Commit Graph

2872 Commits

Author SHA1 Message Date
Alya Abbott bcaaae7e82 contributor docs: Add links to more info about GSoC with Zulip. 2022-11-24 09:16:30 -08:00
Tim Abbott 9b40bf804c docs: Clarify opening of direct installation section.
Fixes #23615.
2022-11-22 15:54:09 -08:00
Alex Vandiver b8ab02022c docs: Renumber unique IDs on policies for easier uniqueness. 2022-11-18 10:24:42 -08:00
Alex Vandiver 183653df9f docs: Include full policy for avatars and uploads buckets.
The documentation included the full policy for the file uploads
bucket, but only one additional statement for the avatars bucket; the
reader needed to assemble the full policy themselves.

Switch to explicitly providing the full policy for both.

Fixes #23110.
2022-11-18 10:24:42 -08:00
Alex Vandiver 68173d2212 docs: Remove a now-unused link reference.
031260573f removed the use of this.
2022-11-18 10:24:42 -08:00
Tim Abbott 88873138ac Update version following 6.0 release. 2022-11-17 16:42:36 -08:00
Tim Abbott f0e5f69c01 Release Zulip Server 6.0. 2022-11-17 11:44:45 -08:00
Alex Vandiver bf00e44bde docs: Document the `export_search` compliance export tool. 2022-11-17 11:19:59 -08:00
Alex Vandiver 809246e1dc docs: Fix a typo in a link anchor. 2022-11-17 11:19:59 -08:00
Alex Vandiver ab71e97f1c docs: Remove an unused link anchor. 2022-11-17 11:19:59 -08:00
Tim Abbott d488ca42e6 docs: Update changelog with commits staged for 6.0. 2022-11-16 22:21:18 -08:00
Alex Vandiver 2c2afddf1e release-checklist: Clarify main changes are one commit, not two. 2022-11-16 14:37:07 -08:00
Alex Vandiver dd8ff7e22b release-checklist: Remove duplicated words.
A classic "I love paris in the the springtime" bug.
2022-11-16 14:37:07 -08:00
Alex Vandiver 6be6bcc5e3 release-checklist: Update and clarify the Docker / Helm steps. 2022-11-16 14:37:07 -08:00
Alex Vandiver fac4c38404 release-checklist: Note that we can test on 22.04 as well. 2022-11-16 14:37:07 -08:00
Alex Vandiver c4e5ddd67f version: Update version and changelog after 5.7 release. 2022-11-16 16:03:05 +00:00
Aman Agrawal fbe9a9e539 left_side_userlist: Remove feature from frontend.
Fixes #23517.

While this feature was added to Zulip very early, it has been troubled
for most of that time; it never looked great visually, had a lot of
implementation complexity around resize.js, and has a weird model (a
setting that changes the UI only in certain window sizes).

This option is not commonly used; while a significant portion of users
have it enabled, many of them just don't use window sizes where it
actually has an effect. So it's not clear that it will be missed if
removed; we got very few bug reports when it was completely broken for
a few days after we first integrated the new left sidebar private
messages design.

Even with it no longer being broken, it does not work very well with
the addition of the new PMs section in the left sidebar. (Having two
scrollbars in the sidebar looks quite awkward.) The new private
messages section in the left sidebar also addresses some of the use
cases for always keeping the Users list always visible, even in narrow
windows.

This option is only removed from frontend for now. To make this
decision easily reversible, the backend code of this feature
is still kept.
2022-11-14 12:23:55 -08:00
Tim Abbott 72b5af2260 docs: Clarify the http_only parameter.
Previously, the http_only parameter could have been misread as
allowing clients to connect to a Zulip server over HTTP directly.

Fixes #23506.
2022-11-09 17:05:15 -08:00
Eric Smith c7ce20283b docs: Update to match current admin.js
Made some small changes to documentation to match the code in the
current admin.js

Fixes: There was no related issue for this fix.
2022-11-08 17:41:14 -08:00
Mateusz Mandera 34a0139c2b rate_limit: Add interface to override rate limiting rules. 2022-11-08 08:56:42 -08:00
Eric Smith c4823bfd03
docs: Remove unnecessary type annotations from tutorial.
In 4c3c976174, we removed the need
to explicitly declare types for Django model fields. Here, we update that detail 
in our documentation.
2022-11-04 15:31:42 -07:00
Tim Abbott 426c806a87 docs: Document docker-zulip postgres upgrade requirement.
Since this is a hard requirement for upgrading the Docker image, it's
worth highlighting here.
2022-11-04 15:19:57 -07:00
Anders Kaseorg 3a718d786f js: Fix type issue with FormatJS rich text elements.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-03 14:48:40 -07:00
Anders Kaseorg adffad384c lint: Replace pycodestyle and pyflakes with ruff.
https://github.com/charliermarsh/ruff

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-03 12:10:15 -07:00
Mateusz Mandera d02b1f0ae6 docs: Move OPEN_REALM_CREATION doc section to multiple-organizations.md.
Since this is being moved to admin-facing documentation, also adds a
paragraph about the main concern with enabling this on a server that's
not zulip.com.
2022-10-31 17:56:45 -07:00
Tim Abbott b62450c7b3 docs: Update changelog for changes merged for 6.0. 2022-10-31 17:10:13 -07:00
Zixuan James Li ca922919f4 docs: Document handling noop migrations.
Inspired by #23377. We document a convention maneuver to avoid adding
noop migrations, which involves modifying the latest migration related
to the fields in question.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-10-31 14:15:00 -07:00
Lauryn Menard 20282f8bdf changelog: Make references to "Recent topics" consistent.
Updates the current 6.0 release notes to include information about
the rename to "Recent conversations", and updates past references
to "recent topics" to be consistently formatted as "Recent topics".
2022-10-21 10:28:19 -07:00
Lauryn Menard c9044f7acd recent-topics: Rename to "Recent conversations" in web-app and docs.
Replaces instances of "recent topics" in the web-app and documentation
to be "recent conversations".

Renames both `recent-topics.md` files in the help center to be
`recent-conversations.md` and updates/redirects links to new URL.

Does not update instances of "recent topics" in frontend code comments
and does not update the main overview changelog, for now.

Does not change case study text where "recent topics" was referenced
in a quote, but does change generic text references to be "recent
conversations".
2022-10-21 10:28:19 -07:00
Tim Abbott 6ed23f7671 docs: Remove link to defunct GIF Brewery website. 2022-10-20 15:52:18 -07:00
Sharif Naas 8dc0653740 docs: Update Zulip version mentioned and remove extraneous comma. 2022-10-20 08:18:42 -07:00
Zixuan James Li 46329a2710 test_classes: Create a dedicate helper for query count check.
This adds a helper based on testing patterns of using the "queries_captured"
context manager with "assert_length" to check the number of queries
executed for preventing performance regression.

It explains the rationale of checking the query count through an
"AssertionError" and prints the queries captured as assert_length does,
but with a format optimized for displaying the queries in a more
readable manner.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-10-17 11:32:52 -07:00
Alya Abbott 2ff4143aa4 docs: Copy-edit changelog for clarity. 2022-10-12 22:37:33 -07:00
Tim Abbott 51f59e9c41 docs: Improve a few changelog descriptions. 2022-10-12 17:38:56 -07:00
Tim Abbott c4a527fedf docs: Update changelog with changes staged for 6.0. 2022-10-12 15:01:45 -07:00
Zixuan James Li a98330b000 docs: Fix a typo in mypy documentation.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-10-07 16:43:14 -07:00
Zixuan James Li dd1f8c6bfb docs: Add a section on django-stubs.
This adds examples for QuerySet, ValuesQuerySet, TestHttpResponse, which
are some common examples that need a bit of extra care when typing.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-10-06 16:29:30 -07:00
Zixuan James Li 8e472402fe docs: Add an example for read-only types.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-10-06 16:18:58 -07:00
Zixuan James Li a0c4e077d6 docs: Remove the broken link to typing cheat sheet.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-10-06 16:18:58 -07:00
Anders Kaseorg 11a86ec328 install: Remove PostgreSQL 10 support.
PostgreSQL 10 reaches its upstream end of life in November, and is not
supported by Django 4.1.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-10-06 15:59:07 -07:00
evykassirer c321f57785 settings: Explain that Google blob emojis are deprecated.
Part of fixing #19371.
2022-10-04 12:29:35 -07:00
Zixuan James Li 44df15e19b docs: Remove legacy references to "topic" as "subject".
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-10-04 11:59:23 -07:00
Alya Abbott e1a7d8def7 docs: Add context to Design discussions page. 2022-10-03 11:36:34 -07:00
Alya Abbott df8d84a009 contributor docs: Add a page on design discussions. 2022-09-30 12:15:04 -07:00
Sahil Batra 04693b6ac1 message_edit: Send only changed settings in event data and api response.
Previously, we included all three message edit related settings
("allow_message_editing", "message_content_edit_limit_seconds" and
"edit_topic_policy") in the event data and api response irrespective
of which of these settings were changed. Now, we only include changed
settings and separate events are sent for each setting if more than
one of them is changed.

