├── .gitignore ├── CONTRIBUTING.md ├── LICENSE ├── Makefile ├── README.md ├── netlify.toml ├── requirements.txt ├── runtime.txt ├── source ├── _static │ ├── 404.html │ ├── css │ │ ├── custom.css │ │ └── errorpage.css │ ├── favicon.ico │ └── images │ │ ├── apple_pay.svg │ │ ├── big-rocket.svg │ │ ├── footer.svg │ │ ├── google_pay.svg │ │ ├── icn-rocket.svg │ │ ├── logo_clojure.png │ │ ├── logo_deno.png │ │ ├── logo_dotnet.png │ │ ├── logo_erlang.png │ │ ├── logo_gcc.png │ │ ├── logo_golang.svg │ │ ├── logo_java.png │ │ ├── logo_nodejs.png │ │ ├── logo_perl.png │ │ ├── logo_php.png │ │ ├── logo_prolog.png │ │ ├── logo_python.png │ │ ├── logo_ruby.png │ │ ├── logo_rust.svg │ │ ├── open.png │ │ └── rocket.svg ├── _templates │ ├── breadcrumbs.html │ ├── footer.html │ └── layout.html ├── background-http-stack.rst ├── background-network.rst ├── basics-backup.rst ├── basics-home.rst ├── basics-ports.rst ├── basics-resources.rst ├── basics-sftp.rst ├── basics-shell.rst ├── basics-ssh.rst ├── billing-general.rst ├── changelog.rst ├── changelog │ ├── 2017-01-20_7.0.1.rst │ ├── 2017-02-10_7.0.2.rst │ ├── 2017-03-03_7.0.3.rst │ ├── 2017-03-16_7.0.4.rst │ ├── 2017-04-03_7.0.5.rst │ ├── 2017-04-25_7.0.6.rst │ ├── 2017-05-03_7.0.6.2.rst │ ├── 2017-06-26_7.0.8.rst │ ├── 2017-07-13_7.0.8.1.rst │ ├── 2017-08-02_7.0.9.rst │ ├── 2017-08-17_7.0.10.rst │ ├── 2017-09-21_7.0.11.rst │ ├── 2017-10-03_7.0.12.rst │ ├── 2017-10-05_7.0.13.rst │ ├── 2017-10-10_7.0.14.rst │ ├── 2017-11-14_7.0.15.rst │ ├── 2017-11-17_7.0.16.rst │ ├── 2017-11-17_7.0.17.rst │ ├── 2017-11-18_7.0.18.rst │ ├── 2017-11-30_7.0.19.rst │ ├── 2017-12-08_7.0.20.rst │ ├── 2017-12-19_7.0.21.rst │ ├── 2017-12-20_7.0.22.rst │ ├── 2018-01-03_7.0.23.rst │ ├── 2018-01-16_7.0.24.rst │ ├── 2018-01-22_7.0.25.rst │ ├── 2018-01-24_7.0.26.rst │ ├── 2018-01-25_7.0.27.rst │ ├── 2018-01-31_7.0.28.rst │ ├── 2018-02-02_7.0.29.rst │ ├── 2018-02-09_7.0.30.rst │ ├── 2018-02-16_7.0.32.rst │ ├── 2018-02-21_7.0.33.rst │ ├── 2018-03-05_7.0.34.rst │ ├── 2018-03-09_7.1.rst │ ├── 2018-03-19_7.1.1.rst │ ├── 2018-04-09_7.1.2.rst │ ├── 2018-04-13_7.1.3.rst │ ├── 2018-05-15_7.1.5.rst │ ├── 2018-05-22_7.1.6.rst │ ├── 2018-05-28_7.1.7.rst │ ├── 2018-06-01_7.1.8.rst │ ├── 2018-06-06_7.1.9.rst │ ├── 2018-07-25_7.1.10.rst │ ├── 2018-08-14_7.1.11.rst │ ├── 2018-08-20_7.1.12.rst │ ├── 2018-09-24_7.1.13.rst │ ├── 2018-10-11_7.1.14.rst │ ├── 2018-10-15_7.1.15.rst │ ├── 2018-11-07_7.1.16.rst │ ├── 2018-11-21_7.1.17.rst │ ├── 2018-12-13_7.1.19.rst │ ├── 2019-01-23_7.2.2.rst │ ├── 2019-02-01_7.2.rst │ ├── 2019-02-13_7.2.3.rst │ ├── 2019-03-06_7.2.4.rst │ ├── 2019-03-18_7.2.5.rst │ ├── 2019-03-25_7.2.7.rst │ ├── 2019-04-02_7.2.8.rst │ ├── 2019-04-08_7.2.9.rst │ ├── 2019-04-30_7.2.10.rst │ ├── 2019-05-08_7.2.11.rst │ ├── 2019-05-27_7.2.14.rst │ ├── 2019-06-03_7.3.0.rst │ ├── 2019-06-12_7.3.1.1.rst │ ├── 2019-06-25_7.3.2.rst │ ├── 2019-06-26_7.3.2.1.rst │ ├── 2019-07-05_7.3.3.rst │ ├── 2019-07-22_7.3.4.1.rst │ ├── 2019-07-22_7.3.4.rst │ ├── 2019-07-31_7.3.4.2.rst │ ├── 2019-08-21_7.3.5.2.rst │ ├── 2019-09-04_7.3.6.rst │ ├── 2019-10-29_7.3.6.2.rst │ ├── 2019-11-04_7.3.7.rst │ ├── 2019-11-13_7.3.8.1.rst │ ├── 2019-12-19_7.3.10.rst │ ├── 2020-01-22_7.3.11.rst │ ├── 2020-01-30_7.3.13.rst │ ├── 2020-02-03_7.4.rst │ ├── 2020-02-18_7.4.1.rst │ ├── 2020-03-03_7.4.2.rst │ ├── 2020-03-11_7.4.3.rst │ ├── 2020-03-18_7.4.4.rst │ ├── 2020-03-25_7.5.rst │ ├── 2020-03-31_7.5.1.rst │ ├── 2020-04-02_7.5.1.1.rst │ ├── 2020-04-08_7.5.1.2.rst │ ├── 2020-04-20_7.6.0.rst │ ├── 2020-04-23_7.6.1.rst │ ├── 2020-05-07_7.6.1.1.rst │ ├── 2020-05-12_7.6.1.2.rst │ ├── 2020-05-25_7.6.2.rst │ ├── 2020-06-03_7.7.0.rst │ ├── 2020-06-08_7.7.1.rst │ ├── 2020-07-28_7.7.2.rst │ ├── 2020-08-10_7.7.3.rst │ ├── 2020-08-17_7.7.4.rst │ ├── 2020-08-31_7.7.5.rst │ ├── 2020-09-07_7.7.6.rst │ ├── 2020-09-16_7.7.7.rst │ ├── 2020-09-29_7.7.8.rst │ ├── 2020-10-14_7.7.9.rst │ ├── 2020-11-17_7.7.10.rst │ ├── 2020-12-01_7.8.0.rst │ ├── 2020-12-22_7.8.1.rst │ ├── 2021-01-25_7.9.0.rst │ ├── 2021-03-04_7.10.0.rst │ ├── 2021-04-20_7.11.0.rst │ ├── 2021-05-03_7.11.1.rst │ ├── 2021-06-15_7.11.3.rst │ ├── 2021-08-19_7.11.4.rst │ ├── 2021-10-13_7.11.5.rst │ ├── 2021-12-13_7.12.hotfix.rst │ ├── 2021-12-13_7.12.rst │ ├── 2022-02-16_7.12.1.rst │ ├── 2022-05-23_7.12.2.rst │ ├── 2022-07-14_7.12.3.rst │ ├── 2022-08-08_7.13.rst │ ├── 2022-11-21_7.14.rst │ ├── 2022-11-29_7.14.1.rst │ ├── 2023-01-23_7.15.rst │ ├── 2023-04-05_7.15.1.rst │ ├── 2023-06-05_7.15.2.rst │ ├── 2023-06-19_7.15.3.rst │ ├── 2023-08-14_7.15.4.rst │ ├── 2023-12-11_7.15.8.rst │ ├── 2024-01-08_7.15.9.rst │ ├── 2024-02-16_7.15.10.rst │ ├── 2024-03-01_7.15.11.rst │ ├── 2024-04-10_7.15.14.rst │ ├── 2024-04-17_7.15.14.1.rst │ ├── 2024-05-08_7.15.15.rst │ ├── 2025-04-16_7.16.7.rst │ └── README ├── changelog_archive.rst ├── changelog_feeds │ └── .gitkeep ├── conf.py ├── daemons-cron.rst ├── daemons-supervisord.rst ├── database-couchdb.rst ├── database-influxdb.rst ├── database-mongodb.rst ├── database-mysql.rst ├── database-postgresql.rst ├── database-redis.rst ├── database-sqlite.rst ├── firstday-nerds.rst ├── firstday-newbies.rst ├── firstday-ubernauts.rst ├── includes │ ├── beta-feature.txt │ ├── daemons-supervisord-reread-update.rst │ ├── daemons-supervisord-start-stop.rst │ ├── deprecation.rst │ ├── domain-dns.txt │ ├── domain-idn.txt │ ├── domain-providers.txt │ ├── domain-register.txt │ ├── hotfix-version.rst │ ├── htaccess-directoryindex.txt │ ├── sftp-warning.rst │ └── web-backend.rst ├── index.rst ├── lang-clojure.rst ├── lang-deno.rst ├── lang-dotnet.rst ├── lang-erlang.rst ├── lang-gcc.rst ├── lang-golang.rst ├── lang-java.rst ├── lang-nodejs.rst ├── lang-perl.rst ├── lang-php.rst ├── lang-prolog.rst ├── lang-python.rst ├── lang-ruby.rst ├── lang-rust.rst ├── mail-access.rst ├── mail-domains.rst ├── mail-filters.rst ├── mail-forwarding.rst ├── mail-mailboxes.rst ├── mail-spam.rst ├── migration │ ├── qmail.rst │ └── qmail │ │ ├── includes │ │ ├── auto-migration.rst │ │ ├── levels │ │ │ ├── error.rst │ │ │ ├── fatal.rst │ │ │ ├── mailsetup_error.rst │ │ │ └── warning.rst │ │ └── spamfolder.rst │ │ ├── qmail-default-broken.rst │ │ └── reports │ │ ├── config-filename-off.rst │ │ ├── config-is-catchall.rst │ │ ├── config-is-sysmail-and-content-vdeliver.rst │ │ ├── content-code.rst │ │ ├── content-comment-only-and-vmailmgr-user-exists.rst │ │ ├── content-empty.rst │ │ ├── content-exit100-and-vmailmgr-user-exists.rst │ │ ├── content-exit100.rst │ │ ├── content-linuxuser-mailuser.rst │ │ ├── content-multiline-contains-multiple-non-mailaddr.rst │ │ ├── content-oserror.rst │ │ ├── content-path-file.rst │ │ ├── content-path-folder-fits-and-vmailmgr-user-not-exists.rst │ │ ├── content-path-folder-off.rst │ │ ├── content-spamfolder-and-vmailmgr-user-and-catchall-not-exists.rst │ │ ├── content-unknown.rst │ │ ├── content-username-off.rst │ │ ├── content-vdeliver-and-vmailmgr-user-and-catchall-not-exists.rst │ │ ├── qmail-default-content-mailaddr.rst │ │ ├── qmail-default-content-unknown.rst │ │ ├── qmail-default-content-username.rst │ │ ├── qmail-default-not-exists.rst │ │ ├── qmail-mailaddr-and-vmailmgr-user-blocking.rst │ │ ├── qmail-username-and-vmailmgr-user-blocking.rst │ │ ├── spamfolder-file-content-off.rst │ │ ├── vmailmgr-forward-mailbox.rst │ │ └── vmailmgr-passwd-broken.rst ├── policy.rst ├── u6-namespaces.rst ├── web-backends.rst ├── web-documentroot.rst ├── web-domains.rst ├── web-errorpage.rst ├── web-headers.rst ├── web-https.rst ├── web-logs.rst ├── web-security-headers.rst └── web-tor.rst └── workspace.code-workspace /.gitignore: -------------------------------------------------------------------------------- 1 | # macOS 2 | .DS_Store 3 | .Thumbs.db 4 | 5 | # virtualenv 6 | venv 7 | .venv 8 | 9 | # pyenv 10 | .python-version 11 | 12 | # Installer logs 13 | pip-log.txt 14 | pip-delete-this-directory.txt 15 | 16 | # ansible 17 | *.retry 18 | 19 | # Sphinx 20 | build 21 | _build 22 | 23 | # ignore generated changelog feeds 24 | source/changelog_feeds/* 25 | !source/changelog_feeds/.gitkeep 26 | 27 | # Visual Studio 28 | .vscode 29 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | This repository is mostly maintained and edited by the crew of . 4 | 5 | ## Issues 6 | 7 | Feel free to open issues about anything that bugs you! We greatly appreciate 8 | any kind of feedback. 9 | 10 | ## Pull Requests 11 | 12 | Since this repo is our official documentation, editing is mostly up to the 13 | crew of . We're always open and happy about your suggestions 14 | and pull-requests, though! 15 | 16 | If you'd like to change something small like a typo or an oversight, please 17 | just hit us up with a PR. If your change is bigger than that, _please open 18 | up an issue before starting your work_, so we can discuss the details. 19 | 20 | Thanks! :heart: :tada: 21 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # Minimal makefile for Sphinx documentation 2 | # 3 | 4 | # You can set these variables from the command line. 5 | SPHINXOPTS = 6 | SPHINXBUILD = sphinx-build 7 | SPHINXPROJ = Uberspace7manual 8 | SOURCEDIR = source 9 | BUILDDIR = build 10 | 11 | # Put it first so that "make" without argument is like "make help". 12 | help: 13 | @$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) 14 | 15 | .PHONY: help Makefile setup setup-venv setup-requirements 16 | 17 | setup: setup-venv setup-requirements 18 | 19 | setup-venv: version ?= $(cat runtime.txt) 20 | setup-venv: 21 | python$(version) -m venv .venv 22 | .venv/bin/pip install --isolated --no-input --quiet --upgrade pip 23 | 24 | setup-requirements: req ?= requirements.txt 25 | setup-requirements: 26 | .venv/bin/pip install --isolated --no-input --quiet -r '$(req)' 27 | 28 | serve: 29 | sphinx-autobuild --ignore '*.atom' -b html $(SOURCEDIR) $(BUILDDIR)/html 30 | 31 | # Catch-all target: route all unknown targets to Sphinx using the new 32 | # "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS). 33 | %: Makefile 34 | @$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) 35 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Uberspace 7 Manual 2 | 3 | Welcome to our manual! :tada: 4 | 5 | This is where we host the source code of the official version over at 6 | . Changes are mainly done by the team as new 7 | features are added and bugs are fixed, but you are more than welcome to 8 | contribute! 9 | 10 | ## Development 11 | 12 | Pushing for each and every change is fun, but can take some time. To speed up 13 | your development process, the manual can be built locally. 14 | 15 | ### Initial Setup 16 | 17 | ``` 18 | make setup 19 | ``` 20 | 21 | ### Building 22 | 23 | ``` 24 | $ source .venv/bin/activate 25 | $ make html 26 | ``` 27 | 28 | The HTML views are now present in `build/html`. To build automatically on each 29 | change execute use `sphinx-autobuild`: 30 | 31 | ``` 32 | $ make serve 33 | ``` 34 | 35 | This will start a local webserver on , which always 36 | serves the most recent version. 37 | 38 | ## License 39 | 40 | All text and code in this repository is licensed under [CC-BY-NC-SA 4.0][]. 41 | 42 | [cc-by-nc-sa 4.0]: https://creativecommons.org/licenses/by-nc-sa/4.0/ 43 | -------------------------------------------------------------------------------- /netlify.toml: -------------------------------------------------------------------------------- 1 | [build] 2 | publish = "build/dirhtml" 3 | command = "make dirhtml" 4 | 5 | [[redirects]] 6 | # Redirect old wiki domain 7 | from = "https://wiki.uberspace.de/*" 8 | to = "https://manual.uberspace.de/" 9 | status = 301 10 | force = true 11 | 12 | [[redirects]] 13 | # Redirect domain aliases to primary domain 14 | from = "https://manual-72.uberspace.de/*" 15 | to = "https://manual.uberspace.de/:splat" 16 | status = 301 17 | force = true 18 | 19 | [[redirects]] 20 | # Redirect default Netlify subdomain to primary domain 21 | from = "https://manual-uberspace-de.netlify.com/*" 22 | to = "https://manual.uberspace.de/:splat" 23 | status = 301 24 | force = true 25 | 26 | [[redirects]] 27 | # Remove `/en` language prefix from path 28 | from = "/en/*" 29 | to = "/:splat" 30 | status = 200 31 | force = true 32 | 33 | [[redirects]] 34 | from = "/web-security.html" 35 | to = "/web-security-headers.html" 36 | force = true 37 | 38 | [[redirects]] 39 | from = "/web-security" 40 | to = "/web-security-headers" 41 | force = true 42 | 43 | # disabled because of problems with .html forwards 44 | #[[redirects]] 45 | # from = "*" 46 | # to = "_static/404.html" 47 | # status = 404 48 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | Sphinx==4.4.0 2 | sphinx-rtd-theme==1.0.* 3 | sphinx-autobuild==2021.3.* 4 | feedgen==0.9.0 5 | pytz==2021.3 6 | -------------------------------------------------------------------------------- /runtime.txt: -------------------------------------------------------------------------------- 1 | 3.8 2 | -------------------------------------------------------------------------------- /source/_static/404.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 404 — Uberspace 7 manual 9 | 10 | 11 | 12 | 13 | 14 |
15 |

404

16 |

this is not the page you are looking for

17 | Uberspace manual 18 |
19 | 20 | 21 | 22 | -------------------------------------------------------------------------------- /source/_static/css/custom.css: -------------------------------------------------------------------------------- 1 | /* footer */ 2 | .wy-nav-content { 3 | position: relative; 4 | background-image: url("/_static/images/footer.svg"); 5 | background-position: bottom; 6 | background-repeat: no-repeat; 7 | background-size: 75%; 8 | min-height: 100vh; 9 | } 10 | 11 | .document { 12 | min-height: 500px; 13 | margin-bottom: 8rem; 14 | } 15 | 16 | footer { 17 | position: absolute; 18 | bottom:0; 19 | left: 0; 20 | right: 0; 21 | padding-bottom: 1rem; 22 | text-align: center; 23 | font-size: 80%; 24 | color: #222222; 25 | } 26 | 27 | /* navigation */ 28 | .wy-side-nav-search { 29 | padding-top: 170px; 30 | background-image: url("/_static/images/rocket.svg"); 31 | background-position: top; 32 | background-repeat: no-repeat; 33 | background-color: #222222; 34 | } 35 | 36 | .wy-menu-vertical a:active { 37 | background-color: #e2001a; 38 | cursor: pointer; 39 | color: #fff; 40 | } 41 | 42 | .wy-menu-vertical header, .wy-menu-vertical p.caption :first-child::before { 43 | content: url("/_static/images/icn-rocket.svg"); 44 | margin-left: -.1618em; 45 | width: 30px; 46 | float: left; 47 | padding: .1618em; 48 | } 49 | 50 | .wy-menu-vertical header, .wy-menu-vertical p.caption { 51 | margin-top: .809em; 52 | color: #999999; 53 | } 54 | 55 | .wy-menu-vertical header, .wy-menu-vertical ul.toctree-l1 { 56 | margin-top: .809em; 57 | color: #999999; 58 | } 59 | 60 | nav li { 61 | padding-left: 10px; 62 | } 63 | 64 | /* search box */ 65 | .wy-side-nav-search input[type=text] { 66 | border-color: #84000f; 67 | } 68 | 69 | 70 | /* Main Page - Rocket */ 71 | 72 | .rst-content .document img[src$='_images/big-rocket.svg'] { 73 | float: right; 74 | width: 50%; 75 | height: auto; 76 | shape-outside: url(/_static/images/big-rocket.svg); 77 | shape-margin: 1em; 78 | } 79 | 80 | .rst-content .noclear { 81 | clear: none; 82 | } 83 | 84 | /* logo box for languages */ 85 | .sidebar + .section > .section:first-of-type > div { 86 | max-width: 55%; 87 | } 88 | 89 | /* highlighted remove paddings */ 90 | .rst-content .highlighted { 91 | padding: 0; 92 | } 93 | 94 | 95 | -------------------------------------------------------------------------------- /source/_static/css/errorpage.css: -------------------------------------------------------------------------------- 1 | :root { 2 | --color-black: #000; 3 | --color-white: #fff; 4 | --color-red: #e2001a; 5 | --color-gray: #232323; 6 | } 7 | 8 | *, 9 | ::before, 10 | ::after { 11 | box-sizing: border-box; 12 | margin: 0; 13 | padding: 0; 14 | } 15 | 16 | body { 17 | margin: 0; 18 | padding: 0; 19 | width: 100vw; 20 | height: 100vh; 21 | display: flex; 22 | align-items: center; 23 | justify-content: center; 24 | background-color: var(--color-black); 25 | color: var(--color-white); 26 | font-size: 18px; 27 | font-family: "alternate_gothic", sans-serif; 28 | } 29 | 30 | main { 31 | text-align: center; 32 | line-height: 1.6; 33 | } 34 | 35 | a { 36 | outline: 0; 37 | cursor: pointer; 38 | color: var(--color-white); 39 | } 40 | 41 | a:visited, 42 | a:hover, 43 | a:focus, 44 | a:active { 45 | outline: 0; 46 | } 47 | 48 | a:hover { 49 | color: var(--color-red); 50 | } 51 | 52 | .title { 53 | color: var(--color-red); 54 | margin: 4rem 0 1rem 0; 55 | } 56 | 57 | .errorcode { 58 | font-weight: bold; 59 | font-size: 800%; 60 | } 61 | 62 | .mainlink { 63 | text-transform: uppercase; 64 | } 65 | -------------------------------------------------------------------------------- /source/_static/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Uberspace/manual/d2e55f9a0ddc315c9c0f8d1e6356132ad0cb72ab/source/_static/favicon.ico -------------------------------------------------------------------------------- /source/_static/images/icn-rocket.svg: -------------------------------------------------------------------------------- 1 | 2 | 18 | 20 | 21 | 23 | image/svg+xml 24 | 26 | 27 | 28 | 29 | 30 | 54 | 56 | 67 | 68 | 71 | 77 | 84 | 85 | 86 | -------------------------------------------------------------------------------- /source/_static/images/logo_clojure.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Uberspace/manual/d2e55f9a0ddc315c9c0f8d1e6356132ad0cb72ab/source/_static/images/logo_clojure.png -------------------------------------------------------------------------------- /source/_static/images/logo_deno.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Uberspace/manual/d2e55f9a0ddc315c9c0f8d1e6356132ad0cb72ab/source/_static/images/logo_deno.png -------------------------------------------------------------------------------- /source/_static/images/logo_dotnet.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Uberspace/manual/d2e55f9a0ddc315c9c0f8d1e6356132ad0cb72ab/source/_static/images/logo_dotnet.png -------------------------------------------------------------------------------- /source/_static/images/logo_erlang.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Uberspace/manual/d2e55f9a0ddc315c9c0f8d1e6356132ad0cb72ab/source/_static/images/logo_erlang.png -------------------------------------------------------------------------------- /source/_static/images/logo_gcc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Uberspace/manual/d2e55f9a0ddc315c9c0f8d1e6356132ad0cb72ab/source/_static/images/logo_gcc.png -------------------------------------------------------------------------------- /source/_static/images/logo_golang.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 5 | 13 | 14 | 15 | 16 | 17 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 48 | 49 | 50 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | -------------------------------------------------------------------------------- /source/_static/images/logo_java.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Uberspace/manual/d2e55f9a0ddc315c9c0f8d1e6356132ad0cb72ab/source/_static/images/logo_java.png -------------------------------------------------------------------------------- /source/_static/images/logo_nodejs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Uberspace/manual/d2e55f9a0ddc315c9c0f8d1e6356132ad0cb72ab/source/_static/images/logo_nodejs.png -------------------------------------------------------------------------------- /source/_static/images/logo_perl.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Uberspace/manual/d2e55f9a0ddc315c9c0f8d1e6356132ad0cb72ab/source/_static/images/logo_perl.png -------------------------------------------------------------------------------- /source/_static/images/logo_php.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Uberspace/manual/d2e55f9a0ddc315c9c0f8d1e6356132ad0cb72ab/source/_static/images/logo_php.png -------------------------------------------------------------------------------- /source/_static/images/logo_prolog.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Uberspace/manual/d2e55f9a0ddc315c9c0f8d1e6356132ad0cb72ab/source/_static/images/logo_prolog.png -------------------------------------------------------------------------------- /source/_static/images/logo_python.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Uberspace/manual/d2e55f9a0ddc315c9c0f8d1e6356132ad0cb72ab/source/_static/images/logo_python.png -------------------------------------------------------------------------------- /source/_static/images/logo_ruby.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Uberspace/manual/d2e55f9a0ddc315c9c0f8d1e6356132ad0cb72ab/source/_static/images/logo_ruby.png -------------------------------------------------------------------------------- /source/_static/images/logo_rust.svg: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /source/_static/images/open.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Uberspace/manual/d2e55f9a0ddc315c9c0f8d1e6356132ad0cb72ab/source/_static/images/open.png -------------------------------------------------------------------------------- /source/_templates/footer.html: -------------------------------------------------------------------------------- 1 |
2 | 3 | 4 |
5 |

6 | {%- if show_copyright %} 7 | {%- if hasdoc('copyright') %} 8 | {% trans path=pathto('copyright'), copyright=copyright|e %}© Copyright {{ copyright }}.{% endtrans %} 9 | {%- else %} 10 | {% trans copyright=copyright|e %}© Copyright {{ copyright }}.{% endtrans %} 11 | {%- endif %} 12 | {%- endif %} 13 | 14 | {%- if build_id and build_url %} 15 | {% trans build_url=build_url, build_id=build_id %} 16 | 17 | Build 18 | {{ build_id }}. 19 | 20 | {% endtrans %} 21 | {%- elif commit %} 22 | {% trans commit=commit %} 23 | 24 | Revision {{ commit }}. 25 | 26 | {% endtrans %} 27 | {%- elif last_updated %} 28 | {% trans last_updated=last_updated|e %}Last updated on {{ last_updated }}.{% endtrans %} 29 | {%- endif %} 30 | 31 |

32 |
33 | 34 | {%- if show_sphinx %} 35 | {% trans %}Built with Sphinx using a modified version of a theme provided by Read the Docs{% endtrans %}.
