mirror of https://github.com/xwiki-labs/cryptpad
tMerge branch 'main' into 5.6-rc
This commit is contained in:
commit
f9e6c8d142
|
@ -0,0 +1,19 @@
|
||||||
|
# Security Policy
|
||||||
|
|
||||||
|
## Supported Versions
|
||||||
|
|
||||||
|
Considering the amount of resources necessary to backport security or bug fixes to previous, unsupported CryptPad versions, it's not something we do.
|
||||||
|
However, we quickly release new minor versions in case of need.
|
||||||
|
|
||||||
|
Please keep up with the latest release published here: https://github.com/cryptpad/cryptpad/releases
|
||||||
|
|
||||||
|
Note that every GitHub release page has an RSS compatible feed that you can subscribe on to be informed of every new release.
|
||||||
|
|
||||||
|
We do also communicate about this topic on:
|
||||||
|
- [Our blog](https://blog.cryptpad.org)
|
||||||
|
- [Our Matrix public space](https://matrix.to/#/#cryptpad:matrix.xwiki.com)
|
||||||
|
- [Our Mastodon account](https://fosstodon.org/@cryptpad)
|
||||||
|
|
||||||
|
## Reporting a Vulnerability
|
||||||
|
|
||||||
|
Vulnerabilities can be reported using the GitHub Security interface. You can also send us an email at security@cryptpad.org
|
|
@ -14,6 +14,10 @@ Restart=always
|
||||||
# Restart service after 10 seconds if node service crashes
|
# Restart service after 10 seconds if node service crashes
|
||||||
RestartSec=2
|
RestartSec=2
|
||||||
|
|
||||||
|
# Proper logging to journald
|
||||||
|
StandardOutput=journal
|
||||||
|
StandardError=journal+console
|
||||||
|
|
||||||
User=cryptpad
|
User=cryptpad
|
||||||
Group=cryptpad
|
Group=cryptpad
|
||||||
# modify to match your working directory
|
# modify to match your working directory
|
||||||
|
|
|
@ -0,0 +1,35 @@
|
||||||
|
# This file is included strictly as an example of how Apache httpd can be
|
||||||
|
# configured to work with CryptPad. If you are using CryptPad in production
|
||||||
|
# and require professional support please contact sales@cryptpad.fr
|
||||||
|
|
||||||
|
# This configuration requires mod_ssl, mod_socache_shmcb, mod_proxy,
|
||||||
|
# mod_proxy_http and mod_headers
|
||||||
|
|
||||||
|
Listen 443
|
||||||
|
|
||||||
|
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||||
|
SSLProxyCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||||
|
SSLHonorCipherOrder off
|
||||||
|
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
||||||
|
SSLProxyProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
||||||
|
SSLSessionCache "shmcb:logs/ssl_scache(512000)"
|
||||||
|
SSLSessionCacheTimeout 86400
|
||||||
|
SSLSessionTickets off
|
||||||
|
SSLUseStapling on
|
||||||
|
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
|
||||||
|
|
||||||
|
<VirtualHost *:443>
|
||||||
|
ServerName cryptpad.your-domain.com
|
||||||
|
ServerAlias sandbox.your-domain.com
|
||||||
|
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
|
||||||
|
SSLEngine on
|
||||||
|
SSLCertificateFile /etc/letsencrypt/live/your-domain.com/cert.pem
|
||||||
|
SSLCertificateKeyFile /etc/letsencrypt/live/your-domain.com/privkey.pem
|
||||||
|
BrowserMatch "MSIE [2-5]" \
|
||||||
|
nokeepalive ssl-unclean-shutdown \
|
||||||
|
downgrade-1.0 force-response-1.0
|
||||||
|
Protocols h2 http/1.1
|
||||||
|
LimitRequestBody 157286400
|
||||||
|
ProxyPass / http://localhost:3000/ upgrade=websocket
|
||||||
|
ProxyPassReverse / http://localhost:3000/
|
||||||
|
</VirtualHost>
|
Loading…
Reference in New Issue