diff --git a/.gitattributesdb b/.gitattributesdb
index 6c27bcb..bb517d0 100644
--- a/.gitattributesdb
+++ b/.gitattributesdb
@@ -1,186 +1,501 @@
# This is the gitattributesdb database file.
# Do not manually edit this file - any changes will be overwritten.
-LmdpdGhvb2tzL2dpdGF0dHJpYnV0ZXNkYg== 1757608819.000000000 1757608819.000000000 root:root 0755 - -
+LmdpdGhvb2tz 1773074781.635958529 1771512801.560006128 root:root 0755 - -
+LmdpdGhvb2tzL2dpdGF0dHJpYnV0ZXNkYg== 1773950712.511754035 1757608819.000000000 root:root 0755 - -
+LmdpdGhvb2tz 1773074781.635958529 1771512801.560006128 root:root 0755 - -
LmdpdGhvb2tzL3Bvc3QtY2hlY2tvdXQ= 1757519106.000000000 1757519106.000000000 root:root 0755 - -
+LmdpdGhvb2tz 1773074781.635958529 1771512801.560006128 root:root 0755 - -
LmdpdGhvb2tzL3Bvc3QtbWVyZ2U= 1757519106.000000000 1757519106.000000000 root:root 0755 - -
+LmdpdGhvb2tz 1773074781.635958529 1771512801.560006128 root:root 0755 - -
LmdpdGhvb2tzL3ByZS1jb21taXQ= 1757519106.000000000 1757519106.000000000 root:root 0755 - -
LmdpdGlnbm9yZQ== 1762025173.020942279 1757593248.000000000 root:root 0644 - -
LmdpdG1vZHVsZXM= 1757607701.000000000 1757607701.000000000 root:root 0644 - -
-ZXRjLy5naXRpZ25vcmU= 1762626742.156358716 1757611781.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+ZXRjLy5naXRpZ25vcmU= 1773946669.402887347 1757611781.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+YXBhY2hlMg== - -
ZXRjL2FwYWNoZTIvLmdpdGlnbm9yZQ== 1766069108.043264156 1757775932.000000000 root:root 0644 - -
-ZXRjL2FwYWNoZTIvYXBhY2hlMi5jb25m 1766155394.332589865 1757785514.000000000 root:root 0644 - -
-ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2FsaWFzLmxvYWQ= 1762021735.493652772 1762021735.493652772 root:root 0777 - -
-ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2FsbG93bWV0aG9kcy5sb2Fk 1766073519.503025374 1766073519.503025374 root:root 0777 - -
-ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2F1dGhuX2NvcmUubG9hZA== 1762021735.381654619 1762021735.381654619 root:root 0777 - -
-ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2F1dGhuX2ZpbGUubG9hZA== 1762021735.437653696 1762021735.437653696 root:root 0777 - -
-ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2F1dGh6X2NvcmUubG9hZA== 1762021735.349655147 1762021735.349655147 root:root 0777 - -
-ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2F1dGh6X2hvc3QubG9hZA== 1766070527.231989855 1766070527.231989855 root:root 0777 - -
-ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2F1dGh6X3VzZXIubG9hZA== 1762021735.469653168 1762021735.469653168 root:root 0777 - -
-ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2NnaWQubG9hZA== 1766080747.085077197 1766080747.085077197 root:root 0777 - -
-ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2RlZmxhdGUubG9hZA== 1762021735.721649011 1762021735.721649011 root:root 0777 - -
-ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2Rpci5sb2Fk 1762021735.525652244 1762021735.525652244 root:root 0777 - -
-ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2Vudi5sb2Fk 1762021735.577651386 1762021735.577651386 root:root 0777 - -
-ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2ZpbHRlci5sb2Fk 1762021735.689649539 1762021735.689649539 root:root 0777 - -
-ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2h0dHAyLmxvYWQ= 1766079814.224337175 1766079814.224337175 root:root 0777 - -
-ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2luY2x1ZGUubG9hZA== 1766070423.145696881 1766070423.145696881 root:root 0777 - -
-ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL21pbWUubG9hZA== 1762021735.609650859 1762021735.609650859 root:root 0777 - -
-ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL21pbWVfbWFnaWMubG9hZA== 1766077359.436502219 1766077359.436502219 root:root 0777 - -
-ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL21wbV9ldmVudC5sb2Fk 1766077495.230282186 1766077495.230282186 root:root 0777 - -
-ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL3Byb3h5LmxvYWQ= 1766080867.035115479 1766080867.035115479 root:root 0777 - -
-ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL3Byb3h5X2ZjZ2kubG9hZA== 1766080921.386226594 1766080921.386226594 root:root 0777 - -
-ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL3Jld3JpdGUubG9hZA== 1766081010.864763229 1766081010.864763229 root:root 0777 - -
-ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL3NldGVudmlmLmxvYWQ= 1762021735.661650000 1762021735.661650000 root:root 0777 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+YXBhY2hlMg== - -
+ZXRjL2FwYWNoZTIvYXBhY2hlMi5jb25m 1773343425.497690175 1757785514.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+YXBhY2hlMg== - -
+bW9kcy1lbmFibGVk - -
+ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2F1dGhuX2NvcmUubG9hZA== 1771512801.564006063 1771512801.564006063 root:root 0777 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+YXBhY2hlMg== - -
+bW9kcy1lbmFibGVk - -
+ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2F1dGhuX2ZpbGUubG9hZA== 1771512801.564006063 1771512801.564006063 root:root 0777 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+YXBhY2hlMg== - -
+bW9kcy1lbmFibGVk - -
+ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2F1dGh6X2NvcmUubG9hZA== 1771512801.564006063 1771512801.564006063 root:root 0777 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+YXBhY2hlMg== - -
+bW9kcy1lbmFibGVk - -
+ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2F1dGh6X3VzZXIubG9hZA== 1771512801.564006063 1771512801.564006063 root:root 0777 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+YXBhY2hlMg== - -
+bW9kcy1lbmFibGVk - -
+ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2NnaWQubG9hZA== 1771512801.564006063 1771512801.564006063 root:root 0777 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+YXBhY2hlMg== - -
+bW9kcy1lbmFibGVk - -
+ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2RlZmxhdGUubG9hZA== 1771512801.564006063 1771512801.564006063 root:root 0777 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+YXBhY2hlMg== - -
+bW9kcy1lbmFibGVk - -
+ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2ZpbHRlci5sb2Fk 1771512801.568005995 1771512801.568005995 root:root 0777 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+YXBhY2hlMg== - -
+bW9kcy1lbmFibGVk - -
+ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2h0dHAyLmxvYWQ= 1771512801.568005995 1771512801.568005995 root:root 0777 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+YXBhY2hlMg== - -
+bW9kcy1lbmFibGVk - -
+ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL2luY2x1ZGUubG9hZA== 1771512801.568005995 1771512801.568005995 root:root 0777 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+YXBhY2hlMg== - -
+bW9kcy1lbmFibGVk - -
+ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL3Byb3h5LmxvYWQ= 1771512801.568005995 1771512801.568005995 root:root 0777 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+YXBhY2hlMg== - -
+bW9kcy1lbmFibGVk - -
+ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL3Byb3h5X2ZjZ2kubG9hZA== 1771512801.568005995 1771512801.568005995 root:root 0777 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+YXBhY2hlMg== - -
+bW9kcy1lbmFibGVk - -
+ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL3Byb3h5X2h0dHAubG9hZA== 1773512305.071354981 1773512305.071354981 root:root 0777 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+YXBhY2hlMg== - -
+bW9kcy1lbmFibGVk - -
+ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL3Jld3JpdGUubG9hZA== 1773519967.649760800 1773519967.649760800 root:root 0777 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+YXBhY2hlMg== - -
+bW9kcy1lbmFibGVk - -
+ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL3NvY2FjaGVfc2htY2IubG9hZA== 1773343134.250327036 1773343134.250327036 root:root 0777 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+YXBhY2hlMg== - -
+bW9kcy1lbmFibGVk - -
+ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL3NzbC5sb2Fk 1773343014.364235719 1773343014.364235719 root:root 0777 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+YXBhY2hlMg== - -
+c2l0ZXMtYXZhaWxhYmxl - -
ZXRjL2FwYWNoZTIvc2l0ZXMtYXZhaWxhYmxlLy5naXRpZ25vcmU= 1766069274.068541443 1766069263.648712326 root:root 0644 - -
-ZXRjL2FwYWNoZTIvc2l0ZXMtYXZhaWxhYmxlL2NvcmUuc2xhY2t3YXJlLnVrLm5ldC5jb25m 1758817141.000000000 1757785113.000000000 root:root 0644 - -
-ZXRjL2FwYWNoZTIvc2l0ZXMtZW5hYmxlZC8wMDAtY29yZS5zbGFja3dhcmUudWsubmV0LmNvbmY= 1762529451.292078041 1762529451.292078041 root:root 0777 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+YXBhY2hlMg== - -
+c2l0ZXMtYXZhaWxhYmxl - -
+ZXRjL2FwYWNoZTIvc2l0ZXMtYXZhaWxhYmxlL2NvcmUuc2xhY2t3YXJlLnVrLm5ldC5jb25m 1773519943.102151242 1757785113.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+YXBhY2hlMg== - -
+c2l0ZXMtZW5hYmxlZA== - -
+ZXRjL2FwYWNoZTIvc2l0ZXMtZW5hYmxlZC8wMC1jb3JlLnNsYWNrd2FyZS51ay5uZXQuY29uZg== 1773340506.404142422 1773340506.404142422 root:root 0777 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+YXB0 - -
ZXRjL2FwdC8uZ2l0aWdub3Jl 1762532662.236312315 1762532566.409854495 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+YXB0 - -
+cHJlZmVyZW5jZXMuZA== - -
ZXRjL2FwdC9wcmVmZXJlbmNlcy5kL3N1cnk= 1762021809.456432672 1762021809.456432672 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+YXB0 - -
+c291cmNlcy5saXN0LmQ= - -
ZXRjL2FwdC9zb3VyY2VzLmxpc3QuZC9mZC5saXN0 1762021706.378133066 1762021706.374133133 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+YXB0 - -
+c291cmNlcy5saXN0LmQ= - -
ZXRjL2FwdC9zb3VyY2VzLmxpc3QuZC9zdXJ5Lmxpc3Q= 1762021706.378133066 1762021706.378133066 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+Y3Jvbi4xNW1pbg== - -
ZXRjL2Nyb24uMTVtaW4vLmdpdGlnbm9yZQ== 1762535468.567176697 1762535289.358058790 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+Y3Jvbi5k - -
ZXRjL2Nyb24uZC8uZ2l0aWdub3Jl 1762535453.203423781 1762535289.358058790 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+Y3Jvbi5kYWlseQ== - -
ZXRjL2Nyb24uZGFpbHkvLmdpdGlnbm9yZQ== 1762538383.748288196 1762535499.146684944 root:root 0644 - -
-ZXRjL2Nyb24uZGFpbHkvMC1yb3RhdGUtbG9ncy1zeW1saW5rcw== 1762022637.182797762 1762022637.182797762 root:root 0777 - -
-ZXRjL2Nyb24uZGFpbHkvMTAtZGVoeWRyYXRlZA== 1762022637.182797762 1762022637.182797762 root:root 0777 - -
-ZXRjL2Nyb24uZGFpbHkvNS11cGRhdGUtcGFja2FnZXMtbGlzdA== 1762022637.182797762 1762022637.182797762 root:root 0777 - -
-ZXRjL2Nyb24uZGFpbHkvNy13YXJuLWdpdC1zdGF0dXM= 1762022637.182797762 1762022637.182797762 root:root 0777 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+Y3Jvbi5kYWlseQ== - -
+ZXRjL2Nyb24uZGFpbHkvMC1yb3RhdGUtbG9ncy1zeW1saW5rcw== 1773074830.431179720 1773074830.431179720 root:root 0777 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+Y3Jvbi5kYWlseQ== - -
+ZXRjL2Nyb24uZGFpbHkvMTAtZGVoeWRyYXRlZA== 1773074830.431179720 1773074830.431179720 root:root 0777 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+Y3Jvbi5kYWlseQ== - -
+ZXRjL2Nyb24uZGFpbHkvNS11cGRhdGUtcGFja2FnZXMtbGlzdA== 1773074830.431179720 1773074830.431179720 root:root 0777 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+Y3Jvbi5kYWlseQ== - -
+ZXRjL2Nyb24uZGFpbHkvNy13YXJuLWdpdC1zdGF0dXM= 1773074830.431179720 1773074830.431179720 root:root 0777 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+Y3Jvbi5ob3VybHk= - -
ZXRjL2Nyb24uaG91cmx5Ly5naXRpZ25vcmU= 1762535518.534373147 1762535518.534373147 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+Y3Jvbi5tb250aGx5 - -
ZXRjL2Nyb24ubW9udGhseS8uZ2l0aWdub3Jl 1762535548.045898541 1762535548.045898541 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+Y3Jvbi53ZWVrbHk= - -
ZXRjL2Nyb24ud2Vla2x5Ly5naXRpZ25vcmU= 1762628453.620630321 1762535530.470181196 root:root 0644 - -
-ZXRjL2Nyb24ud2Vla2x5L2NsZWFuLXBocA== 1762628439.836853762 1762628439.836853762 root:root 0777 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+Y3Jvbi53ZWVrbHk= - -
+ZXRjL2Nyb24ud2Vla2x5L2NsZWFuLXBocA== 1773074830.431179720 1773074830.431179720 root:root 0777 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+Y3Jvbi55ZWFybHk= - -
ZXRjL2Nyb24ueWVhcmx5Ly5naXRpZ25vcmU= 1762535568.001577608 1762535568.001577608 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
ZXRjL2Nyb250YWI= 1762534976.223094581 1757593504.000000000 root:root 0600 - -
-ZXRjL2RlZmF1bHQvLmdpdGlnbm9yZQ== 1762624179.585857684 1762624148.166366444 root:root 0644 - -
-ZXRjL2RlZmF1bHQvcHJvbWV0aGV1cy1ub2RlLWV4cG9ydGVy 1771504260.677940581 1762023153.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+ZGVmYXVsdA== - -
+ZXRjL2RlZmF1bHQvLmdpdGlnbm9yZQ== 1773952746.050042264 1762624148.166366444 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+ZGVmYXVsdA== - -
+ZXRjL2RlZmF1bHQvZG9rdXdpa2k= 1773952381.644085099 1773517662.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+ZGVmYXVsdA== - -
+ZXRjL2RlZmF1bHQvcHJvbWV0aGV1cw== 1773513253.988425139 1773502158.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+ZGVmYXVsdA== - -
+ZXRjL2RlZmF1bHQvcHJvbWV0aGV1cy1hbGVydG1hbmFnZXI= 1741526314.000000000 1773502158.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+ZGVmYXVsdA== - -
