Bring all templates to Fedora 42 baseline

This commit is contained in:
2026-05-04 20:59:48 -05:00
parent 3c7230d4ca
commit 0d874aa552
36 changed files with 990 additions and 936 deletions
@@ -37,6 +37,7 @@ AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/* AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/* AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/* AddIconByType (VID,/icons/movie.gif) video/*
AddIconByType /icons/bomb.gif application/x-coredump
AddIcon /icons/binary.gif .bin .exe AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx AddIcon /icons/binhex.gif .hqx
@@ -53,7 +54,6 @@ AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core.
AddIcon /icons/back.gif .. AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README AddIcon /icons/hand.right.gif README
@@ -19,8 +19,7 @@ DirectoryIndex index.php
# #
# Redirect to local php-fpm (no mod_php in default configuration) # Redirect to local php-fpm (no mod_php in default configuration)
# #
<IfModule !mod_php5.c> <IfModule !mod_php.c>
<IfModule !mod_php7.c>
# Enable http authorization headers # Enable http authorization headers
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1 SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
@@ -28,7 +27,6 @@ DirectoryIndex index.php
SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost" SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
</FilesMatch> </FilesMatch>
</IfModule> </IfModule>
</IfModule>
# #
# mod_php is deprecated as FPM is now used by default with httpd in event mode # mod_php is deprecated as FPM is now used by default with httpd in event mode
@@ -36,7 +34,7 @@ DirectoryIndex index.php
# #
# mod_php options # mod_php options
# #
<IfModule mod_php7.c> <IfModule mod_php.c>
# #
# Cause the PHP interpreter to handle files with a .php extension. # Cause the PHP interpreter to handle files with a .php extension.
# #
@@ -15,6 +15,7 @@ LoadModule authn_dbd_module modules/mod_authn_dbd.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_file_module modules/mod_authn_file.so LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_socache_module modules/mod_authn_socache.so LoadModule authn_socache_module modules/mod_authn_socache.so
LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so
LoadModule authz_core_module modules/mod_authz_core.so LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_dbd_module modules/mod_authz_dbd.so LoadModule authz_dbd_module modules/mod_authz_dbd.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so LoadModule authz_dbm_module modules/mod_authz_dbm.so
@@ -23,7 +24,6 @@ LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_owner_module modules/mod_authz_owner.so LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_user_module modules/mod_authz_user.so LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so LoadModule autoindex_module modules/mod_autoindex.so
LoadModule brotli_module modules/mod_brotli.so
LoadModule cache_module modules/mod_cache.so LoadModule cache_module modules/mod_cache.so
LoadModule cache_disk_module modules/mod_cache_disk.so LoadModule cache_disk_module modules/mod_cache_disk.so
LoadModule cache_socache_module modules/mod_cache_socache.so LoadModule cache_socache_module modules/mod_cache_socache.so
@@ -0,0 +1 @@
LoadModule brotli_module modules/mod_brotli.so
+17 -1
View File
@@ -151,7 +151,7 @@ DocumentRoot "/var/www/html"
# #
# AllowOverride controls what directives may be placed in .htaccess files. # AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords: # It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit # AllowOverride FileInfo AuthConfig Limit
# #
AllowOverride None AllowOverride None
@@ -263,6 +263,15 @@ LogLevel warn
Require all granted Require all granted
</Directory> </Directory>
<IfModule headers_module>
#
# Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
# backend servers which have lingering "httpoxy" defects.
# 'Proxy' request header is undefined by the IETF, not listed by IANA
#
RequestHeader unset Proxy early
</IfModule>
<IfModule mime_module> <IfModule mime_module>
# #
# TypesConfig points to the file containing the list of mappings from # TypesConfig points to the file containing the list of mappings from
@@ -340,6 +349,13 @@ AddDefaultCharset UTF-8
#ErrorDocument 402 http://www.example.com/subscription_info.html #ErrorDocument 402 http://www.example.com/subscription_info.html