Note that the previous typed in event_schema.py for
`message_content_edit_limit_seconds` incorrectly did not allow `None`
as a value, which is used to encode no limit.
2022-09-28 11:47:40 -07:00
Matt Keller 8d4931837d help: Document upgrading Ubuntu 20.04 to 22.04.
Fixes #22284
2022-09-27 15:51:57 -07:00
Anders Kaseorg f992116d9f docs: Fix extra period typo.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-09-23 14:46:06 -07:00
Alya Abbott 1089a34c86 docs: Reorganize contribution documentation.
* Make an "Outreach programs" documentation directory.
* Revamp doc on having an amazing outreach program experience.
* Extract an outreach programs overview page from GSoC guide.
* Add a guide on making PRs easy to review, extracted from
  "How to have an amazing summer with Zulip".
* Create a guide for mentors, extracted from "How to have an amazing
  summer with Zulip".
* Add a guide on how to ask great questions extracted from GSoC guide.
* Extract general page on applying to outreach programs from GSoC guide.
* Simplify GSoC guide page to just describe project ideas.
* Many local edits to the reorganized content.
2022-09-21 21:55:36 -07:00
David Rosa 02eec29433 docs: Rename setup-vagrant.md -> setup-recommended.md.
Renames the filename so that it accurately reflects its contents
given the changes to the "Recommended setup" page in the previous
commit, and updates all links accordingly.
2022-09-15 15:54:14 -07:00
David Rosa cdc9a64c21 docs: Fix development environment setup on Windows.
Windows users end up having to follow an odd chain of links because
the recommended installation instructions live on a different
page than the rest of the instructions about the environment setup.

All the tutorials about recommended install prerequisites for each
platform should be on the same page.

This moves the section about using WSL 2 from the advanced setup page
to the recommended environment setup tutorial page.

Renames sidebar and section titles to more accurately reflect the
information in the Recommended setup vs. the Advanced setup page.
Updates relevant text and links accordingly.

Fixes: #13696.
2022-09-15 15:54:14 -07:00
Lauryn Menard e860d22d61 docs: Update tutorial section on documenting keyboard shortcuts.
Updates the tutorial in "Writing help center articles: Writing
style" for using `<kbd>` HTML elements when documenting keyboard
shortcuts in help center articles.

Also, adds section about the keyboard tip macro/syntax.
2022-09-13 11:21:09 -07:00
sayamsamal c8f346b5e5 icons: Change mute icon from bell to speaker.
This icon is more standard, and lets us use a speaker icon for other
applications.

Fixes #21751
2022-09-09 17:32:19 -07:00
David Rosa fc4bf13c53 docs: Document "incoming webhook" and "generic bot" helper macros.
Documents `{!create-an-incoming-webhook.md!}` and
`{!create-a-generic-bot.md!}`.
2022-09-09 16:31:33 -07:00
Anders Kaseorg 7d485aa58f docs: Correct more “webapp” to “web app”.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-09-08 20:23:28 -07:00
Robert Imschweiler 8723931236
vagrant: Add Fedora 36 support.
- Add documentation for the vagrant setup on Fedora.
- Fix the container setup by adding the `z` option to the bind mounts so
that the selinux context allows sharing. This is according to the official
docker documentation:
https://docs.docker.com/storage/bind-mounts/#configure-the-selinux-label
https://www.vagrantup.com/docs/providers/docker/basics (section "Volume
Consistency")
2022-09-08 16:12:59 -07:00
Zixuan James Li 6b527dfa61 integrations: Add documentation for the event filtering system.
We create "event-filter-instruction.md" and add it to
"create-bot-construct-url.md". This allows the user to keep track of the
supported event types for most of the integrations that implement this
feature. Note that not all integrations use "create-bot-construct-url.md".

We also need to rename "function" to "view_function" to make this change
type-check.

This is relevant to #18392.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-09-08 13:37:35 -07:00
Anders Kaseorg 0cd76d17d7 requirements: Remove unused mypy.txt lock file.
It’s unused since commit b7ec1b55dd.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-09-08 11:08:06 -07:00
Mateusz Mandera 16829bd84b auth: Fix up AzureAD Oauth2 docs and config.
This commit brings AzureAD config in line with other backends:
- SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET gets fetched in computed_settings.py
  instead of default_settings, consistent with github/gitlab/etc.
- SOCIAL_AUTH_AZUREAD_OAUTH2_KEY gets fetched in default_settings via
  get_secret(..., development_only=True) like other social backends, to
  allow easier set up in dev environment, in the dev-secrets.conf file.
- The secret gets renamed from azure_oauth2_secret to
  social_auth_azuread_oauth2_secret to have a consistent naming scheme with
  other social backends and with the SOCIAL_AUTH_AZUREAD_OAUTH2_KEY
  name. This is backwards-incompatible.

The instructions for setting it up are updated to fit how this is
currently done in AzureAD.
2022-09-06 11:58:08 -07:00
Lauryn Menard 878b46e758 urls: Simplify process to add URL redirects for documentation pages.
Creates `zerver.lib.url_redirects.py` to record old and new URLs
for documentation pages that have been renamed/moved and need URL
redirects.

This file is then used by `zproject.urls.py` to redirect links and
by `zerver.test.test_urls.py` to test that all of the old URLs
return a success response with a common page header/text depending
on the type of redirect (help center, policy, or API).

Adds a section to contributor docs on writing documentation for
how to use this redirect system when renaming a help center or api
documentation page.

Fixes #21946. Fixes #17897.
2022-08-31 15:01:29 -07:00
Zixuan James Li ae33873902 docs: Update documentation for secrets related settings.
This is a follow-up to #22699 to document the new `get_mandatory_secret`
helper.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-25 14:50:41 -07:00
David Rosa 5cac44be06 docs: Reorganize sections and pages about contributing to Zulip.
We should rearrange Zulip's developer docs to make it easier to
find the documentation that new contributors need.

Name changes
Rename "Code contribution guide" section -> "Contributing to Zulip".
Rename "Contributing to Zulip" page -> "Contributing guide".

Organizational changes to the newly-named "Contributing to Zulip":
Move up "Contributing to Zulip", as the third link in sidebar index.
Move up renamed "Contributing guide" page to the top of this section.
Move up "Zulip code of Conduct", as the second link of this section.
Move down "Licensing", as the last link of this section.
Move "Accessibility" just below "HTML and CSS" in Subsystems section.

Update all links according to the changes above.
Redirects should be added as needed.

Fixes: #22517.
2022-08-25 11:24:57 -07:00
Tim Abbott 5d3e4d3e56 version: Update version and changelog after 5.6 release. 2022-08-24 16:36:50 -07:00
Zixuan James Li 965ed728e1 type_debug: Remove type_debug.
This module was originally introduced in 2016 to assist adding mypy
annotations to the project. Back then static type checking was not that
established throughout the codebase, so it was helpful to be able to
print out the types for type checking purposes.

