WIthout this directive apache will try other default/global DirectoryIndex files resulting in useless file access/error messages in logs
```
[Sun Mar 07 14:04:25.383960 2021] [authz_core:error] [pid 946:tid 139985284290304] [client 10.0.0.1:42616] AH01630: client denied by server configuration: /var/www/links.example.org/index.html
[Sun Mar 07 14:04:25.384293 2021] [authz_core:error] [pid 946:tid 139985284290304] [client 10.0.0.1:42616] AH01630: client denied by server configuration: /var/www/links.example.org/index.cgi
[Sun Mar 07 14:04:25.384465 2021] [authz_core:error] [pid 946:tid 139985284290304] [client 10.0.0.1:42616] AH01630: client denied by server configuration: /var/www/links.example.org/index.pl
```
(in documentation)
For security purpose, block access to any static file not matching the list of allowed extensions.
It allows us to remove the specific retriction on dotfiles, and fix Apache part of #1608.
Both in documentation and Docker image.
For security purpose, it no longer allow to access static files through
the main nginx *location*. Static files are served if their extension
matches the whitelist.
As a side effect, we no longer need specific restrictions, and
therefore it fixes the nginx part of #1608.
- Shaarli can be fully used by prefixing any URL with /index.php/
- {$base_path} used in templates already works with this configuration
- Assets path (outside of theme's assets) must be prefixed with {$root_url}/
- Documentation section in « Server configuration »
Fixes#1590
- standardize page names, rework documentation structure, update TOC
- use same example paths everywhere
- level 1 titles on all pages
- fix broken links
- .md suffix on all page links (works both from readthedocs and github repository views)
**Server:**
A full and concise installation guide with examples is a frequent request. The documentation should provide such a guide for basic installation needs, while explaining alternative/advanced configuration at the end. Links to reference guides and documentation should be used more frequently to avoid recommending an outdated or excessively complex configuration.
- server: move most server-related info to server-configuration.md, cleanup/shorten
- server: update list of php dependencies/libraries, link to composer.json
- server: installation: support 3 install methods (from release zip, from sources, using docker)
- server: installation: use rsync instead of mv as mv results will change depending of taget directory already existing or not
- server: add example/basic usage of certbot
- server, upgrade, installation: update file permissions setup, use sudo for upgrade operations in webserver document root
- server: apache: add comments to configuration, fix and factorize file permissions setup, set cache-control header, deny access to dotfiles, add missing apache config steps, add http->https redirect example
- server: nginx: refactor nginx configuration, add comments, DO log access to denied/protected files
- server: add links to MDN for x-forwarded-* http headers explanation, cleanup/clarify robots.txt and crawlers section
- server: bump file upload size limit to 100MB we have reports of bookmark exports weighing +40MB - i have a 13MB one here
- server: simplify phpinfo documentation
- server: move backup and restore information to dedicated page
- docker: move all docker docs to Docker.md, simplify/ docker setup, add docker-compose.yml example, replace docker-101 with docker cheatsheet
- troubleshooting: move all troubleshooting documentation to troubleshooting.md
**Usage:**
- index: add getting started section on index page
- features/usage: move all usage-related documentation to usage.md, add links from the main feature list to corresponding usage docs, clarify/reword features list
- shaarli configuration: add note about configuring from web interface
**Removed:**
- remove obsolete/orphan images
- remove obsolete shaarchiver example
- remove outdated "decode datastore content" snippet
**Development:**
- development: move development-related docs (static analysis, CI, unit tests, 3rd party libs, link structure/directory, guidelines, security....) to dev/ directory
- development: Merge several pages to development.md
- **Breaking change?:** remove mentions of 'stable' branch, switch to new branch/release model (master=latest commit, release=latest tag)
- **Breaking change?:** refer to base sharing unit as "Shaare" everywhere (TODO: reflect changes in the code?) doc: update featues list/link to usage.md for details
- development: directory structure: add note about required file permissions
- .travis-ci.yml: add comments
- .htaccess: add comment
Without php-json the installation stops with a white screen and the following error:
> 09-Nov-2019 14:05:46 UTC] PHP Fatal error: Uncaught Error: Call to undefined function Shaarli\Config\json_encode() in /var/www/html/shaarli/application/config/ConfigJson.php:48
> Stack trace:
> #0 /var/www/html/shaarli/application/config/ConfigManager.php(239): Shaarli\Config\ConfigJson->write('data/config.jso...', Array)
> #1 /var/www/html/shaarli/index.php(1835): Shaarli\Config\ConfigManager->write(false)
> #2 /var/www/html/shaarli/index.php(178): install(Object(Shaarli\Config\ConfigManager), Object(Shaarli\Security\SessionManager), Object(Shaarli\Security\LoginManager))
> #3 {main}
> thrown in /var/www/html/shaarli/application/config/ConfigJson.php on line 48
Tested with Shaarli 0.10.4 on CentOS 8 with Httpd 2.4.37 and PHP 7.2.11.
This adds a dedicated manager class to handle all ban interactions, which is instantiated and handled by LoginManager.
IPs are now stored in the same format as the datastore, through FileUtils.
Fixes#1032#587
* rework/simplify server configuration/requirements pages (consolidate/simplify SSL/TLS/apache configuration)
* update index.md introduction
* remove external images (badges)
* Fix COPYING link and documentation links
* Update features list
* dedpulicate information
* remove server-requirements.md and move relevant doc to other files
* TODO: rework nginx configuration (single configuration example, with commented out blocks for special cases)
* TODO: consolidate download/install/configuration pages
* remove blank lighttpd configuration section
* remove Required? column for composer packages, all libraries are mandatory
* php 7.2 compatibilty
* clarify that certbot binary and paths may vary depending on install method
This is mainly cleanup after switching from Github-flavoured Markdown
rendered by Github Pages, to standard Markdown rendered by MkDocs.
Changed:
- rephrase some section titles
Fixed:
- list rendering (items, sub-items))
- code rendering
- quotes
- dead links
Removed:
- extraneous navigational elements
Signed-off-by: VirtualTam <virtualtam@flibidi.net>