# #
#
# MaxRanges: Maximum number of Ranges in a request before
# returning the entire resource, or one of the special
# values 'default', 'none' or 'unlimited'.
# Default setting is to accept 200 Ranges.
#MaxRanges unlimited
# #
# EnableMMAP and EnableSendfile: On systems that support it, # EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall may be used to deliver # memory-mapping or the sendfile syscall may be used to deliver
+12
View File
@@ -383,3 +383,15 @@
4 string moov video/quicktime 4 string moov video/quicktime
4 string mdat video/quicktime 4 string mdat video/quicktime
#------------------------------------------------------------------------------
# application/x-coredump for LE/BE ELF
#
0 string \177ELF
>5 byte 1
>16 leshort 4 application/x-coredump
0 string \177ELF
>5 byte 2
>16 beshort 4 application/x-coredump
+4 -6
View File
@@ -5,11 +5,6 @@
; All relative paths in this configuration file are relative to PHP's install ; All relative paths in this configuration file are relative to PHP's install
; prefix. ; prefix.
; Include one or more files. If glob(3) exists, it is used to include a bunch of
; files from a glob(3) pattern. This directive can be used everywhere in the
; file.
include=/etc/php-fpm.d/*.conf
;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;
; Global Options ; ; Global Options ;
;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;
@@ -133,5 +128,8 @@ daemonize = yes
; used in logs and stats. There is no limitation on the number of pools which ; used in logs and stats. There is no limitation on the number of pools which
; FPM can handle. Your system will tell you anyway :) ; FPM can handle. Your system will tell you anyway :)
; See /etc/php-fpm.d/*.conf ; Include one or more files. If glob(3) exists, it is used to include a bunch of
; files from a glob(3) pattern. This directive can be used everywhere in the
; file.
include=/etc/php-fpm.d/*.conf
+13 -7
View File
@@ -42,6 +42,11 @@ opcache.enable_cli=1
; size of the optimized code. ; size of the optimized code.
;opcache.save_comments=1 ;opcache.save_comments=1
; If enabled, compilation warnings (including notices and deprecations) will
; be recorded and replayed each time a file is included. Otherwise, compilation
; warnings will only be emitted when the file is first cached.
;opcache.record_warnings=0
; Allow file existence override (file_exists, etc.) performance feature. ; Allow file existence override (file_exists, etc.) performance feature.
;opcache.enable_file_override=0 ;opcache.enable_file_override=0
@@ -62,10 +67,6 @@ opcache.blacklist_filename=/etc/php.d/opcache*.blacklist
; are cached. ; are cached.
;opcache.max_file_size=0 ;opcache.max_file_size=0
; Check the cache checksum each N requests.
; The default value of "0" means that the checks are disabled.
;opcache.consistency_checks=0
; How long to wait (in seconds) for a scheduled restart to begin if the cache ; How long to wait (in seconds) for a scheduled restart to begin if the cache
; is not being accessed. ; is not being accessed.
;opcache.force_restart_timeout=180 ;opcache.force_restart_timeout=180
@@ -110,7 +111,12 @@ opcache.blacklist_filename=/etc/php.d/opcache*.blacklist
;opcache.file_cache_fallback=1 ;opcache.file_cache_fallback=1
; Enables or disables copying of PHP code (text segment) into HUGE PAGES. ; Enables or disables copying of PHP code (text segment) into HUGE PAGES.
; This should improve performance, but requires appropriate OS configuration. ; Under certain circumstances (if only a single global PHP process is
; started from which all others fork), this can increase performance
; by a tiny amount because TLB misses are reduced. On the other hand, this
; delays PHP startup, increases memory usage and degrades performance
; under memory pressure - use with care.
; Requires appropriate OS configuration.
opcache.huge_code_pages=0 opcache.huge_code_pages=0
; Validate cached file permissions. ; Validate cached file permissions.
@@ -131,12 +137,12 @@ opcache.huge_code_pages=0
; Specifies a PHP script that is going to be compiled and executed at server ; Specifies a PHP script that is going to be compiled and executed at server
; start-up. ; start-up.
