Evilham
740f799b9c
[WP] Add CSP and Content-Type-Options headers
...
We do this more reliably on HAProxy, as doing it from WP requires
specialised plugins and in DD we are sure that traffic goes through
the corresponding HAProxy backend.
2022-12-02 11:13:33 +01:00
Evilham
08ed2bb1bb
[moodle] Configure cookies to be HttpOnly
...
This is done with the cookiehttponly config set to 1.
2022-12-02 10:32:54 +01:00
Evilham
8f5de8af6a
[network] Fix handling of forwarded headers
...
This fixes several issues where services would see the internal IP of
the proxy and not that of the client.
It works by first unsetting any proxy-related headers that arrive from
the internet, then setting those as seen by HAProxy's entrypoint
frontend.
And finally making sure that neither WAF when enabled nor other
HAProxy backends touch these headers, while they are actually used by
the final services.
Services affected: Netcloud, Keycloak, Moodle
2022-12-02 06:49:56 +01:00
Evilham
ba3b4ba46f
[docs] Fix edit links and add more metadata
...
Reported by: @pedrolab
2022-12-01 14:40:23 +01:00
Evilham
30a86dc477
[docs] Add updated diagram and process documentation
...
This has been the praxis for a long time.
2022-12-01 13:02:57 +01:00
Manolo Caballero
e45eec6822
[dd-waf] block external access to sensible URLs
2022-12-01 10:49:56 +00:00
Evilham
c0c5ee79fc
[dd-ctl] Unify for loops for apps that have to be disabled
2022-11-24 21:55:46 +01:00
Evilham
c38bf4caba
[dd-ctl] Remove leftover setup of dd-waf env
...
This is not needed since waf-modsecurity lives in dd-sso now.
2022-11-24 21:55:35 +01:00
Roger Garcia
8110da578b
Added disabled option in ClamAV
2022-11-24 21:55:29 +01:00
Roger Garcia
4de82fc041
Conditionally enable/disable ClamAV
2022-11-24 21:54:17 +01:00
Roger Garcia
07913ff7f8
Added clamav configuration in nextcloud
2022-11-24 16:35:09 +01:00
Roger Garcia
fcfd5265a1
Added clamav image and configuration
2022-11-24 16:35:09 +01:00
Evilham
09fec74915
[WAF] Consolidate proxies and documentation
...
The environment / dd.conf variables: PROXY_PROTOCOL and DISABLE_WAF
determine how DD and HAProxy will behave.
- PROXY_PROTOCOL: whether or not the PROXY protocol will be accepted
- DISABLE_WAF: whether or not WAF will be enabled
This simplifies maintenance, as well as the overall architecture and operation.
While at it, we now publish images for DD's HAProxy as well.
2022-11-24 12:54:46 +01:00
Manuel Caballero
e6325c9618
enable and disable modsecurity env_var
2022-11-24 10:01:37 +01:00
Manuel Caballero
8050fb4fe4
fix shellcheck docker-compose command
2022-11-24 10:01:37 +01:00
Manuel Caballero
392f8e0ee9
Volume to modsecurity
2022-11-24 10:01:37 +01:00
Manuel Caballero
c19872dadb
update README.md
2022-11-24 10:01:37 +01:00
Manuel Caballero
d3c78c5bb0
config vhost and dd rules modsecurity on volumen
2022-11-24 10:01:37 +01:00
Manuel Caballero
5f1d0acf27
update documentation
2022-11-24 10:01:37 +01:00
Manuel Caballero
26728a3c72
configure deploy modsecurity
2022-11-24 10:01:37 +01:00
Manuel Caballero
2af96ac3c0
update haproxy and image from repository
2022-11-24 10:01:36 +01:00
Manuel Caballero
2395789c9d
update readme
2022-11-24 10:01:36 +01:00
Manuel Caballero
fcff698f6f
exclude rules
2022-11-24 10:01:36 +01:00
Manuel Caballero
cb183de9cf
config owasp exclusion wordpress and nextcloud and config stdout sterr in apache
2022-11-24 10:01:36 +01:00
Manuel Caballero
8a71165817
fix config.php file permissions
2022-11-24 10:01:36 +01:00
Manuel Caballero
e2815d8151
update path and fix write error
2022-11-24 10:01:36 +01:00
Manuel Caballero
1375f4c102
remove cerbot service
2022-11-24 10:01:35 +01:00
Manuel Caballero
b10178f0f7
Initial config modsecurity
2022-11-24 10:01:35 +01:00
elena
b26ceba71a
hide element icon-onlyoffice-new-docxf_element from menu by css using data-action
2022-11-24 08:43:06 +00:00
elena
9a7389da46
Merge branch 'feature/nextcloud_hide_icon-onlyoffice-new-docxf_element' of https://gitlab.com/DD-workspace/DD into feature/nextcloud_hide_icon-onlyoffice-new-docxf_element
2022-11-24 08:38:07 +00:00
elena
c6bc45cb96
Nextcloud - hide element: Nueva plantilla de formulario
2022-11-24 08:05:13 +00:00
Evilham
596bc4ef5d
[dd-ctl] Actually pull images, else we might not use them
...
