handlers":
|
||||
# actions unrelated to filetype. These can be either built into the server
|
||||
# or added with the Action directive (see below)
|
||||
#
|
||||
# To use CGI scripts outside of ScriptAliased directories:
|
||||
# (You will also need to add "ExecCGI" to the "Options" directive.)
|
||||
#
|
||||
#AddHandler cgi-script .cgi
|
||||
|
||||
# For type maps (negotiated resources):
|
||||
#AddHandler type-map var
|
||||
|
||||
#
|
||||
# Filters allow you to process content before it is sent to the client.
|
||||
#
|
||||
# To parse .shtml files for server-side includes (SSI):
|
||||
# (You will also need to add "Includes" to the "Options" directive.)
|
||||
#
|
||||
#AddType text/html .shtml
|
||||
#AddOutputFilter INCLUDES .shtml
|
||||
|
||||
AddType application/x-httpd-php .php
|
||||
AddType application/x-httpd-php-source .phps
|
||||
|
||||
</IfModule>
|
||||
|
||||
#
|
||||
# The mod_mime_magic module allows the server to use various hints from the
|
||||
# contents of the file itself to determine its type. The MIMEMagicFile
|
||||
# directive tells the module where the hint definitions are located.
|
||||
#
|
||||
#MIMEMagicFile etc/apache24/magic
|
||||
|
||||
#
|
||||
# Customizable error responses come in three flavors:
|
||||
# 1) plain text 2) local redirects 3) external redirects
|
||||
#
|
||||
# Some examples:
|
||||
#ErrorDocument 500 "The server made a boo boo."
|
||||
#ErrorDocument 404 /missing.html
|
||||
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
|
||||
#ErrorDocument 402 http://www.example.com/subscription_info.html
|
||||
#
|
||||
|
||||
#
|
||||
# MaxRanges: Maximum number of Ranges in a request before
|
||||
# returning the entire resource, or one of the special
|
||||
# values 'default', 'none' or 'unlimited'.
|
||||
# Default setting is to accept 200 Ranges.
|
||||
#MaxRanges unlimited
|
||||
|
||||
#
|
||||
# EnableMMAP and EnableSendfile: On systems that support it,
|
||||
# memory-mapping or the sendfile syscall may be used to deliver
|
||||
# files. This usually improves server performance, but must
|
||||
# be turned off when serving from networked-mounted
|
||||
# filesystems or if support for these functions is otherwise
|
||||
# broken on your system.
|
||||
# Defaults: EnableMMAP On, EnableSendfile Off
|
||||
#
|
||||
#EnableMMAP off
|
||||
#EnableSendfile on
|
||||
|
||||
# Supplemental configuration
|
||||
#
|
||||
# The configuration files in the etc/apache24/extra/ directory can be
|
||||
# included to add extra features or to modify the default configuration of
|
||||
# the server, or you may simply copy their contents here and change as
|
||||
# necessary.
|
||||
|
||||
# Server-pool management (MPM specific)
|
||||
#Include etc/apache24/extra/httpd-mpm.conf
|
||||
|
||||
# Multi-language error messages
|
||||
#Include etc/apache24/extra/httpd-multilang-errordoc.conf
|
||||
|
||||
# Fancy directory listings
|
||||
#Include etc/apache24/extra/httpd-autoindex.conf
|
||||
|
||||
# Language settings
|
||||
#Include etc/apache24/extra/httpd-languages.conf
|
||||
|
||||
# User home directories
|
||||
#Include etc/apache24/extra/httpd-userdir.conf
|
||||
|
||||
# Real-time info on requests and configuration
|
||||
#Include etc/apache24/extra/httpd-info.conf
|
||||
|
||||
# Virtual hosts
|
||||
#Include etc/apache24/extra/httpd-vhosts.conf
|
||||
|
||||
# Local access to the Apache HTTP Server Manual
|
||||
#Include etc/apache24/extra/httpd-manual.conf
|
||||
|
||||
# Distributed authoring and versioning (WebDAV)
|
||||
#Include etc/apache24/extra/httpd-dav.conf
|
||||
|
||||
# Various default settings
|
||||
#Include etc/apache24/extra/httpd-default.conf
|
||||
|
||||
# Configure mod_proxy_html to understand HTML4/XHTML1
|
||||
<IfModule proxy_html_module>
|
||||
Include etc/apache24/extra/proxy-html.conf
|
||||
</IfModule>
|
||||
|
||||
# Secure (SSL/TLS) connections
|
||||
#Include etc/apache24/extra/httpd-ssl.conf
|
||||
#
|
||||
# Note: The following must must be present to support
|
||||
# starting without SSL on platforms with no /dev/random equivalent
|
||||
# but a statically compiled-in mod_ssl.
|
||||
#
|
||||
<IfModule ssl_module>
|
||||
SSLRandomSeed startup builtin
|
||||
SSLRandomSeed connect builtin
|
||||
</IfModule>
|
||||
|
||||
Include etc/apache24/Includes/*.conf
|
||||
|
||||
<VirtualHost *:443>
|
||||
ServerName www.ahlawat.com
|
||||
ServerAlias *.ahlawat.com
|
||||
ServerAlias ahlawat.com
|
||||
|
||||
Protocols h2 http/1.1
|
||||
|
||||
DocumentRoot "/usr/local/www/apache24/data/"
|
||||
|
||||
SSLEngine on
|
||||
SSLCertificateFile "/mnt/certs/fullchain.pem"
|
||||
SSLCertificateKeyFile "/mnt/certs/privkey.pem"
|
||||
#SSLCertificateChainFile "/mnt/certs/fullchain.pem"
|
||||
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
||||
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||
SSLHonorCipherOrder off
|
||||
SSLSessionTickets off
|
||||
SSLOptions +StrictRequire
|
||||
# SSLCompression off
|
||||
|
||||
RewriteEngine On
|
||||
RewriteCond %{HTTP:Authorization} ^(.*)
|
||||
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
|
||||
|
||||
<FilesMatch "\.(cgi|shtml|phtml|php)$">
|
||||
SetHandler "proxy:fcgi://127.0.0.1:9000"
|
||||
SSLOptions +StdEnvVars
|
||||
</FilesMatch>
|
||||
|
||||
<Directory "/usr/local/www/apache24/cgi-bin">
|
||||
SSLOptions +StdEnvVars
|
||||
</Directory>
|
||||
|
||||
BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
|
||||
CustomLog "/var/log/ssl-request.log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
|
||||
|
||||
<Directory "/usr/local/www/apache24/data/">
|
||||
Options Indexes FollowSymLinks MultiViews
|
||||
## IndexOptions FancyIndexing FoldersFirst IgnoreCase VersionSort SuppressHTMLPreamble NameWidth=96 DescriptionWidth=16
|
||||
IndexOptions FancyIndexing FoldersFirst IgnoreCase NameWidth=96
|
||||
|
||||
#AllowOverride controls what directives may be placed in .htaccess files.
|
||||
#AllowOverride All
|
||||
#AllowOverride AuthConfig
|
||||
#Controls who can get stuff from this server file
|
||||
#Require all granted
|
||||
</Directory>
|
||||
|
||||
ErrorLog "/var/log/ssl-error.log"
|
||||
CustomLog "/var/log/ssl-access_log" combined
|
||||
|
||||
<IfModule mod_headers.c>
|
||||
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
|
||||
</IfModule>
|
||||
|
||||
<IfModule mod_expires.c>
|
||||
ExpiresActive On
|
||||
ExpiresDefault A0
|
||||
|
||||
<FilesMatch "\.(txt|xml|js)$">
|
||||
ExpiresDefault A31536000
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.(css)$">
|
||||
ExpiresDefault A31536000
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|woff2|svg)$">
|
||||
ExpiresDefault A31536000
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.(jpg|jpeg|png|gif|swf|webp)$">
|
||||
ExpiresDefault A31536000
|
||||
</FilesMatch>
|
||||
</IfModule>
|
||||
|
||||
<IfModule mod_headers.c>
|
||||
<FilesMatch "\.(txt|xml|js)$">
|
||||
Header set Cache-Control "max-age=31536000"
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.(css)$">
|
||||
Header set Cache-Control "max-age=31536000"
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|woff2|svg)$">
|
||||
Header set Cache-Control "max-age=31536000"
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.(jpg|jpeg|png|gif|swf|webp)$">
|
||||
Header set Cache-Control "max-age=31536000"
|
||||
</FilesMatch>
|
||||
</IfModule>
|
||||
|
||||
<IfModule mod_deflate.c>
|
||||
SetOutputFilter DEFLATE
|
||||
<IfModule mod_setenvif.c>
|
||||
<IfModule mod_headers.c>
|
||||
SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
|
||||
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
|
||||
</IfModule>
|
||||
</IfModule>
|
||||
<IfModule mod_filter.c>
|
||||
AddOutputFilterByType DEFLATE "application/atom+xml" \
|
||||
"application/javascript" \
|
||||
"application/json" \
|
||||
"application/ld+json" \
|
||||
"application/manifest+json" \
|
||||
"application/rdf+xml" \
|
||||
"application/rss+xml" \
|
||||
"application/schema+json" \
|
||||
"application/vnd.geo+json" \
|
||||
"application/vnd.ms-fontobject" \
|
||||
"application/x-font-ttf" \
|
||||
"application/x-font-opentype" \
|
||||
"application/x-font-truetype" \
|
||||
"application/x-javascript" \
|
||||
"application/x-web-app-manifest+json" \
|
||||
"application/xhtml+xml" \
|
||||
"application/xml" \
|
||||
"font/eot" \
|
||||
"font/opentype" \
|
||||
"font/otf" \
|
||||
"image/bmp" \
|
||||
"image/svg+xml" \
|
||||
"image/vnd.microsoft.icon" \
|
||||
"image/x-icon" \
|
||||
"text/cache-manifest" \
|
||||
"text/css" \
|
||||
"text/html" \
|
||||
"text/javascript" \
|
||||
"text/plain" \
|
||||
"text/vcard" \
|
||||
"text/vnd.rim.location.xloc" \
|
||||
"text/vtt" \
|
||||
"text/x-component" \
|
||||
"text/x-cross-domain-policy" \
|
||||
"text/xml"
