hcoop/domtool2.git
6 months agoapache: reverse host/rewrite arguments in proxyRewrite master release release_20190427-1
Clinton Ebadi [Sat, 27 Apr 2019 23:13:23 +0000 (19:13 -0400)]
apache: reverse host/rewrite arguments in proxyRewrite

Bit awkward having the proxied server in between the match and rewrite
expressions.

6 months agoapache: generalize localProxyRewrite into proxyRewrite release_20190427
Clinton Ebadi [Sat, 27 Apr 2019 22:48:52 +0000 (18:48 -0400)]
apache: generalize localProxyRewrite into proxyRewrite

Allow use of any proxy target instead of localhost (which has not had
any use at hcoop for several years since we moved member logins/daemon
to a server separate from apache), and allow passing rewrite
flags. Apache will accept any combination of rewrite flags, despite
all combinations not making any sense.

8 months agolib: include custom config when redirecting to https in webSsl
Clinton Ebadi [Wed, 6 Mar 2019 03:31:52 +0000 (22:31 -0500)]
lib: include custom config when redirecting to https in webSsl

The custom config provided to webSsl might include critical directives
like `serverAliasDefault', so we need to include it when `ForceSSL' is
enabled.

The https rewrite should override any other rewrites or aliases, so
this shouldn't pose any problems.

9 months agolib: set default php version to php 7.2
Clinton Ebadi [Sat, 9 Feb 2019 19:49:21 +0000 (14:49 -0500)]
lib: set default php version to php 7.2

9 months agoapache: enable php 7.3 support release_20190120
Clinton Ebadi [Sun, 20 Jan 2019 18:51:27 +0000 (13:51 -0500)]
apache: enable php 7.3 support

10 months agomailman: fix missing newline release_20190109-3
Clinton Ebadi [Thu, 10 Jan 2019 03:15:24 +0000 (22:15 -0500)]
mailman: fix missing newline

whoops

10 months agomailman: add MailmanForceSSL env var release_20190109-2
Clinton Ebadi [Thu, 10 Jan 2019 03:02:06 +0000 (22:02 -0500)]
mailman: add MailmanForceSSL env var

Since normal users cannot access the server mailman is on directly,
they also can't set up a vhost to redirect http -> https for mailman.

Use MailmanForceSSL to control generating a redirect to https for http
vhosts. Silently does nothing when used with a vhost with an SSL
cert (would just generate a redirect loop).

10 months agomailman: support ssl on mailman domains release_20190109-1
Clinton Ebadi [Thu, 10 Jan 2019 01:39:57 +0000 (20:39 -0500)]
mailman: support ssl on mailman domains

SSL only worked in mailmanVhost for lists.hcoop.net because the
default vhost happens to use the *.hcoop.net certificate.

Actually specify certificate so this works generally instead.

Continuing the tradition of duplication between vhost and mailmanVhost.

10 months agoapache: update rewriteLogLevel for Apache 2.4 release_20190107-1 release_20190109
Clinton Ebadi [Tue, 8 Jan 2019 03:25:39 +0000 (22:25 -0500)]
apache: update rewriteLogLevel for Apache 2.4

Apache 2.4 removes RewriteLog, and instead makes LogLevel work
generically with modules.

Restrict trace levels to 0..8, Apache rejects the config for anything
but trace{1..8}.

10 months agoapache: support mod_dir DirectorySlash release_20190107
Clinton Ebadi [Tue, 8 Jan 2019 02:09:34 +0000 (21:09 -0500)]
apache: support mod_dir DirectorySlash

Also update copyright, including past years I forgot to update.

10 months agoapache: correct setEnvIfNoCase release_20190106
Clinton Ebadi [Sun, 6 Jan 2019 05:12:29 +0000 (00:12 -0500)]
apache: correct setEnvIfNoCase

Was generating a regular SetEnvIf

10 months agoapache: support SetEnvIf release_20190105-5
Clinton Ebadi [Sun, 6 Jan 2019 02:57:09 +0000 (21:57 -0500)]
apache: support SetEnvIf

Trivial SetEnvIf implementation. Attribute is a regex as that is the
maximal syntax accepted for the argument, and the env arguments are
just a list of no_spaces.

