diff --git a/etc/hosts b/etc/hosts
index 63c10dd1..b79202d3 100644
--- a/etc/hosts
+++ b/etc/hosts
@@ -12,12 +12,9 @@
 # Block procrastination websites
 ##
 
-# Main time sinks
 127.0.0.1 reddit.com
 127.0.0.1 www.reddit.com
 127.0.0.1 imgur.com
 127.0.0.1 www.imgur.com
 127.0.0.1 twitter.com
 127.0.0.1 www.twitter.com
-# 127.0.0.1 youtube.com
-# 127.0.0.1 www.youtube.com
diff --git a/etc/httpd/extra/httpd-autoindex.conf b/etc/httpd/extra/httpd-autoindex.conf
index 972867dc..8ec60f8c 100644
--- a/etc/httpd/extra/httpd-autoindex.conf
+++ b/etc/httpd/extra/httpd-autoindex.conf
@@ -18,9 +18,9 @@ IndexOptions FancyIndexing HTMLTable VersionSort
 # We include the /icons/ alias for FancyIndexed directory listings.  If
 # you do not use FancyIndexing, you may comment this out.
 #
-Alias /icons/ "/usr/local/opt/httpd/share/httpd/icons/"
+Alias /icons/ "/opt/homebrew/opt/httpd/share/httpd/icons/"
 
-<Directory "/usr/local/opt/httpd/share/httpd/icons">
+<Directory "/opt/homebrew/opt/httpd/share/httpd/icons">
     Options Indexes MultiViews
     AllowOverride None
     Require all granted
diff --git a/etc/httpd/extra/httpd-dav.conf b/etc/httpd/extra/httpd-dav.conf
index a4caae89..356bf196 100644
--- a/etc/httpd/extra/httpd-dav.conf
+++ b/etc/httpd/extra/httpd-dav.conf
@@ -12,18 +12,18 @@
 # on the directory where the DavLockDB is placed and on any directory where
 # "Dav On" is specified.
 
-DavLockDB "/usr/local/opt/httpd/var/DavLock"
+DavLockDB "/opt/homebrew/opt/httpd/var/DavLock"
 
-Alias /uploads "/usr/local/opt/httpd/uploads"
+Alias /uploads "/opt/homebrew/opt/httpd/uploads"
 
-<Directory "/usr/local/opt/httpd/uploads">
+<Directory "/opt/homebrew/opt/httpd/uploads">
     Dav On
 
     AuthType Digest
     AuthName DAV-upload
     # You can use the htdigest program to create the password database:
-    #   htdigest -c "/usr/local/opt/httpd/user.passwd" DAV-upload admin
-    AuthUserFile "/usr/local/opt/httpd/user.passwd"
+    #   htdigest -c "/opt/homebrew/opt/httpd/user.passwd" DAV-upload admin
+    AuthUserFile "/opt/homebrew/opt/httpd/user.passwd"
     AuthDigestProvider file
 
     # Allow universal read-access, but writes are restricted
diff --git a/etc/httpd/extra/httpd-default.conf b/etc/httpd/extra/httpd-default.conf
index e01a9ff1..f1e7bc82 100644
--- a/etc/httpd/extra/httpd-default.conf
+++ b/etc/httpd/extra/httpd-default.conf
@@ -7,7 +7,7 @@
 #
 # Timeout: The number of seconds before receives and sends time out.
 #
-Timeout 3600
+Timeout 300
 
 #
 # KeepAlive: Whether or not to allow persistent connections (more than
diff --git a/etc/httpd/extra/httpd-h5bp-server-configs.conf b/etc/httpd/extra/httpd-h5bp-server-configs.conf
index a0b88af6..572f6de2 100644
--- a/etc/httpd/extra/httpd-h5bp-server-configs.conf
+++ b/etc/httpd/extra/httpd-h5bp-server-configs.conf
@@ -1,4 +1,4 @@
-# Apache Server Configs v4.1.0 | MIT License
+# Apache Server Configs v5.0.0 | MIT License
 # https://github.com/h5bp/server-configs-apache
 
 # (!) Using `.htaccess` files slows down Apache, therefore, if you have
@@ -27,9 +27,15 @@
 #     allowing access based on (sub)domain:
 #
 #         Header set Access-Control-Allow-Origin "subdomain.example.com"
+#
+# (1) When `Access-Control-Allow-Origin` points to a specific rule rather
+#     than `*`, then `Vary: Origin` should be sent along with the response.
 
 # <IfModule mod_headers.c>
 #     Header set Access-Control-Allow-Origin "*"
+
+#     # (1)
+#     # Header append Vary Origin
 # </IfModule>
 
 # ----------------------------------------------------------------------
@@ -43,7 +49,7 @@
 
 <IfModule mod_setenvif.c>
     <IfModule mod_headers.c>
-        <FilesMatch "\.(avifs?|bmp|cur|gif|ico|jpe?g|a?png|svgz?|webp)$">
+        <FilesMatch "\.(avifs?|bmp|cur|gif|ico|jpe?g|jxl|a?png|svgz?|webp)$">
             SetEnvIf Origin ":" IS_CORS
             Header set Access-Control-Allow-Origin "*" env=IS_CORS
         </FilesMatch>
@@ -109,32 +115,6 @@
 
 Options -MultiViews
 
-# ######################################################################
-# # INTERNET EXPLORER                                                  #
-# ######################################################################
-
-# ----------------------------------------------------------------------
-# | Document modes                                                     |
-# ----------------------------------------------------------------------
-
-# Force Internet Explorer 8/9/10 to render pages in the highest mode
-# available in various cases when it may not.
-#
-# https://hsivonen.fi/doctype/#ie8
-#
-# (!) Starting with Internet Explorer 11, document modes are deprecated.
-#     If your business still relies on older web apps and services that were
-#     designed for older versions of Internet Explorer, you might want to
-#     consider enabling `Enterprise Mode` throughout your company.
-#
-# https://msdn.microsoft.com/en-us/library/ie/bg182625.aspx#docmode
-# https://blogs.msdn.microsoft.com/ie/2014/04/02/stay-up-to-date-with-enterprise-mode-for-internet-explorer-11/
-# https://msdn.microsoft.com/en-us/library/ff955275.aspx
-
-<IfModule mod_headers.c>
-    Header always set X-UA-Compatible "IE=edge" "expr=%{CONTENT_TYPE} =~ m#text/html#i"
-</IfModule>
-
 # ######################################################################
 # # MEDIA TYPES AND CHARACTER ENCODINGS                                #
 # ######################################################################
@@ -183,6 +163,7 @@ Options -MultiViews
     AddType image/avif                                  avif
     AddType image/avif-sequence                         avifs
     AddType image/bmp                                   bmp
+    AddType image/jxl                                   jxl
     AddType image/svg+xml                               svg svgz
     AddType image/webp                                  webp
     AddType video/mp4                                   f4v f4p m4v mp4
@@ -453,8 +434,7 @@ AddDefaultCharset utf-8
 #
 # Keep in mind that while you could send the `X-Frame-Options` header for all
 # of your website's pages, this has the potential downside that it forbids even
-# non-malicious framing of your content (e.g.: when users visit your website
-# using a Google Image Search results page).
+# non-malicious framing of your content.
 #
 # Nonetheless, you should ensure that you send the `X-Frame-Options` header for
 # all pages that allow a user to make a state-changing operation (e.g: pages
@@ -465,10 +445,13 @@ AddDefaultCharset utf-8
 # more than just clickjacking attacks.
 # https://cure53.de/xfo-clickjacking.pdf.
 #
-# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+# (!) The `Content-Security-Policy` header has a `frame-ancestors` directive
+#     which obsoletes this header for supporting browsers.
+#
 # https://tools.ietf.org/html/rfc7034
-# https://blogs.msdn.microsoft.com/ieinternals/2010/03/30/combating-clickjacking-with-x-frame-options/
-# https://www.owasp.org/index.php/Clickjacking
+# https://owasp.org/www-project-secure-headers/#x-frame-options
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+# https://docs.microsoft.com/archive/blogs/ieinternals/combating-clickjacking-with-x-frame-options
 
 # <IfModule mod_headers.c>
 #     Header always set X-Frame-Options "DENY" "expr=%{CONTENT_TYPE} =~ m#text/html#i"
@@ -517,10 +500,17 @@ AddDefaultCharset utf-8
 #      The `frame-ancestors` directive helps avoid "Clickjacking" attacks and
 #      is similar to the `X-Frame-Options` header.
 #
-#      Browsers that support the CSP header will ignore `X-Frame-Options` if
+#      Browsers that support the CSP header should ignore `X-Frame-Options` if
 #      `frame-ancestors` is also specified.
 #
-#  (5) Forces the browser to treat all the resources that are served over HTTP
+#  (5) Elements controlled by `object-src` are perhaps coincidentally
+#      considered legacy HTML elements and are not receiving new standardized
+#      features (such as the security attributes `sandbox` or `allow` for
+#      `<iframe>`).
+#      Therefore it is recommended to restrict this fetch-directive (e.g.,
+#      explicitly set `object-src 'none'` if possible).
+#
+#  (6) Forces the browser to treat all the resources that are served over HTTP
 #      as if they were loaded securely over HTTPS by setting the
 #      `upgrade-insecure-requests` directive.
 #
@@ -529,7 +519,7 @@ AddDefaultCharset utf-8
 #      loaded over HTTPS you must include the `Strict-Transport-Security`
 #      header.
 #
-#  (6) The `Content-Security-Policy` header is included in all responses
+#  (7) The `Content-Security-Policy` header is included in all responses
 #      that are able to execute scripting. This includes the commonly used
 #      file types: HTML, XML and PDF documents. Although Javascript files
 #      can not execute script in a "browsing context", they are still included
@@ -544,14 +534,15 @@ AddDefaultCharset utf-8
 # such as:
 # https://csp-evaluator.withgoogle.com
 #
-# https://csp.withgoogle.com/docs/
-# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
-# https://www.html5rocks.com/en/tutorials/security/content-security-policy/
 # https://www.w3.org/TR/CSP/
+# https://owasp.org/www-project-secure-headers/#content-security-policy
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
+# https://developers.google.com/web/fundamentals/security/csp
+# https://content-security-policy.com/
 
 # <IfModule mod_headers.c>
-#     #                                   (1)                 (2)              (3)                 (4)                     (5)                         (6)
-#     Header always set Content-Security-Policy "default-src 'self'; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests" "expr=%{CONTENT_TYPE} =~ m#text\/(html|javascript)|application\/pdf|xml#i"
+#     #                                          (1)                 (2)              (3)                 (4)                     (5)                (6)                                                 (7)
+#     Header always set Content-Security-Policy "default-src 'self'; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; object-src 'none'; upgrade-insecure-requests" "expr=%{CONTENT_TYPE} =~ m#text\/(html|javascript)|application\/pdf|xml#i"
 # </IfModule>
 
 # ----------------------------------------------------------------------
@@ -644,9 +635,9 @@ AddDefaultCharset utf-8
 #     https://hstspreload.org/#deployment-recommendations
 #
 # https://tools.ietf.org/html/rfc6797#section-6.1
+# https://owasp.org/www-project-secure-headers/#http-strict-transport-security
 # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
 # https://www.html5rocks.com/en/tutorials/security/transport-layer-security/
-# https://blogs.msdn.microsoft.com/ieinternals/2014/08/18/strict-transport-security/
 # https://hstspreload.org/
 
 # <IfModule mod_headers.c>
@@ -666,6 +657,7 @@ AddDefaultCharset utf-8
 # user-uploaded content or content that could potentially be treated as
 # executable by the browser.
 #
+# https://owasp.org/www-project-secure-headers/#x-content-type-options
 # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
 # https://blogs.msdn.microsoft.com/ie/2008/07/02/ie8-security-part-v-comprehensive-protection/
 # https://mimesniff.spec.whatwg.org/
@@ -674,48 +666,6 @@ AddDefaultCharset utf-8
     Header always set X-Content-Type-Options "nosniff"
 </IfModule>
 
-# ----------------------------------------------------------------------
-# | Cross-Site Scripting (XSS) Protection                              |
-# ----------------------------------------------------------------------
-
-# Protect website reflected Cross-Site Scripting (XSS) attacks.
-#
-# (1) Try to re-enable the cross-site scripting (XSS) filter built into most
-#     web browsers.
-#
-#     The filter is usually enabled by default, but in some cases, it may be
-#     disabled by the user. However, in Internet Explorer, for example, it can
-#     be re-enabled just by sending the `X-XSS-Protection` header with the
-#     value of `1`.
-#
-# (2) Prevent web browsers from rendering the web page if a potential reflected
-#     (a.k.a non-persistent) XSS attack is detected by the filter.
-#
-#     By default, if the filter is enabled and browsers detect a reflected XSS
-#     attack, they will attempt to block the attack by making the smallest
-#     possible modifications to the returned web page.
-#
-#     Unfortunately, in some browsers (e.g.: Internet Explorer), this default
-#     behavior may allow the XSS filter to be exploited. Therefore, it's better
-#     to inform browsers to prevent the rendering of the page altogether,
-#     instead of attempting to modify it.
-#
-#     https://hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities
-#
-# (!) Do not rely on the XSS filter to prevent XSS attacks! Ensure that you are
-#     taking all possible measures to prevent XSS attacks, the most obvious
-#     being: validating and sanitizing your website's inputs.
-#
-# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
-# https://blogs.msdn.microsoft.com/ie/2008/07/02/ie8-security-part-iv-the-xss-filter/
-# https://blogs.msdn.microsoft.com/ieinternals/2011/01/31/controlling-the-xss-filter/
-# https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29
-
-# <IfModule mod_headers.c>
-#     #                           (1)    (2)
-#     Header always set X-XSS-Protection "1; mode=block" "expr=%{CONTENT_TYPE} =~ m#text/html#i"
-# </IfModule>
-
 # ----------------------------------------------------------------------
 # | Referrer Policy                                                    |
 # ----------------------------------------------------------------------
@@ -735,14 +685,89 @@ AddDefaultCharset utf-8
 # https://securityheaders.com/
 # https://observatory.mozilla.org/
 #
-# https://scotthelme.co.uk/a-new-security-header-referrer-policy/
+# https://www.w3.org/TR/referrer-policy/
+# https://owasp.org/www-project-secure-headers/#referrer-policy
 # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
+# https://scotthelme.co.uk/a-new-security-header-referrer-policy/
 
 # <IfModule mod_headers.c>
 #     #                                                             (1)
 #     Header always set Referrer-Policy "strict-origin-when-cross-origin" "expr=%{CONTENT_TYPE} =~ m#text\/(css|html|javascript)|application\/pdf|xml#i"
 # </IfModule>
 
+# ----------------------------------------------------------------------
+# | Cross Origin Policy                                                |
+# ----------------------------------------------------------------------
+
+# Set strict a Cross Origin Policy to mitigate information leakage.
+#
+# (1) Cross-Origin-Embedder-Policy prevents a document from loading any
+#     cross-origin resources that don’t explicitly grant the document
+#     permission.
+#     https://html.spec.whatwg.org/multipage/origin.html#coep
+#     https://owasp.org/www-project-secure-headers/#cross-origin-embedder-policy
+#     https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Embedder-Policy
+#
+# (2) Cross-Origin-Opener-Policy allows you to ensure a top-level document does
+#     not share a browsing context group with cross-origin documents.
+#     https://html.spec.whatwg.org/multipage/origin.html#cross-origin-opener-policies
+#     https://owasp.org/www-project-secure-headers/#cross-origin-opener-policy
+#     https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy
+#
+# (3) Cross-Origin-Resource-Policy allows to define a policy that lets web
+#     sites and applications opt in to protection against certain requests from
+#     other origins, to mitigate speculative side-channel attacks.
+#     https://fetch.spec.whatwg.org/#cross-origin-resource-policy-header
+#     https://owasp.org/www-project-secure-headers/#cross-origin-resource-policy
+#     https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Resource-Policy
+#     https://resourcepolicy.fyi/
+#
+# To check your Cross Origin Policy, you can use an online service, such as:
+# https://securityheaders.com/
+# https://observatory.mozilla.org/
+#
+# https://web.dev/coop-coep/
+# https://web.dev/why-coop-coep/
+# https://web.dev/cross-origin-isolation-guide/
+# https://scotthelme.co.uk/coop-and-coep/
+
+# <IfModule mod_headers.c>
+#     # (1)
+#     Header always set Cross-Origin-Embedder-Policy "require-corp" "expr=%{CONTENT_TYPE} =~ m#text\/(html|javascript)|application\/pdf|xml#i"
+
+#     # (2)
+#     Header always set Cross-Origin-Opener-Policy "same-origin" "expr=%{CONTENT_TYPE} =~ m#text\/(html|javascript)|application\/pdf|xml#i"
+
+#     # (3)
+#     Header always set Cross-Origin-Resource-Policy "same-origin" "expr=%{CONTENT_TYPE} =~ m#text\/(html|javascript)|application\/pdf|xml#i"
+# </IfModule>
+
+# ----------------------------------------------------------------------
+# | Permissions Policy                                                 |
+# ----------------------------------------------------------------------
+
+# Set a strict Permissions Policy to mitigate access to browser features.
+#
+# The header uses a structured syntax, and allows sites to more tightly
+# restrict which origins can be granted access to features.
+# The list of available features: https://github.com/w3c/webappsec-permissions-policy/blob/main/features.md
+#
+# The example policy below aims to disable all features expect synchronous
+# `XMLHttpRequest` requests on the same origin.
+#
+# To check your Permissions Policy, you can use an online service, such as:
+# https://securityheaders.com/
+# https://observatory.mozilla.org/
+#
+# https://www.w3.org/TR/permissions-policy-1/
+# https://owasp.org/www-project-secure-headers/#permissions-policy
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy
+# https://scotthelme.co.uk/a-new-security-header-feature-policy/
+
+# <IfModule mod_headers.c>
+#     Header always set Permissions-Policy "accelerometer=(),autoplay=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),publickey-credentials-get=(),screen-wake-lock=(),sync-xhr=(self),usb=(),web-share=(),xr-spatial-tracking=()" "expr=%{CONTENT_TYPE} =~ m#text\/(html|javascript)|application\/pdf|xml#i"
+# </IfModule>
+
 # ----------------------------------------------------------------------
 # | Disable TRACE HTTP Method                                          |
 # ----------------------------------------------------------------------
@@ -1138,6 +1163,7 @@ FileETag None
     ExpiresByType image/bmp                             "access plus 1 month"
     ExpiresByType image/gif                             "access plus 1 month"
     ExpiresByType image/jpeg                            "access plus 1 month"
+    ExpiresByType image/jxl                             "access plus 1 month"
     ExpiresByType image/png                             "access plus 1 month"
     ExpiresByType image/svg+xml                         "access plus 1 month"
     ExpiresByType image/webp                            "access plus 1 month"
@@ -1230,5 +1256,5 @@ FileETag None
 # <IfModule mod_rewrite.c>
 #     RewriteEngine On
 #     RewriteCond %{REQUEST_FILENAME} !-f
-#     RewriteRule ^(.+)\.(\w+)\.(avifs?|bmp|css|cur|gif|ico|jpe?g|m?js|a?png|svgz?|webp|webmanifest)$ $1.$3 [L]
+#     RewriteRule ^(.+)\.(\w+)\.(avifs?|bmp|css|cur|gif|ico|jpe?g|jxl|m?js|a?png|svgz?|webp|webmanifest)$ $1.$3 [L]
 # </IfModule>
diff --git a/etc/httpd/extra/httpd-manual.conf b/etc/httpd/extra/httpd-manual.conf
index a94e2ff6..961e370e 100644
--- a/etc/httpd/extra/httpd-manual.conf
+++ b/etc/httpd/extra/httpd-manual.conf
@@ -8,9 +8,9 @@
 #                   mod_setenvif, mod_negotiation
 #
 