|
||||
|
||||
</IfModule>
|
||||
<IfModule mod_mime.c>
|
||||
AddEncoding gzip svgz
|
||||
</IfModule>
|
||||
</IfModule>
|
||||
|
||||
</VirtualHost>
|
||||
|
||||
SSLUseStapling On
|
||||
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
|
@ -10,8 +10,8 @@ pkgp-freebsd-pkg: {
|
||||
priority: 10
|
||||
}
|
||||
|
||||
pkgp122: {
|
||||
url: "http://pkgp.ahlawat.com/packages/pj122-default/",
|
||||
pkgp123: {
|
||||
url: "http://pkgp.ahlawat.com/packages/pj123-default",
|
||||
mirror_type: "http",
|
||||
signature_type: "pubkey",
|
||||
pubkey: "/mnt/certs/poudriere.cert",
|
||||
|
6
jails/config/db/pkg-list-details.txt
Normal file
6
jails/config/db/pkg-list-details.txt
Normal file
@ -0,0 +1,6 @@
|
||||
pkgp-freebsd-pkg____bash-5.1.16
|
||||
pkgp-freebsd-pkg____bash-completion-2.11_1,2
|
||||
pkgp-freebsd-pkg____mariadb105-server-10.5.15_2
|
||||
pkgp-freebsd-pkg____mysqld_exporter-0.12.1_1
|
||||
pkgp-freebsd-pkg____nano-6.0
|
||||
pkgp-freebsd-pkg____pkg-1.17.5_1
|
1
jails/config/db/pkg-list.txt
Normal file
1
jails/config/db/pkg-list.txt
Normal file
@ -0,0 +1 @@
|
||||
bash bash-completion mariadb105-server mysqld_exporter nano pkg
|
58
jails/config/dns/dns_update.sh
Executable file
58
jails/config/dns/dns_update.sh
Executable file
@ -0,0 +1,58 @@
|
||||
#!/usr/local/bin/bash
|
||||
|
||||
# Copyright (c) 2018-2021, diyIT.org
|
||||
# All rights reserved.
|
||||
#
|
||||
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
||||
# https://diyit.org/license/
|
||||
#
|
||||
#
|
||||
|
||||
#SIM="-s"
|
||||
#SIM=""
|
||||
|
||||
#rpl $SIM -v -R "2001:470:480a:a1::" "2001:470:480a:8001::" ./namedb
|
||||
#rpl $SIM -v -R "100.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.8" "100.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.8" ./namedb
|
||||
#rpl $SIM -v -R "2021120700" "2022010100" ./namedb
|
||||
#service $SIM named $SIM restart
|
||||
|
||||
|
||||
service named stop
|
||||
|
||||
cd /data/namedb/master
|
||||
|
||||
rm /data/namedb/master/*signed*
|
||||
|
||||
declare -A ZONE_PEM
|
||||
ZONE_PEM=(["ahlawat.com"]="" ["beyondbell.com"]="bb" ["diyit.org"]="diy" ["xflow.org"]="xflow" ["datavpc.com"]="dvpc" ["mydatavpc.com"]="mdvpc" ["rockwoodestates.org"]="rwe" ["rockwoodranch.org"]="rwr" ["scvcc-rental.com"]="scvcc")
|
||||
|
||||
for ZONE in "${!ZONE_PEM[@]}"
|
||||
do
|
||||
PEM=${ZONE_PEM[$ZONE]}
|
||||
|
||||
/usr/local/bin/ldns-dane -c "/mnt/certs/"$PEM"fullchain.pem" create mail.$ZONE 25 3 1 1 > /data/namedb/master/tlsa-$ZONE
|
||||
/usr/local/bin/ldns-dane -c "/mnt/certs/"$PEM"fullchain.pem" create mail-backup.$ZONE 25 3 1 1 >> /data/namedb/master/tlsa-$ZONE
|
||||
/usr/local/bin/ldns-dane -c "/mnt/certs/"$PEM"fullchain.pem" create $ZONE 443 3 1 1 >> /data/namedb/master/tlsa-$ZONE
|
||||
/usr/local/bin/ldns-dane -c "/mnt/certs/"$PEM"fullchain.pem" create www.$ZONE 443 3 1 1 >> /data/namedb/master/tlsa-$ZONE
|
||||
done
|
||||
|
||||
NEW_SERIAL=`date -j +%Y%m%d%H`
|
||||
#NEW_SERIAL="2022022635"
|
||||
echo $NEW_SERIAL
|
||||
|
||||
for DBFILE in `ls /data/namedb/master/*.db`
|
||||
do
|
||||
ZONE=`echo $DBFILE | cut -d/ -f 5 | cut -d. -f -2`
|
||||
|
||||
/usr/local/sbin/named-checkzone $ZONE $DBFILE
|
||||
SERIAL=`/usr/local/sbin/named-checkzone $ZONE $DBFILE | egrep -ho '[0-9]{10}'`
|
||||
echo $SERIAL
|
||||
sed -i .orig 's/'$SERIAL'/'$(($NEW_SERIAL))'/' $DBFILE
|
||||
|
||||
#/usr/local/sbin/dnssec-signzone -S -K /data/namedb/master -t -o $ZONE $DBFILE
|
||||
/usr/local/sbin/dnssec-signzone -3 $(head -c 1024 /dev/random | sha1sum | cut -b 1-16) -K /data/namedb/master -t -o $ZONE $DBFILE
|
||||
done
|
||||
|
||||
chown bind:bind /data/namedb/master/*
|
||||
|
||||
service named start
|
29
jails/config/dns/dns_verify-6.sh
Executable file
29
jails/config/dns/dns_verify-6.sh
Executable file
@ -0,0 +1,29 @@
|
||||
|
||||
#### dns_verify-6.sh
|
||||
#
|
||||
NETS="2603:3024:3f6:e1: 2603:3024:3f6:e2: 2603:3024:3f6:e5:"
|
||||
IPS=$(seq 1 254)
|
||||
#
|
||||
echo
|
||||
echo -e "\tip -> hostname -> ip"
|
||||
echo '--------------------------------------------------------'
|
||||
for NET in $NETS; do
|
||||
for n in $IPS; do
|
||||
A=${NET}:${n}
|
||||
echo -e "\t$A"
|
||||
HOST=$(dig -6 -x $A +short)
|
||||
if test -n "$HOST"; then
|
||||
ADDR=$(dig -6 -t "AAAA" $HOST +short)
|
||||
if test "$A" = "$ADDR"; then
|
||||
echo -e "ok\t$A -> $HOST -> $ADDR"
|
||||
elif test -n "$ADDR"; then
|
||||
echo -e "fail\t$A -> $HOST -> $ADDR"
|
||||
else
|
||||
echo -e "fail\t$A -> $HOST -> [unassigned]"
|
||||
fi
|
||||
fi
|
||||
done
|
||||
done
|
||||
|
||||
echo ""
|
||||
echo "DONE."
|
27
jails/config/dns/dns_verify.sh
Executable file
27
jails/config/dns/dns_verify.sh
Executable file
@ -0,0 +1,27 @@
|
||||
#### dns_verify.sh
|
||||
#
|
||||
NETS="192.168.0 192.168.1 192.168.2"
|
||||
IPS=$(seq 1 254)
|
||||
#
|
||||
echo
|
||||
echo -e "\tip -> hostname -> ip"
|
||||
echo '--------------------------------------------------------'
|
||||
for NET in $NETS; do
|
||||
for n in $IPS; do
|
||||
A=${NET}.${n}
|
||||
HOST=$(dig -x $A +short)
|
||||
if test -n "$HOST"; then
|
||||
ADDR=$(dig $HOST +short)
|
||||
if test "$A" = "$ADDR"; then
|
||||
echo -e "ok\t$A -> $HOST -> $ADDR"
|
||||
elif test -n "$ADDR"; then
|
||||
echo -e "fail\t$A -> $HOST -> $ADDR"
|
||||
else
|
||||
echo -e "fail\t$A -> $HOST -> [unassigned]"
|
||||
fi
|
||||
fi
|
||||
done
|
||||
done
|
||||
|
||||
echo ""
|
||||
echo "DONE."
|
7
jails/config/dns/pkg-list-details.txt
Normal file
7
jails/config/dns/pkg-list-details.txt
Normal file
@ -0,0 +1,7 @@
|
||||
pkgp-freebsd-pkg____bash-5.1.16
|
||||
pkgp-freebsd-pkg____bash-completion-2.11_1,2
|
||||
pkgp-freebsd-pkg____bind916-9.16.27
|
||||
pkgp-freebsd-pkg____ldns-1.8.1
|
||||
pkgp-freebsd-pkg____nano-6.0
|
||||
pkgp-freebsd-pkg____pkg-1.17.5_1
|
||||
pkgp-freebsd-pkg____rpl-1.4.1
|
1
jails/config/dns/pkg-list.txt
Normal file
1
jails/config/dns/pkg-list.txt
Normal file
@ -0,0 +1 @@
|
||||
bash bash-completion bind916 ldns nano pkg rpl
|
@ -1,18 +0,0 @@
|
||||
#!/usr/local/bin/bash
|
||||
|
||||
# Copyright (c) 2018-2021, diyIT.org
|
||||
# All rights reserved.
|
||||
#
|
||||
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
||||
# https://diyit.org/license/
|
||||
#
|
||||
#
|
||||
|
||||
SIM="-s"
|
||||
#SIM=""
|
||||
|
||||
rpl $SIM -v -R "2603:3024:3f6:21::" "2603:3024:3f6:1::" ./namedb
|
||||
rpl $SIM -v -R "100.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.2" "100.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1" ./namedb
|
||||
rpl $SIM -v -R "2021030900" "2021031100" ./namedb
|
||||
|
||||
service $SIM named $SIM restart
|
10
jails/config/elk/pkg-list-details.txt
Normal file
10
jails/config/elk/pkg-list-details.txt
Normal file
@ -0,0 +1,10 @@
|
||||
pkgp-freebsd-pkg____bash-5.1.16
|
||||
pkgp-freebsd-pkg____bash-completion-2.11_1,2
|
||||
pkgp-freebsd-pkg____beats7-7.16.3_1
|
||||
pkgp-freebsd-pkg____curl-7.82.0
|
||||
pkgp-freebsd-pkg____elasticsearch7-7.16.3
|
||||
pkgp-freebsd-pkg____kibana7-7.16.3
|
||||
pkgp-freebsd-pkg____logstash7-7.16.3
|
||||
pkgp-freebsd-pkg____nano-6.0
|
||||
pkgp-freebsd-pkg____openjdk11-11.0.14+9.1_1
|
||||
pkgp-freebsd-pkg____pkg-1.17.5_1
|
1
jails/config/elk/pkg-list.txt
Normal file
1
jails/config/elk/pkg-list.txt
Normal file
@ -0,0 +1 @@
|
||||
bash bash-completion beats7 curl elasticsearch7 kibana7 logstash7 nano openjdk11 pkg
|
@ -8,10 +8,13 @@
|
||||
#
|
||||
#
|
||||
|
||||
Q=`netstat -LAan | grep 3000 | cut -f3 -d" " | cut -f1 -d/`
|
||||
Q=`netstat -LAan | grep "*.3000" | cut -f3 -d" " | cut -f1 -d/`
|
||||
# Q is null if gitea service is not running
|
||||
|
||||
if [ ! "$Q" ] || [ $Q -ne 0 ]; then
|
||||
# 1537 is max stuck recvQ qlen limit when logging start:
|
||||
# sonewconn: pcb 0xfffff804b9f73d58: Listen queue overflow: 1537 already in queue awaiting acceptance (30 occurrences)
|
||||
|
||||
if [ ! "$Q" ] || [ $Q -ge 100 ]; then
|
||||
echo "restarting gitea stuck at $Q"
|
||||
tail /var/log/gitea/gitea.log
|
||||
kill -9 `pgrep gitea` ; sleep 2 ; service gitea start
|
||||
|
6
jails/config/git/pkg-list-details.txt
Normal file
6
jails/config/git/pkg-list-details.txt
Normal file
@ -0,0 +1,6 @@
|
||||
pkgp-freebsd-pkg____bash-5.1.16
|
||||
pkgp-freebsd-pkg____bash-completion-2.11_1,2
|
||||
pkgp-freebsd-pkg____gitea-1.16.5_1
|
||||
pkgp-freebsd-pkg____nano-6.0
|
||||
pkgp-freebsd-pkg____openldap-sasl-client-2.4.59
|
||||
pkgp-freebsd-pkg____pkg-1.17.5_1
|
1
jails/config/git/pkg-list.txt
Normal file
1
jails/config/git/pkg-list.txt
Normal file
@ -0,0 +1 @@
|
||||
bash bash-completion gitea nano openldap-sasl-client pkg
|
17
jails/config/hass/pkg-list-details.txt
Normal file
17
jails/config/hass/pkg-list-details.txt
Normal file
@ -0,0 +1,17 @@
|
||||
pkgp-freebsd-pkg____bash-5.1.16
|
||||
pkgp-freebsd-pkg____bash-completion-2.11_1,2
|
||||
pkgp-freebsd-pkg____cmake-3.22.2
|
||||
pkgp-freebsd-pkg____ffmpeg-4.4.1_11,1
|
||||
pkgp-freebsd-pkg____git-lite-2.35.1
|
||||
pkgp-freebsd-pkg____gmake-4.3_2
|
||||
pkgp-freebsd-pkg____heyu2-2.10_1
|
||||
pkgp-freebsd-pkg____libxslt-1.1.35_1
|
||||
pkgp-freebsd-pkg____nano-6.0
|
||||
pkgp-freebsd-pkg____openjpeg-2.4.0
|
||||
pkgp-freebsd-pkg____pkg-1.17.5_1
|
||||
pkgp-freebsd-pkg____py38-sqlite3-3.8.13_7
|
||||
pkgp-freebsd-pkg____py39-sqlite3-3.9.12_7
|
||||
pkgp-freebsd-pkg____python39-3.9.12
|
||||
pkgp-freebsd-pkg____rust-1.59.0
|
||||
pkgp-freebsd-pkg____tmux-3.2a
|
||||
pkgp-freebsd-pkg____wget-1.21.3
|
1
jails/config/hass/pkg-list.txt
Normal file
1
jails/config/hass/pkg-list.txt
Normal file
@ -0,0 +1 @@
|
||||
bash bash-completion cmake ffmpeg git-lite gmake heyu2 libxslt nano openjpeg pkg py38-sqlite3 py39-sqlite3 python39 rust tmux wget
|
@ -16,7 +16,7 @@
|
||||
|
||||
# Serial port to which the CM11a is connected. Default is /dev/ttyS0.
|
||||
|
||||
tty /dev/ttyU1
|
||||
tty /dev/ttyU0
|
||||
check_ri_line NO
|
||||
|
||||
# If you have an X10 compatible RF receiver connected to a second
|
||||
@ -24,7 +24,7 @@ check_ri_line NO
|
||||
# and model of receiver. Supported receivers are W800RF32, MR26A,
|
||||
# and RFXCOM. There are no defaults.
|
||||
|
||||
tty_aux /dev/ttyU0 MR26A
|
||||
tty_aux /dev/ttyU1 MR26A
|
||||
|
||||
# The CM19A is both a receiver and transmitter for X10 RF signals.
|
||||
# The MR26A is a receiver only.
|
||||
|
@ -49,7 +49,7 @@ ServerRoot "/usr/local"
|
||||
# prevent Apache from glomming onto all bound IP addresses.
|
||||
#
|
||||
#Listen 12.34.56.78:80
|
||||
Listen 80
|
||||
#Listen 80
|
||||
|
||||
#
|
||||
# Dynamic Shared Object (DSO) Support
|
||||
@ -110,7 +110,7 @@ LoadModule filter_module libexec/apache24/mod_filter.so
|
||||
#LoadModule substitute_module libexec/apache24/mod_substitute.so
|
||||
#LoadModule sed_module libexec/apache24/mod_sed.so
|
||||
#LoadModule charset_lite_module libexec/apache24/mod_charset_lite.so
|
||||
#LoadModule deflate_module libexec/apache24/mod_deflate.so
|
||||
LoadModule deflate_module libexec/apache24/mod_deflate.so
|
||||
#LoadModule xml2enc_module libexec/apache24/mod_xml2enc.so
|
||||
#LoadModule proxy_html_module libexec/apache24/mod_proxy_html.so
|
||||
LoadModule mime_module libexec/apache24/mod_mime.so
|
||||
@ -121,7 +121,7 @@ LoadModule log_config_module libexec/apache24/mod_log_config.so
