diff --git a/configs/boot/loader.conf b/configs/boot/loader.conf index 02a9b09..cfb3d52 100644 --- a/configs/boot/loader.conf +++ b/configs/boot/loader.conf @@ -103,3 +103,16 @@ vfs.zfs.vdev.cache.max=134217728 # https://lists.freebsd.org/pipermail/freebsd-bugs/2013-April/052301.html # my 8TB's don't support NCQ TRIM vfs.unmapped_buf_allowed=0 + +#https://forums.freebsd.org/threads/bhyve-passthrough-usb-controller.67760/#post-431968 +#https://forums.freebsd.org/threads/usb-passthrough-bhyve-windows-10-guest.86669/ +#vmm_load="YES" +#pptdevs="0/20/0" +# need another USB PCIe card in the server if I want to pass USB to HomeAssistant + +# kldload cpuctl +#cpuctl_load="YES" + +#wireguard +#https://forums.freebsd.org/threads/wireguard-in-jail-with-kernel-support.86791/ +if_wg_load="YES" diff --git a/configs/etc/ctl.conf b/configs/etc/ctl.conf index 4408e64..300314e 100644 --- a/configs/etc/ctl.conf +++ b/configs/etc/ctl.conf @@ -4,26 +4,6 @@ portal-group pg0 { listen [::] } -target iqn.nas.ahlawat.com:f11 { -# auth-group no-authentication - portal-group pg0 - chap user secretsecret - lun 0 { - path /dev/zvol/ship/raw/FreeBSD11 - size 128G - } -} - -target iqn.nas.ahlawat.com:f12 { -# auth-group no-authentication - portal-group pg0 - chap user secretsecret - lun 0 { - path /dev/zvol/ship/raw/FreeBSD12 - size 128G - } -} - target iqn.nas.ahlawat.com:f13 { # auth-group no-authentication portal-group pg0 @@ -34,16 +14,6 @@ target iqn.nas.ahlawat.com:f13 { } } -target iqn.nas.ahlawat.com:f12p { -# auth-group no-authentication - portal-group pg0 - chap user secretsecret - lun 0 { - path /dev/zvol/ship/raw/FreeBSD12p - size 128G - } -} - target iqn.nas.ahlawat.com:f13p { # auth-group no-authentication portal-group pg0 diff --git a/configs/etc/defaults/devfs.rules b/configs/etc/defaults/devfs.rules index 85262d3..a72db44 100644 --- a/configs/etc/defaults/devfs.rules +++ b/configs/etc/defaults/devfs.rules @@ -13,7 +13,6 @@ # references must include a dollar sign '$' in front of the # name to be expanded properly. # -# $FreeBSD: releng/12.3/sbin/devfs/devfs.rules 338204 2018-08-22 15:55:23Z brd $ # # Very basic and secure ruleset: Hide everything. @@ -87,6 +86,12 @@ add include $devfsrules_unhide_login add path fuse unhide add path zfs unhide add path 'bpf*' unhide +add path 'md*' unhide +add path 'md*' mode 0777 + +[devfsrules_jail_vnet=5] +add include $devfsrules_jail +add path pf unhide # members of group uucp can access all usb and tty devices [usbrules=100] diff --git a/configs/etc/defaults/periodic.conf b/configs/etc/defaults/periodic.conf index 6213c09..760e6e8 100644 --- a/configs/etc/defaults/periodic.conf +++ b/configs/etc/defaults/periodic.conf @@ -13,14 +13,13 @@ # For a more detailed explanation of all the periodic.conf variables, please # refer to the periodic.conf(5) manual page. # -# $FreeBSD: releng/12.3/usr.sbin/periodic/periodic.conf 370770 2021-10-07 19:46:04Z asomers $ # # What files override these defaults ? -periodic_conf_files="/etc/periodic.conf /etc/periodic.conf.local" +periodic_conf_files="/etc/periodic.conf /etc/periodic.conf.local ${_localbase}/etc/periodic.conf" -# periodic script dirs -local_periodic="/usr/local/etc/periodic" +# periodic script dirs. _localbase is being set in /usr/sbin/periodic +local_periodic="${_localbase}/etc/periodic" # Max time to sleep to avoid causing congestion on download servers anticongestion_sleeptime=3600 @@ -32,6 +31,7 @@ anticongestion_sleeptime=3600 # that output. $daily_output might be set to /var/log/daily.log if you # wish to log the daily output and have the files rotated by newsyslog(8) # +daily_diff_flags="-b -U 0" # flags for diff output daily_output="root" # user or /file daily_show_success="YES" # scripts returning 0 daily_show_info="YES" # scripts returning 1 @@ -109,9 +109,6 @@ daily_accounting_compress="NO" # Gzip rotated files daily_accounting_flags=-q # Flags to /usr/sbin/sa daily_accounting_save=3 # How many files to save -# 330.news -daily_news_expire_enable="YES" # Run news.expire - # 400.status-disks daily_status_disks_enable="NO" # Check disk status daily_status_disks_df_flags="-l -h" # df(1) flags for check @@ -182,6 +179,11 @@ daily_scrub_zfs_pools="" # empty string selects all pools daily_scrub_zfs_default_threshold="35" # days between scrubs #daily_scrub_zfs_${poolname}_threshold="35" # pool specific threshold +# 801.trim-zfs +daily_trim_zfs_enable="NO" +daily_trim_zfs_pools="" # empty string selects all pools +daily_trim_zfs_flags="" # zpool-trim(8) flags + # 999.local daily_local="/etc/daily.local" # Local scripts @@ -252,7 +254,7 @@ security_show_badconfig="NO" # scripts returning 2 # These options are used by the security periodic(8) scripts spawned in # daily and weekly 450.status-security. security_status_logdir="/var/log" # Directory for logs -security_status_diff_flags="-b -u" # flags for diff output +security_status_diff_flags="-b -U 0" # flags for diff output # Each of the security_status_*_period options below can have one of the # following values: @@ -301,6 +303,7 @@ security_status_ipfdenied_period="daily" # 520.pfdenied security_status_pfdenied_enable="YES" security_status_pfdenied_period="daily" +security_status_pfdenied_additionalanchors="" # 550.ipfwlimit security_status_ipfwlimit_enable="YES" diff --git a/configs/etc/exports b/configs/etc/exports index 15cddb2..15d2dbb 100644 --- a/configs/etc/exports +++ b/configs/etc/exports @@ -1,6 +1,8 @@ -V4: / -network=192.168.10.0 -mask=255.255.255.0 +V4: / -network=192.168.10.0/24 /mnt/ship/pxe/FreeBSD11 -alldirs -maproot=root /mnt/ship/pxe/FreeBSD12 -alldirs -maproot=root /mnt/ship/pxe/FreeBSD13 -alldirs -maproot=root /mnt/ship/pxe/FreeBSD12p -alldirs -maproot=root /mnt/ship/pxe/FreeBSD13p -alldirs -maproot=root +/mnt/ship/backup -alldirs -maproot=root +/mnt/ship/r-automated -alldirs -maproot=root 192.168.10.13 diff --git a/configs/etc/freebsd-update.conf b/configs/etc/freebsd-update.conf index 7965941..47cf866 100644 --- a/configs/etc/freebsd-update.conf +++ b/configs/etc/freebsd-update.conf @@ -1,4 +1,3 @@ -# $FreeBSD: releng/12.3/usr.sbin/freebsd-update/freebsd-update.conf 370439 2021-08-29 16:58:35Z kevans $ # Trusted keyprint. Changing this is a Bad Idea unless you've received # a PGP-signed email from telling you to @@ -15,7 +14,7 @@ ServerName update.FreeBSD.org #Components src world kernel # Example for updating the userland and the kernel source code only: -#Components src world +#Components src/base src/sys world Components world # manually run - git pull in /usr/src - before recompiling the kernel diff --git a/configs/etc/hosts b/configs/etc/hosts index a0909e8..c36c832 100644 --- a/configs/etc/hosts +++ b/configs/etc/hosts @@ -1,4 +1,3 @@ -# $FreeBSD: releng/12.3/lib/libc/net/hosts 338729 2018-09-17 18:56:47Z brd $ # # Host Database # @@ -13,26 +12,31 @@ ::1 localhost 127.0.0.1 localhost -192.168.0.10 nas nas.ahlawat.com -fd01::10 nas nas.ahlawat.com -192.168.10.10 nas nas.ahlawat.com -fd0a::10 nas nas.ahlawat.com -192.168.48.10 nas nas.ahlawat.com -2001:470:480a::10 nas nas.ahlawat.com +192.168.0.10 nasv1 nasv1.ahlawat.com +fd01::10 nasv1 nasv1.ahlawat.com +192.168.8.10 nas nas.ahlawat.com +fd08::10 nas nas.ahlawat.com +192.168.10.10 nasv10 nasv10.ahlawat.com +fd0a::10 nasv10 nasv10.ahlawat.com +192.168.48.10 nasv48 nasv48.ahlawat.com +2001:470:480a::10 nasv48 nasv48.ahlawat.com -10.1.0.193 crucible.ad.inseego.com i01bitcru00.ad.inseego.com bitbucket.ad.inseego.com +#10.1.0.193 crucible.ad.inseego.com i01bitcru00.ad.inseego.com bitbucket.ad.inseego.com + +13.56.245.15 rwe +54.241.30.152 rwe-gw # # Imaginary network. 10.0.0.2 myname.my.domain myname 10.0.0.3 myfriend.my.domain myfriend # -# According to RFC 1918, you can use the following IP networks for -# private nets which will never be connected to the Internet: +# According to RFC 1918, you can use the following IP blocks for +# private internets: # -# 10.0.0.0 - 10.255.255.255 -# 172.16.0.0 - 172.31.255.255 -# 192.168.0.0 - 192.168.255.255 +# 10.0.0.0 - 10.255.255.255 (10/8 prefix) +# 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) +# 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) # -# In case you want to be able to connect to the Internet, you need +# In case you want to make addresses available on the Internet, you need # real official assigned numbers. Do not try to invent your own network # numbers but instead get one from your network provider (if any) or # from your regional registry (ARIN, APNIC, LACNIC, RIPE NCC, or AfriNIC.) diff --git a/configs/etc/login.conf b/configs/etc/login.conf index 8af82a7..50a2ba9 100644 --- a/configs/etc/login.conf +++ b/configs/etc/login.conf @@ -7,7 +7,6 @@ # This file controls resource limits, accounting limits and # default user environment settings. # -# $FreeBSD: releng/12.3/usr.bin/login/login.conf 369215 2021-02-04 03:15:28Z kevans $ # # Default settings effectively disable resource limits, see the @@ -25,7 +24,7 @@ default:\ :passwd_format=sha512:\ :copyright=/etc/COPYRIGHT:\ - :welcome=/etc/motd:\ + :welcome=/var/run/motd:\ :setenv=BLOCKSIZE=K:\ :mail=/var/mail/$:\ :path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin ~/bin:\ @@ -49,8 +48,7 @@ default:\ :ignoretime@:\ :umask=022:\ :charset=UTF-8:\ - :lang=en_US.UTF-8: - + :lang=C.UTF-8: # # A collection of common class names - forward them all to 'default' @@ -130,7 +128,7 @@ russian|Russian Users Accounts:\ ## #standard:\ # :copyright=/etc/COPYRIGHT:\ -# :welcome=/etc/motd:\ +# :welcome=/var/run/motd:\ # :setenv=BLOCKSIZE=K:\ # :mail=/var/mail/$:\ # :path=~/bin /bin /usr/bin /usr/local/bin:\ diff --git a/configs/etc/ntp.conf b/configs/etc/ntp.conf index 5468a28..a3c7bac 100644 --- a/configs/etc/ntp.conf +++ b/configs/etc/ntp.conf @@ -1,5 +1,4 @@ # -# $FreeBSD: releng/12.3/usr.sbin/ntp/ntpd/ntp.conf 365704 2020-09-14 01:20:57Z emaste $ # # Default NTP servers for the FreeBSD operating system. # @@ -20,24 +19,27 @@ tos minclock 3 maxclock 6 # -# The following pool statement will give you a random set of NTP servers -# geographically close to you. A single pool statement adds multiple -# servers from the pool, according to the tos minclock/maxclock targets. +# The following pool statements will give you a random set of IPv4 and IPv6 +# NTP servers geographically close to you. A single pool statement adds +# multiple servers from the pool, according to the tos minclock/maxclock +# targets. # See http://www.pool.ntp.org/ for details. Note, pool.ntp.org encourages # users with a static IP and good upstream NTP servers to add a server -# to the pool. See http://www.pool.ntp.org/join.html if you are interested. +# to the pool. See http://www.pool.ntp.org/join.html if you are interested. # # The option `iburst' is used for faster initial synchronization. # -#pool 0.freebsd.pool.ntp.org iburst +pool 0.freebsd.pool.ntp.org iburst +pool 2.freebsd.pool.ntp.org iburst # # If you want to pick yourself which country's public NTP server -# you want to sync against, comment out the above pool, uncomment -# the next one, and replace CC with the country's abbreviation. -# Make sure that the hostname resolves to a proper IP address! +# you want to sync against, comment out the above pool statements, +# uncomment the next ones, and replace CC with the country's abbreviation. +# Make sure that the hostnames resolves to a proper IP address! # # pool 0.CC.pool.ntp.org iburst +# pool 2.CC.pool.ntp.org iburst # # To configure a specific server, such as an organization-wide local diff --git a/configs/etc/profile b/configs/etc/profile index 69c49eb..7469975 100644 --- a/configs/etc/profile +++ b/configs/etc/profile @@ -1,4 +1,3 @@ -# $FreeBSD: releng/12.3/bin/sh/profile 363525 2020-07-25 11:57:39Z pstef $ # # System-wide .profile file for sh(1). # diff --git a/configs/etc/rc.conf b/configs/etc/rc.conf index 9ed43e1..8b3453f 100644 --- a/configs/etc/rc.conf +++ b/configs/etc/rc.conf @@ -1,6 +1,6 @@ zfs_enable="YES" -kld_list="nmdm vmm ipfw ipdivert linux64 wg" +kld_list="nmdm vmm ipfw ipdivert tcp_bbr linux64 wg" # Do not mark to autodetach otherwise ZFS gets very unhappy. geli_autodetach="NO" @@ -18,7 +18,7 @@ ntpd_sync_on_start="YES" ntpd_enable="YES" powerdxx_enable="YES" -powerdxx_flags="" +powerdxx_flags="-a hiadaptive" smartd_enable="YES" nut_enable="YES" @@ -30,42 +30,56 @@ firewall_type="open" firewall_logging="YES" firewall_logif="YES" -# /interfaces +# interfaces/ cloned_interfaces_sticky="YES" -cloned_interfaces="lagg0 bridge1 bridge2 bridge3 bridge5 bridge8 bridge9 bridge10 bridge48" +cloned_interfaces="lagg0 bridge1 bridge2 bridge3 bridge5 bridge8 bridge9 bridge10 bridge48 bridge22 bridge99" -ifconfig_lagg0="laggproto loadbalance laggport igb0 laggport igb1 up" ifconfig_igb0="up -rxcsum -rxcsum6 -txcsum -txcsum6 -lro -tso -vlanhwtso" ifconfig_igb1="up -rxcsum -rxcsum6 -txcsum -txcsum6 -lro -tso -vlanhwtso" +ifconfig_lagg0="laggproto lacp laggport igb0 laggport igb1 up" -vlans_lagg0="1 2 3 5 8 9 10 48" +vlans_lagg0="1 2 3 5 8 9 10 48 22" +#vlans_igb0="1 2 3 5 10 48 22" +#vlans_igb1="8 9" ipv6_activate_all_interfaces="YES" rtsold_enable="YES" ifconfig_lagg0_1="inet 192.168.0.10/24" ifconfig_lagg0_1_ipv6="inet6 fd01::10/64 auto_linklocal accept_rtadv" -ifconfig_lagg0_2="up" -#ifconfig_lagg0_2="inet 192.168.2.10/24" -#ifconfig_lagg0_2_ipv6="inet6 fd02::10/64 auto_linklocal accept_rtadv" -ifconfig_lagg0_3="up" -#ifconfig_lagg0_3="inet 192.168.3.10/24" -#ifconfig_lagg0_3_ipv6="inet6 fd03::10/64 auto_linklocal accept_rtadv" -ifconfig_lagg0_5="up" -#ifconfig_lagg0_5="inet 192.168.5.10/24" -#ifconfig_lagg0_5_ipv6="inet6 fd05::10/64 auto_linklocal accept_rtadv" -ifconfig_lagg0_8="up" -# to avoid asymmetric routing - keep ip for vlan8 disabled -#ifconfig_lagg0_8="inet 192.168.8.10/24" -#ifconfig_lagg0_8_ipv6="inet6 fd08::10/64 auto_linklocal accept_rtadv" -ifconfig_lagg0_9="up" -#ifconfig_lagg0_9="inet 192.168.200.10/24" -#ifconfig_lagg0_9_ipv6="inet6 fd09::10/64 auto_linklocal accept_rtadv" +#ifconfig_igb0_1="inet 192.168.0.10/24" +#ifconfig_igb0_1_ipv6="inet6 fd01::10/64 auto_linklocal accept_rtadv" + # required for lab servers netboot on vlan10 ifconfig_lagg0_10="inet 192.168.10.10/24" ifconfig_lagg0_10_ipv6="inet6 fd0a::10/64 auto_linklocal accept_rtadv" +#ifconfig_igb0_10="inet 192.168.10.10/24" +#ifconfig_igb0_10_ipv6="inet6 fd0a::10/64 auto_linklocal accept_rtadv" + ifconfig_lagg0_48="inet 192.168.48.10/24" ifconfig_lagg0_48_ipv6="inet6 2001:470:480a::10/64 auto_linklocal accept_rtadv" +#ifconfig_igb0_48="inet 192.168.48.10/24" +#ifconfig_igb0_48_ipv6="inet6 2001:470:480a::10/64 auto_linklocal accept_rtadv" + +# to avoid asymmetric routing - keep ip for vlan8 disabled +# updated DNS entries to address the above concern +ifconfig_lagg0_8="up" +ifconfig_lagg0_8="inet 192.168.8.10/24" +ifconfig_lagg0_8_ipv6="inet6 fd08::10/64 auto_linklocal accept_rtadv" +#ifconfig_igb1_8="up" +#ifconfig_igb1_8="inet 192.168.8.10/24" +#ifconfig_igb1_8_ipv6="inet6 fd08::10/64 auto_linklocal accept_rtadv" + +ifconfig_lagg0_2="up" +ifconfig_lagg0_3="up" +ifconfig_lagg0_5="up" +ifconfig_lagg0_9="up" +ifconfig_lagg0_22="up" +#ifconfig_igb0_2="up" +#ifconfig_igb0_3="up" +#ifconfig_igb0_5="up" +#ifconfig_igb1_9="up" +#ifconfig_igb1_22="up" ifconfig_bridge1="addm lagg0.1 up" ifconfig_bridge2="addm lagg0.2 up" @@ -75,6 +89,17 @@ ifconfig_bridge8="addm lagg0.8 up" ifconfig_bridge9="addm lagg0.9 up" ifconfig_bridge10="addm lagg0.10 up" ifconfig_bridge48="addm lagg0.48 up" +ifconfig_bridge22="addm lagg0.22 up" + +#ifconfig_bridge1="addm igb0.1 up" +#ifconfig_bridge2="addm igb0.2 up" +#ifconfig_bridge3="addm igb0.3 up" +#ifconfig_bridge5="addm igb0.5 up" +#ifconfig_bridge8="addm igb1.8 up" +#ifconfig_bridge9="addm igb1.9 up" +#ifconfig_bridge10="addm igb0.10 up" +#ifconfig_bridge48="addm igb0.48 up" +#ifconfig_bridge22="addm igb0.22 up" # adding IP to bridges does not work #ifconfig_bridge1="inet 192.168.0.10/24" diff --git a/configs/etc/rctl.conf b/configs/etc/rctl.conf index 7f0649b..48335d3 100644 --- a/configs/etc/rctl.conf +++ b/configs/etc/rctl.conf @@ -1 +1,3 @@ jail:ioc-jump:vmemoryuse:deny=4G/jail +jail:ioc-ldap:vmemoryuse:deny=8G/jail +jail:ioc-monitor:vmemoryuse:deny=16G/jail diff --git a/configs/etc/sysctl.conf b/configs/etc/sysctl.conf index a2117ad..a2931e7 100644 --- a/configs/etc/sysctl.conf +++ b/configs/etc/sysctl.conf @@ -1,4 +1,3 @@ -# $FreeBSD: releng/12.3/sbin/sysctl/sysctl.conf 337624 2018-08-11 13:28:03Z brd $ # # This file is read when going to multi-user and its contents piped thru # ``sysctl'' to adjust kernel values. ``man 5 sysctl.conf'' for details. @@ -72,10 +71,10 @@ net.inet.tcp.mssdflt=1448 net.inet.tcp.nolocaltimewait=1 net.inet.tcp.path_mtu_discovery=0 net.inet.tcp.reass.maxqueuelen=1448 -net.inet.tcp.recvbuf_inc=65536 +###net.inet.tcp.recvbuf_inc=65536 net.inet.tcp.recvbuf_max=16777216 net.inet.tcp.recvspace=262144 -net.inet.tcp.rfc6675_pipe=1 +###net.inet.tcp.rfc6675_pipe=1 net.inet.tcp.sendbuf_inc=65536 net.inet.tcp.sendbuf_max=16777216 net.inet.tcp.sendspace=262144 @@ -98,14 +97,14 @@ net.link.bridge.pfil_onlyip=0 net.local.stream.recvspace=164240 net.local.stream.sendspace=164240 net.route.netisr_maxqlen=2048 -net.raw.recvspace=65536 -net.raw.sendspace=65536 +###net.raw.recvspace=65536 +###net.raw.sendspace=65536 vfs.zfs.arc_max=51539607552 vfs.zfs.delay_min_dirty_percent=96 vfs.zfs.dirty_data_max=12884901888 -vfs.zfs.prefetch_disable=0 +###vfs.zfs.prefetch_disable=0 #vfs.zfs.top_maxinflight=128 -vfs.zfs.trim.txg_delay=2 +###vfs.zfs.trim.txg_delay=2 vfs.zfs.txg.timeout=90 vfs.zfs.vdev.aggregation_limit=1048576 vfs.zfs.vdev.write_gap_limit=0 @@ -114,13 +113,14 @@ vfs.zfs.vdev.write_gap_limit=0 #vfs.zfs.l2arc_write_boost=402653184 #vfs.zfs.l2arc_write_max=402653184 -net.inet.tcp.functions_default=rack -net.inet.tcp.rack.tlpmethod=3 -net.inet.tcp.rack.data_after_close=0 +###net.inet.tcp.functions_default=rack +###net.inet.tcp.rack.tlpmethod=3 +###net.inet.tcp.rack.data_after_close=0 -# Verify RACK +net.inet.tcp.functions_default=bbr +# Verify BBR # sysctl net.inet.tcp.functions_available -# sysctl net.inet.tcp.rack. +# sysctl net.inet.tcp.bbr. #Cheap Disk Issues kern.cam.ada.default_timeout=60 diff --git a/configs/usr/local/etc/pkg/repos/pkgp.conf b/configs/usr/local/etc/pkg/repos/pkgp.conf index 9327ae9..f09118a 100644 --- a/configs/usr/local/etc/pkg/repos/pkgp.conf +++ b/configs/usr/local/etc/pkg/repos/pkgp.conf @@ -1,18 +1,16 @@ FreeBSD: { url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest", - enabled: no + enabled: yes } pkgp-freebsd-pkg: { url: "http://pkgp-freebsd-pkg.ahlawat.com/${ABI}/latest", - mirror_type: "http", - enabled: yes, + enabled: no, priority: 10 } pkgp123: { url: "http://pkgp.ahlawat.com/packages/pj123-default/", - mirror_type: "http", signature_type: "pubkey", pubkey: "/mnt/data/apps/certs/poudriere.cert", enabled: no, diff --git a/configs/usr/local/etc/rc.d/gstat_exporter b/configs/usr/local/etc/rc.d/gstat_exporter index e3182dd..a1469d8 100755 --- a/configs/usr/local/etc/rc.d/gstat_exporter +++ b/configs/usr/local/etc/rc.d/gstat_exporter @@ -1,44 +1,27 @@ #!/bin/sh -# Copyright (c) 2018-2022, diyIT.org -# All rights reserved. -# -# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") -# https://diyit.org/license/ -# -# - -# the two lines below are not just comments but required by rcorder; service -e # PROVIDE: gstat_exporter -# REQUIRE: NETWORKING DAEMON +# REQUIRE: LOGIN NETWORKING +# KEYWORD: shutdown + +# Add the following lines to /etc/rc.conf to enable gstat_exporter: +# +# gstat_exporter_enable (bool): Set to "NO" by default. +# Set it to "YES" to enable gstat_exporter_enable. . /etc/rc.subr -: ${gstat_exporter_enable="NO"} - name=gstat_exporter -rcvar=${name}_enable - -GSTATEXPORTER="nohup /usr/local/bin/python3.9 /root/FreeBSD/scripts/gstat_exporter.py" - -start_cmd="${name}_start" -stop_cmd="${name}_stop" -restart_cmd="${name}_restart" - -gstat_exporter_start() -{ - $GSTATEXPORTER & -} - -gstat_exporter_stop() -{ - ps ax | grep -ie gstat_exporter.py | grep -v grep | awk '{print $1}' | xargs kill -9 -} -gstat_exporter_restart() -{ - gstat_exporter_stop - gstat_exporter_start -} +rcvar=gstat_exporter_enable +desc="gstat_exporter daemon" load_rc_config ${name} + +: ${gstat_exporter_enable:=NO} + +pidfile="/var/run/${name}.pid" +command_interpreter=/usr/local/bin/python3.11 +command=/usr/local/bin/${name}.py +start_cmd="/usr/sbin/daemon -f -p ${pidfile} $command_interpreter $command" + run_rc_command "$1" diff --git a/jails/config/atm/ldap.conf b/jails/config/atm/ldap.conf deleted file mode 100644 index 91d0546..0000000 --- a/jails/config/atm/ldap.conf +++ /dev/null @@ -1,15 +0,0 @@ -# -# LDAP Defaults -# - -# See ldap.conf(5) for details -# This file should be world readable but not world writable. - -BASE ou=people,dc=infra -URI ldaps://ldap.ahlawat.com:636 -ssl start_tls -tls_cacert /mnt/certs/cacert.pem - -#SIZELIMIT 12 -#TIMELIMIT 15 -#DEREF never diff --git a/jails/config/atm/nslcd.conf b/jails/config/atm/nslcd.conf index 654aabd..791f368 100644 --- a/jails/config/atm/nslcd.conf +++ b/jails/config/atm/nslcd.conf @@ -15,7 +15,8 @@ gid nslcd #uri ldaps://127.0.0.1/ #uri ldapi://%2fvar%2frun%2fldapi_sock/ # Note: %2f encodes the '/' used as directory separator -uri ldaps://ldap.ahlawat.com:636 +# uri ldaps://ldap.ahlawat.com:636 +uri ldap://ldap.ahlawat.com:389 # The LDAP version to use (defaults to 3 # if supported by client library) diff --git a/jails/config/atm/pkg-list-details-old.txt b/jails/config/atm/pkg-list-details-old.txt index 72525fa..f26815f 100644 --- a/jails/config/atm/pkg-list-details-old.txt +++ b/jails/config/atm/pkg-list-details-old.txt @@ -1,6 +1,6 @@ -pkgp123____netatalk3-3.1.13_4,1 -pkgp123____nss-pam-ldapd-sasl-0.9.12_1 -pkgp123____pkg-1.18.4 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____nano-6.4 +pkgp123____bash-5.2.37 +pkgp123____netatalk3-3.2.10_2,1 +pkgp123____nss-pam-ldapd-sasl-0.9.13_1 +pkgp123____pkg-2.1.2 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 diff --git a/jails/config/atm/pkg-list-details.txt b/jails/config/atm/pkg-list-details.txt index cd3458a..f26815f 100644 --- a/jails/config/atm/pkg-list-details.txt +++ b/jails/config/atm/pkg-list-details.txt @@ -1,6 +1,6 @@ -pkgp123____netatalk3-3.1.13_4,1 -pkgp123____nss-pam-ldapd-sasl-0.9.12_1 -pkgp123____pkg-1.18.4 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____nano-7.0 +pkgp123____bash-5.2.37 +pkgp123____netatalk3-3.2.10_2,1 +pkgp123____nss-pam-ldapd-sasl-0.9.13_1 +pkgp123____pkg-2.1.2 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 diff --git a/jails/config/atm/pkgp.conf b/jails/config/atm/pkgp.conf index 86e5a9a..ac09580 100644 --- a/jails/config/atm/pkgp.conf +++ b/jails/config/atm/pkgp.conf @@ -5,14 +5,12 @@ FreeBSD: { pkgp-freebsd-pkg: { url: "http://pkgp-freebsd-pkg.ahlawat.com/${ABI}/latest", - mirror_type: "http", enabled: yes, priority: 10 } pkgp123: { url: "http://pkgp.ahlawat.com/packages/pj123-default", - mirror_type: "http", signature_type: "pubkey", pubkey: "/mnt/certs/poudriere.cert", enabled: yes, diff --git a/jails/config/auto/pkg-list-details-old.txt b/jails/config/auto/pkg-list-details-old.txt index 1f2a8ea..5f51a72 100644 --- a/jails/config/auto/pkg-list-details-old.txt +++ b/jails/config/auto/pkg-list-details-old.txt @@ -1,13 +1,9 @@ -pkgp123____bash-5.2.12 -pkgp123____bash-completion-2.11_2,2 -pkgp123____nginx-devel-1.23.2_4 -pkgp123____pkg-1.18.4 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____py39-ansible-6.1.0 -pkgp-freebsd-pkg____py39-django32-3.2.16 -pkgp-freebsd-pkg____py39-gunicorn-20.1.0 -pkgp-freebsd-pkg____py39-pillow-9.2.0 -pkgp-freebsd-pkg____py39-pip-22.2.2 -pkgp-freebsd-pkg____py39-psycopg2-2.9.4 -pkgp-freebsd-pkg____py39-tkinter-3.9.15_6 -pkgp-freebsd-pkg____sudo-1.9.12p1 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____nginx-devel-1.28.0 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____py311-django42-4.2.20 +pkgp-freebsd-pkg____py311-gunicorn-23.0.0_1 +pkgp-freebsd-pkg____py311-psycopg2-2.9.10 +pkgp-freebsd-pkg____sudo-1.9.16p2_1 diff --git a/jails/config/auto/pkg-list-details.txt b/jails/config/auto/pkg-list-details.txt index b14680f..5f51a72 100644 --- a/jails/config/auto/pkg-list-details.txt +++ b/jails/config/auto/pkg-list-details.txt @@ -1,13 +1,9 @@ -pkgp123____bash-completion-2.11_2,2 -pkgp123____pkg-1.18.4 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____nginx-devel-1.23.2_4 -pkgp-freebsd-pkg____py39-ansible-6.1.0 -pkgp-freebsd-pkg____py39-django32-3.2.16 -pkgp-freebsd-pkg____py39-gunicorn-20.1.0 -pkgp-freebsd-pkg____py39-pillow-9.2.0 -pkgp-freebsd-pkg____py39-pip-22.2.2 -pkgp-freebsd-pkg____py39-psycopg2-2.9.4 -pkgp-freebsd-pkg____py39-tkinter-3.9.15_6 -pkgp-freebsd-pkg____sudo-1.9.12p1 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____nginx-devel-1.28.0 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____py311-django42-4.2.20 +pkgp-freebsd-pkg____py311-gunicorn-23.0.0_1 +pkgp-freebsd-pkg____py311-psycopg2-2.9.10 +pkgp-freebsd-pkg____sudo-1.9.16p2_1 diff --git a/jails/config/auto/pkg-list-old.txt b/jails/config/auto/pkg-list-old.txt index b85253b..4601069 100644 --- a/jails/config/auto/pkg-list-old.txt +++ b/jails/config/auto/pkg-list-old.txt @@ -1 +1 @@ -bash bash-completion nano nginx-devel pkg py39-ansible py39-django32 py39-gunicorn py39-pillow py39-pip py39-psycopg2 py39-tkinter sudo +bash bash-completion nano nginx-devel pkg py311-django42 py311-gunicorn py311-psycopg2 sudo diff --git a/jails/config/auto/pkg-list.txt b/jails/config/auto/pkg-list.txt index b85253b..4601069 100644 --- a/jails/config/auto/pkg-list.txt +++ b/jails/config/auto/pkg-list.txt @@ -1 +1 @@ -bash bash-completion nano nginx-devel pkg py39-ansible py39-django32 py39-gunicorn py39-pillow py39-pip py39-psycopg2 py39-tkinter sudo +bash bash-completion nano nginx-devel pkg py311-django42 py311-gunicorn py311-psycopg2 sudo diff --git a/jails/config/book/cps b/jails/config/book/cps index 0f15266..f0f3de0 100755 --- a/jails/config/book/cps +++ b/jails/config/book/cps @@ -19,8 +19,8 @@ name=cpsserver rcvar=${name}_enable -#CPSSERVER="nohup /usr/local/bin/python3.9 /data/calibre-web/cps.py" -CPSSERVER="nohup /usr/local/bin/cps" +CPSSERVER="nohup /usr/local/bin/python3.9 /data/calibre-web/cps.py" +#CPSSERVER="nohup /usr/local/bin/cps" start_cmd="${name}_start" stop_cmd="${name}_stop" @@ -31,11 +31,15 @@ cpsserver_start() $CPSSERVER -p /data/big/app.db -g /data/big/gdrive.db & $CPSSERVER -p /data/fiction/app.db -g /data/fiction/gdrive.db & $CPSSERVER -p /data/movie/app.db -g /data/movie/gdrive.db & + $CPSSERVER -p /data/art/app.db -g /data/art/gdrive.db & + $CPSSERVER -p /data/home/app.db -g /data/home/gdrive.db & + $CPSSERVER -p /data/general/app.db -g /data/general/gdrive.db & } cpsserver_stop() { ps ax | grep -ie cps.py | grep -v grep | awk '{print $1}' | xargs kill -9 +# ps ax | grep -ie cps | grep -v grep | awk '{print $1}' | xargs kill -9 } cpsserver_restart() { diff --git a/jails/config/book/pkg-list-details-old.txt b/jails/config/book/pkg-list-details-old.txt index fa1c5c8..1a91689 100644 --- a/jails/config/book/pkg-list-details-old.txt +++ b/jails/config/book/pkg-list-details-old.txt @@ -1,10 +1,14 @@ -pkgp123____libxml2-2.10.3_1 -pkgp123____libxslt-1.1.37 -pkgp123____pkg-1.18.4 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____py39-ldap-3.4.0 -pkgp-freebsd-pkg____py39-pip-22.2.2 -pkgp-freebsd-pkg____py39-sqlite3-3.9.15_7 -pkgp-freebsd-pkg____rust-1.64.0 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____cyrus-sasl-2.1.28_5 +pkgp-freebsd-pkg____libxml2-2.11.9 +pkgp-freebsd-pkg____libxslt-1.1.42 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____py311-netifaces-plus-0.12.2_1 +pkgp-freebsd-pkg____py311-pip-23.3.2_4 +pkgp-freebsd-pkg____py311-pyasn1-0.6.0 +pkgp-freebsd-pkg____py311-pyasn1-modules-0.4.1 +pkgp-freebsd-pkg____py311-python-ldap-3.4.4 +pkgp-freebsd-pkg____py311-sqlite3-3.11.12_10 +pkgp-freebsd-pkg____rust-1.86.0 diff --git a/jails/config/book/pkg-list-details.txt b/jails/config/book/pkg-list-details.txt index 0dbeaca..1a91689 100644 --- a/jails/config/book/pkg-list-details.txt +++ b/jails/config/book/pkg-list-details.txt @@ -1,10 +1,14 @@ -pkgp123____libxml2-2.10.3_1 -pkgp123____libxslt-1.1.37 -pkgp123____pkg-1.18.4 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____py39-ldap-3.4.0 -pkgp-freebsd-pkg____py39-pip-22.2.2 -pkgp-freebsd-pkg____py39-sqlite3-3.9.15_7 -pkgp-freebsd-pkg____rust-1.65.0 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____cyrus-sasl-2.1.28_5 +pkgp-freebsd-pkg____libxml2-2.11.9 +pkgp-freebsd-pkg____libxslt-1.1.42 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____py311-netifaces-plus-0.12.2_1 +pkgp-freebsd-pkg____py311-pip-23.3.2_4 +pkgp-freebsd-pkg____py311-pyasn1-0.6.0 +pkgp-freebsd-pkg____py311-pyasn1-modules-0.4.1 +pkgp-freebsd-pkg____py311-python-ldap-3.4.4 +pkgp-freebsd-pkg____py311-sqlite3-3.11.12_10 +pkgp-freebsd-pkg____rust-1.86.0 diff --git a/jails/config/book/pkg-list-old.txt b/jails/config/book/pkg-list-old.txt index 5fb392e..8b00d87 100644 --- a/jails/config/book/pkg-list-old.txt +++ b/jails/config/book/pkg-list-old.txt @@ -1 +1 @@ -bash bash-completion libxml2 libxslt nano pkg py39-ldap py39-pip py39-sqlite3 rust +bash bash-completion cyrus-sasl libxml2 libxslt nano pkg py311-netifaces-plus py311-pip py311-pyasn1 py311-pyasn1-modules py311-python-ldap py311-sqlite3 rust diff --git a/jails/config/book/pkg-list.txt b/jails/config/book/pkg-list.txt index 5fb392e..8b00d87 100644 --- a/jails/config/book/pkg-list.txt +++ b/jails/config/book/pkg-list.txt @@ -1 +1 @@ -bash bash-completion libxml2 libxslt nano pkg py39-ldap py39-pip py39-sqlite3 rust +bash bash-completion cyrus-sasl libxml2 libxslt nano pkg py311-netifaces-plus py311-pip py311-pyasn1 py311-pyasn1-modules py311-python-ldap py311-sqlite3 rust diff --git a/jails/config/calibre/pkg-list-details-old.txt b/jails/config/calibre/pkg-list-details-old.txt index d58afc6..07d3822 100644 --- a/jails/config/calibre/pkg-list-details-old.txt +++ b/jails/config/calibre/pkg-list-details-old.txt @@ -1,11 +1,11 @@ -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____calibre-5.44.0_6 -pkgp-freebsd-pkg____fluxbox-1.3.7_5 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____sudo-1.9.12p1 -pkgp-freebsd-pkg____tigervnc-server-1.12.0_5 -pkgp-freebsd-pkg____xauth-1.1.1 -pkgp-freebsd-pkg____xpdf-4.04,1 -pkgp-freebsd-pkg____xterm-375 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____calibre-8.3.0 +pkgp-freebsd-pkg____fluxbox-1.3.7_10 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____sudo-1.9.16p2_1 +pkgp-freebsd-pkg____tigervnc-server-1.15.0 +pkgp-freebsd-pkg____xauth-1.1.4 +pkgp-freebsd-pkg____xpdf-4.05_4,1 +pkgp-freebsd-pkg____xterm-397_2 diff --git a/jails/config/calibre/pkg-list-details.txt b/jails/config/calibre/pkg-list-details.txt index 3fb7fa8..07d3822 100644 --- a/jails/config/calibre/pkg-list-details.txt +++ b/jails/config/calibre/pkg-list-details.txt @@ -1,11 +1,11 @@ -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____calibre-5.44.0_6 -pkgp-freebsd-pkg____fluxbox-1.3.7_5 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____sudo-1.9.12p1 -pkgp-freebsd-pkg____tigervnc-server-1.12.0_5 -pkgp-freebsd-pkg____xauth-1.1.1 -pkgp-freebsd-pkg____xpdf-4.04,1 -pkgp-freebsd-pkg____xterm-377 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____calibre-8.3.0 +pkgp-freebsd-pkg____fluxbox-1.3.7_10 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____sudo-1.9.16p2_1 +pkgp-freebsd-pkg____tigervnc-server-1.15.0 +pkgp-freebsd-pkg____xauth-1.1.4 +pkgp-freebsd-pkg____xpdf-4.05_4,1 +pkgp-freebsd-pkg____xterm-397_2 diff --git a/jails/config/cam/pkg-list-details-old.txt b/jails/config/cam/pkg-list-details-old.txt index 33e579d..23096b0 100644 --- a/jails/config/cam/pkg-list-details-old.txt +++ b/jails/config/cam/pkg-list-details-old.txt @@ -1,7 +1,13 @@ -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____curl-7.85.0 -pkgp-freebsd-pkg____motion-4.3.2_3 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____py27-pip-20.2.3 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____curl-8.13.0 +pkgp-freebsd-pkg____dejavu-2.37_3 +pkgp-freebsd-pkg____ffmpeg-6.1.2_10,1 +pkgp-freebsd-pkg____git-lite-2.49.0 +pkgp-freebsd-pkg____gmake-4.4.1 +pkgp-freebsd-pkg____libgd-2.3.3_13,1 +pkgp-freebsd-pkg____motion-4.7.0 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____rsync-3.4.1_2 +pkgp-freebsd-pkg____v4l-utils-1.23.0_5 diff --git a/jails/config/cam/pkg-list-details.txt b/jails/config/cam/pkg-list-details.txt index 1a52908..23096b0 100644 --- a/jails/config/cam/pkg-list-details.txt +++ b/jails/config/cam/pkg-list-details.txt @@ -1,7 +1,13 @@ -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____curl-7.85.0 -pkgp-freebsd-pkg____motion-4.3.2_3 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____py27-pip-20.2.3 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____curl-8.13.0 +pkgp-freebsd-pkg____dejavu-2.37_3 +pkgp-freebsd-pkg____ffmpeg-6.1.2_10,1 +pkgp-freebsd-pkg____git-lite-2.49.0 +pkgp-freebsd-pkg____gmake-4.4.1 +pkgp-freebsd-pkg____libgd-2.3.3_13,1 +pkgp-freebsd-pkg____motion-4.7.0 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____rsync-3.4.1_2 +pkgp-freebsd-pkg____v4l-utils-1.23.0_5 diff --git a/jails/config/cam/pkg-list-old.txt b/jails/config/cam/pkg-list-old.txt index 3a4bfa9..1ca2228 100644 --- a/jails/config/cam/pkg-list-old.txt +++ b/jails/config/cam/pkg-list-old.txt @@ -1 +1 @@ -bash bash-completion curl motion nano pkg py27-pip +bash bash-completion curl dejavu ffmpeg git-lite gmake libgd motion nano pkg rsync v4l-utils diff --git a/jails/config/cam/pkg-list.txt b/jails/config/cam/pkg-list.txt index 3a4bfa9..1ca2228 100644 --- a/jails/config/cam/pkg-list.txt +++ b/jails/config/cam/pkg-list.txt @@ -1 +1 @@ -bash bash-completion curl motion nano pkg py27-pip +bash bash-completion curl dejavu ffmpeg git-lite gmake libgd motion nano pkg rsync v4l-utils diff --git a/jails/config/cert/pkg-list-details-old.txt b/jails/config/cert/pkg-list-details-old.txt index 3692cce..ff6ab38 100644 --- a/jails/config/cert/pkg-list-details-old.txt +++ b/jails/config/cert/pkg-list-details-old.txt @@ -1,8 +1,9 @@ -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____curl-7.85.0 -pkgp-freebsd-pkg____git-lite-2.38.1_3 -pkgp-freebsd-pkg____go-1.19,2 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____wget-1.21.3_1 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____curl-8.13.0 +pkgp-freebsd-pkg____git-lite-2.49.0 +pkgp-freebsd-pkg____go-1.21_7,2 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____socat-1.8.0.3 +pkgp-freebsd-pkg____wget-1.25.0 diff --git a/jails/config/cert/pkg-list-details.txt b/jails/config/cert/pkg-list-details.txt index f1647df..ff6ab38 100644 --- a/jails/config/cert/pkg-list-details.txt +++ b/jails/config/cert/pkg-list-details.txt @@ -1,8 +1,9 @@ -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____curl-7.85.0 -pkgp-freebsd-pkg____git-lite-2.38.1_4 -pkgp-freebsd-pkg____go-1.19,2 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____wget-1.21.3_1 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____curl-8.13.0 +pkgp-freebsd-pkg____git-lite-2.49.0 +pkgp-freebsd-pkg____go-1.21_7,2 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____socat-1.8.0.3 +pkgp-freebsd-pkg____wget-1.25.0 diff --git a/jails/config/cert/pkg-list-old.txt b/jails/config/cert/pkg-list-old.txt index eb679c1..dbdafc5 100644 --- a/jails/config/cert/pkg-list-old.txt +++ b/jails/config/cert/pkg-list-old.txt @@ -1 +1 @@ -bash bash-completion curl git-lite go nano pkg wget +bash bash-completion curl git-lite go nano pkg socat wget diff --git a/jails/config/cert/pkg-list.txt b/jails/config/cert/pkg-list.txt index eb679c1..dbdafc5 100644 --- a/jails/config/cert/pkg-list.txt +++ b/jails/config/cert/pkg-list.txt @@ -1 +1 @@ -bash bash-completion curl git-lite go nano pkg wget +bash bash-completion curl git-lite go nano pkg socat wget diff --git a/jails/config/ci/pkg-list-details-old.txt b/jails/config/ci/pkg-list-details-old.txt index 6f4da6c..fab1ae8 100644 --- a/jails/config/ci/pkg-list-details-old.txt +++ b/jails/config/ci/pkg-list-details-old.txt @@ -1,5 +1,5 @@ -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____jenkins-2.377 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____pkg-1.18.4 +pkgp123____bash-5.2.37 +pkgp123____nginx-1.26.3_3,3 +pkgp123____pkg-2.1.2 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 diff --git a/jails/config/ci/pkg-list-details.txt b/jails/config/ci/pkg-list-details.txt index 1970ca7..fab1ae8 100644 --- a/jails/config/ci/pkg-list-details.txt +++ b/jails/config/ci/pkg-list-details.txt @@ -1,5 +1,5 @@ -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____jenkins-2.378 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____pkg-1.18.4 +pkgp123____bash-5.2.37 +pkgp123____nginx-1.26.3_3,3 +pkgp123____pkg-2.1.2 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 diff --git a/jails/config/ci/pkg-list-old.txt b/jails/config/ci/pkg-list-old.txt index aaf032d..bda807d 100644 --- a/jails/config/ci/pkg-list-old.txt +++ b/jails/config/ci/pkg-list-old.txt @@ -1 +1 @@ -bash bash-completion jenkins nano pkg +bash bash-completion nano nginx pkg diff --git a/jails/config/ci/pkg-list.txt b/jails/config/ci/pkg-list.txt index aaf032d..bda807d 100644 --- a/jails/config/ci/pkg-list.txt +++ b/jails/config/ci/pkg-list.txt @@ -1 +1 @@ -bash bash-completion jenkins nano pkg +bash bash-completion nano nginx pkg diff --git a/jails/config/cloud/config.php b/jails/config/cloud/config.php index ae550d8..3fb2dc0 100644 --- a/jails/config/cloud/config.php +++ b/jails/config/cloud/config.php @@ -12,7 +12,7 @@ $CONFIG = array ( 'datadirectory' => '/mnt/cloud', 'overwrite.cli.url' => 'https://cloud.ahlawat.com/', 'dbtype' => 'mysql', - 'version' => '21.0.3.1', + 'version' => '28.0.4.1', 'dbname' => 'nextcloud', 'dbhost' => 'db.ahlawat.com', 'dbport' => '3306', @@ -24,6 +24,7 @@ $CONFIG = array ( 'instanceid' => 'oc7suxvjiy9s', 'htaccess.RewriteBase' => '/', 'filelocking.enabled' => 'true', + 'memcache.local' => '\OC\Memcache\APCu', 'memcache.locking' => '\\OC\\Memcache\\Redis', 'redis' => array ( @@ -38,7 +39,7 @@ $CONFIG = array ( 'logrotate_size' => '104847600', 'ldapIgnoreNamingRules' => false, 'ldapProviderFactory' => '\\OCA\\User_LDAP\\LDAPProviderFactory', - 'mail_smtpmode' => 'smtp', + 'mail_smtpmode' => 'sendmail', 'mail_from_address' => 'nobody', 'mail_domain' => 'ahlawat.com', 'mail_smtphost' => '192.168.0.100', @@ -47,5 +48,6 @@ $CONFIG = array ( 'theme' => '', 'encryption.legacy_format_support' => false, 'encryption.key_storage_migrated' => false, - 'updater.secret' => '$2y$10$jAnC4Ha3RI2CL.IlhYluSeeOuKMT4itq/ViSiH1Q9DciUXfB3YSYS', + 'data-fingerprint' => 'a20b20d2fb1221ec403a5f7c65828557', + 'mail_sendmailmode' => 'smtp', ); diff --git a/jails/config/cloud/config.php.20 b/jails/config/cloud/config.php.20 deleted file mode 100644 index a0b7c37..0000000 --- a/jails/config/cloud/config.php.20 +++ /dev/null @@ -1,51 +0,0 @@ - '5OBfApfc/+tJzU/4n+F8e+PzOfAStP', - 'secret' => 'IFX9kjXwOk4L21503pLACwa2Dadv9JzHNSu8XsnTogmwb5Tr', - 'trusted_domains' => - array ( - 0 => 'localhost', - 1 => 'cloud.ahlawat.com', - 2 => '192.168.0.59', - 3 => 'fd01::59', - ), - 'datadirectory' => '/mnt/cloud', - 'overwrite.cli.url' => 'https://cloud.ahlawat.com/', - 'dbtype' => 'mysql', - 'version' => '21.0.3.1', - 'dbname' => 'nextcloud', - 'dbhost' => 'db.ahlawat.com', - 'dbport' => '3306', - 'dbtableprefix' => 'oc_', - 'mysql.utf8mb4' => true, - 'dbuser' => 'nextcloud', - 'dbpassword' => 'mysql__nextcloud', - 'installed' => true, - 'instanceid' => 'oc7suxvjiy9s', - 'htaccess.RewriteBase' => '/', - 'filelocking.enabled' => 'true', - 'memcache.local' => '\\OC\\Memcache\\APCu', - 'memcache.locking' => '\\OC\\Memcache\\Redis', - 'redis' => - array ( - 'host' => '/tmp/redis.sock', - 'port' => 0, - ), - 'logtimezone' => 'America/Los_Angeles', - 'log_type' => 'file', - 'logfile' => '/var/log/nextcloud.log', - 'loglevel' => 0, - 'logrotate_size' => '104847600', - 'ldapIgnoreNamingRules' => false, - 'ldapProviderFactory' => '\\OCA\\User_LDAP\\LDAPProviderFactory', - 'mail_smtpmode' => 'smtp', - 'mail_from_address' => 'nobody', - 'mail_domain' => 'ahlawat.com', - 'mail_smtphost' => '192.168.0.100', - 'mail_smtpport' => '25', - 'maintenance' => false, - 'theme' => '', - 'encryption.legacy_format_support' => false, - 'encryption.key_storage_migrated' => false, - 'updater.secret' => '$2y$10$jAnC4Ha3RI2CL.IlhYluSeeOuKMT4itq/ViSiH1Q9DciUXfB3YSYS', -); diff --git a/jails/config/cloud/httpd.conf b/jails/config/cloud/httpd.conf index 6724eea..9f85f9a 100644 --- a/jails/config/cloud/httpd.conf +++ b/jails/config/cloud/httpd.conf @@ -551,6 +551,14 @@ SSLRandomSeed connect builtin Include etc/apache24/Includes/*.conf +# https://ssl-config.mozilla.org/#server=apache&version=2.4.60&config=intermediate&openssl=3.1.0&guideline=5.7 + + + RewriteEngine On + RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/ + RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L] + + ServerName cloud.ahlawat.com ServerAlias *.ahlawat.com @@ -559,16 +567,20 @@ Include etc/apache24/Includes/*.conf DocumentRoot "/usr/local/www/apache24/data/nextcloud/" + # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) + Header always set Strict-Transport-Security "max-age=63072000" + SSLEngine on SSLCertificateFile "/mnt/certs/fullchain.pem" SSLCertificateKeyFile "/mnt/certs/privkey.pem" - #SSLCertificateChainFile "/mnt/certs/fullchain.pem" - SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - SSLHonorCipherOrder off - SSLSessionTickets off - SSLOptions +StrictRequire -# SSLCompression off +# SSLCertificateChainFile "/mnt/certs/fullchain.pem" + SSLCACertificateFile "/mnt/certs/cacert.pem" + + SSLProtocol -all +TLSv1.2 +TLSv1.3 + SSLOpenSSLConfCmd Curves X25519:prime256v1:secp384r1 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 + SSLHonorCipherOrder off + SSLSessionTickets off RewriteEngine On RewriteCond %{HTTP:Authorization} ^(.*) diff --git a/jails/config/cloud/pkg-list-details-old.txt b/jails/config/cloud/pkg-list-details-old.txt index 2aac1f2..3cff7f9 100644 --- a/jails/config/cloud/pkg-list-details-old.txt +++ b/jails/config/cloud/pkg-list-details-old.txt @@ -1,43 +1,46 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____ffmpeg-4.4.3_1,1 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____php80-8.0.25 -pkgp-freebsd-pkg____php80-bcmath-8.0.25 -pkgp-freebsd-pkg____php80-bz2-8.0.25 -pkgp-freebsd-pkg____php80-ctype-8.0.25 -pkgp-freebsd-pkg____php80-curl-8.0.25 -pkgp-freebsd-pkg____php80-dom-8.0.25 -pkgp-freebsd-pkg____php80-exif-8.0.25 -pkgp-freebsd-pkg____php80-fileinfo-8.0.25 -pkgp-freebsd-pkg____php80-filter-8.0.25 -pkgp-freebsd-pkg____php80-ftp-8.0.25 -pkgp-freebsd-pkg____php80-gd-8.0.25 -pkgp-freebsd-pkg____php80-gmp-8.0.25 -pkgp-freebsd-pkg____php80-iconv-8.0.25 -pkgp-freebsd-pkg____php80-imap-8.0.25 -pkgp-freebsd-pkg____php80-intl-8.0.25_1 -pkgp-freebsd-pkg____php80-ldap-8.0.25 -pkgp-freebsd-pkg____php80-mbstring-8.0.25 -pkgp-freebsd-pkg____php80-mysqli-8.0.25 -pkgp-freebsd-pkg____php80-opcache-8.0.25 -pkgp-freebsd-pkg____php80-pcntl-8.0.25 -pkgp-freebsd-pkg____php80-pdo-8.0.25 -pkgp-freebsd-pkg____php80-pdo_mysql-8.0.25 -pkgp-freebsd-pkg____php80-pecl-APCu-5.1.22 -pkgp-freebsd-pkg____php80-pecl-imagick-3.7.0 -pkgp-freebsd-pkg____php80-pecl-mcrypt-1.0.5 -pkgp-freebsd-pkg____php80-pecl-redis-5.3.5 -pkgp-freebsd-pkg____php80-posix-8.0.25 -pkgp-freebsd-pkg____php80-session-8.0.25 -pkgp-freebsd-pkg____php80-simplexml-8.0.25 -pkgp-freebsd-pkg____php80-xml-8.0.25 -pkgp-freebsd-pkg____php80-xmlreader-8.0.25 -pkgp-freebsd-pkg____php80-xmlwriter-8.0.25 -pkgp-freebsd-pkg____php80-xsl-8.0.25 -pkgp-freebsd-pkg____php80-zip-8.0.25 -pkgp-freebsd-pkg____php80-zlib-8.0.25 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____redis-7.0.5 -pkgp-freebsd-pkg____sudo-1.9.12p1 +pkgp-freebsd-pkg____apache24-2.4.63 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____ffmpeg-6.1.2_10,1 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____php83-8.3.20 +pkgp-freebsd-pkg____php83-bcmath-8.3.20 +pkgp-freebsd-pkg____php83-bz2-8.3.20 +pkgp-freebsd-pkg____php83-ctype-8.3.20 +pkgp-freebsd-pkg____php83-curl-8.3.20 +pkgp-freebsd-pkg____php83-dom-8.3.20 +pkgp-freebsd-pkg____php83-exif-8.3.20 +pkgp-freebsd-pkg____php83-fileinfo-8.3.20 +pkgp-freebsd-pkg____php83-filter-8.3.20 +pkgp-freebsd-pkg____php83-ftp-8.3.20 +pkgp-freebsd-pkg____php83-gd-8.3.20 +pkgp-freebsd-pkg____php83-gmp-8.3.20 +pkgp-freebsd-pkg____php83-iconv-8.3.20 +pkgp-freebsd-pkg____php83-imap-8.3.20 +pkgp-freebsd-pkg____php83-intl-8.3.20 +pkgp-freebsd-pkg____php83-ldap-8.3.20 +pkgp-freebsd-pkg____php83-mbstring-8.3.20 +pkgp-freebsd-pkg____php83-mysqli-8.3.20 +pkgp-freebsd-pkg____php83-opcache-8.3.20 +pkgp-freebsd-pkg____php83-pcntl-8.3.20 +pkgp-freebsd-pkg____php83-pdo-8.3.20 +pkgp-freebsd-pkg____php83-pdo_mysql-8.3.20 +pkgp-freebsd-pkg____php83-pear-horde-Horde_HashTable-1.2.6 +pkgp-freebsd-pkg____php83-pecl-APCu-5.1.24 +pkgp-freebsd-pkg____php83-pecl-imagick-3.7.0_5 +pkgp-freebsd-pkg____php83-pecl-mcrypt-1.0.7 +pkgp-freebsd-pkg____php83-pecl-redis-6.2.0 +pkgp-freebsd-pkg____php83-posix-8.3.20 +pkgp-freebsd-pkg____php83-session-8.3.20 +pkgp-freebsd-pkg____php83-simplexml-8.3.20 +pkgp-freebsd-pkg____php83-sodium-8.3.20 +pkgp-freebsd-pkg____php83-sysvsem-8.3.20 +pkgp-freebsd-pkg____php83-xml-8.3.20 +pkgp-freebsd-pkg____php83-xmlreader-8.3.20 +pkgp-freebsd-pkg____php83-xmlwriter-8.3.20 +pkgp-freebsd-pkg____php83-xsl-8.3.20 +pkgp-freebsd-pkg____php83-zip-8.3.20 +pkgp-freebsd-pkg____php83-zlib-8.3.20 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____redis-7.4.2 +pkgp-freebsd-pkg____sudo-1.9.16p2_1 diff --git a/jails/config/cloud/pkg-list-details.txt b/jails/config/cloud/pkg-list-details.txt index 5c69490..3cff7f9 100644 --- a/jails/config/cloud/pkg-list-details.txt +++ b/jails/config/cloud/pkg-list-details.txt @@ -1,43 +1,46 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____ffmpeg-4.4.3_1,1 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____php80-8.0.25 -pkgp-freebsd-pkg____php80-bcmath-8.0.25 -pkgp-freebsd-pkg____php80-bz2-8.0.25 -pkgp-freebsd-pkg____php80-ctype-8.0.25 -pkgp-freebsd-pkg____php80-curl-8.0.25 -pkgp-freebsd-pkg____php80-dom-8.0.25 -pkgp-freebsd-pkg____php80-exif-8.0.25 -pkgp-freebsd-pkg____php80-fileinfo-8.0.25 -pkgp-freebsd-pkg____php80-filter-8.0.25 -pkgp-freebsd-pkg____php80-ftp-8.0.25 -pkgp-freebsd-pkg____php80-gd-8.0.25 -pkgp-freebsd-pkg____php80-gmp-8.0.25 -pkgp-freebsd-pkg____php80-iconv-8.0.25 -pkgp-freebsd-pkg____php80-imap-8.0.25 -pkgp-freebsd-pkg____php80-intl-8.0.25_1 -pkgp-freebsd-pkg____php80-ldap-8.0.25 -pkgp-freebsd-pkg____php80-mbstring-8.0.25 -pkgp-freebsd-pkg____php80-mysqli-8.0.25 -pkgp-freebsd-pkg____php80-opcache-8.0.25 -pkgp-freebsd-pkg____php80-pcntl-8.0.25 -pkgp-freebsd-pkg____php80-pdo-8.0.25 -pkgp-freebsd-pkg____php80-pdo_mysql-8.0.25 -pkgp-freebsd-pkg____php80-pecl-APCu-5.1.22 -pkgp-freebsd-pkg____php80-pecl-imagick-3.7.0 -pkgp-freebsd-pkg____php80-pecl-mcrypt-1.0.5 -pkgp-freebsd-pkg____php80-pecl-redis-5.3.5 -pkgp-freebsd-pkg____php80-posix-8.0.25 -pkgp-freebsd-pkg____php80-session-8.0.25 -pkgp-freebsd-pkg____php80-simplexml-8.0.25 -pkgp-freebsd-pkg____php80-xml-8.0.25 -pkgp-freebsd-pkg____php80-xmlreader-8.0.25 -pkgp-freebsd-pkg____php80-xmlwriter-8.0.25 -pkgp-freebsd-pkg____php80-xsl-8.0.25 -pkgp-freebsd-pkg____php80-zip-8.0.25 -pkgp-freebsd-pkg____php80-zlib-8.0.25 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____redis-7.0.5 -pkgp-freebsd-pkg____sudo-1.9.12p1 +pkgp-freebsd-pkg____apache24-2.4.63 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____ffmpeg-6.1.2_10,1 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____php83-8.3.20 +pkgp-freebsd-pkg____php83-bcmath-8.3.20 +pkgp-freebsd-pkg____php83-bz2-8.3.20 +pkgp-freebsd-pkg____php83-ctype-8.3.20 +pkgp-freebsd-pkg____php83-curl-8.3.20 +pkgp-freebsd-pkg____php83-dom-8.3.20 +pkgp-freebsd-pkg____php83-exif-8.3.20 +pkgp-freebsd-pkg____php83-fileinfo-8.3.20 +pkgp-freebsd-pkg____php83-filter-8.3.20 +pkgp-freebsd-pkg____php83-ftp-8.3.20 +pkgp-freebsd-pkg____php83-gd-8.3.20 +pkgp-freebsd-pkg____php83-gmp-8.3.20 +pkgp-freebsd-pkg____php83-iconv-8.3.20 +pkgp-freebsd-pkg____php83-imap-8.3.20 +pkgp-freebsd-pkg____php83-intl-8.3.20 +pkgp-freebsd-pkg____php83-ldap-8.3.20 +pkgp-freebsd-pkg____php83-mbstring-8.3.20 +pkgp-freebsd-pkg____php83-mysqli-8.3.20 +pkgp-freebsd-pkg____php83-opcache-8.3.20 +pkgp-freebsd-pkg____php83-pcntl-8.3.20 +pkgp-freebsd-pkg____php83-pdo-8.3.20 +pkgp-freebsd-pkg____php83-pdo_mysql-8.3.20 +pkgp-freebsd-pkg____php83-pear-horde-Horde_HashTable-1.2.6 +pkgp-freebsd-pkg____php83-pecl-APCu-5.1.24 +pkgp-freebsd-pkg____php83-pecl-imagick-3.7.0_5 +pkgp-freebsd-pkg____php83-pecl-mcrypt-1.0.7 +pkgp-freebsd-pkg____php83-pecl-redis-6.2.0 +pkgp-freebsd-pkg____php83-posix-8.3.20 +pkgp-freebsd-pkg____php83-session-8.3.20 +pkgp-freebsd-pkg____php83-simplexml-8.3.20 +pkgp-freebsd-pkg____php83-sodium-8.3.20 +pkgp-freebsd-pkg____php83-sysvsem-8.3.20 +pkgp-freebsd-pkg____php83-xml-8.3.20 +pkgp-freebsd-pkg____php83-xmlreader-8.3.20 +pkgp-freebsd-pkg____php83-xmlwriter-8.3.20 +pkgp-freebsd-pkg____php83-xsl-8.3.20 +pkgp-freebsd-pkg____php83-zip-8.3.20 +pkgp-freebsd-pkg____php83-zlib-8.3.20 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____redis-7.4.2 +pkgp-freebsd-pkg____sudo-1.9.16p2_1 diff --git a/jails/config/cloud/pkg-list-old.txt b/jails/config/cloud/pkg-list-old.txt index 2adb475..a83b4ff 100644 --- a/jails/config/cloud/pkg-list-old.txt +++ b/jails/config/cloud/pkg-list-old.txt @@ -1 +1 @@ -apache24 bash bash-completion ffmpeg nano php80 php80-bcmath php80-bz2 php80-ctype php80-curl php80-dom php80-exif php80-fileinfo php80-filter php80-ftp php80-gd php80-gmp php80-iconv php80-imap php80-intl php80-ldap php80-mbstring php80-mysqli php80-opcache php80-pcntl php80-pdo php80-pdo_mysql php80-pecl-APCu php80-pecl-imagick php80-pecl-mcrypt php80-pecl-redis php80-posix php80-session php80-simplexml php80-xml php80-xmlreader php80-xmlwriter php80-xsl php80-zip php80-zlib pkg redis sudo +apache24 bash bash-completion ffmpeg nano php83 php83-bcmath php83-bz2 php83-ctype php83-curl php83-dom php83-exif php83-fileinfo php83-filter php83-ftp php83-gd php83-gmp php83-iconv php83-imap php83-intl php83-ldap php83-mbstring php83-mysqli php83-opcache php83-pcntl php83-pdo php83-pdo_mysql php83-pear-horde-Horde_HashTable php83-pecl-APCu php83-pecl-imagick php83-pecl-mcrypt php83-pecl-redis php83-posix php83-session php83-simplexml php83-sodium php83-sysvsem php83-xml php83-xmlreader php83-xmlwriter php83-xsl php83-zip php83-zlib pkg redis sudo diff --git a/jails/config/cloud/pkg-list.txt b/jails/config/cloud/pkg-list.txt index 2adb475..a83b4ff 100644 --- a/jails/config/cloud/pkg-list.txt +++ b/jails/config/cloud/pkg-list.txt @@ -1 +1 @@ -apache24 bash bash-completion ffmpeg nano php80 php80-bcmath php80-bz2 php80-ctype php80-curl php80-dom php80-exif php80-fileinfo php80-filter php80-ftp php80-gd php80-gmp php80-iconv php80-imap php80-intl php80-ldap php80-mbstring php80-mysqli php80-opcache php80-pcntl php80-pdo php80-pdo_mysql php80-pecl-APCu php80-pecl-imagick php80-pecl-mcrypt php80-pecl-redis php80-posix php80-session php80-simplexml php80-xml php80-xmlreader php80-xmlwriter php80-xsl php80-zip php80-zlib pkg redis sudo +apache24 bash bash-completion ffmpeg nano php83 php83-bcmath php83-bz2 php83-ctype php83-curl php83-dom php83-exif php83-fileinfo php83-filter php83-ftp php83-gd php83-gmp php83-iconv php83-imap php83-intl php83-ldap php83-mbstring php83-mysqli php83-opcache php83-pcntl php83-pdo php83-pdo_mysql php83-pear-horde-Horde_HashTable php83-pecl-APCu php83-pecl-imagick php83-pecl-mcrypt php83-pecl-redis php83-posix php83-session php83-simplexml php83-sodium php83-sysvsem php83-xml php83-xmlreader php83-xmlwriter php83-xsl php83-zip php83-zlib pkg redis sudo diff --git a/jails/config/common/12.3-RELEASE.bzip2 b/jails/config/common/12.3-RELEASE.bzip2 deleted file mode 100644 index f136d66..0000000 Binary files a/jails/config/common/12.3-RELEASE.bzip2 and /dev/null differ diff --git a/jails/config/common/httpd.conf b/jails/config/common/httpd.conf index 00bb8ba..3fafae7 100644 --- a/jails/config/common/httpd.conf +++ b/jails/config/common/httpd.conf @@ -552,6 +552,14 @@ SSLRandomSeed connect builtin Include etc/apache24/Includes/*.conf +# https://ssl-config.mozilla.org/#server=apache&version=2.4.60&config=intermediate&openssl=3.1.0&guideline=5.7 + + + RewriteEngine On + RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/ + RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L] + + ServerName www.ahlawat.com ServerAlias *.ahlawat.com @@ -561,16 +569,20 @@ Include etc/apache24/Includes/*.conf DocumentRoot "/usr/local/www/apache24/data/" + # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) + Header always set Strict-Transport-Security "max-age=63072000" + SSLEngine on SSLCertificateFile "/mnt/certs/fullchain.pem" SSLCertificateKeyFile "/mnt/certs/privkey.pem" - #SSLCertificateChainFile "/mnt/certs/fullchain.pem" - SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - SSLHonorCipherOrder off - SSLSessionTickets off - SSLOptions +StrictRequire -# SSLCompression off +# SSLCertificateChainFile "/mnt/certs/fullchain.pem" + SSLCACertificateFile "/mnt/certs/cacert.pem" + + SSLProtocol -all +TLSv1.2 +TLSv1.3 + SSLOpenSSLConfCmd Curves X25519:prime256v1:secp384r1 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 + SSLHonorCipherOrder off + SSLSessionTickets off RewriteEngine On RewriteCond %{HTTP:Authorization} ^(.*) diff --git a/jails/config/common/pkgp.conf b/jails/config/common/pkgp.conf index 787f4ce..dd2536e 100644 --- a/jails/config/common/pkgp.conf +++ b/jails/config/common/pkgp.conf @@ -5,14 +5,12 @@ FreeBSD: { pkgp-freebsd-pkg: { url: "http://pkgp-freebsd-pkg.ahlawat.com/${ABI}/latest", - mirror_type: "http", enabled: yes, priority: 10 } pkgp123: { url: "http://pkgp.ahlawat.com/packages/pj123-default", - mirror_type: "http", signature_type: "pubkey", pubkey: "/mnt/certs/poudriere.cert", enabled: no, diff --git a/jails/config/db/pkg-list-details-old.txt b/jails/config/db/pkg-list-details-old.txt index 6ab5a0f..e8873c0 100644 --- a/jails/config/db/pkg-list-details-old.txt +++ b/jails/config/db/pkg-list-details-old.txt @@ -1,6 +1,7 @@ -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____mariadb105-server-10.5.17_1 -pkgp-freebsd-pkg____mysqld_exporter-0.12.1_6 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____pkg-1.18.4 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____mariadb114-client-11.4.5_1 +pkgp-freebsd-pkg____mariadb114-server-11.4.5_1 +pkgp-freebsd-pkg____mysqld_exporter-0.12.1_25 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 diff --git a/jails/config/db/pkg-list-details.txt b/jails/config/db/pkg-list-details.txt index 332e6c6..e8873c0 100644 --- a/jails/config/db/pkg-list-details.txt +++ b/jails/config/db/pkg-list-details.txt @@ -1,6 +1,7 @@ -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____mariadb105-server-10.5.17_1 -pkgp-freebsd-pkg____mysqld_exporter-0.12.1_6 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____pkg-1.18.4 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____mariadb114-client-11.4.5_1 +pkgp-freebsd-pkg____mariadb114-server-11.4.5_1 +pkgp-freebsd-pkg____mysqld_exporter-0.12.1_25 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 diff --git a/jails/config/db/pkg-list-old.txt b/jails/config/db/pkg-list-old.txt index 3167549..b64343f 100644 --- a/jails/config/db/pkg-list-old.txt +++ b/jails/config/db/pkg-list-old.txt @@ -1 +1 @@ -bash bash-completion mariadb105-server mysqld_exporter nano pkg +bash bash-completion mariadb114-client mariadb114-server mysqld_exporter nano pkg diff --git a/jails/config/db/pkg-list.txt b/jails/config/db/pkg-list.txt index 3167549..b64343f 100644 --- a/jails/config/db/pkg-list.txt +++ b/jails/config/db/pkg-list.txt @@ -1 +1 @@ -bash bash-completion mariadb105-server mysqld_exporter nano pkg +bash bash-completion mariadb114-client mariadb114-server mysqld_exporter nano pkg diff --git a/jails/config/db/server.cnf b/jails/config/db/server.cnf index 19be077..c9f7dec 100644 --- a/jails/config/db/server.cnf +++ b/jails/config/db/server.cnf @@ -44,7 +44,7 @@ skip-external-locking key_buffer_size = 16K max_allowed_packet = 64M table_open_cache = 16 -sort_buffer_size = 64K +sort_buffer_size = 4M read_buffer_size = 256K read_rnd_buffer_size = 256K net_buffer_length = 2K @@ -58,7 +58,7 @@ innodb_io_capacity=4000 transaction-isolation = READ-COMMITTED innodb_log_file_size = 250M innodb_flush_log_at_trx_commit = 2 -innodb_checksum_algorithm = none +# innodb_checksum_algorithm = none slow_query_log_file = /var/db/mysql-log/slow.log diff --git a/jails/config/dns/dns_update.sh b/jails/config/dns/dns_update.sh index 2be9fec..f53bd51 100755 --- a/jails/config/dns/dns_update.sh +++ b/jails/config/dns/dns_update.sh @@ -1,59 +1,10 @@ -#!/usr/local/bin/bash +rndc reconfig -# Copyright (c) 2018-2022, diyIT.org -# All rights reserved. -# -# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") -# https://diyit.org/license/ -# -# +rndc dnssec -status ahlawat.com +dig @127.0.0.1 ahlawat.com. A +dnssec +multiline -#SIM="-s" -#SIM="" +rndc dnssec -status diyit.org +dig @127.0.0.1 diyit.org. A +dnssec +multiline -#rpl $SIM -v -R "2001:470:480a:a1::" "2001:470:480a:8001::" ./namedb -#rpl $SIM -v -R "100.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.8" "100.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.8" ./namedb -#rpl $SIM -v -R "2021120700" "2022010100" ./namedb -#service $SIM named $SIM restart - - -service named stop - -cd /data/namedb/master - -rm /data/namedb/master/*signed* - -declare -A ZONE_PEM -# ZONE_PEM=(["ahlawat.com"]="" ["beyondbell.com"]="bb" ["diyit.org"]="diy" ["xflow.org"]="xflow" ["datavpc.com"]="dvpc" ["mydatavpc.com"]="mdvpc" ["rockwoodestates.org"]="rwe" ["rockwoodranch.org"]="rwr" ["scvcc-rental.com"]="scvcc" ["inseego5g.net"]="i5g" ) -ZONE_PEM=(["ahlawat.com"]="" ["beyondbell.com"]="bb" ["diyit.org"]="diy" ["datavpc.com"]="dvpc" ["mydatavpc.com"]="mdvpc" ["rockwoodestates.org"]="rwe" ["rockwoodranch.org"]="rwr" ["scvcc-rental.com"]="scvcc" ["inseego5g.net"]="i5g" ) - -for ZONE in "${!ZONE_PEM[@]}" -do - PEM=${ZONE_PEM[$ZONE]} - - /usr/local/bin/ldns-dane -c "/mnt/certs/${PEM}fullchain.pem" create mail.$ZONE 25 3 1 1 > /data/namedb/master/tlsa-$ZONE - /usr/local/bin/ldns-dane -c "/mnt/certs/${PEM}fullchain.pem" create mail-backup.$ZONE 25 3 1 1 >> /data/namedb/master/tlsa-$ZONE - /usr/local/bin/ldns-dane -c "/mnt/certs/${PEM}fullchain.pem" create $ZONE 443 3 1 1 >> /data/namedb/master/tlsa-$ZONE - /usr/local/bin/ldns-dane -c "/mnt/certs/${PEM}fullchain.pem" create www.$ZONE 443 3 1 1 >> /data/namedb/master/tlsa-$ZONE -done - -NEW_SERIAL=`date -j +%Y%m%d%H` -#NEW_SERIAL="2022022635" - -for DBFILE in `ls /data/namedb/master/*.db` -do - ZONE=`echo $DBFILE | cut -d/ -f 5 | cut -d. -f -2` - - /usr/local/sbin/named-checkzone $ZONE $DBFILE - SERIAL=`/usr/local/sbin/named-checkzone $ZONE $DBFILE | egrep -ho '[0-9]{10}'` - echo $SERIAL - echo $NEW_SERIAL - sed -i .orig 's/'$SERIAL'/'$(($NEW_SERIAL))'/' $DBFILE - - #/usr/local/sbin/dnssec-signzone -S -K /data/namedb/master -t -o $ZONE $DBFILE - /usr/local/sbin/dnssec-signzone -3 $(head -c 1024 /dev/random | sha1sum | cut -b 1-16) -K /data/namedb/master -t -o $ZONE $DBFILE -done - -chown bind:bind /data/namedb/master/* - -service named start +rndc dnssec -status rockwoodestates.org +dig @127.0.0.1 rockwoodestates.org. A +dnssec +multiline diff --git a/jails/config/dns/pkg-list-details-old.txt b/jails/config/dns/pkg-list-details-old.txt index e89449d..da59c6e 100644 --- a/jails/config/dns/pkg-list-details-old.txt +++ b/jails/config/dns/pkg-list-details-old.txt @@ -1,7 +1,7 @@ -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____bind916-9.16.34_1 -pkgp-freebsd-pkg____ldns-1.8.3 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____rpl-1.4.1 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____bind920-9.20.8 +pkgp-freebsd-pkg____ldns-1.8.4 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____rpl-1.4.1_1 diff --git a/jails/config/dns/pkg-list-details.txt b/jails/config/dns/pkg-list-details.txt index 6cc688d..da59c6e 100644 --- a/jails/config/dns/pkg-list-details.txt +++ b/jails/config/dns/pkg-list-details.txt @@ -1,7 +1,7 @@ -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____bind916-9.16.35 -pkgp-freebsd-pkg____ldns-1.8.3 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____rpl-1.4.1 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____bind920-9.20.8 +pkgp-freebsd-pkg____ldns-1.8.4 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____rpl-1.4.1_1 diff --git a/jails/config/dns/pkg-list-old.txt b/jails/config/dns/pkg-list-old.txt index 29f51bf..2724ecb 100644 --- a/jails/config/dns/pkg-list-old.txt +++ b/jails/config/dns/pkg-list-old.txt @@ -1 +1 @@ -bash bash-completion bind916 ldns nano pkg rpl +bash bash-completion bind920 ldns nano pkg rpl diff --git a/jails/config/dns/pkg-list.txt b/jails/config/dns/pkg-list.txt index 29f51bf..2724ecb 100644 --- a/jails/config/dns/pkg-list.txt +++ b/jails/config/dns/pkg-list.txt @@ -1 +1 @@ -bash bash-completion bind916 ldns nano pkg rpl +bash bash-completion bind920 ldns nano pkg rpl diff --git a/jails/config/elk/pkg-list-details-old.txt b/jails/config/elk/pkg-list-details-old.txt index 2252a09..8a50f15 100644 --- a/jails/config/elk/pkg-list-details-old.txt +++ b/jails/config/elk/pkg-list-details-old.txt @@ -1,10 +1,9 @@ -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____beats7-7.17.7 -pkgp-freebsd-pkg____curl-7.85.0 -pkgp-freebsd-pkg____elasticsearch7-7.17.7 -pkgp-freebsd-pkg____kibana7-7.17.7 -pkgp-freebsd-pkg____logstash7-7.17.7 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____openjdk11-11.0.17+8.1_1 -pkgp-freebsd-pkg____pkg-1.18.4 +pkgp-freebsd-pkg____bash-5.2.26_1 +pkgp-freebsd-pkg____bash-completion-2.11_2,2 +pkgp-freebsd-pkg____beats8-8.8.2_4 +pkgp-freebsd-pkg____curl-8.5.0_1 +pkgp-freebsd-pkg____elasticsearch8-8.11.3 +pkgp-freebsd-pkg____kibana8-8.11.3 +pkgp-freebsd-pkg____logstash8-8.11.3 +pkgp-freebsd-pkg____nano-7.2 +pkgp-freebsd-pkg____pkg-1.20.9_1 diff --git a/jails/config/elk/pkg-list-details.txt b/jails/config/elk/pkg-list-details.txt index 0bfc543..7b41310 100644 --- a/jails/config/elk/pkg-list-details.txt +++ b/jails/config/elk/pkg-list-details.txt @@ -1,10 +1,9 @@ -pkgp-freebsd-pkg____bash-5.2.12 +pkgp-freebsd-pkg____bash-5.2.26_1 pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____beats7-7.17.7 -pkgp-freebsd-pkg____curl-7.85.0 -pkgp-freebsd-pkg____elasticsearch7-7.17.7 -pkgp-freebsd-pkg____kibana7-7.17.7 -pkgp-freebsd-pkg____logstash7-7.17.7 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____openjdk11-11.0.17+8.1_1 -pkgp-freebsd-pkg____pkg-1.18.4 +pkgp-freebsd-pkg____beats8-8.8.2_4 +pkgp-freebsd-pkg____curl-8.6.0 +pkgp-freebsd-pkg____elasticsearch8-8.11.3 +pkgp-freebsd-pkg____kibana8-8.11.3 +pkgp-freebsd-pkg____logstash8-8.11.3 +pkgp-freebsd-pkg____nano-7.2 +pkgp-freebsd-pkg____pkg-1.20.9_1 diff --git a/jails/config/elk/pkg-list-old.txt b/jails/config/elk/pkg-list-old.txt index cac4741..edd9d6c 100644 --- a/jails/config/elk/pkg-list-old.txt +++ b/jails/config/elk/pkg-list-old.txt @@ -1 +1 @@ -bash bash-completion beats7 curl elasticsearch7 kibana7 logstash7 nano openjdk11 pkg +bash bash-completion beats8 curl elasticsearch8 kibana8 logstash8 nano pkg diff --git a/jails/config/elk/pkg-list.txt b/jails/config/elk/pkg-list.txt index cac4741..edd9d6c 100644 --- a/jails/config/elk/pkg-list.txt +++ b/jails/config/elk/pkg-list.txt @@ -1 +1 @@ -bash bash-completion beats7 curl elasticsearch7 kibana7 logstash7 nano openjdk11 pkg +bash bash-completion beats8 curl elasticsearch8 kibana8 logstash8 nano pkg diff --git a/jails/config/git/gitea-restart.sh b/jails/config/git/gitea-restart.sh index 2f21cbf..f6d91e9 100755 --- a/jails/config/git/gitea-restart.sh +++ b/jails/config/git/gitea-restart.sh @@ -14,7 +14,7 @@ Q=`netstat -LAan | grep "*.3000" | cut -f3 -d" " | cut -f1 -d/` # 1537 is max stuck recvQ qlen limit when logging start: # sonewconn: pcb 0xfffff804b9f73d58: Listen queue overflow: 1537 already in queue awaiting acceptance (30 occurrences) -if [ ! "$Q" ] || [ $Q -ge 100 ]; then +if [ ! $Q ] || [ $Q -ge 100 ]; then echo "restarting gitea stuck at $Q" tail /var/log/gitea/gitea.log kill -9 `pgrep gitea` ; sleep 2 ; service gitea start diff --git a/jails/config/git/gitea/conf/app.ini b/jails/config/git/gitea/conf/app.ini index 441db70..510b731 100644 --- a/jails/config/git/gitea/conf/app.ini +++ b/jails/config/git/gitea/conf/app.ini @@ -1,94 +1,91 @@ # # Sample Configuration for Gitea using SQLite -# +# # For information on the available settings, consult the online # documentation, or see the accompanying file app.ini.defaults, which # contains the settings incorporated into the gitea binary. -# +# # This sample configuration runs Gitea with a local database. Before # running this configuration, make sure to change the SECRET_KEY and the # INTERNAL_TOKEN at the end of this file. SECRET_KEY is a password of your -# choosing, INTERNAL_TOKEN is a 64-byte random number in BASE64 encoding. +# choosing, INTERNAL_TOKEN is a 64-byte random number in BASE64 encoding. # Your can generate the token using for example: # openssl rand -base64 64 -# +# # There are no pre-configured users; the first user to register becomes an # admin. In this sample configuration, the HTTP server only listens on # localhost. -# +# # If you'd rather use the web-based installer, remove this conf/app.ini file # and make /usr/local/etc/gitea/conf writeable to the git user. APP_NAME = Ahlawat GIT RUN_USER = git RUN_MODE = prod +WORK_PATH = /usr/local/share/gitea [database] DB_TYPE = mysql -HOST = 192.168.0.53:3306 -NAME = gitea -USER = gitea -PASSWD = mysql__gitea +HOST = 192.168.0.53:3306 +NAME = gitea +USER = gitea +PASSWD = mysql__gitea [indexer] ISSUE_INDEXER_PATH = /var/db/gitea/indexers/issues.bleve [log] ROOT_PATH = /var/log/gitea -MODE = file -LEVEL = Info -ENABLE_ACCESS_LOG = true -ACCESS = file +MODE = file +LEVEL = Warn [picture] -DISABLE_GRAVATAR = true -AVATAR_UPLOAD_PATH = /var/db/gitea/data/avatars +DISABLE_GRAVATAR = true +AVATAR_UPLOAD_PATH = /var/db/gitea/data/avatars [repository] ROOT = /var/db/gitea/gitea-repositories # Gitea's default is 'bash', so if you have bash installed, you can comment # this out. -#SCRIPT_TYPE = sh - +# SCRIPT_TYPE = sh [repository.upload] TEMP_PATH = /var/db/gitea/data/tmp/uploads [security] -INSTALL_LOCK = true -INTERNAL_TOKEN = 1FFhAklka01JhgJTRUrFujWYiv4ijqcTIfXJ9o4n1fWxz+XVQdXhrqDTlsnD7fvz7gugdhgkx0FY2Lx6IBdPQw== -SECRET_KEY = BeyondChangeMeBeforeRunningBell +INSTALL_LOCK = true +INTERNAL_TOKEN = 1FFhAklka01JhgJTRUrFujWYiv4ijqcTIfXJ9o4n1fWxz+XVQdXhrqDTlsnD7fvz7gugdhgkx0FY2Lx6IBdPQw== +SECRET_KEY = BeyondChangeMeBeforeRunningBell IMPORT_LOCAL_PATHS = true [session] -COOKIE_SECURE = true +COOKIE_SECURE = true [server] -DOMAIN = git.ahlawat.com -PROTOCOL = https -HTTP_ADDR = :: -HTTP_PORT = 3000 -ROOT_URL = https://git.ahlawat.com/ -DISABLE_SSH = true -SSH_DOMAIN = %(DOMAIN)s -SSH_PORT = 22 -OFFLINE_MODE = false +DOMAIN = git.ahlawat.com +PROTOCOL = https +HTTP_ADDR = :: +HTTP_PORT = 3000 +ROOT_URL = https://git.ahlawat.com/ +DISABLE_SSH = true +SSH_DOMAIN = %(DOMAIN)s +SSH_PORT = 22 +OFFLINE_MODE = false APP_DATA_PATH = /var/db/gitea/data -CERT_FILE = /mnt/certs/fullchain.pem -KEY_FILE = /mnt/certs/privkeyr.pem -LANDING_PAGE = explore +CERT_FILE = /mnt/certs/fullchain.pem +KEY_FILE = /mnt/certs/privkeyr.pem +LANDING_PAGE = explore [service] -DISABLE_REGISTRATION = true +DISABLE_REGISTRATION = true [openid] ENABLE_OPENID_SIGNIN = false [other] -SHOW_FOOTER_BRANDING = false -SHOW_FOOTER_VERSION = false +SHOW_FOOTER_BRANDING = false +SHOW_FOOTER_VERSION = false SHOW_FOOTER_TEMPLATE_LOAD_TIME = false [oauth2] JWT_SECRET = 3giTtKAIflI_e9ixoU6ELHfxGaDkvFwHxDoPZQyZ0ak [ui] -#DEFAULT_THEME = arc-green diff --git a/jails/config/git/gitea/options/license b/jails/config/git/gitea/options/license deleted file mode 100644 index ebec6b1..0000000 --- a/jails/config/git/gitea/options/license +++ /dev/null @@ -1,25 +0,0 @@ -BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") - -Copyright (c) 2018-2019, diyIT.org -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this - list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, - this list of conditions and the following disclaimer in the documentation - and/or other materials provided with the distribution. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/jails/config/git/pkg-list-details-old.txt b/jails/config/git/pkg-list-details-old.txt index 21a651e..7e1744c 100644 --- a/jails/config/git/pkg-list-details-old.txt +++ b/jails/config/git/pkg-list-details-old.txt @@ -1,6 +1,6 @@ -pkgp123____openldap26-client-2.6.3 -pkgp123____pkg-1.18.4 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____gitea-1.17.3 -pkgp-freebsd-pkg____nano-6.4 +pkgp123____gitea-1.23.6_1 +pkgp123____openldap26-client-2.6.9_1 +pkgp123____pkg-2.1.2 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 diff --git a/jails/config/git/pkg-list-details.txt b/jails/config/git/pkg-list-details.txt index 3fad522..7e1744c 100644 --- a/jails/config/git/pkg-list-details.txt +++ b/jails/config/git/pkg-list-details.txt @@ -1,6 +1,6 @@ -pkgp123____openldap26-client-2.6.3 -pkgp123____pkg-1.18.4 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____gitea-1.17.3 -pkgp-freebsd-pkg____nano-7.0 +pkgp123____gitea-1.23.6_1 +pkgp123____openldap26-client-2.6.9_1 +pkgp123____pkg-2.1.2 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 diff --git a/jails/config/git/pkgp.conf b/jails/config/git/pkgp.conf index 86e5a9a..ac09580 100644 --- a/jails/config/git/pkgp.conf +++ b/jails/config/git/pkgp.conf @@ -5,14 +5,12 @@ FreeBSD: { pkgp-freebsd-pkg: { url: "http://pkgp-freebsd-pkg.ahlawat.com/${ABI}/latest", - mirror_type: "http", enabled: yes, priority: 10 } pkgp123: { url: "http://pkgp.ahlawat.com/packages/pj123-default", - mirror_type: "http", signature_type: "pubkey", pubkey: "/mnt/certs/poudriere.cert", enabled: yes, diff --git a/jails/config/hass/.tmux.conf b/jails/config/hass/.tmux.conf deleted file mode 100644 index b370482..0000000 --- a/jails/config/hass/.tmux.conf +++ /dev/null @@ -1,12 +0,0 @@ -unbind C-b -set -g prefix C-a -bind C-a send-prefix - -setw -g mouse on - -# Set the default terminal mode to 256color mode -set -g default-terminal "xterm-256color" - -# enable activity alerts -setw -g monitor-activity on -set -g visual-activity on diff --git a/jails/config/hass/hass-upgrade.sh b/jails/config/hass/hass-upgrade.sh deleted file mode 100755 index b993671..0000000 --- a/jails/config/hass/hass-upgrade.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/local/bin/bash -source /data/homeassistant/bin/activate -#pip install --upgrade git+git://github.com/home-assistant/home-assistant.git@dev -pip install --upgrade homeassistant diff --git a/jails/config/hass/hass.sh b/jails/config/hass/hass.sh deleted file mode 100755 index 5d2b8ed..0000000 --- a/jails/config/hass/hass.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/local/bin/bash - -# Copyright (c) 2018-2022, diyIT.org -# All rights reserved. -# -# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") -# https://diyit.org/license/ -# -# - -# ./hass.sh under tmux - -cd /data/homeassistant/ -source bin/activate -hass --ignore-os-check diff --git a/jails/config/hass/heyu.sh b/jails/config/hass/heyu.sh deleted file mode 100755 index 80667a8..0000000 --- a/jails/config/hass/heyu.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/local/bin/bash - -# Copyright (c) 2018-2022, diyIT.org -# All rights reserved. -# -# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") -# https://diyit.org/license/ -# -# - -# ./hass.sh under tmux - -heyu start -heyu info -heyu monitor diff --git a/jails/config/hass/libffi-3.3_1.pkg b/jails/config/hass/libffi-3.3_1.pkg deleted file mode 100644 index 58ac910..0000000 Binary files a/jails/config/hass/libffi-3.3_1.pkg and /dev/null differ diff --git a/jails/config/hass/pkg-list-details-old.txt b/jails/config/hass/pkg-list-details-old.txt deleted file mode 100644 index d3e14d6..0000000 --- a/jails/config/hass/pkg-list-details-old.txt +++ /dev/null @@ -1,16 +0,0 @@ -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____cmake-3.24.3 -pkgp-freebsd-pkg____ffmpeg-4.4.3_1,1 -pkgp-freebsd-pkg____git-lite-2.38.1_3 -pkgp-freebsd-pkg____gmake-4.3_2 -pkgp-freebsd-pkg____heyu2-2.10_1 -pkgp-freebsd-pkg____libxslt-1.1.37 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____openjpeg-2.5.0 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____py39-sqlite3-3.9.15_7 -pkgp-freebsd-pkg____python39-3.9.15_1 -pkgp-freebsd-pkg____rust-1.64.0 -pkgp-freebsd-pkg____tmux-3.3a -pkgp-freebsd-pkg____wget-1.21.3_1 diff --git a/jails/config/hass/pkg-list-details.txt b/jails/config/hass/pkg-list-details.txt deleted file mode 100644 index 654fbb3..0000000 --- a/jails/config/hass/pkg-list-details.txt +++ /dev/null @@ -1,16 +0,0 @@ -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____cmake-3.24.3 -pkgp-freebsd-pkg____ffmpeg-4.4.3_1,1 -pkgp-freebsd-pkg____git-lite-2.38.1_4 -pkgp-freebsd-pkg____gmake-4.3_2 -pkgp-freebsd-pkg____heyu2-2.10_1 -pkgp-freebsd-pkg____libxslt-1.1.37 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____openjpeg-2.5.0 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____py39-sqlite3-3.9.15_7 -pkgp-freebsd-pkg____python39-3.9.15_1 -pkgp-freebsd-pkg____rust-1.65.0 -pkgp-freebsd-pkg____tmux-3.3a -pkgp-freebsd-pkg____wget-1.21.3_1 diff --git a/jails/config/hass/pkg-list-old.txt b/jails/config/hass/pkg-list-old.txt deleted file mode 100644 index 38318af..0000000 --- a/jails/config/hass/pkg-list-old.txt +++ /dev/null @@ -1 +0,0 @@ -bash bash-completion cmake ffmpeg git-lite gmake heyu2 libxslt nano openjpeg pkg py39-sqlite3 python39 rust tmux wget diff --git a/jails/config/hass/pkg-list.txt b/jails/config/hass/pkg-list.txt deleted file mode 100644 index 38318af..0000000 --- a/jails/config/hass/pkg-list.txt +++ /dev/null @@ -1 +0,0 @@ -bash bash-completion cmake ffmpeg git-lite gmake heyu2 libxslt nano openjpeg pkg py39-sqlite3 python39 rust tmux wget diff --git a/jails/config/hass/setup_jail.sh b/jails/config/hass/setup_jail.sh deleted file mode 100755 index 1081df9..0000000 --- a/jails/config/hass/setup_jail.sh +++ /dev/null @@ -1,4 +0,0 @@ -# requrired to run other configured scripts -/bin/sh /etc/rc -# launch tmux with jails -/mnt/config/startsessions.sh diff --git a/jails/config/hass/startsessions.sh b/jails/config/hass/startsessions.sh deleted file mode 100755 index c088b4e..0000000 --- a/jails/config/hass/startsessions.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/sh - -# Copyright (c) 2018-2022, diyIT.org -# All rights reserved. -# -# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") -# https://diyit.org/license/ -# -# - -session="sess_tmux" - -# set up tmux -tmux start-server - -# create a new tmux session, naming the window freepbx -tmux new-session -d -s $session -n hass -tmux selectp -t 1 -tmux send-keys "cd /mnt/config;./hass.sh" C-m - -# create a new window windows -tmux new-window -t $session:1 -n heyu -tmux selectp -t 1 -tmux send-keys "cd /mnt/config;./heyu.sh" C-m - -# return to main window -tmux select-window -t $session:0 -tmux selectp -t 1 - -# Finished setup, attach to the tmux session! -#tmux attach-session -t $session diff --git a/jails/config/hass/x10.conf b/jails/config/hass/x10.conf deleted file mode 100644 index a1c9721..0000000 --- a/jails/config/hass/x10.conf +++ /dev/null @@ -1,264 +0,0 @@ -# Example Heyu configuration file. Copy this to file 'x10config' in -# directory $HOME/.heyu/ and modify as required. This example uses -# features which are new to heyu version 2 -# and which will not be recognized by heyu version 1.xx. - -# Note: This example file describes only a few of the most commom -# configuration directives. For the complete list see man page -# x10config(5). - -# Anything on a line between a '#' character and the end of the line is -# treated as a comment and ignored by Heyu, as are blank lines. -# The various configuration directives in this file can be in any order -# except that ALIAS directives must appear before any other directive -# which references the alias label in place of a housecode|unit address. -# See 'man x10config' for additional information and directives. - -# Serial port to which the CM11a is connected. Default is /dev/ttyS0. - -tty /dev/ttyU0 -check_ri_line NO - -# If you have an X10 compatible RF receiver connected to a second -# serial port, use the TTY_AUX directive to specify the serial port -# and model of receiver. Supported receivers are W800RF32, MR26A, -# and RFXCOM. There are no defaults. - -tty_aux /dev/ttyU1 MR26A - -# The CM19A is both a receiver and transmitter for X10 RF signals. -# The MR26A is a receiver only. -# The CM19A is USB and the MR26A is serial port - -# Base housecode. The default is A. - -#housecode A - -# Aliases: -# Format: ALIAS Label Housecode|Unitcode_string [Module_Type] - -# The label is limited to 32 characters in length and is case-sensitive, -# e.g., Front_Porch and front_porch are treated as different labels. -# Each alias may reference a single unitcode or a multiple unitcode -# string (no embedded blanks), but is limited to one housecode. - -# The optional Module_Type is the general type or specific model number -# of a module currently supported by Heyu. (Knowing the characteristics -# of a module allows Heyu to track changes in its On/Off/Dim state -# as X10 signals are sent or received.) The most commonly used modules -# are the standard X10 lamp module (StdLM) and standard X10 appliance -# module (StdAM). Other modules currently supported by Heyu are listed -# in x10config(5). A standard X10 lamp module (StdLM) is the -# default (changeable with the DEFAULT_MODULE directive) -# for housecode|units which are not defined in an alias directive. -# A module_type should normally not be defined for mutiple-unit -# aliases, just for the single-unit aliases. (The module characteristics -# are associated with the housecode|unit, however referenced.) - -# Some examples: - - - - -# Note: Prior versions of Heyu used a different format for -# aliases - no ALIAS directive and the Housecode and Unitcode_string -# were separated by a space, e.g., simply: -# front_porch A 1 -# Heyu will continue to accept this older format for compatibility, -# but its use is discouraged as modules cannot be specified. - -# Scenes and Usersyns (User-defined synonyms): -# Format: SCENE Label Command1 [; Command2 [; ... -# Format: USERSYN Label Command1 [; Command2 [; ... -# The label is limited to 32 characters and is case-sensitive. -# Scenes and Usersyns are both semicolon-separated lists of -# commands with their arguments which can be executed or used -# in macros as if their labels were ordinary Heyu commands. -# See 'man x10config' for the features and limitations of Scenes -# and Usersyns. -# (In the current version of heyu, the ONLY distinction between -# scenes and usersyns is the 'show' menus in which they appear.) -# Some examples: - -SCENE blinker on D5; off D5; on D5; off D5 -#USERSYN normal_lights on front_porch; on back_porch -#SCENE tv_on on tv_set; dimb living_room 10 - -# parameters, e.g., $1, $2, which are replaced by actual -# parameters supplied when the scene/usersyn is run. - -#USERSYN night_lights dimb front_porch $1; dimb back_porch $1 - -# Define the (writeable) directory where the Heyu state engine daemon -# (started with 'heyu engine') is to write its log file 'heyu.log.'