3
0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2025-10-25 01:23:24 +00:00
Commit Graph

3122 Commits

Author SHA1 Message Date
Slavi Pantaleev
c95ca4badc Do not ask everyone to whitelist Jitsi ports
It's an optional service, so we shouldn't bother most people with it.
2021-04-21 14:48:54 +03:00
Slavi Pantaleev
d691cc0920 Move variable definition a bit 2021-04-21 13:59:20 +03:00
Slavi Pantaleev
e00ef04b57 Add opt-out-of-FLoC headers by default 2021-04-21 13:58:24 +03:00
Slavi Pantaleev
7fa7e3e5a6 Merge pull request #1012 from aaronraimist/facebook-docs
Update mautrix-facebook docs
2021-04-21 09:27:11 +03:00
Slavi Pantaleev
42783972fd Merge pull request #1011 from aaronraimist/synapse-admin
Upgrade synapse-admin (0.7.0 -> 0.7.2)
2021-04-21 09:24:30 +03:00
Slavi Pantaleev
ca786cc343 Revert "Upgrade Synapse (1.31 -> 1.32)"
This reverts commit f825c7c263.

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1010
2021-04-20 23:40:55 +03:00
Aaron Raimist
9ee1d23afe Update mautrix-facebook docs 2021-04-20 15:17:26 -05:00
Aaron Raimist
bb64b80697 Upgrade synapse-admin (0.7.0 -> 0.7.2) 2021-04-20 15:14:08 -05:00
Slavi Pantaleev
f825c7c263 Upgrade Synapse (1.31 -> 1.32) 2021-04-20 17:47:34 +03:00
Slavi Pantaleev
7eda6a3c12 Merge pull request #1009 from thedanbob/coturn-official
Switch to official coturn image
2021-04-19 18:41:17 +03:00
Slavi Pantaleev
adcecaffaf Fix connectivity between prometheus and prometheus-node-exporter
Expected to have regressed after https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1008

This patch comes with its own downsides (as described in the comments
for matrix_prometheus_node_exporter_container_http_host_bind_port),
but at least there's:
- no security issue
- metrics remain readable from matrix-prometheus (even if the network metrics are inaccurate)

A better patch is certainly welcome.
2021-04-19 18:29:03 +03:00
Dan Arnfield
b2ca1f2829 Add capability required by new image 2021-04-19 10:16:26 -05:00
Slavi Pantaleev
8da8979a24 Do not override matrix_prometheus_node_exporter_container_http_host_bind_port when matrix-nginx-proxy disabled
Not sure why this had been done in the first place.
It doesn't make any sense.

