- SVG is not one of the formats for which compress is turned on automatically by
Apache configuration.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
The changes made to freedombox.conf in moving the apache homepage configuration
to an external file freedombox-apache-homepage.conf will cause a conffile prompt
when upgrading to freedombox 19.2. Reverting changes in freedombox.conf to avoid
this.
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Depending on which module is enabled, different configuration is used.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Don't set log level explicitly. Fallback to value set in global Apache
configuration.
- Don't set directory options already set in global configuration.
- Remove /cgi-bin/. Only ikiwiki uses cgi and it is served from a different path
than /usr/lib/cgi-bin.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Update description to simply and talk about multiple protocols supported.
- Don't diagnose on IPv6 as mldonkey does not listen there.
- Run yapf and isort.
- Minor styling fixes.
- Update functional tests to check for service running.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Radicale 1 needs to have /radicale/.well-known/*dav to the URLs where as
Radicale 2 needs to have /radicale to be the URLs. Hence have two separate
apache configuration files.
- Use expr= when setting X-REMOTE-USER header to set the authenticated user name
properly. Without this all users are using a single user '(null)' data.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Makes it trivial to alter site configuration for all domains at once. Also
possible to easily switch to TLS modules other than mod_gnutls.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Avoid Satisfy and Allow which are deprecated.
- Make sure the redirection rule applies only to the URL intended.
- Fix issue with Proxy matching of URLs.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Also try to automatically work for future versions of PHP.
Fixes#1413Fixes#1258
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
In ejabberd 18.09-1, the default BOSH port is changed from 5280 to
5443. Update ejabberd diagnostics and the jwchat-plinth apache conf,
which is used by JSXC.
Fixes#1398.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
- Increment version number
- Functional test for uploading files
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Move the file editing code to actions/config since it must be executed by a
super user.
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Newer versions of Django axes have newly way to get the IP address of a client
using ipware library. This has multiple security issues
https://github.com/jazzband/django-axes/issues/286 . Workaround them by
controlling the X-FORWARDED-FOR header sent from Apache to FreedomBox and by
limiting the headers that ipware uses.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Adds the basic application framework
- Adds the sharing page for index and adding share
- Adds the action for sharing for adding and listing shares
Signed-off-by: Prachi Srivastava <prachisr@thoughtworks.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
- Use 32-bit key for HMAC-256
- Use secrets library instead of os.urandom
- uwsgi enable/disable along with webserver enable/disable
- Text changes
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Add settings in Service View
- Fixes for maximum file setting
- Don't allow negative values for max. file size in UI
- Minor text changes to django messages
- Minor correction to maximum file size calculation
- Rename apache conf file to coquelicot-freedombox.conf
- Remove all hacks to adjust file size.
- Fix permissions issues for settings file
- Show status block in UI
- try-restart on settings change instead of restart
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- More user-friendly treatment of groups and their permissions
Closes#690
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
django-simple-captcha's /refresh url's regex was matching anything that ends
with the word "refresh". This was clashing with sso/refresh. Changed the regex
for captcha's url to captcha/refresh.
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Change sso refresh url to refresh-pubtkt since refresh was conflicting with
captcha's image refresh url.
- Fix datetime.timedelta calculation for refresh interval. Now validity of
ticket is 30 seconds as it was intended to be. It was wrongly set to 30 days
earlier.
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Disabled login using username and password.
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
All users can login. Only admin users can see logs and make changes.
LIMITATION: Only certain functions such as service management is possible.
Functions such as networking and user management is read-only. This problem does
not occur for user belonging to the 'sudo' group.
- Move to system section from applications section.
- Rename action script to cockpit instead of cockpit.
- Deal with .socket/.service correctly.
- Implement hooks on domain name changes and update configuration correctly.
- Host the application under /_cockpit instead of /cockpit because it is
reserved.
- Update description.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Partially fixes#958
The user still has to enable API access from Preferences in the tt-rss app.
Ideally, this should be automated, but this setting wasn't trivial to find. Will
try to automate this in a future pull request.
Signed-off-by: Joseph Nuthalpati <njoseph@thoughtworks.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
If pubtkt module is not enabled (rare) and if repro is enabled, Apache fails to
start. Make sure this effects only repro module. The single-sign-on
configuration already ensures that access is denied if pubtkt module is not
enabled, preventing unauthorized access.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- using latest version of lib-apache2-mod-authpubtkt
- upgraded keys to 4096-bit RSA
- upgraded hashing algorithm to sha512
Plinth needs dependency on libapache2-mod-auth-pubtkt >= 0.11
Signed-off-by: Joseph Nuthalpati <njoseph@thoughtworks.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
