Merge branch 'master' into make-use-of-latest-hypernode-deploy-image-in-docs

Author: poespas

README.md

@@ -2,14 +2,14 @@
 
 ## Generating new docs
 
-``` bash
+```bash
 DOC_URL=https://support.hypernode.com/en/ecommerce/magento-1/how-to-enable-mysql-query-logging-for-magento-1-x
 bin/download_doc --output-dir=docs/ecommerce-applications $DOC_URL
 ```
 
 ## Setting up the project
 
-``` bash
+```bash
 mkvirtualenv hypernode-docs-next
 echo "export PYTHONPATH=$(pwd)" >> $VIRTUAL_ENV/bin/postactivate
 workon hypernode-docs-next
@@ -19,33 +19,38 @@ pre-commit install
 
 ## Building the docs
 
-``` bash
+```bash
 bin/build_docs
 ```
 
 ## Serving the docs
 
-``` bash
+```bash
 bin/serve_docs
 ```
+
 ## Setup Frontend step by step
+
 ```
 clone the repository
 pip install -r requirements/development.txt
 bin/build_docs
 bin/serve_docs
 ```
+
 in another terminal run
-``` bin/watch ```
+`bin/watch`
 
 open localhost and now you can make changes in style and refresh the page without rebuilding
 
 when you're working on scss to compile it automatically run
+
 ```
 npx sass --watch docs/_static/scss:docs/_static/css
 ```
 
 or as a production build:
+
 ```
 npx sass --style compressed --no-source-map docs/_static/scss:docs/_static/css
 ```
@@ -57,6 +62,7 @@ Deploys automatically after merging branchers to master.
 ### Deploy with Hypernode Deploy
 
 To deploy to a local Hypernode Docker environment:
+
 ```
 $ docker pull docker.hypernode.com/byteinternet/hypernode-buster-docker:latest
 $ docker run docker.hypernode.com/byteinternet/hypernode-buster-docker:latest
@@ -66,6 +72,7 @@ $ # Note the IP address, it should be 172.17.0.2 (otherwise refer to deploy.php)
 Next make sure your `~/.ssh/yourdeploykey` equivalent can log in to the Docker host (172.17.0.2) as the app user. You can add it to the `/data/web/.ssh/authorized_keys` file on in the instance manually.
 
 Then deploy to your local Hypernode Docker:
+
 ```
 docker run --rm -it --env SSH_PRIVATE_KEY="$(cat ~/.ssh/yourdeploykey | base64)" -v ${PWD}:/build quay.io/hypernode/deploy:latest hypernode-deploy build -vvv  # First build the artifact
 docker run --rm -it --env SSH_PRIVATE_KEY="$(cat ~/.ssh/yourdeploykey | base64)" -v ${PWD}:/build quay.io/hypernode/deploy:latest hypernode-deploy deploy docker -vvv  # Then perform the deploy
@@ -74,6 +81,7 @@ docker run --rm -it --env SSH_PRIVATE_KEY="$(cat ~/.ssh/yourdeploykey | base64)"
 ## Building the manpage deb
 
 The docs are also packaged as a debian package named `hndocsnext` so that on a Hypernode you can run `man hypernode` (or `hypernode-manual`) and page through a `manpage` version of the Hypernode docs. To build that debian package on a Debian machine you can run these commands:
+
 ```
 # First create the cow environment
 export ARCH=amd64
@@ -91,16 +99,19 @@ gbp buildpackage --git-pbuilder --git-dist=$DIST --git-arch=$ARCH --git-ignore-b
 ```
 
 Then after building the Deb you could install it with dpkg. For example:
+
 ```
 dpkg -i ../hndocsnext_20230121.173551_all.deb
 ```
 
 And test it out with:
+
 ```
 man hypernode
 ```
 
 To inspect the contents of the deb archive you can run:
+
 ```
 # dpkg -L hndocsnext
 /.

docs/_templates/layout.html

@@ -279,13 +279,13 @@ <h4>Need support?</h4>
       <div class="aside-tile__container aside-tile__feedback">
         <div class="aside-tile__content">
           <img src="https://static.hypernode.com/img/icons-multi-color/chat-bot.svg">
-          <h4>Join our<br>Feedback Group</h4>
+          <h4>Join our<br>Beta Test Group</h4>
           <ul class="aside-tile__feedback-list">
             <li><i class="fa fa-check-circle"></i>Experience new features first</li>
-            <li><i class="fa fa-check-circle"></i>Get a gift after each session</li>
+            <li><i class="fa fa-check-circle"></i>Get swag & giveaways</li>
             <li><i class="fa fa-check-circle"></i>Join product decision making</li>
           </ul>
-          <p><a class="ahref-orange" href="https://forms.gle/ocQjMzhghMkUzkB19" target="_blank">read more</a></p>
+          <p><a class="ahref-orange" href="https://www.hypernode.com/en/join-feedback-group/" target="_blank">Read more</a></p>
         </div>
       </div>
     </aside>

docs/about-hypernode/billing/how-to-choose-and-order-a-hypernode-plan.md

@@ -68,8 +68,6 @@ DigitalOcean and Amazon both have data centers all over the world.
 
