| Age | Commit message (Collapse) | Author |
|---|
|
https://alpinelinux.org/posts/Alpine-3.19.0-released.html
Apache/2.4.58, PHP 8.2.13
|
|
Avoid keeping environment variables used for init.
Improvement of https://github.com/FreshRSS/FreshRSS/pull/5795
Spotted when checking https://github.com/FreshRSS/FreshRSS/issues/5894
|
|
* Fix PHP 7 compatibility
https://github.com/FreshRSS/FreshRSS/discussions/5892
* Multiple PHP 7 fixes
* PHPStan
|
|
|
|
* Update WebSub documentation a bit
* Marien prefers not to promote his hub too much :-)
|
|
The link resolution does not seem to be supported automatically
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/5819
|
|
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/5819
|
|
* Add multi arch container build
Co-authored-by: EdJoPaTo <rfc-conform-git-commit-email@funny-long-domain-label-everyone-hates-as-it-is-too-long.edjopato.de>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
* using label from github action
* dont remove static labels and split docker readme in seperate action
* pin 3rd party action to a commit
* enable pushing to dockerhub
* Update .github/workflows/build-images.yml
Co-authored-by: EdJoPaTo <github@edjopato.de>
* remove not needed checkout
* set github token permissions
* Update .github/workflows/push-dockerhub-readme.yml
* update docker readme to match new tags
* Apply suggestions from code review
* fix suffix for alpine image
* fix suffix for alpine image
* push images only at upstream repo
* push images only at upstream repo
* push images only at upstream repo
* tag latest-alpine as alpine
* tag latest-alpine as alpine
* remove no needed falvor
* keep falvor for build
* Clean more things
* Rename action
To use same default name than https://github.com/actions/starter-workflows/blob/main/ci/docker-publish.yml
* Rename readme action
To use same default name than https://github.com/peter-evans/dockerhub-description/blob/main/.github/workflows/dockerhub-description.yml
* Use default name for dockerhub-description
https://github.com/peter-evans/dockerhub-description/blob/main/.github/workflows/dockerhub-description.yml
Plus minor wording
* Experiment with build-args
* Debug
* Add checkout back
* Revert back to metadata-action
* Remove quotes in version
* Try to fix variables
* Experiment with automatic label values again
* Delete last Docker Hub hooks
* Use only git SHA for org.opencontainers.image.revision
https://specs.opencontainers.org/image-spec/annotations/#pre-defined-annotation-keys
* Comment out semver for now
Might be enabled later if desired
* Enable major semver
---------
Co-authored-by: EdJoPaTo <rfc-conform-git-commit-email@funny-long-domain-label-everyone-hates-as-it-is-too-long.edjopato.de>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
Co-authored-by: EdJoPaTo <github@edjopato.de>
|
|
fix https://github.com/FreshRSS/FreshRSS/issues/5792
regression from https://github.com/FreshRSS/FreshRSS/pull/5772
|
|
* Require PHP 7.4+
https://github.com/FreshRSS/FreshRSS/discussions/5474
* Update Docker oldest
Alpine 3.13 with PHP 7.4.26
* Add missing packets to Docker oldest
* Update to typed properties
https://php.net/migration74.new-features#migration74.new-features.core.typed-properties
* More types
|
|
fix https://github.com/FreshRSS/FreshRSS/issues/5770
Note, the syntax complying with https://www.shellcheck.net/wiki/SC2002 does not seem to work in ash / Alpine
|
|
* Prepare Alpine OIDC
* Prepare syntax for OpenID Connect in Alpine.
* Update :newest Alpine development image to PHP 8.3
* Fix a little bug in test of OIDC_SCOPES
* Changelog + syntax
* shellchecks
|
|
fix https://github.com/FreshRSS/FreshRSS/issues/5744
|
|
* Use RemoteIPInternalProxy directive of remoteip Apache module
instead of RemoteIPTrustedProxy directive
To allow internal IPs to be trusted: for internal clients,
and also for the case of chained internal reverse-proxies
Fixes #5726
* One last reference forgotten
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Update entrypoint.sh to avoid a warning on non-numeric TRUSTED_PROXY env var
Fixes #5732 5732
* Use POSIX-compatible syntax
* Fix POSIX syntax
|
|
https://www.postgresql.org/about/news/postgresql-16-released-2715/
Watch out, there are no auto-updates between major versions
|
|
Remove obsolete parameter not needed anymore now that all our images are using PHP 8+
|
|
* Rework trusted proxies
Fix https://github.com/FreshRSS/FreshRSS/issues/5502
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/3226
New environment variable `TRUSTED_PROXY`: set to 0 to disable, or to a list of trusted IP ranges compatible with https://httpd.apache.org/docs/current/mod/mod_remoteip.html#remoteiptrustedproxy
New internal environment variable `CONN_REMOTE_ADDR` to remember the true IP address of the connection (e.g. last proxy), even when using mod_remoteip.
