Page MenuHomeFreeBSD
Files F136805001

D13077.id36043.diff
No OneTemporary
Actions

D13077.id36043.diff
View Options

Index: www/h2o/Makefile
===================================================================
--- www/h2o/Makefile
+++ www/h2o/Makefile
@@ -4,12 +4,14 @@
PORTNAME= h2o
DISTVERSIONPREFIX= v
DISTVERSION= 2.2.3
+PORTREVISION= 1
CATEGORIES= www
-MAINTAINER= dch@skunkwerks.at
+MAINTAINER= dch@FreeBSD.org
COMMENT= Optimized HTTP/2 server including support for TLS 1.3 and HTTP/1.x
-LICENSE= MIT
+LICENSE= MIT BSD2CLAUSE
+LICENSE_COMB= multi
USES= cmake:noninja compiler:c11 cpe perl5 shebangfix ssl
CPE_VENDOR= h2o_project
Index: www/h2o/files/h2o.conf.sample
===================================================================
--- www/h2o/files/h2o.conf.sample
+++ www/h2o/files/h2o.conf.sample
@@ -4,29 +4,93 @@
user: www
pid-file: /var/run/h2o.pid
access-log: /var/log/h2o/h2o-access.log
-error-log: /var/log/h2o/h2o-error.log
+# send errors to syslog
+error-log: "| logger -i -p daemon.err -t h2o"
listen: 80
+# as of 2017-11-01 the following TLS config and headers gets you:
+# gets A on https://www.ssllabs.com/ssltest/
+# gets A+ on https://securityheaders.io/
listen:
- port: 443
- ssl:
- minimum-version: TLSv1.2
- # generate your own certificates
- certificate-file: /usr/local/etc/h2o/server.crt
- key-file: /usr/local/etc/h2o/server.key
-# enable Apache-style directory listings
-# file.dirlisting: on
-# per-host configuration
+ port: 443
+ ssl:
+ minimum-version: TLSv1.2
+ # generate your own certificates
+ certificate-file: /usr/local/etc/h2o/server.crt
+ key-file: /usr/local/etc/h2o/server.key
+ cipher-preference: server
+ cipher-suite: ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
+# host headers, global
+header.add: "x-frame-options: deny"
+header.add: "X-XSS-Protection: 1; mode=block"
+header.add: "X-Content-Type-Options: nosniff"
+header.add: "X-UA-Compatible: IE=Edge"
+header.add: "Referrer-Policy: strict-origin"
+header.add: "Cache-Control: no-transform"
+# 6 months HSTS pinning
+header.add: "Strict-Transport-Security: max-age=16000000"
+
+# no patience for slow users
+http1-request-timeout: 10
+http2-idle-timeout: 10
+# limit POST bodies
+limit-request-body: 10485760 # 10MiB
+max-connections: 1024
+
+file.mime.addtypes:
+ image/svg+xml: .svg
+ text/plain: .log
+ text/css: .css
+ application/atom+xml: .xml
+ application/zip: .zip
+ application/json: .json
+ "text/html; charset=utf-8": .html
+
+# per-host configurations
hosts:
- my.example.org:
- paths:
- "/":
- file.dir: "/usr/local/www/data/my.example.org"
- pkg.example.org:
- # virtual directory layout
- paths:
- "/poudriere":
- file.dir: "/usr/local/poudriere/data/logs/bulk"
- "/FreeBSD:10:amd64":
- file.dir: "/usr/local/poudriere/data/packages/10_2_amd64-default/"
- "/FreeBSD:11:amd64":
- file.dir: "/usr/local/poudriere/data/packages/current_amd64-default/"
+ # a basic fileserver
+ www.example.org:
+ # enable Apache-style directory listings
+ file.dirlisting: on
+ file.send-gzip: on
+ paths:
+ "/":
+ file.dir: "/var/www/my.example.org"
+ # a simple permanent URL redirect
+ "/blog":
+ redirect:
+ status: 301
+ url: https://blog.example.org/
+ # a password-restricted url
+ "/admin":
+ mruby.handler: |
+ require "htpasswd.rb"
+ Htpasswd.new("/usr/local/etc/h2o/private/htpasswd", "domain")
+ file.dir: "/var/www/admin"
+ pkg.example.org:
+ # virtual directory layout to support serving FreeBSD packages built by poudriere
+ paths:
+ "/poudriere":
+ file.dir: "/usr/local/poudriere/data/logs/bulk"
+ "/FreeBSD:10:amd64":
+ file.dir: "/usr/local/poudriere/data/packages/10_amd64-default/"
+ "/FreeBSD:11:amd64":
+ file.dir: "/usr/local/poudriere/data/packages/11_amd64-default/"
+ # a simple ruby-powered embedded JSON API
+ api.example.net:
+ paths:
+ "/ok.json":
+ mruby.handler: |
+ Proc.new do |env|
+ [200, {'content-type' => 'application/json'}, ['{"status":"ok"}']]
+ end
+ # reverse proxy for websockets
+ ws.example.net:
+ paths:
+ "/":
+ proxy.websocket: ON
+ proxy.reverse.url: "http://localhost:1080/"
+ # re-usable lets encrypt ACME protocol
+ acme.example.net:
+ paths:
+ "/.well-known/acme-challenge":
+ file.dir: "/var/www/acme"
Index: www/h2o/files/patch-lib_core_token__table.h
===================================================================
--- /dev/null
+++ www/h2o/files/patch-lib_core_token__table.h
@@ -0,0 +1,11 @@
+--- lib/core/token_table.h.orig 2017-11-16 18:55:31 UTC
++++ lib/core/token_table.h
+@@ -74,7 +74,7 @@ h2o_token_t h2o__tokens[] = {{{H2O_STRLIT(":authority"
+ {{H2O_STRLIT("strict-transport-security")}, 56, 0, 0, 0, 0, 0},
+ {{H2O_STRLIT("te")}, 0, 1, 0, 0, 1, 0},
+ {{H2O_STRLIT("transfer-encoding")}, 57, 1, 1, 1, 1, 0},
+- {{H2O_STRLIT("upgrade")}, 0, 1, 0, 1, 1, 0},
++ {{H2O_STRLIT("upgrade")}, 0, 1, 1, 1, 1, 0, 0},
+ {{H2O_STRLIT("user-agent")}, 58, 0, 0, 0, 0, 1},
+ {{H2O_STRLIT("vary")}, 59, 0, 0, 0, 0, 0},
+ {{H2O_STRLIT("via")}, 60, 0, 0, 0, 0, 0},
Index: www/h2o/files/patch-misc_tokens.pl
===================================================================
--- /dev/null
+++ www/h2o/files/patch-misc_tokens.pl
@@ -0,0 +1,11 @@
+--- misc/tokens.pl.orig 2017-11-16 18:56:46 UTC
++++ misc/tokens.pl
+@@ -223,7 +223,7 @@ __DATA__
+ 61 0 0 0 0 0 www-authenticate
+ 0 1 1 0 1 0 connection
+ 0 0 0 0 0 0 x-reproxy-url
+-0 1 0 1 1 0 upgrade
++0 1 1 1 1 0 upgrade
+ 0 1 0 0 1 0 http2-settings
+ 0 1 0 0 1 0 te
+ 0 1 1 0 0 0 keep-alive

File Metadata

Mime Type
text/plain
Expires
Thu, Nov 20, 4:38 PM (7 h, 11 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
25734695
Default Alt Text
D13077.id36043.diff (6 KB)

Event Timeline