Index: head/www/Makefile =================================================================== --- head/www/Makefile +++ head/www/Makefile @@ -237,6 +237,7 @@ SUBDIR += guile-www SUBDIR += gurlchecker SUBDIR += h2o + SUBDIR += h2o-devel SUBDIR += habari SUBDIR += hastymail2-devel SUBDIR += havp Index: head/www/h2o-devel/Makefile =================================================================== --- head/www/h2o-devel/Makefile +++ head/www/h2o-devel/Makefile @@ -0,0 +1,83 @@ +# Created by: Dave Cottlehuber +# $FreeBSD$ + +PORTNAME= h2o +DISTVERSIONPREFIX= v +DISTVERSION= 2.3.0-beta1 +CATEGORIES= www +PKGNAMESUFFIX= -devel + +MAINTAINER= dch@FreeBSD.org +COMMENT= Optimized HTTP/2 server including support for TLS 1.3 and HTTP/1.x + +LICENSE= MIT BSD2CLAUSE +LICENSE_COMB= multi + +BROKEN_armv6= fails to compile: asm_arm.inc:139:36: '.syntax divided' arm assembly not supported +BROKEN_armv7= fails to compile: asm_arm.inc:139:36: '.syntax divided' arm assembly not supported +BROKEN_powerpc64= fails to link: unrecognized option '-Wl,-rpath=/usr/local/lib/gcc6' + +LIB_DEPENDS= libuv.so:devel/libuv + +USES= cmake:noninja compiler:c11 cpe perl5 shebangfix ssl pkgconfig +CPE_VENDOR= h2o_project +USE_GITHUB= yes +USE_PERL5= run +USE_LDCONFIG= yes + +CONFLICTS= h2o-2* + +SHEBANG_FILES= share/h2o/start_server + +PORTDOCS= README.md + +SUB_FILES= ${PORTNAME} ${PORTNAME}.conf.sample +SUB_LIST+= H2O_USER=${H2O_USER} \ + H2O_GROUP=${H2O_GROUP} \ + H2O_LOGDIR=${H2O_LOGDIR} + +PLIST_SUB= H2O_USER=${H2O_USER} \ + H2O_GROUP=${H2O_GROUP} \ + H2O_LOGDIR=${H2O_LOGDIR} + +H2O_USER?= www +H2O_GROUP?= www + +H2O_LOGDIR= /var/log/${PORTNAME}/ + +USE_RC_SUBR= ${PORTNAME} + +OPTIONS_DEFINE= MRUBY DOCS +OPTIONS_DEFAULT= MRUBY +OPTIONS_SUB= yes +MRUBY_DESC= Build with embedded mruby handler support + +CMAKE_ARGS+= -DBUILD_SHARED_LIBS=ON -DWITH_BUNDLED_SSL=OFF +CMAKE_VERBOSE= yes + +MRUBY_CMAKE_BOOL= WITH_MRUBY +MRUBY_USES= bison +MRUBY_USE= ruby=yes +MRUBY_VARS= RUBY_NO_RUN_DEPENDS=yes + +post-patch: + @${REINPLACE_CMD} -e 's|exec perl|exec ${LOCALBASE}/bin/perl|' \ + ${WRKSRC}/share/h2o/annotate-backtrace-symbols \ + ${WRKSRC}/share/h2o/fastcgi-cgi \ + ${WRKSRC}/share/h2o/fetch-ocsp-response \ + ${WRKSRC}/share/h2o/kill-on-close \ + ${WRKSRC}/share/h2o/setuidgid \ + ${WRKSRC}/share/h2o/start_server + +post-install: + ${MKDIR} ${STAGEDIR}${ETCDIR} \ + ${STAGEDIR}${H2O_LOGDIR} + ${INSTALL_DATA} \ + ${WRKDIR}/${PORTNAME}.conf.sample \ + ${STAGEDIR}${ETCDIR}/${PORTNAME}.conf.sample + +post-install-DOCS-on: + ${MKDIR} ${STAGEDIR}${DOCSDIR} + ${INSTALL_DATA} ${WRKSRC}/README.md ${STAGEDIR}${DOCSDIR} + +.include Index: head/www/h2o-devel/distinfo =================================================================== --- head/www/h2o-devel/distinfo +++ head/www/h2o-devel/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1531832029 +SHA256 (h2o-h2o-v2.3.0-beta1_GH0.tar.gz) = 594869a4d6f1d5b757fca0877d3eec8e1b09521e06170f0296fc398b95789ae8 +SIZE (h2o-h2o-v2.3.0-beta1_GH0.tar.gz) = 29164045 Index: head/www/h2o-devel/files/h2o.conf.sample.in =================================================================== --- head/www/h2o-devel/files/h2o.conf.sample.in +++ head/www/h2o-devel/files/h2o.conf.sample.in @@ -0,0 +1,104 @@ +# this sample config gives you a feel for how h2o can be used +# and a high-security configuration for TLS and