|
||||
LoadModule env_module libexec/apache24/mod_env.so
|
||||
#LoadModule mime_magic_module libexec/apache24/mod_mime_magic.so
|
||||
#LoadModule cern_meta_module libexec/apache24/mod_cern_meta.so
|
||||
#LoadModule expires_module libexec/apache24/mod_expires.so
|
||||
LoadModule expires_module libexec/apache24/mod_expires.so
|
||||
LoadModule headers_module libexec/apache24/mod_headers.so
|
||||
#LoadModule usertrack_module libexec/apache24/mod_usertrack.so
|
||||
#LoadModule unique_id_module libexec/apache24/mod_unique_id.so
|
||||
@ -180,7 +180,6 @@ LoadModule dir_module libexec/apache24/mod_dir.so
|
||||
#LoadModule userdir_module libexec/apache24/mod_userdir.so
|
||||
LoadModule alias_module libexec/apache24/mod_alias.so
|
||||
LoadModule rewrite_module libexec/apache24/mod_rewrite.so
|
||||
#LoadModule php7_module libexec/apache24/libphp7.so
|
||||
|
||||
# Third party modules
|
||||
IncludeOptional etc/apache24/modules.d/[0-9][0-9][0-9]_*.conf
|
||||
@ -225,7 +224,7 @@ ServerAdmin sharad@ahlawat.com
|
||||
#
|
||||
# If your host doesn't have a registered DNS name, enter its IP address here.
|
||||
#
|
||||
#ServerName www.example.com:80
|
||||
ServerName hub.ahlawat.com
|
||||
|
||||
#
|
||||
# Deny access to the entirety of your server's filesystem. You must
|
||||
@ -559,7 +558,7 @@ Include etc/apache24/Includes/*.conf
|
||||
ServerAlias *.ahlawat.com
|
||||
ServerAlias hub
|
||||
|
||||
Protocols h2 h2c http/1.1
|
||||
Protocols h2 http/1.1
|
||||
|
||||
DocumentRoot "/usr/local/www/apache24/data/"
|
||||
|
||||
@ -568,15 +567,15 @@ Include etc/apache24/Includes/*.conf
|
||||
SSLCertificateKeyFile "/mnt/certs/privkey.pem"
|
||||
#SSLCertificateChainFile "/mnt/certs/fullchain.pem"
|
||||
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
||||
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
|
||||
SSLHonorCipherOrder on
|
||||
SSLCompression off
|
||||
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||
SSLHonorCipherOrder off
|
||||
SSLSessionTickets off
|
||||
SSLOptions +StrictRequire
|
||||
# SSLCompression off
|
||||
|
||||
RewriteEngine On
|
||||
RewriteCond %{HTTP:Authorization} ^(.*)
|
||||
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
|
||||
RewriteEngine On
|
||||
RewriteCond %{HTTP:Authorization} ^(.*)
|
||||
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
|
||||
|
||||
<FilesMatch "\.(cgi|shtml|phtml|php)$">
|
||||
SetHandler "proxy:fcgi://127.0.0.1:9000"
|
||||
@ -606,7 +605,100 @@ Include etc/apache24/Includes/*.conf
|
||||
CustomLog "/var/log/ssl-access_log" combined
|
||||
|
||||
<IfModule mod_headers.c>
|
||||
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
|
||||
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
|
||||
</IfModule>
|
||||
|
||||
<IfModule mod_expires.c>
|
||||
ExpiresActive On
|
||||
ExpiresDefault A0
|
||||
|
||||
<FilesMatch "\.(txt|xml|js)$">
|
||||
ExpiresDefault A31536000
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.(css)$">
|
||||
ExpiresDefault A31536000
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|woff2|svg)$">
|
||||
ExpiresDefault A31536000
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.(jpg|jpeg|png|gif|swf|webp)$">
|
||||
ExpiresDefault A31536000
|
||||
</FilesMatch>
|
||||
</IfModule>
|
||||
|
||||
<IfModule mod_headers.c>
|
||||
<FilesMatch "\.(txt|xml|js)$">
|
||||
Header set Cache-Control "max-age=31536000"
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.(css)$">
|
||||
Header set Cache-Control "max-age=31536000"
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|woff2|svg)$">
|
||||
Header set Cache-Control "max-age=31536000"
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.(jpg|jpeg|png|gif|swf|webp)$">
|
||||
Header set Cache-Control "max-age=31536000"
|
||||
</FilesMatch>
|
||||
</IfModule>
|
||||
|
||||
<IfModule mod_deflate.c>
|
||||
SetOutputFilter DEFLATE
|
||||
<IfModule mod_setenvif.c>
|
||||
<IfModule mod_headers.c>
|
||||
SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
|
||||
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
|
||||
</IfModule>
|
||||
</IfModule>
|
||||
<IfModule mod_filter.c>
|
||||
AddOutputFilterByType DEFLATE "application/atom+xml" \
|
||||
"application/javascript" \
|
||||
"application/json" \
|
||||
"application/ld+json" \
|
||||
"application/manifest+json" \
|
||||
"application/rdf+xml" \
|
||||
"application/rss+xml" \
|
||||
"application/schema+json" \
|
||||
"application/vnd.geo+json" \
|
||||
"application/vnd.ms-fontobject" \
|
||||
"application/x-font-ttf" \
|
||||
"application/x-font-opentype" \
|
||||
"application/x-font-truetype" \
|
||||
"application/x-javascript" \
|
||||
"application/x-web-app-manifest+json" \
|
||||
"application/xhtml+xml" \
|
||||
"application/xml" \
|
||||
"font/eot" \
|
||||
"font/opentype" \
|
||||
"font/otf" \
|
||||
"image/bmp" \
|
||||
"image/svg+xml" \
|
||||
"image/vnd.microsoft.icon" \
|
||||
"image/x-icon" \
|
||||
"text/cache-manifest" \
|
||||
"text/css" \
|
||||
"text/html" \
|
||||
"text/javascript" \
|
||||
"text/plain" \
|
||||
"text/vcard" \
|
||||
"text/vnd.rim.location.xloc" \
|
||||
"text/vtt" \
|
||||
"text/x-component" \
|
||||
"text/x-cross-domain-policy" \
|
||||
"text/xml"
|
||||
|
||||
</IfModule>
|
||||
<IfModule mod_mime.c>
|
||||
AddEncoding gzip svgz
|
||||
</IfModule>
|
||||
</IfModule>
|
||||
|
||||
</VirtualHost>
|
||||
|
||||
SSLUseStapling On
|
||||
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
|
||||
|
29
jails/config/hub/pkg-list-details.txt
Normal file
29
jails/config/hub/pkg-list-details.txt
Normal file
@ -0,0 +1,29 @@
|
||||
pkgp122____openldap24-client-2.4.59_4
|
||||
pkgp123____apache24-2.4.53_1
|
||||
pkgp123____apr-1.7.0.1.6.1_2
|
||||
pkgp123____php81-ldap-8.1.5
|
||||
pkgp123____pkg-1.17.5_1
|
||||
pkgp123____samba413-4.13.17_1
|
||||
pkgp-freebsd-pkg____bash-5.1.16
|
||||
pkgp-freebsd-pkg____bash-completion-2.11_1,2
|
||||
pkgp-freebsd-pkg____compat9x-amd64-9.3.903000.20170608
|
||||
pkgp-freebsd-pkg____fluxbox-1.3.7_5
|
||||
pkgp-freebsd-pkg____iperf3-3.11
|
||||
pkgp-freebsd-pkg____mc-4.8.28
|
||||
pkgp-freebsd-pkg____nano-6.0
|
||||
pkgp-freebsd-pkg____openjdk8-8.322.06.1
|
||||
pkgp-freebsd-pkg____p7zip-16.02_3
|
||||
pkgp-freebsd-pkg____php81-mysqli-8.1.4_2
|
||||
pkgp-freebsd-pkg____php81-pgsql-8.1.4_2
|
||||
pkgp-freebsd-pkg____php81-session-8.1.4_2
|
||||
pkgp-freebsd-pkg____rename-1.99.2
|
||||
pkgp-freebsd-pkg____rkhunter-1.4.6_1
|
||||
pkgp-freebsd-pkg____rsync-3.2.3_1
|
||||
pkgp-freebsd-pkg____sshguard-2.4.2_2,1
|
||||
pkgp-freebsd-pkg____sudo-1.9.10
|
||||
pkgp-freebsd-pkg____tigervnc-1.9.0_4
|
||||
pkgp-freebsd-pkg____unrar-6.11,6
|
||||
pkgp-freebsd-pkg____wget-1.21.3
|
||||
pkgp-freebsd-pkg____xauth-1.1
|
||||
pkgp-freebsd-pkg____xorriso-1.5.4
|
||||
pkgp-freebsd-pkg____xterm-372
|
1
jails/config/hub/pkg-list.txt
Normal file
1
jails/config/hub/pkg-list.txt
Normal file
@ -0,0 +1 @@
|
||||
apache24 apr bash bash-completion compat9x-amd64 fluxbox iperf3 mc nano openjdk8 openldap24-client p7zip php81-ldap php81-mysqli php81-pgsql php81-session pkg rename rkhunter rsync samba413 sshguard sudo tigervnc unrar wget xauth xorriso xterm
|
@ -10,8 +10,8 @@ pkgp-freebsd-pkg: {
|
||||
priority: 10
|
||||
}
|
||||
|
||||
pkgp122: {
|
||||
url: "http://pkgp.ahlawat.com/packages/pj122-default/",
|
||||
pkgp123: {
|
||||
url: "http://pkgp.ahlawat.com/packages/pj123-default",
|
||||
mirror_type: "http",
|
||||
signature_type: "pubkey",
|
||||
pubkey: "/mnt/certs/poudriere.cert",
|
||||
|
9
jails/config/ibm/pkg-list-details.txt
Normal file
9
jails/config/ibm/pkg-list-details.txt
Normal file
@ -0,0 +1,9 @@
|
||||
pkgp-freebsd-pkg____automake-1.16.5
|
||||
pkgp-freebsd-pkg____bash-5.1.16
|
||||
pkgp-freebsd-pkg____bash-completion-2.11_1,2
|
||||
pkgp-freebsd-pkg____cmake-3.22.2
|
||||
pkgp-freebsd-pkg____git-lite-2.35.1
|
||||
pkgp-freebsd-pkg____hercules-3.13
|
||||
pkgp-freebsd-pkg____nano-6.0
|
||||
pkgp-freebsd-pkg____pkg-1.17.5_1
|
||||
pkgp-freebsd-pkg____tmux-3.2a
|
1
jails/config/ibm/pkg-list.txt
Normal file
1
jails/config/ibm/pkg-list.txt
Normal file
@ -0,0 +1 @@
|
||||
automake bash bash-completion cmake git-lite hercules nano pkg tmux
|
@ -1,7 +0,0 @@
|
||||
sysctl net.inet.ip.forwarding=1
|
||||
route add 10.1.2.0/24 192.168.55.105
|
||||
# on remote -
|
||||
#sudo sysctl net.ipv4.ip_forward=1
|
||||
#ip route add 192.168.0.0/24 via 192.168.55.1
|
||||
#OR
|
||||
#ip route add 192.168.0.0/24 dev tun0
|
10
jails/config/jump/pkg-list-details.txt
Normal file
10
jails/config/jump/pkg-list-details.txt
Normal file
@ -0,0 +1,10 @@
|
||||
pkgp-freebsd-pkg____bash-5.1.16
|
||||
pkgp-freebsd-pkg____bash-completion-2.11_1,2
|
||||
pkgp-freebsd-pkg____guacamole-client-1.4.0
|
||||
pkgp-freebsd-pkg____guacamole-server-1.4.0
|
||||
pkgp-freebsd-pkg____libqrencode-4.1.1
|
||||
pkgp-freebsd-pkg____nano-6.0
|
||||
pkgp-freebsd-pkg____openldap-sasl-client-2.4.59
|
||||
pkgp-freebsd-pkg____pkg-1.17.5_1
|
||||
pkgp-freebsd-pkg____wireguard-2,1
|
||||
pkgp-freebsd-pkg____zip-3.0_1
|
1
jails/config/jump/pkg-list.txt
Normal file
1
jails/config/jump/pkg-list.txt
Normal file
@ -0,0 +1 @@
|
||||
bash bash-completion guacamole-client guacamole-server libqrencode nano openldap-sasl-client pkg wireguard zip
|
@ -71,6 +71,31 @@
|
||||
environments. */
|
||||
# $config->custom->password['no_random_crypt_salt'] = true;
|
||||
|
||||
/* If you want to restrict password available types (encryption algorithms)
|
||||
Should be subset of:
|
||||
array(
|
||||
''=>'clear',
|
||||
'bcrypt'=>'bcrypt',
|
||||
'blowfish'=>'blowfish',
|
||||
'crypt'=>'crypt',
|
||||
'ext_des'=>'ext_des',
|
||||
'md5'=>'md5',
|
||||
'k5key'=>'k5key',
|
||||
'md5crypt'=>'md5crypt',
|
||||
'sha'=>'sha',
|
||||
'smd5'=>'smd5',
|
||||
'ssha'=>'ssha',
|
||||
'sha256'=>'sha256',
|
||||
'ssha256'=>'ssha256',
|
||||
'sha384'=>'sha384',
|
||||
'ssha384'=>'ssha384',
|
||||
'sha512'=>'sha512',
|
||||
'ssha512'=>'ssha512',
|
||||
'sha256crypt'=>'sha256crypt',
|
||||
'sha512crypt'=>'sha512crypt',
|
||||
)*/
|
||||
# $config->custom->password['available_types'] = array(''=>'clear','md5'=>'md5');
|
||||
|
||||
/* PHP script timeout control. If php runs longer than this many seconds then
|
||||
PHP will stop with an Maximum Execution time error. Increase this value from
|
||||
the default if queries to your LDAP server are slow. The default is either
|
||||
@ -173,6 +198,10 @@ $config->custom->commands['script'] = array(
|
||||
// $config->custom->appearance['tree_width'] = null;
|
||||
# $config->custom->appearance['tree_width'] = 250;
|
||||
|
||||
/* Number of tree command icons to show, 0 = show all icons on 1 row. */
|
||||
// $config->custom->appearance['tree_icons'] = 0;
|
||||
# $config->custom->appearance['tree_icons'] = 4;
|
||||
|
||||
/* Confirm create and update operations, allowing you to review the changes
|
||||
and optionally skip attributes during the create/update operation. */
|
||||
// $config->custom->confirm['create'] = true;
|
||||
@ -235,7 +264,7 @@ $config->custom->appearance['friendly_attrs'] = array(
|
||||
*********************************************/
|
||||
|
||||
/* Add "modify group members" link to the attribute. */
|
||||
// $config->custom->modify_member['groupattr'] = array('member','uniqueMember','memberUid');
|
||||
// $config->custom->modify_member['groupattr'] = array('member','uniqueMember','memberUid','sudoUser');
|
||||
|
||||
/* Configure filter for member search. This only applies to "modify group members" feature */
|
||||
// $config->custom->modify_member['filter'] = '(objectclass=Person)';
|
||||
@ -310,12 +339,13 @@ $servers->setValue('server','base',array('dc=infra'));
|
||||
login will be required to use phpLDAPadmin for this server.
