- Radicale 1 needs to have /radicale/.well-known/*dav to the URLs where as
Radicale 2 needs to have /radicale to be the URLs. Hence have two separate
apache configuration files.
- Use expr= when setting X-REMOTE-USER header to set the authenticated user name
properly. Without this all users are using a single user '(null)' data.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This is necessary to avoid errors when installing freedombox with older plinth
already installed. Also make plinth depend on latest freedombox to ensure
upgrades go smoothly.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
All the packages that are removed as dependencies in freedombox-setup and are
not essential for the operation of FreedomBox/Plinth have been moved to
Recommends .
The following packages were *moved* from freedombox-setup directly as is:
- bridge-utils
- curl
- devio
- dnsutils
- dosfstools
- haveged
- htop
- iftop
- iputils-ping
- iw
- libnss-gw-name
- libnss-mdns
- libnss-myhostname
- libpam-tmpdir
- libpam-abl
- locales
- locales-all
- lsof
- netcat-openbsd
- psmisc
- resolvconf
- rfkill
- tcpdump
- vim-tiny
- wget
- wireless-tools
- zile
The following packages have been *added* as they are part of standard system
utilities present in a Debian system:
- bzip2
- file
- openssh-client
- pciutils
- whois
The following packages were *dropped* as dependencies from freedombox-setup:
- dialog: no utility to an admin on command line. No scripts are currently using
it. Any script using it should have a dependency on it.
- dnsmasq-base: network-manager is one that uses it and it already recommends
it.
- parted: Added as dependency for the storage module which uses it.
- ssl-cert: apache2 and other packages that use it already recommend it.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Remove access/error log references in configuration files and tests.
- Ensure that /var/log/plinth directory is not created anymore.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Makes it trivial to alter site configuration for all domains at once. Also
possible to easily switch to TLS modules other than mod_gnutls.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Avoid Satisfy and Allow which are deprecated.
- Make sure the redirection rule applies only to the URL intended.
- Fix issue with Proxy matching of URLs.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
While capturing stdout and stderr and automatically logging that to system
logging daemon provides basic information, a lot of information lost in the
process.
This change logs to systemd journal directly so that rich information such as
code file, code function, code line, etc, can be captured in a structured way.
To avoid double logging, discard stdout and stderr in the systemd unit file.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Instead log only to the console and let daemon wrapper (systemd in Debian) take
the logs from the console and log them to system log. There are many advantages
for logging to system log instead of handling files on our own:
- No need to handle log file rotation. This can be configured in many ways and
we don't have to support that. System's log daemon handles this. Closes#1353.
- Remaining system logs such as sudo and audit logs can be along with FreedomBox
logs for better debugging.
- It is possible to do remote logging based on system logger.
- It is possible to make the logs tamper resistant based on system logger
configuration.
Since timestamp is automatically logged by system log daemon, remove timestamps
from log format. When running on console, timestamps are not very useful.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Access log is not populated by cherrpy anymore.
- CherrPy does not log WSGI handler requests at all. So the request for HTML
pages actually is never logged. Only static file requests which are hardly
useful are logged.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