36 | {%- endif %} 37 | 38 | Licensed under CC-BY-NC-SA 4.0, uberspace.de. All programming language logos are property of the respective project. 39 | 40 | {%- block extrafooter %} {% endblock %} 41 | 42 |
43 | -------------------------------------------------------------------------------- /source/_templates/layout.html: -------------------------------------------------------------------------------- 1 | {% extends "!layout.html" %} 2 | 3 | {% block footer %} 4 | {{ super() }} 5 | {% endblock %} 6 | 7 | {% block extrahead %} 8 | 9 | {% endblock %} 10 | -------------------------------------------------------------------------------- /source/basics-ports.rst: -------------------------------------------------------------------------------- 1 | ############## 2 | Firewall Ports 3 | ############## 4 | 5 | All uberspaces come with default firewall settings, which do not allow incoming 6 | connections on ports other than 443 and 80. Some software like Wordpress, 7 | mailman or seafile can be exposed using :doc:`php-fpm ` or 8 | :doc:`web backends `. Either way, you do not need to think about 9 | ports and firewalls. 10 | 11 | If your software requires direct TCP or even UDP connections, like XMPP, ZNC or 12 | mosh, you need to open a port in the firewall. 13 | 14 | .. note:: If you plan to use :doc:`web backends `, you do **not** need to open a port for your application. 15 | 16 | .. warning:: Exposing your services directly to the internet requires you to take care of securing the connection, e.g. using TLS, as we cannot tunnel or encrypt the traffic in any way. You will also need to aquire your own certificates or reuse the webserver ones from ``~/etc/certificates``. 17 | 18 | Opening ports 19 | ============= 20 | 21 | Each uberspace can open 20 ports. The port numbers are generated automatically 22 | in the range from 40.000 to 61.000 and cannot be chosen arbitrarily. 23 | 24 | .. code-block:: bash 25 | 26 | [isabell@stardust ~]$ uberspace port add 27 | Port 40132 will be open for TCP and UDP traffic in a few minutes. 28 | 29 | .. tip:: Your application needs to listen on interface ``::`` or ``0.0.0.0`` (using ``127.0.0.1``, ``localhost``, ``::1``, the external IP, or the hostname will **not** work). 30 | 31 | Listing Ports 32 | ============= 33 | 34 | To get a list of currently open ports, execute the following command: 35 | 36 | .. code-block:: bash 37 | 38 | [isabell@stardust ~]$ uberspace port list 39 | 40132 40 | 40133 41 | 40134 42 | 43 | Closing Ports 44 | ============= 45 | 46 | If you don't need your port anymore, it's a good idea to close it. You can do so 47 | using to following command: 48 | 49 | .. code-block:: bash 50 | 51 | [isabell@stardust ~]$ uberspace port del 40132 52 | Port 40132 will be closed in a few minutes. 53 | -------------------------------------------------------------------------------- /source/basics-resources.rst: -------------------------------------------------------------------------------- 1 | ################ 2 | System Resources 3 | ################ 4 | 5 | .. _quota: 6 | 7 | Storage 8 | ======= 9 | 10 | Every Uberspace is provided with 10 GB of storage by default, you can :doc:`upgrade your storage ` up to 100GB. 11 | Over-usage of up to 10% is permitted for up to seven days. If you try to use even more than these 110% of your booked 12 | storage or if you don't free up enough storage within seven days, we will block all write access for your account. 13 | This means you won't be able to add any more data, including incoming e-mails or database storage. 14 | 15 | You may check your current storage usage with the ``quota`` command: 16 | 17 | .. code-block:: console 18 | 19 | [isabell@stardust ~]$ quota -gsl 20 | Disk quotas for group isabell (gid 1013): 21 | Filesystem space quota limit grace files quota limit grace 22 | /dev/sda2 713M 10240M 11264M 38 0 0 23 | 24 | 25 | * ``space`` shows you how much storage you're currently using. 26 | * ``quota`` shows the 10 GB *soft* limit. 27 | * ``limit`` column shows the *hard* limit of 11 GB. 28 | * ``grace`` column shows you how much time you have left to fix if you are over the soft limit. 29 | 30 | .. note:: You will be notified once in 7 days by e-mail when your free space is less than ``1 GB`` and once again when your quota hits the over-usage grace period above ``100%``. 31 | 32 | .. note:: In order to work properly, ``quota`` needs an interactive shell, otherwise it produces no output. When running an automated script (and therefore non-interactive shell), this could be achieve by, for example, connecting back to itself via ssh: ``ssh localhost quota -gl``. 33 | 34 | Find files which use a lot of storage 35 | ------------------------------------- 36 | 37 | The beforementioned ``quota`` command calculates the needed storage for files that are owned by your user anywhere on the system not only within your home folder. 38 | To find these files you should check the most common paths where files can be stored for your user: 39 | 40 | .. code-block:: console 41 | 42 | [isabell@stardust ~]$ du -hs /home/$USER /var/www/virtual/$USER /tmp /var/tmp /var/lib/php-sessions/$USER 2> /dev/null 43 | 6,9M /home/isabell 44 | 2,6M /var/www/virtual/isabell 45 | 36K /tmp 46 | 4,0K /var/tmp 47 | 0 /var/lib/php-sessions/isabell 48 | 49 | The ``du`` command is good for an raw overview about your storage usage, but to have a deeper look which files use up a lot of space 50 | we recommend the interactive tool ``ncdu``. You can use the command just within your working directory or with a path like 51 | ``ncdu /var/www/virtual/$USER`` and then browsing with your *keyboard arrows* and *enter*. 52 | 53 | Deleted but open files 54 | ~~~~~~~~~~~~~~~~~~~~~~ 55 | 56 | There might also be already deleted files, that are still used by processes. You can check this with: 57 | 58 | .. code-block:: console 59 | 60 | [isabell@stardust ~]$ lsof | grep deleted 61 | php-fpm 20326 isabell 4u REG 0,75 666 1088691286 /run/user/1024/.ZendSem.s2qmkH (deleted) 62 | 63 | .. _ram: 64 | 65 | RAM 66 | === 67 | 68 | You can use up to 1536 MB (1.5 GB) of RAM. If you try to use more than this limit, your process will be killed. We reserve the right to ask nicely to reduce your usage if it is impacting other users or the overall performance of the host. 69 | 70 | .. _cpu: 71 | 72 | CPU 73 | === 74 | 75 | Every Uberspace gets a fair slice of CPU time. If the CPU is idle, you can use more than that. Processes that try to use too much CPU resources will be throttled. 76 | 77 | -------------------------------------------------------------------------------- /source/basics-sftp.rst: -------------------------------------------------------------------------------- 1 | #### 2 | SFTP 3 | #### 4 | 5 | The *Secure File Transfer Protocol* is an encrypted protocol to exchange files between two computers, e.g. your own computer and the Uberspace host. 6 | 7 | Since SFTP is based on SSH, you can use the :ref:`SSH password `. 8 | 9 | Clients 10 | ======= 11 | 12 | * `Cyberduck `_, a macOS and Windows client. 13 | * `FileZilla `_, a multi-platform client available for Windows, Linux and macOS. 14 | * `WinSCP `_, a Windows-only client. 15 | 16 | .. tip:: FTP is an outdated protocol that does not use encryption in its standard implementation. While there are implementations such as FTP over SSL (FTPS), we believe that using a more modern protocol is the better choice. 17 | 18 | .. include:: includes/sftp-warning.rst 19 | -------------------------------------------------------------------------------- /source/basics-shell.rst: -------------------------------------------------------------------------------- 1 | ######### 2 | The Shell 3 | ######### 4 | 5 | A shell is the user interface used to control an operating system. Uberspace relies on a command-line interface (CLI) rather than a graphical user interface (GUI). 6 | 7 | Changing the Shell 8 | ================== 9 | 10 | By default, all new Uberspace accounts use the `Bash `_ shell. You can use the ``chsh`` command to switch to a different shell: 11 | 12 | .. code-block:: bash 13 | 14 | [isabell@stardust ~]$ chsh --shell /bin/zsh 15 | Changing shell for isabell. 16 | Shell changed. 17 | 18 | List Available Shells 19 | ===================== 20 | 21 | To find out which shells are available on Uberspace, run ``chsh -l``: 22 | 23 | .. code-block:: bash 24 | 25 | [isabell@stardust ~]$ chsh -l 26 | /bin/sh 27 | /bin/bash 28 | /usr/bin/sh 29 | /usr/bin/bash 30 | /usr/bin/fish 31 | /bin/zsh 32 | /bin/tmux 33 | /bin/ksh 34 | /bin/rksh 35 | /bin/tcsh 36 | /bin/csh 37 | /usr/bin/pwsh 38 | 39 | 40 | -------------------------------------------------------------------------------- /source/basics-ssh.rst: -------------------------------------------------------------------------------- 1 | ### 2 | SSH 3 | ### 4 | 5 | Unlike other providers, the native way to create things and work on your Uberspace is the command-line via SSH. If you are inexperienced how to use this, 6 | please first head over to our `SSH HOWTO `_. 7 | 8 | 9 | Connection basics 10 | ===================== 11 | 12 | You can connect to your Uberspace with a basic ``ssh`` command: 13 | 14 | .. code-block:: console 15 | 16 | localuser@localhost ~ $ ssh USERNAME@HOSTNAME.uberspace.de 17 | 18 | - the ``USERNAME`` is the name of your Uberspace you have chosen when you registered. 19 | - the ``HOSTNAME`` is the name of the server where your Uberspace is located, look it up on your `datasheet `_. 20 | 21 | This would result with our example user in: 22 | 23 | .. code-block:: console 24 | 25 | localuser@localhost ~ $ ssh isabell@stardust.uberspace.de 26 | 27 | .. _ssh-password: 28 | 29 | by Password 30 | ----------- 31 | 32 | You will need to set up a SSH password on the `dashboard logins `_ page before your first connection. 33 | 34 | .. note:: 35 | 36 | There is no SSH password set by default. If you want to remove it after you have set it up once, you need to `contact `_ us. 37 | Use SSH keys from the start to avoid this. 38 | 39 | 40 | by SSH keys 41 | ----------- 42 | 43 | Instead of using a password, you should better authenticate via SSH keys. If you are inexperienced with this, you can lookup our 44 | `SSH keys HOWTO `_. 45 | 46 | You can add a public key using the `dashboard logins `_ page. The public key 47 | will be added to the ``~/.ssh/authorized_keys`` file on your Uberspace. You can use ``RSA`` or ``ECDSA`` keys. 48 | 49 | 50 | Using a config file 51 | =================== 52 | 53 | Especially when using connections to multiple (Uberspace) servers you will benefit from managing these in a SSH config file. On your local system 54 | create a file ``~/.ssh/config`` and give it the right permissions for SSH to read: 55 | 56 | .. code-block:: console 57 | 58 | localuser@localhost ~ $ touch ~/.ssh/config 59 | localuser@localhost ~ $ chmod 600 ~/.ssh/config 60 | localuser@localhost ~ $ 61 | 62 | (How you need to do this will of course depend on your operating system.) 63 | 64 | You may add an example basic config like this to the file: 65 | 66 | .. code-block:: cfg 67 | 68 | Host uberspace.isabell 69 | Hostname stardust.uberspace.de 70 | User isabell 71 | 72 | From then on you will be able to login by simply using: 73 | 74 | .. code-block:: console 75 | 76 | localuser@localhost ~ $ ssh uberspace.isabell 77 | 78 | You are totally free in chosing a name (-schema) for ``Host``, you may also use the asterisk ``*`` for multiple connection types and there are a lot more of 79 | configuration possibilities. The `internet `_ will serve you with more information about it. 80 | 81 | 82 | Troubleshooting 83 | =============== 84 | 85 | When your connection does not work, SSH will usually not return a proper error message by default. You can switch to the debug mode with the ``-v`` or even more 86 | verbose with the ``-vvv`` flag: 87 | 88 | .. code-block:: console 89 | 90 | localuser@localhost ~ $ ssh isabell@stardust.uberspace.de -vvv 91 | […] 92 | 93 | The output won't be very easy to read but you can identify if the correct keys and configurations you set have been used. 94 | -------------------------------------------------------------------------------- /source/changelog.rst: -------------------------------------------------------------------------------- 1 | ######### 2 | Changelog 3 | ######### 4 | 5 | Below you can see the 5 most recent changes to Uberspace 7. For older changes, 6 | please refer to the :doc:`Changelog Archive `. 7 | 8 | .. include:: includes/hotfix-version.rst 9 | 10 | {# add/edit files in source/changelog to generate new changelog entries #} 11 | {% for entry in changelog_entries[:5] %} 12 | 13 | ---- 14 | 15 | .. _v{{ entry.version }}_short: 16 | 17 | {{ entry.title }} 18 | {% for n in range(entry.title|length) %}*{% endfor %} 19 | 20 | {{ entry.text }} 21 | {% endfor %} 22 | -------------------------------------------------------------------------------- /source/changelog/2017-01-20_7.0.1.rst: -------------------------------------------------------------------------------- 1 | Fixed 2 | ----- 3 | 4 | * Cleanup 5 | -------------------------------------------------------------------------------- /source/changelog/2017-02-10_7.0.2.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * own domains with mailserver via ``uberspace-add-domain -m`` 5 | * access mail via IMAP and POP3 6 | -------------------------------------------------------------------------------- /source/changelog/2017-03-03_7.0.3.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * PHP 7.1 5 | 6 | Changed 7 | ------- 8 | 9 | * make PHP 7.1 standard 10 | -------------------------------------------------------------------------------- /source/changelog/2017-03-16_7.0.4.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * relay mail via SMTP 5 | * provide symlink ``~/html`` for convenience 6 | -------------------------------------------------------------------------------- /source/changelog/2017-04-03_7.0.5.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * provide ``libunwind``, ``libicu``, ``screen``, ``ncdu`` 5 | * provide PHP modules: ``pecl-zip``, ``pecl-apcu``, ``mcrypt``, ``mbstring``, ``intl``, ``xml``, ``json``, ``tidy``, ``gd``, ``mysqlnd``, ``pgsql``, ``imap`` 6 | 7 | Fixed 8 | ----- 9 | 10 | * ``uberspace-add-domain -v`` leaked all user names and corresponding domains. 11 | -------------------------------------------------------------------------------- /source/changelog/2017-04-25_7.0.6.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * redirect HTTP requests to HTTPS 5 | * adapt ``$PATH`` to prioritize home bin: ``PATH=$HOME/.local/bin:$HOME/bin:$PATH`` 6 | * implement option to change shell via ``chsh`` without password 7 | * provide PHP module: ``bcmath`` 8 | 9 | Fixed 10 | ----- 11 | 12 | * some of the ``uberspace-*`` scripts were horribly slow. This is due to the fact that the scripts are written in Ansible and the loading of modules and fact gathering takes time. With the recent changes in we're down to <5s for each script. 13 | * fix for webserver sometimes delivering the wrong certificate 14 | -------------------------------------------------------------------------------- /source/changelog/2017-05-03_7.0.6.2.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * we say goodbye to ``daemontools`` and hello to ``supervisord``! For the impatient: 5 | * setup daemons in ``~/etc/services.d/``, create a ``*.ini`` file for `each daemon `_ 6 | * control deamons with `supervisorctl status `_. 7 | * see logs in ``~/logs/`` 8 | * check the global config if you're curious: ``/etc/supervisord.conf`` 9 | * check the `official documentation `_ 10 | -------------------------------------------------------------------------------- /source/changelog/2017-06-26_7.0.8.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * In the past the maximum upload size for PHP was chaos. We now guarantee 500 megabytes everywhere. 5 | * We now ship Python 3. You can choose from interpreter versions 3.4, 3.5, as well as 3.6. 6 | * We now provide midnight commander. 7 | * Following security best practices, we now set a number of HTTP headers. 8 | 9 | Fixed 10 | ----- 11 | 12 | * The version system did not respect the selected version, when executed with ``nice`` or within a cronjob. To fix this, we no longer modify the ``$PATH``, but instead use wrapper scripts. 13 | * To comply with German privacy regulations all IP addresses within user-accessible webserver logs are now shortened. 14 | * As to not unnecessarily leak software versions, we now remove the ``X-Powered-By`` header from all HTTP responses. 15 | * To prevent unexpected behaviour, mice are now banned from using nano. 🐭🚫 16 | 17 | Backstage 18 | --------- 19 | 20 | * We've upgraded all ``uberspace-`` scripts to [paternoster v2](github.com/uberspace/paternoster). 21 | * Since ``te512042.019e71729061e1f03aef698f89da225d00559bbd-1310.testing.ubrspc.de`` is not a very handy hostname, we now use shorter ones like ``565743.vagrant.ubrspc.de`` within our testing setup. 22 | * Nginx rightly complained about a duplicated MIME type in our config. We learned that ``text/html`` is implied, so we no longer add it to the list of gzip-able files explictly. 23 | * A `bug within vagrant-google `_ caused our workflows to be a bit cumbersome. So we `fixed it `_. 24 | * An oversight caused us to issue certificates with non-unique serial numbers during testing. While those certificates never reached production, they're more random now. 25 | -------------------------------------------------------------------------------- /source/changelog/2017-07-13_7.0.8.1.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * The changelog is now linked in the sidebar navigation. 5 | * We provide ``git`` version 2 from `IUS repo `_. 6 | * We now set ``session.use_strict_mode = 1`` in global ``php.ini`` to combat session fixation attacks. 7 | 8 | Fixed 9 | ----- 10 | 11 | * nginx and php log errors to different files now. 12 | * php session files are getting cleaned up now. 13 | * We changed our ``ssl_ciphers`` to make it possible for ``java8`` to connect via HTTPS. 14 | * Apache does not parse IP addresses in ``x-forwarded-for`` headers correctly, this is a bug in `mod_rpaf `_. To work around that we disabled ``keepalive`` between Apache<=>nginx (not nginx<=>users) for now. 15 | * Many connections to a single virtualhost can shut down the whole webserver. We now rate-limit the maximum connections for each user. 16 | -------------------------------------------------------------------------------- /source/changelog/2017-08-02_7.0.9.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * ``access_log`` and ``error_log`` can be enabled and disabled now. 5 | 6 | Changed 7 | ------- 8 | 9 | * We are using the newest MySQL file format `Barracuda `_. 10 | * We are now using ``utf8mb4`` by default in MariaDB. 11 | * ``access_log`` and ``error_log`` are disabled by default. 12 | * We adapted php.ini settings for common CMSes: drupal, Typo3, Magento, owncloud 13 | 14 | Fixed 15 | ----- 16 | 17 | * Websocket proxy connections can divert random requests. It is not known what exactly causes apache to do this, but we strongly suspect a bug. For now the fix is deactivating ``mod_proxy_wstunnel`` for the connections to Apache. 18 | * A graceful restart in Apache causes it to not accept any new requests until all old requests have been finished. This causes the server to be unresponsive for an undefined amount of time in some cases. We now set ``GracefulShutDownTimeout 5`` in the Apache config. 19 | -------------------------------------------------------------------------------- /source/changelog/2017-08-17_7.0.10.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * We now have a webmail interface. 5 | * Users are now able to provide their own ``php.ini`` files that are loaded in addition to the stock config. 6 | * Incoming mails are filtered with the ``ix.dnsbl.manitu.net`` and ``bl.spamcop.net`` blacklists to reduce SPAM. 7 | -------------------------------------------------------------------------------- /source/changelog/2017-09-21_7.0.11.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * ``$user.uber.space``-domains in addition to ``$user.server.uberspace.de``-domains. 5 | 6 | Changed 7 | ------- 8 | 9 | * Webserver logs are now stored in ``~/logs/webserver`` 10 | -------------------------------------------------------------------------------- /source/changelog/2017-10-03_7.0.12.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * 🎉 `Public Beta! `_ 🎉 5 | * The Dashboard can now talk to the Uberspace 7 servers, create users, delete users and change passwords. 6 | * We now provide ``lynx``, ``w3m`` and ``bind-utils``. 7 | * New PHP extensions: ``soap`` and ``posix``, ``shmop``, ``sysvmsg``, ``sysvsem`` and ``sysvshm``. 8 | 9 | Changed 10 | ------- 11 | 12 | * We increased the maximum concurrent webserver connections from each IP address to 15 with a burst of 150 for a short period to be within the `HTTP/2 `_ specification. 13 | * The webmail interface used to be reachable via ``webmail.servername.uberspace.de`` and we got the certificates from Let's Encrypt. Unfortunatelly we ran into the `rate limiting `_ and can't get any certificates for ``uberspace.de`` anymore. For now we had to disable the webmail interface and we will look into the issus to find a workaround. On the bright side we had to refactor the certificate deployment process and so far it's rock solid 💪😎. 14 | * We did some work on the manual: 💄 15 | 16 | Fixed 17 | ----- 18 | 19 | * Composer sees that ``/bin/php`` is a symlink and directly calls the symlink target instead of ``/bin/php``. The result was that our wrapper doesn't know it's supposed to execute php. Using a hardlink instead of a symlink fixed it. 20 | * ``something.uber.space`` can't be added via ``uberspace-add-domain`` anymore. 21 | * HTTP basic auth headers are now passed to PHP. 22 | * Adding a domain to the email configuration didn't trigger a qmail reload. 23 | -------------------------------------------------------------------------------- /source/changelog/2017-10-05_7.0.13.rst: -------------------------------------------------------------------------------- 1 | Changed 2 | ------- 3 | 4 | * Webserver: Several users ran into ``429`` errors. We removed the connection limits for now and will look into that later. 5 | 6 | Fixed 7 | ----- 8 | 9 | * Apache and PHP: ``ProxyPassMatch`` directives are evaluated first, this brings several problems: for instance ``.htaccess`` files can't be evaluated anymore before the PHP scripts are run. Using ``FilesMatch`` and ``SetHandler`` solves the issue. 10 | -------------------------------------------------------------------------------- /source/changelog/2017-10-10_7.0.14.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * We now provide ``zsh``. 5 | * Our brand new ``uberspace`` command. 6 | 7 | Changed 8 | ------- 9 | 10 | * We replaced ``user.server.uberspace.de`` with ``user.uber.space`` in the webserver config. 11 | * We migrated all ``uberspace-*-*`` tools to the new ``uberspace`` command. 12 | * The ``max_allowed_packet`` setting for MySQL is ``16777216`` now to allow importing large database dumps. 13 | 14 | Fixed 15 | ----- 16 | 17 | * ``uberspace web domain list`` now includes ``user.uber.space``. 18 | * We did not apply the MySQL config file properly, therefore ``innodb_file_format`` was not set. It is ``Barracuda`` now. 19 | -------------------------------------------------------------------------------- /source/changelog/2017-11-14_7.0.15.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * Error logging for ``.htaccess`` files can be enabled now. 5 | 6 | 7 | Fixed 8 | ----- 9 | 10 | * The ``uberspace`` command now always uses the python provided by the system. 11 | -------------------------------------------------------------------------------- /source/changelog/2017-11-17_7.0.16.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * We now provide PHP 7.2 Release Candidates. 5 | 6 | Fixed 7 | ----- 8 | 9 | * New `Let's Encrypt license `_ lead to a few cases, where the automatic certificate retrieval did not work. We now accept the latest license. 10 | -------------------------------------------------------------------------------- /source/changelog/2017-11-17_7.0.17.rst: -------------------------------------------------------------------------------- 1 | Fixed 2 | ----- 3 | 4 | * ``git`` commands from non ``git-core`` now work as well. 5 | -------------------------------------------------------------------------------- /source/changelog/2017-11-18_7.0.18.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * We now provide nodeJS 6, 8 and 9. 5 | -------------------------------------------------------------------------------- /source/changelog/2017-11-30_7.0.19.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * We now provide the ImageMagick and GraphicsMagick library 5 | * We now provide the `imagick` pecl module in all PHP versions 6 | * We now provide PHP 7.2 7 | * Due to high demand pseudo DocumentRoots are back again 8 | * ``~/bin`` directory 9 | 10 | Changed 11 | ------- 12 | 13 | * ``PHP_INI_SCAN_DIR`` now includes files from ``/home/{USER}/etc/php.d`` first to support ioncube 14 | -------------------------------------------------------------------------------- /source/changelog/2017-12-08_7.0.20.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * We now support maildrop, which enables you to apply advanced filtering to incoming mails. 5 | * Common errors like configuring the permissions on your home directory to be too open are now detected and corrected silently. A notification mechanism will be added later. 6 | 7 | Changed 8 | ------- 9 | 10 | * Domains without explicit NS-Records were not able to receive emails. We now ask for SOA instead. 11 | 12 | Fixed 13 | ----- 14 | 15 | * An erroneous systemd configuration caused the mail service to quit when it was reloaded during manual intervention. The configuration has been updated to state that the service does not support reloads. 16 | -------------------------------------------------------------------------------- /source/changelog/2017-12-19_7.0.21.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * We now provide mercurial. 5 | * You can use :doc:`additional mailboxes `. 6 | * In addition to ``$USER@uber.space``, you can now also receive mails for ``$MAILBOX@$USER.uber.space``. 7 | * We now provide :doc:`.NET `. 8 | * When you log into an Uberspace 7 server, you are now presented with the current version as well as a couple of useful links. 9 | 10 | Fixed 11 | ----- 12 | 13 | * We now support HTTPS connections form android phones running a version between 7.0 and 7.1.1. 14 | -------------------------------------------------------------------------------- /source/changelog/2017-12-20_7.0.22.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * In preparation for a public status dashboard, our servers now have additional black box monitoring. 5 | * Popular default ports like 9001 are now blocked. 6 | 7 | Changed 8 | ------- 9 | 10 | * The maximum number of processes/threads is now 400 instead of 300, which allows weechat to be compiled using linuxbrew. 11 | 12 | Fixed 13 | ----- 14 | 15 | * Usernames did have a minimal length of two. This is wrong. We changed it to one, so it matches Uberspace 6. 16 | * Because of an oversight, VMailMgr was never correctly set up for existing users users. This has been corrected. 17 | * The vMailMgr wrappers now support Unicode and the char–limits for password have been removed. A warning is displayed though, if non–ASCII chars are used. 18 | -------------------------------------------------------------------------------- /source/changelog/2018-01-03_7.0.23.rst: -------------------------------------------------------------------------------- 1 | Fixed 2 | ----- 3 | 4 | * Under rare conditions some users did not get a let’s encrypt certificate for a small percentage of their requests. This has been corrected. 5 | -------------------------------------------------------------------------------- /source/changelog/2018-01-16_7.0.24.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * All servers now come with pandoc (to convert document formats), tree (to view your directory structures in a pretty way), and imapsync (to transfer emails between IMAP accounts) installed. 5 | * We now provide development headers for the ncurses GUI library. 6 | * We now provide the “gmp” module for php. 7 | * For your network debugging needs, we now offer traceroute and mtr. 8 | 9 | Changed 10 | ------- 11 | 12 | * The $PATH of qmail is now extended by standard directories like /bin, so maildrop can be called without specifying its full path. 13 | * We now automatically restart php-fpm of your web services on updates or when new php modules are added. 