. -# The default is 'NONE', indicating no log file is to be written. - -log_dir /usr/local/etc/heyu/log - -# The entries in the log file are similar to those which appear in -# the heyu monitor, but in addition will include an entry when -# a script is launched, and unless redirected elsewhere, any -# text output from that script. - -# Note that the log file will continue to grow. Manually delete -# or trim it from time to time, or configure a Unix utility like -# 'logrotate' to manage this task automatically. - -# If the Heyu state engine is running, Heyu can launch scripts -# (or any Unix commands) when it sees specified X10 signals. -# The format is: - -#SCRIPT [ -l label ] :: [options] - -# where label is an optional label, tell -# Heyu under what conditions to launch the script, and -# is the script command to be executed. -# The '::' (two colons) separator is mandatory since the launch -# conditions can be quite complex. -# See x10scripts(5) for details, but here's a simple example -# (with no label): - -#SCRIPT doorbell on :: play $HOME/sounds/barking_dog.wav - -# Users have the option of running either 'heyuhelper' in a manner -# similar to heyu 1.35 or general scripts as above with the -# following directive. The default is SCRIPTS, to run general scripts. - -#script_mode SCRIPTS - -# (With the choice 'HEYUHELPER', a script named 'heyuhelper' on -# the user's path is run every time any X10 signal is received -# by heyu over the power line, assuming the heyu state engine -# daemon is running.) - -### The following directives apply when a schedule is ### -### is uploaded to the CM11A interface. ### - -# The file name of the user's X10 schedule file in the Heyu base -# directory. The default is 'x10.sched'. If you regularly use -# more than one, list them here and just comment/uncomment as -# appropriate, e.g., - -#schedule_file x10.sched -#schedule_file normal.sched -#schedule_file vacation.sched - -# The MODE directive - Heyu's two modes of operation: -# In the default COMPATIBLE mode, the schedule uploaded to the -# interface is configured to begin on Jan 1st of the current -# year and # is valid for 366 days - through Dec 31st of the -# current # year or Jan 1st of the following year, depending -# whether # the current year is a leap or common year. -# COMPATIBLE mode is the default. - -# In HEYU mode the schedule uploaded to the interface is -# configured to begin on today's date and is valid for -# the number days of provided by the PROGRAM_DAYS directive. -# WARNING: The mere execution of X10's ActiveHome(tm) program -# under MS-Windows, or having its resident driver running, when -# the interface has been programmed by Heyu in HEYU mode can -# cause problems. See 'man x10config' for details. - -#mode COMPATIBLE - -# Number of days for which the interface is to be programmed -# when running in HEYU mode. It is ignored in COMPATIBLE mode. -# (A shorter period can yield more accurate values for dawn -# and dusk.) The default is 366 days. - -#program_days 366 - -# Should Heyu combine events having the same date range, time, etc., -# by concatenating the macros for similar events? The default is YES. - -#combine_events YES - -# Should Heyu compress uploaded macros by combining unit codes for the same -#housecode and command and eliminating duplicates? E.g., -# (on A1; on B2; on A3, on B2) ==> (on A1,3; on B2) -# The default is NO - -#compress_macros NO - -# The user's Longitude and Latitude, needed for dawn/dusk calculations. -# There are no defaults. Don't use these examples - put in values -# for your own location. - -longitude W121:46 -latitude N37:16 - -# For dawn/dusk related times, Heyu breaks up the schedule date intervals -# into subintervals, each with a constant value of dawn or dusk time. -# These directives instruct Heyu what value of dawn/dusk time to use. -# The default value is FIRST, i.e., that on the first day of the subinterval, -# which is most convenient for comparing Heyu's computations with actual. - -#dawn_option FIRST -#dusk_option FIRST - -# The following times allow bounds to be placed on the times of Dawn -# and Dusk computed by Heyu. For example, setting the value for -#min_dawn to 06:30 will ensure that an event scheduled to be -# executed at Dawn will occur at 06:30 during summer hours whenever -# the actual computed value of Dawn is earlier than that time. -# The value for these directives are specified as hh:mm Legal -# (i.e., wall-clock) time, or the directives may be disabled with -# the word OFF, which is the default. - -# Timer options DAWNLT, DAWNGT, DUSKLT, DUSKGT used in the Heyu -# schedule file will usually eliminate the need for these directives. -# See man page x10sched(5) for details. - -#min_dawn OFF -#max_dawn OFF -#min_dusk OFF -#max_dusk OFF - -# Directory to write reports and files other than the critical files -# The default is to write them in the Heyu base directory. - -#report_path ./ - -# Replace events having delayed macros with new events and new -# undelayed macros when possible. (The purpose is to avoid pending -# delayed macros, which are purged when a new schedule is uploaded.) -# The default is YES. - -#repl_delayed_macros YES - -# For test purposes, Heyu can write some additional files when -# the command 'heyu upload check' is executed. This directive -# instructs Heyu to write these files. The default is NO. - -#write_check_files NO - -START_ENGINE AUTO - -alias Kitchen D1 StdLM -alias Family_Room D2 StdLM -alias Hallway D3 StdLM -alias Kitchen_Table D4 StdLM -alias Stairway D5 StdLM -alias Study D6 StdLM -alias Dining D7 StdLM -alias Bonus_Room D8 StdLM -alias Living_Room_L0 D9 StdLM -alias Front_Door D10 StdLM -alias Living_Room_L1 D11 StdLM -alias Living_Room_L2 D12 StdLM -alias Piano_Room_L1 D13 StdLM -alias Piano_Room_L2 D14 StdLM -alias Family_Room_L0 D15 StdLM -alias Chime G1 StdAM -alias Main_Garage G2 StdAM -alias Side_Garage G3 StdAM -alias Front_Yard G13 StdLM -alias Back_Yard G14 StdLM -alias Plants_front_house I1 RAIN8II -alias Plants_front_road I2 RAIN8II -alias Lawn_front_road I3 RAIN8II -alias Lawn_front_garage I4 RAIN8II -alias Lawn_back_pool I5 RAIN8II -alias Lawn_back_house I6 RAIN8II -alias Plants_back_garage I7 RAIN8II -alias Plants_back_road I8 RAIN8II diff --git a/jails/config/hub/httpd.conf b/jails/config/hub/httpd.conf index f67adf8..170d5b5 100644 --- a/jails/config/hub/httpd.conf +++ b/jails/config/hub/httpd.conf @@ -553,6 +553,14 @@ SSLRandomSeed connect builtin Include etc/apache24/Includes/*.conf +# https://ssl-config.mozilla.org/#server=apache&version=2.4.60&config=intermediate&openssl=3.1.0&guideline=5.7 + + + RewriteEngine On + RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/ + RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L] + + ServerName hub.ahlawat.com ServerAlias *.ahlawat.com @@ -562,16 +570,20 @@ Include etc/apache24/Includes/*.conf DocumentRoot "/usr/local/www/apache24/data/" + # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) + Header always set Strict-Transport-Security "max-age=63072000" + SSLEngine on SSLCertificateFile "/mnt/certs/fullchain.pem" SSLCertificateKeyFile "/mnt/certs/privkey.pem" - #SSLCertificateChainFile "/mnt/certs/fullchain.pem" - SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - SSLHonorCipherOrder off - SSLSessionTickets off - SSLOptions +StrictRequire -# SSLCompression off +# SSLCertificateChainFile "/mnt/certs/fullchain.pem" + SSLCACertificateFile "/mnt/certs/cacert.pem" + + SSLProtocol -all +TLSv1.2 +TLSv1.3 + SSLOpenSSLConfCmd Curves X25519:prime256v1:secp384r1 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 + SSLHonorCipherOrder off + SSLSessionTickets off RewriteEngine On RewriteCond %{HTTP:Authorization} ^(.*) diff --git a/jails/config/hub/periodic.conf b/jails/config/hub/periodic.conf index 8e27c42..9eddc0c 100644 --- a/jails/config/hub/periodic.conf +++ b/jails/config/hub/periodic.conf @@ -1,4 +1,4 @@ -daily_rkhunter_update_enable="YES" -daily_rkhunter_update_flags="--update --nocolors" -daily_rkhunter_check_enable="YES" -daily_rkhunter_check_flags="--checkall --nocolors --skip-keypress" +security_rkhunter_update_enable="YES" +security_rkhunter_update_flags="--update --nocolors" +security_rkhunter_check_enable="YES" +security_rkhunter_check_flags="--checkall --nocolors --skip-keypress" diff --git a/jails/config/hub/pkg-list-details-old.txt b/jails/config/hub/pkg-list-details-old.txt index 6eeb813..3d916dd 100644 --- a/jails/config/hub/pkg-list-details-old.txt +++ b/jails/config/hub/pkg-list-details-old.txt @@ -1,28 +1,34 @@ -pkgp123____apache24-2.4.54 -pkgp123____apr-1.7.0.1.6.1_2 -pkgp123____pkg-1.18.4 -pkgp123____samba413-4.13.17_4 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____firefox-esr-102.5.0,1 -pkgp-freebsd-pkg____fluxbox-1.3.7_5 -pkgp-freebsd-pkg____iperf3-3.12 -pkgp-freebsd-pkg____mc-4.8.28 -pkgp-freebsd-pkg____nano-6.4 +pkgp123____apache24-2.4.63 +pkgp123____apr-1.7.5.1.6.3_4 +pkgp123____ca_root_nss-3.108 +pkgp123____pkg-2.1.2 +pkgp123____samba416-4.16.11_6 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____fluxbox-1.3.7_10 +pkgp-freebsd-pkg____iperf3-3.18 +pkgp-freebsd-pkg____mc-4.8.32 +pkgp-freebsd-pkg____nano-8.4 pkgp-freebsd-pkg____p7zip-16.02_3 -pkgp-freebsd-pkg____php81-ldap-8.1.12 -pkgp-freebsd-pkg____php81-mysqli-8.1.12 -pkgp-freebsd-pkg____php81-pgsql-8.1.12 -pkgp-freebsd-pkg____php81-session-8.1.12 -pkgp-freebsd-pkg____rename-1.99.2 -pkgp-freebsd-pkg____rkhunter-1.4.6_1 -pkgp-freebsd-pkg____rsync-3.2.6 -pkgp-freebsd-pkg____sshguard-2.4.2_2,1 -pkgp-freebsd-pkg____sudo-1.9.12p1 -pkgp-freebsd-pkg____tigervnc-server-1.12.0_5 -pkgp-freebsd-pkg____unrar-6.12,6 -pkgp-freebsd-pkg____wget-1.21.3_1 -pkgp-freebsd-pkg____xauth-1.1.1 +pkgp-freebsd-pkg____php84-8.4.6 +pkgp-freebsd-pkg____php84-filter-8.4.6 +pkgp-freebsd-pkg____php84-gd-8.4.6 +pkgp-freebsd-pkg____php84-iconv-8.4.6 +pkgp-freebsd-pkg____php84-ldap-8.4.6 +pkgp-freebsd-pkg____php84-mbstring-8.4.6 +pkgp-freebsd-pkg____php84-mysqli-8.4.6 +pkgp-freebsd-pkg____php84-pgsql-8.4.6 +pkgp-freebsd-pkg____php84-session-8.4.6 +pkgp-freebsd-pkg____rename-1.99.2_1 +pkgp-freebsd-pkg____rkhunter-1.4.6_3 +pkgp-freebsd-pkg____rsync-3.4.1_2 +pkgp-freebsd-pkg____sshguard-2.4.3_3,1 +pkgp-freebsd-pkg____sudo-1.9.16p2_1 +pkgp-freebsd-pkg____tigervnc-server-1.15.0 +pkgp-freebsd-pkg____tmux-3.5a_1 +pkgp-freebsd-pkg____unrar-7.11,6 +pkgp-freebsd-pkg____wget-1.25.0 +pkgp-freebsd-pkg____xauth-1.1.4 pkgp-freebsd-pkg____xorg-fonts-truetype-7.7_1 -pkgp-freebsd-pkg____xorriso-1.5.4 -pkgp-freebsd-pkg____xterm-375 +pkgp-freebsd-pkg____xorriso-1.5.6_2 +pkgp-freebsd-pkg____xterm-397_2 diff --git a/jails/config/hub/pkg-list-details.txt b/jails/config/hub/pkg-list-details.txt index 5916c8e..3d916dd 100644 --- a/jails/config/hub/pkg-list-details.txt +++ b/jails/config/hub/pkg-list-details.txt @@ -1,28 +1,34 @@ -pkgp123____apache24-2.4.54 -pkgp123____apr-1.7.0.1.6.1_2 -pkgp123____pkg-1.18.4 -pkgp123____samba413-4.13.17_4 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____firefox-esr-102.5.0_1,1 -pkgp-freebsd-pkg____fluxbox-1.3.7_5 -pkgp-freebsd-pkg____iperf3-3.12 -pkgp-freebsd-pkg____mc-4.8.28 -pkgp-freebsd-pkg____nano-7.0 +pkgp123____apache24-2.4.63 +pkgp123____apr-1.7.5.1.6.3_4 +pkgp123____ca_root_nss-3.108 +pkgp123____pkg-2.1.2 +pkgp123____samba416-4.16.11_6 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____fluxbox-1.3.7_10 +pkgp-freebsd-pkg____iperf3-3.18 +pkgp-freebsd-pkg____mc-4.8.32 +pkgp-freebsd-pkg____nano-8.4 pkgp-freebsd-pkg____p7zip-16.02_3 -pkgp-freebsd-pkg____php81-ldap-8.1.13 -pkgp-freebsd-pkg____php81-mysqli-8.1.13 -pkgp-freebsd-pkg____php81-pgsql-8.1.13 -pkgp-freebsd-pkg____php81-session-8.1.13 -pkgp-freebsd-pkg____rename-1.99.2 -pkgp-freebsd-pkg____rkhunter-1.4.6_1 -pkgp-freebsd-pkg____rsync-3.2.6 -pkgp-freebsd-pkg____sshguard-2.4.2_2,1 -pkgp-freebsd-pkg____sudo-1.9.12p1 -pkgp-freebsd-pkg____tigervnc-server-1.12.0_5 -pkgp-freebsd-pkg____unrar-6.12,6 -pkgp-freebsd-pkg____wget-1.21.3_1 -pkgp-freebsd-pkg____xauth-1.1.1 +pkgp-freebsd-pkg____php84-8.4.6 +pkgp-freebsd-pkg____php84-filter-8.4.6 +pkgp-freebsd-pkg____php84-gd-8.4.6 +pkgp-freebsd-pkg____php84-iconv-8.4.6 +pkgp-freebsd-pkg____php84-ldap-8.4.6 +pkgp-freebsd-pkg____php84-mbstring-8.4.6 +pkgp-freebsd-pkg____php84-mysqli-8.4.6 +pkgp-freebsd-pkg____php84-pgsql-8.4.6 +pkgp-freebsd-pkg____php84-session-8.4.6 +pkgp-freebsd-pkg____rename-1.99.2_1 +pkgp-freebsd-pkg____rkhunter-1.4.6_3 +pkgp-freebsd-pkg____rsync-3.4.1_2 +pkgp-freebsd-pkg____sshguard-2.4.3_3,1 +pkgp-freebsd-pkg____sudo-1.9.16p2_1 +pkgp-freebsd-pkg____tigervnc-server-1.15.0 +pkgp-freebsd-pkg____tmux-3.5a_1 +pkgp-freebsd-pkg____unrar-7.11,6 +pkgp-freebsd-pkg____wget-1.25.0 +pkgp-freebsd-pkg____xauth-1.1.4 pkgp-freebsd-pkg____xorg-fonts-truetype-7.7_1 -pkgp-freebsd-pkg____xorriso-1.5.4 -pkgp-freebsd-pkg____xterm-377 +pkgp-freebsd-pkg____xorriso-1.5.6_2 +pkgp-freebsd-pkg____xterm-397_2 diff --git a/jails/config/hub/pkg-list-old.txt b/jails/config/hub/pkg-list-old.txt index abf1555..b22c766 100644 --- a/jails/config/hub/pkg-list-old.txt +++ b/jails/config/hub/pkg-list-old.txt @@ -1 +1 @@ -apache24 apr bash bash-completion firefox-esr fluxbox iperf3 mc nano p7zip php81-ldap php81-mysqli php81-pgsql php81-session pkg rename rkhunter rsync samba413 sshguard sudo tigervnc-server unrar wget xauth xorg-fonts-truetype xorriso xterm +apache24 apr bash bash-completion ca_root_nss fluxbox iperf3 mc nano p7zip php84 php84-filter php84-gd php84-iconv php84-ldap php84-mbstring php84-mysqli php84-pgsql php84-session pkg rename rkhunter rsync samba416 sshguard sudo tigervnc-server tmux unrar wget xauth xorg-fonts-truetype xorriso xterm diff --git a/jails/config/hub/pkg-list.txt b/jails/config/hub/pkg-list.txt index abf1555..b22c766 100644 --- a/jails/config/hub/pkg-list.txt +++ b/jails/config/hub/pkg-list.txt @@ -1 +1 @@ -apache24 apr bash bash-completion firefox-esr fluxbox iperf3 mc nano p7zip php81-ldap php81-mysqli php81-pgsql php81-session pkg rename rkhunter rsync samba413 sshguard sudo tigervnc-server unrar wget xauth xorg-fonts-truetype xorriso xterm +apache24 apr bash bash-completion ca_root_nss fluxbox iperf3 mc nano p7zip php84 php84-filter php84-gd php84-iconv php84-ldap php84-mbstring php84-mysqli php84-pgsql php84-session pkg rename rkhunter rsync samba416 sshguard sudo tigervnc-server tmux unrar wget xauth xorg-fonts-truetype xorriso xterm diff --git a/jails/config/hub/pkgp.conf b/jails/config/hub/pkgp.conf index 86e5a9a..ac09580 100644 --- a/jails/config/hub/pkgp.conf +++ b/jails/config/hub/pkgp.conf @@ -5,14 +5,12 @@ FreeBSD: { pkgp-freebsd-pkg: { url: "http://pkgp-freebsd-pkg.ahlawat.com/${ABI}/latest", - mirror_type: "http", enabled: yes, priority: 10 } pkgp123: { url: "http://pkgp.ahlawat.com/packages/pj123-default", - mirror_type: "http", signature_type: "pubkey", pubkey: "/mnt/certs/poudriere.cert", enabled: yes, diff --git a/jails/config/hub/smb4.conf b/jails/config/hub/smb4.conf index e4af145..5084d9a 100644 --- a/jails/config/hub/smb4.conf +++ b/jails/config/hub/smb4.conf @@ -57,30 +57,18 @@ valid users = p browseable = yes -[imax-4k] - path = /mnt/imax-4k - read only = yes - valid users = p - browseable = yes - -[movies-4k] - path = /mnt/movies-4k - read only = yes - valid users = p - browseable = yes - -[movies-hd] - path = /mnt/movies-hd - read only = yes - valid users = p - browseable = yes - [movies] path = /mnt/movies read only = yes valid users = p browseable = yes +[tv] + path = /mnt/tv + read only = yes + valid users = p + browseable = yes + [tuts] path = /mnt/tuts read only = yes @@ -104,3 +92,15 @@ read only = yes valid users = p browseable = yes + +[cam] + path = /mnt/cam + read only = yes + valid users = p + browseable = yes + +[media] + path = /mnt/cam/media + read only = yes + valid users = p + browseable = yes diff --git a/jails/config/hub/sshd_config b/jails/config/hub/sshd_config index 2cdfe38..2d2a3ab 100644 --- a/jails/config/hub/sshd_config +++ b/jails/config/hub/sshd_config @@ -1,5 +1,5 @@ -# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ -# $FreeBSD: releng/12.1/crypto/openssh/sshd_config 338561 2018-09-10 16:20:12Z des $ +# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ +# $FreeBSD$ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -62,7 +62,7 @@ PasswordAuthentication no PermitEmptyPasswords no # Change to no to disable PAM authentication -ChallengeResponseAuthentication no +#KbdInteractiveAuthentication yes # Kerberos options #KerberosAuthentication no @@ -76,13 +76,13 @@ ChallengeResponseAuthentication no # Set this to 'no' to disable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will -# be allowed through the ChallengeResponseAuthentication and +# be allowed through the KbdInteractiveAuthentication and # PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via ChallengeResponseAuthentication may bypass +# PAM authentication via KbdInteractiveAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication -# and ChallengeResponseAuthentication to 'no'. +# and KbdInteractiveAuthentication to 'no'. #UsePAM yes #AllowAgentForwarding yes @@ -105,7 +105,7 @@ ClientAliveCountMax 1 #PermitTunnel no #ChrootDirectory none #UseBlacklist no -#VersionAddendum FreeBSD-20180909 +#VersionAddendum FreeBSD-20211221 # no default banner path #Banner none diff --git a/jails/config/ibm/pkg-list-details-old.txt b/jails/config/ibm/pkg-list-details-old.txt index f29eb09..ccbb89d 100644 --- a/jails/config/ibm/pkg-list-details-old.txt +++ b/jails/config/ibm/pkg-list-details-old.txt @@ -1,9 +1,9 @@ -pkgp-freebsd-pkg____automake-1.16.5 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____cmake-3.24.3 -pkgp-freebsd-pkg____git-lite-2.38.1_3 -pkgp-freebsd-pkg____hercules-3.13 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____tmux-3.3a +pkgp-freebsd-pkg____automake-1.17 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____cmake-3.31.6 +pkgp-freebsd-pkg____git-lite-2.49.0 +pkgp-freebsd-pkg____hercules-3.13_1 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____tmux-3.5a_1 diff --git a/jails/config/ibm/pkg-list-details.txt b/jails/config/ibm/pkg-list-details.txt index 421c010..ccbb89d 100644 --- a/jails/config/ibm/pkg-list-details.txt +++ b/jails/config/ibm/pkg-list-details.txt @@ -1,9 +1,9 @@ -pkgp-freebsd-pkg____automake-1.16.5 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____cmake-3.24.3 -pkgp-freebsd-pkg____git-lite-2.38.1_4 -pkgp-freebsd-pkg____hercules-3.13 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____tmux-3.3a +pkgp-freebsd-pkg____automake-1.17 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____cmake-3.31.6 +pkgp-freebsd-pkg____git-lite-2.49.0 +pkgp-freebsd-pkg____hercules-3.13_1 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____tmux-3.5a_1 diff --git a/jails/config/jump/pkg-list-details-old.txt b/jails/config/jump/pkg-list-details-old.txt index 8597a53..390ef25 100644 --- a/jails/config/jump/pkg-list-details-old.txt +++ b/jails/config/jump/pkg-list-details-old.txt @@ -1,10 +1,10 @@ -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____guacamole-client-1.4.0 -pkgp-freebsd-pkg____guacamole-server-1.4.0 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____guacamole-client-1.5.5 +pkgp-freebsd-pkg____guacamole-server-1.5.5 pkgp-freebsd-pkg____libqrencode-4.1.1 -pkgp-freebsd-pkg____nano-6.4 +pkgp-freebsd-pkg____nano-8.4 pkgp-freebsd-pkg____openldap-sasl-client-2.4.59 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____wireguard-2,1 -pkgp-freebsd-pkg____zip-3.0_1 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____wireguard-tools-1.0.20210914_3 +pkgp-freebsd-pkg____zip-3.0_4 diff --git a/jails/config/jump/pkg-list-details.txt b/jails/config/jump/pkg-list-details.txt index 770e301..390ef25 100644 --- a/jails/config/jump/pkg-list-details.txt +++ b/jails/config/jump/pkg-list-details.txt @@ -1,10 +1,10 @@ -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____guacamole-client-1.4.0 -pkgp-freebsd-pkg____guacamole-server-1.4.0 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____guacamole-client-1.5.5 +pkgp-freebsd-pkg____guacamole-server-1.5.5 pkgp-freebsd-pkg____libqrencode-4.1.1 -pkgp-freebsd-pkg____nano-7.0 +pkgp-freebsd-pkg____nano-8.4 pkgp-freebsd-pkg____openldap-sasl-client-2.4.59 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____wireguard-2,1 -pkgp-freebsd-pkg____zip-3.0_1 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____wireguard-tools-1.0.20210914_3 +pkgp-freebsd-pkg____zip-3.0_4 diff --git a/jails/config/jump/pkg-list-old.txt b/jails/config/jump/pkg-list-old.txt index b701cde..12c1496 100644 --- a/jails/config/jump/pkg-list-old.txt +++ b/jails/config/jump/pkg-list-old.txt @@ -1 +1 @@ -bash bash-completion guacamole-client guacamole-server libqrencode nano openldap-sasl-client pkg wireguard zip +bash bash-completion guacamole-client guacamole-server libqrencode nano openldap-sasl-client pkg wireguard-tools zip diff --git a/jails/config/jump/pkg-list.txt b/jails/config/jump/pkg-list.txt index b701cde..12c1496 100644 --- a/jails/config/jump/pkg-list.txt +++ b/jails/config/jump/pkg-list.txt @@ -1 +1 @@ -bash bash-completion guacamole-client guacamole-server libqrencode nano openldap-sasl-client pkg wireguard zip +bash bash-completion guacamole-client guacamole-server libqrencode nano openldap-sasl-client pkg wireguard-tools zip diff --git a/jails/config/ldap-mgr/httpd.conf b/jails/config/ldap-mgr/httpd.conf index 9dd957d..0b84a5e 100644 --- a/jails/config/ldap-mgr/httpd.conf +++ b/jails/config/ldap-mgr/httpd.conf @@ -546,6 +546,8 @@ SSLRandomSeed connect builtin Include etc/apache24/Includes/*.conf +# https://ssl-config.mozilla.org/#server=apache&version=2.4.60&config=intermediate&openssl=3.1.0&guideline=5.7 + ServerName ldap-mgr.ahlawat.com ServerAlias *.ahlawat.com @@ -553,10 +555,20 @@ Include etc/apache24/Includes/*.conf DocumentRoot "/usr/local/www/apache24/data/" + # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) + Header always set Strict-Transport-Security "max-age=63072000" + SSLEngine on SSLCertificateFile "/mnt/certs/fullchain.pem" SSLCertificateKeyFile "/mnt/certs/privkey.pem" - #SSLCertificateChainFile "/mnt/certs/fullchain.pem" +# SSLCertificateChainFile "/mnt/certs/fullchain.pem" + SSLCACertificateFile "/mnt/certs/cacert.pem" + + SSLProtocol -all +TLSv1.2 +TLSv1.3 + SSLOpenSSLConfCmd Curves X25519:prime256v1:secp384r1 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 + SSLHonorCipherOrder off + SSLSessionTickets off SSLOptions +StdEnvVars diff --git a/jails/config/ldap-mgr/pkg-list-details-old.txt b/jails/config/ldap-mgr/pkg-list-details-old.txt index 5f3db04..e97a98a 100644 --- a/jails/config/ldap-mgr/pkg-list-details-old.txt +++ b/jails/config/ldap-mgr/pkg-list-details-old.txt @@ -1,9 +1,9 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____ldap-account-manager-8.0.1 -pkgp-freebsd-pkg____mod_php80-8.0.25 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____phpldapadmin-php80-1.2.6.3_1 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____self-service-password-php80-1.5.0 +pkgp-freebsd-pkg____apache24-2.4.63 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____ldap-account-manager-9.1 +pkgp-freebsd-pkg____mod_php83-8.3.20 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____phpldapadmin-php83-1.2.6.7 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____self-service-password-php83-1.7.3 diff --git a/jails/config/ldap-mgr/pkg-list-details.txt b/jails/config/ldap-mgr/pkg-list-details.txt index bc5c9ef..e97a98a 100644 --- a/jails/config/ldap-mgr/pkg-list-details.txt +++ b/jails/config/ldap-mgr/pkg-list-details.txt @@ -1,7 +1,9 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____ldap-account-manager-8.0.1 -pkgp-freebsd-pkg____mod_php80-8.0.25 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____pkg-1.18.4 +pkgp-freebsd-pkg____apache24-2.4.63 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____ldap-account-manager-9.1 +pkgp-freebsd-pkg____mod_php83-8.3.20 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____phpldapadmin-php83-1.2.6.7 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____self-service-password-php83-1.7.3 diff --git a/jails/config/ldap-mgr/pkg-list-old.txt b/jails/config/ldap-mgr/pkg-list-old.txt index 91d77b6..d809a88 100644 --- a/jails/config/ldap-mgr/pkg-list-old.txt +++ b/jails/config/ldap-mgr/pkg-list-old.txt @@ -1 +1 @@ -apache24 bash bash-completion ldap-account-manager mod_php80 nano phpldapadmin-php80 pkg self-service-password-php80 +apache24 bash bash-completion ldap-account-manager mod_php83 nano phpldapadmin-php83 pkg self-service-password-php83 diff --git a/jails/config/ldap-mgr/pkg-list.txt b/jails/config/ldap-mgr/pkg-list.txt index 5db2805..d809a88 100644 --- a/jails/config/ldap-mgr/pkg-list.txt +++ b/jails/config/ldap-mgr/pkg-list.txt @@ -1 +1 @@ -apache24 bash bash-completion ldap-account-manager mod_php80 nano pkg +apache24 bash bash-completion ldap-account-manager mod_php83 nano phpldapadmin-php83 pkg self-service-password-php83 diff --git a/jails/config/ldap/pkg-list-details-old.txt b/jails/config/ldap/pkg-list-details-old.txt index c0eba4b..70863c3 100644 --- a/jails/config/ldap/pkg-list-details-old.txt +++ b/jails/config/ldap/pkg-list-details-old.txt @@ -1,6 +1,6 @@ -pkgp123____openldap26-server-2.6.3_2 -pkgp123____pkg-1.18.4 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____openssl-1.1.1s,1 +pkgp123____ca_root_nss-3.108 +pkgp123____openldap26-server-2.6.9_1 +pkgp123____pkg-2.1.2 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 diff --git a/jails/config/ldap/pkg-list-details.txt b/jails/config/ldap/pkg-list-details.txt index 6b19117..70863c3 100644 --- a/jails/config/ldap/pkg-list-details.txt +++ b/jails/config/ldap/pkg-list-details.txt @@ -1,6 +1,6 @@ -pkgp123____openldap26-server-2.6.3_2 -pkgp123____pkg-1.18.4 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____openssl-1.1.1s,1 +pkgp123____ca_root_nss-3.108 +pkgp123____openldap26-server-2.6.9_1 +pkgp123____pkg-2.1.2 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 diff --git a/jails/config/ldap/pkg-list-old.txt b/jails/config/ldap/pkg-list-old.txt index dbfd3c1..a63f462 100644 --- a/jails/config/ldap/pkg-list-old.txt +++ b/jails/config/ldap/pkg-list-old.txt @@ -1 +1 @@ -bash bash-completion nano openldap26-server openssl pkg +bash bash-completion ca_root_nss nano openldap26-server pkg diff --git a/jails/config/ldap/pkg-list.txt b/jails/config/ldap/pkg-list.txt index dbfd3c1..a63f462 100644 --- a/jails/config/ldap/pkg-list.txt +++ b/jails/config/ldap/pkg-list.txt @@ -1 +1 @@ -bash bash-completion nano openldap26-server openssl pkg +bash bash-completion ca_root_nss nano openldap26-server pkg diff --git a/jails/config/ldap/pkgp.conf b/jails/config/ldap/pkgp.conf index 86e5a9a..ac09580 100644 --- a/jails/config/ldap/pkgp.conf +++ b/jails/config/ldap/pkgp.conf @@ -5,14 +5,12 @@ FreeBSD: { pkgp-freebsd-pkg: { url: "http://pkgp-freebsd-pkg.ahlawat.com/${ABI}/latest", - mirror_type: "http", enabled: yes, priority: 10 } pkgp123: { url: "http://pkgp.ahlawat.com/packages/pj123-default", - mirror_type: "http", signature_type: "pubkey", pubkey: "/mnt/certs/poudriere.cert", enabled: yes, diff --git a/jails/config/mage/pkg-list-details-old.txt b/jails/config/mage/pkg-list-details-old.txt index 30d6b7e..025ea21 100644 --- a/jails/config/mage/pkg-list-details-old.txt +++ b/jails/config/mage/pkg-list-details-old.txt @@ -1,29 +1,29 @@ -pkgp-freebsd-pkg____automake-1.16.5 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____cmake-3.24.3 -pkgp-freebsd-pkg____dbus-1.14.4,1 -pkgp-freebsd-pkg____fluxbox-1.3.7_5 -pkgp-freebsd-pkg____git-lite-2.38.1_3 -pkgp-freebsd-pkg____libxslt-1.1.37 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____perl5-5.32.1_3 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____py39-IBMQuantumExperience-2.0.4 -pkgp-freebsd-pkg____py39-jupyterlab-3.4.8 -pkgp-freebsd-pkg____py39-matplotlib-3.4.3_5 -pkgp-freebsd-pkg____py39-pandas-1.5.0,1 -pkgp-freebsd-pkg____py39-pep517-0.13.0 -pkgp-freebsd-pkg____py39-pip-22.2.2 -pkgp-freebsd-pkg____py39-scikit-learn-1.1.2_1 -pkgp-freebsd-pkg____py39-seaborn-0.11.2 -pkgp-freebsd-pkg____rubygem-pkg-config-1.4.9 -pkgp-freebsd-pkg____rust-1.64.0 -pkgp-freebsd-pkg____sudo-1.9.12p1 -pkgp-freebsd-pkg____suitesparse-cholmod-3.0.14 -pkgp-freebsd-pkg____suitesparse-umfpack-5.7.9 -pkgp-freebsd-pkg____symengine-0.9.0_5 -pkgp-freebsd-pkg____tigervnc-server-1.12.0_5 -pkgp-freebsd-pkg____xauth-1.1.1 +pkgp-freebsd-pkg____automake-1.17 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____cmake-3.31.6 +pkgp-freebsd-pkg____dbus-1.16.2_2,1 +pkgp-freebsd-pkg____fluxbox-1.3.7_10 +pkgp-freebsd-pkg____git-lite-2.49.0 +pkgp-freebsd-pkg____libxslt-1.1.42 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____ninja-1.11.1,4 +pkgp-freebsd-pkg____perl5-5.36.3_3 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____py311-jupyterlab-4.4.0 +pkgp-freebsd-pkg____py311-matplotlib-3.8.0_1 +pkgp-freebsd-pkg____py311-pip-23.3.2_4 +pkgp-freebsd-pkg____py311-scikit-learn-1.4.0_1 +pkgp-freebsd-pkg____py311-scipy-1.11.1_4,1 +pkgp-freebsd-pkg____py311-sqlite3-3.11.12_10 +pkgp-freebsd-pkg____py311-statsmodels-0.14.1 +pkgp-freebsd-pkg____rubygem-pkg-config-1.6.0 +pkgp-freebsd-pkg____rust-1.86.0 +pkgp-freebsd-pkg____sudo-1.9.16p2_1 +pkgp-freebsd-pkg____suitesparse-cholmod-5.3.2 +pkgp-freebsd-pkg____suitesparse-umfpack-6.3.5_1 +pkgp-freebsd-pkg____symengine-0.14.0 +pkgp-freebsd-pkg____tigervnc-server-1.15.0 +pkgp-freebsd-pkg____xauth-1.1.4 pkgp-freebsd-pkg____xorg-fonts-truetype-7.7_1 -pkgp-freebsd-pkg____xterm-375 +pkgp-freebsd-pkg____xterm-397_2 diff --git a/jails/config/mage/pkg-list-details.txt b/jails/config/mage/pkg-list-details.txt index d22b0d8..025ea21 100644 --- a/jails/config/mage/pkg-list-details.txt +++ b/jails/config/mage/pkg-list-details.txt @@ -1,29 +1,29 @@ -pkgp-freebsd-pkg____automake-1.16.5 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____cmake-3.24.3 -pkgp-freebsd-pkg____dbus-1.14.4,1 -pkgp-freebsd-pkg____fluxbox-1.3.7_5 -pkgp-freebsd-pkg____git-lite-2.38.1_4 -pkgp-freebsd-pkg____libxslt-1.1.37 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____perl5-5.32.1_3 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____py39-IBMQuantumExperience-2.0.4 -pkgp-freebsd-pkg____py39-jupyterlab-3.4.8 -pkgp-freebsd-pkg____py39-matplotlib-3.4.3_5 -pkgp-freebsd-pkg____py39-pandas-1.5.0,1 -pkgp-freebsd-pkg____py39-pep517-0.13.0 -pkgp-freebsd-pkg____py39-pip-22.2.2 -pkgp-freebsd-pkg____py39-scikit-learn-1.1.3 -pkgp-freebsd-pkg____py39-seaborn-0.11.2 -pkgp-freebsd-pkg____rubygem-pkg-config-1.4.9 -pkgp-freebsd-pkg____rust-1.65.0 -pkgp-freebsd-pkg____sudo-1.9.12p1 -pkgp-freebsd-pkg____suitesparse-cholmod-3.0.14 -pkgp-freebsd-pkg____suitesparse-umfpack-5.7.9 -pkgp-freebsd-pkg____symengine-0.9.0_5 -pkgp-freebsd-pkg____tigervnc-server-1.12.0_5 -pkgp-freebsd-pkg____xauth-1.1.1 +pkgp-freebsd-pkg____automake-1.17 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____cmake-3.31.6 +pkgp-freebsd-pkg____dbus-1.16.2_2,1 +pkgp-freebsd-pkg____fluxbox-1.3.7_10 +pkgp-freebsd-pkg____git-lite-2.49.0 +pkgp-freebsd-pkg____libxslt-1.1.42 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____ninja-1.11.1,4 +pkgp-freebsd-pkg____perl5-5.36.3_3 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____py311-jupyterlab-4.4.0 +pkgp-freebsd-pkg____py311-matplotlib-3.8.0_1 +pkgp-freebsd-pkg____py311-pip-23.3.2_4 +pkgp-freebsd-pkg____py311-scikit-learn-1.4.0_1 +pkgp-freebsd-pkg____py311-scipy-1.11.1_4,1 +pkgp-freebsd-pkg____py311-sqlite3-3.11.12_10 +pkgp-freebsd-pkg____py311-statsmodels-0.14.1 +pkgp-freebsd-pkg____rubygem-pkg-config-1.6.0 +pkgp-freebsd-pkg____rust-1.86.0 +pkgp-freebsd-pkg____sudo-1.9.16p2_1 +pkgp-freebsd-pkg____suitesparse-cholmod-5.3.2 +pkgp-freebsd-pkg____suitesparse-umfpack-6.3.5_1 +pkgp-freebsd-pkg____symengine-0.14.0 +pkgp-freebsd-pkg____tigervnc-server-1.15.0 +pkgp-freebsd-pkg____xauth-1.1.4 pkgp-freebsd-pkg____xorg-fonts-truetype-7.7_1 -pkgp-freebsd-pkg____xterm-377 +pkgp-freebsd-pkg____xterm-397_2 diff --git a/jails/config/mage/pkg-list-old.txt b/jails/config/mage/pkg-list-old.txt index ebbfd67..0c5949b 100644 --- a/jails/config/mage/pkg-list-old.txt +++ b/jails/config/mage/pkg-list-old.txt @@ -1 +1 @@ -automake bash bash-completion cmake dbus fluxbox git-lite libxslt nano perl5 pkg py39-IBMQuantumExperience py39-jupyterlab py39-matplotlib py39-pandas py39-pep517 py39-pip py39-scikit-learn py39-seaborn rubygem-pkg-config rust sudo suitesparse-cholmod suitesparse-umfpack symengine tigervnc-server xauth xorg-fonts-truetype xterm +automake bash bash-completion cmake dbus fluxbox git-lite libxslt nano ninja perl5 pkg py311-jupyterlab py311-matplotlib py311-pip py311-scikit-learn py311-scipy py311-sqlite3 py311-statsmodels rubygem-pkg-config rust sudo suitesparse-cholmod suitesparse-umfpack symengine tigervnc-server xauth xorg-fonts-truetype xterm diff --git a/jails/config/mage/pkg-list.txt b/jails/config/mage/pkg-list.txt index ebbfd67..0c5949b 100644 --- a/jails/config/mage/pkg-list.txt +++ b/jails/config/mage/pkg-list.txt @@ -1 +1 @@ -automake bash bash-completion cmake dbus fluxbox git-lite libxslt nano perl5 pkg py39-IBMQuantumExperience py39-jupyterlab py39-matplotlib py39-pandas py39-pep517 py39-pip py39-scikit-learn py39-seaborn rubygem-pkg-config rust sudo suitesparse-cholmod suitesparse-umfpack symengine tigervnc-server xauth xorg-fonts-truetype xterm +automake bash bash-completion cmake dbus fluxbox git-lite libxslt nano ninja perl5 pkg py311-jupyterlab py311-matplotlib py311-pip py311-scikit-learn py311-scipy py311-sqlite3 py311-statsmodels rubygem-pkg-config rust sudo suitesparse-cholmod suitesparse-umfpack symengine tigervnc-server xauth xorg-fonts-truetype xterm diff --git a/jails/config/mail/pkg-list-details-old.txt b/jails/config/mail/pkg-list-details-old.txt index 84c241b..744ceb8 100644 --- a/jails/config/mail/pkg-list-details-old.txt +++ b/jails/config/mail/pkg-list-details-old.txt @@ -1,14 +1,15 @@ -pkgp123____dcc-dccd-2.3.168 -pkgp123____dovecot-2.3.19.1_1 -pkgp123____dovecot-pigeonhole-0.5.19 -pkgp123____icu-72.1,1 -pkgp123____libunwind-20211201_1 +pkgp123____dcc-dccd-2.3.169 +pkgp123____dovecot-2.3.21.1_3 +pkgp123____dovecot-pigeonhole-0.5.21.1_1 +pkgp123____icu-76.1,1 +pkgp123____libunwind-20240221_2 pkgp123____libyaml-0.2.5 -pkgp123____pkg-1.18.4 -pkgp123____postfix-3.7.3_1,1 -pkgp123____rspamd-3.4_1 -pkgp-freebsd-pkg____apache-solr-8.11.2,1 -pkgp-freebsd-pkg____bash-5.2.2_1 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____redis-7.0.5 +pkgp123____pkg-2.1.2 +pkgp123____postfix-3.10.1,1 +pkgp123____rspamd-3.11.1 +pkgp-freebsd-pkg____apache-solr9-9.2.0 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____lsof-4.99.4_2,8 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____redis-7.4.2 diff --git a/jails/config/mail/pkg-list-details.txt b/jails/config/mail/pkg-list-details.txt index 56a3771..744ceb8 100644 --- a/jails/config/mail/pkg-list-details.txt +++ b/jails/config/mail/pkg-list-details.txt @@ -1,14 +1,15 @@ -pkgp123____dcc-dccd-2.3.168 -pkgp123____dovecot-2.3.19.1_1 -pkgp123____dovecot-pigeonhole-0.5.19 -pkgp123____icu-72.1,1 -pkgp123____libunwind-20211201_1 +pkgp123____dcc-dccd-2.3.169 +pkgp123____dovecot-2.3.21.1_3 +pkgp123____dovecot-pigeonhole-0.5.21.1_1 +pkgp123____icu-76.1,1 +pkgp123____libunwind-20240221_2 pkgp123____libyaml-0.2.5 -pkgp123____pkg-1.18.4 -pkgp123____postfix-3.7.3_1,1 -pkgp123____rspamd-3.4_1 -pkgp-freebsd-pkg____apache-solr-8.11.2,1 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____redis-7.0.5 +pkgp123____pkg-2.1.2 +pkgp123____postfix-3.10.1,1 +pkgp123____rspamd-3.11.1 +pkgp-freebsd-pkg____apache-solr9-9.2.0 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____lsof-4.99.4_2,8 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____redis-7.4.2 diff --git a/jails/config/mail/pkg-list-old.txt b/jails/config/mail/pkg-list-old.txt index 8bfdd9d..7fcba9a 100644 --- a/jails/config/mail/pkg-list-old.txt +++ b/jails/config/mail/pkg-list-old.txt @@ -1 +1 @@ -apache-solr bash bash-completion dcc-dccd dovecot dovecot-pigeonhole icu libunwind libyaml nano pkg postfix redis rspamd +apache-solr9 bash bash-completion dcc-dccd dovecot dovecot-pigeonhole icu libunwind libyaml lsof nano pkg postfix redis rspamd diff --git a/jails/config/mail/pkg-list.txt b/jails/config/mail/pkg-list.txt index 8bfdd9d..7fcba9a 100644 --- a/jails/config/mail/pkg-list.txt +++ b/jails/config/mail/pkg-list.txt @@ -1 +1 @@ -apache-solr bash bash-completion dcc-dccd dovecot dovecot-pigeonhole icu libunwind libyaml nano pkg postfix redis rspamd +apache-solr9 bash bash-completion dcc-dccd dovecot dovecot-pigeonhole icu libunwind libyaml lsof nano pkg postfix redis rspamd diff --git a/jails/config/mail/pkgp.conf b/jails/config/mail/pkgp.conf index 86e5a9a..ac09580 100644 --- a/jails/config/mail/pkgp.conf +++ b/jails/config/mail/pkgp.conf @@ -5,14 +5,12 @@ FreeBSD: { pkgp-freebsd-pkg: { url: "http://pkgp-freebsd-pkg.ahlawat.com/${ABI}/latest", - mirror_type: "http", enabled: yes, priority: 10 } pkgp123: { url: "http://pkgp.ahlawat.com/packages/pj123-default", - mirror_type: "http", signature_type: "pubkey", pubkey: "/mnt/certs/poudriere.cert", enabled: yes, diff --git a/jails/config/mail/postfix/main.cf b/jails/config/mail/postfix/main.cf index 194df47..ed1b4b6 100644 --- a/jails/config/mail/postfix/main.cf +++ b/jails/config/mail/postfix/main.cf @@ -27,7 +27,7 @@ # # The level below is what should be used with new (not upgrade) installs. # -compatibility_level = 2 +compatibility_level = 3.9.0 # SOFT BOUNCE # @@ -282,7 +282,8 @@ unknown_local_recipient_reject_code = 550 #mynetworks = $config_directory/mynetworks #mynetworks = hash:$config_directory/network_table -mynetworks = 127.0.0.1/32 192.168.0.0/24 [::1]/128 [fe80::]/10 [fd01::]/64 +# the 13.56.245.15 is sms.rockwoodestates.org - mail-relay.ahlawat.com +mynetworks = 127.0.0.1/32 192.168.0.0/24 [::1]/128 [fe80::]/10 [fd01::]/64 13.56.245.15 smtp_bind_address = 192.168.0.100 smtp_bind_address6 = fd01::100 @@ -713,10 +714,6 @@ mailbox_size_limit = 51200000 allow_percent_hack = no swap_bangpath = no -# path to the SSL certificate for the mail server -smtpd_tls_cert_file = /mnt/certs/fullchain.pem -smtpd_tls_key_file = /mnt/certs/privkeyr.pem - smtpd_tls_loglevel = 2 # These two lines define how postfix will connect to other mail servers. @@ -732,7 +729,7 @@ smtp_dns_support_level = dnssec # "mandatory" for authenticating users. I got these settings from Mozilla's # SSL reccomentations page. -# https://ssl-config.mozilla.org/#server=postfix&version=3.4.8&config=intermediate&openssl=1.1.1k&guideline=5.6 +# https://ssl-config.mozilla.org/#server=postfix&version=3.9.0&config=intermediate&openssl=3.1&guideline=5.6 # # NOTE: do not attempt to make TLS mandatory for all incoming/outgoing @@ -740,16 +737,26 @@ smtp_dns_support_level = dnssec # mandatory connections either. There are still a lot of mail servers out # there that do not use TLS, and many that do only support old ciphers. # Forcing TLS for everyone *will* cause you to lose mail. -smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 -smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 -smtpd_tls_mandatory_ciphers = medium -tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 +smtpd_tls_auth_only = yes +smtpd_tls_chain_files = + /mnt/certs/privkeyr.pem, + /mnt/certs/fullchain.pem + +smtpd_tls_security_level = may +smtpd_tls_mandatory_protocols = >=TLSv1.2 +smtpd_tls_protocols = >=TLSv1.2 + +#smtp_tls_security_level = may +smtp_tls_mandatory_protocols = >=TLSv1.2 +smtp_tls_protocols = >=TLSv1.2 tls_preempt_cipherlist = no - -# allow other mail servers to connect using TLS, but don't require it -smtpd_tls_security_level = may +tls_eecdh_auto_curves = X25519 prime256v1 secp384r1 +tls_ffdhe_auto_groups = +smtp_tls_mandatory_ciphers = medium +smtpd_tls_mandatory_ciphers = medium +tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 # tickets and compression have known vulnerabilities tls_ssl_options = no_ticket, no_compression, NO_RENEGOTIATION @@ -757,8 +764,7 @@ tls_ssl_options = no_ticket, no_compression, NO_RENEGOTIATION # it's more secure to generate your own DH params but using mozilla's # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam # not actually 1024 bits, this applies to all DHE >= 1024 bits -#smtpd_tls_dh512_param_file = /mnt/certs/dhparam512.pem -smtpd_tls_dh1024_param_file = /mnt/certs/dhparam4096.pem +# NOW deprecated - smtpd_tls_dh1024_param_file = /mnt/certs/dhparam4096.pem # cache incoming and outgoing TLS sessions smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_tlscache @@ -770,9 +776,6 @@ smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot -# only allow authentication over TLS -smtpd_tls_auth_only = yes - # don't allow plaintext auth methods on unencrypted connections smtpd_sasl_security_options = noanonymous, noplaintext # but plaintext auth is fine when using TLS diff --git a/jails/config/mail/postfix/protected_destinations b/jails/config/mail/postfix/protected_destinations index 27ebb65..b2ead6c 100644 --- a/jails/config/mail/postfix/protected_destinations +++ b/jails/config/mail/postfix/protected_destinations @@ -1,4 +1,9 @@ # not everyone can send to these destinations # we restrict some of them -ahlawat.com good_senders_only +ahlawat.com good_senders_only,reject +beyondbell.com good_senders_only,reject +diyit.org good_senders_only,reject +datavpc.com good_senders_only,reject +rockwoodstates.org good_senders_only,reject +scvcc-rental.com good_senders_only,reject diff --git a/jails/config/maps/pkg-list-details-old.txt b/jails/config/maps/pkg-list-details-old.txt index 1eae6a7..49c43e0 100644 --- a/jails/config/maps/pkg-list-details-old.txt +++ b/jails/config/maps/pkg-list-details-old.txt @@ -1,7 +1,7 @@ -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____npm-8.19.2 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____pkgconf-1.8.0_1,1 -pkgp-freebsd-pkg____vips-8.13.0_3 +pkgp-freebsd-pkg____bash-5.2.26_1 +pkgp-freebsd-pkg____bash-completion-2.11_2,2 +pkgp-freebsd-pkg____nano-7.2 +pkgp-freebsd-pkg____npm-10.2.5 +pkgp-freebsd-pkg____pkg-1.20.9_1 +pkgp-freebsd-pkg____pkgconf-2.0.3_2,1 +pkgp-freebsd-pkg____vips-8.15.1_2 diff --git a/jails/config/maps/pkg-list-details.txt b/jails/config/maps/pkg-list-details.txt index efe67b8..9d006b4 100644 --- a/jails/config/maps/pkg-list-details.txt +++ b/jails/config/maps/pkg-list-details.txt @@ -1,7 +1,7 @@ -pkgp-freebsd-pkg____bash-5.2.12 +pkgp-freebsd-pkg____bash-5.2.26_1 pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____npm-8.19.2 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____pkgconf-1.8.0_1,1 -pkgp-freebsd-pkg____vips-8.13.0_3 +pkgp-freebsd-pkg____nano-7.2 +pkgp-freebsd-pkg____npm-10.4.0 +pkgp-freebsd-pkg____pkg-1.20.9_1 +pkgp-freebsd-pkg____pkgconf-2.0.3_2,1 +pkgp-freebsd-pkg____vips-8.15.1_3 diff --git a/jails/config/matrix/pkg-list-details-old.txt b/jails/config/matrix/pkg-list-details-old.txt index d8ac1bf..4d49076 100644 --- a/jails/config/matrix/pkg-list-details-old.txt +++ b/jails/config/matrix/pkg-list-details-old.txt @@ -1,9 +1,10 @@ -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____element-web-1.11.14 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____nginx-1.22.1_2,3 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____py39-matrix-synapse-1.71.0 -pkgp-freebsd-pkg____py39-matrix-synapse-ldap3-0.2.2 -pkgp-freebsd-pkg____py39-psycopg2-2.9.4 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____element-web-1.11.98 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____nginx-1.26.3_3,3 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____py311-matrix-synapse-1.127.1 +pkgp-freebsd-pkg____py311-matrix-synapse-ldap3-0.3.0_1 +pkgp-freebsd-pkg____py311-psycopg2-2.9.10 +pkgp-freebsd-pkg____rust-1.86.0 diff --git a/jails/config/matrix/pkg-list-details.txt b/jails/config/matrix/pkg-list-details.txt index 2b33a7c..4d49076 100644 --- a/jails/config/matrix/pkg-list-details.txt +++ b/jails/config/matrix/pkg-list-details.txt @@ -1,9 +1,10 @@ -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____element-web-1.11.15 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____nginx-1.22.1_2,3 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____py39-matrix-synapse-1.71.0_1 -pkgp-freebsd-pkg____py39-matrix-synapse-ldap3-0.2.2 -pkgp-freebsd-pkg____py39-psycopg2-2.9.4 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____element-web-1.11.98 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____nginx-1.26.3_3,3 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____py311-matrix-synapse-1.127.1 +pkgp-freebsd-pkg____py311-matrix-synapse-ldap3-0.3.0_1 +pkgp-freebsd-pkg____py311-psycopg2-2.9.10 +pkgp-freebsd-pkg____rust-1.86.0 diff --git a/jails/config/matrix/pkg-list-old.txt b/jails/config/matrix/pkg-list-old.txt index 16a2720..c2ba3bb 100644 --- a/jails/config/matrix/pkg-list-old.txt +++ b/jails/config/matrix/pkg-list-old.txt @@ -1 +1 @@ -bash bash-completion element-web nano nginx pkg py39-matrix-synapse py39-matrix-synapse-ldap3 py39-psycopg2 +bash bash-completion element-web nano nginx pkg py311-matrix-synapse py311-matrix-synapse-ldap3 py311-psycopg2 rust diff --git a/jails/config/matrix/pkg-list.txt b/jails/config/matrix/pkg-list.txt index 16a2720..c2ba3bb 100644 --- a/jails/config/matrix/pkg-list.txt +++ b/jails/config/matrix/pkg-list.txt @@ -1 +1 @@ -bash bash-completion element-web nano nginx pkg py39-matrix-synapse py39-matrix-synapse-ldap3 py39-psycopg2 +bash bash-completion element-web nano nginx pkg py311-matrix-synapse py311-matrix-synapse-ldap3 py311-psycopg2 rust diff --git a/jails/config/meet/pkg-list-details-old.txt b/jails/config/meet/pkg-list-details-old.txt index 6a80c55..597899e 100644 --- a/jails/config/meet/pkg-list-details-old.txt +++ b/jails/config/meet/pkg-list-details-old.txt @@ -1,9 +1,9 @@ -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____jicofo-1.0.877 -pkgp-freebsd-pkg____jitsi-meet-1.0.6155 -pkgp-freebsd-pkg____jitsi-videobridge-2.1.681 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____nginx-1.22.1_2,3 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____prosody-0.12.1_2 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____jicofo-1.0.1118 +pkgp-freebsd-pkg____jitsi-meet-1.0.8339 +pkgp-freebsd-pkg____jitsi-videobridge-2.3.198 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____nginx-1.26.3_3,3 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____prosody-13.0.1 diff --git a/jails/config/meet/pkg-list-details.txt b/jails/config/meet/pkg-list-details.txt index 4709318..597899e 100644 --- a/jails/config/meet/pkg-list-details.txt +++ b/jails/config/meet/pkg-list-details.txt @@ -1,9 +1,9 @@ -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____jicofo-1.0.877 -pkgp-freebsd-pkg____jitsi-meet-1.0.6155 -pkgp-freebsd-pkg____jitsi-videobridge-2.1.681 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____nginx-1.22.1_2,3 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____prosody-0.12.1_2 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____jicofo-1.0.1118 +pkgp-freebsd-pkg____jitsi-meet-1.0.8339 +pkgp-freebsd-pkg____jitsi-videobridge-2.3.198 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____nginx-1.26.3_3,3 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____prosody-13.0.1 diff --git a/jails/config/monitor/alert_rules.yml b/jails/config/monitor/alert_rules.yml index 1e3d3ef..ee974d8 100644 --- a/jails/config/monitor/alert_rules.yml +++ b/jails/config/monitor/alert_rules.yml @@ -18,21 +18,21 @@ groups: summary: "Node {{ $labels.instance }} is down" description: "Failed to scrape {{ $labels.job }} on {{ $labels.instance }} for more than 1 minute. Node seems down." - alert: High_cpu_util - expr: node_load5{job="node_exporter"} > 6 - for: 2m + expr: node_load1{job="node_exporter"} > 10 + for: 5m labels: severity: warning annotations: summary: "CPU {{ $labels.instance }} is high" - description: "{{ $labels.job }} on {{ $labels.instance }} loaded more than 6 for more than 2 minute." + description: "{{ $labels.job }} on {{ $labels.instance }} loaded more than 10 for more than 5 minutes." - alert: High_disk_util expr: gstat_percent_busy{job="gstat"} > 90 - for: 3m + for: 9m labels: severity: warning annotations: summary: "Disk {{ $labels.instance }} is loaded" - description: "{{ $labels.job }} on {{ $labels.instance }} loaded more than 90% for more than 3 minute." + description: "{{ $labels.job }} on {{ $labels.instance }} loaded more than 90% for more than 9 minutes." - name: Probe alerts rules: - alert: Site_down diff --git a/jails/config/monitor/httpd.conf b/jails/config/monitor/httpd.conf index 1622852..a51a151 100644 --- a/jails/config/monitor/httpd.conf +++ b/jails/config/monitor/httpd.conf @@ -551,6 +551,14 @@ SSLRandomSeed connect builtin Include etc/apache24/Includes/*.conf +# https://ssl-config.mozilla.org/#server=apache&version=2.4.60&config=intermediate&openssl=3.1.0&guideline=5.7 + + + RewriteEngine On + RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/ + RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L] + + ServerName monitor.ahlawat.com ServerAlias *.ahlawat.com @@ -559,16 +567,20 @@ Include etc/apache24/Includes/*.conf DocumentRoot "/usr/local/www/apache24/data/" + # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) + Header always set Strict-Transport-Security "max-age=63072000" + SSLEngine on SSLCertificateFile "/mnt/certs/fullchain.pem" SSLCertificateKeyFile "/mnt/certs/privkey.pem" - #SSLCertificateChainFile "/mnt/certs/fullchain.pem" - SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - SSLHonorCipherOrder off - SSLSessionTickets off - SSLOptions +StrictRequire -# SSLCompression off +# SSLCertificateChainFile "/mnt/certs/fullchain.pem" + SSLCACertificateFile "/mnt/certs/cacert.pem" + + SSLProtocol -all +TLSv1.2 +TLSv1.3 + SSLOpenSSLConfCmd Curves X25519:prime256v1:secp384r1 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 + SSLHonorCipherOrder off + SSLSessionTickets off RewriteEngine On RewriteCond %{HTTP:Authorization} ^(.*) diff --git a/jails/config/monitor/pkg-list-details-old.txt b/jails/config/monitor/pkg-list-details-old.txt index 4d1c493..4a24400 100644 --- a/jails/config/monitor/pkg-list-details-old.txt +++ b/jails/config/monitor/pkg-list-details-old.txt @@ -1,41 +1,43 @@ -pkgp-freebsd-pkg____alertmanager-0.23.0_7 -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____grafana9-9.2.4 -pkgp-freebsd-pkg____influxdb-1.8.10_7 -pkgp-freebsd-pkg____iperf3-3.12 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____php81-8.1.12 -pkgp-freebsd-pkg____php81-bcmath-8.1.12 -pkgp-freebsd-pkg____php81-bz2-8.1.12 -pkgp-freebsd-pkg____php81-ctype-8.1.12 -pkgp-freebsd-pkg____php81-curl-8.1.12 -pkgp-freebsd-pkg____php81-dom-8.1.12 -pkgp-freebsd-pkg____php81-fileinfo-8.1.12 -pkgp-freebsd-pkg____php81-filter-8.1.12 -pkgp-freebsd-pkg____php81-gd-8.1.12 -pkgp-freebsd-pkg____php81-iconv-8.1.12 -pkgp-freebsd-pkg____php81-intl-8.1.12_1 -pkgp-freebsd-pkg____php81-mbstring-8.1.12 -pkgp-freebsd-pkg____php81-mysqli-8.1.12 -pkgp-freebsd-pkg____php81-opcache-8.1.12 -pkgp-freebsd-pkg____php81-pdo-8.1.12 -pkgp-freebsd-pkg____php81-pdo_mysql-8.1.12 -pkgp-freebsd-pkg____php81-pecl-mcrypt-1.0.5 -pkgp-freebsd-pkg____php81-pecl-memcache-8.0 -pkgp-freebsd-pkg____php81-posix-8.1.12 -pkgp-freebsd-pkg____php81-readline-8.1.12 -pkgp-freebsd-pkg____php81-session-8.1.12 -pkgp-freebsd-pkg____php81-simplexml-8.1.12 -pkgp-freebsd-pkg____php81-soap-8.1.12 -pkgp-freebsd-pkg____php81-sockets-8.1.12 -pkgp-freebsd-pkg____php81-sqlite3-8.1.12 -pkgp-freebsd-pkg____php81-tidy-8.1.12 -pkgp-freebsd-pkg____php81-tokenizer-8.1.12 -pkgp-freebsd-pkg____php81-xml-8.1.12 -pkgp-freebsd-pkg____php81-zip-8.1.12 -pkgp-freebsd-pkg____php81-zlib-8.1.12 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____prometheus-2.39.1 -pkgp-freebsd-pkg____telegraf-1.24.3 +pkgp-freebsd-pkg____alertmanager-0.26.0_9 +pkgp-freebsd-pkg____apache24-2.4.63 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____elasticsearch8-8.11.3 +pkgp-freebsd-pkg____grafana-11.6.0_1 +pkgp-freebsd-pkg____grafana-loki-2.9.2_11 +pkgp-freebsd-pkg____influxdb-1.8.10_27 +pkgp-freebsd-pkg____iperf3-3.18 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____php84-8.4.6 +pkgp-freebsd-pkg____php84-bcmath-8.4.6 +pkgp-freebsd-pkg____php84-bz2-8.4.6 +pkgp-freebsd-pkg____php84-ctype-8.4.6 +pkgp-freebsd-pkg____php84-curl-8.4.6 +pkgp-freebsd-pkg____php84-dom-8.4.6 +pkgp-freebsd-pkg____php84-fileinfo-8.4.6 +pkgp-freebsd-pkg____php84-filter-8.4.6 +pkgp-freebsd-pkg____php84-gd-8.4.6 +pkgp-freebsd-pkg____php84-iconv-8.4.6 +pkgp-freebsd-pkg____php84-intl-8.4.6 +pkgp-freebsd-pkg____php84-mbstring-8.4.6 +pkgp-freebsd-pkg____php84-mysqli-8.4.6 +pkgp-freebsd-pkg____php84-opcache-8.4.6 +pkgp-freebsd-pkg____php84-pdo-8.4.6 +pkgp-freebsd-pkg____php84-pdo_mysql-8.4.6 +pkgp-freebsd-pkg____php84-pecl-mcrypt-1.0.7 +pkgp-freebsd-pkg____php84-pecl-memcache-8.2 +pkgp-freebsd-pkg____php84-posix-8.4.6 +pkgp-freebsd-pkg____php84-readline-8.4.6 +pkgp-freebsd-pkg____php84-session-8.4.6 +pkgp-freebsd-pkg____php84-simplexml-8.4.6 +pkgp-freebsd-pkg____php84-soap-8.4.6 +pkgp-freebsd-pkg____php84-sockets-8.4.6 +pkgp-freebsd-pkg____php84-sqlite3-8.4.6 +pkgp-freebsd-pkg____php84-tidy-8.4.6 +pkgp-freebsd-pkg____php84-tokenizer-8.4.6 +pkgp-freebsd-pkg____php84-xml-8.4.6 +pkgp-freebsd-pkg____php84-zip-8.4.6 +pkgp-freebsd-pkg____php84-zlib-8.4.6 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____prometheus-2.55.1_4 +pkgp-freebsd-pkg____telegraf-1.34.2 diff --git a/jails/config/monitor/pkg-list-details.txt b/jails/config/monitor/pkg-list-details.txt index df8bc20..4a24400 100644 --- a/jails/config/monitor/pkg-list-details.txt +++ b/jails/config/monitor/pkg-list-details.txt @@ -1,41 +1,43 @@ -pkgp-freebsd-pkg____alertmanager-0.23.0_7 -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____grafana9-9.2.4 -pkgp-freebsd-pkg____influxdb-1.8.10_7 -pkgp-freebsd-pkg____iperf3-3.12 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____php81-8.1.13 -pkgp-freebsd-pkg____php81-bcmath-8.1.13 -pkgp-freebsd-pkg____php81-bz2-8.1.13 -pkgp-freebsd-pkg____php81-ctype-8.1.13 -pkgp-freebsd-pkg____php81-curl-8.1.13 -pkgp-freebsd-pkg____php81-dom-8.1.13 -pkgp-freebsd-pkg____php81-fileinfo-8.1.13 -pkgp-freebsd-pkg____php81-filter-8.1.13 -pkgp-freebsd-pkg____php81-gd-8.1.13 -pkgp-freebsd-pkg____php81-iconv-8.1.13 -pkgp-freebsd-pkg____php81-intl-8.1.13 -pkgp-freebsd-pkg____php81-mbstring-8.1.13 -pkgp-freebsd-pkg____php81-mysqli-8.1.13 -pkgp-freebsd-pkg____php81-opcache-8.1.13 -pkgp-freebsd-pkg____php81-pdo-8.1.13 -pkgp-freebsd-pkg____php81-pdo_mysql-8.1.13 -pkgp-freebsd-pkg____php81-pecl-mcrypt-1.0.5 -pkgp-freebsd-pkg____php81-pecl-memcache-8.0 -pkgp-freebsd-pkg____php81-posix-8.1.13 -pkgp-freebsd-pkg____php81-readline-8.1.13 -pkgp-freebsd-pkg____php81-session-8.1.13 -pkgp-freebsd-pkg____php81-simplexml-8.1.13 -pkgp-freebsd-pkg____php81-soap-8.1.13 -pkgp-freebsd-pkg____php81-sockets-8.1.13 -pkgp-freebsd-pkg____php81-sqlite3-8.1.13 -pkgp-freebsd-pkg____php81-tidy-8.1.13 -pkgp-freebsd-pkg____php81-tokenizer-8.1.13 -pkgp-freebsd-pkg____php81-xml-8.1.13 -pkgp-freebsd-pkg____php81-zip-8.1.13 -pkgp-freebsd-pkg____php81-zlib-8.1.13 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____prometheus-2.39.1 -pkgp-freebsd-pkg____telegraf-1.24.3 +pkgp-freebsd-pkg____alertmanager-0.26.0_9 +pkgp-freebsd-pkg____apache24-2.4.63 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____elasticsearch8-8.11.3 +pkgp-freebsd-pkg____grafana-11.6.0_1 +pkgp-freebsd-pkg____grafana-loki-2.9.2_11 +pkgp-freebsd-pkg____influxdb-1.8.10_27 +pkgp-freebsd-pkg____iperf3-3.18 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____php84-8.4.6 +pkgp-freebsd-pkg____php84-bcmath-8.4.6 +pkgp-freebsd-pkg____php84-bz2-8.4.6 +pkgp-freebsd-pkg____php84-ctype-8.4.6 +pkgp-freebsd-pkg____php84-curl-8.4.6 +pkgp-freebsd-pkg____php84-dom-8.4.6 +pkgp-freebsd-pkg____php84-fileinfo-8.4.6 +pkgp-freebsd-pkg____php84-filter-8.4.6 +pkgp-freebsd-pkg____php84-gd-8.4.6 +pkgp-freebsd-pkg____php84-iconv-8.4.6 +pkgp-freebsd-pkg____php84-intl-8.4.6 +pkgp-freebsd-pkg____php84-mbstring-8.4.6 +pkgp-freebsd-pkg____php84-mysqli-8.4.6 +pkgp-freebsd-pkg____php84-opcache-8.4.6 +pkgp-freebsd-pkg____php84-pdo-8.4.6 +pkgp-freebsd-pkg____php84-pdo_mysql-8.4.6 +pkgp-freebsd-pkg____php84-pecl-mcrypt-1.0.7 +pkgp-freebsd-pkg____php84-pecl-memcache-8.2 +pkgp-freebsd-pkg____php84-posix-8.4.6 +pkgp-freebsd-pkg____php84-readline-8.4.6 +pkgp-freebsd-pkg____php84-session-8.4.6 +pkgp-freebsd-pkg____php84-simplexml-8.4.6 +pkgp-freebsd-pkg____php84-soap-8.4.6 +pkgp-freebsd-pkg____php84-sockets-8.4.6 +pkgp-freebsd-pkg____php84-sqlite3-8.4.6 +pkgp-freebsd-pkg____php84-tidy-8.4.6 +pkgp-freebsd-pkg____php84-tokenizer-8.4.6 +pkgp-freebsd-pkg____php84-xml-8.4.6 +pkgp-freebsd-pkg____php84-zip-8.4.6 +pkgp-freebsd-pkg____php84-zlib-8.4.6 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____prometheus-2.55.1_4 +pkgp-freebsd-pkg____telegraf-1.34.2 diff --git a/jails/config/monitor/pkg-list-old.txt b/jails/config/monitor/pkg-list-old.txt index d303802..23ef967 100644 --- a/jails/config/monitor/pkg-list-old.txt +++ b/jails/config/monitor/pkg-list-old.txt @@ -1 +1 @@ -alertmanager apache24 bash bash-completion grafana9 influxdb iperf3 nano php81 php81-bcmath php81-bz2 php81-ctype php81-curl php81-dom php81-fileinfo php81-filter php81-gd php81-iconv php81-intl php81-mbstring php81-mysqli php81-opcache php81-pdo php81-pdo_mysql php81-pecl-mcrypt php81-pecl-memcache php81-posix php81-readline php81-session php81-simplexml php81-soap php81-sockets php81-sqlite3 php81-tidy php81-tokenizer php81-xml php81-zip php81-zlib pkg prometheus telegraf +alertmanager apache24 bash bash-completion elasticsearch8 grafana grafana-loki influxdb iperf3 nano php84 php84-bcmath php84-bz2 php84-ctype php84-curl php84-dom php84-fileinfo php84-filter php84-gd php84-iconv php84-intl php84-mbstring php84-mysqli php84-opcache php84-pdo php84-pdo_mysql php84-pecl-mcrypt php84-pecl-memcache php84-posix php84-readline php84-session php84-simplexml php84-soap php84-sockets php84-sqlite3 php84-tidy php84-tokenizer php84-xml php84-zip php84-zlib pkg prometheus telegraf diff --git a/jails/config/monitor/pkg-list.txt b/jails/config/monitor/pkg-list.txt index d303802..23ef967 100644 --- a/jails/config/monitor/pkg-list.txt +++ b/jails/config/monitor/pkg-list.txt @@ -1 +1 @@ -alertmanager apache24 bash bash-completion grafana9 influxdb iperf3 nano php81 php81-bcmath php81-bz2 php81-ctype php81-curl php81-dom php81-fileinfo php81-filter php81-gd php81-iconv php81-intl php81-mbstring php81-mysqli php81-opcache php81-pdo php81-pdo_mysql php81-pecl-mcrypt php81-pecl-memcache php81-posix php81-readline php81-session php81-simplexml php81-soap php81-sockets php81-sqlite3 php81-tidy php81-tokenizer php81-xml php81-zip php81-zlib pkg prometheus telegraf +alertmanager apache24 bash bash-completion elasticsearch8 grafana grafana-loki influxdb iperf3 nano php84 php84-bcmath php84-bz2 php84-ctype php84-curl php84-dom php84-fileinfo php84-filter php84-gd php84-iconv php84-intl php84-mbstring php84-mysqli php84-opcache php84-pdo php84-pdo_mysql php84-pecl-mcrypt php84-pecl-memcache php84-posix php84-readline php84-session php84-simplexml php84-soap php84-sockets php84-sqlite3 php84-tidy php84-tokenizer php84-xml php84-zip php84-zlib pkg prometheus telegraf diff --git a/jails/config/monitor/prometheus.yml b/jails/config/monitor/prometheus.yml index fc10187..d8c9a93 100644 --- a/jails/config/monitor/prometheus.yml +++ b/jails/config/monitor/prometheus.yml @@ -1,4 +1,4 @@ -# Copyright (c) 2018-2022, diyIT.org +# Copyright (c) 2018-2019, diyIT.org # All rights reserved. # # BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") @@ -34,12 +34,33 @@ scrape_configs: static_configs: - targets: ['localhost:9090'] + - job_name: 'hass' + scrape_interval: 60s + scrape_timeout: 55s + metrics_path: /api/prometheus + # Long-Lived Access Token + authorization: + credentials: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIwMTgyNzJkMGM4MDE0MDI3OTJkNDFmZjFkOGFjYTQ3YSIsImlhdCI6MTY5MDg0MzQ1MywiZXhwIjoyMDA2MjAzNDUzfQ.7V9ElJkYzW1DRIHIp3GvopVN4pC5X92Ozqs-I9cZ9_c" + scheme: http + static_configs: + - targets: ['192.168.0.7:8123'] + + - job_name: 'sunpower' + scrape_interval: 60s + scrape_timeout: 55s + metrics_path: / + static_configs: + - targets: ['192.168.200.172:9110'] + - job_name: 'haproxy' static_configs: - targets: ['proxy.ahlawat.com:8404'] - job_name: 'node_exporter' - # scrape_interval: 5s + scrape_interval: 60s + scrape_timeout: 55s + metrics_path: /metrics + scheme: http static_configs: - targets: ['nas.ahlawat.com:9100'] @@ -50,6 +71,10 @@ scrape_configs: - targets: ['db.ahlawat.com:9104'] - job_name: 'gstat' + scrape_interval: 60s + scrape_timeout: 55s + metrics_path: / + scheme: http static_configs: - targets: ['nas.ahlawat.com:9248'] diff --git a/jails/config/nivi/httpd.conf b/jails/config/nivi/httpd.conf index 9786c46..25e99a7 100644 --- a/jails/config/nivi/httpd.conf +++ b/jails/config/nivi/httpd.conf @@ -551,6 +551,14 @@ SSLRandomSeed connect builtin Include etc/apache24/Includes/*.conf +# https://ssl-config.mozilla.org/#server=apache&version=2.4.60&config=intermediate&openssl=3.1.0&guideline=5.7 + + + RewriteEngine On + RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/ + RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L] + + ServerName nivi.ahlawat.com ServerAlias *.ahlawat.com @@ -559,16 +567,20 @@ Include etc/apache24/Includes/*.conf DocumentRoot "/usr/local/www/apache24/data/" + # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) + Header always set Strict-Transport-Security "max-age=63072000" + SSLEngine on SSLCertificateFile "/mnt/certs/fullchain.pem" SSLCertificateKeyFile "/mnt/certs/privkey.pem" - #SSLCertificateChainFile "/mnt/certs/fullchain.pem" - SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - SSLHonorCipherOrder off - SSLSessionTickets off - SSLOptions +StrictRequire -# SSLCompression off +# SSLCertificateChainFile "/mnt/certs/fullchain.pem" + SSLCACertificateFile "/mnt/certs/cacert.pem" + + SSLProtocol -all +TLSv1.2 +TLSv1.3 + SSLOpenSSLConfCmd Curves X25519:prime256v1:secp384r1 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 + SSLHonorCipherOrder off + SSLSessionTickets off RewriteEngine On RewriteCond %{HTTP:Authorization} ^(.*) diff --git a/jails/config/nivi/pkg-list-details-old.txt b/jails/config/nivi/pkg-list-details-old.txt index d8a27ff..2fc485b 100644 --- a/jails/config/nivi/pkg-list-details-old.txt +++ b/jails/config/nivi/pkg-list-details-old.txt @@ -1,31 +1,31 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____ffmpeg-4.4.3_1,1 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____php81-8.1.12 -pkgp-freebsd-pkg____php81-bz2-8.1.12 -pkgp-freebsd-pkg____php81-ctype-8.1.12 -pkgp-freebsd-pkg____php81-curl-8.1.12 -pkgp-freebsd-pkg____php81-dom-8.1.12 -pkgp-freebsd-pkg____php81-exif-8.1.12 -pkgp-freebsd-pkg____php81-fileinfo-8.1.12 -pkgp-freebsd-pkg____php81-filter-8.1.12 -pkgp-freebsd-pkg____php81-gd-8.1.12 -pkgp-freebsd-pkg____php81-iconv-8.1.12 -pkgp-freebsd-pkg____php81-mbstring-8.1.12 -pkgp-freebsd-pkg____php81-mysqli-8.1.12 -pkgp-freebsd-pkg____php81-opcache-8.1.12 -pkgp-freebsd-pkg____php81-pdo-8.1.12 -pkgp-freebsd-pkg____php81-pdo_mysql-8.1.12 -pkgp-freebsd-pkg____php81-pecl-imagick-3.7.0 -pkgp-freebsd-pkg____php81-posix-8.1.12 -pkgp-freebsd-pkg____php81-session-8.1.12 -pkgp-freebsd-pkg____php81-simplexml-8.1.12 -pkgp-freebsd-pkg____php81-xml-8.1.12 -pkgp-freebsd-pkg____php81-xmlreader-8.1.12 -pkgp-freebsd-pkg____php81-xmlwriter-8.1.12 -pkgp-freebsd-pkg____php81-xsl-8.1.12 -pkgp-freebsd-pkg____php81-zip-8.1.12 -pkgp-freebsd-pkg____php81-zlib-8.1.12 -pkgp-freebsd-pkg____pkg-1.18.4 +pkgp-freebsd-pkg____apache24-2.4.63 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____ffmpeg-6.1.2_10,1 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____php84-8.4.6 +pkgp-freebsd-pkg____php84-bz2-8.4.6 +pkgp-freebsd-pkg____php84-ctype-8.4.6 +pkgp-freebsd-pkg____php84-curl-8.4.6 +pkgp-freebsd-pkg____php84-dom-8.4.6 +pkgp-freebsd-pkg____php84-exif-8.4.6 +pkgp-freebsd-pkg____php84-fileinfo-8.4.6 +pkgp-freebsd-pkg____php84-filter-8.4.6 +pkgp-freebsd-pkg____php84-gd-8.4.6 +pkgp-freebsd-pkg____php84-iconv-8.4.6 +pkgp-freebsd-pkg____php84-mbstring-8.4.6 +pkgp-freebsd-pkg____php84-mysqli-8.4.6 +pkgp-freebsd-pkg____php84-opcache-8.4.6 +pkgp-freebsd-pkg____php84-pdo-8.4.6 +pkgp-freebsd-pkg____php84-pdo_mysql-8.4.6 +pkgp-freebsd-pkg____php84-pecl-imagick-3.7.0_5 +pkgp-freebsd-pkg____php84-posix-8.4.6 +pkgp-freebsd-pkg____php84-session-8.4.6 +pkgp-freebsd-pkg____php84-simplexml-8.4.6 +pkgp-freebsd-pkg____php84-xml-8.4.6 +pkgp-freebsd-pkg____php84-xmlreader-8.4.6 +pkgp-freebsd-pkg____php84-xmlwriter-8.4.6 +pkgp-freebsd-pkg____php84-xsl-8.4.6 +pkgp-freebsd-pkg____php84-zip-8.4.6 +pkgp-freebsd-pkg____php84-zlib-8.4.6 +pkgp-freebsd-pkg____pkg-2.1.2 diff --git a/jails/config/nivi/pkg-list-details.txt b/jails/config/nivi/pkg-list-details.txt index a912bd0..2fc485b 100644 --- a/jails/config/nivi/pkg-list-details.txt +++ b/jails/config/nivi/pkg-list-details.txt @@ -1,31 +1,31 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____ffmpeg-4.4.3_1,1 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____php81-8.1.13 -pkgp-freebsd-pkg____php81-bz2-8.1.13 -pkgp-freebsd-pkg____php81-ctype-8.1.13 -pkgp-freebsd-pkg____php81-curl-8.1.13 -pkgp-freebsd-pkg____php81-dom-8.1.13 -pkgp-freebsd-pkg____php81-exif-8.1.13 -pkgp-freebsd-pkg____php81-fileinfo-8.1.13 -pkgp-freebsd-pkg____php81-filter-8.1.13 -pkgp-freebsd-pkg____php81-gd-8.1.13 -pkgp-freebsd-pkg____php81-iconv-8.1.13 -pkgp-freebsd-pkg____php81-mbstring-8.1.13 -pkgp-freebsd-pkg____php81-mysqli-8.1.13 -pkgp-freebsd-pkg____php81-opcache-8.1.13 -pkgp-freebsd-pkg____php81-pdo-8.1.13 -pkgp-freebsd-pkg____php81-pdo_mysql-8.1.13 -pkgp-freebsd-pkg____php81-pecl-imagick-3.7.0 -pkgp-freebsd-pkg____php81-posix-8.1.13 -pkgp-freebsd-pkg____php81-session-8.1.13 -pkgp-freebsd-pkg____php81-simplexml-8.1.13 -pkgp-freebsd-pkg____php81-xml-8.1.13 -pkgp-freebsd-pkg____php81-xmlreader-8.1.13 -pkgp-freebsd-pkg____php81-xmlwriter-8.1.13 -pkgp-freebsd-pkg____php81-xsl-8.1.13 -pkgp-freebsd-pkg____php81-zip-8.1.13 -pkgp-freebsd-pkg____php81-zlib-8.1.13 -pkgp-freebsd-pkg____pkg-1.18.4 +pkgp-freebsd-pkg____apache24-2.4.63 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____ffmpeg-6.1.2_10,1 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____php84-8.4.6 +pkgp-freebsd-pkg____php84-bz2-8.4.6 +pkgp-freebsd-pkg____php84-ctype-8.4.6 +pkgp-freebsd-pkg____php84-curl-8.4.6 +pkgp-freebsd-pkg____php84-dom-8.4.6 +pkgp-freebsd-pkg____php84-exif-8.4.6 +pkgp-freebsd-pkg____php84-fileinfo-8.4.6 +pkgp-freebsd-pkg____php84-filter-8.4.6 +pkgp-freebsd-pkg____php84-gd-8.4.6 +pkgp-freebsd-pkg____php84-iconv-8.4.6 +pkgp-freebsd-pkg____php84-mbstring-8.4.6 +pkgp-freebsd-pkg____php84-mysqli-8.4.6 +pkgp-freebsd-pkg____php84-opcache-8.4.6 +pkgp-freebsd-pkg____php84-pdo-8.4.6 +pkgp-freebsd-pkg____php84-pdo_mysql-8.4.6 +pkgp-freebsd-pkg____php84-pecl-imagick-3.7.0_5 +pkgp-freebsd-pkg____php84-posix-8.4.6 +pkgp-freebsd-pkg____php84-session-8.4.6 +pkgp-freebsd-pkg____php84-simplexml-8.4.6 +pkgp-freebsd-pkg____php84-xml-8.4.6 +pkgp-freebsd-pkg____php84-xmlreader-8.4.6 +pkgp-freebsd-pkg____php84-xmlwriter-8.4.6 +pkgp-freebsd-pkg____php84-xsl-8.4.6 +pkgp-freebsd-pkg____php84-zip-8.4.6 +pkgp-freebsd-pkg____php84-zlib-8.4.6 +pkgp-freebsd-pkg____pkg-2.1.2 diff --git a/jails/config/nivi/pkg-list-old.txt b/jails/config/nivi/pkg-list-old.txt index 537b1dd..06854b7 100644 --- a/jails/config/nivi/pkg-list-old.txt +++ b/jails/config/nivi/pkg-list-old.txt @@ -1 +1 @@ -apache24 bash bash-completion ffmpeg nano php81 php81-bz2 php81-ctype php81-curl php81-dom php81-exif php81-fileinfo php81-filter php81-gd php81-iconv php81-mbstring php81-mysqli php81-opcache php81-pdo php81-pdo_mysql php81-pecl-imagick php81-posix php81-session php81-simplexml php81-xml php81-xmlreader php81-xmlwriter php81-xsl php81-zip php81-zlib pkg +apache24 bash bash-completion ffmpeg nano php84 php84-bz2 php84-ctype php84-curl php84-dom php84-exif php84-fileinfo php84-filter php84-gd php84-iconv php84-mbstring php84-mysqli php84-opcache php84-pdo php84-pdo_mysql php84-pecl-imagick php84-posix php84-session php84-simplexml php84-xml php84-xmlreader php84-xmlwriter php84-xsl php84-zip php84-zlib pkg diff --git a/jails/config/nivi/pkg-list.txt b/jails/config/nivi/pkg-list.txt index 537b1dd..06854b7 100644 --- a/jails/config/nivi/pkg-list.txt +++ b/jails/config/nivi/pkg-list.txt @@ -1 +1 @@ -apache24 bash bash-completion ffmpeg nano php81 php81-bz2 php81-ctype php81-curl php81-dom php81-exif php81-fileinfo php81-filter php81-gd php81-iconv php81-mbstring php81-mysqli php81-opcache php81-pdo php81-pdo_mysql php81-pecl-imagick php81-posix php81-session php81-simplexml php81-xml php81-xmlreader php81-xmlwriter php81-xsl php81-zip php81-zlib pkg +apache24 bash bash-completion ffmpeg nano php84 php84-bz2 php84-ctype php84-curl php84-dom php84-exif php84-fileinfo php84-filter php84-gd php84-iconv php84-mbstring php84-mysqli php84-opcache php84-pdo php84-pdo_mysql php84-pecl-imagick php84-posix php84-session php84-simplexml php84-xml php84-xmlreader php84-xmlwriter php84-xsl php84-zip php84-zlib pkg diff --git a/jails/config/pg/pkg-list-details-old.txt b/jails/config/pg/pkg-list-details-old.txt index e9baca8..f6d53a5 100644 --- a/jails/config/pg/pkg-list-details-old.txt +++ b/jails/config/pg/pkg-list-details-old.txt @@ -1,5 +1,6 @@ -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____postgresql14-server-14.6 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____postgresql17-client-17.4_1 +pkgp-freebsd-pkg____postgresql17-server-17.4_1 diff --git a/jails/config/pg/pkg-list-details.txt b/jails/config/pg/pkg-list-details.txt index f8891ee..f6d53a5 100644 --- a/jails/config/pg/pkg-list-details.txt +++ b/jails/config/pg/pkg-list-details.txt @@ -1,5 +1,6 @@ -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____postgresql14-server-14.6_1 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____postgresql17-client-17.4_1 +pkgp-freebsd-pkg____postgresql17-server-17.4_1 diff --git a/jails/config/pg/pkg-list-old.txt b/jails/config/pg/pkg-list-old.txt index e889c2f..01412cf 100644 --- a/jails/config/pg/pkg-list-old.txt +++ b/jails/config/pg/pkg-list-old.txt @@ -1 +1 @@ -bash bash-completion nano pkg postgresql14-server +bash bash-completion nano pkg postgresql17-client postgresql17-server diff --git a/jails/config/pg/pkg-list.txt b/jails/config/pg/pkg-list.txt index e889c2f..01412cf 100644 --- a/jails/config/pg/pkg-list.txt +++ b/jails/config/pg/pkg-list.txt @@ -1 +1 @@ -bash bash-completion nano pkg postgresql14-server +bash bash-completion nano pkg postgresql17-client postgresql17-server diff --git a/jails/config/pkgp/make.conf b/jails/config/pkgp/make.conf index 880df0a..e144feb 100644 --- a/jails/config/pkgp/make.conf +++ b/jails/config/pkgp/make.conf @@ -1,3 +1,17 @@ -WANT_OPENLDAP_SASL=yes +#WANT_OPENLDAP_SASL=yes LICENSES_ACCEPTED+=DCC WITH_CCACHE_BUILD=yes +DEFAULT_VERSIONS+=SSL=openssl31-quictls +OPTIONS_UNSET+=GSSAPI_BASE KRB_BASE KRB5_BASE KERBEROS KERBEROS5 +OPTIONS_SET+=GSSAPI_NONE KRB_NONE KRB5_NONE LDAP LDAPS SASL +#pkg level configs +mail_dcc-dccd_SET+=PORTS_MILTER +mail_dovecot_SET+=LZ4 ICU SOLR +mail_rspamd_SET+=HYPERSCAN +net_haproxy_UNSET+=DPCRE2 +net_haproxy_SET+=SPCRE2 +security_cyrus-sasl2_UNSET+=OTP +shells_bash_UNSET+=PORTS_READLINE +www_apache24_SET+=AUTHNZ_LDAP +www_gitea_SET+=BINDATA +www_nginx_SET+=HTTPV3_QTLS diff --git a/jails/config/pkgp/mypkgs b/jails/config/pkgp/mypkgs index 96aed25..a8dd0c5 100644 --- a/jails/config/pkgp/mypkgs +++ b/jails/config/pkgp/mypkgs @@ -4,7 +4,7 @@ net/openldap26-server net/openldap26-client security/cyrus-sasl2 www/apache24 -www/nginx-devel +www/nginx devel/apr1 mail/postfix mail/dovecot @@ -12,7 +12,7 @@ mail/dovecot-pigeonhole mail/rspamd mail/dcc-dccd net/netatalk3 -net/samba413 +net/samba416 net/nss-pam-ldapd net/nss-pam-ldapd-sasl www/gitea diff --git a/jails/config/pkgp/mypkgs.orig b/jails/config/pkgp/mypkgs.orig deleted file mode 100644 index b82ece5..0000000 --- a/jails/config/pkgp/mypkgs.orig +++ /dev/null @@ -1,19 +0,0 @@ -net/haproxy -net/openldap24-server -net/openldap24-client -security/cyrus-sasl2 -www/apache24 -www/nginx-devel -devel/apr1 -net/php81-ldap -net/php80-ldap -mail/postfix -mail/dovecot -mail/dovecot-pigeonhole -mail/rspamd -mail/dcc-dccd -net/netatalk3 -net/samba413 -net/nss-pam-ldapd -net/nss-pam-ldapd-sasl -www/gitea diff --git a/jails/config/pkgp/nginx.conf b/jails/config/pkgp/nginx.conf index bad0306..1ae88f0 100644 --- a/jails/config/pkgp/nginx.conf +++ b/jails/config/pkgp/nginx.conf @@ -42,9 +42,20 @@ http { } } +# https://ssl-config.mozilla.org/#server=nginx&version=1.27.3&config=modern&openssl=3.1.0&guideline=5.7 + server { - listen *:443 ssl http2; - listen [::]:443 ssl http2; + listen *:443 quic reuseport; + listen [::]:443 quic reuseport; + listen *:443 ssl; + listen [::]:443 ssl; + + ssl_early_data on; + quic_retry on; + + http3 on; + http3_hq on; + http2 on; server_name pkgp.ahlawat.com; root /usr/local/share/poudriere/html; @@ -67,14 +78,20 @@ http { ssl_stapling_verify on; # verify chain of trust of OCSP response using Root CA and Intermediate certs - ssl_trusted_certificate /mnt/certs/fullchain.pem; + ssl_trusted_certificate /mnt/certs/cacert.pem; + + # async 'resolver' is important for proper operation of OCSP stapling + resolver 192.168.0.5; + location /data { + add_header Alt-Svc 'h3=":443"; ma=86400'; alias /mnt/poudriere/data/logs/bulk; autoindex on; } location /packages { + add_header Alt-Svc 'h3=":443"; ma=86400'; root /mnt/poudriere/data; autoindex on; } @@ -130,7 +147,7 @@ http { listen [::]:8001; server_name localhost; location / { - proxy_pass http://pkg0.tuk.FreeBSD.org; + proxy_pass http://pkg0.pao.FreeBSD.org; } } @@ -187,7 +204,6 @@ http { server localhost:8011; server localhost:8012; server localhost:8013; - server localhost:8014; } server { @@ -216,13 +232,5 @@ http { proxy_pass http://update5.FreeBSD.org; } } - server { - listen *:8014; - listen [::]:8014; - server_name localhost; - location / { - proxy_pass http://update4.FreeBSD.org; - } - } } diff --git a/jails/config/pkgp/pkgp.conf b/jails/config/pkgp/pkgp.conf index d50ccf8..ac09580 100644 --- a/jails/config/pkgp/pkgp.conf +++ b/jails/config/pkgp/pkgp.conf @@ -5,16 +5,14 @@ FreeBSD: { pkgp-freebsd-pkg: { url: "http://pkgp-freebsd-pkg.ahlawat.com/${ABI}/latest", - mirror_type: "http", enabled: yes, priority: 10 } pkgp123: { url: "http://pkgp.ahlawat.com/packages/pj123-default", - mirror_type: "http", signature_type: "pubkey", - pubkey: "/mnt/data/apps/certs/poudriere.cert", - enabled: no, + pubkey: "/mnt/certs/poudriere.cert", + enabled: yes, priority: 100 } diff --git a/jails/config/pkgp/poudriere.conf b/jails/config/pkgp/poudriere.conf index 59f0ba3..7dae615 100644 --- a/jails/config/pkgp/poudriere.conf +++ b/jails/config/pkgp/poudriere.conf @@ -47,7 +47,7 @@ BASEFS=/poudriere #POUDRIERE_DATA=${BASEFS}/data # Use portlint to check ports sanity -USE_PORTLINT=no +USE_PORTLINT=yes # When building packages, a memory device can be used to speedup the build. # Only one of MFSSIZE or USE_TMPFS is supported. TMPFS is generally faster @@ -66,16 +66,17 @@ USE_PORTLINT=no # yes - Enables tmpfs(5) for wrkdir and data # no - Disable use of tmpfs(5) # EXAMPLE: USE_TMPFS="wrkdir data" -USE_TMPFS="wrkdir localbase" +#USE_TMPFS="wrkdir data localbase" +USE_TMPFS=all # let ZFS do its caching magic # How much memory to limit tmpfs size to for *each builder* in GiB # (default: none) -#TMPFS_LIMIT=8 +TMPFS_LIMIT=64 # How much memory to limit jail processes to for *each builder* # in GiB (default: none) -MAX_MEMORY=8 +MAX_MEMORY=64 # How many file descriptors to limit each jail process to (default: 1024) # This can also be set per PKGBASE, such as MAX_FILES_RStudio=2048. @@ -160,7 +161,7 @@ CCACHE_DIR=/mnt/cache/ccache # by specifying the -J flag to bulk/testport. # # Example to define PARALLEL_JOBS to one single job -PARALLEL_JOBS=8 +PARALLEL_JOBS=2 # How many jobs should be used for preparing the build? These tend to # be more IO bound and may be worth tweaking. Default: PARALLEL_JOBS * 1.25 @@ -200,7 +201,7 @@ NOLINUX=yes # List of packages that will always be allowed to use MAKE_JOBS # regardless of ALLOW_MAKE_JOBS. This is useful for allowing ports # which holdup the rest of the queue to build more quickly. -ALLOW_MAKE_JOBS_PACKAGES="pkg ccache py* llvm*" +ALLOW_MAKE_JOBS_PACKAGES="pkg ccache py* llvm* gcc* rust* node* firefox*" # Timestamp every line of build logs # Default: no @@ -282,7 +283,7 @@ PRESERVE_TIMESTAMP=yes # Define pkgname globs to boost priority for # Default: none -PRIORITY_BOOST="llvm*" +PRIORITY_BOOST="llvm* rust" # Define format for buildnames # Default: %Y-%m-%d_%Hh%Mm%Ss @@ -317,4 +318,4 @@ PRIORITY_BOOST="llvm*" # Set to track remaining ports in the HTML interface. This can slow down # processing of the queue slightly, especially for bulk -a builds. # Default: no -#HTML_TRACK_REMAINING=yes +HTML_TRACK_REMAINING=yes diff --git a/jails/config/plex/pkg-list-details-old.txt b/jails/config/plex/pkg-list-details-old.txt index 777a78a..c1fabb5 100644 --- a/jails/config/plex/pkg-list-details-old.txt +++ b/jails/config/plex/pkg-list-details-old.txt @@ -1,6 +1,6 @@ -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____ca_root_nss-3.83 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____plexmediaserver-1.29.1.6316 -pkgp-freebsd-pkg____python27-2.7.18_2 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____ca_root_nss-3.108 +pkgp-freebsd-pkg____jellyfin-10.10.6 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____plexmediaserver-1.41.6.9685 diff --git a/jails/config/plex/pkg-list-details.txt b/jails/config/plex/pkg-list-details.txt index 539c9cd..c1fabb5 100644 --- a/jails/config/plex/pkg-list-details.txt +++ b/jails/config/plex/pkg-list-details.txt @@ -1,6 +1,6 @@ -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____ca_root_nss-3.83 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____plexmediaserver-1.29.2.6364 -pkgp-freebsd-pkg____python27-2.7.18_2 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____ca_root_nss-3.108 +pkgp-freebsd-pkg____jellyfin-10.10.6 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____plexmediaserver-1.41.6.9685 diff --git a/jails/config/plex/pkg-list-old.txt b/jails/config/plex/pkg-list-old.txt index 8aa412a..fd70194 100644 --- a/jails/config/plex/pkg-list-old.txt +++ b/jails/config/plex/pkg-list-old.txt @@ -1 +1 @@ -bash ca_root_nss nano pkg plexmediaserver python27 +bash ca_root_nss jellyfin nano pkg plexmediaserver diff --git a/jails/config/plex/pkg-list.txt b/jails/config/plex/pkg-list.txt index 8aa412a..fd70194 100644 --- a/jails/config/plex/pkg-list.txt +++ b/jails/config/plex/pkg-list.txt @@ -1 +1 @@ -bash ca_root_nss nano pkg plexmediaserver python27 +bash ca_root_nss jellyfin nano pkg plexmediaserver diff --git a/jails/config/proxy/haproxy.conf b/jails/config/proxy/haproxy.conf index 78b5567..d666428 100644 --- a/jails/config/proxy/haproxy.conf +++ b/jails/config/proxy/haproxy.conf @@ -13,25 +13,25 @@ global daemon maxconn 4096 +# limited-quic + ca-base /mnt/certs crt-base /mnt/certs # modern configuration # twilio is one of the sites that cannot handle the modern config -# ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 -# ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tlsv12 no-tls-tickets - -# ssl-default-server-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 -# ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tlsv12 no-tls-tickets +# generated 2025-04-25, Mozilla Guideline v5.7, HAProxy 3.0, OpenSSL 3.1.0, intermediate config +# https://ssl-config.mozilla.org/#server=haproxy&version=3.0&config=intermediate&openssl=3.1.0&guideline=5.7 # intermediate configuration - ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 -# ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets - ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets + ssl-default-bind-curves X25519:prime256v1:secp384r1 + ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 + ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 + ssl-default-bind-options prefer-client-ciphers ssl-min-ver TLSv1.2 no-tls-tickets - ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - ssl-default-server-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 - ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets + ssl-default-server-curves X25519:prime256v1:secp384r1 + ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 + ssl-default-server-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 + ssl-default-server-options ssl-min-ver TLSv1.2 no-tls-tickets # curl https://ssl-config.mozilla.org/ffdhe4096.txt > /mnt/certs/dhparam4096.pem ssl-dh-param-file /mnt/certs/dhparam4096.pem @@ -52,7 +52,7 @@ defaults option forwardfor option redispatch option http-keep-alive - option http-server-close +# option http-server-close # this would force target rotation and recommended for websockets option httplog option dontlognull retries 3 @@ -66,6 +66,14 @@ defaults timeout tunnel 3600s timeout tarpit 60s + errorfile 400 /usr/local/share/examples/haproxy/errorfiles/400.http + errorfile 403 /usr/local/share/examples/haproxy/errorfiles/403.http + errorfile 408 /usr/local/share/examples/haproxy/errorfiles/408.http + errorfile 500 /usr/local/share/examples/haproxy/errorfiles/500.http + errorfile 502 /usr/local/share/examples/haproxy/errorfiles/502.http + errorfile 503 /usr/local/share/examples/haproxy/errorfiles/503.http + errorfile 504 /usr/local/share/examples/haproxy/errorfiles/504.http + unique-id-format %{+X}o\ %[hostname,field(1,.),upper]-%Ts%rt default-server init-addr none resolvers mydns @@ -85,14 +93,17 @@ frontend stats frontend ft bind :::80 v4v6 # ssl-min-ver TLSv1.2 ssl-max-ver TLSv1.2 - bind :::443 v4v6 strict-sni alpn h2,http/1.1 ssl crt haproxy.pem crt diyhaproxy.pem crt xflowhaproxy.pem crt dvpchaproxy.pem crt rwehaproxy.pem crt scvcchaproxy.pem + bind :::443 v4v6 strict-sni alpn h2,http/1.1 ssl crt haproxy.pem crt diyhaproxy.pem crt rwehaproxy.pem redirect scheme https code 301 if !