This workflow is no longer helpful for improving type annotations right
now, and it has been unused for a while.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-22 13:19:09 -07:00
Tim Abbott b1435d1afd docs: Document changing subdomains on multiple organizations page. 2022-08-17 11:36:15 -07:00
Tim Abbott faf02b5c5e docs: Remove documentation for ROOT_DOMAIN_LANDING_PAGE.
This is not a feature intended to be used outside zulip.com, since it
just sets your server to have the zulip.com landing pages. I think
it's only been turned on by people who were confused by this text.
2022-08-17 11:36:15 -07:00
Tim Abbott 94e798fe55 docs: Clean up documentation for multiple hostnames.
The previous documentation did not spell out what to enter in the
realm creation form.
2022-08-17 11:36:15 -07:00
Tim Abbott 5ae0b08b6c docs: Fix codespell linter error. 2022-07-30 10:10:07 -07:00
Tim Abbott 6682c2a427 docs: Update changelog with changes staged for 6.0.
We'll be merging a lot more features for the 6.0 release, but this
should cover everything merged since 5.0 and not backported to 5.x
and thus already released.
2022-07-30 09:57:55 -07:00
Tim Abbott 8d49769d2e docs: Improve documentation for development environment subdomains. 2022-07-25 17:05:18 -07:00
Noble Mittal 76bff6e1ac
docs: Fix typo in hashchange-system.md.
Fixes a missing close parenthesis.
2022-07-22 11:15:16 -07:00
Matt Keller 9ce900f2b4 version: Update version after 5.5 release. 2022-07-21 19:30:30 -07:00
Anders Kaseorg 412e90f601 provision: Avoid distutils; keep PROVISION_VERSION as a tuple.
distutils is deprecated in Python 3.10 and will be removed in Python
3.12.  We don’t need a full-powered version parser for this anyway.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-07-20 22:03:30 -07:00
Alex Vandiver 526a04b4e6 restore-backup: Provide flags to leave settings.py and zulip.conf as-is. 2022-07-20 12:35:51 -07:00
Anders Kaseorg b0160074f4 docs: Correct path to zulip.yaml.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-07-20 09:37:57 -07:00
Alex Vandiver f8e2d652e1 ci: Test upgrades from the minimum of each major version, not the max. 2022-07-16 10:43:40 -07:00
Alex Vandiver 61fce82b0b docs: Canonicalize on "Major releases only".
Some locations were inconsistent about ""major releases" vs "except
minor releases".
2022-07-16 10:43:40 -07:00
Lauryn Menard bc862d9730 docs: Add 'Writing style' section to writing help doc tutorial.
Adds a section for writing and style guidlines to the tutorial
for writing help center articles. Moves the sections on 'Voice'
and 'User interface' to be in the new section, and adds a section
on 'Keyboard shortcuts'.
2022-07-15 15:01:00 -07:00
Alex Vandiver 760420b3bb version: Update version and changelog after 5.4 release. 2022-07-12 06:23:28 +00:00
Alex Vandiver c915400101 release: Write a tool to automate final release checks and steps. 2022-07-07 13:19:00 -07:00
Alya Abbott 10c6b249bd docs: Add contributor guide page on licensing.
Co-authored-by: Anders Kaseorg <anders@zulip.com>
2022-07-07 12:11:21 -07:00
Alya Abbott 6b143f81d9 help center: Add a "Configure multi-language search" page. 2022-07-07 10:44:15 -07:00
Alex Vandiver 68c4b708a0 docs: Specify which CPU architectures are supported.
Fixes: #22310.
2022-06-29 17:28:05 -07:00
Alex Vandiver 4fd51cb5ad uwsgi: Increase request buffer size to 64k, from 8k default.
The default value in uwsgi is 4k; receiving more than this amount from
nginx leads to a 502 response (though, happily, the backend uwsgi does not
terminate).

ab18dbfde5 originally increased it from the unstated uwsgi default
of 4096, to 8192; b1da797955 made it configurable, in order to allow
requests from clients with many cookies, without causing 502's[1].

nginx defaults to a limitation of 1k, with 4 additional 8k header
lines allowed[2]; any request larger than that returns a response of
`400 Request Header Or Cookie Too Large`.  The largest header size
theoretically possible from nginx, by default, is thus 33k, though
that would require packing four separate headers to exactly 8k each.

Remove the gap between nginx's limit and uwsgi's, which could trigger
502s, by removing the uwsgi configurability, and setting a 64k size in
uwsgi (the max allowable), which is larger than nginx's default limit.

uWSGI's documentation of `buffer-size` ([3], [4]) also notes that "It
is a security measure too, so adapt to your app needs instead of
maxing it out."  Python has no security issues with buffers of 64k,
and there is no appreciable memory footprint difference to having a
larger buffer available in uwsgi.

[1]: https://chat.zulip.org/#narrow/stream/31-production-help/topic/works.20in.20Edge.20not.20Chrome/near/719523
[2]: https://nginx.org/en/docs/http/ngx_http_core_module.html#client_header_buffer_size
[3]: https://uwsgi-docs.readthedocs.io/en/latest/ThingsToKnow.html
[4]: https://uwsgi-docs.readthedocs.io/en/latest/Options.html#buffer-size
2022-06-28 16:14:24 -07:00
Anders Kaseorg 251198044f docs: Update WIP PR convention to GitHub draft PRs.
Since GitHub supports draft PRs, our [WIP] convention is obsolete.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-06-28 13:16:38 -07:00
Alex Vandiver f9b7b8e5d9 docs: Document that loadbalancer.ips can be CIDR ranges. 2022-06-27 17:41:38 -07:00
Lauryn Menard 4ce9799cc2 integrations-docs: Remove `zulip-config.md`.
The content in `zulip-config.md` was moved (in #22315) to
`change-zulip-config.file.md`. This removes the now out-of-date
reference to this macro in the documentation for writing
integrations and removes the file as it is no longer in use.
2022-06-27 17:23:26 -07:00
Anders Kaseorg 25f6b53e90 docs: Capitalize Handlebars consistently.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-06-27 13:35:10 -07:00
Anders Kaseorg dc33a0ae67 markdown: Rewrite include plugin without markdown-include.
markdown-include is GPL licensed.

Also, rewrite it as a block processor, so that it works correctly
inside indented blocks.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-06-26 17:36:31 -07:00
Anders Kaseorg e069330084 check-thirdparty: License under GPLv2+.
Since python-debian is GPL licensed, our script that imports it should
arguably be GPL licensed as well.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-06-26 17:33:11 -07:00
Alex Vandiver 1ff30bba7c changelog: Use consistent date format. 2022-06-24 18:15:19 -07:00
Alex Vandiver 6ac3104b10 changelog: Make Zulip 4.8 - 4.11 headings consistent. 2022-06-24 18:15:19 -07:00
Alex Vandiver 9ad74739aa version: Update version and changelog after 5.3 release. 2022-06-21 20:48:24 +00:00
Mateusz Mandera 3ce61958a8 docs: Fix typo in gitlab callback url in dev setup instructions.
The endpoint is /complete/gitlab/ - with the slash.
2022-06-02 12:04:18 -07:00
Alex Vandiver 18230fcd99 docs: Correct and clarify wal-g backup documentation.
Backups are written every 16k of WAL archive, and by default do not
have an upper limit on how out of date they are, as `archive_timeout`
defaults to 0.

Also emphasize that these are streaming backups, not just one
point-in-time backup daily.

Fixes #21976.
2022-06-01 16:11:32 -07:00
Aman Agrawal a94a06da2b docs: Correct social authentication URL for development setups.
Since `SOCIAL_AUTH_SUBDOMAIN` is set to `auth` in development
environment, this is correct authentication URL.
2022-05-31 22:55:12 -07:00
Tim Abbott 1c90c50ec8 docs: Document Transifex steps for new major releases. 2022-05-27 15:22:17 -07:00
Zixuan James Li f1ef27cb85 password_reset: Soft reactivate upon password reset.
Fixes #22066

Signed-off-by: Zixuan James Li <359101898@qq.com>
2022-05-27 14:30:34 -07:00
Adam Sah 492272d597 test-backend: Display test function in HTML coverage reports. 2022-05-16 16:38:02 -07:00
Alex Vandiver 6bd7aac152 docs: Document the ./scripts/log-search tool. 2022-05-10 14:31:54 -07:00
Alex Vandiver 04d4ae9862 docs: Clarify nginx extension points. 2022-05-10 14:31:01 -07:00
Alex Vandiver 62642b899c docs: Update proxy docs.
Notable changes:
 - Describe `X-Forwarded-For` by name.
 - Switch each specific proxy to numbered steps.
 - Link back to the `X-Forwarded-For` section in each proxy
 - Default to using HTTPS, not HTTP, for the backend.
 - Include the HTTP-to-HTTPS redirect code for all proxies; it is
   important that it happen at the proxy, as the backend is unaware of
   it.
 - Call out Apache2 modules which are necessary.
 - Specify where the dhparam.pem file can be found.
 - Call out the `Host:` header forwarding necessary, and document
   `USE_X_FORWARDED_HOST` if that is not possible.
 - Standardize on 20 minutes of connection timeout.
2022-05-04 14:41:18 -07:00
Alex Vandiver 625ff57450 version: Update version and changelog after 5.2 release. 2022-05-03 18:00:01 -07:00
Anders Kaseorg e952641013 install: Resupport Ubuntu 22.04.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-05-03 09:41:08 -07:00
Anders Kaseorg e9ba9b0e0d zulip-ec2-configure-interfaces: Remove.
Our current EC2 systems don’t have an interface named ‘eth0’, and if
they did, this script would do nothing but crash with ImportError
because we have never installed boto.utils for Python 3.