+ZXRjL2RlZmF1bHQvcHJvbWV0aGV1cy1ub2RlLWV4cG9ydGVy 1773511187.568917165 1762023153.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+ZGVmYXVsdA== - -
ZXRjL2RlZmF1bHQvcm90YXRlLWxvZ3Mtc3ltbGlua3M= 1758555243.000000000 1758552192.000000000 root:root 0644 - -
-ZXRjL2RlZmF1bHQvdGVycmFmb3JtLWh0dHAtYmFja2VuZA== 1771507048.704791655 1757595391.000000000 root:root 0600 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+ZGVmYXVsdA== - -
+ZXRjL2RlZmF1bHQvdGVycmFmb3JtLWh0dHAtYmFja2VuZA== 1773511563.759009356 1757595391.000000000 root:root 0600 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+ZGVoeWRyYXRlZA== - -
ZXRjL2RlaHlkcmF0ZWQvLmdpdGlnbm9yZQ== 1758038054.000000000 1758038054.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+ZGVoeWRyYXRlZA== - -
+YWNjb3VudHM= - -
ZXRjL2RlaHlkcmF0ZWQvYWNjb3VudHMvLmdpdGlnbm9yZQ== 1757873230.000000000 1757873230.000000000 root:root 0644 - -
-ZXRjL2RlaHlkcmF0ZWQvYWNjb3VudHMvYUhSMGNITTZMeTloWTIxbExYWXdNaTVoY0drdWJHVjBjMlZ1WTNKNWNIUXViM0puTDJScGNtVmpkRzl5ZVFvLnRhci5ncGc= 1761052714.000000000 1757873275.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+ZGVoeWRyYXRlZA== - -
+YWNjb3VudHM= - -
+ZXRjL2RlaHlkcmF0ZWQvYWNjb3VudHMvYUhSMGNITTZMeTloWTIxbExYWXdNaTVoY0drdWJHVjBjMlZ1WTNKNWNIUXViM0puTDJScGNtVmpkRzl5ZVFvLnRhci5ncGc= 1773159494.828502366 1757873275.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+ZGVoeWRyYXRlZA== - -
+YXJjaGl2ZQ== - -
ZXRjL2RlaHlkcmF0ZWQvYXJjaGl2ZS8uZ2l0aWdub3Jl 1757874259.000000000 1757873451.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+ZGVoeWRyYXRlZA== - -
+Y2VydHM= - -
ZXRjL2RlaHlkcmF0ZWQvY2VydHMvLmdpdGlnbm9yZQ== 1757874303.000000000 1757873537.000000000 root:root 0644 - -
-ZXRjL2RlaHlkcmF0ZWQvY29uZmln 1758044465.000000000 1757862077.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+ZGVoeWRyYXRlZA== - -
+Y29uZi5k - -
+ZXRjL2RlaHlkcmF0ZWQvY29uZi5kLy5naXRrZWVwZGly 1773342473.728835264 1773342473.728835264 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+ZGVoeWRyYXRlZA== - -
+ZXRjL2RlaHlkcmF0ZWQvY29uZmln 1773422158.392330219 1757862077.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+ZGVoeWRyYXRlZA== - -
ZXRjL2RlaHlkcmF0ZWQvZG9tYWlucw== 1757862328.000000000 1757862077.000000000 root:root 0644 - -
-ZXRjL2RlaHlkcmF0ZWQvZG9tYWlucy5kL19leGFtcGxlXw== 1757863238.000000000 1757862077.000000000 root:root 0644 - -
-ZXRjL2RlaHlkcmF0ZWQvZG9tYWlucy5kL2NvcmUuc2xhY2t3YXJlLnVrLm5ldA== 1757863250.000000000 1757863250.000000000 root:root 0644 - -
-ZXRjL2RlaHlkcmF0ZWQvaG9va3MvZGVmYXVsdA== 1758045829.000000000 1757862077.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+ZGVoeWRyYXRlZA== - -
+ZG9tYWlucy5k - -
+ZXRjL2RlaHlkcmF0ZWQvZG9tYWlucy5kL19leGFtcGxlXw== 1773422197.987710884 1757862077.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+ZGVoeWRyYXRlZA== - -
+aG9va3M= - -
+ZXRjL2RlaHlkcmF0ZWQvaG9va3MvZGVmYXVsdA== 1773342632.190315764 1757862077.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+ZnVzaW9uZGlyZWN0b3J5 - -
ZXRjL2Z1c2lvbmRpcmVjdG9yeS9mdXNpb25kaXJlY3RvcnktYXBhY2hlLmNvbmY= 1740415693.000000000 1762022137.000000000 root:root 0644 - -
-ZXRjL2Z1c2lvbmRpcmVjdG9yeS9mdXNpb25kaXJlY3RvcnkuY29uZg== 1771459200.000000000 1771459200.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+ZnVzaW9uZGlyZWN0b3J5 - -
+ZXRjL2Z1c2lvbmRpcmVjdG9yeS9mdXNpb25kaXJlY3RvcnkuY29uZg== - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+ZnVzaW9uZGlyZWN0b3J5 - -
ZXRjL2Z1c2lvbmRpcmVjdG9yeS9mdXNpb25kaXJlY3RvcnkuY29uZi5vcmln 1760207207.000000000 1760207207.000000000 root:root 0644 - -
-ZXRjL2dyb3Vw 1762530431.632238190 1762530431.632238190 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+ZXRjL2dyb3Vw 1773951237.415059979 1773951237.415059979 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
ZXRjL2dzaGFkb3cuZ3Bn 1762628156.813441524 1762447499.282711556 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
ZXRjL2hvc3RuYW1l 1757594311.000000000 1757594311.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
ZXRjL2hvc3Rz 1762446715.371577485 1757594362.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+aW5pdC5k - -
ZXRjL2luaXQuZC8uZ2l0aWdub3Jl 1771459200.000000000 1771459200.000000000 root:root 0644 - -
-ZXRjL2luaXQuZC90ZXJyYWZvcm0taHR0cC1iYWNrZW5k 1771459200.000000000 1771459200.000000000 root:root 0755 - -
-ZXRjL2tyYjUuY29uZg== 1762447367.132883171 1583171707.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+aW5pdC5k - -
+ZXRjL2luaXQuZC90ZXJyYWZvcm0taHR0cC1iYWNrZW5k 1773654405.833829368 1771459200.000000000 root:root 0755 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+ZXRjL2tyYjUuY29uZg== 1773662876.418407545 1583171707.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+bGRhcA== - -
ZXRjL2xkYXAvbGRhcC5jb25m 1758374529.000000000 1730112559.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+bGRhcA== - -
+c2NoZW1h - -
ZXRjL2xkYXAvc2NoZW1hLy5naXRpZ25vcmU= 1762628549.507075969 1762628549.507075969 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+bGRhcA== - -
+c2NoZW1h - -
ZXRjL2xkYXAvc2NoZW1hL3JmYzIzMDdiaXMuc2NoZW1h 1759835660.000000000 1759835660.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
ZXRjL2xvZ2luLmRlZnM= 1771509215.801996599 1745058028.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
ZXRjL21vdGQ= 1762625944.389278724 1756052400.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
ZXRjL21zbXRwLmFsaWFzZXM= 1758035451.000000000 1758035451.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
ZXRjL21zbXRwcmMuZ3Bn 1761052674.000000000 1758049424.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+bmV0d29yaw== - -
ZXRjL25ldHdvcmsvLmdpdGlnbm9yZQ== 1757596572.000000000 1757596572.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+bmV0d29yaw== - -
ZXRjL25ldHdvcmsvaW50ZXJmYWNlcw== 1762449437.502802342 1762449437.502802342 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+bmV0d29yaw== - -
+aW50ZXJmYWNlcy5k - -
ZXRjL25ldHdvcmsvaW50ZXJmYWNlcy5kL2V0aDA= 1762449591.864258045 1762449559.040799058 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+bmV0d29yaw== - -
+aW50ZXJmYWNlcy5k - -
ZXRjL25ldHdvcmsvaW50ZXJmYWNlcy5kL2V0aDE= 1762449602.376084790 1762449560.312778093 root:root 0644 - -
-ZXRjL3Bhc3N3ZA== 1762449439.234773795 1762449439.234773795 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+ZXRjL3Bhc3N3ZA== 1773951229.999182951 1773951229.999182951 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+cGhw - -
+ZXRjL3BocC8uZ2l0aWdub3Jl 1773950303.090525695 1773950303.090525695 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+cGhw - -
+OC40 - -
+ZXRjL3BocC84LjQvLmdpdGlnbm9yZQ== 1773950864.129246341 1773950864.129246341 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+cGhw - -
+OC40 - -
+YXBhY2hlMg== - -
+ZXRjL3BocC84LjQvYXBhY2hlMi8uZ2l0aWdub3Jl 1773950761.570942616 1773950761.570942616 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+cGhw - -
+OC40 - -
+YXBhY2hlMg== - -
+ZXRjL3BocC84LjQvYXBhY2hlMi9waHAuaW5p 1773248884.583344972 1773248884.583344972 root:root 0777 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+cGhw - -
+OC40 - -
+Y2xp - -
+ZXRjL3BocC84LjQvY2xpLy5naXRpZ25vcmU= 1773950780.838623940 1773950780.838623940 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+cGhw - -
+OC40 - -
+Y2xp - -
+ZXRjL3BocC84LjQvY2xpL3BocC5pbmk= 1773248893.095208163 1773248893.095208163 root:root 0777 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+cGhw - -
+OC40 - -
+ZnBt - -
+ZXRjL3BocC84LjQvZnBtLy5naXRpZ25vcmU= 1773950820.753963759 1773950820.753963759 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+cGhw - -
+OC40 - -
+ZnBt - -
+ZXRjL3BocC84LjQvZnBtL3BocC1mcG0uY29uZg== 1773249914.582789624 1771512192.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+cGhw - -
+OC40 - -
+ZnBt - -
+ZXRjL3BocC84LjQvZnBtL3BocC5pbmk= 1773248900.295092442 1773248900.295092442 root:root 0777 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+cGhw - -
+OC40 - -
+ZnBt - -
+cG9vbC5k - -
+ZXRjL3BocC84LjQvZnBtL3Bvb2wuZC93d3cuY29uZg== 1773343753.212472726 1771512192.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+cGhw - -
+OC40 - -
+ZXRjL3BocC84LjQvcGhwLmluaQ== 1773248696.138374022 1773229113.232168334 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+cGhwbGRhcGFkbWlu - -
ZXRjL3BocGxkYXBhZG1pbi8uZ2l0aWdub3Jl 1762628720.800299329 1762628701.308615289 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+cGhwbGRhcGFkbWlu - -
ZXRjL3BocGxkYXBhZG1pbi9jb25maWcucGhwLmdwZw== 1761052640.000000000 1758539944.000000000 root:root 0644 - -
-ZXRjL3BrZ2xpc3Q= 1766102401.840579350 1762560002.068536774 root:root 0644 - -
-ZXRjL3BsYS9jb25maWcucGhwLmdwZw== 1771459200.000000000 1771459200.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+ZXRjL3BrZ2xpc3Q= 1773878402.020187156 1762560002.068536774 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+cHVzaG92ZXItY2xpZW50 - -
ZXRjL3B1c2hvdmVyLWNsaWVudC8uZ2l0aWdub3Jl 1762628624.365862525 1762448145.464092595 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+cHVzaG92ZXItY2xpZW50 - -
ZXRjL3B1c2hvdmVyLWNsaWVudC9kZWZhdWx0LmdwZw== 1762448163.991787320 1762448163.979787518 root:root 0644 - -
-ZXRjL3Jlc29sdi5jb25m 1757611605.000000000 1757611605.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+ZXRjL3Jlc29sdi5jb25m 1773592997.299303370 1757611605.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
ZXRjL3JzeXNsb2cuY29uZg== 1757785113.000000000 1757785113.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+c2FtYmE= - -
ZXRjL3NhbWJhL3NtYi5jb25m 1762447904.392054475 1758208516.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+c2FtYmE= - -
ZXRjL3NhbWJhL3NtYnVzZXJz 1758121825.000000000 1758121586.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
ZXRjL3NoYWRvdy5ncGc= 1762628180.969049967 1762447484.598952854 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+c3No - -
ZXRjL3NzaC8uZ2l0aWdub3Jl 1762628843.382312260 1757606957.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+c3No - -
ZXRjL3NzaC9zc2hfY29uZmln 1757606630.000000000 1757606630.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+c3No - -
ZXRjL3NzaC9zc2hkX2NvbmZpZw== 1758202229.000000000 1757606896.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+c3NoZ3VhcmQ= - -
ZXRjL3NzaGd1YXJkL3NzaGd1YXJkLmNvbmY= 1758050700.000000000 1758050700.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+c3NoZ3VhcmQ= - -
ZXRjL3NzaGd1YXJkL3doaXRlbGlzdA== 1758050235.000000000 1758050235.000000000 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+c3Vkb2Vycy5k - -
ZXRjL3N1ZG9lcnMuZC8uZ2l0aWdub3Jl 1762026765.566662574 1762026765.566662574 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+c3Vkb2Vycy5k - -
ZXRjL3N1ZG9lcnMuZC9kZWZhdWx0cw== 1757599359.000000000 1757599359.000000000 root:root 0640 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+c3Vkb2Vycy5k - -
ZXRjL3N1ZG9lcnMuZC9yb290LWFjY2Vzcw== 1757600157.000000000 1757600157.000000000 root:root 0640 - -
+aG9tZQ== 1773074781.647958337 1771512801.576005863 root:root 0755 - -
aG9tZS8uZ2l0aWdub3Jl 1757762052.000000000 1757762052.000000000 root:root 0644 - -
+aG9tZQ== 1773074781.647958337 1771512801.576005863 root:root 0755 - -
+c3lzYWRtaW4= - -
aG9tZS9zeXNhZG1pbi8uYmFzaF9sb2dvdXQ= 1757582867.000000000 1757582867.000000000 sysadmin:users 0644 - -
+aG9tZQ== 1773074781.647958337 1771512801.576005863 root:root 0755 - -
+c3lzYWRtaW4= - -
aG9tZS9zeXNhZG1pbi8uYmFzaF9wcm9maWxl 1757861225.000000000 1757584711.000000000 sysadmin:users 0644 - -
+aG9tZQ== 1773074781.647958337 1771512801.576005863 root:root 0755 - -
+c3lzYWRtaW4= - -
aG9tZS9zeXNhZG1pbi8uYmFzaHJj 1758887092.000000000 1757586493.000000000 sysadmin:users 0644 - -
+aG9tZQ== 1773074781.647958337 1771512801.576005863 root:root 0755 - -
+c3lzYWRtaW4= - -
aG9tZS9zeXNhZG1pbi8uZ2l0Y29uZmln 1757582738.000000000 1757582738.000000000 sysadmin:users 0644 - -
+aG9tZQ== 1773074781.647958337 1771512801.576005863 root:root 0755 - -
+c3lzYWRtaW4= - -
aG9tZS9zeXNhZG1pbi8uZ2l0aWdub3Jl 1757600312.000000000 1757600312.000000000 sysadmin:users 0644 - -
+aG9tZQ== 1773074781.647958337 1771512801.576005863 root:root 0755 - -
+c3lzYWRtaW4= - -
+LmxvY2Fs - -
+c2hhcmU= - -
+bmFubw== - -
aG9tZS9zeXNhZG1pbi8ubG9jYWwvc2hhcmUvbmFuby8uZ2l0aWdub3Jl 1757586210.000000000 1757586210.000000000 sysadmin:users 0644 - -
+aG9tZQ== 1773074781.647958337 1771512801.576005863 root:root 0755 - -
+c3lzYWRtaW4= - -
aG9tZS9zeXNhZG1pbi8ubmFub3Jj 1757585756.000000000 1757585756.000000000 sysadmin:users 0644 - -
+aG9tZQ== 1773074781.647958337 1771512801.576005863 root:root 0755 - -
+c3lzYWRtaW4= - -
+LnNzaA== - -
aG9tZS9zeXNhZG1pbi8uc3NoLy5naXRpZ25vcmU= 1757593349.000000000 1757593349.000000000 sysadmin:users 0644 - -
+aG9tZQ== 1773074781.647958337 1771512801.576005863 root:root 0755 - -
+c3lzYWRtaW4= - -
+LnNzaA== - -
aG9tZS9zeXNhZG1pbi8uc3NoL2F1dGhvcml6ZWRfa2V5cw== 1757763178.000000000 1757587611.000000000 sysadmin:users 0644 - -
+b3B0 1771515169.961748163 1771501851.000000000 root:root 0755 - -
+c2Jpbg== 1767688090.000000000 1767688090.000000000 root:root 0777 - -
b3B0L3NiaW4vY3JvbmpvYi1jbGVhbi1waHA= 1762538240.962584934 1758289390.000000000 root:root 0755 - -