{ ssl_fc } + http-request redirect scheme https unless { ssl_fc } # enables HTTP/3 over QUIC -# bind quic4@:443 alpn h3 ssl crt haproxy.pem crt diyhaproxy.pem crt xflowhaproxy.pem crt dvpchaproxy.pem crt rwehaproxy.pem crt scvcchaproxy.pem + bind quic4@:443 strict-sni alpn h3 allow-0rtt ssl crt haproxy.pem crt diyhaproxy.pem crt rwehaproxy.pem + bind quic6@:443 strict-sni alpn h3 allow-0rtt ssl crt haproxy.pem crt diyhaproxy.pem crt rwehaproxy.pem # Switches to the QUIC protocol -# http-response set-header alt-svc "h3=\":443\";ma=2592000;" + http-response set-header alt-svc 'h3=":443";ma=86400;h3-27=":443";ma=86400,h3-28=":443";ma=86400,h3-29=":443";ma=86400' + log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ %{+Q}r\ ssl_version:%sslv\ ssl_cipher:%sslc @@ -108,8 +119,11 @@ frontend ft http-request set-header X-Client-IP "%[src]" http-request set-header X-Client-Port "%[src_port]" http-request set-header X-Forwarded-Proto https if { ssl_fc } + http-request set-header X-Forwarded-Proto http if !{ ssl_fc } http-request set-header X-Forwarded-Ssl on if { ssl_fc } - http-response set-header Strict-Transport-Security max-age=63072000 + +# https://hstspreload.org + http-response set-header Strict-Transport-Security "max-age=63072000; includeSubDomains" # http-response set-header Content-Security-Policy "script-src 'self'" @@ -123,19 +137,24 @@ frontend ft use_backend bk_ahlawat if { req.hdr(host) ahlawat.com } use_backend bk_ahlawat if { req.hdr(host) www.ahlawat.com } - use_backend bk_ahlawat if { req.hdr(host) www2.ahlawat.com } + use_backend bk_ahlawat if { req.hdr(host) www-backup.ahlawat.com } use_backend bk_ahlawat if { req.hdr(host) mta-sts.ahlawat.com } use_backend bk_ahlawat-sharad if { req.hdr(host) sharad.ahlawat.com } - use_backend bk_ahlawat-sharad if { req.hdr(host) sharad2.ahlawat.com } use_backend bk_ahlawat-rachna if { req.hdr(host) rachna.ahlawat.com } use_backend bk_ahlawat-nivi if { req.hdr(host) nivi.ahlawat.com } use_backend bk_ahlawat-nivi if { req.hdr(host) nivedita.ahlawat.com } use_backend bk_ahlawat-rishabh if { req.hdr(host) rishabh.ahlawat.com } + use_backend bk_ahlawat-rishabh if { req.hdr(host) rish.ahlawat.com } +# big / 1-fiction / 2-movie / 3-art / 4-home / 5-general use_backend bk_ahlawat-book-443 if { req.hdr(host) books.ahlawat.com } use_backend bk_ahlawat-book-444 if { req.hdr(host) book1.ahlawat.com } use_backend bk_ahlawat-book-445 if { req.hdr(host) book2.ahlawat.com } + use_backend bk_ahlawat-book-446 if { req.hdr(host) book3.ahlawat.com } + use_backend bk_ahlawat-book-447 if { req.hdr(host) book4.ahlawat.com } + use_backend bk_ahlawat-book-448 if { req.hdr(host) book5.ahlawat.com } + use_backend bk_ahlawat-cam if { req.hdr(host) cam.ahlawat.com } use_backend bk_ahlawat-cam if { req.hdr(host) cam2.ahlawat.com } use_backend bk_ahlawat-ci if { req.hdr(host) ci.ahlawat.com } @@ -154,29 +173,17 @@ frontend ft use_backend bk_diyit if { req.hdr(host) diyit.org } use_backend bk_diyit if { req.hdr(host) www.diyit.org } - use_backend bk_diyit if { req.hdr(host) www2.diyit.org } - use_backend bk_diyit if { req.hdr(host) xflow.org } - use_backend bk_diyit if { req.hdr(host) www.xflow.org } + use_backend bk_diyit if { req.hdr(host) www-backup.diyit.org } use_backend bk_diyit-grafana if { req.hdr(host) grafana.diyit.org } use_backend bk_diyit-prometheus if { req.hdr(host) prometheus.diyit.org } - use_backend bk_diyit-kibana if { req.hdr(host) kibana.diyit.org } - use_backend bk_diyit-maps if { req.hdr(host) maps.diyit.org } - - use_backend bk_dvpc if { req.hdr(host) datavpc.com } - use_backend bk_dvpc if { req.hdr(host) www.datavpc.com } - use_backend bk_dvpc if { req.hdr(host) www2.datavpc.com } - use_backend bk_dvpc if { req.hdr(host) mydatavpc.com } - use_backend bk_dvpc if { req.hdr(host) www.mydatavpc.com } +# use_backend bk_diyit-kibana if { req.hdr(host) kibana.diyit.org } +# use_backend bk_diyit-maps if { req.hdr(host) maps.diyit.org } use_backend bk_rwe if { req.hdr(host) rockwoodestates.org } use_backend bk_rwe if { req.hdr(host) www.rockwoodestates.org } - use_backend bk_rwe if { req.hdr(host) www2.rockwoodestates.org } - use_backend bk_rwe if { req.hdr(host) sms1.rockwoodestates.org } - use_backend bk_rwe if { req.hdr(host) sms2.rockwoodestates.org } - - use_backend bk_scvcc if { req.hdr(host) scvcc-rental.com } - use_backend bk_scvcc if { req.hdr(host) www.scvcc-rental.com } - use_backend bk_scvcc if { req.hdr(host) www2.scvcc-rental.com } + use_backend bk_rwe if { req.hdr(host) www-backup.rockwoodestates.org } + use_backend bk_rwe if { req.hdr(host) sms-alt.rockwoodestates.org } + use_backend bk_rwe if { req.hdr(host) sms-alt-backup.rockwoodestates.org } # use_backend bk_beyondbell if { req.hdr(host) beyondbell.com } # use_backend bk_beyondbell if { req.hdr(host) www.beyondbell.com } @@ -197,12 +204,12 @@ frontend ft # Fallback for non-SNI clients acl is-ahlawat hdr(host) -i ahlawat.com acl is-ahlawat hdr(host) -i www.ahlawat.com - acl is-ahlawat hdr(host) -i www2.ahlawat.com + acl is-ahlawat hdr(host) -i www-backup.ahlawat.com use_backend bk_ahlawat if is-ahlawat acl is-diyit hdr(host) -i diyit.org acl is-diyit hdr(host) -i www.diyit.org - acl is-diyit hdr(host) -i www2.diyit.org + acl is-diyit hdr(host) -i www-backup.diyit.org use_backend bk_diyit if is-diyit default_backend bk_ahlawat @@ -215,7 +222,6 @@ backend bk_ahlawat http-response set-header X-Frame-Options SAMEORIGIN backend bk_ahlawat-sharad -# balance roundrobin server srv1 sharadx.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2 server srv2 web.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 http-response set-header X-Frame-Options SAMEORIGIN @@ -253,16 +259,42 @@ backend bk_ahlawat-book-445 server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 http-response set-header X-Frame-Options SAMEORIGIN +backend bk_ahlawat-book-446 + server srv1 bookx.ahlawat.com:446 check ssl ca-file /mnt/certs/cacert.pem alpn h2 + server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 + http-response set-header X-Frame-Options SAMEORIGIN + +backend bk_ahlawat-book-447 + server srv1 bookx.ahlawat.com:447 check ssl ca-file /mnt/certs/cacert.pem alpn h2 + server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 + http-response set-header X-Frame-Options SAMEORIGIN + +backend bk_ahlawat-book-448 + server srv1 bookx.ahlawat.com:448 check ssl ca-file /mnt/certs/cacert.pem alpn h2 + server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 + http-response set-header X-Frame-Options SAMEORIGIN + backend bk_ahlawat-cam server srv1 192.168.0.54:8765 check server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 http-response set-header X-Frame-Options SAMEORIGIN backend bk_ahlawat-ci -# http-request set-header Host cix.ahlawat.com:8080 - http-request replace-header Host ^([^\ \t:]*:)\ https://ci.ahlawat.com/(.*) \1\ http://cix.ahlawat.com:8080/\2 - http-response replace-header Host ^([^\ \t:]*:)\ http://cix.ahlawat.com:8080/(.*) \1\ https://ci.ahlawat.com/\2 - server srv1 cix.ahlawat.com:8080 check +# http-request replace-header Host ^([^\ \t:]*:)\ https://ci.ahlawat.com/(.*) \1\ http://cix.ahlawat.com:8080/(.*)\2 +# http-response replace-header Host ^([^\ \t:]*:)\ http://cix.ahlawat.com:8080/(.*) \1\ https://ci.ahlawat.com/(.*)\2 +# http-request replace-header Host ^https://ci.ahlawat.com/(.*) http://cix.ahlawat.com:8080/\1 +# http-response replace-header Host ^http://cix.ahlawat.com:8080/(.*) https://ci.ahlawat.com/\1 +# http-request set-header X-Forwarded-Port 443 +# http-request add-header X-Forwarded-Proto https +# http-request set-header X-Forwarded-Host ci.ahlawat.com +# server srv1 cix.ahlawat.com:8080 check + +# roundrobin or leastconn or iphash + balance roundrobin + server srv1 cix.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2 + server srv2 ci1.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 + server srv3 ci2.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 + server srv4 ci3.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 http-response set-header X-Frame-Options SAMEORIGIN backend bk_ahlawat-cloud @@ -302,7 +334,7 @@ backend bk_ahlawat-jump http-response set-header X-Frame-Options SAMEORIGIN backend bk_ahlawat-hass - server srv1 hassx.ahlawat.com:8123 check + server srv1 192.168.0.7:8123 check server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 http-response set-header X-Frame-Options SAMEORIGIN @@ -322,100 +354,88 @@ backend bk_diyit-prometheus # ssl ca-file /mnt/certs/cacert.pem alpn h2 http-response set-header X-Frame-Options SAMEORIGIN -backend bk_diyit-kibana - server srv1 elk.diyit.org:5601 check ssl ca-file /mnt/certs/cacert.pem alpn h2 - http-response set-header X-Frame-Options SAMEORIGIN +#backend bk_diyit-kibana +# server srv1 elk.diyit.org:5601 check ssl ca-file /mnt/certs/cacert.pem alpn h2 +# http-response set-header X-Frame-Options SAMEORIGIN -backend bk_diyit-maps - server srv1 mapsx.diyit.org:443 ssl ca-file /mnt/certs/cacert.pem alpn h2 - http-response set-header Content-Security-Policy "frame-ancestors 'self' https://diyit.org;" +#backend bk_diyit-maps +# server srv1 mapsx.diyit.org:443 ssl ca-file /mnt/certs/cacert.pem alpn h2 +# http-response set-header Content-Security-Policy "frame-ancestors 'self' https://diyit.org;" -backend bk_dvpc - server srv1 web.datavpc.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2 - server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 - http-response set-header X-Frame-Options SAMEORIGIN - backend bk_rwe server srv1 web.rockwoodestates.org:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2 server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 http-response set-header X-Frame-Options SAMEORIGIN -backend bk_scvcc - server srv1 web.scvcc-rental.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2 - server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 - http-response set-header X-Frame-Options SAMEORIGIN +#backend bk_beyondbell +## server srv1 192.168.0.77:8080 +# server srv1 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 +# http-response set-header X-Frame-Options SAMEORIGIN -backend bk_beyondbell -# server srv1 192.168.0.77:8080 - server srv1 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 - http-response set-header X-Frame-Options SAMEORIGIN +#backend bk_beyondbell-ci +## http-request set-header Host cix.beyondbell.com:8111 +# http-request replace-header Host ^([^\ \t:]*:)\ https://ci.beyondbell.com/(.*) \1\ http://192.168.0.73:8111/\2 +# http-response replace-header Host ^([^\ \t:]*:)\ http://192.168.0.73:8111/(.*) \1\ https://ci.beyondbell.com/\2 +# server srv1 192.168.0.73:8111 +# http-response set-header X-Frame-Options SAMEORIGIN -backend bk_beyondbell-ci -# http-request set-header Host cix.beyondbell.com:8111 - http-request replace-header Host ^([^\ \t:]*:)\ https://ci.beyondbell.com/(.*) \1\ http://192.168.0.73:8111/\2 - http-response replace-header Host ^([^\ \t:]*:)\ http://192.168.0.73:8111/(.*) \1\ https://ci.beyondbell.com/\2 - server srv1 192.168.0.73:8111 - http-response set-header X-Frame-Options SAMEORIGIN +#backend bk_beyondbell-git +# server srv1 gitx.beyondbell.com:3000 check ssl ca-file /mnt/certs/cacert.pem alpn h2 +## server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 +# http-response set-header X-Frame-Options SAMEORIGIN -backend bk_beyondbell-git - server srv1 gitx.beyondbell.com:3000 check ssl ca-file /mnt/certs/cacert.pem alpn h2 +#backend bk_beyondbell-repo +## http-request set-header Host 192.168.0.75:8081 +## http-request replace-header Host ^([^\ \t:]*:)\ https://repo.beyondbell.com/(.*) \1\ http://192.168.0.75:8081/\2 +## http-response replace-header Host ^([^\ \t:]*:)\ http://192.168.0.75:8081/(.*) \1\ https://repo.beyondbell.com/\2 +# server srv1 192.168.0.75:8081 +# http-response set-header X-Frame-Options SAMEORIGIN +## http-response del-header Strict-Transport-Security +## http-response add-header Content-Security-Policy: upgrade-insecure-requests + +#backend bk_beyondbell-dashboard +# http-request replace-header Host ^([^\ \t:]*:)\ https://dashboardx.beyondbell.com/(.*) \1\ http://192.168.0.92:8080/\2 +# http-response replace-header Host ^([^\ \t:]*:)\ http://192.168.0.92:8080/(.*) \1\ https://dashboardx.beyondbell.com/\2 +# server srv1 192.168.0.92:8080 +# http-response set-header X-Frame-Options SAMEORIGIN + +#backend bk_beyondbell-vault +# http-request replace-header Host ^([^\ \t:]*:)\ https://vault.beyondbell.com/(.*) \1\ http://192.168.0.93:8200/\2 +# http-response replace-header Host ^([^\ \t:]*:)\ http://192.168.0.93:8200/(.*) \1\ https://vault.beyondbell.com/\2 +# server srv1 192.168.0.93:8200 +## server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 +# http-response set-header X-Frame-Options SAMEORIGIN + +#backend bk_beyondbell-web-moonglade +# server srv1 192.168.0.74:8000 +## server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 +# http-response set-header X-Frame-Options SAMEORIGIN + +#backend bk_beyondbell-web-moonglade-private +# server srv1 192.168.0.74:4000 +## server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 +# http-response set-header X-Frame-Options SAMEORIGIN + +#backend bk_beyondbell-r-windows +# server srv1 192.168.0.85:4000 # server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 - http-response set-header X-Frame-Options SAMEORIGIN +# http-response set-header X-Frame-Options SAMEORIGIN -backend bk_beyondbell-repo -# http-request set-header Host 192.168.0.75:8081 -# http-request replace-header Host ^([^\ \t:]*:)\ https://repo.beyondbell.com/(.*) \1\ http://192.168.0.75:8081/\2 -# http-response replace-header Host ^([^\ \t:]*:)\ http://192.168.0.75:8081/(.*) \1\ https://repo.beyondbell.com/\2 - - server srv1 192.168.0.75:8081 - http-response set-header X-Frame-Options SAMEORIGIN - -# http-response del-header Strict-Transport-Security -# http-response add-header Content-Security-Policy: upgrade-insecure-requests - -backend bk_beyondbell-dashboard - http-request replace-header Host ^([^\ \t:]*:)\ https://dashboardx.beyondbell.com/(.*) \1\ http://192.168.0.92:8080/\2 - http-response replace-header Host ^([^\ \t:]*:)\ http://192.168.0.92:8080/(.*) \1\ https://dashboardx.beyondbell.com/\2 - server srv1 192.168.0.92:8080 - http-response set-header X-Frame-Options SAMEORIGIN - -backend bk_beyondbell-vault - http-request replace-header Host ^([^\ \t:]*:)\ https://vault.beyondbell.com/(.*) \1\ http://192.168.0.93:8200/\2 - http-response replace-header Host ^([^\ \t:]*:)\ http://192.168.0.93:8200/(.*) \1\ https://vault.beyondbell.com/\2 - server srv1 192.168.0.93:8200 +#backend bk_beyondbell-windows +# server srv1 192.168.0.81:26900 # server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 - http-response set-header X-Frame-Options SAMEORIGIN +# http-response set-header X-Frame-Options SAMEORIGIN -backend bk_beyondbell-web-moonglade - server srv1 192.168.0.74:8000 -# server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 - http-response set-header X-Frame-Options SAMEORIGIN +#backend bk_beyondbell-mazes +# server srv1 192.168.0.171:8080 +## server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 +# http-response set-header X-Frame-Options SAMEORIGIN -backend bk_beyondbell-web-moonglade-private - server srv1 192.168.0.74:4000 -# server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 - http-response set-header X-Frame-Options SAMEORIGIN - -backend bk_beyondbell-r-windows - server srv1 192.168.0.85:4000 - server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 - http-response set-header X-Frame-Options SAMEORIGIN - -backend bk_beyondbell-windows - server srv1 192.168.0.81:26900 - server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 - http-response set-header X-Frame-Options SAMEORIGIN - -backend bk_beyondbell-mazes - server srv1 192.168.0.171:8080 -# server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 - http-response set-header X-Frame-Options SAMEORIGIN - -backend bk_beyondbell-mazes-backend - server srv1 192.168.0.172:8080 -# server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 - http-response set-header X-Frame-Options SAMEORIGIN +#backend bk_beyondbell-mazes-backend +# server srv1 192.168.0.172:8080 +## server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 +# http-response set-header X-Frame-Options SAMEORIGIN diff --git a/jails/config/proxy/pkg-list-details-old.txt b/jails/config/proxy/pkg-list-details-old.txt index 9867ab0..385cd0c 100644 --- a/jails/config/proxy/pkg-list-details-old.txt +++ b/jails/config/proxy/pkg-list-details-old.txt @@ -1,9 +1,8 @@ -pkgp123____haproxy-2.6.6 -pkgp123____pkg-1.18.4 -pkgp-freebsd-pkg____base64-1.5_1 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____nano-6.4 +pkgp123____haproxy-3.0.9 +pkgp123____pkg-2.1.2 +pkgp-freebsd-pkg____base64-1.5_2 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 pkgp-freebsd-pkg____pidof-20050501 -pkgp-freebsd-pkg____socat-1.7.4.4 -pkgp-freebsd-pkg____turnserver-4.5.2 +pkgp-freebsd-pkg____socat-1.8.0.3 diff --git a/jails/config/proxy/pkg-list-details.txt b/jails/config/proxy/pkg-list-details.txt index e00cb9e..385cd0c 100644 --- a/jails/config/proxy/pkg-list-details.txt +++ b/jails/config/proxy/pkg-list-details.txt @@ -1,9 +1,8 @@ -pkgp123____haproxy-2.6.7 -pkgp123____pkg-1.18.4 -pkgp-freebsd-pkg____base64-1.5_1 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____nano-7.0 +pkgp123____haproxy-3.0.9 +pkgp123____pkg-2.1.2 +pkgp-freebsd-pkg____base64-1.5_2 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 pkgp-freebsd-pkg____pidof-20050501 -pkgp-freebsd-pkg____socat-1.7.4.4 -pkgp-freebsd-pkg____turnserver-4.5.2 +pkgp-freebsd-pkg____socat-1.8.0.3 diff --git a/jails/config/proxy/pkg-list-old.txt b/jails/config/proxy/pkg-list-old.txt index 977722d..7544133 100644 --- a/jails/config/proxy/pkg-list-old.txt +++ b/jails/config/proxy/pkg-list-old.txt @@ -1 +1 @@ -base64 bash bash-completion haproxy nano pidof pkg socat turnserver +base64 bash bash-completion haproxy nano pidof pkg socat diff --git a/jails/config/proxy/pkg-list.txt b/jails/config/proxy/pkg-list.txt index 977722d..7544133 100644 --- a/jails/config/proxy/pkg-list.txt +++ b/jails/config/proxy/pkg-list.txt @@ -1 +1 @@ -base64 bash bash-completion haproxy nano pidof pkg socat turnserver +base64 bash bash-completion haproxy nano pidof pkg socat diff --git a/jails/config/proxy/pkgp.conf b/jails/config/proxy/pkgp.conf index 86e5a9a..ac09580 100644 --- a/jails/config/proxy/pkgp.conf +++ b/jails/config/proxy/pkgp.conf @@ -5,14 +5,12 @@ FreeBSD: { pkgp-freebsd-pkg: { url: "http://pkgp-freebsd-pkg.ahlawat.com/${ABI}/latest", - mirror_type: "http", enabled: yes, priority: 10 } pkgp123: { url: "http://pkgp.ahlawat.com/packages/pj123-default", - mirror_type: "http", signature_type: "pubkey", pubkey: "/mnt/certs/poudriere.cert", enabled: yes, diff --git a/jails/config/proxy/syslog.conf b/jails/config/proxy/syslog.conf index a2ae348..5f45b19 100644 --- a/jails/config/proxy/syslog.conf +++ b/jails/config/proxy/syslog.conf @@ -1,4 +1,4 @@ -# $FreeBSD: releng/12.2/usr.sbin/syslogd/syslog.conf 338146 2018-08-21 17:01:47Z brd $ +# $FreeBSD$ # # Spaces ARE valid field separators in this file. However, # other *nix-like systems still insist on using tabs as field @@ -14,10 +14,9 @@ cron.* /var/log/cron !-devd *.=debug /var/log/debug.log *.emerg * - +daemon.info /var/log/daemon.log local0.* /var/log/haproxy-traffic.log local0.notice /var/log/haproxy-admin.log - # uncomment this to log all writes to /dev/console to /var/log/console.log # touch /var/log/console.log and chmod it to mode 600 before it will work #console.info /var/log/console.log diff --git a/jails/config/r-automated/pkg-list-details-old.txt b/jails/config/r-automated/pkg-list-details-old.txt index dd67ef9..a058ce5 100644 --- a/jails/config/r-automated/pkg-list-details-old.txt +++ b/jails/config/r-automated/pkg-list-details-old.txt @@ -1,10 +1,17 @@ -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____curl-7.85.0 -pkgp-freebsd-pkg____htop-3.2.1 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____openjdk8-8.352.08.1_1 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____sudo-1.9.12p1 -pkgp-freebsd-pkg____tmux-3.3a -pkgp-freebsd-pkg____wget-1.21.3_1 +FreeBSD____bash-5.2.26_1 +FreeBSD____bash-completion-2.14.0,2 +FreeBSD____ca_root_nss-3.93_2 +FreeBSD____curl-8.8.0 +FreeBSD____gcc-13_5 +FreeBSD____htop-3.3.0_2 +FreeBSD____iperf3-3.17.1 +FreeBSD____mariadb106-client-10.6.18_1 +FreeBSD____nano-8.0 +FreeBSD____ncurses-6.5 +FreeBSD____openjdk19-19.0.2+7.1_1 +FreeBSD____pkg-1.21.3 +FreeBSD____sudo-1.9.15p5_4 +FreeBSD____tmux-3.3a_3 +FreeBSD____wget-1.24.5 +FreeBSD____wireguard-tools-1.0.20210914_3 +unknown-repository____speedtest-1.2.0.84-1.ea6b6773cf diff --git a/jails/config/r-automated/pkg-list-details.txt b/jails/config/r-automated/pkg-list-details.txt index 73b999d..a058ce5 100644 --- a/jails/config/r-automated/pkg-list-details.txt +++ b/jails/config/r-automated/pkg-list-details.txt @@ -1,10 +1,17 @@ -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____curl-7.85.0 -pkgp-freebsd-pkg____htop-3.2.1 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____openjdk8-8.352.08.1_1 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____sudo-1.9.12p1 -pkgp-freebsd-pkg____tmux-3.3a -pkgp-freebsd-pkg____wget-1.21.3_1 +FreeBSD____bash-5.2.26_1 +FreeBSD____bash-completion-2.14.0,2 +FreeBSD____ca_root_nss-3.93_2 +FreeBSD____curl-8.8.0 +FreeBSD____gcc-13_5 +FreeBSD____htop-3.3.0_2 +FreeBSD____iperf3-3.17.1 +FreeBSD____mariadb106-client-10.6.18_1 +FreeBSD____nano-8.0 +FreeBSD____ncurses-6.5 +FreeBSD____openjdk19-19.0.2+7.1_1 +FreeBSD____pkg-1.21.3 +FreeBSD____sudo-1.9.15p5_4 +FreeBSD____tmux-3.3a_3 +FreeBSD____wget-1.24.5 +FreeBSD____wireguard-tools-1.0.20210914_3 +unknown-repository____speedtest-1.2.0.84-1.ea6b6773cf diff --git a/jails/config/r-automated/pkg-list-old.txt b/jails/config/r-automated/pkg-list-old.txt index 9c721d6..556edaf 100644 --- a/jails/config/r-automated/pkg-list-old.txt +++ b/jails/config/r-automated/pkg-list-old.txt @@ -1 +1 @@ -bash bash-completion curl htop nano openjdk8 pkg sudo tmux wget +bash bash-completion ca_root_nss curl gcc htop iperf3 mariadb106-client nano ncurses openjdk19 pkg speedtest sudo tmux wget wireguard-tools diff --git a/jails/config/r-automated/pkg-list.txt b/jails/config/r-automated/pkg-list.txt index 9c721d6..556edaf 100644 --- a/jails/config/r-automated/pkg-list.txt +++ b/jails/config/r-automated/pkg-list.txt @@ -1 +1 @@ -bash bash-completion curl htop nano openjdk8 pkg sudo tmux wget +bash bash-completion ca_root_nss curl gcc htop iperf3 mariadb106-client nano ncurses openjdk19 pkg speedtest sudo tmux wget wireguard-tools diff --git a/jails/config/r-db/pkg-list-details-old.txt b/jails/config/r-db/pkg-list-details-old.txt index 8f9962d..f6ab2d6 100644 --- a/jails/config/r-db/pkg-list-details-old.txt +++ b/jails/config/r-db/pkg-list-details-old.txt @@ -1,7 +1,7 @@ -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____htop-3.2.1 -pkgp-freebsd-pkg____mariadb105-server-10.5.17_1 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____sudo-1.9.12p1 +FreeBSD____bash-5.2.26_1 +FreeBSD____bash-completion-2.14.0,2 +FreeBSD____htop-3.3.0_2 +FreeBSD____mariadb105-server-10.5.24 +FreeBSD____nano-8.0 +FreeBSD____pkg-1.21.3 +FreeBSD____sudo-1.9.15p5_4 diff --git a/jails/config/r-db/pkg-list-details.txt b/jails/config/r-db/pkg-list-details.txt index 439be63..f6ab2d6 100644 --- a/jails/config/r-db/pkg-list-details.txt +++ b/jails/config/r-db/pkg-list-details.txt @@ -1,7 +1,7 @@ -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____htop-3.2.1 -pkgp-freebsd-pkg____mariadb105-server-10.5.17_1 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____sudo-1.9.12p1 +FreeBSD____bash-5.2.26_1 +FreeBSD____bash-completion-2.14.0,2 +FreeBSD____htop-3.3.0_2 +FreeBSD____mariadb105-server-10.5.24 +FreeBSD____nano-8.0 +FreeBSD____pkg-1.21.3 +FreeBSD____sudo-1.9.15p5_4 diff --git a/jails/config/r-git/pkg-list-details-old.txt b/jails/config/r-git/pkg-list-details-old.txt index e29bce9..9303e20 100644 --- a/jails/config/r-git/pkg-list-details-old.txt +++ b/jails/config/r-git/pkg-list-details-old.txt @@ -1,12 +1,13 @@ -pkgp123____openldap26-client-2.6.3 -pkgp123____pkg-1.18.4 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____gitea-1.17.3 -pkgp-freebsd-pkg____git-lfs-3.0.2_6 -pkgp-freebsd-pkg____htop-3.2.1 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____sudo-1.9.12p1 -pkgp-freebsd-pkg____tmux-3.3a +FreeBSD____bash-5.2.26_1 +FreeBSD____bash-completion-2.14.0,2 +FreeBSD____gitea-1.21.11_2 +FreeBSD____git-lfs-3.0.2_21 +FreeBSD____htop-3.3.0_2 +FreeBSD____iperf3-3.17.1 +FreeBSD____nano-8.0 +FreeBSD____openldap26-client-2.6.8 +FreeBSD____pkg-1.21.3 +FreeBSD____sudo-1.9.15p5_4 +FreeBSD____tmux-3.3a_3 +FreeBSD____zip-3.0_2 pkgp-freebsd-pkg____wireguard-2,1 -pkgp-freebsd-pkg____zip-3.0_1 diff --git a/jails/config/r-git/pkg-list-details.txt b/jails/config/r-git/pkg-list-details.txt index 7777806..9303e20 100644 --- a/jails/config/r-git/pkg-list-details.txt +++ b/jails/config/r-git/pkg-list-details.txt @@ -1,12 +1,13 @@ -pkgp123____openldap26-client-2.6.3 -pkgp123____pkg-1.18.4 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____gitea-1.17.3 -pkgp-freebsd-pkg____git-lfs-3.0.2_6 -pkgp-freebsd-pkg____htop-3.2.1 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____sudo-1.9.12p1 -pkgp-freebsd-pkg____tmux-3.3a +FreeBSD____bash-5.2.26_1 +FreeBSD____bash-completion-2.14.0,2 +FreeBSD____gitea-1.21.11_2 +FreeBSD____git-lfs-3.0.2_21 +FreeBSD____htop-3.3.0_2 +FreeBSD____iperf3-3.17.1 +FreeBSD____nano-8.0 +FreeBSD____openldap26-client-2.6.8 +FreeBSD____pkg-1.21.3 +FreeBSD____sudo-1.9.15p5_4 +FreeBSD____tmux-3.3a_3 +FreeBSD____zip-3.0_2 pkgp-freebsd-pkg____wireguard-2,1 -pkgp-freebsd-pkg____zip-3.0_1 diff --git a/jails/config/r-git/pkg-list-old.txt b/jails/config/r-git/pkg-list-old.txt index 2e75a7e..330bcff 100644 --- a/jails/config/r-git/pkg-list-old.txt +++ b/jails/config/r-git/pkg-list-old.txt @@ -1 +1 @@ -bash bash-completion gitea git-lfs htop nano openldap26-client pkg sudo tmux wireguard zip +bash bash-completion gitea git-lfs htop iperf3 nano openldap26-client pkg sudo tmux wireguard zip diff --git a/jails/config/r-git/pkg-list.txt b/jails/config/r-git/pkg-list.txt index 2e75a7e..330bcff 100644 --- a/jails/config/r-git/pkg-list.txt +++ b/jails/config/r-git/pkg-list.txt @@ -1 +1 @@ -bash bash-completion gitea git-lfs htop nano openldap26-client pkg sudo tmux wireguard zip +bash bash-completion gitea git-lfs htop iperf3 nano openldap26-client pkg sudo tmux wireguard zip diff --git a/jails/config/r-git/pkgp.conf b/jails/config/r-git/pkgp.conf index 86e5a9a..9e1b26a 100644 --- a/jails/config/r-git/pkgp.conf +++ b/jails/config/r-git/pkgp.conf @@ -1,20 +1,12 @@ FreeBSD: { - url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest", enabled: no } -pkgp-freebsd-pkg: { - url: "http://pkgp-freebsd-pkg.ahlawat.com/${ABI}/latest", - mirror_type: "http", - enabled: yes, - priority: 10 -} - -pkgp123: { - url: "http://pkgp.ahlawat.com/packages/pj123-default", - mirror_type: "http", - signature_type: "pubkey", - pubkey: "/mnt/certs/poudriere.cert", - enabled: yes, - priority: 100 +Beyondbell: { + env: { + SSL_NO_TLS1: "", + SSL_NO_TLS1_1: "", + SSL_NO_TLS1_2: "" + }, + url: "http://pkg.beyondbell.com/packages/default-default" } diff --git a/jails/config/r-ldap-mgr/020_mod_ssl.conf b/jails/config/r-ldap-mgr/020_mod_ssl.conf deleted file mode 100644 index 3fbba40..0000000 --- a/jails/config/r-ldap-mgr/020_mod_ssl.conf +++ /dev/null @@ -1,11 +0,0 @@ -Listen 443 -SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 -SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 -SSLHonorCipherOrder on -SSLCompression off -# SSLUseStapling on -SSLSessionTickets off -SSLOptions +StrictRequire -SSLPassPhraseDialog builtin -SSLSessionCacheTimeout 300 -SSLSessionCache shmcb:/usr/local/etc/apache24/ssl_scache(512000) diff --git a/jails/config/r-ldap-mgr/config.php.phpldapadmin.github b/jails/config/r-ldap-mgr/config.php.phpldapadmin.github deleted file mode 100644 index 20e60ee..0000000 --- a/jails/config/r-ldap-mgr/config.php.phpldapadmin.github +++ /dev/null @@ -1,654 +0,0 @@ -custom variable to do so. - * For example, the default for defining the language in config_default.php - * - * $this->default->appearance['language'] = array( - * 'desc'=>'Language', - * 'default'=>'auto'); - * - * to override this, use $config->custom->appearance['language'] = 'en_EN'; - * - * This file is also used to configure your LDAP server connections. - * - * You must specify at least one LDAP server there. You may add - * as many as you like. You can also specify your language, and - * many other options. - * - * NOTE: Commented out values in this file prefixed by //, represent the - * defaults that have been defined in config_default.php. - * Commented out values prefixed by #, dont reflect their default value, you can - * check config_default.php if you want to see what the default is. - * - * DONT change config_default.php, you changes will be lost by the next release - * of PLA. Instead change this file - as it will NOT be replaced by a new - * version of phpLDAPadmin. - */ - -/********************************************* - * Useful important configuration overrides * - *********************************************/ - -/* If you are asked to put PLA in debug mode, this is how you do it: */ -# $config->custom->debug['level'] = 255; -# $config->custom->debug['syslog'] = true; -# $config->custom->debug['file'] = '/tmp/pla_debug.log'; - -/* phpLDAPadmin can encrypt the content of sensitive cookies if you set this - to a big random string. */ -// $config->custom->session['blowfish'] = null; - -/* If your auth_type is http, you can override your HTTP Authentication Realm. */ -// $config->custom->session['http_realm'] = sprintf('%s %s',app_name(),'login'); - -/* The language setting. If you set this to 'auto', phpLDAPadmin will attempt - to determine your language automatically. - If PLA doesnt show (all) strings in your language, then you can do some - translation at http://translations.launchpad.net/phpldapadmin and download - the translation files, replacing those provided with PLA. - (We'll pick up the translations before making the next release too!) */ -// $config->custom->appearance['language'] = 'auto'; - -/* The temporary storage directory where we will put jpegPhoto data - This directory must be readable and writable by your web server. */ -// $config->custom->jpeg['tmpdir'] = '/tmp'; // Example for Unix systems -# $config->custom->jpeg['tmpdir'] = 'c:\\temp'; // Example for Windows systems - -/* Set this to (bool)true if you do NOT want a random salt used when - calling crypt(). Instead, use the first two letters of the user's - password. This is insecure but unfortunately needed for some older - environments. */ -# $config->custom->password['no_random_crypt_salt'] = true; - -/* If you want to restrict password available types (encryption algorithms) - Should be subset of: - array( - ''=>'clear', - 'bcrypt'=>'bcrypt', - 'blowfish'=>'blowfish', - 'crypt'=>'crypt', - 'ext_des'=>'ext_des', - 'md5'=>'md5', - 'k5key'=>'k5key', - 'md5crypt'=>'md5crypt', - 'sha'=>'sha', - 'smd5'=>'smd5', - 'ssha'=>'ssha', - 'sha256'=>'sha256', - 'ssha256'=>'ssha256', - 'sha384'=>'sha384', - 'ssha384'=>'ssha384', - 'sha512'=>'sha512', - 'ssha512'=>'ssha512', - 'sha256crypt'=>'sha256crypt', - 'sha512crypt'=>'sha512crypt', - )*/ -# $config->custom->password['available_types'] = array(''=>'clear','md5'=>'md5'); - -/* PHP script timeout control. If php runs longer than this many seconds then - PHP will stop with an Maximum Execution time error. Increase this value from - the default if queries to your LDAP server are slow. The default is either - 30 seconds or the setting of max_exection_time if this is null. */ -// $config->custom->session['timelimit'] = 30; - -/* Our local timezone - This is to make sure that when we ask the system for the current time, we - get the right local time. If this is not set, all time() calculations will - assume UTC if you have not set PHP date.timezone. */ -// $config->custom->appearance['timezone'] = null; -# $config->custom->appearance['timezone'] = 'Australia/Melbourne'; - -/********************************************* - * Commands * - *********************************************/ - -/* Command availability ; if you don't authorize a command the command - links will not be shown and the command action will not be permitted. - For better security, set also ACL in your ldap directory. */ -/* -$config->custom->commands['cmd'] = array( - 'entry_internal_attributes_show' => true, - 'entry_refresh' => true, - 'oslinks' => true, - 'switch_template' => true -); - -$config->custom->commands['script'] = array( - 'add_attr_form' => true, - 'add_oclass_form' => true, - 'add_value_form' => true, - 'collapse' => true, - 'compare' => true, - 'compare_form' => true, - 'copy' => true, - 'copy_form' => true, - 'create' => true, - 'create_confirm' => true, - 'delete' => true, - 'delete_attr' => true, - 'delete_form' => true, - 'draw_tree_node' => true, - 'expand' => true, - 'export' => true, - 'export_form' => true, - 'import' => true, - 'import_form' => true, - 'login' => true, - 'logout' => true, - 'login_form' => true, - 'mass_delete' => true, - 'mass_edit' => true, - 'mass_update' => true, - 'modify_member_form' => true, - 'monitor' => true, - 'purge_cache' => true, - 'query_engine' => true, - 'rename' => true, - 'rename_form' => true, - 'rdelete' => true, - 'refresh' => true, - 'schema' => true, - 'server_info' => true, - 'show_cache' => true, - 'template_engine' => true, - 'update_confirm' => true, - 'update' => true -); -*/ - -/********************************************* - * Appearance * - *********************************************/ - -/* If you want to choose the appearance of the tree, specify a class name which - inherits from the Tree class. */ -// $config->custom->appearance['tree'] = 'AJAXTree'; -# $config->custom->appearance['tree'] = 'HTMLTree'; - -/* Just show your custom templates. */ -// $config->custom->appearance['custom_templates_only'] = false; - -/* Disable the default template. */ -// $config->custom->appearance['disable_default_template'] = false; - -/* Hide the warnings for invalid objectClasses/attributes in templates. */ -// $config->custom->appearance['hide_template_warning'] = false; - -/* Set to true if you would like to hide header and footer parts. */ -// $config->custom->appearance['minimalMode'] = false; - -/* Configure what objects are shown in left hand tree */ -// $config->custom->appearance['tree_filter'] = '(objectclass=*)'; - -/* The height and width of the tree. If these values are not set, then - no tree scroll bars are provided. */ -// $config->custom->appearance['tree_height'] = null; -# $config->custom->appearance['tree_height'] = 600; -// $config->custom->appearance['tree_width'] = null; -# $config->custom->appearance['tree_width'] = 250; - -/* Number of tree command icons to show, 0 = show all icons on 1 row. */ -// $config->custom->appearance['tree_icons'] = 0; -# $config->custom->appearance['tree_icons'] = 4; - -/* Confirm create and update operations, allowing you to review the changes - and optionally skip attributes during the create/update operation. */ -// $config->custom->confirm['create'] = true; -// $config->custom->confirm['update'] = true; - -/* Confirm copy operations, and treat them like create operations. This allows - you to edit the attributes (thus changing any that might conflict with - uniqueness) before creating the new entry. */ -// $config->custom->confirm['copy'] = true; - -/********************************************* - * User-friendly attribute translation * - *********************************************/ - -/* Use this array to map attribute names to user friendly names. For example, if - you don't want to see "facsimileTelephoneNumber" but rather "Fax". */ -// $config->custom->appearance['friendly_attrs'] = array(); -$config->custom->appearance['friendly_attrs'] = array( - 'facsimileTelephoneNumber' => 'Fax', - 'gid' => 'Group', - 'mail' => 'Email', - 'telephoneNumber' => 'Telephone', - 'uid' => 'User Name', - 'userPassword' => 'Password' -); - -/********************************************* - * Hidden attributes * - *********************************************/ - -/* You may want to hide certain attributes from being edited. If you want to - hide attributes from the user, you should use your LDAP servers ACLs. - NOTE: The user must be able to read the hide_attrs_exempt entry to be - excluded. */ -// $config->custom->appearance['hide_attrs'] = array(); -# $config->custom->appearance['hide_attrs'] = array('objectClass'); - -/* Members of this list will be exempt from the hidden attributes. */ -// $config->custom->appearance['hide_attrs_exempt'] = null; -# $config->custom->appearance['hide_attrs_exempt'] = 'cn=PLA UnHide,ou=Groups,c=AU'; - -/********************************************* - * Read-only attributes * - *********************************************/ - -/* You may want to phpLDAPadmin to display certain attributes as read only, - meaning that users will not be presented a form for modifying those - attributes, and they will not be allowed to be modified on the "back-end" - either. You may configure this list here: - NOTE: The user must be able to read the readonly_attrs_exempt entry to be - excluded. */ -// $config->custom->appearance['readonly_attrs'] = array(); - -/* Members of this list will be exempt from the readonly attributes. */ -// $config->custom->appearance['readonly_attrs_exempt'] = null; -# $config->custom->appearance['readonly_attrs_exempt'] = 'cn=PLA ReadWrite,ou=Groups,c=AU'; - -/********************************************* - * Group attributes * - *********************************************/ - -/* Add "modify group members" link to the attribute. */ -// $config->custom->modify_member['groupattr'] = array('member','uniqueMember','memberUid','sudoUser'); - -/* Configure filter for member search. This only applies to "modify group members" feature */ -// $config->custom->modify_member['filter'] = '(objectclass=Person)'; - -/* Attribute that is added to the group member attribute. */ -// $config->custom->modify_member['attr'] = 'dn'; - -/* For Posix attributes */ -// $config->custom->modify_member['posixattr'] = 'uid'; -// $config->custom->modify_member['posixfilter'] = '(uid=*)'; -// $config->custom->modify_member['posixgroupattr'] = 'memberUid'; - -/********************************************* - * Support for attrs display order * - *********************************************/ - -/* Use this array if you want to have your attributes displayed in a specific - order. You can use default attribute names or their fridenly names. - For example, "sn" will be displayed right after "givenName". All the other - attributes that are not specified in this array will be displayed after in - alphabetical order. */ -// $config->custom->appearance['attr_display_order'] = array(); -# $config->custom->appearance['attr_display_order'] = array( -# 'givenName', -# 'sn', -# 'cn', -# 'displayName', -# 'uid', -# 'uidNumber', -# 'gidNumber', -# 'homeDirectory', -# 'mail', -# 'userPassword' -# ); - -/********************************************* - * Define your LDAP servers in this section * - *********************************************/ - -$servers = new Datastore(); - -/* $servers->NewServer('ldap_pla') must be called before each new LDAP server - declaration. */ -$servers->newServer('ldap_pla'); - -/* A convenient name that will appear in the tree viewer and throughout - phpLDAPadmin to identify this LDAP server to users. */ -$servers->setValue('server','name','infra LDAP Server'); - -/* Examples: - 'ldap.example.com', - 'ldaps://ldap.example.com/', - 'ldapi://%2fusr%local%2fvar%2frun%2fldapi' - (Unix socket at /usr/local/var/run/ldap) */ -$servers->setValue('server','host','ldaps://ldap.beyondbell.com'); - -/* The port your LDAP server listens on (no quotes). 389 is standard. */ -$servers->setValue('server','port',636); - -/* Array of base DNs of your LDAP server. Leave this blank to have phpLDAPadmin - auto-detect it for you. */ -$servers->setValue('server','base',array('dc=infra')); - -/* Five options for auth_type: - 1. 'cookie': you will login via a web form, and a client-side cookie will - store your login dn and password. - 2. 'session': same as cookie but your login dn and password are stored on the - web server in a persistent session variable. - 3. 'http': same as session but your login dn and password are retrieved via - HTTP authentication. - 4. 'config': specify your login dn and password here in this config file. No - login will be required to use phpLDAPadmin for this server. - 5. 'sasl': login will be taken from the webserver's kerberos authentication. - Currently only GSSAPI has been tested (using mod_auth_kerb). - 6. 'sasl_external': login will be taken from SASL external mechanism. - - Choose wisely to protect your authentication information appropriately for - your situation. If you choose 'cookie', your cookie contents will be - encrypted using blowfish and the secret your specify above as - session['blowfish']. */ -// $servers->setValue('login','auth_type','session'); - -/* The DN of the user for phpLDAPadmin to bind with. For anonymous binds or - 'cookie','session' or 'sasl' auth_types, LEAVE THE LOGIN_DN AND LOGIN_PASS - BLANK. If you specify a login_attr in conjunction with a cookie or session - auth_type, then you can also specify the bind_id/bind_pass here for searching - the directory for users (ie, if your LDAP server does not allow anonymous - binds. */ -$servers->setValue('login','bind_id','cn=admin,dc=infra'); -# $servers->setValue('login','bind_id','cn=Manager,dc=example,dc=com'); - -/* Your LDAP password. If you specified an empty bind_id above, this MUST also - be blank. */ -$servers->setValue('login','bind_pass',''); -# $servers->setValue('login','bind_pass','secret'); - -/* Use TLS (Transport Layer Security) to connect to the LDAP server. */ -$servers->setValue('server','tls',false); - -/* TLS Certificate Authority file (overrides ldap.conf, PHP 7.1+) */ -// $servers->setValue('server','tls_cacert',null); -# $servers->setValue('server','tls_cacert','/etc/openldap/certs/ca.crt'); - -/* TLS Certificate Authority hashed directory (overrides ldap.conf, PHP 7.1+) */ -// $servers->setValue('server','tls_cacertdir',null); -# $servers->setValue('server','tls_cacertdir','/etc/openldap/certs'); - -/* TLS Client Certificate file (PHP 7.1+) */ -// $servers->setValue('server','tls_cert',null); -# $servers->setValue('server','tls_cert','/etc/pki/tls/certs/ldap_user.crt'); - -/* TLS Client Certificate Key file (PHP 7.1+) */ -// $servers->setValue('server','tls_key',null); -# $servers->setValue('server','tls_key','/etc/pki/tls/private/ldap_user.key'); - -/************************************ - * SASL Authentication * - ************************************/ - -/* Enable SASL authentication LDAP SASL authentication requires PHP 5.x - configured with --with-ldap-sasl=DIR. If this option is disabled (ie, set to - false), then all other sasl options are ignored. */ -# $servers->setValue('login','auth_type','sasl'); - -/* SASL GSSAPI auth mechanism (requires auth_type of sasl) */ -// $servers->setValue('sasl','mech','GSSAPI'); - -/* SASL PLAIN support... this mech converts simple binds to SASL - PLAIN binds using any auth_type (or other bind_id/pass) as credentials. - NOTE: auth_type must be simple auth compatible (ie not sasl) */ -# $servers->setValue('sasl','mech','PLAIN'); - -/* SASL EXTERNAL support... really a different auth_type */ -# $servers->setValue('login','auth_type','sasl_external'); - -/* SASL authentication realm name */ -// $servers->setValue('sasl','realm',''); -# $servers->setValue('sasl','realm','EXAMPLE.COM'); - -/* SASL authorization ID name - If this option is undefined, authorization id will be computed from bind DN, - using authz_id_regex and authz_id_replacement. */ -// $servers->setValue('sasl','authz_id', null); - -/* SASL authorization id regex and replacement - When authz_id property is not set (default), phpLDAPAdmin will try to - figure out authorization id by itself from bind distinguished name (DN). - - This procedure is done by calling preg_replace() php function in the - following way: - - $authz_id = preg_replace($sasl_authz_id_regex,$sasl_authz_id_replacement, - $bind_dn); - - For info about pcre regexes, see: - - pcre(3), perlre(3) - - http://www.php.net/preg_replace */ -// $servers->setValue('sasl','authz_id_regex',null); -// $servers->setValue('sasl','authz_id_replacement',null); -# $servers->setValue('sasl','authz_id_regex','/^uid=([^,]+)(.+)/i'); -# $servers->setValue('sasl','authz_id_replacement','$1'); - -/* SASL auth security props. - See http://beepcore-tcl.sourceforge.net/tclsasl.html#anchor5 for explanation. */ -// $servers->setValue('sasl','props',null); - -/* Default password hashing algorithm. One of md5, ssha, sha, md5crpyt, smd5, - blowfish, crypt or leave blank for now default algorithm. */ -// $servers->setValue('appearance','pla_password_hash','md5'); - -/* If you specified 'cookie' or 'session' as the auth_type above, you can - optionally specify here an attribute to use when logging in. If you enter - 'uid' and login as 'dsmith', phpLDAPadmin will search for (uid=dsmith) - and log in as that user. - Leave blank or specify 'dn' to use full DN for logging in. Note also that if - your LDAP server requires you to login to perform searches, you can enter the - DN to use when searching in 'bind_id' and 'bind_pass' above. */ -// $servers->setValue('login','attr','dn'); - -/* Base DNs to used for logins. If this value is not set, then the LDAP server - Base DNs are used. */ -// $servers->setValue('login','base',array()); - -/* If 'login,attr' is used above such that phpLDAPadmin will search for your DN - at login, you may restrict the search to a specific objectClasses. EG, set this - to array('posixAccount') or array('inetOrgPerson',..), depending upon your - setup. */ -// $servers->setValue('login','class',array()); - -/* If login_attr was set to 'dn', it is possible to specify a template string to - build the DN from. Use '%s' where user input should be inserted. A user may - still enter the complete DN. In this case the template will not be used. */ -// $servers->setValue('login','bind_dn_template',null); -# $servers->setValue('login','bind_dn_template','cn=%s,ou=people,dc=example,dc=com'); - -/* If you specified something different from 'dn', for example 'uid', as the - login_attr above, you can optionally specify here to fall back to - authentication with dn. - This is useful, when users should be able to log in with their uid, but - the ldap administrator wants to log in with his root-dn, that does not - necessarily have the uid attribute. - When using this feature, login_class is ignored. */ -// $servers->setValue('login','fallback_dn',false); - -/* Specify true If you want phpLDAPadmin to not display or permit any - modification to the LDAP server. */ -// $servers->setValue('server','read_only',false); - -/* Specify false if you do not want phpLDAPadmin to draw the 'Create new' links - in the tree viewer. */ -// $servers->setValue('appearance','show_create',true); - -/* Set to true if you would like to initially open the first level of each tree. */ -// $servers->setValue('appearance','open_tree',false); - -/* Set to true to display authorization ID in place of login dn (PHP 7.2+) */ -// $servers->setValue('appearance','show_authz',false); - -/* This feature allows phpLDAPadmin to automatically determine the next - available uidNumber for a new entry. */ -// $servers->setValue('auto_number','enable',true); - -/* The mechanism to use when finding the next available uidNumber. Two possible - values: 'uidpool' or 'search'. - The 'uidpool' mechanism uses an existing uidPool entry in your LDAP server to - blindly lookup the next available uidNumber. The 'search' mechanism searches - for entries with a uidNumber value and finds the first available uidNumber - (slower). */ -// $servers->setValue('auto_number','mechanism','search'); - -/* The DN of the search base when the 'search' mechanism is used above. */ -# $servers->setValue('auto_number','search_base','ou=People,dc=example,dc=com'); - -/* The minimum number to use when searching for the next available number - (only when 'search' is used for auto_number. */ -// $servers->setValue('auto_number','min',array('uidNumber'=>1000,'gidNumber'=>500)); - -/* If you set this, then phpldapadmin will bind to LDAP with this user ID when - searching for the uidnumber. The idea is, this user id would have full - (readonly) access to uidnumber in your ldap directory (the logged in user - may not), so that you can be guaranteed to get a unique uidnumber for your - directory. */ -// $servers->setValue('auto_number','dn',null); - -/* The password for the dn above. */ -// $servers->setValue('auto_number','pass',null); - -/* Enable anonymous bind login. */ -// $servers->setValue('login','anon_bind',true); - -/* Use customized page with prefix when available. */ -# $servers->setValue('custom','pages_prefix','custom_'); - -/* If you set this, then only these DNs are allowed to log in. This array can - contain individual users, groups or ldap search filter(s). Keep in mind that - the user has not authenticated yet, so this will be an anonymous search to - the LDAP server, so make your ACLs allow these searches to return results! */ -# $servers->setValue('login','allowed_dns',array( -# 'uid=stran,ou=People,dc=example,dc=com', -# '(&(gidNumber=811)(objectClass=groupOfNames))', -# '(|(uidNumber=200)(uidNumber=201))', -# 'cn=callcenter,ou=Group,dc=example,dc=com')); - -/* Set this if you dont want this LDAP server to show in the tree */ -// $servers->setValue('server','visible',true); - -/* Set this if you want to hide the base DNs that dont exist instead of - displaying the message "The base entry doesnt exist, create it?" -// $servers->setValue('server','hide_noaccess_base',false); -# $servers->setValue('server','hide_noaccess_base',true); - -/* This is the time out value in minutes for the server. After as many minutes - of inactivity you will be automatically logged out. If not set, the default - value will be ( session_cache_expire()-1 ) */ -# $servers->setValue('login','timeout',30); - -/* Set this if you want phpldapadmin to perform rename operation on entry which - has children. Certain servers are known to allow it, certain are not. */ -// $servers->setValue('server','branch_rename',false); - -/* If you set this, then phpldapadmin will show these attributes as - internal attributes, even if they are not defined in your schema. */ -// $servers->setValue('server','custom_sys_attrs',array('')); -# $servers->setValue('server','custom_sys_attrs',array('passwordExpirationTime','passwordAllowChangeTime')); - -/* If you set this, then phpldapadmin will show these attributes on - objects, even if they are not defined in your schema. */ -// $servers->setValue('server','custom_attrs',array('')); -# $servers->setValue('server','custom_attrs',array('nsRoleDN','nsRole','nsAccountLock')); - -/* These attributes will be forced to MAY attributes and become option in the - templates. If they are not defined in the templates, then they wont appear - as per normal template processing. You may want to do this because your LDAP - server may automatically calculate a default value. - In Fedora Directory Server using the DNA Plugin one could ignore uidNumber, - gidNumber and sambaSID. */ -// $servers->setValue('server','force_may',array('')); -# $servers->setValue('server','force_may',array('uidNumber','gidNumber','sambaSID')); - -/********************************************* - * Unique attributes * - *********************************************/ - -/* You may want phpLDAPadmin to enforce some attributes to have unique values - (ie: not belong to other entries in your tree. This (together with - 'unique','dn' and 'unique','pass' option will not let updates to - occur with other attributes have the same value. */ -# $servers->setValue('unique','attrs',array('mail','uid','uidNumber')); - -/* If you set this, then phpldapadmin will bind to LDAP with this user ID when - searching for attribute uniqueness. The idea is, this user id would have full - (readonly) access to your ldap directory (the logged in user may not), so - that you can be guaranteed to get a unique uidnumber for your directory. */ -// $servers->setValue('unique','dn',null); - -/* The password for the dn above. */ -// $servers->setValue('unique','pass',null); - -/************************************************************************** - * If you want to configure additional LDAP servers, do so below. * - * Remove the commented lines and use this section as a template for all * - * your other LDAP servers. * - **************************************************************************/ - -/* -$servers->newServer('ldap_pla'); -$servers->setValue('server','name','LDAP Server'); -$servers->setValue('server','host','127.0.0.1'); -$servers->setValue('server','port',389); -$servers->setValue('server','base',array('')); -$servers->setValue('login','auth_type','cookie'); -$servers->setValue('login','bind_id',''); -$servers->setValue('login','bind_pass',''); -$servers->setValue('server','tls',false); - -# SASL auth -$servers->setValue('login','auth_type','sasl'); -$servers->setValue('sasl','mech','GSSAPI'); -$servers->setValue('sasl','realm','EXAMPLE.COM'); -$servers->setValue('sasl','authz_id',null); -$servers->setValue('sasl','authz_id_regex','/^uid=([^,]+)(.+)/i'); -$servers->setValue('sasl','authz_id_replacement','$1'); -$servers->setValue('sasl','props',null); - -$servers->setValue('appearance','pla_password_hash','md5'); -$servers->setValue('login','attr','dn'); -$servers->setValue('login','fallback_dn',false); -$servers->setValue('login','class',null); -$servers->setValue('server','read_only',false); -$servers->setValue('appearance','show_create',true); - -$servers->setValue('auto_number','enable',true); -$servers->setValue('auto_number','mechanism','search'); -$servers->setValue('auto_number','search_base',null); -$servers->setValue('auto_number','min',array('uidNumber'=>1000,'gidNumber'=>500)); -$servers->setValue('auto_number','dn',null); -$servers->setValue('auto_number','pass',null); - -$servers->setValue('login','anon_bind',true); -$servers->setValue('custom','pages_prefix','custom_'); -$servers->setValue('unique','attrs',array('mail','uid','uidNumber')); -$servers->setValue('unique','dn',null); -$servers->setValue('unique','pass',null); - -$servers->setValue('server','visible',true); -$servers->setValue('login','timeout',30); -$servers->setValue('server','branch_rename',false); -$servers->setValue('server','custom_sys_attrs',array('passwordExpirationTime','passwordAllowChangeTime')); -$servers->setValue('server','custom_attrs',array('nsRoleDN','nsRole','nsAccountLock')); -$servers->setValue('server','force_may',array('uidNumber','gidNumber','sambaSID')); -*/ - - -/*********************************************************************************** - * If you want to configure Google reCAPTCHA on autentication form, do so below. * - * Remove the commented lines and use this section as a template for all * - * reCAPTCHA v2 Generate on https://www.google.com/recaptcha/ * - * * - * IMPORTANT: Select reCAPTCHA v2 on Type of reCAPTCHA * - ***********************************************************************************/ - - -$config->custom->session['reCAPTCHA-enable'] = false; -$config->custom->session['reCAPTCHA-key-site'] = ''; -$config->custom->session['reCAPTCHA-key-server'] = ''; - -?> diff --git a/jails/config/r-ldap-mgr/httpd.conf b/jails/config/r-ldap-mgr/httpd.conf deleted file mode 100644 index ddc7e3c..0000000 --- a/jails/config/r-ldap-mgr/httpd.conf +++ /dev/null @@ -1,584 +0,0 @@ -# -# This is the main Apache HTTP server configuration file. It contains the -# configuration directives that give the server its instructions. -# See for detailed information. -# In particular, see -# -# for a discussion of each configuration directive. -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# -# Configuration and logfile names: If the filenames you specify for many -# of the server's control files begin with "/" (or "drive:/" for Win32), the -# server will use that explicit path. If the filenames do *not* begin -# with "/", the value of ServerRoot is prepended -- so "logs/access_log" -# with ServerRoot set to "/usr/local/apache2" will be interpreted by the -# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log" -# will be interpreted as '/logs/access_log'. - -# -# ServerRoot: The top of the directory tree under which the server's -# configuration, error, and log files are kept. -# -# Do not add a slash at the end of the directory path. If you point -# ServerRoot at a non-local disk, be sure to specify a local disk on the -# Mutex directive, if file-based mutexes are used. If you wish to share the -# same ServerRoot for multiple httpd daemons, you will need to change at -# least PidFile. -# -ServerRoot "/usr/local" - -# -# Mutex: Allows you to set the mutex mechanism and mutex file directory -# for individual mutexes, or change the global defaults -# -# Uncomment and change the directory if mutexes are file-based and the default -# mutex file directory is not on a local disk or is not appropriate for some -# other reason. -# -# Mutex default:/var/run - -# -# Listen: Allows you to bind Apache to specific IP addresses and/or -# ports, instead of the default. See also the -# directive. -# -# Change this to Listen on specific IP addresses as shown below to -# prevent Apache from glomming onto all bound IP addresses. -# -#Listen 12.34.56.78:80 -#Listen 80 - -# -# Dynamic Shared Object (DSO) Support -# -# To be able to use the functionality of a module which was built as a DSO you -# have to place corresponding `LoadModule' lines at this location so the -# directives contained in it are actually available _before_ they are used. -# Statically compiled modules (those listed by `httpd -l') do not need -# to be loaded here. -# -# Example: -# LoadModule foo_module modules/mod_foo.so -# -#LoadModule mpm_event_module libexec/apache24/mod_mpm_event.so -LoadModule mpm_prefork_module libexec/apache24/mod_mpm_prefork.so -#LoadModule mpm_worker_module libexec/apache24/mod_mpm_worker.so -LoadModule authn_file_module libexec/apache24/mod_authn_file.so -#LoadModule authn_dbm_module libexec/apache24/mod_authn_dbm.so -#LoadModule authn_anon_module libexec/apache24/mod_authn_anon.so -#LoadModule authn_dbd_module libexec/apache24/mod_authn_dbd.so -#LoadModule authn_socache_module libexec/apache24/mod_authn_socache.so -LoadModule authn_core_module libexec/apache24/mod_authn_core.so -LoadModule authz_host_module libexec/apache24/mod_authz_host.so -LoadModule authz_groupfile_module libexec/apache24/mod_authz_groupfile.so -LoadModule authz_user_module libexec/apache24/mod_authz_user.so -#LoadModule authz_dbm_module libexec/apache24/mod_authz_dbm.so -#LoadModule authz_owner_module libexec/apache24/mod_authz_owner.so -#LoadModule authz_dbd_module libexec/apache24/mod_authz_dbd.so -LoadModule authz_core_module libexec/apache24/mod_authz_core.so -#LoadModule authnz_fcgi_module libexec/apache24/mod_authnz_fcgi.so -LoadModule access_compat_module libexec/apache24/mod_access_compat.so -LoadModule auth_basic_module libexec/apache24/mod_auth_basic.so -#LoadModule auth_form_module libexec/apache24/mod_auth_form.so -#LoadModule auth_digest_module libexec/apache24/mod_auth_digest.so -#LoadModule allowmethods_module libexec/apache24/mod_allowmethods.so -#LoadModule file_cache_module libexec/apache24/mod_file_cache.so -#LoadModule cache_module libexec/apache24/mod_cache.so -#LoadModule cache_disk_module libexec/apache24/mod_cache_disk.so -#LoadModule cache_socache_module libexec/apache24/mod_cache_socache.so -LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so -#LoadModule socache_dbm_module libexec/apache24/mod_socache_dbm.so -#LoadModule socache_memcache_module libexec/apache24/mod_socache_memcache.so -#LoadModule watchdog_module libexec/apache24/mod_watchdog.so -#LoadModule macro_module libexec/apache24/mod_macro.so -#LoadModule dbd_module libexec/apache24/mod_dbd.so -#LoadModule dumpio_module libexec/apache24/mod_dumpio.so -#LoadModule buffer_module libexec/apache24/mod_buffer.so -#LoadModule data_module libexec/apache24/mod_data.so -#LoadModule ratelimit_module libexec/apache24/mod_ratelimit.so -LoadModule reqtimeout_module libexec/apache24/mod_reqtimeout.so -#LoadModule ext_filter_module libexec/apache24/mod_ext_filter.so -#LoadModule request_module libexec/apache24/mod_request.so -#LoadModule include_module libexec/apache24/mod_include.so -LoadModule filter_module libexec/apache24/mod_filter.so -#LoadModule reflector_module libexec/apache24/mod_reflector.so -#LoadModule substitute_module libexec/apache24/mod_substitute.so -#LoadModule sed_module libexec/apache24/mod_sed.so -#LoadModule charset_lite_module libexec/apache24/mod_charset_lite.so -#LoadModule deflate_module libexec/apache24/mod_deflate.so -#LoadModule xml2enc_module libexec/apache24/mod_xml2enc.so -#LoadModule proxy_html_module libexec/apache24/mod_proxy_html.so -LoadModule mime_module libexec/apache24/mod_mime.so -LoadModule log_config_module libexec/apache24/mod_log_config.so -#LoadModule log_debug_module libexec/apache24/mod_log_debug.so -#LoadModule log_forensic_module libexec/apache24/mod_log_forensic.so -#LoadModule logio_module libexec/apache24/mod_logio.so -LoadModule env_module libexec/apache24/mod_env.so -#LoadModule mime_magic_module libexec/apache24/mod_mime_magic.so -#LoadModule cern_meta_module libexec/apache24/mod_cern_meta.so -#LoadModule expires_module libexec/apache24/mod_expires.so -LoadModule headers_module libexec/apache24/mod_headers.so -#LoadModule usertrack_module libexec/apache24/mod_usertrack.so -#LoadModule unique_id_module libexec/apache24/mod_unique_id.so -LoadModule setenvif_module libexec/apache24/mod_setenvif.so -LoadModule version_module libexec/apache24/mod_version.so -#LoadModule remoteip_module libexec/apache24/mod_remoteip.so -#LoadModule proxy_module libexec/apache24/mod_proxy.so -#LoadModule proxy_connect_module libexec/apache24/mod_proxy_connect.so -#LoadModule proxy_ftp_module libexec/apache24/mod_proxy_ftp.so -#LoadModule proxy_http_module libexec/apache24/mod_proxy_http.so -#LoadModule proxy_fcgi_module libexec/apache24/mod_proxy_fcgi.so -#LoadModule proxy_scgi_module libexec/apache24/mod_proxy_scgi.so -#LoadModule proxy_uwsgi_module libexec/apache24/mod_proxy_uwsgi.so -#LoadModule proxy_fdpass_module libexec/apache24/mod_proxy_fdpass.so -#LoadModule proxy_wstunnel_module libexec/apache24/mod_proxy_wstunnel.so -#LoadModule proxy_ajp_module libexec/apache24/mod_proxy_ajp.so -#LoadModule proxy_balancer_module libexec/apache24/mod_proxy_balancer.so -#LoadModule proxy_express_module libexec/apache24/mod_proxy_express.so -#LoadModule proxy_hcheck_module libexec/apache24/mod_proxy_hcheck.so -#LoadModule session_module libexec/apache24/mod_session.so -#LoadModule session_cookie_module libexec/apache24/mod_session_cookie.so -#LoadModule session_crypto_module libexec/apache24/mod_session_crypto.so -#LoadModule session_dbd_module libexec/apache24/mod_session_dbd.so -#LoadModule slotmem_shm_module libexec/apache24/mod_slotmem_shm.so -#LoadModule slotmem_plain_module libexec/apache24/mod_slotmem_plain.so -LoadModule ssl_module libexec/apache24/mod_ssl.so -#LoadModule dialup_module libexec/apache24/mod_dialup.so -#LoadModule http2_module libexec/apache24/mod_http2.so -#LoadModule proxy_http2_module libexec/apache24/mod_proxy_http2.so -#LoadModule lbmethod_byrequests_module libexec/apache24/mod_lbmethod_byrequests.so -#LoadModule lbmethod_bytraffic_module libexec/apache24/mod_lbmethod_bytraffic.so -#LoadModule lbmethod_bybusyness_module libexec/apache24/mod_lbmethod_bybusyness.so -#LoadModule lbmethod_heartbeat_module libexec/apache24/mod_lbmethod_heartbeat.so -LoadModule unixd_module libexec/apache24/mod_unixd.so -#LoadModule heartbeat_module libexec/apache24/mod_heartbeat.so -#LoadModule heartmonitor_module libexec/apache24/mod_heartmonitor.so -#LoadModule dav_module libexec/apache24/mod_dav.so -LoadModule status_module libexec/apache24/mod_status.so -LoadModule autoindex_module libexec/apache24/mod_autoindex.so -#LoadModule asis_module libexec/apache24/mod_asis.so -#LoadModule info_module libexec/apache24/mod_info.so - - #LoadModule cgid_module libexec/apache24/mod_cgid.so - - - #LoadModule cgi_module libexec/apache24/mod_cgi.so - -#LoadModule dav_fs_module libexec/apache24/mod_dav_fs.so -#LoadModule dav_lock_module libexec/apache24/mod_dav_lock.so -#LoadModule vhost_alias_module libexec/apache24/mod_vhost_alias.so -#LoadModule negotiation_module libexec/apache24/mod_negotiation.so -LoadModule dir_module libexec/apache24/mod_dir.so -#LoadModule imagemap_module libexec/apache24/mod_imagemap.so -#LoadModule actions_module libexec/apache24/mod_actions.so -#LoadModule speling_module libexec/apache24/mod_speling.so -#LoadModule userdir_module libexec/apache24/mod_userdir.so -LoadModule alias_module libexec/apache24/mod_alias.so -#LoadModule rewrite_module libexec/apache24/mod_rewrite.so -#LoadModule php7_module libexec/apache24/libphp7.so -LoadModule php_module libexec/apache24/libphp.so - -# Third party modules -IncludeOptional etc/apache24/modules.d/[0-9][0-9][0-9]_*.conf - - -# -# If you wish httpd to run as a different user or group, you must run -# httpd as root initially and it will switch. -# -# User/Group: The name (or #number) of the user/group to run httpd as. -# It is usually good practice to create a dedicated user and group for -# running httpd, as with most system services. -# -User www -Group www - - - -# 'Main' server configuration -# -# The directives in this section set up the values used by the 'main' -# server, which responds to any requests that aren't handled by a -# definition. These values also provide defaults for -# any containers you may define later in the file. -# -# All of these directives may appear inside containers, -# in which case these default settings will be overridden for the -# virtual host being defined. -# - -# -# ServerAdmin: Your address, where problems with the server should be -# e-mailed. This address appears on some server-generated pages, such -# as error documents. e.g. admin@your-domain.com -# -ServerAdmin rishabh@beyondbell.com - -# -# ServerName gives the name and port that the server uses to identify itself. -# This can often be determined automatically, but we recommend you specify -# it explicitly to prevent problems during startup. -# -# If your host doesn't have a registered DNS name, enter its IP address here. -# -ServerName ldap-mgr.beyondbell.com - -# -# Deny access to the entirety of your server's filesystem. You must -# explicitly permit access to web content directories in other -# blocks below. -# - - AllowOverride All - Require all denied - - -# -# Note that from this point forward you must specifically allow -# particular features to be enabled - so if something's not working as -# you might expect, make sure that you have specifically enabled it -# below. -# - -# -# DocumentRoot: The directory out of which you will serve your -# documents. By default, all requests are taken from this directory, but -# symbolic links and aliases may be used to point to other locations. -# -DocumentRoot "/usr/local/www/apache24/data" - - # - # Possible values for the Options directive are "None", "All", - # or any combination of: - # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews - # - # Note that "MultiViews" must be named *explicitly* --- "Options All" - # doesn't give it to you. - # - # The Options directive is both complicated and important. Please see - # http://httpd.apache.org/docs/2.4/mod/core.html#options - # for more information. - # - Options Indexes FollowSymLinks - - # - # AllowOverride controls what directives may be placed in .htaccess files. - # It can be "All", "None", or any combination of the keywords: - # AllowOverride FileInfo AuthConfig Limit - # - AllowOverride All - - # - # Controls who can get stuff from this server. - # - Require all granted - - -# -# DirectoryIndex: sets the file that Apache will serve if a directory -# is requested. -# - - DirectoryIndex index.php index.html - - SetHandler application/x-httpd-php - - - SetHandler application/x-httpd-php-source - - - -# -# The following lines prevent .htaccess and .htpasswd files from being -# viewed by Web clients. -# - - Require all denied - - -# -# ErrorLog: The location of the error log file. -# If you do not specify an ErrorLog directive within a -# container, error messages relating to that virtual host will be -# logged here. If you *do* define an error logfile for a -# container, that host's errors will be logged there and not here. -# -ErrorLog "/var/log/httpd-error.log" - -# -# LogLevel: Control the number of messages logged to the error_log. -# Possible values include: debug, info, notice, warn, error, crit, -# alert, emerg. -# -LogLevel warn - - - # - # The following directives define some format nicknames for use with - # a CustomLog directive (see below). - # - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined - LogFormat "%h %l %u %t \"%r\" %>s %b" common - - - # You need to enable mod_logio.c to use %I and %O - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio - - - # - # The location and format of the access logfile (Common Logfile Format). - # If you do not define any access logfiles within a - # container, they will be logged here. Contrariwise, if you *do* - # define per- access logfiles, transactions will be - # logged therein and *not* in this file. - # - CustomLog "/var/log/httpd-access.log" common - - # - # If you prefer a logfile with access, agent, and referer information - # (Combined Logfile Format) you can use the following directive. - # - #CustomLog "/var/log/httpd-access.log" combined - - - - # - # Redirect: Allows you to tell clients about documents that used to - # exist in your server's namespace, but do not anymore. The client - # will make a new request for the document at its new location. - # Example: - # Redirect permanent /foo http://www.example.com/bar - - # - # Alias: Maps web paths into filesystem paths and is used to - # access content that does not live under the DocumentRoot. - # Example: - # Alias /webpath /full/filesystem/path - # - # If you include a trailing / on /webpath then the server will - # require it to be present in the URL. You will also likely - # need to provide a section to allow access to - # the filesystem path. - - # - # ScriptAlias: This controls which directories contain server scripts. - # ScriptAliases are essentially the same as Aliases, except that - # documents in the target directory are treated as applications and - # run by the server when requested rather than as documents sent to the - # client. The same rules about trailing "/" apply to ScriptAlias - # directives as to Alias. - # - ScriptAlias /cgi-bin/ "/usr/local/www/apache24/cgi-bin/" - - - - - # - # ScriptSock: On threaded servers, designate the path to the UNIX - # socket used to communicate with the CGI daemon of mod_cgid. - # - #Scriptsock cgisock - - -# -# "/usr/local/www/apache24/cgi-bin" should be changed to whatever your ScriptAliased -# CGI directory exists, if you have that configured. -# - - AllowOverride None - Options None - Require all granted - - - - # - # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied - # backend servers which have lingering "httpoxy" defects. - # 'Proxy' request header is undefined by the IETF, not listed by IANA - # - RequestHeader unset Proxy early - - - - # - # TypesConfig points to the file containing the list of mappings from - # filename extension to MIME-type. - # - TypesConfig etc/apache24/mime.types - - # - # AddType allows you to add to or override the MIME configuration - # file specified in TypesConfig for specific file types. - # - #AddType application/x-gzip .tgz - # - # AddEncoding allows you to have certain browsers uncompress - # information on the fly. Note: Not all browsers support this. - # - #AddEncoding x-compress .Z - #AddEncoding x-gzip .gz .tgz - # - # If the AddEncoding directives above are commented-out, then you - # probably should define those extensions to indicate media types: - # - AddType application/x-compress .Z - AddType application/x-gzip .gz .tgz - - # - # AddHandler allows you to map certain file extensions to "handlers": - # actions unrelated to filetype. These can be either built into the server - # or added with the Action directive (see below) - # - # To use CGI scripts outside of ScriptAliased directories: - # (You will also need to add "ExecCGI" to the "Options" directive.) - # - #AddHandler cgi-script .cgi - - # For type maps (negotiated resources): - #AddHandler type-map var - - # - # Filters allow you to process content before it is sent to the client. - # - # To parse .shtml files for server-side includes (SSI): - # (You will also need to add "Includes" to the "Options" directive.) - # - #AddType text/html .shtml - #AddOutputFilter INCLUDES .shtml - - AddType application/x-httpd-php .php - AddType application/x-httpd-php-source .phps - - - -# -# The mod_mime_magic module allows the server to use various hints from the -# contents of the file itself to determine its type. The MIMEMagicFile -# directive tells the module where the hint definitions are located. -# -#MIMEMagicFile etc/apache24/magic - -# -# Customizable error responses come in three flavors: -# 1) plain text 2) local redirects 3) external redirects -# -# Some examples: -#ErrorDocument 500 "The server made a boo boo." -#ErrorDocument 404 /missing.html -#ErrorDocument 404 "/cgi-bin/missing_handler.pl" -#ErrorDocument 402 http://www.example.com/subscription_info.html -# - -# -# MaxRanges: Maximum number of Ranges in a request before -# returning the entire resource, or one of the special -# values 'default', 'none' or 'unlimited'. -# Default setting is to accept 200 Ranges. -#MaxRanges unlimited - -# -# EnableMMAP and EnableSendfile: On systems that support it, -# memory-mapping or the sendfile syscall may be used to deliver -# files. This usually improves server performance, but must -# be turned off when serving from networked-mounted -# filesystems or if support for these functions is otherwise -# broken on your system. -# Defaults: EnableMMAP On, EnableSendfile Off -# -#EnableMMAP off -#EnableSendfile on - -# Supplemental configuration -# -# The configuration files in the etc/apache24/extra/ directory can be -# included to add extra features or to modify the default configuration of -# the server, or you may simply copy their contents