From 7f0f28f8e326509fcfef465be2ca13bb942e2a16 Mon Sep 17 00:00:00 2001
From: 0pis <71935466+0pis@users.noreply.github.com>
Date: Sun, 27 Sep 2020 07:13:33 -0400
Subject: [PATCH 1/4] Use tabs instead of spaces in nginx conf (#1827)

* conf/nginx-primaryonly.conf: Use tabs instead of spaces
* management/web_update.py: Includes the tabs so they display with the correct indentation when added to the local.conf

Co-authored-by: 0pis <0pis>
---
 conf/nginx-primaryonly.conf | 24 ++++++++++++------------
 management/web_update.py    |  6 +++---
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/conf/nginx-primaryonly.conf b/conf/nginx-primaryonly.conf
index 288fce40..31bf0095 100644
--- a/conf/nginx-primaryonly.conf
+++ b/conf/nginx-primaryonly.conf
@@ -22,20 +22,20 @@
 	rewrite ^(/cloud/oc[sm]-provider)/$ $1/index.php redirect;
 	location /cloud/ {
 		alias /usr/local/lib/owncloud/;
-	 	location ~ ^/cloud/(build|tests|config|lib|3rdparty|templates|data|README)/ {
-	 		deny all;
-	 	}
-	 	location ~ ^/cloud/(?:\.|autotest|occ|issue|indie|db_|console) {
-	 		deny all;
-	 	}
+		location ~ ^/cloud/(build|tests|config|lib|3rdparty|templates|data|README)/ {
+			deny all;
+		}
+		location ~ ^/cloud/(?:\.|autotest|occ|issue|indie|db_|console) {
+			deny all;
+		}
 		# Enable paths for service and cloud federation discovery
 		# Resolves warning in Nextcloud Settings panel
-                location ~ ^/cloud/(oc[sm]-provider)?/([^/]+\.php)$ {
-                        index index.php;
-                        include fastcgi_params;
-                        fastcgi_param SCRIPT_FILENAME /usr/local/lib/owncloud/$1/$2;
-                        fastcgi_pass php-fpm;
-                }
+		location ~ ^/cloud/(oc[sm]-provider)?/([^/]+\.php)$ {
+			index index.php;
+			include fastcgi_params;
+			fastcgi_param SCRIPT_FILENAME /usr/local/lib/owncloud/$1/$2;
+			fastcgi_pass php-fpm;
+		}
 	}
 	location ~ ^(/cloud)((?:/ocs)?/[^/]+\.php)(/.*)?$ {
 		# note: ~ has precendence over a regular location block
diff --git a/management/web_update.py b/management/web_update.py
index 0609c77b..83aa91bf 100644
--- a/management/web_update.py
+++ b/management/web_update.py
@@ -146,7 +146,7 @@ def make_domain_config(domain, templates, ssl_certificates, env):
 		finally:
 			f.close()
 		return sha1.hexdigest()
-	nginx_conf_extra += "# ssl files sha1: %s / %s\n" % (hashfile(tls_cert["private-key"]), hashfile(tls_cert["certificate"]))
+	nginx_conf_extra += "\t# ssl files sha1: %s / %s\n" % (hashfile(tls_cert["private-key"]), hashfile(tls_cert["certificate"]))
 
 	# Add in any user customizations in YAML format.
 	hsts = "yes"
@@ -188,9 +188,9 @@ def make_domain_config(domain, templates, ssl_certificates, env):
 
 	# Add the HSTS header.
 	if hsts == "yes":
-		nginx_conf_extra += "add_header Strict-Transport-Security \"max-age=15768000\" always;\n"
+		nginx_conf_extra += "\tadd_header Strict-Transport-Security \"max-age=15768000\" always;\n"
 	elif hsts == "preload":
-		nginx_conf_extra += "add_header Strict-Transport-Security \"max-age=15768000; includeSubDomains; preload\" always;\n"
+		nginx_conf_extra += "\tadd_header Strict-Transport-Security \"max-age=15768000; includeSubDomains; preload\" always;\n"
 
 	# Add in any user customizations in the includes/ folder.
 	nginx_conf_custom_include = os.path.join(env["STORAGE_ROOT"], "www", safe_domain_name(domain) + ".conf")

