Commit Graph

163 Commits (567bfd770d8c09f03db8416f1e8e6c6fa8590f42)

Author SHA1 Message Date
Evilham 09fec74915
[WAF] Consolidate proxies and documentation
The environment / dd.conf variables: PROXY_PROTOCOL and DISABLE_WAF
determine how DD and HAProxy will behave.

- PROXY_PROTOCOL: whether or not the PROXY protocol will be accepted
- DISABLE_WAF: whether or not WAF will be enabled

This simplifies maintenance, as well as the overall architecture and operation.

While at it, we now publish images for DD's HAProxy as well.
2022-11-24 12:54:46 +01:00
Manuel Caballero e6325c9618
enable and disable modsecurity env_var 2022-11-24 10:01:37 +01:00
Manuel Caballero 8050fb4fe4
fix shellcheck docker-compose command 2022-11-24 10:01:37 +01:00
Manuel Caballero 392f8e0ee9
Volume to modsecurity 2022-11-24 10:01:37 +01:00
Manuel Caballero c19872dadb
update README.md 2022-11-24 10:01:37 +01:00
Manuel Caballero d3c78c5bb0
config vhost and dd rules modsecurity on volumen 2022-11-24 10:01:37 +01:00
Manuel Caballero 5f1d0acf27
update documentation 2022-11-24 10:01:37 +01:00
Manuel Caballero 26728a3c72
configure deploy modsecurity 2022-11-24 10:01:37 +01:00
Manuel Caballero 2af96ac3c0
update haproxy and image from repository 2022-11-24 10:01:36 +01:00
Manuel Caballero 2395789c9d
update readme 2022-11-24 10:01:36 +01:00
Manuel Caballero fcff698f6f
exclude rules 2022-11-24 10:01:36 +01:00
Manuel Caballero cb183de9cf
config owasp exclusion wordpress and nextcloud and config stdout sterr in apache 2022-11-24 10:01:36 +01:00
Manuel Caballero 8a71165817
fix config.php file permissions 2022-11-24 10:01:36 +01:00
Manuel Caballero e2815d8151
update path and fix write error 2022-11-24 10:01:36 +01:00
Manuel Caballero 1375f4c102
remove cerbot service 2022-11-24 10:01:35 +01:00
Manuel Caballero b10178f0f7
Initial config modsecurity 2022-11-24 10:01:35 +01:00
elena b26ceba71a hide element icon-onlyoffice-new-docxf_element from menu by css using data-action 2022-11-24 08:43:06 +00:00
elena 9a7389da46 Merge branch 'feature/nextcloud_hide_icon-onlyoffice-new-docxf_element' of https://gitlab.com/DD-workspace/DD into feature/nextcloud_hide_icon-onlyoffice-new-docxf_element 2022-11-24 08:38:07 +00:00
elena c6bc45cb96 Nextcloud - hide element: Nueva plantilla de formulario 2022-11-24 08:05:13 +00:00
Evilham 596bc4ef5d
[dd-ctl] Actually pull images, else we might not use them
This performs a pull on docker-compose build as well
2022-11-23 20:51:27 +01:00
elena 56c8537b98 Nextcloud - hide element: Nueva plantilla de formulario 2022-11-23 15:12:38 +00:00
Evilham ca8b29dd5e
[dd-sso/api] Cover all cases, add docs for megamenu internal links
These documentation convering these changes should be visible in:
https://dd.digitalitzacio-democratica.xnet-x.net/docs/customising.ca/
2022-11-23 12:54:21 +01:00
elena 97b4916983 new validation to create href 2022-11-15 11:47:04 +00:00
elena 0b03efc73e changes recommended by evilham 2022-11-15 08:58:57 +00:00
elena ec4f4587d4 new megamenu link: DD manual 2022-11-14 15:07:40 +00:00
Evilham b92dc23557
[sso] Allow for Keycloak login footer customisation
This enables more advanced customisation by allowing for
administrators to fully replace the footer of the login theme.

We try to take into account maintainability, at the same time mention
that it is the administrators' responsibility to keep their
customisations compatible with newer versions of DD.
2022-11-13 10:03:49 +01:00
Evilham 75e314ff7e
[NC] Remove jQuery dependency for theme's navbar.js
It wasn't really necessary and could lead to the whole megamenu not
being loaded under certain circumstances.
2022-11-13 10:03:47 +01:00
Evilham f355b160a1
Revert "DD- facilita la instalacion desde el dd-ctl"
This reverts commit bd27ef4b6a.