(The message of commit 2a4d851a7c made
an effort to document for future researchers why this script should
not have been blindly converted to Python 3.  However, commit
2dc6d09c2a (#14278) was evidently
unresearched and untested.)

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-05-03 02:25:59 -07:00
Tim Abbott 0c385fe01b ci: Only run documentation/link tests on a single job.
As noted in ReadTheDocs, it's very unlikely that these documentation
tests will pass or fail depending on the server's OS.
2022-04-26 17:26:41 -07:00
Anders Kaseorg a543dcc8e3 Remove Debian 10 support.
As a consequence:

• Bump minimum supported Python version to 3.8.
• Move Vagrant environment to Ubuntu 20.04, which has Python 3.8.
• Move CI frontend tests to Ubuntu 20.04.
• Move production build test to Ubuntu 20.04.
• Move 3.4 upgrade test to Ubuntu 20.04.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-26 16:32:02 -07:00
Anders Kaseorg 63a1ef0e91 configure-rabbitmq: Remove use of sudo.
It already runs as root everywhere except in provision_inner, so move
the sudo there.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-19 12:36:31 -07:00
Anders Kaseorg cc30ed8ec7 actions: Delete zerver.lib.actions.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-14 17:14:38 -07:00
Anders Kaseorg 59f6b090c7 actions: Split out zerver.actions.realm_settings.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-14 17:14:37 -07:00
Anders Kaseorg 975066e3f0 actions: Split out zerver.actions.message_send.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-14 17:14:34 -07:00
Greg Price 60e09834a3 docs: Update apps' compatibility threshold to 3.0, from 2.1.0.
Zulip Server 3.0 is now about 21 months old, which is more than
18 months.  Per the general policy in the "Client apps" section
below, that means it's time to drop support for older versions.

We released 4.0 in 2021-05, so around 2022-11 we can update this
further to say 4.0.
2022-04-14 11:54:23 -07:00
Mateusz Mandera 80a9cae0df docs: Fix incorrect path to SAML certs in SAML Keycloak instructions.
This was supposed to be /etc/zulip/saml/idps/
2022-04-13 15:53:03 -07:00
Raghav Luthra fbb874c86c docs: Update broken link in gsoc.md.
One of the links in the GSoC ideas section in docs/gsoc.md led to
a page with 0 results. This has now been replaced with the correct
link leading to a list of issues with the mentioned labels.
2022-04-12 17:11:37 -07:00
Alex Vandiver 488aaef9b7 docs: Fold FTS index updating into the upgrade step.
On the Debian 10 -> 11 upgrade, the server is running Zulip 4.x, which
lets us pass `--audit-fts-indexes` to `upgrade-zulip-stage-2` rather
than run the command as a separate step.
2022-04-06 11:01:23 -07:00
Alex Vandiver 1e3a6984a4 docs: Upgrade Zulip before trying to fix collations.
The reindex-textual-data tool needs the venv to be cable to run;
switch the order of the last two steps, making them now match the
Debian 9 -> 10 and 10 -> upgrades.

Ref #21296.
2022-04-06 11:01:23 -07:00
Alex Vandiver 5c8086bf90 docs: Fix typo.
We don't suggest self-hosing, unless via a sprinkler in warm weather.
2022-04-04 14:52:04 -07:00
Heidi Ahlberg cf1f70e3ef docs: Add translation guidelines for Finnish. 2022-04-04 13:24:22 -07:00
Alex Vandiver 104e11c4fd version: Update version and changelog after 5.1 release. 2022-04-01 23:17:11 -07:00
Anders Kaseorg 7de1e7c477 changelog: Remove broken link.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-30 20:37:31 -07:00
Tim Abbott c8dba33408 docs: Fix broken link in changelog. 2022-03-29 09:52:07 -07:00
Tim Abbott 6ea9947991 docs: Run prettier on changelog. 2022-03-29 09:24:06 -07:00
Tim Abbott 12e8f0f5ea version: Update version following 5.0 release. 2022-03-29 08:36:41 -07:00
Tim Abbott d308c694ba Release Zulip Server 5.0. 2022-03-29 08:13:34 -07:00
Alex Vandiver ab3196470f docs: Update release steps. 2022-03-24 18:05:40 -07:00
Tim Abbott 219e213c60 docs: Update changelog with changes since 5.0-rc1. 2022-03-24 17:44:58 -07:00
Alex Vandiver 330f0649d7 docs: Remove a stray extra word. 2022-03-24 11:14:50 -07:00
Alex Vandiver 4f93b4b6e4 uploads: Skip the outgoing proxy if S3_KEY is unset.
When the credentials are provided by dint of being run on an EC2
instance with an assigned Role, we must be able to fetch the instance
metadata from IMDS -- which is precisely the type of internal-IP
request that Smokescreen denies.

While botocore supports a `proxies` argument to the `Config` object,
this is not actually respected when making the IMDS queries; only the
environment variables are read from.  See
https://github.com/boto/botocore/issues/2644

As such, implement S3_SKIP_PROXY by monkey-patching the
`botocore.utils.should_bypass_proxies` function, to allow requests to
IMDS to be made without Smokescreen impeding them.

Fixes #20715.
2022-03-24 10:21:35 -07:00
Aman Agrawal 6fcbe4091d web_public_streams: Change globe icon.
This revised globe icon avoids looking like a "language choice" icon
(as the previous one did), while still being recognizably Earth (and
not a disk with some things drawn on it) and not showing only North
America (a flaw with the Font Awesome 4.7 icon).

Used a derivative of icon from
https://unpkg.com/ionicons@5.5.2/dist/svg/earth.svg
with modified outline by Vlad Korobov.
2022-03-22 16:15:55 -07:00
Aman Agrawal 9a7fadbbeb zulip-icons: Move custom icons to shared folder. 2022-03-22 16:14:56 -07:00
Alex Vandiver e2f4b284db docs: Remove teleport from example list of services.
This is not expected on generic Zulip servers.
2022-03-21 16:33:28 -07:00
Alex Vandiver f39ee5a16c docs: Remove references to supervisorctl (re)start all. 2022-03-21 16:33:28 -07:00
Alex Vandiver 086c0328bd docs: Be explicit about how to skip database creation. 2022-03-21 16:33:28 -07:00
Lorenzo Milesi 88e0d1b111 docs: Add more details on configuring LDAP group restriction.
Fixes #338.

Co-authored-by: Mateusz Mandera <mateusz.mandera@zulip.com>
2022-03-20 17:04:16 -07:00
rht 6be44a6971 docs: mobile-push-notifications.md: Fix grammar problems found by LanguageTool. 2022-03-18 15:28:16 -07:00
rht 74780d24d5 docs: management-commands.md: Fix grammar problems found by LanguageTool. 2022-03-18 15:28:16 -07:00
rht 507851c25a docs: requirements.md: Fix grammar problems found by LanguageTool. 2022-03-18 15:28:16 -07:00
Alex Vandiver c35a783c35 docs: Minor wording fixes to warm standby replication docs. 2022-03-17 12:53:26 -07:00
Alex Vandiver 2c26ad3714 docs: Break out and clarify wal-g backup configuration. 2022-03-17 12:53:26 -07:00
Anders Kaseorg f84a2c08d5 js: Prefix jQuery object variable names with $.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-16 12:52:07 -07:00
Tim Abbott bcbba0b20d docs: Fix changelog typo. 2022-03-15 22:17:53 -07:00
Tim Abbott 63cac121ba docs: Update changelog for changes merged in recent months. 2022-03-15 22:12:59 -07:00
Alex Vandiver f77204be14 version: Update version and changelog after 4.11 release. 2022-03-15 14:24:53 -07:00
Alex Vandiver d17006da55 puppet: Support setting an `ssl_mode` verification level. 2022-03-15 12:43:50 -07:00
Alex Vandiver 253bef27f5 puppet: Support password-based PostgreSQL replication. 2022-03-15 12:43:50 -07:00
Alex Vandiver 6f5ae8d13d puppet: wal-g backups are required for replication.
Previously, it was possible to configure `wal-g` backups without
replication enabled; this resulted in only daily backups, not
streaming backups.  It was also possible to enable replication without
configuring the `wal-g` backups bucket; this simply failed to work.

