pub-solar/matrix-docker-ansible-deploy
5
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
2650 commits 2 branches 0 tags 16 MiB
Commit graph

2650 commits

This branch
This branch
All branches
Author SHA1 Message Date
sakkiii 0ccf0fbf1c HSTS preload + X-XSS enables 
**HSTS Preloading:**
In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts) includes all subdomains, and indicates a willingness to be “preloaded” into browsers:
`Strict-Transport-Security: max-age=31536000; includeSubDomains; preload`

**X-Xss-Protection:**
`1; mode=block` which tells the browser to block the response if it detects an attack rather than sanitising the script.
 2021-04-24 12:12:34 +05:30
sakkiii 29bba5161b Element More security headers 
More Production ready nginx headers for Matrix client element.
 2021-04-24 11:10:40 +05:30
sak 88a30fb5ed security** node-exporter data & port publicly exposed 2021-04-19 15:35:23 +05:30
sak 0f9a455719 Revert "security** node-exporter data & port publicly exposed" 
This reverts commit d0cd709c08.
 2021-04-19 15:24:36 +05:30
sak d0cd709c08 security** node-exporter data & port publicly exposed 2021-04-19 15:15:59 +05:30
sakkiii 1958d0792d Update matrix-client-element.conf.j2 2021-04-17 21:33:07 +05:30
sakkiii b6d45c5fd8 Merge branch 'master' of https://github.com/sakkiii/matrix-docker-ansible-deploy 2021-04-17 21:03:26 +05:30
sakkiii 05042f5ff1 Improve security grafana 
- duplicate X-Content-Type-Options
- X-Frame-Options header
- Referrer-Policy [Might consider adding variable]
- Secure flag with cookies
- matrix_grafana_content_security_policy variable for [Content Security Policy](https://grafana.com/docs/grafana/latest/administration/configuration/#content_security_policy)
 2021-04-17 21:03:05 +05:30
Slavi Pantaleev 68ca81c8c2 Attempt to fix docker_network result discrepancy between Ansible versions 
Supposedly fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/907
 2021-04-17 11:42:06 +03:00
Slavi Pantaleev 9c1f41eadf
Merge pull request #1002 from thedanbob/node-exporter-1.1.2 
Update prometheus node exporter (1.1.0->1.1.2)
 2021-04-17 11:15:13 +03:00
Slavi Pantaleev 92925e5537
Merge pull request #1001 from thedanbob/prometheus-2.26.0 
Update prometheus (2.24.1->2.26.0)
 2021-04-17 11:14:53 +03:00
Dan Arnfield 8a550ce67c Update prometheus (2.24.1->2.26.0) 2021-04-16 09:25:45 -05:00
Dan Arnfield 83cc5c9e6a Update prometheus node exporter (1.1.0 -> 1.1.2) 2021-04-16 09:17:04 -05:00
sakkiii 5dc642ace1
Nginx element web: XSS protection & nosniff header 
X-XSS-Protection: 1; mode=block; header, for basic XSS protection in legacy browsers.
X-Content-Type-Options: nosniff header, to disable MIME sniffing
 2021-04-16 14:45:04 +05:30
Slavi Pantaleev fcb9e9618a Make Coturn TLSv1/v1.1 configurable 
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/999
 2021-04-16 09:29:32 +03:00
Slavi Pantaleev 8ae0628c2f
Merge pull request #999 from sakkiii/patch-1 
CoTurn Disable support for TLS 1.0 and TLS 1.1
 2021-04-16 09:21:23 +03:00
sakkiii 540416e32d
Disable support for TLS 1.0 and TLS 1.1 
These old versions of TLS rely on MD5 and SHA-1, both now broken, and contain other flaws. TLS 1.0 is no longer PCI-DSS compliant and the TLS working group has adopted a document to deprecate TLS 1.0 and TLS 1.1.
 2021-04-15 19:25:23 +05:30
Slavi Pantaleev ed3c9ccbd2
Merge pull request #998 from GoMatrixHosting/master 
GoMatrixHosting v0.4.2
 2021-04-15 12:20:27 +03:00
Michael-GMH 0607e01304 Merge remote-tracking branch 'upstream/master' 2021-04-15 17:08:03 +08:00
Michael-GMH 89cb5a3d7a GMH v0.4.2 update 2021-04-15 17:07:03 +08:00
Slavi Pantaleev c7c137df74 Upgrade nginx and certbot 2021-04-14 13:24:41 +03:00
Slavi Pantaleev 931452bb06 Upgrade exim (4.93 -> 4.94) 2021-04-14 08:57:01 +03:00
