You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Nginx default host 404 — requests to unconfigured domains (e.g. server IP with random paths) now always serve the "Server Up" page instead of the default nginx 404 error; uses rewrite instead of try_files for reliable catch-all behavior
cipi ssh list / cipi ssh remove silent exit — both commands printed the header but no keys; caused by ((i++)) returning exit code 1 when i=0 (post-increment evaluates to 0 = falsy) under set -euo pipefail; fixed with || true guard on all arithmetic increments
SSH key comment stripped on setup — collect_ssh_key() used awk '{print $1, $2}' to sanitize input, discarding the comment field (third+ column); keys added during install were always stored without their original comment
Changed
PAM auth notifications — now include SSH key fingerprint/comment for both sudo and SSH login alerts; key is resolved via ExposeAuthInfo + SSH_USER_AUTH
SSH access model — replaced AllowUsers cipi with group-based access (AllowGroups cipi-ssh cipi-apps); cipi user remains key-only; app users can now SSH directly with username and password via Match Group cipi-apps block that enables PasswordAuthentication selectively
Added
App lifecycle notifications — email alerts on app create, edit, and delete; includes server hostname, app name, domain, PHP version, and change details; sensitive data (passwords, tokens, keys) is never included
cipi app reset-password <app> — regenerate the SSH password for an app's Linux user; displays new password once and sends email notification
cipi app reset-db-password <app> — regenerate the MariaDB password for an app user; automatically updates DB_PASSWORD in the app's .env file
cipi reset root-password — regenerate the root SSH password and update server.json in the vault
cipi reset db-password — regenerate the MariaDB root password and update server.json in the vault
cipi reset redis-password — regenerate the Redis password, restart Redis, and update server.json in the vault; warns about updating app .env files
cipi ssh rename [number] [name] — set or change the display name of an SSH key; updates the comment field in authorized_keys; interactive selection if called without arguments
Security
Sudoers hardening — www-data sudo access restricted from wildcard (cipi *) to an explicit whitelist of API commands only (app create/edit/delete, deploy, alias add/remove, ssl install, cat apps.json); prevents privilege escalation from a compromised PHP process
Command injection fix — replaced unsafe eval with printf -v in read_input() and parse_args() (common.sh); user input is no longer interpreted by the shell
Sed injection fix — branch and repository values are now escaped before interpolation in sed commands (app.sh); prevents injection via special characters (|, &, \)
API command whitelist — CipiCliService now validates commands against an ALLOWED_COMMANDS whitelist before executing sudo cipi; provides defence-in-depth alongside sudoers