+b3B0 1771515169.961748163 1771501851.000000000 root:root 0755 - -
+c2Jpbg== 1767688090.000000000 1767688090.000000000 root:root 0777 - -
b3B0L3NiaW4vY3JvbmpvYi1kZWh5ZHJhdGVk 1758033093.000000000 1757531685.000000000 root:root 0755 - -
+b3B0 1771515169.961748163 1771501851.000000000 root:root 0755 - -
+c2Jpbg== 1767688090.000000000 1767688090.000000000 root:root 0777 - -
b3B0L3NiaW4vY3JvbmpvYi1yb3RhdGUtbG9ncy1zeW1saW5rcw== 1758555302.000000000 1758224324.000000000 root:root 0755 - -
-b3B0L3NiaW4vY3JvbmpvYi11cGRhdGUtcGFja2FnZXMtbGlzdA== 1757531121.000000000 1757531121.000000000 root:root 0755 - -
+b3B0 1771515169.961748163 1771501851.000000000 root:root 0755 - -
+c2Jpbg== 1767688090.000000000 1767688090.000000000 root:root 0777 - -
+b3B0L3NiaW4vY3JvbmpvYi11cGRhdGUtcGFja2FnZXMtbGlzdA== 1773518953.705866964 1757531121.000000000 root:root 0755 - -
+b3B0 1771515169.961748163 1771501851.000000000 root:root 0755 - -
+c2Jpbg== 1767688090.000000000 1767688090.000000000 root:root 0777 - -
b3B0L3NiaW4vY3JvbmpvYi13YXJuLWdpdC1zdGF0dXM= 1758221607.000000000 1757591137.000000000 root:root 0755 - -
+b3B0 1771515169.961748163 1771501851.000000000 root:root 0755 - -
+c2Jpbg== 1767688090.000000000 1767688090.000000000 root:root 0777 - -
b3B0L3NiaW4vZGVoeWRyYXRlZA== 1757531557.000000000 1757531557.000000000 root:root 0755 - -
+b3B0 1771515169.961748163 1771501851.000000000 root:root 0755 - -
+c2Jpbg== 1767688090.000000000 1767688090.000000000 root:root 0777 - -
b3B0L3NiaW4vcHVzaG92ZXItY2xpZW50 1758224526.000000000 1758224526.000000000 root:root 0755 - -
+b3B0 1771515169.961748163 1771501851.000000000 root:root 0755 - -
+c2Jpbg== 1767688090.000000000 1767688090.000000000 root:root 0777 - -
b3B0L3NiaW4vdGVycmFmb3JtLWh0dHAtYmFja2VuZA== 1757590543.000000000 1757590543.000000000 root:root 0755 - -
+cm9vdA== 1773952633.775904057 1771512801.616005200 root:root 0755 - -
cm9vdC8uYmFzaF9sb2dvdXQ= 1757582867.000000000 1757582867.000000000 root:root 0644 - -
+cm9vdA== 1773952633.775904057 1771512801.616005200 root:root 0755 - -
cm9vdC8uYmFzaF9wcm9maWxl 1757584711.000000000 1757584711.000000000 root:root 0644 - -
+cm9vdA== 1773952633.775904057 1771512801.616005200 root:root 0755 - -
cm9vdC8uYmFzaHJj 1758887027.000000000 1757586493.000000000 root:root 0644 - -
+cm9vdA== 1773952633.775904057 1771512801.616005200 root:root 0755 - -
cm9vdC8uZ2l0Y29uZmln 1757582738.000000000 1757582738.000000000 root:root 0644 - -
+cm9vdA== 1773952633.775904057 1771512801.616005200 root:root 0755 - -
cm9vdC8uZ2l0aWdub3Jl 1771509562.912369370 1757600312.000000000 root:root 0644 - -
+cm9vdA== 1773952633.775904057 1771512801.616005200 root:root 0755 - -
+LmxvY2Fs - -
+c2hhcmU= - -
+bmFubw== - -
cm9vdC8ubG9jYWwvc2hhcmUvbmFuby8uZ2l0aWdub3Jl 1757586210.000000000 1757586210.000000000 root:root 0644 - -
+cm9vdA== 1773952633.775904057 1771512801.616005200 root:root 0755 - -
cm9vdC8ubmFub3Jj 1757585756.000000000 1757585756.000000000 root:root 0644 - -
+cm9vdA== 1773952633.775904057 1771512801.616005200 root:root 0755 - -
+LnNzaA== - -
cm9vdC8uc3NoLy5naXRpZ25vcmU= 1757593349.000000000 1757593349.000000000 root:root 0644 - -
+cm9vdA== 1773952633.775904057 1771512801.616005200 root:root 0755 - -
+LnNzaA== - -
cm9vdC8uc3NoL2F1dGhvcml6ZWRfa2V5cw== 1757587611.000000000 1757587611.000000000 root:root 0644 - -
+cm9vdA== 1773952633.775904057 1771512801.616005200 root:root 0755 - -
+c3R1ZmYtdG8ta2VlcA== - -
cm9vdC9zdHVmZi10by1rZWVwL2NsZWFuLWZk 1758994151.000000000 1758992264.000000000 root:root 0755 - -
-cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9iY21hdGguaW5p 1754432591.000000000 1754432591.000000000 root:root 0644 - -
-cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9iejIuaW5p 1754432591.000000000 1754432591.000000000 root:root 0644 - -
-cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9jdXJsLmluaQ== 1754432591.000000000 1754432591.000000000 root:root 0644 - -
-cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9nZC5pbmk= 1758756479.000000000 1758756479.000000000 root:root 0644 - -
-cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9nZXR0ZXh0LmluaQ== 1754432591.000000000 1754432591.000000000 root:root 0644 - -
-cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9nbXAuaW5p 1754432591.000000000 1754432591.000000000 root:root 0644 - -
-cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9pY29udi5pbmk= 1754432591.000000000 1754432591.000000000 root:root 0644 - -
-cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9pbWFwLmluaQ== 1758756479.000000000 1758756479.000000000 root:root 0644 - -
-cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9pbnRsLmluaQ== 1754432591.000000000 1754432591.000000000 root:root 0644 - -
-cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9sZGFwLmluaQ== 1754432591.000000000 1754432591.000000000 root:root 0644 - -
-cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9tYnN0cmluZy5pbmk= 1754432591.000000000 1754432591.000000000 root:root 0644 - -
-cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9vcGNhY2hlLmluaQ== 1754432591.000000000 1754432591.000000000 root:root 0644 - -
-cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9vcGVuc3NsLmluaQ== 1754432591.000000000 1754432591.000000000 root:root 0644 - -
-cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9wb3NpeC5pbmk= 1754432591.000000000 1754432591.000000000 root:root 0644 - -
-cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9zZXNzaW9uLmluaQ== 1754432591.000000000 1754432591.000000000 root:root 0644 - -
-cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9zaW1wbGV4bWwuaW5p 1754432591.000000000 1754432591.000000000 root:root 0644 - -
-cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9zb2RpdW0uaW5p 1758756479.000000000 1758756479.000000000 root:root 0644 - -
-cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9zcWxpdGUzLmluaQ== 1754432591.000000000 1754432591.000000000 root:root 0644 - -
-cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF94bWwuaW5p 1754432591.000000000 1754432591.000000000 root:root 0644 - -
-cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF96aXAuaW5p 1754432591.000000000 1754432591.000000000 root:root 0644 - -
-cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMV9waGFyLmluaQ== 1754432591.000000000 1754432591.000000000 root:root 0644 - -
-cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC85OV9wZG8uaW5p 1758566165.000000000 1758566165.000000000 root:root 0644 - -
-cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC85OV9wZG9fbXlzcWwuaW5p 1758566165.000000000 1758566165.000000000 root:root 0644 - -
-cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC85OV9wZ3NxbC5pbmk= 1758566165.000000000 1758566165.000000000 root:root 0644 - -
-cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC85OV9waGFyLmluaQ== 1758566165.000000000 1758566165.000000000 root:root 0644 - -
-cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC85OV9zZXNzaW9uLmluaQ== 1760206689.000000000 1758566165.000000000 root:root 0644 - -
-cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC85OV9zb2FwLmluaQ== 1758566165.000000000 1758566165.000000000 root:root 0644 - -
-cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC85OV9zcWxpdGUzLmluaQ== 1758566165.000000000 1758566165.000000000 root:root 0644 - -
-cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC85OV9zeXN2c2htLmluaQ== 1758566165.000000000 1758566165.000000000 root:root 0644 - -
-cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC85OV90aWR5LmluaQ== 1758566165.000000000 1758566165.000000000 root:root 0644 - -
-cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC9pbWFnaWNrLmluaQ== 1755096904.000000000 1755096904.000000000 root:root 0644 - -
+cm9vdA== 1773952633.775904057 1771512801.616005200 root:root 0755 - -
+c3R1ZmYtdG8ta2VlcA== - -
cm9vdC9zdHVmZi10by1rZWVwL2R1bW15LWRlZmF1bHQtbXRh 1762020478.278412865 1762020215.034844513 root:root 0644 - -
+cm9vdA== 1773952633.775904057 1771512801.616005200 root:root 0755 - -
+c3R1ZmYtdG8ta2VlcA== - -
cm9vdC9zdHVmZi10by1rZWVwL2R1bW15LWRlZmF1bHQtbXRhXzAuMC4xX2FsbC5kZWI= 1762020499.466056182 1762020499.458056317 root:root 0644 - -
-cm9vdC9zdHVmZi10by1rZWVwL3BocC1mcG0uY29uZg== 1758566251.000000000 1758566184.000000000 root:root 0644 - -
-cm9vdC9zdHVmZi10by1rZWVwL3BocC1mcG0uZC93d3cuY29uZg== 1758566277.000000000 1758566199.000000000 root:root 0644 - -
-cm9vdC9zdHVmZi10by1rZWVwL3BocC5pbmk= 1759845481.000000000 1758566175.000000000 root:root 0644 - -
-cm9vdC9zdHVmZi10by1rZWVwL3B1c2hvdmVyLWFsZXJ0LnN0YXJ0 1758225142.000000000 1758225089.000000000 root:root 0755 - -
-cm9vdC9zdHVmZi10by1rZWVwL3B1c2hvdmVyLWFsZXJ0LnN0b3A= 1758225254.000000000 1758225155.000000000 root:root 0755 - -
-dmFyLy5naXRpZ25vcmU= 1762537544.845782317 1758288560.000000000 root:root 0644 - -
-dmFyL2xpYi8uZ2l0aWdub3Jl 1762025492.611669032 1758288764.000000000 root:root 0644 - -
-dmFyL2xpYi90ZXJyYWZvcm0taHR0cC1iYWNrZW5kLy5naXRrZWVwZGly 1762024627.173956151 1762024627.173956151 root:root 0644 - -
+dmFy 1773949028.799601180 1771512801.620005134 root:root 0755 - -
+dmFyLy5naXRpZ25vcmU= 1773949028.747602042 1758288560.000000000 root:root 0644 - -
+dmFy 1773949028.799601180 1771512801.620005134 root:root 0755 - -
+bGli 1767688090.000000000 1767688090.000000000 root:root 0777 - -
+dmFyL2xpYi8uZ2l0aWdub3Jl 1773949953.372309903 1758288764.000000000 root:root 0644 - -
+dmFy 1773949028.799601180 1771512801.620005134 root:root 0755 - -
+bGli 1767688090.000000000 1767688090.000000000 root:root 0777 - -
+cGhw - -
+dmFyL2xpYi9waHAvLmdpdGlnbm9yZQ== 1773235424.683445828 1773235424.683445828 root:root 0644 - -
+dmFy 1773949028.799601180 1771512801.620005134 root:root 0755 - -
+bGli 1767688090.000000000 1767688090.000000000 root:root 0777 - -
+cGhw - -
+c2Vzc2lvbnM= - -
+dmFyL2xpYi9waHAvc2Vzc2lvbnMvLmdpdGlnbm9yZQ== 1773949643.981426897 1773948904.265660845 root:root 0644 - -
+dmFy 1773949028.799601180 1771512801.620005134 root:root 0755 - -
+dG1w 1773942460.457147071 1771501870.000000000 root:root 1777 - -
dmFyL3RtcC8uZ2l0aWdub3Jl 1771459200.000000000 1771459200.000000000 root:root 0644 - -
-dmFyL3RtcC9waHAtdXBsb2Fkcy8uZ2l0aWdub3Jl 1771459200.000000000 1771459200.000000000 root:root 0644 - -
-ZXRjL3NoYWRvdw== 1762449439.206774257 1762449439.206774257 root:shadow 0640 - -
-ZXRjL3NoYWRvdy0= 1762023813.000000000 1762023813.000000000 root:shadow 0640 - -
+dmFy 1773949028.799601180 1771512801.620005134 root:root 0755 - -
+dG1w 1773942460.457147071 1771501870.000000000 root:root 1777 - -
+cGhwLXVwbG9hZHM= - -
+dmFyL3RtcC9waHAtdXBsb2Fkcy8uZ2l0aWdub3Jl 1773949181.645073322 1773949181.645073322 root:root 0644 - -
+dmFy 1773949028.799601180 1771512801.620005134 root:root 0755 - -
+d3d3 - -
+dmFyL3d3dy8uZ2l0aWdub3Jl 1773949001.724048991 1773949001.724048991 root:root 0644 - -
+dmFy 1773949028.799601180 1771512801.620005134 root:root 0755 - -
+d3d3 - -
+ZGVoeWRyYXRlZA== - -
+dmFyL3d3dy9kZWh5ZHJhdGVkLy5naXRpZ25vcmU= 1773946447.886574894 1773340286.179664904 root:root 0644 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+ZXRjL3NoYWRvdw== 1773951229.983183217 1773951229.983183217 root:shadow 0640 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+ZXRjL3NoYWRvdy0= 1762449439.000000000 1762449439.000000000 root:shadow 0640 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
ZXRjL3N1ZG9lcnM= 1751262933.000000000 1751262933.000000000 root:root 0440 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+c3Vkb2Vycy5k - -
ZXRjL3N1ZG9lcnMuZC9SRUFETUU= 1751262933.000000000 1751262933.000000000 root:root 0440 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+c3Vkb2Vycy5k - -
ZXRjL3N1ZG9lcnMuZC9kZWZhdWx0cw== 1757599359.000000000 1757599359.000000000 root:root 0640 - -
+ZXRj 1773951237.415059979 1771501908.000000000 root:root 0755 - -
+c3Vkb2Vycy5k - -
ZXRjL3N1ZG9lcnMuZC9yb290LWFjY2Vzcw== 1757600157.000000000 1757600157.000000000 root:root 0640 - -
+aG9tZQ== 1773074781.647958337 1771512801.576005863 root:root 0755 - -
aG9tZS9zeXNhZG1pbg== 1758887092.000000000 1757761412.000000000 sysadmin:users 0711 - -
diff --git a/etc/apache2/apache2.conf b/etc/apache2/apache2.conf
index 8f6332d..3379e2c 100644
--- a/etc/apache2/apache2.conf
+++ b/etc/apache2/apache2.conf
@@ -12,7 +12,7 @@ LoadModule mpm_event_module /usr/lib/apache2/modules/mod_mpm_event.so
LoadModule setenvif_module /usr/lib/apache2/modules/mod_setenvif.so
#LoadModule unixd_module /usr/lib/apache2/mod_unixd.so
-# Load extra modules.
+# Load optional modules.
IncludeOptional /etc/apache2/mods-enabled/*.load
@@ -34,9 +34,9 @@ ServerSignature Email
ServerTokens Major
User www-data
Group www-data
-DefaultRuntimeDir /var/run/apache2
-PidFile /var/run/apache2/apache2.pid
-ScriptSock /var/run/apache2/cgid.sock
+DefaultRuntimeDir /run/apache2
+PidFile /run/apache2/apache2.pid
+ScriptSock /run/apache2/socks/cgid.sock
Mutex pthread
@@ -44,7 +44,7 @@ Mutex pthread
LogFormat "%h %l %u %t \"%r\" %>s %b" Common
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" Combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" VHostCombined
