| Age | Commit message (Collapse) | Author |
|---|
|
fix https://github.com/FreshRSS/FreshRSS/issues/5770
Note, the syntax complying with https://www.shellcheck.net/wiki/SC2002 does not seem to work in ash / Alpine
|
|
* Prepare Alpine OIDC
* Prepare syntax for OpenID Connect in Alpine.
* Update :newest Alpine development image to PHP 8.3
* Fix a little bug in test of OIDC_SCOPES
* Changelog + syntax
* shellchecks
|
|
fix https://github.com/FreshRSS/FreshRSS/issues/5744
|
|
* Use RemoteIPInternalProxy directive of remoteip Apache module
instead of RemoteIPTrustedProxy directive
To allow internal IPs to be trusted: for internal clients,
and also for the case of chained internal reverse-proxies
Fixes #5726
* One last reference forgotten
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Update entrypoint.sh to avoid a warning on non-numeric TRUSTED_PROXY env var
Fixes #5732 5732
* Use POSIX-compatible syntax
* Fix POSIX syntax
|
|
https://www.postgresql.org/about/news/postgresql-16-released-2715/
Watch out, there are no auto-updates between major versions
|
|
Remove obsolete parameter not needed anymore now that all our images are using PHP 8+
|
|
* Rework trusted proxies
Fix https://github.com/FreshRSS/FreshRSS/issues/5502
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/3226
New environment variable `TRUSTED_PROXY`: set to 0 to disable, or to a list of trusted IP ranges compatible with https://httpd.apache.org/docs/current/mod/mod_remoteip.html#remoteiptrustedproxy
New internal environment variable `CONN_REMOTE_ADDR` to remember the true IP address of the connection (e.g. last proxy), even when using mod_remoteip.
Current working setups should not observe any significant change.
* Minor whitespace
* Safer trusted sources during install
Rework of https://github.com/FreshRSS/FreshRSS/pull/5358
https://github.com/FreshRSS/FreshRSS/issues/5357
* Minor readme
|
|
|
|
* Add OIDC_X_FORWARDED_HEADERS environment variable (fixes #5516)
The mod_auth_oidc needs an additional directive (`OIDCXForwardedHeaders`)
in case FreshRSS is running behind a reverse proxy, so it knows what host,
protocol and port were used to access it. This information is then used
in the `redirect_uri` when directing the user agent (browser) to the identity
provider for authentication.
Please note that, if you are running FreshRSS behind a reverse proxy that
handles TLS, you may need to update your identity provider's configuration so
it accepts `https://...` as a `redirect_uri`.
* Add link to mod_auth_openidc's documentation for the OIDCXForwardedHeaders Apache configuration directive
* Minor spelling
---------
Co-authored-by: Stefan Zwanenburg <stefan@zwanenburg.info>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
identity provider (#5481)
* Allow choosing the OIDC remote user claim and scopes to request from the identity provider
* Added comment to explain how checking whether an environment variable is set is done
* Use apostrophe's instead of single quotes for verb contractions in docs
* Move variables used for checking presence of environment variables inside IfDefine block
|
|
Quiet output for a2enmod, a2dismod, a2disconf, a2dissite, a2ensite to avoid many messages the following, which are not even relevant because Apache is not yet started at this stage:
```
To activate the new configuration, you need to run:
systemctl restart apache2
```
Related to https://github.com/FreshRSS/FreshRSS/pull/5463
|
|
https://www.debian.org/releases/bookworm/
With PHP 8.2.5 and Apache 2.4.57
|
|
Only enable the Apache auth_openidc module when actually used
Fix https://github.com/FreshRSS/FreshRSS/issues/5460
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/5351
|
|
* Add OIDC
* Update documentation.
* Update apache conf adding IfModule
* Use IfDefine for OIDC in apache conf
* Fix non-oidc support
* Fix typing
* Use IfDefine to enable OIDC
* Add OIDC support to all dockerfiles
* Re add apache Require option
* Fixes and documentation
* A few more fixes
* A bit more doc
* Change type of environment variable
* Update readme
* Correct apache config for OIDC support.
* Fix README formatting
* Update oidc control path
* Fix oidc endpoint being cached
* A bit more review
* Simplify ExpiresActive
* Add session refresh and improve caching
* Allow more different setups
* A bit more documentation
* A bit more readme
---------
Co-authored-by: Aaron Schif <aschif@netdevgroup.com>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
Co-authored-by: maTh <math-home@web.de>
|
|
Provide example of how to easily tune selected PostgreSQL settings
https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server
|
|
* Improve Dev Container
PHPStan was failing in Dev Container
* Update Docker to Alpine Linux 3.18
* New DATA_PATH environment variable
* README
|
|
https://alpinelinux.org/posts/Alpine-3.18.0-released.html
Minor updates with Apache 2.4.57 and PHP 8.1.19
|
|
* docs: language table added
* Update 05_Configuration.md
* Update 05_Configuration.md
* french docs
* Unicode quote and a few fixes
(Same search&replace aslo applied to a few other files)
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Document automated Docker build from git
Fix https://github.com/FreshRSS/FreshRSS/issues/5236
Contributes to https://github.com/FreshRSS/FreshRSS/issues/4089
* Rolling
|
|
* Listen for IPv6 connections
* Added information about LISTEN6 variable
* Make LISTEN variable a comma-separated list of values
* Removed debug commands
* Revert changes
---------
Co-authored-by: Rufubi <>
|
|
Update nginx nginx configuration in `Hosted in a subdirectory type.`
|
|
* Add docker-compose instructions for ARM64
* Update Docker/README.md
* Update Docker/README.md
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* More robust application of access permissions
We were in particular missing directory traversal `+X` in our current recommendations.
Extracted to own shell script so it can easily be invoked.
