finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
3,109 Commits 3 Branches 0 Tags
ee663e819e58bea0cd5255dd785196fee6cbc773
Commit Graph

1919 Commits

Author SHA1 Message Date
Slavi Pantaleev
689dcea773 Fix self-building for Coturn 
Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1023

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1009
 2021-04-24 20:31:25 +03:00
sakkiii
40fe6bd5c1 variable matrix_nginx_proxy_hsts_preload_enable added 2021-04-24 20:04:20 +05:30
Slavi Pantaleev
389dc26615 Fix Synapse generic worker balancing 
Potentially fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1022
 2021-04-24 11:52:45 +03:00
sakkiii
5b4fdf9b87 Merge branch 'master' of https://github.com/sakkiii/matrix-docker-ansible-deploy 2021-04-24 12:15:34 +05:30
sakkiii
0ccf0fbf1c HSTS preload + X-XSS enables 
**HSTS Preloading:**
In its strongest and recommended form, the [HSTS policy](https://www.chromium.org/hsts) includes all subdomains, and indicates a willingness to be “preloaded” into browsers:
`Strict-Transport-Security: max-age=31536000; includeSubDomains; preload`

**X-Xss-Protection:**
`1; mode=block` which tells the browser to block the response if it detects an attack rather than sanitising the script.
 2021-04-24 12:12:34 +05:30
sakkiii
3564635f0f Merge branch 'master' into master 2021-04-24 11:46:52 +05:30
sakkiii
29bba5161b Element More security headers 
More Production ready nginx headers for Matrix client element.
 2021-04-24 11:10:40 +05:30
Slavi Pantaleev
f6b371164c Remove useless variable 2021-04-23 07:07:18 +03:00
Slavi Pantaleev
62c0587b6a Use Alpine-based Coturn 2021-04-22 15:05:37 +03:00
Slavi Pantaleev
72a7cb4145 Merge pull request #1018 from GoMatrixHosting/master 
GoMatrixHosting v0.4.3
 2021-04-22 14:23:30 +03:00
Slavi Pantaleev
e3fa3e12bc Upgrade Synapse (1.31 -> 1.32.2) 2021-04-22 14:22:07 +03:00
Michael-GMH
50d7209c5b GMH v04.3 2021-04-22 11:45:59 +08:00
Slavi Pantaleev
378fabf177 Revert "Upgrade Synapse (1.31 -> 1.32.1)" 
This reverts commit 1fb54a37cb.

Seems like it's been pulled or something. It used to exist, but not
anymore. Not sure what's going on.

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1017

Related to
https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1010
 2021-04-21 23:36:58 +03:00
Slavi Pantaleev
1fb54a37cb Upgrade Synapse (1.31 -> 1.32.1) 
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1010
 2021-04-21 18:47:15 +03:00
Slavi Pantaleev
d691cc0920 Move variable definition a bit 2021-04-21 13:59:20 +03:00
Slavi Pantaleev
e00ef04b57 Add opt-out-of-FLoC headers by default 2021-04-21 13:58:24 +03:00
Slavi Pantaleev
42783972fd Merge pull request #1011 from aaronraimist/synapse-admin 
Upgrade synapse-admin (0.7.0 -> 0.7.2)
 2021-04-21 09:24:30 +03:00
Slavi Pantaleev
ca786cc343 Revert "Upgrade Synapse (1.31 -> 1.32)" 
This reverts commit f825c7c263.

Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1010
 2021-04-20 23:40:55 +03:00
Aaron Raimist
bb64b80697 Upgrade synapse-admin (0.7.0 -> 0.7.2) 2021-04-20 15:14:08 -05:00
Slavi Pantaleev
f825c7c263 Upgrade Synapse (1.31 -> 1.32) 2021-04-20 17:47:34 +03:00
Slavi Pantaleev
7eda6a3c12 Merge pull request #1009 from thedanbob/coturn-official 
Switch to official coturn image
 2021-04-19 18:41:17 +03:00
Slavi Pantaleev
adcecaffaf Fix connectivity between prometheus and prometheus-node-exporter 
Expected to have regressed after https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1008

This patch comes with its own downsides (as described in the comments
for matrix_prometheus_node_exporter_container_http_host_bind_port),
but at least there's:
- no security issue
- metrics remain readable from matrix-prometheus (even if the network metrics are inaccurate)

