├── runtime.txt ├── source ├── changelog_feeds │ └── .gitkeep ├── changelog │ ├── 2017-01-20_7.0.1.rst │ ├── 2019-12-19_7.3.10.rst │ ├── 2018-05-22_7.1.6.rst │ ├── 2020-01-30_7.3.13.rst │ ├── 2019-07-22_7.3.4.1.rst │ ├── 2017-11-18_7.0.18.rst │ ├── 2018-08-14_7.1.11.rst │ ├── 2020-03-18_7.4.4.rst │ ├── 2020-03-11_7.4.3.rst │ ├── 2017-11-17_7.0.17.rst │ ├── 2018-06-06_7.1.9.rst │ ├── 2017-03-16_7.0.4.rst │ ├── 2017-03-03_7.0.3.rst │ ├── 2018-01-25_7.0.27.rst │ ├── 2018-02-02_7.0.29.rst │ ├── 2020-06-08_7.7.1.rst │ ├── 2017-02-10_7.0.2.rst │ ├── 2018-08-20_7.1.12.rst │ ├── 2019-02-01_7.2.rst │ ├── 2019-06-26_7.3.2.1.rst │ ├── 2018-10-15_7.1.15.rst │ ├── 2019-06-03_7.3.0.rst │ ├── 2018-01-03_7.0.23.rst │ ├── 2019-07-31_7.3.4.2.rst │ ├── 2018-05-28_7.1.7.rst │ ├── 2019-03-06_7.2.4.rst │ ├── 2019-11-13_7.3.8.1.rst │ ├── 2019-03-25_7.2.7.rst │ ├── 2018-04-09_7.1.2.rst │ ├── 2019-03-18_7.2.5.rst │ ├── 2018-05-15_7.1.5.rst │ ├── 2019-04-02_7.2.8.rst │ ├── 2020-03-03_7.4.2.rst │ ├── 2019-09-04_7.3.6.rst │ ├── README │ ├── 2017-09-21_7.0.11.rst │ ├── 2017-11-14_7.0.15.rst │ ├── 2019-06-12_7.3.1.1.rst │ ├── 2018-11-21_7.1.17.rst │ ├── 2018-02-21_7.0.33.rst │ ├── 2018-04-13_7.1.3.rst │ ├── 2018-11-07_7.1.16.rst │ ├── 2019-06-25_7.3.2.rst │ ├── 2019-10-29_7.3.6.2.rst │ ├── 2019-11-04_7.3.7.rst │ ├── 2020-05-12_7.6.1.2.rst │ ├── 2018-12-13_7.1.19.rst │ ├── 2020-02-03_7.4.rst │ ├── 2017-08-17_7.0.10.rst │ ├── 2018-06-01_7.1.8.rst │ ├── 2017-11-17_7.0.16.rst │ ├── 2018-03-19_7.1.1.rst │ ├── 2019-02-13_7.2.3.rst │ ├── 2020-01-22_7.3.11.rst │ ├── 2019-05-08_7.2.11.rst │ ├── 2020-03-25_7.5.rst │ ├── 2018-09-24_7.1.13.rst │ ├── 2017-04-03_7.0.5.rst │ ├── 2018-02-09_7.0.30.rst │ ├── 2018-01-22_7.0.25.rst │ ├── 2019-07-05_7.3.3.rst │ ├── 2019-04-08_7.2.9.rst │ ├── 2020-04-02_7.5.1.1.rst │ ├── 2018-10-11_7.1.14.rst │ ├── 2019-04-30_7.2.10.rst │ ├── 2018-01-31_7.0.28.rst │ ├── 2017-11-30_7.0.19.rst │ ├── 2020-04-08_7.5.1.2.rst │ ├── 2021-06-15_7.11.3.rst │ ├── 2017-10-05_7.0.13.rst │ ├── 2018-01-24_7.0.26.rst │ ├── 2019-01-23_7.2.2.rst │ ├── 2018-03-05_7.0.34.rst │ ├── 2020-02-18_7.4.1.rst │ ├── 2018-07-25_7.1.10.rst │ ├── 2017-12-19_7.0.21.rst │ ├── 2019-08-21_7.3.5.2.rst │ ├── 2020-10-14_7.7.9.rst │ ├── 2017-05-03_7.0.6.2.rst │ ├── 2017-04-25_7.0.6.rst │ ├── 2019-07-22_7.3.4.rst │ ├── 2020-05-25_7.6.2.rst │ ├── 2019-05-27_7.2.14.rst │ ├── 2017-10-10_7.0.14.rst │ ├── 2020-04-20_7.6.0.rst │ ├── 2017-12-08_7.0.20.rst │ ├── 2020-04-23_7.6.1.rst │ ├── 2018-03-09_7.1.rst │ ├── 2018-02-16_7.0.32.rst │ ├── 2017-12-20_7.0.22.rst │ ├── 2020-07-28_7.7.2.rst │ ├── 2020-05-07_7.6.1.1.rst │ ├── 2017-07-13_7.0.8.1.rst │ ├── 2020-03-31_7.5.1.rst │ ├── 2021-04-20_7.11.0.rst │ ├── 2017-08-02_7.0.9.rst │ ├── 2021-05-03_7.11.1.rst │ ├── 2020-08-17_7.7.4.rst │ ├── 2020-12-01_7.8.0.rst │ ├── 2020-09-07_7.7.6.rst │ ├── 2020-11-17_7.7.10.rst │ ├── 2018-01-16_7.0.24.rst │ ├── 2020-08-31_7.7.5.rst │ ├── 2020-06-03_7.7.0.rst │ ├── 2020-08-10_7.7.3.rst │ ├── 2021-01-25_7.9.0.rst │ ├── 2020-09-29_7.7.8.rst │ ├── 2020-12-22_7.8.1.rst │ ├── 2020-09-16_7.7.7.rst │ ├── 2017-10-03_7.0.12.rst │ ├── 2017-06-26_7.0.8.rst │ └── 2021-03-04_7.10.0.rst ├── _static │ ├── favicon.ico │ ├── images │ │ ├── open.png │ │ ├── logo_gcc.png │ │ ├── logo_php.png │ │ ├── logo_deno.png │ │ ├── logo_java.png │ │ ├── logo_perl.png │ │ ├── logo_ruby.png │ │ ├── logo_clojure.png │ │ ├── logo_dotnet.png │ │ ├── logo_erlang.png │ │ ├── logo_nodejs.png │ │ ├── logo_python.png │ │ ├── logo_rust.svg │ │ ├── logo_golang.svg │ │ ├── icn-rocket.svg │ │ └── apple_pay.svg │ └── css │ │ └── custom.css ├── includes │ ├── beta-feature.txt │ ├── htaccess-directoryindex.txt │ ├── web-backend.rst │ ├── domain-register.txt │ ├── sftp-warning.rst │ ├── hotfix-version.rst │ ├── domain-dns.txt │ ├── domain-providers.txt │ └── domain-idn.txt ├── _templates │ ├── layout.html │ ├── footer.html │ └── breadcrumbs.html ├── database-sqlite.rst ├── database-redis.rst ├── database-influxdb.rst ├── lang-clojure.rst ├── changelog_archive.rst ├── changelog.rst ├── firstday-nerds.rst ├── basics-sftp.rst ├── lang-deno.rst ├── basics-shell.rst ├── web-errorpage.rst ├── lang-perl.rst ├── firstday-newbies.rst ├── lang-golang.rst ├── lang-java.rst ├── lang-gcc.rst ├── web-security-headers.rst ├── policy.rst ├── database-couchdb.rst ├── lang-rust.rst ├── basics-ports.rst ├── lang-dotnet.rst ├── web-https.rst ├── basics-resources.rst ├── mail-spam.rst ├── database-mongodb.rst ├── database-postgresql.rst ├── basics-home.rst ├── lang-erlang.rst ├── daemons-supervisord.rst ├── mail-forwarding.rst ├── mail-domains.rst ├── web-domains.rst ├── lang-ruby.rst ├── lang-nodejs.rst ├── web-documentroot.rst ├── lang-python.rst ├── index.rst ├── u6-namespaces.rst ├── mail-filters.rst ├── web-logs.rst ├── basics-backup.rst ├── mail-access.rst ├── mail-mailboxes.rst ├── web-tor.rst └── daemons-cron.rst ├── workspace.code-workspace ├── requirements.txt ├── .gitignore ├── CONTRIBUTING.md ├── Makefile ├── netlify.toml └── README.md /runtime.txt: -------------------------------------------------------------------------------- 1 | 3.8 2 | -------------------------------------------------------------------------------- /source/changelog_feeds/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /source/changelog/2017-01-20_7.0.1.rst: -------------------------------------------------------------------------------- 1 | Fixed 2 | ----- 3 | 4 | * Cleanup 5 | -------------------------------------------------------------------------------- /source/changelog/2019-12-19_7.3.10.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * PHP 7.4 5 | -------------------------------------------------------------------------------- /source/changelog/2018-05-22_7.1.6.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * we now provide joe. -------------------------------------------------------------------------------- /source/changelog/2020-01-30_7.3.13.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ------- 3 | * Dotnet Core 3.1 LTS 4 | -------------------------------------------------------------------------------- /source/changelog/2019-07-22_7.3.4.1.rst: -------------------------------------------------------------------------------- 1 | Internal changes with our deployment system only. 2 | -------------------------------------------------------------------------------- /source/changelog/2017-11-18_7.0.18.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * We now provide nodeJS 6, 8 and 9. 5 | -------------------------------------------------------------------------------- /source/changelog/2018-08-14_7.1.11.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * We now provide poppler and Node.js 10 -------------------------------------------------------------------------------- /source/_static/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fm/uberspace-manual/main/source/_static/favicon.ico -------------------------------------------------------------------------------- /source/changelog/2020-03-18_7.4.4.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * we now provide php-mongodb, nasm and gd-devel 4 | -------------------------------------------------------------------------------- /workspace.code-workspace: -------------------------------------------------------------------------------- 1 | { 2 | "folders": [ 3 | { 4 | "path": "." 5 | } 6 | ], 7 | "settings": {} 8 | } -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | Sphinx==1.7.* 2 | sphinx-rtd-theme==0.4.* 3 | sphinx-autobuild==0.7.* 4 | feedgen==0.9.0 5 | pytz 6 | -------------------------------------------------------------------------------- /source/_static/images/open.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fm/uberspace-manual/main/source/_static/images/open.png -------------------------------------------------------------------------------- /source/changelog/2020-03-11_7.4.3.rst: -------------------------------------------------------------------------------- 1 | Changed 2 | ------- 3 | * set AllowEncodedSlashes NoDecode in Apache config 4 | -------------------------------------------------------------------------------- /source/_static/images/logo_gcc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fm/uberspace-manual/main/source/_static/images/logo_gcc.png -------------------------------------------------------------------------------- /source/_static/images/logo_php.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fm/uberspace-manual/main/source/_static/images/logo_php.png -------------------------------------------------------------------------------- /source/_static/images/logo_deno.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fm/uberspace-manual/main/source/_static/images/logo_deno.png -------------------------------------------------------------------------------- /source/_static/images/logo_java.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fm/uberspace-manual/main/source/_static/images/logo_java.png -------------------------------------------------------------------------------- /source/_static/images/logo_perl.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fm/uberspace-manual/main/source/_static/images/logo_perl.png -------------------------------------------------------------------------------- /source/_static/images/logo_ruby.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fm/uberspace-manual/main/source/_static/images/logo_ruby.png -------------------------------------------------------------------------------- /source/changelog/2017-11-17_7.0.17.rst: -------------------------------------------------------------------------------- 1 | Fixed 2 | ----- 3 | 4 | * ``git`` commands from non ``git-core`` now work as well. 5 | -------------------------------------------------------------------------------- /source/changelog/2018-06-06_7.1.9.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * We now provide gdbm-devel 5 | * We now provide libcurl-devel -------------------------------------------------------------------------------- /source/_static/images/logo_clojure.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fm/uberspace-manual/main/source/_static/images/logo_clojure.png -------------------------------------------------------------------------------- /source/_static/images/logo_dotnet.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fm/uberspace-manual/main/source/_static/images/logo_dotnet.png -------------------------------------------------------------------------------- /source/_static/images/logo_erlang.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fm/uberspace-manual/main/source/_static/images/logo_erlang.png -------------------------------------------------------------------------------- /source/_static/images/logo_nodejs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fm/uberspace-manual/main/source/_static/images/logo_nodejs.png -------------------------------------------------------------------------------- /source/_static/images/logo_python.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fm/uberspace-manual/main/source/_static/images/logo_python.png -------------------------------------------------------------------------------- /source/changelog/2017-03-16_7.0.4.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * relay mail via SMTP 5 | * provide symlink ``~/html`` for convenience 6 | -------------------------------------------------------------------------------- /source/changelog/2017-03-03_7.0.3.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * PHP 7.1 5 | 6 | Changed 7 | ------- 8 | 9 | * make PHP 7.1 standard 10 | -------------------------------------------------------------------------------- /source/changelog/2018-01-25_7.0.27.rst: -------------------------------------------------------------------------------- 1 | Fixed 2 | ----- 3 | 4 | * Supervisord is now restated after 10 seconds in case it is killed or crashes. 5 | -------------------------------------------------------------------------------- /source/changelog/2018-02-02_7.0.29.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * In addition to the end-user sqlite we now also provide the matching development headers. 5 | -------------------------------------------------------------------------------- /source/changelog/2020-06-08_7.7.1.rst: -------------------------------------------------------------------------------- 1 | Fixed 2 | ----- 3 | * A case where a **web backend** with the option ``--remove-prefix`` ends up 4 | doing nothing. 5 | -------------------------------------------------------------------------------- /source/changelog/2017-02-10_7.0.2.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * own domains with mailserver via ``uberspace-add-domain -m`` 5 | * access mail via IMAP and POP3 6 | -------------------------------------------------------------------------------- /source/changelog/2018-08-20_7.1.12.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * We now provide lame-devel, libmad-devel, libogg-devel, libsamplerate-devel, libvorbis-devel and taglib-devel -------------------------------------------------------------------------------- /source/changelog/2019-02-01_7.2.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * web backends 5 | 6 | Changed 7 | ------- 8 | 9 | * every account now has its own isolated network stack 10 | -------------------------------------------------------------------------------- /source/changelog/2019-06-26_7.3.2.1.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * add support for TLS 1.3 5 | 6 | Fixed 7 | ----- 8 | 9 | * regular expresion for user log rotation 10 | -------------------------------------------------------------------------------- /source/changelog/2018-10-15_7.1.15.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * We now provide the php ldap module 5 | 6 | Changed 7 | ------- 8 | 9 | * We updated MariaDB to version 10.3 10 | -------------------------------------------------------------------------------- /source/changelog/2019-06-03_7.3.0.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * allow users to open a port in the firewall 5 | 6 | 7 | Changed 8 | ------- 9 | 10 | * add ~/go/bin to $PATH 11 | -------------------------------------------------------------------------------- /source/changelog/2018-01-03_7.0.23.rst: -------------------------------------------------------------------------------- 1 | Fixed 2 | ----- 3 | 4 | * Under rare conditions some users did not get a let’s encrypt certificate for a small percentage of their requests. This has been corrected. 5 | -------------------------------------------------------------------------------- /source/changelog/2019-07-31_7.3.4.2.rst: -------------------------------------------------------------------------------- 1 | Fixed 2 | ----- 3 | 4 | - On some hosts, we were unable to create new accounts. This is now fixed. There was no user impact, as the affected accounts were relocated. 5 | -------------------------------------------------------------------------------- /source/changelog/2018-05-28_7.1.7.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * We now provide PHP-GNUPG 🔐 5 | 6 | Changed 7 | ------- 8 | 9 | * Reject mails to invalid recipients on valid domains early, instead of bouncing them. -------------------------------------------------------------------------------- /source/changelog/2019-03-06_7.2.4.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * We now provide Xvfb and readline-devel 4 | 5 | Changed 6 | ------- 7 | * lower OOM-Killer score for our own services like MariaDB to prevent restarts 8 | -------------------------------------------------------------------------------- /source/changelog/2019-11-13_7.3.8.1.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * city-fan repo for fresh curl and libssl versions 4 | 5 | Changed 6 | ------- 7 | * set PHP default version to 7.2 8 | * update curl to version 7.67 9 | -------------------------------------------------------------------------------- /source/changelog/2019-03-25_7.2.7.rst: -------------------------------------------------------------------------------- 1 | Fixed 2 | ----- 3 | 4 | * reworked network namespaces to save *lots of* RAM 5 | * one character usernames crashed signup process 6 | * healtcheck tests bailed over deleted users 7 | -------------------------------------------------------------------------------- /source/includes/beta-feature.txt: -------------------------------------------------------------------------------- 1 | .. warning:: 2 | 3 | This feature is quite new and still in beta. If something doesn't work the 4 | first time you try it, please allow for some additional time for us to fix it. 5 | -------------------------------------------------------------------------------- /source/changelog/2018-04-09_7.1.2.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * We now install composer to help you manage your PHP dependencies 5 | * We now install WP-CLI to manage Wordpress installations. 6 | * We now provide libpng-dev 7 | 8 | -------------------------------------------------------------------------------- /source/changelog/2019-03-18_7.2.5.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * we now provide elixir 4 | 5 | Changed 6 | ------- 7 | * `uberspace tools restart php` now also restarts the socket in case PHP hangs and can't be restarted by users. 8 | -------------------------------------------------------------------------------- /source/includes/htaccess-directoryindex.txt: -------------------------------------------------------------------------------- 1 | .. note:: 2 | 3 | Apache 2.4 will add the DirectoryIndex (index.html) to all requests without a folder or file name. To avoid this, add ``DirectoryIndex disabled`` to your .htaccess 4 | -------------------------------------------------------------------------------- /source/changelog/2018-05-15_7.1.5.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * We now provide fetchmail for your mail fetching pleasure. 5 | * We now provide goaccess. 6 | 7 | Fixed 8 | ----- 9 | 10 | * Mailbox names now can start with a number. -------------------------------------------------------------------------------- /source/changelog/2019-04-02_7.2.8.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * We now provide libidn-devel, clojure and moreutils 4 | 5 | Fixed 6 | ----- 7 | 8 | * Lots of behind the scenes work for network namespaces (fixed login failures for example) 9 | -------------------------------------------------------------------------------- /source/changelog/2020-03-03_7.4.2.rst: -------------------------------------------------------------------------------- 1 | Changed 2 | ------- 3 | * ban short/bad passwords for mailboxes 4 | 5 | Fixed 6 | ----- 7 | * spam folder filter now works with forwarded catchall 8 | * we now accept mails on IDN domains without Punycode 9 | -------------------------------------------------------------------------------- /source/changelog/2019-09-04_7.3.6.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * we now provide php-devel for all PHP versions 4 | * install colordiff 5 | 6 | Fixed 7 | ----- 8 | * fix account deletion for users with databases with special characters in their names 9 | -------------------------------------------------------------------------------- /source/changelog/README: -------------------------------------------------------------------------------- 1 | Each file in this directory becomes one changelog entry. The files must be in 2 | the format of `YYYY-MM-DD_VERSION.rst` (e.g. `2018-01-01_7.0.31.rst`). Each file 3 | contains rst-code, which is rendered to the documentation. 4 | -------------------------------------------------------------------------------- /source/changelog/2017-09-21_7.0.11.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * ``$user.uber.space``-domains in addition to ``$user.server.uberspace.de``-domains. 5 | 6 | Changed 7 | ------- 8 | 9 | * Webserver logs are now stored in ``~/logs/webserver`` 10 | -------------------------------------------------------------------------------- /source/changelog/2017-11-14_7.0.15.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * Error logging for ``.htaccess`` files can be enabled now. 5 | 6 | 7 | Fixed 8 | ----- 9 | 10 | * The ``uberspace`` command now always uses the python provided by the system. 11 | -------------------------------------------------------------------------------- /source/changelog/2019-06-12_7.3.1.1.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * give users access to let's encrypt certificates 5 | 6 | 7 | Fixed 8 | ----- 9 | 10 | * newest PHP 7.3 segfaults when opcache is enabled, we downgraded to a working version for now 11 | -------------------------------------------------------------------------------- /source/changelog/2018-11-21_7.1.17.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * We now provide `at` and `wkhtmltopdf` 4 | 5 | Changed 6 | ------- 7 | * Undeliverable outgoing E-Mails now bounce after 1 day, instead of 10. 8 | 9 | Fixed 10 | ----- 11 | * Removed SQL backups from quota. 12 | -------------------------------------------------------------------------------- /source/_templates/layout.html: -------------------------------------------------------------------------------- 1 | {% extends "!layout.html" %} 2 | 3 | {% block footer %} 4 | {{ super() }} 5 | {% endblock %} 6 | 7 | {% block extrahead %} 8 | 9 | {% endblock %} 10 | -------------------------------------------------------------------------------- /source/changelog/2018-02-21_7.0.33.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * Say hi to our new central webmail interface https://webmail.uberspace.de 5 | 6 | Changed 7 | ------- 8 | 9 | * PHP, nodejs and other languages can now be used in cronjobs, regardless of the exact PATH set there. 10 | -------------------------------------------------------------------------------- /source/changelog/2018-04-13_7.1.3.rst: -------------------------------------------------------------------------------- 1 | Fixed 2 | ----- 3 | 4 | * We fixed a security issue allowing users to read the list of all mail domains setup on their host. 5 | * Bash completion scripts in /etc/bash_completion.d/ are now sourced for login shells. This includes wp and composer commands. -------------------------------------------------------------------------------- /source/changelog/2018-11-07_7.1.16.rst: -------------------------------------------------------------------------------- 1 | Added: 2 | ------ 3 | 4 | * We now allow users to set variables in their SSH session environment 5 | 6 | Changed: 7 | -------- 8 | 9 | * The `/mysql_backup/{current,old}` directories are now user readable. Also backups now include the UNIX time in their timestamp. -------------------------------------------------------------------------------- /source/includes/web-backend.rst: -------------------------------------------------------------------------------- 1 | In order to make your application accessable from the outside, you need to 2 | connect it to the webserver, using a :ref:`web backend `. Please note 3 | that your application must listen on the IP ``0.0.0.0``. You can choose any port 4 | between 1024 and 65535. 5 | -------------------------------------------------------------------------------- /source/changelog/2019-06-25_7.3.2.rst: -------------------------------------------------------------------------------- 1 | Changed 2 | ------- 3 | * avoid non-ASCII characters in uberspace command 4 | 5 | Fixed 6 | ----- 7 | * certificates for .uber.space domains are not present 8 | * very long domains crash nginx 9 | * disabling PHP error log also deletes backup copy of the log 10 | -------------------------------------------------------------------------------- /source/changelog/2019-10-29_7.3.6.2.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * we now provide GeoIP-devel and aspell 4 | 5 | Changed 6 | ------- 7 | * enlarge proxy_buffer_size to send a bigger amount of http headers 8 | * set http_max_upload_size_mb to 2048mb fof bigger uploads 9 | * update sqlite to version 3.28 10 | -------------------------------------------------------------------------------- /source/changelog/2019-11-04_7.3.7.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * NodeJS 12 and 13 4 | * Erlang/OTP 20, 21 and 22 5 | * We now provide gnutls-utils 6 | 7 | Changed 8 | ------- 9 | * set NodeJS default version to 12 10 | 11 | Fixed 12 | ----- 13 | * Users can add illegal domains using capital letters 14 | -------------------------------------------------------------------------------- /source/changelog/2020-05-12_7.6.1.2.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * Better support for web assembly files: set MIME type ``application/wasm`` 4 | for ``.wasm``, ``.wasm.gz``, ``.wat``, ``.wat.gz`` and enable *gzip* 5 | compression. 6 | 7 | Updated 8 | ------- 9 | * Updated *Haraka* to ``2.8.25``. 10 | -------------------------------------------------------------------------------- /source/changelog/2018-12-13_7.1.19.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * .NET Core is now available in Version 2.2 5 | 6 | Fixed 7 | ----- 8 | 9 | * An internal API key was readable to local users. We fixed the permissions, reset the keys on all hosts and made sure that future hosts are setup correctly. 10 | -------------------------------------------------------------------------------- /source/changelog/2020-02-03_7.4.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * php-pecl-redis5 4 | * spam folder for user mailboxes 5 | * texlive-latex and texlive-dvips 6 | 7 | Changed 8 | ------- 9 | * enable rspamd autolearning 10 | * mail domains MX check: add fallback to SOA records in case a domain does not have NS records 11 | -------------------------------------------------------------------------------- /source/changelog/2017-08-17_7.0.10.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * We now have a webmail interface. 5 | * Users are now able to provide their own ``php.ini`` files that are loaded in addition to the stock config. 6 | * Incoming mails are filtered with the ``ix.dnsbl.manitu.net`` and ``bl.spamcop.net`` blacklists to reduce SPAM. 7 | -------------------------------------------------------------------------------- /source/includes/domain-register.txt: -------------------------------------------------------------------------------- 1 | .. tip:: 2 | 3 | Uberspace is strictly a hosting provider, which is why we don't offer domain registrations. You can, of course, use any domain that you registered with an external domain provider with your Uberspace account. At the end of this article is a list of some popular domain providers. 