-CustomLog "|/usr/bin/logger -p local1.info -t httpd" VHostCombined env=!no_log
+CustomLog "|/usr/bin/logger -p local5.info -t httpd" VHostCombined env=!no_log
LogLevel warn allowmethods:crit authz_core:crit
LogLevel include:crit
@@ -52,7 +52,7 @@ LogLevel warn allowmethods:crit authz_core:crit
LogLevel ssl:crit
-ErrorLog syslog:local0
+ErrorLog syslog:local4
# Resource limits for event MPM.
@@ -128,7 +128,7 @@ BrowserMatch "Konqueror/4" redirect-carefully
DirectoryIndex index.php index.phtml
- SetHandler proxy:unix:/run/php-fpm83/php-fpm.sock|fcgi://localhost/
+ SetHandler proxy:unix:/run/php/php-fpm.sock|fcgi://localhost/
@@ -170,7 +170,7 @@ MIMEMagicFile /etc/apache2/magic
# Lets Encrypt validation.
-Alias /.well-known/acme-challenge/ /srv/dehydrated/
+Alias /.well-known/acme-challenge/ /var/www/dehydrated/
# Access control.
@@ -184,13 +184,7 @@ Alias /.well-known/acme-challenge/ /srv/dehydrated/
Require all denied
-
- Options None
- AllowOverride None
- Require all granted
-
-
-
+
Options None
AllowOverride None
Require all granted
diff --git a/etc/apache2/mods-enabled/alias.load b/etc/apache2/mods-enabled/alias.load
deleted file mode 120000
index 13a943a..0000000
--- a/etc/apache2/mods-enabled/alias.load
+++ /dev/null
@@ -1 +0,0 @@
-../mods-available/alias.load
\ No newline at end of file
diff --git a/etc/apache2/mods-enabled/allowmethods.load b/etc/apache2/mods-enabled/allowmethods.load
deleted file mode 120000
index ddeb6dc..0000000
--- a/etc/apache2/mods-enabled/allowmethods.load
+++ /dev/null
@@ -1 +0,0 @@
-../mods-available/allowmethods.load
\ No newline at end of file
diff --git a/etc/apache2/mods-enabled/authz_host.load b/etc/apache2/mods-enabled/authz_host.load
deleted file mode 120000
index badc268..0000000
--- a/etc/apache2/mods-enabled/authz_host.load
+++ /dev/null
@@ -1 +0,0 @@
-../mods-available/authz_host.load
\ No newline at end of file
diff --git a/etc/apache2/mods-enabled/dir.load b/etc/apache2/mods-enabled/dir.load
deleted file mode 120000
index 84a580b..0000000
--- a/etc/apache2/mods-enabled/dir.load
+++ /dev/null
@@ -1 +0,0 @@
-../mods-available/dir.load
\ No newline at end of file
diff --git a/etc/apache2/mods-enabled/env.load b/etc/apache2/mods-enabled/env.load
deleted file mode 120000
index ef85526..0000000
--- a/etc/apache2/mods-enabled/env.load
+++ /dev/null
@@ -1 +0,0 @@
-../mods-available/env.load
\ No newline at end of file
diff --git a/etc/apache2/mods-enabled/mime.load b/etc/apache2/mods-enabled/mime.load
deleted file mode 120000
index c2c01f7..0000000
--- a/etc/apache2/mods-enabled/mime.load
+++ /dev/null
@@ -1 +0,0 @@
-../mods-available/mime.load
\ No newline at end of file
diff --git a/etc/apache2/mods-enabled/mime_magic.load b/etc/apache2/mods-enabled/mime_magic.load
deleted file mode 120000
index fcc0e96..0000000
--- a/etc/apache2/mods-enabled/mime_magic.load
+++ /dev/null
@@ -1 +0,0 @@
-../mods-available/mime_magic.load
\ No newline at end of file
diff --git a/etc/apache2/mods-enabled/mpm_event.load b/etc/apache2/mods-enabled/mpm_event.load
deleted file mode 120000
index c1e41c1..0000000
--- a/etc/apache2/mods-enabled/mpm_event.load
+++ /dev/null
@@ -1 +0,0 @@
-../mods-available/mpm_event.load
\ No newline at end of file
diff --git a/etc/apache2/mods-enabled/proxy_http.load b/etc/apache2/mods-enabled/proxy_http.load
new file mode 120000
index 0000000..5e45913
--- /dev/null
+++ b/etc/apache2/mods-enabled/proxy_http.load
@@ -0,0 +1 @@
+../mods-available/proxy_http.load
\ No newline at end of file
diff --git a/etc/apache2/mods-enabled/setenvif.load b/etc/apache2/mods-enabled/setenvif.load
deleted file mode 120000
index 6d36106..0000000
--- a/etc/apache2/mods-enabled/setenvif.load
+++ /dev/null
@@ -1 +0,0 @@
-../mods-available/setenvif.load
\ No newline at end of file
diff --git a/etc/apache2/mods-enabled/socache_shmcb.load b/etc/apache2/mods-enabled/socache_shmcb.load
new file mode 120000
index 0000000..f729f78
--- /dev/null
+++ b/etc/apache2/mods-enabled/socache_shmcb.load
@@ -0,0 +1 @@
+../mods-available/socache_shmcb.load
\ No newline at end of file
diff --git a/etc/apache2/mods-enabled/ssl.load b/etc/apache2/mods-enabled/ssl.load
new file mode 120000
index 0000000..9d79723
--- /dev/null
+++ b/etc/apache2/mods-enabled/ssl.load
@@ -0,0 +1 @@
+../mods-available/ssl.load
\ No newline at end of file
diff --git a/etc/apache2/sites-available/core.slackware.uk.net.conf b/etc/apache2/sites-available/core.slackware.uk.net.conf
index 2b9c4a0..06531c3 100644
--- a/etc/apache2/sites-available/core.slackware.uk.net.conf
+++ b/etc/apache2/sites-available/core.slackware.uk.net.conf
@@ -1,17 +1,48 @@
-
- Options FollowSymlinks
- AllowOverride None
- Require all granted
+
+ Options +FollowSymLinks
+ AllowOverride All
+ Require all granted
+
+
+ RewriteEngine On
+ RewriteBase //wiki
+ RewriteRule ^lib - [L]
+ RewriteRule ^doku.php - [L]
+ RewriteRule ^feed.php - [L]
+ RewriteRule ^_media/(.*) lib/exe/fetch.php?media=$1 [QSA,L]
+ RewriteRule ^_detail/(.*) lib/exe/detail.php?media=$1 [QSA,L]
+ RewriteRule ^_export/([^/]+)/(.*) doku.php?do=export_$1&id=$2 [QSA,L]
+ RewriteRule ^$ doku.php [L]
+ RewriteRule (.*) doku.php?id=$1 [QSA,L]
+
-
- # include /etc/fusiondirectory/fusiondirectory.secrets
+
+ Require all denied
+
+
+ Options FollowSymLinks
AllowOverride None
Require all granted
- AddType application/wasm .wasm
+
+ AddType application/wasm .wasm
+
+ IncludeOptional /etc/fusiondirectory/fusiondirectory.secrets
+
+ Options FollowSymLinks
+ AllowOverride None
+ Require all granted
+
+
+
+ Options FollowSymlinks
+ AllowOverride None
+ Require all granted
+
+
ServerName core.slackware.uk.net
@@ -38,7 +69,20 @@
DocumentRoot /data/sites/core.slackware.uk.net/html
- Alias /fd /srv/fusiondirectory/html
- Alias /pla /srv/pla
+ Alias /fd /usr/share/fusiondirectory/html
+ Alias /javascript /usr/share/javascript
+ Alias /pla /usr/share/phpldapadmin/htdocs
+ Alias /wiki /usr/share/dokuwiki/
+ AliasMatch ^/wiki/sites/[^/]+$ /usr/share/dokuwiki/
+ AliasMatch ^/wiki/sites/[^/]+/(.*)$ /usr/share/dokuwiki/$1
+
+
+ Require all granted
+
+ # Dot NOT add backslashes to the end of the urls.
+ ProxyPass /prometheus http://127.0.0.1:9090
+ ProxyPassReverse /prometheus http://127.0.0.1:9090
+ ProxyPass /ts http://127.0.0.1:9200
+ ProxyPassReverse /ts http://127.0.0.1:9200
diff --git a/etc/apache2/sites-enabled/000-core.slackware.uk.net.conf b/etc/apache2/sites-enabled/00-core.slackware.uk.net.conf
similarity index 100%
rename from etc/apache2/sites-enabled/000-core.slackware.uk.net.conf
rename to etc/apache2/sites-enabled/00-core.slackware.uk.net.conf
diff --git a/etc/default/dokuwiki b/etc/default/dokuwiki
new file mode 100644
index 0000000..990d87b
--- /dev/null
+++ b/etc/default/dokuwiki
@@ -0,0 +1,21 @@
+# Configuration file for the dokuwiki crontab job
+
+# Comment or set to false to disable daily cleanup
+# (see )
+# (default is false)
+RUN_CLEANUP="true"
+
+# By default, cache files older than 180 days (~6 months) are removed:
+# you can use this variable to change this value according to your
+# needs.
+# (default is 180)
+#CLEANUP_MAXDAYS=180
+
+# Set to true to remove revisions older than $CLEANUP_MAXDAYS
+# (default is false)
+REMOVE_REVISIONS="false"
+
+# Set to true to enable daily spam blacklist update from Wikipedia
+# (see )
+# (default is false)
+UPDATE_BLACKLIST="true"
diff --git a/etc/default/prometheus b/etc/default/prometheus
new file mode 100644
index 0000000..80acedb
--- /dev/null
+++ b/etc/default/prometheus
@@ -0,0 +1,5 @@
+# Set the command-line arguments to pass to the server.
+# Due to shell escaping, to pass backslashes for regexes, you need to double
+# them (\\d for \d). If running under systemd, you need to double them again
+# (\\\\d to mean \d), and escape newlines too.
+ARGS="--web.external-url=https://core.slackware.uk.net:25443/prometheus --web.route-prefix=/"
diff --git a/etc/default/prometheus-alertmanager b/etc/default/prometheus-alertmanager
new file mode 100644
index 0000000..5f2b5f7
--- /dev/null
+++ b/etc/default/prometheus-alertmanager
@@ -0,0 +1,5 @@
+# Set the command-line arguments to pass to the server.
+# Due to shell escaping, to pass backslashes for regexes, you need to double
+# them (\\d for \d). If running under systemd, you need to double them again
+# (\\\\d to mean \d), and escape newlines too.
+ARGS=""
diff --git a/etc/default/prometheus-node-exporter b/etc/default/prometheus-node-exporter
index 1378629..fe47b69 100644
--- a/etc/default/prometheus-node-exporter
+++ b/etc/default/prometheus-node-exporter
@@ -2,4 +2,4 @@
# Due to shell escaping, to pass backslashes for regexes, you need to double
# them (\\d for \d). If running under systemd, you need to double them again
# (\\\\d to mean \d), and escape newlines too.
-ARGS="--web.listen-address=5.101.171.215:9100"
+ARGS="--web.listen-address=localhost:9100"
diff --git a/etc/default/terraform-http-backend b/etc/default/terraform-http-backend
index e6cc2ce..b32e067 100644
--- a/etc/default/terraform-http-backend
+++ b/etc/default/terraform-http-backend
@@ -1,7 +1,7 @@
TF_USER="thb"
-TF_IP="5.101.171.215"
-TF_PORT="25480"
+TF_IP="127.0.0.1"
+TF_PORT="9200"
TF_STORAGE_DIR="/var/lib/terraform-http-backend"
-TF_AUTH_ENABLED="true"
-TF_USERNAME="sysadmin"
-TF_PASSWORD="sunsa"
+TF_AUTH_ENABLED="false"
+#TF_USERNAME="sysadmin"
+#TF_PASSWORD="sunsa"
diff --git a/etc/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo.tar.gpg b/etc/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo.tar.gpg
index 983eedd..9a51e10 100644
Binary files a/etc/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo.tar.gpg and b/etc/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo.tar.gpg differ
diff --git a/var/lib/terraform-http-backend/.gitkeepdir b/etc/dehydrated/conf.d/.gitkeepdir
similarity index 100%
rename from var/lib/terraform-http-backend/.gitkeepdir
rename to etc/dehydrated/conf.d/.gitkeepdir
diff --git a/etc/dehydrated/config b/etc/dehydrated/config
index b43b3ad..b7e3bdd 100644
--- a/etc/dehydrated/config
+++ b/etc/dehydrated/config
@@ -3,7 +3,7 @@
# $SCRIPTDIR/config (next to this script)
# /usr/local/etc/dehydrated/config
# /etc/dehydrated/config
-# ${PWD}/config (in current working-directory)
+# $PWD/config (in current working-directory)
# Which user should dehydrated run as? This will be implictly enforced when running as root.
# Default:
@@ -32,7 +32,7 @@
#OLDCA="https://acme-v01.api.letsencrypt.org/directory"
# Which challenge should be used?
-# Supported values: http-01, dns-01, tls-alpn-01.
+# Supported values: http-01, dns-01, dns-persist-01, tls-alpn-01.
# Default: http-01
#CHALLENGETYPE="http-01"
@@ -40,7 +40,7 @@
# This allows overriding the defaults found in the main configuration file.
# Additional config files in this directory must be named with a '.sh' ending.
# Default:
-#CONFIG_D=""
+CONFIG_D="/etc/dehydrated/conf.d"
# Base directory for account key, generated certificates and list of domains.
# Default: $SCRIPTDIR
@@ -48,28 +48,28 @@ BASEDIR="/etc/dehydrated"
# File containing the list of domains for which to request certificates.
# Default: $BASEDIR/domains.txt
-DOMAINS_TXT="${BASEDIR}/domains"
+DOMAINS_TXT="$BASEDIR/domains"
# Directory for per-domain configuration files.
# If not set, per-domain configurations are sourced from each certificates output directory.
# Default:
-DOMAINS_D="${BASEDIR}/domains.d"
+DOMAINS_D="$BASEDIR/domains.d"
# Output directory for generated certificates.
-# Default: ${BASEDIR}/certs
-#CERTDIR="${BASEDIR}/certs"
+# Default: $BASEDIR/certs
+#CERTDIR="$BASEDIR/certs"
# Output directory for alpn verification certificates.
-# Default: ${BASEDIR}/alpn-certs
-#ALPNCERTDIR="${BASEDIR}/alpn-certs"
+# Default: $BASEDIR/alpn-certs
+#ALPNCERTDIR="$BASEDIR/alpn-certs"
# Directory for account keys and registration information.
-# Default: ${BASEDIR}/accounts
-#ACCOUNTDIR="${BASEDIR}/accounts"
+# Default: $BASEDIR/accounts
+#ACCOUNTDIR="$BASEDIR/accounts"
# Output directory for challenge-tokens to be served by webserver, or deployed in $HOOK.
# Default: /var/www/dehydrated
-WELLKNOWN="/srv/dehydrated"
+WELLKNOWN="/var/www/dehydrated"
# Default keysize for private keys.
# Default: 4096
@@ -91,7 +91,7 @@ WELLKNOWN="/srv/dehydrated"
# Program or function called at certain stages of processing.
# BASEDIR and WELLKNOWN variables are exported and can be used in an external program.
# Default:
-HOOK="${BASEDIR}/hooks/default"
+HOOK="$BASEDIR/hooks/default"
# Chain clean_challenge|deploy_challenge arguments together into one hook call per certificate?
# Default: no
@@ -103,7 +103,7 @@ HOOK="${BASEDIR}/hooks/default"
# Regenerate private keys instead of just signing new certificates on renewal?
# Default: yes
-PRIVATE_KEY_RENEW="no"
+#PRIVATE_KEY_RENEW="yes"
# Create an extra private key for rollover?
# Default: no
@@ -136,7 +136,7 @@ LOCKFILE="/run/dehydrated.lock"
# Issuer chain cache directory.
# Default: $BASEDIR/chains
-#CHAINCACHE="${BASEDIR}/chains"
+#CHAINCACHE="$BASEDIR/chains"
# Automatic cleanup?
# Default: no
diff --git a/etc/dehydrated/domains.d/_example_ b/etc/dehydrated/domains.d/_example_
index 941659e..76b06b3 100644
--- a/etc/dehydrated/domains.d/_example_
+++ b/etc/dehydrated/domains.d/_example_
@@ -1,7 +1,7 @@
# The settings in this file can be used to override those in the global config file in /etc/dehydrated
# Which challenge should be used?
-# Supported values: http-01, dns-01, tls-alpn-01.
+# Supported values: http-01, dns-01, dns-persist-01, tls-alpn-01.
# Default: http-01
#CHALLENGETYPE="http-01"
diff --git a/etc/dehydrated/domains.d/core.slackware.uk.net b/etc/dehydrated/domains.d/core.slackware.uk.net
deleted file mode 100644
index 941659e..0000000
--- a/etc/dehydrated/domains.d/core.slackware.uk.net
+++ /dev/null
@@ -1,48 +0,0 @@
-# The settings in this file can be used to override those in the global config file in /etc/dehydrated
-
-# Which challenge should be used?
-# Supported values: http-01, dns-01, tls-alpn-01.
-# Default: http-01
-#CHALLENGETYPE="http-01"
-
-# Default keysize for private keys.
-# Default: 4096
-#KEYSIZE="4096"
-
-# Program or function called at certain stages of processing.
-# BASEDIR and WELLKNOWN variables are exported and can be used in an external program.
-# Default:
-#HOOK=""
-
-# Chain clean_challenge|deploy_challenge arguments together into one hook call per certificate?
-# Default: no
-#HOOK_CHAIN="no"
-
-# Minimum days before expiration to automatically renew certificate.
-# Default: 30
-#RENEW_DAYS="30"
-
-# Regenerate private keys instead of just signing new certificates on renewal?
-# Default: yes
-#PRIVATE_KEY_RENEW="yes"
-
-# Create an extra private key for rollover?
-# Default: no
-#PRIVATE_KEY_ROLLOVER="no"
-
-# Which public key algorithm should be used?
-# Supported: rsa, prime256v1, secp384r1.
-# Default: rsa
-#KEY_ALGO="rsa"
-
-# Option to add CSR-flag indicating OCSP stapling to be mandatory.
-# Default: no
-#OCSP_MUST_STAPLE="no"
-
-# Fetch OCSP responses.
-# Default: no
-#OCSP_FETCH="no"
-
-# OCSP refresh interval, in days.
-# Default: 5
-#OCSP_DAYS="5"
diff --git a/etc/dehydrated/hooks/default b/etc/dehydrated/hooks/default
index 2c94e31..b28b4b2 100755
--- a/etc/dehydrated/hooks/default
+++ b/etc/dehydrated/hooks/default
@@ -1,136 +1,189 @@
#!/usr/bin/env bash
-# This file contains the default hook functions for dehydrated - these functions will be used when there is no overriding certificate specific hooks file.
-# All but startup_hook and ext_hook can be overridden by a hooks script on a per certificate basis.
+# This file contains the default hook functions for dehydrated - these functions will be used when there is no overriding certificate
+# specific hooks file. All but startup_hook and ext_hook can be overridden by a hooks script on a per certificate basis.
#
# shellcheck disable=SC2034,SC2317
# Configuration.
# Where the copies of the current certificates/keys should be placed. Comment for no copying.
CERTSDIR="/etc/certificates"
-# The syslog facility and tag to use.
-FACILITY="local3"
-TAG="dehydrated"
-# Where from/to to send emails.
-EMAIL_FROM="\"Server: ${HOSTNAME%%.*}\" "
+# The syslog facility and tag to use. Comment for no sysloging.
