Merge branch 'master' into patch-1

Author: poespas

.gitignore

@@ -7,5 +7,6 @@ pub
 .ssh
 .vscode
 *.css.map
+*.br
 deployment-report.json
 build/

README.md

@@ -3,7 +3,7 @@
 ## Generating new docs
 
 ```bash
-DOC_URL=https://support.hypernode.com/en/ecommerce/magento-1/how-to-enable-mysql-query-logging-for-magento-1-x
+DOC_URL=https://docs.hypernode.com/en/ecommerce/magento-1/how-to-enable-mysql-query-logging-for-magento-1-x
 bin/download_doc --output-dir=docs/ecommerce-applications $DOC_URL
 ```
 

deploy.php

@@ -4,10 +4,7 @@
 
 namespace Hypernode\DeployConfiguration;
 
-use function Deployer\after;
-use function Deployer\run;
-use function Deployer\task;
-use function Deployer\test;
+use function Deployer\{run, task, test, within, set};
 
 $DOCKER_HOST = '172.17.0.2';
 $DOCKER_WEBROOT = sprintf('/data/web/apps/%s/current/pub', $DOCKER_HOST);
@@ -43,7 +40,7 @@
 
 # Build the documentation
 task('python:build_documentation', static function () {
-    run('source .venv/bin/activate && bin/build_docs');
+    run('.venv/bin/sphinx-build -b html docs docs/_build/html');
     run('ln -sf docs/_build/html pub');
 });
 
@@ -74,12 +71,29 @@
     run('cp {{release_path}}/etc/nginx/server.redirects.conf /data/web/nginx/server.redirects.conf');
 });
 
+// This will pre-compress files using brotli compression so we can serve them directly from nginx
+// without needing to compress them on-the-fly.
+task('build:compress:brotli', function () {
+    set('brotli_compression_level', 11);
+
+    run('apt update && apt install brotli -y');
+    within('{{release_or_current_path}}/docs/_build/html', function () {
+        run('find . -name "*.html" -type f -exec brotli -f -q {{brotli_compression_level}} {} \\;');
+        run('find . -name "*.css" -type f -exec brotli -f -q {{brotli_compression_level}} {} \\;');
+        run('find . -name "*.js" -type f -exec brotli -f -q {{brotli_compression_level}} {} \\;');
+        run('find . -name "*.svg" -type f -exec brotli -f -q {{brotli_compression_level}} {} \\;');
+        run('find . -name "*.png" -type f -exec brotli -f -q {{brotli_compression_level}} {} \\;');
+        run('find . -name "*.jpg" -type f -exec brotli -f -q {{brotli_compression_level}} {} \\;');
+    });
+});
+
 $configuration = new Configuration();
 $configuration->addBuildTask('node:build:scss');
 $configuration->addBuildTask('python:venv:create');
 $configuration->addBuildTask('python:venv:requirements');
 $configuration->addBuildTask('python:build_documentation');
 $configuration->addBuildTask('python:generate_redirects');
+$configuration->addBuildTask('build:compress:brotli');
 $configuration->addDeployTask('deploy:disable_public');
 $configuration->addDeployTask('deploy:hmv_docker');
 $configuration->addDeployTask('deploy:docs_vhost:acceptance');

docs/_static/css/main.css

@@ -1,3 +1,8 @@
 .DocSearch-Button {
-    background: white;
+    background-color: #fff;
+    border-radius: 9999px;
+
+    &:hover {
+        background-color: #fff;
+    }
 }

docs/_static/scss/components/_search.scss

@@ -89,6 +89,7 @@
     })(window,document,'script','dataLayer','{{ theme_analytics_id }}');</script>
     <script src="{{ pathto('_static/js/cookieconsent.js', 1) }}" defer></script>
     <script src="{{ pathto('_static/js/cookieconsent-init.js', 1) }}" defer></script>
+    <link rel="stylesheet" href="{{ pathto('_static/cookieconsent.css', 1) }}"/>
   {%- endif %}
 
