Matrix-Mirrors/matrix.grapheneos.org
1
0
Fork 0
mirror of https://github.com/GrapheneOS/matrix.grapheneos.org.git synced 2024-09-27 23:05:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
140 Commits 1 Branch 0 Tags 383 KiB
7f61787026
Commit Graph

140 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Micay
7f61787026 switch to improved custom log format 
This switches to a fully custom log format instead of using a variant of
the standard combined format since we don't use any tools requiring the
logs to be a standard format. This provides a cleaner format, allows us
to freely add new fields and gets rid of legacy/redundant fields.

The redundant timestamp already provided as the syslog timestamp is
dropped along with the legacy identd field always set to a dash.

This adds the connection serial number for identifying requests coming
from the same connection. TLS version is added as a replacement for our
previous addition of the URI scheme. This also adds the total request
length and total bytes sent to the client instead of only the body bytes
sent.
 2023-02-10 08:04:30 -05:00
Daniel Micay
3ff77f472d add remote backup files to deploy script 2023-02-10 07:46:01 -05:00
Daniel Micay
66b973a3b6 allow resources system calls for remote backup 2023-02-10 07:46:01 -05:00
Daniel Micay
38f344595f reduce client body / header timeouts to 15s 2023-02-09 18:42:51 -05:00
Daniel Micay
270cd2ba3f avoid unnecessary redirects for ACME challenge 2023-02-09 09:53:16 -05:00
Daniel Micay
b85be6c2bb use default HTTP/2 input buffer size 2023-02-09 05:14:25 -05:00
Daniel Micay
ff4984b21c simplify nginx status path 2023-01-31 21:51:25 -05:00
Daniel Micay
17c7ba5fd6 upgrade python dependencies 2023-01-31 02:01:28 -05:00
Daniel Micay
4b4c155337 update postgresql.conf for postgresql 15.1 2023-01-29 21:29:48 -05:00
Daniel Micay
cd5d78c485 rebase onto current nginx mime.types 2023-01-17 14:00:48 -05:00
Daniel Micay
fc8c4a6a57 add build environment setup script 2023-01-17 00:09:44 -05:00
Daniel Micay
5417e37062 require hashes and binary wheels for pip 2023-01-10 13:53:33 -05:00
Daniel Micay
7d9379972f freeze hashes of python dependencies 2023-01-10 13:02:53 -05:00
Daniel Micay
0e574a4ee9 add postgresql.conf 2022-12-04 04:35:35 -05:00
Daniel Micay
5fe0978ef2 brotli keeps source files by default 2022-11-01 00:20:47 -04:00
Daniel Micay
d5ed786d2a add minimal Permissions Policy as a starting point 2022-10-17 22:27:09 -04:00
Daniel Micay
4f1aa5bceb increase resolver timeout 2022-10-12 16:30:25 -04:00
Daniel Micay
a1997d89c4 rename conn limit memory zone 2022-10-01 12:56:03 -04:00
Daniel Micay
9fbcc9587d update Element web app configuration 2022-09-28 12:00:55 -04:00
Daniel Micay
06cd80873f use custom format for access log again 2022-09-27 10:27:36 -04:00
Daniel Micay
0e16b5798b reduce HTTP/2 chunk size to match TLS record size 2022-09-26 13:14:40 -04:00
Daniel Micay
9ed069073c use syslog (journald) for nginx access log 2022-09-25 14:18:13 -04:00
Daniel Micay
7b8a505d17 reduce keepalive requests 2022-09-24 11:53:02 -04:00
Daniel Micay
9cdf30c08c reduce connection limit to 128 2022-09-24 11:27:15 -04:00
Daniel Micay
0bcd3cdca3 reduce HTTP/2 concurrent streams to 16 2022-09-24 11:22:11 -04:00
Daniel Micay
46ca28258f reduce max client header buffer size 2022-09-24 11:11:01 -04:00
Daniel Micay
913cde9ff2 send X-Robots-Tag on errors too 2022-08-18 18:11:08 -04:00
Daniel Micay
e7885e1b87 fix backup timestamps 2022-08-11 18:17:24 -04:00
Daniel Micay
a5c257d8a5 remove legacy Expect-CT header 2022-08-11 17:29:34 -04:00
Daniel Micay
ff010aa945 add initial hardening to remote backup service 2022-08-11 17:29:31 -04:00
Daniel Micay
db209e53b4 move systemd units to subdirectory 2022-08-11 17:29:24 -04:00
Daniel Micay
36d1b69e6b move systemd units to subdirectory 2022-08-11 13:05:24 -04:00
Daniel Micay
5a4b71ed29 extend matterbridge service hardening 2022-08-09 07:42:11 -04:00
Daniel Micay
28c063bdc2 add RemoveIPC=true since systemd lints for it 
This isn't useful due to PrivateIPC=true but there's no harm in
including it to satisfy the security linter.
 2022-08-09 05:01:28 -04:00
Daniel Micay
84cfdcfe4d strip path prefix from backup tarballs 2022-08-07 08:10:45 -04:00
Daniel Micay
be7a6c9187 use modern option style for tar 2022-08-07 08:09:46 -04:00
Daniel Micay
fa61606984 add Origin-Agent-Cluster header 2022-07-30 20:13:28 -04:00
Daniel Micay
53f0d30d1b add cloud-archive-password.txt to gitignore 2022-07-22 17:05:18 -04:00
Daniel Micay
8a1b9cdb63 use batch CPU scheduling policy for backups 2022-07-22 02:16:36 -04:00
Daniel Micay
7054e7c09f add backup scripts and systemd units 2022-07-22 00:40:20 -04:00
Daniel Micay
989ed9718c add backup directory and keys to gitignore 2022-07-21 23:43:17 -04:00
Daniel Micay
7c45014149 drop unused PATH setup 2022-07-18 18:19:25 -04:00
Daniel Micay
bb45adb3f7 freeze python dependency versions 2022-07-18 17:26:47 -04:00
Daniel Micay
0a81e35a23 activate venv automatically 2022-07-18 17:24:00 -04:00
Daniel Micay
d724296a89 add venv to gitignore 2022-07-18 17:00:30 -04:00
Daniel Micay
90d542e2f4 stop setting CORP header for synapse API for now 2022-07-13 13:04:46 -04:00
Daniel Micay
9b19b811ac only AF_INET6 is required for mjolnir 2022-07-11 19:50:21 -04:00
Daniel Micay
6835a0bffb set NODE_ENV=production for mjolnir 2022-07-10 17:37:39 -04:00
Daniel Micay
69b0ff7bb3 move nginx status API to socket 2022-07-02 12:38:33 -04:00
Daniel Micay
bac4280478 add gixy to deploy script 2022-06-28 00:03:13 -04:00