Commit Graph

102 Commits

Author SHA1 Message Date
Tim Abbott a4a25c3e14 docs: Expand security model documentation to cover guests.
This is a pretty minor update, just clarifying the discussion of what
types of users exist.
2018-12-05 17:25:12 -08:00
Anders Kaseorg 9ba860b4f2 Avoid double redirects to /login and then to /login/.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-12-04 16:12:58 -08:00
Tim Abbott 250a2b5164 docs: Fix documentation details for boto configuration.
This fixes a couple key gaps in our documentation of the #9376
workaround.
2018-12-04 13:28:13 -08:00
Tim Abbott e8742f1dd5 docs: Expand documentation for running management commands. 2018-12-03 09:16:05 -08:00
Tim Abbott 1303f8df20 docs: Fix missing quotes in `su zulip -c` documentation.
This fixes an actual user-facing issue in our mobile push
notifications documentation (where we were incorrectly failing to
quote the argument to `./manage.py register_server` making it not
work), as well as preventing future similar issues from occurring
again via a linter rule.
2018-11-30 12:12:27 -08:00
Tim Abbott 72db5d5a48 docs: Document how to setup system postfix email with Zulip. 2018-11-30 12:06:25 -08:00
Tim Abbott df5475996f docs: Add prod auth docs link to dev auth docs.
This should be helpful for folks working on things like a Facebook
OAuth2 integration.
2018-11-29 20:45:02 -08:00
Tim Abbott 0932a27647 docs: Move generic reverse proxy notes further down. 2018-11-28 15:53:54 -08:00
Igor Posledov 7aed0a2a66 docs: Add nginx reverse proxy basic config example. 2018-11-28 15:52:06 -08:00
Bruce 604364eb65 docs: Document how to use Zulip behind an haproxy reverse proxy.
With significant rearrangement by tabbott to have more common text
between different proxy implementations.
2018-11-28 13:56:26 -08:00
Tim Abbott f1f60bc9bb docs: Document how to use AWS SIGv4 with boto.
This is required in some AWS regions.

The right long-term fix is to move to boto3 which doesn't have this
problem.

Allows us to downgrade the priority of #9376.
2018-11-28 12:25:45 -08:00
Tim Abbott 51950ad352 docs: Fix accidental repeat bullet #1 in S3 backend documentation.
Due to missing indentation, the numbering was resetting to 1 rather
than continuing to 6.
2018-11-28 12:19:37 -08:00
Tim Abbott 5f3c8be6d1 docs: Fix some broken links in security model doc.
Apparently, we haven't been running test-documentation in production
of late.
2018-11-28 09:49:39 -08:00
Tim Abbott f1c65975ad docs: Clarify preparatory process for data import.
You need a Zulip server running the a matching version, and no longer
need to do an upgrade from master before using established import tools.
2018-11-14 17:02:33 -08:00
Tim Abbott a2371a96b7 docs: Clarify push registration for running manage.py correctly.
We've had several users get errors running this because they ran it as
a bash script; fix this my making the command super explicit.
2018-11-14 13:07:04 -08:00
Tim Abbott 8ab26df9f0 docs: Link to setup-certbot multiple hostname support. 2018-11-13 12:55:24 -08:00
Rohitt Vashishtha 95ba947f13 setup-cerbot: Allow issuing certificates for multiple domains.
This commit allows specifying Subject Alternative Names to issue certs
for multiple domains using certbot. The first name passed to certbot-auto
becomes the common name for the certificate; common name and the other
names are then added to the SAN field. All of these arguments are now
positional. Also read the following for the certbot syntax reference:

