Merge remote-tracking branch 'upstream/master' into solr-jetty

2026-04-19 00:17:23 +02:00 · 2019-09-03 08:51:14 -07:00
parent 2f4bc0876d 9e29564f48
commit 44b3258146
28 changed files with 302 additions and 72 deletions
--- a/conf/fail2ban/filter.d/dovecotimap.conf
+++ b/conf/fail2ban/filter.d/dovecotimap.conf
@@ -1,4 +1,4 @@
-# Fail2Ban filter Dovecot authentication and pop3/imap server
+# Fail2Ban filter Dovecot authentication and pop3/imap/managesieve server
 # For Mail-in-a-Box

 [INCLUDES]
@@ -9,7 +9,7 @@ before = common.conf

 _daemon = (auth|dovecot(-auth)?|auth-worker)

-failregex = ^%(__prefix_line)s(pop3|imap)-login: (Info: )?(Aborted login|Disconnected)(: Inactivity)? \(((no auth attempts|auth failed, \d+ attempts)( in \d+ secs)?|tried to use (disabled|disallowed) \S+ auth)\):( user=<\S*>,)?( method=\S+,)? rip=<HOST>, lip=(\d{1,3}\.){3}\d{1,3}(, TLS( handshaking)?(: Disconnected)?)?(, session=<\S+>)?\s*$
+failregex = ^%(__prefix_line)s(pop3|imap|managesieve)-login: (Info: )?(Aborted login|Disconnected)(: Inactivity)? \(((no auth attempts|auth failed, \d+ attempts)( in \d+ secs)?|tried to use (disabled|disallowed) \S+ auth)\):( user=<\S*>,)?( method=\S+,)? rip=<HOST>, lip=(\d{1,3}\.){3}\d{1,3}(, TLS( handshaking)?(: Disconnected)?)?(, session=<\S+>)?\s*$

 ignoreregex =

--- a/conf/fail2ban/filter.d/miab-owncloud.conf
+++ b/conf/fail2ban/filter.d/miab-owncloud.conf
@@ -3,5 +3,6 @@
 before = common.conf

 [Definition]
+datepattern = %%Y-%%m-%%d %%H:%%M:%%S
 failregex=Login failed: .*Remote IP: '<HOST>[\)']
 ignoreregex =
--- a/conf/fail2ban/jails.conf
+++ b/conf/fail2ban/jails.conf
@@ -69,13 +69,10 @@ action   = iptables-allports[name=recidive]
 # So the notification is ommited. This will prevent message appearing in the mail.log that mail
 # can't be delivered to fail2ban@$HOSTNAME.

-[sasl]
+[postfix-sasl]
 enabled  = true

-[ssh]
+[sshd]
 enabled = true
 maxretry = 7
 bantime = 3600
-
-[ssh-ddos]
-enabled  = true
--- a/conf/nginx-alldomains.conf
+++ b/conf/nginx-alldomains.conf
@@ -18,6 +18,9 @@
 	location = /.well-known/autoconfig/mail/config-v1.1.xml {
 		alias /var/lib/mailinabox/mozilla-autoconfig.xml;
 	}
+	location = /mail/config-v1.1.xml {
+		alias /var/lib/mailinabox/mozilla-autoconfig.xml;
+	}

 	# Roundcube Webmail configuration.
 	rewrite ^/mail$ /mail/ redirect;
--- a/conf/nginx-primaryonly.conf
+++ b/conf/nginx-primaryonly.conf
@@ -19,6 +19,7 @@
 	rewrite ^/cloud/$ /cloud/index.php;
 	rewrite ^/cloud/(contacts|calendar|files)$ /cloud/index.php/apps/$1/ redirect;
 	rewrite ^(/cloud/core/doc/[^\/]+/)$ $1/index.html;
+	rewrite ^(/cloud/oc[sm]-provider)/$ $1/index.php redirect;
 	location /cloud/ {
 		alias /usr/local/lib/owncloud/;
 	 	location ~ ^/cloud/(build|tests|config|lib|3rdparty|templates|data|README)/ {
@@ -27,6 +28,14 @@
 	 	location ~ ^/cloud/(?:\.|autotest|occ|issue|indie|db_|console) {
 	 		deny all;
 	 	}
+		# Enable paths for service and cloud federation discovery
+		# Resolves warning in Nextcloud Settings panel
+                location ~ ^/cloud/(oc[sm]-provider)?/([^/]+\.php)$ {
+                        index index.php;
+                        include fastcgi_params;
+                        fastcgi_param SCRIPT_FILENAME /usr/local/lib/owncloud/$1/$2;
+                        fastcgi_pass php-fpm;
+                }
 	}
 	location ~ ^(/cloud)((?:/ocs)?/[^/]+\.php)(/.*)?$ {
 		# note: ~ has precendence over a regular location block