HTTP headers +# see https://h2o.examp1e.net/ for detailed documentation +# and h2o --help for command-line options and settings +user: www +pid-file: /var/run/h2o.pid +# log normal access to file +access-log: /var/log/h2o/access.log +# send errors to syslog +error-log: "| logger -i -p daemon.err -t h2o" + +# as of 2017-12-01 the following TLS config and headers, with +# DNS CAA records and custom diffie-hellmann parameters via +# `openssl dhparam -out %%PREFIX%%/etc/ssl/dhparam.pem 4096` +# will get you: + +# A+ on https://www.ssllabs.com/ssltest/ +listen: 80 +listen: + port: 443 + ssl: + # using at least TLS1.2 restricts many older devices + minimum-version: TLSv1.1 + dh-file: %%PREFIX%%/etc/ssl/dhparam.pem + # generate your own certificates with security/acme-client + certificate-file: %%PREFIX%%/etc/ssl/acme/example.org/fullchain.pem + key-file: %%PREFIX%%/etc/ssl/acme/private/example.org/privkey.pem + cipher-preference: server + cipher-suite: ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS + +# A+ on https://securityheaders.io/ +header.add: "x-frame-options: deny" +header.add: "X-XSS-Protection: 1; mode=block" +header.add: "X-Content-Type-Options: nosniff" +header.add: "X-UA-Compatible: IE=Edge" +header.add: "Referrer-Policy: strict-origin" +header.add: "Cache-Control: no-transform" +header.add: "Content-Security-Policy: default-src https:" +# 6 months HSTS pinning +header.add: "Strict-Transport-Security: max-age=16000000" + +# no patience for slow users +http1-request-timeout: 10 +http2-idle-timeout: 10 +# limit POST bodies +limit-request-body: 10485760 # 10MiB +max-connections: 1024 + +file.mime.addtypes: + image/svg+xml: .svg + text/plain: .log + text/css: .css + application/atom+xml: .xml + application/zip: .zip + application/json: .json + "text/html; charset=utf-8": .html + +# per-host configurations +hosts: + # a basic fileserver + www.example.org: + # enable Apache-style directory listings + file.dirlisting: on + file.send-gzip: on + paths: + "/": + file.dir: "/var/www/www.example.org" + # a simple permanent URL redirect + "/blog": + redirect: + status: 301 + url: https://blog.example.org/ + # a password-restricted url + "/server-status": + mruby.handler: | + require "htpasswd.rb" + Htpasswd.new("%%ETCDIR%%/private/htpasswd", "example.org") + status: ON + # redireect Lets Encrypt ACME protocol to a specific challenge directory + "/.well-known/acme-challenge": + file.dir: "/var/www/acme" + # virtual directory layout to support serving FreeBSD packages built by poudriere + pkg.example.org: + paths: + "/poudriere": + file.dir: "%%PREFIX%%/poudriere/data/logs/bulk" + "/FreeBSD:10:amd64": + file.dir: "%%PREFIX%%/poudriere/data/packages/10_amd64-default/" + "/FreeBSD:11:amd64": + file.dir: "%%PREFIX%%/poudriere/data/packages/11_amd64-default/" + # a simple ruby-powered embedded JSON API + api.example.net: + paths: + "/ok.json": + mruby.handler: | + Proc.new do |env| + [200, {'content-type' => 'application/json'}, ['{"status":"ok"}']] + end + # a websockets-aware reverse proxy + ws.example.net: + paths: + "/": + proxy.websocket: ON + proxy.reverse.url: "http://localhost:1080/" Index: head/www/h2o-devel/files/h2o.in =================================================================== --- head/www/h2o-devel/files/h2o.in +++ head/www/h2o-devel/files/h2o.in @@ -0,0 +1,42 