 You can order a Hypernode plan via our [order page](https://www.hypernode.com/magento-cloud-hosting/#plans). The Control Panel is our default panel, which means all new Hypernode plans and trials will be booted in the Control Panel.
 
-**Please note:** if you are a Service Panel user (i.e. you use the Dutch panel), please order your new plans directly via [this page in the Service Panel](https://service.byte.nl/planinfo/order-selection/). This is to prevent plans from being booted in the wrong system.
-
 ## Tips For Ordering a Hypernode
 
 - Choose a logical name. IE: If your site is example.com, order example.hypernode.com

docs/about-hypernode/security-policies/one-of-your-magento-extensions-is-vulnerable.md

@@ -22,7 +22,7 @@ This can include creditcard theft, sending email spam in your name, stealing cus
 
 ## Special attention to online credit card theft
 
-A hot topic over the past few years are digital skimmers. A hacker group (also know as Magecart) use code inserted into websites to steal credit card details. As of October 2018 more than 20 extensions have been abused by hackers. Details can be found[in this blog explaining the attack method PHP Object Injection (POI)](https://sansec.io/labs/2018/10/23/magecart-extension-0days/). Former Hypernode owner Willem will update the list of vulnerable extensions regularly.
+A hot topic over the past few years are digital skimmers. A hacker group (also know as Magecart) use code inserted into websites to steal credit card details. As of October 2018 more than 20 extensions have been abused by hackers. Details can be found [in this blog explaining the attack method PHP Object Injection (POI)](https://sansec.io/labs/2018/10/23/magecart-extension-0days/). Former Hypernode owner Willem will update the list of vulnerable extensions regularly.
 
 ## How do I fix it?
 

docs/about-hypernode/security-policies/security-hall-of-fame.md

@@ -29,7 +29,7 @@ We would like to thank the following individuals and/or organizations, who have
 | [Pethuraj M](https://www.pethuraj.com/)                                                                                                                                                                 | 1 July 2020       | Reported a flaw in our password reset flow                                                             |
 | [Miguel Santareno](https://www.linkedin.com/in/miguelsantareno/)                                                                                                                                        | 14 May 2020       | Reported information leakage from marketing sites.                                                     |
 | [Gaurav Kumar](https://www.facebook.com/drago4344) and [Shivam Dattana](https://www.facebook.com/profile.php?id=100010397858328) / [Team Bugmania](https://www.openbugbounty.org/researchers/bugmania/) | 28 September 2019 | Reported a Cross site scripting (XSS) on magereport.com.                                               |
-| [Mike de Landgraaf](https://www.linkedin.com/in/mdelandgraaf/) / [MDL Online](https://mdlonline.com/)                                                                                                   | 21 March 2019     | Reported a misconfiguration that allowed user impersonation on Hypernode hosted webshops.              |
+| [Mike de Landgraaf](https://www.linkedin.com/in/mdelandgraaf/) / MDL Online                                                                                                                             | 21 March 2019     | Reported a misconfiguration that allowed user impersonation on Hypernode hosted webshops.              |
 | [Maksym Bendeberia](https://www.linkedin.com/in/jogspokoen/) / [WebSafety Ninja](https://websafety.ninja/)                                                                                              | 12 March 2019     | Reported information leakage from an internal deployment server.                                       |
 | [Jan Piet van Dijk](https://www.linkedin.com/in/janpietvandijk/) / [Interwijs B.V.](https://www.interwijs.nl/)                                                                                          | 28 August 2018    | Reported a privilege escalation on Hypernode, leading to a local root exploit.                         |
 | [Wijnand Wieskamp](https://www.linkedin.com/in/wijnand-wieskamp-8a784313/) / [Crystalsoft B.V.](https://www.crystalsoft.nl/)                                                                            | 1 June 2018       | Reported a misconfiguration that allowed a Hypernode’s preconfigured security settings to be bypassed. |

