elena
92c5828b33
admin avatar added
2023-02-27 10:53:11 +00:00
Evilham
e15a3b760c
[dd.conf] Cleanup some variables
...
While at it, also ensure that API_SECRET gets rotated when running
./dd-ctl securize
2023-01-20 11:40:03 +01:00
Evilham
a72001dea5
[docker] Cleanup environment files
...
By having the environment explicit on each service, we both document
the settings and have more control over what each service is allowed
to see.
This avoids weird things like nginx having access to postgresql's
credentials on its environment.
As a bonus: we are able to use one single environment file, which is
basically dd.conf with some values that are dynamically-calculated and
added from dd-ctl.
2023-01-20 11:40:03 +01:00
Evilham
ea995c0336
[dd-ctl] Force DD_DEFAULT_BUILD length to 8 hex digits
...
This is used to tag Docker images in the registry / pull images form
the registry, it has been observed in the wiled that:
git rev-parse --short
can have different default values for its length depending on the
system.
We currently specify the length to be 8 as specified here:
https://git-scm.com/docs/git-rev-parse#Documentation/git-rev-parse.txt---shortlength
2023-01-03 10:18:54 +01:00
Evilham
c7d172f916
[dd-ctl] Improve image pulling before building
...
Using this differently may have been triggering DockerHub rates
2022-12-24 16:14:13 +01:00
Evilham
ac789f8d6c
[dd-ctl] Move NC forms towards the end
...
This may be causing issues when the plugin requires occ upgrade
Alternatively, installing plugins may require it.
While there, also remove one of the nextcloud_scan calls and delay it
along with logo customisation until after a potential ./occ upgrade
has taken place.
2022-12-24 16:13:29 +01:00
Evilham
cdfa4c5724
[api] Give operators the ability to easily add custom CSS
...
This enables various use-cases like custom icons and other personalisations.
2022-12-10 11:53:28 +01:00
Evilham
08ed2bb1bb
[moodle] Configure cookies to be HttpOnly
...
This is done with the cookiehttponly config set to 1.
2022-12-02 10:32:54 +01:00
Evilham
c0c5ee79fc
[dd-ctl] Unify for loops for apps that have to be disabled
2022-11-24 21:55:46 +01:00
Evilham
c38bf4caba
[dd-ctl] Remove leftover setup of dd-waf env
...
This is not needed since waf-modsecurity lives in dd-sso now.
2022-11-24 21:55:35 +01:00
Roger Garcia
8110da578b
Added disabled option in ClamAV
2022-11-24 21:55:29 +01:00
Roger Garcia
4de82fc041
Conditionally enable/disable ClamAV
2022-11-24 21:54:17 +01:00
Roger Garcia
07913ff7f8
Added clamav configuration in nextcloud
2022-11-24 16:35:09 +01:00
Roger Garcia
fcfd5265a1
Added clamav image and configuration
2022-11-24 16:35:09 +01:00
Evilham
09fec74915
[WAF] Consolidate proxies and documentation
...
The environment / dd.conf variables: PROXY_PROTOCOL and DISABLE_WAF
determine how DD and HAProxy will behave.
- PROXY_PROTOCOL: whether or not the PROXY protocol will be accepted
- DISABLE_WAF: whether or not WAF will be enabled
This simplifies maintenance, as well as the overall architecture and operation.
While at it, we now publish images for DD's HAProxy as well.
2022-11-24 12:54:46 +01:00
Manuel Caballero
e6325c9618
enable and disable modsecurity env_var
2022-11-24 10:01:37 +01:00
Manuel Caballero
8050fb4fe4
fix shellcheck docker-compose command
2022-11-24 10:01:37 +01:00
Manuel Caballero
392f8e0ee9
Volume to modsecurity
2022-11-24 10:01:37 +01:00
Manuel Caballero
c19872dadb
update README.md
2022-11-24 10:01:37 +01:00
Manuel Caballero
d3c78c5bb0
config vhost and dd rules modsecurity on volumen
2022-11-24 10:01:37 +01:00
Manuel Caballero
5f1d0acf27
update documentation
2022-11-24 10:01:37 +01:00
Manuel Caballero
26728a3c72
configure deploy modsecurity
2022-11-24 10:01:37 +01:00
Manuel Caballero
2395789c9d
update readme
2022-11-24 10:01:36 +01:00
Manuel Caballero
fcff698f6f
exclude rules
2022-11-24 10:01:36 +01:00
Manuel Caballero
e2815d8151
update path and fix write error
2022-11-24 10:01:36 +01:00
Manuel Caballero
b10178f0f7
Initial config modsecurity
2022-11-24 10:01:35 +01:00
Evilham
596bc4ef5d
[dd-ctl] Actually pull images, else we might not use them
...
This performs a pull on docker-compose build as well
2022-11-23 20:51:27 +01:00
Evilham
75e314ff7e
[NC] Remove jQuery dependency for theme's navbar.js
...
