| Age | Commit message (Collapse) | Author |
|---|
|
I have just received an e-mail with a security concern.
Although most likely an obsolete concern (old browsers with Java applets), and the Apache team saying that there is no problem, let's disable the TRACE method by default in our Docker images until we hear anybody actually wanting this feature.
https://httpd.apache.org/docs/current/mod/core.html#traceenable
https://owasp.org/www-community/attacks/Cross_Site_Tracing
|
|
Related to https://github.com/FreshRSS/FreshRSS/issues/4073
In our Docker configuration, `.htaccess` files are included only once at startup. The one for themes was missing.
|
|
#fix https://github.com/FreshRSS/FreshRSS/issues/3233
In Alpine, we need to enable mod_logio.c to use %O. Revert to more
standard %b
https://httpd.apache.org/docs/2.4/mod/mod_log_config.html#logformat
|
|
#fix https://github.com/FreshRSS/FreshRSS/issues/3224
Log the client remote IP instead of the local proxy IP
https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html
|
|
* Docker image alternative using Ubuntu
Ubuntu seems to be faster, cf. e.g. PHPBench.
It is quite usual for Docker images to offer both a Debian/Ubuntu and an
Alpine version, so we could also do the same if there is any need.
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/2202
* Only explicit use of Apache confs
Fix double-logging issue
* Explicit ServerTokens OS
Default Apache configuration in Ubuntu, which was removed when disabling all confs.
It is also the default Apache configuration in Alpine.
* Take advantage of syslog for actualization
Same than for Alpine
https://github.com/FreshRSS/FreshRSS/pull/2208/commits/43ab629e27799cb28ec28ad409a512e128d11e97
* COPY_SYSLOG_TO_STDERR
Same as https://github.com/FreshRSS/FreshRSS/pull/2213
* Update to libapache2-mod-php instead of php-fpm
* Default to Ubuntu
Ubuntu mod-php wins, being ~14% faster than Ubuntu php-fpm (which was ~300% faster than Alpine mod-php)
|
|
* Apache performance
API: Use SetEnvIf if available and fallback to RewriteRule
Docker: Disable unused modules.
Docker: Hard-include .htaccess to avoid having to scan for changes in
that file.
Docker: Disable security check of symlinks, which we do not use ayway.
* Apache readme
* Docker/Apache tuning
Run cron job with correct www-data user instead of root
Remove PHP GMP module uneeded for 64-bit Docker image
Add option to mount custom .htaccess for HTTP authentication
Re-add Apache module for HTTP authentication
Move Alpine-specific instructions to Docker file (instead of Apache
conf) to make it easier to have other base images than Alpine
|
|
It looks like overrides of CustomLog, ErrorLog, Listen did not do the
job fully.
Updated to comment out those lines in httpd.conf.
Fixes the fact that logs were kept in /var/log/apache2/ (instead of
being only given via STDOUT to Docker logs) and the "internal dummy
connection" bug over IPv6 (Docker is typically only IPv4).
|
|
* Draft of new Docker
Based on Alpine Linux. Size ~78MB.
https://github.com/FreshRSS/docker-freshrss/issues/4
https://github.com/FreshRSS/FreshRSS/issues/520
https://github.com/FreshRSS/docker-freshrss
https://github.com/FreshRSS/docker-freshrss-production
* Docker readme
* +x execution rights prepare
* Docker readme links to hub.docker.com
https://hub.docker.com/r/freshrss/freshrss/
|
Alexandre Alapetite