; http://php.net/opcache.preload ; https://php.net/opcache.preload
;opcache.preload= ;opcache.preload=
; Preloading code as root is not allowed for security reasons. This directive ; Preloading code as root is not allowed for security reasons. This directive
; facilitates to let the preloading to be run as another user. ; facilitates to let the preloading to be run as another user.
; http://php.net/opcache.preload_user ; https://php.net/opcache.preload_user
;opcache.preload_user= ;opcache.preload_user=
; Prevents caching files that are less than this number of seconds old. It ; Prevents caching files that are less than this number of seconds old. It
File diff suppressed because it is too large Load Diff
@@ -0,0 +1,13 @@
[Unit]
Description=One-time temporary TLS key generation for httpd.service
Documentation=man:httpd-init.service(8)
ConditionPathExists=|!/etc/pki/tls/certs/localhost.crt
ConditionPathExists=|!/etc/pki/tls/private/localhost.key
[Service]
Type=oneshot
RemainAfterExit=no
PrivateTmp=true
ExecStart=/usr/libexec/httpd-ssl-gencerts
@@ -0,0 +1,5 @@
# This file is part of mod_ssl. It enables listening on port 443 when
# socket activation is used.
[Socket]
ListenStream=443
@@ -37,6 +37,7 @@ AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/* AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/* AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/* AddIconByType (VID,/icons/movie.gif) video/*
AddIconByType /icons/bomb.gif application/x-coredump
AddIcon /icons/binary.gif .bin .exe AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx AddIcon /icons/binhex.gif .hqx
@@ -53,7 +54,6 @@ AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core.
AddIcon /icons/back.gif .. AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README AddIcon /icons/hand.right.gif README
@@ -19,8 +19,7 @@ DirectoryIndex index.php
# #
# Redirect to local php-fpm (no mod_php in default configuration) # Redirect to local php-fpm (no mod_php in default configuration)
# #
<IfModule !mod_php5.c> <IfModule !mod_php.c>
<IfModule !mod_php7.c>
# Enable http authorization headers # Enable http authorization headers
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1 SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
@@ -28,7 +27,6 @@ DirectoryIndex index.php
SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost" SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
</FilesMatch> </FilesMatch>
</IfModule> </IfModule>
</IfModule>
# #
# mod_php is deprecated as FPM is now used by default with httpd in event mode # mod_php is deprecated as FPM is now used by default with httpd in event mode
@@ -36,7 +34,7 @@ DirectoryIndex index.php
# #
# mod_php options # mod_php options
# #
<IfModule mod_php7.c> <IfModule mod_php.c>
# #
# Cause the PHP interpreter to handle files with a .php extension. # Cause the PHP interpreter to handle files with a .php extension.
# #
@@ -15,6 +15,7 @@ LoadModule authn_dbd_module modules/mod_authn_dbd.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_file_module modules/mod_authn_file.so LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_socache_module modules/mod_authn_socache.so LoadModule authn_socache_module modules/mod_authn_socache.so
LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so
LoadModule authz_core_module modules/mod_authz_core.so LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_dbd_module modules/mod_authz_dbd.so LoadModule authz_dbd_module modules/mod_authz_dbd.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so LoadModule authz_dbm_module modules/mod_authz_dbm.so
@@ -23,7 +24,6 @@ LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_owner_module modules/mod_authz_owner.so LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_user_module modules/mod_authz_user.so LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so LoadModule autoindex_module modules/mod_autoindex.so
LoadModule brotli_module modules/mod_brotli.so
LoadModule cache_module modules/mod_cache.so LoadModule cache_module modules/mod_cache.so
LoadModule cache_disk_module modules/mod_cache_disk.so LoadModule cache_disk_module modules/mod_cache_disk.so
LoadModule cache_socache_module modules/mod_cache_socache.so LoadModule cache_socache_module modules/mod_cache_socache.so
@@ -0,0 +1 @@
LoadModule brotli_module modules/mod_brotli.so
+17 -1
View File
@@ -151,7 +151,7 @@ DocumentRoot "/var/www/html"
# #
# AllowOverride controls what directives may be placed in .htaccess files. # AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords: # It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit # AllowOverride FileInfo AuthConfig Limit