4 | -------------------------------------------------------------------------------- /source/database-sqlite.rst: -------------------------------------------------------------------------------- 1 | .. _sqlite: 2 | 3 | ###### 4 | SQLite 5 | ###### 6 | 7 | SQLite is an open-source, file based relational database. We provide binaries, so you can use it without installing anything. 8 | 9 | Versions 10 | ======== 11 | 12 | We provide the newest release and apply security updates on a regular basis. 13 | -------------------------------------------------------------------------------- /source/includes/sftp-warning.rst: -------------------------------------------------------------------------------- 1 | .. warning:: Some SFTP clients offer rudimentary “shells” to run commands on the server via SSH. While this may work for some non-interactive commands, it can cause problems when using interactive tools and other commands. We generally recommend to use a full-featured :ref:`ssh` client to run commands on the server. 2 | -------------------------------------------------------------------------------- /source/changelog/2018-06-01_7.1.8.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * We now provide the glances monitoring tool. 5 | * We now provide PHP-PEAR. 6 | * We now provide jq. 7 | 8 | Changed 9 | ------- 10 | 11 | * The path to binaries from PHP composer packages, which are globally installed by users, is now included in the `PATH` environment variable. 12 | -------------------------------------------------------------------------------- /source/changelog/2017-11-17_7.0.16.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * We now provide PHP 7.2 Release Candidates. 5 | 6 | Fixed 7 | ----- 8 | 9 | * New `Let's Encrypt license `_ lead to a few cases, where the automatic certificate retrieval did not work. We now accept the latest license. 10 | -------------------------------------------------------------------------------- /source/changelog/2018-03-19_7.1.1.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * To support users with file transfer related things, we now install lftp and ncftp by default. 5 | 6 | Changed 7 | ------- 8 | 9 | * dmesg output is now hidden for normal users, as it was on U6. 10 | 11 | Fixed 12 | ----- 13 | 14 | * uberspace mail filter status is now working as documented -------------------------------------------------------------------------------- /source/changelog/2019-02-13_7.2.3.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * PHP 7.3 4 | 5 | Changed 6 | ------- 7 | * deprecated PHP 5.6 & PHP 7.0, migrated all users to 7.1 8 | 9 | Fixed 10 | ----- 11 | * lots of internal stuff: fixed not rebooting systems (waiting for ...), fixed not booting systems (logind stuck), fixed stuck supervisord instances, fixed all the things! 12 | -------------------------------------------------------------------------------- /source/changelog/2020-01-22_7.3.11.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * fcgi-devel 4 | * ``restrictdocroot.so`` to PHP 7.4 5 | 6 | Changed 7 | ------- 8 | * raise max_allowed_packet in MariaDB from 16M to 64M 9 | 10 | Fixed 11 | ----- 12 | * Cloudflare can now access the ``.well-known`` folder via port 443 13 | * ``REMOTE_ADDR`` is now ``NN.NN.NN.NN`` in case of IPv4 14 | -------------------------------------------------------------------------------- /source/includes/hotfix-version.rst: -------------------------------------------------------------------------------- 1 | .. note:: 2 | 3 | *Sometimes the version shown on your host may be higher than the newest 4 | version here.* In this case we might have applied additional fixes shortly 5 | after a release or did internal changes without user impact. We deem 6 | updates like these **hotfixes** and they are not necessarily included in 7 | this changelog. 8 | -------------------------------------------------------------------------------- /source/changelog/2019-05-08_7.2.11.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * We now provide boost-devel 4 | 5 | Changed 6 | ------- 7 | 8 | * TLSv1.0/v1.1 is now disabled in webserver 9 | * rotate user webserver logs, enable users to delete them 10 | * We removed Ruby 2.3 11 | 12 | Fixed 13 | ----- 14 | * login was slow when initial netns was created by cron 15 | * wrong MariaDB timezone 16 | -------------------------------------------------------------------------------- /source/changelog/2020-03-25_7.5.rst: -------------------------------------------------------------------------------- 1 | Changed 2 | ------- 3 | * Added a link to our status page is.uberspace.online to the *motd*. 4 | 5 | Fixed 6 | ----- 7 | * Prevented Ansible from automatic type-casting variables (which could lead to 8 | errors with ``uberspace`` commands for certain edge cases). 9 | * We now show an error message, if you try to remove a non existent web backend. 10 | -------------------------------------------------------------------------------- /source/changelog/2018-09-24_7.1.13.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * Poppler, a PDF rendering library. 5 | * luarocks, a package manager for the Lua programming language. 6 | * We provide mb2md so you can easily convert mbox files to Maildirs. 7 | * Update .net to 2.1 8 | * 🐟 We now provide the fish shell 9 | * New packages: lua-devel, tcl-devel, gnuplot, e2fsprogs-devel, expat-devel, jpegoptim, optipng -------------------------------------------------------------------------------- /source/changelog/2017-04-03_7.0.5.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * provide ``libunwind``, ``libicu``, ``screen``, ``ncdu`` 5 | * provide PHP modules: ``pecl-zip``, ``pecl-apcu``, ``mcrypt``, ``mbstring``, ``intl``, ``xml``, ``json``, ``tidy``, ``gd``, ``mysqlnd``, ``pgsql``, ``imap`` 6 | 7 | Fixed 8 | ----- 9 | 10 | * ``uberspace-add-domain -v`` leaked all user names and corresponding domains. 11 | -------------------------------------------------------------------------------- /source/changelog/2018-02-09_7.0.30.rst: -------------------------------------------------------------------------------- 1 | Changed 2 | ------- 3 | 4 | * If a domain is accepted by nginx, we now always provide a let's encrypt certificate for it trough auto-ssl. We hope this will prevent the case, where sometimes a correctly added domain won't get a certificate. 5 | * As promised in 7.0.24 the nginx config generation now happens way faster, resulting in quicker reboots und easier debugging. 6 | -------------------------------------------------------------------------------- /source/changelog/2018-01-22_7.0.25.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * We now provide ImageMagick commands like “convert” on the command line. 5 | * We now provide :ref:`Ruby ` in user selectable versions: 2.3, 2.4 and 2.5. 6 | 7 | Fixed 8 | ----- 9 | 10 | * The :ref:`PHP-FPM ` and :ref:`supervisor ` user services now run under their user's :ref:`ressource restrictions `. 11 | -------------------------------------------------------------------------------- /source/changelog/2019-07-05_7.3.3.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * we now provide neovim and clang 4 | * enable HTTP/2 server push 5 | 6 | Changed 7 | ------- 8 | * add prime256v1 for nodejs, nodejs 8 doesn't support secp384r1 yet, as do some others 9 | * disable RSPAMD_EMAILBL check 10 | 11 | Fixed 12 | ----- 13 | * replace logrotate for user logs with custom script because logrotate doesn't do what it should 14 | -------------------------------------------------------------------------------- /source/changelog/2019-04-08_7.2.9.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * introduce "deprecated" flag for tool versions 4 | 5 | Changed 6 | ------- 7 | * Deprecate Ruby 2.3 8 | * gather only minimal facts for uberspace commands to boost performance 9 | * enforce SQL passwords for users 10 | 11 | Fixed 12 | ----- 13 | * We switched to restrictdocroot.so in our PHP-FPM setup because open_basedir slows apps down considerably 14 | -------------------------------------------------------------------------------- /source/changelog/2020-04-02_7.5.1.1.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * Two new VMs: ``bernardi.uberspace.de`` and ``hernmann.uberspace.de``. 4 | 5 | Changed 6 | ------- 7 | * After increasing the max value for **PHP-FPM** workers to 50 (up from 10) in 8 | ``v7.5.1``, we now tuned it down to 20. 9 | * For *MariDB* we increased ``max_connections`` (to 2000, was 400) and 10 | ``max_user_connections`` (to 100, was 20). 11 | -------------------------------------------------------------------------------- /source/database-redis.rst: -------------------------------------------------------------------------------- 1 | .. _redis: 2 | 3 | ##### 4 | redis 5 | ##### 6 | 7 | redis is an open source, high performance key-value database system. We provide binaries ready to start your own instance. 8 | 9 | Refer to the `UberLab guide `_ for details. 10 | 11 | Versions 12 | ======== 13 | 14 | We provide the newest release and apply security updates on a regular basis. 15 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # macOS 2 | .DS_Store 3 | .Thumbs.db 4 | 5 | # virtualenv 6 | venv 7 | 8 | # pyenv 9 | .python-version 10 | 11 | # Installer logs 12 | pip-log.txt 13 | pip-delete-this-directory.txt 14 | 15 | # ansible 16 | *.retry 17 | 18 | # Sphinx 19 | build 20 | _build 21 | 22 | # ignore generated changelog feeds 23 | source/changelog_feeds/* 24 | !source/changelog_feeds/.gitkeep 25 | 26 | # Visual Studio 27 | .vscode 28 | -------------------------------------------------------------------------------- /source/changelog/2018-10-11_7.1.14.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * We now provide cairo-devel and darcs 5 | * :ref:`MariaDB SQL backups ` are now accessible by users 6 | 7 | Changed 8 | ------- 9 | 10 | * We limit outgoing mails via SMTP to 500 per hour 11 | * We lowered the max age for files in /tmp from 10 days to 1 day 12 | * We no longer accept sub domains from other users for ``uberspace domain add`` -------------------------------------------------------------------------------- /source/changelog/2019-04-30_7.2.10.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * Ruby 2.6 4 | * We now allow *..uber.space-subdomains in webserver 5 | 6 | Changed 7 | ------- 8 | * changed oom score of SSH so users can login even when there is no memory left 9 | * deprecate NodeJS 6 10 | 11 | Fixed 12 | ----- 13 | * websockets in .net projects now actually work 14 | * large uploads work again, we changed mod_requestTimeout from 20 to 900 15 | -------------------------------------------------------------------------------- /source/database-influxdb.rst: -------------------------------------------------------------------------------- 1 | .. _influxdb: 2 | 3 | ######## 4 | InfluxDB 5 | ######## 6 | 7 | InfluxDB is an open-source time series database. We provide binaries ready to start your own instance. 8 | 9 | Refer to the `UberLab guide `_ for details. 10 | 11 | 12 | Versions 13 | ======== 14 | 15 | We provide the newest release and apply security updates on a regular basis. 16 | -------------------------------------------------------------------------------- /source/changelog/2018-01-31_7.0.28.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * Not all apps need MySQL, so we also provide sqlite development headers for your smaller database needs. 5 | * we new provide getmail, mutt and gnutls-devel so you can get your mail, check your mail and compile crypto applications, 6 | 7 | Changed 8 | ------- 9 | 10 | * ``Uberspace mail domain add`` now emphasizes on the fact that you need to use the MX value provided by us. 11 | -------------------------------------------------------------------------------- /source/changelog/2017-11-30_7.0.19.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * We now provide the ImageMagick and GraphicsMagick library 5 | * We now provide the `imagick` pecl module in all PHP versions 6 | * We now provide PHP 7.2 7 | * Due to high demand pseudo DocumentRoots are back again 8 | * ``~/bin`` directory 9 | 10 | Changed 11 | ------- 12 | 13 | * ``PHP_INI_SCAN_DIR`` now includes files from ``/home/{USER}/etc/php.d`` first to support ioncube 14 | -------------------------------------------------------------------------------- /source/changelog/2020-04-08_7.5.1.2.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * Some development packages: ``irssi-devel``, ``jq-devel``, ``libyaml-devel``, 4 | ``poppler-devel`` and ``wkhtmltopdf-devel``. 5 | 6 | Changed 7 | ------- 8 | * We decreased ``process_idle_timeout`` for **PHP-FPM** workers to 180 seconds 9 | (down from 900). This reduces the time a spawned child has to be idle before 10 | it will be killed (to accomodate for the increase in allowed childs). 11 | -------------------------------------------------------------------------------- /source/changelog/2021-06-15_7.11.3.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | - Support for the `editheader` capability for *Sieve*. 5 | - PHP's `phpize` to the `$PATH`. 6 | 7 | Changed 8 | ------- 9 | 10 | - *Dovecot* now ignores a size mismatch between the mail file on disk and the 11 | size given in its filename. This should prevent errors, occurring when 12 | something changes the mail after it was delivered (e.g. writing an extra 13 | header to it, like *CRM114*). 14 | -------------------------------------------------------------------------------- /source/changelog/2017-10-05_7.0.13.rst: -------------------------------------------------------------------------------- 1 | Changed 2 | ------- 3 | 4 | * Webserver: Several users ran into ``429`` errors. We removed the connection limits for now and will look into that later. 5 | 6 | Fixed 7 | ----- 8 | 9 | * Apache and PHP: ``ProxyPassMatch`` directives are evaluated first, this brings several problems: for instance ``.htaccess`` files can't be evaluated anymore before the PHP scripts are run. Using ``FilesMatch`` and ``SetHandler`` solves the issue. 10 | -------------------------------------------------------------------------------- /source/changelog/2018-01-24_7.0.26.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * We now provide `phpMyAdmin `_ and `adminer `_. 5 | 6 | Changed 7 | ------- 8 | 9 | * The who/last/lastlog commands (and thus display of other user sessions) are now disabled. 10 | 11 | Fixed 12 | ----- 13 | 14 | * We now support the following special characters in mailbox names: dots (.), plus signs (+), hyphens (-) and underscores (_). 15 | -------------------------------------------------------------------------------- /source/changelog/2019-01-23_7.2.2.rst: -------------------------------------------------------------------------------- 1 | Changed 2 | ------- 3 | * deprecate Node 9, we set version 10 for all affected users 4 | * update to Ruby Bundler 2 5 | * limit user runtime directories to 25MB 6 | 7 | Fixed 8 | ----- 9 | * Fix PHP FPM open_basedir 10 | * increase the max values for semaphore parameters to prevent Apache outages 11 | * keep SQL dumps for 21 days as promised 12 | * a lot of cleanup and polish here and there (fix for MariaDB restarts, changed Supervisord PATH, ...) 13 | -------------------------------------------------------------------------------- /source/changelog/2018-03-05_7.0.34.rst: -------------------------------------------------------------------------------- 1 | Fixed 2 | ----- 3 | 4 | * Because of a configuration error php-fpm logs were recorded to a non-user-accessible default location, even when the user did not turn them on. This has been resolved and all logs have been deleted. 5 | 6 | Added 7 | ----- 8 | 9 | * Sometimes you want to assert ownership. We now provide the “whois”-tool, so you can do that. 10 | 11 | Changed 12 | ------- 13 | 14 | * We switched our MTA on port 25 to haraka, to enable spam filtering in the future. -------------------------------------------------------------------------------- /source/lang-clojure.rst: -------------------------------------------------------------------------------- 1 | .. _clojure: 2 | 3 | .. sidebar:: Logo 4 | 5 | .. image:: _static/images/logo_clojure.png 6 | :align: center 7 | 8 | ####### 9 | Clojure 10 | ####### 11 | 12 | Introduction 13 | ============ 14 | 15 | Clojure is a dynamic, and functional dialect of Lisp on the Java platform. 16 | 17 | Versions 18 | ======== 19 | 20 | We only provide the latest version and update it regularly. 21 | 22 | Connection to webserver 23 | ======================= 24 | 25 | .. include:: includes/web-backend.rst 26 | -------------------------------------------------------------------------------- /source/changelog/2020-02-18_7.4.1.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * :ref:`catchall` 4 | * implement uberspace command to :ref:`forward mails ` 5 | * provide texlive-dvipng, texlive-cm, texlive-pdfpages, texlive-graphics, texlive-iftex and socat 6 | 7 | Changed 8 | ------- 9 | * spam folder is enabled for new accounts 10 | * spamfilter is always enabled, remove ``uberspace mail spamfilter`` commands 11 | 12 | Fixed 13 | ----- 14 | * add catchall to spam folder maildrop filter 15 | * user ports now survive firewalld updates and reloads 16 | -------------------------------------------------------------------------------- /source/changelog_archive.rst: -------------------------------------------------------------------------------- 1 | .. _changelogarchive: 2 | 3 | ################# 4 | Changelog Archive 5 | ################# 6 | 7 | This document contains all changes made to Uberspace 7. 8 | 9 | .. include:: includes/hotfix-version.rst 10 | 11 | {# add/edit files in source/changelog to generate new changelog entries #} 12 | {% for entry in changelog_entries %} 13 | 14 | ---- 15 | 16 | .. _v{{ entry.version }}: 17 | 18 | {{ entry.title }} 19 | {% for n in range(entry.title|length) %}*{% endfor %} 20 | 21 | {{ entry.text }} 22 | {% endfor %} 23 | -------------------------------------------------------------------------------- /source/changelog/2018-07-25_7.1.10.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * SELinux is now enabled globally. In case you experience any unexpected "403 Forbidden" or "Permission denied" errors, please contact our support. 5 | * Backups are now available at `/backup` 6 | * We now provide `mtop` 7 | * We now provide cpanm and other basic perl tools 8 | * We now provide php-xmlrpc 9 | * We now provide dos2unix and unix2dos 10 | * We now provide librsync and librsync-devel 11 | 12 | Changed 13 | ------- 14 | * The local-part of mail addresses is now case-insenstive 15 | -------------------------------------------------------------------------------- /source/changelog/2017-12-19_7.0.21.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * We now provide mercurial. 5 | * You can use :ref:`additional mailboxes `. 6 | * In addition to ``$USER@uber.space``, you can now also receive mails for ``$MAILBOX@$USER.uber.space``. 7 | * We now provide :ref:`.NET `. 8 | * When you log into an Uberspace 7 server, you are now presented with the current version as well as a couple of useful links. 9 | 10 | Fixed 11 | ----- 12 | 13 | * We now support HTTPS connections form android phones running a version between 7.0 and 7.1.1. 14 | -------------------------------------------------------------------------------- /source/changelog/2019-08-21_7.3.5.2.rst: -------------------------------------------------------------------------------- 1 | This release fixes some issues with supervisord and the firewall: 2 | 3 | Changed 4 | ------- 5 | * set dummy user & password for supervisord's http server 6 | * move `supervisord `_ socket out of users home directory because supervisord became uncontrollable when users deleted ``$HOME/tmp/supervisor.sock`` 7 | 8 | 9 | Fixed 10 | ----- 11 | * fix race condition in mail limiter 12 | * make `open ports `_ available via IPv6 13 | -------------------------------------------------------------------------------- /source/changelog/2020-10-14_7.7.9.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * `python v3.9 `_ 5 | * `tig `_ 6 | 7 | Fixed 8 | ----- 9 | 10 | * Apache workers are now restarted after a number of requests to ensure the web 11 | sever's RAM usage does not grow unreasonably fast. This increases stability 12 | overall. 13 | 14 | Internal 15 | -------- 16 | 17 | * PHP errors for accounts were logged globally by accident. They are now never 18 | logged globally. But still user-local, if the user enables them. 19 | -------------------------------------------------------------------------------- /source/changelog/2017-05-03_7.0.6.2.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * we say goodbye to ``daemontools`` and hello to ``supervisord``! For the impatient: 5 | * setup daemons in ``~/etc/services.d/``, create a ``*.ini`` file for `each daemon `_ 6 | * control deamons with `supervisorctl status `_. 7 | * see logs in ``~/logs/`` 8 | * check the global config if you're curious: ``/etc/supervisord.conf`` 9 | * check the `official documentation `_ 10 | -------------------------------------------------------------------------------- /source/includes/domain-dns.txt: -------------------------------------------------------------------------------- 1 | .. note:: 2 | 3 | The Domain Name System (DNS) is a directory used to look up information about a host name. It usually includes at least a so-called A record, which contains the IPv4 address assigned to this host. The AAAA record does the same for IPv6 addresses. If the domain should be able to receive e-mails, a mail exchange server is specified in the MX record. 4 | 5 | There are other types of DNS records used to specify various services for this domain. Wikipedia provides a `list `_ if you're curious. 6 | -------------------------------------------------------------------------------- /source/changelog.rst: -------------------------------------------------------------------------------- 1 | .. _changelog: 2 | 3 | ######### 4 | Changelog 5 | ######### 6 | 7 | Below you can see the 5 most recent changes to Uberspace 7. For older changes, 8 | please refer to the :ref:`Changelog Archive `. 9 | 10 | .. include:: includes/hotfix-version.rst 11 | 12 | {# add/edit files in source/changelog to generate new changelog entries #} 13 | {% for entry in changelog_entries[:5] %} 14 | 15 | ---- 16 | 17 | .. _v{{ entry.version }}_short: 18 | 19 | {{ entry.title }} 20 | {% for n in range(entry.title|length) %}*{% endfor %} 21 | 22 | {{ entry.text }} 23 | {% endfor %} 24 | -------------------------------------------------------------------------------- /source/changelog/2017-04-25_7.0.6.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * redirect HTTP requests to HTTPS 5 | * adapt ``$PATH`` to prioritize home bin: ``PATH=$HOME/.local/bin:$HOME/bin:$PATH`` 6 | * implement option to change shell via ``chsh`` without password 7 | * provide PHP module: ``bcmath`` 8 | 9 | Fixed 10 | ----- 11 | 12 | * some of the ``uberspace-*`` scripts were horribly slow. This is due to the fact that the scripts are written in Ansible and the loading of modules and fact gathering takes time. With the recent changes in we're down to <5s for each script. 13 | * fix for webserver sometimes delivering the wrong certificate 14 | -------------------------------------------------------------------------------- /source/changelog/2019-07-22_7.3.4.rst: -------------------------------------------------------------------------------- 1 | This was mostly a maintainance release, containing internal CI releated things. But it also contains these… 2 | 3 | Fixed 4 | ----- 5 | 6 | - We promise a log retention period of 7 days in `our manual `_. For a while we only kept logs for 5 days though. This is now fixed. 7 | 8 | Added 9 | ----- 10 | 11 | - We provide the Ada compiler `gnat `_. 12 | 13 | Changed 14 | ------- 15 | 16 | - We include `luarocks `_ in ``PATH`` and also set the ``LUA_PATH`` / ``LUA_CPATH`` environment variables. 17 | -------------------------------------------------------------------------------- /source/changelog/2020-05-25_7.6.2.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * `Rust `_ ``stable`` channel. You can read about it 4 | in `our manual `_. 5 | * `Node.js `_ version ``14``. 6 | * `mosquitto `_. 7 | * `ffmpeg `_. 8 | * *pipeview* (``pv``). 9 | * *libnice*. 10 | * *libwebsockets*. 11 | 12 | Changed 13 | ------- 14 | * The data directory for MariaDB (``/var/lib/mysql``) is now stored on SSD. 15 | * Also on SSD: *rpm*, *yum* and *journald* data directories (``/var/lib/rpm``, 16 | ``/var/lib/yum``, ``/var/cache/yum`` and ``/var/log/journal``). 17 | -------------------------------------------------------------------------------- /source/changelog/2019-05-27_7.2.14.rst: -------------------------------------------------------------------------------- 1 | 7.2.12 and 7.2.13 had no user facing features, we changed and fixed lots of internal stuff. 2 | 3 | Added 4 | ----- 5 | 6 | * provide calendar 7 | * provide imlib2, imlib2-devel 8 | * enable users to compile golang apps 9 | 10 | Changed 11 | ------- 12 | 13 | * Raise max_connect_errors in MariaDB to 10000 14 | * use mitogen for on-host ansible 15 | * remove RequestReadTimeout body=900 to (hopefully) finally fix the issues with big uploads 16 | Fixed 17 | ----- 18 | 19 | * public suffix list gets updated now 20 | * maillimit crashed with user-set path 21 | * fixes a typo in "uberspace mail" 22 | * systemd reload caused deployment timeout 23 | -------------------------------------------------------------------------------- /source/changelog/2017-10-10_7.0.14.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * We now provide ``zsh``. 5 | * Our brand new ``uberspace`` command. 6 | 7 | Changed 8 | ------- 9 | 10 | * We replaced ``user.server.uberspace.de`` with ``user.uber.space`` in the webserver config. 11 | * We migrated all ``uberspace-*-*`` tools to the new ``uberspace`` command. 12 | * The ``max_allowed_packet`` setting for MySQL is ``16777216`` now to allow importing large database dumps. 13 | 14 | Fixed 15 | ----- 16 | 17 | * ``uberspace web domain list`` now includes ``user.uber.space``. 18 | * We did not apply the MySQL config file properly, therefore ``innodb_file_format`` was not set. It is ``Barracuda`` now. 19 | -------------------------------------------------------------------------------- /source/changelog/2020-04-20_7.6.0.