missed changes

conf/management-initscript

@@ -1,135 +0,0 @@
-#! /bin/sh
-### BEGIN INIT INFO
-# Provides:          mailinabox
-# Required-Start:    $all
-# Required-Stop:     $all
-# Default-Start:     2 3 4 5
-# Default-Stop:      0 1 6
-# Short-Description: Start and stop the Mail-in-a-Box management daemon.
-# Description:       Start and stop the Mail-in-a-Box management daemon.
-### END INIT INFO
-
-# Adapted from http://blog.codefront.net/2007/06/11/nginx-php-and-a-php-fastcgi-daemon-init-script/
-
-PATH=/sbin:/usr/sbin:/bin:/usr/bin
-DESC="Mail-in-a-Box Management Daemon"
-NAME=mailinabox
-DAEMON=/usr/local/lib/mailinabox/start
-PIDFILE=/var/run/$NAME.pid
-SCRIPTNAME=/etc/init.d/$NAME
-
-# Exit if the package is not installed
-[ -x "$DAEMON" ] || exit 0
-
-# Set defaults.
-START=yes
-EXEC_AS_USER=root
-
-# Ensure Python reads/writes files in UTF-8. If the machine
-# triggers some other locale in Python, like ASCII encoding,
-# Python may not be able to read/write files. Set also
-# setup/start.sh (where the locale is also installed if not
-# already present) and management/daily_tasks.sh.
-export LANGUAGE=en_US.UTF-8
-export LC_ALL=en_US.UTF-8
-export LANG=en_US.UTF-8
-export LC_TYPE=en_US.UTF-8
-
-# Read configuration variable file if it is present
-[ -r /etc/default/$NAME ] && . /etc/default/$NAME
-
-# Load the VERBOSE setting and other rcS variables
-. /lib/init/vars.sh
-
-# Define LSB log_* functions.
-# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
-. /lib/lsb/init-functions
-
-# If the daemon is not enabled, give the user a warning and then exit,
-# unless we are stopping the daemon
-if [ "$START" != "yes" -a "$1" != "stop" ]; then
-        log_warning_msg "To enable $NAME, edit /etc/default/$NAME and set START=yes"
-        exit 0
-fi
-
-# Process configuration
-#export ...
-DAEMON_ARGS=""
-
-
-do_start()
-{
-        # Return
-        #   0 if daemon has been started
-        #   1 if daemon was already running
-        #   2 if daemon could not be started
-        start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
-                || return 1
-        start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON \
-                --background --make-pidfile --chuid $EXEC_AS_USER --startas $DAEMON -- \
-                $DAEMON_ARGS \
-                || return 2
-}
-
-do_stop()
-{
-        # Return
-        #   0 if daemon has been stopped
-        #   1 if daemon was already stopped
-        #   2 if daemon could not be stopped
-        #   other if a failure occurred
-        start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE > /dev/null # --name $DAEMON
-        RETVAL="$?"
-        [ "$RETVAL" = 2 ] && return 2
-        # Wait for children to finish too if this is a daemon that forks
-        # and if the daemon is only ever run from this initscript.
-        # If the above conditions are not satisfied then add some other code
-        # that waits for the process to drop all resources that could be
-        # needed by services started subsequently.  A last resort is to
-        # sleep for some time.
-        start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
-        [ "$?" = 2 ] && return 2
-        # Many daemons don't delete their pidfiles when they exit.
-        rm -f $PIDFILE
-        return "$RETVAL"
-}
-case "$1" in
-  start)
-        [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
-        do_start
-        case "$?" in
-                0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
-                2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
-        esac
-        ;;
-  stop)
-        [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
-        do_stop
-        case "$?" in
-                0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
-                2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
-        esac
-        ;;
-  restart|force-reload)
-        log_daemon_msg "Restarting $DESC" "$NAME"
-        do_stop
-        case "$?" in
-          0|1)
-                do_start
-                case "$?" in
-                        0) log_end_msg 0 ;;
-                        1) log_end_msg 1 ;; # Old process is still running
-                        *) log_end_msg 1 ;; # Failed to start
-                esac
-                ;;
-          *)
-                # Failed to stop
-                log_end_msg 1
-                ;;
-        esac
-        ;;
-  *)
-        echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
-        exit 3
-        ;;
-esac

conf/nginx-ssl.conf

@@ -32,7 +32,7 @@ ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECD
 # Cut out (the old, broken) SSLv3 entirely. 
 # This **excludes IE6 users** and (apparently) Yandexbot.
 # Just comment out if you need to support IE6, bless your soul.
-ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
+ssl_protocols TLSv1.2 TLSv1.1;
 
 # Turn on session resumption, using a cache shared across nginx processes,
 # as recommended by http://nginx.org/en/docs/http/configuring_https_servers.html
@@ -44,11 +44,7 @@ ssl_session_timeout 1d;
 # nginx 1.5.9+ ONLY
 #ssl_buffer_size 1400; 
 
-# SPDY header compression (0 for none, 9 for slow/heavy compression). Preferred is 6. 
-# 
-# BUT: header compression is flawed and vulnerable in SPDY versions 1 - 3.
-# Disable with 0, until using a version of nginx with SPDY 4.
-spdy_headers_comp 0;
+#spdy_headers_comp is deprecated and replaced by http2.
 
 # Now let's really get fancy, and pre-generate a 2048 bit random parameter
 # for DH elliptic curves. If not created and specified, default is only 1024 bits. 

conf/nginx.conf

@@ -31,8 +31,8 @@ server {
 
 # The secure HTTPS server.
 server {
-	listen 443 ssl;
-	listen [::]:443 ssl;
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
 
 	server_name $HOSTNAME;