here and change as -# necessary. - -# Server-pool management (MPM specific) -#Include etc/apache24/extra/httpd-mpm.conf - -# Multi-language error messages -#Include etc/apache24/extra/httpd-multilang-errordoc.conf - -# Fancy directory listings -#Include etc/apache24/extra/httpd-autoindex.conf - -# Language settings -#Include etc/apache24/extra/httpd-languages.conf - -# User home directories -#Include etc/apache24/extra/httpd-userdir.conf - -# Real-time info on requests and configuration -#Include etc/apache24/extra/httpd-info.conf - -# Virtual hosts -#Include etc/apache24/extra/httpd-vhosts.conf - -# Local access to the Apache HTTP Server Manual -#Include etc/apache24/extra/httpd-manual.conf - -# Distributed authoring and versioning (WebDAV) -#Include etc/apache24/extra/httpd-dav.conf - -# Various default settings -#Include etc/apache24/extra/httpd-default.conf - -# Configure mod_proxy_html to understand HTML4/XHTML1 - -Include etc/apache24/extra/proxy-html.conf - - -# Secure (SSL/TLS) connections -#Include etc/apache24/extra/httpd-ssl.conf -# -# Note: The following must must be present to support -# starting without SSL on platforms with no /dev/random equivalent -# but a statically compiled-in mod_ssl. -# - -SSLRandomSeed startup builtin -SSLRandomSeed connect builtin - - -Include etc/apache24/Includes/*.conf - - - ServerName ldap-mgr.beyondbell.com - ServerAlias *.beyondbell.com - ServerAlias ldap-mgr - - DocumentRoot "/usr/local/www/apache24/data/" - - SSLEngine on - SSLCertificateFile "/mnt/certs/bbfullchain.pem" - SSLCertificateKeyFile "/mnt/certs/bbprivkey.pem" - #SSLCertificateChainFile "/mnt/certs/bbfullchain.pem" - - - SSLOptions +StdEnvVars - - - - SSLOptions +StdEnvVars - - - BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 - CustomLog "/var/log/ssl-request.log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" - - - Options Indexes FollowSymLinks MultiViews - ## IndexOptions FancyIndexing FoldersFirst IgnoreCase VersionSort SuppressHTMLPreamble NameWidth=96 DescriptionWidth=16 - IndexOptions FancyIndexing FoldersFirst IgnoreCase NameWidth=96 - - AllowOverride All - Require all granted - - - ErrorLog "/var/log/ssl-error.log" - CustomLog "/var/log/ssl-access_log" combined - diff --git a/jails/config/r-ldap-mgr/php.ini b/jails/config/r-ldap-mgr/php.ini deleted file mode 100644 index 0fc6c5d..0000000 --- a/jails/config/r-ldap-mgr/php.ini +++ /dev/null @@ -1,1937 +0,0 @@ -[PHP] - -;;;;;;;;;;;;;;;;;;; -; About php.ini ; -;;;;;;;;;;;;;;;;;;; -; PHP's initialization file, generally called php.ini, is responsible for -; configuring many of the aspects of PHP's behavior. - -; PHP attempts to find and load this configuration from a number of locations. -; The following is a summary of its search order: -; 1. SAPI module specific location. -; 2. The PHPRC environment variable. (As of PHP 5.2.0) -; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0) -; 4. Current working directory (except CLI) -; 5. The web server's directory (for SAPI modules), or directory of PHP -; (otherwise in Windows) -; 6. The directory from the --with-config-file-path compile time option, or the -; Windows directory (C:\windows or C:\winnt) -; See the PHP docs for more specific information. -; http://php.net/configuration.file - -; The syntax of the file is extremely simple. Whitespace and lines -; beginning with a semicolon are silently ignored (as you probably guessed). -; Section headers (e.g. [Foo]) are also silently ignored, even though -; they might mean something in the future. - -; Directives following the section heading [PATH=/www/mysite] only -; apply to PHP files in the /www/mysite directory. Directives -; following the section heading [HOST=www.example.com] only apply to -; PHP files served from www.example.com. Directives set in these -; special sections cannot be overridden by user-defined INI files or -; at runtime. Currently, [PATH=] and [HOST=] sections only work under -; CGI/FastCGI. -; http://php.net/ini.sections - -; Directives are specified using the following syntax: -; directive = value -; Directive names are *case sensitive* - foo=bar is different from FOO=bar. -; Directives are variables used to configure PHP or PHP extensions. -; There is no name validation. If PHP can't find an expected -; directive because it is not set or is mistyped, a default value will be used. - -; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one -; of the INI constants (On, Off, True, False, Yes, No and None) or an expression -; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a -; previously set variable or directive (e.g. ${foo}) - -; Expressions in the INI file are limited to bitwise operators and parentheses: -; | bitwise OR -; ^ bitwise XOR -; & bitwise AND -; ~ bitwise NOT -; ! boolean NOT - -; Boolean flags can be turned on using the values 1, On, True or Yes. -; They can be turned off using the values 0, Off, False or No. - -; An empty string can be denoted by simply not writing anything after the equal -; sign, or by using the None keyword: - -; foo = ; sets foo to an empty string -; foo = None ; sets foo to an empty string -; foo = "None" ; sets foo to the string 'None' - -; If you use constants in your value, and these constants belong to a -; dynamically loaded extension (either a PHP extension or a Zend extension), -; you may only use these constants *after* the line that loads the extension. - -;;;;;;;;;;;;;;;;;;; -; About this file ; -;;;;;;;;;;;;;;;;;;; -; PHP comes packaged with two INI files. One that is recommended to be used -; in production environments and one that is recommended to be used in -; development environments. - -; php.ini-production contains settings which hold security, performance and -; best practices at its core. But please be aware, these settings may break -; compatibility with older or less security conscience applications. We -; recommending using the production ini in production and testing environments. - -; php.ini-development is very similar to its production variant, except it is -; much more verbose when it comes to errors. We recommend using the -; development version only in development environments, as errors shown to -; application users can inadvertently leak otherwise secure information. - -; This is php.ini-production INI file. - -;;;;;;;;;;;;;;;;;;; -; Quick Reference ; -;;;;;;;;;;;;;;;;;;; -; The following are all the settings which are different in either the production -; or development versions of the INIs with respect to PHP's default behavior. -; Please see the actual settings later in the document for more details as to why -; we recommend these changes in PHP's behavior. - -; display_errors -; Default Value: On -; Development Value: On -; Production Value: Off - -; display_startup_errors -; Default Value: Off -; Development Value: On -; Production Value: Off - -; error_reporting -; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED -; Development Value: E_ALL -; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT - -; html_errors -; Default Value: On -; Development Value: On -; Production value: On - -; log_errors -; Default Value: Off -; Development Value: On -; Production Value: On - -; max_input_time -; Default Value: -1 (Unlimited) -; Development Value: 60 (60 seconds) -; Production Value: 60 (60 seconds) - -; output_buffering -; Default Value: Off -; Development Value: 4096 -; Production Value: 4096 - -; register_argc_argv -; Default Value: On -; Development Value: Off -; Production Value: Off - -; request_order -; Default Value: None -; Development Value: "GP" -; Production Value: "GP" - -; session.gc_divisor -; Default Value: 100 -; Development Value: 1000 -; Production Value: 1000 - -; session.sid_bits_per_character -; Default Value: 4 -; Development Value: 5 -; Production Value: 5 - -; short_open_tag -; Default Value: On -; Development Value: Off -; Production Value: Off - -; track_errors -; Default Value: Off -; Development Value: On -; Production Value: Off - -; variables_order -; Default Value: "EGPCS" -; Development Value: "GPCS" -; Production Value: "GPCS" - -;;;;;;;;;;;;;;;;;;;; -; php.ini Options ; -;;;;;;;;;;;;;;;;;;;; -; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini" -;user_ini.filename = ".user.ini" - -; To disable this feature set this option to empty value -;user_ini.filename = - -; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes) -;user_ini.cache_ttl = 300 - -;;;;;;;;;;;;;;;;;;;; -; Language Options ; -;;;;;;;;;;;;;;;;;;;; - -; Enable the PHP scripting language engine under Apache. -; http://php.net/engine -engine = On - -; This directive determines whether or not PHP will recognize code between -; tags as PHP source which should be processed as such. It is -; generally recommended that should be used and that this feature -; should be disabled, as enabling it may result in issues when generating XML -; documents, however this remains supported for backward compatibility reasons. -; Note that this directive does not control the would work. -; http://php.net/syntax-highlighting -;highlight.string = #DD0000 -;highlight.comment = #FF9900 -;highlight.keyword = #007700 -;highlight.default = #0000BB -;highlight.html = #000000 - -; If enabled, the request will be allowed to complete even if the user aborts -; the request. Consider enabling it if executing long requests, which may end up -; being interrupted by the user or a browser timing out. PHP's default behavior -; is to disable this feature. -; http://php.net/ignore-user-abort -;ignore_user_abort = On - -; Determines the size of the realpath cache to be used by PHP. This value should -; be increased on systems where PHP opens many files to reflect the quantity of -; the file operations performed. -; http://php.net/realpath-cache-size -;realpath_cache_size = 4096k - -; Duration of time, in seconds for which to cache realpath information for a given -; file or directory. For systems with rarely changing files, consider increasing this -; value. -; http://php.net/realpath-cache-ttl -;realpath_cache_ttl = 120 - -; Enables or disables the circular reference collector. -; http://php.net/zend.enable-gc -zend.enable_gc = On - -; If enabled, scripts may be written in encodings that are incompatible with -; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such -; encodings. To use this feature, mbstring extension must be enabled. -; Default: Off -;zend.multibyte = Off - -; Allows to set the default encoding for the scripts. This value will be used -; unless "declare(encoding=...)" directive appears at the top of the script. -; Only affects if zend.multibyte is set. -; Default: "" -;zend.script_encoding = - -;;;;;;;;;;;;;;;;; -; Miscellaneous ; -;;;;;;;;;;;;;;;;; - -; Decides whether PHP may expose the fact that it is installed on the server -; (e.g. by adding its signature to the Web server header). It is no security -; threat in any way, but it makes it possible to determine whether you use PHP -; on your server or not. -; http://php.net/expose-php -expose_php = On - -;;;;;;;;;;;;;;;;;;; -; Resource Limits ; -;;;;;;;;;;;;;;;;;;; - -; Maximum execution time of each script, in seconds -; http://php.net/max-execution-time -; Note: This directive is hardcoded to 0 for the CLI SAPI -max_execution_time = 30 - -; Maximum amount of time each script may spend parsing request data. It's a good -; idea to limit this time on productions servers in order to eliminate unexpectedly -; long running scripts. -; Note: This directive is hardcoded to -1 for the CLI SAPI -; Default Value: -1 (Unlimited) -; Development Value: 60 (60 seconds) -; Production Value: 60 (60 seconds) -; http://php.net/max-input-time -max_input_time = 60 - -; Maximum input variable nesting level -; http://php.net/max-input-nesting-level -;max_input_nesting_level = 64 - -; How many GET/POST/COOKIE input variables may be accepted -; max_input_vars = 1000 - -; Maximum amount of memory a script may consume (128MB) -; http://php.net/memory-limit -memory_limit = 256M - -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; Error handling and logging ; -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - -; This directive informs PHP of which errors, warnings and notices you would like -; it to take action for. The recommended way of setting values for this -; directive is through the use of the error level constants and bitwise -; operators. The error level constants are below here for convenience as well as -; some common settings and their meanings. -; By default, PHP is set to take action on all errors, notices and warnings EXCEPT -; those related to E_NOTICE and E_STRICT, which together cover best practices and -; recommended coding standards in PHP. For performance reasons, this is the -; recommend error reporting setting. Your production server shouldn't be wasting -; resources complaining about best practices and coding standards. That's what -; development servers and development settings are for. -; Note: The php.ini-development file has this setting as E_ALL. This -; means it pretty much reports everything which is exactly what you want during -; development and early testing. -; -; Error Level Constants: -; E_ALL - All errors and warnings (includes E_STRICT as of PHP 5.4.0) -; E_ERROR - fatal run-time errors -; E_RECOVERABLE_ERROR - almost fatal run-time errors -; E_WARNING - run-time warnings (non-fatal errors) -; E_PARSE - compile-time parse errors -; E_NOTICE - run-time notices (these are warnings which often result -; from a bug in your code, but it's possible that it was -; intentional (e.g., using an uninitialized variable and -; relying on the fact it is automatically initialized to an -; empty string) -; E_STRICT - run-time notices, enable to have PHP suggest changes -; to your code which will ensure the best interoperability -; and forward compatibility of your code -; E_CORE_ERROR - fatal errors that occur during PHP's initial startup -; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's -; initial startup -; E_COMPILE_ERROR - fatal compile-time errors -; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) -; E_USER_ERROR - user-generated error message -; E_USER_WARNING - user-generated warning message -; E_USER_NOTICE - user-generated notice message -; E_DEPRECATED - warn about code that will not work in future versions -; of PHP -; E_USER_DEPRECATED - user-generated deprecation warnings -; -; Common Values: -; E_ALL (Show all errors, warnings and notices including coding standards.) -; E_ALL & ~E_NOTICE (Show all errors, except for notices) -; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.) -; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors) -; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED -; Development Value: E_ALL -; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT -; http://php.net/error-reporting -error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT - -; This directive controls whether or not and where PHP will output errors, -; notices and warnings too. Error output is very useful during development, but -; it could be very dangerous in production environments. Depending on the code -; which is triggering the error, sensitive information could potentially leak -; out of your application such as database usernames and passwords or worse. -; For production environments, we recommend logging errors rather than -; sending them to STDOUT. -; Possible Values: -; Off = Do not display any errors -; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) -; On or stdout = Display errors to STDOUT -; Default Value: On -; Development Value: On -; Production Value: Off -; http://php.net/display-errors -display_errors = Off - -; The display of errors which occur during PHP's startup sequence are handled -; separately from display_errors. PHP's default behavior is to suppress those -; errors from clients. Turning the display of startup errors on can be useful in -; debugging configuration problems. We strongly recommend you -; set this to 'off' for production servers. -; Default Value: Off -; Development Value: On -; Production Value: Off -; http://php.net/display-startup-errors -display_startup_errors = Off - -; Besides displaying errors, PHP can also log errors to locations such as a -; server-specific log, STDERR, or a location specified by the error_log -; directive found below. While errors should not be displayed on productions -; servers they should still be monitored and logging is a great way to do that. -; Default Value: Off -; Development Value: On -; Production Value: On -; http://php.net/log-errors -log_errors = On - -; Set maximum length of log_errors. In error_log information about the source is -; added. The default is 1024 and 0 allows to not apply any maximum length at all. -; http://php.net/log-errors-max-len -log_errors_max_len = 1024 - -; Do not log repeated messages. Repeated errors must occur in same file on same -; line unless ignore_repeated_source is set true. -; http://php.net/ignore-repeated-errors -ignore_repeated_errors = Off - -; Ignore source of message when ignoring repeated messages. When this setting -; is On you will not log errors with repeated messages from different files or -; source lines. -; http://php.net/ignore-repeated-source -ignore_repeated_source = Off - -; If this parameter is set to Off, then memory leaks will not be shown (on -; stdout or in the log). This has only effect in a debug compile, and if -; error reporting includes E_WARNING in the allowed list -; http://php.net/report-memleaks -report_memleaks = On - -; This setting is on by default. -;report_zend_debug = 0 - -; Store the last error/warning message in $php_errormsg (boolean). Setting this value -; to On can assist in debugging and is appropriate for development servers. It should -; however be disabled on production servers. -; Default Value: Off -; Development Value: On -; Production Value: Off -; http://php.net/track-errors -track_errors = Off - -; Turn off normal error reporting and emit XML-RPC error XML -; http://php.net/xmlrpc-errors -;xmlrpc_errors = 0 - -; An XML-RPC faultCode -;xmlrpc_error_number = 0 - -; When PHP displays or logs an error, it has the capability of formatting the -; error message as HTML for easier reading. This directive controls whether -; the error message is formatted as HTML or not. -; Note: This directive is hardcoded to Off for the CLI SAPI -; Default Value: On -; Development Value: On -; Production value: On -; http://php.net/html-errors -html_errors = On - -; If html_errors is set to On *and* docref_root is not empty, then PHP -; produces clickable error messages that direct to a page describing the error -; or function causing the error in detail. -; You can download a copy of the PHP manual from http://php.net/docs -; and change docref_root to the base URL of your local copy including the -; leading '/'. You must also specify the file extension being used including -; the dot. PHP's default behavior is to leave these settings empty, in which -; case no links to documentation are generated. -; Note: Never use this feature for production boxes. -; http://php.net/docref-root -; Examples -;docref_root = "/phpmanual/" - -; http://php.net/docref-ext -;docref_ext = .html - -; String to output before an error message. PHP's default behavior is to leave -; this setting blank. -; http://php.net/error-prepend-string -; Example: -;error_prepend_string = "" - -; String to output after an error message. PHP's default behavior is to leave -; this setting blank. -; http://php.net/error-append-string -; Example: -;error_append_string = "" - -; Log errors to specified file. PHP's default behavior is to leave this value -; empty. -; http://php.net/error-log -; Example: -;error_log = php_errors.log -; Log errors to syslog (Event Log on Windows). -;error_log = syslog - -;windows.show_crt_warning -; Default value: 0 -; Development value: 0 -; Production value: 0 - -;;;;;;;;;;;;;;;;; -; Data Handling ; -;;;;;;;;;;;;;;;;; - -; The separator used in PHP generated URLs to separate arguments. -; PHP's default setting is "&". -; http://php.net/arg-separator.output -; Example: -;arg_separator.output = "&" - -; List of separator(s) used by PHP to parse input URLs into variables. -; PHP's default setting is "&". -; NOTE: Every character in this directive is considered as separator! -; http://php.net/arg-separator.input -; Example: -;arg_separator.input = ";&" - -; This directive determines which super global arrays are registered when PHP -; starts up. G,P,C,E & S are abbreviations for the following respective super -; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty -; paid for the registration of these arrays and because ENV is not as commonly -; used as the others, ENV is not recommended on productions servers. You -; can still get access to the environment variables through getenv() should you -; need to. -; Default Value: "EGPCS" -; Development Value: "GPCS" -; Production Value: "GPCS"; -; http://php.net/variables-order -variables_order = "GPCS" - -; This directive determines which super global data (G,P & C) should be -; registered into the super global array REQUEST. If so, it also determines -; the order in which that data is registered. The values for this directive -; are specified in the same manner as the variables_order directive, -; EXCEPT one. Leaving this value empty will cause PHP to use the value set -; in the variables_order directive. It does not mean it will leave the super -; globals array REQUEST empty. -; Default Value: None -; Development Value: "GP" -; Production Value: "GP" -; http://php.net/request-order -request_order = "GP" - -; This directive determines whether PHP registers $argv & $argc each time it -; runs. $argv contains an array of all the arguments passed to PHP when a script -; is invoked. $argc contains an integer representing the number of arguments -; that were passed when the script was invoked. These arrays are extremely -; useful when running scripts from the command line. When this directive is -; enabled, registering these variables consumes CPU cycles and memory each time -; a script is executed. For performance reasons, this feature should be disabled -; on production servers. -; Note: This directive is hardcoded to On for the CLI SAPI -; Default Value: On -; Development Value: Off -; Production Value: Off -; http://php.net/register-argc-argv -register_argc_argv = Off - -; When enabled, the ENV, REQUEST and SERVER variables are created when they're -; first used (Just In Time) instead of when the script starts. If these -; variables are not used within a script, having this directive on will result -; in a performance gain. The PHP directive register_argc_argv must be disabled -; for this directive to have any affect. -; http://php.net/auto-globals-jit -auto_globals_jit = On - -; Whether PHP will read the POST data. -; This option is enabled by default. -; Most likely, you won't want to disable this option globally. It causes $_POST -; and $_FILES to always be empty; the only way you will be able to read the -; POST data will be through the php://input stream wrapper. This can be useful -; to proxy requests or to process the POST data in a memory efficient fashion. -; http://php.net/enable-post-data-reading -;enable_post_data_reading = Off - -; Maximum size of POST data that PHP will accept. -; Its value may be 0 to disable the limit. It is ignored if POST data reading -; is disabled through enable_post_data_reading. -; http://php.net/post-max-size -post_max_size = 8M - -; Automatically add files before PHP document. -; http://php.net/auto-prepend-file -auto_prepend_file = - -; Automatically add files after PHP document. -; http://php.net/auto-append-file -auto_append_file = - -; By default, PHP will output a media type using the Content-Type header. To -; disable this, simply set it to be empty. -; -; PHP's built-in default media type is set to text/html. -; http://php.net/default-mimetype -default_mimetype = "text/html" - -; PHP's default character set is set to UTF-8. -; http://php.net/default-charset -default_charset = "UTF-8" - -; PHP internal character encoding is set to empty. -; If empty, default_charset is used. -; http://php.net/internal-encoding -;internal_encoding = - -; PHP input character encoding is set to empty. -; If empty, default_charset is used. -; http://php.net/input-encoding -;input_encoding = - -; PHP output character encoding is set to empty. -; If empty, default_charset is used. -; See also output_buffer. -; http://php.net/output-encoding -;output_encoding = - -;;;;;;;;;;;;;;;;;;;;;;;;; -; Paths and Directories ; -;;;;;;;;;;;;;;;;;;;;;;;;; - -; UNIX: "/path1:/path2" -;include_path = ".:/php/includes" -; -; Windows: "\path1;\path2" -;include_path = ".;c:\php\includes" -; -; PHP's default setting for include_path is ".;/path/to/php/pear" -; http://php.net/include-path - -; The root of the PHP pages, used only if nonempty. -; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root -; if you are running php as a CGI under any web server (other than IIS) -; see documentation for security issues. The alternate is to use the -; cgi.force_redirect configuration below -; http://php.net/doc-root -doc_root = - -; The directory under which PHP opens the script using /~username used only -; if nonempty. -; http://php.net/user-dir -user_dir = - -; Directory in which the loadable extensions (modules) reside. -; http://php.net/extension-dir -; extension_dir = "./" -; On windows: -; extension_dir = "ext" - -; Directory where the temporary files should be placed. -; Defaults to the system default (see sys_get_temp_dir) -; sys_temp_dir = "/tmp" - -; Whether or not to enable the dl() function. The dl() function does NOT work -; properly in multithreaded servers, such as IIS or Zeus, and is automatically -; disabled on them. -; http://php.net/enable-dl -enable_dl = Off - -; cgi.force_redirect is necessary to provide security running PHP as a CGI under -; most web servers. Left undefined, PHP turns this on by default. You can -; turn it off here AT YOUR OWN RISK -; **You CAN safely turn this off for IIS, in fact, you MUST.** -; http://php.net/cgi.force-redirect -;cgi.force_redirect = 1 - -; if cgi.nph is enabled it will force cgi to always sent Status: 200 with -; every request. PHP's default behavior is to disable this feature. -;cgi.nph = 1 - -; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape -; (iPlanet) web servers, you MAY need to set an environment variable name that PHP -; will look for to know it is OK to continue execution. Setting this variable MAY -; cause security issues, KNOW WHAT YOU ARE DOING FIRST. -; http://php.net/cgi.redirect-status-env -;cgi.redirect_status_env = - -; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's -; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok -; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting -; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting -; of zero causes PHP to behave as before. Default is 1. You should fix your scripts -; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. -; http://php.net/cgi.fix-pathinfo -;cgi.fix_pathinfo=1 - -; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside -; of the web tree and people will not be able to circumvent .htaccess security. -; http://php.net/cgi.dicard-path -;cgi.discard_path=1 - -; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate -; security tokens of the calling client. This allows IIS to define the -; security context that the request runs under. mod_fastcgi under Apache -; does not currently support this feature (03/17/2002) -; Set to 1 if running under IIS. Default is zero. -; http://php.net/fastcgi.impersonate -;fastcgi.impersonate = 1 - -; Disable logging through FastCGI connection. PHP's default behavior is to enable -; this feature. -;fastcgi.logging = 0 - -; cgi.rfc2616_headers configuration option tells PHP what type of headers to -; use when sending HTTP response code. If set to 0, PHP sends Status: header that -; is supported by Apache. When this option is set to 1, PHP will send -; RFC2616 compliant header. -; Default is zero. -; http://php.net/cgi.rfc2616-headers -;cgi.rfc2616_headers = 0 - -; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #! -; (shebang) at the top of the running script. This line might be needed if the -; script support running both as stand-alone script and via PHP CGI<. PHP in CGI -; mode skips this line and ignores its content if this directive is turned on. -; http://php.net/cgi.check-shebang-line -;cgi.check_shebang_line=1 - -;;;;;;;;;;;;;;;; -; File Uploads ; -;;;;;;;;;;;;;;;; - -; Whether to allow HTTP file uploads. -; http://php.net/file-uploads -file_uploads = On - -; Temporary directory for HTTP uploaded files (will use system default if not -; specified). -; http://php.net/upload-tmp-dir -;upload_tmp_dir = - -; Maximum allowed size for uploaded files. -; http://php.net/upload-max-filesize -upload_max_filesize = 2M - -; Maximum number of files that can be uploaded via a single request -max_file_uploads = 20 - -;;;;;;;;;;;;;;;;;; -; Fopen wrappers ; -;;;;;;;;;;;;;;;;;; - -; Whether to allow the treatment of URLs (like http:// or ftp://) as files. -; http://php.net/allow-url-fopen -allow_url_fopen = On - -; Whether to allow include/require to open URLs (like http:// or ftp://) as files. -; http://php.net/allow-url-include -allow_url_include = Off - -; Define the anonymous ftp password (your email address). PHP's default setting -; for this is empty. -; http://php.net/from -;from="john@doe.com" - -; Define the User-Agent string. PHP's default setting for this is empty. -; http://php.net/user-agent -;user_agent="PHP" - -; Default timeout for socket based streams (seconds) -; http://php.net/default-socket-timeout -default_socket_timeout = 60 - -; If your scripts have to deal with files from Macintosh systems, -; or you are running on a Mac and need to deal with files from -; unix or win32 systems, setting this flag will cause PHP to -; automatically detect the EOL character in those files so that -; fgets() and file() will work regardless of the source of the file. -; http://php.net/auto-detect-line-endings -;auto_detect_line_endings = Off - -;;;;;;;;;;;;;;;;;;;;;; -; Dynamic Extensions ; -;;;;;;;;;;;;;;;;;;;;;; - -; If you wish to have an extension loaded automatically, use the following -; syntax: -; -; extension=modulename.extension -; -; For example, on Windows: -; -; extension=msql.dll -; -; ... or under UNIX: -; -; extension=msql.so -; -; ... or with a path: -; -; extension=/path/to/extension/msql.so -; -; If you only provide the name of the extension, PHP will look for it in its -; default extension directory. -; -; Windows Extensions -; Note that many DLL files are located in the extensions/ (PHP 4) ext/ (PHP 5+) -; extension folders as well as the separate PECL DLL download (PHP 5+). -; Be sure to appropriately set the extension_dir directive. -; -;extension=php_bz2.dll -;extension=php_curl.dll -;extension=php_fileinfo.dll -;extension=php_ftp.dll -;extension=php_gd2.dll -;extension=php_gettext.dll -;extension=php_gmp.dll -;extension=php_intl.dll -;extension=php_imap.dll -;extension=php_interbase.dll -;extension=php_ldap.dll -;extension=php_mbstring.dll -;extension=php_exif.dll ; Must be after mbstring as it depends on it -;extension=php_mysqli.dll -;extension=php_oci8_12c.dll ; Use with Oracle Database 12c Instant Client -;extension=php_odbc.dll -;extension=php_openssl.dll -;extension=php_pdo_firebird.dll -;extension=php_pdo_mysql.dll -;extension=php_pdo_oci.dll -;extension=php_pdo_odbc.dll -;extension=php_pdo_pgsql.dll -;extension=php_pdo_sqlite.dll -;extension=php_pgsql.dll -;extension=php_shmop.dll - -; The MIBS data available in the PHP distribution must be installed. -; See http://www.php.net/manual/en/snmp.installation.php -;extension=php_snmp.dll - -;extension=php_soap.dll -;extension=php_sockets.dll -;extension=php_sqlite3.dll -;extension=php_tidy.dll -;extension=php_xmlrpc.dll -;extension=php_xsl.dll - -;;;;;;;;;;;;;;;;;;; -; Module Settings ; -;;;;;;;;;;;;;;;;;;; - -[CLI Server] -; Whether the CLI web server uses ANSI color coding in its terminal output. -cli_server.color = On - -[Date] -; Defines the default timezone used by the date functions -; http://php.net/date.timezone -date.timezone = America/Los_Angeles - -; http://php.net/date.default-latitude -;date.default_latitude = 31.7667 - -; http://php.net/date.default-longitude -;date.default_longitude = 35.2333 - -; http://php.net/date.sunrise-zenith -;date.sunrise_zenith = 90.583333 - -; http://php.net/date.sunset-zenith -;date.sunset_zenith = 90.583333 - -[filter] -; http://php.net/filter.default -;filter.default = unsafe_raw - -; http://php.net/filter.default-flags -;filter.default_flags = - -[iconv] -; Use of this INI entry is deprecated, use global input_encoding instead. -; If empty, default_charset or input_encoding or iconv.input_encoding is used. -; The precedence is: default_charset < intput_encoding < iconv.input_encoding -;iconv.input_encoding = - -; Use of this INI entry is deprecated, use global internal_encoding instead. -; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. -; The precedence is: default_charset < internal_encoding < iconv.internal_encoding -;iconv.internal_encoding = - -; Use of this INI entry is deprecated, use global output_encoding instead. -; If empty, default_charset or output_encoding or iconv.output_encoding is used. -; The precedence is: default_charset < output_encoding < iconv.output_encoding -; To use an output encoding conversion, iconv's output handler must be set -; otherwise output encoding conversion cannot be performed. -;iconv.output_encoding = - -[intl] -;intl.default_locale = -; This directive allows you to produce PHP errors when some error -; happens within intl functions. The value is the level of the error produced. -; Default is 0, which does not produce any errors. -;intl.error_level = E_WARNING -;intl.use_exceptions = 0 - -[sqlite3] -;sqlite3.extension_dir = - -[Pcre] -;PCRE library backtracking limit. -; http://php.net/pcre.backtrack-limit -;pcre.backtrack_limit=100000 - -;PCRE library recursion limit. -;Please note that if you set this value to a high number you may consume all -;the available process stack and eventually crash PHP (due to reaching the -;stack size limit imposed by the Operating System). -; http://php.net/pcre.recursion-limit -;pcre.recursion_limit=100000 - -;Enables or disables JIT compilation of patterns. This requires the PCRE -;library to be compiled with JIT support. -;pcre.jit=1 - -[Pdo] -; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off" -; http://php.net/pdo-odbc.connection-pooling -;pdo_odbc.connection_pooling=strict - -;pdo_odbc.db2_instance_name - -[Pdo_mysql] -; If mysqlnd is used: Number of cache slots for the internal result set cache -; http://php.net/pdo_mysql.cache_size -pdo_mysql.cache_size = 2000 - -; Default socket name for local MySQL connects. If empty, uses the built-in -; MySQL defaults. -; http://php.net/pdo_mysql.default-socket -pdo_mysql.default_socket= - -[Phar] -; http://php.net/phar.readonly -;phar.readonly = On - -; http://php.net/phar.require-hash -;phar.require_hash = On - -;phar.cache_list = - -[mail function] -; For Win32 only. -; http://php.net/smtp -SMTP = localhost -; http://php.net/smtp-port -smtp_port = 25 - -; For Win32 only. -; http://php.net/sendmail-from -;sendmail_from = me@example.com - -; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). -; http://php.net/sendmail-path -;sendmail_path = - -; Force the addition of the specified parameters to be passed as extra parameters -; to the sendmail binary. These parameters will always replace the value of -; the 5th parameter to mail(). -;mail.force_extra_parameters = - -; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename -mail.add_x_header = Off - -; The path to a log file that will log all mail() calls. Log entries include -; the full path of the script, line number, To address and headers. -;mail.log = -; Log mail to syslog (Event Log on Windows). -;mail.log = syslog - -[SQL] -; http://php.net/sql.safe-mode -sql.safe_mode = Off - -[ODBC] -; http://php.net/odbc.default-db -;odbc.default_db = Not yet implemented - -; http://php.net/odbc.default-user -;odbc.default_user = Not yet implemented - -; http://php.net/odbc.default-pw -;odbc.default_pw = Not yet implemented - -; Controls the ODBC cursor model. -; Default: SQL_CURSOR_STATIC (default). -;odbc.default_cursortype - -; Allow or prevent persistent links. -; http://php.net/odbc.allow-persistent -odbc.allow_persistent = On - -; Check that a connection is still valid before reuse. -; http://php.net/odbc.check-persistent -odbc.check_persistent = On - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/odbc.max-persistent -odbc.max_persistent = -1 - -; Maximum number of links (persistent + non-persistent). -1 means no limit. -; http://php.net/odbc.max-links -odbc.max_links = -1 - -; Handling of LONG fields. Returns number of bytes to variables. 0 means -; passthru. -; http://php.net/odbc.defaultlrl -odbc.defaultlrl = 4096 - -; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. -; See the documentation on odbc_binmode and odbc_longreadlen for an explanation -; of odbc.defaultlrl and odbc.defaultbinmode -; http://php.net/odbc.defaultbinmode -odbc.defaultbinmode = 1 - -;birdstep.max_links = -1 - -[Interbase] -; Allow or prevent persistent links. -ibase.allow_persistent = 1 - -; Maximum number of persistent links. -1 means no limit. -ibase.max_persistent = -1 - -; Maximum number of links (persistent + non-persistent). -1 means no limit. -ibase.max_links = -1 - -; Default database name for ibase_connect(). -;ibase.default_db = - -; Default username for ibase_connect(). -;ibase.default_user = - -; Default password for ibase_connect(). -;ibase.default_password = - -; Default charset for ibase_connect(). -;ibase.default_charset = - -; Default timestamp format. -ibase.timestampformat = "%Y-%m-%d %H:%M:%S" - -; Default date format. -ibase.dateformat = "%Y-%m-%d" - -; Default time format. -ibase.timeformat = "%H:%M:%S" - -[MySQLi] - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/mysqli.max-persistent -mysqli.max_persistent = -1 - -; Allow accessing, from PHP's perspective, local files with LOAD DATA statements -; http://php.net/mysqli.allow_local_infile -;mysqli.allow_local_infile = On - -; Allow or prevent persistent links. -; http://php.net/mysqli.allow-persistent -mysqli.allow_persistent = On - -; Maximum number of links. -1 means no limit. -; http://php.net/mysqli.max-links -mysqli.max_links = -1 - -; If mysqlnd is used: Number of cache slots for the internal result set cache -; http://php.net/mysqli.cache_size -mysqli.cache_size = 2000 - -; Default port number for mysqli_connect(). If unset, mysqli_connect() will use -; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the -; compile-time value defined MYSQL_PORT (in that order). Win32 will only look -; at MYSQL_PORT. -; http://php.net/mysqli.default-port -mysqli.default_port = 3306 - -; Default socket name for local MySQL connects. If empty, uses the built-in -; MySQL defaults. -; http://php.net/mysqli.default-socket -mysqli.default_socket = - -; Default host for mysql_connect() (doesn't apply in safe mode). -; http://php.net/mysqli.default-host -mysqli.default_host = - -; Default user for mysql_connect() (doesn't apply in safe mode). -; http://php.net/mysqli.default-user -mysqli.default_user = - -; Default password for mysqli_connect() (doesn't apply in safe mode). -; Note that this is generally a *bad* idea to store passwords in this file. -; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") -; and reveal this password! And of course, any users with read access to this -; file will be able to reveal the password as well. -; http://php.net/mysqli.default-pw -mysqli.default_pw = - -; Allow or prevent reconnect -mysqli.reconnect = Off - -[mysqlnd] -; Enable / Disable collection of general statistics by mysqlnd which can be -; used to tune and monitor MySQL operations. -; http://php.net/mysqlnd.collect_statistics -mysqlnd.collect_statistics = On - -; Enable / Disable collection of memory usage statistics by mysqlnd which can be -; used to tune and monitor MySQL operations. -; http://php.net/mysqlnd.collect_memory_statistics -mysqlnd.collect_memory_statistics = Off - -; Records communication from all extensions using mysqlnd to the specified log -; file. -; http://php.net/mysqlnd.debug -;mysqlnd.debug = - -; Defines which queries will be logged. -; http://php.net/mysqlnd.log_mask -;mysqlnd.log_mask = 0 - -; Default size of the mysqlnd memory pool, which is used by result sets. -; http://php.net/mysqlnd.mempool_default_size -;mysqlnd.mempool_default_size = 16000 - -; Size of a pre-allocated buffer used when sending commands to MySQL in bytes. -; http://php.net/mysqlnd.net_cmd_buffer_size -;mysqlnd.net_cmd_buffer_size = 2048 - -; Size of a pre-allocated buffer used for reading data sent by the server in -; bytes. -; http://php.net/mysqlnd.net_read_buffer_size -;mysqlnd.net_read_buffer_size = 32768 - -; Timeout for network requests in seconds. -; http://php.net/mysqlnd.net_read_timeout -;mysqlnd.net_read_timeout = 31536000 - -; SHA-256 Authentication Plugin related. File with the MySQL server public RSA -; key. -; http://php.net/mysqlnd.sha256_server_public_key -;mysqlnd.sha256_server_public_key = - -[OCI8] - -; Connection: Enables privileged connections using external -; credentials (OCI_SYSOPER, OCI_SYSDBA) -; http://php.net/oci8.privileged-connect -;oci8.privileged_connect = Off - -; Connection: The maximum number of persistent OCI8 connections per -; process. Using -1 means no limit. -; http://php.net/oci8.max-persistent -;oci8.max_persistent = -1 - -; Connection: The maximum number of seconds a process is allowed to -; maintain an idle persistent connection. Using -1 means idle -; persistent connections will be maintained forever. -; http://php.net/oci8.persistent-timeout -;oci8.persistent_timeout = -1 - -; Connection: The number of seconds that must pass before issuing a -; ping during oci_pconnect() to check the connection validity. When -; set to 0, each oci_pconnect() will cause a ping. Using -1 disables -; pings completely. -; http://php.net/oci8.ping-interval -;oci8.ping_interval = 60 - -; Connection: Set this to a user chosen connection class to be used -; for all pooled server requests with Oracle 11g Database Resident -; Connection Pooling (DRCP). To use DRCP, this value should be set to -; the same string for all web servers running the same application, -; the database pool must be configured, and the connection string must -; specify to use a pooled server. -;oci8.connection_class = - -; High Availability: Using On lets PHP receive Fast Application -; Notification (FAN) events generated when a database node fails. The -; database must also be configured to post FAN events. -;oci8.events = Off - -; Tuning: This option enables statement caching, and specifies how -; many statements to cache. Using 0 disables statement caching. -; http://php.net/oci8.statement-cache-size -;oci8.statement_cache_size = 20 - -; Tuning: Enables statement prefetching and sets the default number of -; rows that will be fetched automatically after statement execution. -; http://php.net/oci8.default-prefetch -;oci8.default_prefetch = 100 - -; Compatibility. Using On means oci_close() will not close -; oci_connect() and oci_new_connect() connections. -; http://php.net/oci8.old-oci-close-semantics -;oci8.old_oci_close_semantics = Off - -[PostgreSQL] -; Allow or prevent persistent links. -; http://php.net/pgsql.allow-persistent -pgsql.allow_persistent = On - -; Detect broken persistent links always with pg_pconnect(). -; Auto reset feature requires a little overheads. -; http://php.net/pgsql.auto-reset-persistent -pgsql.auto_reset_persistent = Off - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/pgsql.max-persistent -pgsql.max_persistent = -1 - -; Maximum number of links (persistent+non persistent). -1 means no limit. -; http://php.net/pgsql.max-links -pgsql.max_links = -1 - -; Ignore PostgreSQL backends Notice message or not. -; Notice message logging require a little overheads. -; http://php.net/pgsql.ignore-notice -pgsql.ignore_notice = 0 - -; Log PostgreSQL backends Notice message or not. -; Unless pgsql.ignore_notice=0, module cannot log notice message. -; http://php.net/pgsql.log-notice -pgsql.log_notice = 0 - -[bcmath] -; Number of decimal digits for all bcmath functions. -; http://php.net/bcmath.scale -bcmath.scale = 0 - -[browscap] -; http://php.net/browscap -;browscap = extra/browscap.ini - -[Session] -; Handler used to store/retrieve data. -; http://php.net/session.save-handler -session.save_handler = files - -; Argument passed to save_handler. In the case of files, this is the path -; where data files are stored. Note: Windows users have to change this -; variable in order to use PHP's session functions. -; -; The path can be defined as: -; -; session.save_path = "N;/path" -; -; where N is an integer. Instead of storing all the session files in -; /path, what this will do is use subdirectories N-levels deep, and -; store the session data in those directories. This is useful if -; your OS has problems with many files in one directory, and is -; a more efficient layout for servers that handle many sessions. -; -; NOTE 1: PHP will not create this directory structure automatically. -; You can use the script in the ext/session dir for that purpose. -; NOTE 2: See the section on garbage collection below if you choose to -; use subdirectories for session storage -; -; The file storage module creates files using mode 600 by default. -; You can change that by using -; -; session.save_path = "N;MODE;/path" -; -; where MODE is the octal representation of the mode. Note that this -; does not overwrite the process's umask. -; http://php.net/session.save-path -;session.save_path = "/tmp" - -; Whether to use strict session mode. -; Strict session mode does not accept uninitialized session ID and regenerate -; session ID if browser sends uninitialized session ID. Strict mode protects -; applications from session fixation via session adoption vulnerability. It is -; disabled by default for maximum compatibility, but enabling it is encouraged. -; https://wiki.php.net/rfc/strict_sessions -session.use_strict_mode = 0 - -; Whether to use cookies. -; http://php.net/session.use-cookies -session.use_cookies = 1 - -; http://php.net/session.cookie-secure -;session.cookie_secure = - -; This option forces PHP to fetch and use a cookie for storing and maintaining -; the session id. We encourage this operation as it's very helpful in combating -; session hijacking when not specifying and managing your own session id. It is -; not the be-all and end-all of session hijacking defense, but it's a good start. -; http://php.net/session.use-only-cookies -session.use_only_cookies = 1 - -; Name of the session (used as cookie name). -; http://php.net/session.name -session.name = PHPSESSID - -; Initialize session on request startup. -; http://php.net/session.auto-start -session.auto_start = 0 - -; Lifetime in seconds of cookie or, if 0, until browser is restarted. -; http://php.net/session.cookie-lifetime -session.cookie_lifetime = 0 - -; The path for which the cookie is valid. -; http://php.net/session.cookie-path -session.cookie_path = / - -; The domain for which the cookie is valid. -; http://php.net/session.cookie-domain -session.cookie_domain = - -; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript. -; http://php.net/session.cookie-httponly -session.cookie_httponly = - -; Handler used to serialize data. php is the standard serializer of PHP. -; http://php.net/session.serialize-handler -session.serialize_handler = php - -; Defines the probability that the 'garbage collection' process is started -; on every session initialization. The probability is calculated by using -; gc_probability/gc_divisor. Where session.gc_probability is the numerator -; and gc_divisor is the denominator in the equation. Setting this value to 1 -; when the session.gc_divisor value is 100 will give you approximately a 1% chance -; the gc will run on any give request. -; Default Value: 1 -; Development Value: 1 -; Production Value: 1 -; http://php.net/session.gc-probability -session.gc_probability = 1 - -; Defines the probability that the 'garbage collection' process is started on every -; session initialization. The probability is calculated by using the following equation: -; gc_probability/gc_divisor. Where session.gc_probability is the numerator and -; session.gc_divisor is the denominator in the equation. Setting this value to 1 -; when the session.gc_divisor value is 100 will give you approximately a 1% chance -; the gc will run on any give request. Increasing this value to 1000 will give you -; a 0.1% chance the gc will run on any give request. For high volume production servers, -; this is a more efficient approach. -; Default Value: 100 -; Development Value: 1000 -; Production Value: 1000 -; http://php.net/session.gc-divisor -session.gc_divisor = 1000 - -; After this number of seconds, stored data will be seen as 'garbage' and -; cleaned up by the garbage collection process. -; http://php.net/session.gc-maxlifetime -session.gc_maxlifetime = 1440 - -; NOTE: If you are using the subdirectory option for storing session files -; (see session.save_path above), then garbage collection does *not* -; happen automatically. You will need to do your own garbage -; collection through a shell script, cron entry, or some other method. -; For example, the following script would is the equivalent of -; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): -; find /path/to/sessions -cmin +24 -type f | xargs rm - -; Check HTTP Referer to invalidate externally stored URLs containing ids. -; HTTP_REFERER has to contain this substring for the session to be -; considered as valid. -; http://php.net/session.referer-check -session.referer_check = - -; Set to {nocache,private,public,} to determine HTTP caching aspects -; or leave this empty to avoid sending anti-caching headers. -; http://php.net/session.cache-limiter -session.cache_limiter = nocache - -; Document expires after n minutes. -; http://php.net/session.cache-expire -session.cache_expire = 180 - -; trans sid support is disabled by default. -; Use of trans sid may risk your users' security. -; Use this option with caution. -; - User may send URL contains active session ID -; to other person via. email/irc/etc. -; - URL that contains active session ID may be stored -; in publicly accessible computer. -; - User may access your site with the same session ID -; always using URL stored in browser's history or bookmarks. -; http://php.net/session.use-trans-sid -session.use_trans_sid = 0 - -; Set session ID character length. This value could be between 22 to 256. -; Shorter length than default is supported only for compatibility reason. -; Users should use 32 or more chars. -; http://php.net/session.sid-length -; Default Value: 32 -; Development Value: 26 -; Production Value: 26 -session.sid_length = 26 - -; The URL rewriter will look for URLs in a defined set of HTML tags. -;
is special; if you include them here, the rewriter will -; add a hidden field with the info which is otherwise appended -; to URLs. tag's action attribute URL will not be modified -; unless it is specified. -; Note that all valid entries require a "=", even if no value follows. -; Default Value: "a=href,area=href,frame=src,form=" -; Development Value: "a=href,area=href,frame=src,form=" -; Production Value: "a=href,area=href,frame=src,form=" -; http://php.net/url-rewriter.tags -session.trans_sid_tags = "a=href,area=href,frame=src,form=" - -; URL rewriter does not rewrite absolute URLs by default. -; To enable rewrites for absolute pathes, target hosts must be specified -; at RUNTIME. i.e. use ini_set() -; tags is special. PHP will check action attribute's URL regardless -; of session.trans_sid_tags setting. -; If no host is defined, HTTP_HOST will be used for allowed host. -; Example value: php.net,www.php.net,wiki.php.net -; Use "," for multiple hosts. No spaces are allowed. -; Default Value: "" -; Development Value: "" -; Production Value: "" -;session.trans_sid_hosts="" - -; Define how many bits are stored in each character when converting -; the binary hash data to something readable. -; Possible values: -; 4 (4 bits: 0-9, a-f) -; 5 (5 bits: 0-9, a-v) -; 6 (6 bits: 0-9, a-z, A-Z, "-", ",") -; Default Value: 4 -; Development Value: 5 -; Production Value: 5 -; http://php.net/session.hash-bits-per-character -session.sid_bits_per_character = 5 - -; Enable upload progress tracking in $_SESSION -; Default Value: On -; Development Value: On -; Production Value: On -; http://php.net/session.upload-progress.enabled -;session.upload_progress.enabled = On - -; Cleanup the progress information as soon as all POST data has been read -; (i.e. upload completed). -; Default Value: On -; Development Value: On -; Production Value: On -; http://php.net/session.upload-progress.cleanup -;session.upload_progress.cleanup = On - -; A prefix used for the upload progress key in $_SESSION -; Default Value: "upload_progress_" -; Development Value: "upload_progress_" -; Production Value: "upload_progress_" -; http://php.net/session.upload-progress.prefix -;session.upload_progress.prefix = "upload_progress_" - -; The index name (concatenated with the prefix) in $_SESSION -; containing the upload progress information -; Default Value: "PHP_SESSION_UPLOAD_PROGRESS" -; Development Value: "PHP_SESSION_UPLOAD_PROGRESS" -; Production Value: "PHP_SESSION_UPLOAD_PROGRESS" -; http://php.net/session.upload-progress.name -;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS" - -; How frequently the upload progress should be updated. -; Given either in percentages (per-file), or in bytes -; Default Value: "1%" -; Development Value: "1%" -; Production Value: "1%" -; http://php.net/session.upload-progress.freq -;session.upload_progress.freq = "1%" - -; The minimum delay between updates, in seconds -; Default Value: 1 -; Development Value: 1 -; Production Value: 1 -; http://php.net/session.upload-progress.min-freq -;session.upload_progress.min_freq = "1" - -; Only write session data when session data is changed. Enabled by default. -; http://php.net/session.lazy-write -;session.lazy_write = On - -[Assertion] -; Switch whether to compile assertions at all (to have no overhead at run-time) -; -1: Do not compile at all -; 0: Jump over assertion at run-time -; 1: Execute assertions -; Changing from or to a negative value is only possible in php.ini! (For turning assertions on and off at run-time, see assert.active, when zend.assertions = 1) -; Default Value: 1 -; Development Value: 1 -; Production Value: -1 -; http://php.net/zend.assertions -zend.assertions = -1 - -; Assert(expr); active by default. -; http://php.net/assert.active -;assert.active = On - -; Throw an AssertationException on failed assertions -; http://php.net/assert.exception -;assert.exception = On - -; Issue a PHP warning for each failed assertion. (Overridden by assert.exception if active) -; http://php.net/assert.warning -;assert.warning = On - -; Don't bail out by default. -; http://php.net/assert.bail -;assert.bail = Off - -; User-function to be called if an assertion fails. -; http://php.net/assert.callback -;assert.callback = 0 - -; Eval the expression with current error_reporting(). Set to true if you want -; error_reporting(0) around the eval(). -; http://php.net/assert.quiet-eval -;assert.quiet_eval = 0 - -[COM] -; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs -; http://php.net/com.typelib-file -;com.typelib_file = - -; allow Distributed-COM calls -; http://php.net/com.allow-dcom -;com.allow_dcom = true - -; autoregister constants of a components typlib on com_load() -; http://php.net/com.autoregister-typelib -;com.autoregister_typelib = true - -; register constants casesensitive -; http://php.net/com.autoregister-casesensitive -;com.autoregister_casesensitive = false - -; show warnings on duplicate constant registrations -; http://php.net/com.autoregister-verbose -;com.autoregister_verbose = true - -; The default character set code-page to use when passing strings to and from COM objects. -; Default: system ANSI code page -;com.code_page= - -[mbstring] -; language for internal character representation. -; This affects mb_send_mail() and mbstring.detect_order. -; http://php.net/mbstring.language -;mbstring.language = Japanese - -; Use of this INI entry is deprecated, use global internal_encoding instead. -; internal/script encoding. -; Some encoding cannot work as internal encoding. (e.g. SJIS, BIG5, ISO-2022-*) -; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. -; The precedence is: default_charset < internal_encoding < iconv.internal_encoding -;mbstring.internal_encoding = - -; Use of this INI entry is deprecated, use global input_encoding instead. -; http input encoding. -; mbstring.encoding_traslation = On is needed to use this setting. -; If empty, default_charset or input_encoding or mbstring.input is used. -; The precedence is: default_charset < intput_encoding < mbsting.http_input -; http://php.net/mbstring.http-input -;mbstring.http_input = - -; Use of this INI entry is deprecated, use global output_encoding instead. -; http output encoding. -; mb_output_handler must be registered as output buffer to function. -; If empty, default_charset or output_encoding or mbstring.http_output is used. -; The precedence is: default_charset < output_encoding < mbstring.http_output -; To use an output encoding conversion, mbstring's output handler must be set -; otherwise output encoding conversion cannot be performed. -; http://php.net/mbstring.http-output -;mbstring.http_output = - -; enable automatic encoding translation according to -; mbstring.internal_encoding setting. Input chars are -; converted to internal encoding by setting this to On. -; Note: Do _not_ use automatic encoding translation for -; portable libs/applications. -; http://php.net/mbstring.encoding-translation -;mbstring.encoding_translation = Off - -; automatic encoding detection order. -; "auto" detect order is changed according to mbstring.language -; http://php.net/mbstring.detect-order -;mbstring.detect_order = auto - -; substitute_character used when character cannot be converted -; one from another -; http://php.net/mbstring.substitute-character -;mbstring.substitute_character = none - -; overload(replace) single byte functions by mbstring functions. -; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(), -; etc. Possible values are 0,1,2,4 or combination of them. -; For example, 7 for overload everything. -; 0: No overload -; 1: Overload mail() function -; 2: Overload str*() functions -; 4: Overload ereg*() functions -; http://php.net/mbstring.func-overload -;mbstring.func_overload = 0 - -; enable strict encoding detection. -; Default: Off -;mbstring.strict_detection = On - -; This directive specifies the regex pattern of content types for which mb_output_handler() -; is activated. -; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml) -;mbstring.http_output_conv_mimetype= - -[gd] -; Tell the jpeg decode to ignore warnings and try to create -; a gd image. The warning will then be displayed as notices -; disabled by default -; http://php.net/gd.jpeg-ignore-warning -;gd.jpeg_ignore_warning = 1 - -[exif] -; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. -; With mbstring support this will automatically be converted into the encoding -; given by corresponding encode setting. When empty mbstring.internal_encoding -; is used. For the decode settings you can distinguish between motorola and -; intel byte order. A decode setting cannot be empty. -; http://php.net/exif.encode-unicode -;exif.encode_unicode = ISO-8859-15 - -; http://php.net/exif.decode-unicode-motorola -;exif.decode_unicode_motorola = UCS-2BE - -; http://php.net/exif.decode-unicode-intel -;exif.decode_unicode_intel = UCS-2LE - -; http://php.net/exif.encode-jis -;exif.encode_jis = - -; http://php.net/exif.decode-jis-motorola -;exif.decode_jis_motorola = JIS - -; http://php.net/exif.decode-jis-intel -;exif.decode_jis_intel = JIS - -[Tidy] -; The path to a default tidy configuration file to use when using tidy -; http://php.net/tidy.default-config -;tidy.default_config = /usr/local/lib/php/default.tcfg - -; Should tidy clean and repair output automatically? -; WARNING: Do not use this option if you are generating non-html content -; such as dynamic images -; http://php.net/tidy.clean-output -tidy.clean_output = Off - -[soap] -; Enables or disables WSDL caching feature. -; http://php.net/soap.wsdl-cache-enabled -soap.wsdl_cache_enabled=1 - -; Sets the directory name where SOAP extension will put cache files. -; http://php.net/soap.wsdl-cache-dir -soap.wsdl_cache_dir="/tmp" - -; (time to live) Sets the number of second while cached file will be used -; instead of original one. -; http://php.net/soap.wsdl-cache-ttl -soap.wsdl_cache_ttl=86400 - -; Sets the size of the cache limit. (Max. number of WSDL files to cache) -soap.wsdl_cache_limit = 5 - -[sysvshm] -; A default size of the shared memory segment -;sysvshm.init_mem = 10000 - -[ldap] -; Sets the maximum number of open links or -1 for unlimited. -ldap.max_links = -1 - -[mcrypt] -; For more information about mcrypt settings see http://php.net/mcrypt-module-open - -; Directory where to load mcrypt algorithms -; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt) -;mcrypt.algorithms_dir= - -; Directory where to load mcrypt modes -; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt) -;mcrypt.modes_dir= - -[dba] -;dba.default_handler= - -[opcache] -; Determines if Zend OPCache is enabled -;opcache.enable=1 - -; Determines if Zend OPCache is enabled for the CLI version of PHP -;opcache.enable_cli=0 - -; The OPcache shared memory storage size. -;opcache.memory_consumption=128 - -; The amount of memory for interned strings in Mbytes. -;opcache.interned_strings_buffer=8 - -; The maximum number of keys (scripts) in the OPcache hash table. -; Only numbers between 200 and 1000000 are allowed. -;opcache.max_accelerated_files=10000 - -; The maximum percentage of "wasted" memory until a restart is scheduled. -;opcache.max_wasted_percentage=5 - -; When this directive is enabled, the OPcache appends the current working -; directory to the script key, thus eliminating possible collisions between -; files with the same name (basename). Disabling the directive improves -; performance, but may break existing applications. -;opcache.use_cwd=1 - -; When disabled, you must reset the OPcache manually or restart the -; webserver for changes to the filesystem to take effect. -;opcache.validate_timestamps=1 - -; How often (in seconds) to check file timestamps for changes to the shared -; memory storage allocation. ("1" means validate once per second, but only -; once per request. "0" means always validate) -;opcache.revalidate_freq=2 - -; Enables or disables file search in include_path optimization -;opcache.revalidate_path=0 - -; If disabled, all PHPDoc comments are dropped from the code to reduce the -; size of the optimized code. -;opcache.save_comments=1 - -; If enabled, a fast shutdown sequence is used for the accelerated code -; Depending on the used Memory Manager this may cause some incompatibilities. -;opcache.fast_shutdown=0 - -; Allow file existence override (file_exists, etc.) performance feature. -;opcache.enable_file_override=0 - -; A bitmask, where each bit enables or disables the appropriate OPcache -; passes -;opcache.optimization_level=0xffffffff - -;opcache.inherited_hack=1 -;opcache.dups_fix=0 - -; The location of the OPcache blacklist file (wildcards allowed). -; Each OPcache blacklist file is a text file that holds the names of files -; that should not be accelerated. The file format is to add each filename -; to a new line. The filename may be a full path or just a file prefix -; (i.e., /var/www/x blacklists all the files and directories in /var/www -; that start with 'x'). Line starting with a ; are ignored (comments). -;opcache.blacklist_filename= - -; Allows exclusion of large files from being cached. By default all files -; are cached. -;opcache.max_file_size=0 - -; Check the cache checksum each N requests. -; The default value of "0" means that the checks are disabled. -;opcache.consistency_checks=0 - -; How long to wait (in seconds) for a scheduled restart to begin if the cache -; is not being accessed. -;opcache.force_restart_timeout=180 - -; OPcache error_log file name. Empty string assumes "stderr". -;opcache.error_log= - -; All OPcache errors go to the Web server log. -; By default, only fatal errors (level 0) or errors (level 1) are logged. -; You can also enable warnings (level 2), info messages (level 3) or -; debug messages (level 4). -;opcache.log_verbosity_level=1 - -; Preferred Shared Memory back-end. Leave empty and let the system decide. -;opcache.preferred_memory_model= - -; Protect the shared memory from unexpected writing during script execution. -; Useful for internal debugging only. -;opcache.protect_memory=0 - -; Allows calling OPcache API functions only from PHP scripts which path is -; started from specified string. The default "" means no restriction -;opcache.restrict_api= - -; Mapping base of shared memory segments (for Windows only). All the PHP -; processes have to map shared memory into the same address space. This -; directive allows to manually fix the "Unable to reattach to base address" -; errors. -;opcache.mmap_base= - -; Enables and sets the second level cache directory. -; It should improve performance when SHM memory is full, at server restart or -; SHM reset. The default "" disables file based caching. -;opcache.file_cache= - -; Enables or disables opcode caching in shared memory. -;opcache.file_cache_only=0 - -; Enables or disables checksum validation when script loaded from file cache. -;opcache.file_cache_consistency_checks=1 - -; Implies opcache.file_cache_only=1 for a certain process that failed to -; reattach to the shared memory (for Windows only). Explicitly enabled file -; cache is required. -;opcache.file_cache_fallback=1 - -; Enables or disables copying of PHP code (text segment) into HUGE PAGES. -; This should improve performance, but requires appropriate OS configuration. -;opcache.huge_code_pages=1 - -; Validate cached file permissions. -;opcache.validate_permission=0 - -; Prevent name collisions in chroot'ed environment. -;opcache.validate_root=0 - -; If specified, it produces opcode dumps for debugging different stages of -; optimizations. -;opcache.opt_debug_level=0 - -[curl] -; A default value for the CURLOPT_CAINFO option. This is required to be an -; absolute path. -;curl.cainfo = - -[openssl] -; The location of a Certificate Authority (CA) file on the local filesystem -; to use when verifying the identity of SSL/TLS peers. Most users should -; not specify a value for this directive as PHP will attempt to use the -; OS-managed cert stores in its absence. If specified, this value may still -; be overridden on a per-stream basis via the "cafile" SSL stream context -; option. -;openssl.cafile= - -; If openssl.cafile is not specified or if the CA file is not found, the -; directory pointed to by openssl.capath is searched for a suitable -; certificate. This value must be a correctly hashed certificate directory. -; Most users should not specify a value for this directive as PHP will -; attempt to use the OS-managed cert stores in its absence. If specified, -; this value may still be overridden on a per-stream basis via the "capath" -; SSL stream context option. -;openssl.capath= - -; Local Variables: -; tab-width: 4 -; End: diff --git a/jails/config/r-ldap/pkgp.conf b/jails/config/r-ldap/pkgp.conf deleted file mode 100644 index 86e5a9a..0000000 --- a/jails/config/r-ldap/pkgp.conf +++ /dev/null @@ -1,20 +0,0 @@ -FreeBSD: { - url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest", - enabled: no -} - -pkgp-freebsd-pkg: { - url: "http://pkgp-freebsd-pkg.ahlawat.com/${ABI}/latest", - mirror_type: "http", - enabled: yes, - priority: 10 -} - -pkgp123: { - url: "http://pkgp.ahlawat.com/packages/pj123-default", - mirror_type: "http", - signature_type: "pubkey", - pubkey: "/mnt/certs/poudriere.cert", - enabled: yes, - priority: 100 -} diff --git a/jails/config/rachna/httpd.conf b/jails/config/rachna/httpd.conf index 67ecbfa..606d5e4 100644 --- a/jails/config/rachna/httpd.conf +++ b/jails/config/rachna/httpd.conf @@ -551,6 +551,14 @@ SSLRandomSeed connect builtin Include etc/apache24/Includes/*.conf +# https://ssl-config.mozilla.org/#server=apache&version=2.4.60&config=intermediate&openssl=3.1.0&guideline=5.7 + + + RewriteEngine On + RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/ + RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L] + + ServerName rachna.ahlawat.com ServerAlias *.ahlawat.com @@ -560,16 +568,20 @@ Include etc/apache24/Includes/*.conf DocumentRoot "/usr/local/www/apache24/data/" + # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) + Header always set Strict-Transport-Security "max-age=63072000" + SSLEngine on SSLCertificateFile "/mnt/certs/fullchain.pem" SSLCertificateKeyFile "/mnt/certs/privkey.pem" - #SSLCertificateChainFile "/mnt/certs/fullchain.pem" - SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - SSLHonorCipherOrder off - SSLSessionTickets off - SSLOptions +StrictRequire -# SSLCompression off +# SSLCertificateChainFile "/mnt/certs/fullchain.pem" + SSLCACertificateFile "/mnt/certs/cacert.pem" + + SSLProtocol -all +TLSv1.2 +TLSv1.3 + SSLOpenSSLConfCmd Curves X25519:prime256v1:secp384r1 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 + SSLHonorCipherOrder off + SSLSessionTickets off RewriteEngine On RewriteCond %{HTTP:Authorization} ^(.*) diff --git a/jails/config/rachna/pkg-list-details-old.txt b/jails/config/rachna/pkg-list-details-old.txt index 79fe5b9..4e1ddb9 100644 --- a/jails/config/rachna/pkg-list-details-old.txt +++ b/jails/config/rachna/pkg-list-details-old.txt @@ -1,8 +1,8 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____php81-8.1.12 -pkgp-freebsd-pkg____php81-mysqli-8.1.12 -pkgp-freebsd-pkg____php81-session-8.1.12 -pkgp-freebsd-pkg____pkg-1.18.4 +pkgp-freebsd-pkg____apache24-2.4.63 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____php84-8.4.6 +pkgp-freebsd-pkg____php84-mysqli-8.4.6 +pkgp-freebsd-pkg____php84-session-8.4.6 +pkgp-freebsd-pkg____pkg-2.1.2 diff --git a/jails/config/rachna/pkg-list-details.txt b/jails/config/rachna/pkg-list-details.txt index 87bcd3f..4e1ddb9 100644 --- a/jails/config/rachna/pkg-list-details.txt +++ b/jails/config/rachna/pkg-list-details.txt @@ -1,8 +1,8 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____php81-8.1.13 -pkgp-freebsd-pkg____php81-mysqli-8.1.13 -pkgp-freebsd-pkg____php81-session-8.1.13 -pkgp-freebsd-pkg____pkg-1.18.4 +pkgp-freebsd-pkg____apache24-2.4.63 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____php84-8.4.6 +pkgp-freebsd-pkg____php84-mysqli-8.4.6 +pkgp-freebsd-pkg____php84-session-8.4.6 +pkgp-freebsd-pkg____pkg-2.1.2 diff --git a/jails/config/rachna/pkg-list-old.txt b/jails/config/rachna/pkg-list-old.txt index 943fd00..b98597e 100644 --- a/jails/config/rachna/pkg-list-old.txt +++ b/jails/config/rachna/pkg-list-old.txt @@ -1 +1 @@ -apache24 bash bash-completion nano php81 php81-mysqli php81-session pkg +apache24 bash bash-completion nano php84 php84-mysqli php84-session pkg diff --git a/jails/config/rachna/pkg-list.txt b/jails/config/rachna/pkg-list.txt index 943fd00..b98597e 100644 --- a/jails/config/rachna/pkg-list.txt +++ b/jails/config/rachna/pkg-list.txt @@ -1 +1 @@ -apache24 bash bash-completion nano php81 php81-mysqli php81-session pkg +apache24 bash bash-completion nano php84 php84-mysqli php84-session pkg diff --git a/jails/config/rishabh/httpd.conf b/jails/config/rishabh/httpd.conf index 0a74ed9..986218e 100644 --- a/jails/config/rishabh/httpd.conf +++ b/jails/config/rishabh/httpd.conf @@ -551,6 +551,14 @@ SSLRandomSeed connect builtin Include etc/apache24/Includes/*.conf +# https://ssl-config.mozilla.org/#server=apache&version=2.4.60&config=intermediate&openssl=3.1.0&guideline=5.7 + + + RewriteEngine On + RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/ + RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L] + + ServerName rishabh.ahlawat.com ServerAlias *.ahlawat.com @@ -560,16 +568,20 @@ Include etc/apache24/Includes/*.conf DocumentRoot "/usr/local/www/apache24/data/" + # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) + Header always set Strict-Transport-Security "max-age=63072000" + SSLEngine on SSLCertificateFile "/mnt/certs/fullchain.pem" SSLCertificateKeyFile "/mnt/certs/privkey.pem" - #SSLCertificateChainFile "/mnt/certs/fullchain.pem" - SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - SSLHonorCipherOrder off - SSLSessionTickets off - SSLOptions +StrictRequire -# SSLCompression off +# SSLCertificateChainFile "/mnt/certs/fullchain.pem" + SSLCACertificateFile "/mnt/certs/cacert.pem" + + SSLProtocol -all +TLSv1.2 +TLSv1.3 + SSLOpenSSLConfCmd Curves X25519:prime256v1:secp384r1 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 + SSLHonorCipherOrder off + SSLSessionTickets off RewriteEngine On RewriteCond %{HTTP:Authorization} ^(.*) diff --git a/jails/config/rishabh/pkg-list-details-old.txt b/jails/config/rishabh/pkg-list-details-old.txt index 79fe5b9..4e1ddb9 100644 --- a/jails/config/rishabh/pkg-list-details-old.txt +++ b/jails/config/rishabh/pkg-list-details-old.txt @@ -1,8 +1,8 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____php81-8.1.12 -pkgp-freebsd-pkg____php81-mysqli-8.1.12 -pkgp-freebsd-pkg____php81-session-8.1.12 -pkgp-freebsd-pkg____pkg-1.18.4 +pkgp-freebsd-pkg____apache24-2.4.63 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____php84-8.4.6 +pkgp-freebsd-pkg____php84-mysqli-8.4.6 +pkgp-freebsd-pkg____php84-session-8.4.6 +pkgp-freebsd-pkg____pkg-2.1.2 diff --git a/jails/config/rishabh/pkg-list-details.txt b/jails/config/rishabh/pkg-list-details.txt index 87bcd3f..4e1ddb9 100644 --- a/jails/config/rishabh/pkg-list-details.txt +++ b/jails/config/rishabh/pkg-list-details.txt @@ -1,8 +1,8 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____php81-8.1.13 -pkgp-freebsd-pkg____php81-mysqli-8.1.13 -pkgp-freebsd-pkg____php81-session-8.1.13 -pkgp-freebsd-pkg____pkg-1.18.4 +pkgp-freebsd-pkg____apache24-2.4.63 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____php84-8.4.6 +pkgp-freebsd-pkg____php84-mysqli-8.4.6 +pkgp-freebsd-pkg____php84-session-8.4.6 +pkgp-freebsd-pkg____pkg-2.1.2 diff --git a/jails/config/rishabh/pkg-list-old.txt b/jails/config/rishabh/pkg-list-old.txt index 943fd00..b98597e 100644 --- a/jails/config/rishabh/pkg-list-old.txt +++ b/jails/config/rishabh/pkg-list-old.txt @@ -1 +1 @@ -apache24 bash bash-completion nano php81 php81-mysqli php81-session pkg +apache24 bash bash-completion nano php84 php84-mysqli php84-session pkg diff --git a/jails/config/rishabh/pkg-list.txt b/jails/config/rishabh/pkg-list.txt index 943fd00..b98597e 100644 --- a/jails/config/rishabh/pkg-list.txt +++ b/jails/config/rishabh/pkg-list.txt @@ -1 +1 @@ -apache24 bash bash-completion nano php81 php81-mysqli php81-session pkg +apache24 bash bash-completion nano php84 php84-mysqli php84-session pkg diff --git a/jails/config/sharad/httpd.conf b/jails/config/sharad/httpd.conf index 2201fec..c95792a 100644 --- a/jails/config/sharad/httpd.conf +++ b/jails/config/sharad/httpd.conf @@ -551,6 +551,14 @@ SSLRandomSeed connect builtin Include etc/apache24/Includes/*.conf +# https://ssl-config.mozilla.org/#server=apache&version=2.4.60&config=intermediate&openssl=3.1.0&guideline=5.7 + + + RewriteEngine On + RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/ + RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L] + + ServerName sharad.ahlawat.com ServerAlias *.ahlawat.com @@ -560,16 +568,20 @@ Include etc/apache24/Includes/*.conf DocumentRoot "/usr/local/www/apache24/data/" + # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) + Header always set Strict-Transport-Security "max-age=63072000" + SSLEngine on SSLCertificateFile "/mnt/certs/fullchain.pem" SSLCertificateKeyFile "/mnt/certs/privkey.pem" - #SSLCertificateChainFile "/mnt/certs/fullchain.pem" - SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - SSLHonorCipherOrder off - SSLSessionTickets off - SSLOptions +StrictRequire -# SSLCompression off +# SSLCertificateChainFile "/mnt/certs/fullchain.pem" + SSLCACertificateFile "/mnt/certs/cacert.pem" + + SSLProtocol -all +TLSv1.2 +TLSv1.3 + SSLOpenSSLConfCmd Curves X25519:prime256v1:secp384r1 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 + SSLHonorCipherOrder off + SSLSessionTickets off RewriteEngine On RewriteCond %{HTTP:Authorization} ^(.