Current working setups should not observe any significant change.
* Minor whitespace
* Safer trusted sources during install
Rework of https://github.com/FreshRSS/FreshRSS/pull/5358
https://github.com/FreshRSS/FreshRSS/issues/5357
* Minor readme
|
|
|
|
* Add OIDC_X_FORWARDED_HEADERS environment variable (fixes #5516)
The mod_auth_oidc needs an additional directive (`OIDCXForwardedHeaders`)
in case FreshRSS is running behind a reverse proxy, so it knows what host,
protocol and port were used to access it. This information is then used
in the `redirect_uri` when directing the user agent (browser) to the identity
provider for authentication.
Please note that, if you are running FreshRSS behind a reverse proxy that
handles TLS, you may need to update your identity provider's configuration so
it accepts `https://...` as a `redirect_uri`.
* Add link to mod_auth_openidc's documentation for the OIDCXForwardedHeaders Apache configuration directive
* Minor spelling
---------
Co-authored-by: Stefan Zwanenburg <stefan@zwanenburg.info>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
identity provider (#5481)
* Allow choosing the OIDC remote user claim and scopes to request from the identity provider
* Added comment to explain how checking whether an environment variable is set is done
* Use apostrophe's instead of single quotes for verb contractions in docs
* Move variables used for checking presence of environment variables inside IfDefine block
|
|
Quiet output for a2enmod, a2dismod, a2disconf, a2dissite, a2ensite to avoid many messages the following, which are not even relevant because Apache is not yet started at this stage:
```
To activate the new configuration, you need to run:
systemctl restart apache2
```
Related to https://github.com/FreshRSS/FreshRSS/pull/5463
|
|
https://www.debian.org/releases/bookworm/
With PHP 8.2.5 and Apache 2.4.57
|
|
Only enable the Apache auth_openidc module when actually used
Fix https://github.com/FreshRSS/FreshRSS/issues/5460
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/5351
|
|
* Add OIDC
* Update documentation.
* Update apache conf adding IfModule
* Use IfDefine for OIDC in apache conf
* Fix non-oidc support
* Fix typing
* Use IfDefine to enable OIDC
* Add OIDC support to all dockerfiles
* Re add apache Require option
* Fixes and documentation
* A few more fixes
* A bit more doc
* Change type of environment variable
* Update readme
* Correct apache config for OIDC support.
* Fix README formatting
* Update oidc control path
* Fix oidc endpoint being cached
* A bit more review
* Simplify ExpiresActive
* Add session refresh and improve caching
* Allow more different setups
* A bit more documentation
* A bit more readme
---------
Co-authored-by: Aaron Schif <aschif@netdevgroup.com>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
Co-authored-by: maTh <math-home@web.de>
|
|
Provide example of how to easily tune selected PostgreSQL settings
https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server
|
|
* Improve Dev Container
PHPStan was failing in Dev Container
* Update Docker to Alpine Linux 3.18
* New DATA_PATH environment variable
* README
|
|
https://alpinelinux.org/posts/Alpine-3.18.0-released.html
Minor updates with Apache 2.4.57 and PHP 8.1.19
|
|
* docs: language table added
* Update 05_Configuration.md
* Update 05_Configuration.md
* french docs
* Unicode quote and a few fixes
(Same search&replace aslo applied to a few other files)
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Document automated Docker build from git
Fix https://github.com/FreshRSS/FreshRSS/issues/5236
Contributes to https://github.com/FreshRSS/FreshRSS/issues/4089
* Rolling
|
|
* Listen for IPv6 connections
* Added information about LISTEN6 variable
* Make LISTEN variable a comma-separated list of values
* Removed debug commands
* Revert changes
---------
Co-authored-by: Rufubi <>
|
|
Update nginx nginx configuration in `Hosted in a subdirectory type.`
|
|
* Add docker-compose instructions for ARM64
* Update Docker/README.md
* Update Docker/README.md
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* More robust application of access permissions
We were in particular missing directory traversal `+X` in our current recommendations.
