From 1d3fb1ed7cc240d05562531689505486af6ce587 Mon Sep 17 00:00:00 2001 From: CyberMind-FR Date: Mon, 16 Feb 2026 09:01:11 +0100 Subject: [PATCH] docs: Update tracking files for Nextcloud SSL, WAF rules, mail autoconfig - Nextcloud production deploy with HAProxy SSL - WAF rules for Nextcloud & Roundcube CVEs - Mail client autoconfig DNS and XML endpoint Co-Authored-By: Claude Opus 4.5 --- .claude/HISTORY.md | 25 +++++++++++++++++++++++++ .claude/WIP.md | 27 ++++++++++++++++++++------- 2 files changed, 45 insertions(+), 7 deletions(-) diff --git a/.claude/HISTORY.md b/.claude/HISTORY.md index aabca0a1..c27e77cf 100644 --- a/.claude/HISTORY.md +++ b/.claude/HISTORY.md @@ -1884,3 +1884,28 @@ git checkout HEAD -- index.html - luci-app-nextcloud: +luci-lib-secubox +secubox-app-nextcloud - **Updated ACL** with all new RPCD methods - **Updated menu** to SecuBox path (admin/secubox/services/nextcloud) + +### 2026-02-16: Nextcloud SSL, WAF Rules & Mail Autoconfig + +**Nextcloud Production Deploy:** +- Fixed nginx port conflict (80→8080) to avoid HAProxy collision +- Fixed PHP-FPM socket path to use `php8.2-fpm.sock` +- Fixed nginx routing with rewrite rule for `/apps/*` URLs +- Configured HAProxy SSL: https://cloud.gk2.secubox.in +- Updated mitmproxy routes for direct backend access (port 8080) +- **Commits**: 5b6bf856, 2bc2eac9 + +**WAF Rules for Nextcloud & Roundcube:** +- Added 20 CVE-based rules to `/srv/mitmproxy/waf-rules.json` +- **Nextcloud patterns**: CVE-2023-49791 (Text SSE RCE), CVE-2024-22403 (Dashboard XSS), CVE-2024-37315 (User Enum), CVE-2024-22212 (Federation SQLi) +- **Roundcube patterns**: CVE-2024-37383 (Skin RCE), CVE-2023-5631 (Stored XSS), CVE-2020-35730 (Upload RCE), CVE-2023-43770 (Link XSS) +- Common patterns: path traversal, config file access, script injection + +**Mail Client Autoconfig:** +- DNS records added to `secubox.in.zone`: + - `autoconfig.gk2.secubox.in`, `autodiscover.gk2.secubox.in` (A/AAAA) + - `_imaps._tcp.gk2.secubox.in` SRV 0 0 993 mail.gk2.secubox.in + - `_submission._tcp.gk2.secubox.in` SRV 0 0 587 mail.gk2.secubox.in +- Autoconfig XML at `/.well-known/autoconfig/mail/config-v1.1.xml` +- Mozilla/Thunderbird format with IMAP (993/143) and SMTP (587/465) +- HAProxy vhosts and mitmproxy routes configured diff --git a/.claude/WIP.md b/.claude/WIP.md index 1fa3512b..fe7fa11e 100644 --- a/.claude/WIP.md +++ b/.claude/WIP.md @@ -1,6 +1,6 @@ # Work In Progress (Claude) -_Last updated: 2026-02-15 (PeerTube transcoding fix, GK2 Hub subdomain URLs)_ +_Last updated: 2026-02-16 (Nextcloud SSL, WAF rules, Mail autoconfig)_ > **Architecture Reference**: SecuBox Fanzine v3 — Les 4 Couches @@ -64,12 +64,25 @@ _Last updated: 2026-02-15 (PeerTube transcoding fix, GK2 Hub subdomain URLs)_ ### Just Completed (2026-02-16) -- **Nextcloud LXC Enhancement** — DONE (2026-02-16) - - Migrated from Docker to Debian 12 LXC container - - Full-stack: Nginx, MariaDB, Redis, PHP 8.2-FPM, Nextcloud - - `nextcloudctl` CLI with install/backup/restore/ssl/occ commands - - KISS dashboard with Overview/Backups/SSL/Logs tabs - - RPCD backend with 15 methods +- **Nextcloud LXC Production Deploy** — DONE (2026-02-16) + - Installed on c3box with Debian 12 LXC + - Fixed nginx port conflict (80→8080) with HAProxy + - Fixed PHP-FPM socket path (php8.2-fpm.sock) + - Fixed nginx routing (rewrite to index.php for /apps/*) + - HAProxy SSL configured: https://cloud.gk2.secubox.in + - Mitmproxy routes updated for direct backend access + +- **WAF Rules for Nextcloud & Roundcube** — DONE (2026-02-16) + - Added 20 CVE-based rules to `/srv/mitmproxy/waf-rules.json` + - Nextcloud: CVE-2023-49791, CVE-2024-22403, CVE-2024-37315, etc. + - Roundcube: CVE-2024-37383, CVE-2023-5631, CVE-2020-35730, etc. + - Common attack patterns: path traversal, XSS, SQLi, RCE + +- **Mail Client Autoconfig** — DONE (2026-02-16) + - DNS records: autoconfig.*, autodiscover.*, SRV for _imaps/_submission + - Autoconfig XML at `/.well-known/autoconfig/mail/config-v1.1.xml` + - Mozilla/Thunderbird format with IMAP (993/143) and SMTP (587/465) + - HAProxy vhost and mitmproxy routes configured ### Recently Completed (2026-02-15)