Joshua Tauberer
|
392d33b902
|
change DANE TLSA record to hash the subject public key rather than the whole certificate, which means it is good for any certificate tied to the same private key
Better for short-lived certificates. This is especially in preparation to using certificates from Let's Encrypt.
see #268
|
2015-12-26 11:01:46 -05:00 |
|
Joshua Tauberer
|
4305a71916
|
merge #587 - move backup and nightly status checks to 3am in system time
previously these were run in a cron.daily script which per crontab is run at 6:25 am local time
|
2015-12-26 08:42:58 -05:00 |
|
Joshua Tauberer
|
a4d8e12fd7
|
clean up the backup time patch: dont choose timezone here, move status checks into the same 3am script
|
2015-12-26 08:41:37 -05:00 |
|
Joshua Tauberer
|
3cb5e109a3
|
update changelog entries
|
2015-12-26 08:25:47 -05:00 |
|
Joshua Tauberer
|
e4a4b47fac
|
setup now asks for and sets the system timezone
closes #294
see #328
maybe related to #235
|
2015-12-26 08:08:08 -05:00 |
|
BuildTools
|
8a35905d2e
|
add timezone selection
|
2015-12-23 17:29:13 -05:00 |
|
Joshua Tauberer
|
dbf4729109
|
add management/backup.py --restore
|
2015-12-23 12:53:38 +00:00 |
|
Joshua Tauberer
|
86b9ef496c
|
Merge pull request #636 from bronson/doc-mites
tiny tweaks to make the bash docs slightly more readable
|
2015-12-23 07:29:39 -05:00 |
|
Scott Bronson
|
6336cc6452
|
tiny tweaks to make the bash slightly more readable
|
2015-12-22 12:33:26 -08:00 |
|
Joshua Tauberer
|
bc79319864
|
Merge pull request #494 from anoma/fail2ban-recidive
Activate FAIL2BAN recidive jail
|
2015-12-22 08:11:19 -05:00 |
|
Joshua Tauberer
|
62e88cff54
|
merge #624 document POP client settings in the control panel
|
2015-12-12 08:46:52 -05:00 |
|
Joshua Tauberer
|
6e6c993724
|
reword POP documentation, add to changelog/readme
|
2015-12-12 08:46:18 -05:00 |
|
Marius
|
f8b4e3775d
|
Update mail-guide.html (POP3)
|
2015-12-12 08:41:13 -05:00 |
|
Joshua Tauberer
|
fad69f85fa
|
Merge pull request #605 from ariejan/feature/604-add-rfc2142-mail-aliases
Add alias for abuse@
|
2015-12-07 15:56:51 -05:00 |
|
Joshua Tauberer
|
0029811de2
|
Merge pull request #621 from bronson/nobind9
don't install bind9-host when setting hostname
|
2015-12-07 15:52:47 -05:00 |
|
Scott Bronson
|
fe9ed3f70d
|
don't install bind9-host when setting hostname
also remove an incorrect comment
|
2015-12-07 10:21:51 -08:00 |
|
Ariejan de Vroom
|
aedfe62bb0
|
Add alias for abuse@
|
2015-12-07 16:31:58 +01:00 |
|
Joshua Tauberer
|
c4f00626ef
|
status checks: check that PRIMARY_HOSTNAME's AAAA record is working
|
2015-12-07 09:08:00 -05:00 |
|
Joshua Tauberer
|
fdad83a1bb
|
status checks: check IPv6 reverse DNS
|
2015-12-07 08:58:48 -05:00 |
|
Joshua Tauberer
|
20e11bbab3
|
fail2ban: whitelist our machine's public ip address so status checks dont cause bans of the machine itself
|
2015-12-07 08:45:59 -05:00 |
|
Joshua Tauberer
|
5bbe9f9a04
|
status checks: when ipv6 is enabled, check that services are accessible over ipv6 too
|
2015-12-07 08:37:04 -05:00 |
|
Joshua Tauberer
|
7a93d219ef
|
some cleanup in dns_update.py
|
2015-11-29 14:59:35 +00:00 |
|
Joshua Tauberer
|
808522d895
|
merge functions get_web_domains and get_default_www_redirects
|
2015-11-29 14:46:08 +00:00 |
|
Joshua Tauberer
|
be9efe0273
|
ensure malformed ssl certificate can't cause it to be written to an arbitrary path
|
2015-11-29 14:04:37 +00:00 |
|
Joshua Tauberer
|
766b98c4ad
|
refactor: move SSL-related management functions into a new module ssl_certificates.py
|
2015-11-29 13:59:22 +00:00 |
|
Joshua Tauberer
|
c422543fdd
|
make the system SSL certificate a symlink so we never have to replace a certificate file, and flatten the directory structure of user-installed certificates
|
2015-11-29 02:02:01 +00:00 |
|
Joshua Tauberer
|
cf33be4596
|
fix boto 2 conflict on Google Compute Engine instances
GCE installs some Python-2-only boto plugin that conflicts with boto running under Python 3. It gives a SyntaxError in /usr/share/google/boto/boto_plugins/compute_auth.py (https://github.com/GoogleCloudPlatform/compute-image-packages).