   {%- if not embedded %}
@@ -272,7 +273,7 @@
         <div class="aside-tile__content">
           <img src="https://static.hypernode.com/img/berend/logo.svg">
           <h4>Need support?</h4>
-          <p><a class="ahref-orange" href="https://www.hypernode.com/contact/#contact" target="_blank">Submit a ticket</a></p>
+          <p><a class="ahref-orange" href="https://support.hypernode.com/?ref=docs" target="_blank">Visit our Support Portal</a></p>
         </div>
       </div>
       <div class="aside-tile__container aside-tile__feedback">

docs/_templates/layout.html

@@ -71,3 +71,15 @@ You never want to accidentally delete a domain name. Because this causes many pr
 #### Cancelling Foreign Domains
 
 If you cancel a foreign domain name, Hypernode will let it expire automatically after the contract date has expired. It is therefore possible that your domain name is still available for some time after you have canceled the domain. After the domain expires, your domain may go into quarantine. In this status, only you can register the domain name again, and usually only via Hypernode. Only after the quarantine period has expired is your domain name completely free and can it be registered by everyone.
+
+### How to cancel Hypernode Insights
+
+If Insights isn’t the right fit for you right now, canceling is simple:
+
+1. Log in to your **[Control Panel](https://auth.hypernode.com/login)**.
+1. Open the **Settings** of the Hypernode where Insights is active.
+1. In the **Cancellation** section, find *Hypernode Insights* and click **Cancel Insights**.
+
+- ![Cancel Hypernode Insights Screenshot](_res/cancel-insights.png)
+
+Your cancellation will be processed automatically and will take effect on the **first day of the following month**.

docs/about-hypernode/about-hypernode/upgrade-to-debian-buster-technical-implications.md

@@ -0,0 +1,45 @@
+---
+myst:
+  html_meta:
+    description: Hypernode's policy for customers that wish to run a pentest on their
+      website
+    title: Penetration Testing Policy | Security | Hypernode
+---
+
+# Customer Pentest Policy
+
+```{important}
+This policy is for customers that wish to perform an external penetration test on their own hosting environment. For Unaffiliated third-parties that wish to test the Hypernode platform itself, we have a separate [Responsible Disclosure Policy](responsible-disclosure-policy.md).
+```
+
+At Hypernode, we support responsible security testing practices that help customers improve the safety and resilience of their hosted application, and our platform. Customers may conduct penetration tests on their own hosting environments under the following conditions and guidelines.
+
+## Scope of Testing
+
+Penetration testing is only permitted on the customer's *own* hosting space. Testing must not extend to, or affect, any other part of the platform or infrastructure managed by either Hypernode, or other Hypernode customers..
+
+## Requirements
+
+Penetration testing is allowed under the following conditions:
+
+- All pentests must be performed by a reputable, experienced, party.
+- You will [inform us](https://www.hypernode.com/en/support/) at least 72 hours ahead of time, and let us know the time, source IP(s) and target of the pentest.
+- If the pentest causes, or discovers, any server side issues, you will share the full report of the pentest with us afterwards. You will keep these findings confidential, until we've had the opportunity to assess and address the issue.
+
+We do not allow pentests that:
+
+- Rely on Social Engineering.
+- Perform Brute Force testing.
+- Test (D)DoS protection or -resilience.
+- Test Physical Security of Datacenters, Offices, etc.
+- May cause permanent damage to hardware or equipment.
+
+You may wish to add the source IP's of the pentest to the [Hypernode WAF allowlist](./../../best-practices/firewall/ftp-waf-database-allowlist.md), to prevent our automated systems from affecting the test.
+
+## Security Waivers
+
+Hypernode explicitly gives its customers permission to test their own Hypernode hosting environment. If your penetration testing partner still requires a signed waiver, please [contact us](https://www.hypernode.com/en/support/).
+
+# Hypernode's Own Pentest Policy
+
+Hypernode performs regular penetration tests of both the Hypernode hosting platform, and its internal applications like the Hypernode Control Panel. Details about these penetration tests are available for customers [upon request](https://www.hypernode.com/en/support/).