Commit Graph

2591 Commits

Author SHA1 Message Date
Alex Vandiver 68c4b708a0 docs: Specify which CPU architectures are supported.
Fixes: #22310.
2022-06-29 17:28:05 -07:00
Alex Vandiver 4fd51cb5ad uwsgi: Increase request buffer size to 64k, from 8k default.
The default value in uwsgi is 4k; receiving more than this amount from
nginx leads to a 502 response (though, happily, the backend uwsgi does not
terminate).

ab18dbfde5 originally increased it from the unstated uwsgi default
of 4096, to 8192; b1da797955 made it configurable, in order to allow
requests from clients with many cookies, without causing 502's[1].

nginx defaults to a limitation of 1k, with 4 additional 8k header
lines allowed[2]; any request larger than that returns a response of
`400 Request Header Or Cookie Too Large`.  The largest header size
theoretically possible from nginx, by default, is thus 33k, though
that would require packing four separate headers to exactly 8k each.

Remove the gap between nginx's limit and uwsgi's, which could trigger
502s, by removing the uwsgi configurability, and setting a 64k size in
uwsgi (the max allowable), which is larger than nginx's default limit.

uWSGI's documentation of `buffer-size` ([3], [4]) also notes that "It
is a security measure too, so adapt to your app needs instead of
maxing it out."  Python has no security issues with buffers of 64k,
and there is no appreciable memory footprint difference to having a
larger buffer available in uwsgi.

[1]: https://chat.zulip.org/#narrow/stream/31-production-help/topic/works.20in.20Edge.20not.20Chrome/near/719523
[2]: https://nginx.org/en/docs/http/ngx_http_core_module.html#client_header_buffer_size
[3]: https://uwsgi-docs.readthedocs.io/en/latest/ThingsToKnow.html
[4]: https://uwsgi-docs.readthedocs.io/en/latest/Options.html#buffer-size
2022-06-28 16:14:24 -07:00
Anders Kaseorg 251198044f docs: Update WIP PR convention to GitHub draft PRs.
Since GitHub supports draft PRs, our [WIP] convention is obsolete.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-06-28 13:16:38 -07:00
Alex Vandiver f9b7b8e5d9 docs: Document that loadbalancer.ips can be CIDR ranges. 2022-06-27 17:41:38 -07:00
Lauryn Menard 4ce9799cc2 integrations-docs: Remove `zulip-config.md`.
The content in `zulip-config.md` was moved (in #22315) to
`change-zulip-config.file.md`. This removes the now out-of-date
reference to this macro in the documentation for writing
integrations and removes the file as it is no longer in use.
2022-06-27 17:23:26 -07:00
Anders Kaseorg 25f6b53e90 docs: Capitalize Handlebars consistently.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-06-27 13:35:10 -07:00
Anders Kaseorg dc33a0ae67 markdown: Rewrite include plugin without markdown-include.
markdown-include is GPL licensed.

Also, rewrite it as a block processor, so that it works correctly
inside indented blocks.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-06-26 17:36:31 -07:00
Anders Kaseorg e069330084 check-thirdparty: License under GPLv2+.
Since python-debian is GPL licensed, our script that imports it should
arguably be GPL licensed as well.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-06-26 17:33:11 -07:00
Alex Vandiver 1ff30bba7c changelog: Use consistent date format. 2022-06-24 18:15:19 -07:00
Alex Vandiver 6ac3104b10 changelog: Make Zulip 4.8 - 4.11 headings consistent. 2022-06-24 18:15:19 -07:00
Alex Vandiver 9ad74739aa version: Update version and changelog after 5.3 release. 2022-06-21 20:48:24 +00:00
Mateusz Mandera 3ce61958a8 docs: Fix typo in gitlab callback url in dev setup instructions.
The endpoint is /complete/gitlab/ - with the slash.
2022-06-02 12:04:18 -07:00
Alex Vandiver 18230fcd99 docs: Correct and clarify wal-g backup documentation.
Backups are written every 16k of WAL archive, and by default do not
have an upper limit on how out of date they are, as `archive_timeout`
defaults to 0.

Also emphasize that these are streaming backups, not just one
point-in-time backup daily.