Disabling boto's default configuration file prior to importing boto so that GCE's plugin is not loaded.
See https://discourse.mailinabox.email/t/500-internal-server-error-for-admin/942.
|
2015-11-26 14:51:44 +00:00 |
|
Joshua Tauberer
|
161d096139
|
add a way to dump backup status from the command line
|
2015-11-26 14:34:07 +00:00 |
|
Joshua Tauberer
|
b32cb6229b
|
install boto (py2) via the package manager, not pip (used by duplicity)
|
2015-11-26 14:20:59 +00:00 |
|
Joshua Tauberer
|
3dd5fff110
|
Merge pull request #602 from NurdTurd/patch-2
Typo on 'weirdly'
|
2015-11-20 14:54:39 -05:00 |
|
Sheldon Rupp
|
398a66dd4a
|
Typo on 'weirdly'
|
2015-11-20 20:46:28 +01:00 |
|
Joshua Tauberer
|
cfba97e104
|
updated changelog
|
2015-11-19 07:01:05 -05:00 |
|
Joshua Tauberer
|
bbf78716fd
|
during setup suppress the status line about generating an SSL certificate if we already have it
|
2015-11-19 07:00:33 -05:00 |
|
Joshua Tauberer
|
b9820641aa
|
when generating the initial self-signed cert, dont keep the CSR - it has no use after this step
|
2015-11-19 07:00:33 -05:00 |
|
Joshua Tauberer
|
8c00556bab
|
use /dev/urandom for roundcube/owncloud key generation, see #596, partially reverts #115 (69f0e1d07a )
|
2015-11-19 07:00:33 -05:00 |
|
Joshua Tauberer
|
16d148a8a9
|
use /dev/urandom for DNSSEC key generation, fixes #596, partially reverts #115 (69f0e1d07a )
|
2015-11-19 07:00:33 -05:00 |
|
Joshua Tauberer
|
e8264e9b6a
|
ensure /dev/urandom is seeded with a blocking call to /dev/random and using Ubuntu's pollinate servers
|
2015-11-19 07:00:33 -05:00 |
|
Joshua Tauberer
|
4f2b223070
|
add comments about how openssl generates random numbers for genrsa and what could create a perfect storm to make the key not random
see #596
|
2015-11-19 07:00:32 -05:00 |
|
Joshua Tauberer
|
05e128cafb
|
the >'s in pip install package names might be interpreted as shell redirects and was creating files name '=1.0.0' '=2.0.0' and '=1.0.2' (I'm not sure how this was ever working)
|
2015-11-19 07:00:32 -05:00 |
|
Joshua Tauberer
|
59e9952a61
|
the explanatory text for setting up secondary nameservers was hidden until a secondary nameserver is added, so that wasn't helpful
|
2015-11-19 07:00:32 -05:00 |
|
Joshua Tauberer
|
2f9fd09b2f
|
Merge pull request #599 from nstanke/loglevel
Change Z-Push log level to error
|
2015-11-18 17:42:58 -05:00 |
|
Norman Stanke
|
ec20d657ba
|
Change Z-Push log level to error
|
2015-11-18 21:39:17 +01:00 |
|
Joshua Tauberer
|
34ba279b0a
|
Merge pull request #598 from yodax/zpush-log-rotate
Add log rotation to z-push
|
2015-11-18 07:25:24 -05:00 |
|
yodax
|
c28065cc56
|
Add log rotation to z-push
|
2015-11-17 09:27:05 -05:00 |
|
Joshua Tauberer
|
04960d0b98
|
Merge pull request #597 from yodax/backup-stop-phpfpm
During the backup you will get login failures which will confuse iOS
|
2015-11-17 08:14:23 -05:00 |
|
yodax
|
280de022cb
|
Change order in which service stop
|
2015-11-17 05:22:42 -05:00 |
|
yodax
|
fa1cad7fb2
|
During the backup you will get login failures which will confuse iOS, so it is better to stop php-fpm as well
|
2015-11-17 02:57:14 -05:00 |
|
Joshua Tauberer
|
1926bfa1c5
|
all DNS queries should have a timeout, fixes #591
|
2015-11-11 12:25:55 +00:00 |
|
Joshua Tauberer
|
2b351208e0
|
Merge pull request #589 from NurdTurd/patch-1
Change 'Wosign' to 'WoSign'
|
2015-11-08 15:59:12 -05:00 |
|
Sheldon Rupp
|
96b02e68ee
|
Change 'Wosign' to 'WoSign'
|
2015-11-08 21:31:43 +01:00 |
|