14 | * Apache now uses the “event” multi processing module instead of the old “prefork”. This allows us to handle more requests in parallel. 15 | * The number of HTTP slots, which can be used by a single uberspace is now limited, so a single uberspace cannot overload our webservers. 16 | 17 | Fixed 18 | ----- 19 | 20 | * After numerous attempts to install “git submodules” and various other git sub-commands, we now got it. finally. maybe. 21 | * On reboot, supervisord user services might be started before MySQL, causing some of them to fail. They are now only started, once MySQL is fully booted. 22 | * Generating the nginx config takes too long in some cases, causing a timeout and nginx to be permanently down. We increased the timeout. The faulty script will be optimized at a later date. 23 | -------------------------------------------------------------------------------- /source/changelog/2018-01-22_7.0.25.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * We now provide ImageMagick commands like “convert” on the command line. 5 | * We now provide :doc:`Ruby ` in user selectable versions: 2.3, 2.4 and 2.5. 6 | 7 | Fixed 8 | ----- 9 | 10 | * The :doc:`PHP-FPM ` and :doc:`supervisor ` user services now run under their user's :doc:`resource restrictions `. 11 | -------------------------------------------------------------------------------- /source/changelog/2018-01-24_7.0.26.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * We now provide `phpMyAdmin `_ and `adminer `_. 5 | 6 | Changed 7 | ------- 8 | 9 | * The who/last/lastlog commands (and thus display of other user sessions) are now disabled. 10 | 11 | Fixed 12 | ----- 13 | 14 | * We now support the following special characters in mailbox names: dots (.), plus signs (+), hyphens (-) and underscores (_). 15 | -------------------------------------------------------------------------------- /source/changelog/2018-01-25_7.0.27.rst: -------------------------------------------------------------------------------- 1 | Fixed 2 | ----- 3 | 4 | * Supervisord is now restated after 10 seconds in case it is killed or crashes. 5 | -------------------------------------------------------------------------------- /source/changelog/2018-01-31_7.0.28.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * Not all apps need MySQL, so we also provide sqlite development headers for your smaller database needs. 5 | * we new provide getmail, mutt and gnutls-devel so you can get your mail, check your mail and compile crypto applications, 6 | 7 | Changed 8 | ------- 9 | 10 | * ``Uberspace mail domain add`` now emphasizes on the fact that you need to use the MX value provided by us. 11 | -------------------------------------------------------------------------------- /source/changelog/2018-02-02_7.0.29.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * In addition to the end-user sqlite we now also provide the matching development headers. 5 | -------------------------------------------------------------------------------- /source/changelog/2018-02-09_7.0.30.rst: -------------------------------------------------------------------------------- 1 | Changed 2 | ------- 3 | 4 | * If a domain is accepted by nginx, we now always provide a let's encrypt certificate for it trough auto-ssl. We hope this will prevent the case, where sometimes a correctly added domain won't get a certificate. 5 | * As promised in 7.0.24 the nginx config generation now happens way faster, resulting in quicker reboots und easier debugging. 6 | -------------------------------------------------------------------------------- /source/changelog/2018-02-16_7.0.32.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * We now provide ImageMagick development headers as well as perl bindings. 5 | * We now provide libuuid development headers. 6 | * We now provide the irssi IRC client. 7 | 8 | Fixed 9 | ----- 10 | 11 | * Maildrop can now be used in .qmail files without specifying the full path. This should have been fixed in 7.0.24, but we misread the systemd documentation, so here we go again. 12 | * The message shown on websites hosted on deactivated accounts is now correctly displayed in browsers. 13 | 14 | Changed 15 | ------- 16 | * ~/php.d is now loaded last, so it can override values set in the global php.ini. To load extensions like ioncube, which insist on being loaded first, use the newly introduced php.early.d. 17 | -------------------------------------------------------------------------------- /source/changelog/2018-02-21_7.0.33.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * Say hi to our new central webmail interface https://webmail.uberspace.de 5 | 6 | Changed 7 | ------- 8 | 9 | * PHP, nodejs and other languages can now be used in cronjobs, regardless of the exact PATH set there. 10 | -------------------------------------------------------------------------------- /source/changelog/2018-03-05_7.0.34.rst: -------------------------------------------------------------------------------- 1 | Fixed 2 | ----- 3 | 4 | * Because of a configuration error php-fpm logs were recorded to a non-user-accessible default location, even when the user did not turn them on. This has been resolved and all logs have been deleted. 5 | 6 | Added 7 | ----- 8 | 9 | * Sometimes you want to assert ownership. We now provide the “whois”-tool, so you can do that. 10 | 11 | Changed 12 | ------- 13 | 14 | * We switched our MTA on port 25 to haraka, to enable spam filtering in the future. -------------------------------------------------------------------------------- /source/changelog/2018-03-09_7.1.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * SPAM filtering for incoming mails: All incoming email is now spamchecked via rspamd. Mails with a spam score higher than 15 are rejected. 5 | * You can opt out of our new rspamd spamfilter with the `uberspace mail spamfilter (enable|disable)` command. 6 | 7 | Fixed 8 | ----- 9 | 10 | * Webmail now works with mail addresses like charlie@user.uber.space 11 | * The webmail client now supports uploading attachments 12 | * We now support IMAP / POP3 / SMTP login with `@uber.space` 13 | * Parsing of requested versions is now more rigid, resulting in fewer crashes for invalid versions. 14 | 15 | Changed 16 | ------- 17 | 18 | * The output of “uberspace mail domain add” now includes a sample SPF record. -------------------------------------------------------------------------------- /source/changelog/2018-03-19_7.1.1.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * To support users with file transfer related things, we now install lftp and ncftp by default. 5 | 6 | Changed 7 | ------- 8 | 9 | * dmesg output is now hidden for normal users, as it was on U6. 10 | 11 | Fixed 12 | ----- 13 | 14 | * uberspace mail filter status is now working as documented -------------------------------------------------------------------------------- /source/changelog/2018-04-09_7.1.2.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * We now install composer to help you manage your PHP dependencies 5 | * We now install WP-CLI to manage Wordpress installations. 6 | * We now provide libpng-dev 7 | 8 | -------------------------------------------------------------------------------- /source/changelog/2018-04-13_7.1.3.rst: -------------------------------------------------------------------------------- 1 | Fixed 2 | ----- 3 | 4 | * We fixed a security issue allowing users to read the list of all mail domains setup on their host. 5 | * Bash completion scripts in /etc/bash_completion.d/ are now sourced for login shells. This includes wp and composer commands. -------------------------------------------------------------------------------- /source/changelog/2018-05-15_7.1.5.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * We now provide fetchmail for your mail fetching pleasure. 5 | * We now provide goaccess. 6 | 7 | Fixed 8 | ----- 9 | 10 | * Mailbox names now can start with a number. -------------------------------------------------------------------------------- /source/changelog/2018-05-22_7.1.6.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * we now provide joe. -------------------------------------------------------------------------------- /source/changelog/2018-05-28_7.1.7.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * We now provide PHP-GNUPG 🔐 5 | 6 | Changed 7 | ------- 8 | 9 | * Reject mails to invalid recipients on valid domains early, instead of bouncing them. -------------------------------------------------------------------------------- /source/changelog/2018-06-01_7.1.8.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * We now provide the glances monitoring tool. 5 | * We now provide PHP-PEAR. 6 | * We now provide jq. 7 | 8 | Changed 9 | ------- 10 | 11 | * The path to binaries from PHP composer packages, which are globally installed by users, is now included in the `PATH` environment variable. 12 | -------------------------------------------------------------------------------- /source/changelog/2018-06-06_7.1.9.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * We now provide gdbm-devel 5 | * We now provide libcurl-devel -------------------------------------------------------------------------------- /source/changelog/2018-07-25_7.1.10.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * SELinux is now enabled globally. In case you experience any unexpected "403 Forbidden" or "Permission denied" errors, please contact our support. 5 | * Backups are now available at `/backup` 6 | * We now provide `mtop` 7 | * We now provide cpanm and other basic perl tools 8 | * We now provide php-xmlrpc 9 | * We now provide dos2unix and unix2dos 10 | * We now provide librsync and librsync-devel 11 | 12 | Changed 13 | ------- 14 | * The local-part of mail addresses is now case-insenstive 15 | -------------------------------------------------------------------------------- /source/changelog/2018-08-14_7.1.11.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * We now provide poppler and Node.js 10 -------------------------------------------------------------------------------- /source/changelog/2018-08-20_7.1.12.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * We now provide lame-devel, libmad-devel, libogg-devel, libsamplerate-devel, libvorbis-devel and taglib-devel -------------------------------------------------------------------------------- /source/changelog/2018-09-24_7.1.13.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * Poppler, a PDF rendering library. 5 | * luarocks, a package manager for the Lua programming language. 6 | * We provide mb2md so you can easily convert mbox files to Maildirs. 7 | * Update .net to 2.1 8 | * 🐟 We now provide the fish shell 9 | * New packages: lua-devel, tcl-devel, gnuplot, e2fsprogs-devel, expat-devel, jpegoptim, optipng 10 | -------------------------------------------------------------------------------- /source/changelog/2018-10-11_7.1.14.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * We now provide cairo-devel and darcs 5 | * :ref:`MariaDB SQL backups ` are now accessible by users 6 | 7 | Changed 8 | ------- 9 | 10 | * We limit outgoing mails via SMTP to 500 per hour 11 | * We lowered the max age for files in /tmp from 10 days to 1 day 12 | * We no longer accept sub domains from other users for ``uberspace domain add`` -------------------------------------------------------------------------------- /source/changelog/2018-10-15_7.1.15.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * We now provide the php ldap module 5 | 6 | Changed 7 | ------- 8 | 9 | * We updated MariaDB to version 10.3 10 | -------------------------------------------------------------------------------- /source/changelog/2018-11-07_7.1.16.rst: -------------------------------------------------------------------------------- 1 | Added: 2 | ------ 3 | 4 | * We now allow users to set variables in their SSH session environment 5 | 6 | Changed: 7 | -------- 8 | 9 | * The `/mysql_backup/{current,old}` directories are now user readable. Also backups now include the UNIX time in their timestamp. -------------------------------------------------------------------------------- /source/changelog/2018-11-21_7.1.17.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * We now provide `at` and `wkhtmltopdf` 4 | 5 | Changed 6 | ------- 7 | * Undeliverable outgoing E-Mails now bounce after 1 day, instead of 10. 8 | 9 | Fixed 10 | ----- 11 | * Removed SQL backups from quota. 12 | -------------------------------------------------------------------------------- /source/changelog/2018-12-13_7.1.19.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * .NET Core is now available in Version 2.2 5 | 6 | Fixed 7 | ----- 8 | 9 | * An internal API key was readable to local users. We fixed the permissions, reset the keys on all hosts and made sure that future hosts are setup correctly. 10 | -------------------------------------------------------------------------------- /source/changelog/2019-01-23_7.2.2.rst: -------------------------------------------------------------------------------- 1 | Changed 2 | ------- 3 | * deprecate Node 9, we set version 10 for all affected users 4 | * update to Ruby Bundler 2 5 | * limit user runtime directories to 25MB 6 | 7 | Fixed 8 | ----- 9 | * Fix PHP FPM open_basedir 10 | * increase the max values for semaphore parameters to prevent Apache outages 11 | * keep SQL dumps for 21 days as promised 12 | * a lot of cleanup and polish here and there (fix for MariaDB restarts, changed Supervisord PATH, ...) 13 | -------------------------------------------------------------------------------- /source/changelog/2019-02-01_7.2.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * web backends 5 | 6 | Changed 7 | ------- 8 | 9 | * every account now has its own isolated network stack 10 | -------------------------------------------------------------------------------- /source/changelog/2019-02-13_7.2.3.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * PHP 7.3 4 | 5 | Changed 6 | ------- 7 | * deprecated PHP 5.6 & PHP 7.0, migrated all users to 7.1 8 | 9 | Fixed 10 | ----- 11 | * lots of internal stuff: fixed not rebooting systems (waiting for ...), fixed not booting systems (logind stuck), fixed stuck supervisord instances, fixed all the things! 12 | -------------------------------------------------------------------------------- /source/changelog/2019-03-06_7.2.4.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * We now provide Xvfb and readline-devel 4 | 5 | Changed 6 | ------- 7 | * lower OOM-Killer score for our own services like MariaDB to prevent restarts 8 | -------------------------------------------------------------------------------- /source/changelog/2019-03-18_7.2.5.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * we now provide elixir 4 | 5 | Changed 6 | ------- 7 | * `uberspace tools restart php` now also restarts the socket in case PHP hangs and can't be restarted by users. 8 | -------------------------------------------------------------------------------- /source/changelog/2019-03-25_7.2.7.rst: -------------------------------------------------------------------------------- 1 | Fixed 2 | ----- 3 | 4 | * reworked network namespaces to save *lots of* RAM 5 | * one character usernames crashed signup process 6 | * healtcheck tests bailed over deleted users 7 | -------------------------------------------------------------------------------- /source/changelog/2019-04-02_7.2.8.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * We now provide libidn-devel, clojure and moreutils 4 | 5 | Fixed 6 | ----- 7 | 8 | * Lots of behind the scenes work for network namespaces (fixed login failures for example) 9 | -------------------------------------------------------------------------------- /source/changelog/2019-04-08_7.2.9.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * introduce "deprecated" flag for tool versions 4 | 5 | Changed 6 | ------- 7 | * Deprecate Ruby 2.3 8 | * gather only minimal facts for uberspace commands to boost performance 9 | * enforce SQL passwords for users 10 | 11 | Fixed 12 | ----- 13 | * We switched to restrictdocroot.so in our PHP-FPM setup because open_basedir slows apps down considerably 14 | -------------------------------------------------------------------------------- /source/changelog/2019-04-30_7.2.10.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * Ruby 2.6 4 | * We now allow `*..uber.space-subdomains`` in webserver 5 | 6 | Changed 7 | ------- 8 | * changed oom score of SSH so users can login even when there is no memory left 9 | * deprecate NodeJS 6 10 | 11 | Fixed 12 | ----- 13 | * websockets in .net projects now actually work 14 | * large uploads work again, we changed mod_requestTimeout from 20 to 900 15 | -------------------------------------------------------------------------------- /source/changelog/2019-05-08_7.2.11.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * We now provide boost-devel 4 | 5 | Changed 6 | ------- 7 | 8 | * TLSv1.0/v1.1 is now disabled in webserver 9 | * rotate user webserver logs, enable users to delete them 10 | * We removed Ruby 2.3 11 | 12 | Fixed 13 | ----- 14 | * login was slow when initial netns was created by cron 15 | * wrong MariaDB timezone 16 | -------------------------------------------------------------------------------- /source/changelog/2019-05-27_7.2.14.rst: -------------------------------------------------------------------------------- 1 | 7.2.12 and 7.2.13 had no user facing features, we changed and fixed lots of internal stuff. 2 | 3 | Added 4 | ----- 5 | 6 | * provide calendar 7 | * provide imlib2, imlib2-devel 8 | * enable users to compile golang apps 9 | 10 | Changed 11 | ------- 12 | 13 | * Raise max_connect_errors in MariaDB to 10000 14 | * use mitogen for on-host ansible 15 | * remove RequestReadTimeout body=900 to (hopefully) finally fix the issues with big uploads 16 | 17 | Fixed 18 | ----- 19 | 20 | * public suffix list gets updated now 21 | * maillimit crashed with user-set path 22 | * fixes a typo in "uberspace mail" 23 | * systemd reload caused deployment timeout 24 | -------------------------------------------------------------------------------- /source/changelog/2019-06-03_7.3.0.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * allow users to open a port in the firewall 5 | 6 | 7 | Changed 8 | ------- 9 | 10 | * add ~/go/bin to $PATH 11 | -------------------------------------------------------------------------------- /source/changelog/2019-06-12_7.3.1.1.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * give users access to let's encrypt certificates 5 | 6 | 7 | Fixed 8 | ----- 9 | 10 | * newest PHP 7.3 segfaults when opcache is enabled, we downgraded to a working version for now 11 | -------------------------------------------------------------------------------- /source/changelog/2019-06-25_7.3.2.rst: -------------------------------------------------------------------------------- 1 | Changed 2 | ------- 3 | * avoid non-ASCII characters in uberspace command 4 | 5 | Fixed 6 | ----- 7 | * certificates for .uber.space domains are not present 8 | * very long domains crash nginx 9 | * disabling PHP error log also deletes backup copy of the log 10 | -------------------------------------------------------------------------------- /source/changelog/2019-06-26_7.3.2.1.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * add support for TLS 1.3 5 | 6 | Fixed 7 | ----- 8 | 9 | * regular expresion for user log rotation 10 | -------------------------------------------------------------------------------- /source/changelog/2019-07-05_7.3.3.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * we now provide neovim and clang 4 | * enable HTTP/2 server push 5 | 6 | Changed 7 | ------- 8 | * add prime256v1 for nodejs, nodejs 8 doesn't support secp384r1 yet, as do some others 9 | * disable RSPAMD_EMAILBL check 10 | 11 | Fixed 12 | ----- 13 | * replace logrotate for user logs with custom script because logrotate doesn't do what it should 14 | -------------------------------------------------------------------------------- /source/changelog/2019-07-22_7.3.4.1.rst: -------------------------------------------------------------------------------- 1 | Internal changes with our deployment system only. 2 | -------------------------------------------------------------------------------- /source/changelog/2019-07-22_7.3.4.rst: -------------------------------------------------------------------------------- 1 | This was mostly a maintainance release, containing internal CI releated things. But it also contains these… 2 | 3 | Fixed 4 | ----- 5 | 6 | - We promise a log retention period of 7 days in `our manual `__. For a while we only kept logs for 5 days though. This is now fixed. 7 | 8 | Added 9 | ----- 10 | 11 | - We provide the Ada compiler `gnat `_. 12 | 13 | Changed 14 | ------- 15 | 16 | - We include `luarocks `_ in ``PATH`` and also set the ``LUA_PATH`` / ``LUA_CPATH`` environment variables. 17 | -------------------------------------------------------------------------------- /source/changelog/2019-07-31_7.3.4.2.rst: -------------------------------------------------------------------------------- 1 | Fixed 2 | ----- 3 | 4 | - On some hosts, we were unable to create new accounts. This is now fixed. There was no user impact, as the affected accounts were relocated. 5 | -------------------------------------------------------------------------------- /source/changelog/2019-08-21_7.3.5.2.rst: -------------------------------------------------------------------------------- 1 | This release fixes some issues with supervisord and the firewall: 2 | 3 | Changed 4 | ------- 5 | * set dummy user & password for supervisord's http server 6 | * move `supervisord `_ socket out of users home directory because supervisord became uncontrollable when users deleted ``$HOME/tmp/supervisor.sock`` 7 | 8 | 9 | Fixed 10 | ----- 11 | * fix race condition in mail limiter 12 | * make `open ports `_ available via IPv6 13 | -------------------------------------------------------------------------------- /source/changelog/2019-09-04_7.3.6.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * we now provide php-devel for all PHP versions 4 | * install colordiff 5 | 6 | Fixed 7 | ----- 8 | * fix account deletion for users with databases with special characters in their names 9 | -------------------------------------------------------------------------------- /source/changelog/2019-10-29_7.3.6.2.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * we now provide GeoIP-devel and aspell 4 | 5 | Changed 6 | ------- 7 | * enlarge proxy_buffer_size to send a bigger amount of http headers 8 | * set http_max_upload_size_mb to 2048mb fof bigger uploads 9 | * update sqlite to version 3.28 10 | -------------------------------------------------------------------------------- /source/changelog/2019-11-04_7.3.7.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * NodeJS 12 and 13 4 | * Erlang/OTP 20, 21 and 22 5 | * We now provide gnutls-utils 6 | 7 | Changed 8 | ------- 9 | * set NodeJS default version to 12 10 | 11 | Fixed 12 | ----- 13 | * Users can add illegal domains using capital letters 14 | -------------------------------------------------------------------------------- /source/changelog/2019-11-13_7.3.8.1.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * city-fan repo for fresh curl and libssl versions 4 | 5 | Changed 6 | ------- 7 | * set PHP default version to 7.2 8 | * update curl to version 7.67 9 | -------------------------------------------------------------------------------- /source/changelog/2019-12-19_7.3.10.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * PHP 7.4 5 | -------------------------------------------------------------------------------- /source/changelog/2020-01-22_7.3.11.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * fcgi-devel 4 | * ``restrictdocroot.so`` to PHP 7.4 5 | 6 | Changed 7 | ------- 8 | * raise max_allowed_packet in MariaDB from 16M to 64M 9 | 10 | Fixed 11 | ----- 12 | * Cloudflare can now access the ``.well-known`` folder via port 443 13 | * ``REMOTE_ADDR`` is now ``NN.NN.NN.NN`` in case of IPv4 14 | -------------------------------------------------------------------------------- /source/changelog/2020-01-30_7.3.13.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ------- 3 | * Dotnet Core 3.1 LTS 4 | -------------------------------------------------------------------------------- /source/changelog/2020-02-03_7.4.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * php-pecl-redis5 4 | * spam folder for user mailboxes 5 | * texlive-latex and texlive-dvips 6 | 7 | Changed 8 | ------- 9 | * enable rspamd autolearning 10 | * mail domains MX check: add fallback to SOA records in case a domain does not have NS records 11 | -------------------------------------------------------------------------------- /source/changelog/2020-02-18_7.4.1.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * :ref:`catchall` 4 | * implement uberspace command to :doc:`forward mails ` 5 | * provide texlive-dvipng, texlive-cm, texlive-pdfpages, texlive-graphics, texlive-iftex and socat 6 | 7 | Changed 8 | ------- 9 | * spam folder is enabled for new accounts 10 | * spamfilter is always enabled, remove ``uberspace mail spamfilter`` commands 11 | 12 | Fixed 13 | ----- 14 | * add catchall to spam folder maildrop filter 15 | * user ports now survive firewalld updates and reloads 16 | -------------------------------------------------------------------------------- /source/changelog/2020-03-03_7.4.2.rst: -------------------------------------------------------------------------------- 1 | Changed 2 | ------- 3 | * ban short/bad passwords for mailboxes 4 | 5 | Fixed 6 | ----- 7 | * spam folder filter now works with forwarded catchall 8 | * we now accept mails on IDN domains without Punycode 9 | -------------------------------------------------------------------------------- /source/changelog/2020-03-11_7.4.3.rst: -------------------------------------------------------------------------------- 1 | Changed 2 | ------- 3 | * set AllowEncodedSlashes NoDecode in Apache config 4 | -------------------------------------------------------------------------------- /source/changelog/2020-03-18_7.4.4.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * we now provide php-mongodb, nasm and gd-devel 4 | -------------------------------------------------------------------------------- /source/changelog/2020-03-25_7.5.rst: -------------------------------------------------------------------------------- 1 | Changed 2 | ------- 3 | * Added a link to our status page is.uberspace.online to the *motd*. 4 | 5 | Fixed 6 | ----- 7 | * Prevented Ansible from automatic type-casting variables (which could lead to 8 | errors with ``uberspace`` commands for certain edge cases). 9 | * We now show an error message, if you try to remove a non existent web backend. 10 | -------------------------------------------------------------------------------- /source/changelog/2020-03-31_7.5.1.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * **Ruby** ``2.7``. 4 | * `PHP decimal `_ for all **PHP** versions, supported by 5 | us. 6 | * *Sodium* for **PHP** ``7.4``. 7 | * `ghostscript `_. 8 | * `textpos `_. 9 | 10 | Changed 11 | ------- 12 | * The default **PHP** version for new users is now ``7.4`` (was ``7.2``). 13 | * We allow up to 50 **PHP-FPM** workers (up from 10). 14 | 15 | Fixed 16 | ----- 17 | * Enable lingering for user processes. This should prevent processes, that are 18 | inside the user slice but outside a session scope, from being killed, when no 19 | user sessions are active. 20 | * Prevent our health-check script from creating empty ``~/.my.cnf`` files, if 21 | a user removed it. This will also prevent changed access timestamps on those 22 | files. 23 | 24 | Deprecated 25 | ---------- 26 | * **Ruby** ``2.4``. 27 | -------------------------------------------------------------------------------- /source/changelog/2020-04-02_7.5.1.1.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * Two new VMs: ``bernardi.uberspace.de`` and ``hernmann.uberspace.de``. 4 | 5 | Changed 6 | ------- 7 | * After increasing the max value for **PHP-FPM** workers to 50 (up from 10) in 8 | ``v7.5.1``, we now tuned it down to 20. 9 | * For *MariDB* we increased ``max_connections`` (to 2000, was 400) and 10 | ``max_user_connections`` (to 100, was 20). 11 | -------------------------------------------------------------------------------- /source/changelog/2020-04-08_7.5.1.2.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * Some development packages: ``irssi-devel``, ``jq-devel``, ``libyaml-devel``, 4 | ``poppler-devel`` and ``wkhtmltopdf-devel``. 