Commit graph

2672 commits

Author SHA1 Message Date
Slavi Pantaleev c95ca4badc Do not ask everyone to whitelist Jitsi ports
It's an optional service, so we shouldn't bother most people with it.
2021-04-21 14:48:54 +03:00
Slavi Pantaleev d691cc0920 Move variable definition a bit 2021-04-21 13:59:20 +03:00
Slavi Pantaleev e00ef04b57 Add opt-out-of-FLoC headers by default 2021-04-21 13:58:24 +03:00
Slavi Pantaleev 7fa7e3e5a6
Merge pull request #1012 from aaronraimist/facebook-docs
Update mautrix-facebook docs
2021-04-21 09:27:11 +03:00
Slavi Pantaleev 42783972fd
Merge pull request #1011 from aaronraimist/synapse-admin
Upgrade synapse-admin (0.7.0 -> 0.7.2)
2021-04-21 09:24:30 +03:00
Slavi Pantaleev ca786cc343 Revert "Upgrade Synapse (1.31 -> 1.32)"
This reverts commit f825c7c263.

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1010
2021-04-20 23:40:55 +03:00
Aaron Raimist 9ee1d23afe
Update mautrix-facebook docs 2021-04-20 15:17:26 -05:00
Aaron Raimist bb64b80697
Upgrade synapse-admin (0.7.0 -> 0.7.2) 2021-04-20 15:14:08 -05:00
Slavi Pantaleev f825c7c263 Upgrade Synapse (1.31 -> 1.32) 2021-04-20 17:47:34 +03:00
Slavi Pantaleev 7eda6a3c12
Merge pull request #1009 from thedanbob/coturn-official
Switch to official coturn image
2021-04-19 18:41:17 +03:00
Slavi Pantaleev adcecaffaf Fix connectivity between prometheus and prometheus-node-exporter
Expected to have regressed after https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1008

This patch comes with its own downsides (as described in the comments
for matrix_prometheus_node_exporter_container_http_host_bind_port),
but at least there's:
- no security issue
- metrics remain readable from matrix-prometheus (even if the network metrics are inaccurate)

A better patch is certainly welcome.
2021-04-19 18:29:03 +03:00
Dan Arnfield b2ca1f2829 Add capability required by new image 2021-04-19 10:16:26 -05:00
Slavi Pantaleev 8da8979a24 Do not override matrix_prometheus_node_exporter_container_http_host_bind_port when matrix-nginx-proxy disabled
Not sure why this had been done in the first place.
It doesn't make any sense.

