maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity
2,894 Commits 6 Branches 188 Tags
32c32a7e7afa8c473cdb6c73e5edd8c077078f03
Commit Graph

2894 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Johannes Feichtner
32c32a7e7a Enable multiple standard IPs 2016-02-21 14:00:26 +01:00
Michael Kaufmann
d7ca3a0f1c Merge pull request #303 from Churro/froxlorMerge 
Nginx: Fix for redundantly inserted auth blocks
 2016-02-21 13:09:29 +01:00
Michael Kaufmann
e8489e55a1 Merge pull request #304 from Churro/froxlorMerge_f437f92 
Apache 2.4: Add AllowOverride All, otherwise Apache ignores .htaccess files
 2016-02-21 08:18:44 +01:00
Michael Kaufmann
5c90c3aa97 Merge pull request #315 from Churro/froxlorMerge_d02a076 
Nginx: Set default curve to secp384r1
 2016-02-21 08:09:06 +01:00
Michael Kaufmann
b5e739620d Merge pull request #310 from Churro/froxlorMerge_fe8093f 
Nginx: Avoid multiple index directives (common pitfall)
 2016-02-21 08:07:58 +01:00
Johannes Feichtner
a328a95c01 Set default curve to secp384r1 2016-02-21 01:23:18 +01:00
Michael Kaufmann
11b3ac67b0 Merge pull request #311 from Churro/froxlorMerge_c5cf2fa 
Set correct error log levels (LOG_ERR instead of LOG_ERROR)
 2016-02-20 22:20:45 +01:00
Michael Kaufmann
b8e7122452 Merge pull request #309 from Churro/froxlorMerge_a036bfb 
Fix fatal error in phpErrHandler with PHP7 and suit cronjob for various PHP versions
 2016-02-20 22:20:23 +01:00
Michael Kaufmann
a6bd323a0e Merge pull request #314 from Churro/froxlorMerge_ce6cc23 
Feature: Make the MYSQL_PASSWORD string dynamically definable
 2016-02-20 22:17:49 +01:00
Michael Kaufmann
4bec449a26 Merge pull request #313 from Churro/froxlorMerge_8265df4 
IPs and Ports: Only show attributes used by the current webserver
 2016-02-20 22:16:41 +01:00
Dessa
2176482e4f Merge pull request #312 from Churro/froxlorMerge_typos 
Typo fix: German word and title capitalization
 2016-02-20 21:59:18 +01:00
Johannes Feichtner
9c7092292b Feature: Make the MYSQL_PASSWORD string definable once in order to be able to copy the fragments without further change 2016-02-20 21:36:30 +01:00
Johannes Feichtner
46eeb65ff0 IPs and Ports: Only show attributes used by the current webserver 2016-02-20 21:13:47 +01:00
Johannes Feichtner
dd79a3a78a German typo fix 2016-02-20 21:04:18 +01:00
Johannes Feichtner
fef9e51c9a Capitalization fixed 2016-02-20 21:03:37 +01:00
Johannes Feichtner
c27589e8c2 Set correct error log levels (LOG_ERR instead of LOG_ERROR) 2016-02-20 20:57:31 +01:00
Johannes Feichtner
1ace011ad2 Nginx: Avoid multiple index directives (common pitfall) 2016-02-20 20:40:38 +01:00
Dessa
c269a3d363 Merge pull request #308 from Churro/froxlorMerge_bca75e9 
.gitignore update for Idea or WebStorm files
 2016-02-20 20:22:21 +01:00
Johannes Feichtner
387be846f1 Fix fatal error in phpErrHandler with PHP7 and suit cronjob for various PHP versions 2016-02-20 20:21:09 +01:00
Johannes Feichtner
a788660efe .gitignore update for Idea files 2016-02-20 19:58:20 +01:00
Michael Kaufmann
73c8643218 Merge pull request #306 from Churro/froxlorMerge_4aeb06e 
Nginx: Change fastcgi IPC dir to a path that is definitely existing
 2016-02-20 19:50:37 +01:00
Michael Kaufmann
cd7b65395f Merge pull request #305 from Churro/froxlorMerge_6622deb 
Nginx: Security-critical fix for faulty directory protection
 2016-02-20 19:46:28 +01:00
Johannes Feichtner
1c467d71c7 Changed fastcgi IPC dir to a path that is definitely existing 2016-02-20 19:34:05 +01:00
Johannes Feichtner
a641dfbfc8 Security-critical fix: Nginx directory protection did not prevent access to 
PHP scripts

Although the implemented direction protection posed a prompt when
accessing the http://...com/protectedir/
it was still possible to call http://...com/protectedir/script.php

This vulnerability emerges from the precedence order of "location"
statements. The RegEx matching the PHP script is triggered before the
directory protection is evaluated. As a result, the PHP script is
interpreted and path parsing stops due to the circumflex (see
http://nginx.org/en/docs/http/ngx_http_core_module.html#location).