*) diff --git a/jails/config/sharad/pkg-list-details-old.txt b/jails/config/sharad/pkg-list-details-old.txt index 79fe5b9..4e1ddb9 100644 --- a/jails/config/sharad/pkg-list-details-old.txt +++ b/jails/config/sharad/pkg-list-details-old.txt @@ -1,8 +1,8 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____php81-8.1.12 -pkgp-freebsd-pkg____php81-mysqli-8.1.12 -pkgp-freebsd-pkg____php81-session-8.1.12 -pkgp-freebsd-pkg____pkg-1.18.4 +pkgp-freebsd-pkg____apache24-2.4.63 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____php84-8.4.6 +pkgp-freebsd-pkg____php84-mysqli-8.4.6 +pkgp-freebsd-pkg____php84-session-8.4.6 +pkgp-freebsd-pkg____pkg-2.1.2 diff --git a/jails/config/sharad/pkg-list-details.txt b/jails/config/sharad/pkg-list-details.txt index 87bcd3f..4e1ddb9 100644 --- a/jails/config/sharad/pkg-list-details.txt +++ b/jails/config/sharad/pkg-list-details.txt @@ -1,8 +1,8 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____php81-8.1.13 -pkgp-freebsd-pkg____php81-mysqli-8.1.13 -pkgp-freebsd-pkg____php81-session-8.1.13 -pkgp-freebsd-pkg____pkg-1.18.4 +pkgp-freebsd-pkg____apache24-2.4.63 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____php84-8.4.6 +pkgp-freebsd-pkg____php84-mysqli-8.4.6 +pkgp-freebsd-pkg____php84-session-8.4.6 +pkgp-freebsd-pkg____pkg-2.1.2 diff --git a/jails/config/sharad/pkg-list-old.txt b/jails/config/sharad/pkg-list-old.txt index 943fd00..b98597e 100644 --- a/jails/config/sharad/pkg-list-old.txt +++ b/jails/config/sharad/pkg-list-old.txt @@ -1 +1 @@ -apache24 bash bash-completion nano php81 php81-mysqli php81-session pkg +apache24 bash bash-completion nano php84 php84-mysqli php84-session pkg diff --git a/jails/config/sharad/pkg-list.txt b/jails/config/sharad/pkg-list.txt index 943fd00..b98597e 100644 --- a/jails/config/sharad/pkg-list.txt +++ b/jails/config/sharad/pkg-list.txt @@ -1 +1 @@ -apache24 bash bash-completion nano php81 php81-mysqli php81-session pkg +apache24 bash bash-completion nano php84 php84-mysqli php84-session pkg diff --git a/jails/config/torrent/pkg-list-details-old.txt b/jails/config/torrent/pkg-list-details-old.txt index a1e7cb9..3e4dc25 100644 --- a/jails/config/torrent/pkg-list-details-old.txt +++ b/jails/config/torrent/pkg-list-details-old.txt @@ -1,14 +1,16 @@ -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____firefox-esr-102.5.0,1 -pkgp-freebsd-pkg____fluxbox-1.3.7_5 -pkgp-freebsd-pkg____mc-4.8.28 -pkgp-freebsd-pkg____mesa-dri-22.2.3 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____qbittorrent-4.4.3.1_1 -pkgp-freebsd-pkg____rsync-3.2.6 -pkgp-freebsd-pkg____sudo-1.9.12p1 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____curl-8.13.0 +pkgp-freebsd-pkg____firefox-esr-128.10.0,1 +pkgp-freebsd-pkg____fluxbox-1.3.7_10 +pkgp-freebsd-pkg____mc-4.8.32 +pkgp-freebsd-pkg____mesa-dri-24.1.7_5 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____qbittorrent-5.0.5 +pkgp-freebsd-pkg____rsync-3.4.1_2 +pkgp-freebsd-pkg____sudo-1.9.16p2_1 pkgp-freebsd-pkg____tigervnc-1.9.0_4 -pkgp-freebsd-pkg____xauth-1.1.1 -pkgp-freebsd-pkg____xterm-375 +pkgp-freebsd-pkg____xauth-1.1.4 +pkgp-freebsd-pkg____xorg-fonts-truetype-7.7_1 +pkgp-freebsd-pkg____xterm-397_2 diff --git a/jails/config/torrent/pkg-list-details.txt b/jails/config/torrent/pkg-list-details.txt index fd914b4..3e4dc25 100644 --- a/jails/config/torrent/pkg-list-details.txt +++ b/jails/config/torrent/pkg-list-details.txt @@ -1,14 +1,16 @@ -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____firefox-esr-102.5.0_1,1 -pkgp-freebsd-pkg____fluxbox-1.3.7_5 -pkgp-freebsd-pkg____mc-4.8.28 -pkgp-freebsd-pkg____mesa-dri-22.2.3 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____qbittorrent-4.4.3.1_1 -pkgp-freebsd-pkg____rsync-3.2.6 -pkgp-freebsd-pkg____sudo-1.9.12p1 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____curl-8.13.0 +pkgp-freebsd-pkg____firefox-esr-128.10.0,1 +pkgp-freebsd-pkg____fluxbox-1.3.7_10 +pkgp-freebsd-pkg____mc-4.8.32 +pkgp-freebsd-pkg____mesa-dri-24.1.7_5 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____qbittorrent-5.0.5 +pkgp-freebsd-pkg____rsync-3.4.1_2 +pkgp-freebsd-pkg____sudo-1.9.16p2_1 pkgp-freebsd-pkg____tigervnc-1.9.0_4 -pkgp-freebsd-pkg____xauth-1.1.1 -pkgp-freebsd-pkg____xterm-377 +pkgp-freebsd-pkg____xauth-1.1.4 +pkgp-freebsd-pkg____xorg-fonts-truetype-7.7_1 +pkgp-freebsd-pkg____xterm-397_2 diff --git a/jails/config/torrent/pkg-list-old.txt b/jails/config/torrent/pkg-list-old.txt index d531a97..fca878a 100644 --- a/jails/config/torrent/pkg-list-old.txt +++ b/jails/config/torrent/pkg-list-old.txt @@ -1 +1 @@ -bash bash-completion firefox-esr fluxbox mc mesa-dri nano pkg qbittorrent rsync sudo tigervnc xauth xterm +bash bash-completion curl firefox-esr fluxbox mc mesa-dri nano pkg qbittorrent rsync sudo tigervnc xauth xorg-fonts-truetype xterm diff --git a/jails/config/torrent/pkg-list.txt b/jails/config/torrent/pkg-list.txt index d531a97..fca878a 100644 --- a/jails/config/torrent/pkg-list.txt +++ b/jails/config/torrent/pkg-list.txt @@ -1 +1 @@ -bash bash-completion firefox-esr fluxbox mc mesa-dri nano pkg qbittorrent rsync sudo tigervnc xauth xterm +bash bash-completion curl firefox-esr fluxbox mc mesa-dri nano pkg qbittorrent rsync sudo tigervnc xauth xorg-fonts-truetype xterm diff --git a/jails/config/vm/.tmux.conf b/jails/config/vm/.tmux.conf deleted file mode 100644 index b370482..0000000 --- a/jails/config/vm/.tmux.conf +++ /dev/null @@ -1,12 +0,0 @@ -unbind C-b -set -g prefix C-a -bind C-a send-prefix - -setw -g mouse on - -# Set the default terminal mode to 256color mode -set -g default-terminal "xterm-256color" - -# enable activity alerts -setw -g monitor-activity on -set -g visual-activity on diff --git a/jails/config/vm/create_taps.sh b/jails/config/vm/create_taps.sh deleted file mode 100755 index a4490f2..0000000 --- a/jails/config/vm/create_taps.sh +++ /dev/null @@ -1,119 +0,0 @@ -#!/bin/sh - -# Copyright (c) 2018-2022, diyIT.org -# All rights reserved. -# -# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") -# https://diyit.org/license/ -# -# - -ifconfig tap81 create -ifconfig bridge1 addm tap81 up -ifconfig tap81 up -ifconfig tap81 inet6 auto_linklocal - -ifconfig tap82 create -ifconfig bridge1 addm tap82 up -ifconfig tap82 up -ifconfig tap82 inet6 auto_linklocal - -ifconfig tap1082 create -ifconfig bridge10 addm tap1082 up -ifconfig tap1082 up -ifconfig tap1082 inet6 auto_linklocal - -ifconfig tap2082 create -ifconfig bridge9 addm tap2082 up -ifconfig tap2082 up -ifconfig tap2082 inet6 auto_linklocal - -ifconfig tap4882 create -ifconfig bridge48 addm tap4882 up -ifconfig tap4882 up -ifconfig tap4882 inet6 auto_linklocal - -ifconfig tap83 create -ifconfig bridge1 addm tap83 up -ifconfig tap83 up -ifconfig tap83 inet6 auto_linklocal - -ifconfig tap84 create -ifconfig bridge1 addm tap84 up -ifconfig tap84 up -ifconfig tap84 inet6 auto_linklocal - -ifconfig tap85 create -ifconfig bridge1 addm tap85 up -ifconfig tap85 up -ifconfig tap85 inet6 auto_linklocal - -ifconfig tap86 create -ifconfig bridge1 addm tap86 up -ifconfig tap86 up -ifconfig tap86 inet6 auto_linklocal - -ifconfig tap1086 create -ifconfig bridge10 addm tap1086 up -ifconfig tap1086 up -ifconfig tap1086 inet6 auto_linklocal - -ifconfig tap2086 create -ifconfig bridge9 addm tap2086 up -ifconfig tap2086 up -ifconfig tap2086 inet6 auto_linklocal - -ifconfig tap4886 create -ifconfig bridge48 addm tap4886 up -ifconfig tap4886 up -ifconfig tap4886 inet6 auto_linklocal - -ifconfig tap90 create -ifconfig bridge1 addm tap90 up -ifconfig tap90 up -ifconfig tap90 inet6 auto_linklocal - -ifconfig tap190 create -ifconfig bridge2 addm tap190 up -ifconfig tap190 up -ifconfig tap190 inet6 auto_linklocal - -ifconfig tap97 create -ifconfig bridge1 addm tap97 up -ifconfig tap97 up -ifconfig tap97 inet6 auto_linklocal - -ifconfig tap1097 create -ifconfig bridge10 addm tap1097 up -ifconfig tap1097 up -ifconfig tap1097 inet6 auto_linklocal - -ifconfig tap2097 create -ifconfig bridge9 addm tap2097 up -ifconfig tap2097 up -ifconfig tap2097 inet6 auto_linklocal - -ifconfig tap4897 create -ifconfig bridge48 addm tap4897 up -ifconfig tap4897 up -ifconfig tap4897 inet6 auto_linklocal - -ifconfig tap96 create -ifconfig bridge1 addm tap96 up -ifconfig tap96 up -ifconfig tap96 inet6 auto_linklocal - -ifconfig tap1096 create -ifconfig bridge10 addm tap1096 up -ifconfig tap1096 up -ifconfig tap1096 inet6 auto_linklocal - -ifconfig tap2096 create -ifconfig bridge9 addm tap2096 up -ifconfig tap2096 up -ifconfig tap2096 inet6 auto_linklocal - -ifconfig tap4896 create -ifconfig bridge48 addm tap4896 up -ifconfig tap4896 up -ifconfig tap4896 inet6 auto_linklocal diff --git a/jails/config/vm/cvm-a.sh b/jails/config/vm/cvm-a.sh deleted file mode 100755 index 52236f3..0000000 --- a/jails/config/vm/cvm-a.sh +++ /dev/null @@ -1,64 +0,0 @@ -#!/usr/local/bin/bash - -# Copyright (c) 2018-2022, diyIT.org -# All rights reserved. -# -# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") -# https://diyit.org/license/ -# -# - -# ./cvm-a.sh under tmux - -# clean cached state -bhyvectl --destroy --vm=cvm-a - -exit - -while true -do - -bhyve -c 4 -m 16G -A -H -P \ --s 0,hostbridge \ --s 3,ahci-cd \ --s 4,virtio-blk,/dev/zvol/ship/raw/cvm-a \ --s 5,virtio-net,tap97,mac=00:0A:0B:0C:0D:97 \ --s 6,virtio-blk,/dev/zvol/ship/raw/cvm-a_data \ --s 7,virtio-net,tap4897,mac=00:0A:0B:0C:7D:97 \ --s 8,virtio-net,tap1097,mac=00:0A:0B:0C:8D:97 \ --s 9,virtio-net,tap2097,mac=00:0A:0B:0C:9D:97 \ --s 29,fbuf,tcp=0.0.0.0:5997,w=1600,h=900 \ --s 30,xhci,tablet \ --s 31,lpc -l com1,/dev/nmdm97A \ --l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \ -cvm-a - -bhyve_exit=$? -# bhyve returns the following status codes: -# 0 - VM has been reset -# 1 - VM has been powered off -# 2 - VM has been halted -# 3 - VM generated a triple fault -# all other non-zero status codes are errors -# -if [ $bhyve_exit = 1 ] || [ $bhyve_exit = 2 ] -then - break -fi -echo `date` - restarting cvm-a in 5 seconds - press ctrl-c to stop -sleep 5 - -done - -exit $? - -# -s 3,ahci-cd,/mnt/linux/ubuntu-20.04.1-live-server-amd64.iso \ - -# bhyvectl --get-all --vm=cvm-a - -# cu -l /dev/nmdm97B -# (This uses cu() so press ~+Ctrl-D to exit) - -#on base system: -#zfs create -V 32G -o refreservation=none ship/raw/cvm-a - docker partition -#zfs create -V 128G -o refreservation=none ship/raw/cvm-a_data - root partition diff --git a/jails/config/vm/cvm-b.sh b/jails/config/vm/cvm-b.sh deleted file mode 100755 index af8cf4a..0000000 --- a/jails/config/vm/cvm-b.sh +++ /dev/null @@ -1,64 +0,0 @@ -#!/usr/local/bin/bash - -# Copyright (c) 2018-2022, diyIT.org -# All rights reserved. -# -# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") -# https://diyit.org/license/ -# -# - -# ./cvm-b.sh under tmux - -# clean cached state -bhyvectl --destroy --vm=cvm-b - -exit - -while true -do - -bhyve -c 8 -m 32G -A -H -P \ --s 0,hostbridge \ --s 3,ahci-cd \ --s 4,virtio-blk,/dev/zvol/ship/raw/cvm-b \ --s 5,virtio-net,tap96,mac=00:0A:0B:0C:0D:96 \ --s 6,virtio-blk,/dev/zvol/ship/raw/cvm-b_data \ --s 7,virtio-net,tap4896,mac=00:0A:0B:0C:7D:96 \ --s 8,virtio-net,tap1096,mac=00:0A:0B:0C:8D:96 \ --s 9,virtio-net,tap2096,mac=00:0A:0B:0C:9D:96 \ --s 29,fbuf,tcp=0.0.0.0:5996,w=1600,h=900 \ --s 30,xhci,tablet \ --s 31,lpc -l com1,/dev/nmdm96A \ --l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \ -cvm-b - -bhyve_exit=$? -# bhyve returns the following status codes: -# 0 - VM has been reset -# 1 - VM has been powered off -# 2 - VM has been halted -# 3 - VM generated a triple fault -# all other non-zero status codes are errors -# -if [ $bhyve_exit = 1 ] || [ $bhyve_exit = 2 ] -then - break -fi -echo `date` - restarting cvm-b in 5 seconds - press ctrl-c to stop -sleep 5 - -done - -exit $? - -# -s 3,ahci-cd,/mnt/linux/ubuntu-20.04.1-live-server-amd64.iso \ - -# bhyvectl --get-all --vm=cvm-b - -# cu -l /dev/nmdm96B -# (This uses cu() so press ~+Ctrl-D to exit) - -#on base system: -#zfs create -V 32G -o refreservation=none ship/raw/cvm-b - docker partition -#zfs create -V 128G -o refreservation=none ship/raw/cvm-b_data - root partition diff --git a/jails/config/vm/devfs_rules.raw b/jails/config/vm/devfs_rules.raw deleted file mode 100644 index a8e2c84..0000000 --- a/jails/config/vm/devfs_rules.raw +++ /dev/null @@ -1,8 +0,0 @@ -100 include 4 -200 path vmm unhide -300 path vmm/* unhide -400 path vmm.io unhide -500 path vmm.io/* unhide -600 path tap* unhide -700 path zvol/ship/raw/* unhide -800 path nmdm* unhide diff --git a/jails/config/vm/devfs_rules.txt b/jails/config/vm/devfs_rules.txt deleted file mode 100644 index 7bdf288..0000000 --- a/jails/config/vm/devfs_rules.txt +++ /dev/null @@ -1,14 +0,0 @@ -# devfs rule -s 200 add - < devfs_rules.raw -# devfs rule -s 200 show - -# add to /etc/default/devfs.rules - -[devfs_rules_bhyve_jail=200] -add include $devfsrules_jail -add path vmm unhide -add path vmm/* unhide -add path vmm.io unhide -add path vmm.io/* unhide -add path tap* unhide -add path zvol/ship/raw/* unhide -add path nmdm* unhide diff --git a/jails/config/vm/freebsd.sh b/jails/config/vm/freebsd.sh deleted file mode 100755 index af69f1c..0000000 --- a/jails/config/vm/freebsd.sh +++ /dev/null @@ -1,79 +0,0 @@ -#!/usr/local/bin/bash - -# Copyright (c) 2018-2022, diyIT.org -# All rights reserved. -# -# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") -# https://diyit.org/license/ -# -# - -# ./freebsd.sh under tmux - -# clean cached state -bhyvectl --destroy --vm=freebsd - -while true -do - -bhyve -c 2 -m 4G -A -H -P \ --s 0,hostbridge \ --s 3,ahci-cd \ --s 4,virtio-blk,/dev/zvol/ship/raw/freebsd_1 \ --s 5,virtio-blk,/dev/zvol/ship/raw/freebsd_2 \ --s 6,virtio-blk,/dev/zvol/ship/raw/freebsd_z1 \ --s 7,virtio-blk,/dev/zvol/ship/raw/freebsd_z2 \ --s 8,virtio-blk,/dev/zvol/ship/raw/freebsd_z3 \ --s 9,virtio-blk,/dev/zvol/ship/raw/freebsd \ --s 10,virtio-net,tap83,mac=00:0A:0B:0C:0D:83 \ --s 29,fbuf,tcp=0.0.0.0:5983,w=1600,h=900 \ --s 30,xhci,tablet \ --s 31,lpc -l com1,/dev/nmdm83A \ --l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \ -freebsd - -bhyve_exit=$? -# bhyve returns the following status codes: -# 0 - VM has been reset -# 1 - VM has been powered off -# 2 - VM has been halted -# 3 - VM generated a triple fault -# all other non-zero status codes are errors -# -if [ $bhyve_exit = 1 ] || [ $bhyve_exit = 2 ] -then - break -fi -echo `date` - restarting freebsd in 5 seconds - press ctrl-c to stop -sleep 5 - -done - -exit $? - -#-s 3,ahci-cd \ -#-s 3,ahci-cd,/mnt/freebsd/FreeBSD-12.2-RELEASE-amd64-disc1.iso \ -# set boot_serial=NO -# first in boot menu option 3 and then /boot/loader.conf after install - -# bhyvectl --get-all --vm=freebsd - -# cu -l /dev/nmdm83B -# (This uses cu() so press ~+Ctrl-D to exit) - -#on base system: -#zfs create -V 16G -o refreservation=none ship/raw/freebsd -#zfs create -V 16G -o refreservation=none ship/raw/freebsd_1 -#zfs create -V 16G -o refreservation=none ship/raw/freebsd_2 -#zfs create -V 16G -o refreservation=none ship/raw/freebsd_z1 -#zfs create -V 16G -o refreservation=none ship/raw/freebsd_z2 -#zfs create -V 16G -o refreservation=none ship/raw/freebsd_z3 -# on boot -#ifconfig tap83 create -#ifconfig bridge1 addm tap83 up -#ifconfig tap83 up -#ifconfig tap83 inet6 auto_linklocal -# -#zroot mirror /dev/vtbd1 /dev/vtbd2 - created during zroot install -#zpool create -f ship /dev/vtbd2 /dev/vtbd3 /dev/vtbd4 -#zpool create -f data /dev/vtbd5 diff --git a/jails/config/vm/gns3.sh b/jails/config/vm/gns3.sh deleted file mode 100755 index 3688259..0000000 --- a/jails/config/vm/gns3.sh +++ /dev/null @@ -1,71 +0,0 @@ -#!/usr/local/bin/bash - -# Copyright (c) 2018-2022, diyIT.org -# All rights reserved. -# -# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") -# https://diyit.org/license/ -# -# - -# ./gns3.sh under tmux - -# disabled for now -exit - -# clean cached state -bhyvectl --destroy --vm=gns3 - -while true -do - -bhyve -c 4 -m 16G -A -H -P \ --s 0,hostbridge \ --s 3,ahci-cd \ --s 4,virtio-blk,/dev/zvol/ship/raw/gns3 \ --s 5,virtio-net,tap86,mac=00:0A:0B:0C:0D:86 \ --s 7,virtio-net,tap4886,mac=00:0A:0B:0C:8D:86 \ --s 8,virtio-net,tap1086,mac=00:0A:0B:0C:8D:86 \ --s 9,virtio-net,tap2086,mac=00:0A:0B:0C:9D:86 \ --s 29,fbuf,tcp=0.0.0.0:5986,w=1280,h=720 \ --s 30,xhci,tablet \ --s 31,lpc -l com1,/dev/nmdm86A \ --l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \ -gns3 - -bhyve_exit=$? -# bhyve returns the following status codes: -# 0 - VM has been reset -# 1 - VM has been powered off -# 2 - VM has been halted -# 3 - VM generated a triple fault -# all other non-zero status codes are errors -# -if [ $bhyve_exit = 1 ] || [ $bhyve_exit = 2 ] -then - break -fi -echo `date` - restarting gns3 in 5 seconds - press ctrl-c to stop -sleep 5 - -done - -exit $? - -#-s 3,ahci-cd,/mnt/linux/ubuntu-20.04.1-live-server-amd64.iso \ -##-s 6,virtio-blk,/dev/zvol/ship/raw/gns3_data \ - -# bhyvectl --get-all --vm=gns3 - -# cu -l /dev/nmdm86B -# (This uses cu() so press ~+Ctrl-D to exit) - -#on base system: -#zfs create -V 128G -o refreservation=none ship/raw/gns3 - -# Install VNC -# curl -o turbovnc_2.2.5_amd64.deb https://sourceforge.net/projects/turbovnc/files/2.2.5/turbovnc_2.2.5_amd64.deb/download# -# sudo apt install gdebi-core -# sudo gdebi turbovnc_2.2.5_amd64.deb -# sudo killall Xvnc; /opt/TurboVNC/bin/vncserver -name gns3 -geometry 1920x1080 :4 -# systemctl enable ssh.service; service ssh start diff --git a/jails/config/vm/pbx.sh b/jails/config/vm/pbx.sh deleted file mode 100755 index 83bd058..0000000 --- a/jails/config/vm/pbx.sh +++ /dev/null @@ -1,70 +0,0 @@ -#!/usr/local/bin/bash - -# Copyright (c) 2018-2022, diyIT.org -# All rights reserved. -# -# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") -# https://diyit.org/license/ -# -# - -# ./pbx.sh under tmux - -# clean cached state -bhyvectl --destroy --vm=pbx - -#exit - -while true -do - -bhyve -c 4 -m 4G -A -H -P \ --s 0,hostbridge \ --s 3,ahci-cd \ --s 4,virtio-blk,/dev/zvol/ship/raw/pbx \ --s 5,virtio-net,tap90,mac=00:0A:0B:0C:0D:90 \ --s 6,virtio-net,tap190,mac=00:0A:0B:0C:1D:190 \ --s 29,fbuf,tcp=0.0.0.0:5990,w=1600,h=900 \ --s 30,xhci,tablet \ --s 31,lpc -l com1,/dev/nmdm90A \ --l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \ -pbx - -bhyve_exit=$? -# bhyve returns the following status codes: -# 0 - VM has been reset -# 1 - VM has been powered off -# 2 - VM has been halted -# 3 - VM generated a triple fault -# all other non-zero status codes are errors -# -if [ $bhyve_exit = 1 ] || [ $bhyve_exit = 2 ] -then - break -fi -echo `date` - restarting ubuntu in 5 seconds - press ctrl-c to stop -sleep 5 - -done - -exit $? - -# -s 3,ahci-cd \ -# -s 3,ahci-cd,/mnt/linux/SNG7-FPBX-64bit-1904-2.iso \ - -# bhyvectl --get-all --vm=pbx - -# cu -l /dev/nmdm90B -# (This uses cu() so press ~+Ctrl-D to exit) - -#on base system: -#zfs create -V 32G -o refreservation=none ship/raw/pbx -# on boot -#ifconfig tap90 create -#ifconfig bridge1 addm tap90 up -#ifconfig tap90 up -#ifconfig tap90 inet6 auto_linklocal -#ifconfig tap190 create -#ifconfig bridge2 addm tap190 up -#ifconfig tap190 up -#ifconfig tap190 inet6 auto_linklocal diff --git a/jails/config/vm/pkg-list-details-old.txt b/jails/config/vm/pkg-list-details-old.txt deleted file mode 100644 index 2e52918..0000000 --- a/jails/config/vm/pkg-list-details-old.txt +++ /dev/null @@ -1,6 +0,0 @@ -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____bhyve-firmware-1.0_1 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____tmux-3.3a diff --git a/jails/config/vm/pkg-list-details.txt b/jails/config/vm/pkg-list-details.txt deleted file mode 100644 index 26c5817..0000000 --- a/jails/config/vm/pkg-list-details.txt +++ /dev/null @@ -1,6 +0,0 @@ -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____bhyve-firmware-1.0_1 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____tmux-3.3a diff --git a/jails/config/vm/pkg-list-old.txt b/jails/config/vm/pkg-list-old.txt deleted file mode 100644 index 2eb3cf9..0000000 --- a/jails/config/vm/pkg-list-old.txt +++ /dev/null @@ -1 +0,0 @@ -bash bash-completion bhyve-firmware nano pkg tmux diff --git a/jails/config/vm/pkg-list.txt b/jails/config/vm/pkg-list.txt deleted file mode 100644 index 2eb3cf9..0000000 --- a/jails/config/vm/pkg-list.txt +++ /dev/null @@ -1 +0,0 @@ -bash bash-completion bhyve-firmware nano pkg tmux diff --git a/jails/config/vm/r-windows.sh b/jails/config/vm/r-windows.sh deleted file mode 100755 index 70cd9d5..0000000 --- a/jails/config/vm/r-windows.sh +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/local/bin/bash - -# Copyright (c) 2018-2022, diyIT.org -# All rights reserved. -# -# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") -# https://diyit.org/license/ -# -# - -# ./r-windows.sh LTSC 1809 N under tmux - -# clean cached state -bhyvectl --destroy --vm=r-windows - -exit - -while true -do - -bhyve -c sockets=1,cores=2,threads=2 -m 8G -S -A -H -P \ --s 0,hostbridge \ --s 4,ahci-hd,/dev/zvol/ship/raw/r-windows,sectorsize=512 \ --s 5,virtio-net,tap85,mac=00:0A:0B:0C:0D:85 \ --s 6,ahci-hd,/dev/zvol/ship/raw/r-windows_data,sectorsize=512 \ --s 29,fbuf,tcp=0.0.0.0:5985,w=1600,h=900 \ --s 30,xhci,tablet \ --s 31,lpc -l com1,/dev/nmdm85A \ --l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \ -r-windows - -bhyve_exit=$? -# bhyve returns the following status codes: -# 0 - VM has been reset -# 1 - VM has been powered off -# 2 - VM has been halted -# 3 - VM generated a triple fault -# all other non-zero status codes are errors -# -if [ $bhyve_exit = 1 ] || [ $bhyve_exit = 2 ] -then - break -fi -echo `date` - restarting r-windows in 5 seconds - press ctrl-c to stop -sleep 5 - -done - -exit $? - -# -s 3,ahci,cd:/mnt/windows/w10.iso,cd:/mnt/windows/virtio-win.iso \ -# mounting the USB HDD as an attached drive to the system -#-s 3,ahci,cd:/mnt/windows/w10.iso,cd:/mnt/windows/virtio-win.iso,hd:/dev/daXp2 \ -# daX being an NTFS drive - -# bhyvectl --get-all --vm=r-windows - -# cu -l /dev/nmdm85B -# (This uses cu() so press ~+Ctrl-D to exit) - -#on base system: -#zfs create -V 32G -o refreservation=none ship/raw/r-windows -#zfs create -V 256G -o refreservation=none ship/raw/r-windows_data -# on boot -#ifconfig tap85 create -#ifconfig bridge1 addm tap85 up -#ifconfig tap85 up -#ifconfig tap85 inet6 auto_linklocal diff --git a/jails/config/vm/setup_jail.sh b/jails/config/vm/setup_jail.sh deleted file mode 100755 index 3c4e67d..0000000 --- a/jails/config/vm/setup_jail.sh +++ /dev/null @@ -1,4 +0,0 @@ -# requrired to run other configured scripts -/bin/sh /etc/rc -# launch tmux with jails -/mnt/config/startvms.sh diff --git a/jails/config/vm/startvms.sh b/jails/config/vm/startvms.sh deleted file mode 100755 index 04ae719..0000000 --- a/jails/config/vm/startvms.sh +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/sh - -# Copyright (c) 2018-2022, diyIT.org -# All rights reserved. -# -# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") -# https://diyit.org/license/ -# -# - -session="vm_tmux" - -# set up tmux -tmux start-server - -# create a new tmux session, naming the window freepbx -tmux new-session -d -s $session -n freepbx -tmux selectp -t 1 -tmux send-keys "cd /mnt/config;./pbx.sh" C-m - -# create a new window windows -tmux new-window -t $session:1 -n windows -tmux selectp -t 1 -tmux send-keys "cd /mnt/config;./windows.sh" C-m - -# create a new window ubuntu -tmux new-window -t $session:2 -n ubuntu -tmux selectp -t 1 -tmux send-keys "cd /mnt/config;./ubuntu.sh" C-m - -# create a new window freebsd -tmux new-window -t $session:3 -n freebsd -tmux selectp -t 1 -tmux send-keys "cd /mnt/config;./freebsd.sh" C-m - -# create a new window w2019 -tmux new-window -t $session:4 -n w2019 -tmux selectp -t 1 -tmux send-keys "cd /mnt/config;./w2019.sh" C-m - -# create a new window r-windows -tmux new-window -t $session:5 -n r-windows -tmux selectp -t 1 -tmux send-keys "cd /mnt/config;./r-windows.sh" C-m - -# create a new window gns3 -tmux new-window -t $session:6 -n gns3 -tmux selectp -t 1 -tmux send-keys "cd /mnt/config;./gns3.sh" C-m - -# create a new window cvm-a -tmux new-window -t $session:7 -n cvm-a -tmux selectp -t 1 -tmux send-keys "cd /mnt/config;./cvm-a.sh" C-m - -# create a new window cvm-b -tmux new-window -t $session:8 -n cvm-b -tmux selectp -t 1 -tmux send-keys "cd /mnt/config;./cvm-b.sh" C-m - -# return to main window -tmux select-window -t $session:0 -tmux selectp -t 1 - -# Finished setup, attach to the tmux session! -#tmux attach-session -t $session diff --git a/jails/config/vm/ubuntu.sh b/jails/config/vm/ubuntu.sh deleted file mode 100755 index 86caa27..0000000 --- a/jails/config/vm/ubuntu.sh +++ /dev/null @@ -1,62 +0,0 @@ -#!/usr/local/bin/bash - -# Copyright (c) 2018-2022, diyIT.org -# All rights reserved. -# -# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") -# https://diyit.org/license/ -# -# - -# ./ubuntu.sh under tmux - -# clean cached state -bhyvectl --destroy --vm=ubuntu - -while true -do - -bhyve -c 8 -m 16G -A -H -P \ --s 0,hostbridge \ --s 3,ahci-cd \ --s 4,virtio-blk,/dev/zvol/ship/raw/ubuntu \ --s 5,virtio-net,tap82,mac=00:0A:0B:0C:0D:82 \ --s 6,virtio-blk,/dev/zvol/ship/raw/ubuntu_data \ --s 7,virtio-net,tap4882,mac=00:0A:0B:0C:7D:82 \ --s 8,virtio-net,tap1082,mac=00:0A:0B:0C:8D:82 \ --s 9,virtio-net,tap2082,mac=00:0A:0B:0C:9D:82 \ --s 29,fbuf,tcp=0.0.0.0:5982,w=1600,h=900 \ --s 30,xhci,tablet \ --s 31,lpc -l com1,/dev/nmdm82A \ --l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \ -ubuntu - -bhyve_exit=$? -# bhyve returns the following status codes: -# 0 - VM has been reset -# 1 - VM has been powered off -# 2 - VM has been halted -# 3 - VM generated a triple fault -# all other non-zero status codes are errors -# -if [ $bhyve_exit = 1 ] || [ $bhyve_exit = 2 ] -then - break -fi -echo `date` - restarting ubuntu in 5 seconds - press ctrl-c to stop -sleep 5 - -done - -exit $? - -# -s 3,ahci-cd,/mnt/linux/ubuntu-18.04.3-server-amd64.iso \ - -# bhyvectl --get-all --vm=ubuntu - -# cu -l /dev/nmdm82B -# (This uses cu() so press ~+Ctrl-D to exit) - -#on base system: -#zfs create -V 32G -o refreservation=none ship/raw/ubuntu -#zfs create -V 128G -o refreservation=none ship/raw/ubuntu_data diff --git a/jails/config/vm/w2019.sh b/jails/config/vm/w2019.sh deleted file mode 100755 index 7577832..0000000 --- a/jails/config/vm/w2019.sh +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/local/bin/bash - -# Copyright (c) 2018-2022, diyIT.org -# All rights reserved. -# -# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") -# https://diyit.org/license/ -# -# - -# ./w2019.sh DC 1809 under tmux - -# clean cached state -bhyvectl --destroy --vm=w2019 - -exit - -while true -do - -bhyve -c sockets=1,cores=2,threads=2 -m 16G -S -A -H -P \ --s 0,hostbridge \ --s 4,ahci-hd,/dev/zvol/ship/raw/w2019,sectorsize=512 \ --s 5,virtio-net,tap84,mac=00:0A:0B:0C:0D:84 \ --s 6,ahci-hd,/dev/zvol/ship/raw/w2019_data,sectorsize=512 \ --s 29,fbuf,tcp=0.0.0.0:5984,w=1600,h=900 \ --s 30,xhci,tablet \ --s 31,lpc -l com1,/dev/nmdm84A \ --l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \ -w2019 - -bhyve_exit=$? -# bhyve returns the following status codes: -# 0 - VM has been reset -# 1 - VM has been powered off -# 2 - VM has been halted -# 3 - VM generated a triple fault -# all other non-zero status codes are errors -# -if [ $bhyve_exit = 1 ] || [ $bhyve_exit = 2 ] -then - break -fi -echo `date` - restarting w2019 in 5 seconds - press ctrl-c to stop -sleep 5 - -done - -exit $? - -# -s 3,ahci,cd:/mnt/windows/w2019.iso,cd:/mnt/windows/virtio-win.iso \ -# mounting the USB HDD as an attached drive to the system -#-s 3,ahci,cd:/mnt/windows/w2019.iso,cd:/mnt/windows/virtio-win.iso,hd:/dev/daXp2 \ -# daX being an NTFS drive - -# bhyvectl --get-all --vm=w2109 - -# cu -l /dev/nmdm84B -# (This uses cu() so press ~+Ctrl-D to exit) - -#on base system: -#zfs create -V 32G -o refreservation=none ship/raw/w2109 -#zfs create -V 128G -o refreservation=none ship/raw/w2019_data -# on boot -#ifconfig tap84 create -#ifconfig bridge1 addm tap84 up -#ifconfig tap84 up -#ifconfig tap84 inet6 auto_linklocal diff --git a/jails/config/vm/windows.sh b/jails/config/vm/windows.sh deleted file mode 100755 index adab4bc..0000000 --- a/jails/config/vm/windows.sh +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/local/bin/bash - -# Copyright (c) 2018-2022, diyIT.org -# All rights reserved. -# -# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") -# https://diyit.org/license/ -# -# - -# ./windows.sh LTSC 1809 N under tmux - -# clean cached state -bhyvectl --destroy --vm=windows - -exit - -while true -do - -bhyve -c sockets=1,cores=2,threads=2 -m 8G -S -A -H -P \ --s 0,hostbridge \ --s 4,ahci-hd,/dev/zvol/ship/raw/windows,sectorsize=512 \ --s 5,virtio-net,tap81,mac=00:0A:0B:0C:0D:81 \ --s 6,ahci-hd,/dev/zvol/ship/raw/windows_data,sectorsize=512 \ --s 29,fbuf,tcp=0.0.0.0:5981,w=1600,h=900 \ --s 30,xhci,tablet \ --s 31,lpc -l com1,/dev/nmdm81A \ --l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \ -windows - -bhyve_exit=$? -# bhyve returns the following status codes: -# 0 - VM has been reset -# 1 - VM has been powered off -# 2 - VM has been halted -# 3 - VM generated a triple fault -# all other non-zero status codes are errors -# -if [ $bhyve_exit = 1 ] || [ $bhyve_exit = 2 ] -then - break -fi -echo `date` - restarting windows in 5 seconds - press ctrl-c to stop -sleep 5 - -done - -exit $? - -# -s 3,ahci,cd:/mnt/windows/w10.iso,cd:/mnt/windows/virtio-win.iso \ -# mounting the USB HDD as an attached drive to the system -#-s 3,ahci,cd:/mnt/windows/w10.iso,cd:/mnt/windows/virtio-win.iso,hd:/dev/daXp2 \ -# daX being an NTFS drive - -# bhyvectl --get-all --vm=windows - -# cu -l /dev/nmdm81B -# (This uses cu() so press ~+Ctrl-D to exit) - -#on base system: -#zfs create -V 32G -o refreservation=none ship/raw/windows -#zfs create -V 128G -o refreservation=none ship/raw/windows_data -# on boot -#ifconfig tap81 create -#ifconfig bridge1 addm tap81 up -#ifconfig tap81 up -#ifconfig tap81 inet6 auto_linklocal diff --git a/jails/config/vpngw/pkg-list-details-old.txt b/jails/config/vpngw/pkg-list-details-old.txt index b9fc7aa..b6c4ee1 100644 --- a/jails/config/vpngw/pkg-list-details-old.txt +++ b/jails/config/vpngw/pkg-list-details-old.txt @@ -1,7 +1,7 @@ -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____git-2.38.1_3 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____openvpn-2.5.8 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____rsync-3.2.6 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____git-2.49.0 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____openvpn-2.6.14 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____rsync-3.4.1_2 diff --git a/jails/config/vpngw/pkg-list-details.txt b/jails/config/vpngw/pkg-list-details.txt index 05447dd..b6c4ee1 100644 --- a/jails/config/vpngw/pkg-list-details.txt +++ b/jails/config/vpngw/pkg-list-details.txt @@ -1,7 +1,7 @@ -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____git-2.38.1_4 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____openvpn-2.5.8 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____rsync-3.2.6 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____git-2.49.0 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____openvpn-2.6.14 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____rsync-3.4.1_2 diff --git a/jails/config/web-datavpc/020_mod_ssl.conf b/jails/config/web-datavpc/020_mod_ssl.conf deleted file mode 100644 index 3fbba40..0000000 --- a/jails/config/web-datavpc/020_mod_ssl.conf +++ /dev/null @@ -1,11 +0,0 @@ -Listen 443 -SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 -SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 -SSLHonorCipherOrder on -SSLCompression off -# SSLUseStapling on -SSLSessionTickets off -SSLOptions +StrictRequire -SSLPassPhraseDialog builtin -SSLSessionCacheTimeout 300 -SSLSessionCache shmcb:/usr/local/etc/apache24/ssl_scache(512000) diff --git a/jails/config/web-datavpc/httpd.conf b/jails/config/web-datavpc/httpd.conf deleted file mode 100644 index 2c6523a..0000000 --- a/jails/config/web-datavpc/httpd.conf +++ /dev/null @@ -1,702 +0,0 @@ -# -# This is the main Apache HTTP server configuration file. It contains the -# configuration directives that give the server its instructions. -# See for detailed information. -# In particular, see -# -# for a discussion of each configuration directive. -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# -# Configuration and logfile names: If the filenames you specify for many -# of the server's control files begin with "/" (or "drive:/" for Win32), the -# server will use that explicit path. If the filenames do *not* begin -# with "/", the value of ServerRoot is prepended -- so "logs/access_log" -# with ServerRoot set to "/usr/local/apache2" will be interpreted by the -# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log" -# will be interpreted as '/logs/access_log'. - -# -# ServerRoot: The top of the directory tree under which the server's -# configuration, error, and log files are kept. -# -# Do not add a slash at the end of the directory path. If you point -# ServerRoot at a non-local disk, be sure to specify a local disk on the -# Mutex directive, if file-based mutexes are used. If you wish to share the -# same ServerRoot for multiple httpd daemons, you will need to change at -# least PidFile. -# -ServerRoot "/usr/local" - -# -# Mutex: Allows you to set the mutex mechanism and mutex file directory -# for individual mutexes, or change the global defaults -# -# Uncomment and change the directory if mutexes are file-based and the default -# mutex file directory is not on a local disk or is not appropriate for some -# other reason. -# -# Mutex default:/var/run - -# -# Listen: Allows you to bind Apache to specific IP addresses and/or -# ports, instead of the default. See also the -# directive. -# -# Change this to Listen on specific IP addresses as shown below to -# prevent Apache from glomming onto all bound IP addresses. -# -#Listen 12.34.56.78:80 -#Listen 80 - -# -# Dynamic Shared Object (DSO) Support -# -# To be able to use the functionality of a module which was built as a DSO you -# have to place corresponding `LoadModule' lines at this location so the -# directives contained in it are actually available _before_ they are used. -# Statically compiled modules (those listed by `httpd -l') do not need -# to be loaded here. -# -# Example: -# LoadModule foo_module modules/mod_foo.so -# -LoadModule mpm_event_module libexec/apache24/mod_mpm_event.so -#LoadModule mpm_prefork_module libexec/apache24/mod_mpm_prefork.so -#LoadModule mpm_worker_module libexec/apache24/mod_mpm_worker.so -LoadModule authn_file_module libexec/apache24/mod_authn_file.so -#LoadModule authn_dbm_module libexec/apache24/mod_authn_dbm.so -#LoadModule authn_anon_module libexec/apache24/mod_authn_anon.so -#LoadModule authn_dbd_module libexec/apache24/mod_authn_dbd.so -#LoadModule authn_socache_module libexec/apache24/mod_authn_socache.so -LoadModule authn_core_module libexec/apache24/mod_authn_core.so -LoadModule authz_host_module libexec/apache24/mod_authz_host.so -LoadModule authz_groupfile_module libexec/apache24/mod_authz_groupfile.so -LoadModule authz_user_module libexec/apache24/mod_authz_user.so -#LoadModule authz_dbm_module libexec/apache24/mod_authz_dbm.so -#LoadModule authz_owner_module libexec/apache24/mod_authz_owner.so -#LoadModule authz_dbd_module libexec/apache24/mod_authz_dbd.so -LoadModule authz_core_module libexec/apache24/mod_authz_core.so -#LoadModule authnz_fcgi_module libexec/apache24/mod_authnz_fcgi.so -LoadModule access_compat_module libexec/apache24/mod_access_compat.so -LoadModule auth_basic_module libexec/apache24/mod_auth_basic.so -#LoadModule auth_form_module libexec/apache24/mod_auth_form.so -#LoadModule auth_digest_module libexec/apache24/mod_auth_digest.so -#LoadModule allowmethods_module libexec/apache24/mod_allowmethods.so -#LoadModule file_cache_module libexec/apache24/mod_file_cache.so -#LoadModule cache_module libexec/apache24/mod_cache.so -#LoadModule cache_disk_module libexec/apache24/mod_cache_disk.so -#LoadModule cache_socache_module libexec/apache24/mod_cache_socache.so -LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so -#LoadModule socache_dbm_module libexec/apache24/mod_socache_dbm.so -#LoadModule socache_memcache_module libexec/apache24/mod_socache_memcache.so -#LoadModule watchdog_module libexec/apache24/mod_watchdog.so -#LoadModule macro_module libexec/apache24/mod_macro.so -#LoadModule dbd_module libexec/apache24/mod_dbd.so -#LoadModule dumpio_module libexec/apache24/mod_dumpio.so -#LoadModule buffer_module libexec/apache24/mod_buffer.so -#LoadModule data_module libexec/apache24/mod_data.so -#LoadModule ratelimit_module libexec/apache24/mod_ratelimit.so -LoadModule reqtimeout_module libexec/apache24/mod_reqtimeout.so -#LoadModule ext_filter_module libexec/apache24/mod_ext_filter.so -#LoadModule request_module libexec/apache24/mod_request.so -#LoadModule include_module libexec/apache24/mod_include.so -LoadModule filter_module libexec/apache24/mod_filter.so -#LoadModule reflector_module libexec/apache24/mod_reflector.so -#LoadModule substitute_module libexec/apache24/mod_substitute.so -#LoadModule sed_module libexec/apache24/mod_sed.so -#LoadModule charset_lite_module libexec/apache24/mod_charset_lite.so -LoadModule deflate_module libexec/apache24/mod_deflate.so -#LoadModule xml2enc_module libexec/apache24/mod_xml2enc.so -#LoadModule proxy_html_module libexec/apache24/mod_proxy_html.so -LoadModule mime_module libexec/apache24/mod_mime.so -LoadModule log_config_module libexec/apache24/mod_log_config.so -#LoadModule log_debug_module libexec/apache24/mod_log_debug.so -#LoadModule log_forensic_module libexec/apache24/mod_log_forensic.so -#LoadModule logio_module libexec/apache24/mod_logio.so -LoadModule env_module libexec/apache24/mod_env.so -#LoadModule mime_magic_module libexec/apache24/mod_mime_magic.so -#LoadModule cern_meta_module libexec/apache24/mod_cern_meta.so -LoadModule expires_module libexec/apache24/mod_expires.so -LoadModule headers_module libexec/apache24/mod_headers.so -#LoadModule usertrack_module libexec/apache24/mod_usertrack.so -#LoadModule unique_id_module libexec/apache24/mod_unique_id.so -LoadModule setenvif_module libexec/apache24/mod_setenvif.so -LoadModule version_module libexec/apache24/mod_version.so -#LoadModule remoteip_module libexec/apache24/mod_remoteip.so -LoadModule proxy_module libexec/apache24/mod_proxy.so -#LoadModule proxy_connect_module libexec/apache24/mod_proxy_connect.so -#LoadModule proxy_ftp_module libexec/apache24/mod_proxy_ftp.so -#LoadModule proxy_http_module libexec/apache24/mod_proxy_http.so -LoadModule proxy_fcgi_module libexec/apache24/mod_proxy_fcgi.so -#LoadModule proxy_scgi_module libexec/apache24/mod_proxy_scgi.so -#LoadModule proxy_uwsgi_module libexec/apache24/mod_proxy_uwsgi.so -#LoadModule proxy_fdpass_module libexec/apache24/mod_proxy_fdpass.so -#LoadModule proxy_wstunnel_module libexec/apache24/mod_proxy_wstunnel.so -#LoadModule proxy_ajp_module libexec/apache24/mod_proxy_ajp.so -#LoadModule proxy_balancer_module libexec/apache24/mod_proxy_balancer.so -#LoadModule proxy_express_module libexec/apache24/mod_proxy_express.so -#LoadModule proxy_hcheck_module libexec/apache24/mod_proxy_hcheck.so -#LoadModule session_module libexec/apache24/mod_session.so -#LoadModule session_cookie_module libexec/apache24/mod_session_cookie.so -#LoadModule session_crypto_module libexec/apache24/mod_session_crypto.so -#LoadModule session_dbd_module libexec/apache24/mod_session_dbd.so -#LoadModule slotmem_shm_module libexec/apache24/mod_slotmem_shm.so -#LoadModule slotmem_plain_module libexec/apache24/mod_slotmem_plain.so -LoadModule ssl_module libexec/apache24/mod_ssl.so -#LoadModule dialup_module libexec/apache24/mod_dialup.so -LoadModule http2_module libexec/apache24/mod_http2.so -LoadModule proxy_http2_module libexec/apache24/mod_proxy_http2.so -#LoadModule lbmethod_byrequests_module libexec/apache24/mod_lbmethod_byrequests.so -#LoadModule lbmethod_bytraffic_module libexec/apache24/mod_lbmethod_bytraffic.so -#LoadModule lbmethod_bybusyness_module libexec/apache24/mod_lbmethod_bybusyness.so -#LoadModule lbmethod_heartbeat_module libexec/apache24/mod_lbmethod_heartbeat.so -LoadModule unixd_module libexec/apache24/mod_unixd.so -#LoadModule heartbeat_module libexec/apache24/mod_heartbeat.so -#LoadModule heartmonitor_module libexec/apache24/mod_heartmonitor.so -#LoadModule dav_module libexec/apache24/mod_dav.so -LoadModule status_module libexec/apache24/mod_status.so -LoadModule autoindex_module libexec/apache24/mod_autoindex.so -#LoadModule asis_module libexec/apache24/mod_asis.so -#LoadModule info_module libexec/apache24/mod_info.so - - #LoadModule cgid_module libexec/apache24/mod_cgid.so - - - #LoadModule cgi_module libexec/apache24/mod_cgi.so - -#LoadModule dav_fs_module libexec/apache24/mod_dav_fs.so -#LoadModule dav_lock_module libexec/apache24/mod_dav_lock.so -#LoadModule vhost_alias_module libexec/apache24/mod_vhost_alias.so -#LoadModule negotiation_module libexec/apache24/mod_negotiation.so -LoadModule dir_module libexec/apache24/mod_dir.so -#LoadModule imagemap_module libexec/apache24/mod_imagemap.so -#LoadModule actions_module libexec/apache24/mod_actions.so -#LoadModule speling_module libexec/apache24/mod_speling.so -#LoadModule userdir_module libexec/apache24/mod_userdir.so -LoadModule alias_module libexec/apache24/mod_alias.so -LoadModule rewrite_module libexec/apache24/mod_rewrite.so - -# Third party modules -IncludeOptional etc/apache24/modules.d/[0-9][0-9][0-9]_*.conf - - -# -# If you wish httpd to run as a different user or group, you must run -# httpd as root initially and it will switch. -# -# User/Group: The name (or #number) of the user/group to run httpd as. -# It is usually good practice to create a dedicated user and group for -# running httpd, as with most system services. -# -User www -Group www - - - -# 'Main' server configuration -# -# The directives in this section set up the values used by the 'main' -# server, which responds to any requests that aren't handled by a -# definition. These values also provide defaults for -# any containers you may define later in the file. -# -# All of these directives may appear inside containers, -# in which case these default settings will be overridden for the -# virtual host being defined. -# - -# -# ServerAdmin: Your address, where problems with the server should be -# e-mailed. This address appears on some server-generated pages, such -# as error documents. e.g. admin@your-domain.com -# -ServerAdmin sharad@ahlawat.com - -# -# ServerName gives the name and port that the server uses to identify itself. -# This can often be determined automatically, but we recommend you specify -# it explicitly to prevent problems during startup. -# -# If your host doesn't have a registered DNS name, enter its IP address here. -# -ServerName www.datavpc.com - -# -# Deny access to the entirety of your server's filesystem. You must -# explicitly permit access to web content directories in other -# blocks below. -# - - AllowOverride none - Require all denied - - -# -# Note that from this point forward you must specifically allow -# particular features to be enabled - so if something's not working as -# you might expect, make sure that you have specifically enabled it -# below. -# - -# -# DocumentRoot: The directory out of which you will serve your -# documents. By default, all requests are taken from this directory, but -# symbolic links and aliases may be used to point to other locations. -# -DocumentRoot "/usr/local/www/apache24/data" - - -# can't set this if traffic is passing through haproxy and being redirected to ssl already -# RewriteEngine on -# RewriteRule ^/\.well-known/ - [L] -# RewriteRule (.*) https://www.datavpc.com [R,L] - - # - # Possible values for the Options directive are "None", "All", - # or any combination of: - # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews - # - # Note that "MultiViews" must be named *explicitly* --- "Options All" - # doesn't give it to you. - # - # The Options directive is both complicated and important. Please see - # http://httpd.apache.org/docs/2.4/mod/core.html#options - # for more information. - # - Options Indexes FollowSymLinks - - # - # AllowOverride controls what directives may be placed in .htaccess files. - # It can be "All", "None", or any combination of the keywords: - # AllowOverride FileInfo AuthConfig Limit - # - AllowOverride None - - # - # Controls who can get stuff from this server. - # - Require all granted - - -# -# DirectoryIndex: sets the file that Apache will serve if a directory -# is requested. -# - - DirectoryIndex index.php index.html - - SetHandler application/x-httpd-php - - - SetHandler application/x-httpd-php-source - - - -# -# The following lines prevent .htaccess and .htpasswd files from being -# viewed by Web clients. -# - - Require all denied - - -# -# ErrorLog: The location of the error log file. -# If you do not specify an ErrorLog directive within a -# container, error messages relating to that virtual host will be -# logged here. If you *do* define an error logfile for a -# container, that host's errors will be logged there and not here. -# -ErrorLog "/var/log/httpd-error.log" - -# -# LogLevel: Control the number of messages logged to the error_log. -# Possible values include: debug, info, notice, warn, error, crit, -# alert, emerg. -# -LogLevel warn - - - # - # The following directives define some format nicknames for use with - # a CustomLog directive (see below). - # - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined - LogFormat "%h %l %u %t \"%r\" %>s %b" common - - - # You need to enable mod_logio.c to use %I and %O - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio - - - # - # The location and format of the access logfile (Common Logfile Format). - # If you do not define any access logfiles within a - # container, they will be logged here. Contrariwise, if you *do* - # define per- access logfiles, transactions will be - # logged therein and *not* in this file. - # - CustomLog "/var/log/httpd-access.log" common - - # - # If you prefer a logfile with access, agent, and referer information - # (Combined Logfile Format) you can use the following directive. - # - #CustomLog "/var/log/httpd-access.log" combined - - - - # - # Redirect: Allows you to tell clients about documents that used to - # exist in your server's namespace, but do not anymore. The client - # will make a new request for the document at its new location. - # Example: - # Redirect permanent /foo http://www.example.com/bar - - # - # Alias: Maps web paths into filesystem paths and is used to - # access content that does not live under the DocumentRoot. - # Example: - # Alias /webpath /full/filesystem/path - # - # If you include a trailing / on /webpath then the server will - # require it to be present in the URL. You will also likely - # need to provide a section to allow access to - # the filesystem path. - - # - # ScriptAlias: This controls which directories contain server scripts. - # ScriptAliases are essentially the same as Aliases, except that - # documents in the target directory are treated as applications and - # run by the server when requested rather than as documents sent to the - # client. The same rules about trailing "/" apply to ScriptAlias - # directives as to Alias. - # - ScriptAlias /cgi-bin/ "/usr/local/www/apache24/cgi-bin/" - - - - - # - # ScriptSock: On threaded servers, designate the path to the UNIX - # socket used to communicate with the CGI daemon of mod_cgid. - # - #Scriptsock cgisock - - -# -# "/usr/local/www/apache24/cgi-bin" should be changed to whatever your ScriptAliased -# CGI directory exists, if you have that configured. -# - - AllowOverride None - Options None - Require all granted - - - - # - # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied - # backend servers which have lingering "httpoxy" defects. - # 'Proxy' request header is undefined by the IETF, not listed by IANA - # - RequestHeader unset Proxy early - - - - # - # TypesConfig points to the file containing the list of mappings from - # filename extension to MIME-type. - # - TypesConfig etc/apache24/mime.types - - # - # AddType allows you to add to or override the MIME configuration - # file specified in TypesConfig for specific file types. - # - #AddType application/x-gzip .tgz - # - # AddEncoding allows you to have certain browsers uncompress - # information on the fly. Note: Not all browsers support this. - # - #AddEncoding x-compress .Z - #AddEncoding x-gzip .gz .tgz - # - # If the AddEncoding directives above are commented-out, then you - # probably should define those extensions to indicate media types: - # - AddType application/x-compress .Z - AddType application/x-gzip .gz .tgz - - # - # AddHandler allows you to map certain file extensions to "handlers": - # actions unrelated to filetype. These can be either built into the server - # or added with the Action directive (see below) - # - # To use CGI scripts outside of ScriptAliased directories: - # (You will also need to add "ExecCGI" to the "Options" directive.) - # - #AddHandler cgi-script .cgi - - # For type maps (negotiated resources): - #AddHandler type-map var - - # - # Filters allow you to process content before it is sent to the client. - # - # To parse .shtml files for server-side includes (SSI): - # (You will also need to add "Includes" to the "Options" directive.) - # - #AddType text/html .shtml - #AddOutputFilter INCLUDES .shtml - - AddType application/x-httpd-php .php - AddType application/x-httpd-php-source .phps - - - -# -# The mod_mime_magic module allows the server to use various hints from the -# contents of the file itself to determine its type. The MIMEMagicFile -# directive tells the module where the hint definitions are located. -# -#MIMEMagicFile etc/apache24/magic - -# -# Customizable error responses come in three flavors: -# 1) plain text 2) local redirects 3) external redirects -# -# Some examples: -#ErrorDocument 500 "The server made a boo boo." -#ErrorDocument 404 /missing.html -#ErrorDocument 404 "/cgi-bin/missing_handler.pl" -#ErrorDocument 402 http://www.example.com/subscription_info.html -# - -# -# MaxRanges: Maximum number of Ranges in a request before -# returning the entire resource, or one of the special -# values 'default', 'none' or 'unlimited'. -# Default setting is to accept 200 Ranges. -#MaxRanges unlimited - -# -# EnableMMAP and EnableSendfile: On systems that support it, -# memory-mapping or the sendfile syscall may be used to deliver -# files. This usually improves server performance, but must -# be turned off when serving from networked-mounted -# filesystems or if support for these functions is otherwise -# broken on your system. -# Defaults: EnableMMAP On, EnableSendfile Off -# -#EnableMMAP off -#EnableSendfile on - -# Supplemental configuration -# -# The configuration files in the etc/apache24/extra/ directory can be -# included to add extra features or to modify the default configuration of -# the server, or you may simply copy their contents here and change as -# necessary. - -# Server-pool management (MPM specific) -#Include etc/apache24/extra/httpd-mpm.conf - -# Multi-language error messages -#Include etc/apache24/extra/httpd-multilang-errordoc.conf - -# Fancy directory listings -#Include etc/apache24/extra/httpd-autoindex.conf - -# Language settings -#Include etc/apache24/extra/httpd-languages.conf - -# User home directories -#Include etc/apache24/extra/httpd-userdir.conf - -# Real-time info on requests and configuration -#Include etc/apache24/extra/httpd-info.conf - -# Virtual hosts -#Include etc/apache24/extra/httpd-vhosts.conf - -# Local access to the Apache HTTP Server Manual -#Include etc/apache24/extra/httpd-manual.conf - -# Distributed authoring and versioning (WebDAV) -#Include etc/apache24/extra/httpd-dav.conf - -# Various default settings -#Include etc/apache24/extra/httpd-default.conf - -# Configure mod_proxy_html to understand HTML4/XHTML1 - -Include etc/apache24/extra/proxy-html.conf - - -# Secure (SSL/TLS) connections -#Include etc/apache24/extra/httpd-ssl.conf -# -# Note: The following must must be present to support -# starting without SSL on platforms with no /dev/random equivalent -# but a statically compiled-in mod_ssl. -# - -SSLRandomSeed startup builtin -SSLRandomSeed connect builtin - - -Include etc/apache24/Includes/*.conf - - - ServerName www.datavpc.com - ServerAlias *.datavpc.com - ServerAlias datavpc.com - - Protocols h2 http/1.1 - - DocumentRoot "/usr/local/www/apache24/data/" - - SSLEngine on - SSLCertificateFile "/mnt/certs/dvpcfullchain.pem" - SSLCertificateKeyFile "/mnt/certs/dvpcprivkey.pem" - #SSLCertificateChainFile "/mnt/certs/dvpcfullchain.pem" - SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - SSLHonorCipherOrder off - SSLSessionTickets off - SSLOptions +StrictRequire -# SSLCompression off - - RewriteEngine On - RewriteCond %{HTTP:Authorization} ^(.*) - RewriteRule .* - [e=HTTP_AUTHORIZATION:%1] - - - SetHandler "proxy:fcgi://127.0.0.1:9000" - SSLOptions +StdEnvVars - - - - SSLOptions +StdEnvVars - - - BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 - CustomLog "/var/log/ssl-request.log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" - - - Options Indexes FollowSymLinks MultiViews - ## IndexOptions FancyIndexing FoldersFirst IgnoreCase VersionSort SuppressHTMLPreamble NameWidth=96 DescriptionWidth=16 - IndexOptions FancyIndexing FoldersFirst IgnoreCase NameWidth=96 - - #AllowOverride controls what directives may be placed in .htaccess files. - #AllowOverride All - #AllowOverride AuthConfig - #Controls who can get stuff from this server file - #Require all granted - - - ErrorLog "/var/log/ssl-error.log" - CustomLog "/var/log/ssl-access_log" combined - - - Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains" - - - -ExpiresActive On -ExpiresDefault A0 - - -ExpiresDefault A31536000 - - - -ExpiresDefault A31536000 - - - -ExpiresDefault A31536000 - - - -ExpiresDefault A31536000 - - - - - - Header set Cache-Control "max-age=31536000" - - - - Header set Cache-Control "max-age=31536000" - - - - Header set Cache-Control "max-age=31536000" - - - - Header set Cache-Control "max-age=31536000" - - - - - SetOutputFilter DEFLATE - - - SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding - RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding - - - - AddOutputFilterByType DEFLATE "application/atom+xml" \ - "application/javascript" \ - "application/json" \ - "application/ld+json" \ - "application/manifest+json" \ - "application/rdf+xml" \ - "application/rss+xml" \ - "application/schema+json" \ - "application/vnd.geo+json" \ - "application/vnd.ms-fontobject" \ - "application/x-font-ttf" \ - "application/x-font-opentype" \ - "application/x-font-truetype" \ - "application/x-javascript" \ - "application/x-web-app-manifest+json" \ - "application/xhtml+xml" \ - "application/xml" \ - "font/eot" \ - "font/opentype" \ - "font/otf" \ - "image/bmp" \ - "image/svg+xml" \ - "image/vnd.microsoft.icon" \ - "image/x-icon" \ - "text/cache-manifest" \ - "text/css" \ - "text/html" \ - "text/javascript" \ - "text/plain" \ - "text/vcard" \ - "text/vnd.rim.location.xloc" \ - "text/vtt" \ - "text/x-component" \ - "text/x-cross-domain-policy" \ - "text/xml" - - - - AddEncoding gzip svgz - - - - - -SSLUseStapling On -SSLStaplingCache "shmcb:logs/ssl_stapling(32768)" diff --git a/jails/config/web-datavpc/php.ini b/jails/config/web-datavpc/php.ini deleted file mode 100644 index c04b984..0000000 --- a/jails/config/web-datavpc/php.ini +++ /dev/null @@ -1,1918 +0,0 @@ -[PHP] - -;;;;;;;;;;;;;;;;;;; -; About php.ini ; -;;;;;;;;;;;;;;;;;;; -; PHP's initialization file, generally called php.ini, is responsible for -; configuring many of the aspects of PHP's behavior. - -; PHP attempts to find and load this configuration from a number of locations. -; The following is a summary of its search order: -; 1. SAPI module specific location. -; 2. The PHPRC environment variable. (As of PHP 5.2.0) -; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0) -; 4. Current working directory (except CLI) -; 5. The web server's directory (for SAPI modules), or directory of PHP -; (otherwise in Windows) -; 6. The directory from the --with-config-file-path compile time option, or the -; Windows directory (C:\windows or C:\winnt) -; See the PHP docs for more specific information. -; http://php.net/configuration.file - -; The syntax of the file is extremely simple. Whitespace and lines -; beginning with a semicolon are silently ignored (as you probably guessed). -; Section headers (e.g. [Foo]) are also silently ignored, even though -; they might mean something in the future. - -; Directives following the section heading [PATH=/www/mysite] only -; apply to PHP files in the /www/mysite directory. Directives -; following the section heading [HOST=www.example.com] only apply to -; PHP files served from www.example.com. Directives set in these -; special sections cannot be overridden by user-defined INI files or -; at runtime. Currently, [PATH=] and [HOST=] sections only work under -; CGI/FastCGI. -; http://php.net/ini.sections - -; Directives are specified using the following syntax: -; directive = value -; Directive names are *case sensitive* - foo=bar is different from FOO=bar. -; Directives are variables used to configure PHP or PHP extensions. -; There is no name validation. If PHP can't find an expected -; directive because it is not set or is mistyped, a default value will be used. - -; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one -; of the INI constants (On, Off, True, False, Yes, No and None) or an expression -; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a -; previously set variable or directive (e.g. ${foo}) - -; Expressions in the INI file are limited to bitwise operators and parentheses: -; | bitwise OR -; ^ bitwise XOR -; & bitwise AND -; ~ bitwise NOT -; ! boolean NOT - -; Boolean flags can be turned on using the values 1, On, True or Yes. -; They can be turned off using the values 0, Off, False or No. - -; An empty string can be denoted by simply not writing anything after the equal -; sign, or by using the None keyword: - -; foo = ; sets foo to an empty string -; foo = None ; sets foo to an empty string -; foo = "None" ; sets foo to the string 'None' - -; If you use constants in your value, and these constants belong to a -; dynamically loaded extension (either a PHP extension or a Zend extension), -; you may only use these constants *after* the line that loads the extension. - -;;;;;;;;;;;;;;;;;;; -; About this file ; -;;;;;;;;;;;;;;;;;;; -; PHP comes packaged with two INI files. One that is recommended to be used -; in production environments and one that is recommended to be used in -; development environments. - -; php.ini-production contains settings which hold security, performance and -; best practices at its core. But please be aware, these settings may break -; compatibility with older or less security conscience applications. We -; recommending using the production ini in production and testing environments. - -; php.ini-development is very similar to its production variant, except it is -; much more verbose when it comes to errors. We recommend using the -; development version only in development environments, as errors shown to -; application users can inadvertently leak otherwise secure information. - -; This is php.ini-production INI file. - -;;;;;;;;;;;;;;;;;;; -; Quick Reference ; -;;;;;;;;;;;;;;;;;;; -; The following are all the settings which are different in either the production -; or development versions of the INIs with respect to PHP's default behavior. -; Please see the actual settings later in the document for more details as to why -; we recommend these changes in PHP's behavior. - -; display_errors -; Default Value: On -; Development Value: On -; Production Value: Off - -; display_startup_errors -; Default Value: Off -; Development Value: On -; Production Value: Off - -; error_reporting -; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED -; Development Value: E_ALL -; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT - -; html_errors -; Default Value: On -; Development Value: On -; Production value: On - -; log_errors -; Default Value: Off -; Development Value: On -; Production Value: On - -; max_input_time -; Default Value: -1 (Unlimited) -; Development Value: 60 (60 seconds) -; Production Value: 60 (60 seconds) - -; output_buffering -; Default Value: Off -; Development Value: 4096 -; Production Value: 4096 - -; register_argc_argv -; Default Value: On -; Development Value: Off -; Production Value: Off - -; request_order -; Default Value: None -; Development Value: "GP" -; Production Value: "GP" - -; session.gc_divisor -; Default Value: 100 -; Development Value: 1000 -; Production Value: 1000 - -; session.sid_bits_per_character -; Default Value: 4 -; Development Value: 5 -; Production Value: 5 - -; short_open_tag -; Default Value: On -; Development Value: Off -; Production Value: Off - -; track_errors -; Default Value: Off -; Development Value: On -; Production Value: Off - -; variables_order -; Default Value: "EGPCS" -; Development Value: "GPCS" -; Production Value: "GPCS" - -;;;;;;;;;;;;;;;;;;;; -; php.ini Options ; -;;;;;;;;;;;;;;;;;;;; -; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini" -;user_ini.filename = ".user.ini" - -; To disable this feature set this option to empty value -;user_ini.filename = - -; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes) -;user_ini.cache_ttl = 300 - -;;;;;;;;;;;;;;;;;;;; -; Language Options ; -;;;;;;;;;;;;;;;;;;;; - -; Enable the PHP scripting language engine under Apache. -; http://php.net/engine -engine = On - -; This directive determines whether or not PHP will recognize code between -; tags as PHP source which should be processed as such. It is -; generally recommended that should be used and that this feature -; should be disabled, as enabling it may result in issues when generating XML -; documents, however this remains supported for backward compatibility reasons. -; Note that this directive does not control the would work. -; http://php.net/syntax-highlighting -;highlight.string = #DD0000 -;highlight.comment = #FF9900 -;highlight.keyword = #007700 -;highlight.default = #0000BB -;highlight.html = #000000 - -; If enabled, the request will be allowed to complete even if the user aborts -; the request. Consider enabling it if executing long requests, which may end up -; being interrupted by the user or a browser timing out. PHP's default behavior -; is to disable this feature. -; http://php.net/ignore-user-abort -;ignore_user_abort = On - -; Determines the size of the realpath cache to be used by PHP. This value should -; be increased on systems where PHP opens many files to reflect the quantity of -; the file operations performed. -; http://php.net/realpath-cache-size -;realpath_cache_size = 4096k - -; Duration of time, in seconds for which to cache realpath information for a given -; file or directory. For systems with rarely changing files, consider increasing this -; value. -; http://php.net/realpath-cache-ttl -;realpath_cache_ttl = 120 - -; Enables or disables the circular reference collector. -; http://php.net/zend.enable-gc -zend.enable_gc = On - -; If enabled, scripts may be written in encodings that are incompatible with -; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such -; encodings. To use this feature, mbstring extension must be enabled. -; Default: Off -;zend.multibyte = Off - -; Allows to set the default encoding for the scripts. This value will be used -; unless "declare(encoding=...)" directive appears at the top of the script. -; Only affects if zend.multibyte is set. -; Default: "" -;zend.script_encoding = - -;;;;;;;;;;;;;;;;; -; Miscellaneous ; -;;;;;;;;;;;;;;;;; - -; Decides whether PHP may expose the fact that it is installed on the server -; (e.g. by adding its signature to the Web server header). It is no security -; threat in any way, but it makes it possible to determine whether you use PHP -; on your server or not. -; http://php.net/expose-php -expose_php = On - -;;;;;;;;;;;;;;;;;;; -; Resource Limits ; -;;;;;;;;;;;;;;;;;;; - -; Maximum execution time of each script, in seconds -; http://php.net/max-execution-time -; Note: This directive is hardcoded to 0 for the CLI SAPI -max_execution_time = 30 - -; Maximum amount of time each script may spend parsing request data. It's a good -; idea to limit this time on productions servers in order to eliminate unexpectedly -; long running scripts. -; Note: This directive is hardcoded to -1 for the CLI SAPI -; Default Value: -1 (Unlimited) -; Development Value: 60 (60 seconds) -; Production Value: 60 (60 seconds) -; http://php.net/max-input-time -max_input_time = 60 - -; Maximum input variable nesting level -; http://php.net/max-input-nesting-level -;max_input_nesting_level = 64 - -; How many GET/POST/COOKIE input variables may be accepted -; max_input_vars = 1000 - -; Maximum amount of memory a script may consume (128MB) -; http://php.net/memory-limit -memory_limit = 128M - -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; Error handling and logging ; -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - -; This directive informs PHP of which errors, warnings and notices you would like -; it to take action for. The recommended way of setting values for this -; directive is through the use of the error level constants and bitwise -; operators. The error level constants are below here for convenience as well as -; some common settings and their meanings. -; By default, PHP is set to take action on all errors, notices and warnings EXCEPT -; those related to E_NOTICE and E_STRICT, which together cover best practices and -; recommended coding standards in PHP. For performance reasons, this is the -; recommend error reporting setting. Your production server shouldn't be wasting -; resources complaining about best practices and coding standards. That's what -; development servers and development settings are for. -; Note: The php.ini-development file has this setting as E_ALL. This -; means it pretty much reports everything which is exactly what you want during -; development and early testing. -; -; Error Level Constants: -; E_ALL - All errors and warnings (includes E_STRICT as of PHP 5.4.0) -; E_ERROR - fatal run-time errors -; E_RECOVERABLE_ERROR - almost fatal run-time errors -; E_WARNING - run-time warnings (non-fatal errors) -; E_PARSE - compile-time parse errors -; E_NOTICE - run-time notices (these are warnings which often result -; from a bug in your code, but it's possible that it was -; intentional (e.g., using an uninitialized variable and -; relying on the fact it is automatically initialized to an -; empty string) -; E_STRICT - run-time notices, enable to have PHP suggest changes -; to your code which will ensure the best interoperability -; and forward compatibility of your code -; E_CORE_ERROR - fatal errors that occur during PHP's initial startup -; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's -; initial startup -; E_COMPILE_ERROR - fatal compile-time errors -; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) -; E_USER_ERROR - user-generated error message -; E_USER_WARNING - user-generated warning message -; E_USER_NOTICE - user-generated notice message -; E_DEPRECATED - warn about code that will not work in future versions -; of PHP -; E_USER_DEPRECATED - user-generated deprecation warnings -; -; Common Values: -; E_ALL (Show all errors, warnings and notices including coding standards.) -; E_ALL & ~E_NOTICE (Show all errors, except for notices) -; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.) -; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors) -; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED -; Development Value: E_ALL -; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT -; http://php.net/error-reporting -error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT - -; This directive controls whether or not and where PHP will output errors, -; notices and warnings too. Error output is very useful during development, but -; it could be very dangerous in production environments. Depending on the code -; which is triggering the error, sensitive information could potentially leak -; out of your application such as database usernames and passwords or worse. -; For production environments, we recommend logging errors rather than -; sending them to STDOUT. -; Possible Values: -; Off = Do not display any errors -; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) -; On or stdout = Display errors to STDOUT -; Default Value: On -; Development Value: On -; Production Value: Off -; http://php.net/display-errors -display_errors = Off - -; The display of errors which occur during PHP's startup sequence are handled -; separately from display_errors. PHP's default behavior is to suppress those -; errors from clients. Turning the display of startup errors on can be useful in -; debugging configuration problems. We strongly recommend you -; set this to 'off' for production servers. -; Default Value: Off -; Development Value: On -; Production Value: Off -; http://php.net/display-startup-errors -display_startup_errors = Off - -; Besides displaying errors, PHP can also log errors to locations such as a -; server-specific log, STDERR, or a location specified by the error_log -; directive found below. While errors should not be displayed on productions -; servers they should still be monitored and logging is a great way to do that. -; Default Value: Off -; Development Value: On -; Production Value: On -; http://php.net/log-errors -log_errors = On - -; Set maximum length of log_errors. In error_log information about the source is -; added. The default is 1024 and 0 allows to not apply any maximum length at all. -; http://php.net/log-errors-max-len -log_errors_max_len = 1024 - -; Do not log repeated messages. Repeated errors must occur in same file on same -; line unless ignore_repeated_source is set true. -; http://php.net/ignore-repeated-errors -ignore_repeated_errors = Off - -; Ignore source of message when ignoring repeated messages. When this setting -; is On you will not log errors with repeated messages from different files or -; source lines. -; http://php.net/ignore-repeated-source -ignore_repeated_source = Off - -; If this parameter is set to Off, then memory leaks will not be shown (on -; stdout or in the log). This has only effect in a debug compile, and if -; error reporting includes E_WARNING in the allowed list -; http://php.net/report-memleaks -report_memleaks = On - -; This setting is on by default. -;report_zend_debug = 0 - -; Store the last error/warning message in $php_errormsg (boolean). Setting this value -; to On can assist in debugging and is appropriate for development servers. It should -; however be disabled on production servers. -; This directive is DEPRECATED. -; Default Value: Off -; Development Value: Off -; Production Value: Off -; http://php.net/track-errors -;track_errors = Off - -; Turn off normal error reporting and emit XML-RPC error XML -; http://php.net/xmlrpc-errors -;xmlrpc_errors = 0 - -; An XML-RPC faultCode -;xmlrpc_error_number = 0 - -; When PHP displays or logs an error, it has the capability of formatting the -; error message as HTML for easier reading. This directive controls whether -; the error message is formatted as HTML or not. -; Note: This directive is hardcoded to Off for the CLI SAPI -; Default Value: On -; Development Value: On -; Production value: On -; http://php.net/html-errors -html_errors = On - -; If html_errors is set to On *and* docref_root is not empty, then PHP -; produces clickable error messages that direct to a page describing the error -; or function causing the error in detail. -; You can download a copy of the PHP manual from http://php.net/docs -; and change docref_root to the base URL of your local copy including the -; leading '/'. You must also specify the file extension being used including -; the dot. PHP's default behavior is to leave these settings empty, in which -; case no links to documentation are generated. -; Note: Never use this feature for production boxes. -; http://php.net/docref-root -; Examples -;docref_root = "/phpmanual/" - -; http://php.net/docref-ext -;docref_ext = .html - -; String to output before an error message. PHP's default behavior is to leave -; this setting blank. -; http://php.net/error-prepend-string -; Example: -;error_prepend_string = "" - -; String to output after an error message. PHP's default behavior is to leave -; this setting blank. -; http://php.net/error-append-string -; Example: -;error_append_string = "" - -; Log errors to specified file. PHP's default behavior is to leave this value -; empty. -; http://php.net/error-log -; Example: -;error_log = php_errors.log -; Log errors to syslog (Event Log on Windows). -;error_log = syslog - -;windows.show_crt_warning -; Default value: 0 -; Development value: 0 -; Production value: 0 - -;;;;;;;;;;;;;;;;; -; Data Handling ; -;;;;;;;;;;;;;;;;; - -; The separator used in PHP generated URLs to separate arguments. -; PHP's default setting is "&". -; http://php.net/arg-separator.output -; Example: -;arg_separator.output = "&" - -; List of separator(s) used by PHP to parse input URLs into variables. -; PHP's default setting is "&". -; NOTE: Every character in this directive is considered as separator! -; http://php.net/arg-separator.input -; Example: -;arg_separator.input = ";&" - -; This directive determines which super global arrays are registered when PHP -; starts up. G,P,C,E & S are abbreviations for the following respective super -; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty -; paid for the registration of these arrays and because ENV is not as commonly -; used as the others, ENV is not recommended on productions servers. You -; can still get access to the environment variables through getenv() should you -; need to. -; Default Value: "EGPCS" -; Development Value: "GPCS" -; Production Value: "GPCS"; -; http://php.net/variables-order -variables_order = "GPCS" - -; This directive determines which super global data (G,P & C) should be -; registered into the super global array REQUEST. If so, it also determines -; the order in which that data is registered. The values for this directive -; are specified in the same manner as the variables_order directive, -; EXCEPT one. Leaving this value empty will cause PHP to use the value set -; in the variables_order directive. It does not mean it will leave the super -; globals array REQUEST empty. -; Default Value: None -; Development Value: "GP" -; Production Value: "GP" -; http://php.net/request-order -request_order = "GP" - -; This directive determines whether PHP registers $argv & $argc each time it -; runs. $argv contains an array of all the arguments passed to PHP when a script -; is invoked. $argc contains an integer representing the number of arguments -; that were passed when the script was invoked. These arrays are extremely -; useful when running scripts from the command line. When this directive is -; enabled, registering these variables consumes CPU cycles and memory each time -; a script is executed. For performance reasons, this feature should be disabled -; on production servers. -; Note: This directive is hardcoded to On for the CLI SAPI -; Default Value: On -; Development Value: Off -; Production Value: Off -; http://php.net/register-argc-argv -register_argc_argv = Off - -; When enabled, the ENV, REQUEST and SERVER variables are created when they're -; first used (Just In Time) instead of when the script starts. If these -; variables are not used within a script, having this directive on will result -; in a performance gain. The PHP directive register_argc_argv must be disabled -; for this directive to have any affect. -; http://php.net/auto-globals-jit -auto_globals_jit = On - -; Whether PHP will read the POST data. -; This option is enabled by default. -; Most likely, you won't want to disable this option globally. It causes $_POST -; and $_FILES to always be empty; the only way you will be able to read the -; POST data will be through the php://input stream wrapper. This can be useful -; to proxy requests or to process the POST data in a memory efficient fashion. -; http://php.net/enable-post-data-reading -;enable_post_data_reading = Off - -; Maximum size of POST data that PHP will accept. -; Its value may be 0 to disable the limit. It is ignored if POST data reading -; is disabled through enable_post_data_reading. -; http://php.net/post-max-size -post_max_size = 8M - -; Automatically add files before PHP document. -; http://php.net/auto-prepend-file -auto_prepend_file = - -; Automatically add files after PHP document. -; http://php.net/auto-append-file -auto_append_file = - -; By default, PHP will output a media type using the Content-Type header. To -; disable this, simply set it to be empty. -; -; PHP's built-in default media type is set to text/html. -; http://php.net/default-mimetype -default_mimetype = "text/html" - -; PHP's default character set is set to UTF-8. -; http://php.net/default-charset -default_charset = "UTF-8" - -; PHP internal character encoding is set to empty. -; If empty, default_charset is used. -; http://php.net/internal-encoding -;internal_encoding = - -; PHP input character encoding is set to empty. -; If empty, default_charset is used. -; http://php.net/input-encoding -;input_encoding = - -; PHP output character encoding is set to empty. -; If empty, default_charset is used. -; See also output_buffer. -; http://php.net/output-encoding -;output_encoding = - -;;;;;;;;;;;;;;;;;;;;;;;;; -; Paths and Directories ; -;;;;;;;;;;;;;;;;;;;;;;;;; - -; UNIX: "/path1:/path2" -;include_path = ".:/php/includes" -; -; Windows: "\path1;\path2" -;include_path = ".;c:\php\includes" -; -; PHP's default setting for include_path is ".;/path/to/php/pear" -; http://php.net/include-path - -; The root of the PHP pages, used only if nonempty. -; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root -; if you are running php as a CGI under any web server (other than IIS) -; see documentation for security issues. The alternate is to use the -; cgi.force_redirect configuration below -; http://php.net/doc-root -doc_root = - -; The directory under which PHP opens the script using /~username used only -; if nonempty. -; http://php.net/user-dir -user_dir = - -; Directory in which the loadable extensions (modules) reside. -; http://php.net/extension-dir -; extension_dir = "./" -; On windows: -; extension_dir = "ext" - -; Directory where the temporary files should be placed. -; Defaults to the system default (see sys_get_temp_dir) -; sys_temp_dir = "/tmp" - -; Whether or not to enable the dl() function. The dl() function does NOT work -; properly in multithreaded servers, such as IIS or Zeus, and is automatically -; disabled on them. -; http://php.net/enable-dl -enable_dl = Off - -; cgi.force_redirect is necessary to provide security running PHP as a CGI under -; most web servers. Left undefined, PHP turns this on by default. You can -; turn it off here AT YOUR OWN RISK -; **You CAN safely turn this off for IIS, in fact, you MUST.