-AliasMatch ^/manual(?:/(?:da|de|en|es|fr|ja|ko|pt-br|ru|tr|zh-cn))?(/.*)?$ "/usr/local/Cellar/httpd/2.4.37_1/share/httpd/manual$1"
+AliasMatch ^/manual(?:/(?:da|de|en|es|fr|ja|ko|pt-br|ru|tr|zh-cn))?(/.*)?$ "/opt/homebrew/Cellar/httpd/2.4.51/share/httpd/manual$1"
 
-<Directory "/usr/local/Cellar/httpd/2.4.37_1/share/httpd/manual">
+<Directory "/opt/homebrew/Cellar/httpd/2.4.51/share/httpd/manual">
     Options Indexes
     AllowOverride None
     Require all granted
diff --git a/etc/httpd/extra/httpd-mpm.conf b/etc/httpd/extra/httpd-mpm.conf
index 06248899..0c79c069 100644
--- a/etc/httpd/extra/httpd-mpm.conf
+++ b/etc/httpd/extra/httpd-mpm.conf
@@ -9,7 +9,7 @@
 # Note that this is the default PidFile for most MPMs.
 #
 <IfModule !mpm_netware_module>
-    PidFile "/usr/local/var/run/httpd/httpd.pid"
+    PidFile "/opt/homebrew/var/run/httpd/httpd.pid"
 </IfModule>
 
 #
diff --git a/etc/httpd/extra/httpd-multilang-errordoc.conf b/etc/httpd/extra/httpd-multilang-errordoc.conf
index e721f6d9..2ba71a48 100644
--- a/etc/httpd/extra/httpd-multilang-errordoc.conf
+++ b/etc/httpd/extra/httpd-multilang-errordoc.conf
@@ -15,14 +15,14 @@
 #   Alias /error/include/ "/your/include/path/"
 #
 # which allows you to create your own set of files by starting with the
-# /usr/local/opt/httpd/share/httpd/error/include/ files and copying them to /your/include/path/, 
+# /opt/homebrew/opt/httpd/share/httpd/error/include/ files and copying them to /your/include/path/, 
 # even on a per-VirtualHost basis.  The default include files will display
 # your Apache version number and your ServerAdmin email address regardless
 # of the setting of ServerSignature.
 
-Alias /error/ "/usr/local/opt/httpd/share/httpd/error/"
+Alias /error/ "/opt/homebrew/opt/httpd/share/httpd/error/"
 
-<Directory "/usr/local/opt/httpd/share/httpd/error">
+<Directory "/opt/homebrew/opt/httpd/share/httpd/error">
     AllowOverride None
     Options IncludesNoExec
     AddOutputFilter Includes html
diff --git a/etc/httpd/extra/httpd-ssl.conf b/etc/httpd/extra/httpd-ssl.conf
index 8ed6eeb2..50b9fdaf 100644
--- a/etc/httpd/extra/httpd-ssl.conf
+++ b/etc/httpd/extra/httpd-ssl.conf
@@ -1,12 +1,116 @@
+#
+# This is the Apache server configuration file providing SSL support.
+# It contains the configuration directives to instruct the server how to
+# serve pages over an https connection. For detailed information about these 
+# directives see <URL:http://httpd.apache.org/docs/2.4/mod/mod_ssl.html>
+# 
+# Do NOT simply read the instructions in here without understanding
+# what they do.  They're here only as hints or reminders.  If you are unsure
+# consult the online docs. You have been warned.  
+#
+# Required modules: mod_log_config, mod_setenvif, mod_ssl,
+#          socache_shmcb_module (for default value of SSLSessionCache)
+
+#
+# Pseudo Random Number Generator (PRNG):
+# Configure one or more sources to seed the PRNG of the SSL library.
+# The seed data should be of good random quality.
+# WARNING! On some platforms /dev/random blocks if not enough entropy
+# is available. This means you then cannot use the /dev/random device
+# because it would lead to very long connection times (as long as
+# it requires to make more entropy available). But usually those
+# platforms additionally provide a /dev/urandom device which doesn't
+# block. So, if available, use this one instead. Read the mod_ssl User
+# Manual for more details.
+#
+#SSLRandomSeed startup file:/dev/random  512
+#SSLRandomSeed startup file:/dev/urandom 512
+#SSLRandomSeed connect file:/dev/random  512
+#SSLRandomSeed connect file:/dev/urandom 512
+
+
+#
+# When we also provide SSL we have to listen to the 
+# standard HTTP port (see above) and to the HTTPS port
+#
 Listen 443
 
+##
+##  SSL Global Context
+##
+##  All SSL configuration in this context applies both to
+##  the main server and all SSL-enabled virtual hosts.
+##
+
+#   SSL Cipher Suite:
+#   List the ciphers that the client is permitted to negotiate,
+#   and that httpd will negotiate as the client of a proxied server.
+#   See the OpenSSL documentation for a complete list of ciphers, and
+#   ensure these follow appropriate best practices for this deployment.
+#   httpd 2.2.30, 2.4.13 and later force-disable aNULL, eNULL and EXP ciphers,
+#   while OpenSSL disabled these by default in 0.9.8zf/1.0.0r/1.0.1m/1.0.2a.
 SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
 SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
+
+#  By the end of 2016, only TLSv1.2 ciphers should remain in use.
+#  Older ciphers should be disallowed as soon as possible, while the
+#  kRSA ciphers do not offer forward secrecy.  These changes inhibit
+#  older clients (such as IE6 SP2 or IE8 on Windows XP, or other legacy
+#  non-browser tooling) from successfully connecting.  
+#
+#  To restrict mod_ssl to use only TLSv1.2 ciphers, and disable
+#  those protocols which do not support forward secrecy, replace
+#  the SSLCipherSuite and SSLProxyCipherSuite directives above with
+#  the following two directives, as soon as practical.
+# SSLCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA
+# SSLProxyCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA
+
+#   User agents such as web browsers are not configured for the user's
+#   own preference of either security or performance, therefore this
+#   must be the prerogative of the web server administrator who manages
+#   cpu load versus confidentiality, so enforce the server's cipher order.
 SSLHonorCipherOrder on 
-SSLVerifyClient none
+
+#   SSL Protocol support:
+#   List the protocol versions which clients are allowed to connect with.
+#   Disable SSLv3 by default (cf. RFC 7525 3.1.1).  TLSv1 (1.0) should be
+#   disabled as quickly as practical.  By the end of 2016, only the TLSv1.2
+#   protocol or later should remain in use.
 SSLProtocol all -SSLv3
 SSLProxyProtocol all -SSLv3
+
+#   Pass Phrase Dialog:
+#   Configure the pass phrase gathering process.
+#   The filtering dialog program (`builtin' is an internal
+#   terminal dialog) has to provide the pass phrase on stdout.
 SSLPassPhraseDialog  builtin
-SSLSessionCache "shmcb:/usr/local/var/run/httpd/ssl_scache(512000)"
-SSLSessionCacheTimeout 300
+
+#   Inter-Process Session Cache:
+#   Configure the SSL Session Cache: First the mechanism 
+#   to use and second the expiring timeout (in seconds).
+#SSLSessionCache         "dbm:/opt/homebrew/var/run/httpd/ssl_scache"
+SSLSessionCache        "shmcb:/opt/homebrew/var/run/httpd/ssl_scache(512000)"
+SSLSessionCacheTimeout  300
+
+#   OCSP Stapling (requires OpenSSL 0.9.8h or later)
+#
+#   This feature is disabled by default and requires at least
+#   the two directives SSLUseStapling and SSLStaplingCache.
+#   Refer to the documentation on OCSP Stapling in the SSL/TLS
+#   How-To for more information.
+#
+#   Enable stapling for all SSL-enabled servers:
+#SSLUseStapling On
+
+#   Define a relatively small cache for OCSP Stapling using
+#   the same mechanism that is used for the SSL session cache
+#   above.  If stapling is used with more than a few certificates,
+#   the size may need to be increased.  (AH01929 will be logged.)
+#SSLStaplingCache "shmcb:/opt/homebrew/var/run/httpd/ssl_stapling(32768)"
+
+#   Seconds before valid OCSP responses are expired from the cache
+#SSLStaplingStandardCacheTimeout 3600
+
+#   Seconds before invalid OCSP responses are expired from the cache
+#SSLStaplingErrorCacheTimeout 600
 
diff --git a/etc/httpd/extra/httpd-vhosts.conf b/etc/httpd/extra/httpd-vhosts.conf
index 00179989..e4c131f5 100644
--- a/etc/httpd/extra/httpd-vhosts.conf
+++ b/etc/httpd/extra/httpd-vhosts.conf
@@ -22,7 +22,7 @@
   # Header always set Strict-Transport-Security "max-age=15768000"
 
   # html boilerplate configs, gzip etc
-  Include /usr/local/etc/httpd/extra/httpd-h5bp-server-configs.conf
+  Include /opt/homebrew/etc/httpd/extra/httpd-h5bp-server-configs.conf
 
   <FilesMatch "\.(cgi|shtml|phtml|php)$">
     SSLOptions +StdEnvVars
diff --git a/etc/httpd/httpd.conf b/etc/httpd/httpd.conf
index da531cc2..471a2bb3 100644
--- a/etc/httpd/httpd.conf
+++ b/etc/httpd/httpd.conf
@@ -1,6 +1,68 @@
-ServerRoot "/usr/local/opt/httpd"
+#
+# This is the main Apache HTTP server configuration file.  It contains the
+# configuration directives that give the server its instructions.
+# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
+# In particular, see 
+# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
+# for a discussion of each configuration directive.
+#
+# Do NOT simply read the instructions in here without understanding
+# what they do.  They're here only as hints or reminders.  If you are unsure
+# consult the online docs. You have been warned.  
+#
+# Configuration and logfile names: If the filenames you specify for many
+# of the server's control files begin with "/" (or "drive:/" for Win32), the
+# server will use that explicit path.  If the filenames do *not* begin
+# with "/", the value of ServerRoot is prepended -- so "logs/access_log"
+# with ServerRoot set to "/usr/local/apache2" will be interpreted by the
+# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log" 
+# will be interpreted as '/logs/access_log'.
+
+#
+# ServerRoot: The top of the directory tree under which the server's
+# configuration, error, and log files are kept.
+#
+# Do not add a slash at the end of the directory path.  If you point
+# ServerRoot at a non-local disk, be sure to specify a local disk on the
+# Mutex directive, if file-based mutexes are used.  If you wish to share the
+# same ServerRoot for multiple httpd daemons, you will need to change at
+# least PidFile.
+#
+ServerRoot "/opt/homebrew/opt/httpd"
+
+#
+# Mutex: Allows you to set the mutex mechanism and mutex file directory
+# for individual mutexes, or change the global defaults
+#
+# Uncomment and change the directory if mutexes are file-based and the default
+# mutex file directory is not on a local disk or is not appropriate for some
+# other reason.
+#
+# Mutex default:/opt/homebrew/var/run/httpd
+
+#
+# Listen: Allows you to bind Apache to specific IP addresses and/or
+# ports, instead of the default. See also the <VirtualHost>
+# directive.
+#
+# Change this to Listen on specific IP addresses as shown below to 
+# prevent Apache from glomming onto all bound IP addresses.
+#
+#Listen 12.34.56.78:80
 Listen 80
 
+#
+# Dynamic Shared Object (DSO) Support
+#
+# To be able to use the functionality of a module which was built as a DSO you
+# have to place corresponding `LoadModule' lines at this location so the
+# directives contained in it are actually available _before_ they are used.
+# Statically compiled modules (those listed by `httpd -l') do not need
+# to be loaded here.
+#
+# Example:
+# LoadModule foo_module modules/mod_foo.so
+#
 LoadModule mpm_event_module lib/httpd/modules/mod_mpm_event.so
 #LoadModule mpm_prefork_module lib/httpd/modules/mod_mpm_prefork.so
 #LoadModule mpm_worker_module lib/httpd/modules/mod_mpm_worker.so
@@ -30,6 +92,7 @@ LoadModule auth_basic_module lib/httpd/modules/mod_auth_basic.so
 LoadModule socache_shmcb_module lib/httpd/modules/mod_socache_shmcb.so
 #LoadModule socache_dbm_module lib/httpd/modules/mod_socache_dbm.so
 #LoadModule socache_memcache_module lib/httpd/modules/mod_socache_memcache.so
+#LoadModule socache_redis_module lib/httpd/modules/mod_socache_redis.so
 #LoadModule watchdog_module lib/httpd/modules/mod_watchdog.so
 #LoadModule macro_module lib/httpd/modules/mod_macro.so
 #LoadModule dbd_module lib/httpd/modules/mod_dbd.so
@@ -87,7 +150,6 @@ LoadModule proxy_fcgi_module lib/httpd/modules/mod_proxy_fcgi.so
 LoadModule ssl_module lib/httpd/modules/mod_ssl.so
 #LoadModule dialup_module lib/httpd/modules/mod_dialup.so
 LoadModule http2_module lib/httpd/modules/mod_http2.so
-#LoadModule md_module lib/httpd/modules/mod_md.so
 #LoadModule lbmethod_byrequests_module lib/httpd/modules/mod_lbmethod_byrequests.so
 #LoadModule lbmethod_bytraffic_module lib/httpd/modules/mod_lbmethod_bytraffic.so
 #LoadModule lbmethod_bybusyness_module lib/httpd/modules/mod_lbmethod_bybusyness.so
@@ -119,81 +181,374 @@ LoadModule alias_module lib/httpd/modules/mod_alias.so
 LoadModule rewrite_module lib/httpd/modules/mod_rewrite.so
 
 <IfModule unixd_module>
-  User webgefrickel
-  Group staff
+#
+# If you wish httpd to run as a different user or group, you must run
+# httpd as root initially and it will switch.  
+#
+# User/Group: The name (or #number) of the user/group to run httpd as.
+# It is usually good practice to create a dedicated user and group for
+# running httpd, as with most system services.
+#
+User webgefrickel
+Group staff
+
 </IfModule>
 
+# 'Main' server configuration
+#
+# The directives in this section set up the values used by the 'main'
+# server, which responds to any requests that aren't handled by a
+# <VirtualHost> definition.  These values also provide defaults for
+# any <VirtualHost> containers you may define later in the file.
+#
+# All of these directives may appear inside <VirtualHost> containers,
+# in which case these default settings will be overridden for the
+# virtual host being defined.
+#
+
+#
+# ServerAdmin: Your address, where problems with the server should be
+# e-mailed.  This address appears on some server-generated pages, such
+# as error documents.  e.g. admin@your-domain.com
+#
 ServerAdmin kontakt@webgefrickel.de
 ServerName localhost
 
+#
+# ServerName gives the name and port that the server uses to identify itself.
+# This can often be determined automatically, but we recommend you specify
+# it explicitly to prevent problems during startup.
+#
+# If your host doesn't have a registered DNS name, enter its IP address here.
+#
+#ServerName www.example.com:8080
+
+#
+# Deny access to the entirety of your server's filesystem. You must
+# explicitly permit access to web content directories in other 
+# <Directory> blocks below.
+#
 <Directory />
-  AllowOverride none
-  Require all denied
+    AllowOverride none
+    Require all denied
 </Directory>
 
-DocumentRoot "/Users/webgefrickel/Sites"
+#
+# Note that from this point forward you must specifically allow
+# particular features to be enabled - so if something's not working as
+# you might expect, make sure that you have specifically enabled it
+# below.
+#
 
+#
+# DocumentRoot: The directory out of which you will serve your
+# documents. By default, all requests are taken from this directory, but
+# symbolic links and aliases may be used to point to other locations.
+#
+DocumentRoot "/Users/webgefrickel/Sites"
 <Directory "/Users/webgefrickel/Sites">
-  DirectoryIndex index.php index.html index.htm
-  Options Indexes FollowSymLinks MultiViews
-  AllowOverride All
-  Require all granted
+    DirectoryIndex index.php index.html index.htm
+    #
+    # Possible values for the Options directive are "None", "All",
+    # or any combination of:
+    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
+    #
+    # Note that "MultiViews" must be named *explicitly* --- "Options All"
+    # doesn't give it to you.
+    #
+    # The Options directive is both complicated and important.  Please see
+    # http://httpd.apache.org/docs/2.4/mod/core.html#options
+    # for more information.
+    #
+    Options Indexes FollowSymLinks MultiViews
+
+    #
+    # AllowOverride controls what directives may be placed in .htaccess files.
+    # It can be "All", "None", or any combination of the keywords:
+    #   AllowOverride FileInfo AuthConfig Limit
+    #
+    AllowOverride All
+
+    #
+    # Controls who can get stuff from this server.
+    #
+    Require all granted
 </Directory>
 