Slavi Pantaleev 316d7d815a Add FAQ entry about debugging SSL certificate renewal troubles 2021-04-13 10:52:38 +03:00
Slavi Pantaleev 291621c984
Merge pull request #997 from rakshazi/patch-3 
Updated Element Web 1.7.24.1 -> 1.7.25
 2021-04-13 09:22:08 +03:00
rakshazi 4f8e1bd43a
Updated Element Web 1.7.24.1 -> 1.7.25 2021-04-12 18:04:56 +00:00
Slavi Pantaleev 68db6d028b
Merge pull request #990 from haghighi-ahmad/feature-use-custom-docker-registry 
use custom docker registry
 2021-04-12 16:08:34 +03:00
Ahmad Haghighi 126fbbc0cc fix typo 2021-04-12 17:23:55 +04:30
Ahmad Haghighi e335f3fc77 rename matrix_global_registry to matrix_container_global_registry_prefix related to #990 
Signed-off-by: Ahmad Haghighi <haghighi@fedoraproject.org>
 2021-04-12 17:23:55 +04:30
Ahmad Haghighi f52a8b6484 use custom docker registry 2021-04-12 17:23:55 +04:30
Slavi Pantaleev 898c0a842e
Merge pull request #991 from aaronraimist/arch-sanity-check 
Add sanity check for server architecture
 2021-04-12 10:38:14 +03:00
Aaron Raimist 3d2142f88b
Add sanity check for server architecture 2021-04-10 16:14:32 -05:00
Slavi Pantaleev f751176069
Merge pull request #987 from MarcProe/master 
Fix for"nginx and two other services boot loops" #966
 2021-04-09 11:39:23 +03:00
Slavi Pantaleev 4ecfd78f92
Merge pull request #988 from aaronraimist/fix-mjolnir 
Fix step 3 of Mjolnir instructions
 2021-04-09 11:36:15 +03:00
Aaron Raimist 3e11ee158e
Fix step 3 of Mjolnir instructions 2021-04-08 13:32:44 -05:00
Marcus 3e119e483e
Update init.yml 
fix nginx boot loop
 2021-04-07 21:34:16 +02:00
Slavi Pantaleev 4830b7d830 Upgrade Synapse for ARM64 (1.30.1 -> 1.31.0) 2021-04-06 17:22:25 +03:00
Slavi Pantaleev 3f426de599 Upgrade Synapse (1.30.1 -> 1.31.0) 2021-04-06 16:00:10 +03:00
Slavi Pantaleev a1a0d91604 Make prometheus-node-exporter not overlap with Synapse metrics port 
This was causing a port conflict when `matrix_nginx_proxy_enabled: false`.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/983
 2021-04-06 12:23:43 +03:00
Slavi Pantaleev c386e8e9db Use integers for some variables 
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/868
 2021-04-05 11:38:23 +03:00
Slavi Pantaleev 832e191ab8 Fix incorrect variable usage in when statement 
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/868
 2021-04-05 11:32:48 +03:00
Slavi Pantaleev 1b55766927 Do not redefine matrix-postgres role vars in matrix-postgres-backup 
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/868
 2021-04-05 11:32:19 +03:00
Slavi Pantaleev 298556e02e Fix undefined matrix_postgres_backup_detected_version_corresponding_docker_image 
.. and prevent variable name overlap with `matrix-postgres` for the
other variables as well.

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/868
 2021-04-05 11:23:12 +03:00
Slavi Pantaleev 6526087c14 Announce automated local Postgres backup support 2021-04-05 11:16:44 +03:00
Slavi Pantaleev 37c089bb96 Minor docs improvements 2021-04-05 11:13:45 +03:00
Slavi Pantaleev 0a107dc0ce
Merge pull request #868 from foxcris/postgres-backup 
- Added a postgres-backup role
 2021-04-05 10:53:04 +03:00
foxcris 14b8e3a3ab - fixed error with generator function 2021-04-05 09:31:32 +02:00
foxcris 2178f3612f - matrix_postgres_backup_databases now uses more simple structure 2021-04-05 09:05:41 +02:00
Slavi Pantaleev 560777cc16
Merge pull request #981 from aaronraimist/grafana 
Allow special characters in Grafana password and upgrade Grafana
 2021-04-04 10:04:07 +03:00
Slavi Pantaleev 3b8d9bcb32
Merge pull request #982 from GoMatrixHosting/master 
GoMatrixHosting v0.4.0 update
 2021-04-04 10:03:26 +03:00
Michael f41bfb69d2 update survey template formatting 2021-04-04 12:01:53 +08:00