+SYSLOG_FACILITY="local1"
+SYSLOG_TAG="dehydrated-hooks"
+# Where from/to to send emails. Comment for no emailing.
+EMAIL_FROM="\"Server: ${HOSTNAME%%.*}\" "
EMAIL_TO=("Systems' Administrator ")
# Get the system ID.
# shellcheck disable=SC2046
declare SYSTEM_$(grep '^ID=' /etc/os-release 2>/dev/null)
-# Write a message to syslog, and send a copy via email.
+# Write a message to syslog and/or send via email.
notify() {
- local LOG_PREFIX="${LOG_PREFIX:-Certificate renewal} $1" PRIORITY
+ # Parameters:
+ # $1 Log entry type (currently one of: error, warning or info).
+ # $2... The text of the log entry.
+
+ local PREFIX PRIORITY
[[ -z "$1" ]] && return 1
# Select the syslog priority level.
case "$1" in
- 'error') PRIORITY="err" ;;
- 'warning') PRIORITY="warn" ;;
- *) PRIORITY="info" ;;
+ 'error')
+ PREFIX="${LOG_PREFIX:-Certificate renewal} $1"
+ PRIORITY="err"
+ shift
+ ;;
+ 'info')
+ PREFIX="${LOG_PREFIX:-Certificate renewal} $1"
+ PRIORITY="info"
+ shift
+ ;;
+ 'warning')
+ PREFIX="${LOG_PREFIX:-Certificate renewal} $1"
+ PRIORITY="warn"
+ shift
+ ;;
+ *)
+ LOG_PREFIX="Dehydrated hooks' coding"
+ notify "error" "Invalid or no log entry severity specified - using 'error'"
+ PREFIX="${LOG_PREFIX:-Certificate renewal} error"
+ PRIORITY="err"
+ ;;
esac
- shift
- # Log the message to syslog
- if [[ "$ID" == "alpine" ]]; then
- # BusyBox logger on Alpine's is missing the --id option.
- printf "%s\\n" "$LOG_PREFIX:" "$@" "EOX" | logger -p "$FACILITY.$PRIORITY" -t "$TAG" >/dev/null 2>&1
- else
- printf "%s\\n" "$LOG_PREFIX:" "$@" "EOX" | logger --id="$$" -p "$FACILITY.$PRIORITY" -t "$TAG" >/dev/null 2>&1
- fi
+ # Log the message to syslog.
+ [[ -n "$SYSLOG_FACILITY" ]] && [[ -n "$SYSLOG_TAG" ]] && {
+ if [[ "$SYSTEM_ID" == "alpine" ]]; then
+ # BusyBox logger on Alpine's is missing the --id option.
+ printf "%s\\n" "$PREFIX:" "$@" "EOL" | logger -p "$SYSLOG_FACILITY.$PRIORITY" -t "$SYSLOG_TAG" >/dev/null 2>&1
+ else
+ printf "%s\\n" "$PREFIX:" "$@" "EOL" | logger --id="$$" -p "$SYSLOG_FACILITY.$PRIORITY" -t "$SYSLOG_TAG" >/dev/null 2>&1
+ fi
+ }
# Email the notification.
- printf "%s\\n" "$@" | mail -r "$EMAIL_FROM" -s "$LOG_PREFIX" "${EMAIL_TO[@]}" >/dev/null 2>&1
+ [[ -n "$EMAIL_FROM" ]] && [[ -n "${EMAIL_TO[*]}" ]] && {
+ printf "%s\\n" "$@" | mail -r "$EMAIL_FROM" -s "$PREFIX" "${EMAIL_TO[@]}" >/dev/null 2>&1
+ }
return 0
}
# Service configurations (used at startup/shutdown).
services() {
- local DAEMON ERR=0 LOG_PREFIX="Dehydrated configuration" PIDFILE RCFILE SANITY="$1"
+ # Parameters:
+ # $1 Whether to sanity check configuration. '1' == sanity check.
- # Select the service configuration based on the distribution.
- # RCFILE_ is required for any service.
- # Either DAEMON_ or PIDFILE_, or both is required for any service.
- if [[ "$SYSTEM_ID" == "slackware" ]]; then
- # HTTP daemon selection.
- if [[ -x "/etc/rc.d/rc.httpd" ]]; then
- RCFILE_HTTPD="/etc/rc.d/rc.httpd"
- DAEMON_HTTPD="httpd"
- PIDFILE_HTTPD="/run/httpd.pid"
- elif [[ -x "/etc/rc.d/rc.thttpd" ]]; then
- RCFILE_HTTPD="/etc/rc.d/rc.thttpd"
- DAEMON_HTTPD="thttpd"
- PIDFILE_HTTPD="/run/thttpd.pid"
- fi
- # FTP daemon selection.
- if [[ -x "/etc/rc.d/rc.proftpd" ]]; then
- RCFILE_FTPD="/etc/rc.d/rc.proftpd"
- DAEMON_FTPD="proftpd"
- PIDFILE_FTPD="/run/proftpd.pid"
- fi
- # SMTP daemon selection.
- if [[ -x "/etc/rc.d/rc.exim" ]]; then
- RCFILE_SMTPD="/etc/rc.d/rc.exim"
- DAEMON_SMTPD="exim"
- PIDFILE_SMTPD="/run/exim.pid"
- fi
- elif [[ "$SYSTEM_ID" == "void" ]]; then
- # HTTP daemon selection.
- # thttpd on Void doesn't have a directly callable rc script, so can't be supported.
- if [[ -x "/usr/sbin/apachectl" ]]; then
- RCFILE_HTTPD="/usr/sbin/apachectl"
- DAEMON_HTTPD="httpd"
- PIDFILE_HTTPD="/run/httpd/httpd.pid"
- fi
- elif [[ "$SYSTEM_ID" == "alpine" ]]; then
- # HTTP daemon selection.
+ local LOG_PREFIX="Dehydrated hooks' configuration" SERVICE
+ declare -g -A SERVICE_CTL SERVICE_DAEMON SERVICE_PIDFILE
+
+ # Select the service configurations based on the distribution.
+ # SERVICE_CTL[''] is required, and either SERVICE_DAEMON[''] or SERVICE_PIDFILE[''], or both is required for any service.
+ # An 'httpd' service must be defined for certificate renewal to work.
+ if [[ "$SYSTEM_ID" == "alpine" ]]; then
+ # HTTP daemon.
if [[ -x "/etc/init.d/apache2" ]]; then
- RCFILE_HTTPD="/etc/init.d/apache2"
- DAEMON_HTTPD="httpd"
- PIDFILE_HTTPD="/run/apache2/httpd.pid"
+ SERVICE_CTL['httpd']="/etc/init.d/apache2"
+ SERVICE_DAEMON['httpd']="httpd"
+ SERVICE_PIDFILE['httpd']="/run/apache2/httpd.pid"
elif [[ -x "/etc/init.d/thttpd" ]]; then
- RCFILE_HTTPD="/etc/init.d/thttpd"
- DAEMON_HTTPD="thttpd"
- PIDFILE_HTTPD="/run/thttpd.pid"
+ SERVICE_CTL['httpd']="/etc/init.d/thttpd"
+ SERVICE_DAEMON['httpd']="thttpd"
+ SERVICE_PIDFILE['httpd']="/run/thttpd.pid"
fi
# Samba daemon selection.
if [[ -x "/etc/init.d/samba" ]]; then
-# FIXME:
-# RCFILE_SAMBA="/etc/init.d/samba"
- DAEMON_SAMBA="samba"
- PIDFILE_SAMBA="/run/samba.pid"
+ SERVICE_CTL['samba']="/etc/init.d/samba"
+ SERVICE_DAEMON['samba']="samba"
+ SERVICE_PIDFILE['samba']="/run/samba.pid"
fi
+ elif [[ "$SYSTEM_ID" =~ ^(debian|devuan)$ ]]; then
+ # HTTP daemon.
+ if [[ -x "/usr/sbin/apachectl" ]]; then
+ SERVICE_CTL['httpd']="/usr/sbin/apachectl"
+ SERVICE_DAEMON['httpd']="apache2"
+ SERVICE_PIDFILE['httpd']="/run/apache2/apache2.pid"
+ fi
+ # Samba daemon.
+ if [[ -x "/etc/init.d/samba" ]]; then
+ SERVICE_CTL['samba']="/etc/init.d/samba"
+ SERVICE_DAEMON['samba']="samba"
+ SERVICE_PIDFILE['samba']="/run/samba/samba.pid"
+ fi
+ elif [[ "$SYSTEM_ID" == "slackware" ]]; then
+ # HTTP daemon.
+ if [[ -x "/etc/rc.d/rc.httpd" ]]; then
+ SERVICE_CTL['httpd']="/etc/rc.d/rc.httpd"
+ SERVICE_DAEMON['httpd']="httpd"
+ SERVICE_PIDFILE['httpd']="/run/httpd.pid"
+ elif [[ -x "/etc/rc.d/rc.thttpd" ]]; then
+ SERVICE_CTL['httpd']="/etc/rc.d/rc.thttpd"
+ SERVICE_DAEMON['httpd']="thttpd"
+ SERVICE_PIDFILE['httpd']="/run/thttpd.pid"
+ fi
+ # FTP daemon.
+ if [[ -x "/etc/rc.d/rc.proftpd" ]]; then
+ SERVICE_CTL['ftpd']="/etc/rc.d/rc.proftpd"
+ SERVICE_DAEMON['ftpd']="proftpd"
+ SERVICE_PIDFILE['ftpd']="/run/proftpd.pid"
+ fi
+ # SMTP daemon.
+ if [[ -x "/etc/rc.d/rc.exim" ]]; then
+ SERVICE_CTL['smtpd']="/etc/rc.d/rc.exim"
+ SERVICE_DAEMON['smtpd']="exim"
+ SERVICE_PIDFILE['smtpd']="/run/exim.pid"
+ fi
+ elif [[ "$SYSTEM_ID" == "void" ]]; then
+ # HTTP daemon selection.
+ # Note: thttpd on Void doesn't have a directly callable rc script, so can't be supported.
+ if [[ -x "/usr/sbin/apachectl" ]]; then
+ SERVICE_CTL['httpd']="/usr/sbin/apachectl"
+ SERVICE_DAEMON['httpd']="httpd"
+ SERVICE_PIDFILE['httpd']="/run/httpd/httpd.pid"
+ fi
+ else
+ notify "error" "'$SYSTEM_ID' is not a supported platform for hooks"
+ return 1
fi
# Sanity check settings.
- ((SANITY == 1)) && {
- [[ -z "$RCFILE_HTTPD" ]] && notify "warning" "No configuration settings for an HTTP daemon - no start/restart of HTTP daemon is possible -- check configuration"
- for RCFILE in "${!RCFILE_@}"; do
- DAEMON="DAEMON_${RCFILE#RCFILE_}"
- PIDFILE="PIDFILE_${RCFILE#RCFILE_}"
- [[ -n "${!RCFILE}" ]] && [[ -z "${!DAEMON}" ]] && [[ -z "${!PIDFILE}" ]] && notify "error" "'$RCFILE' is set, but neither '$DAEMON' nor '$PIDFILE' is set - at least one setting is required -- aborting" && ERR=1
+ (( $1 == 1 )) && {
+ local IFS=$'\n'
+ for SERVICE in $(printf "%s\\n" "${!SERVICE_CTL[@]}" "${!SERVICE_DAEMON[@]}" "${!SERVICE_PIDFILE[@]}" | sort | uniq); do
+ if [[ -z "${SERVICE_CTL[\"$SERVICE\"]}" ]]; then
+ if [[ "$SERVICE" == "httpd" ]]; then
+ notify "warning" "'SERVICE_CTL' is not set for service 'httpd' - HTTP based validation, if used, not possible" "Comment all 'httpd' SERVICE_* settings to silence this warning"
+ else
+ notify "warning" "'SERVICE_CTL' is not set for service '$SERVICE'"
+ fi
+ unset "SERVICE_CTL['$SERVICE']" "SERVICE_DAEMON['$SERVICE']" "SERVICE_PIDFILE['$SERVICE']"
+ continue
+ else
+ [[ -z "${SERVICE_DAEMON[\"$SERVICE\"]}" ]] && [[ -z "${SERVICE_PIDFILE[\"$SERVICE\"]}" ]] && {
+ notify "warning" "neither 'SERVICE_DAEMON' nor 'SERVICE_PIDFILE' is set for service '$SERVICE' - at least one setting is required"
+ unset "SERVICE_CTL['$SERVICE']" "SERVICE_DAEMON['$SERVICE']" "SERVICE_PIDFILE['$SERVICE']"
+ continue
+ }
+ fi
done
}
- ((ERR == 1)) && return 1
-
return 0
}
+# Called once for every domain that needs to be validated, including any alternative names listed.
deploy_challenge() {
- local DOMAIN="$1" TOKEN_FILENAME="$2" TOKEN_VALUE="$3"
-
- # This hook is called once for every domain that needs to be
- # validated, including any alternative names you may have listed.
# Parameters:
- # DOMAIN - The domain name (CN or subject alternative name) being validated.
- # TOKEN_FILENAME - The name of the file containing the token to be served for HTTP validation
- # Should be served by your web server as /.well-known/acme-challenge/${TOKEN_FILENAME}.
- # TOKEN_VALUE - The token value that needs to be served for validation.
- # For DNS validation, this is what you want to put in the _acme-challenge TXT record.
- # For HTTP validation it is the value that is expected be found in the $TOKEN_FILENAME file.
+ # $1 (DOMAIN) The domain name (CN or subject alternative name) being validated.
+ # $2 (TOKEN_FILENAME) The name of the file containing the token to be served for HTTP validation
+ # Should be served by your web server as /.well-known/acme-challenge/${TOKEN_FILENAME}.
+ # $3 (TOKEN_VALUE) The token value that needs to be served for validation.
+ # For HTTP validation it is the value that is expected be found in the $TOKEN_FILENAME file.
+ # For DNS validation, this is what you want to put in the _acme-challenge TXT record.
+
+ local DOMAIN="$1" TOKEN_FILENAME="$2" TOKEN_VALUE="$3"
# Simple example: Use nsupdate with local named
# printf 'server 127.0.0.1\nupdate add _acme-challenge.%s 300 IN TXT "%s"\nsend\n' "$DOMAIN" "$TOKEN_VALUE" | nsupdate -k /var/run/named/session.key
@@ -139,11 +192,18 @@ deploy_challenge() {
}
+# Called after attempting to validate each domain, whether or not validation was successful.
+# Can be used to delete files or DNS records that are no longer needed.
clean_challenge() {
- local DOMAIN="$1" TOKEN_FILENAME="$2" TOKEN_VALUE="$3"
+ # Parameters:
+ # $1 (DOMAIN) The domain name (CN or subject alternative name) being validated.
+ # $2 (TOKEN_FILENAME) The name of the file containing the token to be served for HTTP validation
+ # Should be served by your web server as /.well-known/acme-challenge/${TOKEN_FILENAME}.
+ # $3 (TOKEN_VALUE) The token value that needs to be served for validation.
+ # For HTTP validation it is the value that is expected be found in the $TOKEN_FILENAME file.
+ # For DNS validation, this is what you want to put in the _acme-challenge TXT record.
- # This hook is called after attempting to validate each domain, whether or not validation was successful. Here you can delete files or DNS records that are no longer needed.
- # The parameters are the same as for deploy_challenge.
+ local DOMAIN="$1" TOKEN_FILENAME="$2" TOKEN_VALUE="$3"
# Simple example: Use nsupdate with local named
# printf 'server 127.0.0.1\nupdate delete _acme-challenge.%s TXT "%s"\nsend\n' "$DOMAIN" "$TOKEN_VALUE" | nsupdate -k /var/run/named/session.key
@@ -152,38 +212,37 @@ clean_challenge() {
}
+# Called after the certificates have been created but before they are symlinked.
+# This allows the sync the files to disk to prevent creating a symlink to empty files on unexpected system crashes.
+# This hook is not intended to be used for further processing of certificate files; see deploy_cert for that.
sync_cert() {
+ # Parameters:
+ # $1 (KEYFILE) The path of the file containing the private key.
+ # $2 (CERTFILE) The path of the file containing the signed certificate.
+ # $3 (FULLCHAINFILE) The path of the file containing the full certificate chain.
+ # $4 (CHAINFILE) The path of the file containing the intermediate certificate(s).
+ # $5 (REQUESTFILE) The path of the file containing the certificate signing request.
+
local KEYFILE="$1" CERTFILE="$2" FULLCHAINFILE="$3" CHAINFILE="$4" REQUESTFILE="$5"
- # This hook is called after the certificates have been created but before they are symlinked.
- # This allows you to sync the files to disk to prevent creating a symlink to empty files on unexpected system crashes.