 <FilesMatch \.php$>
   SetHandler proxy:fcgi://localhost:9000
 </FilesMatch>
 
+#
+# DirectoryIndex: sets the file that Apache will serve if a directory
+# is requested.
+#
 <IfModule dir_module>
-  DirectoryIndex index.html
+    DirectoryIndex index.html
 </IfModule>
 
+#
+# The following lines prevent .htaccess and .htpasswd files from being 
+# viewed by Web clients. 
+#
 <Files ".ht*">
-  Require all denied
+    Require all denied
 </Files>
 
+#
+# ErrorLog: The location of the error log file.
+# If you do not specify an ErrorLog directive within a <VirtualHost>
+# container, error messages relating to that virtual host will be
+# logged here.  If you *do* define an error logfile for a <VirtualHost>
+# container, that host's errors will be logged there and not here.
+#
 ErrorLog "/Users/webgefrickel/Sites/__dev/error_log"
+
+#
+# LogLevel: Control the number of messages logged to the error_log.
+# Possible values include: debug, info, notice, warn, error, crit,
+# alert, emerg.
+#
 LogLevel warn
 
 <IfModule log_config_module>
-  LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
-  LogFormat "%h %l %u %t \"%r\" %>s %b" common
+    #
+    # The following directives define some format nicknames for use with
+    # a CustomLog directive (see below).
+    #
+    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+    LogFormat "%h %l %u %t \"%r\" %>s %b" common
+
+    <IfModule logio_module>
+      # You need to enable mod_logio.c to use %I and %O
+      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
+    </IfModule>
 
-  <IfModule logio_module>
-    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
-  </IfModule>
+    #
+    # The location and format of the access logfile (Common Logfile Format).
+    # If you do not define any access logfiles within a <VirtualHost>
+    # container, they will be logged here.  Contrariwise, if you *do*
+    # define per-<VirtualHost> access logfiles, transactions will be
+    # logged therein and *not* in this file.
+    #
+    CustomLog "/Users/webgefrickel/Sites/__dev/access_log" common
 
-  CustomLog "/Users/webgefrickel/Sites/__dev/access_log" common
+    #
+    # If you prefer a logfile with access, agent, and referer information
+    # (Combined Logfile Format) you can use the following directive.
+    #
+    #CustomLog "/opt/homebrew/var/log/httpd/access_log" combined
 </IfModule>
 
 <IfModule alias_module>
-  ScriptAlias /cgi-bin/ "/usr/local/var/www/cgi-bin/"
+    #
+    # Redirect: Allows you to tell clients about documents that used to 
+    # exist in your server's namespace, but do not anymore. The client 
+    # will make a new request for the document at its new location.
+    # Example:
+    # Redirect permanent /foo http://www.example.com/bar
+
+    #
+    # Alias: Maps web paths into filesystem paths and is used to
+    # access content that does not live under the DocumentRoot.
+    # Example:
+    # Alias /webpath /full/filesystem/path
+    #
+    # If you include a trailing / on /webpath then the server will
+    # require it to be present in the URL.  You will also likely
+    # need to provide a <Directory> section to allow access to
+    # the filesystem path.
+
+    #
+    # ScriptAlias: This controls which directories contain server scripts. 
+    # ScriptAliases are essentially the same as Aliases, except that
+    # documents in the target directory are treated as applications and
+    # run by the server when requested rather than as documents sent to the
+    # client.  The same rules about trailing "/" apply to ScriptAlias
+    # directives as to Alias.
+    #
+    ScriptAlias /cgi-bin/ "/opt/homebrew/var/www/cgi-bin/"
+
+</IfModule>
+
+<IfModule cgid_module>
+    #
+    # ScriptSock: On threaded servers, designate the path to the UNIX
+    # socket used to communicate with the CGI daemon of mod_cgid.
+    #
+    #Scriptsock cgisock
 </IfModule>
 
-<Directory "/usr/local/var/www/cgi-bin">
+#
+# "/opt/homebrew/var/www/cgi-bin" should be changed to whatever your ScriptAliased
+# CGI directory exists, if you have that configured.
+#
+<Directory "/opt/homebrew/var/www/cgi-bin">
     AllowOverride None
     Options None
     Require all granted
 </Directory>
 
 <IfModule headers_module>
-  RequestHeader unset Proxy early
+    #
+    # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
+    # backend servers which have lingering "httpoxy" defects.
+    # 'Proxy' request header is undefined by the IETF, not listed by IANA
+    #
+    RequestHeader unset Proxy early
 </IfModule>
 
 <IfModule mime_module>
-    TypesConfig /usr/local/etc/httpd/mime.types
+    #
+    # TypesConfig points to the file containing the list of mappings from
+    # filename extension to MIME-type.
+    #
+    TypesConfig /opt/homebrew/etc/httpd/mime.types
+
+    #
+    # AddType allows you to add to or override the MIME configuration
+    # file specified in TypesConfig for specific file types.
+    #
+    #AddType application/x-gzip .tgz
+    #
+    # AddEncoding allows you to have certain browsers uncompress
+    # information on the fly. Note: Not all browsers support this.
+    #
+    #AddEncoding x-compress .Z
+    #AddEncoding x-gzip .gz .tgz
+    #
+    # If the AddEncoding directives above are commented-out, then you
+    # probably should define those extensions to indicate media types:
+    #
     AddType application/x-compress .Z
     AddType application/x-gzip .gz .tgz
+
+    #
+    # AddHandler allows you to map certain file extensions to "handlers":
+    # actions unrelated to filetype. These can be either built into the server
+    # or added with the Action directive (see below)
+    #
+    # To use CGI scripts outside of ScriptAliased directories:
+    # (You will also need to add "ExecCGI" to the "Options" directive.)
+    #
+    #AddHandler cgi-script .cgi
+
+    # For type maps (negotiated resources):
+    #AddHandler type-map var
+
+    #
+    # Filters allow you to process content before it is sent to the client.
+    #
+    # To parse .shtml files for server-side includes (SSI):
+    # (You will also need to add "Includes" to the "Options" directive.)
+    #
+    #AddType text/html .shtml
+    #AddOutputFilter INCLUDES .shtml
 </IfModule>
 
+#
+# The mod_mime_magic module allows the server to use various hints from the
+# contents of the file itself to determine its type.  The MIMEMagicFile
+# directive tells the module where the hint definitions are located.
+#
+#MIMEMagicFile /opt/homebrew/etc/httpd/magic
+
+#
+# Customizable error responses come in three flavors:
+# 1) plain text 2) local redirects 3) external redirects
+#
+# Some examples:
+#ErrorDocument 500 "The server made a boo boo."
+#ErrorDocument 404 /missing.html
+#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
+#ErrorDocument 402 http://www.example.com/subscription_info.html
+#
+
+#
+# MaxRanges: Maximum number of Ranges in a request before
+# returning the entire resource, or one of the special
+# values 'default', 'none' or 'unlimited'.
+# Default setting is to accept 200 Ranges.
+#MaxRanges unlimited
+
+#
+# EnableMMAP and EnableSendfile: On systems that support it, 
+# memory-mapping or the sendfile syscall may be used to deliver
+# files.  This usually improves server performance, but must
+# be turned off when serving from networked-mounted 
+# filesystems or if support for these functions is otherwise
+# broken on your system.
+# Defaults: EnableMMAP On, EnableSendfile Off
+#
+#EnableMMAP off
+#EnableSendfile on
+
+# Supplemental configuration
+#
+# The configuration files in the /opt/homebrew/etc/httpd/extra/ directory can be 
+# included to add extra features or to modify the default configuration of 
+# the server, or you may simply copy their contents here and change as 
+# necessary.
+
+# Server-pool management (MPM specific)
+#Include /opt/homebrew/etc/httpd/extra/httpd-mpm.conf
+
+# Multi-language error messages
+#Include /opt/homebrew/etc/httpd/extra/httpd-multilang-errordoc.conf
+
+# Fancy directory listings
+#Include /opt/homebrew/etc/httpd/extra/httpd-autoindex.conf
+
+# Language settings
+#Include /opt/homebrew/etc/httpd/extra/httpd-languages.conf
+
+# User home directories
+#Include /opt/homebrew/etc/httpd/extra/httpd-userdir.conf
+
+# Real-time info on requests and configuration
+#Include /opt/homebrew/etc/httpd/extra/httpd-info.conf
+
+# Virtual hosts
+#Include /opt/homebrew/etc/httpd/extra/httpd-vhosts.conf
+
+# Local access to the Apache HTTP Server Manual
+#Include /opt/homebrew/etc/httpd/extra/httpd-manual.conf
+
+# Distributed authoring and versioning (WebDAV)
+#Include /opt/homebrew/etc/httpd/extra/httpd-dav.conf
+
+# Various default settings
+#Include /opt/homebrew/etc/httpd/extra/httpd-default.conf
+
+# Configure mod_proxy_html to understand HTML4/XHTML1
+<IfModule proxy_html_module>
+Include /opt/homebrew/etc/httpd/extra/proxy-html.conf
+</IfModule>
+
+# Secure (SSL/TLS) connections
+#Include /opt/homebrew/etc/httpd/extra/httpd-ssl.conf
+#
+# Note: The following must must be present to support
+#       starting without SSL on platforms with no /dev/random equivalent
+#       but a statically compiled-in mod_ssl.
+#
+<IfModule ssl_module>
+SSLRandomSeed startup builtin
+SSLRandomSeed connect builtin
+</IfModule>
+
+
+
+### MORE CUSTOM ADDITIONS
+
 #Include /usr/local/etc/httpd/extra/httpd-languages.conf
-Include /usr/local/etc/httpd/extra/httpd-default.conf
-Include /usr/local/etc/httpd/extra/httpd-mpm.conf
-Include /usr/local/etc/httpd/extra/httpd-autoindex.conf
-Include /usr/local/etc/httpd/extra/httpd-vhosts.conf
+Include /opt/homebrew/etc/httpd/extra/httpd-default.conf
+Include /opt/homebrew/etc/httpd/extra/httpd-mpm.conf
+Include /opt/homebrew/etc/httpd/extra/httpd-autoindex.conf
+Include /opt/homebrew/etc/httpd/extra/httpd-vhosts.conf
 
