a5534a34dc
Update Alpine version from 3.10 to 3.14
3 years ago
9e5cfaaec8
towncrier
3 years ago
ee54a615c1
Alpine has removed support for btree and hash
3 years ago
4e16c9000b
Give docker containers in each test one more minute for starting.
3 years ago
146b081119
enhanced security changelog entry and added recommendation to recreate secret_key
3 years ago
2132adcc38
Fixed typing error.
3 years ago
e3fbf48c5a
Improved changelog entry
3 years ago
9b2afbfa89
Resolve merge conflict
3 years ago
b7db90b7ff
Update documentation config and release notes page.
3 years ago
529994c095
Update CHANGELOG.md and process towncrier newsfragments.
3 years ago
24747e33de
Add ability to set no WEBROOT_REDIRECT to Nginx
...
Adds a 'none' env option to WEBROOT_REDIRECT so that no `location /`
configuration is written to nginx.conf.
This is useful for setting up Mailu and Mailman where we override the
root to proxy to the mailing list server instead. Without this change
the nginx container will not start, or for 1.7 users can set their
WEBMAIL_PATH to / with no webmail to get the same results.
This fix means that future users don't have to choose between webmail
and a root override and makes the configuration intention clear.
3 years ago
0b16291153
doh
3 years ago
7b847852af
fix typo
3 years ago
1db08018da
Ensure that we get certificate validation on top90
...
I have found a list of the top100 email destinations online and ran them
through a script to ensure that all of their MX servers had valid
configuration... this is the result
3 years ago
e1a7657999
Now that postfix has CAs we can switch to secure
...
encrypt means "ensure we have some confidentiality" whereas secure means
"ensure we have confidentiality while talking to the right peer"
(protects against passive or/and active MITM attacks)
3 years ago
6149c759f4
doc
3 years ago
b066a5e2ac
add a default tls_policy_map
3 years ago
1df79f8132
give PFS a chance
3 years ago
10f2c17979
Restore Roundcube PHP files
3 years ago
5a1d89aaac
Restore Rainloop Dockerfile HEALTHCHECK
3 years ago
925105075c
this is required in fact
3 years ago
5afbf37292
Resolve build issues
3 years ago
df64601b28
Merge branch 'master' into AdminLTE-3
3 years ago
556a5897d1
Install php7-pdo and php7-pdo_sqlite for contacts
3 years ago
d0a0ba6727
Optimize PHP pm setting to ondemand
...
The ondemand setting results in lower memory consumption in idle.
3 years ago
0fd97124f7
Process review feedback
3 years ago
772e5efb7d
Disable pipelining to prevent bypass
3 years ago
d472900efa
Optimize Rainloop to NGINX
...
- Reduce build time.
- Reduce image size.
- Faster user response using CGI.
3 years ago
c76a76c0b0
make it optional, add a knob
3 years ago
5e1ba9d4ff
towncrier
3 years ago
109a8aa000
Ensure that we always have CERT+INTERMEDIARY CA
...
Let's encrypt may change things up in the future...
3 years ago
dccd8afd51
Thanks @Diman0!
...
ENEEDSLEEP
3 years ago
974bcba5ab
Restore LOGIN as tests assume it's there
3 years ago
2b05e72ce4
Revert "maybe fix the tests"
...
This reverts commit f971b47fb9
3 years ago
f971b47fb9
maybe fix the tests
3 years ago
4a871c0905
this causes trouble with the test
3 years ago
12c842c4b9
In fact in fullchain we want all but the last
3 years ago
24f9bf1064
format certs for nginx
3 years ago
98b903fe13
don't send the rootcert
3 years ago
92ec446c20
doh
3 years ago
f05cc99dc0
Add ECC certs for modern clients
3 years ago
cb68cb312b
Reduce the size of the RSA key to 3072bits
...
This is already generous for certificates that have a 3month validity!
We rekey every single time.
3 years ago
5e7d5adf17
AUTH shouldn't happen on port 25
3 years ago
55cdb1a534
be explicit about what we support
3 years ago
ecadf46ac6
fix PFS
3 years ago
7285c6bfd9
admin won't understand LOGIN
3 years ago
de3620da4a
Don't send credentials in clear ever
3 years ago
4535c42e70
This isn't required
3 years ago
1101e401e8
Apply the restriction on the right port
3 years ago
6d244222da
better error message
3 years ago
Erriez