- # This hook is not intended to be used for further processing of certificate files; see deploy_cert for that.
- # Parameters:
- # KEYFILE - The path of the file containing the private key.
- # CERTFILE - The path of the file containing the signed certificate.
- # FULLCHAINFILE - The path of the file containing the full certificate chain.
- # CHAINFILE - The path of the file containing the intermediate certificate(s).
- # REQUESTFILE - The path of the file containing the certificate signing request.
-
- # Simple example: sync the files before symlinking them
- # sync "$KEYFILE" "$CERTFILE" "$FULLCHAINFILE" "$CHAINFILE" "$REQUESTFILE"
+ sync "$KEYFILE" "$CERTFILE" "$FULLCHAINFILE" "$CHAINFILE" "$REQUESTFILE"
return 0
}
+# Called once for each certificate that has been produced.
+# Here you can copy your new certificates to service-specific locations and reload the service.
deploy_cert() {
- local DOMAIN="$1" KEYFILE="$2" CERTFILE="$3" FULLCHAINFILE="$4" CHAINFILE="$5" TIMESTAMP="$6"
-
- # This hook is called once for each certificate that has been produced.
- # Here you might, for instance, copy your new certificates to service-specific locations and reload the service.
# Parameters:
- # DOMAIN - The primary domain name, i.e. the certificate common name (CN).
- # KEYFILE - The path of the file containing the private key.
- # CERTFILE - The path of the file containing the signed certificate.
- # FULLCHAINFILE - The path of the file containing the full certificate chain.
- # CHAINFILE - The path of the file containing the intermediate certificate(s).
- # TIMESTAMP - Timestamp when the specified certificate was created.
+ # $1 (DOMAIN) The primary domain name, i.e. the certificate common name (CN).
+ # $2 (KEYFILE) The path of the file containing the private key.
+ # $3 (CERTFILE) The path of the file containing the signed certificate.
+ # $4 (FULLCHAINFILE) The path of the file containing the full certificate chain.
+ # $5 (CHAINFILE) The path of the file containing the intermediate certificate(s).
+ # $6 (TIMESTAMP) Timestamp when the specified certificate was created.
+
+ local DOMAIN="$1" KEYFILE="$2" CERTFILE="$3" FULLCHAINFILE="$4" CHAINFILE="$5" TIMESTAMP="$6"
local FILE LOG_PREFIX="Certificate deployment"
@@ -198,9 +257,10 @@ deploy_cert() {
}
done
- # The first time through this will create the files readable by root only, but better to err on the side of caution.
- # Subsequent runs will retain whatever permissions were set by the admin after the first run.
+ # Only copy the certificate if it differs from the new one.
cmp "$CERTFILE" "$CERTSDIR/${DOMAIN}_cert.pem" >/dev/null 2>&1 || {
+ # The first time through this will create the files readable by root only, but better to err on the side of caution.
+ # Subsequent runs will retain whatever permissions were set by the admin after the first run.
umask 066
# shellcheck disable=SC2015
cat "$CERTFILE" >"$CERTSDIR/${DOMAIN}_cert.pem" && cat "$KEYFILE" >"$CERTSDIR/${DOMAIN}_key.pem" && cat "$CHAINFILE" >"$CERTSDIR/${DOMAIN}_chain.pem" && cat "$FULLCHAINFILE" >"$CERTSDIR/${DOMAIN}_fullchain.pem" || {
@@ -211,7 +271,7 @@ deploy_cert() {
}
# Set a marker (used in the exit_hook function) to signal that services should be reloaded at the end of deployments.
- touch /run/dehydrated-reload-marker || {
+ touch "/run/dehydrated-reload-marker" || {
notify "warning" "Failed to create reload marker during '$DOMAIN' certificate deployment - reloading services manually may be required -- check server"
# Return 0 so that dehydrated doesn't stop - there may be some more certificates to renew.
return 0
@@ -225,15 +285,15 @@ deploy_cert() {
}
+# Called once for each updated OCSP stapling file that has been produced.
+# Here you can copy your new OCSP stapling files to service-specific locations and reload the service.
deploy_ocsp() {
- local DOMAIN="$1" OCSPFILE="$2" TIMESTAMP="$3"
-
- # This hook is called once for each updated ocsp stapling file that has been produced.
- # Here you might, for instance, copy your new ocsp stapling files to service-specific locations and reload the service.
# Parameters:
- # DOMAIN - The primary domain name, i.e. the certificate common name (CN).
- # OCSPFILE - The path of the ocsp stapling file.
- # TIMESTAMP - Timestamp when the specified ocsp stapling file was created.
+ # $1 (DOMAIN) The primary domain name, i.e. the certificate common name (CN).
+ # $2 (OCSPFILE) The path of the OCSP stapling file.
+ # $3 (TIMESTAMP) Timestamp when the specified OCSP stapling file was created.
+
+ local DOMAIN="$1" OCSPFILE="$2" TIMESTAMP="$3"
# Simple example: Copy file to nginx config
# cp "$OCSPFILE" /etc/nginx/ssl/; chown -R nginx: /etc/nginx/ssl
@@ -243,28 +303,28 @@ deploy_ocsp() {
}
+# Called once for each certificate that is still valid and therefore wasn't reissued.
unchanged_cert() {
- local DOMAIN="$1" KEYFILE="$2" CERTFILE="$3" FULLCHAINFILE="$4" CHAINFILE="$5"
-
- # This hook is called once for each certificate that is still valid and therefore wasn't reissued.
# Parameters:
- # DOMAIN - The primary domain name, i.e. the certificate common name (CN).
- # KEYFILE - The path of the file containing the private key.
- # CERTFILE - The path of the file containing the signed certificate.
- # FULLCHAINFILE - The path of the file containing the full certificate chain.
- # CHAINFILE - The path of the file containing the intermediate certificate(s).
+ # $1 (DOMAIN) The primary domain name, i.e. the certificate common name (CN).
+ # $2 (KEYFILE) The path of the file containing the private key.
+ # $3 (CERTFILE) The path of the file containing the signed certificate.
+ # $4 (FULLCHAINFILE) The path of the file containing the full certificate chain.
+ # $5 (CHAINFILE) The path of the file containing the intermediate certificate(s).
+
+ local DOMAIN="$1" KEYFILE="$2" CERTFILE="$3" FULLCHAINFILE="$4" CHAINFILE="$5"
return 0
}
+# Called if the challenge response has failed, so domain owners can be aware and act accordingly.
invalid_challenge() {
- local DOMAIN="$1" RESPONSE="$2"
-
- # This hook is called if the challenge response has failed, so domain owners can be aware and act accordingly.
# Parameters:
- # DOMAIN - The primary domain name, i.e. the certificate common name (CN).
- # RESPONSE - The response that the verification server returned
+ # $1 (DOMAIN) The primary domain name, i.e. the certificate common name (CN).
+ # $2 (RESPONSE) The response that the verification server returned
+
+ local DOMAIN="$1" RESPONSE="$2"
# Notify the sysadmin.
notify "error" "Validation of '$DOMAIN' failed:" "$RESPONSE"
@@ -273,154 +333,174 @@ invalid_challenge() {
}
+# Called when an HTTP request fails (e.g., when the ACME server is busy, returns an error, etc).
+# It will be called upon any response code that does not start with '2'. Useful to alert admins about problems with requests.
request_failure() {
+ # Parameters:
+ # $1 (STATUSCODE) The HTML status code that originated the error.
+ # $2 (REASON) The specified reason for the error.
+ # $3 (REQTYPE) The kind of request that was made (GET, POST...)
+
local STATUSCODE="$1" REASON="$2" REQTYPE="$3" HEADERS="$4"
- # This hook is called when an HTTP request fails (e.g., when the ACME server is busy, returns an error, etc).
- # It will be called upon any response code that does not start with '2'. Useful to alert admins about problems with requests.
- # Parameters:
- # STATUSCODE - The HTML status code that originated the error.
- # REASON - The specified reason for the error.
- # REQTYPE - The kind of request that was made (GET, POST...)
-
# Notify the sysadmin.
- notify "error" "HTTP $REQTYPE request failed for '$DOMAIN' with code '$STATUSCODE'" "Reason: $REASON" "Headers:" "$HEADERS"
+ notify "error" "HTTP '$REQTYPE' request failed for '$DOMAIN' with code '$STATUSCODE'" "Reason: $REASON" "Headers:" "$HEADERS"
return 0
}
+# Called before any certificate signing operation takes place.
+# It can be used to generate or fetch a certificate signing request with external tools.
+# The output should be just the cerificate signing request formatted as PEM.
generate_csr() {
+ # Parameters:
+ # $1 (DOMAIN) The primary domain as specified in domains.txt.
+ # This does not need to match with the domains in the CSR, it's basically just the directory name.
+ # $2 (CERTDIR) Certificate output directory for this particular certificate.
+ # Can be used for storing additional files.
+ # $3 (ALTNAMES) All domain names for the current certificate as specified in domains.txt.
+ # Again, this doesn't need to match with the CSR, it's just there for convenience.
+
local DOMAIN="$1" CERTDIR="$2" ALTNAMES="$3"
- # This hook is called before any certificate signing operation takes place.
- # It can be used to generate or fetch a certificate signing request with external tools.
- # The output should be just the cerificate signing request formatted as PEM.
- # Parameters:
- # DOMAIN - The primary domain as specified in domains.txt.
- # This does not need to match with the domains in the CSR, it's basically just the directory name.
- # CERTDIR - Certificate output directory for this particular certificate.
- # Can be used for storing additional files.
- # ALTNAMES - All domain names for the current certificate as specified in domains.txt.
- # Again, this doesn't need to match with the CSR, it's just there for convenience.
-
# Simple example: Look for pre-generated CSRs
- # if [ -e "$CERTDIR/pre-generated.csr" ]; then
- # cat "$CERTDIR/pre-generated.csr"
- # fi
+ # [[ -e "$CERTDIR/pre-generated.csr" ]] && cat "$CERTDIR/pre-generated.csr"
return 0
}
+# Called before the cron command to do some initial tasks (e.g. starting a webserver).
startup_hook() {
- # This hook is called before the cron command to do some initial tasks (e.g. starting a webserver).
-
local LOG_PREFIX="Dehydrated startup"
- # Read services configuration (with sanity check)
- services 1 || return 1
+ # The 'root' user is required.
+ (( $(id -u) != 0 )) && {
+ notify "error" "Must be running as 'root' -- aborting"
+ return 1
+ }
+
+ # Read services configuration (with sanity checks).
+ services "1"
# Make sure the certificates directory exists.
[[ -n "$CERTSDIR" ]] && {
umask 022
# shellcheck disable=SC2174
mkdir -p -m 0755 "$CERTSDIR" 2>/dev/null || {
- notify "error" "Failed to create certificate storage directory -- aborting"
+ notify "error" "Failed to create certificate storage directory '$CERTSDIR' -- aborting"
return 1
}
}
- # If an HTTP daemon rc script is available and the service is not already running, start it.
- [[ -n "$RCFILE_HTTPD" ]] && {
- pgrep -c ${PIDFILE_HTTPD:+-F "$PIDFILE_HTTPD"} "$DAEMON_HTTPD" >/dev/null 2>&1 || {
- "$RCFILE_HTTPD" start >/dev/null 2>&1
+ # If an HTTP daemon is not already running, start it.
+ [[ -n "${SERVICE_CTL['httpd']}" ]] && {
+ pgrep -c ${SERVICE_PIDFILE['httpd']:+-F "${SERVICE_PIDFILE['httpd']}"} "${SERVICE_DAEMON['httpd']}" >/dev/null 2>&1 || {
+ "${SERVICE_CTL['httpd']}" "start" >/dev/null 2>&1
sleep 5
- if pgrep -c ${PIDFILE_HTTPD:+-F "$PIDFILE_HTTPD"} "$DAEMON_HTTPD" >/dev/null 2>&1; then
+ if pgrep -c ${SERVICE_PIDFILE['httpd']:+-F "${SERVICE_PIDFILE['httpd']}"} "${SERVICE_DAEMON['httpd']}" >/dev/null 2>&1; then
# Set a marker (used in exit_hook()) to signal that the HTTP daemon should be stopped at the end of deployments.
- touch /run/dehydrated-http-daemon-stop-marker 2>/dev/null || notify "warning" "Failed to create HTTP daemon stop marker - HTTP daemon will be left running -- check server"
+ touch "/run/dehydrated-http-daemon-stop-marker" 2>/dev/null || notify "warning" "Failed to create HTTP daemon stop marker - HTTP daemon will be left running -- check server"
else
- notify "error" "Failure of '$RCFILE_HTTPD' to start HTTP daemon -- aborting"
+ notify "error" "Failed to start HTTP daemon for nonce validation -- aborting"
return 1
fi
}
- }
- # Add firewall rules to allow HTTP traffic so the nonce can be validated.
- { iptables -N dehydrated && ip6tables -N dehydrated && iptables -I INPUT 1 -j dehydrated && ip6tables -I INPUT 1 -j dehydrated && iptables -I dehydrated 1 -p tcp --syn --dport 80 -m conntrack --ctstate NEW -j ACCEPT && ip6tables -I dehydrated 1 -p tcp --syn --dport 80 -m conntrack --ctstate NEW -j ACCEPT; } >/dev/null 2>&1 || {
- notify "error" "Failed to insert firewall rules to allow nonce validation -- aborting"
- return 1
+ # Add firewall rules to allow HTTP traffic so the nonce can be validated.
+ { iptables -N dehydrated && ip6tables -N dehydrated && \
+ iptables -I INPUT 1 -j dehydrated && ip6tables -I INPUT 1 -j dehydrated && \
+ iptables -I dehydrated 1 -p tcp --dport 80 -j ACCEPT && ip6tables -I dehydrated 1 -p tcp --dport 80 -j ACCEPT; } >/dev/null 2>&1 || {
+ notify "warning" "Failed to insert firewall rules to allow nonce validation"
+ return 1
+ }
}
return 0
}
+# Called at the end of the cron command and can be used to do some final (cleanup or other) tasks.
exit_hook() {
- local ERROR="$1"
-
- # This hook is called at the end of the cron command and can be used to do some final (cleanup or other) tasks.
# Parameters:
- # ERROR - Contains error message if dehydrated exits with error.
+ # $1 (ERROR) Contains error message if dehydrated exits with error.
- local DAEMON ERR=0 LOG_PREFIX="Dehydrated shutdown" PIDFILE RCFILE TIMEOUT=30
+ local ERROR="$1"
+ local ERR=0 LOG_PREFIX="Dehydrated shutdown" SERVICE TIMEOUT=30
# Read services configuration (without sanity check - this was already done at startup)
- services 0 || return 1
+ services 0
- # Delete firewall rules that was added to allow HTTP traffic.
- iptables -C INPUT -j dehydrated >/dev/null 2>&1 && iptables -D INPUT -j dehydrated >/dev/null 2>&1
- ip6tables -C INPUT -j dehydrated >/dev/null 2>&1 && ip6tables -D INPUT -j dehydrated >/dev/null 2>&1
- iptables -F dehydrated >/dev/null 2>&1
- ip6tables -F dehydrated >/dev/null 2>&1
- iptables -X dehydrated >/dev/null 2>&1
- ip6tables -X dehydrated >/dev/null 2>&1
-
# If the reload marker was set, restart services.
- [[ -e /run/dehydrated-reload-marker ]] && {
- for RCFILE in "${!RCFILE_@}"; do
- DAEMON="DAEMON_${RCFILE#RCFILE_}"
- PIDFILE="PIDFILE_${RCFILE#RCFILE_}"
+ [[ -e "/run/dehydrated-reload-marker" ]] && {
+ local IFS=$'\n'
+ for SERVICE in $(printf "%s\\n" "${!SERVICE_CTL[@]}"); do
# If the HTTP daemon is going to be shut down, there's no need to restart it.
- [[ "$RCFILE" == "RCFILE_HTTPD" ]] && [[ -e /run/dehydrated-http-daemon-stop-marker ]] && continue
- # Restart the service.
- "${!RCFILE}" restart >/dev/null 2>&1 || notify "warning" "Failed to restart service '${!DAEMON}' -- check server"
+ [[ "$SERVICE" == "httpd" ]] && [[ -e "/run/dehydrated-http-daemon-stop-marker" ]] && continue
+
+ # Restart the services.