There's no relation between matrix-nginx-proxy and
prometheus-node-exporter.
2021-04-19 17:45:27 +03:00
Slavi Pantaleev
398b9f5d66 Merge pull request #1008 from sakkiii/master
security** node-exporter data & port publicly exposed
2021-04-19 17:31:00 +03:00
Dan Arnfield
82f7e1c7c0 Update docs 2021-04-19 09:05:04 -05:00
Dan Arnfield
29177d4922 Switch to official coturn docker image 2021-04-19 09:04:08 -05:00
sak
88a30fb5ed security** node-exporter data & port publicly exposed 2021-04-19 15:35:23 +05:30
sak
0f9a455719 Revert "security** node-exporter data & port publicly exposed"
This reverts commit d0cd709c08.
2021-04-19 15:24:36 +05:30
sak
d0cd709c08 security** node-exporter data & port publicly exposed 2021-04-19 15:15:59 +05:30
Slavi Pantaleev
4a1739f604 Merge pull request #1007 from teutat3s/fix/nginx-dont-send-version
Don't expose nginx version with each response
2021-04-18 21:33:11 +03:00
teutat3s
2bf7c26cfa Don't expose nginx version with each response 2021-04-18 16:24:13 +02:00
Slavi Pantaleev
c565e72f0d Merge pull request #1003 from sakkiii/patch-2
updated matrix_grafana_docker_image to v7.5.4
2021-04-18 09:56:12 +03:00
Slavi Pantaleev
51b46697c5 Merge pull request #1005 from sakkiii/master
Improve security for grafana
2021-04-18 09:50:59 +03:00
Slavi Pantaleev
ac8a835fd2 Merge pull request #1006 from thedanbob/fix-prometheus-network
Fix prometheus network for ansible < 2.8
2021-04-18 09:09:37 +03:00
Dan Arnfield
f04614a993 Fix prometheus network for ansible < 2.8 2021-04-17 20:15:26 -05:00
Slavi Pantaleev
badd81e0ec Revert "Attempt to fix docker_network result discrepancy between Ansible versions"
This reverts commit 68ca81c8c2.
2021-04-17 19:31:20 +03:00
sakkiii
1958d0792d Update matrix-client-element.conf.j2 2021-04-17 21:33:07 +05:30
sakkiii
b6d45c5fd8 Merge branch 'master' of https://github.com/sakkiii/matrix-docker-ansible-deploy 2021-04-17 21:03:26 +05:30
sakkiii
05042f5ff1 Improve security grafana
- duplicate X-Content-Type-Options
- X-Frame-Options header
- Referrer-Policy [Might consider adding variable]
- Secure flag with cookies
- matrix_grafana_content_security_policy variable for [Content Security Policy](https://grafana.com/docs/grafana/latest/administration/configuration/#content_security_policy)
2021-04-17 21:03:05 +05:30
sakkiii
27377e099d updated matrix_grafana_docker_image to v7.5.4
Latest stable grafana version is [7.5.4 (2021-04-14)](https://github.com/grafana/grafana/releases/tag/v7.5.4)
2021-04-17 17:31:14 +05:30
Slavi Pantaleev
68ca81c8c2 Attempt to fix docker_network result discrepancy between Ansible versions
Supposedly fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/907
2021-04-17 11:42:06 +03:00
Slavi Pantaleev
9c1f41eadf Merge pull request #1002 from thedanbob/node-exporter-1.1.2
Update prometheus node exporter (1.1.0->1.1.2)
2021-04-17 11:15:13 +03:00
Slavi Pantaleev
92925e5537 Merge pull request #1001 from thedanbob/prometheus-2.26.0
Update prometheus (2.24.1->2.26.0)
2021-04-17 11:14:53 +03:00
Dan Arnfield
8a550ce67c Update prometheus (2.24.1->2.26.0) 2021-04-16 09:25:45 -05:00
Dan Arnfield
83cc5c9e6a Update prometheus node exporter (1.1.0 -> 1.1.2) 2021-04-16 09:17:04 -05:00
sakkiii
5dc642ace1 Nginx element web: XSS protection & nosniff header
X-XSS-Protection: 1; mode=block; header, for basic XSS protection in legacy browsers.
X-Content-Type-Options: nosniff header, to disable MIME sniffing
2021-04-16 14:45:04 +05:30
Slavi Pantaleev
fcb9e9618a Make Coturn TLSv1/v1.1 configurable
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/999
2021-04-16 09:29:32 +03:00
Slavi Pantaleev
8ae0628c2f Merge pull request #999 from sakkiii/patch-1
CoTurn Disable support for TLS 1.0 and TLS 1.1
2021-04-16 09:21:23 +03:00
sakkiii
540416e32d Disable support for TLS 1.0 and TLS 1.1
These old versions of TLS rely on MD5 and SHA-1, both now broken, and contain other flaws. TLS 1.0 is no longer PCI-DSS compliant and the TLS working group has adopted a document to deprecate TLS 1.0 and TLS 1.1.
2021-04-15 19:25:23 +05:30
Slavi Pantaleev
ed3c9ccbd2 Merge pull request #998 from GoMatrixHosting/master
GoMatrixHosting v0.4.2
2021-04-15 12:20:27 +03:00
Michael-GMH
0607e01304 Merge remote-tracking branch 'upstream/master' 2021-04-15 17:08:03 +08:00
Michael-GMH
89cb5a3d7a GMH v0.4.2 update 2021-04-15 17:07:03 +08:00
Slavi Pantaleev
c7c137df74 Upgrade nginx and certbot 2021-04-14 13:24:41 +03:00
Slavi Pantaleev
931452bb06 Upgrade exim (4.93 -> 4.94) 2021-04-14 08:57:01 +03:00
Slavi Pantaleev
316d7d815a Add FAQ entry about debugging SSL certificate renewal troubles 2021-04-13 10:52:38 +03:00
Slavi Pantaleev
291621c984 Merge pull request #997 from rakshazi/patch-3
Updated Element Web 1.7.24.1 -> 1.7.25
2021-04-13 09:22:08 +03:00
rakshazi
4f8e1bd43a Updated Element Web 1.7.24.1 -> 1.7.25 2021-04-12 18:04:56 +00:00
Slavi Pantaleev
68db6d028b Merge pull request #990 from haghighi-ahmad/feature-use-custom-docker-registry
use custom docker registry
2021-04-12 16:08:34 +03:00
Ahmad Haghighi
126fbbc0cc fix typo 2021-04-12 17:23:55 +04:30
Ahmad Haghighi
e335f3fc77 rename matrix_global_registry to matrix_container_global_registry_prefix related to #990
Signed-off-by: Ahmad Haghighi <haghighi@fedoraproject.org>
2021-04-12 17:23:55 +04:30