16e81e1439
Fix to allow for non forced "enforce" MTA_STS_MODE ( #1970 )
2021-05-08 08:18:49 -04:00
10bedad3a3
MTA-STS tweaks, add status check using postfix-mta-sts-resolver, change to enforce
2020-05-29 15:36:52 -04:00
afc9f9686a
Publish MTA-STS policy for incoming mail ( #1731 )
...
Co-authored-by: Daniel Mabbett <triumph_2500@hotmail.com>
2020-05-29 15:30:07 -04:00
f53b18ebb9
Upgrade TLS settings
2019-12-01 17:49:36 -05:00
52c68c6510
Implement Nextcloud php-fpm recommended performance tuning settings ( #1679 )
2019-12-01 16:13:33 -05:00
bbfa01f33a
update to PHP 7.2
...
* drop the ondrej/php PPA since PHP 7.x is available directly from Ubuntu 18.04
* intall PHP 7.2 which is just the "php" package in Ubuntu 18.04
* some package names changed, some unnecessary packages are no longer provided
* update paths
2018-10-03 13:00:15 -04:00
f6a641ad23
remove some cleanup steps that are no longer needed since we aren't supporting upgrades of existing machines and, even if we did, we aren't supporting upgrades from really old versions of Mail-in-a-Box
2018-10-03 13:00:15 -04:00
51972fd129
fix some comments
2018-10-03 13:00:15 -04:00
dbebaba8b9
switch PHP's process manager to on demand
...
merges #1216
2017-08-30 13:39:25 -04:00
d773140502
Update to Nextcloud 12 using PHP7
...
* Install PHP7 via a PPA, enable unattended upgrades for the PPA, and switch all of our PHP configuration to the PHP7 install.
* Keep installing PHP5 for ownCloud/Nextcloud packages because we need it to possibly run transitional updates to ownCloud/Nextcloud versions less than 12. But replace PHP5 packages with PHP7 packages elsewhere.
* Update to Nextcloud 12 which requires PHP7, with a transitional upgrade to Nextcloud 11.0.3.
* Disable TLS cert validation by Roundcube when connecting to localhost IMAP and SMTP. Validation became the default in PHP7 but we don't necessarily have a (non-self-)signed certificate and it definitely isn't valid for the IP address 127.0.0.1.
Merges #1140
2017-07-14 06:48:22 -04:00
834c42bc50
move nginx-ssl to be a global configuration file rather than including it into each server block
2015-09-27 17:13:11 +00:00
3e96de26dd
server_names_hash_bucket_size=128 now, see #93
2015-09-05 20:24:17 +00:00
73fbcd7fa3
silence all of the installing/already installed package messages on installation
...
Querying dpkg for each package is slow, and we have way too much output on installation because of it.
2015-08-19 15:58:35 -04:00
ca5d228be6
Set PHPs default charset to UTF-8, since we use it. Closes #367 .
2015-06-30 11:31:43 +02:00
97cd4c64ad
don't expose PHP version in the X-Powered-By header, closes #439 , fixes #433
2015-06-18 11:12:03 +00:00
b9ca74c915
implement Mozilla (e.g. Thunderbird) autoconfiguration file
...
fixes #241
2015-01-31 21:33:18 +00:00
06f2477cfd
the new iOS configuration profile also is used on OS X 10.10.1, see #261
2014-11-18 16:32:37 +00:00
b04addda9a
move the mobileconfig into the conf directory as a plain XML file and handle substitutions and copying to /var in web.sh
2014-11-14 13:52:29 +00:00
8566b78202
drop webfinger, see #95
2014-10-07 20:30:36 +00:00
7c2092d48f
remove apache before installing nginx, see #224
2014-10-05 09:01:20 -04:00
5fd107cae5
more work on making the bash scripts readable
2014-10-04 17:57:26 -04:00
39bca053ed
add 2048 bits of DH params for nginx, postfix, dovecot
...
nginx/postfix use a new pre-generated dh2048.pem file. dovecot generates the bits on its own.
ssllabs.com reports that TLS_DHE ciphers went from 1024 to 2048 bits as expected. The ECDHE ciphers remain at 256 bits --- no idea what that really means. (This tests nginx only. I haven't tested postfix/dovecot.)
see https://discourse.mailinabox.email/t/fips-ready-for-ssl-dhec-key-exchange/76/3
2014-09-26 22:09:22 +00:00
6b13ac1ca9
Support more concurrent connections
2014-09-04 16:40:33 +02:00
e0dc8ff04a
when deleting my old /usr/local/bin/mailinabox-exchange-autodiscover.php file from existing systems, don't emit an error if the file doesn't exist (added -f)
2014-08-25 08:10:54 -04:00
aaea954072
remove my old Exchange autodiscover PHP script from systems
2014-08-19 11:50:00 +00:00
0eceb2012f
use php5-fpm rather than our own custom launcher script for PHP+FastCGI
2014-08-12 11:00:54 +00:00
023cd12e1a
hide lots of unnecessary and scary output during setup
2014-07-16 09:36:56 -04:00
2a7669a0d3
z-push: an Exchange ActiveSync server
2014-07-12 00:02:32 +00:00
cf7053c124
set nginx server_names_hash_bucket_size to 64, fixes #93
2014-07-07 11:23:41 +00:00
f8cd2bb805
typo: www/default/index.html would be overwritten if it already exists
2014-06-23 19:43:19 +00:00
d4ce50de86
new tool to purchase and install a SSL certificate using Gandi.net's API
2014-06-23 10:53:29 +00:00
0ab43ef4fd
have webfinger output a JSON file in STORAGE_ROOT/webfinger/(acct/..)
2014-06-21 17:08:18 +00:00
326cc2a451
obviously put our stuff in /usr/local and not /usr
2014-06-21 12:35:00 -04:00
85169dc960
preliminary support for webfinger
...
It just echos back the subject given to it.
2014-06-20 01:55:16 +00:00
5faa1cae71
manage the nginx conf in the management daemon too so we can have nginx operate on all domains that we serve mail for
2014-06-20 01:55:12 +00:00
da15ae5375
rename the scripts directory to setup
2014-06-03 11:12:38 +00:00
jvolkenant
Joshua Tauberer
A. Schippers
Michael Kroes
dofl
Hnk Reno
Joel Kåberg