Index: branches/2019Q2/www/h2o/Makefile =================================================================== --- branches/2019Q2/www/h2o/Makefile (revision 505423) +++ branches/2019Q2/www/h2o/Makefile (revision 505424) @@ -1,84 +1,83 @@ # Created by: Dave Cottlehuber # $FreeBSD$ PORTNAME= h2o DISTVERSIONPREFIX= v DISTVERSION= 2.2.5 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= www MAINTAINER= dch@FreeBSD.org COMMENT= Optimized HTTP/2 server including support for TLS 1.3 and HTTP/1.x LICENSE= MIT BSD2CLAUSE LICENSE_COMB= multi BROKEN_armv6= fails to compile: asm_arm.inc:139:36: '.syntax divided' arm assembly not supported BROKEN_armv7= fails to compile: asm_arm.inc:139:36: '.syntax divided' arm assembly not supported BROKEN_powerpc64= fails to link: unrecognized option '-Wl,-rpath=/usr/local/lib/gcc6' LIB_DEPENDS= libuv.so:devel/libuv USES= cmake:noninja compiler:c11 cpe perl5 shebangfix ssl pkgconfig USE_GITHUB= yes USE_PERL5= run USE_LDCONFIG= yes CPE_VENDOR= h2o_project CONFLICTS= h2o-devel-* SHEBANG_FILES= share/h2o/start_server PORTDOCS= README.md SUB_FILES= ${PORTNAME} ${PORTNAME}.conf.sample SUB_LIST+= H2O_USER=${H2O_USER} \ H2O_GROUP=${H2O_GROUP} \ H2O_LOGDIR=${H2O_LOGDIR} PLIST_SUB= H2O_USER=${H2O_USER} \ H2O_GROUP=${H2O_GROUP} \ H2O_LOGDIR=${H2O_LOGDIR} H2O_USER?= www H2O_GROUP?= www H2O_LOGDIR= /var/log/${PORTNAME}/ USE_RC_SUBR= ${PORTNAME} OPTIONS_DEFINE= MRUBY DOCS OPTIONS_DEFAULT= MRUBY OPTIONS_SUB= yes MRUBY_DESC= Build with embedded mruby handler support CMAKE_ARGS+= -DBUILD_SHARED_LIBS=ON -DWITH_BUNDLED_SSL=OFF -CMAKE_VERBOSE= yes MRUBY_CMAKE_BOOL= WITH_MRUBY MRUBY_USES= bison MRUBY_USE= ruby=yes MRUBY_VARS= RUBY_NO_RUN_DEPENDS=yes post-patch: @${REINPLACE_CMD} -e 's|exec perl|exec ${LOCALBASE}/bin/perl|' \ ${WRKSRC}/share/h2o/annotate-backtrace-symbols \ ${WRKSRC}/share/h2o/fastcgi-cgi \ ${WRKSRC}/share/h2o/fetch-ocsp-response \ ${WRKSRC}/share/h2o/kill-on-close \ ${WRKSRC}/share/h2o/setuidgid \ ${WRKSRC}/share/h2o/start_server post-install: ${MKDIR} ${STAGEDIR}${ETCDIR} \ ${STAGEDIR}${H2O_LOGDIR} ${INSTALL_DATA} \ ${WRKDIR}/${PORTNAME}.conf.sample \ ${STAGEDIR}${ETCDIR}/${PORTNAME}.conf.sample post-install-DOCS-on: ${MKDIR} ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/README.md ${STAGEDIR}${DOCSDIR} .include Index: branches/2019Q2/www/h2o/files/h2o.conf.sample.in =================================================================== --- branches/2019Q2/www/h2o/files/h2o.conf.sample.in (revision 505423) +++ branches/2019Q2/www/h2o/files/h2o.conf.sample.in (revision 505424) @@ -1,104 +1,97 @@ # this sample config gives you a feel for how h2o can be used # and a high-security configuration for TLS and HTTP headers # see https://h2o.examp1e.net/ for detailed documentation # and h2o --help for command-line options and settings user: www pid-file: /var/run/h2o.pid # log normal access to file access-log: /var/log/h2o/access.log # send errors to syslog error-log: "| logger -i -p daemon.err -t h2o" # as of 2017-12-01 the following TLS config and headers, with # DNS CAA records and custom diffie-hellmann parameters via # `openssl dhparam -out %%PREFIX%%/etc/ssl/dhparam.pem 4096` # will get you: # A+ on https://www.ssllabs.com/ssltest/ listen: 80 listen: port: 443 ssl: # using at least TLS1.2 restricts many older devices minimum-version: TLSv1.1 dh-file: %%PREFIX%%/etc/ssl/dhparam.pem # generate your own certificates with security/acme-client certificate-file: %%PREFIX%%/etc/ssl/acme/example.org/fullchain.pem key-file: %%PREFIX%%/etc/ssl/acme/private/example.org/privkey.pem cipher-preference: server cipher-suite: ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS # A+ on https://securityheaders.io/ header.add: "x-frame-options: deny" header.add: "X-XSS-Protection: 1; mode=block" header.add: "X-Content-Type-Options: nosniff" header.add: "X-UA-Compatible: IE=Edge" header.add: "Referrer-Policy: strict-origin" header.add: "Cache-Control: no-transform" header.add: "Content-Security-Policy: default-src https:" # 6 months HSTS pinning header.add: "Strict-Transport-Security: max-age=16000000" -# no patience for slow users -http1-request-timeout: 10 -http2-idle-timeout: 10 # limit POST bodies limit-request-body: 10485760 # 10MiB -max-connections: 1024 file.mime.addtypes: - image/svg+xml: .svg text/plain: .log text/css: .css application/atom+xml: .xml - application/zip: .zip - application/json: .json "text/html; charset=utf-8": .html # per-host configurations hosts: # a basic fileserver www.example.org: # enable Apache-style directory listings file.dirlisting: on file.send-gzip: on paths: "/": file.dir: "/var/www/www.example.org" # a simple permanent URL redirect "/blog": redirect: status: 301 url: https://blog.example.org/ # a password-restricted url "/server-status": mruby.handler: | require "htpasswd.rb" Htpasswd.new("%%ETCDIR%%/private/htpasswd", "example.org") status: ON # redireect Lets Encrypt ACME protocol to a specific challenge directory "/.well-known/acme-challenge": file.dir: "/var/www/acme" # virtual directory layout to support serving FreeBSD packages built by poudriere pkg.example.org: paths: "/poudriere": file.dir: "%%PREFIX%%/poudriere/data/logs/bulk" "/FreeBSD:10:amd64": file.dir: "%%PREFIX%%/poudriere/data/packages/10_amd64-default/" "/FreeBSD:11:amd64": file.dir: "%%PREFIX%%/poudriere/data/packages/11_amd64-default/" # a simple ruby-powered embedded JSON API api.example.net: paths: "/ok.json": mruby.handler: | Proc.new do |env| [200, {'content-type' => 'application/json'}, ['{"status":"ok"}']] end # a websockets-aware reverse proxy ws.example.net: paths: "/": proxy.websocket: ON proxy.reverse.url: "http://localhost:1080/" Index: branches/2019Q2/www/h2o/files/h2o.in =================================================================== --- branches/2019Q2/www/h2o/files/h2o.in (revision 505423) +++ branches/2019Q2/www/h2o/files/h2o.in (revision 505424) @@ -1,42 +1,46 @@ #!/bin/sh # # $FreeBSD$ # # PROVIDE: h2o # REQUIRE: LOGIN DAEMON NETWORKING # KEYWORD: shutdown # Add the following lines to /etc/rc.conf.local or /etc/rc.conf # to enable this service: # # h2o_enable (bool): Set to NO by default. # Set it to YES to enable h2o. # # h2o_config (string): Optional full path for h2o config file # h2o_perl (string): Optional full path to perl executable . /etc/rc.subr name=h2o rcvar=h2o_enable desc="An HTTP/2 high-performance webserver" load_rc_config $name +extra_commands="configtest reload" +configtest_cmd="h2o_configtest" + # defaults : ${h2o_enable:=NO} : ${h2o_config:=%%PREFIX%%/etc/${name}/${name}.conf} : ${h2o_perl:=%%LOCALBASE%%/bin/perl} # daemon -pidfile=`grep pid-file ${h2o_config} | cut -d' ' -f2` +pidfile=`grep pid-file ${h2o_config} | awk '{print $2}'` h2o_env="H2O_PERL=${h2o_perl}" command="%%PREFIX%%/bin/${name}" command_args="-m daemon -c ${h2o_config}" procname="%%LOCALBASE%%/bin/perl" -# support SIGHUP to reload configuration file -extra_commands=reload +h2o_configtest() { + "${command}" -c "${h2o_config}" -t +} run_rc_command "$1" Index: branches/2019Q2/www/h2o-devel/Makefile =================================================================== --- branches/2019Q2/www/h2o-devel/Makefile (revision 505423) +++ branches/2019Q2/www/h2o-devel/Makefile (revision 505424) @@ -1,84 +1,83 @@ # Created by: Dave Cottlehuber # $FreeBSD$ PORTNAME= h2o DISTVERSIONPREFIX= v DISTVERSION= 2.3.0-beta1 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= www PKGNAMESUFFIX= -devel MAINTAINER= dch@FreeBSD.org COMMENT= Optimized HTTP/2 server including support for TLS 1.3 and HTTP/1.x LICENSE= MIT BSD2CLAUSE LICENSE_COMB= multi BROKEN_armv6= fails to compile: asm_arm.inc:139:36: '.syntax divided' arm assembly not supported BROKEN_armv7= fails to compile: asm_arm.inc:139:36: '.syntax divided' arm assembly not supported BROKEN_powerpc64= fails to link: unrecognized option '-Wl,-rpath=/usr/local/lib/gcc6' LIB_DEPENDS= libuv.so:devel/libuv USES= cmake:noninja compiler:c11 cpe perl5 shebangfix ssl pkgconfig CPE_VENDOR= h2o_project USE_GITHUB= yes USE_PERL5= run USE_LDCONFIG= yes CONFLICTS= h2o-2* SHEBANG_FILES= share/h2o/start_server PORTDOCS= README.md SUB_FILES= ${PORTNAME} ${PORTNAME}.conf.sample SUB_LIST+= H2O_USER=${H2O_USER} \ H2O_GROUP=${H2O_GROUP} \ H2O_LOGDIR=${H2O_LOGDIR} PLIST_SUB= H2O_USER=${H2O_USER} \ H2O_GROUP=${H2O_GROUP} \ H2O_LOGDIR=${H2O_LOGDIR} H2O_USER?= www H2O_GROUP?= www H2O_LOGDIR= /var/log/${PORTNAME}/ USE_RC_SUBR= ${PORTNAME} OPTIONS_DEFINE= MRUBY DOCS OPTIONS_DEFAULT= MRUBY OPTIONS_SUB= yes MRUBY_DESC= Build with embedded mruby handler support CMAKE_ARGS+= -DBUILD_SHARED_LIBS=ON -DWITH_BUNDLED_SSL=OFF -CMAKE_VERBOSE= yes MRUBY_CMAKE_BOOL= WITH_MRUBY MRUBY_USES= bison MRUBY_USE= ruby=yes MRUBY_VARS= RUBY_NO_RUN_DEPENDS=yes post-patch: @${REINPLACE_CMD} -e 's|exec perl|exec ${LOCALBASE}/bin/perl|' \ ${WRKSRC}/share/h2o/annotate-backtrace-symbols \ ${WRKSRC}/share/h2o/fastcgi-cgi \ ${WRKSRC}/share/h2o/fetch-ocsp-response \ ${WRKSRC}/share/h2o/kill-on-close \ ${WRKSRC}/share/h2o/setuidgid \ ${WRKSRC}/share/h2o/start_server post-install: ${MKDIR} ${STAGEDIR}${ETCDIR} \ ${STAGEDIR}${H2O_LOGDIR} ${INSTALL_DATA} \ ${WRKDIR}/${PORTNAME}.conf.sample \ ${STAGEDIR}${ETCDIR}/${PORTNAME}.conf.sample post-install-DOCS-on: ${MKDIR} ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/README.md ${STAGEDIR}${DOCSDIR} .include Index: branches/2019Q2/www/h2o-devel/files/h2o.conf.sample.in =================================================================== --- branches/2019Q2/www/h2o-devel/files/h2o.conf.sample.in (revision 505423) +++ branches/2019Q2/www/h2o-devel/files/h2o.conf.sample.in (revision 505424) @@ -1,104 +1,97 @@ # this sample config gives you a feel for how h2o can be used # and a high-security configuration for TLS and HTTP headers # see https://h2o.examp1e.net/ for detailed documentation # and h2o --help for command-line options and settings user: www pid-file: /var/run/h2o.pid # log normal access to file access-log: /var/log/h2o/access.log # send errors to syslog error-log: "| logger -i -p daemon.err -t h2o" # as of 2017-12-01 the following TLS config and headers, with # DNS CAA records and custom diffie-hellmann parameters via # `openssl dhparam -out %%PREFIX%%/etc/ssl/dhparam.pem 4096` # will get you: # A+ on https://www.ssllabs.com/ssltest/ listen: 80 listen: port: 443 ssl: # using at least TLS1.2 restricts many older devices minimum-version: TLSv1.1 dh-file: %%PREFIX%%/etc/ssl/dhparam.pem # generate your own certificates with security/acme-client certificate-file: %%PREFIX%%/etc/ssl/acme/example.org/fullchain.pem key-file: %%PREFIX%%/etc/ssl/acme/private/example.org/privkey.pem cipher-preference: server cipher-suite: ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS # A+ on https://securityheaders.io/ header.add: "x-frame-options: deny" header.add: "X-XSS-Protection: 