This may change to something more like rewriteRule flags, with
additional syntax for each case supported by apache (ENV, !ENV,
ENV=VAL), and stricter syntax checking for the arguments.

10 months agoapache: allow #":" in rewrite_arg type release_20190105-4
Clinton Ebadi [Sat, 5 Jan 2019 23:37:57 +0000 (18:37 -0500)]
apache: allow #":" in rewrite_arg type

We really should be escaping this in the [E=VAR:VAL] construct, but
since the results of a user using #":" in the VAR aren't fatal or
insecure (just surprising), allow it since otherwise you can't use
constructs like "%{HTTP:header}".

10 months agofix char syntax release_20190105-3
Clinton Ebadi [Sat, 5 Jan 2019 23:10:46 +0000 (18:10 -0500)]
fix char syntax

10 months agoapache: disallow backslashes in rewrite_arg type release_20190105-2
Clinton Ebadi [Sat, 5 Jan 2019 23:02:49 +0000 (18:02 -0500)]
apache: disallow backslashes in rewrite_arg type

backlashes can be used to create invalid config (e.g. using one at the
end of the line), and don't seem to be particularly useful
here. Disallow entirely for now.

10 months agoapache: relax rewrite_arg syntax release_20190105 release_20190105-1
Clinton Ebadi [Fri, 4 Jan 2019 05:18:33 +0000 (00:18 -0500)]
apache: relax rewrite_arg syntax

This was too restrictive, making ENV flag essentially useless (there
is no way to access rewrite capture groups or other environment
variables).

This still forbids spaces; we could allow them, but would have to
ensure proper quoting or escaping and the apache parser for rewrite
arguments is pretty funky, so this seems to be of dubious value (read:
it would be a lot more work).

See https://bugzilla.hcoop.net/show_bug.cgi?id=1287 for background.

10 months agoerrormsg: remove errorText
Clinton Ebadi [Fri, 4 Jan 2019 04:03:04 +0000 (23:03 -0500)]
errormsg: remove errorText

This was never used, and makes `print' allocate memory for no good
reason.

10 months agoapache: add php 7.2 support release_20181216
Clinton Ebadi [Wed, 26 Dec 2018 23:40:06 +0000 (18:40 -0500)]
apache: add php 7.2 support

Also get rid of fast_php (except for compatibility), and use php56
instead since we only have fastcgi php support now.

10 months agolib: add AAAA record for mailman hosts
Clinton Ebadi [Wed, 26 Dec 2018 03:24:30 +0000 (22:24 -0500)]
lib: add AAAA record for mailman hosts

10 months agoeasy_domain: fix argument release_20181215
Clinton Ebadi [Wed, 26 Dec 2018 02:57:32 +0000 (21:57 -0500)]
easy_domain: fix argument

10 months agoeasy_domain: enable ipv6 feature-apache-ipv6
Clinton Ebadi [Wed, 26 Dec 2018 02:44:32 +0000 (21:44 -0500)]
easy_domain: enable ipv6

web and dom will generate AAAA records by default now.

Adapt for ipv6 changes to web_place; this makes webAtIp somewhat
awkward -- users have to be assigned both an IPv4 and IPv6 address,
and specify both.

10 months agoapache: add ipv6 support
Clinton Ebadi [Wed, 26 Dec 2018 02:37:21 +0000 (21:37 -0500)]
apache: add ipv6 support

web_place and web_node now have mandatory IPv6 addresses, and vhosts
will always listen on both IPv4 and IPv6.

mailman plugin updated as well

10 months agodomain: ipv6 support for nodes, new your_ipv6 type
Clinton Ebadi [Wed, 26 Dec 2018 02:31:32 +0000 (21:31 -0500)]
domain: ipv6 support for nodes, new your_ipv6 type

All nodes must support IPv6 now. Allow members to be granted
permissions to IPv6 addresses (currently no IPs are being granted, but
don't allow that feature to bitrot).