|
||||
5. 'sasl': login will be taken from the webserver's kerberos authentication.
|
||||
Currently only GSSAPI has been tested (using mod_auth_kerb).
|
||||
6. 'sasl_external': login will be taken from SASL external mechanism.
|
||||
|
||||
Choose wisely to protect your authentication information appropriately for
|
||||
your situation. If you choose 'cookie', your cookie contents will be
|
||||
encrypted using blowfish and the secret your specify above as
|
||||
session['blowfish']. */
|
||||
$servers->setValue('login','auth_type','cookie');
|
||||
// $servers->setValue('login','auth_type','session');
|
||||
|
||||
/* The DN of the user for phpLDAPadmin to bind with. For anonymous binds or
|
||||
'cookie','session' or 'sasl' auth_types, LEAVE THE LOGIN_DN AND LOGIN_PASS
|
||||
@ -334,6 +364,22 @@ $servers->setValue('login','bind_pass','');
|
||||
/* Use TLS (Transport Layer Security) to connect to the LDAP server. */
|
||||
$servers->setValue('server','tls',false);
|
||||
|
||||
/* TLS Certificate Authority file (overrides ldap.conf, PHP 7.1+) */
|
||||
// $servers->setValue('server','tls_cacert',null);
|
||||
# $servers->setValue('server','tls_cacert','/etc/openldap/certs/ca.crt');
|
||||
|
||||
/* TLS Certificate Authority hashed directory (overrides ldap.conf, PHP 7.1+) */
|
||||
// $servers->setValue('server','tls_cacertdir',null);
|
||||
# $servers->setValue('server','tls_cacertdir','/etc/openldap/certs');
|
||||
|
||||
/* TLS Client Certificate file (PHP 7.1+) */
|
||||
// $servers->setValue('server','tls_cert',null);
|
||||
# $servers->setValue('server','tls_cert','/etc/pki/tls/certs/ldap_user.crt');
|
||||
|
||||
/* TLS Client Certificate Key file (PHP 7.1+) */
|
||||
// $servers->setValue('server','tls_key',null);
|
||||
# $servers->setValue('server','tls_key','/etc/pki/tls/private/ldap_user.key');
|
||||
|
||||
/************************************
|
||||
* SASL Authentication *
|
||||
************************************/
|
||||
@ -341,11 +387,19 @@ $servers->setValue('server','tls',false);
|
||||
/* Enable SASL authentication LDAP SASL authentication requires PHP 5.x
|
||||
configured with --with-ldap-sasl=DIR. If this option is disabled (ie, set to
|
||||
false), then all other sasl options are ignored. */
|
||||
// $servers->setValue('login','auth_type','sasl');
|
||||
# $servers->setValue('login','auth_type','sasl');
|
||||
|
||||
/* SASL auth mechanism */
|
||||
/* SASL GSSAPI auth mechanism (requires auth_type of sasl) */
|
||||
// $servers->setValue('sasl','mech','GSSAPI');
|
||||
|
||||
/* SASL PLAIN support... this mech converts simple binds to SASL
|
||||
PLAIN binds using any auth_type (or other bind_id/pass) as credentials.
|
||||
NOTE: auth_type must be simple auth compatible (ie not sasl) */
|
||||
# $servers->setValue('sasl','mech','PLAIN');
|
||||
|
||||
/* SASL EXTERNAL support... really a different auth_type */
|
||||
# $servers->setValue('login','auth_type','sasl_external');
|
||||
|
||||
/* SASL authentication realm name */
|
||||
// $servers->setValue('sasl','realm','');
|
||||
# $servers->setValue('sasl','realm','EXAMPLE.COM');
|
||||
@ -400,6 +454,12 @@ $servers->setValue('server','tls',false);
|
||||
setup. */
|
||||
// $servers->setValue('login','class',array());
|
||||
|
||||
/* If login_attr was set to 'dn', it is possible to specify a template string to
|
||||
build the DN from. Use '%s' where user input should be inserted. A user may
|
||||
still enter the complete DN. In this case the template will not be used. */
|
||||
// $servers->setValue('login','bind_dn_template',null);
|
||||
# $servers->setValue('login','bind_dn_template','cn=%s,ou=people,dc=example,dc=com');
|
||||
|
||||
/* If you specified something different from 'dn', for example 'uid', as the
|
||||
login_attr above, you can optionally specify here to fall back to
|
||||
authentication with dn.
|
||||
@ -420,6 +480,9 @@ $servers->setValue('server','tls',false);
|
||||
/* Set to true if you would like to initially open the first level of each tree. */
|
||||
// $servers->setValue('appearance','open_tree',false);
|
||||
|
||||
/* Set to true to display authorization ID in place of login dn (PHP 7.2+) */
|
||||
// $servers->setValue('appearance','show_authz',false);
|
||||
|
||||
/* This feature allows phpLDAPadmin to automatically determine the next
|
||||
available uidNumber for a new entry. */
|
||||
// $servers->setValue('auto_number','enable',true);
|
||||
@ -556,7 +619,7 @@ $servers->setValue('appearance','show_create',true);
|
||||
$servers->setValue('auto_number','enable',true);
|
||||
$servers->setValue('auto_number','mechanism','search');
|
||||
$servers->setValue('auto_number','search_base',null);
|
||||
$servers->setValue('auto_number','min',array('uidNumber'=>10000,'gidNumber'=>5000));
|
||||
$servers->setValue('auto_number','min',array('uidNumber'=>1000,'gidNumber'=>500));
|
||||
$servers->setValue('auto_number','dn',null);
|
||||
$servers->setValue('auto_number','pass',null);
|
||||
|
||||
@ -573,4 +636,19 @@ $servers->setValue('server','custom_sys_attrs',array('passwordExpirationTime','p
|
||||
$servers->setValue('server','custom_attrs',array('nsRoleDN','nsRole','nsAccountLock'));
|
||||
$servers->setValue('server','force_may',array('uidNumber','gidNumber','sambaSID'));
|
||||
*/
|
||||
|
||||
|
||||
/***********************************************************************************
|
||||
* If you want to configure Google reCAPTCHA on autentication form, do so below. *
|
||||
* Remove the commented lines and use this section as a template for all *
|
||||
* reCAPTCHA v2 Generate on https://www.google.com/recaptcha/ *
|
||||
* *
|
||||
* IMPORTANT: Select reCAPTCHA v2 on Type of reCAPTCHA *
|
||||
***********************************************************************************/
|
||||
|
||||
|
||||
$config->custom->session['reCAPTCHA-enable'] = false;
|
||||
$config->custom->session['reCAPTCHA-key-site'] = '<put-here-key-site>';
|
||||
$config->custom->session['reCAPTCHA-key-server'] = '<put-here-key-server>';
|
||||
|
||||
?>
|
||||
|
@ -49,7 +49,7 @@ ServerRoot "/usr/local"
