X O
ebffaab16a
Added wosign as a suggest free SSL provider.
2015-10-11 11:33:18 +10:30
Joshua Tauberer
d6d4085809
munin setup may show '/bin/rm: missing operand', fixes #527
2015-10-10 16:48:49 +00:00
Joshua Tauberer
2a44b0cafb
the new SSL certs routine requires cryptography>=1.0.2 to make RSAPublicNumbers hashable
...
an earlier problem about --upgrade (de34d0d337
) seemed to be just a local problem on my box, so going back to unpinned >= requirement specs
https://discourse.mailinabox.email/t/upgrade-to-v0-13b-broke-admin/876
2015-10-08 12:24:22 +00:00
Joshua Tauberer
834c42bc50
move nginx-ssl to be a global configuration file rather than including it into each server block
2015-09-27 17:13:11 +00:00
Joshua Tauberer
6c8ee1862a
use subresource integrity attributes to guard against CDNs being used as an attack vector; drop external resources that we can't protect this way (fonts); fixes #234
2015-09-18 19:04:28 +00:00
Joshua Tauberer
787beab63f
choose the best SSL cert from among the installed certificates; use the server certificate instead of self-signed certificates
...
For HTTPS for the non-primary domains, instead of selecting an SSL certificate by expecting it to be in a directory named after the domain name (with special-case lookups
for www domains, and reusing the server certificate where possible), now scan all of the certificates that have been installed and just pick the best to use for each domain.
If no certificate is available, don't create a self-signed certificate anymore. This wasn't ever really necessary. Instead just use the server certificate.
2015-09-18 13:25:18 +00:00
Joshua Tauberer
58349a9410
when updating DNS, clear the local DNS cache
2015-09-18 13:00:53 +00:00
Joshua Tauberer
93c2258d23
let the HSTS header be controlled by the management daemon so some domains can choose to enable preload
2015-09-08 21:20:50 +00:00
Joshua Tauberer
bd7a4dedc1
Merge pull request #551 from anoma/master
...
Revert two FAIL2BAN SSH jail changes
2015-09-07 06:49:48 -04:00
anoma
ae3ae0b5ba
Revert to default FAIL2BAN findtime for SSH jail
...
I propose that the default 600s/10minute find time is a better test duration for this ban. The altered 120s findtime sounds reasonable until you consider that attackers can simply throttle to 3 attempts per minute and never be banned.
The remaining non default jail settings of maxretry = 7 and bantime = 3600 I believe are good.
2015-09-07 08:36:59 +01:00
anoma
42d657eb54
Unnecessary config item, inherited from default jail.conf
2015-09-07 08:28:54 +01:00
Joshua Tauberer
d60d73b7e0
status checks: dont error if there's a domain that dns_update hasn't been run yet on
2015-09-06 13:27:35 +00:00
Joshua Tauberer
6704da1446
silence errors in the admin if there is an invalid domain name in the database
...
see #531
2015-09-06 13:27:28 +00:00
Joshua Tauberer
3e96de26dd
server_names_hash_bucket_size=128 now, see #93
2015-09-05 20:24:17 +00:00
Joshua Tauberer
4f6fa40dbd
warn in status checks if a custom DNS record has been set on a domain that would normally serve web and as a result that domain no longer is serving web
2015-09-05 20:07:51 +00:00
Joshua Tauberer
104b804059
if a custom DNS record exists for a web-serving domain and the record is just the box's IP address, don't skip this domain for serving web
2015-09-05 20:07:51 +00:00
Joshua Tauberer
c545e46ebe
Merge pull request #548 from NurdTurd/patch-1
...
Typo
2015-09-05 15:30:25 -04:00
Sheldon Rupp
52a216fbcb
Typo
...
Change KB to MB due to typo.
2015-09-05 21:29:24 +02:00
Joshua Tauberer
2c29d59895
Merge pull request #478 from kri3v/patch-1
...
Added more bantime and lowered max retry attempts
2015-09-05 11:42:36 -04:00
Joshua Tauberer
de34d0d337
pin pip versions of email_validator and cryptography so pip doesn't keep reinstalling them each upgrade even if nothing changed (and the ceffi depedency installation can be very slow and is prone to break under low memory)
2015-09-05 12:35:01 +00:00
Joshua Tauberer
2bb7a6fc27
changelog entries
2015-09-05 08:01:59 -04:00
Joshua Tauberer
1b84292c56
Merge pull request #544 from 0xFelix/master
...
Fix DKIM validation and spamassassin DNS/Pyzor checks
2015-09-05 06:59:00 -04:00
Felix
18efae9703
Remove direct dependencies as they get installed automatically
2015-09-05 09:08:47 +02:00
Joshua Tauberer
4b6d86ef89
trim the instructions at the end of an upgrade about the DNS-broken control panel login
2015-09-04 18:49:32 -04:00
Joshua Tauberer
75a75a6f84
admin: rename my ajax javascript function to ajax_with_indicator; see 79c57c2303
2015-09-04 18:40:56 -04:00
Joshua Tauberer
2e99589336
admin: fix jumpyness when a modal is shown (move overflow-y to body; make the navbar not fixed to top)
2015-09-04 22:21:10 +00:00
Joshua Tauberer
188b21dd36
bump bootstrap to 3.3.5 and jquery to 1.11.3 on the admin
2015-09-04 22:13:56 +00:00
Joshua Tauberer
0cf56e0aad
add a random password generator to the users page of the admin
2015-09-04 22:12:07 +00:00
Felix
bd7728ac94
Add documentation for additional packages, remove unneeded package libcrypt-openssl-random-perl
2015-09-04 15:45:47 +02:00
Felix
b6f7a10569
Add missing dependencies for DKIM validation
2015-09-04 09:25:49 +02:00
Felix
53a9fc0e48
Set 'LOCALONLY' to 0 in /etc/default/spampd
2015-09-04 09:18:12 +02:00
Joshua Tauberer
b05af6eecb
v0.13b
...
