apache/mysql fixes & updates

OnGle · OnGle · commit cc3881ac333d · 2026-03-12T05:13:32.000Z
diff --git a/conf/apache-ssl b/conf/apache-ssl
@@ -10,14 +10,15 @@ if [[ -f "$CONF" ]]; then
     ssl_protocol="# Hardened TKL default\nSSLProtocol -all +TLSv1.2 +TLSv1.3"
     sed -Ei "\|^SSLProtocol| s|^(.*)|#\1\n$ssl_protocol|" "$CONF"
 
-    cipher_suites=$(cat <<EOF
+    cipher_suites=$(cat <<'EOF' | sed ':a;N;s/\n/\\n/g;ta'
 # Explict Cipher suites recommended by Mozilla
 # https://ssl-config.mozilla.org/#server=apache&version=2.4.65&config=intermediate&openssl=3.5.1&guideline=5.7
 # (updated by TurnKey "common/conf/turnkey.d/zz-ssl-ciphers" script)
 SSLCipherSuite ZZ_SSL_CIPHERS
 EOF
     )
     sed -Ei "\|^SSLCipherSuite| s|^(.*)|#\1\n$cipher_suites|" "$CONF"
+    sed -i "s/ZZ_SSL_CIPHERS/$(cat /tmp/ZZ_SSL_CIPHERS)/g" "$CONF"
     
     cat >> "$CONF" <<EOF
 
diff --git a/conf/mysql b/conf/mysql
@@ -1,24 +1,16 @@
 #!/bin/bash -e
 
-# download mysqltuner
-dl() {
-    if [[ "$FAB_HTTP_PROXY" ]]; then
-       PROXY=(--proxy "$FAB_HTTP_PROXY")
-    fi
-    cd "$2"
-    curl -L -f -O "${PROXY[@]}" "$1"
-    cd -
-}
+. /usr/local/src/tkl-bashlib/init.sh
 
 # Install mysqltuner at "latest" tag (via gh_releases) and from core dev's
 # repo[1] - rather than separate "org" repo[2]
 #
 # [1] https://github.com/jmrenouard/MySQLTuner-perl
 # [2] https://github.com/major/MySQLTuner-perl
 BIN=/usr/local/bin
-VERSION=$(gh_releases jmrenouard/MySQLTuner-perl | sort -V | tail -1)
+VERSION=master
 REPO="jmrenouard/MySQLTuner-perl"
-URL="https://raw.githubusercontent.com/$REPO/refs/tags/$VERSION"
+URL="https://raw.githubusercontent.com/$REPO/refs/heads/$VERSION"
 dl "$URL/mysqltuner.pl" $BIN
 mv "$BIN/mysqltuner.pl" $BIN/mysqltuner
 chmod +x "$BIN/mysqltuner"
diff --git a/conf/turnkey.d/zz-ssl-ciphers b/conf/turnkey.d/zz-ssl-ciphers
@@ -30,14 +30,6 @@ if [[ -f "$CONF" ]]; then
     sed -i "/tls_medium_cipherlist/ s|ZZ_SSL_CIPHERS|$SECURE_CIPHER_LIST|" $CONF
 fi
 
-# Apache2
-CONF="/etc/apache2/mods-available/ssl.conf"
-if [[ -f "$CONF" ]]; then
-    sed -i "s|^\(\s*SSLCipherSuite\s\+\).*$|\1${SECURE_CIPHER_LIST}|g" $CONF
-    a2enmod ssl
-    a2enconf security
-fi
-
 # Nginx
 CONF="/etc/nginx/snippets/ssl.conf"
 if [[ -f "$CONF" ]]; then
@@ -69,3 +61,5 @@ if [ -d "$PUREFTPDDIR" ]; then
     echo 1 > ${PUREFTPDDIR}/TLS
     echo HIGH:\!TLSv1:\!TLSv1.1:\!SSLv2:\!SSLv3:${SECURE_CIPHER_LIST} > ${PUREFTPDDIR}/TLSCipherSuite
 fi
+
+echo "$SECURE_CIPHER_LIST" > /tmp/ZZ_SSL_CIPHERS
diff --git a/mk/turnkey/apache.mk b/mk/turnkey/apache.mk
@@ -1,2 +1,2 @@
 COMMON_OVERLAYS += apache
-COMMON_CONF += apache-vhost apache-headers apache-security
+COMMON_CONF += apache-vhost apache-headers apache-security apache-ssl

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,2 @@`
`1`	`1`	`COMMON_OVERLAYS += apache`
`2`		`-COMMON_CONF += apache-vhost apache-headers apache-security`
	`2`	`+COMMON_CONF += apache-vhost apache-headers apache-security apache-ssl`