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * We now support **Python** ``3.7`` (compiled and packaged by us). 4 | * We now support **Python** ``3.8`` (compiled and packaged by us). 5 | * We added the `zlib` Plugin to *Dovecot*, to support compressed mailboxes. 6 | 7 | Changed 8 | ------- 9 | * We had previously pinned **PHP** to ``7.3.5``, because newer versions 10 | segfault'ed when *opcache* was enabled. This is no longer the case, so we 11 | removed the pin. 12 | * Crashed **PHP-FPM** user instances failed to automatically restart when a 13 | user had exceeded their quota. They should now recover on their own, when 14 | the user no longer exceeds the quota. 15 | -------------------------------------------------------------------------------- /source/changelog/2017-12-08_7.0.20.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * We now support maildrop, which enables you to apply advanced filtering to incoming mails. 5 | * Common errors like configuring the permissions on your home directory to be too open are now detected and corrected silently. A notification mechanism will be added later. 6 | 7 | Changed 8 | ------- 9 | 10 | * Domains without explicit NS-Records were not able to receive emails. We now ask for SOA instead. 11 | 12 | Fixed 13 | ----- 14 | 15 | * An erroneous systemd configuration caused the mail service to quit when it was reloaded during manual intervention. The configuration has been updated to state that the service does not support reloads. 16 | -------------------------------------------------------------------------------- /source/changelog/2020-04-23_7.6.1.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * `fping `_ 4 | * `pwgen `_ 5 | * ``libtool-ltdl-devel`` 6 | 7 | Updated 8 | ------- 9 | * Updated our manual and error messages in regards to 10 | `xcvbn `_. A library, we use to 11 | check and enforce password strength for user mailboxes. 12 | 13 | Changed 14 | ------- 15 | * Cleanup _journald_ logs, disabled *split mode* and set a retention time of 16 | seven days. 17 | * Increased the process limit to ``1024`` (up from ``400``). Mostly because this 18 | is the lowest limit we can use and still support 19 | `Erlang `_. 20 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | This repository is mostly maintained and edited by the crew of . 4 | 5 | ## Issues 6 | 7 | Feel free to open issues about anything that bugs you! We greatly appreciate 8 | any kind of feedback. 9 | 10 | ## Pull Requests 11 | 12 | Since this repo is our official documentation, editing is mostly up to the 13 | crew of . We're always open and happy about your suggestions 14 | and pull-requests, though! 15 | 16 | If you'd like to change something small like a typo or an oversight, please 17 | just hit us up with a PR. If your change is bigger than that, _please open 18 | up an issue before starting your work_, so we can discuss the details. 19 | 20 | Thanks! :heart: :tada: 21 | -------------------------------------------------------------------------------- /source/changelog/2018-03-09_7.1.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * SPAM filtering for incoming mails: All incoming email is now spamchecked via rspamd. Mails with a spam score higher than 15 are rejected. 5 | * You can opt out of our new rspamd spamfilter with the `uberspace mail spamfilter (enable|disable)` command. 6 | 7 | Fixed 8 | ----- 9 | 10 | * Webmail now works with mail addresses like charlie@user.uber.space 11 | * The webmail client now supports uploading attachments 12 | * We now support IMAP / POP3 / SMTP login with `@uber.space` 13 | * Parsing of requested versions is now more rigid, resulting in fewer crashes for invalid versions. 14 | 15 | Changed 16 | ------- 17 | 18 | * The output of “uberspace mail domain add” now includes a sample SPF record. -------------------------------------------------------------------------------- /source/firstday-nerds.rst: -------------------------------------------------------------------------------- 1 | .. _firstday-nerds: 2 | 3 | ########################### 4 | Your first day... for nerds 5 | ########################### 6 | 7 | If you've opened this page, you probably know already how to use a Linux account and only need a few details to get started. 8 | 9 | Websites 10 | ======== 11 | 12 | If you want to publish a website using your Uberspace, you can do so by placing your files in the Document Root, which is `/var/www/virtual/$USER/html`. For convenience, there is also a symbolic link in your home folder (`~/html`). 13 | 14 | Domains 15 | ======= 16 | 17 | You can use your own domains with your Uberspace. Please refer to the relevant :ref:`web server ` and :ref:`mail server ` articles to find out how. 18 | 19 | -------------------------------------------------------------------------------- /source/changelog/2018-02-16_7.0.32.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * We now provide ImageMagick development headers as well as perl bindings. 5 | * We now provide libuuid development headers. 6 | * We now provide the irssi IRC client. 7 | 8 | Fixed 9 | ----- 10 | 11 | * Maildrop can now be used in .qmail files without specifying the full path. This should have been fixed in 7.0.24, but we misread the systemd documentation, so here we go again. 12 | * The message shown on websites hosted on deactivated accounts is now correctly displayed in browsers. 13 | 14 | Changed 15 | ------- 16 | * ~/php.d is now loaded last, so it can override values set in the global php.ini. To load extensions like ioncube, which insist on being loaded first, use the newly introduced php.early.d. 17 | -------------------------------------------------------------------------------- /source/includes/domain-providers.txt: -------------------------------------------------------------------------------- 1 | Domain Providers 2 | ================ 3 | 4 | `INWX `_ 5 | --------------------------- 6 | * `How do I set-up a MX record? `_ 7 | * `How can I forward a domain to an IP address (A/AAAA record)? `_ 8 | 9 | `Namecheap `_ 10 | ----------------------------------------- 11 | * `How can I set up MX records required for mail service? `_ 12 | * `How do I set up host records for a domain? `_ 13 | -------------------------------------------------------------------------------- /source/includes/domain-idn.txt: -------------------------------------------------------------------------------- 1 | .. note:: 2 | 3 | If you want to add or remove an `internationalized domain name (IDN) `_, please use the ASCII representation (“punycode”). For example, please use ``xn--berspace-55a.de`` instead of ``überspace.de``. 4 | 5 | To convert an internationalized domain name to punycode, use the ``idn`` command: 6 | 7 | .. code-block:: none 8 | 9 | [isabell@stardust ~] $ idn überspace.de 10 | xn--berspace-55a.de 11 | 12 | 13 | If locale inside your uberspace shell is not set correctly, this command can fail with a "could not convert" error message. To fix this, either configure your local terminal to use an UTF-8 locale or call ``idn`` like so: ``LANG=en_US.utf8 idn ...``. 14 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # Minimal makefile for Sphinx documentation 2 | # 3 | 4 | # You can set these variables from the command line. 5 | SPHINXOPTS = 6 | SPHINXBUILD = sphinx-build 7 | SPHINXPROJ = Uberspace7manual 8 | SOURCEDIR = source 9 | BUILDDIR = build 10 | 11 | # Put it first so that "make" without argument is like "make help". 12 | help: 13 | @$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) 14 | 15 | .PHONY: help Makefile 16 | 17 | serve: 18 | sphinx-autobuild --ignore '*.atom' -b html $(SOURCEDIR) $(BUILDDIR)/html 19 | 20 | 21 | # Catch-all target: route all unknown targets to Sphinx using the new 22 | # "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS). 23 | %: Makefile 24 | @$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) -------------------------------------------------------------------------------- /source/changelog/2017-12-20_7.0.22.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * In preparation for a public status dashboard, our servers now have additional black box monitoring. 5 | * Popular default ports like 9001 are now blocked. 6 | 7 | Changed 8 | ------- 9 | 10 | * The maximum number of processes/threads is now 400 instead of 300, which allows weechat to be compiled using linuxbrew. 11 | 12 | Fixed 13 | ----- 14 | 15 | * Usernames did have a minimal length of two. This is wrong. We changed it to one, so it matches Uberspace 6. 16 | * Because of an oversight, VMailMgr was never correctly set up for existing users users. This has been corrected. 17 | * The vMailMgr wrappers now support Unicode and the char–limits for password have been removed. A warning is displayed though, if non–ASCII chars are used. 18 | -------------------------------------------------------------------------------- /source/changelog/2020-07-28_7.7.2.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * Support for Haskell, via `Haskell Platform `_. 4 | * ``ksh`` - the `KornShell `_. 5 | * ``emacs`` - an `editor `_ (among other things). 6 | * ``js`` - Netscape's JavaScript interpreter. 7 | * The *php-dba* database abstraction layer module for PHP ``7.{2,3,4}``. 8 | * Dependencies for *Chrome headless*. 9 | 10 | Fixed 11 | ----- 12 | * Unified the *regular expression* used to guard **web header** input for the 13 | ``uberspace web header …`` command. The ones used for the ``del`` and 14 | ``suppress`` sub-commands where unnecessarily stricter, than the one used for 15 | ``set``. This allowed setting headers, that could neither be deleted nor 16 | suppressed. 17 | -------------------------------------------------------------------------------- /source/basics-sftp.rst: -------------------------------------------------------------------------------- 1 | .. _sftp: 2 | 3 | #### 4 | SFTP 5 | #### 6 | 7 | The *Secure File Transfer Protocol* is an encrypted protocol to exchange files between two computers, e.g. your own computer and the Uberspace host. 8 | 9 | Since SFTP is based on SSH, you can use the SSH :ref:`ssh-login-data`. 10 | 11 | Clients 12 | ======= 13 | 14 | * `Cyberduck `_, a macOS and Windows client. 15 | * `FileZilla `_, a multi-platform client available for Windows, Linux and macOS. 16 | * `WinSCP `_, a Windows-only client. 17 | 18 | .. tip:: FTP is an outdated protocol that does not use encryption in its standard implementation. While there are implementations such as FTP over SSL (FTPS), we believe that using a more modern protocol is the better choice. 19 | 20 | .. include:: includes/sftp-warning.rst 21 | -------------------------------------------------------------------------------- /source/changelog/2020-05-07_7.6.1.1.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * Installed `pecl-yaml `_ for all our 4 | supported *PHP* versions. 5 | 6 | Updated 7 | ------- 8 | * *MariaDB* to `10.3.22 `_. 9 | 10 | Changed 11 | ------- 12 | 13 | * *Node.js* ``v8`` reached end of life late last year. We deprecated it a 14 | while ago and now moved the last remaining users to ``v12`` (the latest LTS, 15 | it has security support till April 2022). 16 | 17 | * *PHP* ``v7.1`` reached end of life late last year. We deprecated it a 18 | while ago and now moved the last remaining users to ``v7.2`` (it has security 19 | support till November 2020). 20 | 21 | Fixed 22 | ----- 23 | * A regression in our ``uberspace {mail,web} domain del`` commands, that lead 24 | to always deleting the given domain for both categories. 25 | -------------------------------------------------------------------------------- /netlify.toml: -------------------------------------------------------------------------------- 1 | [build] 2 | publish = "build/dirhtml" 3 | command = "make dirhtml" 4 | 5 | [[redirects]] 6 | # Redirect domain aliases to primary domain 7 | from = "https://manual-72.uberspace.de/*" 8 | to = "https://manual.uberspace.de/:splat" 9 | status = 301 10 | force = true 11 | 12 | [[redirects]] 13 | # Redirect default Netlify subdomain to primary domain 14 | from = "https://manual-uberspace-de.netlify.com/*" 15 | to = "https://manual.uberspace.de/:splat" 16 | status = 301 17 | force = true 18 | 19 | [[redirects]] 20 | # Remove `/en` language prefix from path 21 | from = "/en/*" 22 | to = "/:splat" 23 | status = 200 24 | force = true 25 | 26 | [[redirects]] 27 | from = "/web-security.html" 28 | to = "/web-security-headers.html" 29 | force = true 30 | 31 | [[redirects]] 32 | from = "/web-security" 33 | to = "/web-security-headers" 34 | force = true 35 | -------------------------------------------------------------------------------- /source/lang-deno.rst: -------------------------------------------------------------------------------- 1 | .. _deno: 2 | 3 | .. sidebar:: Logo 4 | 5 | .. image:: _static/images/logo_deno.png 6 | :align: center 7 | 8 | #### 9 | Deno 10 | #### 11 | 12 | Introduction 13 | ============ 14 | 15 | .. warning:: Deno scripts belong in your :ref:`home`, **not** in your :ref:`docroot`. 16 | 17 | `Deno `_ is a server-side `JavaScript `_ and `TypeScript `_ interpreter. It is comparable to Node.js, but aims to offer a simple, modern and secure runtime. 18 | 19 | 20 | ---- 21 | 22 | Versions 23 | ======== 24 | 25 | Release types 26 | ------------- 27 | 28 | We provide the latest version and apply security updates on a regular basis. Once deno v2 is released this might change. 29 | 30 | Connection to webserver 31 | ======================= 32 | 33 | .. include:: includes/web-backend.rst 34 | -------------------------------------------------------------------------------- /source/changelog/2017-07-13_7.0.8.1.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * The changelog is now linked in the sidebar navigation. 5 | * We provide ``git`` version 2 from `IUS repo `_. 6 | * We now set ``session.use_strict_mode = 1`` in global ``php.ini`` to combat session fixation attacks. 7 | 8 | Fixed 9 | ----- 10 | 11 | * nginx and php log errors to different files now. 12 | * php session files are getting cleaned up now. 13 | * We changed our ``ssl_ciphers`` to make it possible for ``java8`` to connect via HTTPS. 14 | * Apache does not parse IP addresses in ``x-forwarded-for`` headers correctly, this is a bug in `mod_rpaf `_. To work around that we disabled ``keepalive`` between Apache<=>nginx (not nginx<=>users) for now. 15 | * Many connections to a single virtualhost can shut down the whole webserver. We now rate-limit the maximum connections for each user. 16 | -------------------------------------------------------------------------------- /source/changelog/2020-03-31_7.5.1.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * **Ruby** ``2.7``. 4 | * `PHP decimal `_ for all **PHP** versions, supported by 5 | us. 6 | * *Sodium* for **PHP** ``7.4``. 7 | * `ghostscript `_. 8 | * `textpos `_. 9 | 10 | Changed 11 | ------- 12 | * The default **PHP** version for new users is now ``7.4`` (was ``7.2``). 13 | * We allow up to 50 **PHP-FPM** workers (up from 10). 14 | 15 | Fixed 16 | ----- 17 | * Enable lingering for user processes. This should prevent processes, that are 18 | inside the user slice but outside a session scope, from being killed, when no 19 | user sessions are active. 20 | * Prevent our health-check script from creating empty ``~/.my.cnf`` files, if 21 | a user removed it. This will also prevent changed access timestamps on those 22 | files. 23 | 24 | Deprecated 25 | ---------- 26 | * **Ruby** ``2.4``. 27 | -------------------------------------------------------------------------------- /source/basics-shell.rst: -------------------------------------------------------------------------------- 1 | .. _shell: 2 | 3 | ######### 4 | The Shell 5 | ######### 6 | 7 | A shell is the user interface used to control an operating system. Uberspace relies on a command-line interface (CLI) rather than a graphical user interface (GUI). 8 | 9 | Changing the Shell 10 | ================== 11 | 12 | By default, all new Uberspace accounts use the `Bash `_ shell. You can use the ``chsh`` command to switch to a different shell: 13 | 14 | .. code-block:: bash 15 | 16 | [eliza@doolittle ~]$ chsh --shell /bin/zsh 17 | Changing shell for eliza. 18 | Shell changed. 19 | 20 | List Available Shells 21 | ===================== 22 | 23 | To find out which shells are available on Uberspace, run ``chsh -l``: 24 | 25 | .. code-block:: bash 26 | 27 | [eliza@doolittle ~]$ chsh -l 28 | /bin/sh 29 | /bin/bash 30 | /sbin/nologin 31 | /usr/bin/sh 32 | /usr/bin/bash 33 | /usr/sbin/nologin 34 | /usr/bin/tmux 35 | /bin/zsh 36 | /usr/bin/fish 37 | 38 | 39 | -------------------------------------------------------------------------------- /source/web-errorpage.rst: -------------------------------------------------------------------------------- 1 | .. _web-errorpage: 2 | 3 | ############# 4 | web errorpage 5 | ############# 6 | 7 | By default, we replace all HTTP 500 responses with an error page telling you and your users what to do in this case. This behavior also helps to keep your site secure, in case the backend application is configured to leak stacktraces or other confidential information on the error page. 8 | 9 | To show the original error page as generated by your application or our web server, take a look at the following commands. This may be helpful to gather addition information while debugging. It can also be used to show a prettier error page matching your design. 10 | 11 | .. code-block:: console 12 | 13 | [isabell@philae ~]$ uberspace web errorpage 500 disable 14 | Error page for HTTP 500 is disabled. 15 | 16 | To re-enable our error page again, execute: 17 | 18 | .. code-block:: console 19 | 20 | [isabell@philae ~]$ uberspace web errorpage 500 enable 21 | Error page for HTTP 500 is enabled. 22 | -------------------------------------------------------------------------------- /source/changelog/2021-04-20_7.11.0.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | - *HEIC support* for *ImageMagick* v6 (already installed for v7). 5 | - Mod *FastCGI* for *Lighttpd*. 6 | - *WebP* tooling via ``libwebp-tools``. 7 | 8 | Updated 9 | ------- 10 | 11 | - We now use the official RPM repo for *Dovecot*, jumping to version ``2.3.14``. 12 | 13 | Changed 14 | ------- 15 | 16 | - We now use TLS v1.2 as minimum version for connections to *Dovecot*. 17 | - We switched the format of our web server logs from ``COMBINED`` to ``VCOMBINED`` (i.e. added ``$host`` as first field). This changes the format of ``~/logs/webserver/access_log``. 18 | 19 | Fixed 20 | ----- 21 | 22 | - If ``--remove-prefix`` option for **web backends** used for a path not ending in a slash, the prefix was not removed. 23 | 24 | Internal 25 | -------- 26 | 27 | - Updated *node exporter* to ``v1.1.2``. 28 | - We now log full HTTP client IP addresses for 24 hours for internal abuse and spam handling. Weekly and user logs still use anonymized IPs only. 29 | -------------------------------------------------------------------------------- /source/changelog/2017-08-02_7.0.9.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * ``access_log`` and ``error_log`` can be enabled and disabled now. 5 | 6 | Changed 7 | ------- 8 | 9 | * We are using the newest MySQL file format `Barracuda `_. 10 | * We are now using ``utf8mb4`` by default in MariaDB. 11 | * ``access_log`` and ``error_log`` are disabled by default. 12 | * We adapted php.ini settings for common CMSes: drupal, Typo3, Magento, owncloud 13 | 14 | Fixed 15 | ----- 16 | 17 | * Websocket proxy connections can divert random requests. It is not known what exactly causes apache to do this, but we strongly suspect a bug. For now the fix is deactivating ``mod_proxy_wstunnel`` for the connections to Apache. 18 | * A graceful restart in Apache causes it to not accept any new requests until all old requests have been finished. This causes the server to be unresponsive for an undefined amount of time in some cases. We now set ``GracefulShutDownTimeout 5`` in the Apache config. 19 | -------------------------------------------------------------------------------- /source/changelog/2021-05-03_7.11.1.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | - *Node.js* v16. 5 | - ``inotify-tools`` 6 | 7 | Changed 8 | ------- 9 | 10 | - We changed the format of the **user access log** (again) and added the port 11 | after the host. Now the format should be compatible with ``VCOMBINED`` / 12 | ``NCSA with VHOST`` parsers, e.g. *GoAccess*. E.g.:: 13 | 14 | isabell.uber.space:443 10.132.0.0 - - [28/Apr/2021:16:10:23 +0000] 15 | "GET /hello/world.php HTTP/1.1" 200 42 "-" "HTTPie/0.9.4" 16 | 17 | - When adding **mail domains**, we priviously only accept domains, whose MX 18 | record points to the FQDN of the host. Now we also accept domains whose ``MX`` 19 | record points to a domain, whose ``A`` record resolves to the host. 20 | 21 | Fixed 22 | ----- 23 | 24 | - Our new **Dovecot** does not play well with *qmail* (*qmail* masks 25 | ``SIGCHLD``, Dovecot does not unmasks it). Until this is fixed upstream, we 26 | added a workaround. 27 | 28 | Internal 29 | -------- 30 | 31 | - We added more fields to our internal access log. 32 | -------------------------------------------------------------------------------- /source/lang-perl.rst: -------------------------------------------------------------------------------- 1 | .. _perl: 2 | 3 | .. sidebar:: Logo 4 | 5 | .. image:: _static/images/logo_perl.png 6 | :align: center 7 | 8 | #### 9 | Perl 10 | #### 11 | 12 | Introduction 13 | ============ 14 | 15 | Perl is a high-level, general-purpose, interpreted, dynamic programming 16 | language. Being released in 1987, it has a long history. The langue has been 17 | used for almost any purpose. On Uberspace it is mainly used for scripting and 18 | web applications. 19 | 20 | Versions 21 | ======== 22 | 23 | We only provide the version available in CentOS 7. 24 | 25 | Update Policy 26 | ------------- 27 | 28 | Perl is updated alongside the rest of CentOS 7 reglarily. 29 | 30 | +--------+---------------------+--------------------------+ 31 | | Branch | State | Security Support Until | 32 | +========+=====================+==========================+ 33 | | 5 | Bug fixes | January 2024 | 34 | +--------+---------------------+--------------------------+ 35 | 36 | Connection to webserver 37 | ======================= 38 | 39 | .. include:: includes/web-backend.rst 40 | -------------------------------------------------------------------------------- /source/firstday-newbies.rst: -------------------------------------------------------------------------------- 1 | .. _firstday-newbies: 2 | 3 | ############################# 4 | Your first day... for newbies 5 | ############################# 6 | 7 | Is Uberspace the right product for me? 8 | ====================================== 9 | 10 | First of all - we're glad you asked! 11 | Uberspace is a hosting platform targeted at people who want to look behind the scenes, do things we didn't anticipate and generally prefer working with a text-based console. 12 | Our objective is to not only host the content you'd like to see on the web, but to also introduce you to Linux and basic shell usage. 13 | 14 | A lot of our users started as newbies like you and enjoyed learning new things every day. 15 | We don't leave you alone: It's very important to us to help you solve any problems you might face. 16 | 17 | So, in short, Uberspace is the right product for you, if you... 18 | 19 | * want to learn things about Linux and the shell 20 | * want to bring something on the web with virtually no technical restrictions on the tools you use 21 | * don't want to have things done for you but rather appreciate help on how to do them yourself 22 | -------------------------------------------------------------------------------- /source/lang-golang.rst: -------------------------------------------------------------------------------- 1 | .. _golang: 2 | 3 | .. sidebar:: Logo 4 | 5 | .. image:: _static/images/logo_golang.svg 6 | :align: center 7 | 8 | ###### 9 | Golang 10 | ###### 11 | 12 | Introduction 13 | ============ 14 | 15 | Go, also known as Golang, is a statically typed, compiled programming language designed at Google. It is used for all kinds of tasks, including web development. Noteworthy features include memory safety, garbage collection, and a strong concurrency model. 16 | 17 | Programs written in Go are distributed as big binaries statically including all dependencies most of the time. So the tools provided by us are only needed to modify or write go programs yourself, but not to run them. 18 | 19 | Versions 20 | ======== 21 | 22 | We only provide the latest version of Go. This may change, once go 2.0 is released. 23 | 24 | Connection to webserver 25 | ======================= 26 | 27 | .. include:: includes/web-backend.rst 28 | 29 | Popular software 30 | ================ 31 | 32 | Check out the `⚛️ Uberlab `_ for guides! 33 | 34 | As noted above, most of the guides will download ready-made binaries instead of actually building from source. 35 | -------------------------------------------------------------------------------- /source/lang-java.rst: -------------------------------------------------------------------------------- 1 | .. _java: 2 | 3 | .. sidebar:: Logo 4 | 5 | .. image:: _static/images/logo_java.png 6 | :align: center 7 | 8 | #### 9 | Java 10 | #### 11 | 12 | Introduction 13 | ============ 14 | 15 | Java is a general-purpose, object-oriented programming language. Interally, it 16 | uses a virtual machine, making "compiled" java programs very independent of the 17 | actual hardware executing them. 18 | 19 | We provide both the JRE / Java Runtime Environment (``java``) and the JDK / Java 20 | Development Kit (``javac``). 21 | 22 | Versions 23 | ======== 24 | 25 | We only provide the version available in EPEL 7 - ``java-latest-openjdk``. 26 | 27 | Update Policy 28 | ------------- 29 | 30 | Java is updated alongside the rest of EPEL 7 reglarily. 31 | 32 | +--------+---------------------+--------------------------+ 33 | | Branch | State | Security Support Until | 34 | +========+=====================+==========================+ 35 | | 14 | Bug fixes | September 2020 | 36 | +--------+---------------------+--------------------------+ 37 | 38 | Connection to webserver 39 | ======================= 40 | 41 | .. include:: includes/web-backend.rst 42 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Uberspace 7 Manual 2 | 3 | Welcome to our manual! :tada: 4 | 5 | This is where we host the source code of the official version over at 6 | . Changes are mainly done by the team as new 7 | features are added and bugs are fixed, but you are more than welcome to 8 | contribute! 