# #
AllowOverride None AllowOverride None
@@ -263,6 +263,15 @@ LogLevel warn
Require all granted Require all granted
</Directory> </Directory>
<IfModule headers_module>
#
# Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
# backend servers which have lingering "httpoxy" defects.
# 'Proxy' request header is undefined by the IETF, not listed by IANA
#
RequestHeader unset Proxy early
</IfModule>
<IfModule mime_module> <IfModule mime_module>
# #
# TypesConfig points to the file containing the list of mappings from # TypesConfig points to the file containing the list of mappings from
@@ -340,6 +349,13 @@ AddDefaultCharset UTF-8
#ErrorDocument 402 http://www.example.com/subscription_info.html #ErrorDocument 402 http://www.example.com/subscription_info.html
# #
#
# MaxRanges: Maximum number of Ranges in a request before
# returning the entire resource, or one of the special
# values 'default', 'none' or 'unlimited'.
# Default setting is to accept 200 Ranges.
#MaxRanges unlimited
# #
# EnableMMAP and EnableSendfile: On systems that support it, # EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall may be used to deliver # memory-mapping or the sendfile syscall may be used to deliver
+12
View File
@@ -383,3 +383,15 @@
4 string moov video/quicktime 4 string moov video/quicktime
4 string mdat video/quicktime 4 string mdat video/quicktime
#------------------------------------------------------------------------------
# application/x-coredump for LE/BE ELF
#
0 string \177ELF
>5 byte 1
>16 leshort 4 application/x-coredump
0 string \177ELF
>5 byte 2
>16 beshort 4 application/x-coredump
+4 -6
View File
@@ -5,11 +5,6 @@
; All relative paths in this configuration file are relative to PHP's install ; All relative paths in this configuration file are relative to PHP's install
; prefix. ; prefix.
; Include one or more files. If glob(3) exists, it is used to include a bunch of
; files from a glob(3) pattern. This directive can be used everywhere in the
; file.
include=/etc/php-fpm.d/*.conf
;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;
; Global Options ; ; Global Options ;
;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;
@@ -133,5 +128,8 @@ daemonize = yes
; used in logs and stats. There is no limitation on the number of pools which ; used in logs and stats. There is no limitation on the number of pools which
; FPM can handle. Your system will tell you anyway :) ; FPM can handle. Your system will tell you anyway :)
; See /etc/php-fpm.d/*.conf ; Include one or more files. If glob(3) exists, it is used to include a bunch of
; files from a glob(3) pattern. This directive can be used everywhere in the
; file.
include=/etc/php-fpm.d/*.conf
+13 -7
View File
@@ -42,6 +42,11 @@ opcache.enable_cli=1
; size of the optimized code. ; size of the optimized code.
;opcache.save_comments=1 ;opcache.save_comments=1
; If enabled, compilation warnings (including notices and deprecations) will
; be recorded and replayed each time a file is included. Otherwise, compilation
; warnings will only be emitted when the file is first cached.
;opcache.record_warnings=0
; Allow file existence override (file_exists, etc.) performance feature. ; Allow file existence override (file_exists, etc.) performance feature.
;opcache.enable_file_override=0 ;opcache.enable_file_override=0
@@ -62,10 +67,6 @@ opcache.blacklist_filename=/etc/php.d/opcache*.blacklist
; are cached. ; are cached.
;opcache.max_file_size=0 ;opcache.max_file_size=0
; Check the cache checksum each N requests.
; The default value of "0" means that the checks are disabled.
;opcache.consistency_checks=0
; How long to wait (in seconds) for a scheduled restart to begin if the cache ; How long to wait (in seconds) for a scheduled restart to begin if the cache
; is not being accessed. ; is not being accessed.
