Slavi Pantaleev
c95ca4badc
Do not ask everyone to whitelist Jitsi ports
...
It's an optional service, so we shouldn't bother most people with it.
2021-04-21 14:48:54 +03:00
Slavi Pantaleev
d691cc0920
Move variable definition a bit
2021-04-21 13:59:20 +03:00
Slavi Pantaleev
e00ef04b57
Add opt-out-of-FLoC headers by default
2021-04-21 13:58:24 +03:00
Slavi Pantaleev
7fa7e3e5a6
Merge pull request #1012 from aaronraimist/facebook-docs
...
Update mautrix-facebook docs
2021-04-21 09:27:11 +03:00
Slavi Pantaleev
42783972fd
Merge pull request #1011 from aaronraimist/synapse-admin
...
Upgrade synapse-admin (0.7.0 -> 0.7.2)
2021-04-21 09:24:30 +03:00
Slavi Pantaleev
ca786cc343
Revert "Upgrade Synapse (1.31 -> 1.32)"
...
This reverts commit f825c7c263
.
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1010
2021-04-20 23:40:55 +03:00
Aaron Raimist
9ee1d23afe
Update mautrix-facebook docs
2021-04-20 15:17:26 -05:00
Aaron Raimist
bb64b80697
Upgrade synapse-admin (0.7.0 -> 0.7.2)
2021-04-20 15:14:08 -05:00
Slavi Pantaleev
f825c7c263
Upgrade Synapse (1.31 -> 1.32)
2021-04-20 17:47:34 +03:00
Slavi Pantaleev
7eda6a3c12
Merge pull request #1009 from thedanbob/coturn-official
...
Switch to official coturn image
2021-04-19 18:41:17 +03:00
Slavi Pantaleev
adcecaffaf
Fix connectivity between prometheus and prometheus-node-exporter
...
Expected to have regressed after https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1008
This patch comes with its own downsides (as described in the comments
for matrix_prometheus_node_exporter_container_http_host_bind_port),
but at least there's:
- no security issue
- metrics remain readable from matrix-prometheus (even if the network metrics are inaccurate)
A better patch is certainly welcome.
2021-04-19 18:29:03 +03:00
Dan Arnfield
b2ca1f2829
Add capability required by new image
2021-04-19 10:16:26 -05:00
Slavi Pantaleev
8da8979a24
Do not override matrix_prometheus_node_exporter_container_http_host_bind_port when matrix-nginx-proxy disabled
...
Not sure why this had been done in the first place.
It doesn't make any sense.
There's no relation between matrix-nginx-proxy and
prometheus-node-exporter.
2021-04-19 17:45:27 +03:00
Slavi Pantaleev
398b9f5d66
Merge pull request #1008 from sakkiii/master
...
security** node-exporter data & port publicly exposed
2021-04-19 17:31:00 +03:00
Dan Arnfield
82f7e1c7c0
Update docs
2021-04-19 09:05:04 -05:00
Dan Arnfield
29177d4922
Switch to official coturn docker image
2021-04-19 09:04:08 -05:00
sak
88a30fb5ed
security** node-exporter data & port publicly exposed
2021-04-19 15:35:23 +05:30
sak
0f9a455719
Revert "security** node-exporter data & port publicly exposed"
...
This reverts commit d0cd709c08
.
2021-04-19 15:24:36 +05:30
sak
d0cd709c08
security** node-exporter data & port publicly exposed
2021-04-19 15:15:59 +05:30
Slavi Pantaleev
4a1739f604
Merge pull request #1007 from teutat3s/fix/nginx-dont-send-version
...
Don't expose nginx version with each response
2021-04-18 21:33:11 +03:00
teutat3s
2bf7c26cfa
Don't expose nginx version with each response
2021-04-18 16:24:13 +02:00
Slavi Pantaleev
c565e72f0d
Merge pull request #1003 from sakkiii/patch-2
...
updated matrix_grafana_docker_image to v7.5.4
2021-04-18 09:56:12 +03:00
Slavi Pantaleev
51b46697c5
Merge pull request #1005 from sakkiii/master
...
Improve security for grafana
2021-04-18 09:50:59 +03:00
Slavi Pantaleev
ac8a835fd2
Merge pull request #1006 from thedanbob/fix-prometheus-network
...
Fix prometheus network for ansible < 2.8
2021-04-18 09:09:37 +03:00
Dan Arnfield
f04614a993
Fix prometheus network for ansible < 2.8
2021-04-17 20:15:26 -05:00
Slavi Pantaleev
badd81e0ec
Revert "Attempt to fix docker_network result discrepancy between Ansible versions"
...
This reverts commit 68ca81c8c2
.