** -; http://php.net/cgi.force-redirect -;cgi.force_redirect = 1 - -; if cgi.nph is enabled it will force cgi to always sent Status: 200 with -; every request. PHP's default behavior is to disable this feature. -;cgi.nph = 1 - -; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape -; (iPlanet) web servers, you MAY need to set an environment variable name that PHP -; will look for to know it is OK to continue execution. Setting this variable MAY -; cause security issues, KNOW WHAT YOU ARE DOING FIRST. -; http://php.net/cgi.redirect-status-env -;cgi.redirect_status_env = - -; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's -; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok -; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting -; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting -; of zero causes PHP to behave as before. Default is 1. You should fix your scripts -; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. -; http://php.net/cgi.fix-pathinfo -;cgi.fix_pathinfo=1 - -; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside -; of the web tree and people will not be able to circumvent .htaccess security. -; http://php.net/cgi.dicard-path -;cgi.discard_path=1 - -; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate -; security tokens of the calling client. This allows IIS to define the -; security context that the request runs under. mod_fastcgi under Apache -; does not currently support this feature (03/17/2002) -; Set to 1 if running under IIS. Default is zero. -; http://php.net/fastcgi.impersonate -;fastcgi.impersonate = 1 - -; Disable logging through FastCGI connection. PHP's default behavior is to enable -; this feature. -;fastcgi.logging = 0 - -; cgi.rfc2616_headers configuration option tells PHP what type of headers to -; use when sending HTTP response code. If set to 0, PHP sends Status: header that -; is supported by Apache. When this option is set to 1, PHP will send -; RFC2616 compliant header. -; Default is zero. -; http://php.net/cgi.rfc2616-headers -;cgi.rfc2616_headers = 0 - -; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #! -; (shebang) at the top of the running script. This line might be needed if the -; script support running both as stand-alone script and via PHP CGI<. PHP in CGI -; mode skips this line and ignores its content if this directive is turned on. -; http://php.net/cgi.check-shebang-line -;cgi.check_shebang_line=1 - -;;;;;;;;;;;;;;;; -; File Uploads ; -;;;;;;;;;;;;;;;; - -; Whether to allow HTTP file uploads. -; http://php.net/file-uploads -file_uploads = On - -; Temporary directory for HTTP uploaded files (will use system default if not -; specified). -; http://php.net/upload-tmp-dir -;upload_tmp_dir = - -; Maximum allowed size for uploaded files. -; http://php.net/upload-max-filesize -upload_max_filesize = 2M - -; Maximum number of files that can be uploaded via a single request -max_file_uploads = 20 - -;;;;;;;;;;;;;;;;;; -; Fopen wrappers ; -;;;;;;;;;;;;;;;;;; - -; Whether to allow the treatment of URLs (like http:// or ftp://) as files. -; http://php.net/allow-url-fopen -allow_url_fopen = On - -; Whether to allow include/require to open URLs (like http:// or ftp://) as files. -; http://php.net/allow-url-include -allow_url_include = Off - -; Define the anonymous ftp password (your email address). PHP's default setting -; for this is empty. -; http://php.net/from -;from="john@doe.com" - -; Define the User-Agent string. PHP's default setting for this is empty. -; http://php.net/user-agent -;user_agent="PHP" - -; Default timeout for socket based streams (seconds) -; http://php.net/default-socket-timeout -default_socket_timeout = 60 - -; If your scripts have to deal with files from Macintosh systems, -; or you are running on a Mac and need to deal with files from -; unix or win32 systems, setting this flag will cause PHP to -; automatically detect the EOL character in those files so that -; fgets() and file() will work regardless of the source of the file. -; http://php.net/auto-detect-line-endings -;auto_detect_line_endings = Off - -;;;;;;;;;;;;;;;;;;;;;; -; Dynamic Extensions ; -;;;;;;;;;;;;;;;;;;;;;; - -; If you wish to have an extension loaded automatically, use the following -; syntax: -; -; extension=modulename -; -; For example: -; -; extension=mysqli -; -; When the extension library to load is not located in the default extension -; directory, You may specify an absolute path to the library file: -; -; extension=/path/to/extension/mysqli.so -; -; Note : The syntax used in previous PHP versions ('extension=.so' and -; 'extension='php_.dll') is supported for legacy reasons and may be -; deprecated in a future PHP major version. So, when it is possible, please -; move to the new ('extension=) syntax. -; -; Notes for Windows environments : -; -; - Many DLL files are located in the extensions/ (PHP 4) or ext/ (PHP 5+) -; extension folders as well as the separate PECL DLL download (PHP 5+). -; Be sure to appropriately set the extension_dir directive. -; -;extension=bz2 -;extension=curl -;extension=fileinfo -;extension=gd2 -;extension=gettext -;extension=gmp -;extension=intl -;extension=imap -;extension=interbase -;extension=ldap -;extension=mbstring -;extension=exif ; Must be after mbstring as it depends on it -;extension=mysqli -;extension=oci8_12c ; Use with Oracle Database 12c Instant Client -;extension=odbc -;extension=openssl -;extension=pdo_firebird -;extension=pdo_mysql -;extension=pdo_oci -;extension=pdo_odbc -;extension=pdo_pgsql -;extension=pdo_sqlite -;extension=pgsql -;extension=shmop - -; The MIBS data available in the PHP distribution must be installed. -; See http://www.php.net/manual/en/snmp.installation.php -;extension=snmp - -;extension=soap -;extension=sockets -;extension=sqlite3 -;extension=tidy -;extension=xmlrpc -;extension=xsl - -;;;;;;;;;;;;;;;;;;; -; Module Settings ; -;;;;;;;;;;;;;;;;;;; - -[CLI Server] -; Whether the CLI web server uses ANSI color coding in its terminal output. -cli_server.color = On - -[Date] -; Defines the default timezone used by the date functions -; http://php.net/date.timezone -date.timezone = America/Los_Angeles - -; http://php.net/date.default-latitude -;date.default_latitude = 31.7667 - -; http://php.net/date.default-longitude -;date.default_longitude = 35.2333 - -; http://php.net/date.sunrise-zenith -;date.sunrise_zenith = 90.583333 - -; http://php.net/date.sunset-zenith -;date.sunset_zenith = 90.583333 - -[filter] -; http://php.net/filter.default -;filter.default = unsafe_raw - -; http://php.net/filter.default-flags -;filter.default_flags = - -[iconv] -; Use of this INI entry is deprecated, use global input_encoding instead. -; If empty, default_charset or input_encoding or iconv.input_encoding is used. -; The precedence is: default_charset < intput_encoding < iconv.input_encoding -;iconv.input_encoding = - -; Use of this INI entry is deprecated, use global internal_encoding instead. -; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. -; The precedence is: default_charset < internal_encoding < iconv.internal_encoding -;iconv.internal_encoding = - -; Use of this INI entry is deprecated, use global output_encoding instead. -; If empty, default_charset or output_encoding or iconv.output_encoding is used. -; The precedence is: default_charset < output_encoding < iconv.output_encoding -; To use an output encoding conversion, iconv's output handler must be set -; otherwise output encoding conversion cannot be performed. -;iconv.output_encoding = - -[intl] -;intl.default_locale = -; This directive allows you to produce PHP errors when some error -; happens within intl functions. The value is the level of the error produced. -; Default is 0, which does not produce any errors. -;intl.error_level = E_WARNING -;intl.use_exceptions = 0 - -[sqlite3] -;sqlite3.extension_dir = - -[Pcre] -;PCRE library backtracking limit. -; http://php.net/pcre.backtrack-limit -;pcre.backtrack_limit=100000 - -;PCRE library recursion limit. -;Please note that if you set this value to a high number you may consume all -;the available process stack and eventually crash PHP (due to reaching the -;stack size limit imposed by the Operating System). -; http://php.net/pcre.recursion-limit -;pcre.recursion_limit=100000 - -;Enables or disables JIT compilation of patterns. This requires the PCRE -;library to be compiled with JIT support. -;pcre.jit=1 - -[Pdo] -; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off" -; http://php.net/pdo-odbc.connection-pooling -;pdo_odbc.connection_pooling=strict - -;pdo_odbc.db2_instance_name - -[Pdo_mysql] -; If mysqlnd is used: Number of cache slots for the internal result set cache -; http://php.net/pdo_mysql.cache_size -pdo_mysql.cache_size = 2000 - -; Default socket name for local MySQL connects. If empty, uses the built-in -; MySQL defaults. -; http://php.net/pdo_mysql.default-socket -pdo_mysql.default_socket= - -[Phar] -; http://php.net/phar.readonly -;phar.readonly = On - -; http://php.net/phar.require-hash -;phar.require_hash = On - -;phar.cache_list = - -[mail function] -; For Win32 only. -; http://php.net/smtp -SMTP = localhost -; http://php.net/smtp-port -smtp_port = 25 - -; For Win32 only. -; http://php.net/sendmail-from -;sendmail_from = me@example.com - -; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). -; http://php.net/sendmail-path -;sendmail_path = - -; Force the addition of the specified parameters to be passed as extra parameters -; to the sendmail binary. These parameters will always replace the value of -; the 5th parameter to mail(). -;mail.force_extra_parameters = - -; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename -mail.add_x_header = Off - -; The path to a log file that will log all mail() calls. Log entries include -; the full path of the script, line number, To address and headers. -;mail.log = -; Log mail to syslog (Event Log on Windows). -;mail.log = syslog - -[ODBC] -; http://php.net/odbc.default-db -;odbc.default_db = Not yet implemented - -; http://php.net/odbc.default-user -;odbc.default_user = Not yet implemented - -; http://php.net/odbc.default-pw -;odbc.default_pw = Not yet implemented - -; Controls the ODBC cursor model. -; Default: SQL_CURSOR_STATIC (default). -;odbc.default_cursortype - -; Allow or prevent persistent links. -; http://php.net/odbc.allow-persistent -odbc.allow_persistent = On - -; Check that a connection is still valid before reuse. -; http://php.net/odbc.check-persistent -odbc.check_persistent = On - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/odbc.max-persistent -odbc.max_persistent = -1 - -; Maximum number of links (persistent + non-persistent). -1 means no limit. -; http://php.net/odbc.max-links -odbc.max_links = -1 - -; Handling of LONG fields. Returns number of bytes to variables. 0 means -; passthru. -; http://php.net/odbc.defaultlrl -odbc.defaultlrl = 4096 - -; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. -; See the documentation on odbc_binmode and odbc_longreadlen for an explanation -; of odbc.defaultlrl and odbc.defaultbinmode -; http://php.net/odbc.defaultbinmode -odbc.defaultbinmode = 1 - -;birdstep.max_links = -1 - -[Interbase] -; Allow or prevent persistent links. -ibase.allow_persistent = 1 - -; Maximum number of persistent links. -1 means no limit. -ibase.max_persistent = -1 - -; Maximum number of links (persistent + non-persistent). -1 means no limit. -ibase.max_links = -1 - -; Default database name for ibase_connect(). -;ibase.default_db = - -; Default username for ibase_connect(). -;ibase.default_user = - -; Default password for ibase_connect(). -;ibase.default_password = - -; Default charset for ibase_connect(). -;ibase.default_charset = - -; Default timestamp format. -ibase.timestampformat = "%Y-%m-%d %H:%M:%S" - -; Default date format. -ibase.dateformat = "%Y-%m-%d" - -; Default time format. -ibase.timeformat = "%H:%M:%S" - -[MySQLi] - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/mysqli.max-persistent -mysqli.max_persistent = -1 - -; Allow accessing, from PHP's perspective, local files with LOAD DATA statements -; http://php.net/mysqli.allow_local_infile -;mysqli.allow_local_infile = On - -; Allow or prevent persistent links. -; http://php.net/mysqli.allow-persistent -mysqli.allow_persistent = On - -; Maximum number of links. -1 means no limit. -; http://php.net/mysqli.max-links -mysqli.max_links = -1 - -; If mysqlnd is used: Number of cache slots for the internal result set cache -; http://php.net/mysqli.cache_size -mysqli.cache_size = 2000 - -; Default port number for mysqli_connect(). If unset, mysqli_connect() will use -; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the -; compile-time value defined MYSQL_PORT (in that order). Win32 will only look -; at MYSQL_PORT. -; http://php.net/mysqli.default-port -mysqli.default_port = 3306 - -; Default socket name for local MySQL connects. If empty, uses the built-in -; MySQL defaults. -; http://php.net/mysqli.default-socket -mysqli.default_socket = - -; Default host for mysql_connect() (doesn't apply in safe mode). -; http://php.net/mysqli.default-host -mysqli.default_host = - -; Default user for mysql_connect() (doesn't apply in safe mode). -; http://php.net/mysqli.default-user -mysqli.default_user = - -; Default password for mysqli_connect() (doesn't apply in safe mode). -; Note that this is generally a *bad* idea to store passwords in this file. -; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") -; and reveal this password! And of course, any users with read access to this -; file will be able to reveal the password as well. -; http://php.net/mysqli.default-pw -mysqli.default_pw = - -; Allow or prevent reconnect -mysqli.reconnect = Off - -[mysqlnd] -; Enable / Disable collection of general statistics by mysqlnd which can be -; used to tune and monitor MySQL operations. -; http://php.net/mysqlnd.collect_statistics -mysqlnd.collect_statistics = On - -; Enable / Disable collection of memory usage statistics by mysqlnd which can be -; used to tune and monitor MySQL operations. -; http://php.net/mysqlnd.collect_memory_statistics -mysqlnd.collect_memory_statistics = Off - -; Records communication from all extensions using mysqlnd to the specified log -; file. -; http://php.net/mysqlnd.debug -;mysqlnd.debug = - -; Defines which queries will be logged. -; http://php.net/mysqlnd.log_mask -;mysqlnd.log_mask = 0 - -; Default size of the mysqlnd memory pool, which is used by result sets. -; http://php.net/mysqlnd.mempool_default_size -;mysqlnd.mempool_default_size = 16000 - -; Size of a pre-allocated buffer used when sending commands to MySQL in bytes. -; http://php.net/mysqlnd.net_cmd_buffer_size -;mysqlnd.net_cmd_buffer_size = 2048 - -; Size of a pre-allocated buffer used for reading data sent by the server in -; bytes. -; http://php.net/mysqlnd.net_read_buffer_size -;mysqlnd.net_read_buffer_size = 32768 - -; Timeout for network requests in seconds. -; http://php.net/mysqlnd.net_read_timeout -;mysqlnd.net_read_timeout = 31536000 - -; SHA-256 Authentication Plugin related. File with the MySQL server public RSA -; key. -; http://php.net/mysqlnd.sha256_server_public_key -;mysqlnd.sha256_server_public_key = - -[OCI8] - -; Connection: Enables privileged connections using external -; credentials (OCI_SYSOPER, OCI_SYSDBA) -; http://php.net/oci8.privileged-connect -;oci8.privileged_connect = Off - -; Connection: The maximum number of persistent OCI8 connections per -; process. Using -1 means no limit. -; http://php.net/oci8.max-persistent -;oci8.max_persistent = -1 - -; Connection: The maximum number of seconds a process is allowed to -; maintain an idle persistent connection. Using -1 means idle -; persistent connections will be maintained forever. -; http://php.net/oci8.persistent-timeout -;oci8.persistent_timeout = -1 - -; Connection: The number of seconds that must pass before issuing a -; ping during oci_pconnect() to check the connection validity. When -; set to 0, each oci_pconnect() will cause a ping. Using -1 disables -; pings completely. -; http://php.net/oci8.ping-interval -;oci8.ping_interval = 60 - -; Connection: Set this to a user chosen connection class to be used -; for all pooled server requests with Oracle 11g Database Resident -; Connection Pooling (DRCP). To use DRCP, this value should be set to -; the same string for all web servers running the same application, -; the database pool must be configured, and the connection string must -; specify to use a pooled server. -;oci8.connection_class = - -; High Availability: Using On lets PHP receive Fast Application -; Notification (FAN) events generated when a database node fails. The -; database must also be configured to post FAN events. -;oci8.events = Off - -; Tuning: This option enables statement caching, and specifies how -; many statements to cache. Using 0 disables statement caching. -; http://php.net/oci8.statement-cache-size -;oci8.statement_cache_size = 20 - -; Tuning: Enables statement prefetching and sets the default number of -; rows that will be fetched automatically after statement execution. -; http://php.net/oci8.default-prefetch -;oci8.default_prefetch = 100 - -; Compatibility. Using On means oci_close() will not close -; oci_connect() and oci_new_connect() connections. -; http://php.net/oci8.old-oci-close-semantics -;oci8.old_oci_close_semantics = Off - -[PostgreSQL] -; Allow or prevent persistent links. -; http://php.net/pgsql.allow-persistent -pgsql.allow_persistent = On - -; Detect broken persistent links always with pg_pconnect(). -; Auto reset feature requires a little overheads. -; http://php.net/pgsql.auto-reset-persistent -pgsql.auto_reset_persistent = Off - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/pgsql.max-persistent -pgsql.max_persistent = -1 - -; Maximum number of links (persistent+non persistent). -1 means no limit. -; http://php.net/pgsql.max-links -pgsql.max_links = -1 - -; Ignore PostgreSQL backends Notice message or not. -; Notice message logging require a little overheads. -; http://php.net/pgsql.ignore-notice -pgsql.ignore_notice = 0 - -; Log PostgreSQL backends Notice message or not. -; Unless pgsql.ignore_notice=0, module cannot log notice message. -; http://php.net/pgsql.log-notice -pgsql.log_notice = 0 - -[bcmath] -; Number of decimal digits for all bcmath functions. -; http://php.net/bcmath.scale -bcmath.scale = 0 - -[browscap] -; http://php.net/browscap -;browscap = extra/browscap.ini - -[Session] -; Handler used to store/retrieve data. -; http://php.net/session.save-handler -session.save_handler = files - -; Argument passed to save_handler. In the case of files, this is the path -; where data files are stored. Note: Windows users have to change this -; variable in order to use PHP's session functions. -; -; The path can be defined as: -; -; session.save_path = "N;/path" -; -; where N is an integer. Instead of storing all the session files in -; /path, what this will do is use subdirectories N-levels deep, and -; store the session data in those directories. This is useful if -; your OS has problems with many files in one directory, and is -; a more efficient layout for servers that handle many sessions. -; -; NOTE 1: PHP will not create this directory structure automatically. -; You can use the script in the ext/session dir for that purpose. -; NOTE 2: See the section on garbage collection below if you choose to -; use subdirectories for session storage -; -; The file storage module creates files using mode 600 by default. -; You can change that by using -; -; session.save_path = "N;MODE;/path" -; -; where MODE is the octal representation of the mode. Note that this -; does not overwrite the process's umask. -; http://php.net/session.save-path -;session.save_path = "/tmp" - -; Whether to use strict session mode. -; Strict session mode does not accept uninitialized session ID and regenerate -; session ID if browser sends uninitialized session ID. Strict mode protects -; applications from session fixation via session adoption vulnerability. It is -; disabled by default for maximum compatibility, but enabling it is encouraged. -; https://wiki.php.net/rfc/strict_sessions -session.use_strict_mode = 0 - -; Whether to use cookies. -; http://php.net/session.use-cookies -session.use_cookies = 1 - -; http://php.net/session.cookie-secure -;session.cookie_secure = - -; This option forces PHP to fetch and use a cookie for storing and maintaining -; the session id. We encourage this operation as it's very helpful in combating -; session hijacking when not specifying and managing your own session id. It is -; not the be-all and end-all of session hijacking defense, but it's a good start. -; http://php.net/session.use-only-cookies -session.use_only_cookies = 1 - -; Name of the session (used as cookie name). -; http://php.net/session.name -session.name = PHPSESSID - -; Initialize session on request startup. -; http://php.net/session.auto-start -session.auto_start = 0 - -; Lifetime in seconds of cookie or, if 0, until browser is restarted. -; http://php.net/session.cookie-lifetime -session.cookie_lifetime = 0 - -; The path for which the cookie is valid. -; http://php.net/session.cookie-path -session.cookie_path = / - -; The domain for which the cookie is valid. -; http://php.net/session.cookie-domain -session.cookie_domain = - -; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript. -; http://php.net/session.cookie-httponly -session.cookie_httponly = - -; Handler used to serialize data. php is the standard serializer of PHP. -; http://php.net/session.serialize-handler -session.serialize_handler = php - -; Defines the probability that the 'garbage collection' process is started -; on every session initialization. The probability is calculated by using -; gc_probability/gc_divisor. Where session.gc_probability is the numerator -; and gc_divisor is the denominator in the equation. Setting this value to 1 -; when the session.gc_divisor value is 100 will give you approximately a 1% chance -; the gc will run on any give request. -; Default Value: 1 -; Development Value: 1 -; Production Value: 1 -; http://php.net/session.gc-probability -session.gc_probability = 1 - -; Defines the probability that the 'garbage collection' process is started on every -; session initialization. The probability is calculated by using the following equation: -; gc_probability/gc_divisor. Where session.gc_probability is the numerator and -; session.gc_divisor is the denominator in the equation. Setting this value to 1 -; when the session.gc_divisor value is 100 will give you approximately a 1% chance -; the gc will run on any give request. Increasing this value to 1000 will give you -; a 0.1% chance the gc will run on any give request. For high volume production servers, -; this is a more efficient approach. -; Default Value: 100 -; Development Value: 1000 -; Production Value: 1000 -; http://php.net/session.gc-divisor -session.gc_divisor = 1000 - -; After this number of seconds, stored data will be seen as 'garbage' and -; cleaned up by the garbage collection process. -; http://php.net/session.gc-maxlifetime -session.gc_maxlifetime = 1440 - -; NOTE: If you are using the subdirectory option for storing session files -; (see session.save_path above), then garbage collection does *not* -; happen automatically. You will need to do your own garbage -; collection through a shell script, cron entry, or some other method. -; For example, the following script would is the equivalent of -; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): -; find /path/to/sessions -cmin +24 -type f | xargs rm - -; Check HTTP Referer to invalidate externally stored URLs containing ids. -; HTTP_REFERER has to contain this substring for the session to be -; considered as valid. -; http://php.net/session.referer-check -session.referer_check = - -; Set to {nocache,private,public,} to determine HTTP caching aspects -; or leave this empty to avoid sending anti-caching headers. -; http://php.net/session.cache-limiter -session.cache_limiter = nocache - -; Document expires after n minutes. -; http://php.net/session.cache-expire -session.cache_expire = 180 - -; trans sid support is disabled by default. -; Use of trans sid may risk your users' security. -; Use this option with caution. -; - User may send URL contains active session ID -; to other person via. email/irc/etc. -; - URL that contains active session ID may be stored -; in publicly accessible computer. -; - User may access your site with the same session ID -; always using URL stored in browser's history or bookmarks. -; http://php.net/session.use-trans-sid -session.use_trans_sid = 0 - -; Set session ID character length. This value could be between 22 to 256. -; Shorter length than default is supported only for compatibility reason. -; Users should use 32 or more chars. -; http://php.net/session.sid-length -; Default Value: 32 -; Development Value: 26 -; Production Value: 26 -session.sid_length = 26 - -; The URL rewriter will look for URLs in a defined set of HTML tags. -; is special; if you include them here, the rewriter will -; add a hidden field with the info which is otherwise appended -; to URLs. tag's action attribute URL will not be modified -; unless it is specified. -; Note that all valid entries require a "=", even if no value follows. -; Default Value: "a=href,area=href,frame=src,form=" -; Development Value: "a=href,area=href,frame=src,form=" -; Production Value: "a=href,area=href,frame=src,form=" -; http://php.net/url-rewriter.tags -session.trans_sid_tags = "a=href,area=href,frame=src,form=" - -; URL rewriter does not rewrite absolute URLs by default. -; To enable rewrites for absolute pathes, target hosts must be specified -; at RUNTIME. i.e. use ini_set() -; tags is special. PHP will check action attribute's URL regardless -; of session.trans_sid_tags setting. -; If no host is defined, HTTP_HOST will be used for allowed host. -; Example value: php.net,www.php.net,wiki.php.net -; Use "," for multiple hosts. No spaces are allowed. -; Default Value: "" -; Development Value: "" -; Production Value: "" -;session.trans_sid_hosts="" - -; Define how many bits are stored in each character when converting -; the binary hash data to something readable. -; Possible values: -; 4 (4 bits: 0-9, a-f) -; 5 (5 bits: 0-9, a-v) -; 6 (6 bits: 0-9, a-z, A-Z, "-", ",") -; Default Value: 4 -; Development Value: 5 -; Production Value: 5 -; http://php.net/session.hash-bits-per-character -session.sid_bits_per_character = 5 - -; Enable upload progress tracking in $_SESSION -; Default Value: On -; Development Value: On -; Production Value: On -; http://php.net/session.upload-progress.enabled -;session.upload_progress.enabled = On - -; Cleanup the progress information as soon as all POST data has been read -; (i.e. upload completed). -; Default Value: On -; Development Value: On -; Production Value: On -; http://php.net/session.upload-progress.cleanup -;session.upload_progress.cleanup = On - -; A prefix used for the upload progress key in $_SESSION -; Default Value: "upload_progress_" -; Development Value: "upload_progress_" -; Production Value: "upload_progress_" -; http://php.net/session.upload-progress.prefix -;session.upload_progress.prefix = "upload_progress_" - -; The index name (concatenated with the prefix) in $_SESSION -; containing the upload progress information -; Default Value: "PHP_SESSION_UPLOAD_PROGRESS" -; Development Value: "PHP_SESSION_UPLOAD_PROGRESS" -; Production Value: "PHP_SESSION_UPLOAD_PROGRESS" -; http://php.net/session.upload-progress.name -;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS" - -; How frequently the upload progress should be updated. -; Given either in percentages (per-file), or in bytes -; Default Value: "1%" -; Development Value: "1%" -; Production Value: "1%" -; http://php.net/session.upload-progress.freq -;session.upload_progress.freq = "1%" - -; The minimum delay between updates, in seconds -; Default Value: 1 -; Development Value: 1 -; Production Value: 1 -; http://php.net/session.upload-progress.min-freq -;session.upload_progress.min_freq = "1" - -; Only write session data when session data is changed. Enabled by default. -; http://php.net/session.lazy-write -;session.lazy_write = On - -[Assertion] -; Switch whether to compile assertions at all (to have no overhead at run-time) -; -1: Do not compile at all -; 0: Jump over assertion at run-time -; 1: Execute assertions -; Changing from or to a negative value is only possible in php.ini! (For turning assertions on and off at run-time, see assert.active, when zend.assertions = 1) -; Default Value: 1 -; Development Value: 1 -; Production Value: -1 -; http://php.net/zend.assertions -zend.assertions = -1 - -; Assert(expr); active by default. -; http://php.net/assert.active -;assert.active = On - -; Throw an AssertationException on failed assertions -; http://php.net/assert.exception -;assert.exception = On - -; Issue a PHP warning for each failed assertion. (Overridden by assert.exception if active) -; http://php.net/assert.warning -;assert.warning = On - -; Don't bail out by default. -; http://php.net/assert.bail -;assert.bail = Off - -; User-function to be called if an assertion fails. -; http://php.net/assert.callback -;assert.callback = 0 - -; Eval the expression with current error_reporting(). Set to true if you want -; error_reporting(0) around the eval(). -; http://php.net/assert.quiet-eval -;assert.quiet_eval = 0 - -[COM] -; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs -; http://php.net/com.typelib-file -;com.typelib_file = - -; allow Distributed-COM calls -; http://php.net/com.allow-dcom -;com.allow_dcom = true - -; autoregister constants of a components typlib on com_load() -; http://php.net/com.autoregister-typelib -;com.autoregister_typelib = true - -; register constants casesensitive -; http://php.net/com.autoregister-casesensitive -;com.autoregister_casesensitive = false - -; show warnings on duplicate constant registrations -; http://php.net/com.autoregister-verbose -;com.autoregister_verbose = true - -; The default character set code-page to use when passing strings to and from COM objects. -; Default: system ANSI code page -;com.code_page= - -[mbstring] -; language for internal character representation. -; This affects mb_send_mail() and mbstring.detect_order. -; http://php.net/mbstring.language -;mbstring.language = Japanese - -; Use of this INI entry is deprecated, use global internal_encoding instead. -; internal/script encoding. -; Some encoding cannot work as internal encoding. (e.g. SJIS, BIG5, ISO-2022-*) -; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. -; The precedence is: default_charset < internal_encoding < iconv.internal_encoding -;mbstring.internal_encoding = - -; Use of this INI entry is deprecated, use global input_encoding instead. -; http input encoding. -; mbstring.encoding_traslation = On is needed to use this setting. -; If empty, default_charset or input_encoding or mbstring.input is used. -; The precedence is: default_charset < intput_encoding < mbsting.http_input -; http://php.net/mbstring.http-input -;mbstring.http_input = - -; Use of this INI entry is deprecated, use global output_encoding instead. -; http output encoding. -; mb_output_handler must be registered as output buffer to function. -; If empty, default_charset or output_encoding or mbstring.http_output is used. -; The precedence is: default_charset < output_encoding < mbstring.http_output -; To use an output encoding conversion, mbstring's output handler must be set -; otherwise output encoding conversion cannot be performed. -; http://php.net/mbstring.http-output -;mbstring.http_output = - -; enable automatic encoding translation according to -; mbstring.internal_encoding setting. Input chars are -; converted to internal encoding by setting this to On. -; Note: Do _not_ use automatic encoding translation for -; portable libs/applications. -; http://php.net/mbstring.encoding-translation -;mbstring.encoding_translation = Off - -; automatic encoding detection order. -; "auto" detect order is changed according to mbstring.language -; http://php.net/mbstring.detect-order -;mbstring.detect_order = auto - -; substitute_character used when character cannot be converted -; one from another -; http://php.net/mbstring.substitute-character -;mbstring.substitute_character = none - -; overload(replace) single byte functions by mbstring functions. -; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(), -; etc. Possible values are 0,1,2,4 or combination of them. -; For example, 7 for overload everything. -; 0: No overload -; 1: Overload mail() function -; 2: Overload str*() functions -; 4: Overload ereg*() functions -; http://php.net/mbstring.func-overload -;mbstring.func_overload = 0 - -; enable strict encoding detection. -; Default: Off -;mbstring.strict_detection = On - -; This directive specifies the regex pattern of content types for which mb_output_handler() -; is activated. -; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml) -;mbstring.http_output_conv_mimetype= - -[gd] -; Tell the jpeg decode to ignore warnings and try to create -; a gd image. The warning will then be displayed as notices -; disabled by default -; http://php.net/gd.jpeg-ignore-warning -;gd.jpeg_ignore_warning = 1 - -[exif] -; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. -; With mbstring support this will automatically be converted into the encoding -; given by corresponding encode setting. When empty mbstring.internal_encoding -; is used. For the decode settings you can distinguish between motorola and -; intel byte order. A decode setting cannot be empty. -; http://php.net/exif.encode-unicode -;exif.encode_unicode = ISO-8859-15 - -; http://php.net/exif.decode-unicode-motorola -;exif.decode_unicode_motorola = UCS-2BE - -; http://php.net/exif.decode-unicode-intel -;exif.decode_unicode_intel = UCS-2LE - -; http://php.net/exif.encode-jis -;exif.encode_jis = - -; http://php.net/exif.decode-jis-motorola -;exif.decode_jis_motorola = JIS - -; http://php.net/exif.decode-jis-intel -;exif.decode_jis_intel = JIS - -[Tidy] -; The path to a default tidy configuration file to use when using tidy -; http://php.net/tidy.default-config -;tidy.default_config = /usr/local/lib/php/default.tcfg - -; Should tidy clean and repair output automatically? -; WARNING: Do not use this option if you are generating non-html content -; such as dynamic images -; http://php.net/tidy.clean-output -tidy.clean_output = Off - -[soap] -; Enables or disables WSDL caching feature. -; http://php.net/soap.wsdl-cache-enabled -soap.wsdl_cache_enabled=1 - -; Sets the directory name where SOAP extension will put cache files. -; http://php.net/soap.wsdl-cache-dir -soap.wsdl_cache_dir="/tmp" - -; (time to live) Sets the number of second while cached file will be used -; instead of original one. -; http://php.net/soap.wsdl-cache-ttl -soap.wsdl_cache_ttl=86400 - -; Sets the size of the cache limit. (Max. number of WSDL files to cache) -soap.wsdl_cache_limit = 5 - -[sysvshm] -; A default size of the shared memory segment -;sysvshm.init_mem = 10000 - -[ldap] -; Sets the maximum number of open links or -1 for unlimited. -ldap.max_links = -1 - -[dba] -;dba.default_handler= - -[opcache] -; Determines if Zend OPCache is enabled -;opcache.enable=1 - -; Determines if Zend OPCache is enabled for the CLI version of PHP -;opcache.enable_cli=0 - -; The OPcache shared memory storage size. -;opcache.memory_consumption=128 - -; The amount of memory for interned strings in Mbytes. -;opcache.interned_strings_buffer=8 - -; The maximum number of keys (scripts) in the OPcache hash table. -; Only numbers between 200 and 1000000 are allowed. -;opcache.max_accelerated_files=10000 - -; The maximum percentage of "wasted" memory until a restart is scheduled. -;opcache.max_wasted_percentage=5 - -; When this directive is enabled, the OPcache appends the current working -; directory to the script key, thus eliminating possible collisions between -; files with the same name (basename). Disabling the directive improves -; performance, but may break existing applications. -;opcache.use_cwd=1 - -; When disabled, you must reset the OPcache manually or restart the -; webserver for changes to the filesystem to take effect. -;opcache.validate_timestamps=1 - -; How often (in seconds) to check file timestamps for changes to the shared -; memory storage allocation. ("1" means validate once per second, but only -; once per request. "0" means always validate) -;opcache.revalidate_freq=2 - -; Enables or disables file search in include_path optimization -;opcache.revalidate_path=0 - -; If disabled, all PHPDoc comments are dropped from the code to reduce the -; size of the optimized code. -;opcache.save_comments=1 - -; Allow file existence override (file_exists, etc.) performance feature. -;opcache.enable_file_override=0 - -; A bitmask, where each bit enables or disables the appropriate OPcache -; passes -;opcache.optimization_level=0xffffffff - -;opcache.inherited_hack=1 -;opcache.dups_fix=0 - -; The location of the OPcache blacklist file (wildcards allowed). -; Each OPcache blacklist file is a text file that holds the names of files -; that should not be accelerated. The file format is to add each filename -; to a new line. The filename may be a full path or just a file prefix -; (i.e., /var/www/x blacklists all the files and directories in /var/www -; that start with 'x'). Line starting with a ; are ignored (comments). -;opcache.blacklist_filename= - -; Allows exclusion of large files from being cached. By default all files -; are cached. -;opcache.max_file_size=0 - -; Check the cache checksum each N requests. -; The default value of "0" means that the checks are disabled. -;opcache.consistency_checks=0 - -; How long to wait (in seconds) for a scheduled restart to begin if the cache -; is not being accessed. -;opcache.force_restart_timeout=180 - -; OPcache error_log file name. Empty string assumes "stderr". -;opcache.error_log= - -; All OPcache errors go to the Web server log. -; By default, only fatal errors (level 0) or errors (level 1) are logged. -; You can also enable warnings (level 2), info messages (level 3) or -; debug messages (level 4). -;opcache.log_verbosity_level=1 - -; Preferred Shared Memory back-end. Leave empty and let the system decide. -;opcache.preferred_memory_model= - -; Protect the shared memory from unexpected writing during script execution. -; Useful for internal debugging only. -;opcache.protect_memory=0 - -; Allows calling OPcache API functions only from PHP scripts which path is -; started from specified string. The default "" means no restriction -;opcache.restrict_api= - -; Mapping base of shared memory segments (for Windows only). All the PHP -; processes have to map shared memory into the same address space. This -; directive allows to manually fix the "Unable to reattach to base address" -; errors. -;opcache.mmap_base= - -; Enables and sets the second level cache directory. -; It should improve performance when SHM memory is full, at server restart or -; SHM reset. The default "" disables file based caching. -;opcache.file_cache= - -; Enables or disables opcode caching in shared memory. -;opcache.file_cache_only=0 - -; Enables or disables checksum validation when script loaded from file cache. -;opcache.file_cache_consistency_checks=1 - -; Implies opcache.file_cache_only=1 for a certain process that failed to -; reattach to the shared memory (for Windows only). Explicitly enabled file -; cache is required. -;opcache.file_cache_fallback=1 - -; Enables or disables copying of PHP code (text segment) into HUGE PAGES. -; This should improve performance, but requires appropriate OS configuration. -;opcache.huge_code_pages=1 - -; Validate cached file permissions. -;opcache.validate_permission=0 - -; Prevent name collisions in chroot'ed environment. -;opcache.validate_root=0 - -; If specified, it produces opcode dumps for debugging different stages of -; optimizations. -;opcache.opt_debug_level=0 - -[curl] -; A default value for the CURLOPT_CAINFO option. This is required to be an -; absolute path. -;curl.cainfo = - -[openssl] -; The location of a Certificate Authority (CA) file on the local filesystem -; to use when verifying the identity of SSL/TLS peers. Most users should -; not specify a value for this directive as PHP will attempt to use the -; OS-managed cert stores in its absence. If specified, this value may still -; be overridden on a per-stream basis via the "cafile" SSL stream context -; option. -;openssl.cafile= - -; If openssl.cafile is not specified or if the CA file is not found, the -; directory pointed to by openssl.capath is searched for a suitable -; certificate. This value must be a correctly hashed certificate directory. -; Most users should not specify a value for this directive as PHP will -; attempt to use the OS-managed cert stores in its absence. If specified, -; this value may still be overridden on a per-stream basis via the "capath" -; SSL stream context option. -;openssl.capath= - -; Local Variables: -; tab-width: 4 -; End: diff --git a/jails/config/web-datavpc/pkg-list-details-old.txt b/jails/config/web-datavpc/pkg-list-details-old.txt deleted file mode 100644 index 79fe5b9..0000000 --- a/jails/config/web-datavpc/pkg-list-details-old.txt +++ /dev/null @@ -1,8 +0,0 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____php81-8.1.12 -pkgp-freebsd-pkg____php81-mysqli-8.1.12 -pkgp-freebsd-pkg____php81-session-8.1.12 -pkgp-freebsd-pkg____pkg-1.18.4 diff --git a/jails/config/web-datavpc/pkg-list-details.txt b/jails/config/web-datavpc/pkg-list-details.txt deleted file mode 100644 index 87bcd3f..0000000 --- a/jails/config/web-datavpc/pkg-list-details.txt +++ /dev/null @@ -1,8 +0,0 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____php81-8.1.13 -pkgp-freebsd-pkg____php81-mysqli-8.1.13 -pkgp-freebsd-pkg____php81-session-8.1.13 -pkgp-freebsd-pkg____pkg-1.18.4 diff --git a/jails/config/web-datavpc/pkg-list-old.txt b/jails/config/web-datavpc/pkg-list-old.txt deleted file mode 100644 index 943fd00..0000000 --- a/jails/config/web-datavpc/pkg-list-old.txt +++ /dev/null @@ -1 +0,0 @@ -apache24 bash bash-completion nano php81 php81-mysqli php81-session pkg diff --git a/jails/config/web-datavpc/pkg-list.txt b/jails/config/web-datavpc/pkg-list.txt deleted file mode 100644 index 943fd00..0000000 --- a/jails/config/web-datavpc/pkg-list.txt +++ /dev/null @@ -1 +0,0 @@ -apache24 bash bash-completion nano php81 php81-mysqli php81-session pkg diff --git a/jails/config/web-datavpc/resolvconf.conf b/jails/config/web-datavpc/resolvconf.conf deleted file mode 100644 index 710615a..0000000 --- a/jails/config/web-datavpc/resolvconf.conf +++ /dev/null @@ -1,2 +0,0 @@ -export search_domains="datavpc.com mydatavpc.com ahlawat.com" -export name_servers="192.168.0.5 fd01::5" diff --git a/jails/config/web-datavpc/www.conf b/jails/config/web-datavpc/www.conf deleted file mode 100644 index 92ff8ff..0000000 --- a/jails/config/web-datavpc/www.conf +++ /dev/null @@ -1,423 +0,0 @@ -; Start a new pool named 'www'. -; the variable $pool can be used in any directive and will be replaced by the -; pool name ('www' here) -[www] - -; Per pool prefix -; It only applies on the following directives: -; - 'access.log' -; - 'slowlog' -; - 'listen' (unixsocket) -; - 'chroot' -; - 'chdir' -; - 'php_values' -; - 'php_admin_values' -; When not set, the global prefix (or /usr/local) applies instead. -; Note: This directive can also be relative to the global prefix. -; Default Value: none -;prefix = /path/to/pools/$pool - -; Unix user/group of processes -; Note: The user is mandatory. If the group is not set, the default user's group -; will be used. -user = www -group = www - -; The address on which to accept FastCGI requests. -; Valid syntaxes are: -; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on -; a specific port; -; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on -; a specific port; -; 'port' - to listen on a TCP socket to all addresses -; (IPv6 and IPv4-mapped) on a specific port; -; '/path/to/unix/socket' - to listen on a unix socket. -; Note: This value is mandatory. -listen = 127.0.0.1:9000 - -; Set listen(2) backlog. -; Default Value: 511 (-1 on FreeBSD and OpenBSD) -;listen.backlog = 511 - -; Set permissions for unix socket, if one is used. In Linux, read/write -; permissions must be set in order to allow connections from a web server. Many -; BSD-derived systems allow connections regardless of permissions. -; Default Values: user and group are set as the running user -; mode is set to 0660 -;listen.owner = www -;listen.group = www -;listen.mode = 0660 -; When POSIX Access Control Lists are supported you can set them using -; these options, value is a comma separated list of user/group names. -; When set, listen.owner and listen.group are ignored -;listen.acl_users = -;listen.acl_groups = - -; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. -; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original -; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address -; must be separated by a comma. If this value is left blank, connections will be -; accepted from any ip address. -; Default Value: any -;listen.allowed_clients = 127.0.0.1 - -; Specify the nice(2) priority to apply to the pool processes (only if set) -; The value can vary from -19 (highest priority) to 20 (lower priority) -; Note: - It will only work if the FPM master process is launched as root -; - The pool processes will inherit the master process priority -; unless it specified otherwise -; Default Value: no set -; process.priority = -19 - -; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user -; or group is differrent than the master process user. It allows to create process -; core dump and ptrace the process for the pool user. -; Default Value: no -; process.dumpable = yes - -; Choose how the process manager will control the number of child processes. -; Possible Values: -; static - a fixed number (pm.max_children) of child processes; -; dynamic - the number of child processes are set dynamically based on the -; following directives. With this process management, there will be -; always at least 1 children. -; pm.max_children - the maximum number of children that can -; be alive at the same time. -; pm.start_servers - the number of children created on startup. -; pm.min_spare_servers - the minimum number of children in 'idle' -; state (waiting to process). If the number -; of 'idle' processes is less than this -; number then some children will be created. -; pm.max_spare_servers - the maximum number of children in 'idle' -; state (waiting to process). If the number -; of 'idle' processes is greater than this -; number then some children will be killed. -; ondemand - no children are created at startup. Children will be forked when -; new requests will connect. The following parameter are used: -; pm.max_children - the maximum number of children that -; can be alive at the same time. -; pm.process_idle_timeout - The number of seconds after which -; an idle process will be killed. -; Note: This value is mandatory. -pm = dynamic - -; The number of child processes to be created when pm is set to 'static' and the -; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. -; This value sets the limit on the number of simultaneous requests that will be -; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. -; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP -; CGI. The below defaults are based on a server without much resources. Don't -; forget to tweak pm.* to fit your needs. -; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' -; Note: This value is mandatory. -pm.max_children = 10 - -; The number of child processes created on startup. -; Note: Used only when pm is set to 'dynamic' -; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 -pm.start_servers = 2 - -; The desired minimum number of idle server processes. -; Note: Used only when pm is set to 'dynamic' -; Note: Mandatory when pm is set to 'dynamic' -pm.min_spare_servers = 1 - -; The desired maximum number of idle server processes. -; Note: Used only when pm is set to 'dynamic' -; Note: Mandatory when pm is set to 'dynamic' -pm.max_spare_servers = 3 - -; The number of seconds after which an idle process will be killed. -; Note: Used only when pm is set to 'ondemand' -; Default Value: 10s -;pm.process_idle_timeout = 10s; - -; The number of requests each child process should execute before respawning. -; This can be useful to work around memory leaks in 3rd party libraries. For -; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. -; Default Value: 0 -;pm.max_requests = 500 - -; The URI to view the FPM status page. If this value is not set, no URI will be -; recognized as a status page. It shows the following informations: -; pool - the name of the pool; -; process manager - static, dynamic or ondemand; -; start time - the date and time FPM has started; -; start since - number of seconds since FPM has started; -; accepted conn - the number of request accepted by the pool; -; listen queue - the number of request in the queue of pending -; connections (see backlog in listen(2)); -; max listen queue - the maximum number of requests in the queue -; of pending connections since FPM has started; -; listen queue len - the size of the socket queue of pending connections; -; idle processes - the number of idle processes; -; active processes - the number of active processes; -; total processes - the number of idle + active processes; -; max active processes - the maximum number of active processes since FPM -; has started; -; max children reached - number of times, the process limit has been reached, -; when pm tries to start more children (works only for -; pm 'dynamic' and 'ondemand'); -; Value are updated in real time. -; Example output: -; pool: www -; process manager: static -; start time: 01/Jul/2011:17:53:49 +0200 -; start since: 62636 -; accepted conn: 190460 -; listen queue: 0 -; max listen queue: 1 -; listen queue len: 42 -; idle processes: 4 -; active processes: 11 -; total processes: 15 -; max active processes: 12 -; max children reached: 0 -; -; By default the status page output is formatted as text/plain. Passing either -; 'html', 'xml' or 'json' in the query string will return the corresponding -; output syntax. Example: -; http://www.foo.bar/status -; http://www.foo.bar/status?json -; http://www.foo.bar/status?html -; http://www.foo.bar/status?xml -; -; By default the status page only outputs short status. Passing 'full' in the -; query string will also return status for each pool process. -; Example: -; http://www.foo.bar/status?full -; http://www.foo.bar/status?json&full -; http://www.foo.bar/status?html&full -; http://www.foo.bar/status?xml&full -; The Full status returns for each process: -; pid - the PID of the process; -; state - the state of the process (Idle, Running, ...); -; start time - the date and time the process has started; -; start since - the number of seconds since the process has started; -; requests - the number of requests the process has served; -; request duration - the duration in µs of the requests; -; request method - the request method (GET, POST, ...); -; request URI - the request URI with the query string; -; content length - the content length of the request (only with POST); -; user - the user (PHP_AUTH_USER) (or '-' if not set); -; script - the main script called (or '-' if not set); -; last request cpu - the %cpu the last request consumed -; it's always 0 if the process is not in Idle state -; because CPU calculation is done when the request -; processing has terminated; -; last request memory - the max amount of memory the last request consumed -; it's always 0 if the process is not in Idle state -; because memory calculation is done when the request -; processing has terminated; -; If the process is in Idle state, then informations are related to the -; last request the process has served. Otherwise informations are related to -; the current request being served. -; Example output: -; ************************ -; pid: 31330 -; state: Running -; start time: 01/Jul/2011:17:53:49 +0200 -; start since: 63087 -; requests: 12808 -; request duration: 1250261 -; request method: GET -; request URI: /test_mem.php?N=10000 -; content length: 0 -; user: - -; script: /home/fat/web/docs/php/test_mem.php -; last request cpu: 0.00 -; last request memory: 0 -; -; Note: There is a real-time FPM status monitoring sample web page available -; It's available in: /usr/local/share/php/fpm/status.html -; -; Note: The value must start with a leading slash (/). The value can be -; anything, but it may not be a good idea to use the .php extension or it -; may conflict with a real PHP file. -; Default Value: not set -;pm.status_path = /status - -; The ping URI to call the monitoring page of FPM. If this value is not set, no -; URI will be recognized as a ping page. This could be used to test from outside -; that FPM is alive and responding, or to -; - create a graph of FPM availability (rrd or such); -; - remove a server from a group if it is not responding (load balancing); -; - trigger alerts for the operating team (24/7). -; Note: The value must start with a leading slash (/). The value can be -; anything, but it may not be a good idea to use the .php extension or it -; may conflict with a real PHP file. -; Default Value: not set -;ping.path = /ping - -; This directive may be used to customize the response of a ping request. The -; response is formatted as text/plain with a 200 response code. -; Default Value: pong -;ping.response = pong - -; The access log file -; Default: not set -;access.log = log/$pool.access.log - -; The access log format. -; The following syntax is allowed -; %%: the '%' character -; %C: %CPU used by the request -; it can accept the following format: -; - %{user}C for user CPU only -; - %{system}C for system CPU only -; - %{total}C for user + system CPU (default) -; %d: time taken to serve the request -; it can accept the following format: -; - %{seconds}d (default) -; - %{miliseconds}d -; - %{mili}d -; - %{microseconds}d -; - %{micro}d -; %e: an environment variable (same as $_ENV or $_SERVER) -; it must be associated with embraces to specify the name of the env -; variable. Some exemples: -; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e -; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e -; %f: script filename -; %l: content-length of the request (for POST request only) -; %m: request method -; %M: peak of memory allocated by PHP -; it can accept the following format: -; - %{bytes}M (default) -; - %{kilobytes}M -; - %{kilo}M -; - %{megabytes}M -; - %{mega}M -; %n: pool name -; %o: output header -; it must be associated with embraces to specify the name of the header: -; - %{Content-Type}o -; - %{X-Powered-By}o -; - %{Transfert-Encoding}o -; - .... -; %p: PID of the child that serviced the request -; %P: PID of the parent of the child that serviced the request -; %q: the query string -; %Q: the '?' character if query string exists -; %r: the request URI (without the query string, see %q and %Q) -; %R: remote IP address -; %s: status (response code) -; %t: server time the request was received -; it can accept a strftime(3) format: -; %d/%b/%Y:%H:%M:%S %z (default) -; The strftime(3) format must be encapsuled in a %{}t tag -; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t -; %T: time the log has been written (the request has finished) -; it can accept a strftime(3) format: -; %d/%b/%Y:%H:%M:%S %z (default) -; The strftime(3) format must be encapsuled in a %{}t tag -; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t -; %u: remote user -; -; Default: "%R - %u %t \"%m %r\" %s" -;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" - -; The log file for slow requests -; Default Value: not set -; Note: slowlog is mandatory if request_slowlog_timeout is set -;slowlog = log/$pool.log.slow - -; The timeout for serving a single request after which a PHP backtrace will be -; dumped to the 'slowlog' file. A value of '0s' means 'off'. -; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) -; Default Value: 0 -;request_slowlog_timeout = 0 - -; Depth of slow log stack trace. -; Default Value: 20 -;request_slowlog_trace_depth = 20 - -; The timeout for serving a single request after which the worker process will -; be killed. This option should be used when the 'max_execution_time' ini option -; does not stop script execution for some reason. A value of '0' means 'off'. -; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) -; Default Value: 0 -;request_terminate_timeout = 0 - -; Set open file descriptor rlimit. -; Default Value: system defined value -;rlimit_files = 1024 - -; Set max core size rlimit. -; Possible Values: 'unlimited' or an integer greater or equal to 0 -; Default Value: system defined value -;rlimit_core = 0 - -; Chroot to this directory at the start. This value must be defined as an -; absolute path. When this value is not set, chroot is not used. -; Note: you can prefix with '$prefix' to chroot to the pool prefix or one -; of its subdirectories. If the pool prefix is not set, the global prefix -; will be used instead. -; Note: chrooting is a great security feature and should be used whenever -; possible. However, all PHP paths will be relative to the chroot -; (error_log, sessions.save_path, ...). -; Default Value: not set -;chroot = - -; Chdir to this directory at the start. -; Note: relative path can be used. -; Default Value: current directory or / when chroot -;chdir = /var/www - -; Redirect worker stdout and stderr into main error log. If not set, stdout and -; stderr will be redirected to /dev/null according to FastCGI specs. -; Note: on highloaded environement, this can cause some delay in the page -; process time (several ms). -; Default Value: no -;catch_workers_output = yes - -; Clear environment in FPM workers -; Prevents arbitrary environment variables from reaching FPM worker processes -; by clearing the environment in workers before env vars specified in this -; pool configuration are added. -; Setting to "no" will make all environment variables available to PHP code -; via getenv(), $_ENV and $_SERVER. -; Default Value: yes -;clear_env = no - -; Limits the extensions of the main script FPM will allow to parse. This can -; prevent configuration mistakes on the web server side. You should only limit -; FPM to .php extensions to prevent malicious users to use other extensions to -; execute php code. -; Note: set an empty value to allow all extensions. -; Default Value: .php -;security.limit_extensions = .php .php3 .php4 .php5 .php7 - -; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from -; the current environment. -; Default Value: clean env -env[HOSTNAME] = $HOSTNAME -env[PATH] = /usr/local/bin:/usr/bin:/bin -env[TMP] = /tmp -env[TMPDIR] = /tmp -env[TEMP] = /tmp - -; Additional php.ini defines, specific to this pool of workers. These settings -; overwrite the values previously defined in the php.ini. The directives are the -; same as the PHP SAPI: -; php_value/php_flag - you can set classic ini defines which can -; be overwritten from PHP call 'ini_set'. -; php_admin_value/php_admin_flag - these directives won't be overwritten by -; PHP call 'ini_set' -; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. - -; Defining 'extension' will load the corresponding shared extension from -; extension_dir. Defining 'disable_functions' or 'disable_classes' will not -; overwrite previously defined php.ini values, but will append the new value -; instead. - -; Note: path INI options can be relative and will be expanded with the prefix -; (pool, global or /usr/local) - -; Default Value: nothing is defined by default except the values in php.ini and -; specified at startup with the -d argument -;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com -;php_flag[display_errors] = off -;php_admin_value[error_log] = /var/log/fpm-php.www.log -;php_admin_flag[log_errors] = on -;php_admin_value[memory_limit] = 32M diff --git a/jails/config/web-diyit/httpd.conf b/jails/config/web-diyit/httpd.conf index 064f8a6..3119e08 100644 --- a/jails/config/web-diyit/httpd.conf +++ b/jails/config/web-diyit/httpd.conf @@ -178,6 +178,7 @@ LoadModule dir_module libexec/apache24/mod_dir.so #LoadModule userdir_module libexec/apache24/mod_userdir.so LoadModule alias_module libexec/apache24/mod_alias.so LoadModule rewrite_module libexec/apache24/mod_rewrite.so +#LoadModule php_module libexec/apache24/libphp.so # Third party modules IncludeOptional etc/apache24/modules.d/[0-9][0-9][0-9]_*.conf @@ -551,6 +552,14 @@ SSLRandomSeed connect builtin Include etc/apache24/Includes/*.conf +# https://ssl-config.mozilla.org/#server=apache&version=2.4.60&config=intermediate&openssl=3.1.0&guideline=5.7 + + + RewriteEngine On + RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/ + RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L] + + ServerName www.diyit.org ServerAlias *.diyit.org @@ -560,16 +569,20 @@ Include etc/apache24/Includes/*.conf DocumentRoot "/usr/local/www/apache24/data/" + # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) + Header always set Strict-Transport-Security "max-age=63072000" + SSLEngine on - SSLCertificateFile "/mnt/certs/diyfullchain.pem" - SSLCertificateKeyFile "/mnt/certs/diyprivkey.pem" - #SSLCertificateChainFile "/mnt/certs/diyfullchain.pem" - SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - SSLHonorCipherOrder off - SSLSessionTickets off - SSLOptions +StrictRequire -# SSLCompression off + SSLCertificateFile "/mnt/certs/fullchain.pem" + SSLCertificateKeyFile "/mnt/certs/privkey.pem" +# SSLCertificateChainFile "/mnt/certs/fullchain.pem" + SSLCACertificateFile "/mnt/certs/cacert.pem" + + SSLProtocol -all +TLSv1.2 +TLSv1.3 + SSLOpenSSLConfCmd Curves X25519:prime256v1:secp384r1 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 + SSLHonorCipherOrder off + SSLSessionTickets off RewriteEngine On RewriteCond %{HTTP:Authorization} ^(.*) diff --git a/jails/config/web-diyit/pkg-list-details-old.txt b/jails/config/web-diyit/pkg-list-details-old.txt index 6a5e330..a1a22eb 100644 --- a/jails/config/web-diyit/pkg-list-details-old.txt +++ b/jails/config/web-diyit/pkg-list-details-old.txt @@ -1,26 +1,27 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____blackbox_exporter-0.22.0_3 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____php81-8.1.12 -pkgp-freebsd-pkg____php81-bcmath-8.1.12 -pkgp-freebsd-pkg____php81-ctype-8.1.12 -pkgp-freebsd-pkg____php81-curl-8.1.12 -pkgp-freebsd-pkg____php81-dom-8.1.12 -pkgp-freebsd-pkg____php81-exif-8.1.12 -pkgp-freebsd-pkg____php81-fileinfo-8.1.12 -pkgp-freebsd-pkg____php81-filter-8.1.12 -pkgp-freebsd-pkg____php81-ftp-8.1.12 -pkgp-freebsd-pkg____php81-iconv-8.1.12 -pkgp-freebsd-pkg____php81-mbstring-8.1.12 -pkgp-freebsd-pkg____php81-mysqli-8.1.12 -pkgp-freebsd-pkg____php81-pecl-imagick-3.7.0 -pkgp-freebsd-pkg____php81-session-8.1.12 -pkgp-freebsd-pkg____php81-sockets-8.1.12 -pkgp-freebsd-pkg____php81-sodium-8.1.12 -pkgp-freebsd-pkg____php81-tokenizer-8.1.12 -pkgp-freebsd-pkg____php81-xml-8.1.12 -pkgp-freebsd-pkg____php81-zip-8.1.12 -pkgp-freebsd-pkg____php81-zlib-8.1.12 -pkgp-freebsd-pkg____pkg-1.18.4 +pkgp123____pkg-2.1.2 +pkgp-freebsd-pkg____apache24-2.4.63 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____blackbox_exporter-0.26.0_2 +pkgp-freebsd-pkg____mod_php84-8.4.6 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____php84-8.4.6 +pkgp-freebsd-pkg____php84-bcmath-8.4.6 +pkgp-freebsd-pkg____php84-ctype-8.4.6 +pkgp-freebsd-pkg____php84-curl-8.4.6 +pkgp-freebsd-pkg____php84-dom-8.4.6 +pkgp-freebsd-pkg____php84-exif-8.4.6 +pkgp-freebsd-pkg____php84-fileinfo-8.4.6 +pkgp-freebsd-pkg____php84-filter-8.4.6 +pkgp-freebsd-pkg____php84-ftp-8.4.6 +pkgp-freebsd-pkg____php84-iconv-8.4.6 +pkgp-freebsd-pkg____php84-mbstring-8.4.6 +pkgp-freebsd-pkg____php84-mysqli-8.4.6 +pkgp-freebsd-pkg____php84-pecl-imagick-3.7.0_5 +pkgp-freebsd-pkg____php84-session-8.4.6 +pkgp-freebsd-pkg____php84-sockets-8.4.6 +pkgp-freebsd-pkg____php84-sodium-8.4.6 +pkgp-freebsd-pkg____php84-tokenizer-8.4.6 +pkgp-freebsd-pkg____php84-xml-8.4.6 +pkgp-freebsd-pkg____php84-zip-8.4.6 +pkgp-freebsd-pkg____php84-zlib-8.4.6 diff --git a/jails/config/web-diyit/pkg-list-details.txt b/jails/config/web-diyit/pkg-list-details.txt index d7439dc..a1a22eb 100644 --- a/jails/config/web-diyit/pkg-list-details.txt +++ b/jails/config/web-diyit/pkg-list-details.txt @@ -1,26 +1,27 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____blackbox_exporter-0.22.0_3 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____php81-8.1.13 -pkgp-freebsd-pkg____php81-bcmath-8.1.13 -pkgp-freebsd-pkg____php81-ctype-8.1.13 -pkgp-freebsd-pkg____php81-curl-8.1.13 -pkgp-freebsd-pkg____php81-dom-8.1.13 -pkgp-freebsd-pkg____php81-exif-8.1.13 -pkgp-freebsd-pkg____php81-fileinfo-8.1.13 -pkgp-freebsd-pkg____php81-filter-8.1.13 -pkgp-freebsd-pkg____php81-ftp-8.1.13 -pkgp-freebsd-pkg____php81-iconv-8.1.13 -pkgp-freebsd-pkg____php81-mbstring-8.1.13 -pkgp-freebsd-pkg____php81-mysqli-8.1.13 -pkgp-freebsd-pkg____php81-pecl-imagick-3.7.0 -pkgp-freebsd-pkg____php81-session-8.1.13 -pkgp-freebsd-pkg____php81-sockets-8.1.13 -pkgp-freebsd-pkg____php81-sodium-8.1.13 -pkgp-freebsd-pkg____php81-tokenizer-8.1.13 -pkgp-freebsd-pkg____php81-xml-8.1.13 -pkgp-freebsd-pkg____php81-zip-8.1.13 -pkgp-freebsd-pkg____php81-zlib-8.1.13 -pkgp-freebsd-pkg____pkg-1.18.4 +pkgp123____pkg-2.1.2 +pkgp-freebsd-pkg____apache24-2.4.63 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____blackbox_exporter-0.26.0_2 +pkgp-freebsd-pkg____mod_php84-8.4.6 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____php84-8.4.6 +pkgp-freebsd-pkg____php84-bcmath-8.4.6 +pkgp-freebsd-pkg____php84-ctype-8.4.6 +pkgp-freebsd-pkg____php84-curl-8.4.6 +pkgp-freebsd-pkg____php84-dom-8.4.6 +pkgp-freebsd-pkg____php84-exif-8.4.6 +pkgp-freebsd-pkg____php84-fileinfo-8.4.6 +pkgp-freebsd-pkg____php84-filter-8.4.6 +pkgp-freebsd-pkg____php84-ftp-8.4.6 +pkgp-freebsd-pkg____php84-iconv-8.4.6 +pkgp-freebsd-pkg____php84-mbstring-8.4.6 +pkgp-freebsd-pkg____php84-mysqli-8.4.6 +pkgp-freebsd-pkg____php84-pecl-imagick-3.7.0_5 +pkgp-freebsd-pkg____php84-session-8.4.6 +pkgp-freebsd-pkg____php84-sockets-8.4.6 +pkgp-freebsd-pkg____php84-sodium-8.4.6 +pkgp-freebsd-pkg____php84-tokenizer-8.4.6 +pkgp-freebsd-pkg____php84-xml-8.4.6 +pkgp-freebsd-pkg____php84-zip-8.4.6 +pkgp-freebsd-pkg____php84-zlib-8.4.6 diff --git a/jails/config/web-diyit/pkg-list-old.txt b/jails/config/web-diyit/pkg-list-old.txt index e6a5ca4..c77dc63 100644 --- a/jails/config/web-diyit/pkg-list-old.txt +++ b/jails/config/web-diyit/pkg-list-old.txt @@ -1 +1 @@ -apache24 bash bash-completion blackbox_exporter nano php81 php81-bcmath php81-ctype php81-curl php81-dom php81-exif php81-fileinfo php81-filter php81-ftp php81-iconv php81-mbstring php81-mysqli php81-pecl-imagick php81-session php81-sockets php81-sodium php81-tokenizer php81-xml php81-zip php81-zlib pkg +apache24 bash bash-completion blackbox_exporter mod_php84 nano php84 php84-bcmath php84-ctype php84-curl php84-dom php84-exif php84-fileinfo php84-filter php84-ftp php84-iconv php84-mbstring php84-mysqli php84-pecl-imagick php84-session php84-sockets php84-sodium php84-tokenizer php84-xml php84-zip php84-zlib pkg diff --git a/jails/config/web-diyit/pkg-list.txt b/jails/config/web-diyit/pkg-list.txt index e6a5ca4..c77dc63 100644 --- a/jails/config/web-diyit/pkg-list.txt +++ b/jails/config/web-diyit/pkg-list.txt @@ -1 +1 @@ -apache24 bash bash-completion blackbox_exporter nano php81 php81-bcmath php81-ctype php81-curl php81-dom php81-exif php81-fileinfo php81-filter php81-ftp php81-iconv php81-mbstring php81-mysqli php81-pecl-imagick php81-session php81-sockets php81-sodium php81-tokenizer php81-xml php81-zip php81-zlib pkg +apache24 bash bash-completion blackbox_exporter mod_php84 nano php84 php84-bcmath php84-ctype php84-curl php84-dom php84-exif php84-fileinfo php84-filter php84-ftp php84-iconv php84-mbstring php84-mysqli php84-pecl-imagick php84-session php84-sockets php84-sodium php84-tokenizer php84-xml php84-zip php84-zlib pkg diff --git a/jails/config/web-rockwood/httpd.conf b/jails/config/web-rockwood/httpd.conf index 58d7479..844ecd8 100644 --- a/jails/config/web-rockwood/httpd.conf +++ b/jails/config/web-rockwood/httpd.conf @@ -178,6 +178,7 @@ LoadModule dir_module libexec/apache24/mod_dir.so #LoadModule userdir_module libexec/apache24/mod_userdir.so LoadModule alias_module libexec/apache24/mod_alias.so LoadModule rewrite_module libexec/apache24/mod_rewrite.so +#LoadModule php_module libexec/apache24/libphp.so # Third party modules IncludeOptional etc/apache24/modules.d/[0-9][0-9][0-9]_*.conf @@ -551,6 +552,14 @@ SSLRandomSeed connect builtin Include etc/apache24/Includes/*.conf +# https://ssl-config.mozilla.org/#server=apache&version=2.4.60&config=intermediate&openssl=3.1.0&guideline=5.7 + + + RewriteEngine On + RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/ + RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L] + + ServerName www.rockwoodestates.org ServerAlias *.rockwoodestates.org @@ -560,16 +569,20 @@ Include etc/apache24/Includes/*.conf DocumentRoot "/usr/local/www/apache24/data/" + # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) + Header always set Strict-Transport-Security "max-age=63072000" + SSLEngine on - SSLCertificateFile "/mnt/certs/rwefullchain.pem" - SSLCertificateKeyFile "/mnt/certs/rweprivkey.pem" - #SSLCertificateChainFile "/mnt/certs/rwefullchain.pem" - SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - SSLHonorCipherOrder off - SSLSessionTickets off - SSLOptions +StrictRequire -# SSLCompression off + SSLCertificateFile "/mnt/certs/fullchain.pem" + SSLCertificateKeyFile "/mnt/certs/privkey.pem" +# SSLCertificateChainFile "/mnt/certs/fullchain.pem" + SSLCACertificateFile "/mnt/certs/cacert.pem" + + SSLProtocol -all +TLSv1.2 +TLSv1.3 + SSLOpenSSLConfCmd Curves X25519:prime256v1:secp384r1 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 + SSLHonorCipherOrder off + SSLSessionTickets off RewriteEngine On RewriteCond %{HTTP:Authorization} ^(.