;opcache.force_restart_timeout=180 ;opcache.force_restart_timeout=180
@@ -110,7 +111,12 @@ opcache.blacklist_filename=/etc/php.d/opcache*.blacklist
;opcache.file_cache_fallback=1 ;opcache.file_cache_fallback=1
; Enables or disables copying of PHP code (text segment) into HUGE PAGES. ; Enables or disables copying of PHP code (text segment) into HUGE PAGES.
; This should improve performance, but requires appropriate OS configuration. ; Under certain circumstances (if only a single global PHP process is
; started from which all others fork), this can increase performance
; by a tiny amount because TLB misses are reduced. On the other hand, this
; delays PHP startup, increases memory usage and degrades performance
; under memory pressure - use with care.
; Requires appropriate OS configuration.
opcache.huge_code_pages=0 opcache.huge_code_pages=0
; Validate cached file permissions. ; Validate cached file permissions.
@@ -131,12 +137,12 @@ opcache.huge_code_pages=0
; Specifies a PHP script that is going to be compiled and executed at server ; Specifies a PHP script that is going to be compiled and executed at server
; start-up. ; start-up.
; http://php.net/opcache.preload ; https://php.net/opcache.preload
;opcache.preload= ;opcache.preload=
; Preloading code as root is not allowed for security reasons. This directive ; Preloading code as root is not allowed for security reasons. This directive
; facilitates to let the preloading to be run as another user. ; facilitates to let the preloading to be run as another user.
; http://php.net/opcache.preload_user ; https://php.net/opcache.preload_user
;opcache.preload_user= ;opcache.preload_user=
; Prevents caching files that are less than this number of seconds old. It ; Prevents caching files that are less than this number of seconds old. It
File diff suppressed because it is too large Load Diff
@@ -0,0 +1,13 @@
[Unit]
Description=One-time temporary TLS key generation for httpd.service
Documentation=man:httpd-init.service(8)
ConditionPathExists=|!/etc/pki/tls/certs/localhost.crt
ConditionPathExists=|!/etc/pki/tls/private/localhost.key
[Service]
Type=oneshot
RemainAfterExit=no
PrivateTmp=true
ExecStart=/usr/libexec/httpd-ssl-gencerts
@@ -0,0 +1,5 @@
# This file is part of mod_ssl. It enables listening on port 443 when
# socket activation is used.
[Socket]
ListenStream=443
@@ -37,6 +37,7 @@ AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/* AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/* AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/* AddIconByType (VID,/icons/movie.gif) video/*
AddIconByType /icons/bomb.gif application/x-coredump
AddIcon /icons/binary.gif .bin .exe AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx AddIcon /icons/binhex.gif .hqx
@@ -53,7 +54,6 @@ AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core.
AddIcon /icons/back.gif .. AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README AddIcon /icons/hand.right.gif README
@@ -19,8 +19,7 @@ DirectoryIndex index.php
# #
# Redirect to local php-fpm (no mod_php in default configuration) # Redirect to local php-fpm (no mod_php in default configuration)
# #
<IfModule !mod_php5.c> <IfModule !mod_php.c>
<IfModule !mod_php7.c>
# Enable http authorization headers # Enable http authorization headers
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1 SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
@@ -28,7 +27,6 @@ DirectoryIndex index.php
SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost" SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
</FilesMatch> </FilesMatch>
</IfModule> </IfModule>
</IfModule>
# #
# mod_php is deprecated as FPM is now used by default with httpd in event mode # mod_php is deprecated as FPM is now used by default with httpd in event mode
@@ -36,7 +34,7 @@ DirectoryIndex index.php
# #
# mod_php options # mod_php options
# #
<IfModule mod_php7.c> <IfModule mod_php.c>
# #
# Cause the PHP interpreter to handle files with a .php extension. # Cause the PHP interpreter to handle files with a .php extension.