Extracted to own shell script so it can easily be invoked.
Update access permissions in Docker to account to be more robust.
#fix https://github.com/FreshRSS/FreshRSS/discussions/5037
* Minor simplification
* Restrict mkdir permissions
Default mkdir permissions are 0777, which is not good for security, so downgrade to 0770.
|
|
* Safer timezone set
Add missing tzdata in Docker :newest
Fallback to UTC if no timezone is defined at all
#fix https://github.com/FreshRSS/FreshRSS/pull/4906#issuecomment-1386747169
* Better refactoring
Show fallback timezone everywhere
|
|
* API avoid logging passwords
* Strip passwords and tokens from API logs
* Only log failed requests information when in debug mode
* Remove debug SHA
* Clean also Apache logs
* Better comments
* Redact also token parameters
* shfmt
* Simplify whitespace
* redacted
|
|
To ease adding custom extensions such as in https://github.com/FreshRSS/Extensions/issues/37#issuecomment-1363474585
|
|
* Docker Alpine timezone for :newest and :oldest
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/4903
Forgot the development images Newest and Oldest
* Uniform timezone behaviour
* shellcheck
* A bit more documentation
|
|
Allow setting the timezone with a `TZ` environment variable in our Alpine-based Docker images just like for our Debian-based Doker images.
See https://github.com/FreshRSS/FreshRSS/discussions/4898#discussioncomment-4245991
|
|
* Docker Alpine 3.17
Update alternative Docker image to Alpine 3.17 with PHP 8.1.12 (and still Apache 2.4.54)
https://alpinelinux.org/posts/Alpine-3.17.0-released.html
* Fix developer access rights
Put developer in www-data group
|
|
I have just received an e-mail with a security concern.
Although most likely an obsolete concern (old browsers with Java applets), and the Apache team saying that there is no problem, let's disable the TRACE method by default in our Docker images until we hear anybody actually wanting this feature.
https://httpd.apache.org/docs/current/mod/core.html#traceenable
https://owasp.org/www-community/attacks/Cross_Site_Tracing
|
|
Drop PHP 7.0- as planned https://github.com/FreshRSS/FreshRSS/discussions/3321#discussioncomment-835704
|
|
* Added PHP extensions `php-openssl` (used by PHPMailer) and php-xml (used by SimplePie)
* Upgraded dev image `freshrss/freshrss:newest` to PHP 8.2.
|
|
Remove output buffering during auto-install of FreshRSS and auto-creation of the default user.
We were only getting outputs at the end of each command, which was a problem for getting errors and progress, for instance when automatically importing a very large OPML
|
|
* Docker readme volume for extensions
Forgotten from https://github.com/FreshRSS/FreshRSS/pull/4320
Keeping https://github.com/FreshRSS/FreshRSS/pull/2837
* Minor whitespace
* No extension volume for development
|
|
https://alpinelinux.org/posts/Alpine-3.16.0-released.html
Apache 2.4.53, PHP 8.0.19
|
|
* Custom logo HTML
Add option for custom HTML logo/title in the main Web UI view.
Can potentially be different per user.
#fix https://github.com/FreshRSS/FreshRSS/pull/3830/files#r850472247
* logo_html in main config
With new `./data/config.custom.php` to provide custom values before install
* Docker documentation
* whitespace
* Auto relax CSP to allow images for HTML logo
* Documentation
|
|
* Update Docker readme
#fix https://github.com/FreshRSS/FreshRSS/issues/3351
* A few more headers
https://github.com/FreshRSS/FreshRSS/issues/3649
https://doc.traefik.io/traefik/middlewares/http/headers/
* Another docker logs example
* More uniform
* Minor details
|
|
* Use typographic quotes
* A few fixes
* Fix
* Fix not saved
* Implement feedback
* Detail
* Revert spoken English fixes
Left for a future dedicated discussion
* More reverts
* Final reverts
* Final minor
|
|
(#4134)
|
Alexandre Alapetite
Benjamin Reich
Mossroy
Zhaofeng Li
otaconix
Aaron Schif
maTh
Rufubi
witchcraze
Rebecca Scott
Thomas Renes