5 | 6 | Changed 7 | ------- 8 | * We decreased ``process_idle_timeout`` for **PHP-FPM** workers to 180 seconds 9 | (down from 900). This reduces the time a spawned child has to be idle before 10 | it will be killed (to accomodate for the increase in allowed childs). 11 | -------------------------------------------------------------------------------- /source/changelog/2020-04-20_7.6.0.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * We now support **Python** ``3.7`` (compiled and packaged by us). 4 | * We now support **Python** ``3.8`` (compiled and packaged by us). 5 | * We added the `zlib` Plugin to *Dovecot*, to support compressed mailboxes. 6 | 7 | Changed 8 | ------- 9 | * We had previously pinned **PHP** to ``7.3.5``, because newer versions 10 | segfault'ed when *opcache* was enabled. This is no longer the case, so we 11 | removed the pin. 12 | * Crashed **PHP-FPM** user instances failed to automatically restart when a 13 | user had exceeded their quota. They should now recover on their own, when 14 | the user no longer exceeds the quota. 15 | -------------------------------------------------------------------------------- /source/changelog/2020-04-23_7.6.1.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * `fping `_ 4 | * `pwgen `_ 5 | * ``libtool-ltdl-devel`` 6 | 7 | Updated 8 | ------- 9 | * Updated our manual and error messages in regards to 10 | `xcvbn `_. A library, we use to 11 | check and enforce password strength for user mailboxes. 12 | 13 | Changed 14 | ------- 15 | * Cleanup _journald_ logs, disabled *split mode* and set a retention time of 16 | seven days. 17 | * Increased the process limit to ``1024`` (up from ``400``). Mostly because this 18 | is the lowest limit we can use and still support 19 | `Erlang `__. 20 | -------------------------------------------------------------------------------- /source/changelog/2020-05-07_7.6.1.1.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * Installed `pecl-yaml `_ for all our 4 | supported *PHP* versions. 5 | 6 | Updated 7 | ------- 8 | * *MariaDB* to `10.3.22 `_. 9 | 10 | Changed 11 | ------- 12 | 13 | * *Node.js* ``v8`` reached end of life late last year. We deprecated it a 14 | while ago and now moved the last remaining users to ``v12`` (the latest LTS, 15 | it has security support till April 2022). 16 | 17 | * *PHP* ``v7.1`` reached end of life late last year. We deprecated it a 18 | while ago and now moved the last remaining users to ``v7.2`` (it has security 19 | support till November 2020). 20 | 21 | Fixed 22 | ----- 23 | * A regression in our ``uberspace {mail,web} domain del`` commands, that lead 24 | to always deleting the given domain for both categories. 25 | -------------------------------------------------------------------------------- /source/changelog/2020-05-12_7.6.1.2.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * Better support for web assembly files: set MIME type ``application/wasm`` 4 | for ``.wasm``, ``.wasm.gz``, ``.wat``, ``.wat.gz`` and enable *gzip* 5 | compression. 6 | 7 | Updated 8 | ------- 9 | * Updated *Haraka* to ``2.8.25``. 10 | -------------------------------------------------------------------------------- /source/changelog/2020-05-25_7.6.2.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * `Rust `_ ``stable`` channel. You can read about it 4 | in `our manual `__. 5 | * `Node.js `_ version ``14``. 6 | * `mosquitto `_. 7 | * `ffmpeg `_. 8 | * *pipeview* (``pv``). 9 | * *libnice*. 10 | * *libwebsockets*. 11 | 12 | Changed 13 | ------- 14 | * The data directory for MariaDB (``/var/lib/mysql``) is now stored on SSD. 15 | * Also on SSD: *rpm*, *yum* and *journald* data directories (``/var/lib/rpm``, 16 | ``/var/lib/yum``, ``/var/cache/yum`` and ``/var/log/journal``). 17 | -------------------------------------------------------------------------------- /source/changelog/2020-06-03_7.7.0.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * *HTTP* outgoing headers can how be changed and set using 4 | ``uberspace web header`` 5 | (`manual entry `_). 6 | * *MySQL* `event scheduler `_ is now enabled. 7 | * *ImageMagick* v7 now has 8 | `HEIC `_ 9 | support. 10 | * `Redis `_ is preinstalled. 11 | * *Java* now includes the Java Development Kit (``javac``) 12 | 13 | Changed 14 | ------- 15 | * *Java* is now version 14 and will be updated as EPEL's 16 | ``java-latest-openjdk`` updates. 17 | * *tmux* is now version 2.9a. 18 | * *HSTS* is enforced for 1 year. 19 | * *HTTP⇒HTTPS* redirects use 301 instead of 302. 20 | 21 | Fixed 22 | ----- 23 | * *SMTP* on port 587 now no longer accepts mails to local domains without 24 | authentication. 25 | * *SMTP* on port 25 now automatically restarts, should it crash for any reason. 26 | The recent SSD migrations caused it to crash once on each host leading to a 27 | downtime of ~10 minutes. This change mitigates this on future crashes. 28 | * *Dovecot* (IMAP/POP3) now gets version updates independently of other 29 | packages. This dramatically shortens downtimes during updates, as the 30 | package script otherwise waits until all other packages have finished 31 | updating before Dovecot can start again. 32 | * *goaccess* now supports "tcb_btree" again to fix ``--keep-db-files``. 33 | -------------------------------------------------------------------------------- /source/changelog/2020-06-08_7.7.1.rst: -------------------------------------------------------------------------------- 1 | Fixed 2 | ----- 3 | * A case where a **web backend** with the option ``--remove-prefix`` ends up 4 | doing nothing. 5 | -------------------------------------------------------------------------------- /source/changelog/2020-07-28_7.7.2.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * Support for Haskell, via `Haskell Platform `_. 4 | * ``ksh`` - the `KornShell `_. 5 | * ``emacs`` - an `editor `_ (among other things). 6 | * ``js`` - Netscape's JavaScript interpreter. 7 | * The *php-dba* database abstraction layer module for PHP ``7.{2,3,4}``. 8 | * Dependencies for *Chrome headless*. 9 | 10 | Fixed 11 | ----- 12 | * Unified the *regular expression* used to guard **web header** input for the 13 | ``uberspace web header …`` command. The ones used for the ``del`` and 14 | ``suppress`` sub-commands where unnecessarily stricter, than the one used for 15 | ``set``. This allowed setting headers, that could neither be deleted nor 16 | suppressed. 17 | -------------------------------------------------------------------------------- /source/changelog/2020-08-10_7.7.3.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * *Nginx* serves *favicons* and *SVGs* compressed (``image/x-icon``, 4 | ``image/svg+xml``). 5 | 6 | Changed 7 | ------- 8 | * We decreased our global `Rspamd `_ **reject score** to 9 | ``10`` (down from ``15``). This means, that we reject mails percieved as spam 10 | sooner. 11 | 12 | * When adding new mail domains with ``uberspace mail domain …``, we now first 13 | ask the DNS resolver for the ``MX`` records, and only fall back to our old 14 | behaviour (i.e. querying the responsible nameservers directly), when this 15 | fails (meaning the record does not point to the host). This allows for edge 16 | cases, like when a person is using the NSEntry service of DENIC where the TLD 17 | nameservers directly hands out all records. 18 | 19 | * Error pages generated by the Apache webserver now display 20 | ``@uber.space`` instead of ``hallo@uberspace.de`` as a means of 21 | contact. Users of users kept asking our support about issues we cannot resolve 22 | for them, because they aren't our customers. The new mail address directs them 23 | to the right person. 24 | 25 | Internal 26 | -------- 27 | 28 | * We added a script to clean up DNS records created during our internal testing 29 | process. This will lead to more time spend building features and less time 30 | debugging the DNS. 31 | 32 | * Configuration for the Apache webserver is now generated for all users before 33 | the server starts, instead of on account creation. This way we can easily 34 | change the configuration file in the future. Other services already use this 35 | scheme. 36 | -------------------------------------------------------------------------------- /source/changelog/2020-08-17_7.7.4.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | - We included the official RPM repository for the **Mercurial SCM**. So ``hg`` 4 | now comes in version ``5.4.2`` (was ``2.6.2``). 5 | 6 | - `Erlang `__ version ``23``. 7 | 8 | - We provide ``devtoolset-9`` (enabled by default). Resulting in more recent 9 | versions of development tooling (e.g. ``gcc`` in version ``9.3``). 10 | 11 | Changed 12 | ------- 13 | - Incoming connections directed to a 14 | `user's port `_ will no longer 15 | be masqueraded, meaning users processes can now acces the *public client IP*. 16 | 17 | - We set ``underscores_in_headers on`` in our *Nginx* configuration, so that 18 | headers containing underscores are no longer discarded. 19 | 20 | - The configuration prefix for **Node.js** is no longer hardcoded to 21 | ``/home/$USER``, but mearly defaults to it. This means users can now use the 22 | ``NPM_CONFIG_PREFIX`` environment variable, to set their own prefix. 23 | 24 | Fixed 25 | ----- 26 | - We made the part of our ``uberspace`` command that parses user settings from 27 | YAML files more resistant, so it should no longer bail over corrupted 28 | files. 29 | -------------------------------------------------------------------------------- /source/changelog/2020-08-31_7.7.5.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * weechat_ - an IRC client 5 | * yarn_ - a package manage for nodejs 6 | * protobuf_ - headers and libraries used to comple applications that make use of 7 | Google's Protocol Buffers 8 | * ``js-devel`` - development headers for the installed ``js`` javascript engine 9 | * tcsh - a shell compatible with the C shell 10 | * Cyrillic font support for TeX Live 11 | 12 | Changed 13 | ------- 14 | 15 | * rspamd now uses the `ZMI ruleset against German spam`_ to improve spam 16 | filtering 17 | 18 | Internal 19 | -------- 20 | 21 | * We prepared our internal U7 repository to play around with AWX, a platform to 22 | execute ansible-playbooks reliably. We currently use gitlab-ci to run them. 23 | * We re-enabled node_exporter to generate fancy graphs and metics, which we 24 | intend to share publicly in the future. At the moment we're using icinga2 to 25 | collect metrics. 26 | * We deleted old, dead code that was blocking common ports like 6100 so users 27 | cannot use them. This is no longer a concern, as every user has their own 28 | network namespace now. 29 | * Files created by ansible in ``/root/.ansible/tmp`` are now cleaned up 30 | regularly. This should speed up the backup process, as there were quite many 31 | of them. 32 | 33 | .. _weechat: https://weechat.org/ 34 | .. _yarn: https://yarnpkg.com/ 35 | .. _protobuf: https://developers.google.com/protocol-buffers 36 | .. _`ZMI ruleset against German spam`: http://sa.zmi.at 37 | -------------------------------------------------------------------------------- /source/changelog/2020-09-07_7.7.6.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * libgdiplus 5 | * libacl 6 | 7 | Fixed 8 | ----- 9 | 10 | * ``uberspace web header set`` now correctly processes entries with special 11 | characters. 12 | * Web Backends now no longer match `/etherpad_test` for a backend that was 13 | set on `/etherpad`. Additionally, requests to `/etherpad` are redirected 14 | to `/etherpad/`. 15 | 16 | Changed 17 | ------- 18 | 19 | * Node.js version 13 is now deprecated 20 | * HTTP status 500 responses are now replaced with a custom error page 21 | showing instructions how to resolve the error. This can be disabled using 22 | the new ``uberspace web errorpage`` command. 23 | 24 | Internal 25 | -------- 26 | 27 | * We started to restructure our repository to split it up into smaller 28 | modules in the future. This will enable us to make quicker releases in the 29 | future. 30 | * MySQL backups are now dumped at a random time each night, taking load off 31 | our storage system by distributing the resulting peaks better. 32 | * The NFS mount ``/backup`` is now monitored via icinga2, helping us to 33 | fix it faster when it hangs. 34 | * We use a simple watchdog to restart httpd/nginx automatically in case 35 | they do no longer respond to requests. Its checking turned out to be too 36 | aggressive, resulting in a restart loop in rare cases. We now wait for 37 | the server to recover before attempting another check/restart. 38 | -------------------------------------------------------------------------------- /source/changelog/2020-09-16_7.7.7.rst: -------------------------------------------------------------------------------- 1 | ✈ 2 | 3 | Added 4 | ----- 5 | 6 | * support for Sieve, documentation and announcement will follow. 7 | * rrdtool 8 | 9 | Fixed 10 | ----- 11 | 12 | * Modification time of files in `~/etc/certificates` now reflects the time the 13 | certificate was generated, instead of the current time +/- 1 minute, which was 14 | a bit useless. 15 | * The number of simultaneous SMTP connections is now limited, closing an easy 16 | but harmless DoS vector. Additionally, we added more SMTP connection slots. 17 | 18 | Changed 19 | ------- 20 | 21 | * New accounts now come with an `index.html` explaining how to upload content, 22 | replacing the 403 Forbidden page that was shown in the past. 23 | * Web Backends now serve their content at both `/etherpad` and `/etherpad/`, 24 | partly reverting the change made in 7.7.6 because of incompatibility with 25 | web socket libraries. 26 | * Web Backends can now report a custom `Server:` HTTP response header, which is 27 | passed to the client. By default, the server responds `Server: nginx` 28 | like before. 29 | * supervisord is now version 4.2.1 30 | 31 | Internal 32 | -------- 33 | 34 | * In the past we used two mechanisms to deploy the primary TLS certificate: 35 | prepared (put in a bought one) and self-signed (generate one on demand). The 36 | former was used for production, the latter for our automatic tests. This 37 | caused the production code path only being tested in... production, which is 38 | bad. We changed this to always use "prepared" and removed all of the "self- 39 | signed" code. 40 | * We removed the java installation that was active before 7.7.0 41 | * General cleanup in our repository removing a total of 800 lines of dead code. 42 | -------------------------------------------------------------------------------- /source/changelog/2020-09-29_7.7.8.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * `deno `_ JavaScript/TypeScript runtime 5 | * ``nagios-plugins-http`` 6 | * ``rclone`` 7 | * re-added support for Sieve. We had to remove it shortly after the rollout in 8 | v7.7.7 because it was incompatible with mailboxes that contain a dot, e.g. 9 | ``isabell.hacker@something.org``. This is now fixed. Documentation and an 10 | announcement will follow. 11 | 12 | Fixed 13 | ----- 14 | 15 | * When we do not know a domain, we display a helpful "sorry, unknown domain. 16 | here is how you add it" page. This page doesn't have a valid certificate, 17 | but HTTPS was still enforced. The page can now also be opened using HTTP. 18 | * ``MX`` records can be in any case, i.e. ``10 TUTTLe.uberspace.DE`` is now 19 | considered valid. 20 | * The default "there is no content" page is no longer shown, if there is a 21 | ``index.php`` providing content. In the past the ``index.html`` added by us 22 | was considered more important by httpd. We now add a ``nocontent.html``, which 23 | is always queried last. 24 | 25 | Changed 26 | ------- 27 | 28 | * ruby 2.4 users have been migrated to version 2.7. 29 | * nodejs 13 users have been migrated to version 14. 30 | * The 500 Internal Server Error page now shows information on how to disable it. 31 | * Updated HTTPS ciphers and settings to match current mozilla recommendations. 32 | 33 | Internal 34 | -------- 35 | 36 | * Removed an unused 3rd-party YUM repo 37 | * We continued to restructure our repository to split it up into smaller 38 | modules in the future. This will enable us to make quicker releases in the 39 | future. 40 | -------------------------------------------------------------------------------- /source/changelog/2020-10-14_7.7.9.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * `python v3.9 `_ 5 | * `tig `_ 6 | 7 | Fixed 8 | ----- 9 | 10 | * Apache workers are now restarted after a number of requests to ensure the web 11 | sever's RAM usage does not grow unreasonably fast. This increases stability 12 | overall. 13 | 14 | Internal 15 | -------- 16 | 17 | * PHP errors for accounts were logged globally by accident. They are now never 18 | logged globally. But still user-local, if the user enables them. 19 | -------------------------------------------------------------------------------- /source/changelog/2020-11-17_7.7.10.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * `mg `_: a tiny Emacs-like editor 5 | * ``numactl`` command to please MongoDB 6 | * modern TLS settings for POP3/IMAP/SMTP-SUBMIT (reverted because they block 7 | connections from thunderbird) 8 | * ``opus``, ``opus-tools``, and ``opus-devel`` 9 | * many fonts to support non-western scripts 10 | 11 | Fixed 12 | ----- 13 | 14 | * MariaDB backups now includestored routines 15 | * ``table_definition_cache`` is now ``20000`` to meet friendica's requirements 16 | * The SMTP connection limit introduced in v7.7.7 now actually works. 17 | * ``$user.uber.space`` is now correctly displayed in ``uberspace mail domain list`` 18 | * ``uberspace * domain list`` output is now sorted 19 | 20 | Internal 21 | -------- 22 | 23 | * Log rotation is now randomized to happen between 4 and 5 am. The time is 24 | constant for each host, so they are always rotated at the same time for a 25 | given host. This reduces the IO load on our storage and therefore improves 26 | performance and reliabilty at night. 27 | * Prometheus' node_exporter can now be monitored by our icinga2 setup, leading 28 | to more complete graphs for us and better performance for you. 29 | * Sometimes our internal CI amassed a lot of temporary DNS records, which 30 | exceeded the quota of our DNS provider, griding our CI and development to a 31 | halt. The records are now purged reguarly. 32 | -------------------------------------------------------------------------------- /source/changelog/2020-12-01_7.8.0.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * Support for managed Sieve 5 | * Mails from spam folder are now auto-expunged after 30 days. 6 | * Add special RFC 6154 folders to Dovecot config, so mail clients detect trash, 7 | spam, and other default folders automatically. 8 | 9 | Changed 10 | ------- 11 | 12 | * We now keep logs for incoming mails for 10 days instead of one day to aid 13 | debugging of missing mails in support. 14 | * System logs are now kept for one to two days, instead of just one. 15 | * The default values of ``max_execution_time`` and ``max_input_time`` are now 16 | 90 seconds and 60 seconds respectively, to free up stuck php-fpm workers more 17 | quickly. Higher values can be set using a config file in ``~/etc/php.d``. CLI 18 | invocations like cronjobs are not affected. 19 | 20 | Internal 21 | -------- 22 | 23 | * MySQL backups are now monitored, alerting us when the process stops working. 24 | * Optimized log output of our scripts, so we can keep the useful logs for 25 | longer. 26 | * Instead of reloading nginx after log rotation, we now call ``nginx -s reopen`` 27 | to reduce load spikes and thus increase reliability. 28 | * We now run fstrim regularly to free unused storage in our ceph cluster. This 29 | enables us to use it more efficiently. 30 | -------------------------------------------------------------------------------- /source/changelog/2020-12-22_7.8.1.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * Support for `R `_ and 5 | `CRAN packages `_. 6 | 7 | 8 | Changed 9 | ------- 10 | 11 | * Increased the **Rspamd** reject score to ``15`` (up from ``10``). 12 | 13 | * Reduced the **Rspamd** score for ``INVALID_RCPT_8BIT`` to ``3`` (down from 14 | ``6``). 15 | 16 | * We limit the *Spam Assassin* rules we use with **Rspamd** to 17 | `ZMI `_. 18 | 19 | * Deprecated **PHP** ``7.2``. It will be removed early next year. 20 | 21 | * We added a connection timeout on port 587 (hard capped at two hours, or one 22 | hour for idle connections). Our SMTP submit queue suffered from lingering 23 | connections, we hope this helps to mitigate it. 24 | 25 | * The output of ``uberspace mail domain add`` now ends domain names with a dot 26 | (``.``). We hope this helps avoiding situations, where it could otherwise be 27 | interpreted as *relative to an origin* (this mostly effects c/p to *bind* 28 | configurations, but also some web based GUIs). 29 | 30 | Internal 31 | -------- 32 | 33 | * We migrated a lot of hosts to SSD storage. 34 | 35 | * *fstrim* now runs about weekly on the hosts. Concrete times are distributed 36 | randomly, to minimize the impact on the cluster. 37 | 38 | * While creating SQL backup dumps, we now log and monitor *MariaDB* errors. 39 | 40 | * We moved the *Rspamd* logs out of the journal (for now). This allows us to 41 | have a longer retention policy for those, while still keeping them pretty 42 | verbose. We will fine tune our Spam filtering over the next releases, so this 43 | might come in handy. 44 | -------------------------------------------------------------------------------- /source/changelog/2021-01-25_7.9.0.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * PHP 8.0 5 | * Ruby 3.0 6 | * InfluxDB and ``telegraf`` 7 | * PostgreSQL 8 | * CouchDB 9 | * MongoDB 10 | * .NET 5.0 11 | * ``gobject-introspection-devel``, ``pango-devel``, ``ripgrep``, ``bat``, 12 | ``asciidoc``, ``ledger`` 13 | 14 | Changed 15 | ------- 16 | 17 | * legacy URLs like ``adminer.``, ``pma.``, and ``webmail.host.uberspace.de`` 18 | redirect to their global counterparts (e.g. https://webmail.uberspace.de) 19 | * removed PHP 7.2 20 | * removed .NET 2.0 and 2.2 21 | * httpd is now allowed to read files with ``user_home_t`` SELinux labels. This 22 | fixes usability issues because of files removed from home. It also enables 23 | CGI scripts to access libraries installied in ``$HOME/.local`` and similar. 24 | There is still no official support for CGI, though. 25 | 26 | Fixed 27 | ----- 28 | 29 | * tmux sessions no longer break after some time. We mistakenly removed them from 30 | ``/tmp`` automatically and now leave them be. 31 | * MySQL backups sometimes (1 or 3 databases in total on _all_ hosts) fail, so we 32 | now retry them once. This increases the reliability of the provided backups 33 | and silences our monitoring. 34 | * Sieve configuration files no longer show up as folders in mail clients. 35 | 36 | Internal 37 | -------- 38 | 39 | * We migrated additional hosts to SSD storage. 40 | * Add a test for redis. 41 | * Add monitoring check for failed user services. This way we will notice, if 42 | your supervisord or php-fpm fail. 43 | * Add monitoring check for individual MySQL backups. Monitoring for the backup 44 | process as a whole was already present. 45 | -------------------------------------------------------------------------------- /source/changelog/2021-03-04_7.10.0.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * updated Java to 15 5 | * each users CPU usage is now limited to 6 cores, improving stability. 6 | * ``pecl-mailparse`` 7 | * HEIC support for ImageMagick 6, and by extension PHP 8 | 9 | Changed 10 | ------- 11 | 12 | * recommended SPF record is now ``include:spf.uberspace.de`` so we can reoute 13 | mails more easily. The current records prevents us from relaying mails through 14 | another server temporarily. 15 | * to be consistent with our advice to use ``.uber.space`` domains for mail, 16 | ``user.host.uberspace.de`` is now no longer part of ``mail domain list``. 17 | * ``uberspace mail domain add`` now explains that the trailing dot in MX records 18 | is correct, but not necessary or possible to enter in many DNS interfaces. 19 | * rspamd's ``FORGED_RECIPIENTS`` test now adds fewer points to the spam score 20 | to counter many reported false-positive. 21 | 22 | Fixed 23 | ----- 24 | 25 | * RAM limits for users were not applying consistently, leading to outages in the 26 | recent past. We now apply the limits ourselves instead of relying on systemd, 27 | increasing stability in the future. 28 | * Sometimes systemd failed to reload nginx, leading to new domains not being 29 | available. We now use the nginx tooling directly instead of relying on 30 | systemd's ``$MAINPID`` variable, hopefully fixing this. 31 | * MySQLs temporary files are now written to SSDs on all hosts, increasing 32 | performance for big queries that don't fit into RAM. 33 | 34 | Internal 35 | -------- 36 | 37 | * there is a dummy ``uberspace-letsencrypt-renew`` script, which does nothing. 38 | Many U6 users leave their let's encrypt cronjob in place, even though U7 does 39 | not need one. The resulting cron error mails confuse users, which increases 40 | our support volume. The dummy script automates those cases. 41 | * we rewrote the playbook, which updates MariaDB, enabling updates to 10.4 and 42 | 10.5 in the future. 43 | * some hosts have additional SSD devices for yum, rpm and the systemd journal. 44 | Since we are moving all hosts to SSDs, these are not necessary anymore. We 45 | wrote a playbook to remove them in the future, making all hosts consistent 46 | again. 47 | * we now detect and automatically ban more mining tools. 48 | * MySQL backups now only happen for databases, which changed since the last 49 | backup. This reduces the system load at night and further increases storage 50 | performance and stability. 51 | -------------------------------------------------------------------------------- /source/changelog/2021-04-20_7.11.0.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | - *HEIC support* for *ImageMagick* v6 (already installed for v7). 5 | - Mod *FastCGI* for *Lighttpd*. 6 | - *WebP* tooling via ``libwebp-tools``. 7 | 8 | Updated 9 | ------- 10 | 11 | - We now use the official RPM repo for *Dovecot*, jumping to version ``2.3.14``. 12 | 13 | Changed 14 | ------- 15 | 16 | - We now use TLS v1.2 as minimum version for connections to *Dovecot*. 17 | - We switched the format of our web server logs from ``COMBINED`` to ``VCOMBINED`` (i.e. added ``$host`` as first field). This changes the format of ``~/logs/webserver/access_log``. 18 | 19 | Fixed 20 | ----- 21 | 22 | - If ``--remove-prefix`` option for **web backends** used for a path not ending in a slash, the prefix was not removed. 23 | 24 | Internal 25 | -------- 26 | 27 | - Updated *node exporter* to ``v1.1.2``. 28 | - We now log full HTTP client IP addresses for 24 hours for internal abuse and spam handling. Weekly and user logs still use anonymized IPs only. 29 | -------------------------------------------------------------------------------- /source/changelog/2021-05-03_7.11.1.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | - *Node.js* v16. 5 | - ``inotify-tools`` 6 | 7 | Changed 8 | ------- 9 | 10 | - We changed the format of the **user access log** (again) and added the port 11 | after the host. Now the format should be compatible with ``VCOMBINED`` / 12 | ``NCSA with VHOST`` parsers, e.g. *GoAccess*. E.g.:: 13 | 14 | isabell.uber.space:443 10.132.0.0 - - [28/Apr/2021:16:10:23 +0000] 15 | "GET /hello/world.php HTTP/1.1" 200 42 "-" "HTTPie/0.9.4" 16 | 17 | - When adding **mail domains**, we priviously only accept domains, whose MX 18 | record points to the FQDN of the host. Now we also accept domains whose ``MX`` 19 | record points to a domain, whose ``A`` record resolves to the host. 20 | 21 | Fixed 22 | ----- 23 | 24 | - Our new **Dovecot** does not play well with *qmail* (*qmail* masks 25 | ``SIGCHLD``, Dovecot does not unmasks it). Until this is fixed upstream, we 26 | added a workaround. 27 | 28 | Internal 29 | -------- 30 | 31 | - We added more fields to our internal access log. 32 | -------------------------------------------------------------------------------- /source/changelog/2021-06-15_7.11.3.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | - Support for the `editheader` capability for *Sieve*. 5 | - PHP's `phpize` to the `$PATH`. 6 | 7 | Changed 8 | ------- 9 | 10 | - *Dovecot* now ignores a size mismatch between the mail file on disk and the 11 | size given in its filename. This should prevent errors, occurring when 12 | something changes the mail after it was delivered (e.g. writing an extra 13 | header to it, like *CRM114*). 14 | -------------------------------------------------------------------------------- /source/changelog/2021-08-19_7.11.4.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | - We added a rate limit of *10 requests/sec* for two common **Wordpress** paths: 5 | ``~.