Commit Graph

124 Commits (08ed2bb1bb1e6765fcc02c81d9408e749eee0902)

Author SHA1 Message Date
Evilham 08ed2bb1bb
[moodle] Configure cookies to be HttpOnly
This is done with the cookiehttponly config set to 1.
2022-12-02 10:32:54 +01:00
Evilham 8f5de8af6a
[network] Fix handling of forwarded headers
This fixes several issues where services would see the internal IP of
the proxy and not that of the client.

It works by first unsetting any proxy-related headers that arrive from
the internet, then setting those as seen by HAProxy's entrypoint
frontend.
And finally making sure that neither WAF when enabled nor other
HAProxy backends touch these headers, while they are actually used by
the final services.

Services affected:	Netcloud, Keycloak, Moodle
2022-12-02 06:49:56 +01:00
Evilham ba3b4ba46f
[docs] Fix edit links and add more metadata
Reported by:	@pedrolab
2022-12-01 14:40:23 +01:00
Evilham 30a86dc477
[docs] Add updated diagram and process documentation
This has been the praxis for a long time.
2022-12-01 13:02:57 +01:00
Manolo Caballero e45eec6822 [dd-waf] block external access to sensible URLs 2022-12-01 10:49:56 +00:00
Evilham c0c5ee79fc
[dd-ctl] Unify for loops for apps that have to be disabled 2022-11-24 21:55:46 +01:00
Evilham c38bf4caba
[dd-ctl] Remove leftover setup of dd-waf env
This is not needed since waf-modsecurity lives in dd-sso now.
2022-11-24 21:55:35 +01:00
Roger Garcia 8110da578b
Added disabled option in ClamAV 2022-11-24 21:55:29 +01:00
Roger Garcia 4de82fc041
Conditionally enable/disable ClamAV 2022-11-24 21:54:17 +01:00
Roger Garcia 07913ff7f8
Added clamav configuration in nextcloud 2022-11-24 16:35:09 +01:00
Roger Garcia fcfd5265a1
Added clamav image and configuration 2022-11-24 16:35:09 +01:00
Evilham 09fec74915
[WAF] Consolidate proxies and documentation
The environment / dd.conf variables: PROXY_PROTOCOL and DISABLE_WAF
determine how DD and HAProxy will behave.

- PROXY_PROTOCOL: whether or not the PROXY protocol will be accepted
- DISABLE_WAF: whether or not WAF will be enabled

This simplifies maintenance, as well as the overall architecture and operation.

While at it, we now publish images for DD's HAProxy as well.
2022-11-24 12:54:46 +01:00
Manuel Caballero e6325c9618
enable and disable modsecurity env_var 2022-11-24 10:01:37 +01:00
Manuel Caballero 8050fb4fe4
fix shellcheck docker-compose command 2022-11-24 10:01:37 +01:00
Manuel Caballero 392f8e0ee9
Volume to modsecurity 2022-11-24 10:01:37 +01:00
Manuel Caballero c19872dadb
update README.md 2022-11-24 10:01:37 +01:00
Manuel Caballero d3c78c5bb0
config vhost and dd rules modsecurity on volumen 2022-11-24 10:01:37 +01:00
Manuel Caballero 5f1d0acf27
update documentation 2022-11-24 10:01:37 +01:00
Manuel Caballero 26728a3c72
configure deploy modsecurity 2022-11-24 10:01:37 +01:00
Manuel Caballero 2af96ac3c0
update haproxy and image from repository 2022-11-24 10:01:36 +01:00
Manuel Caballero 2395789c9d
update readme 2022-11-24 10:01:36 +01:00
Manuel Caballero fcff698f6f
exclude rules 2022-11-24 10:01:36 +01:00
Manuel Caballero cb183de9cf
config owasp exclusion wordpress and nextcloud and config stdout sterr in apache 2022-11-24 10:01:36 +01:00
Manuel Caballero 8a71165817
fix config.php file permissions 2022-11-24 10:01:36 +01:00
Manuel Caballero e2815d8151
update path and fix write error 2022-11-24 10:01:36 +01:00
Manuel Caballero 1375f4c102
remove cerbot service 2022-11-24 10:01:35 +01:00
Manuel Caballero b10178f0f7
Initial config modsecurity 2022-11-24 10:01:35 +01:00
elena b26ceba71a hide element icon-onlyoffice-new-docxf_element from menu by css using data-action 2022-11-24 08:43:06 +00:00
elena 9a7389da46 Merge branch 'feature/nextcloud_hide_icon-onlyoffice-new-docxf_element' of https://gitlab.com/DD-workspace/DD into feature/nextcloud_hide_icon-onlyoffice-new-docxf_element 2022-11-24 08:38:07 +00:00
elena c6bc45cb96 Nextcloud - hide element: Nueva plantilla de formulario 2022-11-24 08:05:13 +00:00
Evilham 596bc4ef5d
[dd-ctl] Actually pull images, else we might not use them
This performs a pull on docker-compose build as well
2022-11-23 20:51:27 +01:00
elena 56c8537b98 Nextcloud - hide element: Nueva plantilla de formulario 2022-11-23 15:12:38 +00:00
Evilham ca8b29dd5e
[dd-sso/api] Cover all cases, add docs for megamenu internal links
These documentation convering these changes should be visible in:
https://dd.digitalitzacio-democratica.xnet-x.net/docs/customising.ca/
2022-11-23 12:54:21 +01:00
elena 97b4916983 new validation to create href 2022-11-15 11:47:04 +00:00
elena 0b03efc73e changes recommended by evilham 2022-11-15 08:58:57 +00:00
elena ec4f4587d4 new megamenu link: DD manual 2022-11-14 15:07:40 +00:00
Evilham b92dc23557
[sso] Allow for Keycloak login footer customisation
This enables more advanced customisation by allowing for
administrators to fully replace the footer of the login theme.