It wasn't really necessary and could lead to the whole megamenu not
being loaded under certain circumstances.
2022-11-13 10:03:47 +01:00
Evilham
f355b160a1
Revert "DD- facilita la instalacion desde el dd-ctl"
...
This reverts commit bd27ef4b6a
.
Which is generating various installation issues.
2022-11-13 10:02:24 +01:00
elena
bd27ef4b6a
DD- facilita la instalacion desde el dd-ctl
2022-10-30 20:09:09 +01:00
Evilham
651d5f8e90
[dd-ctl] Fix previously introduced shellcheck issue
...
Caught in CI and introduced when disabling the circles app.
2022-10-30 20:04:49 +01:00
Evilham
d2fb24379a
[nextcloud] Disable circles app
...
People get confused, and we really only use circles.
2022-10-18 11:05:11 +02:00
elena
089876ff28
moodle new atto plugin
2022-10-18 08:37:26 +00:00
elena
226d0f7861
new moodle plugins to install
2022-10-18 08:37:26 +00:00
Evilham
8cbff5b8c6
[saml] Rework SAML handling
...
This separates stages more efficiently, and we are e.g. able to
support newer versions of Nextcloud's SAML plugin.
2022-09-23 08:39:40 +02:00
Evilham
3ae974432a
[registry] Add dd-sso-admin as an image
...
This would be the first image that is already distributed directly
from the registry to improve setup and maintenance.
2022-09-22 12:48:13 +02:00
Evilham
3c53a5aead
[wp] Fix multisite installation
...
While there we also simplify DD by removing an the unnecessary wp-cli
container.
2022-09-22 12:40:31 +02:00
Evilham
7d7c2ddfcf
[containers] Add healthcheck for SSO redirections
...
This will help us catch issues in e.g. moodle, nextcloud and wp.
2022-09-22 11:52:15 +02:00
Evilham
397655232f
[dd-ctl] Moodle plugins install: reduce verbosity
...
This was polluting the logs making debugging difficult.
2022-09-06 19:37:29 +02:00
Evilham
66e009abff
[dd-ctl] Fix installation
...
By toying with the new CI we discover that:
Commit 075529f472
gets into an endless
loop:
WARNING:root:Could not get moodle SAML2 crt certificate. Retrying...
See: https://ci.dd-work.space/#/builders/4/builds/62/steps/8/logs/stdio
But by reverting 52f99c38bb
it works as
expected.
See: https://ci.dd-work.space/#/builders/4/builds/67/steps/8/logs/stdio
Upon investigation, we were not waiting for moodle to be fully up
because 'healthy' is a substring of 'unhealthy' and grep wasn't taking
that into account.
2022-09-06 19:35:23 +02:00
Evilham
08a36cce9f
[dd-ctl] Bundle up some docker commands
...
This ought to be faster and is easier to read.
2022-09-06 19:30:12 +02:00
Evilham
52f99c38bb
[shellcheck] Fix ShellCheck issues
...
Detected on the CI we are testing.
2022-08-30 14:41:19 +02:00
Evilham
5bb3afe2aa
[dd-ctl] Fix installations without docker
...
When we improved the update process, we introduced a deadlock when not
having docker.
By separating update from repo-update we can differentiate those cases:
- update: full update of an existing installation
- repo-update: bring repository to latest stand
2022-08-30 12:42:08 +02:00
Jose Antonio Exposito Garcia
b58e43f5d4
install package in worpdress docker for plugin gsite
2022-08-26 12:55:06 +00:00
Evilham
3fa0d48858
[dd-ctl] Adapt update subcommand with all actions
...
This way existing installations can just run ./dd-ctl update and have a
working environment with the latest version.
2022-08-08 11:58:04 +02:00
Evilham
e3b1513725
[dd-ctl] [moodle] Do not use plugin dd.conf vars
...
This was a bad design choice since it doesn't allow us to easily manage
the intended plugin version and therefore keep them up to date.
As a short-term mechanism, we change the used variables to have the
_OVERRIDE suffix and default in dd-ctl to the actual URLs, while also
removing them from dd.conf.sample.
This solves the issue in both current and future installations; in a
near future we want to have these dependencies in a .tsv file where they
can easily be managed.
2022-08-08 11:42:28 +02:00
Evilham
80ff9cce22
[dd-ctl] [nc] forms plugin branch + occ upgrade
...
When installing / upgrading plugins it is often the case that occ
upgrade needs to run.
2022-08-08 11:40:57 +02:00
Evilham
71237cabb6
[dd-ctl] Remove some docker calls
2022-08-03 10:29:25 +02:00
Evilham
74b209b55b
[dd-ctl] [nc] Add patches while they land upstream
...
See: https://github.com/nextcloud/mail/pull/6908
2022-07-30 23:05:51 +02:00
Evilham
4324812807
[correu] Add registration for SAML client
2022-07-28 16:28:47 +02:00