May 1, 2025 update

2025-05-01 21:19:17 -07:00
parent a2cdf26594
commit b33d54d723
261 changed files with 2451 additions and 12859 deletions
--- a/jails/config/sharad/httpd.conf
+++ b/jails/config/sharad/httpd.conf
@ -551,6 +551,14 @@ SSLRandomSeed connect builtin

 Include etc/apache24/Includes/*.conf

+# https://ssl-config.mozilla.org/#server=apache&version=2.4.60&config=intermediate&openssl=3.1.0&guideline=5.7
+
+<VirtualHost *:80>
+    RewriteEngine On
+    RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/
+    RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L]
+</VirtualHost>
+
 <VirtualHost *:443>
    ServerName sharad.ahlawat.com
    ServerAlias *.ahlawat.com
@ -560,16 +568,20 @@ Include etc/apache24/Includes/*.conf

    DocumentRoot "/usr/local/www/apache24/data/"

+    # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
+    Header always set Strict-Transport-Security "max-age=63072000"
+
    SSLEngine on
    SSLCertificateFile "/mnt/certs/fullchain.pem"
    SSLCertificateKeyFile "/mnt/certs/privkey.pem"
-    #SSLCertificateChainFile "/mnt/certs/fullchain.pem"
-    SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
-    SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
-    SSLHonorCipherOrder off
-    SSLSessionTickets off
-    SSLOptions +StrictRequire
-#    SSLCompression off
+#    SSLCertificateChainFile "/mnt/certs/fullchain.pem"
+    SSLCACertificateFile "/mnt/certs/cacert.pem"
+
+    SSLProtocol             -all +TLSv1.2 +TLSv1.3
+    SSLOpenSSLConfCmd       Curves X25519:prime256v1:secp384r1
+    SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
+    SSLHonorCipherOrder     off
+    SSLSessionTickets       off

    RewriteEngine On
    RewriteCond %{HTTP:Authorization} ^(.*)
--- a/jails/config/sharad/pkg-list-details-old.txt
+++ b/jails/config/sharad/pkg-list-details-old.txt
@ -1,8 +1,8 @@
-pkgp-freebsd-pkg____apache24-2.4.54
-pkgp-freebsd-pkg____bash-5.2.9
-pkgp-freebsd-pkg____bash-completion-2.11_1,2
-pkgp-freebsd-pkg____nano-6.4
-pkgp-freebsd-pkg____php81-8.1.12
-pkgp-freebsd-pkg____php81-mysqli-8.1.12
-pkgp-freebsd-pkg____php81-session-8.1.12
-pkgp-freebsd-pkg____pkg-1.18.4
+pkgp-freebsd-pkg____apache24-2.4.63
+pkgp-freebsd-pkg____bash-5.2.37
+pkgp-freebsd-pkg____bash-completion-2.14.0,2
+pkgp-freebsd-pkg____nano-8.4
+pkgp-freebsd-pkg____php84-8.4.6
+pkgp-freebsd-pkg____php84-mysqli-8.4.6
+pkgp-freebsd-pkg____php84-session-8.4.6
+pkgp-freebsd-pkg____pkg-2.1.2
--- a/jails/config/sharad/pkg-list-details.txt
+++ b/jails/config/sharad/pkg-list-details.txt
@ -1,8 +1,8 @@
-pkgp-freebsd-pkg____apache24-2.4.54
-pkgp-freebsd-pkg____bash-5.2.12
-pkgp-freebsd-pkg____bash-completion-2.11_2,2
-pkgp-freebsd-pkg____nano-7.0
-pkgp-freebsd-pkg____php81-8.1.13
-pkgp-freebsd-pkg____php81-mysqli-8.1.13
-pkgp-freebsd-pkg____php81-session-8.1.13
-pkgp-freebsd-pkg____pkg-1.18.4
+pkgp-freebsd-pkg____apache24-2.4.63
+pkgp-freebsd-pkg____bash-5.2.37
+pkgp-freebsd-pkg____bash-completion-2.14.0,2
+pkgp-freebsd-pkg____nano-8.4
+pkgp-freebsd-pkg____php84-8.4.6
+pkgp-freebsd-pkg____php84-mysqli-8.4.6
+pkgp-freebsd-pkg____php84-session-8.4.6
+pkgp-freebsd-pkg____pkg-2.1.2
--- a/jails/config/sharad/pkg-list-old.txt
+++ b/jails/config/sharad/pkg-list-old.txt
@ -1 +1 @@
-apache24 bash bash-completion nano php81 php81-mysqli php81-session pkg
+apache24 bash bash-completion nano php84 php84-mysqli php84-session pkg
--- a/jails/config/sharad/pkg-list.txt
+++ b/jails/config/sharad/pkg-list.txt
@ -1 +1 @@
-apache24 bash bash-completion nano php81 php81-mysqli php81-session pkg
+apache24 bash bash-completion nano php84 php84-mysqli php84-session pkg