Fixes #21976.
2022-06-01 16:11:32 -07:00
Aman Agrawal a94a06da2b docs: Correct social authentication URL for development setups.
Since `SOCIAL_AUTH_SUBDOMAIN` is set to `auth` in development
environment, this is correct authentication URL.
2022-05-31 22:55:12 -07:00
Tim Abbott 1c90c50ec8 docs: Document Transifex steps for new major releases. 2022-05-27 15:22:17 -07:00
Zixuan James Li f1ef27cb85 password_reset: Soft reactivate upon password reset.
Fixes #22066

Signed-off-by: Zixuan James Li <359101898@qq.com>
2022-05-27 14:30:34 -07:00
Adam Sah 492272d597 test-backend: Display test function in HTML coverage reports. 2022-05-16 16:38:02 -07:00
Alex Vandiver 6bd7aac152 docs: Document the ./scripts/log-search tool. 2022-05-10 14:31:54 -07:00
Alex Vandiver 04d4ae9862 docs: Clarify nginx extension points. 2022-05-10 14:31:01 -07:00
Alex Vandiver 62642b899c docs: Update proxy docs.
Notable changes:
 - Describe `X-Forwarded-For` by name.
 - Switch each specific proxy to numbered steps.
 - Link back to the `X-Forwarded-For` section in each proxy
 - Default to using HTTPS, not HTTP, for the backend.
 - Include the HTTP-to-HTTPS redirect code for all proxies; it is
   important that it happen at the proxy, as the backend is unaware of
   it.
 - Call out Apache2 modules which are necessary.
 - Specify where the dhparam.pem file can be found.
 - Call out the `Host:` header forwarding necessary, and document
   `USE_X_FORWARDED_HOST` if that is not possible.
 - Standardize on 20 minutes of connection timeout.
2022-05-04 14:41:18 -07:00
Alex Vandiver 625ff57450 version: Update version and changelog after 5.2 release. 2022-05-03 18:00:01 -07:00
Anders Kaseorg e952641013 install: Resupport Ubuntu 22.04.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-05-03 09:41:08 -07:00
Anders Kaseorg e9ba9b0e0d zulip-ec2-configure-interfaces: Remove.
Our current EC2 systems don’t have an interface named ‘eth0’, and if
they did, this script would do nothing but crash with ImportError
because we have never installed boto.utils for Python 3.

(The message of commit 2a4d851a7c made
an effort to document for future researchers why this script should
not have been blindly converted to Python 3.  However, commit
2dc6d09c2a (#14278) was evidently
unresearched and untested.)

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-05-03 02:25:59 -07:00
Tim Abbott 0c385fe01b ci: Only run documentation/link tests on a single job.
As noted in ReadTheDocs, it's very unlikely that these documentation
tests will pass or fail depending on the server's OS.
2022-04-26 17:26:41 -07:00
Anders Kaseorg a543dcc8e3 Remove Debian 10 support.
As a consequence:

• Bump minimum supported Python version to 3.8.
• Move Vagrant environment to Ubuntu 20.04, which has Python 3.8.
• Move CI frontend tests to Ubuntu 20.04.
• Move production build test to Ubuntu 20.04.
• Move 3.4 upgrade test to Ubuntu 20.04.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-26 16:32:02 -07:00
Anders Kaseorg 63a1ef0e91 configure-rabbitmq: Remove use of sudo.
It already runs as root everywhere except in provision_inner, so move
the sudo there.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-19 12:36:31 -07:00
Anders Kaseorg cc30ed8ec7 actions: Delete zerver.lib.actions.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-14 17:14:38 -07:00
Anders Kaseorg 59f6b090c7 actions: Split out zerver.actions.realm_settings.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-14 17:14:37 -07:00
Anders Kaseorg 975066e3f0 actions: Split out zerver.actions.message_send.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-14 17:14:34 -07:00
Greg Price 60e09834a3 docs: Update apps' compatibility threshold to 3.0, from 2.1.0.
Zulip Server 3.0 is now about 21 months old, which is more than
18 months.  Per the general policy in the "Client apps" section
below, that means it's time to drop support for older versions.