 # Secure (SSL/TLS) connections
-Include /usr/local/etc/httpd/extra/httpd-ssl.conf
+Include /opt/homebrew/etc/httpd/extra/httpd-ssl.conf
 #
 # Note: The following must must be present to support
 #       starting without SSL on platforms with no /dev/random equivalent
diff --git a/etc/httpd/magic b/etc/httpd/magic
index 7c56119e..bc891d93 100644
--- a/etc/httpd/magic
+++ b/etc/httpd/magic
@@ -87,7 +87,7 @@
 # Microsoft WAVE format (*.wav)
 # [GRR 950115:  probably all of the shorts and longs should be leshort/lelong]
 #					Microsoft RIFF
-0	string		RIFF		audio/unknown
+0	string		RIFF		
 #					- WAVE format
 >8	string		WAVE		audio/x-wav
 # MPEG audio.
diff --git a/etc/httpd/original/extra/httpd-autoindex.conf b/etc/httpd/original/extra/httpd-autoindex.conf
new file mode 100644
index 00000000..8ec60f8c
--- /dev/null
+++ b/etc/httpd/original/extra/httpd-autoindex.conf
@@ -0,0 +1,93 @@
+#
+# Directives controlling the display of server-generated directory listings.
+#
+# Required modules: mod_authz_core, mod_authz_host,
+#                   mod_autoindex, mod_alias
+#
+# To see the listing of a directory, the Options directive for the
+# directory must include "Indexes", and the directory must not contain
+# a file matching those listed in the DirectoryIndex directive.
+#
+
+#
+# IndexOptions: Controls the appearance of server-generated directory
+# listings.
+#
+IndexOptions FancyIndexing HTMLTable VersionSort
+
+# We include the /icons/ alias for FancyIndexed directory listings.  If
+# you do not use FancyIndexing, you may comment this out.
+#
+Alias /icons/ "/opt/homebrew/opt/httpd/share/httpd/icons/"
+
+<Directory "/opt/homebrew/opt/httpd/share/httpd/icons">
+    Options Indexes MultiViews
+    AllowOverride None
+    Require all granted
+</Directory>
+
+#
+# AddIcon* directives tell the server which icon to show for different
+# files or filename extensions.  These are only displayed for
+# FancyIndexed directories.
+#
+AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
+
+AddIconByType (TXT,/icons/text.gif) text/*
+AddIconByType (IMG,/icons/image2.gif) image/*
+AddIconByType (SND,/icons/sound2.gif) audio/*
+AddIconByType (VID,/icons/movie.gif) video/*
+
+AddIcon /icons/binary.gif .bin .exe
+AddIcon /icons/binhex.gif .hqx
+AddIcon /icons/tar.gif .tar
+AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
+AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
+AddIcon /icons/a.gif .ps .ai .eps
+AddIcon /icons/layout.gif .html .shtml .htm .pdf
+AddIcon /icons/text.gif .txt
+AddIcon /icons/c.gif .c
+AddIcon /icons/p.gif .pl .py
+AddIcon /icons/f.gif .for
+AddIcon /icons/dvi.gif .dvi
+AddIcon /icons/uuencoded.gif .uu
+AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
+AddIcon /icons/tex.gif .tex
+AddIcon /icons/bomb.gif core
+
+AddIcon /icons/back.gif ..
+AddIcon /icons/hand.right.gif README
+AddIcon /icons/folder.gif ^^DIRECTORY^^
+AddIcon /icons/blank.gif ^^BLANKICON^^
+
+#
+# DefaultIcon is which icon to show for files which do not have an icon
+# explicitly set.
+#
+DefaultIcon /icons/unknown.gif
+
+#
+# AddDescription allows you to place a short description after a file in
+# server-generated indexes.  These are only displayed for FancyIndexed
+# directories.
+# Format: AddDescription "description" filename
+#
+#AddDescription "GZIP compressed document" .gz
+#AddDescription "tar archive" .tar
+#AddDescription "GZIP compressed tar archive" .tgz
+
+#
+# ReadmeName is the name of the README file the server will look for by
+# default, and append to directory listings.
+#
+# HeaderName is the name of a file which should be prepended to
+# directory indexes. 
+ReadmeName README.html
+HeaderName HEADER.html
+
+#
+# IndexIgnore is a set of filenames which directory indexing should ignore
+# and not include in the listing.  Shell-style wildcarding is permitted.
+#
+IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
+
diff --git a/etc/httpd/original/extra/httpd-dav.conf b/etc/httpd/original/extra/httpd-dav.conf
new file mode 100644
index 00000000..356bf196
--- /dev/null
+++ b/etc/httpd/original/extra/httpd-dav.conf
@@ -0,0 +1,50 @@
+#
+# Distributed authoring and versioning (WebDAV)
+#
+# Required modules: mod_alias, mod_auth_digest, mod_authn_core, mod_authn_file,
+#                   mod_authz_core, mod_authz_user, mod_dav, mod_dav_fs,
+#                   mod_setenvif
+
+# The following example gives DAV write access to a directory called
+# "uploads" under the ServerRoot directory.
+#
+# The User/Group specified in httpd.conf needs to have write permissions
+# on the directory where the DavLockDB is placed and on any directory where
+# "Dav On" is specified.
+
+DavLockDB "/opt/homebrew/opt/httpd/var/DavLock"
+
+Alias /uploads "/opt/homebrew/opt/httpd/uploads"
+
+<Directory "/opt/homebrew/opt/httpd/uploads">
+    Dav On
+
+    AuthType Digest
+    AuthName DAV-upload
+    # You can use the htdigest program to create the password database:
+    #   htdigest -c "/opt/homebrew/opt/httpd/user.passwd" DAV-upload admin
+    AuthUserFile "/opt/homebrew/opt/httpd/user.passwd"
+    AuthDigestProvider file
+
+    # Allow universal read-access, but writes are restricted
+    # to the admin user.
+    <RequireAny>
+        Require method GET POST OPTIONS
+        Require user admin
+    </RequireAny>
+</Directory>
+
+#
+# The following directives disable redirects on non-GET requests for
+# a directory that does not include the trailing slash.  This fixes a 
+# problem with several clients that do not appropriately handle 
+# redirects for folders with DAV methods.
+#
+BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
+BrowserMatch "MS FrontPage" redirect-carefully
+BrowserMatch "^WebDrive" redirect-carefully
+BrowserMatch "^WebDAVFS/1.[01234]" redirect-carefully
+BrowserMatch "^gnome-vfs/1.0" redirect-carefully
+BrowserMatch "^XML Spy" redirect-carefully
+BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
+BrowserMatch " Konqueror/4" redirect-carefully
diff --git a/etc/httpd/original/extra/httpd-default.conf b/etc/httpd/original/extra/httpd-default.conf
new file mode 100644
index 00000000..71969228
--- /dev/null
+++ b/etc/httpd/original/extra/httpd-default.conf
@@ -0,0 +1,90 @@
+#
+# This configuration file reflects default settings for Apache HTTP Server.
+#
+# You may change these, but chances are that you may not need to.
+#
+
+#
+# Timeout: The number of seconds before receives and sends time out.
+#
+Timeout 60
+
+#
+# KeepAlive: Whether or not to allow persistent connections (more than
+# one request per connection). Set to "Off" to deactivate.
+#
+KeepAlive On
+
+#
+# MaxKeepAliveRequests: The maximum number of requests to allow
+# during a persistent connection. Set to 0 to allow an unlimited amount.
+# We recommend you leave this number high, for maximum performance.
+#
+MaxKeepAliveRequests 100
+
+#
+# KeepAliveTimeout: Number of seconds to wait for the next request from the
+# same client on the same connection.
+#
+KeepAliveTimeout 5
+
+#
+# UseCanonicalName: Determines how Apache constructs self-referencing 
+# URLs and the SERVER_NAME and SERVER_PORT variables.
+# When set "Off", Apache will use the Hostname and Port supplied
+# by the client.  When set "On", Apache will use the value of the
+# ServerName directive.
+#
+UseCanonicalName Off
+
+#
+# AccessFileName: The name of the file to look for in each directory
+# for additional configuration directives.  See also the AllowOverride 
+# directive.
+#
+AccessFileName .htaccess
+
+#
+# ServerTokens
+# This directive configures what you return as the Server HTTP response
+# Header. The default is 'Full' which sends information about the OS-Type
+# and compiled in modules.
+# Set to one of:  Full | OS | Minor | Minimal | Major | Prod
+# where Full conveys the most information, and Prod the least.
+#
+ServerTokens Full
+
+#
+# Optionally add a line containing the server version and virtual host
+# name to server-generated pages (internal error documents, FTP directory 
+# listings, mod_status and mod_info output etc., but not CGI generated 
+# documents or custom error documents).
+# Set to "EMail" to also include a mailto: link to the ServerAdmin.
+# Set to one of:  On | Off | EMail
+#
+ServerSignature Off
+
+#
+# HostnameLookups: Log the names of clients or just their IP addresses
+# e.g., www.apache.org (on) or 204.62.129.132 (off).
+# The default is off because it'd be overall better for the net if people
+# had to knowingly turn this feature on, since enabling it means that
+# each client request will result in AT LEAST one lookup request to the
+# nameserver.
+#
+HostnameLookups Off
+
+#
+# Set a timeout for how long the client may take to send the request header
+# and body.
+# The default for the headers is header=20-40,MinRate=500, which means wait
+# for the first byte of headers for 20 seconds. If some data arrives,
+# increase the timeout corresponding to a data rate of 500 bytes/s, but not
+# above 40 seconds.
+# The default for the request body is body=20,MinRate=500, which is the same
+# but has no upper limit for the timeout.
+# To disable, set to header=0 body=0
+#
+<IfModule reqtimeout_module>
+  RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500
+</IfModule>
diff --git a/etc/httpd/original/extra/httpd-info.conf b/etc/httpd/original/extra/httpd-info.conf
new file mode 100644
index 00000000..5cfdf69b
--- /dev/null
+++ b/etc/httpd/original/extra/httpd-info.conf
@@ -0,0 +1,36 @@
+#
+# Get information about the requests being processed by the server
+# and the configuration of the server.
+#
+# Required modules: mod_authz_core, mod_authz_host,
+#                   mod_info (for the server-info handler),
+#                   mod_status (for the server-status handler)
+
+#
+# Allow server status reports generated by mod_status,
+# with the URL of http://servername/server-status
+# Change the ".example.com" to match your domain to enable.
+
+<Location /server-status>
+    SetHandler server-status
+    Require host .example.com
+    Require ip 127
+</Location>
+
+#
+# ExtendedStatus controls whether Apache will generate "full" status
+# information (ExtendedStatus On) or just basic information (ExtendedStatus
+# Off) when the "server-status" handler is called. The default is Off.
+#
+#ExtendedStatus On
+
+#
+# Allow remote server configuration reports, with the URL of
+#  http://servername/server-info (requires that mod_info.c be loaded).
+# Change the ".example.com" to match your domain to enable.
+#
+<Location /server-info>
+    SetHandler server-info
+    Require host .example.com
+    Require ip 127
+</Location>
diff --git a/etc/httpd/original/extra/httpd-languages.conf b/etc/httpd/original/extra/httpd-languages.conf
new file mode 100644
index 00000000..7f664614
--- /dev/null
+++ b/etc/httpd/original/extra/httpd-languages.conf
@@ -0,0 +1,141 @@
+#
+# Settings for hosting different languages.
+#
+# Required modules: mod_mime, mod_negotiation
+
+# DefaultLanguage and AddLanguage allows you to specify the language of 
+# a document. You can then use content negotiation to give a browser a 
+# file in a language the user can understand.
+#
+# Specify a default language. This means that all data
+# going out without a specific language tag (see below) will 
+# be marked with this one. You probably do NOT want to set
+# this unless you are sure it is correct for all cases.
+#
+# * It is generally better to not mark a page as 
+# * being a certain language than marking it with the wrong
+# * language!
+#
+# DefaultLanguage nl
+#
+# Note 1: The suffix does not have to be the same as the language
+# keyword --- those with documents in Polish (whose net-standard
+# language code is pl) may wish to use "AddLanguage pl .po" to
+# avoid the ambiguity with the common suffix for perl scripts.
+#
+# Note 2: The example entries below illustrate that in some cases 
+# the two character 'Language' abbreviation is not identical to 
+# the two character 'Country' code for its country,
+# E.g. 'Danmark/dk' versus 'Danish/da'.
+#
+# Note 3: In the case of 'ltz' we violate the RFC by using a three char
+# specifier. There is 'work in progress' to fix this and get
+# the reference data for rfc1766 cleaned up.
+#
+# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
+# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
+# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
+# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
+# Norwegian (no) - Polish (pl) - Portugese (pt)
+# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
+# Turkish (tr) - Simplified Chinese (zh-CN) - Spanish (es)
+# Traditional Chinese (zh-TW)
+#
+AddLanguage ca .ca
+AddLanguage cs .cz .cs
+AddLanguage da .dk
+AddLanguage de .de
+AddLanguage el .el
+AddLanguage en .en
+AddLanguage eo .eo
+AddLanguage es .es
+AddLanguage et .et
+AddLanguage fr .fr
+AddLanguage he .he
+AddLanguage hr .hr
+AddLanguage it .it
+AddLanguage ja .ja
+AddLanguage ko .ko
+AddLanguage ltz .ltz
+AddLanguage nl .nl
+AddLanguage nn .nn
+AddLanguage no .no
+AddLanguage pl .po
+AddLanguage pt .pt
+AddLanguage pt-BR .pt-br
+AddLanguage ru .ru
+AddLanguage sv .sv
+AddLanguage tr .tr
+AddLanguage zh-CN .zh-cn
+AddLanguage zh-TW .zh-tw
+
+# LanguagePriority allows you to give precedence to some languages
+# in case of a tie during content negotiation.
+#
+# Just list the languages in decreasing order of preference. We have
+# more or less alphabetized them here. You probably want to change this.
+#
+LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW
+
+#
+# ForceLanguagePriority allows you to serve a result page rather than
+# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
+# [in case no accepted languages matched the available variants]
+#
+ForceLanguagePriority Prefer Fallback
+
+#
+# Commonly used filename extensions to character sets. You probably
+# want to avoid clashes with the language extensions, unless you
+# are good at carefully testing your setup after each change.
+# See http://www.iana.org/assignments/character-sets for the
+# official list of charset names and their respective RFCs.
+#
+AddCharset us-ascii.ascii .us-ascii
+AddCharset ISO-8859-1  .iso8859-1  .latin1
+AddCharset ISO-8859-2  .iso8859-2  .latin2 .cen
+AddCharset ISO-8859-3  .iso8859-3  .latin3
+AddCharset ISO-8859-4  .iso8859-4  .latin4
+AddCharset ISO-8859-5  .iso8859-5  .cyr .iso-ru
+AddCharset ISO-8859-6  .iso8859-6  .arb .arabic
+AddCharset ISO-8859-7  .iso8859-7  .grk .greek
+AddCharset ISO-8859-8  .iso8859-8  .heb .hebrew
+AddCharset ISO-8859-9  .iso8859-9  .latin5 .trk
+AddCharset ISO-8859-10  .iso8859-10  .latin6
+AddCharset ISO-8859-13  .iso8859-13
+AddCharset ISO-8859-14  .iso8859-14  .latin8
+AddCharset ISO-8859-15  .iso8859-15  .latin9
+AddCharset ISO-8859-16  .iso8859-16  .latin10
+AddCharset ISO-2022-JP .iso2022-jp .jis
+AddCharset ISO-2022-KR .iso2022-kr .kis
+AddCharset ISO-2022-CN .iso2022-cn .cis
+AddCharset Big5.Big5   .big5 .b5
+AddCharset cn-Big5 .cn-big5
+# For russian, more than one charset is used (depends on client, mostly):
+AddCharset WINDOWS-1251 .cp-1251   .win-1251
+AddCharset CP866   .cp866
+AddCharset KOI8  .koi8
+AddCharset KOI8-E  .koi8-e
+AddCharset KOI8-r  .koi8-r .koi8-ru
+AddCharset KOI8-U  .koi8-u
+AddCharset KOI8-ru .koi8-uk .ua
+AddCharset ISO-10646-UCS-2 .ucs2
+AddCharset ISO-10646-UCS-4 .ucs4
+AddCharset UTF-7   .utf7
+AddCharset UTF-8   .utf8
+AddCharset UTF-16  .utf16
+AddCharset UTF-16BE .utf16be
+AddCharset UTF-16LE .utf16le
+AddCharset UTF-32  .utf32
+AddCharset UTF-32BE .utf32be
+AddCharset UTF-32LE .utf32le
+AddCharset euc-cn  .euc-cn
+AddCharset euc-gb  .euc-gb
+AddCharset euc-jp  .euc-jp
+AddCharset euc-kr  .euc-kr
+#Not sure how euc-tw got in - IANA doesn't list it???
+AddCharset EUC-TW  .euc-tw
+AddCharset gb2312  .gb2312 .gb
+AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2
+AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4
+AddCharset shift_jis   .shift_jis .sjis
diff --git a/etc/httpd/original/extra/httpd-manual.conf b/etc/httpd/original/extra/httpd-manual.conf
new file mode 100644
index 00000000..961e370e
--- /dev/null
+++ b/etc/httpd/original/extra/httpd-manual.conf
@@ -0,0 +1,38 @@
+#
+# Provide access to the documentation on your server as
+#  http://yourserver.example.com/manual/
+# The documentation is always available at
+#  http://httpd.apache.org/docs/2.4/
+#
+# Required modules: mod_alias, mod_authz_core, mod_authz_host,
+#                   mod_setenvif, mod_negotiation
+#
+
+AliasMatch ^/manual(?:/(?:da|de|en|es|fr|ja|ko|pt-br|ru|tr|zh-cn))?(/.*)?$ "/opt/homebrew/Cellar/httpd/2.4.51/share/httpd/manual$1"
+
+<Directory "/opt/homebrew/Cellar/httpd/2.4.51/share/httpd/manual">
+    Options Indexes
+    AllowOverride None
+    Require all granted
+
+    <Files *.html>
+        SetHandler type-map
+    </Files>
+
+    # .tr is text/troff in mime.types!
+    RemoveType tr
+
+    # Traditionally, used .dk filename extension for da language
+    AddLanguage da .da
+
+    SetEnvIf Request_URI ^/manual/(da|de|en|es|fr|ja|ko|pt-br|ru|tr|zh-cn)/ prefer-language=$1
+    RedirectMatch 301 ^/manual(?:/(da|de|en|es|fr|ja|ko|pt-br|ru|tr|zh-cn)){2,}(/.*)?$ /manual/$1$2
+
+    # Reflect the greatest effort in translation (most content available),
+    # inferring greater attention to detail (potentially false assumption,
+    # counting translations presently in-sync would be more helpful.)
+    # Use caution counting; safest pattern is '*.xml.XX'. Recent .xml source
+    # document count: 266 214 110 94 82 25 22    18     4  1  1
+    LanguagePriority   en  fr  ko ja tr es de zh-cn pt-br da ru
+    ForceLanguagePriority Prefer Fallback
+</Directory>
diff --git a/etc/httpd/original/extra/httpd-mpm.conf b/etc/httpd/original/extra/httpd-mpm.conf
new file mode 100644
index 00000000..0c79c069
--- /dev/null
+++ b/etc/httpd/original/extra/httpd-mpm.conf
@@ -0,0 +1,119 @@
+#
+# Server-Pool Management (MPM specific)
+# 
+
+#
+# PidFile: The file in which the server should record its process
+# identification number when it starts.
+#
+# Note that this is the default PidFile for most MPMs.
+#
+<IfModule !mpm_netware_module>
+    PidFile "/opt/homebrew/var/run/httpd/httpd.pid"
+</IfModule>
+
+#
+# Only one of the below sections will be relevant on your
+# installed httpd.  Use "apachectl -l" to find out the
+# active mpm.
+#
+
+# prefork MPM
+# StartServers: number of server processes to start
+# MinSpareServers: minimum number of server processes which are kept spare
+# MaxSpareServers: maximum number of server processes which are kept spare
+# MaxRequestWorkers: maximum number of server processes allowed to start
+# MaxConnectionsPerChild: maximum number of connections a server process serves
+#                         before terminating
+<IfModule mpm_prefork_module>
+    StartServers             5
+    MinSpareServers          5
+    MaxSpareServers         10
+    MaxRequestWorkers      250
+    MaxConnectionsPerChild   0
+</IfModule>
+
+# worker MPM
+# StartServers: initial number of server processes to start
+# MinSpareThreads: minimum number of worker threads which are kept spare
+# MaxSpareThreads: maximum number of worker threads which are kept spare
+# ThreadsPerChild: constant number of worker threads in each server process
+# MaxRequestWorkers: maximum number of worker threads
+# MaxConnectionsPerChild: maximum number of connections a server process serves
+#                         before terminating
+<IfModule mpm_worker_module>
+    StartServers             3
+    MinSpareThreads         75
+    MaxSpareThreads        250 
+    ThreadsPerChild         25
+    MaxRequestWorkers      400
+    MaxConnectionsPerChild   0
+</IfModule>
+
+# event MPM
+# StartServers: initial number of server processes to start
+# MinSpareThreads: minimum number of worker threads which are kept spare
+# MaxSpareThreads: maximum number of worker threads which are kept spare
+# ThreadsPerChild: constant number of worker threads in each server process
+# MaxRequestWorkers: maximum number of worker threads
+# MaxConnectionsPerChild: maximum number of connections a server process serves
+#                         before terminating
+<IfModule mpm_event_module>
+    StartServers             3
+    MinSpareThreads         75
+    MaxSpareThreads        250
+    ThreadsPerChild         25
+    MaxRequestWorkers      400
+    MaxConnectionsPerChild   0
+</IfModule>
+
+# NetWare MPM
+# ThreadStackSize: Stack size allocated for each worker thread
+# StartThreads: Number of worker threads launched at server startup
+# MinSpareThreads: Minimum number of idle threads, to handle request spikes
+# MaxSpareThreads: Maximum number of idle threads
+# MaxThreads: Maximum number of worker threads alive at the same time
+# MaxConnectionsPerChild: Maximum  number of connections a thread serves. It
+#                         is recommended that the default value of 0 be set
+#                         for this directive on NetWare.  This will allow the
+#                         thread to continue to service requests indefinitely.
+<IfModule mpm_netware_module>
+    ThreadStackSize      65536
+    StartThreads           250
+    MinSpareThreads         25
+    MaxSpareThreads        250
+    MaxThreads            1000
+    MaxConnectionsPerChild   0
+</IfModule>
+
+# OS/2 MPM
+# StartServers: Number of server processes to maintain
+# MinSpareThreads: Minimum number of idle threads per process, 
+#                  to handle request spikes
+# MaxSpareThreads: Maximum number of idle threads per process
+# MaxConnectionsPerChild: Maximum number of connections per server process
+<IfModule mpm_mpmt_os2_module>
+    StartServers             2
+    MinSpareThreads          5
+    MaxSpareThreads         10
+    MaxConnectionsPerChild   0
+</IfModule>
+
+# WinNT MPM
+# ThreadsPerChild: constant number of worker threads in the server process
+# MaxConnectionsPerChild: maximum number of connections a server process serves
+<IfModule mpm_winnt_module>
+    ThreadsPerChild        150
+    MaxConnectionsPerChild   0
+</IfModule>
+
+# The maximum number of free Kbytes that every allocator is allowed
+# to hold without calling free(). In threaded MPMs, every thread has its own
+# allocator. When not set, or when set to zero, the threshold will be set to
+# unlimited.