# #
@@ -15,6 +15,7 @@ LoadModule authn_dbd_module modules/mod_authn_dbd.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_file_module modules/mod_authn_file.so LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_socache_module modules/mod_authn_socache.so LoadModule authn_socache_module modules/mod_authn_socache.so
LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so
LoadModule authz_core_module modules/mod_authz_core.so LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_dbd_module modules/mod_authz_dbd.so LoadModule authz_dbd_module modules/mod_authz_dbd.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so LoadModule authz_dbm_module modules/mod_authz_dbm.so
@@ -23,7 +24,6 @@ LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_owner_module modules/mod_authz_owner.so LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_user_module modules/mod_authz_user.so LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so LoadModule autoindex_module modules/mod_autoindex.so
LoadModule brotli_module modules/mod_brotli.so
LoadModule cache_module modules/mod_cache.so LoadModule cache_module modules/mod_cache.so
LoadModule cache_disk_module modules/mod_cache_disk.so LoadModule cache_disk_module modules/mod_cache_disk.so
LoadModule cache_socache_module modules/mod_cache_socache.so LoadModule cache_socache_module modules/mod_cache_socache.so
@@ -0,0 +1 @@
LoadModule brotli_module modules/mod_brotli.so
+17 -1
View File
@@ -151,7 +151,7 @@ DocumentRoot "/var/www/html"
# #
# AllowOverride controls what directives may be placed in .htaccess files. # AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords: # It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit # AllowOverride FileInfo AuthConfig Limit
# #
AllowOverride None AllowOverride None
@@ -263,6 +263,15 @@ LogLevel warn
Require all granted Require all granted
</Directory> </Directory>
<IfModule headers_module>
#
# Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
# backend servers which have lingering "httpoxy" defects.
# 'Proxy' request header is undefined by the IETF, not listed by IANA
#
RequestHeader unset Proxy early
</IfModule>
<IfModule mime_module> <IfModule mime_module>
# #
# TypesConfig points to the file containing the list of mappings from # TypesConfig points to the file containing the list of mappings from
@@ -340,6 +349,13 @@ AddDefaultCharset UTF-8
#ErrorDocument 402 http://www.example.com/subscription_info.html #ErrorDocument 402 http://www.example.com/subscription_info.html
# #
#
# MaxRanges: Maximum number of Ranges in a request before
# returning the entire resource, or one of the special
# values 'default', 'none' or 'unlimited'.
# Default setting is to accept 200 Ranges.
#MaxRanges unlimited
# #
# EnableMMAP and EnableSendfile: On systems that support it, # EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall may be used to deliver # memory-mapping or the sendfile syscall may be used to deliver
+12
View File
@@ -383,3 +383,15 @@
4 string moov video/quicktime 4 string moov video/quicktime
4 string mdat video/quicktime 4 string mdat video/quicktime
#------------------------------------------------------------------------------
# application/x-coredump for LE/BE ELF
#
0 string \177ELF
>5 byte 1
>16 leshort 4 application/x-coredump
0 string \177ELF
>5 byte 2
>16 beshort 4 application/x-coredump
+4 -6
View File
@@ -5,11 +5,6 @@
; All relative paths in this configuration file are relative to PHP's install ; All relative paths in this configuration file are relative to PHP's install
; prefix. ; prefix.
; Include one or more files. If glob(3) exists, it is used to include a bunch of
; files from a glob(3) pattern. This directive can be used everywhere in the
; file.
include=/etc/php-fpm.d/*.conf
;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;
; Global Options ; ; Global Options ;
;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;
@@ -133,5 +128,8 @@ daemonize = yes
; used in logs and stats. There is no limitation on the number of pools which ; used in logs and stats. There is no limitation on the number of pools which
; FPM can handle. Your system will tell you anyway :) ; FPM can handle. Your system will tell you anyway :)
; See /etc/php-fpm.d/*.conf ; Include one or more files. If glob(3) exists, it is used to include a bunch of
; files from a glob(3) pattern. This directive can be used everywhere in the
; file.
include=/etc/php-fpm.d/*.conf
+13 -7
View File
@@ -42,6 +42,11 @@ opcache.enable_cli=1
; size of the optimized code. ; size of the optimized code.