https://community.letsencrypt.org/t/how-to-specify-subject-name-on-san/

Fixes #10674.
2018-11-13 12:47:31 -08:00
Tim Abbott 2f36211fde docs: Document need to enable Universe repository on Ubuntu. 2018-10-31 11:53:24 -07:00
Rishi Gupta 39c56b3ba9 docs: Update security-model.md.
Tweaked by tabbott to fix a few typos and purge use of "realm".
2018-10-19 15:40:36 -07:00
Rishi Gupta f14ed03707 docs: Update import instructions in export-and-import. 2018-10-18 16:22:31 -07:00
Tim Abbott 50be5ceae3 docs: Document our now-official production Docker image. 2018-10-16 15:27:03 -07:00
Tim Abbott 3039f11dd4 docs: Document installing Zulip from GitHub.
This has been unofficially supported for a long time, and is handy for
common use cases, so worth documenting.
2018-10-16 15:19:51 -07:00
Tim Abbott 05b29ea47c docs: Remove production overview page.
This page didn't really add any value over the "Installation" page
after the refactorings we've done in recent time.
2018-10-16 15:10:28 -07:00
Greg Price cbb6692882 prod docs: Say exactly how to test the SSL cert chain.
Users continue to run into this and get confused, certain that there's
no certificate problem.
2018-10-03 16:03:05 -07:00
Rishi Gupta 0d1907fb71 user docs: Add test-mobile-notifications. 2018-09-28 12:09:33 -07:00
Tim Abbott 5064d9dd8a import: Remove documentation of --import-into-nonempty.
This is now the default behavior.
2018-09-27 14:14:51 -07:00
Tim Abbott 41b18c7067 docs: Clean up LDAP docs a bit more.
In particular, this improves:
* The explanation of how data is mapped into Zulip
* The explanation of what is printed out by `manage.py query_ldap`
* Makes sure users create their first account with EmailAuthBackend.
2018-09-27 13:38:14 -07:00
Tim Abbott a943e55863 docs: Move LDAP documentation out of plug-and-play section.
Also update the links to this section.
2018-09-27 13:38:14 -07:00
Greg Price a612049ac4 docs: Expand on LDAP config; try to clarify "username" concept.
The term "username" confusingly refers both to the Django concept of
"username" (meaning "the name the user types into the login form") and
a concept the admin presumably already has in their existing
environment; which may or may not be the same thing, and in fact this
is where we document the admin's choice of whether and how they should
correspond.  The Django concept in particular isn't obvious, and is
counterintuitive when it means something like an email address.

Explicitly explain the Django "username" concept, under the name of
"Zulip username" to take responsibility for our choice of how it's
exposed in the settings interface.  Then use an explicit qualifier,
like "LDAP username", whenever referring to some other notion of
username.  And make a pass over this whole side of the instructions,
in particular for consistent handling of these concepts.
2018-09-27 13:20:10 -07:00
Greg Price 6f23d2f691 docs: Make a pass over LDAP config/setup docs.
Expand on a few things that tend to confuse people (especially the
`%(user)s` thing); move the `LDAPSearchUnion` example out to docs;
adjust the instructions to fit a bit better in their new docs/ home.
2018-09-27 13:20:10 -07:00
Greg Price e7737c6342 docs: Move prose LDAP instructions out of settings template.
This makes it easier to iterate on these, and to expand supplemental
information (like troubleshooting, or unusual configurations) without
further straining the already-dauntingly-long settings.py.

It also makes it easier to consult the instructions while editing the
secrets file, or testing things, etc. -- most admins will find it more
natural to keep a browser open somewhere than a second terminal.
2018-09-27 13:20:10 -07:00
Greg Price 9dbb5561b1 docs: Use `sudo -s` to get a root shell without changing directory.
The `-i` is for "initial", creating a login shell -- which means
cd'ing to root's homedir.  That defeats the line after this one.
2018-09-25 13:15:06 -07:00
Rishi Gupta a04d1e3d98 docs: Update intros to production install pages.
We should cut to the chase where we can.
2018-08-21 11:32:16 -07:00
Tim Abbott c6bbb9a8d4 docs: Improve cross-linking between export/import and backups.
Now that we have nice documentation for our export/import tools, we've
been seeing a lot of users trying to use that as their primary backup
process.  Let's correct this.
2018-08-07 14:50:38 -07:00
Tim Abbott 3cbdb1efc7 docs: Document that minify-js can OOM kill during an upgrade. 2018-08-03 15:13:40 -07:00
Tim Abbott f336f58b81 docs: Expand documentation of running Zulip behind a reverse proxy. 2018-08-02 08:38:56 -07:00
Tim Abbott 35cb7528f9 models: Add new UserMessage flag active_mobile_push_notification.
This flag is used to track which user/message pairs correspond to an
active mobile push notification, that should potentially be cleared
when the user reads the message.