+<IfModule !mpm_netware_module>
+    MaxMemFree            2048
+</IfModule>
+<IfModule mpm_netware_module>
+    MaxMemFree             100
+</IfModule>
diff --git a/etc/httpd/original/extra/httpd-multilang-errordoc.conf b/etc/httpd/original/extra/httpd-multilang-errordoc.conf
new file mode 100644
index 00000000..2ba71a48
--- /dev/null
+++ b/etc/httpd/original/extra/httpd-multilang-errordoc.conf
@@ -0,0 +1,52 @@
+#
+# The configuration below implements multi-language error documents through
+# content-negotiation.
+#
+# Required modules: mod_alias, mod_authz_core, mod_authz_host,
+#                   mod_include, mod_negotiation
+#
+# We use Alias to redirect any /error/HTTP_<error>.html.var response to
+# our collection of by-error message multi-language collections.  We use 
+# includes to substitute the appropriate text.
+#
+# You can modify the messages' appearance without changing any of the
+# default HTTP_<error>.html.var files by adding the line:
+#
+#   Alias /error/include/ "/your/include/path/"
+#
+# which allows you to create your own set of files by starting with the
+# /opt/homebrew/opt/httpd/share/httpd/error/include/ files and copying them to /your/include/path/, 
+# even on a per-VirtualHost basis.  The default include files will display
+# your Apache version number and your ServerAdmin email address regardless
+# of the setting of ServerSignature.
+
+Alias /error/ "/opt/homebrew/opt/httpd/share/httpd/error/"
+
+<Directory "/opt/homebrew/opt/httpd/share/httpd/error">
+    AllowOverride None
+    Options IncludesNoExec
+    AddOutputFilter Includes html
+    AddHandler type-map var
+    Require all granted
+    LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr
+    ForceLanguagePriority Prefer Fallback
+</Directory>
+
+ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
+ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
+ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
+ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
+ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
+ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
+ErrorDocument 410 /error/HTTP_GONE.html.var
+ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
+ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
+ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
+ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
+ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
+ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
+ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
+ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
+ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
+ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
+
diff --git a/etc/httpd/original/extra/httpd-ssl.conf b/etc/httpd/original/extra/httpd-ssl.conf
new file mode 100644
index 00000000..60d1363c
--- /dev/null
+++ b/etc/httpd/original/extra/httpd-ssl.conf
@@ -0,0 +1,290 @@
+#
+# This is the Apache server configuration file providing SSL support.
+# It contains the configuration directives to instruct the server how to
+# serve pages over an https connection. For detailed information about these 
+# directives see <URL:http://httpd.apache.org/docs/2.4/mod/mod_ssl.html>
+# 
+# Do NOT simply read the instructions in here without understanding
+# what they do.  They're here only as hints or reminders.  If you are unsure
+# consult the online docs. You have been warned.  
+#
+# Required modules: mod_log_config, mod_setenvif, mod_ssl,
+#          socache_shmcb_module (for default value of SSLSessionCache)
+
+#
+# Pseudo Random Number Generator (PRNG):
+# Configure one or more sources to seed the PRNG of the SSL library.
+# The seed data should be of good random quality.
+# WARNING! On some platforms /dev/random blocks if not enough entropy
+# is available. This means you then cannot use the /dev/random device
+# because it would lead to very long connection times (as long as
+# it requires to make more entropy available). But usually those
+# platforms additionally provide a /dev/urandom device which doesn't
+# block. So, if available, use this one instead. Read the mod_ssl User
+# Manual for more details.
+#
+#SSLRandomSeed startup file:/dev/random  512
+#SSLRandomSeed startup file:/dev/urandom 512
+#SSLRandomSeed connect file:/dev/random  512
+#SSLRandomSeed connect file:/dev/urandom 512
+
+
+#
+# When we also provide SSL we have to listen to the 
+# standard HTTP port (see above) and to the HTTPS port
+#
+Listen 8443
+
+##
+##  SSL Global Context
+##
+##  All SSL configuration in this context applies both to
+##  the main server and all SSL-enabled virtual hosts.
+##
+
+#   SSL Cipher Suite:
+#   List the ciphers that the client is permitted to negotiate,
+#   and that httpd will negotiate as the client of a proxied server.
+#   See the OpenSSL documentation for a complete list of ciphers, and
+#   ensure these follow appropriate best practices for this deployment.
+#   httpd 2.2.30, 2.4.13 and later force-disable aNULL, eNULL and EXP ciphers,
+#   while OpenSSL disabled these by default in 0.9.8zf/1.0.0r/1.0.1m/1.0.2a.
+SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
+SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
+
+#  By the end of 2016, only TLSv1.2 ciphers should remain in use.
+#  Older ciphers should be disallowed as soon as possible, while the
+#  kRSA ciphers do not offer forward secrecy.  These changes inhibit
+#  older clients (such as IE6 SP2 or IE8 on Windows XP, or other legacy
+#  non-browser tooling) from successfully connecting.  
+#
+#  To restrict mod_ssl to use only TLSv1.2 ciphers, and disable
+#  those protocols which do not support forward secrecy, replace
+#  the SSLCipherSuite and SSLProxyCipherSuite directives above with
+#  the following two directives, as soon as practical.
+# SSLCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA
+# SSLProxyCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA
+
+#   User agents such as web browsers are not configured for the user's
+#   own preference of either security or performance, therefore this
+#   must be the prerogative of the web server administrator who manages
+#   cpu load versus confidentiality, so enforce the server's cipher order.
+SSLHonorCipherOrder on 
+
+#   SSL Protocol support:
+#   List the protocol versions which clients are allowed to connect with.
+#   Disable SSLv3 by default (cf. RFC 7525 3.1.1).  TLSv1 (1.0) should be
+#   disabled as quickly as practical.  By the end of 2016, only the TLSv1.2
+#   protocol or later should remain in use.
+SSLProtocol all -SSLv3
+SSLProxyProtocol all -SSLv3
+
+#   Pass Phrase Dialog:
+#   Configure the pass phrase gathering process.
+#   The filtering dialog program (`builtin' is an internal
+#   terminal dialog) has to provide the pass phrase on stdout.
+SSLPassPhraseDialog  builtin
+
+#   Inter-Process Session Cache:
+#   Configure the SSL Session Cache: First the mechanism 
+#   to use and second the expiring timeout (in seconds).
+#SSLSessionCache         "dbm:/opt/homebrew/var/run/httpd/ssl_scache"
+SSLSessionCache        "shmcb:/opt/homebrew/var/run/httpd/ssl_scache(512000)"
+SSLSessionCacheTimeout  300
+
+#   OCSP Stapling (requires OpenSSL 0.9.8h or later)
+#
+#   This feature is disabled by default and requires at least
+#   the two directives SSLUseStapling and SSLStaplingCache.
+#   Refer to the documentation on OCSP Stapling in the SSL/TLS
+#   How-To for more information.
+#
+#   Enable stapling for all SSL-enabled servers:
+#SSLUseStapling On
+
+#   Define a relatively small cache for OCSP Stapling using
+#   the same mechanism that is used for the SSL session cache
+#   above.  If stapling is used with more than a few certificates,
+#   the size may need to be increased.  (AH01929 will be logged.)
+#SSLStaplingCache "shmcb:/opt/homebrew/var/run/httpd/ssl_stapling(32768)"
+
+#   Seconds before valid OCSP responses are expired from the cache
+#SSLStaplingStandardCacheTimeout 3600
+
+#   Seconds before invalid OCSP responses are expired from the cache
+#SSLStaplingErrorCacheTimeout 600
+
+##
+## SSL Virtual Host Context
+##
+
+<VirtualHost _default_:8443>
+
+#   General setup for the virtual host
+DocumentRoot "/opt/homebrew/var/www"
+ServerName www.example.com:8443
+ServerAdmin you@example.com
+ErrorLog "/opt/homebrew/var/log/httpd/error_log"
+TransferLog "/opt/homebrew/var/log/httpd/access_log"
+
+#   SSL Engine Switch:
+#   Enable/Disable SSL for this virtual host.
+SSLEngine on
+
+#   Server Certificate:
+#   Point SSLCertificateFile at a PEM encoded certificate.  If
+#   the certificate is encrypted, then you will be prompted for a
+#   pass phrase.  Note that a kill -HUP will prompt again.  Keep
+#   in mind that if you have both an RSA and a DSA certificate you
+#   can configure both in parallel (to also allow the use of DSA
+#   ciphers, etc.)
+#   Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt)
+#   require an ECC certificate which can also be configured in
+#   parallel.
+SSLCertificateFile "/opt/homebrew/etc/httpd/server.crt"
+#SSLCertificateFile "/opt/homebrew/etc/httpd/server-dsa.crt"
+#SSLCertificateFile "/opt/homebrew/etc/httpd/server-ecc.crt"
+
+#   Server Private Key:
+#   If the key is not combined with the certificate, use this
+#   directive to point at the key file.  Keep in mind that if
+#   you've both a RSA and a DSA private key you can configure
+#   both in parallel (to also allow the use of DSA ciphers, etc.)
+#   ECC keys, when in use, can also be configured in parallel
+SSLCertificateKeyFile "/opt/homebrew/etc/httpd/server.key"
+#SSLCertificateKeyFile "/opt/homebrew/etc/httpd/server-dsa.key"
+#SSLCertificateKeyFile "/opt/homebrew/etc/httpd/server-ecc.key"
+
+#   Server Certificate Chain:
+#   Point SSLCertificateChainFile at a file containing the
+#   concatenation of PEM encoded CA certificates which form the
+#   certificate chain for the server certificate. Alternatively
+#   the referenced file can be the same as SSLCertificateFile
+#   when the CA certificates are directly appended to the server
+#   certificate for convenience.
+#SSLCertificateChainFile "/opt/homebrew/etc/httpd/server-ca.crt"
+
+#   Certificate Authority (CA):
+#   Set the CA certificate verification path where to find CA
+#   certificates for client authentication or alternatively one
+#   huge file containing all of them (file must be PEM encoded)
+#   Note: Inside SSLCACertificatePath you need hash symlinks
+#         to point to the certificate files. Use the provided
+#         Makefile to update the hash symlinks after changes.
+#SSLCACertificatePath "/opt/homebrew/etc/httpd/ssl.crt"
+#SSLCACertificateFile "/opt/homebrew/etc/httpd/ssl.crt/ca-bundle.crt"
+
+#   Certificate Revocation Lists (CRL):
+#   Set the CA revocation path where to find CA CRLs for client
+#   authentication or alternatively one huge file containing all
+#   of them (file must be PEM encoded).
+#   The CRL checking mode needs to be configured explicitly
+#   through SSLCARevocationCheck (defaults to "none" otherwise).
+#   Note: Inside SSLCARevocationPath you need hash symlinks
+#         to point to the certificate files. Use the provided
+#         Makefile to update the hash symlinks after changes.
+#SSLCARevocationPath "/opt/homebrew/etc/httpd/ssl.crl"
+#SSLCARevocationFile "/opt/homebrew/etc/httpd/ssl.crl/ca-bundle.crl"
+#SSLCARevocationCheck chain
+
+#   Client Authentication (Type):
+#   Client certificate verification type and depth.  Types are
+#   none, optional, require and optional_no_ca.  Depth is a
+#   number which specifies how deeply to verify the certificate
+#   issuer chain before deciding the certificate is not valid.
+#SSLVerifyClient require
+#SSLVerifyDepth  10
+
+#   TLS-SRP mutual authentication:
+#   Enable TLS-SRP and set the path to the OpenSSL SRP verifier
+#   file (containing login information for SRP user accounts). 
+#   Requires OpenSSL 1.0.1 or newer. See the mod_ssl FAQ for
+#   detailed instructions on creating this file. Example:
+#   "openssl srp -srpvfile /opt/homebrew/etc/httpd/passwd.srpv -add username"
+#SSLSRPVerifierFile "/opt/homebrew/etc/httpd/passwd.srpv"
+
+#   Access Control:
+#   With SSLRequire you can do per-directory access control based
+#   on arbitrary complex boolean expressions containing server
+#   variable checks and other lookup directives.  The syntax is a
+#   mixture between C and Perl.  See the mod_ssl documentation
+#   for more details.
+#<Location />
+#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
+#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+#</Location>
+
+#   SSL Engine Options:
+#   Set various options for the SSL engine.
+#   o FakeBasicAuth:
+#     Translate the client X.509 into a Basic Authorisation.  This means that
+#     the standard Auth/DBMAuth methods can be used for access control.  The
+#     user name is the `one line' version of the client's X.509 certificate.
+#     Note that no password is obtained from the user. Every entry in the user
+#     file needs this password: `xxj31ZMTZzkVA'.
+#   o ExportCertData:
+#     This exports two additional environment variables: SSL_CLIENT_CERT and
+#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+#     server (always existing) and the client (only existing when client
+#     authentication is used). This can be used to import the certificates
+#     into CGI scripts.
+#   o StdEnvVars:
+#     This exports the standard SSL/TLS related `SSL_*' environment variables.
+#     Per default this exportation is switched off for performance reasons,
+#     because the extraction step is an expensive operation and is usually
+#     useless for serving static content. So one usually enables the
+#     exportation for CGI and SSI requests only.
+#   o StrictRequire:
+#     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
+#     under a "Satisfy any" situation, i.e. when it applies access is denied
+#     and no other module can change it.
+#   o OptRenegotiate:
+#     This enables optimized SSL connection renegotiation handling when SSL
+#     directives are used in per-directory context. 
+#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+<FilesMatch "\.(cgi|shtml|phtml|php)$">
+    SSLOptions +StdEnvVars
+</FilesMatch>
+<Directory "/opt/homebrew/var/www/cgi-bin">
+    SSLOptions +StdEnvVars
+</Directory>
+
+#   SSL Protocol Adjustments:
+#   The safe and default but still SSL/TLS standard compliant shutdown
+#   approach is that mod_ssl sends the close notify alert but doesn't wait for
+#   the close notify alert from client. When you need a different shutdown
+#   approach you can use one of the following variables:
+#   o ssl-unclean-shutdown:
+#     This forces an unclean shutdown when the connection is closed, i.e. no
+#     SSL close notify alert is sent or allowed to be received.  This violates
+#     the SSL/TLS standard but is needed for some brain-dead browsers. Use
+#     this when you receive I/O errors because of the standard approach where
+#     mod_ssl sends the close notify alert.
+#   o ssl-accurate-shutdown:
+#     This forces an accurate shutdown when the connection is closed, i.e. a
+#     SSL close notify alert is send and mod_ssl waits for the close notify
+#     alert of the client. This is 100% SSL/TLS standard compliant, but in
+#     practice often causes hanging connections with brain-dead browsers. Use
+#     this only for browsers where you know that their SSL implementation
+#     works correctly. 
+#   Notice: Most problems of broken clients are also related to the HTTP
+#   keep-alive facility, so you usually additionally want to disable
+#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
+#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
+#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+#   "force-response-1.0" for this.
+BrowserMatch "MSIE [2-5]" \
+         nokeepalive ssl-unclean-shutdown \
+         downgrade-1.0 force-response-1.0
+
+#   Per-Server Logging:
+#   The home of a custom SSL log file. Use this when you want a
+#   compact non-error SSL logfile on a virtual host basis.
+CustomLog "/opt/homebrew/var/log/httpd/ssl_request_log" \
+          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+</VirtualHost>                                  
diff --git a/etc/httpd/original/extra/httpd-userdir.conf b/etc/httpd/original/extra/httpd-userdir.conf
new file mode 100644
index 00000000..a744322c
--- /dev/null
+++ b/etc/httpd/original/extra/httpd-userdir.conf
@@ -0,0 +1,21 @@
+# Settings for user home directories
+#
+# Required module: mod_authz_core, mod_authz_host, mod_userdir
+
+#
+# UserDir: The name of the directory that is appended onto a user's home
+# directory if a ~user request is received.  Note that you must also set
+# the default access control for these directories, as in the example below.
+#
+UserDir public_html
+
+#
+# Control access to UserDir directories.  The following is an example
+# for a site where these directories are restricted to read-only.
+#
+<Directory "/home/*/public_html">
+    AllowOverride FileInfo AuthConfig Limit Indexes
+    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
+    Require method GET POST OPTIONS
+</Directory>
+
diff --git a/etc/httpd/original/extra/httpd-vhosts.conf b/etc/httpd/original/extra/httpd-vhosts.conf
new file mode 100644
index 00000000..5068bb67
--- /dev/null
+++ b/etc/httpd/original/extra/httpd-vhosts.conf
@@ -0,0 +1,41 @@
+# Virtual Hosts
+#
+# Required modules: mod_log_config
+
+# If you want to maintain multiple domains/hostnames on your
+# machine you can setup VirtualHost containers for them. Most configurations
+# use only name-based virtual hosts so the server doesn't need to worry about
+# IP addresses. This is indicated by the asterisks in the directives below.
+#
+# Please see the documentation at 
+# <URL:http://httpd.apache.org/docs/2.4/vhosts/>
+# for further details before you try to setup virtual hosts.
+#
+# You may use the command line option '-S' to verify your virtual host
+# configuration.
+
+#
+# VirtualHost example:
+# Almost any Apache directive may go into a VirtualHost container.
+# The first VirtualHost section is used for all requests that do not
+# match a ServerName or ServerAlias in any <VirtualHost> block.
+#
+<VirtualHost *:8080>
+    ServerAdmin webmaster@dummy-host.example.com
+    DocumentRoot "/opt/homebrew/opt/httpd/docs/dummy-host.example.com"
+    ServerName dummy-host.example.com
+    ServerAlias www.dummy-host.example.com
+    ErrorLog "/opt/homebrew/var/log/httpd/dummy-host.example.com-error_log"
+    CustomLog "/opt/homebrew/var/log/httpd/dummy-host.example.com-access_log" common
+</VirtualHost>
+
+<VirtualHost *:8080>
+    ServerAdmin webmaster@dummy-host2.example.com
+    DocumentRoot "/opt/homebrew/opt/httpd/docs/dummy-host2.example.com"
+    ServerName dummy-host2.example.com
+    ErrorLog "/opt/homebrew/var/log/httpd/dummy-host2.example.com-error_log"
+    CustomLog "/opt/homebrew/var/log/httpd/dummy-host2.example.com-access_log" common
+</VirtualHost>
+
+
+
diff --git a/etc/httpd/original/extra/proxy-html.conf b/etc/httpd/original/extra/proxy-html.conf
new file mode 100644
index 00000000..683a0911
--- /dev/null
+++ b/etc/httpd/original/extra/proxy-html.conf
@@ -0,0 +1,90 @@
+# Configuration example.
+#
+# For detailed information about these directives see
+# <URL:http://httpd.apache.org/docs/2.4/mod/mod_proxy_html.html>
+# and for mod_xml2enc see
+# <URL:http://httpd.apache.org/docs/2.4/mod/mod_xml2enc.html>
+#
+# First, to load the module with its prerequisites.  Note: mod_xml2enc
+# is not always necessary, but without it mod_proxy_html is likely to
+# mangle pages in encodings other than ASCII or Unicode (utf-8).
+#
+# For Unix-family systems:
+# LoadFile	/usr/lib/libxml2.so
+# LoadModule	proxy_html_module	modules/mod_proxy_html.so
+# LoadModule	xml2enc_module		modules/mod_xml2enc.so
+#
+# For Windows (I don't know if there's a standard path for the libraries)
+# LoadFile	C:/path/zlib.dll
+# LoadFile	C:/path/iconv.dll
+# LoadFile	C:/path/libxml2.dll
+# LoadModule	proxy_html_module	modules/mod_proxy_html.so
+# LoadModule	xml2enc_module		modules/mod_xml2enc.so
+# 
+# All knowledge of HTML links has been removed from the mod_proxy_html
+# code itself, and is instead read from httpd.conf (or included file)
+# at server startup.  So you MUST declare it.  This will normally be
+# at top level, but can also be used in a <Location>.
+#
+# Here's the declaration for W3C HTML 4.01 and XHTML 1.0
+
+ProxyHTMLLinks	a		href
+ProxyHTMLLinks	area		href
+ProxyHTMLLinks	link		href
+ProxyHTMLLinks	img		src longdesc usemap
+ProxyHTMLLinks	object		classid codebase data usemap
+ProxyHTMLLinks	q		cite
+ProxyHTMLLinks	blockquote	cite
+ProxyHTMLLinks	ins		cite
+ProxyHTMLLinks	del		cite
+ProxyHTMLLinks	form		action
+ProxyHTMLLinks	input		src usemap
+ProxyHTMLLinks	head		profile
+ProxyHTMLLinks	base		href
+ProxyHTMLLinks	script		src for
+
+# To support scripting events (with ProxyHTMLExtended On),
+# you'll need to declare them too.
+
+ProxyHTMLEvents	onclick ondblclick onmousedown onmouseup \
+		onmouseover onmousemove onmouseout onkeypress \
+		onkeydown onkeyup onfocus onblur onload \
+		onunload onsubmit onreset onselect onchange
+
+# If you need to support legacy (pre-1998, aka "transitional") HTML or XHTML,
+# you'll need to uncomment the following deprecated link attributes.
+# Note that these are enabled in earlier mod_proxy_html versions
+#
+# ProxyHTMLLinks	frame		src longdesc
+# ProxyHTMLLinks	iframe		src longdesc
+# ProxyHTMLLinks	body		background
+# ProxyHTMLLinks	applet		codebase
+#
+# If you're dealing with proprietary HTML variants,
+# declare your own URL attributes here as required.
+#
+# ProxyHTMLLinks	myelement	myattr otherattr
+#
+###########
+# EXAMPLE #
+###########
+#
+# To define the URL /my-gateway/ as a gateway to an appserver with address
+# http://some.app.intranet/ on a private network, after loading the
+# modules and including this configuration file:
+#
+# ProxyRequests Off  <-- this is an important security setting
+# ProxyPass /my-gateway/ http://some.app.intranet/
+# <Location /my-gateway/>
+#	ProxyPassReverse /
+#	ProxyHTMLEnable On
+#	ProxyHTMLURLMap http://some.app.intranet/ /my-gateway/
+#	ProxyHTMLURLMap / /my-gateway/
