diff options
-rw-r--r-- | changelog.md | 8 | ||||
-rw-r--r-- | lamp.sh | 4 | ||||
-rw-r--r-- | updates/1.24.0.sh | 28 |
3 files changed, 35 insertions, 5 deletions
diff --git a/changelog.md b/changelog.md index 285de30b..b5dd451f 100644 --- a/changelog.md +++ b/changelog.md @@ -1,7 +1,9 @@ -[v1.23.1](https://github.com/nextcloud/nextcloudpi/commit/317c2aa) (2020-03-15) ncp-web: check for possibly missing index +[v1.23.2](https://github.com/nextcloud/nextcloudpi/commit/0d9680d) (2020-03-22) lamp: disable old TLS versions -[v1.23.0](https://github.com/nextcloud/nextcloudpi/commit/d108fad) (2020-03-13) upgrade to NC18.0.2 +[v1.23.1](https://github.com/nextcloud/nextcloudpi/commit/84e6b4e) (2020-03-15) ncp-web: check for possibly missing index + +[v1.23.0 ](https://github.com/nextcloud/nextcloudpi/commit/d108fad) (2020-03-13) upgrade to NC18.0.2 [v1.22.3 ](https://github.com/nextcloud/nextcloudpi/commit/c09dfd9) (2020-03-02) nc-snapshot-auto: read datadir location during execution @@ -11,7 +13,7 @@ [v1.22.0 ](https://github.com/nextcloud/nextcloudpi/commit/9304c86) (2020-03-03) Add nc-trusted-proxies (#1094) -[v1.21.0](https://github.com/nextcloud/nextcloudpi/commit/4a51c1f) (2020-02-28) upgrade to NC18.0.1 +[v1.21.0 ](https://github.com/nextcloud/nextcloudpi/commit/4a51c1f) (2020-02-28) upgrade to NC18.0.1 [v1.20.11](https://github.com/nextcloud/nextcloudpi/commit/f066b03) (2020-02-27) redis: make sure we have the right permissions for conf file @@ -50,7 +50,7 @@ install() # CONFIGURE APACHE ########################################## - cat >/etc/apache2/conf-available/http2.conf <<EOF + cat > /etc/apache2/conf-available/http2.conf <<EOF Protocols h2 h2c http/1.1 # HTTP2 configuration @@ -62,7 +62,7 @@ H2PushPriority image/png after 32 H2PushPriority application/javascript interleaved # SSL/TLS Configuration -SSLProtocol all -SSLv2 -SSLv3 +SSLProtocol -all +TLSv1.2 SSLHonorCipherOrder on SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS SSLCompression off diff --git a/updates/1.24.0.sh b/updates/1.24.0.sh new file mode 100644 index 00000000..1c359527 --- /dev/null +++ b/updates/1.24.0.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +set -e + +## BACKWARD FIXES ( for older images ) + +source /usr/local/etc/library.sh # sets NCVER PHPVER RELEASE + +# all images + +# disable old TLS versions +file=/etc/apache2/conf-available/http2.conf +grep -q '^SSLProtocol all -SSLv2 -SSLv3' "${file}" && { + sed -i 's|^SSLProtocol .*|SSLProtocol -all +TLSv1.2|' "${file}" + bash -c "sleep 10 && service apache2 reload" &>/dev/null & +} + +# docker images only +[[ -f /.docker-image ]] && { + : +} + +# for non docker images +[[ ! -f /.docker-image ]] && { + : +} + +exit 0 |