Update access permissions in Docker to account to be more robust.
#fix https://github.com/FreshRSS/FreshRSS/discussions/5037
* Minor simplification
* Restrict mkdir permissions
Default mkdir permissions are 0777, which is not good for security, so downgrade to 0770.
|
|
* Safer timezone set
Add missing tzdata in Docker :newest
Fallback to UTC if no timezone is defined at all
#fix https://github.com/FreshRSS/FreshRSS/pull/4906#issuecomment-1386747169
* Better refactoring
Show fallback timezone everywhere
|
|
* API avoid logging passwords
* Strip passwords and tokens from API logs
* Only log failed requests information when in debug mode
* Remove debug SHA
* Clean also Apache logs
* Better comments
* Redact also token parameters
* shfmt
* Simplify whitespace
* redacted
|
|
To ease adding custom extensions such as in https://github.com/FreshRSS/Extensions/issues/37#issuecomment-1363474585
|
|
* Docker Alpine timezone for :newest and :oldest
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/4903
Forgot the development images Newest and Oldest
* Uniform timezone behaviour
* shellcheck
* A bit more documentation
|
|
Allow setting the timezone with a `TZ` environment variable in our Alpine-based Docker images just like for our Debian-based Doker images.
See https://github.com/FreshRSS/FreshRSS/discussions/4898#discussioncomment-4245991
|
|
* Docker Alpine 3.17
Update alternative Docker image to Alpine 3.17 with PHP 8.1.12 (and still Apache 2.4.54)
https://alpinelinux.org/posts/Alpine-3.17.0-released.html
* Fix developer access rights
Put developer in www-data group
|
|
I have just received an e-mail with a security concern.
Although most likely an obsolete concern (old browsers with Java applets), and the Apache team saying that there is no problem, let's disable the TRACE method by default in our Docker images until we hear anybody actually wanting this feature.
https://httpd.apache.org/docs/current/mod/core.html#traceenable
https://owasp.org/www-community/attacks/Cross_Site_Tracing
|
|
Drop PHP 7.0- as planned https://github.com/FreshRSS/FreshRSS/discussions/3321#discussioncomment-835704
|
|
* Added PHP extensions `php-openssl` (used by PHPMailer) and php-xml (used by SimplePie)
* Upgraded dev image `freshrss/freshrss:newest` to PHP 8.2.
|
|
Remove output buffering during auto-install of FreshRSS and auto-creation of the default user.
We were only getting outputs at the end of each command, which was a problem for getting errors and progress, for instance when automatically importing a very large OPML
|
|
* Docker readme volume for extensions
Forgotten from https://github.com/FreshRSS/FreshRSS/pull/4320
Keeping https://github.com/FreshRSS/FreshRSS/pull/2837
* Minor whitespace
* No extension volume for development
|
|
https://alpinelinux.org/posts/Alpine-3.16.0-released.html
Apache 2.4.53, PHP 8.0.19
|
|
* Custom logo HTML
Add option for custom HTML logo/title in the main Web UI view.
Can potentially be different per user.
#fix https://github.com/FreshRSS/FreshRSS/pull/3830/files#r850472247
* logo_html in main config
With new `./data/config.custom.php` to provide custom values before install
* Docker documentation
* whitespace
* Auto relax CSP to allow images for HTML logo
* Documentation
|
|
* Update Docker readme
#fix https://github.com/FreshRSS/FreshRSS/issues/3351
* A few more headers
https://github.com/FreshRSS/FreshRSS/issues/3649
https://doc.traefik.io/traefik/middlewares/http/headers/
* Another docker logs example
* More uniform
* Minor details
|
|
* Use typographic quotes
* A few fixes
* Fix
* Fix not saved
* Implement feedback
* Detail
* Revert spoken English fixes
Left for a future dedicated discussion
* More reverts
* Final reverts
* Final minor
|
|
(#4134)
|
|
* Docker :newest Alpine PHP 8.1
Update our `:newest` development image to use PHP 8.1 in alpine:edge
* Increase memory for tests
|
|
Related to https://github.com/FreshRSS/FreshRSS/issues/4073
In our Docker configuration, `.htaccess` files are included only once at startup. The one for themes was missing.
|
|
Alpine 3.15 with PHP 8.0.13 and Apache 2.4.51
https://alpinelinux.org/posts/Alpine-3.15.0-released.html
|
|
Should be done during build and not during entrypoint, to avoid modifying a potential volume (e.g. mounting the source code as a volume is used during development).
|
|
#fix https://github.com/FreshRSS/FreshRSS/pull/3927/files#r735146297
The path `/var/www/FreshRSS/` might be a Docker volume, breaking files created there during Docker build
|
|
Adding the crontab as part of the image build makes it more complicated
to add custom entries to the crontab. Adjusting the image and entrypoint
to make it so that the crontab is only added when CRON_MIN is set
simplifies having a custom crontab.
|
|
* Improved markdownlint
* Relaxed rules slighlty
* `npm run markdownlint` for automatic tests
* `npm run markdownlint_fix` for automatic syntax fixing
* Applied the fixes on all our Markdown files
|
|
FreshRSS switched to Debian as the parent For the Image but there
were still a couple references in the README to Ubuntu.
|
|
PHP 7.4.21, Apache/2.4.48
|
|
* Add .env file for docker-compose (fix #3755)
Adding a .env has the advantage that the configuration can be stored in a separate file and it'll be possible to just get the newest docker-compose.yml file.
* Update documentation for the .env file
* Update Docker/README.md
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
|
Alexandre Alapetite
Mossroy
Zhaofeng Li
otaconix
Aaron Schif
maTh
Rufubi
witchcraze
Rebecca Scott
Thomas Renes
Chris Francy
caminsha