9 | 10 | ## Development 11 | 12 | Pushing for each and every change is fun, but can take some time. To speed up 13 | your development process, the manual can be built locally. 14 | 15 | ### Initial Setup 16 | 17 | ``` 18 | $ python3.8 -m venv .venv 19 | $ source .venv/bin/activate 20 | $ pip install -r requirements.txt 21 | ``` 22 | 23 | ### Building 24 | 25 | ``` 26 | $ source .venv/bin/activate 27 | $ make html 28 | ``` 29 | 30 | The HTML views are now present in `build/html`. To build automatically on each 31 | change execute use `sphinx-autobuild`: 32 | 33 | ``` 34 | $ make serve 35 | ``` 36 | 37 | This will start a local webserver on , which always 38 | serves the most recent version. 39 | 40 | ## License 41 | 42 | All text and code in this repository is licensed under [CC-BY-NC-SA 4.0][]. 43 | 44 | [CC-BY-NC-SA 4.0]: https://creativecommons.org/licenses/by-nc-sa/4.0/ 45 | -------------------------------------------------------------------------------- /source/lang-gcc.rst: -------------------------------------------------------------------------------- 1 | .. _gcc: 2 | 3 | .. sidebar:: Logo 4 | 5 | .. image:: _static/images/logo_gcc.png 6 | :align: center 7 | 8 | ########### 9 | GCC / C(++) 10 | ########### 11 | 12 | Introduction 13 | ============ 14 | 15 | The GNU Compiler Collection is a compiler system maintained by the GNU Project. 16 | It supports various common programming languages like C, C++ as well as more 17 | specialized ones like Objective-C, Fortran, Ada, Go, and D. It can be used 18 | directly to build tools written in C or C++, but is also used behind the scenes 19 | to build modules for Python, node.js, ruby and others. 20 | 21 | Versions 22 | ======== 23 | 24 | We only provide the version available in the Red Hat Developer Toolset. 25 | 26 | Update Policy 27 | ------------- 28 | 29 | GCC is updated alongside the rest of CentOS 7 regularly. 30 | 31 | +--------+---------------------+--------------------------+ 32 | | Branch | State | Security Support Until | 33 | +========+=====================+==========================+ 34 | | 9.x | active development | (no policy published) | 35 | +--------+---------------------+--------------------------+ 36 | 37 | In the future we may provide newer versions. 38 | -------------------------------------------------------------------------------- /source/changelog/2020-08-17_7.7.4.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | - We included the official RPM repository for the **Mercurial SCM**. So ``hg`` 4 | now comes in version ``5.4.2`` (was ``2.6.2``). 5 | 6 | - `Erlang `_ version ``23``. 7 | 8 | - We provide ``devtoolset-9`` (enabled by default). Resulting in more recent 9 | versions of development tooling (e.g. ``gcc`` in version ``9.3``). 10 | 11 | Changed 12 | ------- 13 | - Incoming connections directed to a 14 | `user's port `_ will no longer 15 | be masqueraded, meaning users processes can now acces the *public client IP*. 16 | 17 | - We set ``underscores_in_headers on`` in our *Nginx* configuration, so that 18 | headers containing underscores are no longer discarded. 19 | 20 | - The configuration prefix for **Node.js** is no longer hardcoded to 21 | ``/home/$USER``, but mearly defaults to it. This means users can now use the 22 | ``NPM_CONFIG_PREFIX`` environment variable, to set their own prefix. 23 | 24 | Fixed 25 | ----- 26 | - We made the part of our ``uberspace`` command that parses user settings from 27 | YAML files more resistant, so it should no longer bail over corrupted 28 | files. 29 | -------------------------------------------------------------------------------- /source/changelog/2020-12-01_7.8.0.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * Support for managed Sieve 5 | * Mails from spam folder are now auto-expunged after 30 days. 6 | * Add special RFC 6154 folders to Dovecot config, so mail clients detect trash, 7 | spam, and other default folders automatically. 8 | 9 | Changed 10 | ------- 11 | 12 | * We now keep logs for incoming mails for 10 days instead of one day to aid 13 | debugging of missing mails in support. 14 | * System logs are now kept for one to two days, instead of just one. 15 | * The default values of ``max_execution_time`` and ``max_input_time`` are now 16 | 90 seconds and 60 seconds respectively, to free up stuck php-fpm workers more 17 | quickly. Higher values can be set using a config file in ``~/etc/php.d``. CLI 18 | invocations like cronjobs are not affected. 19 | 20 | Internal 21 | -------- 22 | 23 | * MySQL backups are now monitored, alerting us when the process stops working. 24 | * Optimized log output of our scripts, so we can keep the useful logs for 25 | longer. 26 | * Instead of reloading nginx after log rotation, we now call ``nginx -s reopen`` 27 | to reduce load spikes and thus increase reliability. 28 | * We now run fstrim regularly to free unused storage in our ceph cluster. This 29 | enables us to use it more efficiently. 30 | -------------------------------------------------------------------------------- /source/changelog/2020-09-07_7.7.6.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * libgdiplus 5 | * libacl 6 | 7 | Fixed 8 | ----- 9 | 10 | * ``uberspace web header set`` now correctly processes entries with special 11 | characters. 12 | * Web Backends now no longer match `/etherpad_test` for a backend that was 13 | set on `/etherpad`. Additionally, requests to `/etherpad` are redirected 14 | to `/etherpad/`. 15 | 16 | Changed 17 | ------- 18 | 19 | * Node.js version 13 is now deprecated 20 | * HTTP status 500 responses are now replaced with a custom error page 21 | showing instructions how to resolve the error. This can be disabled using 22 | the new ``uberspace web errorpage`` command. 23 | 24 | Internal 25 | -------- 26 | 27 | * We started to restructure our repository to split it up into smaller 28 | modules in the future. This will enable us to make quicker releases in the 29 | future. 30 | * MySQL backups are now dumped at a random time each night, taking load off 31 | our storage system by distributing the resulting peaks better. 32 | * The NFS mount ``/backup`` is now monitored via icinga2, helping us to 33 | fix it faster when it hangs. 34 | * We use a simple watchdog to restart httpd/nginx automatically in case 35 | they do no longer respond to requests. Its checking turned out to be too 36 | aggressive, resulting in a restart loop in rare cases. We now wait for 37 | the server to recover before attempting another check/restart. 38 | -------------------------------------------------------------------------------- /source/changelog/2020-11-17_7.7.10.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * `mg `_: a tiny Emacs-like editor 5 | * ``numactl`` command to please MongoDB 6 | * modern TLS settings for POP3/IMAP/SMTP-SUBMIT (reverted because they block 7 | connections from thunderbird) 8 | * ``opus``, ``opus-tools``, and ``opus-devel`` 9 | * many fonts to support non-western scripts 10 | 11 | Fixed 12 | ----- 13 | 14 | * MariaDB backups now includestored routines 15 | * ``table_definition_cache`` is now ``20000`` to meet friendica's requirements 16 | * The SMTP connection limit introduced in v7.7.7 now actually works. 17 | * ``$user.uber.space`` is now correctly displayed in ``uberspace mail domain list`` 18 | * ``uberspace * domain list`` output is now sorted 19 | 20 | Internal 21 | -------- 22 | 23 | * Log rotation is now randomized to happen between 4 and 5 am. The time is 24 | constant for each host, so they are always rotated at the same time for a 25 | given host. This reduces the IO load on our storage and therefore improves 26 | performance and reliabilty at night. 27 | * Prometheus' node_exporter can now be monitored by our icinga2 setup, leading 28 | to more complete graphs for us and better performance for you. 29 | * Sometimes our internal CI amassed a lot of temporary DNS records, which 30 | exceeded the quota of our DNS provider, griding our CI and development to a 31 | halt. The records are now purged reguarly. 32 | -------------------------------------------------------------------------------- /source/_templates/footer.html: -------------------------------------------------------------------------------- 1 |
2 | 3 | 4 |
5 |

6 | {%- if show_copyright %} 7 | {%- if hasdoc('copyright') %} 8 | {% trans path=pathto('copyright'), copyright=copyright|e %}© Copyright {{ copyright }}.{% endtrans %} 9 | {%- else %} 10 | {% trans copyright=copyright|e %}© Copyright {{ copyright }}.{% endtrans %} 11 | {%- endif %} 12 | {%- endif %} 13 | 14 | {%- if build_id and build_url %} 15 | {% trans build_url=build_url, build_id=build_id %} 16 | 17 | Build 18 | {{ build_id }}. 19 | 20 | {% endtrans %} 21 | {%- elif commit %} 22 | {% trans commit=commit %} 23 | 24 | Revision {{ commit }}. 25 | 26 | {% endtrans %} 27 | {%- elif last_updated %} 28 | {% trans last_updated=last_updated|e %}Last updated on {{ last_updated }}.{% endtrans %} 29 | {%- endif %} 30 | 31 |

32 |
33 | 34 | {%- if show_sphinx %} 35 | {% trans %}Built with Sphinx using a modified version of a theme provided by Read the Docs{% endtrans %}. 36 | {%- endif %} 37 | 38 | {%- block extrafooter %} {% endblock %} 39 | 40 |
41 | -------------------------------------------------------------------------------- /source/changelog/2018-01-16_7.0.24.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * All servers now come with pandoc (to convert document formats), tree (to view your directory structures in a pretty way), and imapsync (to transfer emails between IMAP accounts) installed. 5 | * We now provide development headers for the ncurses GUI library. 6 | * We now provide the “gmp” module for php. 7 | * For your network debugging needs, we now offer traceroute and mtr. 8 | 9 | Changed 10 | ------- 11 | 12 | * The $PATH of qmail is now extended by standard directories like /bin, so maildrop can be called without specifying its full path. 13 | * We now automatically restart php-fpm of your web services on updates or when new php modules are added. 14 | * Apache now uses the “event” multi processing module instead of the old “prefork”. This allows us to handle more requests in parallel. 15 | * The number of HTTP slots, which can be used by a single uberspace is now limited, so a single uberspace cannot overload our webservers. 16 | 17 | Fixed 18 | ----- 19 | 20 | * After numerous attempts to install “git submodules” and various other git sub-commands, we now got it. finally. maybe. 21 | * On reboot, supervisord user services might be started before MySQL, causing some of them to fail. They are now only started, once MySQL is fully booted. 22 | * Generating the nginx config takes too long in some cases, causing a timeout and nginx to be permanently down. We increased the timeout. The faulty script will be optimized at a later date. 23 | -------------------------------------------------------------------------------- /source/changelog/2020-08-31_7.7.5.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * weechat_ - an IRC client 5 | * yarn_ - a package manage for nodejs 6 | * protobuf_ - headers and libraries used to comple applications that make use of 7 | Google's Protocol Buffers 8 | * ``js-devel`` - development headers for the installed ``js`` javascript engine 9 | * tcsh - a shell compatible with the C shell 10 | * Cyrillic font support for TeX Live 11 | 12 | Changed 13 | ------- 14 | 15 | * rspamd now uses the `ZMI ruleset against German spam`_ to improve spam 16 | filtering 17 | 18 | Internal 19 | -------- 20 | 21 | * We prepared our internal U7 repository to play around with AWX, a platform to 22 | execute ansible-playbooks reliably. We currently use gitlab-ci to run them. 23 | * We re-enabled node_exporter to generate fancy graphs and metics, which we 24 | intend to share publicly in the future. At the moment we're using icinga2 to 25 | collect metrics. 26 | * We deleted old, dead code that was blocking common ports like 6100 so users 27 | cannot use them. This is no longer a concern, as every user has their own 28 | network namespace now. 29 | * Files created by ansible in ``/root/.ansible/tmp`` are now cleaned up 30 | regularly. This should speed up the backup process, as there were quite many 31 | of them. 32 | 33 | .. _weechat: https://weechat.org/ 34 | .. _yarn: https://yarnpkg.com/ 35 | .. _protobuf: https://developers.google.com/protocol-buffers 36 | .. _`ZMI ruleset against German spam`: http://sa.zmi.at 37 | -------------------------------------------------------------------------------- /source/changelog/2020-06-03_7.7.0.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * *HTTP* outgoing headers can how be changed and set using 4 | ``uberspace web header`` 5 | (`manual entry `_). 6 | * *MySQL* `event scheduler `_ is now enabled. 7 | * *ImageMagick* v7 now has 8 | `HEIC `_ 9 | support. 10 | * `Redis `_ is preinstalled. 11 | * *Java* now includes the Java Development Kit (``javac``) 12 | 13 | Changed 14 | ------- 15 | * *Java* is now version 14 and will be updated as EPEL's 16 | ``java-latest-openjdk`` updates. 17 | * *tmux* is now version 2.9a. 18 | * *HSTS* is enforced for 1 year. 19 | * *HTTP⇒HTTPS* redirects use 301 instead of 302. 20 | 21 | Fixed 22 | ----- 23 | * *SMTP* on port 587 now no longer accepts mails to local domains without 24 | authentication. 25 | * *SMTP* on port 25 now automatically restarts, should it crash for any reason. 26 | The recent SSD migrations caused it to crash once on each host leading to a 27 | downtime of ~10 minutes. This change mitigates this on future crashes. 28 | * *Dovecot* (IMAP/POP3) now gets version updates independently of other 29 | packages. This dramatically shortens downtimes during updates, as the 30 | package script otherwise waits until all other packages have finished 31 | updating before Dovecot can start again. 32 | * *goaccess* now supports "tcb_btree" again to fix ``--keep-db-files``. 33 | -------------------------------------------------------------------------------- /source/web-security-headers.rst: -------------------------------------------------------------------------------- 1 | .. _web-security-headers: 2 | 3 | #################### 4 | Web Security Headers 5 | #################### 6 | 7 | A lot of modern web application security depends on HTTP headers. They enable 8 | you to restrict which kinds of content from which sources will be executed on 9 | your site. This can mitigate or even prevent a lot of popular client-side 10 | attacks, like Cross-Site-Scripting or downgrades to plaintext HTTP. 11 | 12 | Default headers 13 | =============== 14 | 15 | To provide a basic level of security, we set the following HTTP headers on all 16 | uberspaces for every domain: 17 | 18 | ``Referrer-Policy: strict-origin-when-cross-origin`` 19 | Prevents the browser from leaking GET parameters to linked sites via HTTPS or leaking the domain over unencrypted HTTP altogether. 20 | 21 | ``Strict-Transport-Security: max-age=31536000`` 22 | Enforce that the site may only be loaded via HTTPS for the next (non-leap) year. 23 | 24 | ``X-Content-Type-Options: nosniff`` 25 | Prevent some browsers from interpreting JavaScript in non-js MIME types. 26 | 27 | ``X-Xss-Protection: 1; mode=block`` 28 | Tell the browser to protect against cross-site scripting. 29 | 30 | ``X-Frame-Options: SAMEORIGIN`` 31 | Prevents the site from being used as a frame from another domain, i.e. to block other sites from calling actions on your site (i.e. deleting a profile). 32 | 33 | 34 | .. note:: 35 | 36 | Changing the above values is possible using :ref:`web headers `. 37 | -------------------------------------------------------------------------------- /source/policy.rst: -------------------------------------------------------------------------------- 1 | .. _policy: 2 | 3 | ###### 4 | Policy 5 | ###### 6 | 7 | To ensure smooth service for everyone, we have to intervene on individual accounts in exceptional cases. Of course, we will inform the account owner in each case and in most situations we will find a common solution. 8 | 9 | Deadlines 10 | ========= 11 | 12 | Whenever we become aware of a problem - either through our monitoring or through one of our users - we analyze the cause and contact the account owner for feedback. The following categories define the time after which we intervene and deactivate the problematic service or, in the worst case, block the entire account. 13 | 14 | * Only in the absolute exception - if the operation of our servers is urgently endangered and in the case of obvious legal violations, requests by public prosecutors or massive technical impairments (hacking, spam etc.) - we block services directly and without prior consultation with you. Of course, you will still receive a notification in this case. 15 | * If the problem affects our servers or other users noticeably, we give you 12 hours before we intervene. 16 | * If the problem is less serious, we ask you to contact us within 24 hours. 17 | * There is the category of cosmetic bugs that still need to be fixed. In this case we give you 72 hours before we take action. 18 | * In the case of problems that come to our attention but do not affect the operation of the server, we will only inform you. 19 | * Services that don't work and we notice will be deactivated and you will be notified. 20 | -------------------------------------------------------------------------------- /source/changelog/2020-08-10_7.7.3.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | * *Nginx* serves *favicons* and *SVGs* compressed (``image/x-icon``, 4 | ``image/svg+xml``). 5 | 6 | Changed 7 | ------- 8 | * We decreased our global `Rspamd `_ **reject score** to 9 | ``10`` (down from ``15``). This means, that we reject mails percieved as spam 10 | sooner. 11 | 12 | * When adding new mail domains with ``uberspace mail domain …``, we now first 13 | ask the DNS resolver for the ``MX`` records, and only fall back to our old 14 | behaviour (i.e. querying the responsible nameservers directly), when this 15 | fails (meaning the record does not point to the host). This allows for edge 16 | cases, like when a person is using the NSEntry service of DENIC where the TLD 17 | nameservers directly hands out all records. 18 | 19 | * Error pages generated by the Apache webserver now display 20 | ``@uber.space`` instead of ``hallo@uberspace.de`` as a means of 21 | contact. Users of users kept asking our support about issues we cannot resolve 22 | for them, because they aren't our customers. The new mail address directs them 23 | to the right person. 24 | 25 | Internal 26 | -------- 27 | 28 | * We added a script to clean up DNS records created during our internal testing 29 | process. This will lead to more time spend building features and less time 30 | debugging the DNS. 31 | 32 | * Configuration for the Apache webserver is now generated for all users before 33 | the server starts, instead of on account creation. This way we can easily 34 | change the configuration file in the future. Other services already use this 35 | scheme. 36 | -------------------------------------------------------------------------------- /source/changelog/2021-01-25_7.9.0.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * PHP 8.0 5 | * Ruby 3.0 6 | * InfluxDB and ``telegraf`` 7 | * PostgreSQL 8 | * CouchDB 9 | * MongoDB 10 | * .NET 5.0 11 | * ``gobject-introspection-devel``, ``pango-devel``, ``ripgrep``, ``bat``, 12 | ``asciidoc``, ``ledger`` 13 | 14 | Changed 15 | ------- 16 | 17 | * legacy URLs like ``adminer.``, ``pma.``, and ``webmail.host.uberspace.de`` 18 | redirect to their global counterparts (e.g. https://webmail.uberspace.de) 19 | * removed PHP 7.2 20 | * removed .NET 2.0 and 2.2 21 | * httpd is now allowed to read files with ``user_home_t`` SELinux labels. This 22 | fixes usability issues because of files removed from home. It also enables 23 | CGI scripts to access libraries installied in ``$HOME/.local`` and similar. 24 | There is still no official support for CGI, though. 25 | 26 | Fixed 27 | ----- 28 | 29 | * tmux sessions no longer break after some time. We mistakenly removed them from 30 | ``/tmp`` automatically and now leave them be. 31 | * MySQL backups sometimes (1 or 3 databases in total on _all_ hosts) fail, so we 32 | now retry them once. This increases the reliability of the provided backups 33 | and silences our monitoring. 34 | * Sieve configuration files no longer show up as folders in mail clients. 35 | 36 | Internal 37 | -------- 38 | 39 | * We migrated additional hosts to SSD storage. 40 | * Add a test for redis. 41 | * Add monitoring check for failed user services. This way we will notice, if 42 | your supervisord or php-fpm fail. 43 | * Add monitoring check for individual MySQL backups. Monitoring for the backup 44 | process as a whole was already present. 45 | -------------------------------------------------------------------------------- /source/database-couchdb.rst: -------------------------------------------------------------------------------- 1 | .. _couchdb: 2 | 3 | ####### 4 | CouchDB 5 | ####### 6 | 7 | CouchDB is a document-oriented database system. We provide binaries ready to start your own instance. 8 | 9 | Refer to the `UberLab guide `_ for details. 10 | 11 | 12 | Versions 13 | ======== 14 | 15 | Release types 16 | ------------- 17 | 18 | We provide version 3 and apply security updates on a regular basis. 19 | 20 | Standard version 21 | ---------------- 22 | 23 | If you don't select a certain version, our default will be used. We decided to 24 | default to the following version: 25 | 26 | .. code-block:: bash 27 | 28 | [eliza@dolittle ~]$ uberspace tools version show couchdb 29 | Using 'couchdb' version: 3 30 | [eliza@dolittle ~]$ 31 | 32 | Show available versions 33 | ----------------------- 34 | 35 | Use ``uberspace tools version list couchdb`` to show all selectable versions: 36 | 37 | .. code-block:: bash 38 | 39 | [eliza@dolittle ~]$ uberspace tools version list couchdb 40 | - 3 41 | [eliza@dolittle ~]$ 42 | 43 | Change version 44 | -------------- 45 | 46 | Once a new version is released, you can select it using ``uberspace tools version use couchdb ``: 47 | 48 | .. code-block:: bash 49 | 50 | [eliza@dolittle ~]$ uberspace tools version use couchdb 3 51 | Selected couchdb version 3 52 | The new configuration is adapted immediately. Minor updates will be applied automatically. 53 | [eliza@dolittle ~]$ 54 | 55 | Update policy 56 | ------------- 57 | 58 | We currently offer version 3 only, which is in active development. Once new versions are released, we'll provide them. 59 | -------------------------------------------------------------------------------- /source/changelog/2020-09-29_7.7.8.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * `deno `_ JavaScript/TypeScript runtime 5 | * ``nagios-plugins-http`` 6 | * ``rclone`` 7 | * re-added support for Sieve. We had to remove it shortly after the rollout in 8 | v7.7.7 because it was incompatible with mailboxes that contain a dot, e.g. 9 | ``isabell.hacker@something.org``. This is now fixed. Documentation and an 10 | announcement will follow. 11 | 12 | Fixed 13 | ----- 14 | 15 | * When we do not know a domain, we display a helpful "sorry, unknown domain. 16 | here is how you add it" page. This page doesn't have a valid certificate, 17 | but HTTPS was still enforced. The page can now also be opened using HTTP. 18 | * ``MX`` records can be in any case, i.e. ``10 TUTTLe.uberspace.DE`` is now 19 | considered valid. 20 | * The default "there is no content" page is no longer shown, if there is a 21 | ``index.php`` providing content. In the past the ``index.html`` added by us 22 | was considered more important by httpd. We now add a ``nocontent.html``, which 23 | is always queried last. 24 | 25 | Changed 26 | ------- 27 | 28 | * ruby 2.4 users have been migrated to version 2.7. 29 | * nodejs 13 users have been migrated to version 14. 30 | * The 500 Internal Server Error page now shows information on how to disable it. 31 | * Updated HTTPS ciphers and settings to match current mozilla recommendations. 32 | 33 | Internal 34 | -------- 35 | 36 | * Removed an unused 3rd-party YUM repo 37 | * We continued to restructure our repository to split it up into smaller 38 | modules in the future. This will enable us to make quicker releases in the 39 | future. 40 | -------------------------------------------------------------------------------- /source/changelog/2020-12-22_7.8.1.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * Support for `R `_ and 5 | `CRAN packages `_. 6 | 7 | 8 | Changed 9 | ------- 10 | 11 | * Increased the **Rspamd** reject score to ``15`` (up from ``10``). 12 | 13 | * Reduced the **Rspamd** score for ``INVALID_RCPT_8BIT`` to ``3`` (down from 14 | ``6``). 15 | 16 | * We limit the *Spam Assassin* rules we use with **Rspamd** to 17 | `ZMI `_. 18 | 19 | * Deprecated **PHP** ``7.2``. It will be removed early next year. 20 | 21 | * We added a connection timeout on port 587 (hard capped at two hours, or one 22 | hour for idle connections). Our SMTP submit queue suffered from lingering 23 | connections, we hope this helps to mitigate it. 24 | 25 | * The output of ``uberspace mail domain add`` now ends domain names with a dot 26 | (``.``). We hope this helps avoiding situations, where it could otherwise be 27 | interpreted as *relative to an origin* (this mostly effects c/p to *bind* 28 | configurations, but also some web based GUIs). 29 | 30 | Internal 31 | -------- 32 | 33 | * We migrated a lot of hosts to SSD storage. 34 | 35 | * *fstrim* now runs about weekly on the hosts. Concrete times are distributed 36 | randomly, to minimize the impact on the cluster. 37 | 38 | * While creating SQL backup dumps, we now log and monitor *MariaDB* errors. 39 | 40 | * We moved the *Rspamd* logs out of the journal (for now). This allows us to 41 | have a longer retention policy for those, while still keeping them pretty 42 | verbose. We will fine tune our Spam filtering over the next releases, so this 43 | might come in handy. 