There's no relation between matrix-nginx-proxy and
prometheus-node-exporter.
2021-04-19 17:45:27 +03:00
Slavi Pantaleev 398b9f5d66
Merge pull request #1008 from sakkiii/master
security** node-exporter data & port publicly exposed
2021-04-19 17:31:00 +03:00
Dan Arnfield 82f7e1c7c0 Update docs 2021-04-19 09:05:04 -05:00
Dan Arnfield 29177d4922 Switch to official coturn docker image 2021-04-19 09:04:08 -05:00
sak 88a30fb5ed security** node-exporter data & port publicly exposed 2021-04-19 15:35:23 +05:30
sak 0f9a455719 Revert "security** node-exporter data & port publicly exposed"
This reverts commit d0cd709c08.
2021-04-19 15:24:36 +05:30
sak d0cd709c08 security** node-exporter data & port publicly exposed 2021-04-19 15:15:59 +05:30
Slavi Pantaleev 4a1739f604
Merge pull request #1007 from teutat3s/fix/nginx-dont-send-version
Don't expose nginx version with each response
2021-04-18 21:33:11 +03:00
teutat3s 2bf7c26cfa
Don't expose nginx version with each response 2021-04-18 16:24:13 +02:00
Slavi Pantaleev c565e72f0d
Merge pull request #1003 from sakkiii/patch-2
updated matrix_grafana_docker_image to v7.5.4
2021-04-18 09:56:12 +03:00
Slavi Pantaleev 51b46697c5
Merge pull request #1005 from sakkiii/master
Improve security for grafana
2021-04-18 09:50:59 +03:00
Slavi Pantaleev ac8a835fd2
Merge pull request #1006 from thedanbob/fix-prometheus-network
Fix prometheus network for ansible < 2.8
2021-04-18 09:09:37 +03:00
Dan Arnfield f04614a993 Fix prometheus network for ansible < 2.8 2021-04-17 20:15:26 -05:00
Slavi Pantaleev badd81e0ec Revert "Attempt to fix docker_network result discrepancy between Ansible versions"
This reverts commit 68ca81c8c2.
2021-04-17 19:31:20 +03:00
sakkiii 1958d0792d Update matrix-client-element.conf.j2 2021-04-17 21:33:07 +05:30
sakkiii b6d45c5fd8 Merge branch 'master' of https://github.com/sakkiii/matrix-docker-ansible-deploy 2021-04-17 21:03:26 +05:30
sakkiii 05042f5ff1 Improve security grafana
- duplicate X-Content-Type-Options
- X-Frame-Options header
- Referrer-Policy [Might consider adding variable]
- Secure flag with cookies
- matrix_grafana_content_security_policy variable for [Content Security Policy](https://grafana.com/docs/grafana/latest/administration/configuration/#content_security_policy)
2021-04-17 21:03:05 +05:30
sakkiii 27377e099d
updated matrix_grafana_docker_image to v7.5.4
Latest stable grafana version is [7.5.4 (2021-04-14)](https://github.com/grafana/grafana/releases/tag/v7.5.4)
2021-04-17 17:31:14 +05:30
Slavi Pantaleev 68ca81c8c2 Attempt to fix docker_network result discrepancy between Ansible versions
Supposedly fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/907
2021-04-17 11:42:06 +03:00
Slavi Pantaleev 9c1f41eadf
Merge pull request #1002 from thedanbob/node-exporter-1.1.2
Update prometheus node exporter (1.1.0->1.1.2)
2021-04-17 11:15:13 +03:00
Slavi Pantaleev 92925e5537
Merge pull request #1001 from thedanbob/prometheus-2.26.0
Update prometheus (2.24.1->2.26.0)
2021-04-17 11:14:53 +03:00
Dan Arnfield 8a550ce67c Update prometheus (2.24.1->2.26.0) 2021-04-16 09:25:45 -05:00
Dan Arnfield 83cc5c9e6a Update prometheus node exporter (1.1.0 -> 1.1.2) 2021-04-16 09:17:04 -05:00
sakkiii 5dc642ace1
Nginx element web: XSS protection & nosniff header
X-XSS-Protection: 1; mode=block; header, for basic XSS protection in legacy browsers.
X-Content-Type-Options: nosniff header, to disable MIME sniffing
2021-04-16 14:45:04 +05:30
Slavi Pantaleev fcb9e9618a Make Coturn TLSv1/v1.1 configurable
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/999
2021-04-16 09:29:32 +03:00
Slavi Pantaleev 8ae0628c2f
Merge pull request #999 from sakkiii/patch-1
CoTurn Disable support for TLS 1.0 and TLS 1.1
2021-04-16 09:21:23 +03:00
sakkiii 540416e32d
Disable support for TLS 1.0 and TLS 1.1
These old versions of TLS rely on MD5 and SHA-1, both now broken, and contain other flaws. TLS 1.0 is no longer PCI-DSS compliant and the TLS working group has adopted a document to deprecate TLS 1.0 and TLS 1.1.
2021-04-15 19:25:23 +05:30
Slavi Pantaleev ed3c9ccbd2
Merge pull request #998 from GoMatrixHosting/master
GoMatrixHosting v0.4.2
2021-04-15 12:20:27 +03:00
Michael-GMH 0607e01304 Merge remote-tracking branch 'upstream/master' 2021-04-15 17:08:03 +08:00
Michael-GMH 89cb5a3d7a GMH v0.4.2 update 2021-04-15 17:07:03 +08:00
Slavi Pantaleev c7c137df74 Upgrade nginx and certbot 2021-04-14 13:24:41 +03:00
Slavi Pantaleev 931452bb06 Upgrade exim (4.93 -> 4.94) 2021-04-14 08:57:01 +03:00
Slavi Pantaleev 316d7d815a Add FAQ entry about debugging SSL certificate renewal troubles 2021-04-13 10:52:38 +03:00
Slavi Pantaleev 291621c984
Merge pull request #997 from rakshazi/patch-3
Updated Element Web 1.7.24.1 -> 1.7.25
2021-04-13 09:22:08 +03:00
rakshazi 4f8e1bd43a
Updated Element Web 1.7.24.1 -> 1.7.25 2021-04-12 18:04:56 +00:00
Slavi Pantaleev 68db6d028b
Merge pull request #990 from haghighi-ahmad/feature-use-custom-docker-registry
use custom docker registry
2021-04-12 16:08:34 +03:00
Ahmad Haghighi 126fbbc0cc fix typo 2021-04-12 17:23:55 +04:30
Ahmad Haghighi e335f3fc77 rename matrix_global_registry to matrix_container_global_registry_prefix related to #990
Signed-off-by: Ahmad Haghighi <haghighi@fedoraproject.org>
2021-04-12 17:23:55 +04:30