77682b077b
Removed razor due to excessive ressource usage
2022-02-06 19:42:03 +01:00
Daniel Winzen
3d96c2ca70
Add dnssec validating recursive resolver and razorfy+rspamd users
2021-05-21 08:47:56 +02:00
Daniel Winzen
5e7f385b06
Recurse pull php-gnupg submodules and remove unneeded systemd.service files
2021-04-08 18:31:02 +02:00
Daniel Winzen
6f98c1b08b
Add PHP-8.0 and remove xmlrpc extension + PHP-7.2
2020-10-13 10:25:04 +02:00
Daniel Winzen
14c50d7c1e
Allow nginx to write in postfix directory
2020-02-08 22:37:57 +01:00
Daniel Winzen
1b28fcac95
Fix vsftpd not starting
2020-02-05 19:26:35 +01:00
Daniel Winzen
e9c4b798d5
Update php systemd service files
2020-01-11 13:33:34 +01:00
Daniel Winzen
709e4fd1c5
Reduce priority of background deletion task
2020-01-08 06:32:40 +01:00
Daniel Winzen
930052fe1e
BindPaths -> ReadWritePaths for all systemd services
2020-01-05 19:31:52 +01:00
Daniel Winzen
0b41932570
Use Dovecot SASL instead of running a seperate saslauthd
2019-12-16 22:25:30 +01:00
Daniel Winzen
724ef98c9b
prevent deleting sockets of other php instances
2019-10-19 20:46:18 +02:00
Daniel Winzen
9c04243f33
Simplify nginx systemd unit and add RuntimeDirectory option to php
2019-10-17 19:03:45 +02:00
Daniel Winzen
b7be96b11f
Enable nginx and fix systemd service
2019-10-16 21:29:55 +02:00
Daniel Winzen
6052e57112
Switch to custom compiled php
2019-10-15 19:37:51 +02:00
Daniel Winzen
0b61a38c26
Replace debian stock nginx with custom optimized nginx
2019-09-02 19:49:41 +02:00
Daniel Winzen
bdf26c8d00
Introduce CPU and Memory resource control for php and all child-processes
2019-01-22 21:12:50 +01:00
Daniel Winzen
838b6c3b6f
disable systemd-resolver and tor@default apparmor profile
2019-01-06 20:35:04 +01:00
Daniel Winzen
55bc8cd757
Introduce mysqld socket stream forwarding with nginx for chroot jails
2019-01-01 13:47:30 +01:00
Daniel Winzen
0f38bd2449
Improved privilege separation
2019-01-01 02:24:22 +01:00
Daniel Winzen
91167d1f45
Fix systemd namespace issues taking effect after reboot
2018-12-24 06:27:33 +01:00
Daniel Winzen
11c055ebcf
Remove commeted options
2018-12-07 22:18:49 +01:00
Daniel Winzen
4f6539b31d
Introduce systemd.exec restrictions for better security
2018-12-07 21:54:44 +01:00
Daniel Winzen
4f059e66f7
Droped php7.2 systemd.service files
2018-12-04 13:29:17 +01:00
Daniel Winzen
9de11a9722
Dropped PHP7.1 support and install composer
2018-11-24 10:38:59 +01:00
Daniel Winzen
41b33f2c51
Drop PHP7.0 support
2018-11-18 20:50:35 +01:00
Daniel Winzen
9985ba4864
Add PHP7.3 support and let setup.php write initial config files
2018-10-24 19:59:02 +02:00
Daniel Winzen
300cd647df
Increase limits and add putenv to disabled functions (vulerability)
...
Potential security vulnerability:
<?php
putenv("LD_PRELOAD=/home/site.onion/libtest.so");
mail("test@localhost","hacked","you");
2018-04-22 09:11:43 +02:00
Daniel Winzen
c9487adb1a
MariaDB hit open_files_limit -> increase it
2018-03-12 06:47:18 +01:00
Daniel Winzen
b2fab1ec53
Fix /var/run/nginx not being created on nginx start
2018-03-11 20:17:14 +01:00
Daniel Winzen
7bd2e79f06
Separate nginx sockets for each site to make hoster identification harder
2018-03-08 20:57:42 +01:00
Daniel Winzen
fa24bb61ec
Added PHP 7.2 support + minor bugfixes and performance tweaks
...
Note when applying this update you will have to update existing nginx vhosts to match new listening addresses (IPv6). Preferably you should update them to unix socket though and apply the changes to the tor hidden service config as well
2018-02-10 22:10:07 +01:00
Daniel Winzen
88f6fa2e88
Log tor to default syslog
2017-05-10 18:55:02 +02:00
Daniel Winzen
fa363efaec
Bugfixes
2017-05-06 18:29:19 +02:00
Daniel Winzen
e0b35fb943
Initial commit
2017-04-30 19:32:42 +02:00