From 5846205b486ec91109585b413b0d1eaacf8e7570 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Tue, 6 Mar 2018 19:53:48 +0000 Subject: [PATCH 1/3] Setting upload limits in gnusocial/postactiv --- src/freedombone-app-gnusocial | 11 +++++++++++ src/freedombone-app-postactiv | 11 +++++++++++ src/freedombone-utils-gnusocialtools | 8 ++++++++ src/freedombone-utils-web | 9 +++++---- 4 files changed, 35 insertions(+), 4 deletions(-) diff --git a/src/freedombone-app-gnusocial b/src/freedombone-app-gnusocial index 29e96862..90edc7ec 100755 --- a/src/freedombone-app-gnusocial +++ b/src/freedombone-app-gnusocial @@ -724,6 +724,8 @@ function install_gnusocial_main { echo ''; echo ' # PHP'; echo ' location ~ \.php {'; + echo ' client_max_body_size 50m;'; + echo ' client_body_buffer_size 50m;'; echo ' include snippets/fastcgi-php.conf;'; echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;'; echo ' fastcgi_read_timeout 30;'; @@ -738,6 +740,8 @@ function install_gnusocial_main { echo ''; echo ' # Fancy URLs'; echo ' location @gnusocial {'; + echo ' client_max_body_size 50m;'; + echo ' client_body_buffer_size 50m;'; echo " rewrite ^(.*)\$ /index.php?p=\$1 last;"; echo ' }'; echo ''; @@ -771,6 +775,8 @@ function install_gnusocial_main { echo ''; echo ' # PHP'; echo ' location ~ \.php {'; + echo ' client_max_body_size 50m;'; + echo ' client_body_buffer_size 50m;'; echo ' include snippets/fastcgi-php.conf;'; echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;'; echo ' fastcgi_read_timeout 30;'; @@ -785,6 +791,8 @@ function install_gnusocial_main { echo ''; echo ' # Fancy URLs'; echo ' location @gnusocial {'; + echo ' client_max_body_size 50m;'; + echo ' client_body_buffer_size 50m;'; echo " rewrite ^(.*)\$ /index.php?p=\$1 last;"; echo ' }'; echo ''; @@ -794,6 +802,9 @@ function install_gnusocial_main { echo ' }'; echo '}'; } >> "$gnusocial_nginx_site" + function_check gnusocial_set_limits + gnusocial_set_limits "$gnusocial_nginx_site" + function_check configure_php configure_php diff --git a/src/freedombone-app-postactiv b/src/freedombone-app-postactiv index 6a7b3831..0c3668ea 100755 --- a/src/freedombone-app-postactiv +++ b/src/freedombone-app-postactiv @@ -738,6 +738,8 @@ function install_postactiv_main { echo ''; echo ' # PHP'; echo ' location ~ \.php {'; + echo ' client_max_body_size 50m;'; + echo ' client_body_buffer_size 50m;'; echo ' include snippets/fastcgi-php.conf;'; echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;'; echo ' fastcgi_read_timeout 30;'; @@ -752,6 +754,8 @@ function install_postactiv_main { echo ''; echo ' # Fancy URLs'; echo ' location @postactiv {'; + echo ' client_max_body_size 50m;'; + echo ' client_body_buffer_size 50m;'; echo " rewrite ^(.*)\$ /index.php?p=\$1 last;"; echo ' }'; echo ''; @@ -785,6 +789,8 @@ function install_postactiv_main { echo ''; echo ' # PHP'; echo ' location ~ \.php {'; + echo ' client_max_body_size 50m;'; + echo ' client_body_buffer_size 50m;'; echo ' include snippets/fastcgi-php.conf;'; echo ' fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;'; echo ' fastcgi_read_timeout 30;'; @@ -799,6 +805,8 @@ function install_postactiv_main { echo ''; echo ' # Fancy URLs'; echo ' location @postactiv {'; + echo ' client_max_body_size 50m;'; + echo ' client_body_buffer_size 50m;'; echo " rewrite ^(.*)\$ /index.php?p=\$1 last;"; echo ' }'; echo ''; @@ -808,6 +816,9 @@ function install_postactiv_main { echo ' }'; echo '}'; } >> "$postactiv_nginx_site" + function_check gnusocial_set_limits + gnusocial_set_limits "$postactiv_nginx_site" + function_check configure_php configure_php diff --git a/src/freedombone-utils-gnusocialtools b/src/freedombone-utils-gnusocialtools index 10707042..072a8540 100755 --- a/src/freedombone-utils-gnusocialtools +++ b/src/freedombone-utils-gnusocialtools @@ -43,6 +43,14 @@ SHARINGS_THEME_COMMIT='a46ef375d19e8ef6889653668a7e697b0ba2013c' GNUSOCIAL_MARKDOWN_REPO="https://git.gnu.io/chimo/markdown.git" GNUSOCIAL_MARKDOWN_COMMIT='03c53942f94b3376f0946e6e1fe566cc21ccf232' +function gnusocial_set_limits { + filename="$1" + + sed -i 's|client_body_buffer_size.