*/wp-login.php`` and ``~.*/xmlrpc.php``. These are (*for now*) based on 6 | ``$server_name`` only. (This was already rolled out via hotfix some weeks 7 | ago)… 8 | 9 | - We now use a a stricter rate limit of *30 requests/min* for these request. 10 | This is subject to ongoing tweaking and will probably be reduced further in 11 | the future (and based also on IP). 12 | 13 | - We now accept strict TLS connections for SMTP relaying on port ``465``. 14 | 15 | - Added `Erlang `_ OTP ``24`` (along with recent 16 | versions for ``21``, ``22`` and ``23``). 17 | 18 | - `Elixir `_ was updated too, for the OTP version 19 | mentioned above. 20 | 21 | - The ``npx`` binary for **Node.js** is now exposed, based on your selected 22 | version. 23 | 24 | - The ``php-config`` binary for **PHP** is now exposed, based on your selected 25 | version. 26 | 27 | Changed 28 | ------- 29 | 30 | - We now limit the number of recipients for SMTP relaying to 100. 31 | 32 | - We now actually limit the max size for mails to 25 MB. (This is stated in our 33 | `community rules `_ for a long time, 34 | but we had not yet enforced it on U7). 35 | 36 | - The ``uberspace mail domain list`` command now displays ``DNS INVALID`` next 37 | to unverified mail domains (along with the time of the last check). While 38 | the tool responsible for checking these runs around every 30 seconds, failed 39 | MX checks will be retried at most every 3 minutes. 40 | 41 | - We now rotate ``/var/log/wtmp`` daily (default was by size) and set the 42 | retention period to 7 days. 43 | 44 | - We now delete TLS certificates immediately after removal of domains / accounts 45 | (before they where *"garbage collected"* eventually). 46 | 47 | - We increased some Pigeonhole settings for **Sieve**: ``sieve_max_redirects`` 48 | (up to 20 form 4) and ``sieve_max_actions`` (up to 64 form 32). 49 | 50 | - `nano `_ is now the default editor set by shell 51 | profile via ``$EDITOR`` and ``$VISUAL``. 52 | 53 | - ``/opt/nginx/conf/mime.types`` is now world-readable (i.e. you can include 54 | it in your own settings). 55 | 56 | Removed 57 | ------- 58 | 59 | - Removed **Python** ``3.4`` and ``3.5``. 60 | 61 | - Deprecated **Node.js** ``v10``. Will be removed soon. 62 | 63 | Fixed 64 | ----- 65 | 66 | - **PHP** now uses a per-user session save path 67 | (``/var/lib/php-sessions/{{account}}/``) to allow garbage collection. Before 68 | this change, garbage collection failed because of missing permissions. 69 | 70 | - We added our self compiled **Python** ``3.9`` to the ``$CPATH`` via shell 71 | profile. So you no longer have to do that manually before installing 72 | compiled packages (e.g. ``uwsgi``). 73 | -------------------------------------------------------------------------------- /source/changelog/2021-10-13_7.11.5.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | - Added `fzf `_. 5 | - Added `fd `_. 6 | - Added `XeTeX `_. 7 | - The ``pear`` binary for **PHP** is now exposed, based on your selected version. 8 | 9 | Changed 10 | ------- 11 | 12 | - We now expose envelope ``recipient`` and ``sender`` to **Sieve**. 13 | 14 | - We now grant you direct access to your **PHP FPM** socket at ``/run/php-fpm-{username}.sock`` (e.g. so you can use it from your own proxy). 15 | 16 | - We now link your *userfacts* (i.e. your asteroid specific settings) to ``~/etc/userfacts`` for easier access. 17 | 18 | - We now link your *Nginx* configuration to ``/readonly//nginx.conf`` for easier access. 19 | 20 | - We now link your *Apache httpd* configuration to ``/readonly//httpd.conf`` for easier access. 21 | 22 | - We now show you the path to the affected log file, when you use ``uberspace web log ...``. 23 | 24 | - The info page for *disabled accounts* now shows a link to the dashboard. 25 | 26 | - The info page shown for *unknown domains* (shown when you point a domain to the host, but you missed setting it with ``uberspace web domain add ...``), now mentions the hostname. 27 | 28 | - We now also show the page for an *unknown domain*, when a non empty path is requested (before this would result in a 404). 29 | 30 | Removed 31 | ------- 32 | 33 | - We removed **NodeJS** ``10`` (in was already deprecated in the `last release <./2021-08-19_7.11.4>`_). 34 | 35 | Fixed 36 | ----- 37 | 38 | - In `7.11.4 <./2021-08-19_7.11.4>`_ we added our self compiled **Python** ``3.9`` to the ``$CPATH``. The way we handled it added the current directory (i.e. ``.``) too, when `$CPATH` was empty. That could lead to all kinds of problems when compiling and is now fixed. 39 | -------------------------------------------------------------------------------- /source/changelog/2021-12-13_7.12.hotfix.rst: -------------------------------------------------------------------------------- 1 | Changed: 2 | -------- 3 | 4 | * we reset the maillimit to 500/h 5 | -------------------------------------------------------------------------------- /source/changelog/2021-12-13_7.12.rst: -------------------------------------------------------------------------------- 1 | 🎄 Santa is coming to town 2 | 3 | Added 4 | ----- 5 | * 🎁 you can now train the SPAM filter by moving mails to or out of the SPAM folder 6 | * 🎁 we now inform by email you when your quota is full or almost full 7 | * 🎁 we added PHP 8.1 8 | * 🎁 we include our own ImageMagick v7 with support for AVIF / HEIC 9 | * 🎁 provide ``sha3sum`` and ``liblua`` 10 | * 🎁 We now provide prolog for all your computational linguistics needs 11 | 12 | Changed 13 | ------- 14 | * 🎁 we switched our outgoing mail server to haraka 15 | * 🎁 we set the maillimit to 60/h instead of 500/h to combat SPAM 16 | * 🎁 your new IMAP folders are now subscribed automatically in mail clients 17 | * 🎁 we implemented the Mozilla TLS recommendations for IMAP/POP3/SMTP-587 18 | 19 | Fixed 20 | ----- 21 | * 🎁 .NET package bailed because of cache 22 | * 🎁 we fixed a problem with resolv.conf from active Network Manager 23 | * 🎁 SQL backup dumps were deleted too early in an edge case, we fixed that 24 | * 🎁 SMTP rate limit now tells you the correct error message in the SMTP dialogue 25 | * 🎁 Explicitly put CA list into ``php.ini`` 26 | * 🎁 fail soft when running ``uberspace mail user list`` without ``~/users`` 27 | -------------------------------------------------------------------------------- /source/changelog/2022-02-16_7.12.1.rst: -------------------------------------------------------------------------------- 1 | 💌 We've been busy to hand craft you a nice litte release which is mainly about tweaking our new outgoing mail server Haraka and combating SPAM. If you had issues with SMTP since U7.12 this one is for you. 2 | 3 | Added 4 | ----- 5 | * A `Sieve editor `_ in our webmail. 6 | * Dotnet 6 7 | * MongoDB 5 8 | * Commandline Tools: ``as-tree``, ``skim``, ``bottom``, ``elinks``, ``links``, ``alpine``, ``git-lfs``, ``bash-completion-extras`` 9 | * PHP Modules: ``php-gnupg`` 10 | * Lots of lots of lots of metrics to play with in the future. 11 | 12 | Changed 13 | ------- 14 | * SMTP rate limits: 500/1h for SMTP with auth and 60/h for sendmail 15 | * Add ``~all`` to suggested TXT record for mail domains 16 | * Remove anti-fast-talker delay from Haraka config for SMTP submit 17 | * Decrease Rspamd score for ``SPOOF_REPLYTO``` 18 | * Decrease Rspamd score for ``SUBJ_EXCESS_BASE64`` 19 | * Increase Rspamd score threshold for SMTP submit 20 | * Disable spam filtering for outgoing mails 21 | * Anonymyze ``Received`` header inbound and outbound 22 | * Remove MongoDB 3.6 because it's end of life since April 2021 23 | * Deprecated PHP 7.3 24 | 25 | Fixed 26 | ----- 27 | * A missing symlink ``/usr/local/bin/dotnet`` 28 | * A Dovecot reboot issue 29 | * ``restrictdocroot.so`` for PHP 8.1 30 | * MySQL backup for DBs with hyphens in their name 31 | * No more `auth-imap` timeouts 32 | * `postfix` clients for SMTP now work with our new mail setup 33 | * Symlink old ImageMagick to our new one 34 | -------------------------------------------------------------------------------- /source/changelog/2022-05-23_7.12.2.rst: -------------------------------------------------------------------------------- 1 | 🌱 Spring cleaning: this release we were mostly busy updating and polishing internals, e.g. our CI pipeline and container images. We also took first steps towards a new metric and alerting system. Nonetheless we also have a couple of user facing features for you. 2 | 3 | Added 4 | ----- 5 | * Python ``3.10`` and a preview for ``3.11``. 6 | * New tools: ``ranger``, ``oauth2-proxy``, ``mtail`` and ``chromium-headless``. 7 | * Even more metrics to play with in the future. 8 | 9 | Fixed 10 | ----- 11 | * *Sieve vacation autoreplies* should now work. You can see `our mail filter documentation `_ for an updated example. 12 | * When you authenticate with SMTP, we implement penalties for failed attemps (further ones are delayed). Because our authentication backend used the proxy's IP (which is the same for all users), not the one for your connection, you could be affected by penalties caused by other user's failed login attemps. This is now fixed. 13 | * You can now use the *ErrorDocument* directive in ``.htaccess`` files. 14 | * *Dovecot* can now correctly handle mailboxes containing colons (``:``), i.e. automatically clean their spam folder. 15 | -------------------------------------------------------------------------------- /source/changelog/2022-07-14_7.12.3.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * new command: ``uberspace web traffic`` to check the used web traffic. 5 | 6 | Changed 7 | ------- 8 | 9 | * we now reject mail where the IP/rDNS or HELO name do not match. 10 | -------------------------------------------------------------------------------- /source/changelog/2022-08-08_7.13.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * provide `espeak` 5 | * support for `you+someforum@example.org`-style plussed mail addresses 6 | 7 | Fixed 8 | ----- 9 | 10 | * various stability and performance improvements for ``uberspace web traffic`` 11 | * handling of mail addresses with dots using `uberspace mail` 12 | 13 | Changed 14 | ------- 15 | 16 | * changes to make deployments faster by not copying all let's encrypt certs on 17 | every deployment. 18 | * fully removed spamdyke, in favor of haraka/rspamd 19 | * removed cityfan YUM repository 20 | -------------------------------------------------------------------------------- /source/changelog/2022-11-21_7.14.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | - *Erlang/OTP* version ``25``. 5 | - *Ruby* version ``3.1``. 6 | - *MongoDB* ``6``. 7 | - Development files for *lua* ``5.3``. 8 | - New tools: ``cmake3``, ``gojq``, ``gum``, ``ldapvi``, ``oauthtool``, ``pdftk``, ``s3cmd``, ``usql``. 9 | 10 | Changed 11 | ------- 12 | 13 | - We disabled the penalty system in *Dovecot*, which should result in faster ``SMTP AUTH`` connection times. 14 | - If a `user service `_ is missing a ``startsecs`` setting, we add ``startsecs=30``, to prevent endless loops, caused by broken services. 15 | - ``rust-analyser`` is now part of the "user versioned tools", meaning you can run it, without using the full path to the executeable. 16 | - Updated *htop* to ``3.2``. 17 | - The default *PHP* version was increased to ``8.1``. 18 | 19 | Deprecated 20 | ---------- 21 | 22 | - The Rust language server ``rls`` is `deprecated `_ (but the ``rust-analyser`` is availabel). 23 | - *Ruby* ``2.5`` and ``2.6``. 24 | - *MongoDB* ``4``. 25 | -------------------------------------------------------------------------------- /source/changelog/2022-11-29_7.14.1.rst: -------------------------------------------------------------------------------- 1 | Changed 2 | ------- 3 | 4 | - In preparation for the pending deprecation of *PHP* ``7.4`` (probably in the next Uberspace release, scheduled for December), we set the PHP version for everyone running ``7.4`` to ``8.0``. 5 | Until we roll out the deprecation you can still `move back manually `_, (i.e. to fix things and prepare for the version update). 6 | -------------------------------------------------------------------------------- /source/changelog/2023-01-23_7.15.rst: -------------------------------------------------------------------------------- 1 | DKIM 2 | ---- 3 | 4 | We now create a DKIM key for your account, which you can use with all your `mail 5 | domains `_. You get the neccesary information for your DNS 6 | records when adding a new domain, or via the new ``uberspace records list`` 7 | command. You can check our `Spam protection article `_ 8 | for some additional information. 9 | 10 | PHP 7.4 11 | ------- 12 | 13 | *PHP* ``7.4`` has reached `its end of life last year 14 | `_. This means we will eventually 15 | remove it. And you should switch to an officially supported version as soon as 16 | possible (e.g. ``8.0``, ``8.1`` or ``8.2``). 17 | 18 | Added 19 | ----- 20 | 21 | - *PHP* ``8.2`` (`release notes `_) 22 | - *Node.js* ``18`` (`release notes `_) 23 | - *Node.js* ``19`` (`release notes `_) 24 | - *.Net* ``7`` (`release notes `_) 25 | - *Postgres* ``14`` (`release notes `_) 26 | - *Postgres* ``15`` (`release notes `_) 27 | 28 | Deprecations 29 | ------------ 30 | 31 | - We decided not to deprecate *PHP* ``7.4`` just yet. To detect possible 32 | problems we just switched all users still on ``7.4`` to version ``8``. You can 33 | manually change the version back with ``uberspace tools version use php 7.4``. 34 | 35 | Removed 36 | ------- 37 | 38 | - *MongoDB* ``4.0`` 39 | - *Ruby* ``2.5`` 40 | - *Ruby* ``2.6`` 41 | -------------------------------------------------------------------------------- /source/changelog/2023-04-05_7.15.1.rst: -------------------------------------------------------------------------------- 1 | Since yesterday a little release slipped through our fingers onto the servers, beside the final removement 2 | of PHP7.4 there are some minor additions to your Asteroids. 3 | 4 | Because our main focus now lies on the development of the `next `_ 5 | Uberspace generation, our release cycle in U7 could evolve to a more frequent but smaller feature set. We'll 6 | see how it all comes together in the coming period. 7 | 8 | PHP 7.4 removal 9 | --------------- 10 | 11 | We have now removed the outdated PHP 7.4 version from our servers. All users who reverted to version 8.0 after 12 | the deprecation period have now been permanently migrated. 13 | 14 | MariaDB updates 15 | --------------- 16 | 17 | The MariaDB updates we implemented within the last weeks on all hosts are finished now and all instances were 18 | updated to version `10.6 `_. 19 | 20 | Changed 21 | ------- 22 | 23 | - ``mytop`` came with the newer MariaDB versions and is available now as an alternative to ``mtop`` 24 | - the nice editor ``ne`` is now available 25 | - ``kitty`` terminals should now work since we added the necessary terminfo mail-filters 26 | - we changed the backup time for mysql databases from ``02:00`` to ``01:59``. You may now fiddle out why this is a much better idea and why we had a lot of alarms for missing backups on a sunday a week and a half before ;-) 27 | -------------------------------------------------------------------------------- /source/changelog/2023-06-05_7.15.2.rst: -------------------------------------------------------------------------------- 1 | 2 | 3 | Added 4 | ----- 5 | 6 | - We added ``msmtp`` so you can easily switch sending mails over SMTP instead of sendmail. This will give you all the benefits of real mailboxes like DKIM signed mails. 7 | - NodeJS 20 is now available for you. 8 | 9 | Changed 10 | ------- 11 | 12 | - We now have a stricter mail outgoing limit for new accounts. Until the first cash top-up, you will only be able to send ``5mails/60min``. 13 | - The limit for all other outgoing mails has been set to ``200mails/60min`` according to our houserules. 14 | - We now reject *outgoing* mails with a high spam score. 15 | 16 | Deprecations 17 | ------------ 18 | 19 | - NodeJS 12+14 will be no longer selectable. They will be completely removed in the end of June. 20 | - NodeJS 19 will soon be deprecated, please switch to the now added NodeJS 20. 21 | - Ruby 2.7 will soon be deprecated, please switch to newer versions. 22 | -------------------------------------------------------------------------------- /source/changelog/2023-06-19_7.15.3.rst: -------------------------------------------------------------------------------- 1 | 2 | 3 | Added 4 | ----- 5 | 6 | - We added ``lsd`` so you can `tune up `_ your ``ls`` command. 7 | - We added the ``helix`` editor. 8 | - We added ``pgvector`` for the postgres versions 12-15. 9 | 10 | Changed 11 | ------- 12 | 13 | - We increased the ``inotify max user watches`` limit by 10 times so it is now on ``81920``. 14 | - We fixed a bug where the new ``financed`` state for ratelimiting mails was not working correctly with sieve redirects. 15 | -------------------------------------------------------------------------------- /source/changelog/2023-08-14_7.15.4.rst: -------------------------------------------------------------------------------- 1 | The following changes will be rolled out until the end of this week: 2 | 3 | 4 | Added 5 | ----- 6 | 7 | - We added ``sd`` as a `sed alternative `_. 8 | - We added ``dust`` as a `du alternative `_. 9 | - We added ``broot`` as a `ls alternative `_. 10 | - We added ``gopass``. 11 | - We added ``unbound-devel`` so apps like ``luarocks`` can compile against ``unbound-libs``. 12 | 13 | Changed 14 | ------- 15 | 16 | - We fixed a bug in the ``sqlite`` installation, so the PHP-FPM uses the latest available version. 17 | - We updated the ``fish-shell`` to version 3. 18 | 19 | Removed 20 | ------- 21 | 22 | - We now removed ``Node.JS 12 + 14`` completely after a process of deprecation. 23 | 24 | Deprecations 25 | ------------ 26 | 27 | - ``Node.JS 16`` will be deprecated from 04.09.2023 on and removed one month later. 28 | - ``Node.JS 19`` will be deprecated from 04.09.2023 on and removed one month later. 29 | - ``Ruby 2.7`` will be deprecated from 04.09.2023 on and removed one month later. 30 | -------------------------------------------------------------------------------- /source/changelog/2023-12-11_7.15.8.rst: -------------------------------------------------------------------------------- 1 | The following changes will be rolled out until the end of this week: 2 | 3 | 4 | Added 5 | ----- 6 | 7 | - We added ``parallel`` `(info) `_ 8 | - We added ``tailspin`` as a `tail alternative `_ 9 | - We added ``Ruby 3.2`` 10 | 11 | Changed 12 | ------- 13 | 14 | - Prepend Haraka ``Received`` instead of appending to comply with `RFC 2821 `_ 15 | - We globally restrict web access to ``.git`` folders and ``*.swp`` files. 16 | 17 | Removed 18 | ------- 19 | 20 | - We removed ``Node.JS 19`` completely after a process of deprecation. 21 | 22 | Deprecations 23 | ------------ 24 | 25 | - ``Node.JS 16`` is deprecated and will be removed in january 2024. 26 | - ``Ruby 2.7`` is deprecated and will be removed in january 2024. 27 | -------------------------------------------------------------------------------- /source/changelog/2024-01-08_7.15.9.rst: -------------------------------------------------------------------------------- 1 | The following changes will be rolled out until the end of this week: 2 | 3 | 4 | Added 5 | ----- 6 | 7 | - We added ``Erlang 26`` as a new selectable version. 8 | - We added development headers ``mosquitto-devel`` ``libsodium-devel`` ``libconfig-devel`` ``lmdb-devel`` 9 | - We added ``powershell`` as a shell `alternative `_ 10 | - We added ``xmlsec1`` 11 | 12 | Changed 13 | ------- 14 | 15 | - We removed some SSH ciphers to mitigate the `terrapin `_ vulnerability. 16 | 17 | Removed 18 | ------- 19 | 20 | - We removed ``Node.JS 16`` completely after a process of deprecation. 21 | - We removed ``Ruby 2.7`` completely after a process of deprecation. 22 | 23 | Deprecations 24 | ------------ 25 | 26 | - ``PHP 8.0`` has been migrated to ``8.1``, you may switch back until february before we deprecate. 27 | - ``Postgres 10``, ``Postgres 11`` are deprecated. 28 | -------------------------------------------------------------------------------- /source/changelog/2024-02-16_7.15.10.rst: -------------------------------------------------------------------------------- 1 | This week we rolled out only a little user facing changes: 2 | 3 | 4 | Added 5 | ----- 6 | 7 | - We added ``PHP 8.3`` 8 | 9 | Deprecations 10 | ------------ 11 | 12 | - ``PHP 8.0`` has been been deprecated and is no longer selectable in the version list. It will be removed completely next month 13 | -------------------------------------------------------------------------------- /source/changelog/2024-03-01_7.15.11.rst: -------------------------------------------------------------------------------- 1 | 🌱 Spring is here 🌱 2 | 3 | While we are working at full speed on Uberspace 8, we are of course also finding time to develop for Uberspace 7. Outside the first crocuses are sprouting, inside the pipeline is rolling out the freshest update: 4 | 5 | Added 6 | ----- 7 | * new packages: ``poppler-glib-devel``, ``giflib-devel`` 8 | 9 | Changed 10 | ------- 11 | * PHP 8.3 is now default 12 | * mail: raise ``mail_max_userip_connections`` from 20 to 50 13 | * mail: sign more headers with DKIM ``from:to:cc:subject:date`` 14 | 15 | Fixed 16 | ----- 17 | * with our last release we forgot some extensions for PHP 8.3: ``php-sodium``, ``php-pecl-decimal``, ``php-pecl-gnupgadd``. 18 | -------------------------------------------------------------------------------- /source/changelog/2024-04-10_7.15.14.rst: -------------------------------------------------------------------------------- 1 | Features 2 | -------- 3 | * You may now use "minussed" mailaddresses like ``mailbox-ebay@example.com``. This makes it easier to migrate mailaddresses from ``.qmail`` configurations (we already provide the more common format ``mailbox+ebay@example.com``). (THIS FEATURE HAS BEEN REVERTED ONE WEEK AFTER) 4 | * We run a hourly healthchecks on the userspaces to kill stucked PHP Worker processes. We will notify you by mail and add an entry to the ``php_error`` log. 5 | 6 | Deprecations 7 | ------------ 8 | * PHP 8.0 has been completely removed from our systems 9 | * Users using Ruby3.0 have been migrated to Ruby3.1. We will disable the outdated version 3.0 one month later. 10 | -------------------------------------------------------------------------------- /source/changelog/2024-04-17_7.15.14.1.rst: -------------------------------------------------------------------------------- 1 | Revert mail subaddressing with ``-`` 2 | ------------------------------------ 3 | * Unfortunately we had to roll back the mail feature from last week, that allowed you to use "minussed" mailaddresses in the standard mail setup. We encountered several problems with the combined use of ``+`` and ``-`` delimiters for subaddressing. 4 | -------------------------------------------------------------------------------- /source/changelog/2024-05-08_7.15.15.rst: -------------------------------------------------------------------------------- 1 | Features 2 | -------- 3 | * New command ``uberspace migration qmail status|check`` that helps you to check and fix your outdated qmail configurations. Also see the `manual page `_ for more details. 4 | 5 | Changes 6 | -------- 7 | * For ``uberspace mail user forward`` the command now only allows full qualified mailaddresses. This was already the documented standard. 8 | 9 | Deprecations 10 | ------------ 11 | * Ruby 3.0 has been disabled and can no longer be selected. 12 | -------------------------------------------------------------------------------- /source/changelog/2025-04-16_7.16.7.rst: -------------------------------------------------------------------------------- 1 | Features 2 | -------- 3 | * Ruby 3.3 (already since september '24) 4 | * Ruby 3.4 (already since januar '25) 5 | * PHP 8.4 (already since february '25) 6 | * Tools: ``stow``, ``texlive-makecell``, ``texlive-multirow`` (already since march '25) 7 | * NodeJS 22 8 | 9 | Changes 10 | ------- 11 | * Fix envelope sender for forwarded mails 12 | * Fix certs for domains requested with uppercase letters -------------------------------------------------------------------------------- /source/changelog/README: -------------------------------------------------------------------------------- 1 | Each file in this directory becomes one changelog entry. The files must be in 2 | the format of `YYYY-MM-DD_VERSION.rst` (e.g. `2018-01-01_7.0.31.rst`). Each file 3 | contains rst-code, which is rendered to the documentation. 4 | -------------------------------------------------------------------------------- /source/changelog_archive.rst: -------------------------------------------------------------------------------- 1 | ################# 2 | Changelog Archive 3 | ################# 4 | 5 | This document contains all changes made to Uberspace 7. 6 | 7 | .. include:: includes/hotfix-version.rst 8 | 9 | {# add/edit files in source/changelog to generate new changelog entries #} 10 | {% for entry in changelog_entries %} 11 | 12 | ---- 13 | 14 | .. _v{{ entry.version }}: 15 | 16 | {{ entry.title }} 17 | {% for n in range(entry.title|length) %}*{% endfor %} 18 | 19 | {{ entry.text }} 20 | {% endfor %} 21 | -------------------------------------------------------------------------------- /source/changelog_feeds/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Uberspace/manual/d2e55f9a0ddc315c9c0f8d1e6356132ad0cb72ab/source/changelog_feeds/.gitkeep -------------------------------------------------------------------------------- /source/daemons-supervisord.rst: -------------------------------------------------------------------------------- 1 | ########### 2 | supervisord 3 | ########### 4 | 5 | We use ``supervisord`` to monitor services. A service, or daemon, is a program that starts automatically and is kept in the background. In case it quits or crashes, it is restarted by ``supervisord``. 6 | 7 | Create a Service 8 | ================ 9 | 10 | To create a new service, place a ``.ini`` file for each new service in ``~/etc/services.d/``. So if you want to add a service called my-daemon that runs an executable located at ``/home/isabell/bin/my-daemon``, place the file ``my-daemon.ini`` in ``~/etc/services.d/`` and edit it: 11 | 12 | .. code-block:: ini 13 | 14 | [program:my-daemon] 15 | command=/home/isabell/bin/my-daemon 16 | startsecs=60 17 | 18 | .. include:: includes/daemons-supervisord-reread-update.rst 19 | 20 | Start / Stop a Service 21 | ====================== 22 | 23 | .. include:: includes/daemons-supervisord-start-stop.rst 24 | 25 | 26 | Remove a Service 27 | ================ 28 | 29 | To remove a service, you need to stop it first, then you can remove it using ``supervisorctl``: 30 | 31 | .. code-block:: bash 32 | 33 | [isabell@stardust ~]$ supervisorctl stop my-daemon 34 | my-daemon: stopped 35 | [isabell@stardust ~]$ supervisorctl remove my-daemon 36 | my-daemon: removed process group 37 | 38 | List Services 39 | ============= 40 | 41 | To get an overview of your services and their current status, run ``supervisorctl status``: 42 | 43 | .. code-block:: bash 44 | 45 | [isabell@stardust ~]$ supervisorctl status 46 | my-daemon RUNNING pid 16337, uptime 0:00:04 47 | 48 | Logging 49 | ======= 50 | 51 | ``supervisord`` logs are stored in ``~/logs/``. You can use ``supervisorctl tail my-daemon`` and ``supervisorctl tail my-daemon stderr`` to view the log for ``my-daemon``. Type in ``supervisorctl tail`` to see available options. 52 | 53 | Further Reading 54 | =============== 55 | 56 | * Check the global config if you’re curious: ``/etc/supervisord.conf``. 57 | * Check out the `official supervisord documentation `_. 58 | -------------------------------------------------------------------------------- /source/database-couchdb.rst: -------------------------------------------------------------------------------- 1 | ####### 2 | CouchDB 3 | ####### 4 | 5 | CouchDB is a document-oriented database system. We provide binaries ready to start your own instance. 6 | 7 | Refer to the `UberLab guide `_ for details. 8 | 9 | 10 | Versions 11 | ======== 12 | 13 | Release types 14 | ------------- 15 | 16 | We provide version 3 and apply security updates on a regular basis. 17 | 18 | Standard version 19 | ---------------- 20 | 21 | If you don't select a certain version, our default will be used. We decided to 22 | default to the following version: 23 | 24 | .. code-block:: bash 25 | 26 | [isabell@stardust ~]$ uberspace tools version show couchdb 27 | Using 'couchdb' version: 3 28 | [isabell@stardust ~]$ 29 | 30 | Show available versions 31 | ----------------------- 32 | 33 | Use ``uberspace tools version list couchdb`` to show all selectable versions: 34 | 35 | .. code-block:: bash 36 | 37 | [isabell@stardust ~]$ uberspace tools version list couchdb 38 | - 3 39 | [isabell@stardust ~]$ 40 | 41 | Change version 42 | -------------- 43 | 44 | Once a new version is released, you can select it using ``uberspace tools version use couchdb ``: 45 | 46 | .. code-block:: bash 47 | 48 | [isabell@stardust ~]$ uberspace tools version use couchdb 3 49 | Selected couchdb version 3 50 | The new configuration is adapted immediately. Minor updates will be applied automatically. 