docs/about-hypernode/support/how-to-handle-os-and-room-change-upgrade.md

@@ -0,0 +1,183 @@
+---
+myst:
+  html_meta:
+    description: Learn how our Xgrade process work and how to make sure your Hypernode
+      is ready for the Debian Bookworm upgrade
+    title: How does the Xgrade process works
+---
+
+# What is the Xgrade process of Hypernode?
+
+An Xgrade is an automated process that allows your server to be upgraded or downgraded without any manual actions. Additionally, an Xgrade enables migration to one of our other providers.
+
+## How does an Xgrade to Debian Bookworm or R405 work, and does it involve downtime?
+
+An Xgrade to Debian Bookworm or R405 (which can be performed together) is carried out by our automation. Below are the relevant steps in the process:
+
+1. Ensure a new Hypernode is created.
+1. Configure the new Hypernode (Operating system, MySQL, PHP, Varnish, etc.).
+1. Synchronize data (everything within the "/" and "/data" partition).
+1. Stop all services on the current Hypernode.
+1. Synchronize any new data that has been written.
+1. Perform checks to ensure all processes are complete.
+1. Send a "Hypernode migrated" event.
+1. Destroy the old Hypernode.
+
+As you can see, a completely new Hypernode is created with the correct configurations, whether for a Debian Bookworm or an R405 Xgrade. The first synchronization of data will then take place. The duration of this synchronization depends on the amount and type of data. Typically, we calculate about 1 GB per minute, but this may vary.
+
+At a certain point, all services will be stopped to prevent new orders from being placed and to ensure no data is lost. A second synchronization will then take place to transfer any newly written data. After this, our automation will conduct various checks before finalizing the migration to Debian Bookworm or R405 (or a combination of both).
+
+## What should be checked or adjusted before the Xgrade? (e.g., Node.js and TLS configuration)
+
+### Nodejs
+
+Before scheduling a Xgrade to Debian Bookworm/R405, you must check which Node.js version you are using. This is necessary because Node.js versions 6 and 10 are no longer supported on the new operating system. Standard Magento 2 does not make use of Nodejs, but if you use another CMS or have custom scripts that require them, you may need to update your setup.
+
+You can check your Node.js version in two ways; within the Control Panel, Or through the CLI:
+Within the Control Panel: Navigate to Settings → Development.
+
+```
+app@uaifqk-hnvandijk-magweb-cmbl:~$ hypernode-systemctl settings nodejs_version
+nodejs_version is set to value 16
+```
+
+If necessary, you can update Node.js by following these steps:
+
+```
+app@uaifqk-hnvandijk-magweb-cmbl:~$ hypernode-systemctl settings nodejs_version 16
+Operation was successful and is being processed. Please allow a few minutes for the settings to be applied. Run 'livelog' to see the progress.
+```
+
+### TLS configuration
+
+With the upgrade to Debian Bookworm, the TLS configurations will also change. We have chosen to phase out outdated TLS versions 1.0 and 1.1. Additionally, the "modern" TLS configuration will now only support TLS 1.3.
+
+Below are the TLS configurations for Debian Buster:
+
+Intermediate TLS configuration:
+
+```
+# intermediate configuration
+# nginx 1.16.1 | intermediate profile | OpenSSL 1.1.1d
+# Oldest compatible clients: Firefox 27, Android 4.4.2, Chrome 31, Edge 12, IE 11 (Win7), Java 8u31, OpenSSL 1.0.1, Opera 20, Safari 9
+# https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29
+ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
+ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;
+ssl_prefer_server_ciphers on;
+# Diffie-Hellman parameter for DHE ciphersuites
+ssl_dhparam /etc/nginx/dhparams.pem;
+
+ssl_stapling on;
+ssl_stapling_verify on;
+```
+
+Modern TLS configuration:
+
+```
+# intermediate configuration
+# nginx 1.22.1 | intermediate profile | OpenSSL 3.0.11
+# Oldest compatible clients: Firefox 27, Android 4.4.2, Chrome 31, Edge, IE 11 on Windows 7, Java 8u31, OpenSSL 1.0.1, Opera 20, and Safari 9
+# https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
+ssl_prefer_server_ciphers off;
+# Diffie-Hellman parameter for DHE ciphersuites
+ssl_dhparam /etc/nginx/dhparams.pem;
+
+ssl_stapling on;
+ssl_stapling_verify on;
+```
+
+And here are the new TLS configurations for Debian Bookworm:
+
+Intermediate TLS configuration:
+
+```
+# intermediate configuration
+# nginx 1.22.1 | intermediate profile | OpenSSL 3.0.11
+# Oldest compatible clients: Firefox 27, Android 4.4.2, Chrome 31, Edge, IE 11 on Windows 7, Java 8u31, OpenSSL 1.0.1, Opera 20, and Safari 9
+# https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
+ssl_prefer_server_ciphers off;
+# Diffie-Hellman parameter for DHE ciphersuites
+ssl_dhparam /etc/nginx/dhparams.pem;
+
+ssl_stapling on;
+ssl_stapling_verify on;
+```
+
+Modern TLS configuration:
+
+```
+# modern configuration
+# nginx 1.22.1 | modern profile | OpenSSL 3.0.11
+# Oldest compatible clients: Firefox 63, Android 10.0, Chrome 70, Edge 75, Java 11, OpenSSL 1.1.1, Opera 57, and Safari 12.1
+# https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
+ssl_protocols TLSv1.3;
+ssl_prefer_server_ciphers off;
+ssl_stapling on;
+ssl_stapling_verify on;
+```
+
+If you need to adjust the TLS configuration, you can do so using the "Hypernode-manage-vhost" command.
+
+```
+hmv hnvandijk.nl --ssl-config modern
+```
+
+Please see the actual `--ssl-config` flag:
+
+```
+  --ssl-config {modern,intermediate}
+                        Use the given Mozilla SSL standard config
+```
+
+Additionally, you may need to modify the Modern_ssl_config using "hypernode-systemctl".
+
+```
+app@uaifqk-hnvandijk-magweb-cmbl:~$ hypernode-systemctl settings modern_ssl_config_enabled
+false  true
+```
+
+# What needs to be adjusted after the Xgrade? When can it be performed? (IP changes)
+
+If you choose to Xgrade to R405, you will receive a new IP address from our automation system. You must update this IP address in the DNS settings for both the non-www and www records of your domain. This information will be sent to the email address associated with the Hypernode owner.
+
+My domain is at Hypernode, can we automate this? Yes, you can enable the "Synchronize DNS" option in our DNS manager. Our automation will update the DNS settings for you after the Xgrade.
+
+We make use of Cloudflare, would we be able to "automate" this proces? Sure! You can enable CNAME Flattening, which ensures that both the non-www and www records point to the Hypernode hostname. For example:
+
+## Non-www
+
+```
+CNAME hnvandijk.nl ---> hnvandijk.hypernode.io
+```
+
+## www
+
+```
+CNAME www.hnvandijk.nl ---> hnvandijk.hypernode.io
+```
+
+We can schedule the Xgrade at a time that suits you! However, we can only provide the new IP address in advance if the Xgrade is performed during our standard working hours (09:00–18:00).
+
+## I have a dedicated machine instead of a cloud environment. What does this mean?
+
+If you have a dedicated machine and need an OS upgrade, you will be migrated to a different machine. This means you will receive a new IP address. The new machine will be set up at the TBBM data center, and we can only provide the new IP address during our standard working hours.
+
+The OS upgrade process itself is the same as for a cloud environment.
+
+## Additional Questions
+
+- An Xgrade to R405 does not incur additional costs, you will not be charged extra.
+
+- An Xgrade from Hetzner to TBBM also incurs no extra costs, you will not be charged extra.
+
+## More Information
+
+https://changelog.hypernode.com/release-9961-akeneo-7-0-is-now-available-on-the-platform/
+
+https://changelog.hypernode.com/release-9956-hypernode-on-debian-bookworm/
+
+https://changelog.hypernode.com/sunsetting-node-js-versions-6-and-10/