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: h2o +# REQUIRE: LOGIN DAEMON NETWORKING +# KEYWORD: shutdown + +# Add the following lines to /etc/rc.conf.local or /etc/rc.conf +# to enable this service: +# +# h2o_enable (bool): Set to NO by default. +# Set it to YES to enable h2o. +# +# h2o_config (string): Optional full path for h2o config file +# h2o_perl (string): Optional full path to perl executable + +. /etc/rc.subr + +name=h2o +rcvar=h2o_enable +desc="An HTTP/2 high-performance webserver" + +load_rc_config $name + +# defaults +: ${h2o_enable:=NO} +: ${h2o_config:=%%PREFIX%%/etc/${name}/${name}.conf} +: ${h2o_perl:=%%LOCALBASE%%/bin/perl} + +# daemon +pidfile=`grep pid-file ${h2o_config} | cut -d' ' -f2` +h2o_env="H2O_PERL=${h2o_perl}" +command="%%PREFIX%%/bin/${name}" +command_args="-m daemon -c ${h2o_config}" +procname="%%LOCALBASE%%/bin/perl" + +# support SIGHUP to reload configuration file +extra_commands=reload + +run_rc_command "$1" Index: head/www/h2o-devel/pkg-descr =================================================================== --- head/www/h2o-devel/pkg-descr +++ head/www/h2o-devel/pkg-descr @@ -0,0 +1,24 @@ +H2O is a very fast HTTP server written in C. It can also be used as a library. + +It supports: + +- HTTP/1.0, HTTP/1.1 +- HTTP/2 +- persistent connections +- chunked encoding +- negotiation methods: NPN, ALPN, Upgrade, direct +- dependency and weight-based prioritization +- server push +- TLS up to 1.3 +- support OpenSSL and LibreSSL +- forward secrecy +- AEAD ciphers +- OCSP stapling (automatically enabled) +- session resumption (internal memory) +- conditional GET using last-modified / etag +- mime-type configuration +- reverse proxy +- websocket support +- embedded mruby interpreter for high speed custom functions + +WWW: https://github.com/h2o/h2o Index: head/www/h2o-devel/pkg-plist =================================================================== --- head/www/h2o-devel/pkg-plist +++ head/www/h2o-devel/pkg-plist @@ -0,0 +1,120 @@ +bin/h2o +include/h2o.h +include/h2o/balancer.h +include/h2o/cache.h +include/h2o/cache_digests.h +include/h2o/configurator.h +include/h2o/file.h +include/h2o/filecache.h +include/h2o/hiredis_.h +include/h2o/hostinfo.h +include/h2o/http1.h +include/h2o/http1client.h +include/h2o/http2.h +include/h2o/http2_casper.h +include/h2o/http2_internal.h +include/h2o/http2_scheduler.h +include/h2o/linklist.h +include/h2o/memcached.h +include/h2o/memory.h +include/h2o/mruby_.h +include/h2o/multithread.h +include/h2o/openssl_backport.h +include/h2o/rand.h +include/h2o/redis.h +include/h2o/serverutil.h +include/h2o/socket.h +include/h2o/socket/evloop.h +include/h2o/socket/uv-binding.h +include/h2o/socketpool.h +include/h2o/string_.h +include/h2o/time_.h +include/h2o/timeout.h +include/h2o/token.h +include/h2o/tunnel.h +include/h2o/url.h +include/h2o/version.h +include/h2o/websocket.h +lib/libh2o-evloop.so +lib/libh2o-evloop.so.0.15 +lib/libh2o-evloop.so.0.15.0-beta1 +lib/libh2o.so +lib/libh2o.so.0.15 +lib/libh2o.so.0.15.0-beta1 +libdata/pkgconfig/libh2o-evloop.pc +libdata/pkgconfig/libh2o.pc +man/man5/h2o.conf.5.gz +man/man8/h2o.8.gz +%%DATADIR%%/annotate-backtrace-symbols +%%DATADIR%%/fetch-ocsp-response +%%DATADIR%%/kill-on-close +%%DATADIR%%/start_server +%%DATADIR%%/ca-bundle.crt +%%DATADIR%%/fastcgi-cgi +%%DATADIR%%/setuidgid +%%DATADIR%%/status/index.html +%%MRUBY%%%%DATADIR%%/mruby/acl.rb +%%MRUBY%%%%DATADIR%%/mruby/bootstrap.rb +%%MRUBY%%%%DATADIR%%/mruby/dos_detector.rb +%%MRUBY%%%%DATADIR%%/mruby/htpasswd.rb +%%MRUBY%%%%DATADIR%%/mruby/lru_cache.rb +%%MRUBY%%%%DATADIR%%/mruby/redis.rb +%%MRUBY%%%%DATADIR%%/mruby/preloads.rb +%%MRUBY%%%%DATADIR%%/mruby/trie_addr.rb +%%PORTDOCS%%%%DOCSDIR%%/assets/8mbps100msec-nginx195-h2o150.png +%%PORTDOCS%%%%DOCSDIR%%/assets/firstpaintbench.png +%%PORTDOCS%%%%DOCSDIR%%/assets/remotebench.png +%%PORTDOCS%%%%DOCSDIR%%/assets/searchstyle.css +%%PORTDOCS%%%%DOCSDIR%%/assets/staticfile612-nginx1910-h2o170.png +%%PORTDOCS%%%%DOCSDIR%%/assets/style.css +%%PORTDOCS%%%%DOCSDIR%%/benchmarks.html +%%PORTDOCS%%%%DOCSDIR%%/configure.html +%%PORTDOCS%%%%DOCSDIR%%/configure/access_control.html +%%PORTDOCS%%%%DOCSDIR%%/configure/access_log_directives.html +%%PORTDOCS%%%%DOCSDIR%%/configure/base_directives.html +%%PORTDOCS%%%%DOCSDIR%%/configure/basic_auth.html +%%PORTDOCS%%%%DOCSDIR%%/configure/cgi.html +%%PORTDOCS%%%%DOCSDIR%%/configure/command_options.html +%%PORTDOCS%%%%DOCSDIR%%/configure/compress_directives.html +%%PORTDOCS%%%%DOCSDIR%%/configure/dos_detection.html +%%PORTDOCS%%%%DOCSDIR%%/configure/errordoc_directives.html +%%PORTDOCS%%%%DOCSDIR%%/configure/expires_directives.html +%%PORTDOCS%%%%DOCSDIR%%/configure/fastcgi_directives.html +%%PORTDOCS%%%%DOCSDIR%%/configure/file_directives.html +%%PORTDOCS%%%%DOCSDIR%%/configure/headers_directives.html +%%PORTDOCS%%%%DOCSDIR%%/configure/http1_directives.html +%%PORTDOCS%%%%DOCSDIR%%/configure/http2_directives.html +%%PORTDOCS%%%%DOCSDIR%%/configure/mruby.html +%%PORTDOCS%%%%DOCSDIR%%/configure/mruby_directives.html +%%PORTDOCS%%%%DOCSDIR%%/configure/proxy_directives.html +%%PORTDOCS%%%%DOCSDIR%%/configure/quick_start.html +%%PORTDOCS%%%%DOCSDIR%%/configure/redirect_directives.html +%%PORTDOCS%%%%DOCSDIR%%/configure/reproxy_directives.html +%%PORTDOCS%%%%DOCSDIR%%/configure/status_directives.html +%%PORTDOCS%%%%DOCSDIR%%/configure/syntax_and_structure.html +%%PORTDOCS%%%%DOCSDIR%%/configure/throttle_response_directives.html +%%PORTDOCS%%%%DOCSDIR%%/examples/doc_root.alternate/index.txt +%%PORTDOCS%%%%DOCSDIR%%/examples/doc_root/index.html +%%PORTDOCS%%%%DOCSDIR%%/examples/h2o/alternate.crt +%%PORTDOCS%%%%DOCSDIR%%/examples/h2o/alternate.key +%%PORTDOCS%%%%DOCSDIR%%/examples/h2o/h2o.conf +%%PORTDOCS%%%%DOCSDIR%%/examples/h2o/server.crt +%%PORTDOCS%%%%DOCSDIR%%/examples/h2o/server.key +%%PORTDOCS%%%%DOCSDIR%%/examples/h2o_mruby/h2o.conf +%%PORTDOCS%%%%DOCSDIR%%/examples/h2o_mruby/hello.rb +%%PORTDOCS%%%%DOCSDIR%%/examples/libh2o/http1client.c +%%PORTDOCS%%%%DOCSDIR%%/examples/libh2o/latency-optimization.c +%%PORTDOCS%%%%DOCSDIR%%/examples/libh2o/redis-client.c +%%PORTDOCS%%%%DOCSDIR%%/examples/libh2o/simple.c +%%PORTDOCS%%%%DOCSDIR%%/examples/libh2o/socket-client.c +%%PORTDOCS%%%%DOCSDIR%%/examples/libh2o/websocket.c +%%PORTDOCS%%%%DOCSDIR%%/h2o.conf.5 +%%PORTDOCS%%%%DOCSDIR%%/faq.html +%%PORTDOCS%%%%DOCSDIR%%/index.html +%%PORTDOCS%%%%DOCSDIR%%/install.html +%%PORTDOCS%%%%DOCSDIR%%/search/jquery-1.9.1.min.js +%%PORTDOCS%%%%DOCSDIR%%/search/oktavia-english-search.js +%%PORTDOCS%%%%DOCSDIR%%/search/oktavia-jquery-ui.js +%%PORTDOCS%%%%DOCSDIR%%/search/searchindex.js +@dir(%%H2O_USER%%,%%H2O_GROUP%%,0750) %%H2O_LOGDIR%% +@sample %%ETCDIR%%/h2o.conf.sample