|
||||
# prevent Apache from glomming onto all bound IP addresses.
|
||||
#
|
||||
#Listen 12.34.56.78:80
|
||||
Listen 80
|
||||
#Listen 80
|
||||
|
||||
#
|
||||
# Dynamic Shared Object (DSO) Support
|
||||
@ -178,7 +178,7 @@ LoadModule dir_module libexec/apache24/mod_dir.so
|
||||
#LoadModule userdir_module libexec/apache24/mod_userdir.so
|
||||
LoadModule alias_module libexec/apache24/mod_alias.so
|
||||
#LoadModule rewrite_module libexec/apache24/mod_rewrite.so
|
||||
LoadModule php7_module libexec/apache24/libphp7.so
|
||||
LoadModule php_module libexec/apache24/libphp.so
|
||||
|
||||
# Third party modules
|
||||
IncludeOptional etc/apache24/modules.d/[0-9][0-9][0-9]_*.conf
|
||||
@ -214,7 +214,7 @@ Group www
|
||||
# e-mailed. This address appears on some server-generated pages, such
|
||||
# as error documents. e.g. admin@your-domain.com
|
||||
#
|
||||
ServerAdmin you@example.com
|
||||
ServerAdmin sharad@ahlawat.com
|
||||
|
||||
#
|
||||
# ServerName gives the name and port that the server uses to identify itself.
|
||||
@ -223,7 +223,7 @@ ServerAdmin you@example.com
|
||||
#
|
||||
# If your host doesn't have a registered DNS name, enter its IP address here.
|
||||
#
|
||||
#ServerName www.example.com:80
|
||||
ServerName ldap-mgr.ahlawat.com
|
||||
|
||||
#
|
||||
# Deny access to the entirety of your server's filesystem. You must
|
||||
@ -578,7 +578,7 @@ Include etc/apache24/Includes/*.conf
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
Alias /ssp "/usr/local/www/self-service-password"
|
||||
Alias /ssp "/usr/local/www/self-service-password/htdocs"
|
||||
<Directory "/usr/local/www/self-service-password">
|
||||
AllowOverride None
|
||||
Require all granted
|
||||
|
@ -401,7 +401,7 @@ max_input_time = 60
|
||||
|
||||
; Maximum amount of memory a script may consume (128MB)
|
||||
; http://php.net/memory-limit
|
||||
memory_limit = 128M
|
||||
memory_limit = 256M
|
||||
|
||||
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||||
; Error handling and logging ;
|
||||
|
9
jails/config/ldap-mgr/pkg-list-details.txt
Normal file
9
jails/config/ldap-mgr/pkg-list-details.txt
Normal file
@ -0,0 +1,9 @@
|
||||
pkgp-freebsd-pkg____apache24-2.4.53
|
||||
pkgp-freebsd-pkg____bash-5.1.16
|
||||
pkgp-freebsd-pkg____bash-completion-2.11_1,2
|
||||
pkgp-freebsd-pkg____ldap-account-manager-7.9
|
||||
pkgp-freebsd-pkg____mod_php80-8.0.17_1
|
||||
pkgp-freebsd-pkg____nano-6.0
|
||||
pkgp-freebsd-pkg____phpldapadmin-php80-1.2.6.3_1
|
||||
pkgp-freebsd-pkg____pkg-1.17.5_1
|
||||
pkgp-freebsd-pkg____self-service-password-php80-1.4_1
|
1
jails/config/ldap-mgr/pkg-list.txt
Normal file
1
jails/config/ldap-mgr/pkg-list.txt
Normal file
@ -0,0 +1 @@
|
||||
apache24 bash bash-completion ldap-account-manager mod_php80 nano phpldapadmin-php80 pkg self-service-password-php80
|
7
jails/config/ldap/pkg-list-details.txt
Normal file
7
jails/config/ldap/pkg-list-details.txt
Normal file
@ -0,0 +1,7 @@
|
||||
pkgp122____openldap24-client-2.4.59_4
|
||||
pkgp123____openldap24-server-2.4.59_9
|
||||
pkgp123____pkg-1.17.5_1
|
||||
pkgp-freebsd-pkg____bash-5.1.16
|
||||
pkgp-freebsd-pkg____bash-completion-2.11_1,2
|
||||
pkgp-freebsd-pkg____nano-6.0
|
||||
pkgp-freebsd-pkg____openssl-1.1.1n,1
|
1
jails/config/ldap/pkg-list.txt
Normal file
1
jails/config/ldap/pkg-list.txt
Normal file
@ -0,0 +1 @@
|
||||
bash bash-completion nano openldap24-client openldap24-server openssl pkg
|
@ -10,8 +10,8 @@ pkgp-freebsd-pkg: {
|
||||
priority: 10
|
||||
}
|
||||
|
||||
pkgp122: {
|
||||
url: "http://pkgp.ahlawat.com/packages/pj122-default/",
|
||||
pkgp123: {
|
||||
url: "http://pkgp.ahlawat.com/packages/pj123-default",
|
||||
mirror_type: "http",
|
||||
signature_type: "pubkey",
|
||||
pubkey: "/mnt/certs/poudriere.cert",
|
||||
|
30
jails/config/mage/pkg-list-details.txt
Normal file
30
jails/config/mage/pkg-list-details.txt
Normal file
@ -0,0 +1,30 @@
|
||||
pkgp-freebsd-pkg____automake-1.16.5
|
||||
pkgp-freebsd-pkg____bash-5.1.16
|
||||
pkgp-freebsd-pkg____bash-completion-2.11_1,2
|
||||
pkgp-freebsd-pkg____cmake-3.22.2
|
||||
pkgp-freebsd-pkg____dbus-1.12.20_5
|
||||
pkgp-freebsd-pkg____fluxbox-1.3.7_5
|
||||
pkgp-freebsd-pkg____git-lite-2.35.1
|
||||
pkgp-freebsd-pkg____libxslt-1.1.35_1
|
||||
pkgp-freebsd-pkg____nano-6.0
|
||||
pkgp-freebsd-pkg____perl5-5.32.1_1
|
||||
pkgp-freebsd-pkg____pkg-1.17.5_1
|
||||
pkgp-freebsd-pkg____py38-IBMQuantumExperience-2.0.4
|
||||
pkgp-freebsd-pkg____py38-jupyterlab-3.1.19
|
||||
pkgp-freebsd-pkg____py38-matplotlib-3.4.3_3
|
||||
pkgp-freebsd-pkg____py38-pandas-1.3.5,1
|
||||
pkgp-freebsd-pkg____py38-pep517-0.12.0
|
||||
pkgp-freebsd-pkg____py38-pip-20.3.4
|
||||
pkgp-freebsd-pkg____py38-scikit-learn-1.0.2
|
||||
pkgp-freebsd-pkg____py38-seaborn-0.11.0_1
|
||||
pkgp-freebsd-pkg____py38-tensorflow-1.15.5_2
|
||||
pkgp-freebsd-pkg____rubygem-pkg-config-1.4.7
|
||||
pkgp-freebsd-pkg____rust-1.59.0
|
||||
pkgp-freebsd-pkg____sudo-1.9.10
|
||||
pkgp-freebsd-pkg____suitesparse-cholmod-3.0.14
|
||||
pkgp-freebsd-pkg____suitesparse-umfpack-5.7.9
|
||||
pkgp-freebsd-pkg____symengine-0.8.1
|
||||
pkgp-freebsd-pkg____tigervnc-server-1.12.0_4
|
||||
pkgp-freebsd-pkg____xauth-1.1
|
||||
pkgp-freebsd-pkg____xorg-fonts-truetype-7.7_1
|
||||
pkgp-freebsd-pkg____xterm-372
|
1
jails/config/mage/pkg-list.txt
Normal file
1
jails/config/mage/pkg-list.txt
Normal file
@ -0,0 +1 @@
|
||||
automake bash bash-completion cmake dbus fluxbox git-lite libxslt nano perl5 pkg py38-IBMQuantumExperience py38-jupyterlab py38-matplotlib py38-pandas py38-pep517 py38-pip py38-scikit-learn py38-seaborn py38-tensorflow rubygem-pkg-config rust sudo suitesparse-cholmod suitesparse-umfpack symengine tigervnc-server xauth xorg-fonts-truetype xterm
|
12
jails/config/mail/pkg-list-details.txt
Normal file
12
jails/config/mail/pkg-list-details.txt
Normal file
@ -0,0 +1,12 @@
|
||||
pkgp122____openldap24-client-2.4.59_4
|
||||
pkgp123____dcc-dccd-2.3.168
|
||||
pkgp123____dovecot-2.3.18_1
|
||||
pkgp123____dovecot-pigeonhole-0.5.18
|
||||
pkgp123____pkg-1.17.5_1
|
||||
pkgp123____postfix-3.7.0_2,1
|
||||
pkgp123____rspamd-3.2_1
|
||||
pkgp-freebsd-pkg____apache-solr-8.11.1
|
||||
pkgp-freebsd-pkg____bash-5.1.16
|
||||
pkgp-freebsd-pkg____bash-completion-2.11_1,2
|
||||
pkgp-freebsd-pkg____nano-6.0
|
||||
pkgp-freebsd-pkg____redis-6.2.6
|
1
jails/config/mail/pkg-list.txt
Normal file
1
jails/config/mail/pkg-list.txt
Normal file
@ -0,0 +1 @@
|
||||
apache-solr bash bash-completion dcc-dccd dovecot dovecot-pigeonhole nano openldap24-client pkg postfix redis rspamd
|
@ -10,8 +10,8 @@ pkgp-freebsd-pkg: {
|
||||
priority: 10
|
||||
}
|
||||
|
||||
pkgp122: {
|
||||
url: "http://pkgp.ahlawat.com/packages/pj122-default/",
|
||||
pkgp123: {
|
||||
url: "http://pkgp.ahlawat.com/packages/pj123-default",
|
||||
mirror_type: "http",
|
||||
signature_type: "pubkey",
|
||||
pubkey: "/mnt/certs/poudriere.cert",
|
||||
|
14
jails/config/mail/postfix-reload.sh
Executable file
14
jails/config/mail/postfix-reload.sh
Executable file
@ -0,0 +1,14 @@
|
||||
#! /bin/sh
|
||||
certfiles=$(postconf -n | awk -F " = " '$1 ~ /(cert|key)_file/ {print $2}' | sort -u)
|
||||
reload=false
|
||||
for f in $certfiles; do
|
||||
if [ -f "$f" ]; then
|
||||
if [ /var/spool/postfix/pid/master.pid -ot "$f" ]; then
|
||||
reload=true
|
||||
fi
|
||||
fi
|
||||
done
|
||||
if $reload; then
|
||||
echo "postfix master.pid file older than certificates; restart required!"
|
||||
service postfix restart
|
||||
fi
|
7
jails/config/maps/pkg-list-details.txt
Normal file
7
jails/config/maps/pkg-list-details.txt
Normal file
@ -0,0 +1,7 @@
|
||||
pkgp-freebsd-pkg____bash-5.1.16
|
||||
pkgp-freebsd-pkg____bash-completion-2.11_1,2
|
||||
pkgp-freebsd-pkg____nano-6.0
|
||||
pkgp-freebsd-pkg____npm-8.5.2
|
||||
pkgp-freebsd-pkg____pkg-1.17.5_1
|
||||
pkgp-freebsd-pkg____pkgconf-1.8.0,1
|
||||
pkgp-freebsd-pkg____vips-8.12.2_4
|
1
jails/config/maps/pkg-list.txt
Normal file
1
jails/config/maps/pkg-list.txt
Normal file
@ -0,0 +1 @@
|
||||
bash bash-completion nano npm pkg pkgconf vips
|
@ -1,7 +1,7 @@
|
||||
{
|
||||
"default_server_config": {
|
||||
"m.homeserver": {
|
||||
"base_url": "https://matrix.ahlawat.com",
|
||||
"base_url": "https://matrix.ahlawat.com:8448",
|
||||
"server_name": "matrix.ahlawat.com"
|
||||
},
|
||||
"m.identity_server": {
|
||||
@ -12,7 +12,7 @@
|
||||
"disable_guests": false,
|
||||
"disable_login_language_selector": false,
|
||||
"disable_3pid_login": false,
|
||||
"brand": "Riot",
|
||||
"brand": "Ahlawat",
|
||||
"integrations_ui_url": "https://scalar.vector.im/",
|
||||
"integrations_rest_url": "https://scalar.vector.im/api",
|
||||
"integrations_widgets_urls": [
|
||||
@ -22,23 +22,19 @@
|
||||
"https://scalar-staging.vector.im/api",
|
||||
"https://scalar-staging.riot.im/scalar/api"
|
||||
],
|
||||
"bug_report_endpoint_url": "https://riot.im/bugreports/submit",
|
||||
"bug_report_endpoint_url": "https://element.io/bugreports/submit",
|
||||
"uisi_autorageshake_app": "element-auto-uisi",
|
||||
"defaultCountryCode": "US",
|
||||
"showLabsSettings": false,
|
||||
"features": {
|
||||
"feature_pinning": "labs",
|
||||
"feature_custom_status": "labs",
|
||||
"feature_custom_tags": "labs",
|
||||
"feature_state_counters": "labs"
|
||||
},
|
||||
"features": { },
|
||||
"default_federate": true,
|
||||
"default_theme": "light",
|
||||
"roomDirectory": {
|
||||
"servers": [
|
||||
"matrix.ahlawat.com",
|
||||
"matrix.org"
|
||||
]
|
||||
},
|
||||
"welcomeUserId": "@riot-bot:matrix.org",
|
||||
"piwik": {
|
||||
"url": "https://piwik.riot.im/",
|
||||
"whitelistedHSUrls": ["https://matrix.org"],
|
||||
@ -54,5 +50,6 @@
|
||||
},
|
||||
"jitsi": {
|
||||
"preferredDomain": "meet.ahlawat.com"
|
||||
}
|
||||
},
|
||||
"map_style_url": "https://api.maptiler.com/maps/streets/style.json?key=fU3vlMsMn4Jb6dnEIFsx"
|
||||
}
|
||||
|
@ -146,7 +146,7 @@ http {
|
||||
|
||||
#location /favicon.ico { access_log off; log_not_found off; }
|
||||
|
||||
root /usr/local/www/riot;
|
||||
root /usr/local/www/element;
|
||||
index index.html;
|
||||
|
||||
#error_page 404 /404.html;
|
||||
|
9
jails/config/matrix/pkg-list-details.txt
Normal file
9
jails/config/matrix/pkg-list-details.txt
Normal file
@ -0,0 +1,9 @@
|
||||
pkgp-freebsd-pkg____bash-5.1.16
|
||||
pkgp-freebsd-pkg____bash-completion-2.11_1,2
|
||||
pkgp-freebsd-pkg____element-web-1.10.8
|
||||
pkgp-freebsd-pkg____nano-6.0
|
||||
pkgp-freebsd-pkg____nginx-1.20.2_9,2
|
||||
pkgp-freebsd-pkg____pkg-1.17.5_1
|
||||
pkgp-freebsd-pkg____py38-matrix-synapse-1.55.2
|
||||
pkgp-freebsd-pkg____py38-matrix-synapse-ldap3-0.2.0
|
||||
pkgp-freebsd-pkg____py38-psycopg2-2.9.3
|
1
jails/config/matrix/pkg-list.txt
Normal file
1
jails/config/matrix/pkg-list.txt
Normal file
@ -0,0 +1 @@
|
||||
bash bash-completion element-web nano nginx pkg py38-matrix-synapse py38-matrix-synapse-ldap3 py38-psycopg2
|
9
jails/config/meet/pkg-list-details.txt
Normal file
9
jails/config/meet/pkg-list-details.txt
Normal file
@ -0,0 +1,9 @@
|
||||
pkgp-freebsd-pkg____bash-5.1.16
|
||||
pkgp-freebsd-pkg____bash-completion-2.11_1,2
|
||||
pkgp-freebsd-pkg____jicofo-1.0.555_2
|
||||
pkgp-freebsd-pkg____jitsi-meet-1.0.4048_2
|
||||
pkgp-freebsd-pkg____jitsi-videobridge-2.1.183_3
|
||||
pkgp-freebsd-pkg____nano-6.0
|
||||
pkgp-freebsd-pkg____nginx-1.20.2_9,2
|
||||
pkgp-freebsd-pkg____pkg-1.17.5_1
|
||||
pkgp-freebsd-pkg____prosody-0.12.0
|
1
jails/config/meet/pkg-list.txt
Normal file
1
jails/config/meet/pkg-list.txt
Normal file
@ -0,0 +1 @@
|
||||
bash bash-completion jicofo jitsi-meet jitsi-videobridge nano nginx pkg prosody
|
@ -1,549 +0,0 @@
|
||||
##################### Grafana Configuration Example #####################
|
||||
#
|
||||
# Everything has defaults so you only need to uncomment things you want to
|
||||
# change
|
||||
|
||||
# possible values : production, development
|
||||
;app_mode = production
|
||||
|
||||
# instance name, defaults to HOSTNAME environment variable value or hostname if HOSTNAME var is empty
|
||||
;instance_name = ${HOSTNAME}
|
||||
instance_name = grafana.diyit.org
|
||||
|
||||
#################################### Paths ####################################
|
||||
[paths]
|
||||
# Path to where grafana can store temp files, sessions, and the sqlite3 db (if that is used)
|
||||
data = /var/db/grafana/
|
||||
|
||||
# Temporary files in `data` directory older than given duration will be removed
|
||||
;temp_data_lifetime = 24h
|
||||
|
||||
# Directory where grafana can store logs
|
||||
logs = /var/log/grafana/
|
||||
|
||||
# Directory where grafana will automatically scan and look for plugins
|
||||
plugins = /var/db/grafana/plugins
|
||||
|
||||
# folder that contains provisioning config files that grafana will apply on startup and while running.
|
||||
provisioning = /var/db/grafana/provisioning
|
||||
|
||||
#################################### Server ####################################
|
||||
[server]
|
||||
# Protocol (http, https, socket)
|
||||
protocol = https
|
||||
|
||||
# The ip address to bind to, empty will bind to all interfaces
|
||||
;http_addr =
|
||||
|
||||
# The http port to use
|
||||
;http_port = 3000
|
||||
|
||||
# The public facing domain name used to access grafana from a browser
|
||||
;domain = localhost
|
||||
|
||||
# Redirect to correct domain if host header does not match domain
|
||||
# Prevents DNS rebinding attacks
|
||||
enforce_domain = false
|
||||
|
||||
# The full public facing url you use in browser, used for redirects and emails
|
||||
# If you use reverse proxy and sub path specify full url (with sub path)
|
||||
root_url = https://grafana.diyit.org
|
||||
|
||||
# Log web requests
|
||||
;router_logging = false
|
||||
|
||||
# the path relative working path
|
||||
;static_root_path = public
|
||||
|
||||
# enable gzip
|
||||
;enable_gzip = false
|
||||
|
||||
# https certs & key file
|
||||
cert_file = /mnt/certs/diyfullchain.pem
|
||||
cert_key =/mnt/certs/diyprivkeyr.pem
|
||||
|
||||
# Unix socket path
|
||||
;socket =
|
||||
|
||||
#################################### Database ####################################
|
||||
[database]