10 months agodomain: add node ipv6 address to nodeMap
Clinton Ebadi [Wed, 26 Dec 2018 01:42:57 +0000 (20:42 -0500)]
domain: add node ipv6 address to nodeMap

10 months agobasic internal ipv6 support
Clinton Ebadi [Tue, 25 Dec 2018 22:00:03 +0000 (17:00 -0500)]
basic internal ipv6 support

extend nodeips with ipv6, which is now mandatory for all domtool
controlled servers going forward.

fwtool will generate $WEBNODES using IPv6 so rules from the webservers
to the member servers actually work.

11 months agovmail: show documentation on hcoop wiki
Clinton Ebadi [Thu, 13 Dec 2018 03:20:50 +0000 (22:20 -0500)]
vmail: show documentation on hcoop wiki

We need better help in domtool generally, but for now at least point
to something...

11 months agohcoop: remove fritz and bog from domtool control release_20181212
Clinton Ebadi [Thu, 13 Dec 2018 01:18:32 +0000 (20:18 -0500)]
hcoop: remove fritz and bog from domtool control

11 months agodbms: use nodeIp instead of raw hostname
Clinton Ebadi [Thu, 13 Dec 2018 01:17:55 +0000 (20:17 -0500)]
dbms: use nodeIp instead of raw hostname

Should be using nodeIp like in all other cases where a node is
contacted.

11 months agohcoop: remove fritz as dns secondary
Clinton Ebadi [Thu, 13 Dec 2018 00:51:42 +0000 (19:51 -0500)]
hcoop: remove fritz as dns secondary

11 months agohcoop: change dbmsNode to gibran release_20181209-1
Clinton Ebadi [Mon, 10 Dec 2018 02:17:29 +0000 (21:17 -0500)]
hcoop: change dbmsNode to gibran

Needed for mysql-fixperms to work (unfortunately still needed because
mysql is awful).

11 months agohcoop: remove mccarthy and navajos from domtool control release_20181209
Clinton Ebadi [Sun, 9 Dec 2018 20:01:49 +0000 (15:01 -0500)]
hcoop: remove mccarthy and navajos from domtool control

servers are decommissioned

11 months agohcoop: remove mccarthy from default MailNodes
Clinton Ebadi [Sun, 9 Dec 2018 19:55:48 +0000 (14:55 -0500)]
hcoop: remove mccarthy from default MailNodes

11 months agohcoop: move dns master to gibran.hcoop.net
Clinton Ebadi [Sun, 9 Dec 2018 19:11:57 +0000 (14:11 -0500)]
hcoop: move dns master to gibran.hcoop.net

11 months agohcoop: set default web node to shelob
Clinton Ebadi [Thu, 6 Dec 2018 05:40:17 +0000 (00:40 -0500)]
hcoop: set default web node to shelob

11 months agobuild: fix install_systemd_dispatcher rule release_20181204-1
Clinton Ebadi [Wed, 5 Dec 2018 03:28:17 +0000 (22:28 -0500)]
build: fix install_systemd_dispatcher rule

11 months agohcoop: move dispatcher to gibran release_20181204
Clinton Ebadi [Wed, 5 Dec 2018 01:47:06 +0000 (20:47 -0500)]
hcoop: move dispatcher to gibran

11 months agohcoop: move mailman from mccarthy to minsky release_20181202
Clinton Ebadi [Sun, 2 Dec 2018 22:04:49 +0000 (17:04 -0500)]
hcoop: move mailman from mccarthy to minsky

11 months agomailman: open /usr/share/images/mailman, revert to mod_access_compat
Clinton Ebadi [Sun, 2 Dec 2018 22:03:42 +0000 (17:03 -0500)]
mailman: open /usr/share/images/mailman, revert to mod_access_compat

apache config on mailman server has been normalized with other
servers, and is using mod_access_compat at the top level since domtool
is still using mod_access_compat.