+ "${SERVICE_CTL[\"$SERVICE\"]}" "restart" >/dev/null 2>&1 || {
+ notify "error" "Controlled restart of service '$SERVICE' failed -- check server"
+ ERR=1
+ continue
+ }
sleep "$TIMEOUT"
- pgrep -c ${PIDFILE:+-F "${!PIDFILE}"} "${!DAEMON}" >/dev/null 2>&1 || {
- notify "warning" "Service '${!DAEMON}' exited unexpectedly - trying to start again"
- "${!RCFILE}" start >/dev/null 2>&1 || notify "warning" "Failed to start service '${!DAEMON}' -- check server"
- sleep "$TIMEOUT"
- pgrep -c ${PIDFILE:+-F "${!PIDFILE}"} "${!DAEMON}" >/dev/null 2>&1 || {
- notify "warning" "Service '${!DAEMON}' failed to restart correctly -- check server"
+ pgrep -c ${SERVICE_PIDFILE["$SERVICE"]:+-F "${SERVICE_PIDFILE[\"$SERVICE\"]}"} "${SERVICE_DAEMON[\"$SERVICE\"]}" >/dev/null 2>&1 || {
+ notify "warning" "Service '$SERVICE' exited unexpectedly - trying to start again"
+ "${SERVICE_CTL[\"$SERVICE\"]}" "start" >/dev/null 2>&1 || {
+ notify "error" "Controlled start of service '$SERVICE' failed -- check server"
ERR=1
+ continue
+ }
+ sleep "$TIMEOUT"
+ pgrep -c ${SERVICE_PIDFILE["$SERVICE"]:+-F "${SERVICE_PIDFILE[\"$SERVICE\"]}"} "${SERVICE_DAEMON[\"$SERVICE\"]}" >/dev/null 2>&1 || {
+ notify "error" "Multiple failures (re)starting service '$SERVICE' -- check server"
+ ERR=1
+ continue
}
}
done
}
# Remove the reload marker if all services restarted without issue. Keep the marker if any failed.
- ((ERR == 0)) && { rm -f /run/dehydrated-reload-marker 2>/dev/null || notify "warning" "Failed to remove services reload marker -- check server"; }
-
- # If an HTTP daemon was started by dehydrated, stop it now.
- ERR=0
- [[ -e /run/dehydrated-http-daemon-stop-marker ]] && {
- pgrep -c ${PIDFILE_HTTPD:+-F "$PIDFILE_HTTPD"} "$DAEMON_HTTPD" >/dev/null 2>&1 && {
- "$RCFILE_HTTPD" stop >/dev/null 2>&1 || notify "warning" "Failed to gracefully stop service '$DAEMON_HTTPD' -- check server"
- sleep "$TIMEOUT"
- pgrep -c ${PIDFILE_HTTPD:+-F "$PIDFILE_HTTPD"} "$DAEMON_HTTPD" >/dev/null 2>&1 && {
- pkill -TERM ${PIDFILE_HTTPD:+-F "$PIDFILE_HTTPD"} "$DAEMON_HTTPD" >/dev/null 2>&1 || notify "warning" "Failed to -SIGTERM service '$DAEMON_HTTPD' -- check server"
- sleep "$TIMEOUT"
- pgrep -c ${PIDFILE_HTTPD:+-F "$PIDFILE_HTTPD"} "$DAEMON_HTTPD" >/dev/null 2>&1 && {
- pkill -KILL ${PIDFILE_HTTPD:+-F "$PIDFILE_HTTPD"} "$DAEMON_HTTPD" >/dev/null 2>&1 || notify "warning" "Failed to -SIGKILL service '$DAEMON_HTTPD' -- check server"
- sleep 5
- }
- }
- pgrep -c ${PIDFILE_HTTPD:+-F "$PIDFILE_HTTPD"} "$DAEMON_HTTPD" >/dev/null 2>&1 && notify "warning" "Failed to stop HTTP daemon that dehydrated started" && ERR=1
- }
+ (( ERR == 0 )) && {
+ rm -f "/run/dehydrated-reload-marker" 2>/dev/null || notify "warning" "Failed to remove services reload marker -- check server"
}
- # If the HTTP daemon was stopped correctly, remove the stop marker.
- ((ERR == 0)) && { rm -f /run/dehydrated-http-daemon-stop-marker 2>/dev/null || notify "warning" "Failed to remove HTTP daemon stop marker -- check server"; }
+ # If an HTTP daemon is configured, process the shutdown of it.
+ [[ -n "${SERVICE_CTL['httpd']}" ]] && {
+ # Delete firewall rules that were added to allow HTTP traffic.
+ { iptables -C INPUT -j dehydrated && iptables -D INPUT -j dehydrated; } >/dev/null 2>&1
+ { ip6tables -C INPUT -j dehydrated && ip6tables -D INPUT -j dehydrated; } >/dev/null 2>&1
+ iptables -F dehydrated >/dev/null 2>&1
+ ip6tables -F dehydrated >/dev/null 2>&1
+ iptables -X dehydrated >/dev/null 2>&1
+ ip6tables -X dehydrated >/dev/null 2>&1
+
+ # If an HTTP daemon was started in startup_hook(), stop it now.
+ ERR=0
+ [[ -e "/run/dehydrated-http-daemon-stop-marker" ]] && {
+ pgrep -c ${SERVICE_PIDFILE['httpd']:+-F "${SERVICE_PIDFILE['httpd']}"} "${SERVICE_DAEMON['httpd']}" >/dev/null 2>&1 && {
+ "${SERVICE_CTL['httpd']}" "stop" >/dev/null 2>&1 || notify "error" "Controlled stop service of 'httpd' failed -- check server"
+ sleep "$TIMEOUT"
+ pgrep -c ${SERVICE_PIDFILE['httpd']:+-F "${SERVICE_PIDFILE['httpd']}"} "${SERVICE_DAEMON['httpd']}" >/dev/null 2>&1 && {
+ pkill -TERM ${SERVICE_PIDFILE['httpd']:+-F "${SERVICE_PIDFILE['httpd']}"} "${SERVICE_DAEMON['httpd']}" >/dev/null 2>&1 || notify "warning" "Failed to SIGTERM service 'httpd' -- check server"
+ sleep "$TIMEOUT"
+ pgrep -c ${SERVICE_PIDFILE['httpd']:+-F "${SERVICE_PIDFILE['httpd']}"} "${SERVICE_DAEMON['httpd']}" >/dev/null 2>&1 && {
+ pkill -KILL ${SERVICE_PIDFILE['httpd']:+-F "${SERVICE_PIDFILE['httpd']}"} "${SERVICE_DAEMON['httpd']}" >/dev/null 2>&1 || notify "warning" "Failed to SIGKILL service 'httpd' -- check server"
+ sleep 5
+ }
+ }
+ pgrep -c ${SERVICE_PIDFILE['httpd']:+-F "${SERVICE_PIDFILE['httpd']}"} "${SERVICE_DAEMON['httpd']}" >/dev/null 2>&1 && notify "error" "Failed to stop HTTP daemon that dehydrated started" && ERR=1
+ }
+ }
+
+ # If the HTTP daemon was stopped correctly, remove the stop marker.
+ (( ERR == 0 )) && {
+ rm -f "/run/dehydrated-http-daemon-stop-marker" 2>/dev/null || notify "warning" "Failed to remove HTTP daemon stop marker -- check server"
+ }
+ }
return 0
}
@@ -433,4 +513,4 @@ if declare -pF "$HANDLER" >/dev/null 2>&1; then
exit "$?"
else
exit 0
-fi
+fi
diff --git a/etc/php/.gitignore b/etc/php/.gitignore
new file mode 100644
index 0000000..6db887d
--- /dev/null
+++ b/etc/php/.gitignore
@@ -0,0 +1 @@
+/8.5/
diff --git a/etc/php/8.4/.gitignore b/etc/php/8.4/.gitignore
new file mode 100644
index 0000000..2b92d28
--- /dev/null
+++ b/etc/php/8.4/.gitignore
@@ -0,0 +1 @@
+/mods-available/
diff --git a/etc/php/8.4/apache2/.gitignore b/etc/php/8.4/apache2/.gitignore
new file mode 100644
index 0000000..0aac0d6
--- /dev/null
+++ b/etc/php/8.4/apache2/.gitignore
@@ -0,0 +1 @@
+/conf.d/
diff --git a/etc/php/8.4/apache2/php.ini b/etc/php/8.4/apache2/php.ini
new file mode 120000
index 0000000..9fc31db
--- /dev/null
+++ b/etc/php/8.4/apache2/php.ini
@@ -0,0 +1 @@
+../php.ini
\ No newline at end of file
diff --git a/etc/php/8.4/cli/.gitignore b/etc/php/8.4/cli/.gitignore
new file mode 100644
index 0000000..0aac0d6
--- /dev/null
+++ b/etc/php/8.4/cli/.gitignore
@@ -0,0 +1 @@
+/conf.d/
diff --git a/etc/php/8.4/cli/php.ini b/etc/php/8.4/cli/php.ini
new file mode 120000
index 0000000..9fc31db
--- /dev/null
+++ b/etc/php/8.4/cli/php.ini
@@ -0,0 +1 @@
+../php.ini
\ No newline at end of file
diff --git a/etc/php/8.4/fpm/.gitignore b/etc/php/8.4/fpm/.gitignore
new file mode 100644
index 0000000..0aac0d6
--- /dev/null
+++ b/etc/php/8.4/fpm/.gitignore
@@ -0,0 +1 @@
+/conf.d/
diff --git a/root/stuff-to-keep/php-fpm.conf b/etc/php/8.4/fpm/php-fpm.conf
similarity index 92%
rename from root/stuff-to-keep/php-fpm.conf
rename to etc/php/8.4/fpm/php-fpm.conf
index f0b273f..5a367ae 100644
--- a/root/stuff-to-keep/php-fpm.conf
+++ b/etc/php/8.4/fpm/php-fpm.conf
@@ -14,7 +14,9 @@
; Pid file
; Note: the default prefix is /var
; Default Value: none
-pid = run/php-fpm.pid
+; Warning: if you change the value here, you need to modify systemd
+; service PIDFile= setting to match the value here.
+pid = /run/php/php-fpm.pid
; Error log file
; If it's set to "syslog", log is sent to syslogd instead of being written
@@ -28,7 +30,7 @@ error_log = syslog
; will be handled differently.
; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON)
; Default Value: daemon
-syslog.facility = local2
+syslog.facility = local3
; syslog_ident is prepended to every message. If you have multiple FPM
; instances running on the same server, you can change the default value
@@ -39,7 +41,7 @@ syslog.ident = php-fpm
; Log level
; Possible Values: alert, error, warning, notice, debug
; Default Value: notice
-log_level = notice
+log_level = warning
; Log limit on number of characters in the single line (log entry). If the
; line is over the limit, it is wrapped on multiple lines. The limit is for
@@ -53,7 +55,7 @@ log_level = notice
; Log buffering specifies if the log line is buffered which means that the
; line is written in a single write operation. If the value is false, then the
; data is written directly into the file descriptor. It is an experimental
-; option that can potentionaly improve logging performance and memory usage
+; option that can potentially improve logging performance and memory usage
; for some heavy logging scenarios. This option is ignored if logging to syslog
; as it has to be always buffered.
; Default value: yes
@@ -63,7 +65,7 @@ log_level = notice
; interval set by emergency_restart_interval then FPM will restart. A value
; of '0' means 'Off'.
; Default Value: 0
-emergency_restart_threshold = 5
+;emergency_restart_threshold = 0
; Interval of time used by emergency_restart_interval to determine when
; a graceful restart will be initiated. This can be useful to work around
@@ -71,7 +73,7 @@ emergency_restart_threshold = 5
; Available Units: s(econds), m(inutes), h(ours), or d(ays)
; Default Unit: seconds
; Default Value: 0
-emergency_restart_interval = 10
+;emergency_restart_interval = 0
; Time limit for child processes to wait for a reaction on signals from master.
; Available units: s(econds), m(inutes), h(ours), or d(ays)
@@ -84,7 +86,7 @@ emergency_restart_interval = 10
; Use it with caution.
; Note: A value of 0 indicates no limit
; Default Value: 0
-process.max = 16
+; process.max = 128
; Specify the nice(2) priority to apply to the master process (only if set)
; The value can vary from -19 (highest priority) to 20 (lowest priority)
@@ -92,7 +94,7 @@ process.max = 16
; - The pool process will inherit the master process priority
; unless specified otherwise
; Default Value: no set
-process.priority = 0
+; process.priority = -19
; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging.
; Default Value: yes
@@ -112,7 +114,6 @@ process.priority = 0
; - poll (any POSIX os)
; - epoll (linux >= 2.5.44)
; - kqueue (FreeBSD >= 4.1, OpenBSD >= 2.9, NetBSD >= 2.0)
-; - /dev/poll (Solaris >= 7)
; - port (Solaris >= 10)
; Default Value: not set (auto detection)
;events.mechanism = epoll
@@ -140,4 +141,4 @@ process.priority = 0
; Relative path can also be used. They will be prefixed by:
; - the global prefix if it's been set (-p argument)
; - /usr otherwise
-include=/etc/php83/php-fpm.d/*.conf
+include=/etc/php/8.4/fpm/pool.d/*.conf
diff --git a/etc/php/8.4/fpm/php.ini b/etc/php/8.4/fpm/php.ini
new file mode 120000
index 0000000..9fc31db
--- /dev/null
+++ b/etc/php/8.4/fpm/php.ini
@@ -0,0 +1 @@
+../php.ini
\ No newline at end of file
diff --git a/root/stuff-to-keep/php-fpm.d/www.conf b/etc/php/8.4/fpm/pool.d/www.conf
similarity index 78%
rename from root/stuff-to-keep/php-fpm.d/www.conf
rename to etc/php/8.4/fpm/pool.d/www.conf
index dfc4cef..fd9e929 100644
--- a/root/stuff-to-keep/php-fpm.d/www.conf
+++ b/etc/php/8.4/fpm/pool.d/www.conf
@@ -17,11 +17,16 @@
; Default Value: none
;prefix = /path/to/pools/$pool
-; Unix user/group of processes
-; Note: The user is mandatory. If the group is not set, the default user's group
-; will be used.
-user = nobody
-group = nobody
+; Unix user/group of the child processes. This can be used only if the master
+; process running user is root. It is set after the child process is created.
+; The user and group can be specified either by their name or by their numeric
+; IDs.
+; Note: If the user is root, the executable needs to be started with
+; --allow-to-run-as-root option to work.
+; Default Values: The user is set to master process running user by default.
+; If the group is not set, the user's group is used.
+user = www-data
+group = www-data
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
@@ -33,21 +38,22 @@ group = nobody
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
-;listen = 127.0.0.1:9000
-listen = /run/php-fpm83/php-fpm.sock
+listen = /run/php/php-fpm.sock
; Set listen(2) backlog.
-; Default Value: 511 (-1 on FreeBSD and OpenBSD)
+; Default Value: 511 (-1 on Linux, FreeBSD and OpenBSD)
;listen.backlog = 511
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
-; BSD-derived systems allow connections regardless of permissions.
-; Default Values: user and group are set as the running user
-; mode is set to 0660
-listen.owner = nobody
-listen.group = apache
-listen.mode = 0660
+; BSD-derived systems allow connections regardless of permissions. The owner
+; and group can be specified either by name or by their numeric IDs.
+; Default Values: Owner is set to the master process running user. If the group
+; is not set, the owner's group is used. Mode is set to 0660.
+;listen.owner = www-data
+listen.group = www-data
+;listen.mode = 0660
+
; When POSIX Access Control Lists are supported you can set them using
; these options, value is a comma separated list of user/group names.
; When set, listen.owner and listen.group are ignored
@@ -60,7 +66,11 @@ listen.mode = 0660
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
-; listen.allowed_clients = 127.0.0.1
+;listen.allowed_clients = 127.0.0.1
+
+; Set the associated the route table (FIB). FreeBSD only
+; Default Value: -1
+;listen.setfib = 1
; Specify the nice(2) priority to apply to the pool processes (only if set)
; The value can vary from -19 (highest priority) to 20 (lower priority)
@@ -68,10 +78,11 @@ listen.mode = 0660
; - The pool processes will inherit the master process priority
; unless it specified otherwise
; Default Value: no set
-process.priority = 0
+; process.priority = -19
-; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user
-; or group is differrent than the master process user. It allows to create process
+; Set the process dumpable flag (PR_SET_DUMPABLE prctl for Linux or
+; PROC_TRACE_CTL procctl for FreeBSD) even if the process user
+; or group is different than the master process user. It allows to create process
; core dump and ptrace the process for the pool user.
; Default Value: no
; process.dumpable = yes
@@ -93,6 +104,8 @@ process.priority = 0
; state (waiting to process). If the number
; of 'idle' processes is greater than this
; number then some children will be killed.
+; pm.max_spawn_rate - the maximum number of rate to spawn child
+; processes at once.
; ondemand - no children are created at startup. Children will be forked when
; new requests will connect. The following parameter are used:
; pm.max_children - the maximum number of children that
@@ -111,11 +124,11 @@ pm = dynamic
; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
-pm.max_children = 8
+pm.max_children = 5
; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
-; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
+; Default Value: (min_spare_servers + max_spare_servers) / 2
pm.start_servers = 2
; The desired minimum number of idle server processes.
