f65d9d3196
Upgrade Bootstrap 3.3.5 to 3.3.6
2016-04-09 13:27:27 +02:00
736b3de221
Improve matching of ufw output. Reuse network service list. Improve messages
2016-04-07 16:03:28 +02:00
42f2e983e5
Merge branch 'master' into ufw_status_check
2016-04-07 15:13:59 +02:00
703a963ae5
Add SRV record to the Custom DNS page
...
Add SRV to the drop-down to add a custom DNS zone. I made this change on my up-to-date install and it worked without any issues.
2016-04-05 00:54:26 -05:00
c9f30e8059
Add status checks for ufw
2016-04-02 13:41:16 +02:00
252c35c66e
Merge pull request #772 from yodax/generic-login-message
...
Make control panel login failed messages generic - don't reveal if an email address has an account on the system.
2016-03-26 09:22:02 -04:00
f292e8fc5b
Add generic login failed message
2016-03-26 14:06:43 +01:00
d7d8bda0a4
Instructions on how to create a web site for a domain weren't rendered. Users would miss the step about manually creating the directory to put files in there and wouldn't see anything happen
2016-03-25 13:37:55 +01:00
74a0359cec
Merge pull request #763 from Neopallium/master
...
Fix creation of custom MX records.
2016-03-23 17:22:42 -04:00
5edefbec27
merge #735 - Allow a server to be rebooted when a reboot is required
2016-03-23 16:39:40 -04:00
67555679bd
move the reboot button, fix grammar, refactor check for DRY, add changelog entry
2016-03-23 16:37:15 -04:00
546d6f0026
merge #674 - Support munin's cgi dynazoom
2016-03-23 16:10:30 -04:00
bd86d44c8b
simplify the munin_cgi wrapper / add changelog entry
2016-03-23 16:09:19 -04:00
72fcb005b2
Check MX priority.
2016-03-22 03:07:14 +08:00
84638ab11e
Fix creation of custom MX records.
2016-03-21 21:12:08 +08:00
49ea9cddd1
ssl_certificates: also forgot to catch free_tls_certificates.client.RateLimited
2016-03-06 14:39:34 -05:00
3bbec18ac6
Merge pull request #734 from yodax/dynamicpool
...
Create a temporary multiprocessing pool
2016-02-28 12:39:11 -05:00
2be373fd06
Merge pull request #727 from yodax/userlist
...
Allow files in /home/user-data/mail/mailboxes
2016-02-28 12:33:38 -05:00
b71ad85e9f
Restore an empty line
2016-02-26 09:51:22 +01:00
8ea2f5a766
Allow a server to be rebooted when a reboot is required
2016-02-25 21:56:27 +01:00
6c1357e16c
Merge branch 'master' into dynamicpool
2016-02-23 17:01:13 +01:00
5cabfd591b
(re-fix) mail sent from an address on a subdomain of a domain hosted by the box (a non-zone domain) would never be DKIM-signed because only zones were included in the openDKIM configuration, mistakenly
...
This was originally fixed in 143bbf37f47a93d219ef
2016-02-23 10:16:04 -05:00
721730f0e8
Create a temporary multiprocessing pool
2016-02-23 06:32:01 +01:00
af80849857
Merge pull request #732 from yodax/memory
...
Reduce percentages for required free memory checks
2016-02-22 15:02:50 -05:00
4b2e48f2c0
Merge pull request #726 from yodax/login
...
When previous panel was login, move to system_status
2016-02-22 14:44:23 -05:00
1b24e2cbaf
Reduce percentages for required memory checks
2016-02-22 17:49:19 +01:00
0843159fb4
Reduce number of processes in the pool to 5
2016-02-22 17:38:30 +01:00
057903a303
Allow files in /home/user-data/mail/mailboxes
2016-02-21 13:49:07 +01:00
b8e99c30a2
When previous panel was login, move to system_status
2016-02-20 18:42:28 +01:00
23ecff04b8
the logic in 4ed23f44e6 for taking backups more often was partly backward
2016-02-18 07:50:59 -05:00
36cb2ef41d
missing elif
2016-02-16 09:11:54 -05:00
1ba44b02d4
forgot to catch free_tls_certificates.client.ChallengeFailed
...
Provisioning could crash if, e.g., the DNS we see is different from the DNS Let's Encrypt sees.
see #695 , probably fixes it
2016-02-15 18:22:16 -05:00
2f24328608
before the user agrees to Let's Encrypt's ToS the admin could get a nightly email with weird interactive text
...
Made a mistake refactoring the headless variable earlier.
fixes #696
2016-02-13 12:38:16 -05:00
8ea42847da
nightly status checks could fail if any domains had non-ASCII characters
...
https://discourse.mailinabox.email/t/status-check-emails-empty-after-upgrading-to-v0-16/1082/3
A user on that thread suggests an alternate solution, adding `PYTHONIOENCODING=utf-8` to `/etc/environment`. Python docs say that affects stdin/out/err. But we also use these environment variables elsewhere to ensure that config files we read/write are opened with UTF8 too. Maybe all that can be simplified too.