+# </Location>
+#
+# Many (though not all) real-life setups are more complex.
+#
+# See the documentation at
+# http://apache.webthing.com/mod_proxy_html/
+# and the tutorial at
+# http://www.apachetutor.org/admin/reverseproxies
diff --git a/etc/httpd/original/httpd.conf b/etc/httpd/original/httpd.conf
new file mode 100644
index 00000000..34c3e5db
--- /dev/null
+++ b/etc/httpd/original/httpd.conf
@@ -0,0 +1,533 @@
+#
+# This is the main Apache HTTP server configuration file.  It contains the
+# configuration directives that give the server its instructions.
+# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
+# In particular, see 
+# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
+# for a discussion of each configuration directive.
+#
+# Do NOT simply read the instructions in here without understanding
+# what they do.  They're here only as hints or reminders.  If you are unsure
+# consult the online docs. You have been warned.  
+#
+# Configuration and logfile names: If the filenames you specify for many
+# of the server's control files begin with "/" (or "drive:/" for Win32), the
+# server will use that explicit path.  If the filenames do *not* begin
+# with "/", the value of ServerRoot is prepended -- so "logs/access_log"
+# with ServerRoot set to "/usr/local/apache2" will be interpreted by the
+# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log" 
+# will be interpreted as '/logs/access_log'.
+
+#
+# ServerRoot: The top of the directory tree under which the server's
+# configuration, error, and log files are kept.
+#
+# Do not add a slash at the end of the directory path.  If you point
+# ServerRoot at a non-local disk, be sure to specify a local disk on the
+# Mutex directive, if file-based mutexes are used.  If you wish to share the
+# same ServerRoot for multiple httpd daemons, you will need to change at
+# least PidFile.
+#
+ServerRoot "/opt/homebrew/opt/httpd"
+
+#
+# Mutex: Allows you to set the mutex mechanism and mutex file directory
+# for individual mutexes, or change the global defaults
+#
+# Uncomment and change the directory if mutexes are file-based and the default
+# mutex file directory is not on a local disk or is not appropriate for some
+# other reason.
+#
+# Mutex default:/opt/homebrew/var/run/httpd
+
+#
+# Listen: Allows you to bind Apache to specific IP addresses and/or
+# ports, instead of the default. See also the <VirtualHost>
+# directive.
+#
+# Change this to Listen on specific IP addresses as shown below to 
+# prevent Apache from glomming onto all bound IP addresses.
+#
+#Listen 12.34.56.78:80
+Listen 8080
+
+#
+# Dynamic Shared Object (DSO) Support
+#
+# To be able to use the functionality of a module which was built as a DSO you
+# have to place corresponding `LoadModule' lines at this location so the
+# directives contained in it are actually available _before_ they are used.
+# Statically compiled modules (those listed by `httpd -l') do not need
+# to be loaded here.
+#
+# Example:
+# LoadModule foo_module modules/mod_foo.so
+#
+#LoadModule mpm_event_module lib/httpd/modules/mod_mpm_event.so
+LoadModule mpm_prefork_module lib/httpd/modules/mod_mpm_prefork.so
+#LoadModule mpm_worker_module lib/httpd/modules/mod_mpm_worker.so
+LoadModule authn_file_module lib/httpd/modules/mod_authn_file.so
+#LoadModule authn_dbm_module lib/httpd/modules/mod_authn_dbm.so
+#LoadModule authn_anon_module lib/httpd/modules/mod_authn_anon.so
+#LoadModule authn_dbd_module lib/httpd/modules/mod_authn_dbd.so
+#LoadModule authn_socache_module lib/httpd/modules/mod_authn_socache.so
+LoadModule authn_core_module lib/httpd/modules/mod_authn_core.so
+LoadModule authz_host_module lib/httpd/modules/mod_authz_host.so
+LoadModule authz_groupfile_module lib/httpd/modules/mod_authz_groupfile.so
+LoadModule authz_user_module lib/httpd/modules/mod_authz_user.so
+#LoadModule authz_dbm_module lib/httpd/modules/mod_authz_dbm.so
+#LoadModule authz_owner_module lib/httpd/modules/mod_authz_owner.so
+#LoadModule authz_dbd_module lib/httpd/modules/mod_authz_dbd.so
+LoadModule authz_core_module lib/httpd/modules/mod_authz_core.so
+#LoadModule authnz_fcgi_module lib/httpd/modules/mod_authnz_fcgi.so
+LoadModule access_compat_module lib/httpd/modules/mod_access_compat.so
+LoadModule auth_basic_module lib/httpd/modules/mod_auth_basic.so
+#LoadModule auth_form_module lib/httpd/modules/mod_auth_form.so
+#LoadModule auth_digest_module lib/httpd/modules/mod_auth_digest.so
+#LoadModule allowmethods_module lib/httpd/modules/mod_allowmethods.so
+#LoadModule file_cache_module lib/httpd/modules/mod_file_cache.so
+#LoadModule cache_module lib/httpd/modules/mod_cache.so
+#LoadModule cache_disk_module lib/httpd/modules/mod_cache_disk.so
+#LoadModule cache_socache_module lib/httpd/modules/mod_cache_socache.so
+#LoadModule socache_shmcb_module lib/httpd/modules/mod_socache_shmcb.so
+#LoadModule socache_dbm_module lib/httpd/modules/mod_socache_dbm.so
+#LoadModule socache_memcache_module lib/httpd/modules/mod_socache_memcache.so
+#LoadModule socache_redis_module lib/httpd/modules/mod_socache_redis.so
+#LoadModule watchdog_module lib/httpd/modules/mod_watchdog.so
+#LoadModule macro_module lib/httpd/modules/mod_macro.so
+#LoadModule dbd_module lib/httpd/modules/mod_dbd.so
+#LoadModule dumpio_module lib/httpd/modules/mod_dumpio.so
+#LoadModule echo_module lib/httpd/modules/mod_echo.so
+#LoadModule buffer_module lib/httpd/modules/mod_buffer.so
+#LoadModule data_module lib/httpd/modules/mod_data.so
+#LoadModule ratelimit_module lib/httpd/modules/mod_ratelimit.so
+LoadModule reqtimeout_module lib/httpd/modules/mod_reqtimeout.so
+#LoadModule ext_filter_module lib/httpd/modules/mod_ext_filter.so
+#LoadModule request_module lib/httpd/modules/mod_request.so
+#LoadModule include_module lib/httpd/modules/mod_include.so
+LoadModule filter_module lib/httpd/modules/mod_filter.so
+#LoadModule reflector_module lib/httpd/modules/mod_reflector.so
+#LoadModule substitute_module lib/httpd/modules/mod_substitute.so
+#LoadModule sed_module lib/httpd/modules/mod_sed.so
+#LoadModule charset_lite_module lib/httpd/modules/mod_charset_lite.so
+#LoadModule deflate_module lib/httpd/modules/mod_deflate.so
+#LoadModule xml2enc_module lib/httpd/modules/mod_xml2enc.so
+#LoadModule proxy_html_module lib/httpd/modules/mod_proxy_html.so
+#LoadModule brotli_module lib/httpd/modules/mod_brotli.so
+LoadModule mime_module lib/httpd/modules/mod_mime.so
+LoadModule log_config_module lib/httpd/modules/mod_log_config.so
+#LoadModule log_debug_module lib/httpd/modules/mod_log_debug.so
+#LoadModule log_forensic_module lib/httpd/modules/mod_log_forensic.so
+#LoadModule logio_module lib/httpd/modules/mod_logio.so
+LoadModule env_module lib/httpd/modules/mod_env.so
+#LoadModule mime_magic_module lib/httpd/modules/mod_mime_magic.so
+#LoadModule expires_module lib/httpd/modules/mod_expires.so
+LoadModule headers_module lib/httpd/modules/mod_headers.so
+#LoadModule usertrack_module lib/httpd/modules/mod_usertrack.so
+#LoadModule unique_id_module lib/httpd/modules/mod_unique_id.so
+LoadModule setenvif_module lib/httpd/modules/mod_setenvif.so
+LoadModule version_module lib/httpd/modules/mod_version.so
+#LoadModule remoteip_module lib/httpd/modules/mod_remoteip.so
+#LoadModule proxy_module lib/httpd/modules/mod_proxy.so
+#LoadModule proxy_connect_module lib/httpd/modules/mod_proxy_connect.so
+#LoadModule proxy_ftp_module lib/httpd/modules/mod_proxy_ftp.so
+#LoadModule proxy_http_module lib/httpd/modules/mod_proxy_http.so
+#LoadModule proxy_fcgi_module lib/httpd/modules/mod_proxy_fcgi.so
+#LoadModule proxy_scgi_module lib/httpd/modules/mod_proxy_scgi.so
+#LoadModule proxy_uwsgi_module lib/httpd/modules/mod_proxy_uwsgi.so
+#LoadModule proxy_fdpass_module lib/httpd/modules/mod_proxy_fdpass.so
+#LoadModule proxy_wstunnel_module lib/httpd/modules/mod_proxy_wstunnel.so
+#LoadModule proxy_ajp_module lib/httpd/modules/mod_proxy_ajp.so
+#LoadModule proxy_balancer_module lib/httpd/modules/mod_proxy_balancer.so
+#LoadModule proxy_express_module lib/httpd/modules/mod_proxy_express.so
+#LoadModule proxy_hcheck_module lib/httpd/modules/mod_proxy_hcheck.so
+#LoadModule session_module lib/httpd/modules/mod_session.so
+#LoadModule session_cookie_module lib/httpd/modules/mod_session_cookie.so
+#LoadModule session_crypto_module lib/httpd/modules/mod_session_crypto.so
+#LoadModule session_dbd_module lib/httpd/modules/mod_session_dbd.so
+#LoadModule slotmem_shm_module lib/httpd/modules/mod_slotmem_shm.so
+#LoadModule slotmem_plain_module lib/httpd/modules/mod_slotmem_plain.so
+#LoadModule ssl_module lib/httpd/modules/mod_ssl.so
+#LoadModule dialup_module lib/httpd/modules/mod_dialup.so
+#LoadModule http2_module lib/httpd/modules/mod_http2.so
+#LoadModule lbmethod_byrequests_module lib/httpd/modules/mod_lbmethod_byrequests.so
+#LoadModule lbmethod_bytraffic_module lib/httpd/modules/mod_lbmethod_bytraffic.so
+#LoadModule lbmethod_bybusyness_module lib/httpd/modules/mod_lbmethod_bybusyness.so
+#LoadModule lbmethod_heartbeat_module lib/httpd/modules/mod_lbmethod_heartbeat.so
+LoadModule unixd_module lib/httpd/modules/mod_unixd.so
+#LoadModule heartbeat_module lib/httpd/modules/mod_heartbeat.so
+#LoadModule heartmonitor_module lib/httpd/modules/mod_heartmonitor.so
+#LoadModule dav_module lib/httpd/modules/mod_dav.so
+LoadModule status_module lib/httpd/modules/mod_status.so
+LoadModule autoindex_module lib/httpd/modules/mod_autoindex.so
+#LoadModule asis_module lib/httpd/modules/mod_asis.so
+#LoadModule info_module lib/httpd/modules/mod_info.so
+#LoadModule suexec_module lib/httpd/modules/mod_suexec.so
+<IfModule !mpm_prefork_module>
+	#LoadModule cgid_module lib/httpd/modules/mod_cgid.so
+</IfModule>
+<IfModule mpm_prefork_module>
+	#LoadModule cgi_module lib/httpd/modules/mod_cgi.so
+</IfModule>
+#LoadModule dav_fs_module lib/httpd/modules/mod_dav_fs.so
+#LoadModule dav_lock_module lib/httpd/modules/mod_dav_lock.so
+#LoadModule vhost_alias_module lib/httpd/modules/mod_vhost_alias.so
+#LoadModule negotiation_module lib/httpd/modules/mod_negotiation.so
+LoadModule dir_module lib/httpd/modules/mod_dir.so
+#LoadModule actions_module lib/httpd/modules/mod_actions.so
+#LoadModule speling_module lib/httpd/modules/mod_speling.so
+#LoadModule userdir_module lib/httpd/modules/mod_userdir.so
+LoadModule alias_module lib/httpd/modules/mod_alias.so
+#LoadModule rewrite_module lib/httpd/modules/mod_rewrite.so
+
+<IfModule unixd_module>
+#
+# If you wish httpd to run as a different user or group, you must run
+# httpd as root initially and it will switch.  
+#
+# User/Group: The name (or #number) of the user/group to run httpd as.
+# It is usually good practice to create a dedicated user and group for
+# running httpd, as with most system services.
+#
+User _www
+Group _www
+
+</IfModule>
+
+# 'Main' server configuration
+#
+# The directives in this section set up the values used by the 'main'
+# server, which responds to any requests that aren't handled by a
+# <VirtualHost> definition.  These values also provide defaults for
+# any <VirtualHost> containers you may define later in the file.
+#
+# All of these directives may appear inside <VirtualHost> containers,
+# in which case these default settings will be overridden for the
+# virtual host being defined.
+#
+
+#
+# ServerAdmin: Your address, where problems with the server should be
+# e-mailed.  This address appears on some server-generated pages, such
+# as error documents.  e.g. admin@your-domain.com
+#
+ServerAdmin you@example.com
+
+#
+# ServerName gives the name and port that the server uses to identify itself.
+# This can often be determined automatically, but we recommend you specify
+# it explicitly to prevent problems during startup.
+#
+# If your host doesn't have a registered DNS name, enter its IP address here.
+#
+#ServerName www.example.com:8080
+
+#
+# Deny access to the entirety of your server's filesystem. You must
+# explicitly permit access to web content directories in other 
+# <Directory> blocks below.
+#
+<Directory />
+    AllowOverride none
+    Require all denied
+</Directory>
+
+#
+# Note that from this point forward you must specifically allow
+# particular features to be enabled - so if something's not working as
+# you might expect, make sure that you have specifically enabled it
+# below.
+#
+
+#
+# DocumentRoot: The directory out of which you will serve your
+# documents. By default, all requests are taken from this directory, but
+# symbolic links and aliases may be used to point to other locations.
+#
+DocumentRoot "/opt/homebrew/var/www"
+<Directory "/opt/homebrew/var/www">
+    #
+    # Possible values for the Options directive are "None", "All",
+    # or any combination of:
+    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
+    #
+    # Note that "MultiViews" must be named *explicitly* --- "Options All"
+    # doesn't give it to you.
+    #
+    # The Options directive is both complicated and important.  Please see
+    # http://httpd.apache.org/docs/2.4/mod/core.html#options
+    # for more information.
+    #
+    Options Indexes FollowSymLinks
+
+    #
+    # AllowOverride controls what directives may be placed in .htaccess files.
+    # It can be "All", "None", or any combination of the keywords:
+    #   AllowOverride FileInfo AuthConfig Limit
+    #
+    AllowOverride None
+
+    #
+    # Controls who can get stuff from this server.
+    #
+    Require all granted
+</Directory>
+
+#
+# DirectoryIndex: sets the file that Apache will serve if a directory
+# is requested.
+#
+<IfModule dir_module>
+    DirectoryIndex index.html
+</IfModule>
+
+#
+# The following lines prevent .htaccess and .htpasswd files from being 
+# viewed by Web clients. 
+#
+<Files ".ht*">
+    Require all denied
+</Files>
+
+#
+# ErrorLog: The location of the error log file.
+# If you do not specify an ErrorLog directive within a <VirtualHost>
+# container, error messages relating to that virtual host will be
+# logged here.  If you *do* define an error logfile for a <VirtualHost>
+# container, that host's errors will be logged there and not here.
+#
+ErrorLog "/opt/homebrew/var/log/httpd/error_log"
+
+#
+# LogLevel: Control the number of messages logged to the error_log.
+# Possible values include: debug, info, notice, warn, error, crit,
+# alert, emerg.
+#
+LogLevel warn
+
+<IfModule log_config_module>
+    #
+    # The following directives define some format nicknames for use with
+    # a CustomLog directive (see below).
+    #
+    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+    LogFormat "%h %l %u %t \"%r\" %>s %b" common
+
+    <IfModule logio_module>
+      # You need to enable mod_logio.c to use %I and %O
+      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
+    </IfModule>
+
+    #
+    # The location and format of the access logfile (Common Logfile Format).
+    # If you do not define any access logfiles within a <VirtualHost>
+    # container, they will be logged here.  Contrariwise, if you *do*
+    # define per-<VirtualHost> access logfiles, transactions will be
+    # logged therein and *not* in this file.
+    #
+    CustomLog "/opt/homebrew/var/log/httpd/access_log" common
+
+    #
+    # If you prefer a logfile with access, agent, and referer information
+    # (Combined Logfile Format) you can use the following directive.
+    #
+    #CustomLog "/opt/homebrew/var/log/httpd/access_log" combined
+</IfModule>
+
+<IfModule alias_module>
+    #
+    # Redirect: Allows you to tell clients about documents that used to 
+    # exist in your server's namespace, but do not anymore. The client 
+    # will make a new request for the document at its new location.
+    # Example:
+    # Redirect permanent /foo http://www.example.com/bar
+
+    #
+    # Alias: Maps web paths into filesystem paths and is used to
+    # access content that does not live under the DocumentRoot.
+    # Example:
+    # Alias /webpath /full/filesystem/path
+    #
+    # If you include a trailing / on /webpath then the server will
+    # require it to be present in the URL.  You will also likely
+    # need to provide a <Directory> section to allow access to
+    # the filesystem path.
+
+    #
+    # ScriptAlias: This controls which directories contain server scripts. 
+    # ScriptAliases are essentially the same as Aliases, except that
+    # documents in the target directory are treated as applications and
+    # run by the server when requested rather than as documents sent to the
+    # client.  The same rules about trailing "/" apply to ScriptAlias
+    # directives as to Alias.
+    #
+    ScriptAlias /cgi-bin/ "/opt/homebrew/var/www/cgi-bin/"
+
+</IfModule>
+
+<IfModule cgid_module>
+    #
+    # ScriptSock: On threaded servers, designate the path to the UNIX
+    # socket used to communicate with the CGI daemon of mod_cgid.
+    #
+    #Scriptsock cgisock
+</IfModule>
+
+#
+# "/opt/homebrew/var/www/cgi-bin" should be changed to whatever your ScriptAliased
+# CGI directory exists, if you have that configured.
+#
+<Directory "/opt/homebrew/var/www/cgi-bin">
+    AllowOverride None
+    Options None
+    Require all granted
+</Directory>
+
+<IfModule headers_module>
+    #
+    # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
+    # backend servers which have lingering "httpoxy" defects.
+    # 'Proxy' request header is undefined by the IETF, not listed by IANA
+    #
+    RequestHeader unset Proxy early
+</IfModule>
+
+<IfModule mime_module>
+    #
+    # TypesConfig points to the file containing the list of mappings from
+    # filename extension to MIME-type.
+    #
+    TypesConfig /opt/homebrew/etc/httpd/mime.types
+
+    #
+    # AddType allows you to add to or override the MIME configuration
+    # file specified in TypesConfig for specific file types.
+    #
+    #AddType application/x-gzip .tgz
+    #
+    # AddEncoding allows you to have certain browsers uncompress
+    # information on the fly. Note: Not all browsers support this.
+    #
+    #AddEncoding x-compress .Z
+    #AddEncoding x-gzip .gz .tgz
+    #
+    # If the AddEncoding directives above are commented-out, then you
+    # probably should define those extensions to indicate media types:
+    #
+    AddType application/x-compress .Z
+    AddType application/x-gzip .gz .tgz
+
+    #
+    # AddHandler allows you to map certain file extensions to "handlers":
+    # actions unrelated to filetype. These can be either built into the server
+    # or added with the Action directive (see below)
+    #
+    # To use CGI scripts outside of ScriptAliased directories:
+    # (You will also need to add "ExecCGI" to the "Options" directive.)
+    #
+    #AddHandler cgi-script .cgi
+
+    # For type maps (negotiated resources):
+    #AddHandler type-map var
+
+    #
+    # Filters allow you to process content before it is sent to the client.
+    #
+    # To parse .shtml files for server-side includes (SSI):
+    # (You will also need to add "Includes" to the "Options" directive.)
+    #
+    #AddType text/html .shtml
+    #AddOutputFilter INCLUDES .shtml
+</IfModule>
+
+#
+# The mod_mime_magic module allows the server to use various hints from the
+# contents of the file itself to determine its type.  The MIMEMagicFile
+# directive tells the module where the hint definitions are located.
+#
+#MIMEMagicFile /opt/homebrew/etc/httpd/magic
+
+#
+# Customizable error responses come in three flavors:
+# 1) plain text 2) local redirects 3) external redirects
+#
+# Some examples:
+#ErrorDocument 500 "The server made a boo boo."
+#ErrorDocument 404 /missing.html
+#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
+#ErrorDocument 402 http://www.example.com/subscription_info.html
+#
+
+#
+# MaxRanges: Maximum number of Ranges in a request before
+# returning the entire resource, or one of the special
+# values 'default', 'none' or 'unlimited'.
+# Default setting is to accept 200 Ranges.
+#MaxRanges unlimited
+
+#
+# EnableMMAP and EnableSendfile: On systems that support it, 
+# memory-mapping or the sendfile syscall may be used to deliver
+# files.  This usually improves server performance, but must
+# be turned off when serving from networked-mounted 
+# filesystems or if support for these functions is otherwise
+# broken on your system.
+# Defaults: EnableMMAP On, EnableSendfile Off
+#
+#EnableMMAP off
+#EnableSendfile on
+
+# Supplemental configuration
+#
+# The configuration files in the /opt/homebrew/etc/httpd/extra/ directory can be 
+# included to add extra features or to modify the default configuration of 
+# the server, or you may simply copy their contents here and change as 
+# necessary.
+
+# Server-pool management (MPM specific)
+#Include /opt/homebrew/etc/httpd/extra/httpd-mpm.conf
+
+# Multi-language error messages
+#Include /opt/homebrew/etc/httpd/extra/httpd-multilang-errordoc.conf
+
+# Fancy directory listings
+#Include /opt/homebrew/etc/httpd/extra/httpd-autoindex.conf
+
+# Language settings
+#Include /opt/homebrew/etc/httpd/extra/httpd-languages.conf
+
+# User home directories
+#Include /opt/homebrew/etc/httpd/extra/httpd-userdir.conf
+
+# Real-time info on requests and configuration
+#Include /opt/homebrew/etc/httpd/extra/httpd-info.conf
+
+# Virtual hosts
+#Include /opt/homebrew/etc/httpd/extra/httpd-vhosts.conf
+
+# Local access to the Apache HTTP Server Manual
+#Include /opt/homebrew/etc/httpd/extra/httpd-manual.conf
+
+# Distributed authoring and versioning (WebDAV)
+#Include /opt/homebrew/etc/httpd/extra/httpd-dav.conf
+
+# Various default settings
+#Include /opt/homebrew/etc/httpd/extra/httpd-default.conf
+
+# Configure mod_proxy_html to understand HTML4/XHTML1
+<IfModule proxy_html_module>
+Include /opt/homebrew/etc/httpd/extra/proxy-html.conf
+</IfModule>
+
+# Secure (SSL/TLS) connections
+#Include /opt/homebrew/etc/httpd/extra/httpd-ssl.conf
+#
+# Note: The following must must be present to support
+#       starting without SSL on platforms with no /dev/random equivalent
+#       but a statically compiled-in mod_ssl.
+#
+<IfModule ssl_module>
+SSLRandomSeed startup builtin
+SSLRandomSeed connect builtin
+</IfModule>
+
diff --git a/etc/my.cnf b/etc/my.cnf
index bb084638..79ee9f71 100644
--- a/etc/my.cnf
+++ b/etc/my.cnf
@@ -2,11 +2,13 @@
 # Only allow connections from localhost
 bind-address = 127.0.0.1
 