We released 4.0 in 2021-05, so around 2022-11 we can update this
further to say 4.0.
2022-04-14 11:54:23 -07:00
Mateusz Mandera 80a9cae0df docs: Fix incorrect path to SAML certs in SAML Keycloak instructions.
This was supposed to be /etc/zulip/saml/idps/
2022-04-13 15:53:03 -07:00
Raghav Luthra fbb874c86c docs: Update broken link in gsoc.md.
One of the links in the GSoC ideas section in docs/gsoc.md led to
a page with 0 results. This has now been replaced with the correct
link leading to a list of issues with the mentioned labels.
2022-04-12 17:11:37 -07:00
Alex Vandiver 488aaef9b7 docs: Fold FTS index updating into the upgrade step.
On the Debian 10 -> 11 upgrade, the server is running Zulip 4.x, which
lets us pass `--audit-fts-indexes` to `upgrade-zulip-stage-2` rather
than run the command as a separate step.
2022-04-06 11:01:23 -07:00
Alex Vandiver 1e3a6984a4 docs: Upgrade Zulip before trying to fix collations.
The reindex-textual-data tool needs the venv to be cable to run;
switch the order of the last two steps, making them now match the
Debian 9 -> 10 and 10 -> upgrades.

Ref #21296.
2022-04-06 11:01:23 -07:00
Alex Vandiver 5c8086bf90 docs: Fix typo.
We don't suggest self-hosing, unless via a sprinkler in warm weather.
2022-04-04 14:52:04 -07:00
Heidi Ahlberg cf1f70e3ef docs: Add translation guidelines for Finnish. 2022-04-04 13:24:22 -07:00
Alex Vandiver 104e11c4fd version: Update version and changelog after 5.1 release. 2022-04-01 23:17:11 -07:00
Anders Kaseorg 7de1e7c477 changelog: Remove broken link.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-30 20:37:31 -07:00
Tim Abbott c8dba33408 docs: Fix broken link in changelog. 2022-03-29 09:52:07 -07:00
Tim Abbott 6ea9947991 docs: Run prettier on changelog. 2022-03-29 09:24:06 -07:00
Tim Abbott 12e8f0f5ea version: Update version following 5.0 release. 2022-03-29 08:36:41 -07:00
Tim Abbott d308c694ba Release Zulip Server 5.0. 2022-03-29 08:13:34 -07:00
Alex Vandiver ab3196470f docs: Update release steps. 2022-03-24 18:05:40 -07:00
Tim Abbott 219e213c60 docs: Update changelog with changes since 5.0-rc1. 2022-03-24 17:44:58 -07:00
Alex Vandiver 330f0649d7 docs: Remove a stray extra word. 2022-03-24 11:14:50 -07:00
Alex Vandiver 4f93b4b6e4 uploads: Skip the outgoing proxy if S3_KEY is unset.
When the credentials are provided by dint of being run on an EC2
instance with an assigned Role, we must be able to fetch the instance
metadata from IMDS -- which is precisely the type of internal-IP
request that Smokescreen denies.

While botocore supports a `proxies` argument to the `Config` object,
this is not actually respected when making the IMDS queries; only the
environment variables are read from.  See
https://github.com/boto/botocore/issues/2644

As such, implement S3_SKIP_PROXY by monkey-patching the
`botocore.utils.should_bypass_proxies` function, to allow requests to
IMDS to be made without Smokescreen impeding them.

Fixes #20715.
2022-03-24 10:21:35 -07:00
Aman Agrawal 6fcbe4091d web_public_streams: Change globe icon.
This revised globe icon avoids looking like a "language choice" icon
(as the previous one did), while still being recognizably Earth (and
not a disk with some things drawn on it) and not showing only North
America (a flaw with the Font Awesome 4.7 icon).

Used a derivative of icon from
https://unpkg.com/ionicons@5.5.2/dist/svg/earth.svg
with modified outline by Vlad Korobov.
2022-03-22 16:15:55 -07:00
Aman Agrawal 9a7fadbbeb zulip-icons: Move custom icons to shared folder. 2022-03-22 16:14:56 -07:00
Alex Vandiver e2f4b284db docs: Remove teleport from example list of services.
This is not expected on generic Zulip servers.
2022-03-21 16:33:28 -07:00
Alex Vandiver f39ee5a16c docs: Remove references to supervisorctl (re)start all. 2022-03-21 16:33:28 -07:00