Make `wal-g` backups always streaming, and warn loudly if replication
is enabled but `wal-g` is not configured.
2022-03-11 10:09:35 -08:00
Alex Vandiver 6496d43148 puppet: Only s3_backups_bucket is required for backups.
`s3_backups_key` / `s3_backups_secret_key` are optional, as the
permissions could come from the EC2 instance's role.
2022-03-11 10:09:35 -08:00
Alex Vandiver 19beed2709 puppet: Default s3_region to the current ec2 region. 2022-03-11 10:09:35 -08:00
Alex Vandiver bfdc547b00 docs: Document s3_region setting. 2022-03-11 10:09:35 -08:00
Anders Kaseorg 646e466341 install: Desupport Ubuntu 22.04 for now.
Ubuntu 22.04 pushed a post-feature-freeze update to Python 3.10,
breaking virtual environments in a Debian patch
(https://bugs.launchpad.net/ubuntu/+source/python3.10/+bug/1962791).
Also, our antique version of Tornado doesn’t work in 3.10, and we’ll
need to do some work to upgrade that.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-07 11:46:07 -08:00
Alya Abbott ba1f804518 docs: Update README and installation guide.
This is a general cleanup that also aims to link to the new
self-hosting page to provide added context.
2022-03-04 13:59:17 -08:00
Alya Abbott 1572e097d9 docs: Add a section on code review communication style. 2022-03-03 16:42:23 -08:00
Anders Kaseorg 9bdf230642 docs: Fix another case of Git capitalization.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-01 22:26:29 -08:00
Alya Abbott d90907b006 docs: Rewrite code review documentation. 2022-03-01 21:04:42 -08:00
Anders Kaseorg 3ba444096b Revert "docs: Temporarily disable parallel building."
This reverts commit b7561049b765946d612069b52330695e8489bc7f.

The bug it worked around was fixed with the previous commit’s
upgrade.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-28 16:28:31 -08:00
Anders Kaseorg 75525f5b53 docs: Convert .html#fragment links to .md#fragment.
This uses the myst_heading_anchors option to automatically generate
header anchors and make Sphinx aware of them.  See
https://myst-parser.readthedocs.io/en/latest/syntax/optional.html#auto-generated-header-anchors.

Note: to be compatible with GitHub, MyST-Parser uses a slightly
different convention for .md fragment links than .html fragment links
when punctuation is involved.  This does not affect the generated
fragment links in the HTML output.

Fixes #13264.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-28 16:28:31 -08:00
Anders Kaseorg dacf136f21 docs: Temporarily disable parallel building.
Work around https://github.com/executablebooks/MyST-Parser/issues/411.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-28 16:28:31 -08:00
Anders Kaseorg 17574f3689 docs: Replace manual fragment with automatic heading fragment.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-28 16:28:31 -08:00
Jai soni cfa9d50901
docs: Fix a typo in GSoC project ideas. 2022-02-28 16:25:13 -08:00
Anders Kaseorg 503127c2e9 docs: Fix Git capitalization.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-28 16:04:35 -08:00
Tim Abbott cc5ac302ab docs: Add more metadata to GSoC project ideas and add ideas. 2022-02-25 22:05:01 -08:00
Anders Kaseorg 894a50b5c9 install: Support Ubuntu 22.04.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-25 14:49:07 -08:00
Anders Kaseorg f852af0709 upgrade-zulip-stage-2: Set default PostgreSQL version for Debian 11.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-25 14:49:07 -08:00
Alex Vandiver 2e435d2e9a version: Update version and changelog after 4.10 release. 2022-02-25 14:10:20 -08:00
Alex Vandiver 538287261d Revert "docs: Suggest running reindex-textual-data in the venv manually."
This reverts commit be7108ebca.
2022-02-25 14:04:27 -08:00
Anders Kaseorg c19d6fb3ef docs: Clean redundant relative links.
We previously had a convention of redundantly including the directory
in relative links to reduce mistakes when moving content from one file
to another.  However, these days we have a broken link checker in
test-documentation, and after #21237, MyST-Parser will check relative
links (including fragments) when you run build-docs.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-24 16:12:18 -08:00
Anders Kaseorg e3572894c5 docs: Clean redundant fragment links to the same page.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-24 16:12:18 -08:00
Anders Kaseorg 1490c91011 docs: Fix list item indentation mistake.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-24 15:31:01 -08:00
Anders Kaseorg 21cd1c10b3 docs: Add missing space in “time zone”.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-24 14:05:12 -08:00
Anders Kaseorg b3260bd610 docs: Use Debian and Ubuntu version numbers over development codenames.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-23 12:04:24 -08:00
Anders Kaseorg 4c80f035b1 docs: Update documentation on AddIndexConcurrently.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-23 11:59:45 -08:00
Anders Kaseorg 1fa2761790 upgrade-zulip-stage-2: Remove create_large_indexes optimization.
This was only used for upgrading from Zulip < 1.9.0, which is no
longer possible because Zulip < 2.1.0 had no common supported
platforms with current main.

If we ever want this optimization for a future migration, it would be
better implemented using Django merge migrations.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-23 11:59:45 -08:00
Tim Abbott 1ac2eaa7f9 docs: Update GSoC project ideas for 2022. 2022-02-21 08:51:50 -08:00
Palash 6bdd7c7515 docs: Update internationalization statement in new feature tutorial. 2022-02-21 06:45:53 -08:00
Tim Abbott eb3ae7c3d9 docs: Update link to mypy casts documentation. 2022-02-17 12:42:37 -08:00
Anders Kaseorg 2b3a821807 docs: Remove highlight parameters from links.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-16 13:15:39 -08:00
jai2201 67625d6c7b message_feed: Remove the parenthesis around edited notices.
They were found to not particularly improve the UI.

Fixes #21043.
2022-02-10 13:52:24 -08:00
Alex Vandiver b7e309c95b docs: Add checklist steps to upgrade puppet dependencies. 2022-02-10 10:00:25 -08:00
Alya Abbott f098556ce1 help: Add a Project size section to GSoC contributor doc. 2022-02-09 14:15:07 -08:00
Anders Kaseorg e1f42c1ac5 docs: Add missing space to compound verbs “back up”, “log in”, etc.
Noun: backup, login, logout, lookup, setup.

Verb: back up, log in, log out, look up, set up.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-07 19:20:54 -08:00
Anders Kaseorg b0ce4f1bce docs: Fix many spelling mistakes.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-07 18:51:06 -08:00
Anders Kaseorg d8f4e0ffb9 webhooks: Correct OpsGenie to Opsgenie.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-07 18:51:06 -08:00
Anders Kaseorg 3e159446f0 docs: Update “G Suite” to “Google Workspace”.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-07 18:51:06 -08:00
Alex Vandiver d61914e8e1 docs: Minor grammar fix in settings.py upgrade docs. 2022-02-04 15:44:48 -08:00
Tim Abbott 39dea1feaf docs: Improve closing of life-of-a-request.
Reading the previous commit reminded me of various other details we
should document here.
2022-02-04 15:24:58 -08:00
Lauryn Menard c2b6e76af7 docs: Update mentions of json_success in documentation.
Updates developer and user-facing documentation that references
json_success for the addition of the request argument.
2022-02-04 15:16:56 -08:00
Steve Howell 498b02dfb2 presence: Avoid doc/naming references to "orange".
It seems like orange is the loudest possible color to
denote a quasi-neutral-idle state, so we hope to
replace it with another color.

This commit does not change any styling.

I removed the sentences in the doc, since they are
kind of too vague to be useful. If we want to say that
the idle state is correlated with the half-orange
circles in the buddy list, then we want to say that
more specifically.
2022-02-03 15:31:21 -08:00
Alex Vandiver 487e7ccd11 docs: Fix the path to the py3 venv.
`/srv/zulip-py3-venv` only exists on development hosts; use the path
to the current venv.
2022-01-29 16:52:11 -08:00
Steve Howell 0d376126f2 docs: Tweak example testing workflow.
The node test was slightly inaccurate.