We try to take into account maintainability, at the same time mention
that it is the administrators' responsibility to keep their
customisations compatible with newer versions of DD.
2022-11-13 10:03:49 +01:00
Evilham 75e314ff7e
[NC] Remove jQuery dependency for theme's navbar.js
It wasn't really necessary and could lead to the whole megamenu not
being loaded under certain circumstances.
2022-11-13 10:03:47 +01:00
Evilham f355b160a1
Revert "DD- facilita la instalacion desde el dd-ctl"
This reverts commit bd27ef4b6a.

Which is generating various installation issues.
2022-11-13 10:02:24 +01:00
elena bd27ef4b6a
DD- facilita la instalacion desde el dd-ctl 2022-10-30 20:09:09 +01:00
Evilham 651d5f8e90
[dd-ctl] Fix previously introduced shellcheck issue
Caught in CI and introduced when disabling the circles app.
2022-10-30 20:04:49 +01:00
Evilham 071bcd827f
[dd-admin] Fix issue propagating changes to NC
There was erroneous logic that only propagated the first attribute of
many, so some attribute changes were never propagated to NextCloud.
2022-10-30 20:01:44 +01:00
Evilham 895a20abba
[dd-admin] Fix email schemas in certain API endpoints
Dot character was not being properly escaped, we switch to using
bracket expressions to avoid possible future issues.
2022-10-23 19:45:40 +02:00
Evilham d2fb24379a
[nextcloud] Disable circles app
People get confused, and we really only use circles.
2022-10-18 11:05:11 +02:00
elena 089876ff28 moodle new atto plugin 2022-10-18 08:37:26 +00:00
elena 226d0f7861 new moodle plugins to install 2022-10-18 08:37:26 +00:00
Evilham 559a90fba9
[mail] Refactor queue for easier maintenance, use name
We thought the name parameter was the account name to be shown in the
plugin, but it is the contents of the "From" email header instead.

While changing that, we also update the code to better match the open
Pull Request upstream that adds the update-account to the mail plugin
for nextcloud.
2022-10-17 19:06:59 +02:00
elena 3102b3c1f4 conflicts resolved 2022-09-26 07:37:39 +00:00
Evilham fdc3d74958
[saml] Rework SAML handling
This separates stages more efficiently, and we are e.g. able to
support newer versions of Nextcloud's SAML plugin.
2022-09-23 19:14:02 +02:00
Evilham 8cbff5b8c6
[saml] Rework SAML handling
This separates stages more efficiently, and we are e.g. able to
support newer versions of Nextcloud's SAML plugin.
2022-09-23 08:39:40 +02:00