2016-02-13 11:51:06 -05:00
4ed23f44e6
take a full backup more often so we don't keep backups around for so long
2016-02-05 11:08:33 -05:00
178527dab1
convert the backup increment time to the local timezone, fixes #700
...
Duplicity gives times in UTC. We were assuming times were in local time.
2016-02-05 08:58:07 -05:00
239eac662c
Fix: Correct IP is reported when using custom DNS
...
Fix bug that reports wrong ip, when custom DNS is enabled
2016-02-04 21:32:11 +01:00
4e18f66db6
tls control panel: only show integral seconds while waiting the requested time from Lets Encrypt, in case we got back a non-integral number of seconds to wait
2016-02-03 08:21:22 -05:00
83ffc99b9c
change the public URL of bootstrap.sh to setup.sh
2016-01-30 11:19:51 -05:00
6b408ef824
Use utils.shell instead of subprocess.Popen
2016-01-14 10:24:04 -05:00
70111dafbc
Removes border and rounded corners from navbar
2016-01-14 15:48:39 +01:00
faaa74c3a7
tls: hide extra reasons why domains aren't getting a new certificate during setup
2016-01-14 07:21:08 -05:00
8932aaf4ef
needed libcgi-fast-perl and chown log files
2016-01-13 23:55:45 -05:00
6d6f3ea391
Added ability to use munin's dynazoom
2016-01-13 22:20:33 -05:00
2ad7d0830e
add exception handling for what_version_is_this, fixes #659
2016-01-09 09:23:07 -05:00
07f9228694
Merge branch 'letsencrypt' for automatic provisioning of TLS certificates from Let's Encrypt
2016-01-09 08:58:35 -05:00
36e5772a8e
Update dns_update.py
2016-01-05 16:56:16 +01:00
2882e63dd8
second part of provisioning tls certificates from the control panel
2016-01-04 18:43:17 -05:00
812ef024ef
status checks: check that the non-primary domains also resolve over IPv6, if configured
2016-01-04 18:43:17 -05:00
40cdc5aa30
status checks: if a domain's DNS isnt working dont check the TLS certificate because we cant automatically provision one now anyway
2016-01-04 18:43:17 -05:00
b8d6226a9a
when provisioning tls certs from the command line, specify domain names as command line arguments to force getting certs for those domains
2016-01-04 18:43:17 -05:00
bac15d3919
provision tls certificates from the control panel
2016-01-04 18:43:16 -05:00
4b4f670adf
s/SSL/TLS/ in user-visible text throughout the project
2016-01-04 18:43:16 -05:00
b1b57f9bfd
don't try to get certs for IDNA domains and report all reasons for not fetching a certificate
...
fixes #646
2016-01-04 18:43:16 -05:00
b6933a73fa
provision and install free SSL certificates from Let's Encrypt
2016-01-04 18:43:16 -05:00
5033042b8c
backups: email the administrator when there's a problem
...
Refactor by moving the email-the-admin code out of the status checks and into a new separate tool.
This is why I suppressed non-error output of the backups last commit - so it doesn't send a daily email.
2016-01-04 18:43:02 -05:00
89a46089ee
backups: suppress all output except errors
2016-01-04 18:43:02 -05:00
e288d7730b
backups: trap an error that occurs as early as getting the current backup status
2016-01-04 18:43:02 -05:00
06a0e7f3fe
merge #584 - Add checks to the management interface to report memory usage
2016-01-01 18:13:21 -05:00
a9cd72bbf9
tighten the status text strings for free memory, add changelog entry
2016-01-01 18:12:36 -05:00
682b1dea5e
changelog/status checks updated for opening the sieve port
2016-01-01 17:53:05 -05:00
8d19eade85
clarify the backup days option, fixes #570
2015-12-26 12:04:26 -05:00
d53332b7cf
drop the CSR_COUNTRY setting and ask within the control panel
2015-12-26 11:48:23 -05:00
392d33b902
change DANE TLSA record to hash the subject public key rather than the whole certificate, which means it is good for any certificate tied to the same private key
...
Better for short-lived certificates. This is especially in preparation to using certificates from Let's Encrypt.
see #268
2015-12-26 11:01:46 -05:00
4305a71916
merge #587 - move backup and nightly status checks to 3am in system time
...
previously these were run in a cron.daily script which per crontab is run at 6:25 am local time
2015-12-26 08:42:58 -05:00
a4d8e12fd7
clean up the backup time patch: dont choose timezone here, move status checks into the same 3am script
2015-12-26 08:41:37 -05:00
dbf4729109
add management/backup.py --restore
2015-12-23 12:53:38 +00:00
6e6c993724
reword POP documentation, add to changelog/readme
2015-12-12 08:46:18 -05:00
f8b4e3775d
Update mail-guide.html (POP3)
2015-12-12 08:41:13 -05:00
fad69f85fa
Merge pull request #605 from ariejan/feature/604-add-rfc2142-mail-aliases
...