44 | -------------------------------------------------------------------------------- /source/changelog/2020-09-16_7.7.7.rst: -------------------------------------------------------------------------------- 1 | ✈ 2 | 3 | Added 4 | ----- 5 | 6 | * support for Sieve, documentation and announcement will follow. 7 | * rrdtool 8 | 9 | Fixed 10 | ----- 11 | 12 | * Modification time of files in `~/etc/certificates` now reflects the time the 13 | certificate was generated, instead of the current time +/- 1 minute, which was 14 | a bit useless. 15 | * The number of simultaneous SMTP connections is now limited, closing an easy 16 | but harmless DoS vector. Additionally, we added more SMTP connection slots. 17 | 18 | Changed 19 | ------- 20 | 21 | * New accounts now come with an `index.html` explaining how to upload content, 22 | replacing the 403 Forbidden page that was shown in the past. 23 | * Web Backends now serve their content at both `/etherpad` and `/etherpad/`, 24 | partly reverting the change made in 7.7.6 because of incompatibility with 25 | web socket libraries. 26 | * Web Backends can now report a custom `Server:` HTTP response header, which is 27 | passed to the client. By default, the server responds `Server: nginx` 28 | like before. 29 | * supervisord is now version 4.2.1 30 | 31 | Internal 32 | -------- 33 | 34 | * In the past we used two mechanisms to deploy the primary TLS certificate: 35 | prepared (put in a bought one) and self-signed (generate one on demand). The 36 | former was used for production, the latter for our automatic tests. This 37 | caused the production code path only being tested in... production, which is 38 | bad. We changed this to always use "prepared" and removed all of the "self- 39 | signed" code. 40 | * We removed the java installation that was active before 7.7.0 41 | * General cleanup in our repository removing a total of 800 lines of dead code. 42 | -------------------------------------------------------------------------------- /source/changelog/2017-10-03_7.0.12.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * 🎉 `Public Beta! `_ 🎉 5 | * The Dashboard can now talk to the Uberspace 7 servers, create users, delete users and change passwords. 6 | * We now provide ``lynx``, ``w3m`` and ``bind-utils``. 7 | * New PHP extensions: ``soap`` and ``posix``, ``shmop``, ``sysvmsg``, ``sysvsem`` and ``sysvshm``. 8 | 9 | Changed 10 | ------- 11 | 12 | * We increased the maximum concurrent webserver connections from each IP address to 15 with a burst of 150 for a short period to be within the `HTTP/2 `_ specification. 13 | * The webmail interface used to be reachable via ``webmail.servername.uberspace.de`` and we got the certificates from Let's Encrypt. Unfortunatelly we ran into the `rate limiting `_ and can't get any certificates for ``uberspace.de`` anymore. For now we had to disable the webmail interface and we will look into the issus to find a workaround. On the bright side we had to refactor the certificate deployment process and so far it's rock solid 💪😎. 14 | * We did some work on the manual: 💄 15 | 16 | Fixed 17 | ----- 18 | 19 | * Composer sees that ``/bin/php`` is a symlink and directly calls the symlink target instead of ``/bin/php``. The result was that our wrapper doesn't know it's supposed to execute php. Using a hardlink instead of a symlink fixed it. 20 | * ``something.uber.space`` can't be added via ``uberspace-add-domain`` anymore. 21 | * HTTP basic auth headers are now passed to PHP. 22 | * Adding a domain to the email configuration didn't trigger a qmail reload. 23 | -------------------------------------------------------------------------------- /source/lang-rust.rst: -------------------------------------------------------------------------------- 1 | .. _rust: 2 | 3 | .. sidebar:: Logo 4 | 5 | .. image:: _static/images/logo_rust.svg 6 | :align: center 7 | 8 | #### 9 | Rust 10 | #### 11 | 12 | Introduction 13 | ============ 14 | 15 | .. warning:: Rust applications belong in your :ref:`home`, **not** in your :ref:`docroot`. 16 | 17 | `Rust `_ is a *multi-paradigm programming language* focused on **performance** and **safety**, especially **safe concurrency**. Rust is syntactically similar to C++, but provides memory safety without using garbage collection. The compiler is *free and open-source software* dual-licensed under the **MIT License** and **Apache License 2.0**. 18 | 19 | Versions 20 | ======== 21 | 22 | Release Types 23 | ------------- 24 | 25 | The Rust project uses a concept called ‘`release channels `_’ to manage releases. For now we support the ``stable`` channel. 26 | 27 | Crates 28 | ====== 29 | 30 | Packaged Rust projects are called **crates**. The `crates.io `_ website serves as an official repository for them. You can install binaries from there with the `cargo install`_ command: 31 | 32 | .. code-block:: console 33 | 34 | [eliza@dolitte ~] cargo install package-name 35 | 36 | This downloads the source for ``package-name`` and compiles it. The resulting binaries are placed into ``$HOME/.cargo/bin/``. Which is already included in your ``$PATH`` (unless you changed our default setup). You can find ways to configure this in the documentation for `cargo install`_. 37 | 38 | .. _`cargo install`: https://doc.rust-lang.org/cargo/commands/cargo-install.html 39 | 40 | Connection to webserver 41 | ======================= 42 | 43 | .. include:: includes/web-backend.rst 44 | -------------------------------------------------------------------------------- /source/basics-ports.rst: -------------------------------------------------------------------------------- 1 | .. _firewallports: 2 | 3 | ############## 4 | Firewall Ports 5 | ############## 6 | 7 | All uberspaces come with default firewall settings, which do not allow incoming 8 | connections on ports other than 443 and 80. Some software like Wordpress, 9 | mailman or seafile can be exposed using :ref:`php-fpm ` or 10 | :ref:`web backends `. Either way, you do not need to think about 11 | ports and firewalls. 12 | 13 | If your software requires direct TCP or even UDP connections, like XMPP, ZNC or 14 | mosh, you need to open a port in the firewall. 15 | 16 | .. note:: If you plan to use :ref:`web backends `, you do **not** need to open a port for your application. 17 | 18 | Opening ports 19 | ============= 20 | 21 | Each uberspace can open 20 ports. The port numbers are generated automatically 22 | in the range from 20.000 to 61.000 and cannot be chosen arbitrarily. 23 | 24 | .. code-block:: bash 25 | 26 | [eliza@doolittle ~]$ uberspace port add 27 | Port 40132 will be open for TCP and UDP traffic in a few minutes. 28 | 29 | .. tip:: Your application needs to listen on interface ``::`` or ``0.0.0.0`` (using ``127.0.0.1``, ``localhost``, ``::1``, the external IP, or the hostname will **not** work). 30 | 31 | Listing Ports 32 | ============= 33 | 34 | To get a list of currently open ports, execute the following command: 35 | 36 | .. code-block:: bash 37 | 38 | [eliza@doolittle ~]$ uberspace port list 39 | 40132 40 | 40133 41 | 40134 42 | 43 | Closing Ports 44 | ============= 45 | 46 | If you don't need your port anymore, it's a good idea to close it. You can do so 47 | using to following command: 48 | 49 | .. code-block:: bash 50 | 51 | [eliza@doolittle ~]$ uberspace port del 40132 52 | Port 40132 will be closed in a few minutes. 53 | -------------------------------------------------------------------------------- /source/changelog/2017-06-26_7.0.8.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * In the past the maximum upload size for PHP was chaos. We now guarantee 500 megabytes everywhere. 5 | * We now ship Python 3. You can choose from interpreter versions 3.4, 3.5, as well as 3.6. 6 | * We now provide midnight commander. 7 | * Following security best practices, we now set a number of HTTP headers. 8 | 9 | Fixed 10 | ----- 11 | 12 | * The version system did not respect the selected version, when executed with ``nice`` or within a cronjob. To fix this, we no longer modify the ``$PATH``, but instead use wrapper scripts. 13 | * To comply with German privacy regulations all IP addresses within user-accessible webserver logs are now shortened. 14 | * As to not unnecessarily leak software versions, we now remove the ``X-Powered-By`` header from all HTTP responses. 15 | * To prevent unexpected behaviour, mice are now banned from using nano. 🐭🚫 16 | 17 | Backstage 18 | --------- 19 | 20 | * We've upgraded all ``uberspace-`` scripts to [paternoster v2](github.com/uberspace/paternoster). 21 | * Since ``te512042.019e71729061e1f03aef698f89da225d00559bbd-1310.testing.ubrspc.de`` is not a very handy hostname, we now use shorter ones like ``565743.vagrant.ubrspc.de`` within our testing setup. 22 | * Nginx rightly complained about a duplicated MIME type in our config. We learned that ``text/html`` is implied, so we no longer add it to the list of gzip-able files explictly. 23 | * A `bug within vagrant-google `_ caused our workflows to be a bit cumbersome. So we `fixed it `_. 24 | * An oversight caused us to issue certificates with non-unique serial numbers during testing. While those certificates never reached production, they're more random now. 25 | -------------------------------------------------------------------------------- /source/lang-dotnet.rst: -------------------------------------------------------------------------------- 1 | .. _dotnet: 2 | 3 | .. sidebar:: Logo 4 | 5 | .. image:: _static/images/logo_dotnet.png 6 | :align: center 7 | 8 | ######### 9 | .NET Core 10 | ######### 11 | 12 | Introduction 13 | ============ 14 | 15 | .. warning:: .NET scripts belong in your :ref:`home`, **not** in your :ref:`docroot`. 16 | 17 | `.NET `_ is a server-side runtime implementation of CLR, the virtual machine that manages the execution of .NET programs. While .NET Core shares a subset of .NET Framework APIs, it comes with its own API that is not part of .NET Framework. 18 | 19 | ---- 20 | 21 | Versions 22 | ======== 23 | 24 | Release types 25 | ------------- 26 | 27 | We provide the latest .NET Core LTS and apply security updates on a regular basis. 28 | 29 | We also provide older versions; you can get a full list of curently available versions with ``dotnet --list-sdks``. 30 | 31 | Update policy 32 | ------------- 33 | 34 | We update all `supported versions `_ on a regular basis. 35 | 36 | ====== =========== =============== 37 | Branch State Supported Until 38 | ====== =========== =============== 39 | 5.0 current 2022-02 40 | 3.1 LTS 2022-12-03 41 | 2.1 LTS 2021-08-21 42 | ====== =========== =============== 43 | 44 | 45 | ---- 46 | 47 | Getting started 48 | =============== 49 | 50 | Check out the `Hello, Console App! `_. 51 | 52 | ---- 53 | 54 | Connection to webserver 55 | ======================= 56 | 57 | .. include:: includes/web-backend.rst 58 | 59 | ---- 60 | 61 | Caveats 62 | ======= 63 | 64 | Privacy 65 | ------- 66 | 67 | .NET collects `telemetry data `_ by default. This can be turned off by setting the environment variable ``DOTNET_CLI_TELEMETRY_OPTOUT`` to ``1``. 68 | -------------------------------------------------------------------------------- /source/web-https.rst: -------------------------------------------------------------------------------- 1 | .. _web-https: 2 | 3 | ##### 4 | HTTPS 5 | ##### 6 | 7 | Every Uberspace comes with its own enforced HTTPS certificate. Your 8 | :ref:`external domains ` as well as the ``.uber.space`` default 9 | domains, are automatically provided with a free certificate from 10 | `Let's Encrypt `_. In combination with our default 11 | :ref:`security headers `, this ensures that you and your 12 | users always use a secure connection to prevent eavesdropping and injection of 13 | unwanted content. 14 | 15 | 16 | Let's encrypt 17 | ============= 18 | 19 | We use `lua-resty-auto-ssl `_ to issue Let's Encrypt certificates for every external domain that is :ref:`connected to a Uberspace `. This happens automagically when a domain (``Host`` header) is first seen by our webserver. For privacy reasons every domain gets its own certificate. We also handle the renewal, certificates will be renewed if they expire in less than 30 days. 20 | 21 | Certificate Access 22 | ------------------ 23 | 24 | Once a certificate has been generated, you can find all relevant files in ``~/etc/certificates``. 25 | This includes your certificate chain - ``.crt`` - as well as the private 26 | key - ``.key``. If you do not make use of our webserver, you can copy 27 | or directly use these files in your application. If you use PHP, static files or 28 | :ref:`web backends `, we handle HTTPS for you and there is no need 29 | to do anything. 30 | 31 | .. warning:: 32 | 33 | Certificates issued by let's encrypt have a short life of 90 days. We renew 34 | certificates when they are 60 days old. In practice, the provided files will 35 | change every 1-2 months. 36 | 37 | Make sure to either restart your service once a month, or watch the files for 38 | changes and restart accordingly. Otherwise your service will use an 39 | outdated, invalid certificate. 40 | -------------------------------------------------------------------------------- /source/_static/css/custom.css: -------------------------------------------------------------------------------- 1 | /* footer */ 2 | .wy-nav-content { 3 | position: relative; 4 | background-image: url("/_static/images/footer.svg"); 5 | background-position: bottom; 6 | background-repeat: no-repeat; 7 | background-size: 75%; 8 | min-height: 100vh; 9 | } 10 | 11 | .document { 12 | min-height: 500px; 13 | margin-bottom: 8rem; 14 | } 15 | 16 | footer { 17 | position: absolute; 18 | bottom:0; 19 | left: 0; 20 | right: 0; 21 | padding-bottom: 1rem; 22 | text-align: center; 23 | font-size: 80%; 24 | color: #222222; 25 | } 26 | 27 | /* navigation */ 28 | .wy-side-nav-search { 29 | padding-top: 170px; 30 | background-image: url("/_static/images/rocket.svg"); 31 | background-position: top; 32 | background-repeat: no-repeat; 33 | background-color: #222222; 34 | } 35 | 36 | .wy-menu-vertical a:active { 37 | background-color: #e2001a; 38 | cursor: pointer; 39 | color: #fff; 40 | } 41 | 42 | .wy-menu-vertical header, .wy-menu-vertical p.caption :first-child::before { 43 | content: url("/_static/images/icn-rocket.svg"); 44 | margin-left: -.1618em; 45 | width: 30px; 46 | float: left; 47 | padding: .1618em; 48 | } 49 | 50 | .wy-menu-vertical header, .wy-menu-vertical p.caption { 51 | margin-top: .809em; 52 | color: #999999; 53 | } 54 | 55 | .wy-menu-vertical header, .wy-menu-vertical ul.toctree-l1 { 56 | margin-top: .809em; 57 | color: #999999; 58 | } 59 | 60 | nav li { 61 | padding-left: 10px; 62 | } 63 | 64 | /* search box */ 65 | .wy-side-nav-search input[type=text] { 66 | border-color: #84000f; 67 | } 68 | 69 | 70 | /* Main Page - Rocket */ 71 | 72 | .rst-content .document img[src$='_images/big-rocket.svg'] { 73 | float: right; 74 | width: 50%; 75 | height: auto; 76 | shape-outside: url(/_static/images/big-rocket.svg); 77 | shape-margin: 1em; 78 | } 79 | 80 | /* logo box for languages */ 81 | .sidebar + .section > .section:first-of-type > div { 82 | max-width: 55%; 83 | } 84 | 85 | /* highlighted remove paddings */ 86 | .rst-content .highlighted { 87 | padding: 0; 88 | } 89 | 90 | 91 | -------------------------------------------------------------------------------- /source/basics-resources.rst: -------------------------------------------------------------------------------- 1 | .. _resources: 2 | 3 | ################ 4 | System Resources 5 | ################ 6 | 7 | .. _quota: 8 | 9 | Storage 10 | ======= 11 | 12 | Every Uberspace is provided with 10 GB of storage by default, you can :ref:`upgrade your storage ` up to 50GB. Over-usage of up to 10% is permitted for up to seven days. If you try to use even more than these 110% of your booked storage or if you don't free up enough storage within seven days, we will block all write access for your account. This means you won't be able to add any more data, including incoming e-mails or database storage. 13 | 14 | In order to avoid hitting this limit, you can check your current storage usage using the ``quota`` command: 15 | 16 | .. code-block:: console 17 | 18 | [isabell@stardust ~]$ quota -gsl 19 | Disk quotas for group isabell (gid 1013): 20 | Filesystem space quota limit grace files quota limit grace 21 | /dev/sda2 713M 10240M 11264M 38 0 0 22 | 23 | 24 | * ``space`` shows you how much storage you're currently using. 25 | * ``quota`` shows the 10 GB *soft* limit. 26 | * ``limit`` column shows the *hard* limit of 11 GB. 27 | * ``grace`` column shows you how much time you have left to fix if you are over the soft limit. 28 | 29 | .. note:: To find files and folders which use a lot of storage, you can use the command ``ncdu`` when logged in to your uberspace. 30 | 31 | .. warning:: Currently there is no automatic notification via email if your quota is going to be overused, you have to check it for your self from time to time or to set up a script triggered by cron. 32 | 33 | .. _ram: 34 | 35 | RAM 36 | === 37 | 38 | You can use up to 1536 MB (1.5 GB) of RAM. If you try to use more than this limit, your process will be killed. We reserve the right to ask nicely to reduce your usage if it is impacting other users or the overall performance of the host. 39 | 40 | .. _cpu: 41 | 42 | CPU 43 | === 44 | 45 | Every Uberspace gets a fair slice of CPU time. If the CPU is idle, you can use more than that. Processes that try to use too much CPU resources will be throttled. 46 | 47 | -------------------------------------------------------------------------------- /source/mail-spam.rst: -------------------------------------------------------------------------------- 1 | .. _mailfilters: 2 | 3 | ############### 4 | Filtering mails 5 | ############### 6 | 7 | We filter incoming mails with `Rspamd `_ which uses `multiple `_ filtering and statistical methods to generate a spam score, including (but not limited to) SPF, DMARC and DNS blacklists. Mails with a score greater than 15 get rejected. We are using Bayes filtering using the sqlite3 backend per server. To allow for some initial filtering we are retrieving example spam/ham databases provided by rspamd.com. We also autolearn ham and spam, what means that every mail with a negative score is auto-learned as ham, while every mail with a score higher than the rejection score is auto-learned as spam, given that the Bayes filter hasn't already identified it as ham or spam. 8 | 9 | .. tip:: 10 | We are working on a feature to let all users train the filter and to recategorize spam and ham by using appropriate folders. 11 | 12 | Configure spam folder 13 | ===================== 14 | 15 | Use ``uberspace mail spamfolder`` to configure the spam folder for all mailboxes in your account. Mails with a spam score greater than 5 will get sorted into the ``Spam`` folder in the according mailbox. 16 | 17 | .. code-block:: console 18 | 19 | [eliza@dolittle ~]$ uberspace mail spamfolder status 20 | The spam folder is enabled. 21 | [eliza@dolittle ~]$ uberspace mail spamfolder disable 22 | The spam folder is now disabled. 23 | [eliza@dolittle ~]$ uberspace mail spamfolder enable 24 | The spam folder is now enabled. 25 | 26 | Background 27 | ---------- 28 | 29 | We implement the spam folder by manipulating your ``~/.qmail-default``. Enabling spam folders effectively means that a maildrop filter named ``~/.spamfolder`` is created which just includes the global template ``/opt/uberspace/etc/spamfolder.template``. That global template basically resembles what vdeliver does - retrieving the target Maildir and optional mail forward targets. Disabling spam folders effectively means resetting ``~/.qmail-default`` to call *vdeliver* instead of *maildrop*. 30 | 31 | .. warning:: 32 | Spam filtering and sorting does **not work** with the system mailbox. Create user mailboxes instead! 33 | -------------------------------------------------------------------------------- /source/database-mongodb.rst: -------------------------------------------------------------------------------- 1 | .. _mongodb: 2 | 3 | ####### 4 | MongoDB 5 | ####### 6 | 7 | MongoDB is a document-oriented database system. We provide binaries ready to start your own instance. 8 | 9 | Refer to the `UberLab guide `_ for details. 10 | 11 | 12 | Versions 13 | ======== 14 | 15 | Release types 16 | ------------- 17 | 18 | We provide different releases and apply security updates on a regular basis. 19 | 20 | Standard version 21 | ---------------- 22 | 23 | If you don't select a certain version, our default will be used. We decided to 24 | default to the following version: 25 | 26 | .. code-block:: bash 27 | 28 | [eliza@dolittle ~]$ uberspace tools version show mongodb 29 | Using 'mongodb' version: 4.4 30 | [eliza@dolittle ~]$ 31 | 32 | Show available versions 33 | ----------------------- 34 | 35 | Use ``uberspace tools version list mongodb`` to show all selectable versions: 36 | 37 | .. code-block:: bash 38 | 39 | [eliza@dolittle ~]$ uberspace tools version list mongodb 40 | - 4.0 41 | - 4.2 42 | - 4.4 43 | [eliza@dolittle ~]$ 44 | 45 | Change version 46 | -------------- 47 | 48 | You can select the version using ``uberspace tools version use mongodb ``: 49 | 50 | .. code-block:: bash 51 | 52 | [eliza@dolittle ~]$ uberspace tools version use mongodb 4.2 53 | Selected mongodb version 4.2 54 | The new configuration is adapted immediately. Minor updates will be applied automatically. 55 | [eliza@dolittle ~]$ 56 | 57 | Update policy 58 | ------------- 59 | 60 | We update all versions on a regular basis. Once the `support `_ ends, the branch reaches its end of life (EOL), is no longer supported and will be removed from our servers. 61 | 62 | +--------+-------------------------+------------------+ 63 | | Branch | State | Supported Until | 64 | +========+=========================+==================+ 65 | | 4.0 | Active | January 2022 | 66 | +--------+-------------------------+------------------+ 67 | | 4.2 | Active | TBD | 68 | +--------+-------------------------+------------------+ 69 | | 4.4 | Active | TBD | 70 | +--------+-------------------------+------------------+ 71 | -------------------------------------------------------------------------------- /source/_static/images/logo_rust.svg: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /source/changelog/2021-03-04_7.10.0.rst: -------------------------------------------------------------------------------- 1 | Added 2 | ----- 3 | 4 | * updated Java to 15 5 | * each users CPU usage is now limited to 6 cores, improving stability. 6 | * ``pecl-mailparse`` 7 | * HEIC support for ImageMagick 6, and by extension PHP 8 | 9 | Changed 10 | ------- 11 | 12 | * recommended SPF record is now ``include:spf.uberspace.de`` so we can reoute 13 | mails more easily. The current records prevents us from relaying mails through 14 | another server temporarily. 15 | * to be consistent with our advice to use ``.uber.space`` domains for mail, 16 | ``user.host.uberspace.de`` is now no longer part of ``mail domain list``. 17 | * ``uberspace mail domain add`` now explains that the trailing dot in MX records 18 | is correct, but not necessary or possible to enter in many DNS interfaces. 19 | * rspamd's ``FORGED_RECIPIENTS`` test now adds fewer points to the spam score 20 | to counter many reported false-positive. 21 | 22 | Fixed 23 | ----- 24 | 25 | * RAM limits for users were not applying consistently, leading to outages in the 26 | recent past. We now apply the limits ourselves instead of relying on systemd, 27 | increasing stability in the future. 28 | * Sometimes systemd failed to reload nginx, leading to new domains not being 29 | available. We now use the nginx tooling directly instead of relying on 30 | systemd's ``$MAINPID`` variable, hopefully fixing this. 31 | * MySQLs temporary files are now written to SSDs on all hosts, increasing 32 | performance for big queries that don't fit into RAM. 33 | 34 | Internal 35 | -------- 36 | 37 | * there is a dummy ``uberspace-letsencrypt-renew`` script, which does nothing. 38 | Many U6 users leave their let's encrypt cronjob in place, even though U7 does 39 | not need one. The resulting cron error mails confuse users, which increases 40 | our support volume. The dummy script automates those cases. 41 | * we rewrote the playbook, which updates MariaDB, enabling updates to 10.4 and 42 | 10.5 in the future. 43 | * some hosts have additional SSD devices for yum, rpm and the systemd journal. 44 | Since we are moving all hosts to SSDs, these are not necessary anymore. We 45 | wrote a playbook to remove them in the future, making all hosts consistent 46 | again. 47 | * we now detect and automatically ban more mining tools. 48 | * MySQL backups now only happen for databases, which changed since the last 49 | backup. This reduces the system load at night and further increases storage 50 | performance and stability. 51 | -------------------------------------------------------------------------------- /source/database-postgresql.rst: -------------------------------------------------------------------------------- 1 | .. _postgresql: 2 | 3 | ########## 4 | PostgreSQL 5 | ########## 6 | 7 | PostgreSQL (or Postgres) is an open-source relational database. We provide binaries ready to start your own instance. 8 | 9 | Refer to the `UberLab guide `_ for details. 10 | 11 | 12 | Versions 13 | ======== 14 | 15 | Release types 16 | ------------- 17 | 18 | We provide different releases and apply security updates on a regular basis. 19 | 20 | Standard version 21 | ---------------- 22 | 23 | If you don't select a certain version, our default will be used. We decided to 24 | default to the following version: 25 | 26 | .. code-block:: bash 27 | 28 | [eliza@dolittle ~]$ uberspace tools version show postgresql 29 | Using 'postgresql' version: 13 30 | [eliza@dolittle ~]$ 31 | 32 | Show available versions 33 | ----------------------- 34 | 35 | Use ``uberspace tools version list postgresql`` to show all selectable versions: 36 | 37 | .. code-block:: bash 38 | 39 | [eliza@dolittle ~]$ uberspace tools version list postgresql 40 | - 10 41 | - 11 42 | - 12 43 | - 13 44 | [eliza@dolittle ~]$ 45 | 46 | Change version 47 | -------------- 48 | 49 | You can select the version using ``uberspace tools version use postgresql ``: 50 | 51 | .. code-block:: bash 52 | 53 | [eliza@dolittle ~]$ uberspace tools version use postgresql 12 54 | Selected postgresql version 12 55 | The new configuration is adapted immediately. Minor updates will be applied automatically. 