This flag should never appear on a message that is also marked as
read; eventually we may want a cron job to check for that condition.

We include a partial index on UserMessage for this flag.
2018-08-01 16:51:56 -07:00
Shubham Padia bf6dc4472b models: Add is_private flag to UserMessage and add index for it.
The is_private flag is intended to be set if recipient type is
'private'(1) or 'huddle'(3), otherwise i.e if it is 'stream'(2), it
should be unset.

This commit adds a database index for the is_private flag (which we'll
need to use it). That index is used to reset the flag if it was
already set. The already set flags were due to a previous removal of
is_me_message flag for which the values were not cleared out.

For now, the is_private flag is always 0 since the really hard part of
this migration is clearing the unspecified previous state; future
commits will fully implement it actually doing something.

History: Migration rewritten significantly by tabbott to ensure it
runs in only 3 minutes on chat.zulip.org.  A key detail in making that
work was to ensure that we use the new index for the queries to find
rows to update (which currently requires the `order_by` and `limit`
clauses).
2018-07-30 15:43:55 -07:00
Tim Abbott b53463d6a4 docs: Remove use of multi-line 'su zulip' in docs.
It turns out this confused people into trying to run both pieces in
one line.
2018-07-30 13:38:55 -07:00
Rishi Gupta 5e7fd3a3cf docs: Move server import and export from /help to readthedocs. 2018-07-27 10:37:50 -07:00
Aditya Bansal 9b485f3ef4 auth: Fix bug with subdomains and GitHub auth causing apparent logouts.
This adds a new settings, SOCIAL_AUTH_SUBDOMAIN, which specifies which
domain should be used for GitHub auth and other python-social-auth
backends.

If one is running a single-realm Zulip server like chat.zulip.org, one
doesn't need to use this setting, but for multi-realm servers using
social auth, this fixes an annoying bug where the session cookie that
python-social-auth sets early in the auth process on the root domain
ends up masking the session cookie that would have been used to
determine a user is logged in.  The end result was that logging in
with GitHub on one domain on a multi-realm server like zulipchat.com
would appear to log you out from all the others!

We fix this by moving python-social-auth to a separate subdomain.

Fixes: #9847.
2018-07-10 16:49:00 +05:30
Tim Abbott ddc2ef2ce8 docs: Point Docker users to the Docker upgrade docs.
The normal instructions don't make sense for the Docker image.
2018-07-01 06:58:44 -07:00
Jack Zhang 781e995865 docs: Fix typos in mobile-push-notifications. 2018-06-30 13:48:01 -07:00
Vishnu Ks 0212113569 docs: Document ADD_TOKENS_TO_NOREPLY_ADDRESS in email.md.
Rewritten and moved by tabbott.
2018-06-23 12:03:30 -07:00
Eeshan Garg 0a43e5e257 Replace all user-facing references to "invite-only" with "private".
Fixes #9611.
2018-06-12 13:37:45 -04:00
Tim Abbott 427c43723c docs: Document disabling unattended-upgrades.
I don't think this is exactly the right place to document this, but
I'm not sure there's a better one without some restructuring this page
in general (which would probably have value).

Fixes #8769.
2018-06-05 08:45:42 -07:00
Tim Abbott 40635beb23 docs: Document production support for Debian Stretch and Ubuntu Bionic.
Fixes #9197.
2018-06-05 08:09:29 -07:00
Tim Abbott b7af4c2162 docs: Update multiple organization docs to clarify root domain story.
Previously, we made it seem like it was a good idea to use a subdomain
and a root domain at the same time.
2018-05-31 12:18:41 -07:00
Sampriti Panda 018a33ff7c send_test_email: Send email from NOREPLY address as well.
Tweaked by tabbott to also set different subject lines, to make it
easier to see that one got 2 emails.
2018-05-27 22:18:44 -07:00
Abhigyan Khaund fda786952e documentation: Migrate all CZO stream links to new stream URL style
This includes changes like changing CZO stream URLs from new.20members
to 95-new-members.
2018-05-24 15:15:34 -07:00