Test:
- Setup Matrix on a VPS with a FQDN and a valid LE certificate, then add these
configs to fail2ban.
- On a production server apply the changes of MR !2296
- Setup the fail2ban filter and jail, then restart fail2ban
- Trying to log in unsuccessfully from FluffyChat leads to a 10 min ban
Result:
`sudo fail2ban-client status matrix-synapse-auth-freedombox` returns the
following output, but the server actually remains accessible in every way.
```
Status for the jail: matrix-synapse-auth-freedombox
|- Filter
| |- Currently failed: 1
| |- Total failed: 11
| `- Journal matches:
`- Actions
|- Currently banned: 1
|- Total banned: 1
`- Banned IP list: MY IP
```
Signed-off-by: nbenedek <contact@nbenedek.me>
This is now the preferred location in Debian. See:
https://lintian.debian.org/tags/systemd-service-in-odd-locationhttps://bugs.debian.org/992465https://bugs.debian.org/987989d70caa69c6https://lists.debian.org/debian-devel/2021/08/msg00275.html
Tests:
- Lintian no longer shows errors:
E: freedombox: systemd-service-in-odd-location lib/.../calibre-server-freedombox.service
- Comparing the old .deb and newly generated .deb with these changes. All the
systemd files show that they are moved from /lib to /usr/lib/systemd.
- After upgrading the deb from older version to a version these changes,
services installed by the package are available (tested after restart with
wordpress and claibre). Services tweaked by the package have the changed
configuration reflected as shown by systemctl show
{service-name}.service (tested after restart with quassel).
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This reverts the additional changes done in merge request !1540 and sets the
configuration to what was originally proposed in the merge request.
- AllowEncodedSlashes can't be set inside <Location> directive. It needs to be
set inside VirtualHost directive making it apply for the entire site. In case
of FreedomBox, this needs to be set globally. It may have implications for how
we are encoding slashes in URLs include for storage module. It could cause
unexpected regressions elsewhere.
- ProxyPass directory should have only argument inside a <Location> directive.
Fix that too.
Closes: #1635.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
