Commit Graph

2088 Commits

Author SHA1 Message Date
David Duque ccf60c7017
Backups: User-initiated and cron-initiated jobs will have the same lockname
So that some poor timing (initiating a backup when there's a cron-initiated backup)
doesn't screw everything up.
2020-07-11 09:16:32 +01:00
David Duque e224b6b3b2
Update project status 2020-07-11 08:43:46 +01:00
David Duque 79e2398d71
Fix comment 2020-07-11 08:30:05 +01:00
David Duque af9ef186b3
Add manual backup option 2020-07-10 15:48:37 +01:00
David Duque e6102eacfb
AXFR Transfers (for secondary DNS servers): Allow IPv6 addresses (#1787) 2020-07-08 18:26:47 -04:00
David Duque 199c2c50ba
Backups: Fix backup target selector width 2020-07-08 19:32:24 +01:00
David Duque 4a85250242
Revert vagrantfile to upstream config 2020-07-08 19:31:35 +01:00
David Duque dd017c44c7
Update ideas section and roadmap 2020-07-08 15:00:04 +01:00
David Duque 3dfdb9a309
Update Vagrantfile to pull from development branch 2020-07-03 19:01:16 +01:00
David Duque 1d4d03637f
Version bump 2020-06-29 09:47:38 +01:00
David Duque b98111b4e1
Fix unassigned php version 2020-06-29 09:13:50 +01:00
David Duque 3876cbac8a
Version bump 2020-06-28 10:06:50 +01:00
David Duque ffc7e8d77e
Add comments explaining 2020-06-28 10:05:25 +01:00
David Duque 7f305ee02e
Add /.well-known/mta-sts.txt to all nginx dotfiles 2020-06-28 09:57:28 +01:00
David Duque fcb44dafa3
Let's encrypt certbot hotfix 2020-06-27 21:32:36 +01:00
David Duque 7af4ab0f4f
Version bump 2020-06-27 20:27:49 +01:00
David Duque 7864055490
Upgrade Nextcloud 2020-06-27 19:39:03 +01:00
David Duque 7b357fa71b Version bump (v0.46 rc) 2020-06-21 22:49:14 +01:00
David Duque 9a4cf4d7af Update dependencies 2020-06-21 16:02:17 +01:00
David Duque 022a11e159 Merge remote-tracking branch 'up/master' 2020-06-21 15:52:31 +01:00
David Duque 74554bcbf3 Version bump 2020-06-21 15:45:34 +01:00
David Duque 5d6c23cff9 Finalize php configuration 2020-06-21 15:18:46 +01:00
David Duque 0ccbf1b809 Only spawn a thread pool when strictly needed
For --check-primary-hostname, the pool is not used.
When exiting, the other processes are left alive and will hang.
2020-06-21 15:05:17 +01:00
Joshua Tauberer 6fd3195275 Fix MTA-STS policy id so it does not have invalid characters, fixes #1779 2020-06-12 13:09:11 -04:00
David Duque d01069f7f2 Automatically agree to ToS on SSL provision 2020-06-12 09:27:08 +01:00
Joshua Tauberer 224242dfde Merge v0.46 point release branch 2020-06-11 12:25:49 -04:00
Joshua Tauberer 049bfb6f7f v0.46 2020-06-11 12:23:18 -04:00
Joshua Tauberer 12d60d102b Update Roundcube to 1.4.6
Fixes #1776
2020-06-11 12:21:17 -04:00
Joshua Tauberer 9db2fc7f05 In web proxies, add X-{Forwarded-{Host,Proto},Real-IP} and 'proxy_set_header Host' when there is a flag
Merges #1432, more or less.
2020-06-11 12:20:17 -04:00
Joshua Tauberer e03a6541ce Don't make autoconfig/autodiscover subdomains and SRV records when the parent domain has no user accounts
These subdomains/records are for automatic configuration of mail clients, but if there are no user accounts on a domain, there is no need to publish a DNS record, provision a TLS certificate, or create an nginx server config block.
2020-06-11 12:20:17 -04:00
Faye Duxovni 41642f2f59 [backport] Fix roundcube error log file path in setup script (#1775) 2020-06-11 12:16:53 -04:00
Vasek Sraier df9bb263dc
daily_tasks.sh: redirect stderr to stdout (#1768)
When the management commands fail, they can print something to the standard error output.
The administrator would never notice, because it wouldn't be send to him with the usual emails.
Fixes #1763
2020-06-07 09:56:45 -04:00
Faye Duxovni 339c330b4f
Fix roundcube error log file path in setup script (#1775) 2020-06-07 09:50:04 -04:00
Marcus Bointon cfc8fb484c
Add rate limiting of SSH in the firewall (#1770)
See #1767.
2020-06-07 09:47:51 -04:00
Joshua Tauberer bc1be9d70a readme fixes 2020-05-30 08:15:31 -04:00
Joshua Tauberer 3a4b8da8fd More for MTA-STS for incoming mail
* Create the mta_sts A/AAAA records even if there is no valid TLS certificate because we can't get a TLS certificate if we don't set up the domains.
* Make the policy id in the TXT record stable by using a hash of the policy file so that the DNS record doesn't change every day, which means no nightly notification and also it allows for longer caching by sending MTAs.
2020-05-30 08:04:09 -04:00
Joshua Tauberer 37dad9d4bb Provision certificates from Let's Encrypt grouped by DNS zone
Folks didn't want certificates exposing all of the domains hosted by the server (although this can already be found on the internet).

Additionally, if one domain fails (usually because of a misconfiguration), it would be nice if not everything fails. So grouping them helps with that.

Fixes #690.
2020-05-29 15:38:18 -04:00
Joshua Tauberer b805f8695e Move status checks for www, autoconfig, autodiscover, and mta-sts to within the section for the parent domain
Since we're checking the MTA-STS policy, there's no need to check that the domain resolves etc. directly.
2020-05-29 15:38:13 -04:00
Joshua Tauberer 10bedad3a3 MTA-STS tweaks, add status check using postfix-mta-sts-resolver, change to enforce 2020-05-29 15:36:52 -04:00
A. Schippers afc9f9686a
Publish MTA-STS policy for incoming mail (#1731)
Co-authored-by: Daniel Mabbett <triumph_2500@hotmail.com>
2020-05-29 15:30:07 -04:00
David Duque 8ca58798e4
Typo fix 2020-05-28 16:17:10 +01:00
David Duque 235ebe9a4a
Secondary nameservers: Allow IPv6 2020-05-28 15:47:43 +01:00
David Duque 211d3ff8a8
Fix os tag issues 2020-05-24 23:23:45 +01:00
David Duque a51e968d31
Use pip3 2020-05-17 15:20:14 +01:00
David Duque c95b91af5a
Force python3-pip 2020-05-17 15:14:43 +01:00
David Duque 117bdb7464
Update Nextcloud to the latest version
Nextcloud 17 doesn't support PHP 7.4 (and therefore Ubuntu 20.04 LTS)
2020-05-17 15:04:17 +01:00
David Duque baa5d32dea
Make sure /etc/default/bind9 exists 2020-05-17 02:58:19 +01:00
David Duque 1513655bc4
Make sure that the OS in the admin panel matches the actual system OS 2020-05-17 02:45:35 +01:00
David Duque 959281c635
Version bump 2020-05-17 02:38:18 +01:00
David Duque 98b50ce333
Syntax function fix 2020-05-17 02:38:00 +01:00