turnkey-nginx-php-fastcgi-18.0 (1) turnkey; urgency=low * Ensure hashfile includes URL to public key - closes #1864. * Include webmin-logviewer module by default - closes #1866. * Upgraded base distribution to Debian 12.x/Bookworm. * Debian default PHP updated to v8.2. * Use MariaDB (MySQL replacement) v10.11.3 (from debian repos). * Configuration console (confconsole): - Support for DNS-01 Let's Encrypt challenges. [ Oleh Dmytrychenko github: @NitrogenUA ] - Support for getting Let's Encrypt cert via IPv6 - closes #1785. - Refactor network interface code to ensure that it works as expected and supports more possible network config (e.g. hotplug interfaces & wifi). - Show error message rather than stacktrace when window resized to incompatable resolution - closes #1609. [ Stefan Davis ] - Bugfix exception when quitting configuration of mail relay. [ Oleh Dmytrychenko github: @NitrogenUA ] - Improve code quality: implement typing, fstrings and make (mostly) PEP8 compliant. [Stefan Davis & Jeremy Davis * Firstboot Initialization (inithooks): - Refactor start up (now hooks into getty process, rather than having it's own service). [ Stefan Davis ] - Refactor firstboot.d/01ipconfig (and 09hostname) to ensure that hostname is included in dhcp info when set via inithooks. - Package turnkey-make-ssl-cert script (from common overlay - now packaged as turnkey-ssl). Refactor relevant scripts to leverage turnkey-ssl. - Refactor run script - use bashisms and general tidying. - Show blacklisted password characters more nicely. - Misc packaging changes/improvements. - Support returning output from MySQL - i.e. support 'SELECT'. (Only applies to apps that include MySQL/MariaDB). * Web management console (webmin): - Upgraded webmin to v2.0.21. - Removed stunnel reverse proxy (Webmin hosted directly now). - Ensure that Webmin uses HTTPS with default cert (/etc/ssl/private/cert.pem). - Disabled Webmin Let's Encrypt (for now). * Web shell (shellinabox): - Completely removed in v18.0 (Webmin now has a proper interactive shell). * Backup (tklbam): - Ported dependencies to Debian Bookworm; otherwise unchanged. * Security hardening & improvements: - Generate and use new TurnKey Bookworm keys. - Automate (and require) default pinning for packages from Debian backports. Also support non-free backports. * IPv6 support: - Adminer (only on LAMP based apps) listen on IPv6. - Nginx/NodeJS (NodeJS based apps only) listen on IPv6. * Misc bugfixes & feature implementations: - Remove rsyslog package (systemd journal now all that's needed). - Include zstd compression support. - Enable new non-free-firmware apt repo by default. - Improve turnkey-artisan so that it works reliably in cron jobs (only Laravel based LAMP apps). -- Jeremy Davis Mon, 16 Oct 2023 03:20:27 +0000 turnkey-nginx-php-fastcgi-17.1 (1) turnkey; urgency=low * Updated all Debian packages to latest. [ autopatched by buildtasks ] * Patched bugfix release. Closes #1734. [ autopatched by buildtasks ] -- Jeremy Davis Tue, 12 May 2022 01:41:55 +0000 turnkey-nginx-php-fastcgi-17.0 (1) turnkey; urgency=low * Updated all relevant Debian packages to Bullseye/11 versions; including PHP 7.4. * Now using default Debian PHP-FPM config (previously we supplied our own custom fastcgi service and setup). * Provide predefined dh_params (via 'turnkey-make-ssl-cert' where relevant) as per RFC7919 - part of #1653. * Use default Debian PHP-FPM config (previously we supplied our own custom fastcgi service and setup). * Prepare HSTS and OCSP stapling configuration (not fully enabled by default - as requires valid SSL/TLS cert). * Updated version of mysqltuner script. * Refactored config files to be consistent with upstream/Debian defaults. * Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance. -- Jeremy Davis Wed, 06 Apr 2022 05:06:02 +0000 turnkey-nginx-php-fastcgi-16.1 (1) turnkey; urgency=low * Note: Please refer to turnkey-core's 16.1 changelog for changes common to all appliances. Here we only describe changes specific to this appliance. -- Jeremy Davis Tue, 23 Feb 2021 16:17:50 +1100 turnkey-nginx-php-fastcgi-16.0 (1) turnkey; urgency=low * Explcitly disable TLS<1.2 (i.e. SSLv3, TLSv1, TLSv1.1). (v15.x TurnKey releases supported TLS 1.2, but could fallback as low as TLSv1). * Update SSL/TLS cyphers to provide "Intermediate" browser/client support (suitable for "General-purpose servers with a variety of clients, recommended for almost all systems"). As provided by Mozilla via https://ssl-config.mozilla.org/. * Updated all relevant Debian packages to Buster/10 versions; including PHP 7.3. * Updated version of mysqltuner script - now installed as per upstream recommendation. * Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance. -- Jeremy Davis Wed, 06 May 2020 12:59:18 +1000 turnkey-nginx-php-fastcgi-15.1 (1) turnkey; urgency=low * Rebuild to resolve inadvertant removal of mariadb during sec-updates - part of #1246. -- Jeremy Davis Wed, 21 Nov 2018 18:29:07 +1100 turnkey-nginx-php-fastcgi-15.0 (1) turnkey; urgency=low * Install Adminer directly from stretch/main repo * Provide "adminer" root-like user for Adminer MySQL access * Replace MySQL with MariaDB (drop-in MySQL replacement) * Includes PHP7.0 (installed from Debian repos) * Updated PHP default settings * Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance. -- Vlad Kuzmenko Tue, 19 Jun 2018 03:41:42 +0300 turnkey-nginx-php-fastcgi-14.2 (1) turnkey; urgency=low * Installed security updates. * Updated Adminer to 4.2.5 * Updated to use Adminer configuration from TurnKey common. * Removed php-xcache (opcache enabled by default in php). * Hardened fastcgi_params as per issue #685 (httpoxy). As httpoxy is already mitigated in Debian's PHP package, this is not strictly required, but does. provide additional security for edge cases. * Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance. -- Stefan Davis Wed, 19 Apr 2017 10:42:17 +1000 turnkey-nginx-php-fastcgi-14.1 (2) turnkey; urgency=medium * Modified fastcgi_params as part of issue #685 (httpoxy) -- Stefan Davis Tue, 16 Aug 2016 05:36:22 +1000 turnkey-nginx-php-fastcgi-14.1 (1) turnkey; urgency=low * Installed security updates. * Installed updated packages from TurnKey repo - includes relevant Webmin packages (v1.780) * Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance. -- Jeremy Davis Tue, 01 Mar 2016 16:28:46 +1100 turnkey-nginx-php-fastcgi-14.0 (1) turnkey; urgency=low * Latest Debian Jessie package version of all components. * Adminer replaces phpMyAdmin for MySQL DB administration. * Hardened default SSL config. * Note: Please refer to turnkey-core's changelog for changes common to all' appliances. Here we only describe changes specific to this appliance. -- Jeremy Davis Mon, 06 Jul 2015 16:25:17 +1000 turnkey-nginx-php-fastcgi-13.0 (1) turnkey; urgency=low * Latest Debian Wheezy package version of all components. * Nginx PHP FastCGI: - Bugfix: Verify php-fastcgi socket directory exists [#120]. * Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance. -- Alon Swartz Thu, 10 Oct 2013 18:35:44 +0300 turnkey-nginx-php-fastcgi-12.1 (1) turnkey; urgency=low * Latest Debian Squeeze package version of all components. * Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance. -- Alon Swartz Sun, 07 Apr 2013 08:00:00 +0200 turnkey-nginx-php-fastcgi-12.0 (1) turnkey; urgency=low * Initial public release of TurnKey Nginx PHP FastCGI Server, based on TKLPatch submitted by Basil Kurian. * Nginx configured to proxy PHP request to PHP-FastCGI daemon. * Includes TurnKey Web Control panel with links to useful references and resources (convenience). * Regenerates all secrets during installation / firstboot (security). * MySQL related: - Set MySQL root password on firstboot (convenience, security). - Force MySQL to use Unicode/UTF8. - Includes PhpMyAdmin (listening on port 12322 - uses SSL). * SSL support out of the box. * Includes php-xcache PHP opcode cacher / optimizer (performance). * Includes postfix MTA (bound to localhost) for sending of email (e.g. password recovery). Also includes webmin postfix module for convenience. * Major component versions nginx 0.7.67-3+squeeze2 mysql-server 5.1.63-0+squeeze1 phpmyadmin 4:3.3.7-7 * Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance. -- Alon Swartz Wed, 01 Aug 2012 08:00:00 +0200