2021-04-17 19:31:20 +03:00
sakkiii
1958d0792d
Update matrix-client-element.conf.j2
2021-04-17 21:33:07 +05:30
sakkiii
b6d45c5fd8
Merge branch 'master' of https://github.com/sakkiii/matrix-docker-ansible-deploy
2021-04-17 21:03:26 +05:30
sakkiii
05042f5ff1
Improve security grafana
...
- duplicate X-Content-Type-Options
- X-Frame-Options header
- Referrer-Policy [Might consider adding variable]
- Secure flag with cookies
- matrix_grafana_content_security_policy variable for [Content Security Policy](https://grafana.com/docs/grafana/latest/administration/configuration/#content_security_policy )
2021-04-17 21:03:05 +05:30
sakkiii
27377e099d
updated matrix_grafana_docker_image to v7.5.4
...
Latest stable grafana version is [7.5.4 (2021-04-14)](https://github.com/grafana/grafana/releases/tag/v7.5.4 )
2021-04-17 17:31:14 +05:30
Slavi Pantaleev
68ca81c8c2
Attempt to fix docker_network result discrepancy between Ansible versions
...
Supposedly fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/907
2021-04-17 11:42:06 +03:00
Slavi Pantaleev
9c1f41eadf
Merge pull request #1002 from thedanbob/node-exporter-1.1.2
...
Update prometheus node exporter (1.1.0->1.1.2)
2021-04-17 11:15:13 +03:00
Slavi Pantaleev
92925e5537
Merge pull request #1001 from thedanbob/prometheus-2.26.0
...
Update prometheus (2.24.1->2.26.0)
2021-04-17 11:14:53 +03:00
Dan Arnfield
8a550ce67c
Update prometheus (2.24.1->2.26.0)
2021-04-16 09:25:45 -05:00
Dan Arnfield
83cc5c9e6a
Update prometheus node exporter (1.1.0 -> 1.1.2)
2021-04-16 09:17:04 -05:00
sakkiii
5dc642ace1
Nginx element web: XSS protection & nosniff header
...
X-XSS-Protection: 1; mode=block; header, for basic XSS protection in legacy browsers.
X-Content-Type-Options: nosniff header, to disable MIME sniffing
2021-04-16 14:45:04 +05:30
Slavi Pantaleev
fcb9e9618a
Make Coturn TLSv1/v1.1 configurable
...
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/999
2021-04-16 09:29:32 +03:00
Slavi Pantaleev
8ae0628c2f
Merge pull request #999 from sakkiii/patch-1
...
CoTurn Disable support for TLS 1.0 and TLS 1.1
2021-04-16 09:21:23 +03:00
sakkiii
540416e32d
Disable support for TLS 1.0 and TLS 1.1
...
These old versions of TLS rely on MD5 and SHA-1, both now broken, and contain other flaws. TLS 1.0 is no longer PCI-DSS compliant and the TLS working group has adopted a document to deprecate TLS 1.0 and TLS 1.1.
2021-04-15 19:25:23 +05:30
Slavi Pantaleev
ed3c9ccbd2
Merge pull request #998 from GoMatrixHosting/master
...
GoMatrixHosting v0.4.2
2021-04-15 12:20:27 +03:00
Michael-GMH
0607e01304
Merge remote-tracking branch 'upstream/master'
2021-04-15 17:08:03 +08:00
Michael-GMH
89cb5a3d7a
GMH v0.4.2 update
2021-04-15 17:07:03 +08:00
Slavi Pantaleev
c7c137df74
Upgrade nginx and certbot
2021-04-14 13:24:41 +03:00
Slavi Pantaleev
931452bb06
Upgrade exim (4.93 -> 4.94)
2021-04-14 08:57:01 +03:00
Slavi Pantaleev
316d7d815a
Add FAQ entry about debugging SSL certificate renewal troubles
2021-04-13 10:52:38 +03:00
Slavi Pantaleev
291621c984
Merge pull request #997 from rakshazi/patch-3
...
Updated Element Web 1.7.24.1 -> 1.7.25
2021-04-13 09:22:08 +03:00
rakshazi
4f8e1bd43a
Updated Element Web 1.7.24.1 -> 1.7.25
2021-04-12 18:04:56 +00:00
Slavi Pantaleev
68db6d028b
Merge pull request #990 from haghighi-ahmad/feature-use-custom-docker-registry
...
use custom docker registry
2021-04-12 16:08:34 +03:00
Ahmad Haghighi
126fbbc0cc
fix typo
2021-04-12 17:23:55 +04:30
Ahmad Haghighi
e335f3fc77
rename matrix_global_registry to matrix_container_global_registry_prefix related to #990
...
Signed-off-by: Ahmad Haghighi <haghighi@fedoraproject.org>
2021-04-12 17:23:55 +04:30