12 months agohcoop: move gibran and marsh to new ips release_20181117
Clinton Ebadi [Sat, 17 Nov 2018 23:29:54 +0000 (18:29 -0500)]
hcoop: move gibran and marsh to new ips

final gunk from roskomnadzor vs telegram

12 months agohcoop: move shelob to new ip release_20181116
Clinton Ebadi [Sat, 17 Nov 2018 03:27:48 +0000 (22:27 -0500)]
hcoop: move shelob to new ip

more fallout from russia vs telegram

12 months agohcoop: add new server `lovelace' release_20181114
Clinton Ebadi [Wed, 14 Nov 2018 05:07:20 +0000 (00:07 -0500)]
hcoop: add new server `lovelace'

no services currently controlled by domtool.

12 months agohcoop: update minsky ip again release_20181113-1
Clinton Ebadi [Wed, 14 Nov 2018 04:50:01 +0000 (23:50 -0500)]
hcoop: update minsky ip again

The new ip we got was blacklisted in Russia thanks to the war against
Telegram.

12 months agohcoop: update minsky.hcoop.net IP address release_20181111 release_20181113
Clinton Ebadi [Mon, 12 Nov 2018 04:51:04 +0000 (23:51 -0500)]
hcoop: update minsky.hcoop.net IP address

We had to change IPs (initially assigned IP was on spam blacklists
from some previous use).

12 months agoapache: use HTTP for mod_auth_kerb service principal
Clinton Ebadi [Mon, 12 Nov 2018 01:52:06 +0000 (20:52 -0500)]
apache: use HTTP for mod_auth_kerb service principal

HTTP/host is the hardcoded service name that the negotitate auth
method requires, which is why it has never worked here. Switch to the
expected service name going forward.

12 months agomain: filter _darcs when assembling set of files in .domtool release_20181021-1
Clinton Ebadi [Sun, 21 Oct 2018 22:44:58 +0000 (18:44 -0400)]
main: filter _darcs when assembling set of files in .domtool

At least one member is attempting to use darcs to track their config,
make domtool skip _darcs as if it were a dotfile.

12 months agohcoop: enable gibran as a dns server release_20181021
Clinton Ebadi [Sun, 21 Oct 2018 22:09:44 +0000 (18:09 -0400)]
hcoop: enable gibran as a dns server

Generate nodes there by default, will become master soon.

12 months agolib: add outpost ipv6 address
Clinton Ebadi [Sun, 21 Oct 2018 17:09:10 +0000 (13:09 -0400)]
lib: add outpost ipv6 address

13 months agodomtool-public: workaround mailman plugin deficiencies release_20181014
Clinton Ebadi [Sun, 14 Oct 2018 22:36:05 +0000 (18:36 -0400)]
domtool-public: workaround mailman plugin deficiencies

The mailman plugin only generates mailman_domains.cfg on the server
that also runs the mailman web interface, so there's no way for a
secondary mail server to know which addresses need to be relayed to
the exim server that runs mailman.

Reworking the mailman plugin would be a bit involved, and it's fairly
low priority so work around for now by setting
/var/domtool/mailman_domains.cfg immutable on the affected servers,
and ignoring if the touch during redo_exim() fails.

If/when the plugin is updated, there is a secondary issue of copying
the mailmandb to all nodes since it is generated locally on the
mailman server. Lists could be managed by domtool, or even just a new
command to trigger an rsync of the mailmandb to afs and then to all
mail nodes when lists are changed should work (IIRC, it is only
changed when lists are added or removed).

13 months agopostgres: rename dbms postgres-9.1 to postgres-9
Clinton Ebadi [Sun, 14 Oct 2018 22:24:06 +0000 (18:24 -0400)]
postgres: rename dbms postgres-9.1 to postgres-9

This will actually be postgres 9.6 now, data is automatically being
migrated as there are no major incompatibilities (unlike 8.1 -> 9.1
which had a wire protocol break).