*) @@ -599,6 +612,60 @@ Include etc/apache24/Includes/*.conf Require all granted + + Options Indexes FollowSymLinks MultiViews + IndexOptions FancyIndexing FoldersFirst IgnoreCase VersionSort SuppressHTMLPreamble NameWidth=96 DescriptionWidth=16 + ## IndexOptions FancyIndexing FoldersFirst IgnoreCase NameWidth=96 + + #AllowOverride controls what directives may be placed in .htaccess files. + AllowOverride All + #AllowOverride AuthConfig + #Controls who can get stuff from this server file + Require all granted + + + + Options Indexes FollowSymLinks MultiViews + IndexOptions FancyIndexing FoldersFirst IgnoreCase VersionSort SuppressHTMLPreamble NameWidth=96 DescriptionWidth=16 + ## IndexOptions FancyIndexing FoldersFirst IgnoreCase NameWidth=96 + + #AllowOverride controls what directives may be placed in .htaccess files. + AllowOverride All + #AllowOverride AuthConfig + #Controls who can get stuff from this server file + Require all granted + + + + Options Indexes FollowSymLinks MultiViews + IndexOptions FancyIndexing FoldersFirst IgnoreCase VersionSort SuppressHTMLPreamble NameWidth=96 DescriptionWidth=16 + ## IndexOptions FancyIndexing FoldersFirst IgnoreCase NameWidth=96 + + #AllowOverride controls what directives may be placed in .htaccess files. + AllowOverride All + #AllowOverride AuthConfig + #Controls who can get stuff from this server file + Require all granted + + + + Options Indexes FollowSymLinks MultiViews + IndexOptions FancyIndexing FoldersFirst IgnoreCase VersionSort SuppressHTMLPreamble NameWidth=96 DescriptionWidth=16 + ## IndexOptions FancyIndexing FoldersFirst IgnoreCase NameWidth=96 + + #AllowOverride controls what directives may be placed in .htaccess files. + AllowOverride All + #AllowOverride AuthConfig + #Controls who can get stuff from this server file + Require all granted + + + Alias /docs "/root/docs" + Alias /board "/root/docs-board" + Alias /common-land "/root/docs-common-land" + + Alias /cam "/home/gate" + Alias /SMS "/usr/local/www/apache24/data/SMS-list/sms" Alias /sms "/usr/local/www/apache24/data/SMS-list/sms" diff --git a/jails/config/web-rockwood/pkg-list-details-old.txt b/jails/config/web-rockwood/pkg-list-details-old.txt index 577cb51..fb74905 100644 --- a/jails/config/web-rockwood/pkg-list-details-old.txt +++ b/jails/config/web-rockwood/pkg-list-details-old.txt @@ -1,26 +1,29 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____php81-8.1.12 -pkgp-freebsd-pkg____php81-bcmath-8.1.12 -pkgp-freebsd-pkg____php81-ctype-8.1.12 -pkgp-freebsd-pkg____php81-curl-8.1.12 -pkgp-freebsd-pkg____php81-dom-8.1.12 -pkgp-freebsd-pkg____php81-exif-8.1.12 -pkgp-freebsd-pkg____php81-fileinfo-8.1.12 -pkgp-freebsd-pkg____php81-filter-8.1.12 -pkgp-freebsd-pkg____php81-ftp-8.1.12 -pkgp-freebsd-pkg____php81-iconv-8.1.12 -pkgp-freebsd-pkg____php81-mbstring-8.1.12 -pkgp-freebsd-pkg____php81-mysqli-8.1.12 -pkgp-freebsd-pkg____php81-pdo_mysql-8.1.12 -pkgp-freebsd-pkg____php81-pecl-imagick-3.7.0 -pkgp-freebsd-pkg____php81-session-8.1.12 -pkgp-freebsd-pkg____php81-sockets-8.1.12 -pkgp-freebsd-pkg____php81-sodium-8.1.12 -pkgp-freebsd-pkg____php81-tokenizer-8.1.12 -pkgp-freebsd-pkg____php81-xml-8.1.12 -pkgp-freebsd-pkg____php81-zip-8.1.12 -pkgp-freebsd-pkg____php81-zlib-8.1.12 -pkgp-freebsd-pkg____pkg-1.18.4 +pkgp123____pkg-2.1.2 +pkgp-freebsd-pkg____apache24-2.4.63 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____mc-4.8.32 +pkgp-freebsd-pkg____mod_php84-8.4.6 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____php84-8.4.6 +pkgp-freebsd-pkg____php84-bcmath-8.4.6 +pkgp-freebsd-pkg____php84-ctype-8.4.6 +pkgp-freebsd-pkg____php84-curl-8.4.6 +pkgp-freebsd-pkg____php84-dom-8.4.6 +pkgp-freebsd-pkg____php84-exif-8.4.6 +pkgp-freebsd-pkg____php84-fileinfo-8.4.6 +pkgp-freebsd-pkg____php84-filter-8.4.6 +pkgp-freebsd-pkg____php84-ftp-8.4.6 +pkgp-freebsd-pkg____php84-gd-8.4.6 +pkgp-freebsd-pkg____php84-iconv-8.4.6 +pkgp-freebsd-pkg____php84-mbstring-8.4.6 +pkgp-freebsd-pkg____php84-mysqli-8.4.6 +pkgp-freebsd-pkg____php84-pecl-imagick-3.7.0_5 +pkgp-freebsd-pkg____php84-session-8.4.6 +pkgp-freebsd-pkg____php84-sockets-8.4.6 +pkgp-freebsd-pkg____php84-sodium-8.4.6 +pkgp-freebsd-pkg____php84-tokenizer-8.4.6 +pkgp-freebsd-pkg____php84-xml-8.4.6 +pkgp-freebsd-pkg____php84-zip-8.4.6 +pkgp-freebsd-pkg____php84-zlib-8.4.6 +pkgp-freebsd-pkg____vsftpd-ssl-3.0.5_2 diff --git a/jails/config/web-rockwood/pkg-list-details.txt b/jails/config/web-rockwood/pkg-list-details.txt index 27b1072..fb74905 100644 --- a/jails/config/web-rockwood/pkg-list-details.txt +++ b/jails/config/web-rockwood/pkg-list-details.txt @@ -1,26 +1,29 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____php81-8.1.13 -pkgp-freebsd-pkg____php81-bcmath-8.1.13 -pkgp-freebsd-pkg____php81-ctype-8.1.13 -pkgp-freebsd-pkg____php81-curl-8.1.13 -pkgp-freebsd-pkg____php81-dom-8.1.13 -pkgp-freebsd-pkg____php81-exif-8.1.13 -pkgp-freebsd-pkg____php81-fileinfo-8.1.13 -pkgp-freebsd-pkg____php81-filter-8.1.13 -pkgp-freebsd-pkg____php81-ftp-8.1.13 -pkgp-freebsd-pkg____php81-iconv-8.1.13 -pkgp-freebsd-pkg____php81-mbstring-8.1.13 -pkgp-freebsd-pkg____php81-mysqli-8.1.13 -pkgp-freebsd-pkg____php81-pdo_mysql-8.1.13 -pkgp-freebsd-pkg____php81-pecl-imagick-3.7.0 -pkgp-freebsd-pkg____php81-session-8.1.13 -pkgp-freebsd-pkg____php81-sockets-8.1.13 -pkgp-freebsd-pkg____php81-sodium-8.1.13 -pkgp-freebsd-pkg____php81-tokenizer-8.1.13 -pkgp-freebsd-pkg____php81-xml-8.1.13 -pkgp-freebsd-pkg____php81-zip-8.1.13 -pkgp-freebsd-pkg____php81-zlib-8.1.13 -pkgp-freebsd-pkg____pkg-1.18.4 +pkgp123____pkg-2.1.2 +pkgp-freebsd-pkg____apache24-2.4.63 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____mc-4.8.32 +pkgp-freebsd-pkg____mod_php84-8.4.6 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____php84-8.4.6 +pkgp-freebsd-pkg____php84-bcmath-8.4.6 +pkgp-freebsd-pkg____php84-ctype-8.4.6 +pkgp-freebsd-pkg____php84-curl-8.4.6 +pkgp-freebsd-pkg____php84-dom-8.4.6 +pkgp-freebsd-pkg____php84-exif-8.4.6 +pkgp-freebsd-pkg____php84-fileinfo-8.4.6 +pkgp-freebsd-pkg____php84-filter-8.4.6 +pkgp-freebsd-pkg____php84-ftp-8.4.6 +pkgp-freebsd-pkg____php84-gd-8.4.6 +pkgp-freebsd-pkg____php84-iconv-8.4.6 +pkgp-freebsd-pkg____php84-mbstring-8.4.6 +pkgp-freebsd-pkg____php84-mysqli-8.4.6 +pkgp-freebsd-pkg____php84-pecl-imagick-3.7.0_5 +pkgp-freebsd-pkg____php84-session-8.4.6 +pkgp-freebsd-pkg____php84-sockets-8.4.6 +pkgp-freebsd-pkg____php84-sodium-8.4.6 +pkgp-freebsd-pkg____php84-tokenizer-8.4.6 +pkgp-freebsd-pkg____php84-xml-8.4.6 +pkgp-freebsd-pkg____php84-zip-8.4.6 +pkgp-freebsd-pkg____php84-zlib-8.4.6 +pkgp-freebsd-pkg____vsftpd-ssl-3.0.5_2 diff --git a/jails/config/web-rockwood/pkg-list-old.txt b/jails/config/web-rockwood/pkg-list-old.txt index d2139df..654d5a8 100644 --- a/jails/config/web-rockwood/pkg-list-old.txt +++ b/jails/config/web-rockwood/pkg-list-old.txt @@ -1 +1 @@ -apache24 bash bash-completion nano php81 php81-bcmath php81-ctype php81-curl php81-dom php81-exif php81-fileinfo php81-filter php81-ftp php81-iconv php81-mbstring php81-mysqli php81-pdo_mysql php81-pecl-imagick php81-session php81-sockets php81-sodium php81-tokenizer php81-xml php81-zip php81-zlib pkg +apache24 bash bash-completion mc mod_php84 nano php84 php84-bcmath php84-ctype php84-curl php84-dom php84-exif php84-fileinfo php84-filter php84-ftp php84-gd php84-iconv php84-mbstring php84-mysqli php84-pecl-imagick php84-session php84-sockets php84-sodium php84-tokenizer php84-xml php84-zip php84-zlib pkg vsftpd-ssl diff --git a/jails/config/web-rockwood/pkg-list.txt b/jails/config/web-rockwood/pkg-list.txt index d2139df..654d5a8 100644 --- a/jails/config/web-rockwood/pkg-list.txt +++ b/jails/config/web-rockwood/pkg-list.txt @@ -1 +1 @@ -apache24 bash bash-completion nano php81 php81-bcmath php81-ctype php81-curl php81-dom php81-exif php81-fileinfo php81-filter php81-ftp php81-iconv php81-mbstring php81-mysqli php81-pdo_mysql php81-pecl-imagick php81-session php81-sockets php81-sodium php81-tokenizer php81-xml php81-zip php81-zlib pkg +apache24 bash bash-completion mc mod_php84 nano php84 php84-bcmath php84-ctype php84-curl php84-dom php84-exif php84-fileinfo php84-filter php84-ftp php84-gd php84-iconv php84-mbstring php84-mysqli php84-pecl-imagick php84-session php84-sockets php84-sodium php84-tokenizer php84-xml php84-zip php84-zlib pkg vsftpd-ssl diff --git a/jails/config/web-scvcc-rental/020_mod_ssl.conf b/jails/config/web-scvcc-rental/020_mod_ssl.conf deleted file mode 100644 index 3fbba40..0000000 --- a/jails/config/web-scvcc-rental/020_mod_ssl.conf +++ /dev/null @@ -1,11 +0,0 @@ -Listen 443 -SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 -SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 -SSLHonorCipherOrder on -SSLCompression off -# SSLUseStapling on -SSLSessionTickets off -SSLOptions +StrictRequire -SSLPassPhraseDialog builtin -SSLSessionCacheTimeout 300 -SSLSessionCache shmcb:/usr/local/etc/apache24/ssl_scache(512000) diff --git a/jails/config/web-scvcc-rental/httpd.conf b/jails/config/web-scvcc-rental/httpd.conf deleted file mode 100644 index 6cf5e87..0000000 --- a/jails/config/web-scvcc-rental/httpd.conf +++ /dev/null @@ -1,702 +0,0 @@ -# -# This is the main Apache HTTP server configuration file. It contains the -# configuration directives that give the server its instructions. -# See for detailed information. -# In particular, see -# -# for a discussion of each configuration directive. -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# -# Configuration and logfile names: If the filenames you specify for many -# of the server's control files begin with "/" (or "drive:/" for Win32), the -# server will use that explicit path. If the filenames do *not* begin -# with "/", the value of ServerRoot is prepended -- so "logs/access_log" -# with ServerRoot set to "/usr/local/apache2" will be interpreted by the -# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log" -# will be interpreted as '/logs/access_log'. - -# -# ServerRoot: The top of the directory tree under which the server's -# configuration, error, and log files are kept. -# -# Do not add a slash at the end of the directory path. If you point -# ServerRoot at a non-local disk, be sure to specify a local disk on the -# Mutex directive, if file-based mutexes are used. If you wish to share the -# same ServerRoot for multiple httpd daemons, you will need to change at -# least PidFile. -# -ServerRoot "/usr/local" - -# -# Mutex: Allows you to set the mutex mechanism and mutex file directory -# for individual mutexes, or change the global defaults -# -# Uncomment and change the directory if mutexes are file-based and the default -# mutex file directory is not on a local disk or is not appropriate for some -# other reason. -# -# Mutex default:/var/run - -# -# Listen: Allows you to bind Apache to specific IP addresses and/or -# ports, instead of the default. See also the -# directive. -# -# Change this to Listen on specific IP addresses as shown below to -# prevent Apache from glomming onto all bound IP addresses. -# -#Listen 12.34.56.78:80 -#Listen 80 - -# -# Dynamic Shared Object (DSO) Support -# -# To be able to use the functionality of a module which was built as a DSO you -# have to place corresponding `LoadModule' lines at this location so the -# directives contained in it are actually available _before_ they are used. -# Statically compiled modules (those listed by `httpd -l') do not need -# to be loaded here. -# -# Example: -# LoadModule foo_module modules/mod_foo.so -# -LoadModule mpm_event_module libexec/apache24/mod_mpm_event.so -#LoadModule mpm_prefork_module libexec/apache24/mod_mpm_prefork.so -#LoadModule mpm_worker_module libexec/apache24/mod_mpm_worker.so -LoadModule authn_file_module libexec/apache24/mod_authn_file.so -#LoadModule authn_dbm_module libexec/apache24/mod_authn_dbm.so -#LoadModule authn_anon_module libexec/apache24/mod_authn_anon.so -#LoadModule authn_dbd_module libexec/apache24/mod_authn_dbd.so -#LoadModule authn_socache_module libexec/apache24/mod_authn_socache.so -LoadModule authn_core_module libexec/apache24/mod_authn_core.so -LoadModule authz_host_module libexec/apache24/mod_authz_host.so -LoadModule authz_groupfile_module libexec/apache24/mod_authz_groupfile.so -LoadModule authz_user_module libexec/apache24/mod_authz_user.so -#LoadModule authz_dbm_module libexec/apache24/mod_authz_dbm.so -#LoadModule authz_owner_module libexec/apache24/mod_authz_owner.so -#LoadModule authz_dbd_module libexec/apache24/mod_authz_dbd.so -LoadModule authz_core_module libexec/apache24/mod_authz_core.so -#LoadModule authnz_fcgi_module libexec/apache24/mod_authnz_fcgi.so -LoadModule access_compat_module libexec/apache24/mod_access_compat.so -LoadModule auth_basic_module libexec/apache24/mod_auth_basic.so -#LoadModule auth_form_module libexec/apache24/mod_auth_form.so -#LoadModule auth_digest_module libexec/apache24/mod_auth_digest.so -#LoadModule allowmethods_module libexec/apache24/mod_allowmethods.so -#LoadModule file_cache_module libexec/apache24/mod_file_cache.so -#LoadModule cache_module libexec/apache24/mod_cache.so -#LoadModule cache_disk_module libexec/apache24/mod_cache_disk.so -#LoadModule cache_socache_module libexec/apache24/mod_cache_socache.so -LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so -#LoadModule socache_dbm_module libexec/apache24/mod_socache_dbm.so -#LoadModule socache_memcache_module libexec/apache24/mod_socache_memcache.so -#LoadModule watchdog_module libexec/apache24/mod_watchdog.so -#LoadModule macro_module libexec/apache24/mod_macro.so -#LoadModule dbd_module libexec/apache24/mod_dbd.so -#LoadModule dumpio_module libexec/apache24/mod_dumpio.so -#LoadModule buffer_module libexec/apache24/mod_buffer.so -#LoadModule data_module libexec/apache24/mod_data.so -#LoadModule ratelimit_module libexec/apache24/mod_ratelimit.so -LoadModule reqtimeout_module libexec/apache24/mod_reqtimeout.so -#LoadModule ext_filter_module libexec/apache24/mod_ext_filter.so -#LoadModule request_module libexec/apache24/mod_request.so -#LoadModule include_module libexec/apache24/mod_include.so -LoadModule filter_module libexec/apache24/mod_filter.so -#LoadModule reflector_module libexec/apache24/mod_reflector.so -#LoadModule substitute_module libexec/apache24/mod_substitute.so -#LoadModule sed_module libexec/apache24/mod_sed.so -#LoadModule charset_lite_module libexec/apache24/mod_charset_lite.so -LoadModule deflate_module libexec/apache24/mod_deflate.so -#LoadModule xml2enc_module libexec/apache24/mod_xml2enc.so -#LoadModule proxy_html_module libexec/apache24/mod_proxy_html.so -LoadModule mime_module libexec/apache24/mod_mime.so -LoadModule log_config_module libexec/apache24/mod_log_config.so -#LoadModule log_debug_module libexec/apache24/mod_log_debug.so -#LoadModule log_forensic_module libexec/apache24/mod_log_forensic.so -#LoadModule logio_module libexec/apache24/mod_logio.so -LoadModule env_module libexec/apache24/mod_env.so -#LoadModule mime_magic_module libexec/apache24/mod_mime_magic.so -#LoadModule cern_meta_module libexec/apache24/mod_cern_meta.so -LoadModule expires_module libexec/apache24/mod_expires.so -LoadModule headers_module libexec/apache24/mod_headers.so -#LoadModule usertrack_module libexec/apache24/mod_usertrack.so -#LoadModule unique_id_module libexec/apache24/mod_unique_id.so -LoadModule setenvif_module libexec/apache24/mod_setenvif.so -LoadModule version_module libexec/apache24/mod_version.so -#LoadModule remoteip_module libexec/apache24/mod_remoteip.so -LoadModule proxy_module libexec/apache24/mod_proxy.so -#LoadModule proxy_connect_module libexec/apache24/mod_proxy_connect.so -#LoadModule proxy_ftp_module libexec/apache24/mod_proxy_ftp.so -#LoadModule proxy_http_module libexec/apache24/mod_proxy_http.so -LoadModule proxy_fcgi_module libexec/apache24/mod_proxy_fcgi.so -#LoadModule proxy_scgi_module libexec/apache24/mod_proxy_scgi.so -#LoadModule proxy_uwsgi_module libexec/apache24/mod_proxy_uwsgi.so -#LoadModule proxy_fdpass_module libexec/apache24/mod_proxy_fdpass.so -#LoadModule proxy_wstunnel_module libexec/apache24/mod_proxy_wstunnel.so -#LoadModule proxy_ajp_module libexec/apache24/mod_proxy_ajp.so -#LoadModule proxy_balancer_module libexec/apache24/mod_proxy_balancer.so -#LoadModule proxy_express_module libexec/apache24/mod_proxy_express.so -#LoadModule proxy_hcheck_module libexec/apache24/mod_proxy_hcheck.so -#LoadModule session_module libexec/apache24/mod_session.so -#LoadModule session_cookie_module libexec/apache24/mod_session_cookie.so -#LoadModule session_crypto_module libexec/apache24/mod_session_crypto.so -#LoadModule session_dbd_module libexec/apache24/mod_session_dbd.so -#LoadModule slotmem_shm_module libexec/apache24/mod_slotmem_shm.so -#LoadModule slotmem_plain_module libexec/apache24/mod_slotmem_plain.so -LoadModule ssl_module libexec/apache24/mod_ssl.so -#LoadModule dialup_module libexec/apache24/mod_dialup.so -LoadModule http2_module libexec/apache24/mod_http2.so -LoadModule proxy_http2_module libexec/apache24/mod_proxy_http2.so -#LoadModule lbmethod_byrequests_module libexec/apache24/mod_lbmethod_byrequests.so -#LoadModule lbmethod_bytraffic_module libexec/apache24/mod_lbmethod_bytraffic.so -#LoadModule lbmethod_bybusyness_module libexec/apache24/mod_lbmethod_bybusyness.so -#LoadModule lbmethod_heartbeat_module libexec/apache24/mod_lbmethod_heartbeat.so -LoadModule unixd_module libexec/apache24/mod_unixd.so -#LoadModule heartbeat_module libexec/apache24/mod_heartbeat.so -#LoadModule heartmonitor_module libexec/apache24/mod_heartmonitor.so -#LoadModule dav_module libexec/apache24/mod_dav.so -LoadModule status_module libexec/apache24/mod_status.so -LoadModule autoindex_module libexec/apache24/mod_autoindex.so -#LoadModule asis_module libexec/apache24/mod_asis.so -#LoadModule info_module libexec/apache24/mod_info.so - - #LoadModule cgid_module libexec/apache24/mod_cgid.so - - - #LoadModule cgi_module libexec/apache24/mod_cgi.so - -#LoadModule dav_fs_module libexec/apache24/mod_dav_fs.so -#LoadModule dav_lock_module libexec/apache24/mod_dav_lock.so -#LoadModule vhost_alias_module libexec/apache24/mod_vhost_alias.so -#LoadModule negotiation_module libexec/apache24/mod_negotiation.so -LoadModule dir_module libexec/apache24/mod_dir.so -#LoadModule imagemap_module libexec/apache24/mod_imagemap.so -#LoadModule actions_module libexec/apache24/mod_actions.so -#LoadModule speling_module libexec/apache24/mod_speling.so -#LoadModule userdir_module libexec/apache24/mod_userdir.so -LoadModule alias_module libexec/apache24/mod_alias.so -LoadModule rewrite_module libexec/apache24/mod_rewrite.so - -# Third party modules -IncludeOptional etc/apache24/modules.d/[0-9][0-9][0-9]_*.conf - - -# -# If you wish httpd to run as a different user or group, you must run -# httpd as root initially and it will switch. -# -# User/Group: The name (or #number) of the user/group to run httpd as. -# It is usually good practice to create a dedicated user and group for -# running httpd, as with most system services. -# -User www -Group www - - - -# 'Main' server configuration -# -# The directives in this section set up the values used by the 'main' -# server, which responds to any requests that aren't handled by a -# definition. These values also provide defaults for -# any containers you may define later in the file. -# -# All of these directives may appear inside containers, -# in which case these default settings will be overridden for the -# virtual host being defined. -# - -# -# ServerAdmin: Your address, where problems with the server should be -# e-mailed. This address appears on some server-generated pages, such -# as error documents. e.g. admin@your-domain.com -# -ServerAdmin sharad@ahlawat.com - -# -# ServerName gives the name and port that the server uses to identify itself. -# This can often be determined automatically, but we recommend you specify -# it explicitly to prevent problems during startup. -# -# If your host doesn't have a registered DNS name, enter its IP address here. -# -ServerName www.scvcc-rental.com - -# -# Deny access to the entirety of your server's filesystem. You must -# explicitly permit access to web content directories in other -# blocks below. -# - - AllowOverride none - Require all denied - - -# -# Note that from this point forward you must specifically allow -# particular features to be enabled - so if something's not working as -# you might expect, make sure that you have specifically enabled it -# below. -# - -# -# DocumentRoot: The directory out of which you will serve your -# documents. By default, all requests are taken from this directory, but -# symbolic links and aliases may be used to point to other locations. -# -DocumentRoot "/usr/local/www/apache24/data" - - -# can't set this if traffic is passing through haproxy and being redirected to ssl already -# RewriteEngine on -# RewriteRule ^/\.well-known/ - [L] -# RewriteRule (.*) https://www.scvcc-rental.com [R,L] - - # - # Possible values for the Options directive are "None", "All", - # or any combination of: - # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews - # - # Note that "MultiViews" must be named *explicitly* --- "Options All" - # doesn't give it to you. - # - # The Options directive is both complicated and important. Please see - # http://httpd.apache.org/docs/2.4/mod/core.html#options - # for more information. - # - Options Indexes FollowSymLinks - - # - # AllowOverride controls what directives may be placed in .htaccess files. - # It can be "All", "None", or any combination of the keywords: - # AllowOverride FileInfo AuthConfig Limit - # - AllowOverride None - - # - # Controls who can get stuff from this server. - # - Require all granted - - -# -# DirectoryIndex: sets the file that Apache will serve if a directory -# is requested. -# - - DirectoryIndex index.php index.html - - SetHandler application/x-httpd-php - - - SetHandler application/x-httpd-php-source - - - -# -# The following lines prevent .htaccess and .htpasswd files from being -# viewed by Web clients. -# - - Require all denied - - -# -# ErrorLog: The location of the error log file. -# If you do not specify an ErrorLog directive within a -# container, error messages relating to that virtual host will be -# logged here. If you *do* define an error logfile for a -# container, that host's errors will be logged there and not here. -# -ErrorLog "/var/log/httpd-error.log" - -# -# LogLevel: Control the number of messages logged to the error_log. -# Possible values include: debug, info, notice, warn, error, crit, -# alert, emerg. -# -LogLevel warn - - - # - # The following directives define some format nicknames for use with - # a CustomLog directive (see below). - # - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined - LogFormat "%h %l %u %t \"%r\" %>s %b" common - - - # You need to enable mod_logio.c to use %I and %O - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio - - - # - # The location and format of the access logfile (Common Logfile Format). - # If you do not define any access logfiles within a - # container, they will be logged here. Contrariwise, if you *do* - # define per- access logfiles, transactions will be - # logged therein and *not* in this file. - # - CustomLog "/var/log/httpd-access.log" common - - # - # If you prefer a logfile with access, agent, and referer information - # (Combined Logfile Format) you can use the following directive. - # - #CustomLog "/var/log/httpd-access.log" combined - - - - # - # Redirect: Allows you to tell clients about documents that used to - # exist in your server's namespace, but do not anymore. The client - # will make a new request for the document at its new location. - # Example: - # Redirect permanent /foo http://www.example.com/bar - - # - # Alias: Maps web paths into filesystem paths and is used to - # access content that does not live under the DocumentRoot. - # Example: - # Alias /webpath /full/filesystem/path - # - # If you include a trailing / on /webpath then the server will - # require it to be present in the URL. You will also likely - # need to provide a section to allow access to - # the filesystem path. - - # - # ScriptAlias: This controls which directories contain server scripts. - # ScriptAliases are essentially the same as Aliases, except that - # documents in the target directory are treated as applications and - # run by the server when requested rather than as documents sent to the - # client. The same rules about trailing "/" apply to ScriptAlias - # directives as to Alias. - # - ScriptAlias /cgi-bin/ "/usr/local/www/apache24/cgi-bin/" - - - - - # - # ScriptSock: On threaded servers, designate the path to the UNIX - # socket used to communicate with the CGI daemon of mod_cgid. - # - #Scriptsock cgisock - - -# -# "/usr/local/www/apache24/cgi-bin" should be changed to whatever your ScriptAliased -# CGI directory exists, if you have that configured. -# - - AllowOverride None - Options None - Require all granted - - - - # - # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied - # backend servers which have lingering "httpoxy" defects. - # 'Proxy' request header is undefined by the IETF, not listed by IANA - # - RequestHeader unset Proxy early - - - - # - # TypesConfig points to the file containing the list of mappings from - # filename extension to MIME-type. - # - TypesConfig etc/apache24/mime.types - - # - # AddType allows you to add to or override the MIME configuration - # file specified in TypesConfig for specific file types. - # - #AddType application/x-gzip .tgz - # - # AddEncoding allows you to have certain browsers uncompress - # information on the fly. Note: Not all browsers support this. - # - #AddEncoding x-compress .Z - #AddEncoding x-gzip .gz .tgz - # - # If the AddEncoding directives above are commented-out, then you - # probably should define those extensions to indicate media types: - # - AddType application/x-compress .Z - AddType application/x-gzip .gz .tgz - - # - # AddHandler allows you to map certain file extensions to "handlers": - # actions unrelated to filetype. These can be either built into the server - # or added with the Action directive (see below) - # - # To use CGI scripts outside of ScriptAliased directories: - # (You will also need to add "ExecCGI" to the "Options" directive.) - # - #AddHandler cgi-script .cgi - - # For type maps (negotiated resources): - #AddHandler type-map var - - # - # Filters allow you to process content before it is sent to the client. - # - # To parse .shtml files for server-side includes (SSI): - # (You will also need to add "Includes" to the "Options" directive.) - # - #AddType text/html .shtml - #AddOutputFilter INCLUDES .shtml - - AddType application/x-httpd-php .php - AddType application/x-httpd-php-source .phps - - - -# -# The mod_mime_magic module allows the server to use various hints from the -# contents of the file itself to determine its type. The MIMEMagicFile -# directive tells the module where the hint definitions are located. -# -#MIMEMagicFile etc/apache24/magic - -# -# Customizable error responses come in three flavors: -# 1) plain text 2) local redirects 3) external redirects -# -# Some examples: -#ErrorDocument 500 "The server made a boo boo." -#ErrorDocument 404 /missing.html -#ErrorDocument 404 "/cgi-bin/missing_handler.pl" -#ErrorDocument 402 http://www.example.com/subscription_info.html -# - -# -# MaxRanges: Maximum number of Ranges in a request before -# returning the entire resource, or one of the special -# values 'default', 'none' or 'unlimited'. -# Default setting is to accept 200 Ranges. -#MaxRanges unlimited - -# -# EnableMMAP and EnableSendfile: On systems that support it, -# memory-mapping or the sendfile syscall may be used to deliver -# files. This usually improves server performance, but must -# be turned off when serving from networked-mounted -# filesystems or if support for these functions is otherwise -# broken on your system. -# Defaults: EnableMMAP On, EnableSendfile Off -# -#EnableMMAP off -#EnableSendfile on - -# Supplemental configuration -# -# The configuration files in the etc/apache24/extra/ directory can be -# included to add extra features or to modify the default configuration of -# the server, or you may simply copy their contents here and change as -# necessary. - -# Server-pool management (MPM specific) -#Include etc/apache24/extra/httpd-mpm.conf - -# Multi-language error messages -#Include etc/apache24/extra/httpd-multilang-errordoc.conf - -# Fancy directory listings -#Include etc/apache24/extra/httpd-autoindex.conf - -# Language settings -#Include etc/apache24/extra/httpd-languages.conf - -# User home directories -#Include etc/apache24/extra/httpd-userdir.conf - -# Real-time info on requests and configuration -#Include etc/apache24/extra/httpd-info.conf - -# Virtual hosts -#Include etc/apache24/extra/httpd-vhosts.conf - -# Local access to the Apache HTTP Server Manual -#Include etc/apache24/extra/httpd-manual.conf - -# Distributed authoring and versioning (WebDAV) -#Include etc/apache24/extra/httpd-dav.conf - -# Various default settings -#Include etc/apache24/extra/httpd-default.conf - -# Configure mod_proxy_html to understand HTML4/XHTML1 - -Include etc/apache24/extra/proxy-html.conf - - -# Secure (SSL/TLS) connections -#Include etc/apache24/extra/httpd-ssl.conf -# -# Note: The following must must be present to support -# starting without SSL on platforms with no /dev/random equivalent -# but a statically compiled-in mod_ssl. -# - -SSLRandomSeed startup builtin -SSLRandomSeed connect builtin - - -Include etc/apache24/Includes/*.conf - - - ServerName www.scvcc-rental.com - ServerAlias *.scvc-rental.com - ServerAlias scvcc-rental.com - - Protocols h2 http/1.1 - - DocumentRoot "/usr/local/www/apache24/data/" - - SSLEngine on - SSLCertificateFile "/mnt/certs/scvccfullchain.pem" - SSLCertificateKeyFile "/mnt/certs/scvccprivkey.pem" - #SSLCertificateChainFile "/mnt/certs/scvccfullchain.pem" - SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - SSLHonorCipherOrder off - SSLSessionTickets off - SSLOptions +StrictRequire -# SSLCompression off - - RewriteEngine On - RewriteCond %{HTTP:Authorization} ^(.*) - RewriteRule .* - [e=HTTP_AUTHORIZATION:%1] - - - SetHandler "proxy:fcgi://127.0.0.1:9000" - SSLOptions +StdEnvVars - - - - SSLOptions +StdEnvVars - - - BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 - CustomLog "/var/log/ssl-request.log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" - - - Options Indexes FollowSymLinks MultiViews - ## IndexOptions FancyIndexing FoldersFirst IgnoreCase VersionSort SuppressHTMLPreamble NameWidth=96 DescriptionWidth=16 - IndexOptions FancyIndexing FoldersFirst IgnoreCase NameWidth=96 - - #AllowOverride controls what directives may be placed in .htaccess files. - AllowOverride All - #AllowOverride AuthConfig - #Controls who can get stuff from this server file - Require all granted - - - ErrorLog "/var/log/ssl-error.log" - CustomLog "/var/log/ssl-access_log" combined - - - Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains" - - - -ExpiresActive On -ExpiresDefault A0 - - -ExpiresDefault A31536000 - - - -ExpiresDefault A31536000 - - - -ExpiresDefault A31536000 - - - -ExpiresDefault A31536000 - - - - - - Header set Cache-Control "max-age=31536000" - - - - Header set Cache-Control "max-age=31536000" - - - - Header set Cache-Control "max-age=31536000" - - - - Header set Cache-Control "max-age=31536000" - - - - - SetOutputFilter DEFLATE - - - SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding - RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding - - - - AddOutputFilterByType DEFLATE "application/atom+xml" \ - "application/javascript" \ - "application/json" \ - "application/ld+json" \ - "application/manifest+json" \ - "application/rdf+xml" \ - "application/rss+xml" \ - "application/schema+json" \ - "application/vnd.geo+json" \ - "application/vnd.ms-fontobject" \ - "application/x-font-ttf" \ - "application/x-font-opentype" \ - "application/x-font-truetype" \ - "application/x-javascript" \ - "application/x-web-app-manifest+json" \ - "application/xhtml+xml" \ - "application/xml" \ - "font/eot" \ - "font/opentype" \ - "font/otf" \ - "image/bmp" \ - "image/svg+xml" \ - "image/vnd.microsoft.icon" \ - "image/x-icon" \ - "text/cache-manifest" \ - "text/css" \ - "text/html" \ - "text/javascript" \ - "text/plain" \ - "text/vcard" \ - "text/vnd.rim.location.xloc" \ - "text/vtt" \ - "text/x-component" \ - "text/x-cross-domain-policy" \ - "text/xml" - - - - AddEncoding gzip svgz - - - - - -SSLUseStapling On -SSLStaplingCache "shmcb:logs/ssl_stapling(32768)" diff --git a/jails/config/web-scvcc-rental/php.ini b/jails/config/web-scvcc-rental/php.ini deleted file mode 100644 index 464dd99..0000000 --- a/jails/config/web-scvcc-rental/php.ini +++ /dev/null @@ -1,1918 +0,0 @@ -[PHP] - -;;;;;;;;;;;;;;;;;;; -; About php.ini ; -;;;;;;;;;;;;;;;;;;; -; PHP's initialization file, generally called php.ini, is responsible for -; configuring many of the aspects of PHP's behavior. - -; PHP attempts to find and load this configuration from a number of locations. -; The following is a summary of its search order: -; 1. SAPI module specific location. -; 2. The PHPRC environment variable. (As of PHP 5.2.0) -; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0) -; 4. Current working directory (except CLI) -; 5. The web server's directory (for SAPI modules), or directory of PHP -; (otherwise in Windows) -; 6. The directory from the --with-config-file-path compile time option, or the -; Windows directory (C:\windows or C:\winnt) -; See the PHP docs for more specific information. -; http://php.net/configuration.file - -; The syntax of the file is extremely simple. Whitespace and lines -; beginning with a semicolon are silently ignored (as you probably guessed). -; Section headers (e.g. [Foo]) are also silently ignored, even though -; they might mean something in the future. - -; Directives following the section heading [PATH=/www/mysite] only -; apply to PHP files in the /www/mysite directory. Directives -; following the section heading [HOST=www.example.com] only apply to -; PHP files served from www.example.com. Directives set in these -; special sections cannot be overridden by user-defined INI files or -; at runtime. Currently, [PATH=] and [HOST=] sections only work under -; CGI/FastCGI. -; http://php.net/ini.sections - -; Directives are specified using the following syntax: -; directive = value -; Directive names are *case sensitive* - foo=bar is different from FOO=bar. -; Directives are variables used to configure PHP or PHP extensions. -; There is no name validation. If PHP can't find an expected -; directive because it is not set or is mistyped, a default value will be used. - -; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one -; of the INI constants (On, Off, True, False, Yes, No and None) or an expression -; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a -; previously set variable or directive (e.g. ${foo}) - -; Expressions in the INI file are limited to bitwise operators and parentheses: -; | bitwise OR -; ^ bitwise XOR -; & bitwise AND -; ~ bitwise NOT -; ! boolean NOT - -; Boolean flags can be turned on using the values 1, On, True or Yes. -; They can be turned off using the values 0, Off, False or No. - -; An empty string can be denoted by simply not writing anything after the equal -; sign, or by using the None keyword: - -; foo = ; sets foo to an empty string -; foo = None ; sets foo to an empty string -; foo = "None" ; sets foo to the string 'None' - -; If you use constants in your value, and these constants belong to a -; dynamically loaded extension (either a PHP extension or a Zend extension), -; you may only use these constants *after* the line that loads the extension. - -;;;;;;;;;;;;;;;;;;; -; About this file ; -;;;;;;;;;;;;;;;;;;; -; PHP comes packaged with two INI files. One that is recommended to be used -; in production environments and one that is recommended to be used in -; development environments. - -; php.ini-production contains settings which hold security, performance and -; best practices at its core. But please be aware, these settings may break -; compatibility with older or less security conscience applications. We -; recommending using the production ini in production and testing environments. - -; php.ini-development is very similar to its production variant, except it is -; much more verbose when it comes to errors. We recommend using the -; development version only in development environments, as errors shown to -; application users can inadvertently leak otherwise secure information. - -; This is php.ini-production INI file. - -;;;;;;;;;;;;;;;;;;; -; Quick Reference ; -;;;;;;;;;;;;;;;;;;; -; The following are all the settings which are different in either the production -; or development versions of the INIs with respect to PHP's default behavior. -; Please see the actual settings later in the document for more details as to why -; we recommend these changes in PHP's behavior. - -; display_errors -; Default Value: On -; Development Value: On -; Production Value: Off - -; display_startup_errors -; Default Value: Off -; Development Value: On -; Production Value: Off - -; error_reporting -; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED -; Development Value: E_ALL -; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT - -; html_errors -; Default Value: On -; Development Value: On -; Production value: On - -; log_errors -; Default Value: Off -; Development Value: On -; Production Value: On - -; max_input_time -; Default Value: -1 (Unlimited) -; Development Value: 60 (60 seconds) -; Production Value: 60 (60 seconds) - -; output_buffering -; Default Value: Off -; Development Value: 4096 -; Production Value: 4096 - -; register_argc_argv -; Default Value: On -; Development Value: Off -; Production Value: Off - -; request_order -; Default Value: None -; Development Value: "GP" -; Production Value: "GP" - -; session.gc_divisor -; Default Value: 100 -; Development Value: 1000 -; Production Value: 1000 - -; session.sid_bits_per_character -; Default Value: 4 -; Development Value: 5 -; Production Value: 5 - -; short_open_tag -; Default Value: On -; Development Value: Off -; Production Value: Off - -; track_errors -; Default Value: Off -; Development Value: On -; Production Value: Off - -; variables_order -; Default Value: "EGPCS" -; Development Value: "GPCS" -; Production Value: "GPCS" - -;;;;;;;;;;;;;;;;;;;; -; php.ini Options ; -;;;;;;;;;;;;;;;;;;;; -; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini" -;user_ini.filename = ".user.ini" - -; To disable this feature set this option to empty value -;user_ini.filename = - -; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes) -;user_ini.cache_ttl = 300 - -;;;;;;;;;;;;;;;;;;;; -; Language Options ; -;;;;;;;;;;;;;;;;;;;; - -; Enable the PHP scripting language engine under Apache. -; http://php.net/engine -engine = On - -; This directive determines whether or not PHP will recognize code between -; tags as PHP source which should be processed as such. It is -; generally recommended that should be used and that this feature -; should be disabled, as enabling it may result in issues when generating XML -; documents, however this remains supported for backward compatibility reasons. -; Note that this directive does not control the would work. -; http://php.net/syntax-highlighting -;highlight.string = #DD0000 -;highlight.comment = #FF9900 -;highlight.keyword = #007700 -;highlight.default = #0000BB -;highlight.html = #000000 - -; If enabled, the request will be allowed to complete even if the user aborts -; the request. Consider enabling it if executing long requests, which may end up -; being interrupted by the user or a browser timing out. PHP's default behavior -; is to disable this feature. -; http://php.net/ignore-user-abort -;ignore_user_abort = On - -; Determines the size of the realpath cache to be used by PHP. This value should -; be increased on systems where PHP opens many files to reflect the quantity of -; the file operations performed. -; http://php.net/realpath-cache-size -;realpath_cache_size = 4096k - -; Duration of time, in seconds for which to cache realpath information for a given -; file or directory. For systems with rarely changing files, consider increasing this -; value. -; http://php.net/realpath-cache-ttl -;realpath_cache_ttl = 120 - -; Enables or disables the circular reference collector. -; http://php.net/zend.enable-gc -zend.enable_gc = On - -; If enabled, scripts may be written in encodings that are incompatible with -; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such -; encodings. To use this feature, mbstring extension must be enabled. -; Default: Off -;zend.multibyte = Off - -; Allows to set the default encoding for the scripts. This value will be used -; unless "declare(encoding=...)" directive appears at the top of the script. -; Only affects if zend.multibyte is set. -; Default: "" -;zend.script_encoding = - -;;;;;;;;;;;;;;;;; -; Miscellaneous ; -;;;;;;;;;;;;;;;;; - -; Decides whether PHP may expose the fact that it is installed on the server -; (e.g. by adding its signature to the Web server header). It is no security -; threat in any way, but it makes it possible to determine whether you use PHP -; on your server or not. -; http://php.net/expose-php -expose_php = On - -;;;;;;;;;;;;;;;;;;; -; Resource Limits ; -;;;;;;;;;;;;;;;;;;; - -; Maximum execution time of each script, in seconds -; http://php.net/max-execution-time -; Note: This directive is hardcoded to 0 for the CLI SAPI -max_execution_time = 30 - -; Maximum amount of time each script may spend parsing request data. It's a good -; idea to limit this time on productions servers in order to eliminate unexpectedly -; long running scripts. -; Note: This directive is hardcoded to -1 for the CLI SAPI -; Default Value: -1 (Unlimited) -; Development Value: 60 (60 seconds) -; Production Value: 60 (60 seconds) -; http://php.net/max-input-time -max_input_time = 60 - -; Maximum input variable nesting level -; http://php.net/max-input-nesting-level -;max_input_nesting_level = 64 - -; How many GET/POST/COOKIE input variables may be accepted -; max_input_vars = 1000 - -; Maximum amount of memory a script may consume (128MB) -; http://php.net/memory-limit -memory_limit = 128M - -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; Error handling and logging ; -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - -; This directive informs PHP of which errors, warnings and notices you would like -; it to take action for. The recommended way of setting values for this -; directive is through the use of the error level constants and bitwise -; operators. The error level constants are below here for convenience as well as -; some common settings and their meanings. -; By default, PHP is set to take action on all errors, notices and warnings EXCEPT -; those related to E_NOTICE and E_STRICT, which together cover best practices and -; recommended coding standards in PHP. For performance reasons, this is the -; recommend error reporting setting. Your production server shouldn't be wasting -; resources complaining about best practices and coding standards. That's what -; development servers and development settings are for. -; Note: The php.ini-development file has this setting as E_ALL. This -; means it pretty much reports everything which is exactly what you want during -; development and early testing. -; -; Error Level Constants: -; E_ALL - All errors and warnings (includes E_STRICT as of PHP 5.4.0) -; E_ERROR - fatal run-time errors -; E_RECOVERABLE_ERROR - almost fatal run-time errors -; E_WARNING - run-time warnings (non-fatal errors) -; E_PARSE - compile-time parse errors -; E_NOTICE - run-time notices (these are warnings which often result -; from a bug in your code, but it's possible that it was -; intentional (e.g., using an uninitialized variable and -; relying on the fact it is automatically initialized to an -; empty string) -; E_STRICT - run-time notices, enable to have PHP suggest changes -; to your code which will ensure the best interoperability -; and forward compatibility of your code -; E_CORE_ERROR - fatal errors that occur during PHP's initial startup -; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's -; initial startup -; E_COMPILE_ERROR - fatal compile-time errors -; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) -; E_USER_ERROR - user-generated error message -; E_USER_WARNING - user-generated warning message -; E_USER_NOTICE - user-generated notice message -; E_DEPRECATED - warn about code that will not work in future versions -; of PHP -; E_USER_DEPRECATED - user-generated deprecation warnings -; -; Common Values: -; E_ALL (Show all errors, warnings and notices including coding standards.) -; E_ALL & ~E_NOTICE (Show all errors, except for notices) -; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.) -; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors) -; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED -; Development Value: E_ALL -; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT -; http://php.net/error-reporting -error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT - -; This directive controls whether or not and where PHP will output errors, -; notices and warnings too. Error output is very useful during development, but -; it could be very dangerous in production environments. Depending on the code -; which is triggering the error, sensitive information could potentially leak -; out of your application such as database usernames and passwords or worse. -; For production environments, we recommend logging errors rather than -; sending them to STDOUT. -; Possible Values: -; Off = Do not display any errors -; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) -; On or stdout = Display errors to STDOUT -; Default Value: On -; Development Value: On -; Production Value: Off -; http://php.net/display-errors -display_errors = Off - -; The display of errors which occur during PHP's startup sequence are handled -; separately from display_errors. PHP's default behavior is to suppress those -; errors from clients. Turning the display of startup errors on can be useful in -; debugging configuration problems. We strongly recommend you -; set this to 'off' for production servers. -; Default Value: Off -; Development Value: On -; Production Value: Off -; http://php.net/display-startup-errors -display_startup_errors = Off - -; Besides displaying errors, PHP can also log errors to locations such as a -; server-specific log, STDERR, or a location specified by the error_log -; directive found below. While errors should not be displayed on productions -; servers they should still be monitored and logging is a great way to do that. -; Default Value: Off -; Development Value: On -; Production Value: On -; http://php.net/log-errors -log_errors = On - -; Set maximum length of log_errors. In error_log information about the source is -; added. The default is 1024 and 0 allows to not apply any maximum length at all. -; http://php.net/log-errors-max-len -log_errors_max_len = 1024 - -; Do not log repeated messages. Repeated errors must occur in same file on same -; line unless ignore_repeated_source is set true. -; http://php.net/ignore-repeated-errors -ignore_repeated_errors = Off - -; Ignore source of message when ignoring repeated messages. When this setting -; is On you will not log errors with repeated messages from different files or -; source lines. -; http://php.net/ignore-repeated-source -ignore_repeated_source = Off - -; If this parameter is set to Off, then memory leaks will not be shown (on -; stdout or in the log). This has only effect in a debug compile, and if -; error reporting includes E_WARNING in the allowed list -; http://php.net/report-memleaks -report_memleaks = On - -; This setting is on by default. -;report_zend_debug = 0 - -; Store the last error/warning message in $php_errormsg (boolean). Setting this value -; to On can assist in debugging and is appropriate for development servers. It should -; however be disabled on production servers. -; This directive is DEPRECATED. -; Default Value: Off -; Development Value: Off -; Production Value: Off -; http://php.net/track-errors -;track_errors = Off - -; Turn off normal error reporting and emit XML-RPC error XML -; http://php.net/xmlrpc-errors -;xmlrpc_errors = 0 - -; An XML-RPC faultCode -;xmlrpc_error_number = 0 - -; When PHP displays or logs an error, it has the capability of formatting the -; error message as HTML for easier reading. This directive controls whether -; the error message is formatted as HTML or not. -; Note: This directive is hardcoded to Off for the CLI SAPI -; Default Value: On -; Development Value: On -; Production value: On -; http://php.net/html-errors -html_errors = On - -; If html_errors is set to On *and* docref_root is not empty, then PHP -; produces clickable error messages that direct to a page describing the error -; or function causing the error in detail. -; You can download a copy of the PHP manual from http://php.net/docs -; and change docref_root to the base URL of your local copy including the -; leading '/'. You must also specify the file extension being used including -; the dot. PHP's default behavior is to leave these settings empty, in which -; case no links to documentation are generated. -; Note: Never use this feature for production boxes. -; http://php.net/docref-root -; Examples -;docref_root = "/phpmanual/" - -; http://php.net/docref-ext -;docref_ext = .html - -; String to output before an error message. PHP's default behavior is to leave -; this setting blank. -; http://php.net/error-prepend-string -; Example: -;error_prepend_string = "" - -; String to output after an error message. PHP's default behavior is to leave -; this setting blank. -; http://php.net/error-append-string -; Example: -;error_append_string = "" - -; Log errors to specified file. PHP's default behavior is to leave this value -; empty. -; http://php.net/error-log -; Example: -;error_log = php_errors.log -; Log errors to syslog (Event Log on Windows). -;error_log = syslog - -;windows.show_crt_warning -; Default value: 0 -; Development value: 0 -; Production value: 0 - -;;;;;;;;;;;;;;;;; -; Data Handling ; -;;;;;;;;;;;;;;;;; - -; The separator used in PHP generated URLs to separate arguments. -; PHP's default setting is "&". -; http://php.net/arg-separator.output -; Example: -;arg_separator.output = "&" - -; List of separator(s) used by PHP to parse input URLs into variables. -; PHP's default setting is "&". -; NOTE: Every character in this directive is considered as separator! -; http://php.net/arg-separator.input -; Example: -;arg_separator.input = ";&" - -; This directive determines which super global arrays are registered when PHP -; starts up. G,P,C,E & S are abbreviations for the following respective super -; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty -; paid for the registration of these arrays and because ENV is not as commonly -; used as the others, ENV is not recommended on productions servers. You -; can still get access to the environment variables through getenv() should you -; need to. -; Default Value: "EGPCS" -; Development Value: "GPCS" -; Production Value: "GPCS"; -; http://php.net/variables-order -variables_order = "GPCS" - -; This directive determines which super global data (G,P & C) should be -; registered into the super global array REQUEST. If so, it also determines -; the order in which that data is registered. The values for this directive -; are specified in the same manner as the variables_order directive, -; EXCEPT one. Leaving this value empty will cause PHP to use the value set -; in the variables_order directive. It does not mean it will leave the super -; globals array REQUEST empty. -; Default Value: None -; Development Value: "GP" -; Production Value: "GP" -; http://php.net/request-order -request_order = "GP" - -; This directive determines whether PHP registers $argv & $argc each time it -; runs. $argv contains an array of all the arguments passed to PHP when a script -; is invoked. $argc contains an integer representing the number of arguments -; that were passed when the script was invoked. These arrays are extremely -; useful when running scripts from the command line. When this directive is -; enabled, registering these variables consumes CPU cycles and memory each time -; a script is executed. For performance reasons, this feature should be disabled -; on production servers. -; Note: This directive is hardcoded to On for the CLI SAPI -; Default Value: On -; Development Value: Off -; Production Value: Off -; http://php.net/register-argc-argv -register_argc_argv = Off - -; When enabled, the ENV, REQUEST and SERVER variables are created when they're -; first used (Just In Time) instead of when the script starts. If these -; variables are not used within a script, having this directive on will result -; in a performance gain. The PHP directive register_argc_argv must be disabled -; for this directive to have any affect. -; http://php.net/auto-globals-jit -auto_globals_jit = On - -; Whether PHP will read the POST data. -; This option is enabled by default. -; Most likely, you won't want to disable this option globally. It causes $_POST -; and $_FILES to always be empty; the only way you will be able to read the -; POST data will be through the php://input stream wrapper. This can be useful -; to proxy requests or to process the POST data in a memory efficient fashion. -; http://php.net/enable-post-data-reading -;enable_post_data_reading = Off - -; Maximum size of POST data that PHP will accept. -; Its value may be 0 to disable the limit. It is ignored if POST data reading -; is disabled through enable_post_data_reading. -; http://php.net/post-max-size -post_max_size = 8M - -; Automatically add files before PHP document. -; http://php.net/auto-prepend-file -auto_prepend_file = - -; Automatically add files after PHP document. -; http://php.net/auto-append-file -auto_append_file = - -; By default, PHP will output a media type using the Content-Type header. To -; disable this, simply set it to be empty. -; -; PHP's built-in default media type is set to text/html. -; http://php.net/default-mimetype -default_mimetype = "text/html" - -; PHP's default character set is set to UTF-8. -; http://php.net/default-charset -default_charset = "UTF-8" - -; PHP internal character encoding is set to empty. -; If empty, default_charset is used. -; http://php.net/internal-encoding -;internal_encoding = - -; PHP input character encoding is set to empty. -; If empty, default_charset is used. -; http://php.net/input-encoding -;input_encoding = - -; PHP output character encoding is set to empty. -; If empty, default_charset is used. -; See also output_buffer. -; http://php.net/output-encoding -;output_encoding = - -;;;;;;;;;;;;;;;;;;;;;;;;; -; Paths and Directories ; -;;;;;;;;;;;;;;;;;;;;;;;;; - -; UNIX: "/path1:/path2" -;include_path = ".:/php/includes" -; -; Windows: "\path1;\path2" -;include_path = ".;c:\php\includes" -; -; PHP's default setting for include_path is ".;/path/to/php/pear" -; http://php.net/include-path - -; The root of the PHP pages, used only if nonempty. -; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root -; if you are running php as a CGI under any web server (other than IIS) -; see documentation for security issues. The alternate is to use the -; cgi.force_redirect configuration below -; http://php.net/doc-root -doc_root = - -; The directory under which PHP opens the script using /~username used only -; if nonempty. -; http://php.net/user-dir -user_dir = - -; Directory in which the loadable extensions (modules) reside. -; http://php.net/extension-dir -; extension_dir = "./" -; On windows: -; extension_dir = "ext" - -; Directory where the temporary files should be placed. -; Defaults to the system default (see sys_get_temp_dir) -; sys_temp_dir = "/tmp" - -; Whether or not to enable the dl() function. The dl() function does NOT work -; properly in multithreaded servers, such as IIS or Zeus, and is automatically -; disabled on them. -; http://php.net/enable-dl -enable_dl = Off - -; cgi.force_redirect is necessary to provide security running PHP as a CGI under -; most web servers. Left undefined, PHP turns this on by default. You can -; turn it off here AT YOUR OWN RISK -; **You CAN safely turn this off for IIS, in fact, you MUST.** -; http://php.net/cgi.force-redirect -;cgi.force_redirect = 1 - -; if cgi.nph is enabled it will force cgi to always sent Status: 200 with -; every request. PHP's default behavior is to disable this feature. -;cgi.nph = 1 - -; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape -; (iPlanet) web servers, you MAY need to set an environment variable name that PHP -; will look for to know it is OK to continue execution. Setting this variable MAY -; cause security issues, KNOW WHAT YOU ARE DOING FIRST. -; http://php.net/cgi.redirect-status-env -;cgi.redirect_status_env = - -; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's -; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok -; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting -; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting -; of zero causes PHP to behave as before. Default is 1. You should fix your scripts -; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. -; http://php.net/cgi.fix-pathinfo -;cgi.fix_pathinfo=1 - -; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside -; of the web tree and people will not be able to circumvent .htaccess security. -; http://php.net/cgi.dicard-path -;cgi.discard_path=1 - -; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate -; security tokens of the calling client. This allows IIS to define the -; security context that the request runs under. mod_fastcgi under Apache -; does not currently support this feature (03/17/2002) -; Set to 1 if running under IIS. Default is zero. -; http://php.net/fastcgi.impersonate -;fastcgi.impersonate = 1 - -; Disable logging through FastCGI connection. PHP's default behavior is to enable -; this feature. -;fastcgi.logging = 0 - -; cgi.rfc2616_headers configuration option tells PHP what type of headers to -; use when sending HTTP response code. If set to 0, PHP sends Status: header that -; is supported by Apache. When this option is set to 1, PHP will send -; RFC2616 compliant header. -; Default is zero. -; http://php.net/cgi.rfc2616-headers -;cgi.rfc2616_headers = 0 - -; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #! -; (shebang) at the top of the running script. This line might be needed if the -; script support running both as stand-alone script and via PHP CGI<. PHP in CGI -; mode skips this line and ignores its content if this directive is turned on. -; http://php.net/cgi.check-shebang-line -;cgi.check_shebang_line=1 - -;;;;;;;;;;;;;;;; -; File Uploads ; -;;;;;;;;;;;;;;;; - -; Whether to allow HTTP file uploads. -; http://php.net/file-uploads -file_uploads = On - -; Temporary directory for HTTP uploaded files (will use system default if not -; specified). -; http://php.net/upload-tmp-dir -;upload_tmp_dir = - -; Maximum allowed size for uploaded files. -; http://php.net/upload-max-filesize -upload_max_filesize = 4M - -; Maximum number of files that can be uploaded via a single request -max_file_uploads = 20 - -;;;;;;;;;;;;;;;;;; -; Fopen wrappers ; -;;;;;;;;;;;;;;;;;; - -; Whether to allow the treatment of URLs (like http:// or ftp://) as files. -; http://php.net/allow-url-fopen -allow_url_fopen = On - -; Whether to allow include/require to open URLs (like http:// or ftp://) as files. -; http://php.net/allow-url-include -allow_url_include = Off - -; Define the anonymous ftp password (your email address). PHP's default setting -; for this is empty. -; http://php.net/from -;from="john@doe.com" - -; Define the User-Agent string. PHP's default setting for this is empty. -; http://php.net/user-agent -;user_agent="PHP" - -; Default timeout for socket based streams (seconds) -; http://php.net/default-socket-timeout -default_socket_timeout = 60 - -; If your scripts have to deal with files from Macintosh systems, -; or you are running on a Mac and need to deal with files from -; unix or win32 systems, setting this flag will cause PHP to -; automatically detect the EOL character in those files so that -; fgets() and file() will work regardless of the source of the file. -; http://php.net/auto-detect-line-endings -;auto_detect_line_endings = Off - -;;;;;;;;;;;;;;;;;;;;;; -; Dynamic Extensions ; -;;;;;;;;;;;;;;;;;;;;;; - -; If you wish to have an extension loaded automatically, use the following -; syntax: -; -; extension=modulename -; -; For example: -; -; extension=mysqli -; -; When the extension library to load is not located in the default extension -; directory, You may specify an absolute path to the library file: -; -; extension=/path/to/extension/mysqli.so -; -; Note : The syntax used in previous PHP versions ('extension=.so' and -; 'extension='php_.dll') is supported for legacy reasons and may be -; deprecated in a future PHP major version. So, when it is possible, please -; move to the new ('extension=) syntax. -; -; Notes for Windows environments : -; -; - Many DLL files are located in the extensions/ (PHP 4) or ext/ (PHP 5+) -; extension folders as well as the separate PECL DLL download (PHP 5+). -; Be sure to appropriately set the extension_dir directive. -; -;extension=bz2 -;extension=curl -;extension=fileinfo -;extension=gd2 -;extension=gettext -;extension=gmp -;extension=intl -;extension=imap -;extension=interbase -;extension=ldap -;extension=mbstring -;extension=exif ; Must be after mbstring as it depends on it -;extension=mysqli -;extension=oci8_12c ; Use with Oracle Database 12c Instant Client -;extension=odbc -;extension=openssl -;extension=pdo_firebird -;extension=pdo_mysql -;extension=pdo_oci -;extension=pdo_odbc -;extension=pdo_pgsql -;extension=pdo_sqlite -;extension=pgsql -;extension=shmop - -; The MIBS data available in the PHP distribution must be installed. -; See http://www.php.net/manual/en/snmp.installation.php -;extension=snmp - -;extension=soap -;extension=sockets -;extension=sqlite3 -;extension=tidy -;extension=xmlrpc -;extension=xsl - -;;;;;;;;;;;;;;;;;;; -; Module Settings ; -;;;;;;;;;;;;;;;;;;; - -[CLI Server] -; Whether the CLI web server uses ANSI color coding in its terminal output. -cli_server.color = On - -[Date] -; Defines the default timezone used by the date functions -; http://php.net/date.timezone -date.timezone = America/Los_Angeles - -; http://php.net/date.default-latitude -;date.default_latitude = 31.7667 - -; http://php.net/date.default-longitude -;date.default_longitude = 35.2333 - -; http://php.net/date.sunrise-zenith -;date.sunrise_zenith = 90.583333 - -; http://php.net/date.sunset-zenith -;date.sunset_zenith = 90.583333 - -[filter] -; http://php.net/filter.default -;filter.default = unsafe_raw - -; http://php.net/filter.default-flags -;filter.default_flags = - -[iconv] -; Use of this INI entry is deprecated, use global input_encoding instead. -; If empty, default_charset or input_encoding or iconv.input_encoding is used. -; The precedence is: default_charset < intput_encoding < iconv.input_encoding -;iconv.input_encoding = - -; Use of this INI entry is deprecated, use global internal_encoding instead. -; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. -; The precedence is: default_charset < internal_encoding < iconv.internal_encoding -;iconv.internal_encoding = - -; Use of this INI entry is deprecated, use global output_encoding instead. -; If empty, default_charset or output_encoding or iconv.output_encoding is used. -; The precedence is: default_charset < output_encoding < iconv.output_encoding -; To use an output encoding conversion, iconv's output handler must be set -; otherwise output encoding conversion cannot be performed. -;iconv.output_encoding = - -[intl] -;intl.default_locale = -; This directive allows you to produce PHP errors when some error -; happens within intl functions. The value is the level of the error produced. -; Default is 0, which does not produce any errors. -;intl.error_level = E_WARNING -;intl.use_exceptions = 0 - -[sqlite3] -;sqlite3.extension_dir = - -[Pcre] -;PCRE library backtracking limit. -; http://php.net/pcre.backtrack-limit -;pcre.backtrack_limit=100000 - -;PCRE library recursion limit. -;Please note that if you set this value to a high number you may consume all -;the available process stack and eventually crash PHP (due to reaching the -;stack size limit imposed by the Operating System). -; http://php.net/pcre.recursion-limit -;pcre.recursion_limit=100000 - -;Enables or disables JIT compilation of patterns. This requires the PCRE -;library to be compiled with JIT support. -;pcre.jit=1 - -[Pdo] -; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off" -; http://php.net/pdo-odbc.connection-pooling -;pdo_odbc.connection_pooling=strict - -;pdo_odbc.db2_instance_name - -[Pdo_mysql] -; If mysqlnd is used: Number of cache slots for the internal result set cache -; http://php.net/pdo_mysql.cache_size -pdo_mysql.cache_size = 2000 - -; Default socket name for local MySQL connects. If empty, uses the built-in -; MySQL defaults. -; http://php.net/pdo_mysql.default-socket -pdo_mysql.default_socket= - -[Phar] -; http://php.net/phar.readonly -;phar.readonly = On - -; http://php.net/phar.require-hash -;phar.require_hash = On - -;phar.cache_list = - -[mail function] -; For Win32 only. -; http://php.net/smtp -SMTP = localhost -; http://php.net/smtp-port -smtp_port = 25 - -; For Win32 only. -; http://php.net/sendmail-from -;sendmail_from = me@example.com - -; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). -; http://php.net/sendmail-path -;sendmail_path = - -; Force the addition of the specified parameters to be passed as extra parameters -; to the sendmail binary. These parameters will always replace the value of -; the 5th parameter to mail(). -;mail.force_extra_parameters = - -; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename -mail.add_x_header = Off - -; The path to a log file that will log all mail() calls. Log entries include -; the full path of the script, line number, To address and headers. -;mail.log = -; Log mail to syslog (Event Log on Windows). -;mail.log = syslog - -[ODBC] -; http://php.net/odbc.default-db -;odbc.default_db = Not yet implemented - -; http://php.net/odbc.default-user -;odbc.default_user = Not yet implemented - -; http://php.net/odbc.default-pw -;odbc.default_pw = Not yet implemented - -; Controls the ODBC cursor model. -; Default: SQL_CURSOR_STATIC (default). -;odbc.default_cursortype - -; Allow or prevent persistent links. -; http://php.net/odbc.allow-persistent -odbc.allow_persistent = On - -; Check that a connection is still valid before reuse. -; http://php.net/odbc.check-persistent -odbc.check_persistent = On - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/odbc.max-persistent -odbc.max_persistent = -1 - -; Maximum number of links (persistent + non-persistent). -1 means no limit. -; http://php.net/odbc.max-links -odbc.max_links = -1 - -; Handling of LONG fields. Returns number of bytes to variables. 0 means -; passthru. -; http://php.net/odbc.defaultlrl -odbc.defaultlrl = 4096 - -; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. -; See the documentation on odbc_binmode and odbc_longreadlen for an explanation -; of odbc.defaultlrl and odbc.defaultbinmode -; http://php.net/odbc.defaultbinmode -odbc.defaultbinmode = 1 - -;birdstep.max_links = -1 - -[Interbase] -; Allow or prevent persistent links. -ibase.allow_persistent = 1 - -; Maximum number of persistent links. -1 means no limit. -ibase.max_persistent = -1 - -; Maximum number of links (persistent + non-persistent). -1 means no limit. -ibase.max_links = -1 - -; Default database name for ibase_connect(). -;ibase.default_db = - -; Default username for ibase_connect(). -;ibase.default_user = - -; Default password for ibase_connect(). -;ibase.default_password = - -; Default charset for ibase_connect(). -;ibase.default_charset = - -; Default timestamp format. -ibase.timestampformat = "%Y-%m-%d %H:%M:%S" - -; Default date format. -ibase.dateformat = "%Y-%m-%d" - -; Default time format. -ibase.timeformat = "%H:%M:%S" - -[MySQLi] - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/mysqli.max-persistent -mysqli.max_persistent = -1 - -; Allow accessing, from PHP's perspective, local files with LOAD DATA statements -; http://php.net/mysqli.allow_local_infile -;mysqli.allow_local_infile = On - -; Allow or prevent persistent links. -; http://php.net/mysqli.allow-persistent -mysqli.allow_persistent = On - -; Maximum number of links. -1 means no limit. -; http://php.net/mysqli.max-links -mysqli.max_links = -1 - -; If mysqlnd is used: Number of cache slots for the internal result set cache -; http://php.net/mysqli.cache_size -mysqli.cache_size = 2000 - -; Default port number for mysqli_connect(). If unset, mysqli_connect() will use -; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the -; compile-time value defined MYSQL_PORT (in that order). Win32 will only look -; at MYSQL_PORT. -; http://php.net/mysqli.default-port -mysqli.default_port = 3306 - -; Default socket name for local MySQL connects. If empty, uses the built-in -; MySQL defaults. -; http://php.net/mysqli.default-socket -mysqli.default_socket = - -; Default host for mysql_connect() (doesn't apply in safe mode). -; http://php.net/mysqli.default-host -mysqli.default_host = - -; Default user for mysql_connect() (doesn't apply in safe mode). -; http://php.net/mysqli.default-user -mysqli.default_user = - -; Default password for mysqli_connect() (doesn't apply in safe mode). -; Note that this is generally a *bad* idea to store passwords in this file. -; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") -; and reveal this password! And of course, any users with read access to this -; file will be able to reveal the password as well. -; http://php.net/mysqli.default-pw -mysqli.default_pw = - -; Allow or prevent reconnect -mysqli.reconnect = Off - -[mysqlnd] -; Enable / Disable collection of general statistics by mysqlnd which can be -; used to tune and monitor MySQL operations. -; http://php.net/mysqlnd.collect_statistics -mysqlnd.collect_statistics = On - -; Enable / Disable collection of memory usage statistics by mysqlnd which can be -; used to tune and monitor MySQL operations. -; http://php.net/mysqlnd.collect_memory_statistics -mysqlnd.collect_memory_statistics = Off - -; Records communication from all extensions using mysqlnd to the specified log -; file. -; http://php.net/mysqlnd.debug -;mysqlnd.debug = - -; Defines which queries will be logged. -; http://php.net/mysqlnd.log_mask -;mysqlnd.log_mask = 0 - -; Default size of the mysqlnd memory pool, which is used by result sets. -; http://php.net/mysqlnd.mempool_default_size -;mysqlnd.mempool_default_size = 16000 - -; Size of a pre-allocated buffer used when sending commands to MySQL in bytes. -; http://php.net/mysqlnd.net_cmd_buffer_size -;mysqlnd.net_cmd_buffer_size = 2048 - -; Size of a pre-allocated buffer used for reading data sent by the server in -; bytes. -; http://php.net/mysqlnd.net_read_buffer_size -;mysqlnd.net_read_buffer_size = 32768 - -; Timeout for network requests in seconds. -; http://php.net/mysqlnd.net_read_timeout -;mysqlnd.net_read_timeout = 31536000 - -; SHA-256 Authentication Plugin related. File with the MySQL server public RSA -; key. -; http://php.net/mysqlnd.sha256_server_public_key -;mysqlnd.sha256_server_public_key = - -[OCI8] - -; Connection: Enables privileged connections using external -; credentials (OCI_SYSOPER, OCI_SYSDBA) -; http://php.net/oci8.privileged-connect -;oci8.privileged_connect = Off - -; Connection: The maximum number of persistent OCI8 connections per -; process. Using -1 means no limit. -; http://php.net/oci8.max-persistent -;oci8.max_persistent = -1 - -; Connection: The maximum number of seconds a process is allowed to -; maintain an idle persistent connection. Using -1 means idle -; persistent connections will be maintained forever. -; http://php.net/oci8.persistent-timeout -;oci8.persistent_timeout = -1 - -; Connection: The number of seconds that must pass before issuing a -; ping during oci_pconnect() to check the connection validity. When -; set to 0, each oci_pconnect() will cause a ping. Using -1 disables -; pings completely. -; http://php.net/oci8.ping-interval -;oci8.ping_interval = 60 - -; Connection: Set this to a user chosen connection class to be used -; for all pooled server requests with Oracle 11g Database Resident -; Connection Pooling (DRCP). To use DRCP, this value should be set to -; the same string for all web servers running the same application, -; the database pool must be configured, and the connection string must -; specify to use a pooled server. -;oci8.connection_class = - -; High Availability: Using On lets PHP receive Fast Application -; Notification (FAN) events generated when a database node fails. The -; database must also be configured to post FAN events. -;oci8.events = Off - -; Tuning: This option enables statement caching, and specifies how -; many statements to cache. Using 0 disables statement caching. -; http://php.net/oci8.statement-cache-size -;oci8.statement_cache_size = 20 - -; Tuning: Enables statement prefetching and sets the default number of -; rows that will be fetched automatically after statement execution. -; http://php.net/oci8.default-prefetch -;oci8.default_prefetch = 100 - -; Compatibility. Using On means oci_close() will not close -; oci_connect() and oci_new_connect() connections. -; http://php.net/oci8.old-oci-close-semantics -;oci8.old_oci_close_semantics = Off - -[PostgreSQL] -; Allow or prevent persistent links. -; http://php.net/pgsql.allow-persistent -pgsql.allow_persistent = On - -; Detect broken persistent links always with pg_pconnect(). -; Auto reset feature requires a little overheads. -; http://php.net/pgsql.auto-reset-persistent -pgsql.auto_reset_persistent = Off - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/pgsql.max-persistent -pgsql.max_persistent = -1 - -; Maximum number of links (persistent+non persistent). -1 means no limit. -; http://php.net/pgsql.max-links -pgsql.max_links = -1 - -; Ignore PostgreSQL backends Notice message or not. -; Notice message logging require a little overheads. -; http://php.net/pgsql.ignore-notice -pgsql.ignore_notice = 0 - -; Log PostgreSQL backends Notice message or not. -; Unless pgsql.ignore_notice=0, module cannot log notice message. -; http://php.net/pgsql.log-notice -pgsql.log_notice = 0 - -[bcmath] -; Number of decimal digits for all bcmath functions. -; http://php.net/bcmath.scale -bcmath.scale = 0 - -[browscap] -; http://php.net/browscap -;browscap = extra/browscap.ini - -[Session] -; Handler used to store/retrieve data. -; http://php.net/session.save-handler -session.save_handler = files - -; Argument passed to save_handler. In the case of files, this is the path -; where data files are stored. Note: Windows users have to change this -; variable in order to use PHP's session functions. -; -; The path can be defined as: -; -; session.save_path = "N;/path" -; -; where N is an integer. Instead of storing all the session files in -; /path, what this will do is use subdirectories N-levels deep, and -; store the session data in those directories. This is useful if -; your OS has problems with many files in one directory, and is -; a more efficient layout for servers that handle many sessions. -; -; NOTE 1: PHP will not create this directory structure automatically. -; You can use the script in the ext/session dir for that purpose. -; NOTE 2: See the section on garbage collection below if you choose to -; use subdirectories for session storage -; -; The file storage module creates files using mode 600 by default. -; You can change that by using -; -; session.save_path = "N;MODE;/path" -; -; where MODE is the octal representation of the mode. Note that this -; does not overwrite the process's umask. -; http://php.net/session.save-path -;session.save_path = "/tmp" - -; Whether to use strict session mode. -; Strict session mode does not accept uninitialized session ID and regenerate -; session ID if browser sends uninitialized session ID. Strict mode protects -; applications from session fixation via session adoption vulnerability. It is -; disabled by default for maximum compatibility, but enabling it is encouraged. -; https://wiki.php.net/rfc/strict_sessions -session.use_strict_mode = 0 - -; Whether to use cookies. -; http://php.net/session.use-cookies -session.use_cookies = 1 - -; http://php.net/session.cookie-secure -;session.cookie_secure = - -; This option forces PHP to fetch and use a cookie for storing and maintaining -; the session id. We encourage this operation as it's very helpful in combating -; session hijacking when not specifying and managing your own session id. It is -; not the be-all and end-all of session hijacking defense, but it's a good start. -; http://php.net/session.use-only-cookies -session.use_only_cookies = 1 - -; Name of the session (used as cookie name). -; http://php.net/session.name -session.name = PHPSESSID - -; Initialize session on request startup. -; http://php.net/session.auto-start -session.auto_start = 0 - -; Lifetime in seconds of cookie or, if 0, until browser is restarted. -; http://php.net/session.cookie-lifetime -session.cookie_lifetime = 0 - -; The path for which the cookie is valid. -; http://php.net/session.cookie-path -session.cookie_path = / - -; The domain for which the cookie is valid. -; http://php.net/session.cookie-domain -session.cookie_domain = - -; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript. -; http://php.net/session.cookie-httponly -session.cookie_httponly = - -; Handler used to serialize data. php is the standard serializer of PHP. -; http://php.net/session.serialize-handler -session.serialize_handler = php - -; Defines the probability that the 'garbage collection' process is started -; on every session initialization. The probability is calculated by using -; gc_probability/gc_divisor. Where session.gc_probability is the numerator -; and gc_divisor is the denominator in the equation. Setting this value to 1 -; when the session.gc_divisor value is 100 will give you approximately a 1% chance -; the gc will run on any give request. -; Default Value: 1 -; Development Value: 1 -; Production Value: 1 -; http://php.net/session.gc-probability -session.gc_probability = 1 - -; Defines the probability that the 'garbage collection' process is started on every -; session initialization. The probability is calculated by using the following equation: -; gc_probability/gc_divisor. Where session.gc_probability is the numerator and -; session.gc_divisor is the denominator in the equation. Setting this value to 1 -; when the session.gc_divisor value is 100 will give you approximately a 1% chance -; the gc will run on any give request. Increasing this value to 1000 will give you -; a 0.1% chance the gc will run on any give request. For high volume production servers, -; this is a more efficient approach. -; Default Value: 100 -; Development Value: 1000 -; Production Value: 1000 -; http://php.net/session.gc-divisor -session.gc_divisor = 1000 - -; After this number of seconds, stored data will be seen as 'garbage' and -; cleaned up by the garbage collection process. -; http://php.net/session.gc-maxlifetime -session.gc_maxlifetime = 1440 - -; NOTE: If you are using the subdirectory option for storing session files -; (see session.save_path above), then garbage collection does *not* -; happen automatically. You will need to do your own garbage -; collection through a shell script, cron entry, or some other method. -; For example, the following script would is the equivalent of -; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): -; find /path/to/sessions -cmin +24 -type f | xargs rm - -; Check HTTP Referer to invalidate externally stored URLs containing ids. -; HTTP_REFERER has to contain this substring for the session to be -; considered as valid. -; http://php.net/session.referer-check -session.referer_check = - -; Set to {nocache,private,public,} to determine HTTP caching aspects -; or leave this empty to avoid sending anti-caching headers. -; http://php.net/session.cache-limiter -session.cache_limiter = nocache - -; Document expires after n minutes. -; http://php.net/session.cache-expire -session.cache_expire = 180 - -; trans sid support is disabled by default. -; Use of trans sid may risk your users' security. -; Use this option with caution. -; - User may send URL contains active session ID -; to other person via. email/irc/etc. -; - URL that contains active session ID may be stored -; in publicly accessible computer. -; - User may access your site with the same session ID -; always using URL stored in browser's history or bookmarks. -; http://php.net/session.use-trans-sid -session.use_trans_sid = 0 - -; Set session ID character length. This value could be between 22 to 256. -; Shorter length than default is supported only for compatibility reason. -; Users should use 32 or more chars. -; http://php.net/session.sid-length -; Default Value: 32 -; Development Value: 26 -; Production Value: 26 -session.sid_length = 26 - -; The URL rewriter will look for URLs in a defined set of HTML tags. -; is special; if you include them here, the rewriter will -; add a hidden field with the info which is otherwise appended -; to URLs. tag's action attribute URL will not be modified -; unless it is specified. -; Note that all valid entries require a "=", even if no value follows. -; Default Value: "a=href,area=href,frame=src,form=" -; Development Value: "a=href,area=href,frame=src,form=" -; Production Value: "a=href,area=href,frame=src,form=" -; http://php.net/url-rewriter.tags -session.trans_sid_tags = "a=href,area=href,frame=src,form=" - -; URL rewriter does not rewrite absolute URLs by default. -; To enable rewrites for absolute pathes, target hosts must be specified -; at RUNTIME. i.e. use ini_set() -; tags is special. PHP will check action attribute's URL regardless -; of session.trans_sid_tags setting. -; If no host is defined, HTTP_HOST will be used for allowed host. -; Example value: php.net,www.php.net,wiki.php.net -; Use "," for multiple hosts. No spaces are allowed. -; Default Value: "" -; Development Value: "" -; Production Value: "" -;session.trans_sid_hosts="" - -; Define how many bits are stored in each character when converting -; the binary hash data to something readable. -; Possible values: -; 4 (4 bits: 0-9, a-f) -; 5 (5 bits: 0-9, a-v) -; 6 (6 bits: 0-9, a-z, A-Z, "-", ",") -; Default Value: 4 -; Development Value: 5 -; Production Value: 5 -; http://php.net/session.hash-bits-per-character -session.sid_bits_per_character = 5 - -; Enable upload progress tracking in $_SESSION -; Default Value: On -; Development Value: On -; Production Value: On -; http://php.net/session.upload-progress.enabled -;session.upload_progress.enabled = On - -; Cleanup the progress information as soon as all POST data has been read -; (i.e. upload completed). -; Default Value: On -; Development Value: On -; Production Value: On -; http://php.net/session.upload-progress.cleanup -;session.upload_progress.cleanup = On - -; A prefix used for the upload progress key in $_SESSION -; Default Value: "upload_progress_" -; Development Value: "upload_progress_" -; Production Value: "upload_progress_" -; http://php.net/session.upload-progress.prefix -;session.upload_progress.prefix = "upload_progress_" - -; The index name (concatenated with the prefix) in $_SESSION -; containing the upload progress information -; Default Value: "PHP_SESSION_UPLOAD_PROGRESS" -; Development Value: "PHP_SESSION_UPLOAD_PROGRESS" -; Production Value: "PHP_SESSION_UPLOAD_PROGRESS" -; http://php.net/session.upload-progress.name -;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS" - -; How frequently the upload progress should be updated. -; Given either in percentages (per-file), or in bytes -; Default Value: "1%" -; Development Value: "1%" -; Production Value: "1%" -; http://php.net/session.upload-progress.freq -;session.upload_progress.freq = "1%" - -; The minimum delay between updates, in seconds -; Default Value: 1 -; Development Value: 1 -; Production Value: 1 -; http://php.net/session.upload-progress.min-freq -;session.upload_progress.min_freq = "1" - -; Only write session data when session data is changed. Enabled by default. -; http://php.net/session.lazy-write -;session.lazy_write = On - -[Assertion] -; Switch whether to compile assertions at all (to have no overhead at run-time) -; -1: Do not compile at all -; 0: Jump over assertion at run-time -; 1: Execute assertions -; Changing from or to a negative value is only possible in php.ini! (For turning assertions on and off at run-time, see assert.active, when zend.assertions = 1) -; Default Value: 1 -; Development Value: 1 -; Production Value: -1 -; http://php.net/zend.assertions -zend.assertions = -1 - -; Assert(expr); active by default. -; http://php.net/assert.active -;assert.active = On - -; Throw an AssertationException on failed assertions -; http://php.net/assert.exception -;assert.exception = On - -; Issue a PHP warning for each failed assertion. (Overridden by assert.exception if active) -; http://php.net/assert.warning -;assert.warning = On - -; Don't bail out by default. -; http://php.net/assert.bail -;assert.bail = Off - -; User-function to be called if an assertion fails. -; http://php.net/assert.callback -;assert.callback = 0 - -; Eval the expression with current error_reporting(). Set to true if you want -; error_reporting(0) around the eval(). -; http://php.net/assert.quiet-eval -;assert.quiet_eval = 0 - -[COM] -; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs -; http://php.net/com.typelib-file -;com.typelib_file = - -; allow Distributed-COM calls -; http://php.net/com.allow-dcom -;com.allow_dcom = true - -; autoregister constants of a components typlib on com_load() -; http://php.net/com.autoregister-typelib -;com.autoregister_typelib = true - -; register constants casesensitive -; http://php.net/com.autoregister-casesensitive -;com.autoregister_casesensitive = false - -; show warnings on duplicate constant registrations -; http://php.net/com.autoregister-verbose -;com.autoregister_verbose = true - -; The default character set code-page to use when passing strings to and from COM objects. -; Default: system ANSI code page -;com.code_page= - -[mbstring] -; language for internal character representation. -; This affects mb_send_mail() and mbstring.detect_order. -; http://php.net/mbstring.language -;mbstring.language = Japanese - -; Use of this INI entry is deprecated, use global internal_encoding instead. -; internal/script encoding. -; Some encoding cannot work as internal encoding. (e.g. SJIS, BIG5, ISO-2022-*) -; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. -; The precedence is: default_charset < internal_encoding < iconv.internal_encoding -;mbstring.internal_encoding = - -; Use of this INI entry is deprecated, use global input_encoding instead. -; http input encoding. -; mbstring.encoding_traslation = On is needed to use this setting. -; If empty, default_charset or input_encoding or mbstring.input is used. -; The precedence is: default_charset < intput_encoding < mbsting.http_input -; http://php.net/mbstring.http-input -;mbstring.http_input = - -; Use of this INI entry is deprecated, use global output_encoding instead. -; http output encoding. -; mb_output_handler must be registered as output buffer to function. -; If empty, default_charset or output_encoding or mbstring.http_output is used. -; The precedence is: default_charset < output_encoding < mbstring.http_output -; To use an output encoding conversion, mbstring's output handler must be set -; otherwise output encoding conversion cannot be performed. -; http://php.net/mbstring.http-output -;mbstring.http_output = - -; enable automatic encoding translation according to -; mbstring.internal_encoding setting. Input chars are -; converted to internal encoding by setting this to On. -; Note: Do _not_ use automatic encoding translation for -; portable libs/applications. -; http://php.net/mbstring.encoding-translation -;mbstring.encoding_translation = Off - -; automatic encoding detection order. -; "auto" detect order is changed according to mbstring.language -; http://php.net/mbstring.detect-order -;mbstring.detect_order = auto - -; substitute_character used when character cannot be converted -; one from another -; http://php.net/mbstring.substitute-character -;mbstring.substitute_character = none - -; overload(replace) single byte functions by mbstring functions. -; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(), -; etc. Possible values are 0,1,2,4 or combination of them. -; For example, 7 for