I added `# etc.` to try to make it clear that
these are just examples.

I removed the puppeteer example, so that we
don't lie about "run in just a few seconds".
2022-01-28 11:46:42 -08:00
Lauryn Menard 1cbfa7e672 docs: Update gsoc "how to" guide to use contributor vs student.
Updates `docs/contributing/summer-with-zulip.md` to use
contributor, instead of student, due to changes in gsoc
eligibility and terminology.
2022-01-28 09:47:57 -08:00
Anders Kaseorg be7108ebca docs: Suggest running reindex-textual-data in the venv manually.
Until the previous commit makes its way into a release, we can
document this workaround.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-26 11:56:30 -08:00
Lauryn Menard c4eede68d6 docs: Rename `user.md` to `helpcenter.md`.
Renames `/docs/documentation/user.md` to reflect the rebranding
from "user documentation" to "help center documentation".

Also, fixes any linking in the docs to that file.
2022-01-25 18:42:04 -08:00
Lauryn Menard 8f7f486061 docs: Expand help center guide for updating existing articles.
Adds a section on updating existing help center articles to
the guide for writing help center documentation.
2022-01-25 18:42:04 -08:00
Lauryn Menard 784f923dda documentation: Update tutorial for writing help center documentation.
Updates the tutorial for writing help center articles to encourage
contributors to add to or enhance the existing help center docs
before writing a new articles for new features.

Also, generally updates references to 'user documentation' to be
'help center documentation'.

Additionally, updates some headers within the tutorials for clarity
and consistency, and adds some linkifying throughout the section on
writing documentation.
2022-01-25 18:42:04 -08:00
Anders Kaseorg 5de6dd66a7 docs: Adjust modinfo command for Debian.
On Debian, /sbin isn’t in the default path for normal users.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-25 12:50:36 -08:00
Raghav Luthra 4b8cb0a8a9 docs: Uncapitalize the name for nginx.
This matches how nginx refers to itself on its own website and
documentation.

Fixes #20887.
2022-01-25 11:17:51 -08:00
Alex Vandiver 7ec2a2cde7 version: Update version and changelog after 4.9 release. 2022-01-24 18:46:46 -08:00
Alex Vandiver a5496f4098 CVE-2021-43799: Set a secure Erlang cookie.
The RabbitMQ docs state ([1]):

    RabbitMQ nodes and CLI tools (e.g. rabbitmqctl) use a cookie to
    determine whether they are allowed to communicate with each
    other. [...] The cookie is just a string of alphanumeric
    characters up to 255 characters in size. It is usually stored in a
    local file.

...and goes on to state (emphasis ours):

    If the file does not exist, Erlang VM will try to create one with
    a randomly generated value when the RabbitMQ server starts
    up. Using such generated cookie files are **appropriate in
    development environments only.**

The auto-generated cookie does not use cryptographic sources of
randomness, and generates 20 characters of `[A-Z]`.  Because of a
semi-predictable seed, the entropy of this password is thus less than
the idealized 26^20 = 94 bits of entropy; in actuality, it is 36 bits
of entropy, or potentially as low as 20 if the performance of the
server is known.

These sizes are well within the scope of remote brute-force attacks.

On provision, install, and upgrade, replace the default insecure
20-character Erlang cookie with a cryptographically secure
255-character string (the max length allowed).

[1] https://www.rabbitmq.com/clustering.html#erlang-cookie
2022-01-25 02:13:53 +00:00
Alex Vandiver a46f6df91e CVE-2021-43799: Write rabbitmq configuration before starting.
Zulip writes a `rabbitmq.config` configuration file which locks down
RabbitMQ to listen only on localhost:5672, as well as the RabbitMQ
distribution port, on localhost:25672.

The "distribution port" is part of Erlang's clustering configuration;
while it is documented that the protocol is fundamentally
insecure ([1], [2]) and can result in remote arbitrary execution of
code, by default the RabbitMQ configuration on Debian and Ubuntu
leaves it publicly accessible, with weak credentials.

The configuration file that Zulip writes, while effective, is only
written _after_ the package has been installed and the service
started, which leaves the port exposed until RabbitMQ or system
restart.

Ensure that rabbitmq's `/etc/rabbitmq/rabbitmq.config` is written
before rabbitmq is installed or starts, and that changes to that file
trigger a restart of the service, such that the ports are only ever
bound to localhost.  This does not mitigate existing installs, since
it does not force a rabbitmq restart.

[1] https://www.erlang.org/doc/apps/erts/erl_dist_protocol.html
[2] https://www.erlang.org/doc/reference_manual/distributed.html#distributed-erlang-system
2022-01-25 01:48:05 +00:00
Alex Vandiver 43d63bd5a1 puppet: Always set the RabbitMQ nodename to zulip@localhost.
This is required in order to lock down the RabbitMQ port to only
listen on localhost.  If the nodename is `rabbit@hostname`, in most
circumstances the hostname will resolve to an external IP, which the
rabbitmq port will not be bound to.

Installs which used `rabbit@hostname`, due to RabbitMQ having been
installed before Zulip, would not have functioned if the host or
RabbitMQ service was restarted, as the localhost restrictions in the
RabbitMQ configuration would have made rabbitmqctl (and Zulip cron
jobs that call it) unable to find the rabbitmq server.

The previous commit ensures that configure-rabbitmq is re-run after
the nodename has changed.  However, rabbitmq needs to be stopped
before `rabbitmq-env.conf` is changed; we use an `onlyif` on an `exec`
to print the warning about the node change, and let the subsequent
config change and notify of the service and configure-rabbitmq to
complete the re-configuration.
2022-01-25 01:48:02 +00:00
Alex Vandiver 694c4dfe8f puppet: Admit we leave epmd port 4369 open on all interfaces.
The Erlang `epmd` daemon listens on port 4369, and provides
information (without authentication) about which Erlang processes are
listening on what ports.  This information is not itself a
vulnerability, but may provide information for remote attackers about
what local Erlang services (such as `rabbitmq-server`) are running,
and where.

`epmd` supports an `ERL_EPMD_ADDRESS` environment variable to limit
which interfaces it binds on.  While this environment variable is set
in `/etc/default/rabbitmq-server`, Zulip unfortunately attempts to
start `epmd` using an explicit `exec` block, which ignores those
settings.

Regardless, this lack of `ERL_EPMD_ADDRESS` variable only controls
`epmd`'s startup upon first installation.  Upon reboot, there are two
ways in which `epmd` might be started, neither of which respect
`ERL_EPMD_ADDRESS`:

 - On Focal, an `epmd` service exists and is activated, which uses
   systemd's configuration to choose which interfaces to bind on, and
   thus `ERL_EPMD_ADDRESS` is irrelevant.

 - On Bionic (and Focal, due to a broken dependency from
   `rabbitmq-server` to `epmd@` instead of `epmd`, which may lead to
   the explicit `epmd` service losing a race), `epmd` is started by
   `rabbitmq-server` when it does not detect a running instance.
   Unfortunately, only `/etc/init.d/rabbitmq-server` would respects
   `/etc/default/rabbitmq-server` -- and it defers the actual startup
   to using systemd, which does not pass the environment variable
   down.  Thus, `ERL_EPMD_ADDRESS` is also irrelevant here.

We unfortunately cannot limit `epmd` to only listening on localhost,
due to a number of overlapping bugs and limitations:

 - Manually starting `epmd` with `-address 127.0.0.1` silently fails
   to start on hosts with IPv6 disabled, due to an Erlang bug ([1],
   [2]).

 - The dependencies of the systemd `rabbitmq-server` service can be
   fixed to include the `epmd` service, and systemd can be made to
   bind to `127.0.0.1:4369` and pass that socket to `epmd`, bypassing
   the above bug.  However, the startup of this service is not
   guaranteed, because it races with other sources of `epmd` (see
   below).

 - Any process that runs `rabbitmqctl` results in `epmd` being started
   if one is not currently running; these instances do not respect any
   environment variables as to which addresses to bind on.  This is
   also triggered by `service rabbitmq-server status`, as well as
   various Zulip cron jobs which inspect the rabbitmq queues.  As
   such, it is difficult-to-impossible to ensure that some other
   `epmd` process will not win the race and open the port on all
   interfaces.

Since the only known exposure from leaving port 4369 open is
information that rabbitmq is running on the host, and the complexity
of adjusting this to only bind on localhost is high, we remove the
setting which does not address the problem, and document that the port
is left open, and should be protected via system-level or
network-level firewalls.