1; mode=block" header.add: "X-Content-Type-Options: nosniff" header.add: "X-UA-Compatible: IE=Edge" header.add: "Referrer-Policy: strict-origin" header.add: "Cache-Control: no-transform" header.add: "Content-Security-Policy: default-src https:" # 6 months HSTS pinning header.add: "Strict-Transport-Security: max-age=16000000" -# no patience for slow users -http1-request-timeout: 10 -http2-idle-timeout: 10 # limit POST bodies limit-request-body: 10485760 # 10MiB -max-connections: 1024 file.mime.addtypes: - image/svg+xml: .svg text/plain: .log text/css: .css application/atom+xml: .xml - application/zip: .zip - application/json: .json "text/html; charset=utf-8": .html # per-host configurations hosts: # a basic fileserver www.example.org: # enable Apache-style directory listings file.dirlisting: on file.send-gzip: on paths: "/": file.dir: "/var/www/www.example.org" # a simple permanent URL redirect "/blog": redirect: status: 301 url: https://blog.example.org/ # a password-restricted url "/server-status": mruby.handler: | require "htpasswd.rb" Htpasswd.new("%%ETCDIR%%/private/htpasswd", "example.org") status: ON # redireect Lets Encrypt ACME protocol to a specific challenge directory "/.well-known/acme-challenge": file.dir: "/var/www/acme" # virtual directory layout to support serving FreeBSD packages built by poudriere pkg.example.org: paths: "/poudriere": file.dir: "%%PREFIX%%/poudriere/data/logs/bulk" "/FreeBSD:10:amd64": file.dir: "%%PREFIX%%/poudriere/data/packages/10_amd64-default/" "/FreeBSD:11:amd64": file.dir: "%%PREFIX%%/poudriere/data/packages/11_amd64-default/" # a simple ruby-powered embedded JSON API api.example.net: paths: "/ok.json": mruby.handler: | Proc.new do |env| [200, {'content-type' => 'application/json'}, ['{"status":"ok"}']] end # a websockets-aware reverse proxy ws.example.net: paths: "/": proxy.websocket: ON proxy.reverse.url: "http://localhost:1080/" Index: branches/2019Q2/www/h2o-devel/files/h2o.in =================================================================== --- branches/2019Q2/www/h2o-devel/files/h2o.in (revision 505423) +++ branches/2019Q2/www/h2o-devel/files/h2o.in (revision 505424) @@ -1,42 +1,46 @@ #!/bin/sh # # $FreeBSD$ # # PROVIDE: h2o # REQUIRE: LOGIN DAEMON NETWORKING # KEYWORD: shutdown # Add the following lines to /etc/rc.conf.local or /etc/rc.conf # to enable this service: # # h2o_enable (bool): Set to NO by default. # Set it to YES to enable h2o. # # h2o_config (string): Optional full path for h2o config file # h2o_perl (string): Optional full path to perl executable . /etc/rc.subr name=h2o rcvar=h2o_enable desc="An HTTP/2 high-performance webserver" load_rc_config $name +extra_commands="configtest reload" +configtest_cmd="h2o_configtest" + # defaults : ${h2o_enable:=NO} : ${h2o_config:=%%PREFIX%%/etc/${name}/${name}.conf} : ${h2o_perl:=%%LOCALBASE%%/bin/perl} # daemon -pidfile=`grep pid-file ${h2o_config} | cut -d' ' -f2` +pidfile=`grep pid-file ${h2o_config} | awk '{print $2}'` h2o_env="H2O_PERL=${h2o_perl}" command="%%PREFIX%%/bin/${name}" command_args="-m daemon -c ${h2o_config}" procname="%%LOCALBASE%%/bin/perl" -# support SIGHUP to reload configuration file -extra_commands=reload +h2o_configtest() { + "${command}" -c "${h2o_config}" -t +} run_rc_command "$1" Index: branches/2019Q2 =================================================================== --- branches/2019Q2 (revision 505423) +++ branches/2019Q2 (revision 505424) Property changes on: branches/2019Q2 ___________________________________________________________________ Modified: svn:mergeinfo ## -0,0 +0,1 ## Merged /head:r502589,505423