56 | [eliza@dolittle ~]$ 57 | 58 | Update policy 59 | ------------- 60 | 61 | We update all versions on a regular basis. Once the `support `_ ends, the branch reaches its end of life (EOL), is no longer supported and will be removed from our servers. 62 | 63 | +--------+-------------------------+------------------+ 64 | | Branch | State | Supported Until | 65 | +========+=========================+==================+ 66 | | 10 | Active | November 2022 | 67 | +--------+-------------------------+------------------+ 68 | | 11 | Active | November 2023 | 69 | +--------+-------------------------+------------------+ 70 | | 12 | Active | November 2024 | 71 | +--------+-------------------------+------------------+ 72 | | 13 | Active | November 2025 | 73 | +--------+-------------------------+------------------+ 74 | -------------------------------------------------------------------------------- /source/basics-home.rst: -------------------------------------------------------------------------------- 1 | .. _home: 2 | 3 | ############## 4 | Home Directory 5 | ############## 6 | 7 | Your home directory is your own, private directory on the Uberspace host. It is a directory with the same name as your user account, stored within the ``/home`` directory. So if your Uberspace account is named ``eliza``, you home directory is ``/home/eliza``. 8 | 9 | What Should I Put Here? 10 | ========================= 11 | 12 | The general rule is: Anything you don't want anyone else to see, especially any files you don't want to be accessible by the web server. 13 | 14 | Default Files and Folders 15 | ========================= 16 | 17 | .bash* 18 | ------ 19 | 20 | The ``.bash_profile``, ``.bashrc`` and ``.bash_logout`` files are the configuration, startup and logout scripts for the :ref:`Bash Shell `. ``.bash_profile`` is a script that is executed when you log in via :ref:`ssh` and will include ``.bashrc``. If you want to run any commands automatically whenever you log in, add them to ``.bash_profile``. ``.bash_logout`` is executed when you log out. After your first login, ``.bash_history`` will be added automatically and logs all you shell commands so you can re-run them later. 21 | 22 | In many contexts, the tilde ``~`` can be used as a placeholder for your home directory. 23 | 24 | etc 25 | --- 26 | 27 | The ``etc`` folder is reserved for configuration files of any kind. Most importantly, this includes your :ref:`supervisord` configuration in ``etc/services.d``. 28 | 29 | bin 30 | --- 31 | 32 | Within the ``bin`` directory executables installed by custom tools or written by yourself can be stored. They can then be called like normal commands. 33 | 34 | html 35 | ---- 36 | 37 | ``html`` is a symbolic link to your :ref:`documentroot`. Anything in there is accessible to the web server, and thus to the public. 38 | 39 | logs 40 | ---- 41 | 42 | A directory to store log files. 43 | 44 | Maildir 45 | ------- 46 | 47 | Your emails and IMAP folders are stored in this directory. 48 | 49 | 50 | users 51 | ----- 52 | 53 | Your additional :ref:`mailboxes`. This folder only exists if you set up mailboxes with ``uberspace mail user add``. 54 | 55 | .my.cnf 56 | ------- 57 | 58 | This is your :ref:`mysql` settings file. 59 | 60 | .qmail* 61 | ------- 62 | 63 | ``.qmail`` files (“dotqmail files”) are used to add email aliases or forwarding addresses. 64 | 65 | .ssh 66 | ---- 67 | 68 | The ``.ssh`` directory contains your :ref:`ssh` configuration. 69 | 70 | tmp 71 | --- 72 | 73 | A directory for temporary files. 74 | 75 | .zshrc 76 | ------ 77 | 78 | The configuration file for the :ref:`Z Shell `. 79 | -------------------------------------------------------------------------------- /source/_static/images/logo_golang.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 5 | 13 | 14 | 15 | 16 | 17 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 48 | 49 | 50 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | -------------------------------------------------------------------------------- /source/lang-erlang.rst: -------------------------------------------------------------------------------- 1 | .. _erlang: 2 | 3 | .. sidebar:: Logo 4 | 5 | .. image:: _static/images/logo_erlang.png 6 | :align: center 7 | 8 | ########## 9 | Erlang OTP 10 | ########## 11 | 12 | Introduction 13 | ============ 14 | 15 | `Erlang `_ is a general-purpose, concurrent, functional programming language, and a garbage-collected runtime system. The term Erlang is used interchangeably with Erlang/OTP, or Open Telecom Platform (OTP), which consists of the Erlang runtime system, several ready-to-use components (OTP) mainly written in Erlang, and a set of design principles for Erlang programs. 16 | 17 | 18 | ---- 19 | 20 | Versions 21 | ======== 22 | 23 | Release types 24 | ------------- 25 | 26 | We provide different releases and apply security updates on a regular basis. Currently, these versions are available: 20, 21, 22 and 23. All versions include `Elixir `_ and `Mix `_, a build tool that allows you to easily create projects, manage tasks, run tests and more. 27 | 28 | Standard version 29 | ---------------- 30 | If you don't select a certain version, our default will be used. We decided to default to version 21 31 | 32 | Show available versions 33 | ----------------------- 34 | 35 | Use ``uberspace tools version list erlang`` to show all selectable versions: 36 | 37 | .. code-block:: bash 38 | 39 | [eliza@dolittle ~]$ uberspace tools version list erlang 40 | - 20 41 | - 21 42 | - 22 43 | - 23 44 | [eliza@dolittle ~]$ 45 | 46 | .. _erlang-change-version: 47 | 48 | Change version 49 | -------------- 50 | You can select the Erlang/OTP version with ``uberspace tools version use erlang ``. You can choose between release branches: 51 | 52 | .. code-block:: bash 53 | 54 | [eliza@dolittle ~]$ uberspace tools version use erlang 22 55 | Selected Erlang/OTP version 22 56 | The new configuration is adapted immediately. Patch updates will be applied automatically. 57 | [eliza@dolittle ~]$ 58 | 59 | Selected version 60 | ---------------- 61 | 62 | You can check the selected version by executing ``uberspace tools version show erlang`` on the command line: 63 | 64 | .. code-block:: bash 65 | 66 | [eliza@dolittle ~]$ uberspace tools version show erlang 67 | Using 'erlang' version: '21' 68 | [eliza@dolittle ~]$ 69 | 70 | Update policy 71 | ------------- 72 | 73 | We update all versions on a regular basis. 74 | 75 | ---- 76 | 77 | Connection to webserver 78 | ======================= 79 | 80 | .. include:: includes/web-backend.rst 81 | 82 | ---- 83 | 84 | Popular software 85 | ================ 86 | 87 | Check out the `⚛️ Uberlab `_ for guides! 88 | 89 | -------------------------------------------------------------------------------- /source/daemons-supervisord.rst: -------------------------------------------------------------------------------- 1 | .. _supervisord: 2 | 3 | ########### 4 | supervisord 5 | ########### 6 | 7 | We use ``supervisord`` to monitor services. A service, or daemon, is a program that starts automatically and is kept in the background. In case it quits or crashes, it is restarted by ``supervisord``. 8 | 9 | Create a Service 10 | ================ 11 | 12 | To create a new service, place a ``.ini`` file for each new service in ``~/etc/services.d/``. So if you want to add a service called my-daemon that runs an executable located at ``/home/eliza/bin/my-daemon``, place the file ``my-daemon.ini`` in ``~/etc/services.d/`` and edit it: 13 | 14 | .. code-block:: ini 15 | 16 | [program:my-daemon] 17 | command=/home/eliza/bin/my-daemon 18 | startsecs=60 19 | 20 | Afterwards, ask ``supervisord`` to look for new ``.ini`` files: 21 | 22 | .. code-block:: bash 23 | 24 | [eliza@doolittle ~]$ supervisorctl reread 25 | my-daemon: available 26 | 27 | And then start your daemon: 28 | 29 | .. code-block:: bash 30 | 31 | [eliza@doolittle ~]$ supervisorctl update 32 | my-daemon: added process group 33 | 34 | Start / Stop a Service 35 | ====================== 36 | 37 | To start a non-running service or stop a running one, use ``supervisorctl start my-daemon`` and ``supervisorctl stop my-daemon``. To restart a service, you can also use ``supervisorctl restart my-daemon``. 38 | 39 | .. code-block:: bash 40 | 41 | [eliza@doolittle ~]$ supervisorctl start my-daemon 42 | my-daemon: started 43 | [eliza@doolittle ~]$ supervisorctl stop my-daemon 44 | my-daemon: stopped 45 | [eliza@doolittle ~]$ supervisorctl restart my-daemon 46 | my-daemon: stopped 47 | my-daemon: started 48 | 49 | 50 | Remove a Service 51 | ================ 52 | 53 | To remove a service, you need to stop it first, then you can remove it using ``supervisorctl``: 54 | 55 | .. code-block:: bash 56 | 57 | [eliza@doolittle ~]$ supervisorctl stop my-daemon 58 | my-daemon: stopped 59 | [eliza@doolittle ~]$ supervisorctl remove my-daemon 60 | my-daemon: removed process group 61 | 62 | List Services 63 | ============= 64 | 65 | To get an overview of your services and their current status, run ``supervisorctl status``: 66 | 67 | .. code-block:: bash 68 | 69 | [eliza@doolittle ~]$ supervisorctl status 70 | my-daemon RUNNING pid 16337, uptime 0:00:04 71 | 72 | Logging 73 | ======= 74 | 75 | ``supervisord`` logs are stored in ``~/logs/``. You can use ``supervisorctl tail my-daemon`` and ``supervisorctl tail my-daemon stderr`` to view the log for ``my-daemon``. Type in ``supervisorctl tail`` to see available options. 76 | 77 | Further Reading 78 | =============== 79 | 80 | * Check the global config if you’re curious: ``/etc/supervisord.conf``. 81 | * Check out the `official supervisord documentation `_. 82 | -------------------------------------------------------------------------------- /source/mail-forwarding.rst: -------------------------------------------------------------------------------- 1 | .. _mailforwarding: 2 | 3 | ################ 4 | forwarding mails 5 | ################ 6 | 7 | configure forwarding 8 | ==================== 9 | 10 | You can use forwardings in the form of ``$MAILBOX@$USER.uber.space``. If you have :ref:`set up additional domains `, ``$MAILBOX@$DOMAIN`` will also work. 11 | 12 | .. warning:: 13 | We do not forward mails with a :doc:`spam score >= 10 `. This is crucial due to policy reasons at nearly any mail provider and makes sure the reputation of our servers stays fine. 14 | 15 | Add forwards for a mailbox 16 | -------------------------- 17 | 18 | You can configure forwardings with the ``uberspace mail user forward set `` command. This will effectively create an alias for the specified address. There is no way to convert a regular mailbox (without forwarding) to an alias. 19 | 20 | To forward all mails from ``forwardme`` to ``mail@allcolorsarebeautiful.example`` run the following command: 21 | 22 | .. code-block:: bash 23 | 24 | [isabell@philae ~]$ uberspace mail user forward set forwardme mail@allcolorsarebeautiful.example 25 | Mail to forwardme will be forwarded to mail@allcolorsarebeautiful.example. 26 | [isabell@philae ~]$ 27 | 28 | .. tip:: 29 | ``uberspace mail user forward set`` overwrites existing configurations. 30 | 31 | List existing forwards for a mailbox 32 | ------------------------------------ 33 | 34 | You can list your existing forwardings using the ``uberspace mail user forward list`` command, e.g. if you have setup fowardings for ``forwardme``: 35 | 36 | .. code-block:: bash 37 | 38 | [isabell@philae ~]$ uberspace mail user forward list forwardme 39 | mail@allcolorsarebeautiful.example 40 | [isabell@philae ~]$ 41 | 42 | Delete forwards for a mailbox 43 | ----------------------------- 44 | 45 | You can delete forwardings using the ``uberspace mail user forward del `` command. This will delete the specified alias, so mails sent to it will no longer be delivered (exept if you set up a catchall address). To delete forwarding for ``forwardme``, run the following command: 46 | 47 | .. code-block:: bash 48 | 49 | [isabell@philae ~]$ uberspace mail user forward del forwardme 50 | Mail to forwardme will no longer be forwarded. 51 | [isabell@philae ~]$ 52 | 53 | spam filtering 54 | ============== 55 | 56 | With enabled :doc:`spam filtering ` we do not forward mails with a spam score greater than 5. These mails get sorted into ``~/users/$MAILBOX/.Spam``. 57 | 58 | .. warning:: 59 | In the past on the outdated product version Uberspace 6 we encouraged users to manipulate ``.qmail`` files for forwarding and controlling the email flow. This is technically still possible on U7 but will strongly interfere with our standard email setup that should be configured by using the ``uberspace mail`` commands. Because of this, we no longer provide support for problems originating from customly changed ``.qmail`` files. Please also be aware, that our setup might change in the future and break your now working custom configurations. 60 | -------------------------------------------------------------------------------- /source/mail-domains.rst: -------------------------------------------------------------------------------- 1 | .. _mail-domains: 2 | 3 | ####### 4 | Domains 5 | ####### 6 | 7 | .. include:: includes/domain-register.txt 8 | 9 | Setup 10 | ===== 11 | 12 | In order to use your own domain for mail with your Uberspace, you need to first set it up using our ``uberspace`` tool. You can only add fully qualified domain names (`FQDNs `_), wildcard domains are not available. 13 | 14 | .. code-block:: console 15 | 16 | [isabell@philae ~]$ uberspace mail domain add isabell.example 17 | The mailserver's configuration has been adapted. 18 | Now you can use the following record for your dns: 19 | MX -> philae.uberspace.de. 20 | TXT -> v=spf1 include:spf.uberspace.de 21 | 22 | Once you’ve set up your domain using the uberspace mail domain add tool, the tool provides you with the ``MX`` record that needs to be configured in your registrar’s nameserver. Please be aware that the trailing dot in ``philae.uberspace.de.`` is the correct notation of a DNS record to indicate the domains root like here, but you can skip it if the domain hoster UI does not accept it. 23 | 24 | .. warning:: Please use only the provided host name for your ``MX`` record. If you use any other host name for your ``MX``, the mailserver will not accept your domain. You will also not be able to login to the mailserver using that domain as part of the username before setting up the record. 25 | 26 | SPF record 27 | ---------- 28 | 29 | The `Sender Policy Framework `_ (SPF) is a system that allows mailservers to check if another mail server is allowed to send mails for a specific domain. To specify which servers are allowed to send mails for your domain, a ``TXT`` DNS record is set. Adding Uberspace hosts to the list of allowed servers for your domain might increase your chances of passing spam filters. We maintain a list, that you can include by setting a ``TXT``-type record for your domain, using this snippet: 30 | 31 | .. code-block:: none 32 | 33 | v=spf1 include:spf.uberspace.de 34 | 35 | This instructs other mail servers to accept mails from your domain if they originate from our hosts and to deliver any mails that claim to be from your domain but originate from a different server to the spam folder. 36 | 37 | .. include:: includes/domain-dns.txt 38 | 39 | .. include:: includes/domain-idn.txt 40 | 41 | 42 | Removal 43 | ======= 44 | 45 | To remove a domain, use the ``uberspace`` tool: 46 | 47 | .. code-block:: console 48 | 49 | [isabell@philae ~]$ uberspace mail domain del isabell.example 50 | The server's configuration has been adapted. 51 | 52 | Listing 53 | ======= 54 | 55 | If you want to find out which domains are currently set up for the mail server on your Uberspace account, use the ``uberspace`` command: 56 | 57 | .. code-block:: console 58 | 59 | [isabell@philae ~]$ uberspace mail domain list 60 | isabell.example 61 | isabell.uber.space 62 | 63 | This will list all domains and sub-domains currently set up for this account, including the default ``$USER.uber.space``. 64 | 65 | .. include:: includes/domain-providers.txt 66 | 67 | -------------------------------------------------------------------------------- /source/_static/images/icn-rocket.svg: -------------------------------------------------------------------------------- 1 | 2 | 18 | 20 | 21 | 23 | image/svg+xml 24 | 26 | 27 | 28 | 29 | 30 | 54 | 56 | 67 | 68 | 71 | 77 | 84 | 85 | 86 | -------------------------------------------------------------------------------- /source/web-domains.rst: -------------------------------------------------------------------------------- 1 | .. _web-domains: 2 | 3 | ####### 4 | Domains 5 | ####### 6 | 7 | Every Uberspace account gets its own domain in the form of ``$USER.uber.space``. You can setup as many additional domains as you like. 8 | 9 | .. include:: includes/domain-register.txt 10 | 11 | Setup 12 | ===== 13 | 14 | In order to use your own domain for web with your Uberspace, you need to first set it up using our ``uberspace`` tool. You can only add fully qualified domain names (`FQDNs `_), wildcard domains are not available, because let's 15 | encrypt does not support wildcard domains in conjunction with HTTP validation. 16 | 17 | .. code-block:: console 18 | 19 | [isabell@philae ~]$ uberspace web domain add isabell.example 20 | The webserver's configuration has been adpated. 21 | Now you can use the following records for your dns: 22 | A -> 185.26.156.55 23 | AAAA -> 2a00:d0c0:200:0:b9:1a:9c:37 24 | 25 | .. include:: includes/domain-idn.txt 26 | 27 | Once you've set up your domain using the ``uberspace`` tool, the tool provides you with the ``A`` and ``AAAA`` records that need to be configured in your registrar's nameserver. 28 | 29 | .. include:: includes/domain-dns.txt 30 | 31 | To start publishing content on your new domain, upload it to ``/var/www/virtual/isabell/html`` or ``/home/isabell/html``. By default, all domains 32 | share the same :ref:`docroot`. Please refer to :ref:`docroot` for instructions on how to use serve different content under a given domain. 33 | 34 | Subdomains 35 | ========== 36 | 37 | Any subdomain that you wish to use needs to be added individually. So in order to also use ``www.isabell.example``, you need to run ``uberspace web domain add www.isabell.example`` as well. You can also add subdomains for your ``isabell.uber.space`` domain. 38 | 39 | Because we check on each host if a domain is already under control of another user of that host, you might encounter an error if you try to add a subdomain with another user than the one you used to configure the same main domain: 40 | 41 | .. code-block:: console 42 | 43 | [isabell@stardust ~]$ uberspace web domain add example.com 44 | [..] 45 | [isabell2@stardust ~]$ uberspace web domain add sub.example.com 46 | Can't add domain to the configuration. It is a subdomain of a domain already configured for another Uberspace account. 47 | 48 | Then you can just add the subdomain *first* on the one user and *then* the main domain on the other user. 49 | 50 | .. note:: We very much encourage to use separate uberspace accounts for separate projects or apps and so far subdomains. And you shouldn't usually run in this problem because in most cases you won't end up with different users on the same host. 51 | 52 | Removal 53 | ======= 54 | 55 | To remove a domain, use the ``uberspace`` tool: 56 | 57 | .. code-block:: console 58 | 59 | [isabell@philae ~]$ uberspace web domain del isabell.example 60 | The server's configuration has been adapted. 61 | 62 | Listing 63 | ======= 64 | 65 | If you want to find out which domains are currently set up for the web server on your Uberspace account, use the ``uberspace`` command: 66 | 67 | .. code-block:: console 68 | 69 | [isabell@philae ~]$ uberspace web domain list 70 | isabell.example 71 | isabell.uber.space 72 | 73 | This will list all domains and sub-domains currently set up for this account, including the default ``$USER.uber.space``. 74 | 75 | .. include:: includes/domain-providers.txt 76 | 77 | -------------------------------------------------------------------------------- /source/lang-ruby.rst: -------------------------------------------------------------------------------- 1 | .. sidebar:: Logo 2 | 3 | .. image:: _static/images/logo_ruby.png 4 | :align: center 5 | 6 | #### 7 | Ruby 8 | #### 9 | 10 | Introduction 11 | ============ 12 | 13 | .. warning:: Ruby applications belong in your :ref:`home`, **not** in your :ref:`docroot`. 14 | 15 | `Ruby `_ is a programming language known for its easy to use `Ruby on Rails` framework. 16 | 17 | ---- 18 | 19 | Versions 20 | ======== 21 | 22 | Release types 23 | ------------- 24 | 25 | We provide different releases and apply security updates on a regular basis. Currently, these Ruby versions are available: 2.5, 2.6 and 2.7 26 | 27 | Standard version 28 | ---------------- 29 | If you don't select a certain version, our default will be used. We decided to default to version 2.5, which is considered to be stable by the developers. 30 | 31 | Show available versions 32 | ----------------------- 33 | 34 | Use ``uberspace tools version list ruby`` to show all selectable versions: 35 | 36 | .. code-block:: bash 37 | 38 | [eliza@dolittle ~]$ uberspace tools version list ruby 39 | - 2.5 40 | - 2.6 41 | - 2.7 42 | - 3.0 43 | [eliza@dolittle ~]$ 44 | 45 | .. _ruby-change-version: 46 | 47 | Change version 48 | -------------- 49 | You can select the Ruby version with ``uberspace tools version use ruby ``. You can choose between release branches: 50 | 51 | .. code-block:: bash 52 | 53 | [eliza@dolittle ~]$ uberspace tools version use ruby 2.6 54 | Selected ruby version 2.6 55 | The new configuration is adapted immediately. Patch updates will be applied automatically. 56 | [eliza@dolittle ~]$ 57 | 58 | Selected version 59 | ---------------- 60 | 61 | You can check the selected version by executing ``uberspace tools version show ruby`` on the command line: 62 | 63 | .. code-block:: bash 64 | 65 | [eliza@dolittle ~]$ uberspace tools version show ruby 66 | Using 'ruby' version: 2.5 67 | [eliza@dolittle ~]$ 68 | 69 | Update policy 70 | ------------- 71 | 72 | We update all versions on a regular basis. Once the `support `_ reaches its end of life (eol), the branch is no longer supported and will be removed from our servers. 73 | 74 | +--------+----------------------+------------------+ 75 | | Branch | State | Supported Until | 76 | +========+======================+==================+ 77 | | 2.4 | eol | 2020-03-31 | 78 | +--------+----------------------+------------------+ 79 | | 2.5 | security maintenance | 2021-03-31 | 80 | +--------+----------------------+------------------+ 81 | | 2.6 | normal maintenance | To be determined | 82 | +--------+----------------------+------------------+ 83 | | 2.7 | normal maintenance | To be determined | 84 | +--------+----------------------+------------------+ 85 | | 3.0 | normal maintenance | To be determined | 86 | +--------+----------------------+------------------+ 87 | 88 | ---- 89 | 90 | Connection to webserver 91 | ======================= 92 | 93 | .. include:: includes/web-backend.rst 94 | 95 | ---- 96 | 97 | .. _gem: 98 | 99 | gem 100 | === 101 | 102 | ``gem`` is a package manager that can be used to install and manage additional libraries, known as `gems`. We have preconfigured ``gem`` to install libraries to your :ref:`home`. 103 | 104 | ---- 105 | 106 | Popular software 107 | ================ 108 | 109 | Check out the `⚛️ Uberlab `_ for guides! 110 | -------------------------------------------------------------------------------- /source/lang-nodejs.rst: -------------------------------------------------------------------------------- 1 | .. _nodejs: 2 | 3 | .. sidebar:: Logo 4 | 5 | .. image:: _static/images/logo_nodejs.png 6 | :align: center 7 | 8 | ####### 9 | Node.js 10 | ####### 11 | 12 | Introduction 13 | ============ 14 | 15 | .. warning:: Node.js scripts belong in your :ref:`home`, **not** in your :ref:`docroot`. 16 | 17 | `Node.js `_ is a server-side `JavaScript `_ interpreter. Node.js is commonly used to develop server-based applications, i.e. the scripts bind to a network port. 18 | 19 | 20 | ---- 21 | 22 | Versions 23 | ======== 24 | 25 | Release types 26 | ------------- 27 | 28 | We provide different releases and apply security updates on a regular basis. Currently, these Node.js versions are available: 10, **12** and 14. 29 | 30 | Standard version 31 | ---------------- 32 | If you don't select a certain version, our default will be used. We decided to default to **version 12**, which is considered to be stable by the developers. 33 | 34 | Show available versions 35 | ----------------------- 36 | 37 | Use ``uberspace tools version list node`` to show all selectable versions: 38 | 39 | .. code-block:: bash 40 | 41 | [eliza@dolittle ~]$ uberspace tools version list node 42 | - 10 43 | - 12 44 | - 14 45 | - 16 46 | [eliza@dolittle ~]$ 47 | 48 | .. _node-change-version: 49 | 50 | Change version 51 | -------------- 52 | You can select the Node.js version with ``uberspace tools version use node ``. You can choose between release branches: 53 | 54 | .. code-block:: bash 55 | 56 | [eliza@dolittle ~]$ uberspace tools version use node 14 57 | Selected node version 14 58 | The new configuration is adapted immediately. Patch updates will be applied automatically. 59 | [eliza@dolittle ~]$ 60 | 61 | Selected version 62 | ---------------- 63 | 64 | You can check the selected version by executing ``uberspace tools version show node`` on the command line: 65 | 66 | .. code-block:: bash 67 | 68 | [eliza@dolittle ~]$ uberspace tools version show node 69 | Using 'node' version: '12 70 | [eliza@dolittle ~]$ 71 | 72 | Update policy 73 | ------------- 74 | 75 | We update all versions on a regular basis. Once the `support `_ ends, the branch reaches its end of life (EOL), is no longer supported and will be removed from our servers. Even-numbered versions are long-term support (LTS) versions. 76 | 77 | +--------+-------------------------+------------------+ 78 | | Branch | State | Supported Until | 79 | +========+=========================+==================+ 80 | | 10 | Maintenance | April 2021 | 81 | +--------+-------------------------+------------------+ 82 | | 12 | Maintenance | April 2022 | 83 | +--------+-------------------------+------------------+ 84 | | 14 | Active | April 2024 | 85 | +--------+-------------------------+------------------+ 86 | | 16 | Current | April 2024 | 87 | +--------+-------------------------+------------------+ 88 | 89 | Connection to webserver 90 | ======================= 91 | 92 | .. include:: includes/web-backend.rst 93 | 94 | ---- 95 | 96 | .. _npm: 97 | 98 | npm 99 | === 100 | 101 | ``npm``, or the `node package manager`, is used to install and manage additional packages. We have preconfigured ``npm`` to install packages to your :ref:`home` when using the global (``-g``) option. 