[1]: https://bugs.launchpad.net/ubuntu/+source/erlang/+bug/1374109
[2]: https://github.com/erlang/otp/issues/4820
2022-01-25 01:46:51 +00:00
Alya Abbott 669010494e portico: Update contributor count from 700 to 1000.
Note: I did not check whether we have numbers other than 700 that also
need to be updated.
2022-01-24 12:41:49 -08:00
Anders Kaseorg a58a71ef43 Remove Ubuntu 18.04 support.
As a consequence:

• Bump minimum supported Python version to 3.7.
• Move Vagrant environment to Debian 10, which has Python 3.7.
• Move CI frontend tests to Debian 10.
• Move production build test to Debian 10.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-21 17:26:14 -08:00
Alex Vandiver be1c4c2bd8 docs: Mention Camo does not use a local Smokescreen in the proxies docs.
This documents the new behaviour in d328d3dd4d.
2022-01-21 15:57:27 -08:00
Eeshan Garg 9e1fd26125 docs: Make general improvements to our billing docs.
With a few wording tweaks from tabbott to the "Upgrading a Zulip
organization" section.
2022-01-21 14:21:02 -08:00
rht 42f46a78e9 docs: Fix grammar problems found by LanguageTool.
With tweaks to security-model.md by tabbott to expand the SSO acronym.

Ignored, but still needs discussion on whether we should exclude this
rule:

```
The word ‘install’ is not a noun.
  ✗ ...ble to connect to the client during the install process:  So you'll need to shut down a...
                                               ^^^^^^^
  ✓ ...ble to connect to the client during the installation process:  So you'll need to shut down a...
  A_INSTALL: a/the + install

The word ‘install’ is not a noun.
  ✗ ...detected at install time will cause the install to abort. If you already have PostgreSQ...
                                               ^^^^^^^
  ✓ ...detected at install time will cause the installation to abort. If you already have PostgreSQ...
  A_INSTALL: a/the + install
```
2022-01-21 14:02:14 -08:00
Alya Abbott ca311e83c8 docs: Fix typos in GSoC guide. 2022-01-21 13:38:30 -08:00
Alya Abbott 19154f81c0
docs: Clarify purpose of zulip-announce. 2022-01-19 15:34:24 -08:00
Eeshan Garg fd303e3b1b docs: Update the release checklist for our PyPI packages. 2022-01-19 13:59:13 -08:00
Alex Vandiver 5f237cb34e puppet: Document that upgrades from Git require 3GB.
The step of rebuilding static assets using webpack requires more than
2G of RAM.
2022-01-19 12:36:44 -08:00
Abhijeet Prasad Bodas 12eb52221b docs: Rename `contributing/gsoc-ideas` -> `contributing/gsoc`.
This page contains a lot of other material related to GSoC than
just project ideas.
We would also want to add a redirect from the old URL to the new
one from the RTD admin page.
2022-01-19 11:35:33 -08:00
Alya Abbott 3659d95092 developer docs: Update GSoC documentation. 2022-01-18 21:16:18 -08:00
Rishabh-792 177931a23d doc: Fix typos in accessibility doc.
Hyphenated open source to open-source.

Capitalized aXe to Axe.
2022-01-11 15:41:08 -08:00
Rishabh-792 6cd8e088e9 doc: Fix typo in zulipbot-usage doc.
Fix a spelling mistake in the zulipbot doc.
2022-01-11 15:40:06 -08:00
Rishabh-792 1ec018d237 doc: Fix typos in code reviewing doc.
Made some spelling and grammatical changes.
2022-01-11 15:40:05 -08:00
Alex Vandiver d328d3dd4d puppet: Allow routing camo requests through an outgoing proxy.
Because Camo includes logic to deny access to private subnets, routing
its requests through Smokescreen is generally not necessary.  However,
it may be necessary if Zulip has configured a non-Smokescreen exit
proxy.

Default Camo to using the proxy only if it is not Smokescreen, with a
new `proxy.enable_for_camo` setting to override this behaviour if need
be.  Note that that setting is in `zulip.conf` on the host with Camo
installed -- not the Zulip frontend host, if they are different.

Fixes: #20550.
2022-01-07 12:08:10 -08:00
Alex Vandiver 2c5fc1827c puppet: Standardize what values are bools, and what true is.
For `no_serve_uploads`, `http_only`, which previously specified
"non-empty" to enable, this tightens what values are true.  For
`pgroonga` and `queue_workers_multiprocess`, this broadens the
possible values from `enabled`, and `true` respectively.
2022-01-07 12:08:10 -08:00
Anders Kaseorg 1696144df7 docs: Consistently hyphenate “self-host” and “self-service”.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-05 16:21:35 -08:00
Alex Vandiver 6218ed91c2 puppet: Use lazy-apps and uwsgi control sockets for rolling reloads.
Restarting the uwsgi processes by way of supervisor opens a window
during which nginx 502's all responses.  uwsgi has a configuration
called "chain reloading" which allows for rolling restart of the uwsgi
processes, such that only one process at once in unavailable; see
uwsgi documentation ([1]).

The tradeoff is that this requires that the uwsgi processes load the
libraries after forking, rather than before ("lazy apps"); in theory
this can lead to larger memory footprints, since they are not shared.
In practice, as Django defers much of the loading, this is not as much
of an issue.  In a very basic test of memory consumption (measured by
total memory - free - caches - buffers; 6 uwsgi workers), both
immediately after restarting Django, and after requesting `/` 60 times
with 6 concurrent requests:

                      |  Non-lazy  |  Lazy app  | Difference
    ------------------+------------+------------+-------------
    Fresh             |  2,827,216 |  2,870,480 |   +43,264
    After 60 requests |  3,332,284 |  3,409,608 |   +77,324
    ..................|............|............|.............
    Difference        |   +505,068 |   +539,128 |   +34,060

That is, "lazy app" loading increased the footprint pre-requests by
43MB, and after 60 requests grew the memory footprint by 539MB, as
opposed to non-lazy loading, which grew it by 505MB.  Using wsgi "lazy
app" loading does increase the memory footprint, but not by a large
percentage.

The other effect is that processes may be served by either old or new
code during the restart window.  This may cause transient failures
when new frontend code talks to old backend code.

Enable chain-reloading during graceful, puppetless restarts, but only
if enabled via a zulip.conf configuration flag.

Fixes #2559.

[1]: https://uwsgi-docs.readthedocs.io/en/latest/articles/TheArtOfGracefulReloading.html#chain-reloading-lazy-apps
2022-01-05 14:48:52 -08:00
BIKI DAS 42dd58cffe
docs: Fix a few typos in documentation. 2021-12-28 09:36:59 -08:00
BIKI DAS c1134a8bda
docs: Fix "should should" typo. 2021-12-28 09:19:04 -08:00
Anders Kaseorg 1d3520db12 webhooks: Remove space from UptimeRobot.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-12-22 14:05:17 -08:00
Anders Kaseorg 68c99511a2 webhooks: Fix TeamCity capitalization.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-12-22 14:05:17 -08:00
Anders Kaseorg 65868b09eb webhooks: Add missing space in Review Board.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-12-22 14:05:17 -08:00
Anders Kaseorg c02c053ec3 webhooks: Fix Mailchimp capitalization.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-12-22 14:05:17 -08:00
Anders Kaseorg cd8a01587b webhooks: Fix Jotform capitalization.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-12-22 14:05:17 -08:00
Anders Kaseorg 3ca2f8ca1e webhooks: Fix Clubhouse capitalization.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-12-22 14:05:17 -08:00
Anders Kaseorg 517ddbc9e6 setup-advanced: Remove misleading python3 symlink suggestion.
One should never have to manually symlink things in /usr/bin,
especially with -f.  That should be managed by the system package
manager.  Indeed, on CentOS 7 and 8, one can simply install the
python3 package and get a working /usr/bin/python3.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-12-16 17:30:04 -08:00
Alya Abbott aaf1258de2 developer docs: Tweak ToS for push notifications wording. 2021-12-14 14:13:34 -08:00
Tim Abbott ee77c6365a portico: Use /help/ style pages for displaying policies.
This replaces the TERMS_OF_SERVICE and PRIVACY_POLICY settings with
just a POLICIES_DIRECTORY setting, in order to support settings (like
Zulip Cloud) where there's more policies than just those two.

