In this release we made a couple of minor changes to our configurations on Hypernode.
Increased the server_names_hash_bucket_size to 128
The server_names_hash_bucket_size
NGINX config value was increased from 64 to 128 as it was causing issues with longer domain names. For example previously trying to generate an SSL configuration for domains of a certain length could result in a configuration validation error.
~$ cat .dehydrated/domains.txt
cj8iml-vdloo-magweb-cmbl.nodes.hypernode.io
~/nginx$ cat nginx_error_output
nginx: [emerg] could not build server_names_hash
nginx: configuration file /etc/nginx/nginx.conf test failed
This issue has now been resolved.
Disabled OCSP_MUST_STAPLE
in the pre-installed Let’s Encrypt client configuration
OCSP_MUST_STAPLE is now disabled by default in the dehydrated configuration. This feature was causing some issues in various versions of FireFox.
If you noticed the following warning message while using a Let’s Encrypt certificate it was probably related to this issue.
We are now testing a new configuration so that we can re-enable this feature again as the standard configuration but until then you can configure it for yourself if you want to by creating a user specific dehydrated config file like so:
cp /etc/dehydrated/config /the/working/dir/where/you/run/dehydrated/
# edit config and add the following line
OCSP_MUST_STAPLE="yes"
Take note that if you do so, future changes to that globally installed config file will not be propagated to your custom configuration.
Installed the fonts-droid package
As requested by Peter Jaap from Elgentos this package is now available. This means that the following fonts are now pre-installed:
# dpkg -L fonts-droid | grep ttf
/usr/share/fonts/truetype/droid/DroidSans-Bold.ttf
/usr/share/fonts/truetype/droid/DroidSans.ttf
/usr/share/fonts/truetype/droid/DroidSansArabic.ttf
/usr/share/fonts/truetype/droid/DroidSansFallback.ttf
/usr/share/fonts/truetype/droid/DroidSansHebrew.ttf
/usr/share/fonts/truetype/droid/DroidSansJapanese.ttf
/usr/share/fonts/truetype/droid/DroidSansMono.ttf
/usr/share/fonts/truetype/droid/DroidSansThai.ttf
/usr/share/fonts/truetype/droid/DroidSerif-Bold.ttf
/usr/share/fonts/truetype/droid/DroidSerif-BoldItalic.ttf
/usr/share/fonts/truetype/droid/DroidSerif-Italic.ttf
/usr/share/fonts/truetype/droid/DroidSerif-Regular.ttf
Small change to the app SPF record
The record is now less restrictive. The ?all
modifier was added.
dig TXT spf.vdloo.hypernode.io | grep spf
; <<>> DiG 9.10.3-P4-Ubuntu <<>> TXT spf.vdloo.hypernode.io
;spf.vdloo.hypernode.io. IN TXT
spf.vdloo.hypernode.io. 599 IN TXT "v=spf1 ip4:some_ip/24 include:spf.byte.nl ?all"
Also the _spf.hypernode.com
is being deprecated. It was invalid due to it causing too many DNS lookups.