Commit Graph

111 Commits

Author SHA1 Message Date
Joshua Tauberer 10a37cd033 add SSHFP records to DNS 2014-08-27 12:59:40 +00:00
Joshua Tauberer 684d9b3c70 prettify the custom DNS docs 2014-08-27 12:57:47 +00:00
Joshua Tauberer 699923d605 Merge pull request #166 from benschumacher/master
Fix typo in dns_update.py.
2014-08-26 16:13:11 -04:00
Ben Schumacher d5efb05f31 Fix typo in dns_update.py. 2014-08-26 15:58:34 -04:00
Sebastian Kosch 2afd0be591 Replace spaces by tabs in 106-109 2014-08-26 12:16:20 -04:00
Joshua Tauberer 92c7815d2c Merge pull request #156 from skosch/patch-1
Allow users to insert custom nginx configuration directives through new optional files.
2014-08-26 10:24:22 -04:00
Joshua Tauberer 06a4046d13 fix link to /cloud in the admin, fixes #160 2014-08-26 11:51:47 +00:00
Joshua Tauberer 9b8d85de45 if there are no admins when trying to access the control panel, tell the user how to make an admin from SSH 2014-08-26 11:31:45 +00:00
Joshua Tauberer b76cbae5a0 document the DNS API in the control panel
see #140, #155, df20d447a9
2014-08-25 23:52:41 +00:00
Joshua Tauberer ed8ce16fb5 show custom DNS records in the control panel too, fixes #155 2014-08-25 23:35:44 +00:00
Joshua Tauberer a32806da32 create STORAGE_ROOT/backup/duplicity if it doesn't exist
fixes #158
2014-08-25 23:29:00 +00:00
Joshua Tauberer 18f0406541 update comments in backup.py 2014-08-25 23:28:43 +00:00
Joshua Tauberer bc9d670981 prettify mail guide 2014-08-25 23:24:41 +00:00
Sebastian Kosch 00b5c6ee9c test_domain -> domain 2014-08-25 16:02:13 -04:00
Sebastian Kosch 76ff9735cc Move custom server blocks to STORAGE_ROOT 2014-08-25 13:25:44 -04:00
Sebastian Kosch 9bfff1f679 Add server block customizations
This allows users to add a file /etc/nginx/conf.d/includes/mydomain.com.conf, the contents of which will be included in the server block for mydomain.com.
2014-08-24 17:34:15 -04:00
Joshua Tauberer df20d447a9 add an api for setting custom DNS records
Works like this:

```curl -d "" --user email:password https://.../admin/dns/set/qname/rtype/value```

where the rtype and value default to "A" and the remote IP address of the request, so that a simple, empty POST to

```https://.../admin/dns/set/desktop.mydomain.com```

will point desktop.mydomain.com to the caller's IPv4 address.

closes #140
2014-08-23 23:03:45 +00:00
Joshua Tauberer 6e3b04ce83 when generating SSL CSRs, using SHA256 as SHA1 is being phased out, per @konklone 2014-08-23 17:49:33 -04:00
Joshua Tauberer 2d5097345a move the package update check into the system status checks 2014-08-21 11:24:40 +00:00
Joshua Tauberer 294d19e0af rename whats_next.py to status_checks.py 2014-08-21 10:43:55 +00:00
Joshua Tauberer 46f3d05034 add the network checks to whats_next
* zen.spamhaus.org
* dbl.spamhaus.org
* checks if a connection to Google's MTA on port 25 works
2014-08-19 11:16:49 +00:00
Joshua Tauberer 91821adfd7 nameserver checks should be case insensitive 2014-08-18 22:41:27 +00:00
Joshua Tauberer b30d7ad80a web-based administrative UI
closes #19
2014-08-17 22:46:06 +00:00
Joshua Tauberer ba8e015795 dns_update: dont restart the opendkim process if nothing changed 2014-08-17 20:42:17 +00:00
Joshua Tauberer 919a5a8f0b whats_next: when there are multiple responses like for NS records sort the responses so we can compare to a fixed order 2014-08-17 19:55:03 +00:00
Joshua Tauberer f299825a95 in the nginx override YAML file, change how proxies are specified into a mapping 2014-08-17 19:40:45 +00:00
Joshua Tauberer 04454b35c6 (merge) CardDAV, CalDAV via ownCloud and move to z-push fork fork
Merges branch 'owncloud' of github.com:jkaberg/mailinabox
which is pull request #135, closes #135