A better patch is certainly welcome.
 2021-04-19 18:29:03 +03:00
Dan Arnfield
b2ca1f2829 Add capability required by new image 2021-04-19 10:16:26 -05:00
Slavi Pantaleev
398b9f5d66 Merge pull request #1008 from sakkiii/master 
security** node-exporter data & port publicly exposed
 2021-04-19 17:31:00 +03:00
Dan Arnfield
29177d4922 Switch to official coturn docker image 2021-04-19 09:04:08 -05:00
sak
88a30fb5ed security** node-exporter data & port publicly exposed 2021-04-19 15:35:23 +05:30
sak
0f9a455719 Revert "security** node-exporter data & port publicly exposed" 
This reverts commit d0cd709c08.
 2021-04-19 15:24:36 +05:30
sak
d0cd709c08 security** node-exporter data & port publicly exposed 2021-04-19 15:15:59 +05:30
Slavi Pantaleev
4a1739f604 Merge pull request #1007 from teutat3s/fix/nginx-dont-send-version 
Don't expose nginx version with each response
 2021-04-18 21:33:11 +03:00
teutat3s
2bf7c26cfa Don't expose nginx version with each response 2021-04-18 16:24:13 +02:00
Slavi Pantaleev
c565e72f0d Merge pull request #1003 from sakkiii/patch-2 
updated matrix_grafana_docker_image to v7.5.4
 2021-04-18 09:56:12 +03:00
Slavi Pantaleev
51b46697c5 Merge pull request #1005 from sakkiii/master 
Improve security for grafana
 2021-04-18 09:50:59 +03:00
Dan Arnfield
f04614a993 Fix prometheus network for ansible < 2.8 2021-04-17 20:15:26 -05:00
Slavi Pantaleev
badd81e0ec Revert "Attempt to fix docker_network result discrepancy between Ansible versions" 
This reverts commit 68ca81c8c2.
 2021-04-17 19:31:20 +03:00
sakkiii
1958d0792d Update matrix-client-element.conf.j2 2021-04-17 21:33:07 +05:30
sakkiii
b6d45c5fd8 Merge branch 'master' of https://github.com/sakkiii/matrix-docker-ansible-deploy 2021-04-17 21:03:26 +05:30
sakkiii
05042f5ff1 Improve security grafana 
- duplicate X-Content-Type-Options
- X-Frame-Options header
- Referrer-Policy [Might consider adding variable]
- Secure flag with cookies
- matrix_grafana_content_security_policy variable for [Content Security Policy](https://grafana.com/docs/grafana/latest/administration/configuration/#content_security_policy)
 2021-04-17 21:03:05 +05:30
sakkiii
27377e099d updated matrix_grafana_docker_image to v7.5.4 
Latest stable grafana version is [7.5.4 (2021-04-14)](https://github.com/grafana/grafana/releases/tag/v7.5.4)
 2021-04-17 17:31:14 +05:30
Slavi Pantaleev
68ca81c8c2 Attempt to fix docker_network result discrepancy between Ansible versions 
Supposedly fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/907
 2021-04-17 11:42:06 +03:00
Slavi Pantaleev
9c1f41eadf Merge pull request #1002 from thedanbob/node-exporter-1.1.2 
Update prometheus node exporter (1.1.0->1.1.2)
 2021-04-17 11:15:13 +03:00
Dan Arnfield
8a550ce67c Update prometheus (2.24.1->2.26.0) 2021-04-16 09:25:45 -05:00
Dan Arnfield
83cc5c9e6a Update prometheus node exporter (1.1.0 -> 1.1.2) 2021-04-16 09:17:04 -05:00
sakkiii
5dc642ace1 Nginx element web: XSS protection & nosniff header 
X-XSS-Protection: 1; mode=block; header, for basic XSS protection in legacy browsers.
X-Content-Type-Options: nosniff header, to disable MIME sniffing
 2021-04-16 14:45:04 +05:30
Slavi Pantaleev
fcb9e9618a Make Coturn TLSv1/v1.1 configurable 
Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/999
 2021-04-16 09:29:32 +03:00
sakkiii
540416e32d Disable support for TLS 1.0 and TLS 1.1 
These old versions of TLS rely on MD5 and SHA-1, both now broken, and contain other flaws. TLS 1.0 is no longer PCI-DSS compliant and the TLS working group has adopted a document to deprecate TLS 1.0 and TLS 1.1.
 2021-04-15 19:25:23 +05:30
Michael-GMH
89cb5a3d7a GMH v0.4.2 update 2021-04-15 17:07:03 +08:00
Michael
f41bfb69d2 update survey template formatting 2021-04-04 12:01:53 +08:00
Michael
814bdf5a88 update spelling 2021-04-04 11:52:26 +08:00
Michael
fbe22289bd merge with upstream and testing branch 2021-04-04 11:41:06 +08:00
Slavi Pantaleev
995c483856 Merge pull request #962 from aaronraimist/mjolnir 
Add mjolnir
 2021-04-03 10:45:29 +03:00