|
|
739216f853
|
Tweaked nginx ressource limits
|
2020-01-16 06:22:35 +01:00 |
|
|
|
24692da470
|
Fixed cache injection vulnerability using faked headers
|
2020-01-14 06:45:56 +01:00 |
|
|
|
68b4458c88
|
Improve inode/dnode caching under memory pressure
|
2020-01-13 06:53:22 +01:00 |
|
|
|
e9c4b798d5
|
Update php systemd service files
|
2020-01-11 13:33:34 +01:00 |
|
|
|
a69714bce8
|
Enable hidden service intro DoS defense
|
2020-01-11 12:56:20 +01:00 |
|
|
|
709e4fd1c5
|
Reduce priority of background deletion task
|
2020-01-08 06:32:40 +01:00 |
|
|
|
930052fe1e
|
BindPaths -> ReadWritePaths for all systemd services
|
2020-01-05 19:31:52 +01:00 |
|
|
|
6d92ea99e0
|
Inreased mysql max_connections variable
|
2020-01-05 14:02:38 +01:00 |
|
|
|
0b41932570
|
Use Dovecot SASL instead of running a seperate saslauthd
|
2019-12-16 22:25:30 +01:00 |
|
|
|
1f4c90edf7
|
image/x-icon (.ico files) can be compressed well
|
2019-11-10 20:55:54 +01:00 |
|
|
|
f857083765
|
Enable HPACK nginx module and aio
|
2019-11-01 20:45:21 +01:00 |
|
|
|
079b771717
|
Define disable_symlinks nginx config rule globally
|
2019-10-20 13:17:08 +02:00 |
|
|
|
724ef98c9b
|
prevent deleting sockets of other php instances
|
2019-10-19 20:46:18 +02:00 |
|
|
|
9c04243f33
|
Simplify nginx systemd unit and add RuntimeDirectory option to php
|
2019-10-17 19:03:45 +02:00 |
|
|
|
b7be96b11f
|
Enable nginx and fix systemd service
|
2019-10-16 21:29:55 +02:00 |
|
|
|
6052e57112
|
Switch to custom compiled php
|
2019-10-15 19:37:51 +02:00 |
|
|
|
f9824e45a8
|
We run less instances now for less memory usage
|
2019-09-22 22:17:11 +02:00 |
|
|
|
7ec0f76f35
|
Updated nginx logrotate
|
2019-09-07 12:21:00 +02:00 |
|
|
|
0b61a38c26
|
Replace debian stock nginx with custom optimized nginx
|
2019-09-02 19:49:41 +02:00 |
|
|
|
df4c4275c7
|
Added vm.overcommit_ratio=100 to sysctl to use full memory capacity
|
2019-08-30 20:19:43 +02:00 |
|
|
|
37cf037a6c
|
Added the new instances to rc.local and README
|
2019-07-21 12:43:56 +02:00 |
|
|
|
401b87d3ea
|
Add curve25519-sha256 to KexAlgorithms
|
2019-05-06 20:05:16 +02:00 |
|
|
|
c219b65b53
|
Some software requires an IPv4 address and can't handle unix: addresses...
|
2019-02-12 19:38:21 +01:00 |
|
|
|
bdf26c8d00
|
Introduce CPU and Memory resource control for php and all child-processes
|
2019-01-22 21:12:50 +01:00 |
|
|
|
11574e3e3f
|
nproc seems to be a global limit, not per session - increased accoringly
|
2019-01-08 18:20:24 +01:00 |
|
|
|
838b6c3b6f
|
disable systemd-resolver and tor@default apparmor profile
|
2019-01-06 20:35:04 +01:00 |
|
|
|
dfe7f7d9e7
|
when shell access is enabled, we shouldn't use force-command in sshd_config
|
2019-01-06 19:35:49 +01:00 |
|
|
|
09ca89029e
|
apply security restrictions in limits.conf
|
2019-01-06 19:33:12 +01:00 |
|
|
|
c46a2584fa
|
Add shell access and scp support
|
2019-01-06 18:20:02 +01:00 |
|
|
|
b5d8b79b8e
|
Disabled STRICT_TRANS_TABLES for compatibility
|
2019-01-05 12:15:56 +01:00 |
|
|
|
55bc8cd757
|
Introduce mysqld socket stream forwarding with nginx for chroot jails
|
2019-01-01 13:47:30 +01:00 |
|
|
|
0f38bd2449
|
Improved privilege separation
|
2019-01-01 02:24:22 +01:00 |
|
|
|
91167d1f45
|
Fix systemd namespace issues taking effect after reboot
|
2018-12-24 06:27:33 +01:00 |
|
|
|
e0bfc5e633
|
Our hidden service should run on v3 by default
|
2018-12-10 16:58:50 +01:00 |
|
|
|
11c055ebcf
|
Remove commeted options
|
2018-12-07 22:18:49 +01:00 |
|
|
|
4f6539b31d
|
Introduce systemd.exec restrictions for better security
|
2018-12-07 21:54:44 +01:00 |
|
|
|
8e155012a7
|
Suppress chatty dovecot messages
|
2018-12-07 21:48:22 +01:00 |
|
|
|
4b25310396
|
Simplified sshd_config
|
2018-12-07 13:25:30 +01:00 |
|
|
|
be005c3137
|
Renamed config file
|
2018-12-05 17:18:46 +01:00 |
|
|
|
aedd8a1e6a
|
Update to latest mariadb version
|
2018-12-05 17:18:11 +01:00 |
|
|
|
64163823a8
|
dnsmasq should only listen on lo interface
|
2018-12-05 07:59:46 +01:00 |
|
|
|
4f059e66f7
|
Droped php7.2 systemd.service files
|
2018-12-04 13:29:17 +01:00 |
|
|
|
c651bb65c7
|
Add jounald.conf
|
2018-12-03 17:22:23 +01:00 |
|
|
|
22066309d5
|
Add login.defs file
|
2018-12-02 21:41:31 +01:00 |
|
|
|
363d1b31ad
|
Debian sid dropped php7.2 support - move to 7.3 only
|
2018-12-02 21:17:11 +01:00 |
|
|
|
2e0e69d605
|
We don't need apt repository translations
|
2018-12-02 19:31:26 +01:00 |
|
|
|
7111fa3a65
|
Prevent httpoxy vulnerability in PHP applications
|
2018-11-29 20:56:39 +01:00 |
|
|
|
9de11a9722
|
Dropped PHP7.1 support and install composer
|
2018-11-24 10:38:59 +01:00 |
|
|
|
e4e59782ca
|
Disabled RSA host key type (because small keys are generated by default), as well as ECDSA (due to suspicions of NSA-compromised P-curves). Enabled only strong key exchange, cipher, and MAC algorithms. See https://www.sshaudit.com/ and https://github.com/arthepsy/ssh-audit.
|
2018-11-19 15:01:11 -05:00 |
|
|
|
41b33f2c51
|
Drop PHP7.0 support
|
2018-11-18 20:50:35 +01:00 |
|