thanks @jkaberg, @fmbiete, @owncloud
2014-08-17 15:31:08 -04:00
Joshua Tauberer f41ec93cbe management: dont raise an exception on a poorly formatted authentication header 2014-08-17 11:50:05 -04:00
Joshua Tauberer 6e380ade17 owncloud will only let users access it from the PRIMARY_HOSTNAME (due to its trusted_domains option being set statically), so only include /cloud in the nginx configuration for PRIMARY_HOSTNAME 2014-08-16 12:33:10 +00:00
Joshua Tauberer 8c9f278166 owncloud: support MOD_X_ACCEL_REDIRECT_ENABLED
This lets downloads from the file app work.
2014-08-15 23:16:54 +00:00
Joshua Tauberer e625a424fd whats_next: check that the TLSA record is correct, fixes #139 2014-08-13 19:42:49 +00:00
Joshua Tauberer 0eceb2012f use php5-fpm rather than our own custom launcher script for PHP+FastCGI 2014-08-12 11:00:54 +00:00
Joshua Tauberer 1312b0254b backup: dont remove old increments because then we lose the backup history right before the last full backup, instead let them disappear along with full backups when a whole chain becomes very old 2014-08-11 11:45:40 +00:00
Joshua Tauberer f66914d634 backup: automatically take a full backup when the sum of the increments get very large 2014-08-11 11:38:32 +00:00
Joshua Tauberer 58e300e113 backup must be full on the first run because incremental backup will fail, fixes #134 2014-08-11 07:16:58 -04:00
Joshua Tauberer e294f7c181 create the Drafts folder for users so K-9 mail doesn't poll unnecessarily, see #129 2014-08-09 16:49:57 +00:00
Joshua Tauberer b56f82cb92 make a privileges column in the users table and mark the first user as an admin 2014-08-08 12:31:22 +00:00
Joshua Tauberer 6a512042dc after creating the local encrypted backup, execute the after-backup script if the user has provided one to copy the files to a remote location 2014-08-02 14:16:08 +00:00
Joshua Tauberer 6d4fab1e6a whats_next: offer DNSSEC DS parameters rather than the full record and in validation allow for other digests than the one we suggest using
fixes #120 (hopefully), in which Gandi generates a SHA1 digest but we were only checking against a SHA256 digest

Also see http://discourse.mailinabox.email/t/how-to-set-ds-record-for-gandi-net/24/1 in which a user asks about the DS parameters that Gandi asks for.
2014-08-01 12:15:05 +00:00
Joshua Tauberer 30178ef019 add a --force flag to dns_update 2014-08-01 12:05:34 +00:00
Joshua Tauberer 168c06939d have nsd bind to the network interaface that is connected to the Internet, rather than all non-loopback network interfaces
hopefully fixes #121; thanks for the help @sfPlayer1
2014-07-29 20:07:26 -04:00
Joshua Tauberer 8042ab66ac dont serve web for domains with custom DNS records that point A/AAAA elsewhere, and in whats_next only check that an A record exists on a domain if we are serving web on the domain 2014-07-20 15:23:17 +00:00
Joshua Tauberer 8354d9732a in the custom DNS yaml config, treat 'local' as an alias for the box's own IP/IPv6 addresses 2014-07-20 14:53:55 +00:00
Joshua Tauberer 1ad9c70887 refactor custom DNS records 2014-07-20 14:48:20 +00:00
Joshua Tauberer 2e0680de4f the check for whether a custom DNS setting is valid was in the wrong place 2014-07-20 14:41:02 +00:00
sfPlayer1 89acbe4127 Update dns_update.py
Add new extra bool parameter.
2014-07-18 13:05:32 +02:00
sfPlayer1 0e893626c8 Add IPv6 glue records as well
The dns_update script didn't generate IPv6 (AAAA) glue records for the name servers.

This caused http://dnscheck.pingdom.com to complain about a mismatch between the glue records reported by the parent name server and mailinabox nsd.

Here's the failing dnscheck output for reference:
> Checking glue for ns1.my.domain.tld (1.2.3.4).
> Child glue for bgwe.eu found: ns1.my.domain.tld (1.2.3.4)
> Checking glue for ns1.my.domain.tld (1234::1).
> Missing glue at child: ns1.my.domain.tld
> Checking glue for ns2.my.domain.tld (1.2.3.4).
> Child glue for bgwe.eu found: ns2.my.domain.tld (1.2.3.4)
> Checking glue for ns2.my.domain.tld (1234::1).
> Missing glue at child: ns2.my.domain.tld

I'm not very familiar with Python and DNS, please verify ;)
2014-07-18 13:03:09 +02:00
Joshua Tauberer 42c891032d don't create a www. subdomain on any domains that are themselves subdomains within a zone, i.e. don't create www.PUBLIC_HOSTNAME if PUBLIC_HOSTNAME is a subdomain of another domain, which is what we normally recommend 2014-07-17 13:08:05 +00:00
Joshua Tauberer d7a9e7cc17 run management/dns_update.py from the console to dump the DNS records, with explanations, in case the user wants to host DNS off of the box 2014-07-17 13:08:05 +00:00
Joshua Tauberer 7803ac9ca4 write explanatory text as we build DNS zones so we can help the user manage DNS off of the box 2014-07-17 13:08:05 +00:00