13 months agoapache: remove php5-cgi support, always generate php config
Clinton Ebadi [Sun, 14 Oct 2018 19:23:12 +0000 (15:23 -0400)]
apache: remove php5-cgi support, always generate php config

Only fastcgi php is supported going forward since suphp has long been
deprecated.

Config.Apache.defaultPhpVersion has been removed; since PhpVersion
will always be specified, there is no reason for domtool not to
explicitly generate config instead of relying on the ambient apache
config to set default handlers for php.

The kerberos/afs fastcgi wrapper is suppressed on non-waklog systems,
but ONLY when php is configured from PhpVersion in the vhost as a
whole; the phpVersion and fastScriptAlias actions don't have access to
the node they are being generated on, and can't detect that waklog is
not supported. Will need to be fixed eventually...

13 months agolib: switch from php5 to fast_php by default
Clinton Ebadi [Sun, 14 Oct 2018 18:55:40 +0000 (14:55 -0400)]
lib: switch from php5 to fast_php by default

cgi based php5 is being removed

13 months agodomtool-publish: try to grab tokens if aklog is available release_20181012
Clinton Ebadi [Fri, 12 Oct 2018 05:12:28 +0000 (01:12 -0400)]
domtool-publish: try to grab tokens if aklog is available

sudo on Debian Jessie and later drops tokens (but not kerberos
tickets), make sure to refresh tokens so syncing files from afs
doesn't fail.

14 months agolib: add webSsl directive
Clinton Ebadi [Thu, 6 Sep 2018 01:42:05 +0000 (21:42 -0400)]
lib: add webSsl directive

Allows sharing config between http/https vhosts and optionally can
force https.

15 months agobootstrap: install default domtool library when bootstrapping
Clinton Ebadi [Sat, 11 Aug 2018 19:03:35 +0000 (15:03 -0400)]
bootstrap: install default domtool library when bootstrapping

15 months agobootstrap: fix a few more bootstrap bugs
Clinton Ebadi [Sat, 11 Aug 2018 18:24:07 +0000 (14:24 -0400)]
bootstrap: fix a few more bootstrap bugs

domtool user creation is actually optional for development/testing
builds

ensure build-tree versions of programs are used when bootstrapping to
avoid need to install.

should be possible to run without installing now.

15 months agobootstrap: use locally built domtool-config when creating local-root
Clinton Ebadi [Sat, 11 Aug 2018 18:04:27 +0000 (14:04 -0400)]
bootstrap: use locally built domtool-config when creating local-root

Was unintentionally calling system-wide domtool-config

15 months agobootstrap: include sudoers file for non-hcoop setups
Clinton Ebadi [Sat, 11 Aug 2018 16:52:44 +0000 (12:52 -0400)]
bootstrap: include sudoers file for non-hcoop setups

domtool needs sudo for certain scripts to actually publish scripts.

16 months agoapache: only generate suphp directives when it will be used release_20180707-1
Clinton Ebadi [Sun, 8 Jul 2018 00:22:39 +0000 (20:22 -0400)]
apache: only generate suphp directives when it will be used

suPHP directives should not be added when using fast_php, breaks when
using apache 2.4 with no suphp extension present.

16 months agohcoop: allow proxying to marsh release_20180707
Clinton Ebadi [Sat, 7 Jul 2018 23:31:33 +0000 (19:31 -0400)]
hcoop: allow proxying to marsh

new shell server, members may run proxied daemons here.

16 months agohcoop: add minsky as admin web node
Clinton Ebadi [Sat, 7 Jul 2018 23:30:23 +0000 (19:30 -0400)]
hcoop: add minsky as admin web node

Will be needed when mailman is moved to minsky.

16 months agohcoop: add new server shelob.hcoop.net
Clinton Ebadi [Sat, 7 Jul 2018 23:29:00 +0000 (19:29 -0400)]
hcoop: add new server shelob.hcoop.net

New webserver, to replace navajos.