With minor changes by Eeshan Garg.
2021-12-10 17:56:12 -08:00
Alex Vandiver 01e8f752a8 puppet: Use certbot package timer, not our own cron job.
The certbot package installs its own systemd timer (and cron job,
which disabled itself if systemd is enabled) which updates
certificates.  This process races with the cron job which Zulip
installs -- the only difference being that Zulip respects the
`certbot.auto_renew` setting, and that it passes the deploy hook.
This means that occasionally nginx would not be reloaded, when the
systemd timer caught the expiration first.

Remove the custom cron job and `certbot-maybe-renew` script, and
reconfigure certbot to always reload nginx after deploying, using
certbot directory hooks.

Since `certbot.auto_renew` can't have an effect, remove the setting.
In turn, this removes the need for `--no-zulip-conf` to
`setup-certbot`.  `--deploy-hook` is similarly removed, as running
deploy hooks to restart nginx is now the default; pass
`--no-directory-hooks` in standalone mode to not attempt to reload
nginx.  The other property of `--deploy-hook`, of skipping symlinking
into place, is given its own flog.
2021-12-09 13:47:33 -08:00
Eeshan Garg 3bab91079f external links: Migrate the rest of /developer-community links.
We recently changed /developer-community to /development-community.
Now that this change is in production, we can also migrate the
external links in our ReadTheDocs documentation.
2021-12-09 12:14:26 -08:00
Alex Vandiver cb2d0ff32b postgresql: Support replication on PostgreSQL >= 11, document.
PostgreSQL 11 and below used a configuration file names
`recovery.conf` to manage replicas and standbys; support for this was
removed in PostgreSQL 12[1], and the configuration parameters were
moved into the main `postgresql.conf`.

Add `zulip.conf` settings for the primary server hostname and
replication username, so that the complete `postgresql.conf`
configuration on PostgreSQL 14 can continue to be managed, even when
replication is enabled.  For consistency, also begin writing out the
`recovery.conf` for PostgreSQL 11 and below.

In PostgreSQL 12 configuration and later, the `wal_level =
hot_standby` setting is removed, as `hot_standby` is equivalent to
`replica`, which is the default value[2].  Similarly, the
`hot_standby = on` setting is also the default[3].

Documentation is added for these features, and the commentary on the
"Export and Import" page referencing files under `puppet/zulip_ops/`
is removed, as those files no longer have any replication-specific
configuration.

[1]: https://www.postgresql.org/docs/current/recovery-config.html
[2]: https://www.postgresql.org/docs/12/runtime-config-wal.html#GUC-WAL-LEVEL
[3]: https://www.postgresql.org/docs/12/runtime-config-replication.html#GUC-HOT-STANDBY
2021-12-03 16:32:41 -08:00
Emilio López baea14ee57 docs: Clarify use of `loadbalancer.ips` when using a reverse proxy.
When Zulip is run behind one or more reverse proxies, you must
configure `loadbalancer.ips` so that Zulip respects the client IP
addresses found in the `X-Forwarded-For` header. This is not
immediately clear from the documentation, so this commit makes it more
clear and augments the existing examples to showcase this need.

Fixes: #19073
2021-12-03 13:59:31 -08:00
Alex Vandiver ab8be84b36 docs: Secret reading is done using RawConfigParser, not ConfigParser.
ConfigParser makes `%` signs require escaping, which is why it is not
used in Zulip, particularly for secrets.
2021-12-02 15:25:04 -08:00
Alex Vandiver 54d037f24a version: Update version and changelog after 4.8 release. 2021-12-01 23:42:11 +00:00
AEsping f6c4f17900 dev docs: Update Jinja translation tag link.
Updates the link to Jinja i18n extension for auto-translation.
2021-11-30 14:36:29 -08:00
AEsping 828313b54a dev docs: Update Jinja translation tag link.
Updates the link to Jinja i18n extension for auto-translation.
2021-11-30 14:36:29 -08:00
AEsping 704c9609ee dev docs: Update Tig link.
Updates the link to the Tig git visualizer.
2021-11-30 14:36:29 -08:00
AEsping 11f2575c31 dev docs: Update "Solo" link.
Fixes the link to "El adveribo <<solo>> y los pronombres
demonstrativos, sin tilde."
2021-11-30 14:36:29 -08:00
AEsping 510b8867a6 dev docs: Update Neil Green link in the reading list.
Fixes the link to the Neil Green presentation on TypeScript
vs Coffee Script vs ES6.

This is a change from slides to a video becasue the slides are
no longer available.
2021-11-30 14:36:29 -08:00
AEsping 55f9178506 dev docs: Update Black link.
Updates the link to the editior integration for Black.
2021-11-30 14:36:29 -08:00
AEsping 5410009a88 prod docs: Update BBB configuration link.
Updates the Big Blue Button customization link for
extracting shared secrets.
2021-11-30 14:36:29 -08:00
Mateusz Mandera 8c1a6f4bba docs: Suggest updating settings.py in OIDC instructions.
OIDC config features a get_secret call (so it requires adding an import)
as well as having a bunch of its instructions in the form of comments on
the various keys of the config dict - thus users should really update
settings.py to fetch all of that.
2021-11-29 15:52:52 -08:00
Alex Vandiver 0ae375e0f9 ci: Test upgrades from the latest minor release. 2021-11-25 08:00:34 -08:00
AEsping 6ad1c5c8ed docs:: Update GSoC application tips.
- Add missing link for GitHub.
- Fix broken links to Matt Ringel's blog post.
- Add link to Julia Evans blog post.
- Add section heading for "Questions Are Important."
- Rearrange some content to fit with new section heading.

With additional tweaks from tabbott:
* Avoid linking to chat.zulip.org not via our documentation.
* Avoid the CZO abbreviation.
2021-11-23 16:05:33 -08:00
Alex Vandiver b982222e03 camo: Replace with go-camo implementation.
The upstream of the `camo` repository[1] has been unmaintained for
several years, and is now archived by the owner.  Additionally, it has
a number of limitations:
 - It is installed as a sysinit service, which does not run under
   Docker
 - It does not prevent access to internal IPs, like 127.0.0.1
 - It does not respect standard `HTTP_proxy` environment variables,
   making it unable to use Smokescreen to prevent the prior flaw
 - It occasionally just crashes, and thus must have a cron job to
   restart it.

Swap camo out for the drop-in replacement go-camo[2], which has the
same external API, requiring not changes to Django code, but is more
maintained.  Additionally, it resolves all of the above complaints.

go-camo is not configured to use Smokescreen as a proxy, because its
own private-IP filtering prevents using a proxy which lies within that
IP space.  It is also unclear if the addition of Smokescreen would
provide any additional protection over the existing IP address
restrictions in go-camo.

go-camo has a subset of the security headers that our nginx reverse
proxy sets, and which camo set; provide the missing headers with `-H`
to ensure that go-camo, if exposed from behind some other non-nginx
load-balancer, still provides the necessary security headers.

Fixes #18351 by moving to supervisor.
Fixes zulip/docker-zulip#298 also by moving to supervisor.

[1] https://github.com/atmos/camo
[2] https://github.com/cactus/go-camo
2021-11-19 15:58:26 -08:00
Alex Vandiver c33562f0a8 puppet: Default to installing smokescreen on application frontends.
This is an additional security hardening step, to make Zulip default
to preventing SSRF attacks.  The overhead of running Smokescreen is
minimal, and there is no reason to force deployments to take
additional steps in order to secure themselves against SSRF attacks.

Deployments which already have a different external proxy configured
will not gain a local Smokescreen installation, and running without
Smokescreen is supported by explicitly unsetting the `host` or `port`
values in `/etc/zulip/zulip.conf`.
2021-11-19 15:29:28 -08:00
Sahil Batra 5024ba98cd misc: Rename "dark mode" to "dark theme".
Fixes part of #20228.
2021-11-18 16:57:11 -08:00
Ankur c578f186b6
docs: Change chat.zulip.org links to zulip.com/developer-community.
This helps increase the probability that folks read the guidelines for how the
chat.zulip.org community works and what streams to use before arriving there.

Fixes #19827.
2021-11-17 22:25:55 -08:00
Tim Abbott c64eebcc9e docs: Mention server_name in existing server nginx docs.
As discussed in the issue, it'd be a helpful hint for folks doing this
to mention this detail.

Fixes #16705.
2021-11-17 16:53:11 -08:00