|
||||
# You can configure the database connection by specifying type, host, name, user and password
|
||||
# as separate properties or as on string using the url properties.
|
||||
|
||||
# Either "mysql", "postgres" or "sqlite3", it's your choice
|
||||
;type = sqlite3
|
||||
;host = 127.0.0.1:3306
|
||||
;name = grafana
|
||||
;user = root
|
||||
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
|
||||
;password =
|
||||
|
||||
# Use either URL or the previous fields to configure the database
|
||||
# Example: mysql://user:secret@host:port/database
|
||||
;url =
|
||||
|
||||
# For "postgres" only, either "disable", "require" or "verify-full"
|
||||
;ssl_mode = disable
|
||||
|
||||
# For "sqlite3" only, path relative to data_path setting
|
||||
;path = grafana.db
|
||||
|
||||
# Max idle conn setting default is 2
|
||||
;max_idle_conn = 2
|
||||
|
||||
# Max conn setting default is 0 (mean not set)
|
||||
;max_open_conn =
|
||||
|
||||
# Connection Max Lifetime default is 14400 (means 14400 seconds or 4 hours)
|
||||
;conn_max_lifetime = 14400
|
||||
|
||||
# Set to true to log the sql calls and execution times.
|
||||
log_queries =
|
||||
|
||||
# For "sqlite3" only. cache mode setting used for connecting to the database. (private, shared)
|
||||
;cache_mode = private
|
||||
|
||||
#################################### Cache server #############################
|
||||
[remote_cache]
|
||||
# Either "redis", "memcached" or "database" default is "database"
|
||||
;type = database
|
||||
|
||||
# cache connectionstring options
|
||||
# database: will use Grafana primary database.
|
||||
# redis: config like redis server e.g. `addr=127.0.0.1:6379,pool_size=100,db=grafana`
|
||||
# memcache: 127.0.0.1:11211
|
||||
;connstr =
|
||||
|
||||
#################################### Session ####################################
|
||||
[session]
|
||||
# Either "memory", "file", "redis", "mysql", "postgres", default is "file"
|
||||
;provider = file
|
||||
|
||||
# Provider config options
|
||||
# memory: not have any config yet
|
||||
# file: session dir path, is relative to grafana data_path
|
||||
# redis: config like redis server e.g. `addr=127.0.0.1:6379,pool_size=100,db=grafana`
|
||||
# mysql: go-sql-driver/mysql dsn config string, e.g. `user:password@tcp(127.0.0.1:3306)/database_name`
|
||||
# postgres: user=a password=b host=localhost port=5432 dbname=c sslmode=disable
|
||||
;provider_config = sessions
|
||||
|
||||
# Session cookie name
|
||||
;cookie_name = grafana_sess
|
||||
|
||||
# If you use session in https only, default is false
|
||||
;cookie_secure = false
|
||||
|
||||
# Session life time, default is 86400 (means 86400 seconds or 24 hours)
|
||||
;session_life_time = 86400
|
||||
|
||||
#################################### Data proxy ###########################
|
||||
[dataproxy]
|
||||
|
||||
# This enables data proxy logging, default is false
|
||||
;logging = false
|
||||
|
||||
# How long the data proxy should wait before timing out default is 30 (seconds)
|
||||
;timeout = 30
|
||||
|
||||
# If enabled and user is not anonymous, data proxy will add X-Grafana-User header with username into the request, default is false.
|
||||
;send_user_header = false
|
||||
|
||||
#################################### Analytics ####################################
|
||||
[analytics]
|
||||
# Server reporting, sends usage counters to stats.grafana.org every 24 hours.
|
||||
# No ip addresses are being tracked, only simple counters to track
|
||||
# running instances, dashboard and error counts. It is very helpful to us.
|
||||
# Change this option to false to disable reporting.
|
||||
;reporting_enabled = true
|
||||
|
||||
# Set to false to disable all checks to https://grafana.net
|
||||
# for new vesions (grafana itself and plugins), check is used
|
||||
# in some UI views to notify that grafana or plugin update exists
|
||||
# This option does not cause any auto updates, nor send any information
|
||||
# only a GET request to http://grafana.com to get latest versions
|
||||
;check_for_updates = true
|
||||
|
||||
# Google Analytics universal tracking code, only enabled if you specify an id here
|
||||
;google_analytics_ua_id =
|
||||
|
||||
# Google Tag Manager ID, only enabled if you specify an id here
|
||||
;google_tag_manager_id =
|
||||
|
||||
#################################### Security ####################################
|
||||
[security]
|
||||
# default admin user, created on startup
|
||||
;admin_user = admin
|
||||
|
||||
# default admin password, can be changed before first start of grafana, or in profile settings
|
||||
;admin_password = admin
|
||||
|
||||
# used for signing
|
||||
;secret_key = SW2YcwTIb9zpOOhoPsMm
|
||||
|
||||
# disable gravatar profile images
|
||||
;disable_gravatar = false
|
||||
|
||||
# data source proxy whitelist (ip_or_domain:port separated by spaces)
|
||||
;data_source_proxy_whitelist =
|
||||
|
||||
# disable protection against brute force login attempts
|
||||
;disable_brute_force_login_protection = false
|
||||
|
||||
# set to true if you host Grafana behind HTTPS. default is false.
|
||||
cookie_secure = true
|
||||
|
||||
# set cookie SameSite attribute. defaults to `lax`. can be set to "lax", "strict" and "none"
|
||||
cookie_samesite = none
|
||||
|
||||
allow_embedding = true
|
||||
|
||||
#################################### Snapshots ###########################
|
||||
[snapshots]
|
||||
# snapshot sharing options
|
||||
;external_enabled = true
|
||||
;external_snapshot_url = https://snapshots-origin.raintank.io
|
||||
;external_snapshot_name = Publish to snapshot.raintank.io
|
||||
|
||||
# remove expired snapshot
|
||||
;snapshot_remove_expired = true
|
||||
|
||||
#################################### Dashboards History ##################
|
||||
[dashboards]
|
||||
# Number dashboard versions to keep (per dashboard). Default: 20, Minimum: 1
|
||||
;versions_to_keep = 20
|
||||
|
||||
#################################### Users ###############################
|
||||
[users]
|
||||
# disable user signup / registration
|
||||
;allow_sign_up = true
|
||||
|
||||
# Allow non admin users to create organizations
|
||||
;allow_org_create = true
|
||||
|
||||
# Set to true to automatically assign new users to the default organization (id 1)
|
||||
;auto_assign_org = true
|
||||
|
||||
# Default role new users will be automatically assigned (if disabled above is set to true)
|
||||
;auto_assign_org_role = Viewer
|
||||
|
||||
# Background text for the user field on the login page
|
||||
;login_hint = email or username
|
||||
;password_hint = password
|
||||
|
||||
# Default UI theme ("dark" or "light")
|
||||
;default_theme = dark
|
||||
|
||||
# External user management, these options affect the organization users view
|
||||
;external_manage_link_url =
|
||||
;external_manage_link_name =
|
||||
;external_manage_info =
|
||||
|
||||
# Viewers can edit/inspect dashboard settings in the browser. But not save the dashboard.
|
||||
;viewers_can_edit = false
|
||||
|
||||
# Editors can administrate dashboard, folders and teams they create
|
||||
;editors_can_admin = false
|
||||
|
||||
[auth]
|
||||
# Login cookie name
|
||||
;login_cookie_name = grafana_session
|
||||
|
||||
# The lifetime (days) an authenticated user can be inactive before being required to login at next visit. Default is 7 days,
|
||||
;login_maximum_inactive_lifetime_days = 7
|
||||
|
||||
# The maximum lifetime (days) an authenticated user can be logged in since login time before being required to login. Default is 30 days.
|
||||
;login_maximum_lifetime_days = 30
|
||||
|
||||
# How often should auth tokens be rotated for authenticated users when being active. The default is each 10 minutes.
|
||||
;token_rotation_interval_minutes = 10
|
||||
|
||||
# Set to true to disable (hide) the login form, useful if you use OAuth, defaults to false
|
||||
;disable_login_form = false
|
||||
|
||||
# Set to true to disable the signout link in the side menu. useful if you use auth.proxy, defaults to false
|
||||
;disable_signout_menu = false
|
||||
|
||||
# URL to redirect the user to after sign out
|
||||
;signout_redirect_url =
|
||||
|
||||
# Set to true to attempt login with OAuth automatically, skipping the login screen.
|
||||
# This setting is ignored if multiple OAuth providers are configured.
|
||||
;oauth_auto_login = false
|
||||
|
||||
#################################### Anonymous Auth ######################
|
||||
[auth.anonymous]
|
||||
# enable anonymous access
|
||||
;enabled = false
|
||||
|
||||
# specify organization name that should be used for unauthenticated users
|
||||
;org_name = Main Org.
|
||||
|
||||
# specify role for unauthenticated users
|
||||
;org_role = Viewer
|
||||
|
||||
#################################### Github Auth ##########################
|
||||
[auth.github]
|
||||
;enabled = false
|
||||
;allow_sign_up = true
|
||||
;client_id = some_id
|
||||
;client_secret = some_secret
|
||||
;scopes = user:email,read:org
|
||||
;auth_url = https://github.com/login/oauth/authorize
|
||||
;token_url = https://github.com/login/oauth/access_token
|
||||
;api_url = https://api.github.com/user
|
||||
;team_ids =
|
||||
;allowed_organizations =
|
||||
|
||||
#################################### Google Auth ##########################
|
||||
[auth.google]
|
||||
;enabled = false
|
||||
;allow_sign_up = true
|
||||
;client_id = some_client_id
|
||||
;client_secret = some_client_secret
|
||||
;scopes = https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email
|
||||
;auth_url = https://accounts.google.com/o/oauth2/auth
|
||||
;token_url = https://accounts.google.com/o/oauth2/token
|
||||
;api_url = https://www.googleapis.com/oauth2/v1/userinfo
|
||||
;allowed_domains =
|
||||
|
||||
#################################### Generic OAuth ##########################
|
||||
[auth.generic_oauth]
|
||||
;enabled = false
|
||||
;name = OAuth
|
||||
;allow_sign_up = true
|
||||
;client_id = some_id
|
||||
;client_secret = some_secret
|
||||
;scopes = user:email,read:org
|
||||
;auth_url = https://foo.bar/login/oauth/authorize
|
||||
;token_url = https://foo.bar/login/oauth/access_token
|
||||
;api_url = https://foo.bar/user
|
||||
;team_ids =
|
||||
;allowed_organizations =
|
||||
;tls_skip_verify_insecure = false
|
||||
;tls_client_cert =
|
||||
;tls_client_key =
|
||||
;tls_client_ca =
|
||||
|
||||
; Set to true to enable sending client_id and client_secret via POST body instead of Basic authentication HTTP header
|
||||
; This might be required if the OAuth provider is not RFC6749 compliant, only supporting credentials passed via POST payload
|
||||
;send_client_credentials_via_post = false
|
||||
|
||||
#################################### Grafana.com Auth ####################
|
||||
[auth.grafana_com]
|
||||
;enabled = false
|
||||
;allow_sign_up = true
|
||||
;client_id = some_id
|
||||
;client_secret = some_secret
|
||||
;scopes = user:email
|
||||
;allowed_organizations =
|
||||
|
||||
#################################### Auth Proxy ##########################
|
||||
[auth.proxy]
|
||||
;enabled = false
|
||||
;header_name = X-WEBAUTH-USER
|
||||
;header_property = username
|
||||
;auto_sign_up = true
|
||||
;ldap_sync_ttl = 60
|
||||
;whitelist = 192.168.1.1, 192.168.2.1
|
||||
;headers = Email:X-User-Email, Name:X-User-Name
|
||||
|
||||
#################################### Basic Auth ##########################
|
||||
[auth.basic]
|
||||
;enabled = true
|
||||
|
||||
#################################### Auth LDAP ##########################
|
||||
[auth.ldap]
|
||||
;enabled = false
|
||||
;config_file = /etc/grafana/ldap.toml
|
||||
;allow_sign_up = true
|
||||
|
||||
#################################### SMTP / Emailing ##########################
|
||||
[smtp]
|
||||
;enabled = false
|
||||
;host = localhost:25
|
||||
;user =
|
||||
# If the password contains # or ; you have to wrap it with trippel quotes. Ex """#password;"""
|
||||
;password =
|
||||
;cert_file =
|
||||
;key_file =
|
||||
;skip_verify = false
|
||||
;from_address = admin@grafana.localhost
|
||||
;from_name = Grafana
|
||||
# EHLO identity in SMTP dialog (defaults to instance_name)
|
||||
;ehlo_identity = dashboard.example.com
|
||||
|
||||
[emails]
|
||||
;welcome_email_on_sign_up = false
|
||||
|
||||
#################################### Logging ##########################
|
||||
[log]
|
||||
# Either "console", "file", "syslog". Default is console and file
|
||||
# Use space to separate multiple modes, e.g. "console file"
|
||||
;mode = console file
|
||||
|
||||
# Either "debug", "info", "warn", "error", "critical", default is "info"
|
||||
;level = info
|
||||
|
||||
# optional settings to set different levels for specific loggers. Ex filters = sqlstore:debug
|
||||
;filters =
|
||||
|
||||
# For "console" mode only
|
||||
[log.console]
|
||||
;level =
|
||||
|
||||
# log line format, valid options are text, console and json
|
||||
;format = console
|
||||
|
||||
# For "file" mode only
|
||||
[log.file]
|
||||
;level =
|
||||
|
||||
# log line format, valid options are text, console and json
|
||||
;format = text
|
||||
|
||||
# This enables automated log rotate(switch of following options), default is true
|
||||
;log_rotate = true
|
||||
|
||||
# Max line number of single file, default is 1000000
|
||||
;max_lines = 1000000
|
||||
|
||||
# Max size shift of single file, default is 28 means 1 << 28, 256MB
|
||||
;max_size_shift = 28
|
||||
|
||||
# Segment log daily, default is true
|
||||
;daily_rotate = true
|
||||
|
||||
# Expired days of log file(delete after max days), default is 7
|
||||
;max_days = 7
|
||||
|
||||
[log.syslog]
|
||||
;level =
|
||||
|
||||
# log line format, valid options are text, console and json
|
||||
;format = text
|
||||
|
||||
# Syslog network type and address. This can be udp, tcp, or unix. If left blank, the default unix endpoints will be used.