Which is generating various installation issues.
2022-11-13 10:02:24 +01:00
elena bd27ef4b6a
DD- facilita la instalacion desde el dd-ctl 2022-10-30 20:09:09 +01:00
Evilham 651d5f8e90
[dd-ctl] Fix previously introduced shellcheck issue
Caught in CI and introduced when disabling the circles app.
2022-10-30 20:04:49 +01:00
Evilham 071bcd827f
[dd-admin] Fix issue propagating changes to NC
There was erroneous logic that only propagated the first attribute of
many, so some attribute changes were never propagated to NextCloud.
2022-10-30 20:01:44 +01:00
Evilham 895a20abba
[dd-admin] Fix email schemas in certain API endpoints
Dot character was not being properly escaped, we switch to using
bracket expressions to avoid possible future issues.
2022-10-23 19:45:40 +02:00
Evilham d2fb24379a
[nextcloud] Disable circles app
People get confused, and we really only use circles.
2022-10-18 11:05:11 +02:00
elena 089876ff28 moodle new atto plugin 2022-10-18 08:37:26 +00:00
elena 226d0f7861 new moodle plugins to install 2022-10-18 08:37:26 +00:00
Evilham 559a90fba9
[mail] Refactor queue for easier maintenance, use name
We thought the name parameter was the account name to be shown in the
plugin, but it is the contents of the "From" email header instead.

While changing that, we also update the code to better match the open
Pull Request upstream that adds the update-account to the mail plugin
for nextcloud.
2022-10-17 19:06:59 +02:00
elena 3102b3c1f4 conflicts resolved 2022-09-26 07:37:39 +00:00
Evilham fdc3d74958
[saml] Rework SAML handling
This separates stages more efficiently, and we are e.g. able to
support newer versions of Nextcloud's SAML plugin.
2022-09-23 19:14:02 +02:00
Evilham 8cbff5b8c6
[saml] Rework SAML handling
This separates stages more efficiently, and we are e.g. able to
support newer versions of Nextcloud's SAML plugin.
2022-09-23 08:39:40 +02:00
Evilham ede83e1514
[moodle] Reduce unnecessary diff against upstream 2022-09-23 06:52:33 +02:00
Evilham 3ae974432a
[registry] Add dd-sso-admin as an image
This would be the first image that is already distributed directly
from the registry to improve setup and maintenance.
2022-09-22 12:48:13 +02:00
Evilham 3c53a5aead
[wp] Fix multisite installation
While there we also simplify DD by removing an the unnecessary wp-cli
container.
2022-09-22 12:40:31 +02:00
Evilham 7d7c2ddfcf
[containers] Add healthcheck for SSO redirections
This will help us catch issues in e.g. moodle, nextcloud and wp.
2022-09-22 11:52:15 +02:00
Evilham 397655232f
[dd-ctl] Moodle plugins install: reduce verbosity
This was polluting the logs making debugging difficult.
2022-09-06 19:37:29 +02:00
Evilham 66e009abff
[dd-ctl] Fix installation
By toying with the new CI we discover that:
Commit 075529f472 gets into an endless
loop:
    WARNING:root:Could not get moodle SAML2 crt certificate. Retrying...
See: https://ci.dd-work.space/#/builders/4/builds/62/steps/8/logs/stdio

But by reverting 52f99c38bb it works as
expected.
See: https://ci.dd-work.space/#/builders/4/builds/67/steps/8/logs/stdio

Upon investigation, we were not waiting for moodle to be fully up
because 'healthy' is a substring of 'unhealthy' and grep wasn't taking
that into account.
2022-09-06 19:35:23 +02:00
Evilham 08a36cce9f
[dd-ctl] Bundle up some docker commands
This ought to be faster and is easier to read.
2022-09-06 19:30:12 +02:00
Evilham 34761e028b
[sso-admin] Improve postup's idempotency
The class was only checking whether or not a specific token exists in
moodle, and it should ensure that it has access to the right permissions

Reported by:	@elena61
2022-09-06 19:29:37 +02:00
Evilham 075529f472
[haproxy] Remove leftovers, fix config selection
dd-apps/docker/haproxy seems to be a leftover and is not being used
anywhere.

Also fix the config selection for HAProxy.
2022-08-30 22:17:57 +02:00
Evilham 72f9d927e1
[haproxy] Support other HAProxy configurations
This can be used by setting up HAPROXY_CONF in dd.conf, which will
determine which config file will be used.

We also add haproxy.proxy-protocol.conf which is cleaner than
haproxy.conf and allows the PROXY protocol on certain ports.
With this setup it is possible to e.g. run DD without a public IPv4
address by proxying it from an edge server.
2022-08-30 20:47:42 +02:00
elena 993b5f0e24 fixed mysql-connector-python version. fixed mariadb conection user and pwd 2022-08-30 16:58:30 +02:00