-# This group is read both both by the client and the server
+# This group is read both by the client and the server
 # use it for options that affect everything
 #
 [client-server]
 
-# include all files from the config directory
-# !includedir /usr/local/etc/my.cnf.d
+#
+# include *.cnf from the config directory
+#
+!includedir /opt/homebrew/etc/my.cnf.d
 
diff --git a/etc/php/7.4/conf.d/ext-opcache.ini b/etc/php/7.4/conf.d/ext-opcache.ini
deleted file mode 100644
index e4610e30..00000000
--- a/etc/php/7.4/conf.d/ext-opcache.ini
+++ /dev/null
@@ -1,2 +0,0 @@
-[opcache]
-zend_extension=/usr/local/opt/php@7.4/lib/php/20190902/opcache.so
diff --git a/etc/php/7.4/conf.d/imagick.ini b/etc/php/7.4/conf.d/imagick.ini
deleted file mode 100644
index a308f429..00000000
--- a/etc/php/7.4/conf.d/imagick.ini
+++ /dev/null
@@ -1 +0,0 @@
-extension="/usr/local/Cellar/php@7.4/7.4.25/pecl/20190902/imagick.so"
diff --git a/etc/php/7.4/pear.conf b/etc/php/7.4/pear.conf
deleted file mode 100644
index 3d0c2124..00000000
--- a/etc/php/7.4/pear.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-#PEAR_Config 0.9
-a:34:{s:9:"cache_dir";s:23:"/private/tmp/pear/cache";s:15:"default_channel";s:12:"pear.php.net";s:16:"preferred_mirror";s:12:"pear.php.net";s:13:"remote_config";s:0:"";s:13:"auto_discover";i:0;s:13:"master_server";s:12:"pear.php.net";s:10:"http_proxy";s:0:"";s:7:"php_dir";s:25:"/usr/local/share/pear@7.4";s:7:"ext_dir";s:32:"/usr/local/lib/php/pecl/20190902";s:7:"doc_dir";s:29:"/usr/local/share/pear@7.4/doc";s:7:"bin_dir";s:26:"/usr/local/opt/php@7.4/bin";s:8:"data_dir";s:30:"/usr/local/share/pear@7.4/data";s:7:"cfg_dir";s:29:"/usr/local/share/pear@7.4/cfg";s:7:"www_dir";s:32:"/usr/local/share/pear@7.4/htdocs";s:7:"man_dir";s:20:"/usr/local/share/man";s:8:"test_dir";s:30:"/usr/local/share/pear@7.4/test";s:8:"temp_dir";s:22:"/private/tmp/pear/temp";s:12:"download_dir";s:26:"/private/tmp/pear/download";s:7:"php_bin";s:30:"/usr/local/opt/php@7.4/bin/php";s:10:"php_prefix";s:0:"";s:10:"php_suffix";s:0:"";s:7:"php_ini";s:30:"/usr/local/etc/php/7.4/php.ini";s:12:"metadata_dir";s:0:"";s:8:"username";s:0:"";s:8:"password";s:0:"";s:7:"verbose";i:1;s:15:"preferred_state";s:6:"stable";s:5:"umask";i:18;s:9:"cache_ttl";i:3600;s:8:"sig_type";s:3:"gpg";s:7:"sig_bin";s:18:"/usr/local/bin/gpg";s:9:"sig_keyid";s:0:"";s:10:"sig_keydir";s:31:"/usr/local/etc/php/7.4/pearkeys";s:10:"__channels";a:2:{s:12:"pecl.php.net";a:0:{}s:5:"__uri";a:0:{}}}
\ No newline at end of file
diff --git a/etc/php/8.0/conf.d/ext-opcache.ini b/etc/php/8.0/conf.d/ext-opcache.ini
new file mode 100644
index 00000000..3c10142a
--- /dev/null
+++ b/etc/php/8.0/conf.d/ext-opcache.ini
@@ -0,0 +1,2 @@
+[opcache]
+zend_extension="/opt/homebrew/opt/php/lib/php/20200930/opcache.so"
diff --git a/etc/php/8.0/pear.conf b/etc/php/8.0/pear.conf
new file mode 100644
index 00000000..aaab8b5c
--- /dev/null
+++ b/etc/php/8.0/pear.conf
@@ -0,0 +1,2 @@
+#PEAR_Config 0.9
+a:34:{s:9:"cache_dir";s:23:"/private/tmp/pear/cache";s:15:"default_channel";s:12:"pear.php.net";s:16:"preferred_mirror";s:12:"pear.php.net";s:13:"remote_config";s:0:"";s:13:"auto_discover";i:0;s:13:"master_server";s:12:"pear.php.net";s:10:"http_proxy";s:0:"";s:7:"php_dir";s:24:"/opt/homebrew/share/pear";s:7:"ext_dir";s:35:"/opt/homebrew/lib/php/pecl/20200930";s:7:"doc_dir";s:28:"/opt/homebrew/share/pear/doc";s:7:"bin_dir";s:25:"/opt/homebrew/opt/php/bin";s:8:"data_dir";s:29:"/opt/homebrew/share/pear/data";s:7:"cfg_dir";s:28:"/opt/homebrew/share/pear/cfg";s:7:"www_dir";s:31:"/opt/homebrew/share/pear/htdocs";s:7:"man_dir";s:23:"/opt/homebrew/share/man";s:8:"test_dir";s:29:"/opt/homebrew/share/pear/test";s:8:"temp_dir";s:22:"/private/tmp/pear/temp";s:12:"download_dir";s:26:"/private/tmp/pear/download";s:7:"php_bin";s:29:"/opt/homebrew/opt/php/bin/php";s:10:"php_prefix";s:0:"";s:10:"php_suffix";s:0:"";s:7:"php_ini";s:33:"/opt/homebrew/etc/php/8.0/php.ini";s:12:"metadata_dir";s:0:"";s:8:"username";s:0:"";s:8:"password";s:0:"";s:7:"verbose";i:1;s:15:"preferred_state";s:6:"stable";s:5:"umask";i:18;s:9:"cache_ttl";i:3600;s:8:"sig_type";s:3:"gpg";s:7:"sig_bin";s:18:"/usr/local/bin/gpg";s:9:"sig_keyid";s:0:"";s:10:"sig_keydir";s:34:"/opt/homebrew/etc/php/8.0/pearkeys";s:10:"__channels";a:2:{s:12:"pecl.php.net";a:0:{}s:5:"__uri";a:0:{}}}
\ No newline at end of file
diff --git a/etc/php/7.4/php-fpm.conf b/etc/php/8.0/php-fpm.conf
similarity index 94%
rename from etc/php/7.4/php-fpm.conf
rename to etc/php/8.0/php-fpm.conf
index 6cc6b8bd..a3423e76 100644
--- a/etc/php/7.4/php-fpm.conf
+++ b/etc/php/8.0/php-fpm.conf
@@ -3,7 +3,7 @@
 ;;;;;;;;;;;;;;;;;;;;;
 
 ; All relative paths in this configuration file are relative to PHP's install
-; prefix (/usr/local/Cellar/php@7.4/7.4.14_1). This prefix can be dynamically changed by using the
+; prefix (/opt/homebrew/Cellar/php/8.0.12). This prefix can be dynamically changed by using the
 ; '-p' argument from the command line.
 
 ;;;;;;;;;;;;;;;;;;
@@ -12,14 +12,14 @@
 
 [global]
 ; Pid file
-; Note: the default prefix is /usr/local/var
+; Note: the default prefix is /opt/homebrew/var
 ; Default Value: none
 ;pid = run/php-fpm.pid
 
 ; Error log file
 ; If it's set to "syslog", log is sent to syslogd instead of being written
 ; into a local file.
-; Note: the default prefix is /usr/local/var
+; Note: the default prefix is /opt/homebrew/var
 ; Default Value: log/php-fpm.log
 error_log = /Users/webgefrickel/Sites/__dev/php-fpm.log
 
@@ -139,5 +139,5 @@ daemonize = no
 ; file.
 ; Relative path can also be used. They will be prefixed by:
 ;  - the global prefix if it's been set (-p argument)
-;  - /usr/local/Cellar/php@7.4/7.4.14_1 otherwise
-include=/usr/local/etc/php/7.4/php-fpm.d/*.conf
+;  - /opt/homebrew/Cellar/php/8.0.12 otherwise
+include=/opt/homebrew/etc/php/8.0/php-fpm.d/*.conf
diff --git a/etc/php/7.4/php-fpm.d/www.conf b/etc/php/8.0/php-fpm.d/www.conf
similarity index 93%
rename from etc/php/7.4/php-fpm.d/www.conf
rename to etc/php/8.0/php-fpm.d/www.conf
index 0c9ecceb..104a3dd6 100644
--- a/etc/php/7.4/php-fpm.d/www.conf
+++ b/etc/php/8.0/php-fpm.d/www.conf
@@ -12,7 +12,7 @@
 ; - 'chdir'
 ; - 'php_values'
 ; - 'php_admin_values'
-; When not set, the global prefix (or /usr/local/Cellar/php@7.4/7.4.14_1) applies instead.
+; When not set, the global prefix (or /opt/homebrew/Cellar/php/8.0.12) applies instead.
 ; Note: This directive can also be relative to the global prefix.
 ; Default Value: none
 ;prefix = /path/to/pools/$pool
@@ -71,7 +71,7 @@ listen = 127.0.0.1:9000
 ; process.priority = -19
 
 ; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user
-; or group is differrent than the master process user. It allows to create process
+; or group is different than the master process user. It allows to create process
 ; core dump and ptrace the process for the pool user.
 ; Default Value: no
 ; process.dumpable = yes
@@ -140,7 +140,7 @@ pm.max_spare_servers = 3
 ;pm.max_requests = 500
 
 ; The URI to view the FPM status page. If this value is not set, no URI will be
-; recognized as a status page. It shows the following informations:
+; recognized as a status page. It shows the following information:
 ;   pool                 - the name of the pool;
 ;   process manager      - static, dynamic or ondemand;
 ;   start time           - the date and time FPM has started;
@@ -230,7 +230,7 @@ pm.max_spare_servers = 3
 ;   last request memory:  0
 ;
 ; Note: There is a real-time FPM status monitoring sample web page available
-;       It's available in: /usr/local/Cellar/php@7.4/7.4.14_1/share/php/fpm/status.html
+;       It's available in: /opt/homebrew/Cellar/php/8.0.12/share/php/fpm/status.html
 ;
 ; Note: The value must start with a leading slash (/). The value can be
 ;       anything, but it may not be a good idea to use the .php extension or it
@@ -238,6 +238,22 @@ pm.max_spare_servers = 3
 ; Default Value: not set
 ;pm.status_path = /status
 
+; The address on which to accept FastCGI status request. This creates a new
+; invisible pool that can handle requests independently. This is useful
+; if the main pool is busy with long running requests because it is still possible
+; to get the status before finishing the long running requests.
+;
+; Valid syntaxes are:
+;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific IPv4 address on
+;                            a specific port;
+;   '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
+;                            a specific port;
+;   'port'                 - to listen on a TCP socket to all addresses
+;                            (IPv6 and IPv4-mapped) on a specific port;
+;   '/path/to/unix/socket' - to listen on a unix socket.
+; Default Value: value of the listen option
+;pm.status_listen = 127.0.0.1:9001
+
 ; The ping URI to call the monitoring page of FPM. If this value is not set, no
 ; URI will be recognized as a ping page. This could be used to test from outside
 ; that FPM is alive and responding, or to
@@ -270,13 +286,13 @@ pm.max_spare_servers = 3
 ;  %d: time taken to serve the request
 ;      it can accept the following format:
 ;      - %{seconds}d (default)
-;      - %{miliseconds}d
+;      - %{milliseconds}d
 ;      - %{mili}d
 ;      - %{microseconds}d
 ;      - %{micro}d
 ;  %e: an environment variable (same as $_ENV or $_SERVER)
 ;      it must be associated with embraces to specify the name of the env
-;      variable. Some exemples:
+;      variable. Some examples:
 ;      - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
 ;      - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
 ;  %f: script filename
@@ -338,7 +354,7 @@ pm.max_spare_servers = 3
 ; does not stop script execution for some reason. A value of '0' means 'off'.
 ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
 ; Default Value: 0
-request_terminate_timeout = 3600
+request_terminate_timeout = 300
 
 ; The timeout set by 'request_terminate_timeout' ini option is not engaged after
 ; application calls 'fastcgi_finish_request' or when application has finished and
@@ -375,7 +391,7 @@ request_terminate_timeout = 3600
 
 ; Redirect worker stdout and stderr into main error log. If not set, stdout and
 ; stderr will be redirected to /dev/null according to FastCGI specs.
-; Note: on highloaded environement, this can cause some delay in the page
+; Note: on highloaded environment, this can cause some delay in the page
 ; process time (several ms).
 ; Default Value: no
 ;catch_workers_output = yes
@@ -428,7 +444,7 @@ request_terminate_timeout = 3600
 ; instead.
 