*|client_body_buffer_size 5m;|g' "$filename" + sed -i 's|limit_conn conn_limit_per_ip.*|limit_conn conn_limit_per_ip 100;|g' "$filename" + sed -i 's|req_limit_per_ip.*|req_limit_per_ip burst=100 nodelay;|g' "$filename" +} + # Stuff to be done after restoring from backup function gnusocial_update_after_restore { gnusocial_variant="$1" diff --git a/src/freedombone-utils-web b/src/freedombone-utils-web index afadfc05..58ea2015 100755 --- a/src/freedombone-utils-web +++ b/src/freedombone-utils-web @@ -415,11 +415,12 @@ function letsencrypt_renewals { } function configure_php { - sed -i "s/memory_limit = 128M/memory_limit = ${MAX_PHP_MEMORY}M/g" /etc/php/7.0/fpm/php.ini + sed -i "s/memory_limit =.*/memory_limit = ${MAX_PHP_MEMORY}M/g" /etc/php/7.0/fpm/php.ini sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/7.0/fpm/php.ini - sed -i "s/memory_limit = -1/memory_limit = ${MAX_PHP_MEMORY}M/g" /etc/php/7.0/cli/php.ini - sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 50M/g" /etc/php/7.0/fpm/php.ini - sed -i "s/post_max_size = 8M/post_max_size = 50M/g" /etc/php/7.0/fpm/php.ini + sed -i "s/memory_limit =.*/memory_limit = ${MAX_PHP_MEMORY}M/g" /etc/php/7.0/cli/php.ini + sed -i "s/upload_max_filesize =.*/upload_max_filesize = 50M/g" /etc/php/7.0/fpm/php.ini + sed -i "s/upload_max_filesize =.*/upload_max_filesize = 50M/g" /etc/php/7.0/cli/php.ini + sed -i "s/post_max_size =.*/post_max_size = 50M/g" /etc/php/7.0/fpm/php.ini } function install_web_server_access_control { From 8a19b05ef4d16cc81ab1efd80360641ee484d3c7 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Wed, 7 Mar 2018 10:52:18 +0000 Subject: [PATCH 2/3] Add xmpp contact info --- src/freedombone-app-xmpp | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/src/freedombone-app-xmpp b/src/freedombone-app-xmpp index 568988da..b83036d0 100755 --- a/src/freedombone-app-xmpp +++ b/src/freedombone-app-xmpp @@ -60,6 +60,7 @@ xmpp_variables=(ONION_ONLY XMPP_ECC_CURVE XMPP_ECC_CURVE MY_USERNAME + MY_EMAIL_ADDRESS DEFAULT_DOMAIN_NAME XMPP_DOMAIN_CODE) @@ -431,6 +432,7 @@ function upgrade_xmpp { function_check update_prosody_modules update_prosody_modules xmpp_onion_addresses /etc/prosody/prosody.cfg.lua + xmpp_contact_info /etc/prosody/prosody.cfg.lua if grep -q "/etc/ssl/certs/xmpp.dhparam" /etc/prosody/prosody.cfg.lua; then cp /etc/ssl/certs/xmpp.dhparam /etc/prosody/xmpp.dhparam @@ -658,10 +660,27 @@ function xmpp_email_headers { done } +function xmpp_contact_info { + filename="$1" + + if grep -q "contact_info =" "$filename"; then + return + fi + + { 'contact_info = {'; + "abuse = { \"mailto:${MY_EMAIL_ADDRESS}\", \"xmpp:${USERNAME}@${HOSTNAME}\" };"; + "admin = { \"mailto:${MY_EMAIL_ADDRESS}\", \"xmpp:${USERNAME}@${HOSTNAME}\" };"; + "feedback = { \"mailto:${MY_EMAIL_ADDRESS}\", \"xmpp:${USERNAME}@${HOSTNAME}\" };"; + "security = { \"xmpp:${USERNAME}@${HOSTNAME}\" };"; + "support = { \"xmpp:${USERNAME}@${HOSTNAME}\" };"; + '};'; } >> "$filename" +} + function xmpp_modules { filename="$1" { echo 'modules_enabled = {'; + echo ' "server_contact_info";'; echo ' "pubsub";'; echo ' "pubsub_hub";'; echo ' "dialback"; -- s2s dialback support'; @@ -754,6 +773,7 @@ function xmpp_create_config { xmpp_modules /etc/prosody/prosody.cfg.lua echo '' >> /etc/prosody/prosody.cfg.lua xmpp_onion_addresses /etc/prosody/prosody.cfg.lua + xmpp_contact_info /etc/prosody/prosody.cfg.lua { echo ''; echo 'allow_registration = false;'; echo ''; From 43d6155d3b92eb3a987a8d3d6174a0833dc1f49d Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Wed, 7 Mar 2018 10:57:26 +0000 Subject: [PATCH 3/3] Don't repeatedly append onions map --- src/freedombone-app-xmpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/freedombone-app-xmpp b/src/freedombone-app-xmpp index b83036d0..969f653d 100755 --- a/src/freedombone-app-xmpp +++ b/src/freedombone-app-xmpp @@ -725,6 +725,8 @@ function xmpp_modules { function xmpp_onion_addresses { filename="$1" + sed -i '/onions_map = {/,/};/d' "$filename" + { echo 'onions_map = {'; echo ' ["anonymitaet-im-inter.net"] = "rwf5skuv5vqzcdit.onion";'; echo ' ["autistici.org"] = "wi7qkxyrdpu5cmvr.onion";';