16 months agolib: typo fix
Clinton Ebadi [Sat, 7 Jul 2018 23:28:05 +0000 (19:28 -0400)]
lib: typo fix

18 months agohcoop: enable `minsky' as a mail node for all members release_20180423
Clinton Ebadi [Mon, 23 Apr 2018 04:41:35 +0000 (00:41 -0400)]
hcoop: enable `minsky' as a mail node for all members

Will not be enabled as MX yet, but ready to receive config

18 months agosetsa: enable spam checking on admin mail nodes
Clinton Ebadi [Mon, 23 Apr 2018 04:38:58 +0000 (00:38 -0400)]
setsa: enable spam checking on admin mail nodes

No reason not to generate the addrs file, if spamassassin is not
installed it has no effect, and we want spam checking if it is.

18 months agocreate files domtool needs to modify as domtool
Clinton Ebadi [Mon, 23 Apr 2018 03:53:33 +0000 (23:53 -0400)]
create files domtool needs to modify as domtool

18 months agohcoop: new node `minsky' release_20180422
Clinton Ebadi [Mon, 23 Apr 2018 03:19:47 +0000 (23:19 -0400)]
hcoop: new node `minsky'

Add as admin-only mail node for testing

18 months agodomtool-publish: ensure mail files exist before using
Clinton Ebadi [Mon, 23 Apr 2018 03:16:50 +0000 (23:16 -0400)]
domtool-publish: ensure mail files exist before using

empty values are ok here, and better than failing

18 months agodomtool-publish: use `service' instead of `/etc/init.d'
Clinton Ebadi [Mon, 23 Apr 2018 03:16:09 +0000 (23:16 -0400)]
domtool-publish: use `service' instead of `/etc/init.d'

More compatible with sysvinit and systemd

18 months agohcoop: rename quag -> marsh release_20180420-1
Clinton Ebadi [Fri, 20 Apr 2018 04:55:50 +0000 (00:55 -0400)]
hcoop: rename quag -> marsh

18 months agofwtool: fix dns lookups release_20180420
Clinton Ebadi [Fri, 20 Apr 2018 04:02:07 +0000 (00:02 -0400)]
fwtool: fix dns lookups

dig +short actually returns the ip with any cname, recursion bit was
wrong.

18 months agofirewall: fix generation of outgoing rules on webserver release_20180419-1
Clinton Ebadi [Fri, 20 Apr 2018 02:23:27 +0000 (22:23 -0400)]
firewall: fix generation of outgoing rules on webserver

Was not concatenating domain suffix and was filtered out.

18 months agofwtool: filterHosts fixes fwtool-ipv6 release_20180419
Clinton Ebadi [Fri, 20 Apr 2018 01:22:13 +0000 (21:22 -0400)]
fwtool: filterHosts fixes

* Use FQDN for domtool nodes in case they have IPv6 addresses
* Allow ferm variables in hosts lists (for `$WEBNODES')
* Split 127.0.0.1 and :::1 rules (filterHosts will remove the one we
  don't want)

18 months agofwtool: generate rules in primary input/output chain
Clinton Ebadi [Fri, 20 Apr 2018 00:22:41 +0000 (20:22 -0400)]
fwtool: generate rules in primary input/output chain

Using a single chain integrates with Puppet better, allowing it to
manage chains by default and fwtool rules being added to a pair of
explicitly unmanaged chains. If ferm is managing the entire firewall,
there's not much clarity lost over jumping to external user chains.

Adds a comment with the username to input/output rules as
well (missing from input before).

19 months agofwtool: initial ipv6 support and puppet integration
Clinton Ebadi [Thu, 19 Apr 2018 05:27:08 +0000 (01:27 -0400)]
fwtool: initial ipv6 support and puppet integration

Not the prettiest, but it works.

Just duplicates the firewall between ipv4 and ipv6, making sure to
filter out any hostnames that aren't resolvable in each domain.

