ae541ca752
- TLS configuration as recommended by Mozilla's SSL Configuration Generator with 'Intermediate' configuration. See: https://wiki.mozilla.org/Security/Server_Side_TLS - Disable ciphers that are weak or without forward secrecy. - Allow client to choose ciphers as they will know best if they have support for hardware-accelerated AES. - TLS session tickets (RFC 5077) require restarting web server with an appropriate frequency. See: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslsessiontickets - Send OCSP responses to the client and reduce their round trips. - No need to increment apache app version number as it has already been incremented in this release cycle for enabling HTTP/2 module. Tests: - FreedomBox interface is reachable with the changes. - ssllabs.com gives an A+ rating on a server with these changes. - All ciphers are shown as secure. - Forward Secrecy rating is ROBUST. - OCSP stapling shows as enabled. - Client support seems to match the expected after dropping <= TLS1.1. - Session resumption with tickets shows as disabled. Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org> Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
FreedomBox Service (Plinth)
The core functionality and web front-end of FreedomBox.
Description
FreedomBox is a community project to develop, design and promote personal servers running free software for private, personal communications. It is a networking appliance designed to allow interfacing with the rest of the Internet under conditions of protected privacy and data security. It hosts applications such as blog, wiki, website, social network, email, web proxy and a Tor relay, on a device that can replace your Wi-Fi router, so that your data stays with you.
This module, called FreedomBox Service and also know as Plinth, is the core functionality and web interface to the functions of the FreedomBox. It is extensible and provides various applications of FreedomBox as modules. Each module or application provides simplified user interface to control the underlying functionality. As FreedomBox can act as a wireless router, it is possible to configure networking. It also allows configuration of basic system parameters such as time zone, hostname and automatic upgrades.
You can find more information about FreedomBox Service (Plinth) on the Plinth Wiki page, the FreedomBox Wiki and the FreedomBox Manual.
Getting Started
To have a running FreedomBox, first install Debian (Buster or higher) on a clean machine. Then run:
$ sudo apt install freedombox
Full instructions are available on FreedomBox Manual's QuickStart page.
For instructions on running the service on a local machine from source code, see INSTALL.md. For instructions on setting up for development purposes, see HACKING.md.
Contributing
See the HACKING.md file for contributing to FreedomBox Service (Plinth).
Localization
