New Cockpit Version: New website types and a more clarified monthly invoice
Added new website types for generation 6 Servers
Display IPv6 address in the servers network interfaces tab
Remove ssh key from all servers and websites of a customer when user is removed from that customer
Display Balance on the monthly invoice
ID's in HTML can not start with a number
Different structure of the network interfaces for hiera
Forbid test as website name
Better parsing of EPP messages
Managed Server Version 5: move global security settings into dedicated configuration file
To deny access to certain private files and directories like .git, we used some custom locations defined on each website. Those locations where defined directly within the vhost configuration, but after the custom configuration include to allow overrides for certain setups.
Due to the predefined nginx location block selection order, it is possible to override our security locations by mistake, especially when defining a own location for everything (like location ~* ^/), which will disable processing of any following regex locations used in our security configuration.
To avoid misconfigurations leading to open access to private files, we took the following precautions:
security locations moved into their own file /etc/nginx/custom/security.conf, which can be included in custom locations as well
automatic check to find custom locations without included security configuration
automatic check to scan for secret files over HTTP
Please include the new security configuration within affected locations like described within our updated documentation. Additionally, we will contact all customer with affected configurations over the next few days.