|
||||
;network =
|
||||
;address =
|
||||
|
||||
# Syslog facility. user, daemon and local0 through local7 are valid.
|
||||
;facility =
|
||||
|
||||
# Syslog tag. By default, the process' argv[0] is used.
|
||||
;tag =
|
||||
|
||||
#################################### Alerting ############################
|
||||
[alerting]
|
||||
# Disable alerting engine & UI features
|
||||
;enabled = true
|
||||
# Makes it possible to turn off alert rule execution but alerting UI is visible
|
||||
;execute_alerts = true
|
||||
|
||||
# Default setting for new alert rules. Defaults to categorize error and timeouts as alerting. (alerting, keep_state)
|
||||
;error_or_timeout = alerting
|
||||
|
||||
# Default setting for how Grafana handles nodata or null values in alerting. (alerting, no_data, keep_state, ok)
|
||||
;nodata_or_nullvalues = no_data
|
||||
|
||||
# Alert notifications can include images, but rendering many images at the same time can overload the server
|
||||
# This limit will protect the server from render overloading and make sure notifications are sent out quickly
|
||||
;concurrent_render_limit = 5
|
||||
|
||||
|
||||
# Default setting for alert calculation timeout. Default value is 30
|
||||
;evaluation_timeout_seconds = 30
|
||||
|
||||
# Default setting for alert notification timeout. Default value is 30
|
||||
;notification_timeout_seconds = 30
|
||||
|
||||
# Default setting for max attempts to sending alert notifications. Default value is 3
|
||||
;max_attempts = 3
|
||||
|
||||
#################################### Explore #############################
|
||||
[explore]
|
||||
# Enable the Explore section
|
||||
;enabled = true
|
||||
|
||||
#################################### Internal Grafana Metrics ##########################
|
||||
# Metrics available at HTTP API Url /metrics
|
||||
[metrics]
|
||||
# Disable / Enable internal metrics
|
||||
;enabled = true
|
||||
|
||||
# Publish interval
|
||||
;interval_seconds = 10
|
||||
|
||||
# Send internal metrics to Graphite
|
||||
[metrics.graphite]
|
||||
# Enable by setting the address setting (ex localhost:2003)
|
||||
;address =
|
||||
;prefix = prod.grafana.%(instance_name)s.
|
||||
|
||||
#################################### Distributed tracing ############
|
||||
[tracing.jaeger]
|
||||
# Enable by setting the address sending traces to jaeger (ex localhost:6831)
|
||||
;address = localhost:6831
|
||||
# Tag that will always be included in when creating new spans. ex (tag1:value1,tag2:value2)
|
||||
;always_included_tag = tag1:value1
|
||||
# Type specifies the type of the sampler: const, probabilistic, rateLimiting, or remote
|
||||
;sampler_type = const
|
||||
# jaeger samplerconfig param
|
||||
# for "const" sampler, 0 or 1 for always false/true respectively
|
||||
# for "probabilistic" sampler, a probability between 0 and 1
|
||||
# for "rateLimiting" sampler, the number of spans per second
|
||||
# for "remote" sampler, param is the same as for "probabilistic"
|
||||
# and indicates the initial sampling rate before the actual one
|
||||
# is received from the mothership
|
||||
;sampler_param = 1
|
||||
|
||||
#################################### Grafana.com integration ##########################
|
||||
# Url used to import dashboards directly from Grafana.com
|
||||
[grafana_com]
|
||||
;url = https://grafana.com
|
||||
|
||||
#################################### External image storage ##########################
|
||||
[external_image_storage]
|
||||
# Used for uploading images to public servers so they can be included in slack/email messages.
|
||||
# you can choose between (s3, webdav, gcs, azure_blob, local)
|
||||
;provider =
|
||||
|
||||
[external_image_storage.s3]
|
||||
;bucket =
|
||||
;region =
|
||||
;path =
|
||||
;access_key =
|
||||
;secret_key =
|
||||
|
||||
[external_image_storage.webdav]
|
||||
;url =
|
||||
;public_url =
|
||||
;username =
|
||||
;password =
|
||||
|
||||
[external_image_storage.gcs]
|
||||
;key_file =
|
||||
;bucket =
|
||||
;path =
|
||||
|
||||
[external_image_storage.azure_blob]
|
||||
;account_name =
|
||||
;account_key =
|
||||
;container_name =
|
||||
|
||||
[external_image_storage.local]
|
||||
# does not require any configuration
|
||||
|
||||
[rendering]
|
||||
# Options to configure external image rendering server like https://github.com/grafana/grafana-image-renderer
|
||||
;server_url =
|
||||
;callback_url =
|
||||
|
||||
[enterprise]
|
||||
# Path to a valid Grafana Enterprise license.jwt file
|
||||
;license_path =
|
||||
|
||||
[panels]
|
||||
;enable_alpha = false
|
||||
# If set to true Grafana will allow script tags in text panels. Not recommended as it enable XSS vulnerabilities.
|
||||
;disable_sanitize_html = false
|
||||
|
1083
jails/config/monitor/grafana.ini
Normal file
1083
jails/config/monitor/grafana.ini
Normal file
File diff suppressed because it is too large
Load Diff
@ -49,7 +49,7 @@ ServerRoot "/usr/local"
|
||||
# prevent Apache from glomming onto all bound IP addresses.
|
||||
#
|
||||
#Listen 12.34.56.78:80
|
||||
Listen 80
|
||||
#Listen 80
|
||||
|
||||
#
|
||||
# Dynamic Shared Object (DSO) Support
|
||||
@ -108,7 +108,7 @@ LoadModule filter_module libexec/apache24/mod_filter.so
|
||||
#LoadModule substitute_module libexec/apache24/mod_substitute.so
|
||||
#LoadModule sed_module libexec/apache24/mod_sed.so
|
||||
#LoadModule charset_lite_module libexec/apache24/mod_charset_lite.so
|
||||
#LoadModule deflate_module libexec/apache24/mod_deflate.so
|
||||
LoadModule deflate_module libexec/apache24/mod_deflate.so
|
||||
#LoadModule xml2enc_module libexec/apache24/mod_xml2enc.so
|
||||
#LoadModule proxy_html_module libexec/apache24/mod_proxy_html.so
|
||||
LoadModule mime_module libexec/apache24/mod_mime.so
|
||||
@ -119,7 +119,7 @@ LoadModule log_config_module libexec/apache24/mod_log_config.so
|
||||
LoadModule env_module libexec/apache24/mod_env.so
|
||||
#LoadModule mime_magic_module libexec/apache24/mod_mime_magic.so
|
||||
#LoadModule cern_meta_module libexec/apache24/mod_cern_meta.so
|
||||
#LoadModule expires_module libexec/apache24/mod_expires.so
|
||||
LoadModule expires_module libexec/apache24/mod_expires.so
|
||||
LoadModule headers_module libexec/apache24/mod_headers.so
|
||||
#LoadModule usertrack_module libexec/apache24/mod_usertrack.so
|
||||
#LoadModule unique_id_module libexec/apache24/mod_unique_id.so
|
||||
@ -178,7 +178,6 @@ LoadModule dir_module libexec/apache24/mod_dir.so
|
||||
#LoadModule userdir_module libexec/apache24/mod_userdir.so
|
||||
LoadModule alias_module libexec/apache24/mod_alias.so
|
||||
LoadModule rewrite_module libexec/apache24/mod_rewrite.so
|
||||
#LoadModule php7_module libexec/apache24/libphp7.so
|
||||
|
||||
# Third party modules
|
||||
IncludeOptional etc/apache24/modules.d/[0-9][0-9][0-9]_*.conf
|
||||
@ -223,7 +222,7 @@ ServerAdmin sharad@ahlawat.com
|
||||
#
|
||||
# If your host doesn't have a registered DNS name, enter its IP address here.
|
||||
#
|
||||
#ServerName www.example.com:80
|
||||
ServerName monitor.ahlawat.com
|
||||
|
||||
#
|
||||
# Deny access to the entirety of your server's filesystem. You must
|
||||
@ -555,9 +554,8 @@ Include etc/apache24/Includes/*.conf
|
||||
<VirtualHost *:443>
|
||||
ServerName monitor.ahlawat.com
|
||||
ServerAlias *.ahlawat.com
|
||||
ServerAlias ahlawat.com
|
||||
|
||||
Protocols h2 h2c http/1.1
|
||||
Protocols h2 http/1.1
|
||||
|
||||
DocumentRoot "/usr/local/www/apache24/data/"
|
||||
|
||||
@ -566,15 +564,15 @@ Include etc/apache24/Includes/*.conf
|
||||
SSLCertificateKeyFile "/mnt/certs/privkey.pem"
|
||||
#SSLCertificateChainFile "/mnt/certs/fullchain.pem"
|
||||
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
||||
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
|
||||
SSLHonorCipherOrder on
|
||||
SSLCompression off
|
||||
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||
SSLHonorCipherOrder off
|
||||
SSLSessionTickets off
|
||||
SSLOptions +StrictRequire
|
||||
# SSLCompression off
|
||||
|
||||
RewriteEngine On
|
||||
RewriteCond %{HTTP:Authorization} ^(.*)
|
||||
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
|
||||
RewriteEngine On
|
||||
RewriteCond %{HTTP:Authorization} ^(.*)
|
||||
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
|
||||
|
||||
<FilesMatch "\.(cgi|shtml|phtml|php)$">
|
||||
SetHandler "proxy:fcgi://127.0.0.1:9000"
|
||||
@ -612,7 +610,100 @@ Include etc/apache24/Includes/*.conf
|
||||
CustomLog "/var/log/ssl-access_log" combined
|
||||
|
||||
<IfModule mod_headers.c>
|
||||
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
|
||||
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
|
||||
</IfModule>
|
||||
|
||||
<IfModule mod_expires.c>
|
||||
ExpiresActive On
|
||||
ExpiresDefault A0
|
||||
|
||||
<FilesMatch "\.(txt|xml|js)$">
|
||||
ExpiresDefault A31536000
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.(css)$">
|
||||
ExpiresDefault A31536000
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|woff2|svg)$">
|
||||
ExpiresDefault A31536000
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.(jpg|jpeg|png|gif|swf|webp)$">
|
||||
ExpiresDefault A31536000
|
||||
</FilesMatch>
|
||||
</IfModule>
|
||||
|
||||
<IfModule mod_headers.c>
|
||||
<FilesMatch "\.(txt|xml|js)$">
|
||||
Header set Cache-Control "max-age=31536000"
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.(css)$">
|
||||
Header set Cache-Control "max-age=31536000"
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|woff2|svg)$">
|
||||
Header set Cache-Control "max-age=31536000"
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.(jpg|jpeg|png|gif|swf|webp)$">
|
||||
Header set Cache-Control "max-age=31536000"
|
||||
</FilesMatch>
|
||||
</IfModule>
|
||||
|
||||
<IfModule mod_deflate.c>
|
||||
SetOutputFilter DEFLATE
|
||||
<IfModule mod_setenvif.c>
|
||||
<IfModule mod_headers.c>
|
||||
SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
|
||||
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
|
||||
</IfModule>
|
||||
</IfModule>
|
||||
<IfModule mod_filter.c>
|
||||
AddOutputFilterByType DEFLATE "application/atom+xml" \
|
||||
"application/javascript" \
|
||||
"application/json" \
|
||||
"application/ld+json" \
|
||||
"application/manifest+json" \
|
||||
"application/rdf+xml" \
|
||||
"application/rss+xml" \
|
||||
"application/schema+json" \
|
||||
"application/vnd.geo+json" \
|
||||
"application/vnd.ms-fontobject" \
|
||||
"application/x-font-ttf" \
|
||||
"application/x-font-opentype" \
|
||||
"application/x-font-truetype" \
|
||||
"application/x-javascript" \
|
||||
"application/x-web-app-manifest+json" \