@@ -126,7 +139,13 @@ pm.min_spare_servers = 2
; The desired maximum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
-pm.max_spare_servers = 4
+pm.max_spare_servers = 3
+
+; The number of rate to spawn child processes at once.
+; Note: Used only when pm is set to 'dynamic'
+; Note: Mandatory when pm is set to 'dynamic'
+; Default Value: 32
+;pm.max_spawn_rate = 32
; The number of seconds after which an idle process will be killed.
; Note: Used only when pm is set to 'ondemand'
@@ -137,10 +156,10 @@ pm.max_spare_servers = 4
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
-pm.max_requests = 5000
+;pm.max_requests = 500
; The URI to view the FPM status page. If this value is not set, no URI will be
-; recognized as a status page. It shows the following informations:
+; recognized as a status page. It shows the following information:
; pool - the name of the pool;
; process manager - static, dynamic or ondemand;
; start time - the date and time FPM has started;
@@ -210,8 +229,8 @@ pm.max_requests = 5000
; it's always 0 if the process is not in Idle state
; because memory calculation is done when the request
; processing has terminated;
-; If the process is in Idle state, then informations are related to the
-; last request the process has served. Otherwise informations are related to
+; If the process is in Idle state, then information is related to the
+; last request the process has served. Otherwise information is related to
; the current request being served.
; Example output:
; ************************
@@ -230,7 +249,7 @@ pm.max_requests = 5000
; last request memory: 0
;
; Note: There is a real-time FPM status monitoring sample web page available
-; It's available in: /usr/share/fpm/status.html
+; It's available in: /usr/share/php/8.4/fpm/status.html
;
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
@@ -238,6 +257,22 @@ pm.max_requests = 5000
; Default Value: not set
;pm.status_path = /status
+; The address on which to accept FastCGI status request. This creates a new
+; invisible pool that can handle requests independently. This is useful
+; if the main pool is busy with long running requests because it is still possible
+; to get the status before finishing the long running requests.
+;
+; Valid syntaxes are:
+; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
+; a specific port;
+; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
+; a specific port;
+; 'port' - to listen on a TCP socket to all addresses
+; (IPv6 and IPv4-mapped) on a specific port;
+; '/path/to/unix/socket' - to listen on a unix socket.
+; Default Value: value of the listen option
+;pm.status_listen = 127.0.0.1:9001
+
; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
; that FPM is alive and responding, or to
@@ -270,13 +305,13 @@ pm.max_requests = 5000
; %d: time taken to serve the request
; it can accept the following format:
; - %{seconds}d (default)
-; - %{miliseconds}d
-; - %{mili}d
+; - %{milliseconds}d
+; - %{milli}d
; - %{microseconds}d
; - %{micro}d
; %e: an environment variable (same as $_ENV or $_SERVER)
; it must be associated with embraces to specify the name of the env
-; variable. Some exemples:
+; variable. Some examples:
; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
; %f: script filename
@@ -306,17 +341,33 @@ pm.max_requests = 5000
; %t: server time the request was received
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
-; The strftime(3) format must be encapsuled in a %{}t tag
+; The strftime(3) format must be encapsulated in a %{}t tag
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
; %T: time the log has been written (the request has finished)
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
-; The strftime(3) format must be encapsuled in a %{}t tag
+; The strftime(3) format must be encapsulated in a %{}t tag
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
-; %u: remote user
+; %u: basic auth user if specified in Authorization header
;
; Default: "%R - %u %t \"%m %r\" %s"
-;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
+;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{milli}d %{kilo}M %C%%"
+
+; A list of request_uri values which should be filtered from the access log.
+;
+; As a security precaution, this setting will be ignored if:
+; - the request method is not GET or HEAD; or
+; - there is a request body; or
+; - there are query parameters; or
+; - the response code is outwith the successful range of 200 to 299
+;
+; Note: The paths are matched against the output of the access.format tag "%r".
+; On common configurations, this may look more like SCRIPT_NAME than the
+; expected pre-rewrite URI.
+;
+; Default Value: not set
+;access.suppress_path[] = /ping
+;access.suppress_path[] = /health_check.php
; The log file for slow requests
; Default Value: not set
@@ -338,7 +389,15 @@ pm.max_requests = 5000
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
-request_terminate_timeout = 60
+;request_terminate_timeout = 0
+
+; The timeout set by 'request_terminate_timeout' ini option is not engaged after
+; application calls 'fastcgi_finish_request' or when application has finished and
+; shutdown functions are being called (registered via register_shutdown_function).
+; This option will enable timeout limit to be applied unconditionally
+; even in such cases.
+; Default Value: no
+;request_terminate_timeout_track_finished = no
; Set open file descriptor rlimit.
; Default Value: system defined value
@@ -367,11 +426,18 @@ request_terminate_timeout = 60
; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
-; Note: on highloaded environement, this can cause some delay in the page
+; Note: on highloaded environment, this can cause some delay in the page
; process time (several ms).
; Default Value: no
;catch_workers_output = yes
+; Decorate worker output with prefix and suffix containing information about
+; the child that writes to the log and if stdout or stderr is used as well as
+; log level and time. This options is used only if catch_workers_output is yes.
+; Settings to "no" will output data as written to the stdout or stderr.
+; Default value: yes
+;decorate_workers_output = no
+
; Clear environment in FPM workers
; Prevents arbitrary environment variables from reaching FPM worker processes
; by clearing the environment in workers before env vars specified in this
@@ -387,7 +453,7 @@ request_terminate_timeout = 60
; execute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
-security.limit_extensions = .php .phar .phtml
+;security.limit_extensions = .php .php3 .php4 .php5 .php7
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
diff --git a/root/stuff-to-keep/php.ini b/etc/php/8.4/php.ini
similarity index 75%
rename from root/stuff-to-keep/php.ini
rename to etc/php/8.4/php.ini
index b81394b..9245785 100644
--- a/root/stuff-to-keep/php.ini
+++ b/etc/php/8.4/php.ini
@@ -218,7 +218,7 @@ zend.exception_ignore_args = On
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
; http://php.net/expose-php
-expose_php = Off
+expose_php = On
;;;;;;;;;;;;;;;;;;;
; Resource Limits ;
@@ -247,7 +247,7 @@ max_input_time = 30
; Maximum amount of memory a script may consume
; http://php.net/memory-limit
-memory_limit = 1073741824
+memory_limit = 64M
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Error handling and logging ;
@@ -302,7 +302,7 @@ memory_limit = 1073741824
; Development Value: E_ALL
; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
; http://php.net/error-reporting
-error_reporting = ~E_DEPRECATED | ~E_USER_DEPRECATED | E_ERROR | E_RECOVERABLE_ERROR | E_CORE_ERROR | E_COMPILE_ERROR | E_USER_ERROR
+error_reporting = E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT
; This directive controls whether or not and where PHP will output errors,
; notices and warnings too. Error output is very useful during development, but
@@ -319,7 +319,7 @@ error_reporting = ~E_DEPRECATED | ~E_USER_DEPRECATED | E_ERROR | E_RECOVERABLE_E
; Development Value: On
; Production Value: Off
; http://php.net/display-errors
-display_errors = On
+display_errors = Off
; The display of errors which occur during PHP's startup sequence are handled
; separately from display_errors. PHP's default behavior is to suppress those
@@ -330,7 +330,7 @@ display_errors = On
; Development Value: On
; Production Value: Off
; http://php.net/display-startup-errors
-display_startup_errors = On
+display_startup_errors = Off
; Besides displaying errors, PHP can also log errors to locations such as a
; server-specific log, STDERR, or a location specified by the error_log
@@ -668,7 +668,7 @@ file_uploads = On
; Temporary directory for HTTP uploaded files (will use system default if not
; specified).
; http://php.net/upload-tmp-dir
-upload_tmp_dir = /var/lib/php/uploads
+upload_tmp_dir = /var/tmp/php-uploads
; Maximum allowed size for uploaded files.
; http://php.net/upload-max-filesize
@@ -754,28 +754,6 @@ zend.assertions = -1
; Whether the CLI web server uses ANSI color coding in its terminal output.
cli_server.color = On
-[Date]
-; Defines the default timezone used by the date functions
-; http://php.net/date.timezone
-date.timezone = UTC
-
-; http://php.net/date.default-latitude
-;date.default_latitude = 31.7667
-
-; http://php.net/date.default-longitude
-;date.default_longitude = 35.2333
-
-; http://php.net/date.sunrise-zenith
-;date.sunrise_zenith = 90.583333
-
-; http://php.net/date.sunset-zenith
-;date.sunset_zenith = 90.583333
-
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-; Built-In Module Settings ;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-
[COM]
; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs
; http://php.net/com.typelib-file
@@ -801,13 +779,6 @@ date.timezone = UTC
; Default: system ANSI code page
;com.code_page=
-[filter]
-; http://php.net/filter.default
-;filter.default = unsafe_raw
-
-; http://php.net/filter.default-flags
-;filter.default_flags =
-
[mail function]
; You may supply arguments as well (default: "sendmail -t -i").
; http://php.net/sendmail-path
@@ -827,6 +798,53 @@ mail.add_x_header = Off
; Log mail to syslog (Event Log on Windows).
;mail.log = syslog
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Built-In Module Settings ;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+[Date]
+; Defines the default timezone used by the date functions
+; http://php.net/date.timezone
+date.timezone = UTC
+
+; http://php.net/date.default-latitude
+;date.default_latitude = 31.7667
+
+; http://php.net/date.default-longitude
+;date.default_longitude = 35.2333
+
+; http://php.net/date.sunrise-zenith
+;date.sunrise_zenith = 90.583333
+
+; http://php.net/date.sunset-zenith
+;date.sunset_zenith = 90.583333
+
+[filter]
+; http://php.net/filter.default
+;filter.default = unsafe_raw
+
+; http://php.net/filter.default-flags
+;filter.default_flags =
+
+[openssl]
+; The location of a Certificate Authority (CA) file on the local filesystem
+; to use when verifying the identity of SSL/TLS peers. Most users should
+; not specify a value for this directive as PHP will attempt to use the
+; OS-managed cert stores in its absence. If specified, this value may still
+; be overridden on a per-stream basis via the "cafile" SSL stream context
+; option.
+;openssl.cafile=
+
+; If openssl.cafile is not specified or if the CA file is not found, the
+; directory pointed to by openssl.capath is searched for a suitable
+; certificate. This value must be a correctly hashed certificate directory.
+; Most users should not specify a value for this directive as PHP will
+; attempt to use the OS-managed cert stores in its absence. If specified,
+; this value may still be overridden on a per-stream basis via the "capath"
+; SSL stream context option.
+;openssl.capath=
+
[Pcre]
; PCRE library backtracking limit.
; http://php.net/pcre.backtrack-limit
@@ -842,3 +860,249 @@ mail.add_x_header = Off
; Enables or disables JIT compilation of patterns. This requires the PCRE
; library to be compiled with JIT support.
;pcre.jit=1
+
+[Session]
+; Handler used to store/retrieve data.
+; http://php.net/session.save-handler
+session.save_handler = files
+
+; Argument passed to save_handler. In the case of files, this is the path
+; where data files are stored. Note: Windows users have to change this
+; variable in order to use PHP's session functions.
+;
+; The path can be defined as:
+;
+; session.save_path = "N;/path"
+;
+; where N is an integer. Instead of storing all the session files in
+; /path, what this will do is use subdirectories N-levels deep, and
+; store the session data in those directories. This is useful if
+; your OS has problems with many files in one directory, and is
+; a more efficient layout for servers that handle many sessions.
+;
+; NOTE 1: PHP will not create this directory structure automatically.
+; You can use the script in the ext/session dir for that purpose.
+; NOTE 2: See the section on garbage collection below if you choose to
+; use subdirectories for session storage
+;
+; The file storage module creates files using mode 600 by default.
+; You can change that by using
+;
+; session.save_path = "N;MODE;/path"
+;
+; where MODE is the octal representation of the mode. Note that this
+; does not overwrite the process's umask.
+; http://php.net/session.save-path
+session.save_path = "/var/lib/php/sessions"
+
+; Whether to use strict session mode.
+; Strict session mode does not accept an uninitialized session ID, and
+; regenerates the session ID if the browser sends an uninitialized session ID.
+; Strict mode protects applications from session fixation via a session adoption
+; vulnerability. It is disabled by default for maximum compatibility, but
+; enabling it is encouraged.
+; https://wiki.php.net/rfc/strict_sessions
+session.use_strict_mode = 1
+
+; Whether to use cookies.
+; http://php.net/session.use-cookies
+session.use_cookies = 1
+
+; http://php.net/session.cookie-secure
+;session.cookie_secure =
+
+; This option forces PHP to fetch and use a cookie for storing and maintaining
+; the session id. We encourage this operation as it's very helpful in combating
+; session hijacking when not specifying and managing your own session id. It is
+; not the be-all and end-all of session hijacking defense, but it's a good start.
+; http://php.net/session.use-only-cookies
+session.use_only_cookies = 1
+
+; Name of the session (used as cookie name).
+; http://php.net/session.name
+session.name = PHPSESSID
+
+; Initialize session on request startup.
+; http://php.net/session.auto-start
+session.auto_start = 0
+
+; Lifetime in seconds of cookie or, if 0, until browser is restarted.
+; http://php.net/session.cookie-lifetime
+session.cookie_lifetime = 0
+
+; The path for which the cookie is valid.
+; http://php.net/session.cookie-path
+session.cookie_path = /
+
+; The domain for which the cookie is valid.
+; http://php.net/session.cookie-domain
+session.cookie_domain =
+
+; Whether or not to add the httpOnly flag to the cookie, which makes it
+; inaccessible to browser scripting languages such as JavaScript.
+; http://php.net/session.cookie-httponly
+session.cookie_httponly =
+
+; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF)
+; Current valid values are "Strict", "Lax" or "None". When using "None",
+; make sure to include the quotes, as `none` is interpreted like `false` in ini files.
+; https://tools.ietf.org/html/draft-west-first-party-cookies-07
+session.cookie_samesite = "Lax"
+
+; Handler used to serialize data. php is the standard serializer of PHP.
+; http://php.net/session.serialize-handler
+session.serialize_handler = php
+
+; Defines the probability that the 'garbage collection' process is started on every
+; session initialization. The probability is calculated by using gc_probability/gc_divisor,
+; e.g. 1/100 means there is a 1% chance that the GC process starts on each request.
+; Default Value: 1
+; Development Value: 1
+; Production Value: 1
+; http://php.net/session.gc-probability
+session.gc_probability = 1
+
+; Defines the probability that the 'garbage collection' process is started on every
+; session initialization. The probability is calculated by using gc_probability/gc_divisor,
+; e.g. 1/100 means there is a 1% chance that the GC process starts on each request.
+; For high volume production servers, using a value of 1000 is a more efficient approach.
+; Default Value: 100
+; Development Value: 1000
+; Production Value: 1000
+; http://php.net/session.gc-divisor
+session.gc_divisor = 1000
+
+; After this number of seconds, stored data will be seen as 'garbage' and
+; cleaned up by the garbage collection process.
+; http://php.net/session.gc-maxlifetime
+session.gc_maxlifetime = 86400
+
+; NOTE: If you are using the subdirectory option for storing session files
+; (see session.save_path above), then garbage collection does *not*
+; happen automatically. You will need to do your own garbage
+; collection through a shell script, cron entry, or some other method.
+; For example, the following script is the equivalent of setting
+; session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
+; find /path/to/sessions -cmin +24 -type f | xargs rm
+
+; Check HTTP Referer to invalidate externally stored URLs containing ids.
+; HTTP_REFERER has to contain this substring for the session to be
+; considered as valid.
+; http://php.net/session.referer-check
+session.referer_check =
+
+; Set to {nocache,private,public,} to determine HTTP caching aspects
+; or leave this empty to avoid sending anti-caching headers.
+; http://php.net/session.cache-limiter
+session.cache_limiter = nocache
+
+; Document expires after n minutes.
+; http://php.net/session.cache-expire
+session.cache_expire = 180
+
+; trans sid support is disabled by default.
+; Use of trans sid may risk your users' security.
+; Use this option with caution.
+; - User may send URL contains active session ID
+; to other person via. email/irc/etc.
+; - URL that contains active session ID may be stored
+; in publicly accessible computer.
+; - User may access your site with the same session ID
+; always using URL stored in browser's history or bookmarks.
+; http://php.net/session.use-trans-sid
+session.use_trans_sid = 0
+
+; Set session ID character length. This value could be between 22 to 256.
+; Shorter length than default is supported only for compatibility reason.
+; Users should use 32 or more chars.
+; http://php.net/session.sid-length
+; Default Value: 32
+; Development Value: 26
+; Production Value: 26
+session.sid_length = 32
+
+; The URL rewriter will look for URLs in a defined set of HTML tags.
+;