51 | [isabell@stardust ~]$ 52 | 53 | Update policy 54 | ------------- 55 | 56 | We currently offer version 3 only, which is in active development. Once new versions are released, we'll provide them. 57 | -------------------------------------------------------------------------------- /source/database-influxdb.rst: -------------------------------------------------------------------------------- 1 | ######## 2 | InfluxDB 3 | ######## 4 | 5 | InfluxDB is an open-source time series database. We provide binaries ready to start your own instance. 6 | 7 | Refer to the `UberLab guide `_ for details. 8 | 9 | 10 | Versions 11 | ======== 12 | 13 | We provide the newest release and apply security updates on a regular basis. 14 | -------------------------------------------------------------------------------- /source/database-mongodb.rst: -------------------------------------------------------------------------------- 1 | ####### 2 | MongoDB 3 | ####### 4 | 5 | MongoDB is a document-oriented database system. We provide binaries ready to start your own instance. 6 | 7 | Refer to the `UberLab guide `_ for details. 8 | 9 | 10 | Versions 11 | ======== 12 | 13 | Release types 14 | ------------- 15 | 16 | We provide major releases and apply security updates on a regular basis. 17 | 18 | Standard version 19 | ---------------- 20 | 21 | If you don't select a certain version, our default will be used. We decided to 22 | default to the following version: 23 | 24 | .. code-block:: bash 25 | 26 | [isabell@stardust ~]$ uberspace tools version show mongodb 27 | Using 'mongodb' version: 6.0 28 | [isabell@stardust ~]$ 29 | 30 | Show available versions 31 | ----------------------- 32 | 33 | Use ``uberspace tools version list mongodb`` to show all selectable versions: 34 | 35 | .. code-block:: bash 36 | 37 | [isabell@stardust ~]$ uberspace tools version list mongodb 38 | - 4.2 39 | - 4.4 40 | - 5.0 41 | - 6.0 42 | [isabell@stardust ~]$ 43 | 44 | Change version 45 | -------------- 46 | 47 | You can select the version using ``uberspace tools version use mongodb ``: 48 | 49 | .. code-block:: bash 50 | 51 | [isabell@stardust ~]$ uberspace tools version use mongodb 4.2 52 | Selected mongodb version 4.2 53 | The new configuration is adapted immediately. Minor updates will be applied automatically. 54 | [isabell@stardust ~]$ 55 | 56 | Update policy 57 | ------------- 58 | 59 | We update all major versions on a regular basis. Once the `support 60 | `_ ends, the branch reaches 61 | its end of life (EOL), is no longer supported and will be removed from our 62 | servers. 63 | 64 | +--------+------------------+ 65 | | Branch | Supported Until | 66 | +========+==================+ 67 | | 4.2 | 2023-04-01 | 68 | +--------+------------------+ 69 | | 4.4 | 2024-02-01 | 70 | +--------+------------------+ 71 | | 5.0 | 2024-10-01 | 72 | +--------+------------------+ 73 | | 6.0 | 2025-07-01 | 74 | +--------+------------------+ 75 | -------------------------------------------------------------------------------- /source/database-postgresql.rst: -------------------------------------------------------------------------------- 1 | ########## 2 | PostgreSQL 3 | ########## 4 | 5 | PostgreSQL (or Postgres) is an open-source relational database. We provide binaries ready to start your own instance. 6 | 7 | Refer to the `UberLab guide `_ for details. 8 | 9 | 10 | Versions 11 | ======== 12 | 13 | Release types 14 | ------------- 15 | 16 | We provide different releases and apply security updates on a regular basis. 17 | 18 | Standard version 19 | ---------------- 20 | 21 | If you don't select a certain version, our default will be used. We decided to 22 | default to the following version: 23 | 24 | .. code-block:: bash 25 | 26 | [isabell@stardust ~]$ uberspace tools version show postgresql 27 | Using 'postgresql' version: 15 28 | [isabell@stardust ~]$ 29 | 30 | Show available versions 31 | ----------------------- 32 | 33 | Use ``uberspace tools version list postgresql`` to show all selectable versions: 34 | 35 | .. code-block:: bash 36 | 37 | [isabell@stardust ~]$ uberspace tools version list postgresql 38 | - 12 39 | - 13 40 | - 14 41 | - 15 42 | [isabell@stardust ~]$ 43 | 44 | Change version 45 | -------------- 46 | 47 | You can select the version using ``uberspace tools version use postgresql ``: 48 | 49 | .. code-block:: bash 50 | 51 | [isabell@stardust ~]$ uberspace tools version use postgresql 12 52 | Selected postgresql version 12 53 | The new configuration is adapted immediately. Minor updates will be applied automatically. 54 | [isabell@stardust ~]$ 55 | 56 | Update policy 57 | ------------- 58 | 59 | We update all versions on a regular basis. Once the `support `_ ends, the branch reaches its end of life (EOL), is no longer supported and will be removed from our servers. 60 | 61 | +--------+-------------------------+------------------+ 62 | | Branch | State | Supported Until | 63 | +========+=========================+==================+ 64 | | 12 | Active | November 2024 | 65 | +--------+-------------------------+------------------+ 66 | | 13 | Active | November 2025 | 67 | +--------+-------------------------+------------------+ 68 | | 14 | Active | November 2026 | 69 | +--------+-------------------------+------------------+ 70 | | 15 | Active | November 2027 | 71 | +--------+-------------------------+------------------+ 72 | -------------------------------------------------------------------------------- /source/database-redis.rst: -------------------------------------------------------------------------------- 1 | ##### 2 | redis 3 | ##### 4 | 5 | redis is an open source, high performance key-value database system. We provide binaries ready to start your own instance. 6 | 7 | Refer to the `UberLab guide `_ for details. 8 | 9 | Versions 10 | ======== 11 | 12 | We provide the newest release and apply security updates on a regular basis. 13 | -------------------------------------------------------------------------------- /source/database-sqlite.rst: -------------------------------------------------------------------------------- 1 | ###### 2 | SQLite 3 | ###### 4 | 5 | SQLite is an open-source, file based relational database. We provide binaries, so you can use it without installing anything. 6 | 7 | Versions 8 | ======== 9 | 10 | We provide the newest release and apply security updates on a regular basis. 11 | -------------------------------------------------------------------------------- /source/firstday-nerds.rst: -------------------------------------------------------------------------------- 1 | ########################### 2 | Your first day... for nerds 3 | ########################### 4 | 5 | If you've opened this page, you probably know already how to use a Linux account and only need a few details to get started. 6 | 7 | Websites 8 | ======== 9 | 10 | If you want to publish a website using your Uberspace, you can do so by placing your files in the Document Root, which is `/var/www/virtual/$USER/html`. For convenience, there is also a symbolic link in your home folder (`~/html`). 11 | 12 | Domains 13 | ======= 14 | 15 | You can use your own domains with your Uberspace. Please refer to the relevant :doc:`web server ` and :doc:`mail server ` articles to find out how. 16 | 17 | -------------------------------------------------------------------------------- /source/firstday-newbies.rst: -------------------------------------------------------------------------------- 1 | ############################# 2 | Your first day... for newbies 3 | ############################# 4 | 5 | Is Uberspace the right product for me? 6 | ====================================== 7 | 8 | First of all - we're glad you asked! 9 | Uberspace is a hosting platform targeted at people who want to look behind the scenes, do things we didn't anticipate and generally prefer working with a text-based console. 10 | Our objective is to not only host the content you'd like to see on the web, but to also introduce you to Linux and basic shell usage. 11 | 12 | A lot of our users started as newbies like you and enjoyed learning new things every day. 13 | We don't leave you alone: It's very important to us to help you solve any problems you might face. 14 | 15 | So, in short, Uberspace is the right product for you, if you... 16 | 17 | * want to learn things about Linux and the shell 18 | * want to bring something on the web with virtually no technical restrictions on the tools you use 19 | * don't want to have things done for you but rather appreciate help on how to do them yourself 20 | -------------------------------------------------------------------------------- /source/includes/beta-feature.txt: -------------------------------------------------------------------------------- 1 | .. warning:: 2 | 3 | This feature is quite new and still in beta. If something doesn't work the 4 | first time you try it, please allow for some additional time for us to fix it. 5 | -------------------------------------------------------------------------------- /source/includes/daemons-supervisord-reread-update.rst: -------------------------------------------------------------------------------- 1 | Afterwards, ask ``supervisord`` to look for the new ``my-daemon.ini`` file: 2 | 3 | .. code-block:: bash 4 | 5 | [isabell@stardust ~]$ supervisorctl reread 6 | my-daemon: available 7 | 8 | And then start your daemon: 9 | 10 | .. code-block:: bash 11 | 12 | [isabell@stardust ~]$ supervisorctl update 13 | my-daemon: added process group -------------------------------------------------------------------------------- /source/includes/daemons-supervisord-start-stop.rst: -------------------------------------------------------------------------------- 1 | To start a non-running service or stop a running one, use ``supervisorctl start my-daemon`` and ``supervisorctl stop my-daemon``. To restart a service, you can also use ``supervisorctl restart my-daemon``. 2 | 3 | .. code-block:: bash 4 | 5 | [isabell@stardust ~]$ supervisorctl start my-daemon 6 | my-daemon: started 7 | [isabell@stardust ~]$ supervisorctl stop my-daemon 8 | my-daemon: stopped 9 | [isabell@stardust ~]$ supervisorctl restart my-daemon 10 | my-daemon: stopped 11 | my-daemon: started -------------------------------------------------------------------------------- /source/includes/deprecation.rst: -------------------------------------------------------------------------------- 1 | .. note:: 2 | About one month before the EOL date we will notify users, who have set the specific version in their Uberspace, by email about the deprecation. 3 | Shortly after the EOL date we will migrate accounts using the outdated version to the next supported version. 4 | 5 | For about one month after the EOL date, the expired EOL version can still be manually switched back to give you time updating your software. 6 | The expired version will be completely removed one month after EOL date. 7 | 8 | -------------------------------------------------------------------------------- /source/includes/domain-dns.txt: -------------------------------------------------------------------------------- 1 | .. note:: 2 | 3 | The Domain Name System (DNS) is a directory used to look up information about a host name. It usually includes at least a so-called A record, which contains the IPv4 address assigned to this host. The AAAA record does the same for IPv6 addresses. If the domain should be able to receive e-mails, a mail exchange server is specified in the MX record. 4 | 5 | There are other types of DNS records used to specify various services for this domain. Wikipedia provides a `list `_ if you're curious. 6 | -------------------------------------------------------------------------------- /source/includes/domain-idn.txt: -------------------------------------------------------------------------------- 1 | .. note:: 2 | 3 | If you want to add or remove an `internationalized domain name (IDN) `_, please use the ASCII representation (“punycode”). For example, please use ``xn--berspace-55a.de`` instead of ``überspace.de``. 4 | 5 | To convert an internationalized domain name to punycode, use the ``idn`` command: 6 | 7 | .. code-block:: none 8 | 9 | [isabell@stardust ~] $ idn überspace.de 10 | xn--berspace-55a.de 11 | 12 | 13 | If locale inside your uberspace shell is not set correctly, this command can fail with a "could not convert" error message. To fix this, either configure your local terminal to use an UTF-8 locale or call ``idn`` like so: ``LANG=en_US.utf8 idn ...``. 14 | -------------------------------------------------------------------------------- /source/includes/domain-providers.txt: -------------------------------------------------------------------------------- 1 | Domain Providers 2 | ================ 3 | 4 | `INWX `_ 5 | --------------------------- 6 | * `How do I set-up a MX record? `_ 7 | * `How can I forward a domain to an IP address (A/AAAA record)? `_ 8 | 9 | `Namecheap `_ 10 | ----------------------------------------- 11 | * `How can I set up MX records required for mail service? `_ 12 | * `How do I set up host records for a domain? `_ 13 | -------------------------------------------------------------------------------- /source/includes/domain-register.txt: -------------------------------------------------------------------------------- 1 | .. tip:: 2 | 3 | Uberspace is strictly a hosting provider, which is why we don't offer domain registrations. You can, of course, use any domain that you registered with an external domain provider with your Uberspace account. At the end of this article is a list of some popular domain providers. 4 | -------------------------------------------------------------------------------- /source/includes/hotfix-version.rst: -------------------------------------------------------------------------------- 1 | .. note:: 2 | 3 | *Sometimes the version shown on your host may be higher than the newest 4 | version here.* In this case we might have applied additional fixes shortly 5 | after a release or did internal changes without user impact. We deem 6 | updates like these **hotfixes** and they are not necessarily included in 7 | this changelog. 8 | -------------------------------------------------------------------------------- /source/includes/htaccess-directoryindex.txt: -------------------------------------------------------------------------------- 1 | .. note:: 2 | 3 | Apache 2.4 will add the DirectoryIndex (index.html) to all requests without a folder or file name. To avoid this, add ``DirectoryIndex disabled`` to your .htaccess 4 | -------------------------------------------------------------------------------- /source/includes/sftp-warning.rst: -------------------------------------------------------------------------------- 1 | .. warning:: Some SFTP clients offer rudimentary “shells” to run commands on the server via SSH. While this may work for some non-interactive commands, it can cause problems when using interactive tools and other commands. We generally recommend to use a full-featured :doc:`ssh <../basics-ssh>` client to run commands on the server. 2 | -------------------------------------------------------------------------------- /source/includes/web-backend.rst: -------------------------------------------------------------------------------- 1 | In order to make your application accessable from the outside, you need to 2 | connect it to the webserver, using a :doc:`web backend <../web-backends>`. 3 | 4 | Please note that your application must listen on the IP ``0.0.0.0``. You can choose any port 5 | between 1024 and 65535. 6 | -------------------------------------------------------------------------------- /source/lang-clojure.rst: -------------------------------------------------------------------------------- 1 | .. sidebar:: Logo 2 | 3 | .. image:: _static/images/logo_clojure.png 4 | :align: center 5 | 6 | ####### 7 | Clojure 8 | ####### 9 | 10 | Introduction 11 | ============ 12 | 13 | Clojure is a dynamic, and functional dialect of Lisp on the Java platform. 14 | 15 | Versions 16 | ======== 17 | 18 | We only provide the latest version and update it regularly. 19 | 20 | Connection to webserver 21 | ======================= 22 | 23 | .. include:: includes/web-backend.rst 24 | -------------------------------------------------------------------------------- /source/lang-deno.rst: -------------------------------------------------------------------------------- 1 | .. sidebar:: Logo 2 | 3 | .. image:: _static/images/logo_deno.png 4 | :align: center 5 | 6 | #### 7 | Deno 8 | #### 9 | 10 | Introduction 11 | ============ 12 | 13 | .. warning:: Deno scripts belong in your :doc:`home `, **not** in your :doc:`docroot `. 14 | 15 | `Deno `__ is a server-side `JavaScript `_ and 16 | `TypeScript `_ interpreter. 17 | It is comparable to Node.js, but aims to offer a simple, modern and secure runtime. 18 | 19 | 20 | ---- 21 | 22 | Versions 23 | ======== 24 | 25 | Release types 26 | ------------- 27 | 28 | We provide the latest version and apply security updates on a regular basis. Once deno v2 is released this might change. 29 | 30 | Connection to webserver 31 | ======================= 32 | 33 | .. include:: includes/web-backend.rst 34 | -------------------------------------------------------------------------------- /source/lang-dotnet.rst: -------------------------------------------------------------------------------- 1 | .. sidebar:: Logo 2 | 3 | .. image:: _static/images/logo_dotnet.png 4 | :align: center 5 | 6 | ######### 7 | .NET Core 8 | ######### 9 | 10 | Introduction 11 | ============ 12 | 13 | .. warning:: .NET scripts belong in your :doc:`home `, **not** in your :doc:`docroot `. 14 | 15 | `.NET `_ is a server-side runtime implementation of CLR, the virtual machine that manages the execution of .NET programs. While .NET Core shares a subset of .NET Framework APIs, it comes with its own API that is not part of .NET Framework. 16 | 17 | ---- 18 | 19 | Versions 20 | ======== 21 | 22 | Release types 23 | ------------- 24 | 25 | We provide the latest .NET Core LTS and apply security updates on a regular basis. 26 | 27 | We also provide older versions; you can get a full list of curently available versions with ``dotnet --list-sdks``. 28 | 29 | .. note:: Unfortunately, Microsoft has decided not to make .NET 8 available for RHEL 7, on which our operating system CentOS 7 is based. Therefore, we cannot provide .NET 8 or later. 30 | 31 | Update policy 32 | ------------- 33 | 34 | We update all `supported versions `_ on a regular basis. 35 | 36 | ====== =========== =============== 37 | Branch State Supported Until 38 | ====== =========== =============== 39 | 7.0 current 2024-05 40 | 6.0.2 LTS 2024-11 41 | 5.0 2022-02 42 | 3.1 2022-12-03 43 | 2.1 2021-08-21 44 | ====== =========== =============== 45 | 46 | 47 | ---- 48 | 49 | Getting started 50 | =============== 51 | 52 | Check out the `Hello, Console App! `_. 53 | 54 | ---- 55 | 56 | Connection to webserver 57 | ======================= 58 | 59 | .. include:: includes/web-backend.rst 60 | 61 | ---- 62 | 63 | Caveats 64 | ======= 65 | 66 | Privacy 67 | ------- 68 | 69 | .NET collects `telemetry data `_ by default. This can be turned off by setting the environment variable ``DOTNET_CLI_TELEMETRY_OPTOUT`` to ``1``. 70 | -------------------------------------------------------------------------------- /source/lang-erlang.rst: -------------------------------------------------------------------------------- 1 | .. sidebar:: Logo 2 | 3 | .. image:: _static/images/logo_erlang.png 4 | :align: center 5 | 6 | ########## 7 | Erlang OTP 8 | ########## 9 | 10 | Introduction 11 | ============ 12 | 13 | `Erlang `__ is a general-purpose, concurrent, functional programming language, and a garbage-collected runtime system. The term Erlang is used interchangeably with Erlang/OTP, or Open Telecom Platform (OTP), which consists of the Erlang runtime system, several ready-to-use components (OTP) mainly written in Erlang, and a set of design principles for Erlang programs. 14 | 15 | 16 | ---- 17 | 18 | Versions 19 | ======== 20 | 21 | Release types 22 | ------------- 23 | 24 | We provide different releases and apply security updates on a regular basis. Currently available versions are `listed below <#show-available-versions>`_. All versions include `Elixir `_ and `Mix `_, a build tool that allows you to easily create projects, manage tasks, run tests and more. 25 | 26 | Standard version 27 | ---------------- 28 | If you don't select a certain version, our default will be used. We decided to default to version 26 29 | 30 | Show available versions 31 | ----------------------- 32 | 33 | Use ``uberspace tools version list erlang`` to show all selectable versions: 34 | 35 | .. code-block:: bash 36 | 37 | [isabell@stardust ~]$ uberspace tools version list erlang 38 | - 20 39 | - 21 40 | - 22 41 | - 23 42 | - 24 43 | - 25 44 | - 26 45 | [isabell@stardust ~]$ 46 | 47 | .. _erlang-change-version: 48 | 49 | Change version 50 | -------------- 51 | You can select the Erlang/OTP version with ``uberspace tools version use erlang ``. You can choose between release branches: 52 | 53 | .. code-block:: bash 54 | 55 | [isabell@stardust ~]$ uberspace tools version use erlang 22 56 | Selected Erlang/OTP version 22 57 | The new configuration is adapted immediately. Patch updates will be applied automatically. 58 | [isabell@stardust ~]$ 59 | 60 | Selected version 61 | ---------------- 62 | 63 | You can check the selected version by executing ``uberspace tools version show erlang`` on the command line: 64 | 65 | .. code-block:: bash 66 | 67 | [isabell@stardust ~]$ uberspace tools version show erlang 68 | Using 'erlang' version: '26' 69 | [isabell@stardust ~]$ 70 | 71 | Update policy 72 | ------------- 73 | 74 | We update all versions on a regular basis. 75 | 76 | .. include:: includes/deprecation.rst 77 | 78 | ---- 79 | 80 | Connection to webserver 81 | ======================= 82 | 83 | .. include:: includes/web-backend.rst 84 | 85 | ---- 86 | 87 | Popular software 88 | ================ 89 | 90 | Check out the `⚛️ Uberlab `_ for guides! 91 | 92 | -------------------------------------------------------------------------------- /source/lang-gcc.rst: -------------------------------------------------------------------------------- 1 | .. sidebar:: Logo 2 | 3 | .. image:: _static/images/logo_gcc.png 4 | :align: center 5 | 6 | ########### 7 | GCC / C(++) 8 | ########### 9 | 10 | Introduction 11 | ============ 12 | 13 | The GNU Compiler Collection is a compiler system maintained by the GNU Project. 14 | It supports various common programming languages like C, C++ as well as more 15 | specialized ones like Objective-C, Fortran, Ada, Go, and D. It can be used 16 | directly to build tools written in C or C++, but is also used behind the scenes 17 | to build modules for Python, node.js, ruby and others. 18 | 19 | Versions 20 | ======== 21 | 22 | We only provide the version available in the Red Hat Developer Toolset. 23 | 24 | Update Policy 25 | ------------- 26 | 27 | GCC is updated alongside the rest of CentOS 7 regularly. 28 | 29 | +--------+---------------------+--------------------------+ 30 | | Branch | State | Security Support Until | 31 | +========+=====================+==========================+ 32 | | 9.x | active development | (no policy published) | 33 | +--------+---------------------+--------------------------+ 34 | 35 | In the future we may provide newer versions. 36 | -------------------------------------------------------------------------------- /source/lang-golang.rst: -------------------------------------------------------------------------------- 1 | .. sidebar:: Logo 2 | 3 | .. image:: _static/images/logo_golang.svg 4 | :align: center 5 | 6 | ###### 7 | Golang 8 | ###### 9 | 10 | Introduction 11 | ============ 12 | 13 | Go, also known as Golang, is a statically typed, compiled programming language designed at Google. It is used for all kinds of tasks, including web development. Noteworthy features include memory safety, garbage collection, and a strong concurrency model. 14 | 15 | Programs written in Go are distributed as big binaries statically including all dependencies most of the time. So the tools provided by us are only needed to modify or write go programs yourself, but not to run them. 16 | 17 | Versions 18 | ======== 19 | 20 | We only provide the latest version of Go. This may change, once go 2.0 is released. 21 | 22 | Connection to webserver 23 | ======================= 24 | 25 | .. include:: includes/web-backend.rst 26 | 27 | Popular software 28 | ================ 29 | 30 | Check out the `⚛️ Uberlab `_ for guides! 31 | 32 | As noted above, most of the guides will download ready-made binaries instead of actually building from source. 33 | -------------------------------------------------------------------------------- /source/lang-java.rst: -------------------------------------------------------------------------------- 1 | .. sidebar:: Logo 2 | 3 | .. image:: _static/images/logo_java.png 4 | :align: center 5 | 6 | #### 7 | Java 8 | #### 9 | 10 | Introduction 11 | ============ 12 | 13 | Java is a general-purpose, object-oriented programming language. Interally, it 14 | uses a virtual machine, making "compiled" java programs very independent of the 15 | actual hardware executing them. 16 | 17 | We provide both the JRE / Java Runtime Environment (``java``) and the JDK / Java 18 | Development Kit (``javac``). 19 | 20 | Versions 21 | ======== 22 | 23 | We only provide the version available in EPEL 7 - ``java-latest-openjdk``. 24 | 25 | Update Policy 26 | ------------- 27 | 28 | Java is updated alongside the rest of EPEL 7 reglarily. 29 | 30 | +--------+---------------------+--------------------------+ 31 | | Branch | State | Security Support Until | 32 | +========+=====================+==========================+ 33 | | 16 | Bug fixes | September 2021 | 34 | +--------+---------------------+--------------------------+ 35 | 36 | Connection to webserver 37 | ======================= 38 | 39 | .. include:: includes/web-backend.rst 40 | -------------------------------------------------------------------------------- /source/lang-perl.rst: -------------------------------------------------------------------------------- 1 | .. sidebar:: Logo 2 | 3 | .. image:: _static/images/logo_perl.png 4 | :align: center 5 | 6 | #### 7 | Perl 8 | #### 9 | 10 | Introduction 11 | ============ 12 | 13 | Perl is a high-level, general-purpose, interpreted, dynamic programming 14 | language. Being released in 1987, it has a long history. The langue has been 15 | used for almost any purpose. On Uberspace it is mainly used for scripting and 16 | web applications. 17 | 18 | Versions 19 | ======== 20 | 21 | We only provide the version available in CentOS 7. 22 | 23 | Update Policy 24 | ------------- 25 | 26 | Perl is updated alongside the rest of CentOS 7 reglarily. 27 | 28 | +--------+---------------------+--------------------------+ 29 | | Branch | State | Security Support Until | 30 | +========+=====================+==========================+ 31 | | 5 | Bug fixes | January 2024 | 32 | +--------+---------------------+--------------------------+ 33 | 34 | Connection to webserver 35 | ======================= 36 | 37 | .. include:: includes/web-backend.rst 38 | -------------------------------------------------------------------------------- /source/lang-prolog.rst: -------------------------------------------------------------------------------- 1 | .. sidebar:: Logo 2 | 3 | .. image:: _static/images/logo_prolog.png 4 | :align: center 5 | 6 | ###### 7 | Prolog 8 | ###### 9 | 10 | Introduction 11 | ============ 12 | 13 | Prolog is a declarative programming language that unlike other languages uses 14 | relations expressed in facts and rules to compute its logic. On Uberspace we use 15 | the `SWI implementation `_ of Prolog. 16 | 17 | Versions 18 | ======== 19 | 20 | We only provide the `latest version `_ of swi-prolog from the stable branch. 21 | -------------------------------------------------------------------------------- /source/lang-python.rst: -------------------------------------------------------------------------------- 1 | .. sidebar:: Logo 2 | 3 | .. image:: _static/images/logo_python.png 4 | :align: center 5 | 6 | ###### 7 | Python 8 | ###### 9 | 10 | Introduction 11 | ============ 12 | 13 | .. warning:: Python applications belong in your :doc:`home `, **not** in your :doc:`docroot `. 