Commit Graph

278 Commits

Author SHA1 Message Date
Tim Abbott dc05b5c317 docs: Highlight that Zulip now defaults to postgres 12. 2020-06-26 16:26:57 -07:00
Alex Vandiver 16d131bb17 docs: Add an explicit section about upgrading PostgreSQL.
Fixes #15415.
2020-06-26 16:16:12 -07:00
Alex Vandiver c94aed905e docs: Remove one indirection in the docs.
Pointing at Xenial to Bionic, which just points to Bionic to Focal, is
merely an extra hop.
2020-06-26 16:16:12 -07:00
Alex Vandiver 2494d4bcae docs: Repeat the post-upgrade check stanza after each section. 2020-06-26 16:16:12 -07:00
Alex Vandiver da03761871 docs: Clarify that earlier distro upgrades cannot be done with 3.0.
As alluded to in the previous commit, only 3.0 can use the new tooling
-- indeed, it requires it, as the zulip.conf entry must be changed.
Clarify that in the upgrade steps for earlier distributions.
2020-06-26 16:16:11 -07:00
Alex Vandiver f642c7c568 docs: Update Bionic -> Focal database upgrade steps for db tool.
Update the upgrade documentation for the tool added in the previous
step.  Only the Bionic -> Focal upgrade step need be updated, because
none of the other upgrade steps can be run starting from a Zulip 3.0
installation.

Fixes #15415.
2020-06-26 16:07:39 -07:00
Tim Abbott e46bbf18eb docs: Change next planned major release to 3.0.
After some discussion, everyone seems to agree that 3.0 is the more
appropriate version number for our next major release.  This updates
our documentation to reflect that we'll be using 3.0 as our next major
release.
2020-06-24 16:27:27 -07:00
Alex Vandiver 31f1f10501 installer: Halt if wrong version of PostgreSQL is already installed.
49a7a66004 and immediately previous commits began installing
PostgreSQL 12 from their apt repository.  On machines which already
have the distribution-provided version of PostgreSQL installed,
however, this leads to failure to apply puppet when restarting
PostgreSQL 12, as both attempt to claim the same port.

During installation, if we will be installing PostgreSQL, look for
other versions than what we will install, and abort if they are
found.  This is safer than attempting to automatically uninstall or
reconfigure existing databases.
2020-06-24 12:57:38 -07:00
Alex Vandiver 58cb7cecd8 installer: Remove `--remote-postgres`, redundant with `--no-init-db`.
The previous commit removed the only behavior difference between the
two flags; both of them skip user/database creation, and the tables
therein.

Of the two options `--no-init-db` is more explicit as to what it does,
as opposed to just one facet of when it might be used; remove
`--remote-postgres`.
2020-06-24 12:57:38 -07:00
Greg Price baa09f0518 docs: Clarify instructions on setting up email for Apple auth.
This comes after I read through all the linked docs, and went through
the UI to do this registration.
2020-06-23 19:04:26 -07:00
Greg Price 71c995d50d docs: Explain a bit more explicitly how to configure Apple auth.
In particular the Services ID and Bundle ID each have one of Apple's
random-looking 10-character identifiers, in addition to the Java-style
names the admin chooses.  Best to be clear about what names are
supposed to be the chosen names and which are supposed to be the
random-looking assigned names.

(I don't know of any docs elsewhere making this clear -- but I guessed
it'd be this way, and empirically it works.)

Also mention you need to enable the backend. :-)
2020-06-23 19:04:26 -07:00
Greg Price 0021dfe8e7 auth settings: Put Apple "Team ID" before the things it namespaces.
I believe the Bundle ID (aka App ID) and Services ID have meaning only
relative to a specific Team ID.  In particular, in some places in the
developer.apple.com UI, they're displayed in a fully-qualified form
like "ABCDE12345.com.example.app", where "com.example.app" is the
App ID or Services ID and ABCDE12345 is the Team ID.
2020-06-23 19:04:26 -07:00
Greg Price 9b620dfe6c docs: Break up a long sentence in Apple auth instructions.
This also helps keep the actionable part short, by separating
the actionable instruction from the longer parenthetical
explaining what it's for.
2020-06-23 19:04:26 -07:00
Brainrecursion 30eaed0378 saml: Add option to restrict subdomain access based on SAML attributes.
Adds the ability to set a SAML attribute which contains a
list of subdomains the user is allowed to access. This allows a Zulip
server with multiple organizations to filter using SAML attributes
which organization each user can access.

Cleaned up and adapted by Mateusz Mandera to fit our conventions and
needs more.

Co-authored-by: Mateusz Mandera <mateusz.mandera@zulip.com>
2020-06-23 17:14:31 -07:00
Tim Abbott 077c741ef4 docs: Simplify reviewing upgrade notes before upgrading.
This adds a convenient way to review the upgrade notes for all Zulip
releases that one is upgrading across.

