Sympl issueshttps://gitlab.com/sympl.io/sympl/-/issues2019-08-16T17:54:56Zhttps://gitlab.com/sympl.io/sympl/-/issues/243Buster: zz-mass-hosting doesn't appear to work.2019-08-16T17:54:56ZPaul CammishBuster: zz-mass-hosting doesn't appear to work.On boot, it's sending traffic to /var/www/html, and then after reconfiguring it seems to be only sending traffic to /srv/$localhost/public/htdocs.
It may be due to changes in the newer Apache breaking dynamic vhost configurations in gen...On boot, it's sending traffic to /var/www/html, and then after reconfiguring it seems to be only sending traffic to /srv/$localhost/public/htdocs.
It may be due to changes in the newer Apache breaking dynamic vhost configurations in general, or something else like the custom module not working right any more.Backloghttps://gitlab.com/sympl.io/sympl/-/issues/263LetsEncrypt certificates not renewed early enough2019-09-08T15:13:43ZPaul CammishLetsEncrypt certificates not renewed early enough# Summary
LetsEncrypt certificates are not renewed a month before expiry (as recommended). This causes warning emails to be received from LetsEncrypt.
# Steps to reproduce
Enable LetsEncrypt certificates for a domain. Wait 60 days.
...# Summary
LetsEncrypt certificates are not renewed a month before expiry (as recommended). This causes warning emails to be received from LetsEncrypt.
# Steps to reproduce
Enable LetsEncrypt certificates for a domain. Wait 60 days.
# What is the current bug behavior?
Certificates are not renewed until 2 weeks before expiry, causing a warning.email to be received
# What is the expected correct behavior?
Certificate should be removed 30 days before expiry.
See: https://letsencrypt.org/docs/integration-guide/
for more info.
/cc @kelduumPaul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/201`sympl-ssl` does not support Let's Encrypt v2 API2019-10-30T09:16:52ZPaul Cammish`sympl-ssl` does not support Let's Encrypt v2 APIAt present, as it's using an old Ruby library, `symbiosis-ssl` does not support the updated version of the Let's Encrypt API, meaning that as per [this notice](https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430), it wi...At present, as it's using an old Ruby library, `symbiosis-ssl` does not support the updated version of the Let's Encrypt API, meaning that as per [this notice](https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430), it will begin to stop working in November of 2019 for new installs, and through the next year, slowly stop working.
With this in mind, it would make sense to refactor this element of Sympl into a wrapper around existing Let's Encrypt tools, such as certbot or acmetool, rather than using a third party library, retaining the existing generation of self-signed certs and general cert management.Paul CammishPaul Cammish2019-10-31https://gitlab.com/sympl.io/sympl/-/issues/271sympl-core: On each install, check the user is in the right groups2020-01-28T00:25:25ZPaul Cammishsympl-core: On each install, check the user is in the right groupsAt the moment, the `sympl` user is only added to the relevant groups (notably www-data) when the user is created, rather than on installation of `sympl-core`.
This can cause some issues if the sympl user already exists (from a removed i...At the moment, the `sympl` user is only added to the relevant groups (notably www-data) when the user is created, rather than on installation of `sympl-core`.
This can cause some issues if the sympl user already exists (from a removed install, or it was created before installing), so it would be safer to check each time `sympl-core` is installed.Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/143Symbiosis: I want SSL only without HSTS2020-07-11T06:36:30ZPaul CammishSymbiosis: I want SSL only without HSTSImported from https://www.github.com/BytemarkHosting/symbiosis/issues/66
I want a back-out path from ssl-only. Currently, if I deploy SSL only HSTS headers get issued, which mean I have no way to back out if I have problems with certifi...Imported from https://www.github.com/BytemarkHosting/symbiosis/issues/66
I want a back-out path from ssl-only. Currently, if I deploy SSL only HSTS headers get issued, which mean I have no way to back out if I have problems with certificate renewal or spot a problem with the way the SSL site renders
So, maybe I could make a file `config/ssl-only-no-sts` to get ssl throughout the site, and when I'm confident that I can commit to this configuration, then deploy STS.Sympl v9.0 (for Debian Stretch)https://gitlab.com/sympl.io/sympl/-/issues/294sympl-web: php-zip package is not installed by default2020-09-09T17:23:53ZPaul Cammishsympl-web: php-zip package is not installed by defaultIt probably should be included in typical installs, as windows-centric stuff is likely to expect it to be there.It probably should be included in typical installs, as windows-centric stuff is likely to expect it to be there.Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/300sympl-web: Support for Apache Includes2020-09-10T08:28:06ZPaul Cammishsympl-web: Support for Apache IncludesA great idea in https://forum.sympl.host/t/auto-updating-ssl-certs-with-custom-apache-site-config/69/3?u=kelduum is to add an IncludeOptional directive to load extra configuration files from the config directory.A great idea in https://forum.sympl.host/t/auto-updating-ssl-certs-with-custom-apache-site-config/69/3?u=kelduum is to add an IncludeOptional directive to load extra configuration files from the config directory.Paul CammishPaul Cammishhttps://gitlab.com/sympl.io/sympl/-/issues/270sympl-web: Allow apache includes in config/2020-09-10T08:28:06ZPaul Cammishsympl-web: Allow apache includes in config/As per https://forum.sympl.host/t/auto-updating-ssl-certs-with-custom-apache-site-config/69/3
> One of the ways around this under symbiosis was to add an `IncludeOptional` directive to the master templates (`ssl.template.erb` & `non_ssl...As per https://forum.sympl.host/t/auto-updating-ssl-certs-with-custom-apache-site-config/69/3
> One of the ways around this under symbiosis was to add an `IncludeOptional` directive to the master templates (`ssl.template.erb` & `non_ssl.template.erb`) with customisations kept in, say, config…
>
> `IncludeOptional /srv/<% domain %>/config/apache-*.conf`
Thanks to alphacabbage1 for the suggestion.
This will need checking for security, as we don't want any random user writing stuff to there, and breaking the security model or stopping Apache from starting.