From 7d6c7b66106573881911a9b391f2594846701085 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Sp=C3=B6ttel?=
 <1682504+fspoettel@users.noreply.github.com>
Date: Sat, 3 Oct 2020 01:27:21 +0000
Subject: [PATCH 2/4] Increase mta-sts max_age to one week (#1829)

This aligns the policy with the example policy found in the  spec
see https://tools.ietf.org/html/rfc8461#section-3.2
---
 conf/mta-sts.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/conf/mta-sts.txt b/conf/mta-sts.txt
index 376102bc..26acc015 100644
--- a/conf/mta-sts.txt
+++ b/conf/mta-sts.txt
@@ -1,4 +1,4 @@
 version: STSv1
 mode: MODE
 mx: PRIMARY_HOSTNAME
-max_age: 86400
\ No newline at end of file
+max_age: 604800

From 5509420637163153ca5e29215db0512d989b8a6d Mon Sep 17 00:00:00 2001
From: Joshua Tauberer <jt@occams.info>
Date: Thu, 15 Oct 2020 14:11:43 -0400
Subject: [PATCH 3/4] s/Days/Retention Days/ on the backup settings page

---
 management/templates/system-backup.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/management/templates/system-backup.html b/management/templates/system-backup.html
index 3860edb7..6afe62c8 100644
--- a/management/templates/system-backup.html
+++ b/management/templates/system-backup.html
@@ -113,10 +113,10 @@
   </div>
   <!-- Common -->
   <div class="form-group backup-target-local backup-target-rsync backup-target-s3">
-    <label for="min-age" class="col-sm-2 control-label">Days:</label>
+    <label for="min-age" class="col-sm-2 control-label">Retention Days:</label>
     <div class="col-sm-8">
       <input type="number" class="form-control" rows="1" id="min-age">
-      <div class="small" style="margin-top: 2px">This is the <i>minimum</i> number of days backup data is kept for. The box makes an incremental backup, so backup data is often kept much longer. An incremental backup file that is less than this number of days old requires that all previous increments back to the most recent full backup, plus that full backup, remain available.</div>
+      <div class="small" style="margin-top: 2px">This is the minimum time backup data is kept for. The box makes an incremental backup most nights, which requires that previous backups back to the most recent full backup be preserved, so backup data is often kept much longer than this setting. Full backups are made periodically when the incremental backup data size exceeds a limit.</div>
     </div>
   </div>
   <div class="form-group">

From 8b166f30415611c6f3c846065a1b9a67c5d12de2 Mon Sep 17 00:00:00 2001
From: David Duque <david@davness.dev>
Date: Fri, 16 Oct 2020 21:22:36 +0100
Subject: [PATCH 4/4] Display certificate expiry dates in ISO format (#1841)

---
 management/ssl_certificates.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/management/ssl_certificates.py b/management/ssl_certificates.py
index 1b1e9f83..3e1b5856 100755
--- a/management/ssl_certificates.py
+++ b/management/ssl_certificates.py
@@ -216,12 +216,12 @@ def get_certificates_to_provision(env, limit_domains=None, show_valid_certs=True
 				response = query_dns(domain, rtype)
 				if response != normalize_ip(value):
 					bad_dns.append("%s (%s)" % (response, rtype))
-	
+
 			if bad_dns:
 				domains_cant_provision[domain] = "The domain name does not resolve to this machine: " \
 					+ (", ".join(bad_dns)) \
 					+ "."
-			
+
 			else:
 				# DNS is all good.
 
@@ -606,10 +606,10 @@ def check_certificate(domain, ssl_certificate, ssl_private_key, warn_if_expiring
 		ndays = (cert_expiration_date-now).days
 		if not rounded_time or ndays <= 10:
 			# Yikes better renew soon!
-			expiry_info = "The certificate expires in %d days on %s." % (ndays, cert_expiration_date.strftime("%x"))
+			expiry_info = "The certificate expires in %d days on %s." % (ndays, cert_expiration_date.date().isoformat())
 		else:
 			# We'll renew it with Lets Encrypt.
-			expiry_info = "The certificate expires on %s." % cert_expiration_date.strftime("%x")
+			expiry_info = "The certificate expires on %s." % cert_expiration_date.date().isoformat()
 
 		if warn_if_expiring_soon and ndays <= warn_if_expiring_soon:
 			# Warn on day 10 to give 4 days for us to automatically renew the