;opcache.save_comments=1 ;opcache.save_comments=1
; If enabled, compilation warnings (including notices and deprecations) will
; be recorded and replayed each time a file is included. Otherwise, compilation
; warnings will only be emitted when the file is first cached.
;opcache.record_warnings=0
; Allow file existence override (file_exists, etc.) performance feature. ; Allow file existence override (file_exists, etc.) performance feature.
;opcache.enable_file_override=0 ;opcache.enable_file_override=0
@@ -62,10 +67,6 @@ opcache.blacklist_filename=/etc/php.d/opcache*.blacklist
; are cached. ; are cached.
;opcache.max_file_size=0 ;opcache.max_file_size=0
; Check the cache checksum each N requests.
; The default value of "0" means that the checks are disabled.
;opcache.consistency_checks=0
; How long to wait (in seconds) for a scheduled restart to begin if the cache ; How long to wait (in seconds) for a scheduled restart to begin if the cache
; is not being accessed. ; is not being accessed.
;opcache.force_restart_timeout=180 ;opcache.force_restart_timeout=180
@@ -110,7 +111,12 @@ opcache.blacklist_filename=/etc/php.d/opcache*.blacklist
;opcache.file_cache_fallback=1 ;opcache.file_cache_fallback=1
; Enables or disables copying of PHP code (text segment) into HUGE PAGES. ; Enables or disables copying of PHP code (text segment) into HUGE PAGES.
; This should improve performance, but requires appropriate OS configuration. ; Under certain circumstances (if only a single global PHP process is
; started from which all others fork), this can increase performance
; by a tiny amount because TLB misses are reduced. On the other hand, this
; delays PHP startup, increases memory usage and degrades performance
; under memory pressure - use with care.
; Requires appropriate OS configuration.
opcache.huge_code_pages=0 opcache.huge_code_pages=0
; Validate cached file permissions. ; Validate cached file permissions.
@@ -131,12 +137,12 @@ opcache.huge_code_pages=0
; Specifies a PHP script that is going to be compiled and executed at server ; Specifies a PHP script that is going to be compiled and executed at server
; start-up. ; start-up.
; http://php.net/opcache.preload ; https://php.net/opcache.preload
;opcache.preload= ;opcache.preload=
; Preloading code as root is not allowed for security reasons. This directive ; Preloading code as root is not allowed for security reasons. This directive
; facilitates to let the preloading to be run as another user. ; facilitates to let the preloading to be run as another user.
; http://php.net/opcache.preload_user ; https://php.net/opcache.preload_user
;opcache.preload_user= ;opcache.preload_user=
; Prevents caching files that are less than this number of seconds old. It ; Prevents caching files that are less than this number of seconds old. It
File diff suppressed because it is too large Load Diff
@@ -0,0 +1,13 @@
[Unit]
Description=One-time temporary TLS key generation for httpd.service
Documentation=man:httpd-init.service(8)
ConditionPathExists=|!/etc/pki/tls/certs/localhost.crt
ConditionPathExists=|!/etc/pki/tls/private/localhost.key
[Service]
