Commit Graph

146 Commits (f4a3d38384a5976a5d101375d1615784fc43a4c4)

Author SHA1 Message Date
Evilham f4a3d38384
[NC] Update mail plugin patch for NC 24
This is still not on release line supporting NC 24 line (v1.15.1) and
having an older appinfo may be producing issues.
2023-01-12 11:45:51 +01:00
Evilham ea995c0336
[dd-ctl] Force DD_DEFAULT_BUILD length to 8 hex digits
This is used to tag Docker images in the registry / pull images form
the registry, it has been observed in the wiled that:

    git rev-parse --short

can have different default values for its length depending on the
system.

We currently specify the length to be 8 as specified here:
https://git-scm.com/docs/git-rev-parse#Documentation/git-rev-parse.txt---shortlength
2023-01-03 10:18:54 +01:00
Evilham 3cfa0630d6
[docs] Add UPDATING documenting important and breaking changes
The first example of these changes relates to the latest Nextcloud
upgrades to major version 24.

Operators are now expected to read the latest version this file before
updating their instances.
2022-12-24 20:34:06 +01:00
Roger Garcia f55e830e2c
Upgrade NC to version 24.0.8 2022-12-24 20:02:46 +01:00
Roger Garcia 57c87d7172
Upgrade NC to version 23.0.11 2022-12-24 19:29:52 +01:00
Roger Garcia cbb4e06e89
Upgrade NC to version 22.2.10 2022-12-24 17:09:02 +01:00
Roger Garcia db4a6d14e9
Added new parameter IMG_NEXTCLOUD_OVERRIDE defaulting to nextcloud.yaml 2022-12-24 16:14:13 +01:00
Evilham c7d172f916
[dd-ctl] Improve image pulling before building
Using this differently may have been triggering DockerHub rates
2022-12-24 16:14:13 +01:00
Evilham ac789f8d6c
[dd-ctl] Move NC forms towards the end
This may be causing issues when the plugin requires occ upgrade

Alternatively, installing plugins may require it.

While there, also remove one of the nextcloud_scan calls and delay it
along with logo customisation until after a potential ./occ upgrade
has taken place.
2022-12-24 16:13:29 +01:00
Evilham 0994ea6bed
NotaBLE: add information about the project
NotaBLE és la col·laboració entre Gwido i el Workspace educatiu DD.

És un projecte de Xnet, IsardVDI, Gwido i Taller de Músics, guanyador
de la Ciutat Proactiva 2021, suport a la innovació urbana de la
Fundació BitHabitat.
2022-12-15 12:36:00 +01:00
Evilham bbc8051260
[dd-sso] Fix regression in API
Recent simplifications to the API contained a typo which resulted in
the logo not being visible.

Reported by:	Gwido
2022-12-13 21:51:01 +01:00
Evilham 1dc6343ca5
[docs] Add missing image for documentation 2022-12-12 12:52:35 +01:00
Evilham 583664cca8
[dd-sso] Add project texts for API documentation 2022-12-12 12:50:41 +01:00
Evilham d37b4dfa6a
[dd-sso] Add API documentation
The API spec file can be generated with:

python -m admin.views.test.test_ApiViews --generate-spec

From the admin development environment.

A simple testing ground that serves the Swagger UI can also be started with:

python -m admin.views.test.test_ApiViews
2022-12-11 19:13:03 +01:00
Evilham 10e6afe351
[dd-sso] Add tests and refactor API
These tests can be executed with:
python -m unittest discover -s admin.views.test
2022-12-11 14:00:47 +01:00
Evilham 579af2b31c
[dd-sso] Adapt admin so it is easily importable
This paves the path forward for thorough testing.
2022-12-11 10:28:37 +01:00
Evilham cdfa4c5724
[api] Give operators the ability to easily add custom CSS
This enables various use-cases like custom icons and other personalisations.
2022-12-10 11:53:28 +01:00
Evilham f3108ac3dc
[api] Add type hints and cleanup
This makes modifying the existing code easier
2022-12-06 19:26:08 +01:00
Evilham 53674bfb24
[api] Reorganise and be more forgiving on yml
This allows for more flexible settings in
custom/menu/[custom|system].yml

And it makes the default values explicit
2022-12-06 18:15:05 +01:00
elena 2368a072d1 new footer added to admin login page 2022-12-02 13:16:38 +00:00
elena 5a7269d437 fixed: to hide element with data-action=onlyofficeDocxf is required important on css style 2022-12-02 10:22:01 +00:00
Evilham 740f799b9c
[WP] Add CSP and Content-Type-Options headers
We do this more reliably on HAProxy, as doing it from WP requires
specialised plugins and in DD we are sure that traffic goes through
the corresponding HAProxy backend.
2022-12-02 11:13:33 +01:00
Evilham 08ed2bb1bb
[moodle] Configure cookies to be HttpOnly
This is done with the cookiehttponly config set to 1.
2022-12-02 10:32:54 +01:00
Evilham 8f5de8af6a
[network] Fix handling of forwarded headers
This fixes several issues where services would see the internal IP of
the proxy and not that of the client.

