Ops One AG | Status

Managed Server Version 5: php update, scheduled 7 years ago

php70 and php72 was updated to the latest version.

php70/unknown 7.0.29-ops-4608 amd64 [upgradable from: 7.0.28-ops-4141]
ops-php72/unknown 7.2.4-ops-4607 amd64 [upgradable from: 7.2.3-ops-4262]

Managed Server Version 5: nodejs update, scheduled 7 years ago

Multiple vulnerabilities were discovered in nodejs. We have updated nodejs 6 to the latest version.

nodejs/unknown 6.14.0-1nodesource1 amd64 [upgradable from: 6.13.1-1nodesource1]
Changelog: https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.14.0

New Cockpit Version: CSV export and monthly email invoice

Features

Export invoice or billing preview as csv
Monthly invoice (pdf and csv) is sent to customers email address

Managed Server Version 5: Monitoring processes per user

On servers with many websites, its hard to identify the users responsible for a given workload. Therefore, we added a check which will monitor the number of processes running for each user.

Managed Server Version 5: add global nginx config to disallow access to certain TYPO3 locations, scheduled 7 years ago

After removing a whole deny block yesterday, we discovered that this might led to open access to certain directories we missed in our previous investigation.

Therefore, we have added the following location to the global nginx configuration again:

location ~* "(?i)((.*typo3(conf)?)\/(|.*\/)((private|test|build)\/).*)" {
  deny all;
}

Managed Server Version 5: remove global nginx config for TYPO3 secure_downloads extension, scheduled 7 years ago

We have removed the following location from our global nginx configuration:

location ~* "(^|/)(typo3(conf)?(/.*|)/(private|tests|build)|secure_[^/]+|(?!css_secure)[^/]*_secure|\.)/" {
  deny all;
}

The configuration was originally created for the TYPO3 extension secure_downloads, but was never documented. As we ran into some problems with other applications, and this setting was required for a very limited number of sites, we decided to remove it altogether. We talked to all affected customers already and applied custom configurations on every affected website.

As of now, please add corresponding deny rules within the local configuration if you want to protect a certain directory.

Managed Server Version 5: Optimize settings for php72 type

After using the php72 type for a few weeks, we discovered several areas for improvement:

enable PATH, TMP, TMPDIR and TEMP environment variables which are good practice and required for some applications (e.g. Nextcloud)
enable APCu extension
enable opcache.enable_cli
change opcache.memory_consumption from 128M to 128

Managed Server Version 5: ajust PHP binary path for wordpress70 cronjobs

By now, the cronjob definition of our wordpress70 type used the same configuration as the wordpress type. This had led to the usage of PHP 5.6 for wordpress70 cronjobs on servers where this version was installed due to other websites, while the cronjob did not run altogether on any other systems.

This change implements a dedicated cron configuration for the wordpress70 type with the correct PHP version.

No incidents reported

Past Incidents

Thursday 29th March 2018

Wednesday 28th March 2018

Features

Tuesday 27th March 2018

Monday 26th March 2018

Sunday 25th March 2018

Saturday 24th March 2018

Friday 23rd March 2018