Page MenuHomeFreeBSD
Files F149866570

D13077.id36630.diff
No OneTemporary
Actions

D13077.id36630.diff
View Options

Index: www/h2o/Makefile
===================================================================
--- www/h2o/Makefile
+++ www/h2o/Makefile
@@ -1,15 +1,16 @@
-# Created by: Dave Cottlehuber <dch@skunkwerks.at>
+# Created by: Dave Cottlehuber <dch@FreeBSD.org>
# $FreeBSD$
PORTNAME= h2o
DISTVERSIONPREFIX= v
-DISTVERSION= 2.2.3
+DISTVERSION= 2.2.4
CATEGORIES= www
-MAINTAINER= dch@skunkwerks.at
+MAINTAINER= dch@FreeBSD.org
COMMENT= Optimized HTTP/2 server including support for TLS 1.3 and HTTP/1.x
-LICENSE= MIT
+LICENSE= MIT BSD2CLAUSE
+LICENSE_COMB= multi
BROKEN_armv6= fails to compile: asm_arm.inc:139:36: '.syntax divided' arm assembly not supported
BROKEN_armv7= fails to compile: asm_arm.inc:139:36: '.syntax divided' arm assembly not supported
@@ -23,7 +24,7 @@
PORTDOCS= README.md
-SUB_FILES= ${PORTNAME}
+SUB_FILES= ${PORTNAME} ${PORTNAME}.conf.sample
SUB_LIST+= H2O_USER=${H2O_USER} \
H2O_GROUP=${H2O_GROUP} \
H2O_LOGDIR=${H2O_LOGDIR}
@@ -55,15 +56,17 @@
post-patch:
@${REINPLACE_CMD} -e 's|exec perl|exec ${LOCALBASE}/bin/perl|' \
${WRKSRC}/share/h2o/annotate-backtrace-symbols \
+ ${WRKSRC}/share/h2o/fastcgi-cgi \
${WRKSRC}/share/h2o/fetch-ocsp-response \
${WRKSRC}/share/h2o/kill-on-close \
+ ${WRKSRC}/share/h2o/setuidgid \
${WRKSRC}/share/h2o/start_server
post-install:
${MKDIR} ${STAGEDIR}${ETCDIR} \
${STAGEDIR}${H2O_LOGDIR}
${INSTALL_DATA} \
- ${FILESDIR}/${PORTNAME}.conf.sample \
+ ${WRKDIR}/${PORTNAME}.conf.sample \
${STAGEDIR}${ETCDIR}/${PORTNAME}.conf.sample
post-install-DOCS-on:
Index: www/h2o/distinfo
===================================================================
--- www/h2o/distinfo
+++ www/h2o/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1508527966
-SHA256 (h2o-h2o-v2.2.3_GH0.tar.gz) = d40401ca714d00ca5204e8d22148dbaa9cae3407e3b4b6b62bd208543901ea51
-SIZE (h2o-h2o-v2.2.3_GH0.tar.gz) = 16207150
+TIMESTAMP = 1513347798
+SHA256 (h2o-h2o-v2.2.4_GH0.tar.gz) = ebacf3b15f40958c950e18e79ad5a647f61e989c6dbfdeea858ce943ef5e3cd8
+SIZE (h2o-h2o-v2.2.4_GH0.tar.gz) = 16212596
Index: www/h2o/files/h2o.conf.sample
===================================================================
--- www/h2o/files/h2o.conf.sample
+++ /dev/null
@@ -1,32 +0,0 @@
-# vi: ft=yaml
-# see https://h2o.examp1e.net/ for detailed documentation
-# see h2o --help for command-line options and settings
-user: www
-pid-file: /var/run/h2o.pid
-access-log: /var/log/h2o/h2o-access.log
-error-log: /var/log/h2o/h2o-error.log
-listen: 80
-listen:
- port: 443
- ssl:
- minimum-version: TLSv1.2
- # generate your own certificates
- certificate-file: /usr/local/etc/h2o/server.crt
- key-file: /usr/local/etc/h2o/server.key
-# enable Apache-style directory listings
-# file.dirlisting: on
-# per-host configuration
-hosts:
- my.example.org:
- paths:
- "/":
- file.dir: "/usr/local/www/data/my.example.org"
- pkg.example.org:
- # virtual directory layout
- paths:
- "/poudriere":
- file.dir: "/usr/local/poudriere/data/logs/bulk"
- "/FreeBSD:10:amd64":
- file.dir: "/usr/local/poudriere/data/packages/10_2_amd64-default/"
- "/FreeBSD:11:amd64":
- file.dir: "/usr/local/poudriere/data/packages/current_amd64-default/"
Index: www/h2o/files/h2o.conf.sample.in
===================================================================
--- /dev/null
+++ www/h2o/files/h2o.conf.sample.in
@@ -0,0 +1,104 @@
+# this sample config gives you a feel for how h2o can be used
+# and a high-security configuration for TLS and HTTP headers
+# see https://h2o.examp1e.net/ for detailed documentation
+# and h2o --help for command-line options and settings
+user: www
+pid-file: /var/run/h2o.pid
+# log normal access to file
+access-log: /var/log/h2o/access.log
+# send errors to syslog
+error-log: "| logger -i -p daemon.err -t h2o"
+
+# as of 2017-12-01 the following TLS config and headers, with
