- Enabling the module automatically sets 'Protocols h2 h2c http/1.1' in shipped
module configuration.
- HTTP/2 is given higher priority over HTTP/1.1 for supported clients.
- Clients not supporting HTTP/2 continue to work with HTTP/1.1.
- Clients work by using APLN extension in TLS to figure out that server supports
HTTP/2 and use it.
- HTTP/2 improves performance.
- Recommended by Mozilla's SSL configurator: https://ssl-config.mozilla.org/.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Since Git 2.28, it is possible to change initial default branch name using
the configuration option init.defaultBranch.
Closes#2101.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This test is at the end so that it leaves scheduled backups disabled
while other tests are running.
Helps #2058.
Tests:
- Ran functional tests for backups. All tests passed.
- Confirmed that scheduled backups are disabled after backup tests are
complete.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Full list of default extensions in MediaWiki
https://www.mediawiki.org/wiki/Bundled_extensions_and_skins
This initial set of extensions are chosen from:
- extensions that I've used myself over the past 3 years
- testing done in #1267
Extensions that are advanced features for administrators, meant for spam
control, advanced tags or suitable only to a specific kind of user are
not included.
Fixes#1382
More extensions can be enabled in the future if they're generally useful.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
When flags are updated and mediawiki is interface is loaded, somehow, it does
not always happen that the page immediate loaded reflects the changes. So, wait
for the change to reflect.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
We already did a version bump (8 to 9) to run the maintenance script
`update.php` for Debian testing. However, this had no effect on Debian
stable installations (essentially idempotent since no version change
happened then).
Bumping version to 10 to ensure that update.php script runs for
FreedomBoxes on Debian Bullseye.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Fixes#1747
MediaWiki on Debian seems to store all uploaded files under images/
folder. The administrator can enable additional file types. In the
default configuration, only image files are permitted.
Manually tested that backup/restore works irrespective of file type.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Use php-fpm instead of using mod-php.
- Create database and setup permissions manually. Tables and initial data are
created during the initial setup process done by WordPress. Database upgrades
are handled by WordPress. Minor versions are upgraded automatically and major
version need user intervention.
- Backup/restore functionality including database.
- Install recommended extensions for performance.
- Setup and run cron jobs to ensure that scheduled publications are
completed (among other things). Service has systemd security features. Timer is
set to run every 10 minutes.
- Functional tests for adding/removing posts and backup/restore.
- Increase file upload size limit to 128MiB.
- A private mode (default) for keeping the setup process secure. Should be
disabled after first setup is completed. This uses a new approach using
file-based flag for different Apache configurations.
TODO:
- Find a nice way to allow WordPress to upload plugins/themes. Currently this
operation files and users are expected to manually scp the files to
/var/lib/wordpress/wp-content/{plugins,themes} directory.
Tests:
- Functional tests.
- Schedule publishing of a post. Notice that post got published.
- Test uploading a file larger than 2MiB.
- Test enabling permalinks. This leads to nicer looking URLs.
- Test adding images to posts/pages.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Better error handling
- You may retroactively diagnose and fix problems
- Shows the most important issues first
audit.models.Diagnosis
- Added JSON serialization (needed for IPC)
- Replaced ambiguous vocabulary
- Provided a sorting key
audit, diagnosis
- Support title translation
If the domain part was not provided, $myhostname will be used.
In case $myhostname is not in $mydestinations, the email will be relayed.
In case $myhostname is invalid, the email will be bounced.
The next hop should always be LMTP (local: transport)
and hence the `@localhost`
- View: security.html -> email_security.html
- Setup: will not install Redis
- Setup: put clamav packages on hold
- Crash recovery: opening firewall ports becomes the last post action
- Crash recovery: group postconf.set_many into small transactions
- Crash recovery: safer postconf.set_master_cf_options
- Make extensive use of the milter protocol
- Milter: add X-Fbx- headers to emails
- All submitted mails go to smtp:localhost:10025 for filtering
- Header privacy for submitted mails
- Rspamd: be able to inject and replace FreedomBox-managed config
- Reserve special addresses for future use
Known issue: internal emails do not go through spam filtering
- Move render_tabs into plinth.views
- Move admin_tabs and user_tabs into the class
- New interproc module contains inter-process functions
- New helper methods in TabMixin
email_server:
- `-i` option passes all remaining arguments to action
- delete unused "touch file" option
Views:
- delete broken links
- add tabs to every page
- separate admin tabs from user tabs
- Separate alias database from system
- Block mail to system users, without backscatter
- Alias management UI for non-admin users
- Enabling/Disabling aliases (mails to /dev/null)
Misc. changes
- Daemon management
- Backup information
- Postconf diagnostics interface
- New class: `MainCfDiagnosis`
- "Advise and repair" mechanism reduces the number of postconf calls
- File locking: lock acquisition moved into audit module
- Enables finer-grained control