I thought about moving all the upgrade notes to a common section, but
in some cases the language is clearly explaining changes in the
release that are not duplicated elsewhere, and I think it reads better
having them inline alongisde related changes.
2020-06-22 15:58:52 -07:00
Anders Kaseorg 62f1a9da26 docs: Use Mozilla recommended SSL settings for Apache.
• Specify disabled rather than enabled protocols, so as not to disable
  TLS 1.3.
• Provide an explicit cipher suite list (Mozilla intermediate config
  version 5.4).
• Respect the browser’s preferred cipher suite ordering over the
  server’s.
• Use FFDHE2048 Diffie-Hellman parameters.
• Disable SSL session tickets.

(SSL stapling is also recommended but SSLStaplingCache cannot be
configured inside a <VirtualHost> block.)

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-14 20:17:12 -07:00
Tim Abbott 365fed531a docs: Remove nginx reverse proxy websockets documentation.
Zulip no longer uses websockets in production, so this code was
unnecessary.
2020-06-14 15:17:32 -07:00
qnxor 6399bccc07 docs: Add Apache2 reverse proxy instructions and example.
Tweaked by tabbott to disable older SSL and remove websockets logic,
which isn't relevant in master.
2020-06-14 15:15:23 -07:00
Tim Abbott a361646221 docs: Fix references to removed puppet rules. 2020-06-14 12:47:22 -07:00
Alex Vandiver 4fe0444108 puppet: Install wal-g, not wal-e. 2020-06-11 15:52:43 -07:00
Tim Abbott f0d8f60b66 help: Add basic documentation of organization owners. 2020-06-10 14:07:46 -07:00
Dinesh dc90d54b08 auth: Add Sign in with Apple support.
This implementation overrides some of PSA's internal backend
functions to handle `state` value with redis as the standard
way doesn't work because of apple sending required details
in the form of POST request.

Includes a mixin test class that'll be useful for testing
Native auth flow.

Thanks to Mateusz Mandera for the idea of using redis and
other important work on this.

Documentation rewritten by tabbott.

Co-authored-by: Mateusz Mandera <mateusz.mandera@zulip.com>
2020-06-09 17:29:35 -07:00
Tim Abbott 5154ddafca docs: Update production supported releases.
Now that we have production support for Ubuntu Focal, we update the
documentation to state our support for it.

(We also drop deprecated Xenial and Stretch from supported platforms).
2020-06-08 22:11:28 -07:00
Tim Abbott 7b8ba5ebd9 docs: Update most remaining references to zulipchat.com.
In some cases, the cleanest tweak is to replace references to the
domain with Zulip Cloud, the product.
2020-06-08 18:10:45 -07:00
Tim Abbott 71078adc50 docs: Update URLs to use https://zulip.com.
We're migrating to using the cleaner zulip.com domain, which involves
changing all of our links from ReadTheDocs and other places to point
to the cleaner URL.
2020-06-08 18:10:45 -07:00
Anders Kaseorg 08ddeca8a5 docs: Fix an incorrect use of i.e.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-08 16:28:05 -07:00
Anders Kaseorg 4d04fa3118 compose: Rewrite Zoom video call integration to use OAuth.
This reimplements our Zoom video call integration to use an OAuth
application.  In addition to providing a cleaner setup experience,
especially on zulipchat.com where the server administrators can have
done the app registration already, it also fixes the limitation of the
previous integration that it could only have one call active at a time
when set up with typical Zoom API keys.

Fixes #11672.

Co-authored-by: Marco Burstein <marco@marco.how>
Co-authored-by: Tim Abbott <tabbott@zulipchat.com>
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2020-06-03 16:39:12 -07:00
Tim Abbott 4d2b1673f8 docs: Replace support@zulipchat.com with support@zulip.com.
The new address is cleaner and shorter.
2020-05-28 08:14:30 +00:00
Mateusz Mandera 501e7c44dc docs: Add instructions for SAML with Okta/OneLogin in /help/.
Tweaked by tabbott to shift how this is organized.
2020-05-28 08:14:30 +00:00
Mateusz Mandera b66dc9de50 saml: Support IdP-initiated SSO. 2020-05-25 16:09:30 -07:00
Alex Vandiver 031260573f docs: Link to section on migrating local -> S3 storage.
This section at the top was clearly written before the documentation
at the bottom existed, and hasn't been updated to point to the
now-existent docs below.