The fix involves adding a PHP parsing snippet to every protected
block. In order to prevent PHP-related config params repeatedly, the
required section is referenced using a prefix.
 2016-02-20 19:25:49 +01:00
Johannes Feichtner
268b188133 Apache 2.4: Add AllowOVerride All, otherwise Apache ignores .htaccess 
files
 2016-02-20 17:59:34 +01:00
Johannes Feichtner
4692d7ef2a Nginx: Changed inefficient RegEx redirect to equivalent 301 2016-02-20 17:30:26 +01:00
Johannes Feichtner
3b9201fb91 Nginx: Fix for redundantly inserted auth blocks 
The problem occurs if a Vhost is assigned multiple different auth names
in Froxlor. Each block is then added repeatedly, leading to an
unparseable configuration
 2016-02-20 17:21:54 +01:00
Michael Kaufmann
6e0f18b200 Merge pull request #301 from Churro/froxlorMerge 
Fix for case insensitivity bug in Apache 2.4.12 + PHP-FPM
 2016-02-20 17:17:41 +01:00
Michael Kaufmann
dfee6873da Merge pull request #302 from stweil/typo 
Fix some typos in code comments
 2016-02-20 17:17:21 +01:00
Stefan Weil
50e7311390 Fix some typos in code comments 
Most of them were found by codespell.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
 2016-02-20 17:10:24 +01:00
Johannes Feichtner
1c4b88d014 Fix for case insensitivity bug in Apache 2.4.12 + PHP-FPM 
With Apache 2.4.12, the FPM socket path is always considered as a
lowercase file path regardless of the used capitalization.
If Froxlor creates a socket file containing uppercase characters, Apache fails to find to the socket.
See https://bz.apache.org/bugzilla/show_bug.cgi?id=57968
 2016-02-20 16:58:59 +01:00
Michael Kaufmann
0935a9c193 Merge pull request #300 from Froxlor/revert-299-master 
Revert "Changes in the config templates"
 2016-02-20 15:25:47 +01:00
Michael Kaufmann
8a99bd1d51 Revert "Changes in the config templates" 2016-02-20 15:24:51 +01:00
Michael Kaufmann
be1a12821e Merge pull request #299 from ianklemm/master 
Changes in the config templates
 2016-02-20 15:21:37 +01:00
Vengance
bc9bc84f23 Update gentoo.xml 2016-02-20 14:27:53 +01:00
Vengance
e5bb58cd91 Update wheezy.xml 2016-02-20 14:24:35 +01:00
Vengance
074b425ee0 Update precise.xml 2016-02-20 14:23:29 +01:00
Vengance
59e599a952 Update rhel_centos.xml 2016-02-20 14:21:26 +01:00
Vengance
3f523a8b58 Update trusty.xml 2016-02-20 14:20:03 +01:00
Vengance
b4667c92e7 Delete Froxlor-master.rar 2016-02-20 13:14:16 +01:00
Vengance
2ce488c03c Update jessie.xml 2016-02-20 12:49:18 +01:00
Vengance
e1448859c9 Added files via upload 2016-02-20 12:46:48 +01:00
Florian Aders
8abd041f36 Remove certificate on removal of subdomain, fixes #1596 
Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-02-19 21:01:48 +01:00
Florian Aders
dabd4a4a4e Merge pull request #298 from nachtgeist/logging 
Logging
 2016-02-19 20:46:22 +01:00
Daniel Reichelt
6ac274a706 cron/apache: use correct constant for loglevel 2016-02-19 20:32:03 +01:00
Daniel Reichelt
3d2b672feb cron logging: really print messages of level >= LOG_WARNING 
also fix mixed indentation
 2016-02-19 20:32:02 +01:00
Florian Aders
e621e02f92 Allow selecting new keysize, fixes #1594 
Prepare database and cron for HSTS, refs #1593
Added option to re-use key and CSR for Let's Encrypt

Signed-off-by: Florian Aders <eleras@froxlor.org>
 2016-02-19 17:35:44 +01:00
Michael Kaufmann (d00p)
e3a594f3e7 do not post configuration form when nothing is selected, fixes #1595 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
 2016-02-19 16:09:50 +01:00
Florian Aders
5982f86db4 Merge pull request #297 from nachtgeist/le 
Le
 2016-02-19 14:53:37 +01:00
Daniel Reichelt
b071b8c2d9 LE: remove challenge file on failure, take #2 ;) 2016-02-19 14:44:23 +01:00