|
||||
"application/xhtml+xml" \
|
||||
"application/xml" \
|
||||
"font/eot" \
|
||||
"font/opentype" \
|
||||
"font/otf" \
|
||||
"image/bmp" \
|
||||
"image/svg+xml" \
|
||||
"image/vnd.microsoft.icon" \
|
||||
"image/x-icon" \
|
||||
"text/cache-manifest" \
|
||||
"text/css" \
|
||||
"text/html" \
|
||||
"text/javascript" \
|
||||
"text/plain" \
|
||||
"text/vcard" \
|
||||
"text/vnd.rim.location.xloc" \
|
||||
"text/vtt" \
|
||||
"text/x-component" \
|
||||
"text/x-cross-domain-policy" \
|
||||
"text/xml"
|
||||
|
||||
</IfModule>
|
||||
<IfModule mod_mime.c>
|
||||
AddEncoding gzip svgz
|
||||
</IfModule>
|
||||
</IfModule>
|
||||
|
||||
</VirtualHost>
|
||||
|
||||
SSLUseStapling On
|
||||
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
|
||||
|
41
jails/config/monitor/pkg-list-details.txt
Normal file
41
jails/config/monitor/pkg-list-details.txt
Normal file
@ -0,0 +1,41 @@
|
||||
pkgp-freebsd-pkg____alertmanager-0.23.0_2
|
||||
pkgp-freebsd-pkg____apache24-2.4.53
|
||||
pkgp-freebsd-pkg____bash-5.1.16
|
||||
pkgp-freebsd-pkg____bash-completion-2.11_1,2
|
||||
pkgp-freebsd-pkg____grafana8-8.3.6_1
|
||||
pkgp-freebsd-pkg____influxdb-1.8.10_2
|
||||
pkgp-freebsd-pkg____iperf3-3.11
|
||||
pkgp-freebsd-pkg____nano-6.0
|
||||
pkgp-freebsd-pkg____php81-8.1.4_2
|
||||
pkgp-freebsd-pkg____php81-bcmath-8.1.4_2
|
||||
pkgp-freebsd-pkg____php81-bz2-8.1.4_2
|
||||
pkgp-freebsd-pkg____php81-ctype-8.1.4_2
|
||||
pkgp-freebsd-pkg____php81-curl-8.1.4_2
|
||||
pkgp-freebsd-pkg____php81-dom-8.1.4_1
|
||||
pkgp-freebsd-pkg____php81-fileinfo-8.1.4_2
|
||||
pkgp-freebsd-pkg____php81-filter-8.1.4_2
|
||||
pkgp-freebsd-pkg____php81-gd-8.1.4_2
|
||||
pkgp-freebsd-pkg____php81-iconv-8.1.4_2
|
||||
pkgp-freebsd-pkg____php81-intl-8.1.4_2
|
||||
pkgp-freebsd-pkg____php81-mbstring-8.1.4_2
|
||||
pkgp-freebsd-pkg____php81-mysqli-8.1.4_2
|
||||
pkgp-freebsd-pkg____php81-opcache-8.1.4_2
|
||||
pkgp-freebsd-pkg____php81-pdo-8.1.4_2
|
||||
pkgp-freebsd-pkg____php81-pdo_mysql-8.1.4_2
|
||||
pkgp-freebsd-pkg____php81-pecl-mcrypt-1.0.4
|
||||
pkgp-freebsd-pkg____php81-pecl-memcache-8.0
|
||||
pkgp-freebsd-pkg____php81-posix-8.1.4_2
|
||||
pkgp-freebsd-pkg____php81-readline-8.1.4_2
|
||||
pkgp-freebsd-pkg____php81-session-8.1.4_2
|
||||
pkgp-freebsd-pkg____php81-simplexml-8.1.4_1
|
||||
pkgp-freebsd-pkg____php81-soap-8.1.4_1
|
||||
pkgp-freebsd-pkg____php81-sockets-8.1.4_2
|
||||
pkgp-freebsd-pkg____php81-sqlite3-8.1.4_2
|
||||
pkgp-freebsd-pkg____php81-tidy-8.1.4_2
|
||||
pkgp-freebsd-pkg____php81-tokenizer-8.1.4_2
|
||||
pkgp-freebsd-pkg____php81-xml-8.1.4_1
|
||||
pkgp-freebsd-pkg____php81-zip-8.1.4_2
|
||||
pkgp-freebsd-pkg____php81-zlib-8.1.4_2
|
||||
pkgp-freebsd-pkg____pkg-1.17.5_1
|
||||
pkgp-freebsd-pkg____prometheus-2.32.1_1
|
||||
pkgp-freebsd-pkg____telegraf-1.22.0_1
|
1
jails/config/monitor/pkg-list.txt
Normal file
1
jails/config/monitor/pkg-list.txt
Normal file
@ -0,0 +1 @@
|
||||
alertmanager apache24 bash bash-completion grafana8 influxdb iperf3 nano php81 php81-bcmath php81-bz2 php81-ctype php81-curl php81-dom php81-fileinfo php81-filter php81-gd php81-iconv php81-intl php81-mbstring php81-mysqli php81-opcache php81-pdo php81-pdo_mysql php81-pecl-mcrypt php81-pecl-memcache php81-posix php81-readline php81-session php81-simplexml php81-soap php81-sockets php81-sqlite3 php81-tidy php81-tokenizer php81-xml php81-zip php81-zlib pkg prometheus telegraf
|
@ -49,7 +49,7 @@ ServerRoot "/usr/local"
|
||||
# prevent Apache from glomming onto all bound IP addresses.
|
||||
#
|
||||
#Listen 12.34.56.78:80
|
||||
Listen 80
|
||||
#Listen 80
|
||||
|
||||
#
|
||||
# Dynamic Shared Object (DSO) Support
|
||||
@ -108,7 +108,7 @@ LoadModule filter_module libexec/apache24/mod_filter.so
|
||||
#LoadModule substitute_module libexec/apache24/mod_substitute.so
|
||||
#LoadModule sed_module libexec/apache24/mod_sed.so
|
||||
#LoadModule charset_lite_module libexec/apache24/mod_charset_lite.so
|
||||
#LoadModule deflate_module libexec/apache24/mod_deflate.so
|
||||
LoadModule deflate_module libexec/apache24/mod_deflate.so
|
||||
#LoadModule xml2enc_module libexec/apache24/mod_xml2enc.so
|
||||
#LoadModule proxy_html_module libexec/apache24/mod_proxy_html.so
|
||||
LoadModule mime_module libexec/apache24/mod_mime.so
|
||||
@ -119,7 +119,7 @@ LoadModule log_config_module libexec/apache24/mod_log_config.so
|
||||
LoadModule env_module libexec/apache24/mod_env.so
|
||||
#LoadModule mime_magic_module libexec/apache24/mod_mime_magic.so
|
||||
#LoadModule cern_meta_module libexec/apache24/mod_cern_meta.so
|
||||
#LoadModule expires_module libexec/apache24/mod_expires.so
|
||||
LoadModule expires_module libexec/apache24/mod_expires.so
|
||||
LoadModule headers_module libexec/apache24/mod_headers.so
|
||||
#LoadModule usertrack_module libexec/apache24/mod_usertrack.so
|
||||
#LoadModule unique_id_module libexec/apache24/mod_unique_id.so
|
||||
@ -178,7 +178,6 @@ LoadModule dir_module libexec/apache24/mod_dir.so
|
||||
#LoadModule userdir_module libexec/apache24/mod_userdir.so
|
||||
LoadModule alias_module libexec/apache24/mod_alias.so
|
||||
LoadModule rewrite_module libexec/apache24/mod_rewrite.so
|
||||
#LoadModule php7_module libexec/apache24/libphp7.so
|
||||
|
||||
# Third party modules
|
||||
IncludeOptional etc/apache24/modules.d/[0-9][0-9][0-9]_*.conf
|
||||
@ -223,7 +222,7 @@ ServerAdmin sharad@ahlawat.com
|
||||
#
|
||||
# If your host doesn't have a registered DNS name, enter its IP address here.
|
||||
#
|
||||
#ServerName www.example.com:80
|
||||
ServerName nivi.ahlawat.com
|
||||
|
||||
#
|
||||
# Deny access to the entirety of your server's filesystem. You must
|
||||
@ -555,9 +554,8 @@ Include etc/apache24/Includes/*.conf
|
||||
<VirtualHost *:443>
|
||||
ServerName nivi.ahlawat.com
|
||||
ServerAlias *.ahlawat.com
|
||||
ServerAlias nivi
|
||||
|
||||
Protocols h2 h2c http/1.1
|
||||
Protocols h2 http/1.1
|
||||
|
||||
DocumentRoot "/usr/local/www/apache24/data/"
|
||||
|
||||
@ -566,15 +564,15 @@ Include etc/apache24/Includes/*.conf
|
||||
SSLCertificateKeyFile "/mnt/certs/privkey.pem"
|
||||
#SSLCertificateChainFile "/mnt/certs/fullchain.pem"
|
||||
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
||||
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
|
||||
SSLHonorCipherOrder on
|
||||
SSLCompression off
|
||||
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||
SSLHonorCipherOrder off
|
||||
SSLSessionTickets off
|
||||
SSLOptions +StrictRequire
|
||||
# SSLCompression off
|
||||
|
||||
RewriteEngine On
|
||||
RewriteCond %{HTTP:Authorization} ^(.*)
|
||||
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
|
||||
RewriteEngine On
|
||||
RewriteCond %{HTTP:Authorization} ^(.*)
|
||||
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
|
||||
|
||||
<FilesMatch "\.(cgi|shtml|phtml|php)$">
|
||||
SetHandler "proxy:fcgi://127.0.0.1:9000"
|
||||
@ -591,20 +589,113 @@ Include etc/apache24/Includes/*.conf
|
||||
<Directory "/usr/local/www/apache24/data/">
|
||||
Options Indexes FollowSymLinks MultiViews
|
||||
## IndexOptions FancyIndexing FoldersFirst IgnoreCase VersionSort SuppressHTMLPreamble NameWidth=96 DescriptionWidth=16
|
||||
#-IndexOptions FancyIndexing FoldersFirst IgnoreCase NameWidth=96
|
||||
#IndexOptions FancyIndexing FoldersFirst IgnoreCase NameWidth=96
|
||||
|
||||
#AllowOverride controls what directives may be placed in .htaccess files.
|
||||
#AllowOverride All
|
||||
#-AllowOverride AuthConfig
|
||||
#AllowOverride AuthConfig
|
||||
#Controls who can get stuff from this server file
|
||||
#-Require all granted
|
||||
#Require all granted
|
||||
</Directory>
|
||||
|
||||
ErrorLog "/var/log/ssl-error.log"
|
||||
CustomLog "/var/log/ssl-access_log" combined
|
||||
|
||||
<IfModule mod_headers.c>
|
||||
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
|
||||
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
|
||||
</IfModule>
|
||||
|
||||
<IfModule mod_expires.c>
|
||||
ExpiresActive On
|
||||
ExpiresDefault A0
|
||||
|
||||
<FilesMatch "\.(txt|xml|js)$">
|
||||
ExpiresDefault A31536000
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.(css)$">
|
||||
ExpiresDefault A31536000
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|woff2|svg)$">
|
||||
ExpiresDefault A31536000
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.(jpg|jpeg|png|gif|swf|webp)$">
|
||||
ExpiresDefault A31536000
|
||||
</FilesMatch>
|
||||
</IfModule>
|
||||
|
||||
<IfModule mod_headers.c>
|
||||
<FilesMatch "\.(txt|xml|js)$">
|
||||
Header set Cache-Control "max-age=31536000"
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.(css)$">
|
||||
Header set Cache-Control "max-age=31536000"
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|woff2|svg)$">
|
||||
Header set Cache-Control "max-age=31536000"
|
||||
</FilesMatch>
|
||||
|
||||
<FilesMatch "\.(jpg|jpeg|png|gif|swf|webp)$">
|
||||
Header set Cache-Control "max-age=31536000"
|
||||
</FilesMatch>
|
||||
</IfModule>
|
||||
|
||||
<IfModule mod_deflate.c>
|
||||
SetOutputFilter DEFLATE
|
||||
<IfModule mod_setenvif.c>
|
||||
<IfModule mod_headers.c>
|
||||
SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
|
||||
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
|
||||
</IfModule>
|
||||
</IfModule>
|
||||
<IfModule mod_filter.c>
|
||||
AddOutputFilterByType DEFLATE "application/atom+xml" \
|
||||
"application/javascript" \
|
||||
"application/json" \
|
||||
"application/ld+json" \
|
||||
"application/manifest+json" \
|
||||
"application/rdf+xml" \
|
||||
"application/rss+xml" \
|
||||
"application/schema+json" \
|
||||
"application/vnd.geo+json" \
|
||||
"application/vnd.ms-fontobject" \
|
||||
"application/x-font-ttf" \
|
||||
"application/x-font-opentype" \
|
||||
"application/x-font-truetype" \
|
||||
"application/x-javascript" \
|
||||
"application/x-web-app-manifest+json" \
|
||||
"application/xhtml+xml" \
|
||||
"application/xml" \
|
||||
"font/eot" \
|
||||
"font/opentype" \
|
||||
"font/otf" \
|
||||
"image/bmp" \
|
||||
"image/svg+xml" \
|
||||
"image/vnd.microsoft.icon" \
|
||||
"image/x-icon" \
|
||||
"text/cache-manifest" \
|
||||
"text/css" \
|
||||
"text/html" \
|
||||
"text/javascript" \
|
||||
"text/plain" \
|
||||
"text/vcard" \
|
||||
"text/vnd.rim.location.xloc" \
|
||||
"text/vtt" \
|
||||
"text/x-component" \
|
||||
"text/x-cross-domain-policy" \
|
||||
"text/xml"
|
||||
|
||||
</IfModule>
|
||||
<IfModule mod_mime.c>
|
||||
AddEncoding gzip svgz
|
||||
</IfModule>
|
||||
</IfModule>
|
||||
|
||||
</VirtualHost>
|
||||
|
||||
SSLUseStapling On
|
||||
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user