Add alias for abuse@
2015-12-07 15:56:51 -05:00
aedfe62bb0
Add alias for abuse@
2015-12-07 16:31:58 +01:00
c4f00626ef
status checks: check that PRIMARY_HOSTNAME's AAAA record is working
2015-12-07 09:08:00 -05:00
fdad83a1bb
status checks: check IPv6 reverse DNS
2015-12-07 08:58:48 -05:00
5bbe9f9a04
status checks: when ipv6 is enabled, check that services are accessible over ipv6 too
2015-12-07 08:37:04 -05:00
7a93d219ef
some cleanup in dns_update.py
2015-11-29 14:59:35 +00:00
808522d895
merge functions get_web_domains and get_default_www_redirects
2015-11-29 14:46:08 +00:00
be9efe0273
ensure malformed ssl certificate can't cause it to be written to an arbitrary path
2015-11-29 14:04:37 +00:00
766b98c4ad
refactor: move SSL-related management functions into a new module ssl_certificates.py
2015-11-29 13:59:22 +00:00
c422543fdd
make the system SSL certificate a symlink so we never have to replace a certificate file, and flatten the directory structure of user-installed certificates
2015-11-29 02:02:01 +00:00
cf33be4596
fix boto 2 conflict on Google Compute Engine instances
...
GCE installs some Python-2-only boto plugin that conflicts with boto running under Python 3. It gives a SyntaxError in /usr/share/google/boto/boto_plugins/compute_auth.py (https://github.com/GoogleCloudPlatform/compute-image-packages ).
Disabling boto's default configuration file prior to importing boto so that GCE's plugin is not loaded.
See https://discourse.mailinabox.email/t/500-internal-server-error-for-admin/942 .
2015-11-26 14:51:44 +00:00
161d096139
add a way to dump backup status from the command line
2015-11-26 14:34:07 +00:00
59f8aa1c31
Add checks to the management interface to report memory usage
2015-11-20 01:48:59 -05:00
59e9952a61
the explanatory text for setting up secondary nameservers was hidden until a secondary nameserver is added, so that wasn't helpful
2015-11-19 07:00:32 -05:00
280de022cb
Change order in which service stop
2015-11-17 05:22:42 -05:00
fa1cad7fb2
During the backup you will get login failures which will confuse iOS, so it is better to stop php-fpm as well
2015-11-17 02:57:14 -05:00
1926bfa1c5
all DNS queries should have a timeout, fixes #591
2015-11-11 12:25:55 +00:00
96b02e68ee
Change 'Wosign' to 'WoSign'
2015-11-08 21:31:43 +01:00
ac238b9d28
dont run secondary nameserver checks if the zone's nameservers aren't correct to begin with, possibly because the user is using external DNS, see #582
2015-11-05 11:09:15 +00:00
3fd1279e7d
...but then also have to compare against the intended IP address, which might have a custom override, see #582
2015-11-03 12:06:03 +00:00
3bc38c89ab
secondary NS status checks in 3b91bc2c0a should not be skipped if the target IP address has been modified by a custom record
...
see #582
2015-11-03 06:48:04 -05:00
d0062b7de4
Merge pull request #572 from OmgImAlexis/patch-1
...
Added wosign as a suggested free SSL provider.
2015-10-31 14:57:13 -04:00
3b91bc2c0a
if secondary nameservers are given, status checks now check they are serving the right info
2015-10-22 10:58:36 +00:00
4c4babd9e7
experimentally scanning the mail log to see if we can infer a good time to take a backup
2015-10-22 10:35:14 +00:00
274e5ca676
let dovecot automatically create mailbox folders rather than doing it manually in the management daemon, fixes #554
2015-10-18 11:55:27 +00:00
1bdfdbee89
Added 'Sent' folder when creating user.
2015-10-12 09:43:35 -04:00
ebffaab16a
Added wosign as a suggest free SSL provider.
2015-10-11 11:33:18 +10:30
6c8ee1862a
use subresource integrity attributes to guard against CDNs being used as an attack vector; drop external resources that we can't protect this way (fonts); fixes #234
2015-09-18 19:04:28 +00:00
787beab63f
choose the best SSL cert from among the installed certificates; use the server certificate instead of self-signed certificates
...
For HTTPS for the non-primary domains, instead of selecting an SSL certificate by expecting it to be in a directory named after the domain name (with special-case lookups
for www domains, and reusing the server certificate where possible), now scan all of the certificates that have been installed and just pick the best to use for each domain.
If no certificate is available, don't create a self-signed certificate anymore. This wasn't ever really necessary. Instead just use the server certificate.
2015-09-18 13:25:18 +00:00
58349a9410
when updating DNS, clear the local DNS cache
2015-09-18 13:00:53 +00:00
93c2258d23
let the HSTS header be controlled by the management daemon so some domains can choose to enable preload
2015-09-08 21:20:50 +00:00
aspdye
Michael Kroes
msgerbs
Joshua Tauberer
Robert G. Jakabosky
Wolf-Bastian Pöttner
mike
Jeroen Jacobs
baltoche
Marius
Ariejan de Vroom
Michael Kroes
Sheldon Rupp
Peter Timofejew
X O