+# DNS CAA records and custom diffie-hellmann parameters via
+# `openssl dhparam -out %%PREFIX%%/etc/ssl/dhparam.pem 4096`
+# will get you:
+
+# A+ on https://www.ssllabs.com/ssltest/
+listen: 80
+listen:
+ port: 443
+ ssl:
+ # using at least TLS1.2 restricts many older devices
+ minimum-version: TLSv1.1
+ dh-file: %%PREFIX%%/etc/ssl/dhparam.pem
+ # generate your own certificates with security/acme-client
+ certificate-file: %%PREFIX%%/etc/ssl/acme/example.org/fullchain.pem
+ key-file: %%PREFIX%%/etc/ssl/acme/private/example.org/privkey.pem
+ cipher-preference: server
+ cipher-suite: ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
+
+# A+ on https://securityheaders.io/
+header.add: "x-frame-options: deny"
+header.add: "X-XSS-Protection: 1; mode=block"
+header.add: "X-Content-Type-Options: nosniff"
+header.add: "X-UA-Compatible: IE=Edge"
+header.add: "Referrer-Policy: strict-origin"
+header.add: "Cache-Control: no-transform"
+header.add: "Content-Security-Policy: default-src https:"
+# 6 months HSTS pinning
+header.add: "Strict-Transport-Security: max-age=16000000"
+
+# no patience for slow users
+http1-request-timeout: 10
+http2-idle-timeout: 10
+# limit POST bodies
+limit-request-body: 10485760 # 10MiB
+max-connections: 1024
+
+file.mime.addtypes:
+ image/svg+xml: .svg
+ text/plain: .log
+ text/css: .css
+ application/atom+xml: .xml
+ application/zip: .zip
+ application/json: .json
+ "text/html; charset=utf-8": .html
+
+# per-host configurations
+hosts:
+ # a basic fileserver
+ www.example.org:
+ # enable Apache-style directory listings
+ file.dirlisting: on
+ file.send-gzip: on
+ paths:
+ "/":
+ file.dir: "/var/www/www.example.org"
+ # a simple permanent URL redirect
+ "/blog":
+ redirect:
+ status: 301
+ url: https://blog.example.org/
+ # a password-restricted url
+ "/server-status":
+ mruby.handler: |
+ require "htpasswd.rb"
+ Htpasswd.new("%%ETCDIR%%/private/htpasswd", "example.org")
+ status: ON
+ # redireect Lets Encrypt ACME protocol to a specific challenge directory
+ "/.well-known/acme-challenge":
+ file.dir: "/var/www/acme"
+ # virtual directory layout to support serving FreeBSD packages built by poudriere
+ pkg.example.org:
+ paths:
+ "/poudriere":
+ file.dir: "%%PREFIX%%/poudriere/data/logs/bulk"
+ "/FreeBSD:10:amd64":
+ file.dir: "%%PREFIX%%/poudriere/data/packages/10_amd64-default/"
+ "/FreeBSD:11:amd64":
+ file.dir: "%%PREFIX%%/poudriere/data/packages/11_amd64-default/"
+ # a simple ruby-powered embedded JSON API
+ api.example.net:
+ paths:
+ "/ok.json":
+ mruby.handler: |
+ Proc.new do |env|
+ [200, {'content-type' => 'application/json'}, ['{"status":"ok"}']]
+ end
+ # a websockets-aware reverse proxy
+ ws.example.net:
+ paths:
+ "/":
+ proxy.websocket: ON
+ proxy.reverse.url: "http://localhost:1080/"
Index: www/h2o/pkg-descr
===================================================================
--- www/h2o/pkg-descr
+++ www/h2o/pkg-descr
@@ -1,16 +1,16 @@
H2O is a very fast HTTP server written in C. It can also be used as a library.
+
It supports:
- HTTP/1.0, HTTP/1.1
-- [HTTP/2](http://http2.github.io/)
-- draft 16 (and draft 14 to support older clients)
+- HTTP/2
- persistent connections
- chunked encoding
- negotiation methods: NPN, ALPN, Upgrade, direct
- dependency and weight-based prioritization
- server push
- TLS up to 1.3
-- uses [OpenSSL](https://www.openssl.org/)
+- support OpenSSL and LibreSSL
- forward secrecy
- AEAD ciphers
- OCSP stapling (automatically enabled)
@@ -18,6 +18,7 @@
- conditional GET using last-modified / etag
- mime-type configuration
- reverse proxy
-- persistent upstream connection
+- websocket support
+- embedded mruby interpreter for high speed custom functions
WWW: https://github.com/h2o/h2o

File Metadata

Mime Type
text/plain
Expires
Sat, Mar 28, 5:13 PM (11 h, 23 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
30484862
Default Alt Text
D13077.id36630.diff (8 KB)

Event Timeline