Releases: overdigo/fwp
Releases · overdigo/fwp
Release list
v0.5.0 - Auto XDP & Resource Limits
What's new in v0.5.0
- Auto XDP (Experimental): Optional high-performance eBPF firewall for DDoS protection and automatic port whitelisting. Installed via
install.sh --autoxdpor through the interactive setup prompt. - Systemd Resource Limits: Added
fwp stack limitscommand to enforce memory prioritization (MemorySwapMax=0) and CPU accounting using cgroups for FrankenPHP, MariaDB, and Redis. - Improved Installation Workflow: Critical fixes for
worker.phptiming and race conditions during site creation, ensuring 100% reliable domain onboarding.
v0.4.0 - Environment Standardization & Security Hardening
🚀 What's New in v0.4.0
🛠️ Developer & Admin Experience
- Advanced CLI Environment: Integrated
bash-completionandnanorc(150+ languages syntax highlighting) for root. - Productivity Aliases: New global shortcuts in
/etc/profile.d/fwp_aliases.sh:fprl/fpre: FrankenPHP reload/restart.ltr/lk: Order by time or size.ip4/ip6: Public IP lookup.
🛡️ Security & Stability
- Hardened Shell: Bash completion is now strictly restricted to the root user's
~/.bashrc. - Permission Fixes: Per-site Caddyfiles now use
644permissions, allowing thewww-datauser to load them correctly. - Webroot Ownership: Enforced
www-data:www-dataownership for/var/www/to prevent service crashes. - Orphan Cleanup: Automated removal of orphaned site configurations that lack a physical directory.
⚡ Performance & Cache
- Cache Selection: Added
--cache=wpsc|wpce|noneflags tofwp site create. - System Tuning: Improved MariaDB and Redis optimization for container environments.
v0.3.0 - Security Hardening & HSTS Preload
Security & Infrastructure Improvements
- HSTS Preload Compliance: Granular 3-step redirect chain (HTTP -> HTTPS Host -> HTTPS Canonical).
- Hardened HSTS: Increased max-age to 2 years (63072000s) with
includeSubDomainsandpreload. - Anonymity: Stripped
Serverheader from all responses including redirects. - Security Audit Tool: New standalone script
tests/security_audit.shto verify TLS, SNI, and HSTS. - TLS Optimization: Forced modern cipher suites and mandatory SNI support.
Performance
- Worker Mode scaling: Default 32 threads for ZTS processing.
- Enhanced Caddyfile: Optimized static asset handling and image negotiation (WebP/AVIF).
Project
- Random DB prefixing for better security.
- Comprehensive technical documentation (
hsts.md,tls.md).