ProxiedServer doesn't work over IPv6 yet due to nodes not having that
information, will need to be fixed for proxied web services to work.

domtool-publish has a new action, firewallpuppet, that will reload the
firewall for our new setup (and fall back to just reloading ferm on
the current one). Further work is required for puppet; we are purging
unmanaged chains and will need to move all rules into a single chain
instead of jumping to a different chain per user.

19 months agofwtool: allow multiple nodes per rule
Clinton Ebadi [Thu, 19 Apr 2018 05:23:58 +0000 (01:23 -0400)]
fwtool: allow multiple nodes per rule

19 months agoworker: add runOutput function
Clinton Ebadi [Thu, 19 Apr 2018 05:20:49 +0000 (01:20 -0400)]
worker: add runOutput function

similar to shellOutput, but uses Unix.execute directly instead of
using bash, and returns both the return status and any output

19 months agodomain: export validIpv6 and validIp
Clinton Ebadi [Thu, 19 Apr 2018 05:20:10 +0000 (01:20 -0400)]
domain: export validIpv6 and validIp

19 months agohcoop: disable gibran as dns server release_20180418
Clinton Ebadi [Thu, 19 Apr 2018 02:19:32 +0000 (22:19 -0400)]
hcoop: disable gibran as dns server

server not quite ready

19 months agohcoop: new server quag.hcoop.net
Clinton Ebadi [Thu, 19 Apr 2018 02:17:10 +0000 (22:17 -0400)]
hcoop: new server quag.hcoop.net

Runs fwtool

19 months agoadd new server `gibran'
Clinton Ebadi [Tue, 17 Apr 2018 03:17:23 +0000 (23:17 -0400)]
add new server `gibran'

Enable as DNS server for admins for testing

19 months agolib/moin: update for 1.9.9, fix config order
Clinton Ebadi [Tue, 17 Apr 2018 03:16:30 +0000 (23:16 -0400)]
lib/moin: update for 1.9.9, fix config order

User provided config must go after moin ScriptAlias on "/", otherwise
user aliases will never match.

19 months agomail: fix vmailpasswd compilation warnings
Clinton Ebadi [Sat, 14 Apr 2018 04:51:42 +0000 (00:51 -0400)]
mail: fix vmailpasswd compilation warnings

19 months agoconfig: warn that changing localRoot will not work currently
Clinton Ebadi [Sat, 14 Apr 2018 04:49:10 +0000 (00:49 -0400)]
config: warn that changing localRoot will not work currently

19 months agoadd bin/ to repository
Clinton Ebadi [Sat, 14 Apr 2018 04:48:28 +0000 (00:48 -0400)]
add bin/ to repository

needed for build to succeed, exclusion was an oversight

19 months agocreate /var/domtool on install
Clinton Ebadi [Sat, 14 Apr 2018 04:26:25 +0000 (00:26 -0400)]
create /var/domtool on install

And warn that changing localRoot won't work, yet.

19 months agoadd rules to install systemd units
Clinton Ebadi [Sat, 14 Apr 2018 03:49:17 +0000 (23:49 -0400)]
add rules to install systemd units

19 months agoopenssl: fix building with openssl 1.1 and later
Clinton Ebadi [Mon, 9 Apr 2018 23:06:38 +0000 (19:06 -0400)]
openssl: fix building with openssl 1.1 and later

Patch provided by Robin Templeton <robin@hcoop.net>

2 years agoweb_apps: don't instantiate php5 in wordPress release_20170131-1
Clinton Ebadi [Wed, 1 Feb 2017 02:30:31 +0000 (21:30 -0500)]
web_apps: don't instantiate php5 in wordPress

interferes with fastcgi / hasn't been needed since the ancient times

2 years agoapache: improved fastScriptAlias
Clinton Ebadi [Wed, 1 Feb 2017 02:22:16 +0000 (21:22 -0500)]
apache: improved fastScriptAlias

Implementation using Alias + <Location> proved unworkable -- Apache
has an obnoxious property wherein Aliases are first match and
Locations are last match, causing all sorts of exciting
side-effects (e.g. having to add a `<Location>SetHandler
None</Location>' afterward for any aliases that otherwise would have
matched).