ownCloud 8.1.1 trusted_domains autoconfiguration fix.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJV43ODAAoJELkgQfTBC92BAMEH/3DbsticgFhbPzMsCcmcjxkg
1Dxw4e8YRgMPp3xuq4/5we6bL/KXSxioFc1488jfiLhAe6fHZGmSi4p6L8twnsxD
exUd/pHZ8L1SC953JhBXLUWYfAQ/ozEZ8bNPVJ4NLx5T58FPWBSRouQHHZTMc/z1
Pduc6RjZQ3o1dmTzbwt5hB/ZS61CFV2V9cr+aKmFSDKh7/qzBSaqGfiTOsWI43GE
JfCN6hwnCUvvkGfaYmxJSY/emgiJETLkQCv0e1kZs5MfojkFUspqvmTQViE2HI4f
y5FWmPXvhoHuMIgH0q0Rrw0xchXW44fJbK4SnT50z7do8F7KmSX6ztw5oxux/U0=
=kcFy
-----END PGP SIGNATURE-----
v0.13b - release & merge side-branch
ownCloud 8.1.1 trusted_domains autoconfiguration fix.
2015-08-30 17:21:36 -04:00
Joshua Tauberer
571171a0c6
ownCloud 8.1.1's autoconfig resets trusted_domains / update trusted_domains if PRIMARY_HOSTNAME changes
...
Seems like ownCloud 8.1.1 now doesn't play nice with trusted_domains. Whatever is put in ahead of time gets reset to an array containing 'localhost' only, probably because we invoke autoconfiguration from the command line where it doesn't know the hostname it's being accessed from. We now set this value after running autoconfig.
This has the added benefit of also fixing the problem that if PRIMARY_HOSTNAME changes, trusted_domains wasn't updated. Now it is. Fixes #503 .
See #514 .
2015-08-30 17:19:38 -04:00
Joshua Tauberer
c5082498ab
utils.py can't import non-standard modules because it is imported by migrate.py, which is run before anything is installed
...
closes #540
2015-08-30 13:50:34 -04:00
Joshua Tauberer
d19c215bf1
Merge pull request #537 from elwebmaster/patch-1
...
Update nginx-primaryonly.conf
2015-08-28 15:10:49 -04:00
Stefan Dimitrov
42dd46e305
Update nginx-primaryonly.conf
...
Nginx should be connecting over the local interface, not to the IP the resolver gives it. Elsewhere in this file proxy_pass uses 127.0.0.1 as it should.
2015-08-28 15:07:47 -04:00
Joshua Tauberer
a6496949f8
Merge pull request #536 from badsyntax/external-dns-txt-record-limit-info
...
Added a note about TXT record length limitations and how to construct the records to bypass the limitation
2015-08-28 15:00:23 -04:00
Richard Willis
ab59323813
Added a note about TXT record length limitations and how to construct the records to bypass the limitation
2015-08-28 15:50:02 +02:00
Joshua Tauberer
a56a9dc6a1
add Mail-in-a-Box version check to status checks
...
closes #502
2015-08-28 12:34:02 +00:00
Joshua Tauberer
bc790ea581
backups: make the instructions about the backup password file more prominent
2015-08-28 12:33:07 +00:00
Joshua Tauberer
dbfd158388
dont refresh the backup page when there's an error saving the config
2015-08-28 12:33:07 +00:00
Joshua Tauberer
2b1f7da654
S3 credentials for backup should not be displayed in the control panel, fixes #529
2015-08-28 12:33:07 +00:00
Joshua Tauberer
0c9d431a3f
major cleanup to adding new version check to the status checks
2015-08-28 12:29:55 +00:00
Norman Stanke
1a525df8ad
Add Mail-in-a-Box version status check.
2015-08-28 11:55:21 +00:00
Joshua Tauberer
ef1779ba80
Merge pull request #523 from derekrspencer/master
...
Fix antispam-plugin config problem in #520
2015-08-28 07:51:02 -04:00
Joshua Tauberer
d4e9938e3f
Merge pull request #533 from badsyntax/login-form-focus
...
Focus on fields in the login form
2015-08-27 16:20:23 -04:00
Richard Willis
f26c0b71d2
Focus on fields in the login form
...
This just makes life a little easier...
Squashed the following commits:
* Use $.trim() for better browser support
2015-08-27 22:17:13 +02:00
Joshua Tauberer
b2dfdc386a
Merge pull request #528 from phareous/master
...
Allow global sieve scripts for before or after user sieve scripts. Th…
2015-08-26 18:03:47 -04:00
Michael Long
732a6922de
Allow global sieve scripts for before or after user sieve scripts. This allows defining custom system-wide sieve rules.
2015-08-24 19:55:34 -04:00
Joshua Tauberer
9501a2209e
Merge pull request #526 from nstanke/v0.13_readme
...
v0.13a README
2015-08-24 15:27:15 -04:00