This performs a pull on docker-compose build as well
2022-11-23 20:51:27 +01:00
elena
56c8537b98
Nextcloud - hide element: Nueva plantilla de formulario
2022-11-23 15:12:38 +00:00
Evilham
ca8b29dd5e
[dd-sso/api] Cover all cases, add docs for megamenu internal links
...
These documentation convering these changes should be visible in:
https://dd.digitalitzacio-democratica.xnet-x.net/docs/customising.ca/
2022-11-23 12:54:21 +01:00
elena
97b4916983
new validation to create href
2022-11-15 11:47:04 +00:00
elena
0b03efc73e
changes recommended by evilham
2022-11-15 08:58:57 +00:00
elena
ec4f4587d4
new megamenu link: DD manual
2022-11-14 15:07:40 +00:00
Evilham
b92dc23557
[sso] Allow for Keycloak login footer customisation
...
This enables more advanced customisation by allowing for
administrators to fully replace the footer of the login theme.
We try to take into account maintainability, at the same time mention
that it is the administrators' responsibility to keep their
customisations compatible with newer versions of DD.
2022-11-13 10:03:49 +01:00
Evilham
75e314ff7e
[NC] Remove jQuery dependency for theme's navbar.js
...
It wasn't really necessary and could lead to the whole megamenu not
being loaded under certain circumstances.
2022-11-13 10:03:47 +01:00
Evilham
f355b160a1
Revert "DD- facilita la instalacion desde el dd-ctl"
...
This reverts commit bd27ef4b6a
.
Which is generating various installation issues.
2022-11-13 10:02:24 +01:00
elena
bd27ef4b6a
DD- facilita la instalacion desde el dd-ctl
2022-10-30 20:09:09 +01:00
Evilham
651d5f8e90
[dd-ctl] Fix previously introduced shellcheck issue
...
Caught in CI and introduced when disabling the circles app.
2022-10-30 20:04:49 +01:00
Evilham
071bcd827f
[dd-admin] Fix issue propagating changes to NC
...
There was erroneous logic that only propagated the first attribute of
many, so some attribute changes were never propagated to NextCloud.
2022-10-30 20:01:44 +01:00
Evilham
895a20abba
[dd-admin] Fix email schemas in certain API endpoints
...
Dot character was not being properly escaped, we switch to using
bracket expressions to avoid possible future issues.
2022-10-23 19:45:40 +02:00
Evilham
d2fb24379a
[nextcloud] Disable circles app
...
People get confused, and we really only use circles.
2022-10-18 11:05:11 +02:00
elena
089876ff28
moodle new atto plugin
2022-10-18 08:37:26 +00:00
elena
226d0f7861
new moodle plugins to install
2022-10-18 08:37:26 +00:00
Evilham
559a90fba9
[mail] Refactor queue for easier maintenance, use name
...
We thought the name parameter was the account name to be shown in the
plugin, but it is the contents of the "From" email header instead.
While changing that, we also update the code to better match the open
Pull Request upstream that adds the update-account to the mail plugin
for nextcloud.
2022-10-17 19:06:59 +02:00
elena
3102b3c1f4
conflicts resolved
2022-09-26 07:37:39 +00:00
Evilham
fdc3d74958
[saml] Rework SAML handling
...
This separates stages more efficiently, and we are e.g. able to
support newer versions of Nextcloud's SAML plugin.
2022-09-23 19:14:02 +02:00