docs/best-practices/performance/how-to-improve-your-magento-search.md

@@ -25,7 +25,7 @@ Another alternative is Sphinx Search. Sphinx is an open source search engine tha
 
 ## ElasticSearch
 
-While previously it was already possible to use ElasticSearch with your Hypernode by connecting to an external search provider, we have now made it possible to use ElasticSearch for search in your shop out of the box on Hypernode without requiring any external service or configuration. In[this article](../../hypernode-platform/tools/how-to-use-elasticsearch-on-hypernode.md) we’ll explain a bit more about ElasticSearch and how to enable and configure it.
+While previously it was already possible to use ElasticSearch with your Hypernode by connecting to an external search provider, we have now made it possible to use ElasticSearch for search in your shop out of the box on Hypernode without requiring any external service or configuration. In [this article](../../hypernode-platform/tools/how-to-use-elasticsearch-on-hypernode.md) we’ll explain a bit more about ElasticSearch and how to enable and configure it.
 
 Please note that due to the relatively heavy resource requirements for ElasticSearch this feature can only be enabled on every plan except the formerly known Grow plan. If you are on a smaller plan and previously already depended on an external paid ElasticSearch provider now might be a good time to consider simplifying your setup.
 
@@ -34,7 +34,6 @@ Please note that due to the relatively heavy resource requirements for ElasticSe
 If you are on a lower plan, you’ll need to either upgrade, or make use of an external search provider. There a several companies you can choose for a monthly subscription:
 
 - [Bonsai.io](https://bonsai.io/)
-- [Qbox.io](https://qbox.io/)
 - [Elastic.co](https://www.elastic.co/cloud/as-a-service)
 
 **If you choose Bonsai, we have made a special deal with Bonsai. Please send a mail to support@hypernode.com for a discount code.**