102 | 103 | ---- 104 | 105 | Popular software 106 | ================ 107 | 108 | Check out the `⚛️ Uberlab `_ for guides! 109 | -------------------------------------------------------------------------------- /source/web-documentroot.rst: -------------------------------------------------------------------------------- 1 | .. _docroot: 2 | 3 | ############ 4 | DocumentRoot 5 | ############ 6 | 7 | Publish 8 | ======= 9 | 10 | In order for a website to be accessible to visitors, it must be published to the correct directory. :ref:`Upload your files via SFTP ` and place them in ``/var/www/virtual//html``. Access the files via :ref:`your domain `. 11 | 12 | .. _additionaldocroot: 13 | 14 | Additional DocumentRoots 15 | ------------------------ 16 | 17 | .. warning:: We strongly suggest to use different accounts for different projects due to security reasons. If one of the DocumentRoots gets compromised (e.g. because of a `CVE `_), all other files within all other DocumentRoots can be compromised as well. 18 | 19 | You can create folders (and symlinks) in the form of ``/var/www/virtual//``. Make sure :ref:`your domain ` is setup and configured correctly. To use ``RewriteRules``, you have to create a :ref:`.htaccess file ` within the DocumentRoot with the following content: 20 | 21 | .. code-block:: ini 22 | 23 | RewriteBase / 24 | 25 | .. tip:: The ``DOCUMENT_ROOT`` variable set by Apache *always* points to the one and only DocumentRoot ``/var/www/virtual//html`` so you will get a misleading value. There is no way to change that behaviour. 26 | 27 | .. warning:: Do not delete ``/var/www/virtual//html``. If this folder doesn't exist, the RewriteRules implementing the additional DocumentRoots don't work, so all your domains will be inaccessible. 28 | 29 | Permissions 30 | =========== 31 | 32 | Since the webserver runs with a different user, you need to make sure your files have the right `permissions `_. The folder ``/var/www/virtual//html`` and all additional DocumentRoots need to have mode ``0755``, the files within ``0644``. 33 | 34 | .. tip:: Since the folder ``/var/www/virtual/`` has mode ``0750``, other users on the same server can't access your files. 35 | 36 | In addition to "traditional" permission bits, uberspace uses `SELinux `_. For the webserver user to be able to access the files, they need to have a SELinux type of ``httpd_sys_content_t``. If you create files in your home directory, those files will carry the ``user_home_t`` type instead. Using ``mv`` to move the files will take care of this, as ``mv`` is aliased to ``mv -Z`` by default (``-Z``: *set SELinux security context of destination file to default type*). However, if you move your files in a different way, you might need to set the SELinux label accordingly, for example using `restorecon `_: ``restorecon -R -v ~/html``. 37 | 38 | Configuration 39 | ============= 40 | 41 | Provided configuration 42 | ---------------------- 43 | 44 | We provide the following configuration: 45 | 46 | .. code-block:: ini 47 | 48 | DirectoryIndex index.html index.htm index.html.var index.php index.cgi index.sh nocontent.html 49 | TypesConfig /etc/mime.types 50 | AddType application/x-compress .Z 51 | AddType application/x-gzip .gz .tgz 52 | AddType text/html .shtml 53 | AddType application/wasm .wasm .wasm.gz .wat .wat.gz 54 | AddOutputFilter INCLUDES .shtml 55 | 56 | The full configuration ist provided within the file ``/etc/httpd/conf/httpd.conf`` which is readable by every user. 57 | 58 | Own configuration 59 | ----------------- 60 | .. _htaccess: 61 | 62 | You can provide your own configuration with ``.htaccess`` files. Check the `Directive Quick Reference `_ for possible configuration directives. Keep in mind that the third column needs to contain ``h`` for ``.htaccess``. 63 | -------------------------------------------------------------------------------- /source/lang-python.rst: -------------------------------------------------------------------------------- 1 | .. _python: 2 | 3 | .. sidebar:: Logo 4 | 5 | .. image:: _static/images/logo_python.png 6 | :align: center 7 | 8 | ###### 9 | Python 10 | ###### 11 | 12 | Introduction 13 | ============ 14 | 15 | .. warning:: Python applications belong in your :ref:`home`, **not** in your :ref:`docroot`. 16 | 17 | Python is an interpreted programming language, created by Guido van Rossum in 18 | 1991. It is used for a wide range of tasks from basic scripting to full-fledged 19 | web applications. 20 | 21 | Versions 22 | ======== 23 | 24 | Release Types 25 | ------------- 26 | Each release branch of Python is fully supported for five years beginning with its initial stable release. For Python 2.7, this has been extended to ten years. We provide different point releases and apply security updates on a regular basis. Currently, these Python versions are available: 2.7, 3.4, 3.5, 3.6, 3.7, 3.8 and 3.9. 27 | 28 | Standard version 29 | ---------------- 30 | If you don't select a certain version, our default will be used. We decided to default to version 2.7. 31 | 32 | Change version 33 | -------------- 34 | To change your python version, run the relevant binary. So if you want to start a script with version 3.6, use the :code:`python3.6` binary: 35 | 36 | .. code-block:: console 37 | 38 | [eliza@dolitte ~] python3.6 my-python-script.py 39 | 40 | To specify version 2.7 in a `shebang `_, use :code:`#!/usr/bin/env python2.7`. 41 | 42 | Update Policy 43 | ------------- 44 | 45 | We update all versions on a regular basis. Once the `security support `_ ends, the branch reaches its end of life, is no longer supported and will be removed from our servers. 46 | 47 | +--------+---------------------+-----------------------------+ 48 | | Branch | State | Security Support Until | 49 | +========+=====================+=============================+ 50 | | 2.7 | Bug fixes | January 2024 (by CentOS) | 51 | +--------+---------------------+-----------------------------+ 52 | | 3.4 | Security fixes only | March 2019 | 53 | +--------+---------------------+-----------------------------+ 54 | | 3.5 | Security fixes only | September 2020 | 55 | +--------+---------------------+-----------------------------+ 56 | | 3.6 | Security fixes only | December 2021 | 57 | +--------+---------------------+-----------------------------+ 58 | | 3.7 | Bug fixes | 2023 | 59 | +--------+---------------------+-----------------------------+ 60 | | 3.8 | Bug fixes | 2024 | 61 | +--------+---------------------+-----------------------------+ 62 | | 3.9 | Bug fixes | 2025 | 63 | +--------+---------------------+-----------------------------+ 64 | 65 | Connection to webserver 66 | ======================= 67 | 68 | .. include:: includes/web-backend.rst 69 | 70 | pip 71 | === 72 | 73 | pip is Python's package manager, used to install and manage additional packages. You can only install software to your :ref:`home directory `, so please always use the :code:`--user` option when running pip. 74 | 75 | Versions 76 | -------- 77 | 78 | In order to install the correct package corresponding to the Python version you want to use, you should run the correct binary. For example, to install a package for Python 2.7, use :code:`pip2.7`: 79 | 80 | .. code-block:: console 81 | 82 | [eliza@dolitte ~] pip2.7 install package-name --user 83 | 84 | To install for Python 3.6, use :code:`pip3.6`: 85 | 86 | .. code-block:: console 87 | 88 | [eliza@dolitte ~] pip3.6 install package-name --user 89 | 90 | ---- 91 | 92 | Popular software 93 | ================ 94 | 95 | Check out the `⚛️ Uberlab `_ for guides! 96 | 97 | 98 | 99 | -------------------------------------------------------------------------------- /source/index.rst: -------------------------------------------------------------------------------- 1 | ################## 2 | Uberspace 7 manual 3 | ################## 4 | 5 | .. image:: _static/images/big-rocket.svg 6 | 7 | Uberspace is a hosting platform targeted at people who want to look behind the scenes, do things we didn’t anticipate and generally prefer working with a text-based console. Our objective is to not only host the content you’d like to see on the web, but also to introduce you to Linux and basic shell usage. 8 | 9 | ---- 10 | 11 | .. tip:: If you're looking for guides and how to install certain tools like `Ghost `_ and `WordPress `_ check out the `⚛️ Uberlab `_! 12 | 13 | ######### 14 | Changelog 15 | ######### 16 | 17 | Latest Version: **{{ newest_changelog_entry.version }}** ({{ newest_changelog_entry.date }}) 18 | 19 | {{ newest_changelog_entry.text }} 20 | 21 | For more information see the :doc:`full changelog `. 22 | 23 | .. include:: includes/hotfix-version.rst 24 | 25 | .. toctree:: 26 | :hidden: 27 | :maxdepth: 1 28 | :caption: Your first day 29 | 30 | for newbies 31 | for Ubernauts from U6 32 | for nerds 33 | 34 | .. toctree:: 35 | :hidden: 36 | :maxdepth: 1 37 | :caption: Basics 38 | 39 | SSH 40 | SFTP 41 | backup 42 | resources 43 | home directory 44 | shell 45 | firewall ports 46 | 47 | .. toctree:: 48 | :hidden: 49 | :maxdepth: 1 50 | :caption: Web 51 | 52 | DocumentRoot 53 | domains 54 | https 55 | security headers 56 | web backends 57 | web headers 58 | web errorpage 59 | logs 60 | Tor 61 | 62 | .. toctree:: 63 | :hidden: 64 | :maxdepth: 1 65 | :caption: Mail 66 | 67 | access 68 | domains 69 | mailboxes 70 | forwarding 71 | spam filter 72 | filters & rules 73 | 74 | .. toctree:: 75 | :hidden: 76 | :maxdepth: 1 77 | :caption: Database 78 | 79 | MySQL 80 | PostgreSQL 81 | MongoDB 82 | CouchDB 83 | redis 84 | InfluxDB 85 | SQLite 86 | 87 | .. toctree:: 88 | :hidden: 89 | :maxdepth: 1 90 | :caption: Programming languages 91 | 92 | PHP 93 | Python 94 | NodeJS 95 | deno 96 | Ruby 97 | golang 98 | Rust 99 | .NET Core 100 | Erlang/OTP 101 | Perl 102 | Clojure 103 | Java 104 | GCC / C(++) 105 | 106 | .. toctree:: 107 | :hidden: 108 | :maxdepth: 1 109 | :caption: Daemons 110 | 111 | supervisord 112 | Cron jobs 113 | 114 | .. toctree:: 115 | :hidden: 116 | :maxdepth: 1 117 | :caption: Background 118 | 119 | Network 120 | HTTP Stack 121 | 122 | .. toctree:: 123 | :hidden: 124 | :maxdepth: 1 125 | :caption: Billing 126 | 127 | General 128 | 129 | .. toctree:: 130 | :hidden: 131 | :titlesonly: 132 | :maxdepth: 1 133 | :caption: Meta 134 | 135 | Changelog 136 | Changelog Archive 137 | ⚛️ Uberlab 138 | Policy 139 | Legal Notice 140 | Privacy 141 | -------------------------------------------------------------------------------- /source/_templates/breadcrumbs.html: -------------------------------------------------------------------------------- 1 | {# Support for Sphinx 1.3+ page_source_suffix, but don't break old builds. #} 2 | 3 | {% if page_source_suffix %} 4 | {% set suffix = page_source_suffix %} 5 | {% else %} 6 | {% set suffix = source_suffix %} 7 | {% endif %} 8 | 9 | {% if meta is defined and meta is not none %} 10 | {% set check_meta = True %} 11 | {% else %} 12 | {% set check_meta = False %} 13 | {% endif %} 14 | 15 | {% if check_meta and 'github_url' in meta %} 16 | {% set display_github = True %} 17 | {% endif %} 18 | 19 | {% if check_meta and 'bitbucket_url' in meta %} 20 | {% set display_bitbucket = True %} 21 | {% endif %} 22 | 23 | {% if check_meta and 'gitlab_url' in meta %} 24 | {% set display_gitlab = True %} 25 | {% endif %} 26 | 27 | {% if current_version %} 28 | {% set gitlab_version = current_version %} 29 | {% endif %} 30 | 31 |
32 | 33 | 74 | 75 | {% if (theme_prev_next_buttons_location == 'top' or theme_prev_next_buttons_location == 'both') and (next or prev) %} 76 | 84 | {% endif %} 85 |
86 |
87 | -------------------------------------------------------------------------------- /source/u6-namespaces.rst: -------------------------------------------------------------------------------- 1 | .. _u6-namespaces: 2 | 3 | ####################################################### 4 | Mail namespaces from automatically migrated accounts from U6 5 | ####################################################### 6 | 7 | On U6 you had the possibility to use domain namespaces for your mail accounts. Using this feature you could create mailboxes just for a specific domain on your Uberspace like this: 8 | 9 | - anna@example1.com 10 | - arthur@example2.com 11 | 12 | Because this resulted in a heavy complicated setup on U6 and since we recommend to use only *one domain for one uberspace* anyway, this feature is no longer supported on U7. 13 | After auto migration, your mailboxes will look like this if you used namespaces: 14 | 15 | .. code-block:: bash 16 | 17 | [isabell@stardust ~]$ uberspace mail domain list 18 | example1.com 19 | example2.com 20 | 21 | [isabell@stardust ~]$ uberspace mail user list 22 | namespace1-anna 23 | namespace2-arthur 24 | 25 | [isabell@stardust ~]$ ls ~/users 26 | namespace1-anna namespace2-arthur 27 | 28 | The result would be these mail addresses: 29 | 30 | - namespace1-anna@example1.com 31 | - namespace1-anna@example2.com 32 | - namespace2-arthur@example1.com 33 | - namespace2-arthur@example2.com 34 | 35 | And the original used addresses like on U6 would be rejected by our mailserver. To approach this issue in auto migration we do the following steps with namespaced mailboxes: 36 | 37 | - all your ``~/.qmail-*`` files are moved to ``~/old-dot-qmail`` 38 | - the new ``~/.qmail-default`` will redirect *all new* incoming emails to ``~/namespace-collector`` 39 | 40 | This is a temporary setup to give you the chance and solve the namespaces in your own preferred way. 41 | 42 | Example for solving the namespaces 43 | ---------------------------------- 44 | 45 | One possibility to migrate your namespace configuration to U7 is to stay on a single Uberspace and use all mailboxes for all domains, like this: 46 | 47 | - anna@example1.com 48 | - anna@example2.com 49 | - arthur@example1.com 50 | - arthur@example2.com 51 | 52 | First you have to add the correct mailboxes: 53 | 54 | .. code-block:: bash 55 | 56 | [isabell@stardust ~]$ uberspace mail user add anna 57 | Enter a password for the mailbox: 58 | Please confirm your password: 59 | New mailbox created for user: 'anna', it will be live in a few minutes... 60 | 61 | [isabell@stardust ~]$ uberspace mail user add arthur 62 | Enter a password for the mailbox: 63 | Please confirm your password: 64 | New mailbox created for user: 'arthur', it will be live in a few minutes... 65 | 66 | [isabell@stardust ~]$ uberspace mail user list 67 | namespace1-anna 68 | namespace2-arthur 69 | anna 70 | arthur 71 | 72 | Then you will have to remove the temporary redirection to ``~/namespace-collector``: 73 | 74 | .. code-block:: bash 75 | 76 | [isabell@stardust ~]$ rm ~/.qmail-default 77 | [isabell@stardust ~]$ uberspace mail spamfolder enable 78 | 79 | If you want to have the old mails in the new mailboxes, you can just copy them: 80 | 81 | .. code-block:: bash 82 | 83 | [isabell@stardust ~]$ rsync -rtu ~/users/namespace1-anna ~/users/anna 84 | [isabell@stardust ~]$ rsync -rtu ~/users/namespace2-arthur ~/users/arthur 85 | 86 | Because there might be issues with incorrect index files, you should just remove them (they are automatically recreated): 87 | 88 | .. code-block:: bash 89 | 90 | [isabell@stardust ~]$ find ~/users/ -name "dovecot*" -delete 91 | 92 | To finish this you might want to remove the old namespaced mailboxes: 93 | 94 | .. code-block:: bash 95 | 96 | [isabell@stardust ~]$ uberspace mail user del namespace1-anna 97 | Mailbox for user 'namespace1-anna' deleted. 98 | [isabell@stardust ~]$ uberspace mail user del namespace2-arthur 99 | Mailbox for user 'namespace1-arthur' deleted. 100 | 101 | Now you have a clean and U7 compatible mail setup. 102 | 103 | .. note:: 104 | 105 | Between migration and fixing the namespaces, there might have been redirected some emails to ``~/namespace-collector``. You will have to decide by yourself how to deal with them, for example copying them to one of your mailboxes or create an new mailbox ``namespace-collector`` and move them there to check with your email client. -------------------------------------------------------------------------------- /source/mail-filters.rst: -------------------------------------------------------------------------------- 1 | .. _mailfilters: 2 | 3 | ##################### 4 | Mail filter and rules 5 | ##################### 6 | 7 | You can filter your incoming mails with `Sieve `_. Sieve scripts can be used to automatically delete or forward messages, to send autoreplies, to sort emails into folders as they arrive, to mark messages as read or flagged or to reject messages at or after delivery. 8 | 9 | A Sieve script consists of a number of conditions which are applied to incoming mail; if an email matches a test, then the actions associated with that test are performed. 10 | 11 | .. warning:: The :ref:`spamfolder ` needs to be enabled to use Sieve filtering. 12 | 13 | ManageSieve 14 | ########### 15 | 16 | Many E-Mail clients support the ManageSieve protocol to control and manage your Sieve filtering scripts. You can find a list of tools and plugins at `sieve.info `_. We plan to implement a rule editor in our :ref:`webmailer ` soon. 17 | 18 | .. tip:: We recommend the `Sieve Script Editor `_ which has a GUI to drag and drop the rules and is available for many platforms. 19 | 20 | Access 21 | ====== 22 | 23 | +--------------------+----------------------------------------------+ 24 | |Server | :term:`your Hostname` | 25 | +--------------------+----------------------------------------------+ 26 | |Port | ``4190`` | 27 | +--------------------+----------------------------------------------+ 28 | |Username | Your email address, including the domain | 29 | +--------------------+----------------------------------------------+ 30 | |Password | Your password for the email address | 31 | +--------------------+----------------------------------------------+ 32 | 33 | Scripts 34 | ####### 35 | 36 | You can store as many Sieve scripts as you like but only one can be active at a time. There's a `good Sieve reference `_ online which describes the components which make up a script. 37 | 38 | 39 | Examples 40 | ======== 41 | 42 | 43 | In this example we sort mails from a mailinglist into a folder, sort mails to ``*@allcolorsarebeautiful.example`` into another folder and lower the maximum spam score to 4. 44 | 45 | .. code-block:: sieve 46 | 47 | require ["fileinto", "reject", "comparator-i;ascii-numeric","relational"]; 48 | 49 | # Mails with a spam score greater than 4 are probably SPAM, sort them and stop 50 | if header :value "ge" :comparator "i;ascii-numeric" "X-Rspamd-Score" "4" 51 | { 52 | fileinto "Spam"; 53 | stop; 54 | } 55 | 56 | # Sort mails from mailinglist into folder mailinglist 57 | if address :is "from" ["mailinglist@allcolorsarebeautiful.example", "anothermailinglist@allcolorsarebeautiful.example" ] 58 | { 59 | fileinto "mailinglist"; 60 | stop; 61 | } 62 | 63 | # Sort mails to *@allcolorsarebeautiful.example into a special folder 64 | if address :is :domain "to" "allcolorsarebeautiful.example" 65 | { 66 | fileinto "important"; 67 | stop; 68 | } 69 | 70 | # The command "keep" is executed automatically, if no other action is taken. 71 | 72 | .. tip:: ``stop;`` tells the Sieve engine to stop here, without checking for more rules. 73 | 74 | You can find many more examples in the `Dovecot Wiki `_. 75 | 76 | Troubleshooting 77 | =============== 78 | 79 | If something does not work check the logs at ``~/users/$MAILBOX/.dovecot.sieve.log``. You can also use `Fastmail's Sieve Tester `_ to test the syntax of scripts and checks what actions a script causes to the provided email message. 80 | 81 | 82 | Background 83 | ########## 84 | 85 | Sieve scripts are stored in the corresponding mailbox folder ``~/users/$MAILBOX/sieve/``. The active script is symlinked from ``~/users/$MAILBOX/.dovecot.sieve``: 86 | 87 | .. code-block:: console 88 | 89 | [eliza@dolittle ~/users/anna]$ readlink -f .dovecot.sieve 90 | /home/utestxx1/users/anna/sieve/test.sieve 91 | 92 | Dovecot will compile a ``~/users/$MAILBOX/.dovecot.svbin`` from this script for the first mail delivered to the mailbox. It will also recompile for each new mail if the symlink or the script has been changed and the timestamp is updated. You can also trigger this by using ``sievec /path/to/script.sieve`` and check if it compiles correctly. 93 | 94 | .. tip:: When using ManageSieve the scripts are compiled and validated *before* they are uploaded and installed by symlinking. This can prevent you from inadvertently installing a broken Sieve script. 95 | -------------------------------------------------------------------------------- /source/web-logs.rst: -------------------------------------------------------------------------------- 1 | .. _web-logs: 2 | 3 | ############### 4 | Web server logs 5 | ############### 6 | 7 | The web server logs are disabled by default. Once you enable them, they are written to ``/home/$USER/logs/webserver`` (so if your user name is `isabell`, this would be ``/home/isabell/logs/webserver``) in real-time. 8 | 9 | .. note:: 10 | 11 | Disabling logs deletes all existing logs! 12 | 13 | Access Log 14 | ========== 15 | 16 | Enabling and disabling 17 | ---------------------- 18 | 19 | To enable or disable your access log, use these commands: 20 | 21 | .. code-block:: bash 22 | 23 | [isabell@doolittle ~]$ uberspace web log access enable 24 | access log is enabled 25 | [isabell@doolittle ~]$ uberspace web log access status 26 | access log is enabled 27 | [isabell@doolittle ~]$ uberspace web log access disable 28 | access log is disabled 29 | [isabell@doolittle ~]$ uberspace web log access status 30 | access log is disabled 31 | 32 | Contents of the access_log 33 | -------------------------- 34 | 35 | The ``access_log`` logs all connections to your website: 36 | 37 | .. code-block:: none 38 | 39 | isabell.uber.space:443 10.132.0.0 - - [28/Apr/2021:16:10:23 +0000] "GET /hello/world.php HTTP/1.1" 200 42 "-" "HTTPie/0.9.4" 40 | 41 | Each entry starts with the *server name* of the virtual host handling the 42 | request and the *port* on which the request was accepted (i.e. 80 or 443). The 43 | *server_name* is the domain for the request, i.e. one of the ones `you added 44 | `_ or the default (``isabell.uber.space``). These are followed 45 | by the client's (redacted) *IP address*, ``-`` and the authorized user (if any, 46 | otherwise ``-``), *date and time* of the request, the actual *HTTP request* 47 | sent, the *referrer* (if any, otherwise ``-``) and the *user agent* 48 | string, i.e. the browser and operating system used by the client. This format is 49 | often called ``VCOMBINED`` or ``NCSA with VHOST``. 50 | 51 | .. _web-logs-error: 52 | 53 | Error Log: Apache 54 | ================= 55 | 56 | Enabling and disabling 57 | ---------------------- 58 | 59 | To enable or disable your Apache error log, use these commands: 60 | 61 | .. code-block:: bash 62 | 63 | [isabell@doolittle ~]$ uberspace web log apache_error enable 64 | apache error log is enabled 65 | [isabell@doolittle ~]$ uberspace web log apache_error status 66 | apache error log is enabled 67 | [isabell@doolittle ~]$ uberspace web log apache_error disable 68 | apache error log is disabled 69 | [isabell@doolittle ~]$ uberspace web log apache_error status 70 | apache error log is disabled 71 | 72 | Contents of the error_log_apache 73 | -------------------------------- 74 | 75 | The ``error_log_apache`` logs errors encountered by Apache while handling your website — probably mostly problems with `.htaccess` files: 76 | 77 | .. code-block:: none 78 | 79 | [Thu Oct 19 16:41:00 2017] [alert] [pid 11908] config.c(2143): [client 82.98.0.0] /var/www/virtual/isabell/html/.htaccess: Invalid command 'xxo', perhaps misspelled or defined by a module not included in the server configuration 80 | 81 | Each entry provides the date and time the error occurred, the log level, process ID and the location of the error in the source, followed by the client's IP and the error message. 82 | 83 | 84 | Error Log: PHP 85 | ============== 86 | 87 | Enabling and disabling 88 | ---------------------- 89 | 90 | To enable or disable your PHP error log, use these commands: 91 | 92 | .. code-block:: bash 93 | 94 | [isabell@doolittle ~]$ uberspace web log php_error enable 95 | php error log is enabled 96 | [isabell@doolittle ~]$ uberspace web log php_error status 97 | php error log is enabled 98 | [isabell@doolittle ~]$ uberspace web log php_error disable 99 | php error log is disabled 100 | [isabell@doolittle ~]$ uberspace web log php_error status 101 | php error log is disabled 102 | 103 | Contents of the error_log_php 104 | ----------------------------- 105 | 106 | The ``/home/$USER/logs/error_log_php`` logs errors encountered by PHP on your website: 107 | 108 | .. code-block:: none 109 | 110 | [21-Jun-2017 18:40:00] WARNING: [pool www] child 27290 said into stderr: "NOTICE: PHP message: PHP Parse error: syntax error, unexpected '.', expecting end of file in /var/www/virtual/isabell/html/test.php on line 2" 111 | 112 | We provide errors logged by PHP_FPM. Each entry provides the date and time the error occurred and the PHP error message, referencing the offending file and line number. 113 | 114 | 115 | Privacy 116 | ======= 117 | 118 | To protect user's privacy, we only log the first 16 bits of an IPv4 address and the first 32 bits of an IPv6 address, respectively, nulling the rest. Thus, ``uberspace.de``'s IPv4 address, ``82.98.87.93`` and its IPv6 address ``2a02:2e0:3fc:52:0:62:5768:38`` are logged as ``82.98.0.0`` and ``2a02:2e0::`` in the actual log files. 119 | 120 | Log files are rotated daily and deleted after 7 days of retention. 121 | -------------------------------------------------------------------------------- /source/basics-backup.rst: -------------------------------------------------------------------------------- 1 | .. _backup: 2 | 3 | ###### 4 | Backup 5 | ###### 6 | 7 | We automatically back up your files to another server every night. 8 | 9 | .. warning:: We strongly recommend that you do not rely solely on our backup. Keep a backup of your own at another location. 