A directory + file match however works and does not cause strange
alias behavior.

Also fix not stripping trailing `/' when setting up wrapper.

2 years agoapache: pass script to fastcgi wrapper release_20170127-2
Clinton Ebadi [Tue, 31 Jan 2017 06:10:23 +0000 (01:10 -0500)]
apache: pass script to fastcgi wrapper

2 years agoapache: fix missing newline in fastScriptAlias release_20170127-1
Clinton Ebadi [Tue, 31 Jan 2017 06:08:58 +0000 (01:08 -0500)]
apache: fix missing newline in fastScriptAlias

2 years agoapache: Implement fastcgi alias support release_20170131
Clinton Ebadi [Tue, 31 Jan 2017 05:46:25 +0000 (00:46 -0500)]
apache: Implement fastcgi alias support

New directive `fastScriptAlias from to' works like `scriptAlias' but
using mod_fcgid.

2 years agowebapps/moin: inject custom config before moin config
Clinton Ebadi [Tue, 31 Jan 2017 05:50:52 +0000 (00:50 -0500)]
webapps/moin: inject custom config before moin config

In Apache land, first matching alias wins and we're aliasing `/' to
moin so injecting user config after that deprives them of the ability
to customize aliases. Reverse configuration so they stand a chance.

2 years agoapache: limit php-fastcgi to php
Clinton Ebadi [Tue, 31 Jan 2017 05:52:43 +0000 (00:52 -0500)]
apache: limit php-fastcgi to php

AddHandler to php extensions instead of making the php wrapper the
default mod_fcgid wrapper to avoid weird/insecure behavior.

Also fix `phpVersion' action.

2 years agoapache: fastcgi config core, implement php5-cgi fastcgi release_20170127
Clinton Ebadi [Sun, 29 Jan 2017 03:21:30 +0000 (22:21 -0500)]
apache: fastcgi config core, implement php5-cgi fastcgi

New fastcgi wrapper configuration to set up environment for user to
run fastcgi scripts.

Implemented support for using fastcgi with php5-cgi using version 6
since it does not exist in the real world. phpFastCgiWrapper is site
specific and should set whatever php environment variables are needed
and exec php5-cgi. This does not work with php-fpm, only old-style
php5-cgi in fastcgi mode with mod_fcgid.

todo: general fastcgi directives

2 years agoapache: core directive AllowEncodedSlashes release_20161211
Clinton Ebadi [Mon, 12 Dec 2016 04:15:05 +0000 (23:15 -0500)]
apache: core directive AllowEncodedSlashes

Allow members to set the safe NoDecode mode instead of unequivocally
rejecting URLs with encoded slashes. "On" is not supported because we do
not want to allow encoded urls to access arbitrary directories (not sure
if it's paranoia, but the apache docs discourage it).

https://bugzilla.hcoop.net/show_bug.cgi?id=1220
https://httpd.apache.org/docs/2.2/mod/core.html#allowencodedslashes

3 years agohcoop: remove hopper from config release_20160927
Clinton Ebadi [Wed, 28 Sep 2016 02:02:08 +0000 (22:02 -0400)]
hcoop: remove hopper from config

4 years agolib: add binding for new notfound mod_rewrite flag
Clinton Ebadi [Thu, 22 Oct 2015 03:26:36 +0000 (23:26 -0400)]
lib: add binding for new notfound mod_rewrite flag

4 years agoAdd 404 to possible redirect codes in mod_rewrite
Joseph Yaworski [Wed, 21 Oct 2015 22:23:21 +0000 (18:23 -0400)]
Add 404 to possible redirect codes in mod_rewrite

4 years agohcoop: update library defaults
Clinton Ebadi [Thu, 22 Oct 2015 03:12:05 +0000 (23:12 -0400)]
hcoop: update library defaults

deleuze is no more