It works by first unsetting any proxy-related headers that arrive from
the internet, then setting those as seen by HAProxy's entrypoint
frontend.
And finally making sure that neither WAF when enabled nor other
HAProxy backends touch these headers, while they are actually used by
the final services.

Services affected:	Netcloud, Keycloak, Moodle
2022-12-02 06:49:56 +01:00
Evilham ba3b4ba46f
[docs] Fix edit links and add more metadata
Reported by:	@pedrolab
2022-12-01 14:40:23 +01:00
Evilham 30a86dc477
[docs] Add updated diagram and process documentation
This has been the praxis for a long time.
2022-12-01 13:02:57 +01:00
Manolo Caballero e45eec6822 [dd-waf] block external access to sensible URLs 2022-12-01 10:49:56 +00:00
Evilham c0c5ee79fc
[dd-ctl] Unify for loops for apps that have to be disabled 2022-11-24 21:55:46 +01:00
Evilham c38bf4caba
[dd-ctl] Remove leftover setup of dd-waf env
This is not needed since waf-modsecurity lives in dd-sso now.
2022-11-24 21:55:35 +01:00
Roger Garcia 8110da578b
Added disabled option in ClamAV 2022-11-24 21:55:29 +01:00
Roger Garcia 4de82fc041
Conditionally enable/disable ClamAV 2022-11-24 21:54:17 +01:00
Roger Garcia 07913ff7f8
Added clamav configuration in nextcloud 2022-11-24 16:35:09 +01:00
Roger Garcia fcfd5265a1
Added clamav image and configuration 2022-11-24 16:35:09 +01:00
Evilham 09fec74915
[WAF] Consolidate proxies and documentation
The environment / dd.conf variables: PROXY_PROTOCOL and DISABLE_WAF
determine how DD and HAProxy will behave.

- PROXY_PROTOCOL: whether or not the PROXY protocol will be accepted
- DISABLE_WAF: whether or not WAF will be enabled

This simplifies maintenance, as well as the overall architecture and operation.

While at it, we now publish images for DD's HAProxy as well.
2022-11-24 12:54:46 +01:00
Manuel Caballero e6325c9618
enable and disable modsecurity env_var 2022-11-24 10:01:37 +01:00
Manuel Caballero 8050fb4fe4
fix shellcheck docker-compose command 2022-11-24 10:01:37 +01:00
Manuel Caballero 392f8e0ee9
Volume to modsecurity 2022-11-24 10:01:37 +01:00
Manuel Caballero c19872dadb
update README.md 2022-11-24 10:01:37 +01:00
Manuel Caballero d3c78c5bb0
config vhost and dd rules modsecurity on volumen 2022-11-24 10:01:37 +01:00
Manuel Caballero 5f1d0acf27
update documentation 2022-11-24 10:01:37 +01:00
Manuel Caballero 26728a3c72
configure deploy modsecurity 2022-11-24 10:01:37 +01:00
Manuel Caballero 2af96ac3c0
update haproxy and image from repository 2022-11-24 10:01:36 +01:00
Manuel Caballero 2395789c9d
update readme 2022-11-24 10:01:36 +01:00
Manuel Caballero fcff698f6f
exclude rules 2022-11-24 10:01:36 +01:00
Manuel Caballero cb183de9cf
config owasp exclusion wordpress and nextcloud and config stdout sterr in apache 2022-11-24 10:01:36 +01:00
Manuel Caballero 8a71165817
fix config.php file permissions 2022-11-24 10:01:36 +01:00
Manuel Caballero e2815d8151
update path and fix write error 2022-11-24 10:01:36 +01:00
Manuel Caballero 1375f4c102
remove cerbot service 2022-11-24 10:01:35 +01:00
Manuel Caballero b10178f0f7
Initial config modsecurity 2022-11-24 10:01:35 +01:00
elena b26ceba71a hide element icon-onlyoffice-new-docxf_element from menu by css using data-action 2022-11-24 08:43:06 +00:00