overload everything. -; 0: No overload -; 1: Overload mail() function -; 2: Overload str*() functions -; 4: Overload ereg*() functions -; http://php.net/mbstring.func-overload -;mbstring.func_overload = 0 - -; enable strict encoding detection. -; Default: Off -;mbstring.strict_detection = On - -; This directive specifies the regex pattern of content types for which mb_output_handler() -; is activated. -; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml) -;mbstring.http_output_conv_mimetype= - -[gd] -; Tell the jpeg decode to ignore warnings and try to create -; a gd image. The warning will then be displayed as notices -; disabled by default -; http://php.net/gd.jpeg-ignore-warning -;gd.jpeg_ignore_warning = 1 - -[exif] -; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. -; With mbstring support this will automatically be converted into the encoding -; given by corresponding encode setting. When empty mbstring.internal_encoding -; is used. For the decode settings you can distinguish between motorola and -; intel byte order. A decode setting cannot be empty. -; http://php.net/exif.encode-unicode -;exif.encode_unicode = ISO-8859-15 - -; http://php.net/exif.decode-unicode-motorola -;exif.decode_unicode_motorola = UCS-2BE - -; http://php.net/exif.decode-unicode-intel -;exif.decode_unicode_intel = UCS-2LE - -; http://php.net/exif.encode-jis -;exif.encode_jis = - -; http://php.net/exif.decode-jis-motorola -;exif.decode_jis_motorola = JIS - -; http://php.net/exif.decode-jis-intel -;exif.decode_jis_intel = JIS - -[Tidy] -; The path to a default tidy configuration file to use when using tidy -; http://php.net/tidy.default-config -;tidy.default_config = /usr/local/lib/php/default.tcfg - -; Should tidy clean and repair output automatically? -; WARNING: Do not use this option if you are generating non-html content -; such as dynamic images -; http://php.net/tidy.clean-output -tidy.clean_output = Off - -[soap] -; Enables or disables WSDL caching feature. -; http://php.net/soap.wsdl-cache-enabled -soap.wsdl_cache_enabled=1 - -; Sets the directory name where SOAP extension will put cache files. -; http://php.net/soap.wsdl-cache-dir -soap.wsdl_cache_dir="/tmp" - -; (time to live) Sets the number of second while cached file will be used -; instead of original one. -; http://php.net/soap.wsdl-cache-ttl -soap.wsdl_cache_ttl=86400 - -; Sets the size of the cache limit. (Max. number of WSDL files to cache) -soap.wsdl_cache_limit = 5 - -[sysvshm] -; A default size of the shared memory segment -;sysvshm.init_mem = 10000 - -[ldap] -; Sets the maximum number of open links or -1 for unlimited. -ldap.max_links = -1 - -[dba] -;dba.default_handler= - -[opcache] -; Determines if Zend OPCache is enabled -;opcache.enable=1 - -; Determines if Zend OPCache is enabled for the CLI version of PHP -;opcache.enable_cli=0 - -; The OPcache shared memory storage size. -;opcache.memory_consumption=128 - -; The amount of memory for interned strings in Mbytes. -;opcache.interned_strings_buffer=8 - -; The maximum number of keys (scripts) in the OPcache hash table. -; Only numbers between 200 and 1000000 are allowed. -;opcache.max_accelerated_files=10000 - -; The maximum percentage of "wasted" memory until a restart is scheduled. -;opcache.max_wasted_percentage=5 - -; When this directive is enabled, the OPcache appends the current working -; directory to the script key, thus eliminating possible collisions between -; files with the same name (basename). Disabling the directive improves -; performance, but may break existing applications. -;opcache.use_cwd=1 - -; When disabled, you must reset the OPcache manually or restart the -; webserver for changes to the filesystem to take effect. -;opcache.validate_timestamps=1 - -; How often (in seconds) to check file timestamps for changes to the shared -; memory storage allocation. ("1" means validate once per second, but only -; once per request. "0" means always validate) -;opcache.revalidate_freq=2 - -; Enables or disables file search in include_path optimization -;opcache.revalidate_path=0 - -; If disabled, all PHPDoc comments are dropped from the code to reduce the -; size of the optimized code. -;opcache.save_comments=1 - -; Allow file existence override (file_exists, etc.) performance feature. -;opcache.enable_file_override=0 - -; A bitmask, where each bit enables or disables the appropriate OPcache -; passes -;opcache.optimization_level=0xffffffff - -;opcache.inherited_hack=1 -;opcache.dups_fix=0 - -; The location of the OPcache blacklist file (wildcards allowed). -; Each OPcache blacklist file is a text file that holds the names of files -; that should not be accelerated. The file format is to add each filename -; to a new line. The filename may be a full path or just a file prefix -; (i.e., /var/www/x blacklists all the files and directories in /var/www -; that start with 'x'). Line starting with a ; are ignored (comments). -;opcache.blacklist_filename= - -; Allows exclusion of large files from being cached. By default all files -; are cached. -;opcache.max_file_size=0 - -; Check the cache checksum each N requests. -; The default value of "0" means that the checks are disabled. -;opcache.consistency_checks=0 - -; How long to wait (in seconds) for a scheduled restart to begin if the cache -; is not being accessed. -;opcache.force_restart_timeout=180 - -; OPcache error_log file name. Empty string assumes "stderr". -;opcache.error_log= - -; All OPcache errors go to the Web server log. -; By default, only fatal errors (level 0) or errors (level 1) are logged. -; You can also enable warnings (level 2), info messages (level 3) or -; debug messages (level 4). -;opcache.log_verbosity_level=1 - -; Preferred Shared Memory back-end. Leave empty and let the system decide. -;opcache.preferred_memory_model= - -; Protect the shared memory from unexpected writing during script execution. -; Useful for internal debugging only. -;opcache.protect_memory=0 - -; Allows calling OPcache API functions only from PHP scripts which path is -; started from specified string. The default "" means no restriction -;opcache.restrict_api= - -; Mapping base of shared memory segments (for Windows only). All the PHP -; processes have to map shared memory into the same address space. This -; directive allows to manually fix the "Unable to reattach to base address" -; errors. -;opcache.mmap_base= - -; Enables and sets the second level cache directory. -; It should improve performance when SHM memory is full, at server restart or -; SHM reset. The default "" disables file based caching. -;opcache.file_cache= - -; Enables or disables opcode caching in shared memory. -;opcache.file_cache_only=0 - -; Enables or disables checksum validation when script loaded from file cache. -;opcache.file_cache_consistency_checks=1 - -; Implies opcache.file_cache_only=1 for a certain process that failed to -; reattach to the shared memory (for Windows only). Explicitly enabled file -; cache is required. -;opcache.file_cache_fallback=1 - -; Enables or disables copying of PHP code (text segment) into HUGE PAGES. -; This should improve performance, but requires appropriate OS configuration. -;opcache.huge_code_pages=1 - -; Validate cached file permissions. -;opcache.validate_permission=0 - -; Prevent name collisions in chroot'ed environment. -;opcache.validate_root=0 - -; If specified, it produces opcode dumps for debugging different stages of -; optimizations. -;opcache.opt_debug_level=0 - -[curl] -; A default value for the CURLOPT_CAINFO option. This is required to be an -; absolute path. -;curl.cainfo = - -[openssl] -; The location of a Certificate Authority (CA) file on the local filesystem -; to use when verifying the identity of SSL/TLS peers. Most users should -; not specify a value for this directive as PHP will attempt to use the -; OS-managed cert stores in its absence. If specified, this value may still -; be overridden on a per-stream basis via the "cafile" SSL stream context -; option. -;openssl.cafile= - -; If openssl.cafile is not specified or if the CA file is not found, the -; directory pointed to by openssl.capath is searched for a suitable -; certificate. This value must be a correctly hashed certificate directory. -; Most users should not specify a value for this directive as PHP will -; attempt to use the OS-managed cert stores in its absence. If specified, -; this value may still be overridden on a per-stream basis via the "capath" -; SSL stream context option. -;openssl.capath= - -; Local Variables: -; tab-width: 4 -; End: diff --git a/jails/config/web-scvcc-rental/pkg-list-details-old.txt b/jails/config/web-scvcc-rental/pkg-list-details-old.txt deleted file mode 100644 index 79fe5b9..0000000 --- a/jails/config/web-scvcc-rental/pkg-list-details-old.txt +++ /dev/null @@ -1,8 +0,0 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____php81-8.1.12 -pkgp-freebsd-pkg____php81-mysqli-8.1.12 -pkgp-freebsd-pkg____php81-session-8.1.12 -pkgp-freebsd-pkg____pkg-1.18.4 diff --git a/jails/config/web-scvcc-rental/pkg-list-details.txt b/jails/config/web-scvcc-rental/pkg-list-details.txt deleted file mode 100644 index 87bcd3f..0000000 --- a/jails/config/web-scvcc-rental/pkg-list-details.txt +++ /dev/null @@ -1,8 +0,0 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____php81-8.1.13 -pkgp-freebsd-pkg____php81-mysqli-8.1.13 -pkgp-freebsd-pkg____php81-session-8.1.13 -pkgp-freebsd-pkg____pkg-1.18.4 diff --git a/jails/config/web-scvcc-rental/pkg-list-old.txt b/jails/config/web-scvcc-rental/pkg-list-old.txt deleted file mode 100644 index 943fd00..0000000 --- a/jails/config/web-scvcc-rental/pkg-list-old.txt +++ /dev/null @@ -1 +0,0 @@ -apache24 bash bash-completion nano php81 php81-mysqli php81-session pkg diff --git a/jails/config/web-scvcc-rental/pkg-list.txt b/jails/config/web-scvcc-rental/pkg-list.txt deleted file mode 100644 index 943fd00..0000000 --- a/jails/config/web-scvcc-rental/pkg-list.txt +++ /dev/null @@ -1 +0,0 @@ -apache24 bash bash-completion nano php81 php81-mysqli php81-session pkg diff --git a/jails/config/web-scvcc-rental/resolvconf.conf b/jails/config/web-scvcc-rental/resolvconf.conf deleted file mode 100644 index 81e67dd..0000000 --- a/jails/config/web-scvcc-rental/resolvconf.conf +++ /dev/null @@ -1,2 +0,0 @@ -export search_domains="scvcc-rental.com ahlawat.com" -export name_servers="192.168.0.5 fd01::5" diff --git a/jails/config/web-scvcc-rental/www.conf b/jails/config/web-scvcc-rental/www.conf deleted file mode 100644 index 92ff8ff..0000000 --- a/jails/config/web-scvcc-rental/www.conf +++ /dev/null @@ -1,423 +0,0 @@ -; Start a new pool named 'www'. -; the variable $pool can be used in any directive and will be replaced by the -; pool name ('www' here) -[www] - -; Per pool prefix -; It only applies on the following directives: -; - 'access.log' -; - 'slowlog' -; - 'listen' (unixsocket) -; - 'chroot' -; - 'chdir' -; - 'php_values' -; - 'php_admin_values' -; When not set, the global prefix (or /usr/local) applies instead. -; Note: This directive can also be relative to the global prefix. -; Default Value: none -;prefix = /path/to/pools/$pool - -; Unix user/group of processes -; Note: The user is mandatory. If the group is not set, the default user's group -; will be used. -user = www -group = www - -; The address on which to accept FastCGI requests. -; Valid syntaxes are: -; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on -; a specific port; -; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on -; a specific port; -; 'port' - to listen on a TCP socket to all addresses -; (IPv6 and IPv4-mapped) on a specific port; -; '/path/to/unix/socket' - to listen on a unix socket. -; Note: This value is mandatory. -listen = 127.0.0.1:9000 - -; Set listen(2) backlog. -; Default Value: 511 (-1 on FreeBSD and OpenBSD) -;listen.backlog = 511 - -; Set permissions for unix socket, if one is used. In Linux, read/write -; permissions must be set in order to allow connections from a web server. Many -; BSD-derived systems allow connections regardless of permissions. -; Default Values: user and group are set as the running user -; mode is set to 0660 -;listen.owner = www -;listen.group = www -;listen.mode = 0660 -; When POSIX Access Control Lists are supported you can set them using -; these options, value is a comma separated list of user/group names. -; When set, listen.owner and listen.group are ignored -;listen.acl_users = -;listen.acl_groups = - -; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. -; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original -; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address -; must be separated by a comma. If this value is left blank, connections will be -; accepted from any ip address. -; Default Value: any -;listen.allowed_clients = 127.0.0.1 - -; Specify the nice(2) priority to apply to the pool processes (only if set) -; The value can vary from -19 (highest priority) to 20 (lower priority) -; Note: - It will only work if the FPM master process is launched as root -; - The pool processes will inherit the master process priority -; unless it specified otherwise -; Default Value: no set -; process.priority = -19 - -; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user -; or group is differrent than the master process user. It allows to create process -; core dump and ptrace the process for the pool user. -; Default Value: no -; process.dumpable = yes - -; Choose how the process manager will control the number of child processes. -; Possible Values: -; static - a fixed number (pm.max_children) of child processes; -; dynamic - the number of child processes are set dynamically based on the -; following directives. With this process management, there will be -; always at least 1 children. -; pm.max_children - the maximum number of children that can -; be alive at the same time. -; pm.start_servers - the number of children created on startup. -; pm.min_spare_servers - the minimum number of children in 'idle' -; state (waiting to process). If the number -; of 'idle' processes is less than this -; number then some children will be created. -; pm.max_spare_servers - the maximum number of children in 'idle' -; state (waiting to process). If the number -; of 'idle' processes is greater than this -; number then some children will be killed. -; ondemand - no children are created at startup. Children will be forked when -; new requests will connect. The following parameter are used: -; pm.max_children - the maximum number of children that -; can be alive at the same time. -; pm.process_idle_timeout - The number of seconds after which -; an idle process will be killed. -; Note: This value is mandatory. -pm = dynamic - -; The number of child processes to be created when pm is set to 'static' and the -; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. -; This value sets the limit on the number of simultaneous requests that will be -; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. -; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP -; CGI. The below defaults are based on a server without much resources. Don't -; forget to tweak pm.* to fit your needs. -; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' -; Note: This value is mandatory. -pm.max_children = 10 - -; The number of child processes created on startup. -; Note: Used only when pm is set to 'dynamic' -; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 -pm.start_servers = 2 - -; The desired minimum number of idle server processes. -; Note: Used only when pm is set to 'dynamic' -; Note: Mandatory when pm is set to 'dynamic' -pm.min_spare_servers = 1 - -; The desired maximum number of idle server processes. -; Note: Used only when pm is set to 'dynamic' -; Note: Mandatory when pm is set to 'dynamic' -pm.max_spare_servers = 3 - -; The number of seconds after which an idle process will be killed. -; Note: Used only when pm is set to 'ondemand' -; Default Value: 10s -;pm.process_idle_timeout = 10s; - -; The number of requests each child process should execute before respawning. -; This can be useful to work around memory leaks in 3rd party libraries. For -; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. -; Default Value: 0 -;pm.max_requests = 500 - -; The URI to view the FPM status page. If this value is not set, no URI will be -; recognized as a status page. It shows the following informations: -; pool - the name of the pool; -; process manager - static, dynamic or ondemand; -; start time - the date and time FPM has started; -; start since - number of seconds since FPM has started; -; accepted conn - the number of request accepted by the pool; -; listen queue - the number of request in the queue of pending -; connections (see backlog in listen(2)); -; max listen queue - the maximum number of requests in the queue -; of pending connections since FPM has started; -; listen queue len - the size of the socket queue of pending connections; -; idle processes - the number of idle processes; -; active processes - the number of active processes; -; total processes - the number of idle + active processes; -; max active processes - the maximum number of active processes since FPM -; has started; -; max children reached - number of times, the process limit has been reached, -; when pm tries to start more children (works only for -; pm 'dynamic' and 'ondemand'); -; Value are updated in real time. -; Example output: -; pool: www -; process manager: static -; start time: 01/Jul/2011:17:53:49 +0200 -; start since: 62636 -; accepted conn: 190460 -; listen queue: 0 -; max listen queue: 1 -; listen queue len: 42 -; idle processes: 4 -; active processes: 11 -; total processes: 15 -; max active processes: 12 -; max children reached: 0 -; -; By default the status page output is formatted as text/plain. Passing either -; 'html', 'xml' or 'json' in the query string will return the corresponding -; output syntax. Example: -; http://www.foo.bar/status -; http://www.foo.bar/status?json -; http://www.foo.bar/status?html -; http://www.foo.bar/status?xml -; -; By default the status page only outputs short status. Passing 'full' in the -; query string will also return status for each pool process. -; Example: -; http://www.foo.bar/status?full -; http://www.foo.bar/status?json&full -; http://www.foo.bar/status?html&full -; http://www.foo.bar/status?xml&full -; The Full status returns for each process: -; pid - the PID of the process; -; state - the state of the process (Idle, Running, ...); -; start time - the date and time the process has started; -; start since - the number of seconds since the process has started; -; requests - the number of requests the process has served; -; request duration - the duration in µs of the requests; -; request method - the request method (GET, POST, ...); -; request URI - the request URI with the query string; -; content length - the content length of the request (only with POST); -; user - the user (PHP_AUTH_USER) (or '-' if not set); -; script - the main script called (or '-' if not set); -; last request cpu - the %cpu the last request consumed -; it's always 0 if the process is not in Idle state -; because CPU calculation is done when the request -; processing has terminated; -; last request memory - the max amount of memory the last request consumed -; it's always 0 if the process is not in Idle state -; because memory calculation is done when the request -; processing has terminated; -; If the process is in Idle state, then informations are related to the -; last request the process has served. Otherwise informations are related to -; the current request being served. -; Example output: -; ************************ -; pid: 31330 -; state: Running -; start time: 01/Jul/2011:17:53:49 +0200 -; start since: 63087 -; requests: 12808 -; request duration: 1250261 -; request method: GET -; request URI: /test_mem.php?N=10000 -; content length: 0 -; user: - -; script: /home/fat/web/docs/php/test_mem.php -; last request cpu: 0.00 -; last request memory: 0 -; -; Note: There is a real-time FPM status monitoring sample web page available -; It's available in: /usr/local/share/php/fpm/status.html -; -; Note: The value must start with a leading slash (/). The value can be -; anything, but it may not be a good idea to use the .php extension or it -; may conflict with a real PHP file. -; Default Value: not set -;pm.status_path = /status - -; The ping URI to call the monitoring page of FPM. If this value is not set, no -; URI will be recognized as a ping page. This could be used to test from outside -; that FPM is alive and responding, or to -; - create a graph of FPM availability (rrd or such); -; - remove a server from a group if it is not responding (load balancing); -; - trigger alerts for the operating team (24/7). -; Note: The value must start with a leading slash (/). The value can be -; anything, but it may not be a good idea to use the .php extension or it -; may conflict with a real PHP file. -; Default Value: not set -;ping.path = /ping - -; This directive may be used to customize the response of a ping request. The -; response is formatted as text/plain with a 200 response code. -; Default Value: pong -;ping.response = pong - -; The access log file -; Default: not set -;access.log = log/$pool.access.log - -; The access log format. -; The following syntax is allowed -; %%: the '%' character -; %C: %CPU used by the request -; it can accept the following format: -; - %{user}C for user CPU only -; - %{system}C for system CPU only -; - %{total}C for user + system CPU (default) -; %d: time taken to serve the request -; it can accept the following format: -; - %{seconds}d (default) -; - %{miliseconds}d -; - %{mili}d -; - %{microseconds}d -; - %{micro}d -; %e: an environment variable (same as $_ENV or $_SERVER) -; it must be associated with embraces to specify the name of the env -; variable. Some exemples: -; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e -; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e -; %f: script filename -; %l: content-length of the request (for POST request only) -; %m: request method -; %M: peak of memory allocated by PHP -; it can accept the following format: -; - %{bytes}M (default) -; - %{kilobytes}M -; - %{kilo}M -; - %{megabytes}M -; - %{mega}M -; %n: pool name -; %o: output header -; it must be associated with embraces to specify the name of the header: -; - %{Content-Type}o -; - %{X-Powered-By}o -; - %{Transfert-Encoding}o -; - .... -; %p: PID of the child that serviced the request -; %P: PID of the parent of the child that serviced the request -; %q: the query string -; %Q: the '?' character if query string exists -; %r: the request URI (without the query string, see %q and %Q) -; %R: remote IP address -; %s: status (response code) -; %t: server time the request was received -; it can accept a strftime(3) format: -; %d/%b/%Y:%H:%M:%S %z (default) -; The strftime(3) format must be encapsuled in a %{}t tag -; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t -; %T: time the log has been written (the request has finished) -; it can accept a strftime(3) format: -; %d/%b/%Y:%H:%M:%S %z (default) -; The strftime(3) format must be encapsuled in a %{}t tag -; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t -; %u: remote user -; -; Default: "%R - %u %t \"%m %r\" %s" -;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" - -; The log file for slow requests -; Default Value: not set -; Note: slowlog is mandatory if request_slowlog_timeout is set -;slowlog = log/$pool.log.slow - -; The timeout for serving a single request after which a PHP backtrace will be -; dumped to the 'slowlog' file. A value of '0s' means 'off'. -; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) -; Default Value: 0 -;request_slowlog_timeout = 0 - -; Depth of slow log stack trace. -; Default Value: 20 -;request_slowlog_trace_depth = 20 - -; The timeout for serving a single request after which the worker process will -; be killed. This option should be used when the 'max_execution_time' ini option -; does not stop script execution for some reason. A value of '0' means 'off'. -; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) -; Default Value: 0 -;request_terminate_timeout = 0 - -; Set open file descriptor rlimit. -; Default Value: system defined value -;rlimit_files = 1024 - -; Set max core size rlimit. -; Possible Values: 'unlimited' or an integer greater or equal to 0 -; Default Value: system defined value -;rlimit_core = 0 - -; Chroot to this directory at the start. This value must be defined as an -; absolute path. When this value is not set, chroot is not used. -; Note: you can prefix with '$prefix' to chroot to the pool prefix or one -; of its subdirectories. If the pool prefix is not set, the global prefix -; will be used instead. -; Note: chrooting is a great security feature and should be used whenever -; possible. However, all PHP paths will be relative to the chroot -; (error_log, sessions.save_path, ...). -; Default Value: not set -;chroot = - -; Chdir to this directory at the start. -; Note: relative path can be used. -; Default Value: current directory or / when chroot -;chdir = /var/www - -; Redirect worker stdout and stderr into main error log. If not set, stdout and -; stderr will be redirected to /dev/null according to FastCGI specs. -; Note: on highloaded environement, this can cause some delay in the page -; process time (several ms). -; Default Value: no -;catch_workers_output = yes - -; Clear environment in FPM workers -; Prevents arbitrary environment variables from reaching FPM worker processes -; by clearing the environment in workers before env vars specified in this -; pool configuration are added. -; Setting to "no" will make all environment variables available to PHP code -; via getenv(), $_ENV and $_SERVER. -; Default Value: yes -;clear_env = no - -; Limits the extensions of the main script FPM will allow to parse. This can -; prevent configuration mistakes on the web server side. You should only limit -; FPM to .php extensions to prevent malicious users to use other extensions to -; execute php code. -; Note: set an empty value to allow all extensions. -; Default Value: .php -;security.limit_extensions = .php .php3 .php4 .php5 .php7 - -; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from -; the current environment. -; Default Value: clean env -env[HOSTNAME] = $HOSTNAME -env[PATH] = /usr/local/bin:/usr/bin:/bin -env[TMP] = /tmp -env[TMPDIR] = /tmp -env[TEMP] = /tmp - -; Additional php.ini defines, specific to this pool of workers. These settings -; overwrite the values previously defined in the php.ini. The directives are the -; same as the PHP SAPI: -; php_value/php_flag - you can set classic ini defines which can -; be overwritten from PHP call 'ini_set'. -; php_admin_value/php_admin_flag - these directives won't be overwritten by -; PHP call 'ini_set' -; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. - -; Defining 'extension' will load the corresponding shared extension from -; extension_dir. Defining 'disable_functions' or 'disable_classes' will not -; overwrite previously defined php.ini values, but will append the new value -; instead. - -; Note: path INI options can be relative and will be expanded with the prefix -; (pool, global or /usr/local) - -; Default Value: nothing is defined by default except the values in php.ini and -; specified at startup with the -d argument -;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com -;php_flag[display_errors] = off -;php_admin_value[error_log] = /var/log/fpm-php.www.log -;php_admin_flag[log_errors] = on -;php_admin_value[memory_limit] = 32M diff --git a/jails/config/web/httpd.conf b/jails/config/web/httpd.conf index 1fd6ad9..c91c545 100644 --- a/jails/config/web/httpd.conf +++ b/jails/config/web/httpd.conf @@ -554,6 +554,14 @@ SSLRandomSeed connect builtin Include etc/apache24/Includes/*.conf +# https://ssl-config.mozilla.org/#server=apache&version=2.4.60&config=intermediate&openssl=3.1.0&guideline=5.7 + + + RewriteEngine On + RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/ + RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L] + + ServerName www.ahlawat.com ServerAlias *.ahlawat.com @@ -563,16 +571,20 @@ Include etc/apache24/Includes/*.conf DocumentRoot "/usr/local/www/apache24/data/" + # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) + Header always set Strict-Transport-Security "max-age=63072000" + SSLEngine on SSLCertificateFile "/mnt/certs/fullchain.pem" SSLCertificateKeyFile "/mnt/certs/privkey.pem" - #SSLCertificateChainFile "/mnt/certs/fullchain.pem" - SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - SSLHonorCipherOrder off - SSLSessionTickets off - SSLOptions +StrictRequire -# SSLCompression off +# SSLCertificateChainFile "/mnt/certs/fullchain.pem" + SSLCACertificateFile "/mnt/certs/cacert.pem" + + SSLProtocol -all +TLSv1.2 +TLSv1.3 + SSLOpenSSLConfCmd Curves X25519:prime256v1:secp384r1 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 + SSLHonorCipherOrder off + SSLSessionTickets off RewriteEngine On RewriteCond %{HTTP:Authorization} ^(.*) diff --git a/jails/config/web/pkg-list-details-old.txt b/jails/config/web/pkg-list-details-old.txt index ecf1c69..9a4b9dc 100644 --- a/jails/config/web/pkg-list-details-old.txt +++ b/jails/config/web/pkg-list-details-old.txt @@ -1,27 +1,27 @@ -pkgp123____apache24-2.4.54 -pkgp123____apr-1.7.0.1.6.1_2 -pkgp123____pkg-1.18.4 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____php81-8.1.12 -pkgp-freebsd-pkg____php81-bcmath-8.1.12 -pkgp-freebsd-pkg____php81-ctype-8.1.12 -pkgp-freebsd-pkg____php81-curl-8.1.12 -pkgp-freebsd-pkg____php81-dom-8.1.12 -pkgp-freebsd-pkg____php81-exif-8.1.12 -pkgp-freebsd-pkg____php81-fileinfo-8.1.12 -pkgp-freebsd-pkg____php81-filter-8.1.12 -pkgp-freebsd-pkg____php81-ftp-8.1.12 -pkgp-freebsd-pkg____php81-gd-8.1.12 -pkgp-freebsd-pkg____php81-iconv-8.1.12 -pkgp-freebsd-pkg____php81-ldap-8.1.12 -pkgp-freebsd-pkg____php81-mbstring-8.1.12 -pkgp-freebsd-pkg____php81-mysqli-8.1.12 -pkgp-freebsd-pkg____php81-session-8.1.12 -pkgp-freebsd-pkg____php81-sockets-8.1.12 -pkgp-freebsd-pkg____php81-sodium-8.1.12 -pkgp-freebsd-pkg____php81-tokenizer-8.1.12 -pkgp-freebsd-pkg____php81-xml-8.1.12 -pkgp-freebsd-pkg____php81-zip-8.1.12 -pkgp-freebsd-pkg____php81-zlib-8.1.12 +pkgp123____apache24-2.4.63 +pkgp123____apr-1.7.5.1.6.3_4 +pkgp123____pkg-2.1.2 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____php84-8.4.6 +pkgp-freebsd-pkg____php84-bcmath-8.4.6 +pkgp-freebsd-pkg____php84-ctype-8.4.6 +pkgp-freebsd-pkg____php84-curl-8.4.6 +pkgp-freebsd-pkg____php84-dom-8.4.6 +pkgp-freebsd-pkg____php84-exif-8.4.6 +pkgp-freebsd-pkg____php84-fileinfo-8.4.6 +pkgp-freebsd-pkg____php84-filter-8.4.6 +pkgp-freebsd-pkg____php84-ftp-8.4.6 +pkgp-freebsd-pkg____php84-gd-8.4.6 +pkgp-freebsd-pkg____php84-iconv-8.4.6 +pkgp-freebsd-pkg____php84-ldap-8.4.6 +pkgp-freebsd-pkg____php84-mbstring-8.4.6 +pkgp-freebsd-pkg____php84-mysqli-8.4.6 +pkgp-freebsd-pkg____php84-session-8.4.6 +pkgp-freebsd-pkg____php84-sockets-8.4.6 +pkgp-freebsd-pkg____php84-sodium-8.4.6 +pkgp-freebsd-pkg____php84-tokenizer-8.4.6 +pkgp-freebsd-pkg____php84-xml-8.4.6 +pkgp-freebsd-pkg____php84-zip-8.4.6 +pkgp-freebsd-pkg____php84-zlib-8.4.6 diff --git a/jails/config/web/pkg-list-details.txt b/jails/config/web/pkg-list-details.txt index 9c719c1..9a4b9dc 100644 --- a/jails/config/web/pkg-list-details.txt +++ b/jails/config/web/pkg-list-details.txt @@ -1,27 +1,27 @@ -pkgp123____apache24-2.4.54 -pkgp123____apr-1.7.0.1.6.1_2 -pkgp123____pkg-1.18.4 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____php81-8.1.13 -pkgp-freebsd-pkg____php81-bcmath-8.1.13 -pkgp-freebsd-pkg____php81-ctype-8.1.13 -pkgp-freebsd-pkg____php81-curl-8.1.13 -pkgp-freebsd-pkg____php81-dom-8.1.13 -pkgp-freebsd-pkg____php81-exif-8.1.13 -pkgp-freebsd-pkg____php81-fileinfo-8.1.13 -pkgp-freebsd-pkg____php81-filter-8.1.13 -pkgp-freebsd-pkg____php81-ftp-8.1.13 -pkgp-freebsd-pkg____php81-gd-8.1.13 -pkgp-freebsd-pkg____php81-iconv-8.1.13 -pkgp-freebsd-pkg____php81-ldap-8.1.13 -pkgp-freebsd-pkg____php81-mbstring-8.1.13 -pkgp-freebsd-pkg____php81-mysqli-8.1.13 -pkgp-freebsd-pkg____php81-session-8.1.13 -pkgp-freebsd-pkg____php81-sockets-8.1.13 -pkgp-freebsd-pkg____php81-sodium-8.1.13 -pkgp-freebsd-pkg____php81-tokenizer-8.1.13 -pkgp-freebsd-pkg____php81-xml-8.1.13 -pkgp-freebsd-pkg____php81-zip-8.1.13 -pkgp-freebsd-pkg____php81-zlib-8.1.13 +pkgp123____apache24-2.4.63 +pkgp123____apr-1.7.5.1.6.3_4 +pkgp123____pkg-2.1.2 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____php84-8.4.6 +pkgp-freebsd-pkg____php84-bcmath-8.4.6 +pkgp-freebsd-pkg____php84-ctype-8.4.6 +pkgp-freebsd-pkg____php84-curl-8.4.6 +pkgp-freebsd-pkg____php84-dom-8.4.6 +pkgp-freebsd-pkg____php84-exif-8.4.6 +pkgp-freebsd-pkg____php84-fileinfo-8.4.6 +pkgp-freebsd-pkg____php84-filter-8.4.6 +pkgp-freebsd-pkg____php84-ftp-8.4.6 +pkgp-freebsd-pkg____php84-gd-8.4.6 +pkgp-freebsd-pkg____php84-iconv-8.4.6 +pkgp-freebsd-pkg____php84-ldap-8.4.6 +pkgp-freebsd-pkg____php84-mbstring-8.4.6 +pkgp-freebsd-pkg____php84-mysqli-8.4.6 +pkgp-freebsd-pkg____php84-session-8.4.6 +pkgp-freebsd-pkg____php84-sockets-8.4.6 +pkgp-freebsd-pkg____php84-sodium-8.4.6 +pkgp-freebsd-pkg____php84-tokenizer-8.4.6 +pkgp-freebsd-pkg____php84-xml-8.4.6 +pkgp-freebsd-pkg____php84-zip-8.4.6 +pkgp-freebsd-pkg____php84-zlib-8.4.6 diff --git a/jails/config/web/pkg-list-old.txt b/jails/config/web/pkg-list-old.txt index c7413e7..1b2c3de 100644 --- a/jails/config/web/pkg-list-old.txt +++ b/jails/config/web/pkg-list-old.txt @@ -1 +1 @@ -apache24 apr bash bash-completion nano php81 php81-bcmath php81-ctype php81-curl php81-dom php81-exif php81-fileinfo php81-filter php81-ftp php81-gd php81-iconv php81-ldap php81-mbstring php81-mysqli php81-session php81-sockets php81-sodium php81-tokenizer php81-xml php81-zip php81-zlib pkg +apache24 apr bash bash-completion nano php84 php84-bcmath php84-ctype php84-curl php84-dom php84-exif php84-fileinfo php84-filter php84-ftp php84-gd php84-iconv php84-ldap php84-mbstring php84-mysqli php84-session php84-sockets php84-sodium php84-tokenizer php84-xml php84-zip php84-zlib pkg diff --git a/jails/config/web/pkg-list.txt b/jails/config/web/pkg-list.txt index c7413e7..1b2c3de 100644 --- a/jails/config/web/pkg-list.txt +++ b/jails/config/web/pkg-list.txt @@ -1 +1 @@ -apache24 apr bash bash-completion nano php81 php81-bcmath php81-ctype php81-curl php81-dom php81-exif php81-fileinfo php81-filter php81-ftp php81-gd php81-iconv php81-ldap php81-mbstring php81-mysqli php81-session php81-sockets php81-sodium php81-tokenizer php81-xml php81-zip php81-zlib pkg +apache24 apr bash bash-completion nano php84 php84-bcmath php84-ctype php84-curl php84-dom php84-exif php84-fileinfo php84-filter php84-ftp php84-gd php84-iconv php84-ldap php84-mbstring php84-mysqli php84-session php84-sockets php84-sodium php84-tokenizer php84-xml php84-zip php84-zlib pkg diff --git a/jails/config/web/pkgp.conf b/jails/config/web/pkgp.conf index 86e5a9a..ac09580 100644 --- a/jails/config/web/pkgp.conf +++ b/jails/config/web/pkgp.conf @@ -5,14 +5,12 @@ FreeBSD: { pkgp-freebsd-pkg: { url: "http://pkgp-freebsd-pkg.ahlawat.com/${ABI}/latest", - mirror_type: "http", enabled: yes, priority: 10 } pkgp123: { url: "http://pkgp.ahlawat.com/packages/pj123-default", - mirror_type: "http", signature_type: "pubkey", pubkey: "/mnt/certs/poudriere.cert", enabled: yes, diff --git a/jails/create.sh b/jails/create.sh index 764b410..6e9aef9 100755 --- a/jails/create.sh +++ b/jails/create.sh @@ -8,6 +8,8 @@ # # +SWREL="14.2-RELEASE" + JAIL=$1 JAILHOSTNAME=$2 JAILDOMAIN=$3 @@ -45,8 +47,8 @@ echo "Name:$JAIL / IP:$JAILIP / Hostname:$JAILHOSTNAME / Domain:$JAILDOMAIN / Us #rm /tmp/pkg-$JAIL.json if $I6CONFIG; then - iocage create -n "$JAIL" -r 12.3-RELEASE vnet=on ip4_addr="vnet0|$I4NW.$JAILIP/24" ip6_addr="vnet0|$I6NW::$JAILIP/64" defaultrouter=$I4GW defaultrouter6=$I6GW resolver="nameserver $I4NS;nameserver $I6NS;search $JAILDOMAIN" interfaces=vnet0:bridge1 allow_raw_sockets=1 exec_prestop="ifconfig epair0b -vnet ioc-$JAIL" boot=on host_hostname="$JAILHOSTNAME.$JAILDOMAIN" - # iocage create -n "$JAIL" -r 12.3-RELEASE vnet=on ip4_addr="vnet0|$I4NW.$JAILIP/24" ip6_addr="vnet0|$I6NW::$JAILIP/64,vnet0|accept_rtadv" defaultrouter=$I4GW defaultrouter6=$I6GW resolver="nameserver $I4NS;nameserver $I6NS;search $JAILDOMAIN" interfaces=vnet0:bridge1 allow_raw_sockets=1 exec_prestop="ifconfig epair0b -vnet ioc-$JAIL" boot=on host_hostname="$JAILHOSTNAME.$JAILDOMAIN" + iocage create -n "$JAIL" -r $SWREL vnet=on ip4_addr="vnet0|$I4NW.$JAILIP/24" ip6_addr="vnet0|$I6NW::$JAILIP/64" defaultrouter=$I4GW defaultrouter6=$I6GW resolver="nameserver $I4NS;nameserver $I6NS;search $JAILDOMAIN" interfaces=vnet0:bridge1 allow_raw_sockets=1 exec_prestop="ifconfig epair0b -vnet ioc-$JAIL" allow_mount_linprocfs=0 boot=on host_hostname="$JAILHOSTNAME.$JAILDOMAIN" + # iocage create -n "$JAIL" -r $SWREL vnet=on ip4_addr="vnet0|$I4NW.$JAILIP/24" ip6_addr="vnet0|$I6NW::$JAILIP/64,vnet0|accept_rtadv" defaultrouter=$I4GW defaultrouter6=$I6GW resolver="nameserver $I4NS;nameserver $I6NS;search $JAILDOMAIN" interfaces=vnet0:bridge1 allow_raw_sockets=1 exec_prestop="ifconfig epair0b -vnet ioc-$JAIL" boot=on host_hostname="$JAILHOSTNAME.$JAILDOMAIN" # iocage cannot set static IP AND enable SLAAC temporary properly iocage exec $JAIL 'sysrc ifconfig_epair0b_ipv6="inet6 auto_linklocal accept_rtadv"' iocage exec $JAIL "sysrc rtsold_enable=YES" @@ -54,7 +56,7 @@ if $I6CONFIG; then iocage exec $JAIL "echo 'net.inet6.ip6.use_tempaddr=1' >> /etc/sysctl.conf" iocage exec $JAIL "echo 'net.inet6.ip6.prefer_tempaddr=1' >> /etc/sysctl.conf" else - iocage create -n "$JAIL" -p /tmp/pkg-$JAIL.json -r 12.3-RELEASE vnet=on ip4_addr="vnet0|$I4NW.$JAILIP/24" defaultrouter=$I4GW resolver="nameserver $I4NS;search $JAILDOMAIN" interfaces=vnet0:bridge1 allow_raw_sockets=1 exec_prestop="ifconfig epair0b -vnet ioc-$JAIL" boot=on host_hostname="$JAILHOSTNAME.$JAILDOMAIN" + iocage create -n "$JAIL" -p /tmp/pkg-$JAIL.json -r $SWREL vnet=on ip4_addr="vnet0|$I4NW.$JAILIP/24" defaultrouter=$I4GW resolver="nameserver $I4NS;search $JAILDOMAIN" interfaces=vnet0:bridge1 allow_raw_sockets=1 exec_prestop="ifconfig epair0b -vnet ioc-$JAIL" boot=on host_hostname="$JAILHOSTNAME.$JAILDOMAIN" fi iocage exec $JAIL "sysrc firewall_enable=YES" @@ -112,6 +114,10 @@ iocage exec $JAIL "sysrc sshd_enable=YES" iocage exec $JAIL "/etc/rc.d/sshd start" iocage exec $JAIL "service sshd restart" +# reset MTA back to sendmail - dma does not seem to handle the relay to MX server properly +#iocage exec $JAIL "cp /usr/share/examples/sendmail/mailer.conf /etc/mail/mailer.conf; cd /etc/mail; make all install; /usr/bin/newaliases; service sendmail start; service sendmail restart" +iocage exec $JAIL "cp /usr/share/examples/sendmail/mailer.conf /etc/mail/mailer.conf" + iocage exec $JAIL "cd /etc/mail ; make" iocage exec $JAIL "bash /mnt/common/snip-sendmail.sh" iocage exec $JAIL "sysrc sendmail_enable=NO" diff --git a/jails/jails-restore-httpd.sh b/jails/jails-restore-httpd.sh deleted file mode 100755 index 5c334ce..0000000 --- a/jails/jails-restore-httpd.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/usr/local/bin/bash - -# Copyright (c) 2018-2022, diyIT.org -# All rights reserved. -# -# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") -# https://diyit.org/license/ -# -# - -echo "checking pkgp jail nginx instance is running" -iocage exec pkgp "service nginx status" - -#all_web_jails=(cloud hub nivi rachna rishabh sharad web web-diyit web-datavpc web-rockwood web-scvcc-rental ldap-mgr r-ldap-mgr monitor) -# fpm jails don't have mod_php installed -web_jails=(ldap-mgr r-ldap-mgr) - -for i in ${web_jails[@]}; -do - echo "" - echo "## checking $i JAIL configs after Apache and/or PHP updates ##" - iocage exec $i "diff /usr/local/etc/apache24/httpd.conf /mnt/config/httpd.conf" - iocage exec $i "diff /usr/local/etc/php.ini /mnt/config/php.ini" - if [[ "$i" != "ldap-mgr" && "$i" != "r-ldap-mgr" ]]; then - iocage exec $i "diff /usr/local/etc/php-fpm.d/www.conf /mnt/config/www.conf" - fi - echo "####" -done - -echo "" -echo "check in output above if php.ini or php-fpm also need to be restored" - -echo "" -read -p "Return/Enter to restore httpd.conf files, ctrl-c to abort? " RESP - -for i in ${web_jails[@]}; -do - echo "" - echo "restoring httpd.conf in web_jail $i after Apache update" - iocage exec $i "cp /mnt/config/httpd.conf /usr/local/etc/apache24/httpd.conf" - iocage exec $i "service apache24 restart" -done diff --git a/jails/jails-update-cert.sh b/jails/jails-update-cert.sh index a021779..b341ba0 100755 --- a/jails/jails-update-cert.sh +++ b/jails/jails-update-cert.sh @@ -1,6 +1,6 @@ #!/usr/local/bin/bash -# Copyright (c) 2018-2022, diyIT.org +# Copyright (c) 2018-2024, diyIT.org # All rights reserved. # # BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") @@ -8,16 +8,18 @@ # # -web_jails=(cloud hub nivi rachna rishabh sharad web web-diyit web-datavpc web-rockwood web-scvcc-rental ldap-mgr r-ldap-mgr monitor) +#web_jails=(cloud hub nivi rachna rishabh sharad web web-diyit web-rockwood ldap-mgr monitor) -for i in ${web_jails[@]}; -do - echo "restarting apache in web_jail $i after SSL update" - iocage exec $i "service apache24 restart" - # The majority of TLS/SSL servers require a full restart to re-load the certificates if the filename is unchanged. -done +#for i in ${web_jails[@]}; +#do +# echo "restarting apache in web_jail $i after SSL update" +# iocage exec $i "service apache24 restart" +# # The majority of TLS/SSL servers require a full restart to re-load the certificates if the filename is unchanged. +#done -ldap_jails=(ldap r-ldap) +./jails-update-httpd.sh + +ldap_jails=(ldap) for i in ${ldap_jails[@]}; do @@ -28,6 +30,9 @@ done echo "restarting haproxy in jail proxy after SSL update" iocage exec proxy "service haproxy reload" +echo "regenerate dane tlsa records after SSL update" +iocage exec dns "/data/dns_update_serial.sh" + echo "restarting nginx in jail pkgp after SSL update" iocage exec pkgp "service nginx restart" # The majority of TLS/SSL servers require a full restart to re-load the certificates if the filename is unchanged. @@ -38,17 +43,20 @@ iocage exec mail "service postfix start" iocage exec mail "service dovecot stop" iocage exec mail "service dovecot start" -echo "restarting ELK in jail elk after SSL update" -iocage exec elk "cp /mnt/certs/diy*.pem /usr/local/etc/elasticsearch/certs" -iocage exec elk "cp /mnt/certs/cacert.pem /usr/local/etc/elasticsearch/certs" +echo "restarting synapse in jail matrix after SSL update" +iocage exec matrix "service synapse restart" + +#echo "restarting ELK in jail monitor after SSL update" +iocage exec monitor "cp /mnt/certs/diy*.pem /usr/local/etc/elasticsearch/certs" +iocage exec monitor "cp /mnt/certs/cacert.pem /usr/local/etc/elasticsearch/certs" exit -iocage exec elk "service elasticsearch restart" -iocage exec elk "service kibana restart" +#iocage exec monitor "service elasticsearch restart" +#iocage exec monitor "service kibana restart" -#iocage exec elk "service logstash restart" -iocage exec elk 'ps axww | grep logstash | cut -f1 -d" " | xargs -n 1 kill -9 ' -iocage exec elk "/root/start_logstash.sh" +#iocage exec monitor "service logstash restart" +#iocage exec monitor 'ps axww | grep logstash | cut -f1 -d" " | xargs -n 1 kill -9 ' +#iocage exec monitor "/root/start_logstash.sh" -iocage exec elk "service heartbeat restart" +#iocage exec monitor "service heartbeat restart" diff --git a/jails/jails-update-pkgs.sh b/jails/jails-update-pkgs.sh index 7367338..037e5f5 100755 --- a/jails/jails-update-pkgs.sh +++ b/jails/jails-update-pkgs.sh @@ -1,6 +1,6 @@ #!/usr/local/bin/bash -# Copyright (c) 2018-2022, diyIT.org +# Copyright (c) 2018-2024, diyIT.org # All rights reserved. # # BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") @@ -24,8 +24,10 @@ else # iocage set securelevel=2 pkgp iocage exec pkgp "poudriere jail -i -j $pkg_jail" - portsnap auto - iocage exec pkgp "portsnap auto" +# portsnap auto +# iocage exec pkgp "portsnap auto" + #git clone https://git.FreeBSD.org/ports.git /usr/ports + cd /usr/ports; git pull iocage exec pkgp "poudriere ports -l" iocage exec pkgp "poudriere bulk -f /mnt/config/mypkgs -j $pkg_jail" @@ -41,7 +43,7 @@ read -p "Return/Enter to continue, ctrl-c to abort? " RESP for i in `jls -N | cut -d " " -f 2 | cut -d "-" -f 2- | grep -v JID | sort`; do echo "######## ## JAIL:::: $i ##" - if [[ $i == "pkgp" || $i == "debian" ]]; then + if [[ $i == "pkgp" || $i == "debian" || $i == "r-automated" || $i == "r-db" || $i == "r-git" ]]; then continue fi iocage exec $i "pkg query -e "%a==0" "%n" | sort -d | xargs | tee /mnt/config/pkg-list-old.txt" @@ -59,6 +61,13 @@ do # iocage exec $i "pkg upgrade -y -r $pkg_repo openldap24-client" # iocage exec $i "pkg lock -y openldap24-client" # fi + +# the other 3 pip jails have packages installed via pkg commands which also install the rc.d scripts +# if [[ $i == "auto" || $i == "book" || $i == "cam" || $i == "mage" || $i == "matrix" ]]; then + if [[ $i == "cam" ]]; then +# iocage exec $i "pip install --upgrade pip" - use py39-pip instead + iocage exec $i "cat /mnt/config/pip-list.txt | xargs -n1 pip install --upgrade " + fi iocage exec $i "pkg autoremove -y" iocage exec $i "pkg upgrade -y" iocage exec $i "pkg clean -ay" @@ -74,14 +83,18 @@ done cd /mnt/ship/book/calibre-web pwd git pull + # in the book jail run: + #pkg install py311-netifaces-plus + #cd /data/calibre-web + #pip install -r requirements.txt cd /mnt/ship/plex/PlexConnect pwd git pull - cd /mnt/ship/maps/networkmaps - pwd - git pull +# cd /mnt/ship/maps/networkmaps +# pwd +# git pull echo "NOTES:" echo "" @@ -91,6 +104,16 @@ echo "pkg autoremove -y" echo "pkg upgrade -y" echo "pkg clean -ay" echo "" + +echo "" +echo "update pkgp now:" +echo "iocage console pkgp" +echo "pkg update" +echo "pkg autoremove -y" +echo "pkg upgrade -y" +echo "pkg clean -ay" +echo "" + echo "# iocage stop ALL" echo "# iocage start ALL" echo "iocage restart -s ALL" @@ -101,4 +124,4 @@ echo "iocage exec cert \"cd /root/acme-dns;git pull\"" echo "iocage exec cert \"/root/.acme.sh/acme.sh --upgrade\"" echo "iocage exec cert \"/mnt/config/backup.sh\"" echo "" -echo "iocage exec hass \"/mnt/config/hass-upgrade.sh\"" +# echo "iocage exec hass \"/mnt/config/hass-upgrade.sh\" - deprecated, migrated to haos" diff --git a/jails/pkg-list-details-server.txt b/jails/pkg-list-details-server.txt index 012e4ec..a7cd432 100644 --- a/jails/pkg-list-details-server.txt +++ b/jails/pkg-list-details-server.txt @@ -1,30 +1,45 @@ -FreeBSD____bash-completion-2.11_1,2 -FreeBSD____grub2-bhyve-0.40_8 -FreeBSD____rpl-1.4.1 -FreeBSD____tftp-hpa-5.2_1 -FreeBSD____wireguard-2,1 -FreeBSD____xorriso-1.5.4 -FreeBSD____zfsnap-1.11.1_1 -FreeBSD____zfs-stats-1.3.1 -pkgp-freebsd-pkg____7-zip-21.07_2 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____debootstrap-1.0.128 -pkgp-freebsd-pkg____git-2.38.1_3 -pkgp-freebsd-pkg____grc-1.13 -pkgp-freebsd-pkg____htop-3.2.1 -pkgp-freebsd-pkg____i7z-0.27.4 -pkgp-freebsd-pkg____iperf3-3.12 -pkgp-freebsd-pkg____mc-4.8.28 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____node_exporter-1.3.1_6 -pkgp-freebsd-pkg____nut-2.8.0_13 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____powerdxx-0.4.4_1 -pkgp-freebsd-pkg____psearch-2.1.0 -pkgp-freebsd-pkg____py39-prometheus-client-0.15.0 -pkgp-freebsd-pkg____rsync-3.2.6 -pkgp-freebsd-pkg____smartmontools-7.3 -pkgp-freebsd-pkg____sudo-1.9.12p1 -pkgp-freebsd-pkg____tmux-3.3a -pkgp-freebsd-pkg____wget-1.21.3_1 -pkgp-freebsd-pkg____zsh-5.9_1 +FreeBSD____7-zip-24.09 +FreeBSD____bash-5.2.37 +FreeBSD____bash-completion-2.14.0,2 +FreeBSD____beadm-1.3.5_1 +FreeBSD____bhyve-firmware-1.0_2 +FreeBSD____ca_root_nss-3.108 +FreeBSD____cmdwatch-0.2.0_3 +FreeBSD____cpuid-3.3_7 +FreeBSD____debootstrap-1.0.128n2_3 +FreeBSD____dmidecode-3.6 +FreeBSD____git-2.49.0 +FreeBSD____grc-1.13_1 +FreeBSD____grub2-bhyve-0.40_11 +FreeBSD____htop-3.4.0 +FreeBSD____i7z-0.27.4_1 +FreeBSD____iftop-1.0.p4_1 +FreeBSD____intel-pcm-202405_1 +FreeBSD____iperf3-3.18 +FreeBSD____mc-4.8.32 +FreeBSD____nano-8.4 +FreeBSD____node_exporter-1.8.2_2 +FreeBSD____nut-2.8.2_1 +FreeBSD____openseachest-23.12_2 +FreeBSD____pkg-2.1.2 +FreeBSD____powerdxx-0.4.4_2 +FreeBSD____psearch-2.1.0_1 +FreeBSD____py311-gstat_exporter-0.2.0,1 +FreeBSD____py311-pip-23.3.2_4 +FreeBSD____py311-prometheus-client-0.21.1_1 +FreeBSD____python3-3_4 +FreeBSD____qemu-nox11-9.2.0_1 +FreeBSD____rpl-1.4.1_1 +FreeBSD____rsync-3.4.1_2 +FreeBSD____rust-1.86.0 +FreeBSD____sg3_utils-1.48_1 +FreeBSD____smartmontools-7.4_2 +FreeBSD____sudo-1.9.16p2_1 +FreeBSD____tftp-hpa-5.2_3 +FreeBSD____tmux-3.5a_1 +FreeBSD____wget-1.25.0 +FreeBSD____xorriso-1.5.6_2 +FreeBSD____zfsnap2-2.0.0.b3_4 +FreeBSD____zfs-stats-1.3.2 +FreeBSD____zsh-5.9_5 +unknown-repository____speedtest-1.2.0.84-1.ea6b6773cf diff --git a/jails/pkg-list-server.txt b/jails/pkg-list-server.txt index cb53671..e42a550 100644 --- a/jails/pkg-list-server.txt +++ b/jails/pkg-list-server.txt @@ -1 +1 @@ -7-zip bash bash-completion debootstrap git grc grub2-bhyve htop i7z iperf3 mc nano node_exporter nut pkg powerdxx psearch py39-prometheus-client rpl rsync smartmontools sudo tftp-hpa tmux wget wireguard xorriso zfsnap zfs-stats zsh +7-zip bash bash-completion beadm bhyve-firmware ca_root_nss cmdwatch cpuid debootstrap dmidecode git grc grub2-bhyve htop i7z iftop intel-pcm iperf3 mc nano node_exporter nut openseachest pkg powerdxx psearch py311-gstat_exporter py311-pip py311-prometheus-client python3 qemu-nox11 rpl rsync rust sg3_utils smartmontools speedtest sudo tftp-hpa tmux wget xorriso zfsnap2 zfs-stats zsh diff --git a/jails/update.sh b/jails/update.sh index 76fbed8..9f1451c 100755 --- a/jails/update.sh +++ b/jails/update.sh @@ -8,15 +8,17 @@ # # -SWREL="12.4-RELEASE" -SWRELOLD="12.3-RELEASE" -SWRELOLD_patch="12.3-RELEASE-p8" -pkg_jail="pj124" +SWREL="14.2-RELEASE" +SWREL_patch="14.2-RELEASE-p3" +SWRELOLD="14.2-RELEASE" +SWRELOLD_patch="14.2-RELEASE-p1" +pkg_jail="pj123" pkg_jailOLD="pj123" +/root/FreeBSD/scripts/freebsd-update-mirror fetch -d /zroot/pkgp/update --currently-running $SWRELOLD_PATCH -m -# NOTE: first time for new SWREL -# remember to update pkgp.conf files to new pkg_jail +# LATEST: Decided to use pkgp123 as the repo and pj123 as the jail going forward as all jails run the same SWREL +# NOTE: first time for new SWREL remember to update pkgp.conf files to new pkg_jail # find ./ | grep pkgp.conf | sort update_jail () @@ -30,9 +32,12 @@ update_jail () # zfs list -t snapshot -o name | grep ship/iocage/jails/$JAIL | sort | xargs -n 1 zfs destroy #fi - iocage exec $JAIL "freebsd-version" + iocage exec $JAIL "freebsd-version -ru" # freebsd-version -j 8 + iocage exec $JAIL "rm -rf /var/db/freebsd-update/install.*" + iocage exec $JAIL "rm -f /var/db/freebsd-update/*" + if [[ $1 == "upgrade" ]]; then # FAILING: iocage upgrade -r $SWREL $JAIL # freebsd-update -r $SWREL -j 8 upgrade @@ -40,33 +45,42 @@ update_jail () # freebsd-update -r $SWREL -j 8 install freebsd-update --currently-running $SWRELOLD -r $SWREL -b /mnt/iocage/jails/$JAIL/root -d /mnt/iocage/jails/$JAIL/root/var/db/freebsd-update -f /mnt/iocage/jails/$JAIL/root/etc/freebsd-update.conf --not-running-from-cron upgrade freebsd-update --currently-running $SWRELOLD -r $SWREL -b /mnt/iocage/jails/$JAIL/root -d /mnt/iocage/jails/$JAIL/root/var/db/freebsd-update -f /mnt/iocage/jails/$JAIL/root/etc/freebsd-update.conf --not-running-from-cron install + iocage stop $JAIL + sleep 2 + iocage start $JAIL # post reboot install, reboot not required in jails freebsd-update --currently-running $SWRELOLD -r $SWREL -b /mnt/iocage/jails/$JAIL/root -d /mnt/iocage/jails/$JAIL/root/var/db/freebsd-update -f /mnt/iocage/jails/$JAIL/root/etc/freebsd-update.conf --not-running-from-cron install # iocage update fetches update based on string in json which used to get updated as part of the upgrade workflow - cd /mnt/iocage/jails/$JAIL - rpl '"release": "${SWRELOLD_patch}"' '"release": "${SWREL}"' config.json iocage update $JAIL + cd /mnt/iocage/jails/$JAIL + rpl '"release": "'${SWRELOLD_patch}'"' '"release": "'${SWREL_patch}'"' config.json + iocage exec $JAIL "[ -f /mnt/config/pkgp.conf ] && cp /mnt/config/pkgp.conf /usr/local/etc/pkg/repos/ || cp /mnt/common/pkgp.conf /usr/local/etc/pkg/repos/" iocage exec $JAIL "pkg-static upgrade -f -y" iocage exec $JAIL "pkg update -f" + + # reset MTA back to sendmail - dma does not seem to handle the relay to MX server properly + # iocage exec $JAIL "cp /usr/share/examples/sendmail/mailer.conf /etc/mail/mailer.conf; cd /etc/mail; make all install; /usr/bin/newaliases; service sendmail start; service sendmail restart" else + echo "freebsd-update --currently-running $SWREL -b /mnt/iocage/jails/$JAIL/root -d /mnt/iocage/jails/$JAIL/root/var/db/freebsd-update -f /mnt/iocage/jails/$JAIL/root/etc/freebsd-update.conf --not-running-from-cron fetch" freebsd-update --currently-running $SWREL -b /mnt/iocage/jails/$JAIL/root -d /mnt/iocage/jails/$JAIL/root/var/db/freebsd-update -f /mnt/iocage/jails/$JAIL/root/etc/freebsd-update.conf --not-running-from-cron fetch # let iocage finish the patch install +# read -p "step 1" iocage update $JAIL +# read -p "step 2" iocage exec $JAIL "pkg update" fi iocage exec $JAIL "pkg autoremove -y" iocage exec $JAIL "pkg upgrade -y" - # iocage exec $JAIL "pkg upgrade -f -y" iocage exec $JAIL "pkg clean -ay" # iocage exec $JAIL "rm -rf /var/tmp/temproot*" -# iocage exec $JAIL "mergemaster -a" + iocage exec $JAIL "etcupdate resolve" iocage exec $JAIL "etcupdate -t /mnt/common/$SWREL.bzip2" - iocage exec $JAIL "freebsd-version" + iocage exec $JAIL "freebsd-version -ru" # freebsd-version -j 8 echo "######## ####" @@ -77,26 +91,29 @@ read -p "skip initial preparation steps (y/N)? " RESP if [ -z $RESP ] || [ $RESP == "n" ] || [ $RESP == "N" ]; then if [[ $1 == "upgrade" ]]; then - echo "#### update of $SWREL called" + echo "#### fetching new iocage root image $SWREL" iocage fetch -NU -r $SWREL fi #iocage freebsd-update is failing in jails - echo "#### iocage root - updating" + echo "#### updating iocage root image" freebsd-update --currently-running $SWREL -b /mnt/iocage/releases/$SWREL/root -d /mnt/iocage/releases/$SWREL/root/var/db/freebsd-update -f /mnt/iocage/releases/$SWREL/root/etc/freebsd-update.conf fetch freebsd-update --currently-running $SWREL -b /mnt/iocage/releases/$SWREL/root -d /mnt/iocage/releases/$SWREL/root/var/db/freebsd-update -f /mnt/iocage/releases/$SWREL/root/etc/freebsd-update.conf install echo "#### preparing etcupdate archive" - etcupdate build $SWREL.bzip2 -s /mnt/iocage/releases/$SWREL/root/usr/src + etcupdate build -s /mnt/iocage/releases/$SWREL/root/usr/src $SWREL.bzip2 mv $SWREL.bzip2 /root/FreeBSD/jails/config/common/ - echo "#### iocage root - cleaning update directory" + echo "#### cleaning iocage root image update directory" rm -rf /mnt/iocage/releases/$SWREL/root/var/db/freebsd-update mkdir -p /mnt/iocage/releases/$SWREL/root/var/db/freebsd-update/files - echo "#### preparing poudriere jail - okay to delete poudriere build jail when prompted" + + echo "#### preparing poudriere pkgp jail - okay to delete poudriere build jail when prompted" cp -r /mnt/iocage/releases/$SWREL /zroot/pkgp if [[ $1 == "upgrade" ]]; then + JAIL="pkgp" + update_jail $1 iocage exec pkgp "poudriere jail -d -j $pkg_jailOLD" else iocage exec pkgp "poudriere jail -d -j $pkg_jail" @@ -105,18 +122,10 @@ if [ -z $RESP ] || [ $RESP == "n" ] || [ $RESP == "N" ]; then iocage exec pkgp "poudriere jail -i -j $pkg_jail" # check options are updated in /usr/local/etc/poudriere.d/$pkg_jail-options - read -p "update pkgp packages first (y/N)? " RESP + read -p "update poudriere pkgp jail packages first (y/N)? " RESP if [ ! -z $RESP ] && [ $RESP == "y" ]; then - if [[ $1 == "upgrade" ]]; then - JAIL="pkgp" - read -p "upgrade jail $JAIL (y/N)? " RESP - if [ $RESP == "y" ] || [ $RESP == "Y" ]; then - update_jail $1 - fi - fi - /root/FreeBSD/jails/jails-update-pkgs.sh pkgp-only -fi - + /root/FreeBSD/jails/jails-update-pkgs.sh pkgp-only + fi fi read -p "process all jails (y/N)? " RESP @@ -138,19 +147,24 @@ if [ ! -z $RESP ] && [ $RESP == "y" ]; then fi echo "update -OR- upgrade base system by running:" -echo "freebsd-update fetch -OR- freebsd-update upgrade -r $SWREL" -echo "freebsd-update install -OR- pkg bootstrap -f ; pkg update ; pkg upgrade" +echo "rm -rf /var/db/freebsd-update/install.*" +echo "rm /var/db/freebsd-update/*" -# echo "rm -rf /usr/src.old; cp -r /usr/src /usr/src.old; rm -rf /usr/src/*" -# echo "git clone --depth 1 --branch releng/12.3 https://git.FreeBSD.org/src.git /usr/src" -# echo "cd /usr/src; cp ../../../../src.old/sys/amd64/conf/diyIT ." -echo "cd /usr/src; git pull; make -j8 buildkernel KERNCONF=diyIT && make -j8 installkernel KERNCONF=diyIT" +echo "freebsd-update fetch -OR- freebsd-update upgrade -r $SWREL" +echo "freebsd-update install -OPTIONAL- pkg bootstrap -f ; pkg update ; pkg upgrade" + +# echo "rm -rf /usr/src.old; cp -r /usr/src /usr/src.old; rm -rf /usr/src/*; rm -rf /usr/src/.a* /usr/src/.c* /usr/src/.g*" +# the reason we can't delete the /usr/src directly is because it is mounted in all the jails +# echo "git clone --depth 1 --branch releng/14.1 https://git.FreeBSD.org/src.git /usr/src" +# echo "cd /usr/src/sys/amd64/conf; cp ../../../../src.old/sys/amd64/conf/diyIT ." +echo "cd /usr/src; git pull; make -j8 buildkernel KERNCONF=diyIT && make installkernel KERNCONF=diyIT" echo "reboot" -echo "pkg-static upgrade -f" +echo "pkg-static upgrade -f; pkg update -f; pkg upgrade; pkg clean -a" #echo "rm -rf /var/tmp/temproot*" -#echo "mergemaster -a" echo "etcupdate" echo "/root/FreeBSD/scripts/zfs-prune-snapshots -vn -p 'ioc_update' 1d | grep removing" + +echo "bectl list | grep 14.1-RELEASE-p3 | cut -d" " -f1 | xargs -n 1 bectl destroy" diff --git a/scripts/gstat_exporter.py b/scripts/gstat_exporter.py old mode 100755 new mode 100644 index 78e6303..3d48868 --- a/scripts/gstat_exporter.py +++ b/scripts/gstat_exporter.py @@ -1,411 +1,396 @@ -from prometheus_client import start_http_server, Gauge # type: ignore +from prometheus_client import start_http_server, Gauge +import argparse +import logging +import datetime from subprocess import Popen, PIPE from typing import Dict +from importlib.metadata import PackageNotFoundError, version + +# get version +try: + __version__ = version("gstat_exporter") +except PackageNotFoundError: + # package is not installed, version unknown + __version__ = "0.0.0" + +class GstatExporter: + def __init__(self, interval: int = 30, grace: int = 30, sleep: int = 15) -> None: + """Define metrics and other neccesary variables.""" + # save interval, grace, and sleep + self.interval = interval + self.grace = grace + self.sleep = sleep + + # save the version as a class attribute + self.__version__ = __version__ + + # define the metric labels + self.labels: list[str] = [ + "name", + "descr", + "mediasize", + "sectorsize", + "lunid", + "ident", + "rotationrate", + "fwsectors", + "fwheads", + ] + + # define the metrics + self.metrics: dict[str, Gauge] = {} + self.metrics["up"] = Gauge( + "gstat_up", + "The value of this Gauge is always 1 when the gstat_exporter is up", + ) + + self.metrics["queue"] = Gauge( + "gstat_queue_depth", + "The queue depth for this GEOM", + self.labels, + ) + self.metrics["totalops"] = Gauge( + "gstat_total_operations_per_second", + "The total number of operations/second for this GEOM", + self.labels, + ) + + self.metrics["readops"] = Gauge( + "gstat_read_operations_per_second", + "The number of read operations/second for this GEOM", + self.labels, + ) + self.metrics["readsize"] = Gauge( + "gstat_read_size_kilobytes", + "The size in kilobytes of read operations for this GEOM", + self.labels, + ) + self.metrics["readkbs"] = Gauge( + "gstat_read_kilobytes_per_second", + "The speed in kilobytes/second of read operations for this GEOM", + self.labels, + ) + self.metrics["readms"] = Gauge( + "gstat_miliseconds_per_read", + "The speed in miliseconds/read operation for this GEOM", + self.labels, + ) + + self.metrics["writeops"] = Gauge( + "gstat_write_operations_per_second", + "The number of write operations/second for this GEOM", + self.labels, + ) + self.metrics["writesize"] = Gauge( + "gstat_write_size_kilobytes", + "The size in kilobytes of write operations for this GEOM", + self.labels, + ) + self.metrics["writekbs"] = Gauge( + "gstat_write_kilobytes_per_second", + "The speed in kilobytes/second of write operations for this GEOM", + self.labels, + ) + self.metrics["writems"] = Gauge( + "gstat_miliseconds_per_write", + "The speed in miliseconds/write operation for this GEOM", + self.labels, + ) + + self.metrics["deleteops"] = Gauge( + "gstat_delete_operations_per_second", + "The number of delete operations/second for this GEOM", + self.labels, + ) + self.metrics["deletesize"] = Gauge( + "gstat_delete_size_kilobytes", + "The size in kilobytes of delete operations for this GEOM", + self.labels, + ) + self.metrics["deletekbs"] = Gauge( + "gstat_delete_kilobytes_per_second", + "The speed in kilobytes/second of delete operations for this GEOM", + self.labels, + ) + self.metrics["deletems"] = Gauge( + "gstat_miliseconds_per_delete", + "The speed in miliseconds/delete operation for this GEOM", + self.labels, + ) + + self.metrics["otherops"] = Gauge( + "gstat_other_operations_per_second", + "The number of other operations (BIO_FLUSH)/second for this GEOM", + self.labels, + ) + self.metrics["otherms"] = Gauge( + "gstat_miliseconds_per_other", + "The speed in miliseconds/other operation (BIO_FLUSH) for this GEOM", + self.labels, + ) + + self.metrics["busy"] = Gauge( + "gstat_percent_busy", + "The percent of the time this GEOM is busy", + self.labels, + ) + + # start with an empty deviceinfo dict and add devices as we see them + self.deviceinfo: Dict[str, Dict[str, str]] = {} + + # variables used for checking for removed devices + self.lastcheck = datetime.datetime.now() + self.timestamps: Dict[str, datetime.datetime] = {} + + logging.debug("Done initialising GstatExporter class") + + def get_deviceinfo(self, name: str) -> Dict[str, str]: + """ + Return a dict of GEOM device info for GEOM devices in class DISK, + for use as labels for the metrics. + + Sample output from the geom command: + + $ geom -p ada0 + Geom class: DISK + Geom name: ada0 + Providers: + 1. Name: ada0 + Mediasize: 250059350016 (233G) + Sectorsize: 512 + Mode: r2w2e4 + descr: Samsung SSD 860 EVO mSATA 250GB + lunid: 5002538e700b753f + ident: S41MNG0K907238X + rotationrate: 0 + fwsectors: 63 + fwheads: 16 + $ + """ + logging.debug(f"Getting deviceinfo for GEOM {name}...") + with Popen( + ["geom", "-p", name], stdout=PIPE, bufsize=1, universal_newlines=True + ) as p: + result = {} + for line in p.stdout: # type: ignore + # remove excess whitespace + line = line.strip() + # we only care about the DISK class for now + if line[0:12] == "Geom class: " and line[-4:] != "DISK": + break + + if line[0:11] == "Mediasize: ": + result["mediasize"] = line[11:] + if line[0:12] == "Sectorsize: ": + result["sectorsize"] = line.split(" ")[1] + if line[0:7] == "descr: ": + result["descr"] = " ".join(line.split(" ")[1:]) + if line[0:7] == "lunid: ": + result["lunid"] = line.split(" ")[1] + if line[0:7] == "ident: ": + result["ident"] = line.split(" ")[1] + if line[0:14] == "rotationrate: ": + result["rotationrate"] = line.split(" ")[1] + if line[0:11] == "fwsectors: ": + result["fwsectors"] = line.split(" ")[1] + if line[0:9] == "fwheads: ": + result["fwheads"] = line.split(" ")[1] + logging.debug(f"Returning deviceinfo for {name}: {result}") + return result + + def run_gstat_forever(self) -> None: + """ + Run gstat in a loop and update stats per line + """ + logging.debug(f"Running 'gstat -pdosCI {self.sleep}s' (will loop forever)...") + with Popen( + ["gstat", "-pdosCI", f"{self.sleep}s"], stdout=PIPE, bufsize=1, universal_newlines=True + ) as p: + # loop over lines in the output + for line in p.stdout: # type: ignore + ( + timestamp, + name, + queue_depth, + total_operations_per_second, + read_operations_per_second, + read_size_kilobytes, + read_kilobytes_per_second, + miliseconds_per_read, + write_operations_per_second, + write_size_kilobytes, + write_kilobytes_per_second, + miliseconds_per_write, + delete_operations_per_second, + delete_size_kilobytes, + delete_kilobytes_per_second, + miliseconds_per_delete, + other_operations_per_second, + miliseconds_per_other, + percent_busy, + ) = line.split(",") + if timestamp == "timestamp": + # skip header line + continue + + # first check if this GEOM has been seen before + if name not in self.deviceinfo: + logging.info(f"Adding new GEOM to deviceinfo: {name}") + # this is the first time we see this GEOM + self.deviceinfo[name] = {} + # we always need a value for all labels + for key in self.labels: + self.deviceinfo[name][key] = "" + # get real info from the device if it is class DISK + self.deviceinfo[name].update(self.get_deviceinfo(name)) + self.deviceinfo[name].update({"name": name}) + + # update timestamp to track when this GEOM was last seen + self.timestamps[name] = datetime.datetime.strptime( + timestamp.split(".")[0], "%Y-%m-%d %H:%M:%S" + ) + + # up is always.. up + self.metrics["up"].set(1) + + self.metrics["queue"].labels(**self.deviceinfo[name]).set(queue_depth) + self.metrics["totalops"].labels(**self.deviceinfo[name]).set( + total_operations_per_second + ) + + self.metrics["readops"].labels(**self.deviceinfo[name]).set( + read_operations_per_second + ) + self.metrics["readsize"].labels(**self.deviceinfo[name]).set( + read_size_kilobytes + ) + self.metrics["readkbs"].labels(**self.deviceinfo[name]).set( + read_kilobytes_per_second + ) + self.metrics["readms"].labels(**self.deviceinfo[name]).set( + miliseconds_per_read + ) + + self.metrics["writeops"].labels(**self.deviceinfo[name]).set( + write_operations_per_second + ) + self.metrics["writesize"].labels(**self.deviceinfo[name]).set( + write_size_kilobytes + ) + self.metrics["writekbs"].labels(**self.deviceinfo[name]).set( + write_kilobytes_per_second + ) + self.metrics["writems"].labels(**self.deviceinfo[name]).set( + miliseconds_per_write + ) + + self.metrics["deleteops"].labels(**self.deviceinfo[name]).set( + delete_operations_per_second + ) + self.metrics["deletesize"].labels(**self.deviceinfo[name]).set( + delete_size_kilobytes + ) + self.metrics["deletekbs"].labels(**self.deviceinfo[name]).set( + delete_kilobytes_per_second + ) + self.metrics["deletems"].labels(**self.deviceinfo[name]).set( + miliseconds_per_delete + ) + + self.metrics["otherops"].labels(**self.deviceinfo[name]).set( + other_operations_per_second + ) + self.metrics["otherms"].labels(**self.deviceinfo[name]).set( + miliseconds_per_other + ) + + self.metrics["busy"].labels(**self.deviceinfo[name]).set(percent_busy) + + # check for removed GEOMs + now = datetime.datetime.now() + if (now - self.lastcheck).seconds > self.interval: + logging.debug("Running periodic check for removed devices...") + # enough time has passed since the last check + # loop over devices and check timestamp for each + remove = [] + for name in self.deviceinfo.keys(): + delta = (now - self.timestamps[name]).seconds + if delta > self.grace: + remove.append(name) + logging.info( + f"It has been {self.grace} seconds since gstat last reported data for GEOM {name} - removing metrics" + ) + + # loop over the GEOMs for which gstat stopped giving data and remove them + for name in remove: + # it has been too long since we have seen this GEOM, remove it + for metric in self.metrics.keys(): + if metric == "up": + # skip the up metric + continue + self.metrics[metric].remove(*self.deviceinfo[name].values()) + del self.deviceinfo[name] + self.lastcheck = datetime.datetime.now() -def get_deviceinfo(name: str) -> Dict[str, str]: - """ - Return a dict of GEOM device info for GEOM devices in class DISK, - for use as labels for the metrics. +def main() -> None: + """Run the main function.""" + parser = argparse.ArgumentParser() - Sample output from the geom command: + parser.add_argument( + "-g", + "--grace", + type=int, + help="Stop exporting metrics for a GEOM after gstat has not reported data from it for this many seconds. Defaults to 30 seconds.", + default=30, + ) + parser.add_argument( + "-i", + "--interval", + type=int, + help="How many seconds to wait between checking for removed devices. Defaults to 30 seconds.", + default=30, + ) + parser.add_argument( + "-l", + "--listen-ip", + type=str, + help="Listen IP. Defaults to 0.0.0.0 (all v4 IPs). Set to :: to listen on all v6 IPs.", + default="0.0.0.0", + ) + parser.add_argument( + "-p", + "--port", + type=int, + help="Portnumber. Defaults to 9248.", + default=9248, + ) + parser.add_argument( + "-s", + "--sleep", + type=int, + help="How long should gstat sleep between reporting data, in seconds. Set this to the same as your Prometheus scrape interval. Defaults to 15.", + default=15, + ) - $ geom -p ada0 - Geom class: DISK - Geom name: ada0 - Providers: - 1. Name: ada0 - Mediasize: 250059350016 (233G) - Sectorsize: 512 - Mode: r2w2e4 - descr: Samsung SSD 860 EVO mSATA 250GB - lunid: 5002538e700b753f - ident: S41MNG0K907238X - rotationrate: 0 - fwsectors: 63 - fwheads: 16 - $ - """ - with Popen( - ["geom", "-p", name], stdout=PIPE, bufsize=1, universal_newlines=True - ) as p: - result = {} - for line in p.stdout: - # remove excess whitespace - line = line.strip() - # we only care about the DISK class for now - if line[0:12] == "Geom class: " and line[-4:] != "DISK": - break + parser.add_argument( + "-d", + "--debug", + action="store_const", + dest="loglevel", + const="DEBUG", + help="Debug mode.", + default="INFO", + ) - if line[0:11] == "Mediasize: ": - result["mediasize"] = line[11:] - if line[0:12] == "Sectorsize: ": - result["sectorsize"] = line.split(" ")[1] - if line[0:7] == "descr: ": - result["descr"] = " ".join(line.split(" ")[1:]) - if line[0:7] == "lunid: ": - result["lunid"] = line.split(" ")[1] - if line[0:7] == "ident: ": - result["ident"] = line.split(" ")[1] - if line[0:14] == "rotationrate: ": - result["rotationrate"] = line.split(" ")[1] - if line[0:11] == "fwsectors: ": - result["fwsectors"] = line.split(" ")[1] - if line[0:9] == "fwheads: ": - result["fwheads"] = line.split(" ")[1] - return result + args = parser.parse_args() + logging.basicConfig(level=args.loglevel, datefmt="%Y-%m-%d %H:%M:%S %z", format="%(asctime)s - %(module)s - %(levelname)s - %(message)s") + logging.info(f"Starting gstat_exporter v{__version__} - logging at level {args.loglevel}") + logging.info(f"Starting HTTP listener on address '{args.listen_ip}' port '{args.port}'") + start_http_server(addr=args.listen_ip, port=args.port) + exporter = GstatExporter(interval=args.interval, grace=args.grace, sleep=args.sleep) + while True: + exporter.run_gstat_forever() - -def process_request() -> None: - """ - Run gstat in a loop and update stats per line - """ - # start with an empty deviceinfo dict and add devices as we see them - deviceinfo: Dict[str, Dict[str, str]] = {} - - with Popen( - ["gstat", "-pdosCI", "5s"], stdout=PIPE, bufsize=1, universal_newlines=True - ) as p: - for line in p.stdout: - ( - timestamp, - name, - queue_depth, - total_operations_per_second, - read_operations_per_second, - read_size_kilobytes, - read_kilobytes_per_second, - miliseconds_per_read, - write_operations_per_second, - write_size_kilobytes, - write_kilobytes_per_second, - miliseconds_per_write, - delete_operations_per_second, - delete_size_kilobytes, - delete_kilobytes_per_second, - miliseconds_per_delete, - other_operations_per_second, - miliseconds_per_other, - percent_busy, - ) = line.split(",") - if timestamp == "timestamp": - # skip header line - continue - - if name not in deviceinfo: - # this is the first time we see this GEOM - deviceinfo[name] = {} - # we always need a value for all labels - for key in [ - "name", - "descr", - "mediasize", - "sectorsize", - "lunid", - "ident", - "rotationrate", - "fwsectors", - "fwheads", - ]: - deviceinfo[name][key] = "" - # get real info from the device if it is class DISK - deviceinfo[name].update(get_deviceinfo(name)) - - deviceinfo[name].update({"name": name}) - - # up is always.. up - up.set(1) - - queue.labels(**deviceinfo[name]).set(queue_depth) - totalops.labels(**deviceinfo[name]).set(total_operations_per_second) - - readops.labels(**deviceinfo[name]).set(read_operations_per_second) - readsize.labels(**deviceinfo[name]).set(read_size_kilobytes) - readkbs.labels(**deviceinfo[name]).set(read_kilobytes_per_second) - readms.labels(**deviceinfo[name]).set(miliseconds_per_read) - - writeops.labels(**deviceinfo[name]).set(write_operations_per_second) - writesize.labels(**deviceinfo[name]).set(write_size_kilobytes) - writekbs.labels(**deviceinfo[name]).set(write_kilobytes_per_second) - writems.labels(**deviceinfo[name]).set(miliseconds_per_write) - - deleteops.labels(**deviceinfo[name]).set(delete_operations_per_second) - deletesize.labels(**deviceinfo[name]).set(delete_size_kilobytes) - deletekbs.labels(**deviceinfo[name]).set(delete_kilobytes_per_second) - deletems.labels(**deviceinfo[name]).set(miliseconds_per_delete) - - otherops.labels(**deviceinfo[name]).set(other_operations_per_second) - otherms.labels(**deviceinfo[name]).set(miliseconds_per_other) - - busy.labels(**deviceinfo[name]).set(percent_busy) - - -# define metrics -up = Gauge( - "gstat_up", "The value of this Gauge is always 1 when the gstat_exporter is up" -) - -queue = Gauge( - "gstat_queue_depth", - "The queue depth for this GEOM", - [ - "name", - "descr", - "mediasize", - "sectorsize", - "lunid", - "ident", - "rotationrate", - "fwsectors", - "fwheads", - ], -) -totalops = Gauge( - "gstat_total_operations_per_second", - "The total number of operations/second for this GEOM", - [ - "name", - "descr", - "mediasize", - "sectorsize", - "lunid", - "ident", - "rotationrate", - "fwsectors", - "fwheads", - ], -) - -readops = Gauge( - "gstat_read_operations_per_second", - "The number of read operations/second for this GEOM", - [ - "name", - "descr", - "mediasize", - "sectorsize", - "lunid", - "ident", - "rotationrate", - "fwsectors", - "fwheads", - ], -) -readsize = Gauge( - "gstat_read_size_kilobytes", - "The size in kilobytes of read operations for this GEOM", - [ - "name", - "descr", - "mediasize", - "sectorsize", - "lunid", - "ident", - "rotationrate", - "fwsectors", - "fwheads", - ], -) -readkbs = Gauge( - "gstat_read_kilobytes_per_second", - "The speed in kilobytes/second of read operations for this GEOM", - [ - "name", - "descr", - "mediasize", - "sectorsize", - "lunid", - "ident", - "rotationrate", - "fwsectors", - "fwheads", - ], -) -readms = Gauge( - "gstat_miliseconds_per_read", - "The speed in miliseconds/read operation for this GEOM", - [ - "name", - "descr", - "mediasize", - "sectorsize", - "lunid", - "ident", - "rotationrate", - "fwsectors", - "fwheads", - ], -) - -writeops = Gauge( - "gstat_write_operations_per_second", - "The number of write operations/second for this GEOM", - [ - "name", - "descr", - "mediasize", - "sectorsize", - "lunid", - "ident", - "rotationrate", - "fwsectors", - "fwheads", - ], -) -writesize = Gauge( - "gstat_write_size_kilobytes", - "The size in kilobytes of write operations for this GEOM", - [ - "name", - "descr", - "mediasize", - "sectorsize", - "lunid", - "ident", - "rotationrate", - "fwsectors", - "fwheads", - ], -) -writekbs = Gauge( - "gstat_write_kilobytes_per_second", - "The speed in kilobytes/second of write operations for this GEOM", - [ - "name", - "descr", - "mediasize", - "sectorsize", - "lunid", - "ident", - "rotationrate", - "fwsectors", - "fwheads", - ], -) -writems = Gauge( - "gstat_miliseconds_per_write", - "The speed in miliseconds/write operation for this GEOM", - [ - "name", - "descr", - "mediasize", - "sectorsize", - "lunid", - "ident", - "rotationrate", - "fwsectors", - "fwheads", - ], -) - -deleteops = Gauge( - "gstat_delete_operations_per_second", - "The number of delete operations/second for this GEOM", - [ - "name", - "descr", - "mediasize", - "sectorsize", - "lunid", - "ident", - "rotationrate", - "fwsectors", - "fwheads", - ], -) -deletesize = Gauge( - "gstat_delete_size_kilobytes", - "The size in kilobytes of delete operations for this GEOM", - [ - "name", - "descr", - "mediasize", - "sectorsize", - "lunid", - "ident", - "rotationrate", - "fwsectors", - "fwheads", - ], -) -deletekbs = Gauge( - "gstat_delete_kilobytes_per_second", - "The speed in kilobytes/second of delete operations for this GEOM", - [ - "name", - "descr", - "mediasize", - "sectorsize", - "lunid", - "ident", - "rotationrate", - "fwsectors", - "fwheads", - ], -) -deletems = Gauge( - "gstat_miliseconds_per_delete", - "The speed in miliseconds/delete operation for this GEOM", - [ - "name", - "descr", - "mediasize", - "sectorsize", - "lunid", - "ident", - "rotationrate", - "fwsectors", - "fwheads", - ], -) - -otherops = Gauge( - "gstat_other_operations_per_second", - "The number of other operations (BIO_FLUSH)/second for this GEOM", - [ - "name", - "descr", - "mediasize", - "sectorsize", - "lunid", - "ident", - "rotationrate", - "fwsectors", - "fwheads", - ], -) -otherms = Gauge( - "gstat_miliseconds_per_other", - "The speed in miliseconds/other operation (BIO_FLUSH) for this GEOM", - [ - "name", - "descr", - "mediasize", - "sectorsize", - "lunid", - "ident", - "rotationrate", - "fwsectors", - "fwheads", - ], -) - -busy = Gauge( - "gstat_percent_busy", - "The percent of the time this GEOM is busy", - [ - "name", - "descr", - "mediasize", - "sectorsize", - "lunid", - "ident", - "rotationrate", - "fwsectors", - "fwheads", - ], -) - -start_http_server(9248) -while True: - process_request() +if __name__ == "__main__": + main() diff --git a/scripts/zfs_health.sh b/scripts/zfs_health.sh index 0251e3e..819b69b 100755 --- a/scripts/zfs_health.sh +++ b/scripts/zfs_health.sh @@ -102,12 +102,12 @@ if [ ${problems} -eq 0 ]; then #scrubDate=$(date -d "$scrubRawDate" +%s) ### FreeBSD 11.2 with *nix supported date format - #scrubRawDate=$(/sbin/zpool status $volume | grep scrub | awk '{print $15 $12 $13}') - #scrubDate=$(date -j -f '%Y%b%e-%H%M%S' $scrubRawDate'-000000' +%s) + scrubRawDate=$(/sbin/zpool status $volume | grep scrub | awk '{print $15 $12 $13}') + scrubDate=$(date -j -f '%Y%b%e-%H%M%S' $scrubRawDate'-000000' +%s) ### FreeBSD 12.0 with *nix supported date format - scrubRawDate=$(/sbin/zpool status $volume | grep scrub | awk '{print $17 $14 $15}') - scrubDate=$(date -j -f '%Y%b%e-%H%M%S' $scrubRawDate'-000000' +%s) + #scrubRawDate=$(/sbin/zpool status $volume | grep scrub | awk '{print $17 $14 $15}') + #scrubDate=$(date -j -f '%Y%b%e-%H%M%S' $scrubRawDate'-000000' +%s) if [ $(($currentDate - $scrubDate)) -ge $scrubExpire ]; then emailSubject="`hostname` - ZFS pool - Scrub Time Expired. Scrub Needed on Volume(s)"