Type=oneshot
RemainAfterExit=no
PrivateTmp=true
ExecStart=/usr/libexec/httpd-ssl-gencerts
@@ -0,0 +1,5 @@
# This file is part of mod_ssl. It enables listening on port 443 when
# socket activation is used.
[Socket]
ListenStream=443
+17
View File
@@ -110,6 +110,11 @@ template_list:
mode: '0644' mode: '0644'
owner: 'root' owner: 'root'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/00-base.conf' src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/00-base.conf'
- dest: '/etc/httpd/conf.modules.d/00-brotli.conf'
group: 'root'
mode: '0644'
owner: 'root'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/00-brotli.conf'
- dest: '/etc/httpd/conf.modules.d/00-dav.conf' - dest: '/etc/httpd/conf.modules.d/00-dav.conf'
group: 'root' group: 'root'
mode: '0644' mode: '0644'
@@ -195,6 +200,11 @@ template_list:
mode: '0644' mode: '0644'
owner: 'root' owner: 'root'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd.socket' src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd.socket'
- dest: '/usr/lib/systemd/system/httpd-init.service'
group: 'root'
mode: '0644'
owner: 'root'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd-init.service'
- dest: '/usr/lib/systemd/system/httpd-reload.service' - dest: '/usr/lib/systemd/system/httpd-reload.service'
group: 'root' group: 'root'
mode: '0644' mode: '0644'
@@ -210,3 +220,10 @@ template_list:
mode: '0644' mode: '0644'
owner: 'root' owner: 'root'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd@.service' src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd@.service'
- dest: '/usr/lib/systemd/system/httpd.socket.d/10-listen443.conf'
group: 'root'
mode: '0644'
owner: 'root'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd.socket.d/10-listen443.conf'
...
+17
View File
@@ -110,6 +110,11 @@ template_list:
mode: '0644' mode: '0644'
owner: 'root' owner: 'root'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/00-base.conf' src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/00-base.conf'
- dest: '/etc/httpd/conf.modules.d/00-brotli.conf'
group: 'root'
mode: '0644'
owner: 'root'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/00-brotli.conf'
- dest: '/etc/httpd/conf.modules.d/00-dav.conf' - dest: '/etc/httpd/conf.modules.d/00-dav.conf'
group: 'root' group: 'root'
mode: '0644' mode: '0644'
@@ -195,6 +200,11 @@ template_list:
mode: '0644' mode: '0644'
owner: 'root' owner: 'root'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd.socket' src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd.socket'
- dest: '/usr/lib/systemd/system/httpd-init.service'
group: 'root'
mode: '0644'
owner: 'root'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd-init.service'
- dest: '/usr/lib/systemd/system/httpd-reload.service' - dest: '/usr/lib/systemd/system/httpd-reload.service'
group: 'root' group: 'root'
mode: '0644' mode: '0644'
@@ -210,3 +220,10 @@ template_list:
mode: '0644' mode: '0644'
owner: 'root' owner: 'root'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd@.service' src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd@.service'
- dest: '/usr/lib/systemd/system/httpd.socket.d/10-listen443.conf'
group: 'root'
mode: '0644'
owner: 'root'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd.socket.d/10-listen443.conf'
...
+17
View File
@@ -110,6 +110,11 @@ template_list:
mode: '0644' mode: '0644'
owner: 'root' owner: 'root'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/00-base.conf' src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/00-base.conf'
- dest: '/etc/httpd/conf.modules.d/00-brotli.conf'
group: 'root'
mode: '0644'
owner: 'root'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/etc/httpd/conf.modules.d/00-brotli.conf'
- dest: '/etc/httpd/conf.modules.d/00-dav.conf' - dest: '/etc/httpd/conf.modules.d/00-dav.conf'
group: 'root' group: 'root'
mode: '0644' mode: '0644'
@@ -195,6 +200,11 @@ template_list:
mode: '0644' mode: '0644'
owner: 'root' owner: 'root'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd.socket' src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd.socket'
- dest: '/usr/lib/systemd/system/httpd-init.service'
group: 'root'
mode: '0644'
owner: 'root'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd-init.service'
- dest: '/usr/lib/systemd/system/httpd-reload.service' - dest: '/usr/lib/systemd/system/httpd-reload.service'
group: 'root' group: 'root'
mode: '0644' mode: '0644'
@@ -210,3 +220,10 @@ template_list:
mode: '0644' mode: '0644'
owner: 'root' owner: 'root'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd@.service' src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd@.service'
- dest: '/usr/lib/systemd/system/httpd.socket.d/10-listen443.conf'
group: 'root'
mode: '0644'
owner: 'root'
src: '{{ ansible_facts["distribution"] }}/{{ ansible_facts["distribution_major_version"] }}/usr/lib/systemd/system/httpd.socket.d/10-listen443.conf'
...