Add the link, rather than directing to #production-help.
2020-05-19 14:08:44 -07:00
Steve Howell 23c2198da3 docs: Use string_id in header. 2020-05-17 21:25:53 -07:00
Steve Howell 35df5f35d8 docs: Keep manual-restore steps sequential. 2020-05-17 21:25:53 -07:00
Tim Abbott 1c1c47b94a docs: Delete discussion of legacy push notifications signup.
This hasn't been used in months; it was only there in case of problems
with the rollout of the automated workflow, so it makes sense to
delete it now.
2020-05-05 15:59:35 -07:00
Vishnu Ks 9a8d0ca9fe docs: Recommend contact page over email wherever possible.
With a few tweaks from tabbott to preserve the enthusiasm for feedback
and de-emphasize twitter as a channel (we give better support
elsewhere).
2020-05-05 15:57:54 -07:00
Tim Abbott 9566905b81 docs: Clarify nginx reverse proxy documentation.
Fixes #14740.
2020-04-26 10:51:39 -07:00
Tim Abbott 1219a2e854 docs: Deprecate support for Xenial and Stretch.
Also make sure our documentation for upgrading is reasonable for
Stretch => Buster.

Our reasoning for deprecating support for these releases is as follows:

* Ubuntu 16.04 Xenial reached desktop EOL last year; and will reach
  EOL on the server in about a year.

* Debian Stretch will each EOL in 2020 (the precise date is unclear in
  Debian's documentation, but based on past precedent it's in the next
  few months, perhaps July 2020).
  https://wiki.debian.org/DebianReleases#Production_Releases

* Both Ubuntu 16.04 and Debian Stretch use Python 3.5 as the system
  Python, which will reach EOL in September 2020 (and we're already
  seeing various third-party dependencies that we use drop support for
  them).

* While there is LTS support for these older releases, it's not clear it's
  going to be worth the added engineering effort for us to maintain EOL
  releases of the base OSes that we support.

* We (now) have clear upgrade instructions for moving to Debian Buster
  and Ubuntu 18.04.
2020-04-16 15:36:18 -07:00
Tim Abbott 724fcc74e8 help: Improve documentation on importing exported organizations.
This should help avoid confusion where some users used the Zulip
backup tool, not the import tool, to try to import their backups.
2020-03-30 13:25:03 -07:00
thoemie 7a48bec189 docs: Document EMAIL_USE_SSL for smtp providers on port 465.
I found the solution by simply trying out EMAIL_USE_SSL and it
worked. I had problems with sending emails (did not work at all, there
wasn't even a connection going on - I checked with tcpdump. Then I
found this: To use port 465, you need to call
smtplib.SMTP_SSL(). Currently, it looks like Django only uses
smtplib.SMTP() (source: https://code.djangoproject.com/ticket/9575).

Fixes #14350.
2020-03-27 00:25:49 -07:00
Anders Kaseorg 7ff9b22500 docs: Convert many http URLs to https.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-03-26 21:35:32 -07:00
Mateusz Mandera f9db77c400 docs: Updated links to python-social-auth docs.
The URL seems to have changed.
2020-03-20 08:54:37 -04:00
Stefan Weil c220b971ae
docs: Fix some typos in documentation (most of them found and fixed by codespell).
Signed-off-by: Stefan Weil <sw@weilnetz.de>
2020-03-17 05:57:10 -07:00
Rike-Benjamin Schuppner bb49a60bd5
docs: Fix type in authentication methods. 2020-03-15 17:55:08 -07:00
Tim Abbott 6c74af4c06 docs: Document our stable release branches.
The experiment with the published 2.1.x tpye branches has been going
well, so we should document the feature.
2020-02-29 11:50:44 -08:00
Tim Abbott b775becc68 docs: Change our security contact to security@.
This has for a while been our only active Google Groups mailing list,
and given that folks will guess security@ as our security contact, we
might as well just standardize on that.

Also tweak some ambiguous text; it wouldn't be appropriate for us to
issue a CVE for e.g. an operational issue only affecting us.
2020-02-26 16:35:29 -08:00
Mateusz Mandera 7814f52d45 docs: Replace links to Django 1.11 docs with 2.2 links. 2020-02-19 11:51:18 -08:00
Tim Abbott 4a36ed6cb2 docs: Advertise support for GitLab authentication. 2020-02-11 14:13:39 -08:00
xpac1985 65fe1a9eed
docs: Add info about zulip-announce RSS feed to install docs.
The mailing list can also be subscribed to via RSS/Atom feeds, I just wanted to make that information easier accessible.
2020-01-31 17:24:43 -08:00
Tim Abbott d356622594 docs: Add link from LDAP docs to invitation docs.
This addresses confusion we had with some organizations where they
were surprised that with only LDAP enabled, the "invite more users"
feature was available.

Fixes #11685.
2020-01-25 23:41:19 -08:00
Tim Abbott d70e799466 bots: Remove FEEDBACK_BOT implementation.
This legacy cross-realm bot hasn't been used in several years, as far
as I know.  If we wanted to re-introduce it, I'd want to implement it
as an embedded bot using those common APIs, rather than the totally
custom hacky code used for it that involves unnecessary queue workers
and similar details.

Fixes #13533.
2020-01-25 22:41:39 -08:00