14 | 15 | Python is an interpreted programming language, created by Guido van Rossum in 16 | 1991. It is used for a wide range of tasks from basic scripting to full-fledged 17 | web applications. 18 | 19 | Versions 20 | ======== 21 | 22 | Release Types 23 | ------------- 24 | Each release branch of Python is fully supported for five years beginning with its initial stable release. For Python 2.7, this has been extended to ten years. For more details see :ref:`Update Policy `. 25 | 26 | Standard version 27 | ---------------- 28 | If you don't select a certain version, our default will be used. We decided to default to version 2.7. 29 | 30 | Change version 31 | -------------- 32 | To change your python version, run the relevant binary. So if you want to start a script with version 3.6, use the :code:`python3.6` binary: 33 | 34 | .. code-block:: console 35 | 36 | [isabell@stardust ~] python3.6 my-python-script.py 37 | 38 | To specify version 2.7 in a `shebang `_, use :code:`#!/usr/bin/env python2.7`. 39 | 40 | Update Policy 41 | ------------- 42 | 43 | .. _update-policy-python: 44 | 45 | 46 | We update all versions of Python on a regular basis. Once the `security support `_ ends, the branch reaches its end of life, is no longer supported and will be removed from our servers. 47 | 48 | +--------+---------------------+-----------------------------+ 49 | | Branch | State | Security Support Until | 50 | +========+=====================+=============================+ 51 | | 2.7 | Security fixes only | January 2024 (by CentOS) | 52 | +--------+---------------------+-----------------------------+ 53 | | 3.6 | Security fixes only | January 2024 (by CentOS) | 54 | +--------+---------------------+-----------------------------+ 55 | | 3.7 | Bug fixes | 2023 | 56 | +--------+---------------------+-----------------------------+ 57 | | 3.8 | Bug fixes | 2024 | 58 | +--------+---------------------+-----------------------------+ 59 | | 3.9 | Bug fixes | 2025 | 60 | +--------+---------------------+-----------------------------+ 61 | 62 | Connection to webserver 63 | ======================= 64 | 65 | .. include:: includes/web-backend.rst 66 | 67 | pip 68 | === 69 | 70 | pip is Python's package manager, used to install and manage additional packages. You can only install software to your :doc:`home directory `, so please always use the :code:`--user` option when running pip. 71 | 72 | Versions 73 | -------- 74 | 75 | In order to install the correct package corresponding to the Python version you want to use, you should run the correct binary. For example, to install a package for Python 2.7, use :code:`pip2.7`: 76 | 77 | .. code-block:: console 78 | 79 | [isabell@stardust ~] pip2.7 install package-name --user 80 | 81 | To install for Python 3.6, use :code:`pip3.6`: 82 | 83 | .. code-block:: console 84 | 85 | [isabell@stardust ~] pip3.6 install package-name --user 86 | 87 | ---- 88 | 89 | Popular software 90 | ================ 91 | 92 | Check out the `⚛️ Uberlab `_ for guides! 93 | 94 | 95 | 96 | -------------------------------------------------------------------------------- /source/lang-ruby.rst: -------------------------------------------------------------------------------- 1 | .. sidebar:: Logo 2 | 3 | .. image:: _static/images/logo_ruby.png 4 | :align: center 5 | 6 | #### 7 | Ruby 8 | #### 9 | 10 | Introduction 11 | ============ 12 | 13 | .. warning:: Ruby applications belong in your :doc:`home `, **not** in your :doc:`docroot `. 14 | 15 | `Ruby `_ is a programming language known for its easy to use `Ruby on Rails` framework. 16 | 17 | ---- 18 | 19 | Versions 20 | ======== 21 | 22 | Release types 23 | ------------- 24 | 25 | We provide different releases and apply security updates on a regular basis. Currently available versions are `listed below <#show-available-versions>`_. 26 | 27 | Standard version 28 | ---------------- 29 | If you don't select a certain version, our default will be used. We decided to default to version ``3.2``, which is considered to be stable by the developers. 30 | 31 | Show available versions 32 | ----------------------- 33 | 34 | Use ``uberspace tools version list ruby`` to show all selectable versions: 35 | 36 | .. code-block:: bash 37 | 38 | [isabell@stardust ~]$ uberspace tools version list ruby 39 | - 3.1 40 | - 3.2 41 | - 3.3 42 | - 3.4 43 | [isabell@stardust ~]$ 44 | 45 | .. _ruby-change-version: 46 | 47 | Change version 48 | -------------- 49 | You can select the Ruby version with ``uberspace tools version use ruby ``. You can choose between release branches: 50 | 51 | .. code-block:: bash 52 | 53 | [isabell@stardust ~]$ uberspace tools version use ruby 3.1 54 | Selected ruby version 3.1 55 | The new configuration is adapted immediately. Patch updates will be applied automatically. 56 | [isabell@stardust ~]$ 57 | 58 | Selected version 59 | ---------------- 60 | 61 | You can check the selected version by executing ``uberspace tools version show ruby`` on the command line: 62 | 63 | .. code-block:: bash 64 | 65 | [isabell@stardust ~]$ uberspace tools version show ruby 66 | Using 'ruby' version: 3.1 67 | [isabell@stardust ~]$ 68 | 69 | Update policy 70 | ------------- 71 | 72 | We update all versions on a regular basis. Once the `support `_ reaches its end of life (eol), the branch is no longer supported and will be removed from our servers. 73 | 74 | +--------+------------------+ 75 | | Branch | Supported Until | 76 | +========+==================+ 77 | | 3.1 | 2025-12-25 | 78 | +--------+------------------+ 79 | | 3.2 | 2026-03-31 | 80 | +--------+------------------+ 81 | | 3.3 | 2027-03-31 | 82 | +--------+------------------+ 83 | | 3.4 | TBD | 84 | +--------+------------------+ 85 | 86 | .. include:: includes/deprecation.rst 87 | 88 | ---- 89 | 90 | Connection to webserver 91 | ======================= 92 | 93 | .. include:: includes/web-backend.rst 94 | 95 | ---- 96 | 97 | .. _gem: 98 | 99 | gem 100 | === 101 | 102 | ``gem`` is a package manager that can be used to install and manage additional libraries, known as `gems`. We have preconfigured ``gem`` to install libraries to your :doc:`home `. 103 | 104 | ---- 105 | 106 | Popular software 107 | ================ 108 | 109 | Check out the `⚛️ Uberlab `_ for guides! 110 | -------------------------------------------------------------------------------- /source/lang-rust.rst: -------------------------------------------------------------------------------- 1 | .. sidebar:: Logo 2 | 3 | .. image:: _static/images/logo_rust.svg 4 | :align: center 5 | 6 | #### 7 | Rust 8 | #### 9 | 10 | Introduction 11 | ============ 12 | 13 | .. warning:: Rust applications belong in your :doc:`home `, **not** in your :doc:`docroot `. 14 | 15 | `Rust `__ is a *multi-paradigm programming language* focused on **performance** and **safety**, especially **safe concurrency**. Rust is syntactically similar to C++, but provides memory safety without using garbage collection. The compiler is *free and open-source software* dual-licensed under the **MIT License** and **Apache License 2.0**. 16 | 17 | Versions 18 | ======== 19 | 20 | Release Types 21 | ------------- 22 | 23 | The Rust project uses a concept called ‘`release channels `_’ to manage releases. For now we support the ``stable`` channel. 24 | 25 | Crates 26 | ====== 27 | 28 | Packaged Rust projects are called **crates**. The `crates.io `_ website serves as an official repository for them. You can install binaries from there with the `cargo install`_ command: 29 | 30 | .. code-block:: console 31 | 32 | [isabell@stardust ~] cargo install package-name 33 | 34 | This downloads the source for ``package-name`` and compiles it. The resulting binaries are placed into ``$HOME/.cargo/bin/``. Which is already included in your ``$PATH`` (unless you changed our default setup). You can find ways to configure this in the documentation for `cargo install`_. 35 | 36 | .. _`cargo install`: https://doc.rust-lang.org/cargo/commands/cargo-install.html 37 | 38 | Connection to webserver 39 | ======================= 40 | 41 | .. include:: includes/web-backend.rst 42 | -------------------------------------------------------------------------------- /source/mail-forwarding.rst: -------------------------------------------------------------------------------- 1 | ################ 2 | Forwarding mails 3 | ################ 4 | 5 | You can create a simple forward or alias for arbitrary mailusers like 6 | 7 | * ``forwardme@username.uber.space`` → ``mail@example.com`` 8 | * ``hello@yourdomain.com`` → ``support@yourdomain.com`` 9 | 10 | .. tip:: 11 | A single forward mailuser will work for **all** mail domains you have setup on your Uberspace. 12 | 13 | Configuring forwards 14 | ==================== 15 | 16 | .. note:: 17 | It is possible to use the `Dashboard `_ for creating mail accounts and forwards, to do so login and use the `mail section `_. Here we will explain our prefered way using SSH and the ``uberspace mail`` commands. 18 | 19 | 20 | Add a forward for a mailuser 21 | ---------------------------- 22 | 23 | You can set up forwards with the ``uberspace mail user forward set `` command. You may also use this command to create an internal alias, but you always have to specify the full mailaddress. 24 | 25 | To forward all mails from ``forwardme`` to ``mail@example.com`` run the following command: 26 | 27 | .. code-block:: console 28 | 29 | [isabell@stardust ~]$ uberspace mail user forward set forwardme mail@example.com 30 | Mail to 'forwardme' will be forwarded to 'mail@example.com'. 31 | [isabell@stardust ~]$ 32 | 33 | .. tip:: 34 | ``uberspace mail user forward set`` overwrites existing configurations. 35 | 36 | 37 | Show an existing forward for a mailuser 38 | --------------------------------------- 39 | 40 | You can show your existing forward using the ``uberspace mail user forward list`` command, e.g. if you have setup a forwarding for ``forwardme``: 41 | 42 | .. code-block:: console 43 | 44 | [isabell@stardust ~]$ uberspace mail user forward list forwardme 45 | mail@example.com 46 | [isabell@stardust ~]$ 47 | 48 | 49 | Delete forward for a mailuser 50 | ----------------------------- 51 | 52 | You can remove a forwarding using the ``uberspace mail user forward del `` command. This will delete the specified alias, 53 | so mails sent to it will no longer be delivered (except if you set up a `catchall address `_). 54 | To delete a forwarding for ``forwardme``, run the following command: 55 | 56 | .. code-block:: console 57 | 58 | [isabell@stardust ~]$ uberspace mail user forward del forwardme 59 | Mail to 'forwardme' will no longer be forwarded. 60 | [isabell@stardust ~]$ 61 | 62 | 63 | Troubleshooting 64 | =============== 65 | 66 | * With enabled :doc:`spam filtering ` we do not forward mails with a spam score greater than ``5``. These mails get sorted into ``~/users/MAILUSER/.Spam``. 67 | * If you want to test forwardings to Gmail by using the *same* Gmail address as sender, the Google magic will just drop and not deliver the mail because it is already known to this account. 68 | 69 | Using .qmail files 70 | ================== 71 | 72 | .. warning:: 73 | In the past, with the outdated product version Uberspace 6 we encouraged users to manipulate ``.qmail`` files for forwarding and controlling the email flow. This is technically still possible on U7 but will strongly interfere with our standard email setup that should be configured by using the ``uberspace mail`` commands. 74 | 75 | Because of this, we no longer can support you in technical issues with qmail programming but recommend you to move your mail setup to the ``uberspace mail`` tools. The qmail configuration is still available and we also use the ``.qmail-default`` file to configure the spamfolder, but this might change in the future and break your custom configurations. 76 | -------------------------------------------------------------------------------- /source/mail-spam.rst: -------------------------------------------------------------------------------- 1 | ############# 2 | Spam handling 3 | ############# 4 | 5 | Incoming mails 6 | ============== 7 | 8 | We filter incoming mails with `Rspamd `_ which uses `multiple `_ filtering and statistical methods to generate a spam score including (but not limited to) SPF, DMARC and DNS blocklists. 9 | 10 | You can train the filter by moving mails into the ``Spam`` folder in your mailbox, mails moved out of the ``Spam`` folder will be learned as ``ham`` (= good mails). 11 | 12 | We also autolearn ``ham`` and ``spam``, which means that every mail with a negative score is auto-learned as *ham*, while every mail with a score higher than the rejection score is auto-learned as *spam* (given that the Bayes filter hasn't already identified them). 13 | 14 | Configure spamfolder 15 | -------------------- 16 | 17 | Use ``uberspace mail spamfolder`` to configure the spam folder for all mailboxes and forwards in your account. Mails with a spam score greater than ``5`` will get sorted into the ``Spam`` folder in the according mailbox. 18 | 19 | .. code-block:: console 20 | 21 | [isabell@stardust ~]$ uberspace mail spamfolder status 22 | The spam folder is enabled. 23 | [isabell@stardust ~]$ uberspace mail spamfolder disable 24 | The spam folder is now disabled. 25 | [isabell@stardust ~]$ uberspace mail spamfolder enable 26 | The spam folder is now enabled. 27 | 28 | .. note:: 29 | Mails within the spam folder are auto-expunged after 30 days. 30 | 31 | .. tip:: 32 | If you want to change the rejection score, please have a look at the examples in our description for :doc:`Sieve `. 33 | 34 | 35 | Background 36 | ---------- 37 | 38 | We implement the spam folder by manipulating your ``~/.qmail-default``. Enabling spam folders effectively means that a maildrop filter named ``~/.spamfolder`` is created which just includes the global template ``/opt/uberspace/etc/spamfolder.template``. 39 | 40 | That global template basically resembles what ``vdeliver`` does - retrieving the target Maildir and optional mail forward targets. Disabling spam folders effectively means resetting ``~/.qmail-default`` to call *vdeliver* instead of *maildrop*. 41 | 42 | .. warning:: 43 | Spam filtering and sorting does **not work** with the system mailbox ``username@uber.space``. Create user mailboxes instead! 44 | 45 | Outgoing Mails 46 | ============== 47 | 48 | SPF 49 | --- 50 | 51 | The `Sender Policy Framework `_ (SPF) is a system that allows mailservers to check if another mail server is allowed to send mails for a specific domain. To specify which servers are allowed to send mails for your domain, you can set a ``TXT`` :doc:`DNS record`. Adding Uberspace hosts to the list of allowed servers for your domain will increase your chances of passing spam filters. This instructs other mail servers to accept mails from your domain if they originate from our hosts and to deliver any mails that claim to be from your domain but originate from a different server to the spam folder. 52 | 53 | DKIM 54 | ---- 55 | 56 | `DomainKeys Identified Mail `_ (DKIM) allows the receiver to check that an email claimed to have come from a specific domain was indeed authorized by the owner of that domain. It achieves this by affixing a digital signature, linked to a domain name, to each outgoing email message. 57 | 58 | We generate a DKIM key for every user, you can get yours with ``uberspace records list``: 59 | 60 | .. code-block:: console 61 | 62 | [isabell@stardust ~]$ uberspace records list 63 | $ORIGIN isabell.example 64 | @ IN MX 0 stardust.uberspace.de. 65 | @ IN TXT "v=spf1 include:spf.uberspace.de ~all" 66 | uberspace._domainkey IN TXT "v=DKIM1;t=s;n=core;p=MIICIj...==" 67 | 68 | [isabell@stardust ~]$ 69 | -------------------------------------------------------------------------------- /source/migration/qmail/includes/auto-migration.rst: -------------------------------------------------------------------------------- 1 | .. warning:: 2 | To avoid breaking your current mail setup with the migration, you should take care soon enough and find workarounds 3 | with the standard mail system. 4 | 5 | Get more information about the auto migration here: `example.com `_ -------------------------------------------------------------------------------- /source/migration/qmail/includes/levels/error.rst: -------------------------------------------------------------------------------- 1 | .. error:: 2 | **Error**: This configuration is probably not working as expected in the standard mail system. This is why you should 3 | recreate this mailaddress yourself using the `uberspace mail commands `_. -------------------------------------------------------------------------------- /source/migration/qmail/includes/levels/fatal.rst: -------------------------------------------------------------------------------- 1 | .. error:: 2 | **Fatal Error**: This configuration is not working with the standard mail system and we are not able to migrate it. 3 | You need to fix it or find a workaround using the 4 | `uberspace mail commands `_. -------------------------------------------------------------------------------- /source/migration/qmail/includes/levels/mailsetup_error.rst: -------------------------------------------------------------------------------- 1 | .. error:: 2 | **Error**: You will need to fix the mailsetup before you can fix any of your individual mailaddress configurations. -------------------------------------------------------------------------------- /source/migration/qmail/includes/levels/warning.rst: -------------------------------------------------------------------------------- 1 | .. warning:: 2 | **Warning**: We could migrate this setting automatically to the standard mail system, but it might have minor effects 3 | to the current behavior of the mailaddress. You could change the configuration yourself using the 4 | `uberspace mail commands `_. -------------------------------------------------------------------------------- /source/migration/qmail/includes/spamfolder.rst: -------------------------------------------------------------------------------- 1 | .. note:: The current setting does not use the spamfilter but it will be enabled in the new mail setup. -------------------------------------------------------------------------------- /source/migration/qmail/qmail-default-broken.rst: -------------------------------------------------------------------------------- 1 | The content of the main qmail file ~/.qmail-default cannot be read 2 | ================================================================== 3 | 4 | The file ``~/.qmail-default`` is the only qmail file neccessary for the standard mail setup on U7. 5 | 6 | To be able to use the standard mail setup you need to restore the file. First remove the broken file and then recreate 7 | the standard file with the commands: 8 | 9 | .. code-block:: console 10 | 11 | [isabell@stardust ~]$ rm ~/.qmail-default 12 | [isabell@stardust ~]$ uberspace mail spamfolder enable 13 | The spam folder is now enabled. 14 | 15 | .. include:: ../includes/levels/mailsetup_error.rst -------------------------------------------------------------------------------- /source/migration/qmail/reports/config-filename-off.rst: -------------------------------------------------------------------------------- 1 | .. _config-filename-off: 2 | 3 | The filename ".qmail-Example" cannot be parsed 4 | ============================================== 5 | 6 | ``id:config-filename-off`` 7 | 8 | This error indicates that the filename contains special letters or capitalization that might work with Qmail but 9 | could be problematic with the standard mail system. 10 | 11 | You should check if the mailaddress is currently in use and if it works as expected. If so you should try to set it up 12 | manually with the `uberspace mail commands `_. 13 | 14 | .. include:: ../includes/levels/error.rst -------------------------------------------------------------------------------- /source/migration/qmail/reports/config-is-catchall.rst: -------------------------------------------------------------------------------- 1 | .. _config-is-catchall: 2 | 3 | The file is a subaddressing catchall with a "-" delimiter 4 | ========================================================= 5 | 6 | ``id:config-is-catchall`` 7 | 8 | This error indicates that this file is setup as a catchall for all mailaddresses like **mailbox-*@example.com**. This 9 | kind of delimiter is no longer available in the standard mailsystem as we use the more common and more explicit 10 | ``+``-subadressing. 11 | 12 | If you have used this kind of subaddressing catchall heavily its probably very hard to change all the mailaddresses 13 | in the original used places. You can create a workaround to keep using those mailaddresses, even with separate handling 14 | and mailboxes etc. But it depends very much on how you use these catchall and other mailaddresses. 15 | 16 | .. include:: ../includes/levels/fatal.rst 17 | 18 | Workaround to keep "-" delimiter catchall 19 | ----------------------------------------- 20 | 21 | Assuming that you have a ``.qmail-shops-default`` that you want to migrate. 22 | 23 | First you will need to setup a general catchall, therefore you create for example a mailbox named ``catchall-mailbox``: 24 | 25 | .. code-block:: console 26 | 27 | [isabell@stardust ~]$ uberspace mail user add catchall-mailbox 28 | Enter a password for the mailbox: 29 | Please confirm your password: 30 | New mailbox created for user: 'catchall', it will be live in a few minutes... 31 | 32 | Then you configure the catchall to forward mails to this mailbox: 33 | 34 | .. code-block:: console 35 | 36 | [isabell@stardust ~]$ uberspace mail catchall set catchall-mailbox 37 | Mails, which cannot be matched to a mailbox, will be sent to catchall-mailbox. 38 | 39 | Then on the mailbox ``catchall-mailbox`` you need to configure with :doc:`Sieve filters`, that all mails **except** mails to 40 | ``shops-*@`` will be rejected: 41 | 42 | .. code-block:: 43 | 44 | require ["fileinto", "reject"]; 45 | if address :matches "to" "shops-*@*" { 46 | keep; 47 | } else { 48 | reject; 49 | } 50 | 51 | This example script will keep the mails in the new mailbox, but you can also use ``fileinto`` to store them in specific 52 | folders or forward them to another mailaddress with ``redirect``. 53 | -------------------------------------------------------------------------------- /source/migration/qmail/reports/config-is-sysmail-and-content-vdeliver.rst: -------------------------------------------------------------------------------- 1 | .. _config-is-sysmail-and-content-vdeliver: 2 | 3 | The sysmail config file for username@uber.space contains a vdeliver code pipe 4 | ============================================================================= 5 | 6 | ``id:config-is-sysmail-and-content-vdeliver`` 7 | 8 | This error indicates that the system mail configuration file ``~/.qmail`` contains a redirect code to the mail system 9 | (with ``|/usr/bin/vdeliver``). This does not work all incoming mails to **username@uber.space** are bounced back to the 10 | sender. 11 | 12 | In the standard mail system it is not possible to disable the system mail address **username@uber.space** for technical 13 | reasons. You should remove the file ``~/.qmail`` so mails are just stored into the system mailbox. 14 | 15 | .. include:: ../includes/levels/fatal.rst -------------------------------------------------------------------------------- /source/migration/qmail/reports/content-code.rst: -------------------------------------------------------------------------------- 1 | .. _content-code: 2 | 3 | The file contains a code pipe "|" to a custom command 4 | ===================================================== 5 | 6 | ``id:content-code`` 7 | 8 | This error indicates, that you are redirecting mails directly to programming scripts. This is not supported in the 9 | standard mailsetup and you will need to find another way to automatically process your incoming mails. 10 | 11 | .. include:: ../includes/levels/fatal.rst 12 | 13 | Workaround for custom code scripts 14 | ---------------------------------- 15 | 16 | The most common tools to workaround this could be ``fetchmail`` oder ``getmail`` which you can use to collect mails 17 | from a mailbox and then process them with your code. You could also configure your code to fetch the mails directly 18 | from the mailbox. 19 | 20 | Workaround for mail filtering with ``|maildrop`` 21 | ------------------------------------------------ 22 | 23 | If you used server-side mail filter scripts with ``|maildrop`` you should be able to replace them with Sieve filter 24 | rules. Just have a look to the `filters & rules manual page `_. -------------------------------------------------------------------------------- /source/migration/qmail/reports/content-comment-only-and-vmailmgr-user-exists.rst: -------------------------------------------------------------------------------- 1 | .. _content-comment-only-and-vmailmgr-user-exists: 2 | 3 | The file conflicts with an already existing mail user 4 | ===================================================== 5 | 6 | ``id:content-comment-only-and-vmailmgr-user-exists`` 7 | 8 | This error indicates, that you have a qmail file like ``.qmail-mailbox`` but likewise a mail user ``mailbox``. The qmail 9 | file drops all incoming mails while the mailuser cannot receive the those mails. 10 | 11 | You need to fix these conflicting configurations, however the qmail file should be removed to use the standard mail 12 | system only. 13 | 14 | .. include:: ../includes/levels/error.rst -------------------------------------------------------------------------------- /source/migration/qmail/reports/content-empty.rst: -------------------------------------------------------------------------------- 1 | .. _content-empty: 2 | 3 | The file content is empty 4 | ========================= 5 | 6 | ``id:content-empty`` 7 | 8 | The error indicates, that the file contains an empty qmail configuration. This will store incoming mails directly to the 9 | maildir ``~/Maildir`` and so bypasses the mail setup. In the standard mail system we can only support full mailaddresses 10 | as forwards. 11 | 12 | You need to check in what way you want to use this mailaddress and the forward target, you should set up either a real 13 | forward to a mailaddress or a mailbox for this mail. 14 | 15 | .. include:: ../includes/levels/error.rst -------------------------------------------------------------------------------- /source/migration/qmail/reports/content-exit100-and-vmailmgr-user-exists.rst: -------------------------------------------------------------------------------- 1 | .. _content-exit100-and-vmailmgr-user-exists: 2 | 3 | The file conflicts with an already existing mail user 4 | ===================================================== 5 | 6 | ``id:content-exit100-and-vmailmgr-user-exists`` 7 | 8 | This error indicates, that you have a qmail file like ``.qmail-mailbox`` but likewise a mail user ``mailbox``. The qmail 9 | file contains an exit code and bounces back all mails while the mailuser cannot receive the incoming mails. 10 | 11 | You need to fix these conflicting configurations, however the qmail file should be removed to use the standard mail 12 | system only. 13 | 14 | .. include:: ../includes/levels/error.rst -------------------------------------------------------------------------------- /source/migration/qmail/reports/content-exit100.rst: -------------------------------------------------------------------------------- 1 | .. _content-exit100: 2 | 3 | The file contains an |exit 100 code 4 | =================================== 5 | 6 | ``id:content-exit100`` 7 | 8 | You have set up this file to bounce incoming mails. But it is better to reject mails in the first place, before making 9 | them bounce back to the sender. 10 | 11 | You should check if you could just remove this mailaddress from your configuration so it is properly rejected. If this 12 | is not possble (maybe because of a catchall) you should set up a mailbox with a Sieve script to reject mails. 13 | 14 | .. include:: ../includes/levels/error.rst -------------------------------------------------------------------------------- /source/migration/qmail/reports/content-linuxuser-mailuser.rst: -------------------------------------------------------------------------------- 1 | .. _content-linuxuser-mailuser: 2 | 3 | The file contains an internal redirect to a mailuser 4 | ==================================================== 5 | 6 | ``id:content-linuxuser-mailuser`` 7 | 8 | This error indicates, that you have set up an internal redirect to a mailuser without a full mailaddress. We can only 9 | support full mailaddresses as forwards in the standard mail system. 