 ; Note: path INI options can be relative and will be expanded with the prefix
-; (pool, global or /usr/local/Cellar/php@7.4/7.4.14_1)
+; (pool, global or /opt/homebrew/Cellar/php/8.0.12)
 
 ; Default Value: nothing is defined by default except the values in php.ini and
 ;                specified at startup with the -d argument
diff --git a/etc/php/7.4/php.ini b/etc/php/8.0/php.ini
similarity index 97%
rename from etc/php/7.4/php.ini
rename to etc/php/8.0/php.ini
index 100467e9..152e9356 100644
--- a/etc/php/7.4/php.ini
+++ b/etc/php/8.0/php.ini
@@ -88,6 +88,7 @@
 ;;;;;;;;;;;;;;;;;;;
 ; Quick Reference ;
 ;;;;;;;;;;;;;;;;;;;
+
 ; The following are all the settings which are different in either the production
 ; or development versions of the INIs with respect to PHP's default behavior.
 ; Please see the actual settings later in the document for more details as to why
@@ -99,12 +100,12 @@
 ;   Production Value: Off
 
 ; display_startup_errors
-;   Default Value: Off
+;   Default Value: On
 ;   Development Value: On
 ;   Production Value: Off
 
 ; error_reporting
-;   Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
+;   Default Value: E_ALL
 ;   Development Value: E_ALL
 ;   Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
 
@@ -153,6 +154,16 @@
 ;   Development Value: "GPCS"
 ;   Production Value: "GPCS"
 
+; zend.exception_ignore_args
+;   Default Value: Off
+;   Development Value: Off
+;   Production Value: On
+
+; zend.exception_string_param_max_len
+;   Default Value: 15
+;   Development Value: 15
+;   Production Value: 0
+
 ;;;;;;;;;;;;;;;;;;;;
 ; php.ini Options  ;
 ;;;;;;;;;;;;;;;;;;;;
@@ -352,21 +363,29 @@ zend.enable_gc = On
 ; If enabled, scripts may be written in encodings that are incompatible with
 ; the scanner.  CP936, Big5, CP949 and Shift_JIS are the examples of such
 ; encodings.  To use this feature, mbstring extension must be enabled.
-; Default: Off
 ;zend.multibyte = Off
 
 ; Allows to set the default encoding for the scripts.  This value will be used
 ; unless "declare(encoding=...)" directive appears at the top of the script.
 ; Only affects if zend.multibyte is set.
-; Default: ""
 ;zend.script_encoding =
 
 ; Allows to include or exclude arguments from stack traces generated for exceptions.
-; In production, it is recommended to turn this setting on to prohibit the output 
+; In production, it is recommended to turn this setting on to prohibit the output
 ; of sensitive information in stack traces
-; Default: Off
+; Default Value: Off
+; Development Value: Off
+; Production Value: On
 zend.exception_ignore_args = Off
 
+; Allows setting the maximum string length in an argument of a stringified stack trace
+; to a value between 0 and 1000000.
+; This has no effect when zend.exception_ignore_args is enabled.
+; Default Value: 15
+; Development Value: 15
+; Production Value: 0
+zend.exception_string_param_max_len = 15
+
 ;;;;;;;;;;;;;;;;;
 ; Miscellaneous ;
 ;;;;;;;;;;;;;;;;;
@@ -385,7 +404,7 @@ expose_php = On
 ; Maximum execution time of each script, in seconds
 ; http://php.net/max-execution-time
 ; Note: This directive is hardcoded to 0 for the CLI SAPI
-max_execution_time = 3600
+max_execution_time = 300
 
 ; Maximum amount of time each script may spend parsing request data. It's a good
 ; idea to limit this time on productions servers in order to eliminate unexpectedly
@@ -395,7 +414,7 @@ max_execution_time = 3600
 ; Development Value: 60 (60 seconds)
 ; Production Value: 60 (60 seconds)
 ; http://php.net/max-input-time
-max_input_time = 3600
+max_input_time = 300
 
 ; Maximum input variable nesting level
 ; http://php.net/max-input-nesting-level
@@ -406,7 +425,7 @@ max_input_time = 3600
 
 ; Maximum amount of memory a script may consume
 ; http://php.net/memory-limit
-memory_limit = 512M
+memory_limit = 256M
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ; Error handling and logging ;
@@ -458,7 +477,7 @@ memory_limit = 512M
 ;   E_ALL & ~E_NOTICE  (Show all errors, except for notices)
 ;   E_ALL & ~E_NOTICE & ~E_STRICT  (Show all errors, except for notices and coding standards warnings.)
 ;   E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR  (Show only errors)
-; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
+; Default Value: E_ALL
 ; Development Value: E_ALL
 ; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
 ; http://php.net/error-reporting
@@ -482,11 +501,9 @@ error_reporting = E_ALL
 display_errors = On
 
 ; The display of errors which occur during PHP's startup sequence are handled
-; separately from display_errors. PHP's default behavior is to suppress those
-; errors from clients. Turning the display of startup errors on can be useful in
-; debugging configuration problems. We strongly recommend you
-; set this to 'off' for production servers.
-; Default Value: Off
+; separately from display_errors. We strongly recommend you set this to 'off'
+; for production servers to avoid leaking configuration details.
+; Default Value: On
 ; Development Value: On
 ; Production Value: Off
 ; http://php.net/display-startup-errors
@@ -524,19 +541,9 @@ ignore_repeated_source = Off
 ; http://php.net/report-memleaks
 report_memleaks = On
 
-; This setting is on by default.
+; This setting is off by default.
 ;report_zend_debug = 0
 
-; Store the last error/warning message in $php_errormsg (boolean). Setting this value
-; to On can assist in debugging and is appropriate for development servers. It should
-; however be disabled on production servers.
-; This directive is DEPRECATED.
-; Default Value: Off
-; Development Value: Off
-; Production Value: Off
-; http://php.net/track-errors
-;track_errors = Off
-
 ; Turn off normal error reporting and emit XML-RPC error XML
 ; http://php.net/xmlrpc-errors
 ;xmlrpc_errors = 0
@@ -691,7 +698,7 @@ auto_globals_jit = On
 ; Its value may be 0 to disable the limit. It is ignored if POST data reading
 ; is disabled through enable_post_data_reading.
 ; http://php.net/post-max-size
-post_max_size = 512M
+post_max_size = 256M
 
 ; Automatically add files before PHP document.
 ; http://php.net/auto-prepend-file
@@ -756,7 +763,7 @@ user_dir =
 
 ; Directory in which the loadable extensions (modules) reside.
 ; http://php.net/extension-dir
-extension_dir = "/usr/local/lib/php/pecl/20190902"
+extension_dir = "/opt/homebrew/lib/php/pecl/20200930"
 ; On windows:
 ;extension_dir = "ext"
 
@@ -843,7 +850,7 @@ file_uploads = On
 
 ; Maximum allowed size for uploaded files.
 ; http://php.net/upload-max-filesize
-upload_max_filesize = 512M
+upload_max_filesize = 256M
 
 ; Maximum number of files that can be uploaded via a single request
 max_file_uploads = 20
@@ -871,7 +878,7 @@ allow_url_include = Off
 
 ; Default timeout for socket based streams (seconds)
 ; http://php.net/default-socket-timeout
-default_socket_timeout = 600
+default_socket_timeout = 300
 
 ; If your scripts have to deal with files from Macintosh systems,
 ; or you are running on a Mac and need to deal with files from
@@ -915,7 +922,7 @@ default_socket_timeout = 600
 ;extension=ffi
 ;extension=ftp
 ;extension=fileinfo
-;extension=gd2
+;extension=gd
 ;extension=gettext
 ;extension=gmp
 ;extension=intl
@@ -925,6 +932,7 @@ default_socket_timeout = 600
 ;extension=exif      ; Must be after mbstring as it depends on it
 ;extension=mysqli
 ;extension=oci8_12c  ; Use with Oracle Database 12c Instant Client
+;extension=oci8_19  ; Use with Oracle Database 19 Instant Client
 ;extension=odbc
 ;extension=openssl
 ;extension=pdo_firebird
@@ -945,9 +953,10 @@ default_socket_timeout = 600
 ;extension=sodium
 ;extension=sqlite3
 ;extension=tidy
-;extension=xmlrpc
 ;extension=xsl
 
+;zend_extension=opcache
+
 ;;;;;;;;;;;;;;;;;;;
 ; Module Settings ;
 ;;;;;;;;;;;;;;;;;;;
@@ -968,10 +977,10 @@ cli_server.color = On
 ;date.default_longitude = 35.2333
 
 ; http://php.net/date.sunrise-zenith
-;date.sunrise_zenith = 90.583333
+;date.sunrise_zenith = 90.833333
 
 ; http://php.net/date.sunset-zenith
-;date.sunset_zenith = 90.583333
+;date.sunset_zenith = 90.833333
 
 [filter]
 ; http://php.net/filter.default
@@ -1048,8 +1057,6 @@ cli_server.color = On
 ; http://php.net/pdo-odbc.connection-pooling
 ;pdo_odbc.connection_pooling=strict
 
-;pdo_odbc.db2_instance_name
-
 [Pdo_mysql]
 ; Default socket name for local MySQL connects.  If empty, uses the built-in
 ; MySQL defaults.
@@ -1585,11 +1592,6 @@ zend.assertions = 1
 ; http://php.net/assert.callback
 ;assert.callback = 0
 
-; Eval the expression with current error_reporting().  Set to true if you want
-; error_reporting(0) around the eval().
-; http://php.net/assert.quiet-eval
-;assert.quiet_eval = 0
-
 [COM]
 ; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs
 ; http://php.net/com.typelib-file
@@ -1615,6 +1617,10 @@ zend.assertions = 1
 ; Default: system ANSI code page
 ;com.code_page=
 
+; The version of the .NET framework to use. The value of the setting are the first three parts
+; of the framework's version number, separated by dots, and prefixed with "v", e.g. "v4.0.30319".
+;com.dotnet_version=
+
 [mbstring]
 ; language for internal character representation.
 ; This affects mb_send_mail() and mbstring.detect_order.
@@ -1664,20 +1670,8 @@ zend.assertions = 1
 ; http://php.net/mbstring.substitute-character
 ;mbstring.substitute_character = none
 
-; overload(replace) single byte functions by mbstring functions.
-; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(),
-; etc. Possible values are 0,1,2,4 or combination of them.
-; For example, 7 for overload everything.
-; 0: No overload
-; 1: Overload mail() function
-; 2: Overload str*() functions
-; 4: Overload ereg*() functions
-; http://php.net/mbstring.func-overload
-;mbstring.func_overload = 0
-
-; enable strict encoding detection.
-; Default: Off
-;mbstring.strict_detection = On
+; Enable strict encoding detection.
+;mbstring.strict_detection = Off
 
 ; This directive specifies the regex pattern of content types for which mb_output_handler()
 ; is activated.
@@ -1686,12 +1680,10 @@ zend.assertions = 1
 
 ; This directive specifies maximum stack depth for mbstring regular expressions. It is similar
 ; to the pcre.recursion_limit for PCRE.
-; Default: 100000
 ;mbstring.regex_stack_limit=100000
 
 ; This directive specifies maximum retry count for mbstring regular expressions. It is similar
 ; to the pcre.backtrack_limit for PCRE.
-; Default: 1000000
 ;mbstring.regex_retry_limit=1000000
 
 [gd]
@@ -1806,6 +1798,11 @@ ldap.max_links = -1
 ; size of the optimized code.
 ;opcache.save_comments=1
 
+; If enabled, compilation warnings (including notices and deprecations) will
+; be recorded and replayed each time a file is included. Otherwise, compilation
+; warnings will only be emitted when the file is first cached.
+;opcache.record_warnings=0
+
 ; Allow file existence override (file_exists, etc.) performance feature.
 ;opcache.enable_file_override=0
 
@@ -1925,7 +1922,7 @@ ldap.max_links = -1
 ; OS-managed cert stores in its absence. If specified, this value may still
 ; be overridden on a per-stream basis via the "cafile" SSL stream context
 ; option.
-openssl.cafile = "/usr/local/etc/openssl@1.1/cert.pem"
+openssl.cafile = "/opt/homebrew/etc/openssl@1.1/cert.pem"
 
 ; If openssl.cafile is not specified or if the CA file is not found, the
 ; directory pointed to by openssl.capath is searched for a suitable
@@ -1934,7 +1931,7 @@ openssl.cafile = "/usr/local/etc/openssl@1.1/cert.pem"
 ; attempt to use the OS-managed cert stores in its absence. If specified,
 ; this value may still be overridden on a per-stream basis via the "capath"
 ; SSL stream context option.
-openssl.capath = "/usr/local/etc/openssl@1.1/certs"
+openssl.capath = "/opt/homebrew/etc/openssl@1.1/certs"
 
 [ffi]
 ; FFI API restriction. Possible values:
diff --git a/install/5_webdev.sh b/install/5_webdev.sh
index cf5686ef..ebd440ec 100755
--- a/install/5_webdev.sh
+++ b/install/5_webdev.sh
@@ -1,43 +1,33 @@
 #!/usr/bin/env zsh
 
-brew reinstall dnsmasq
-brew reinstall httpd
-brew reinstall imagemagick
-brew reinstall mariadb
-brew reinstall mkcert
-brew reinstall nss
-brew reinstall php@7.4
+brew install dnsmasq
+brew install httpd
+brew install imagemagick
+brew install mariadb
+brew install mkcert
+brew install nss
+brew install php
 
 # link etc-configs
-sudo rm -rf /usr/local/etc/php
-sudo rm -rf /usr/local/etc/httpd
-sudo rm /usr/local/etc/my.cnf
-sudo rm /usr/local/etc/dnsmasq.conf
-ln -s ~/dotfiles/etc/httpd /usr/local/etc/httpd
-ln -s ~/dotfiles/etc/php /usr/local/etc/php
-ln -s ~/dotfiles/etc/my.cnf /usr/local/etc/my.cnf
-ln -s ~/dotfiles/etc/dnsmasq.conf /usr/local/etc/dnsmasq.conf
+sudo rm -rf /opt/homebrew/etc/php
+sudo rm -rf /opt/homebrew/etc/httpd
+sudo rm /opt/homebrew/etc/my.cnf
+sudo rm /opt/homebrew/etc/dnsmasq.conf
+ln -s ~/dotfiles/etc/httpd /opt/homebrew/etc/httpd
+ln -s ~/dotfiles/etc/php /opt/homebrew/etc/php
+ln -s ~/dotfiles/etc/my.cnf /opt/homebrew/etc/my.cnf
+ln -s ~/dotfiles/etc/dnsmasq.conf /opt/homebrew/etc/dnsmasq.conf
 
 sudo rm /etc/hosts
 sudo ln -s ~/dotfiles/etc/resolver /etc/resolver
 sudo ln -f ~/dotfiles/etc/hosts /etc/hosts
 
-# php and ssl
-brew link php@7.4
-pecl install imagick
-
 # additional webdev cli tools
 npm install -g depcheck
-npm install -g glyphhanger
 npm install -g npm-check
 npm install -g npm-check-updates
 npm install -g yarn
 
-# additional stuff for glyphhanger
-pip install fonttools
-pip install brotli
-pip install zopfli
-
 # certificates for local ssl
 mkcert -install
 mkcert localhost "dev.localhost" "*.dev.localhost"
@@ -47,7 +37,7 @@ mkcert localhost "dev.localhost" "*.dev.localhost"
 sudo brew services start dnsmasq
 brew services start httpd
 brew services start mariadb
-brew services start php@7.4
+brew services start php
 
 # mariadb
 sudo mysql -uroot