10 | 11 | Files 12 | ===== 13 | 14 | We keep daily backups of the last seven days, and weekly backups going back seven weeks. 15 | 16 | .. note:: You can exclude files or directories by giving them the name ``no_backup``. 17 | 18 | Restoring from the backup 19 | ------------------------- 20 | 21 | You can access your hosts backup at ``/backup``: 22 | 23 | .. code-block:: console 24 | 25 | [eliza@doolittle ~]# ls -l /backup/ 26 | total 56 27 | dr-xr-xr-x. 19 root root 4096 Jul 30 22:29 current 28 | lrwxrwxrwx. 1 root root 7 May 30 22:10 daily.0 -> current 29 | dr-xr-xr-x. 19 root root 4096 Jul 30 22:29 daily.1 30 | dr-xr-xr-x. 19 root root 4096 Jul 30 01:57 daily.2 31 | lrwxrwxrwx. 1 root root 8 Jul 29 15:21 daily.3 -> weekly.1 32 | dr-xr-xr-x. 19 root root 4096 Jul 27 22:19 daily.4 33 | dr-xr-xr-x. 19 root root 4096 Jul 26 22:14 daily.5 34 | dr-xr-xr-x. 18 root root 4096 Jul 25 22:13 daily.6 35 | dr-xr-xr-x. 18 root root 4096 Jul 24 22:12 daily.7 36 | dr-xr-xr-x. 19 root root 4096 Jul 29 11:09 weekly.1 37 | dr-xr-xr-x. 17 root root 4096 Jul 22 22:11 weekly.2 38 | dr-xr-xr-x. 17 root root 4096 Jul 15 22:11 weekly.3 39 | dr-xr-xr-x. 17 root root 4096 Jul 8 22:10 weekly.4 40 | dr-xr-xr-x. 17 root root 4096 Jul 1 22:10 weekly.5 41 | dr-xr-xr-x. 17 root root 4096 Jun 24 22:10 weekly.6 42 | dr-xr-xr-x. 17 root root 4096 Jun 17 22:10 weekly.7 43 | 44 | Let's say you accidentally deleted the folder ``/var/www/virtual/eliza/html/blog`` three days ago. No problem, there is a complete backup at ``/backup/daily.3/var/www/virtual/eliza/html/blog``: 45 | 46 | .. code-block:: console 47 | 48 | [eliza@doolittle ~]$ ls -ld /backup/daily.3/var/www/virtual/eliza/html/blog 49 | drwxr-xr-x 12 eliza eliza 4096 Jul 28 23:31 /backup/daily.3/var/www/virtual/eliza/html/blog 50 | 51 | 52 | You can use standard Linux commands such as ``ls``, ``cp``, ``rsync``, etc. to look around and restore files and folders from the backup. ``rsync`` lets you do a dry run first which won't modify anything yet: 53 | 54 | .. code-block:: console 55 | 56 | [eliza@doolittle ~]$ rsync --dry-run --verbose --recursive --links --perms --times --hard-links --acls --xattrs /backup/daily.3/var/www/virtual/eliza/html/blog/ /var/www/virtual/eliza/html/blog/ 57 | 58 | If the output of your dry run looks good, you can restore the backup: 59 | 60 | .. code-block:: console 61 | 62 | [eliza@doolittle ~]$ rsync --verbose --recursive --links --perms --times --hard-links --acls --xattrs /backup/daily.3/var/www/virtual/eliza/html/blog/ /var/www/virtual/eliza/html/blog/ 63 | 64 | .. note:: Because the backup is mounted as an NFS share, it has a different `SELinux` context than your target directory. To avoid permission problems, run ``restorecon -R`` on your restored data, e.g. ``restorecon -R /var/www/virtual/eliza/html/blog/``. 65 | 66 | If you need help, don't hesitate to contact us at hallo@uberspace.de. 67 | 68 | .. warning:: Do not use symlinks such as ``~/html`` when restoring your backup – that won't work because the backed-up symlink still points to the actual target ``/var/www/virtual/$USER/html`` instead of the target's backup (``/backup/daily.3/var/www/virtual/$USER/html``). 69 | 70 | MySQL 71 | ===== 72 | 73 | .. _mysql_backup: 74 | 75 | We dump and backup all databases every night and keep backups of the last 21 days. You can access your hosts database backups at ``/mysql_backup``. 76 | 77 | The last backup is stored in ``/mysql_backup/current/$USER`` and not dated: 78 | 79 | .. code-block:: console 80 | 81 | [eliza@doolittle ~]# ls -l /mysql_backup/current/eliza 82 | total 56 83 | -rw-r-----. 2 root eliza 520200 Oct 11 04:23 eliza_nextcloud.sql.xz 84 | -rw-r-----. 2 root eliza 596 Oct 11 04:23 eliza.sql.xz 85 | 86 | Dated backups can be found in ``/mysql_backup/old/$USER``: 87 | 88 | .. code-block:: console 89 | 90 | [eliza@doolittle ~]# ls -l /mysql_backup/old/eliza 91 | total 516 92 | -rw-r-----. 2 root eliza 596 Oct 09 04:23 eliza.2018-10-09.1539051623.sql.xz 93 | -rw-r-----. 2 root eliza 520200 Oct 09 04:23 eliza_nextcloud.2018-10-09.1539051623.sql.xz 94 | -rw-r-----. 2 root eliza 596 Oct 10 04:23 eliza.2018-10-10.1539138023.sql.xz 95 | -rw-r-----. 2 root eliza 520200 Oct 10 04:23 eliza_nextcloud.2018-10-10.1539138023.sql.xz 96 | -rw-r-----. 2 root eliza 596 Oct 11 04:23 eliza.2018-10-11.1539224423.sql.xz 97 | -rw-r-----. 2 root eliza 520200 Oct 11 04:23 eliza_nextcloud.2018-10-11.1539224423.sql.xz 98 | 99 | Restoring from the backup 100 | ------------------------- 101 | 102 | You can use ``xzcat`` and ``mysql`` to restore dumps. Let's say you want to reset every database to the latest backup: 103 | 104 | .. code-block:: console 105 | 106 | [eliza@doolittle ~]# xzcat /mysql_backup/current/eliza/*.sql.xz | mysql eliza 107 | [eliza@doolittle ~]# 108 | -------------------------------------------------------------------------------- /source/mail-access.rst: -------------------------------------------------------------------------------- 1 | .. _mail-access: 2 | 3 | #################### 4 | Accessing Your Mails 5 | #################### 6 | 7 | Webmail 8 | ======= 9 | 10 | You can access your emails using the webmail interface at `webmail.uberspace.de 11 | `_. Use your full email address and the corresponding password to login. This works with your ``@uber.space`` address as well as with any addresses using your :ref:`own domains `. 12 | 13 | For your ``@uber.space`` address the password is the same as for SSH access, which you can set in your `dashboard 14 | `_. 15 | 16 | .. warning:: If you never set your password for SSH access it won't be possible to authenticate with the ``@uber.space`` address. You have to explicitly set the password for SSH access once after you have created your uberspace account. 17 | 18 | Client settings 19 | =============== 20 | 21 | .. warning:: You must use encryption with all of the protocols; we do not support insecure access. 22 | 23 | IMAP 24 | ---- 25 | 26 | +--------------------+----------------------------------------------+ 27 | |Server | :term:`your Hostname` | 28 | +--------------------+----------------------------------------------+ 29 | |Port | ``993`` | 30 | +--------------------+----------------------------------------------+ 31 | |SSL/TLS Encryption | Enabled, but not STARTTLS | 32 | +--------------------+----------------------------------------------+ 33 | |Username | Your email address, including the domain | 34 | +--------------------+----------------------------------------------+ 35 | |Password | Your password for the email address | 36 | +--------------------+----------------------------------------------+ 37 | 38 | .. tip:: If your mail client does not support TLS encryption, use port ``143`` instead with STARTTLS. 39 | 40 | POP 41 | --- 42 | 43 | We recommend using IMAP over POP to access your email. By default, POP will pull emails from your inbox. 44 | 45 | +--------------------+----------------------------------------------+ 46 | |Server | :term:`your Hostname` | 47 | +--------------------+----------------------------------------------+ 48 | |Port | ``995`` | 49 | +--------------------+----------------------------------------------+ 50 | |SSL/TLS Encryption | Enabled, but not STARTTLS | 51 | +--------------------+----------------------------------------------+ 52 | |Username | Your email address, including the domain | 53 | +--------------------+----------------------------------------------+ 54 | |Password | Your password for the email address | 55 | +--------------------+----------------------------------------------+ 56 | 57 | .. tip:: If your mail client does not support TLS encryption, use port ``110`` instead with STARTTLS. 58 | 59 | SMTP 60 | ---- 61 | 62 | +--------------------+----------------------------------------------+ 63 | |Server | :term:`your Hostname` | 64 | +--------------------+----------------------------------------------+ 65 | |Port | ``587`` | 66 | +--------------------+----------------------------------------------+ 67 | |SSL/TLS Encryption | STARTTLS | 68 | +--------------------+----------------------------------------------+ 69 | |Username | Your email address, including the domain | 70 | +--------------------+----------------------------------------------+ 71 | |Password | Your password for the email address | 72 | +--------------------+----------------------------------------------+ 73 | 74 | .. warning:: Don't use ports ``25`` or ``465`` for sending mails! Unfortunately many clients try to use these ports, this won't work on Uberspace. 75 | 76 | Debugging 77 | ========= 78 | 79 | The most common problems when using a mail client with an Uberspace account: 80 | 81 | * Some home routers, especially some *Speedport* models offered by Deutsche Telekom, block SMTP connections to servers that are not on an internal allow list. You need to either disable that feature or add your Uberspace host to the allow list. Please check your router's manual for instructions. 82 | * Similarly, some anti-virus applications block SMTP connections or modify the port. 83 | * Some mail clients won't allow mail passwords that are longer than 16 characters. 84 | 85 | Apple Mail.app 86 | -------------- 87 | 88 | If Mail.app complains that the Account or the SMTP server is offline, this is usually caused by the `Automatically manage connection settings `_ option. If this option is active, Apple Mail sometimes replaces the correct settings with incorrect ones, blocking access to the account. You can safely turn off the setting and correct the settings. 89 | 90 | ---- 91 | 92 | .. glossary:: 93 | 94 | your Hostname 95 | You can find your hostname in the `Datasheet `_ section. It's always ``.uberspace.de``. 96 | -------------------------------------------------------------------------------- /source/mail-mailboxes.rst: -------------------------------------------------------------------------------- 1 | .. _mailboxes: 2 | 3 | ######### 4 | Mailboxes 5 | ######### 6 | 7 | System mailbox 8 | ============== 9 | 10 | Every Uberspace account gets its own mailbox in the form of ``$USER@$SERVER.uberspace.de``. For convenience reasons you can use ``$USER@uber.space`` as well to receive mails. 11 | 12 | .. tip:: 13 | If you'd like to receive mails from other people or providers use ``$USER@uber.space``, not ``$USER@$SERVER.uberspace.de``. The latter may not be 14 | available in future product versions. 15 | 16 | Mailboxes 17 | ========= 18 | 19 | The e-mail address of your mailboxes is in the form of ``$MAILBOX@$USER.uber.space``. If you have :ref:`set up additional domains `, ``$MAILBOX@$DOMAIN`` will also work. 20 | 21 | Setup a new mailbox 22 | ------------------- 23 | 24 | To add a new mailbox to your Uberspace, run the ``uberspace mail user add `` command and enter your password when prompted. So to add the mailbox ``post``, run this command: 25 | 26 | .. code-block:: bash 27 | 28 | [isabell@philae ~]$ uberspace mail user add post 29 | Enter a password for the mailbox: 30 | Please confirm your password: 31 | New mailbox created for user: 'post', it will be live in a few minutes... 32 | 33 | .. tip:: 34 | Nothing is shown while entering your password; that’s absolutely correct and works as intended – just enter it blindly and press Enter! 35 | 36 | .. warning:: 37 | While some special characters such as ``.``, ``+``, ``-``, ``_`` are allowed in mailbox names, there are `rules `_ limiting their usage. Please make sure your mailbox name adheres to these rules. 38 | 39 | .. tip:: We strongly recommend to use only `ASCII characters `_ in your password. Non-ASCII characters may work in some circumstances, but this depends on the encoding used by your client being compatible with the one used by the mail server. 40 | 41 | Password Requirements 42 | ~~~~~~~~~~~~~~~~~~~~~ 43 | 44 | Your mailbox password has to comply with a set of rules: 45 | 46 | - A minimum length of 8 characters. 47 | - Not only letters. 48 | - Not only numbers. 49 | - Not prohibited by us. 50 | - A password score of ``>=4``. 51 | 52 | We **prohibit the use of some passwords** we deem too common (like ``test1234``) or too easy to guess, e.g. if your mailbox name should be ``fn0rd``, we will reject ``testfn0rd`` as a password. 53 | 54 | In addition to the above, we also check your password using `xcvbn `_. This results in a score for your password, based on how easy it might be guessed and / or cracked (higher results mean a better estimated password strenght). We require a **password score** of at least ``4``. 55 | 56 | If we reject your password, we try to give you an error messages that explains why. Hopefully it will help you to choose a fitting alternative. 57 | 58 | List existing mailboxes 59 | ----------------------- 60 | 61 | You can list your existing mailboxes using the ``uberspace mail user list`` command, e.g. if you have setup mailboxes for `post` and `info`: 62 | 63 | .. code-block:: bash 64 | 65 | [isabell@philae ~]$ uberspace mail user list 66 | info 67 | post 68 | 69 | 70 | Changing passwords 71 | ------------------ 72 | 73 | To change a mailbox's password, run the ``uberspace mail user password `` command, so in order to change the password for the mailbox ``post``, run this command: 74 | 75 | .. code-block:: bash 76 | 77 | [isabell@philae ~]$ uberspace mail user password post 78 | Enter a password for the mailbox: 79 | Please confirm your password: 80 | New mailbox password set for user 'post'. 81 | 82 | Delete a mailbox 83 | ---------------- 84 | 85 | You can delete a mailbox using the ``uberspace mail user del `` command. To delete the mailbox ``post``, run the following command: 86 | 87 | .. code-block:: bash 88 | 89 | [isabell@philae ~]$ uberspace mail user del post 90 | Mailbox for user 'post' deleted. 91 | 92 | .. _catchall: 93 | 94 | Catch-all mailbox 95 | ================= 96 | 97 | You can configure any existing mailbox to be the catch-all mailbox. 98 | 99 | .. tip:: 100 | A catch-all mailbox will "catch all" of the emails addressed to the domains on your account that do not exist in the mail server - this can help avoid losing emails due to misspelling. Without a catch-all mailbox these mails will get rejected by the server. 101 | 102 | .. code-block:: bash 103 | 104 | [isabell@philae ~]$ uberspace mail catchall status 105 | No catchall configured. 106 | [isabell@philae ~]$ 107 | 108 | To set the catch-all mailbox run ``uberspace mail catchall set ``. In this example we make the mailbox ``post`` the catch-all mailbox: 109 | 110 | .. code-block:: bash 111 | 112 | [isabell@philae ~]$ uberspace mail catchall set post 113 | Mails, which cannot be matched to a mailbox, will be sent to post. 114 | [isabell@philae ~]$ 115 | 116 | To remove the catch-all run ``uberspace mail catchall del``: 117 | 118 | .. code-block:: bash 119 | 120 | [isabell@philae ~]$ uberspace mail catchall del 121 | No catchall configured. 122 | [isabell@philae ~]$ 123 | -------------------------------------------------------------------------------- /source/web-tor.rst: -------------------------------------------------------------------------------- 1 | .. _web-tor: 2 | 3 | ################## 4 | Tor Hidden Service 5 | ################## 6 | 7 | Tor_ is open-source software for anonymous communication. It enables users 8 | behind the firewall of their ISP or country to access to the wider internet and 9 | can thus act as a very empowering tool. Additionally, it hides browsing behavior 10 | from your ISP or whoever else is listening in on your connection. To enable 11 | this, traffic is routed through several nodes within the Tor network, which also 12 | makes surfing a bit slower. 13 | 14 | While Tor is quite capable of connecting Tor users to the outside world via 15 | so-called exit nodes, there is a much nicer way to access content inside Tor: 16 | hidden services. Traffic to and from Tor hidden services never leaves the Tor 17 | network and, as a result, has stronger privacy guarantees as well as increased 18 | performance. It also enabled both the server and the client to remain anonymous. 19 | 20 | Content hosted on the default ``.uber.space`` domain is automatically made 21 | available as a hidden service as a sub domain of **onastroids**\ t6krpn.onion. 22 | For example, content on https://isabell.uber.space is also reachable via 23 | http://isabell.onastroidst6krpn.onion. 24 | 25 | Forwarding by Tor-Browser 26 | ========================= 27 | 28 | If provided an ``Onion-Location`` will cause the Tor-Browser to `redirect according to the settings https://tb-manual.torproject.org/onion-services/`. 29 | Currently you may manually setup the ``Onion-Location`` as HTTP header using ``uberspace web header set / Onion-Location http://SOMEONE.ahcbagldgzdpa74g2mh74fvk5zjzpfjbvgqin6g3mfuu66tynv2gkiid.onion/``, for more details see https://manual.uberspace.de/web-headers.html . 30 | An alternative possibility that also overrides the HTTP header is a meta-tag in the header https://community.torproject.org/onion-services/advanced/onion-location/, e.g. in case the content is shared with other webservers than uberspace. 31 | 32 | Other domains 33 | ============= 34 | 35 | Content on other domains is currently not accessible as a hidden service, but 36 | can of course be accessed normally from inside the Tor network. This is mainly 37 | due a difficulty in matching requests: all requests from 38 | ``SOMEONE.onastroidst6krpn.onion`` go to ``SOMEONE.uber.space``, which makes 39 | for a rather simple and roboust setup. While we could implement more 40 | sophisticated matching like ``my.domain.com.SOMEONE.onastroidst6krpn.onion``, we 41 | have currently chosen not do so. 42 | 43 | You can of course host your own hidden service inside your uberspace to serve 44 | other content. 45 | 46 | Trust and Security 47 | ================== 48 | 49 | Compared to a normal hidden service run by yourself, there are a few key points 50 | to keep in mind: 51 | 52 | 1. Your username is contained in the site domain, which makes it clear, who is 53 | responsible for the provided content. Since uberspace only allows legal 54 | content to be hosted on our servers, this should not be of much concern to most 55 | users. In some cases, you might benefit from the extra anonymity, though. If 56 | this sounds like you, a different solution might be a better fit. 57 | 2. We hold the private key to our onion address and could thus theoretically alter 58 | or drop any content or requests. We will of course not do so; with a notable 59 | exception being abuse handling. While this is rather obvious, we still wanted 60 | to point it out here. 61 | 3. Our hidden service currently only supports HTTP (without the S). Since the 62 | traffic never leaves the Tor network, this isn't much of a problem. We'd like 63 | to provide HTTPS anyway, since it would provide additional authentication, but we 64 | are currently not able to do so. This is mainly due to high pricing of 65 | certificates for ``.onion`` domains as well as Let's Encrypt not supporting 66 | them. 67 | 68 | If any of those points constitute a deal breaker for you, you are of course free 69 | to not use our hidden service and host your own inside your uberspace. 70 | 71 | Identifying Requests 72 | ==================== 73 | 74 | Tor makes it impossible to identify which source IP address is sending requests 75 | to your site. This is by design. Without some extra effort, it isn't even 76 | obvious that a request passed through the Tor network at all. However, requests 77 | that arrived on our hidden service and where then proxied through to your 78 | uberspace bear a ``X-Uberspace-Via-Hidden-Service`` HTTP header. Keep in mind 79 | that this header can be faked very easily. Requests containing the header might 80 | come from the hidden service. Requests not containing the header certainly did 81 | not pass through the hidden service. 82 | 83 | Next-Gen/V3 Onions 84 | ================== 85 | 86 | Since V2 onions and their SHA1/RSA1024 tech is a little dated, we also offer a 87 | V3 onion address: ``ahcbagldgzdpa74g2mh74fvk5zjzpfjbvgqin6g3mfuu66tynv2gkiid.onion``. 88 | It can be used just like the V2 one. 89 | 90 | uberspace.de 91 | ============ 92 | 93 | Just like your sites, our website and the dashboard can of course be directly 94 | accessed in the Tor network. Use the following addresses: 95 | 96 | * http://uberspaceyukm42r.onion 97 | * http://ubrspc3z5xuzh2iss4xuacpjdqj24orwnuye5hk23cpykd3mcujvygqd.onion 98 | 99 | .. _Tor: https://www.torproject.org/ 100 | -------------------------------------------------------------------------------- /source/daemons-cron.rst: -------------------------------------------------------------------------------- 1 | .. _cron: 2 | 3 | #### 4 | Cron 5 | #### 6 | 7 | Cron is a system-wide service to run tasks, so-called `cronjobs`, in user-specified intervals. For example, you might want to create a backup of your Uberspace every day. You could then create a cronjob that will copy all files on your account to another server. 8 | 9 | Crontab 10 | ======= 11 | 12 | Your cronjobs are stored in your ``crontab``. This is a table that contains all the information Cron needs to run your task. It looks like this: 13 | 14 | .. code-block:: none 15 | 16 | * * * * * /path/to/your/job 17 | ┬ ┬ ┬ ┬ ┬ 18 | │ │ │ │ │ 19 | │ │ │ │ └──── Day of the week (0-7) (Sunday can be 0 or 7) 20 | │ │ │ └────── Month (1-12) 21 | │ │ └──────── Day of the month (1-31) 22 | │ └────────── Hour (0-23) 23 | └──────────── Minute (0-59) 24 | 25 | An asterisk (``*``) means that any value is valid, so if all columns contain an asterisk, the job will be started every minute, regardless of date, time, etc. 26 | 27 | Please note that hours are always in 24-hour format, so 10 is 10 a.m., if you want 10 p.m., you need to enter 22 in the hour column. 28 | 29 | To see your current crontab, run ``crontab -l``. 30 | 31 | Examples 32 | -------- 33 | 34 | .. code-block:: none 35 | 36 | 15 * * * * /path/to/your/job/script.pl 37 | 38 | The job /path/to/your/job/script.pl is started 15 minutes past every full hour. 39 | 40 | .. code-block:: none 41 | 42 | 30 10 * * * /path/to/your/job/script.pl 43 | 44 | The job is started every day at 10:30 a.m. 45 | 46 | .. code-block:: none 47 | 48 | * * * * * /path/to/your/job/script.pl 49 | 50 | The job is started every minute. 51 | 52 | Special characters: ``/``, ``,`` and ``-``: 53 | 54 | | ``/`` is used to divide a time. 55 | | ``,`` combines multiple times. 56 | | ``-`` specifies a range (such as 1-5). 57 | | 58 | 59 | .. code-block:: none 60 | 61 | */5 * * * * /path/to/your/job/script.pl 62 | 63 | The job is started every five minutes. 64 | 65 | .. code-block:: none 66 | 67 | 30 8-20 * * * /path/to/your/job/script.pl 68 | 69 | The job is started at half past the hour between 8 a.m. and 8:30 p.m. 70 | 71 | .. code-block:: none 72 | 73 | 30 10 * * 1,2,3,4,5 /path/to/your/job/script.pl 74 | 75 | The job is started on weekdays (Monday to Friday) at 10:30 a.m. 76 | 77 | Aliases 78 | ------- 79 | 80 | There are a couple of aliases that can be used instead of the numeric definitions: 81 | 82 | | ``@hourly``: At every full hour (i.e.: ``0 * * * *``). 83 | | ``@daily`` or ``@midnight``: Every day (i.e.: ``0 0 * * *``). 84 | | ``@weekly``: Every week (i.e.: ``0 0 * * 0``). 85 | | ``@monthly``: Once a month (i.e.: ``0 0 1 * *``). 86 | | ``@yearly`` or ``@annually``: Once a year (i.e.: ``0 0 1 1 *``). 87 | | ``@reboot``: After every reboot. 88 | | 89 | 90 | Adding, Modifying, and Deleting a Cronjob 91 | ----------------------------------------- 92 | 93 | If you want to add or modify a new cronjob, you need to edit your ``crontab``. To do this, use the command ``crontab -e``. This will launch your standard editor and you can add a new job or modify an existing one. 94 | 95 | To change your standard editor, set it in the ``VISUAL`` variable. So to use ``nano``, add this line to your :ref:`.bash_profile `: 96 | 97 | .. code-block:: none 98 | 99 | export VISUAL='nano' 100 | 101 | Afterwards log out of your uberspace and log back in again. 102 | 103 | To remove a cronjob, delete the line. If you want to only temporarily disable a cronjob, put a ``#`` at the beginning of the line. You can also use the ``#`` to add comments to the file. 104 | 105 | After you've saved the temporary file and exited the editor, the changes will be applied. 106 | 107 | PATH 108 | ---- 109 | 110 | ``cron`` does not parse your :ref:`.bash_profile ` or :ref:`.bashrc `, so ``$PATH`` is different from your shell. You can define ``$PATH`` in the ``crontab``. So if you want to include your ``~/bin`` directory in ``$PATH``, you need to insert this line before your cronjob: 111 | 112 | .. code-block:: none 113 | 114 | PATH=/home//bin:/usr/bin:/bin 115 | 116 | 117 | 118 | Mails 119 | ----- 120 | 121 | By default, ``cron`` will email the result of your cronjob to your :ref:`primary email address `. To disable these emails, you can set an empty ``MAILTO`` variable before your actual cronjob. You will still receive emails if there is an error. 122 | 123 | .. code-block:: none 124 | 125 | MAILTO="" 126 | 15 * * * * /path/to/your/job/script.pl 127 | 128 | Similarly, you can have the emails sent to a different email address: 129 | 130 | .. code-block:: none 131 | 132 | MAILTO="my-other-address@provider.example" 133 | 15 * * * * /path/to/your/job/script.pl 134 | 135 | To completely disable any emails for a cronjob, you need to send both the standard output and standard error to ``/dev/null``: 136 | 137 | .. code-block:: none 138 | 139 | 15 * * * * /path/to/your/job/script.pl > /dev/null 2>&1 140 | 141 | Logging 142 | ------- 143 | 144 | If you want to save your cronjob's output to a log file, you can do so by using the ``>`` and ``>>`` operators. Please note that this also disables cron's emails. 145 | 146 | To save only the most recent output, use ``>``: 147 | 148 | .. code-block:: none 149 | 150 | 15 * * * * /path/to/your/job/script.pl > /path/to/your/logfile 2>&1 151 | 152 | To append the log file, use ``>>``: 153 | 154 | .. code-block:: none 155 | 156 | 15 * * * * /path/to/your/job/script.pl >> /path/to/your/logfile 2>&1 157 | -------------------------------------------------------------------------------- /source/_static/images/apple_pay.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 6 | 7 | 26 | 44 | 45 | 46 | 48 | 54 | 55 | 56 | 59 | 65 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | --------------------------------------------------------------------------------