10 | 11 | You should set an explicit mailaddress here. Otherwise we will create a forward to the default mail domain 12 | **mailuser@username.uber.space**. 13 | 14 | .. include:: ../includes/spamfolder.rst 15 | 16 | .. include:: ../includes/levels/warning.rst -------------------------------------------------------------------------------- /source/migration/qmail/reports/content-multiline-contains-multiple-non-mailaddr.rst: -------------------------------------------------------------------------------- 1 | .. _content-multiline-contains-multiple-non-mailaddr: 2 | 3 | The file contains multiple lines which are no mailaddresses 4 | =========================================================== 5 | 6 | ``id:content-multiline-contains-multiple-non-mailaddr`` 7 | 8 | This error indicates that you have a qmail configuration file with multiple custom lines. For the standard mail system, 9 | we can only set up forwards to multiple mailaddresses with or without a mailbox. 10 | 11 | Any other configurations, like redirecting mails to multiple maildirs etc. cannot be adapted. You need to check the 12 | content of the qmail file and decide how you want to set this up manually. 13 | 14 | To do so run ``cat ~/.qmail-example`` with the proper path. Any comment lines starting with ``#`` are ignored for this 15 | check. 16 | 17 | .. include:: ../includes/levels/fatal.rst -------------------------------------------------------------------------------- /source/migration/qmail/reports/content-oserror.rst: -------------------------------------------------------------------------------- 1 | .. _content-oserror: 2 | 3 | Retrieving the file content returned a system error 4 | =================================================== 5 | 6 | ``id:content-oserror`` 7 | 8 | This error indicates that we were not able to retrieve the content of the qmail file. 9 | 10 | Try to check the file content by yourself, for example with ``cat ~/.qmail-example``. The file might be a symlink that 11 | links to a non existing file. 12 | 13 | However, most probably this qmail configuration and thus the mailaddress is currently not 14 | working at all, then you are save to delete the file. 15 | 16 | .. include:: ../includes/levels/error.rst -------------------------------------------------------------------------------- /source/migration/qmail/reports/content-path-file.rst: -------------------------------------------------------------------------------- 1 | .. _content-path-file: 2 | 3 | The file contains a path to a custom mailbox-file 4 | ================================================= 5 | 6 | ``id:content-path-file`` 7 | 8 | This error incidates that the qmail file is configured with a path to a mailbox file and thus bypasses the mailsetup. 9 | 10 | You will need to create a real mailbox with ``uberspace mail user add ...`` and import your mails from the mailbox 11 | file if you want to keep them in the standard mail system. 12 | 13 | .. include:: ../includes/levels/error.rst -------------------------------------------------------------------------------- /source/migration/qmail/reports/content-path-folder-fits-and-vmailmgr-user-not-exists.rst: -------------------------------------------------------------------------------- 1 | .. _content-path-folder-fits-and-vmailmgr-user-not-exists: 2 | 3 | The file contains a path to the maildir of a non existing mail user 4 | =================================================================== 5 | 6 | ``id:content-path-folder-fits-and-vmailmgr-user-not-exists`` 7 | 8 | This error indicates that the qmail file redirects mails to a maildir path but there is no mailuser configured for this 9 | address. 10 | 11 | Because this should currently not work and incoming mails are just bounced back you are save to remove the qmail file 12 | so mails are correctly rejected in the first place. 13 | 14 | .. include:: ../includes/levels/warning.rst -------------------------------------------------------------------------------- /source/migration/qmail/reports/content-path-folder-off.rst: -------------------------------------------------------------------------------- 1 | .. _content-path-folder-off: 2 | 3 | The maildir path does not point to ~/users/example 4 | ================================================== 5 | 6 | ``id:content-path-folder-off`` 7 | 8 | This error indicates that the qmail file contains a path to a maildir which is not a path to the corresponding maildir. 9 | 10 | This bypasses the standard mailsetup and you need to check manually how to want to set this up. 11 | 12 | .. include:: ../includes/levels/error.rst -------------------------------------------------------------------------------- /source/migration/qmail/reports/content-spamfolder-and-vmailmgr-user-and-catchall-not-exists.rst: -------------------------------------------------------------------------------- 1 | .. _content-spamfolder-and-vmailmgr-user-and-catchall-not-exists: 2 | 3 | The file forwards to a non existing mail user "example" and there is no catchall configured 4 | =========================================================================================== 5 | 6 | ``id:content-spamfolder-and-vmailmgr-user-and-catchall-not-exists`` 7 | 8 | This error indicates that the qmail file redirects mails to the mail system (with 9 | ``|maildrop /home/username/.spamfolder``) but there is no mailuser or catchall configured for this address. 10 | 11 | Because this should currently not work and incoming mails are just bounced back you are save to remove the qmail file 12 | so mails are correctly rejected in the first place. 13 | 14 | .. include:: ../includes/levels/warning.rst -------------------------------------------------------------------------------- /source/migration/qmail/reports/content-unknown.rst: -------------------------------------------------------------------------------- 1 | .. _content-unknown: 2 | 3 | The file contains unknown content 4 | ================================= 5 | 6 | ``id:content-unknown`` 7 | 8 | This is the fallback error when we could not detect the type of your qmail file content. 9 | 10 | You should check with ``cat ~/.qmail-example`` how the file is currently configured and decide how you want to set it up 11 | with the `uberspace mail commands `_. 12 | 13 | 14 | .. include:: ../includes/levels/fatal.rst -------------------------------------------------------------------------------- /source/migration/qmail/reports/content-username-off.rst: -------------------------------------------------------------------------------- 1 | .. _content-username-off: 2 | 3 | The file contains a username that is not the current user 4 | ========================================================= 5 | 6 | ``id:content-username-off`` 7 | 8 | We can only support full mailaddresses as forwards in the standard mail system. A username in a qmail file will forward 9 | mails to ``username@host.uberspace.de`` but only on the same host. We would replace this with the default mailaddress 10 | **username@uber.space**. 11 | 12 | But this error indicates, that the username in the file does not fit to the current user, since this is probably a 13 | mistake you need to check this yourself and set a full mailaddress as forward or any other configuration for this 14 | mailaddress. 15 | 16 | .. include:: ../includes/levels/error.rst -------------------------------------------------------------------------------- /source/migration/qmail/reports/content-vdeliver-and-vmailmgr-user-and-catchall-not-exists.rst: -------------------------------------------------------------------------------- 1 | .. _content-vdeliver-and-vmailmgr-user-and-catchall-not-exists: 2 | 3 | The file forwards to a non existing mail user "example" and there is no catchall configured 4 | =========================================================================================== 5 | 6 | ``id:content-vdeliver-and-vmailmgr-user-and-catchall-not-exists`` 7 | 8 | This error indicates that the qmail file redirects mails to the mail system (with ``|/usr/bin/vdeliver``) but there is 9 | no mailuser or catchall configured for this address. 10 | 11 | Because this should currently not work and incoming mails are just bounced back you are save to remove the qmail file 12 | so mails are correctly rejected in the first place. 13 | 14 | .. include:: ../includes/levels/warning.rst -------------------------------------------------------------------------------- /source/migration/qmail/reports/qmail-default-content-mailaddr.rst: -------------------------------------------------------------------------------- 1 | .. _qmail-default-content-mailaddr: 2 | 3 | The content of the main qmail file ~/.qmail-default is a mailaddress 4 | ==================================================================== 5 | 6 | ``id:qmail-default-content-mailaddr`` 7 | 8 | The file ``~/.qmail-default`` is the only qmail file neccessary for the standard mail setup on U7. 9 | 10 | When the file is setup with a mailaddress, this will forward all incoming mails to this address and bypasses the 11 | standard mail system without filtering spam. You can use instead a real catchall with a mailbox. 12 | 13 | First you need to remove the current file and restore the standard mail setup: 14 | 15 | .. code-block:: console 16 | 17 | [isabell@stardust ~]$ rm ~/.qmail-default 18 | [isabell@stardust ~]$ uberspace mail spamfolder enable 19 | The spam folder is now enabled. 20 | 21 | Then lookup the manual how to create a `catchall `_. 22 | 23 | .. include:: ../includes/levels/mailsetup_error.rst -------------------------------------------------------------------------------- /source/migration/qmail/reports/qmail-default-content-unknown.rst: -------------------------------------------------------------------------------- 1 | .. _qmail-default-content-unknown: 2 | 3 | The content of the main qmail file ~/.qmail-default is configured with unknown content 4 | ====================================================================================== 5 | 6 | ``id:qmail-default-content-unkown`` 7 | 8 | The file ``~/.qmail-default`` is the only qmail file neccessary for the standard mail setup on U7. 9 | 10 | If the file is configured with any custom content, the standard mail setup most probably wont work. You need to check 11 | the file content and find a way to workaround the current configuration with the standard mail setup. 12 | 13 | To restore the the standard mail setup you need to remove the current file and then recreate it: 14 | 15 | .. code-block:: console 16 | 17 | [isabell@stardust ~]$ rm ~/.qmail-default 18 | [isabell@stardust ~]$ uberspace mail spamfolder enable 19 | The spam folder is now enabled. 20 | 21 | .. include:: ../includes/levels/mailsetup_error.rst -------------------------------------------------------------------------------- /source/migration/qmail/reports/qmail-default-content-username.rst: -------------------------------------------------------------------------------- 1 | .. _qmail-default-content-username: 2 | 3 | The content of the main qmail file ~/.qmail-default is the username 4 | ==================================================================== 5 | 6 | ``id:qmail-default-content-username`` 7 | 8 | The file ``~/.qmail-default`` is the only qmail file neccessary for the standard mail setup on U7. 9 | 10 | When the file is setup with the username, this will forward all incoming mails to **username@uber.space** and bypasses 11 | the standard mail system without filtering spam. You can use instead a real catchall with a mailbox. 12 | 13 | First you need to remove the current file and restore the standard mail setup: 14 | 15 | .. code-block:: console 16 | 17 | [isabell@stardust ~]$ rm ~/.qmail-default 18 | [isabell@stardust ~]$ uberspace mail spamfolder enable 19 | The spam folder is now enabled. 20 | 21 | Then lookup the manual how to create a `catchall `_. 22 | 23 | .. include:: ../includes/levels/mailsetup_error.rst -------------------------------------------------------------------------------- /source/migration/qmail/reports/qmail-default-not-exists.rst: -------------------------------------------------------------------------------- 1 | .. _qmail-default-not-exists: 2 | 3 | The main qmail file ~/.qmail-default does not exist 4 | =================================================== 5 | 6 | ``id:qmail-default-not-exists`` 7 | 8 | The file ``~/.qmail-default`` is the only qmail file neccessary for the standard mail setup on U7. 9 | 10 | To be able to use the standard mail setup you need to recreate the file with the command: 11 | 12 | .. code-block:: console 13 | 14 | [isabell@stardust ~]$ uberspace mail spamfolder enable 15 | The spam folder is now enabled. 16 | 17 | .. include:: ../includes/levels/mailsetup_error.rst 18 | 19 | 20 | -------------------------------------------------------------------------------- /source/migration/qmail/reports/qmail-mailaddr-and-vmailmgr-user-blocking.rst: -------------------------------------------------------------------------------- 1 | .. _qmail-mailaddr-and-vmailmgr-user-blocking: 2 | 3 | The file conflicts with an already existing mail user 4 | ===================================================== 5 | 6 | ``id:qmail-mailaddr-and-vmailmgr-user-blocking`` 7 | 8 | This error indicates, that you have a qmail file like ``.qmail-mailbox`` but likewise a mail user ``mailbox``. The qmail 9 | file contains a mailaddress and forwards all mails to this configured address while the mailuser cannot receive the 10 | incoming mails. 11 | 12 | You need to fix these conflicting configurations, however the qmail file should be removed to use the standard mail 13 | system only. 14 | 15 | .. include:: ../includes/levels/error.rst -------------------------------------------------------------------------------- /source/migration/qmail/reports/qmail-username-and-vmailmgr-user-blocking.rst: -------------------------------------------------------------------------------- 1 | .. _qmail-username-and-vmailmgr-user-blocking: 2 | 3 | The file conflicts with an already existing mail user 4 | ===================================================== 5 | 6 | ``id:qmail-username-and-vmailmgr-user-blocking`` 7 | 8 | This error indicates, that you have a qmail file like ``.qmail-mailbox`` but likewise a mail user ``mailbox``. The qmail 9 | file contains the username and forwards all mails to **username@uber.space** while the mailuser cannot receive the 10 | incoming mails. 11 | 12 | You need to fix these conflicting configurations, however the qmail file should be removed to use the standard mail 13 | system only. 14 | 15 | .. include:: ../includes/levels/error.rst -------------------------------------------------------------------------------- /source/migration/qmail/reports/spamfolder-file-content-off.rst: -------------------------------------------------------------------------------- 1 | .. _spamfolder-file-content-off: 2 | 3 | The script file ~/.spamfolder for the standard mail setup contains unkown content 4 | ================================================================================= 5 | 6 | ``id:spamfolder-file-content-off`` 7 | 8 | The spamfolder script process all incoming mail and enables features like Sieve and ``+``-subaddressing. 9 | 10 | With a custom script we cannot process mails in the standard way. If you have set up any custom scripts to process your 11 | mails you will need to find workarounds with the standard mail setup, like with Sieve scripts etc. 12 | 13 | To restore the standard mail processing with the default spamfolder script, first remove the custom script and run 14 | the spamfolder enable comand. 15 | 16 | .. code-block:: console 17 | 18 | [isabell@stardust ~]$ rm ~/.spamfolder 19 | [isabell@stardust ~]$ uberspace mail spamfolder enable 20 | The spam folder is now enabled. 21 | 22 | .. include:: ../includes/levels/error.rst -------------------------------------------------------------------------------- /source/migration/qmail/reports/vmailmgr-forward-mailbox.rst: -------------------------------------------------------------------------------- 1 | .. _vmailmgr-forward-mailbox: 2 | 3 | There are mailusers with direct forward to a mailbox 4 | ==================================================== 5 | 6 | ``id:vmailmgr-forward-mailbox`` 7 | 8 | We can only support full mailaddresses as forwards in the standard mail system. This error indicates, that you have 9 | set up internal mail forwards to a mailuser. 10 | 11 | You can find a more detailed list of mailusers with the following command: 12 | 13 | .. code-block:: console 14 | 15 | [isabell@stardust ~]$ listvdomain 16 | info No post 17 | post Yes 18 | 19 | All lines with 3 or more columns contain forwards which should be full mailaddresses. If not you should replace those 20 | using the `uberspace mail commands `_. 21 | 22 | .. include:: ../includes/levels/warning.rst -------------------------------------------------------------------------------- /source/migration/qmail/reports/vmailmgr-passwd-broken.rst: -------------------------------------------------------------------------------- 1 | .. _vmailmgr-passwd-broken: 2 | 3 | The mail database file ~/passwd.cdb seems to be broken 4 | ====================================================== 5 | 6 | ``id:vamilmgr-passwd-broken`` 7 | 8 | The data for the mailusers in the standard mail system are stored in the file ``~/passwd.cdb`` but we are unable to 9 | parse data from the file despite the file exists and contains some data. This can be due to broken entries. 10 | 11 | You can check with the following command, if you see any entries with special chars: 12 | 13 | .. code-block:: console 14 | 15 | [isabell@stardust ~]$ listvdomain 16 | mailuser Yes hallo@example.com 17 | 18 | If you can already identify any problems there, you could try removing the correspoding mail users (as long as its not 19 | in use or you can restore it easily). 20 | 21 | Of course you can contact our `support `_ if you need help here. 22 | 23 | .. include:: ../includes/levels/fatal.rst -------------------------------------------------------------------------------- /source/policy.rst: -------------------------------------------------------------------------------- 1 | ###### 2 | Policy 3 | ###### 4 | 5 | To ensure smooth service for everyone, we have to intervene on individual accounts in exceptional cases. Of course, we will inform the account owner in each case and in most situations we will find a common solution. 6 | 7 | Deadlines 8 | ========= 9 | 10 | Whenever we become aware of a problem - either through our monitoring or through one of our users - we analyze the cause and contact the account owner for feedback. The following categories define the time after which we intervene and deactivate the problematic service or, in the worst case, block the entire account. 11 | 12 | * Only in the absolute exception - if the operation of our servers is urgently endangered and in the case of obvious legal violations, requests by public prosecutors or massive technical impairments (hacking, spam etc.) - we block services directly and without prior consultation with you. Of course, you will still receive a notification in this case. 13 | * If the problem affects our servers or other users noticeably, we give you 12 hours before we intervene. 14 | * If the problem is less serious, we ask you to contact us within 24 hours. 15 | * There is the category of cosmetic bugs that still need to be fixed. In this case we give you 72 hours before we take action. 16 | * In the case of problems that come to our attention but do not affect the operation of the server, we will only inform you. 17 | * Services that don't work and we notice will be deactivated and you will be notified. 18 | -------------------------------------------------------------------------------- /source/web-domains.rst: -------------------------------------------------------------------------------- 1 | ####### 2 | Domains 3 | ####### 4 | 5 | Every Uberspace account gets its own domain in the form of ``$USER.uber.space``. You can setup as many additional domains as you like. 6 | 7 | .. include:: includes/domain-register.txt 8 | 9 | Setup 10 | ===== 11 | 12 | In order to use your own domain for web with your Uberspace, you need to first set it up using our ``uberspace`` tool. You can only add fully qualified domain names (`FQDNs `_), wildcard domains are not available, because let's 13 | encrypt does not support wildcard domains in conjunction with HTTP validation. 14 | 15 | .. code-block:: console 16 | 17 | [isabell@stardust ~]$ uberspace web domain add isabell.example 18 | The webserver's configuration has been adapted. 19 | Now you can use the following records for your DNS: 20 | A -> 185.26.156.55 21 | AAAA -> 2a00:d0c0:200:0:b9:1a:9c:37 22 | 23 | .. include:: includes/domain-idn.txt 24 | 25 | Once you've set up your domain using the ``uberspace`` tool, the tool provides you with the ``A`` and ``AAAA`` records that need to be configured in your registrar's nameserver. 26 | 27 | .. include:: includes/domain-dns.txt 28 | 29 | To start publishing content on your new domain, upload it to ``/var/www/virtual/isabell/html`` or ``/home/isabell/html``. By default, all domains 30 | share the same :doc:`docroot `. Please refer to :doc:`docroot ` for instructions on how to use serve different content under a given domain. 31 | 32 | Subdomains 33 | ========== 34 | 35 | Any subdomain that you wish to use needs to be added individually. So in order to also use ``www.isabell.example``, you need to run ``uberspace web domain add www.isabell.example`` as well. You can also add subdomains for your ``isabell.uber.space`` domain. 36 | 37 | Because we check on each host if a domain is already under control of another user of that host, you might encounter an error if you try to add a subdomain with another user than the one you used to configure the same main domain: 38 | 39 | .. code-block:: console 40 | 41 | [isabell@stardust ~]$ uberspace web domain add example.com 42 | [..] 43 | [isabell2@stardust ~]$ uberspace web domain add sub.example.com 44 | Can't add domain to the configuration. It is a subdomain of a domain already configured for another Uberspace account. 45 | 46 | Then you can just add the subdomain *first* on the one user and *then* the main domain on the other user. 47 | 48 | .. note:: 49 | We very much encourage you to use separate Uberspace accounts for separate projects or apps and so for subdomains. And you shouldn't usually run into this problem because in most cases you won't end up with different users on the same host. 50 | 51 | Note that you will also encounter this error if the main domain is configured as a mail domain (and not as web domain) on another Uberspace account. 52 | 53 | Removal 54 | ======= 55 | 56 | To remove a domain, use the ``uberspace`` tool: 57 | 58 | .. code-block:: console 59 | 60 | [isabell@stardust ~]$ uberspace web domain del isabell.example 61 | The server's configuration has been adapted. 62 | 63 | Listing 64 | ======= 65 | 66 | If you want to find out which domains are currently set up for the web server on your Uberspace account, use the ``uberspace`` command: 67 | 68 | .. code-block:: console 69 | 70 | [isabell@stardust ~]$ uberspace web domain list 71 | isabell.example 72 | isabell.uber.space 73 | 74 | This will list all domains and sub-domains currently set up for this account, including the default ``$USER.uber.space``. 75 | 76 | .. include:: includes/domain-providers.txt 77 | 78 | -------------------------------------------------------------------------------- /source/web-errorpage.rst: -------------------------------------------------------------------------------- 1 | ############# 2 | web errorpage 3 | ############# 4 | 5 | By default, we replace all HTTP 500 responses with an error page telling you and your users what to do in this case. This behavior also helps to keep your site secure, in case the backend application is configured to leak stacktraces or other confidential information on the error page. 6 | 7 | To show the original error page as generated by your application or our web server, take a look at the following commands. This may be helpful to gather addition information while debugging. It can also be used to show a prettier error page matching your design. 8 | 9 | .. code-block:: console 10 | 11 | [isabell@stardust ~]$ uberspace web errorpage 500 disable 12 | Error page for HTTP 500 is disabled. 13 | 14 | To re-enable our error page again, execute: 15 | 16 | .. code-block:: console 17 | 18 | [isabell@stardust ~]$ uberspace web errorpage 500 enable 19 | Error page for HTTP 500 is enabled. 20 | 21 | To check the current configuration, execute: 22 | 23 | .. code-block:: console 24 | 25 | [isabell@stardust ~]$ uberspace web errorpage 500 status 26 | Error page for HTTP 500 is enabled. 27 | -------------------------------------------------------------------------------- /source/web-https.rst: -------------------------------------------------------------------------------- 1 | ##### 2 | HTTPS 3 | ##### 4 | 5 | Every Uberspace comes with its own enforced HTTPS certificate. Your 6 | :doc:`external domains ` as well as the ``.uber.space`` default 7 | domains, are automatically provided with a free certificate from 8 | `Let's Encrypt `_. In combination with our default 9 | :doc:`security headers `, this ensures that you and your 10 | users always use a secure connection to prevent eavesdropping and injection of 11 | unwanted content. 12 | 13 | 14 | Let's encrypt 15 | ============= 16 | 17 | We use `lua-resty-auto-ssl `_ to issue Let's Encrypt certificates for every external domain that is :doc:`connected to a Uberspace `. This happens automagically when a domain (``Host`` header) is first seen by our webserver. For privacy reasons every domain gets its own certificate. We also handle the renewal, certificates will be renewed if they expire in less than 30 days. 18 | 19 | Certificate Access 20 | ------------------ 21 | 22 | Once a certificate has been generated, you can find all relevant files in ``~/etc/certificates``. 23 | This includes your certificate chain - ``.crt`` - as well as the private 24 | key - ``.key``. If you do not make use of our webserver, you can copy 25 | or directly use these files in your application. If you use PHP, static files or 26 | :doc:`web backends `, we handle HTTPS for you and there is no need 27 | to do anything. 28 | 29 | .. warning:: 30 | 31 | Certificates issued by let's encrypt have a short life of 90 days. We renew 32 | certificates when they are 60 days old. In practice, the provided files will 33 | change every 1-2 months. 34 | 35 | Make sure to either restart your service once a month, or watch the files for 36 | changes and restart accordingly. Otherwise your service will use an 37 | outdated, invalid certificate. 38 | -------------------------------------------------------------------------------- /source/web-security-headers.rst: -------------------------------------------------------------------------------- 1 | #################### 2 | Web Security Headers 3 | #################### 4 | 5 | A lot of modern web application security depends on HTTP headers. They enable 6 | you to restrict which kinds of content from which sources will be executed on 7 | your site. This can mitigate or even prevent a lot of popular client-side 8 | attacks, like Cross-Site-Scripting or downgrades to plaintext HTTP. 9 | 10 | Default headers 11 | =============== 12 | 13 | To provide a basic level of security, we set the following HTTP headers on all 14 | uberspaces for every domain: 15 | 16 | ``Referrer-Policy: strict-origin-when-cross-origin`` 17 | Prevents the browser from leaking GET parameters to linked sites via HTTPS or leaking the domain over unencrypted HTTP altogether. 18 | 19 | ``Strict-Transport-Security: max-age=31536000`` 20 | Enforce that the site may only be loaded via HTTPS for the next (non-leap) year. 21 | 22 | ``X-Content-Type-Options: nosniff`` 23 | Prevent some browsers from interpreting JavaScript in non-js MIME types. 24 | 25 | ``X-Xss-Protection: 1; mode=block`` 26 | Tell the browser to protect against cross-site scripting. 27 | 28 | ``X-Frame-Options: SAMEORIGIN`` 29 | Prevents the site from being used as a frame from another domain, i.e. to block other sites from calling actions on your site (i.e. deleting a profile). 30 | 31 | 32 | .. note:: 33 | 34 | Changing the above values is possible using :doc:`web headers `. 35 | -------------------------------------------------------------------------------- /workspace.code-workspace: -------------------------------------------------------------------------------- 1 | { 2 | "folders": [ 3 | { 4 | "path": "." 5 | } 6 | ], 7 | "settings": {} 8 | } --------------------------------------------------------------------------------