Otherwise, users pasting the whole block into their console will have the
experience of it appearing to do nothing -- running the installer will
only happen _after_ they exit the `sudo` shell.
Split the blocks into two sections, so they will be copy/pasted
separately, and thus the installer will properly be run _inside_ the
sudo shell.
Saying "10GB" often causes users to set up a VM with 10GB _total_
space, when the intended reading is that Zulip itself needs 10GB --
and the OS takes up a non-trivial amount of that already.
This needs explanation both in upgrade notes and in the main
documentation for mobile push notifications.
Co-authored-by: Prakhar Pratyush <prakhar@zulip.com>
With recent work on E2EE, instructions on sending push notifications
directly (without using the service) have become outdated. As questions
about how to do this generally come from users whose goal is
to work around the business model that supports Zulip's development,
we are dropping these instructions rather than updating them. E2EE
should eliminate other motivations for using this documentation.
The original sentence is a bit unclear it's talking about mapping to the
same user account *across time* - rather than a situation where a value
might map to multiple accounts at the same time (which should be
impossible for DNs).
Some installations will change `dn` when a user marries, and also for
Active Directory and various other LDAP providers I've checked,
there's often a better value to use.
Adds support for syncing group memberships for a user when logging in
via SAML. The list of group memberships is passed by the IdP in the
zulip_groups SAML attribute in the SAMLResponse.
This works around tus/tusd#322, which in turn is caused by
aws/aws-sdk-go-v2#1816. This requires separate authentication via
service account key.
Fixes: #34186.
This commit removes the `/try-zulip` landing page.
The URLs are replaced with `chat.zulip.org/?show_try_zulip_modal`,
which leads to display a modal for spectators.
Fixes#34181.
This generalizes from thumbnail_workers, to include any other queue.
We only additionally choose to document `email_senders_workers`,
however, since other queues are not guaranteed to work correctly with
multiple consumers.
- Restructure the introductory content to be more focused on the
overview.
- The bottom content was a stale duplicate of the bottom of the
installer page, dating from when this was a required step after
running the installer.
- Most of the longer-form sections were duplicates of sections of
either the installer page or the introductions of dedicated pages on
the topic. Remove these in favor of new entries in the popular
settings area.
- Mention storage as a popular setting to configure.
- Remove deleted Twitter integration from popular settings list.
Adds a second Zoom integration that uses the Zoom Server to Server
OAuth app process. Only one of the two Zoom integrations can be
configured on a Zulip server.
Adds a cache for the access token from the Zoom server so that it
can be used by the server to create meetings for the approximate
duration of the access token
In the web-app compose box, if the user's delivery email does not
match a user on the configured Zoom account for the server to server
integration, then a compose box error banner will be shown when the
error response is received after clicking/selecting the video or
audio call button.
Also updates the production documentation for the both types of Zoom
integration apps (Server to Server and General). The General app
process for Zoom now requires unlisted apps to go through their
review process, which we now have documented.
Fixes#33117.
In some cases, it is not possible to configure the load-balancer to
add an X-Forwarded-Proto header. If Zulip is serving its traffic over
HTTP, it will rightly error out, since it cannot guarantee that its
response will be served over an encrypted connection.
Add a new `loadbalancer.rejects_http_requests` settings which serves
as a way for the operator to swear that the load-balancer will *never*
serve responses from Zulip over an unencrypted connection. In most
cases, this is because the load-balancer is configured to have port 80
always serve an HTTP 301 redirect to the same URL over HTTPS.
Properly configuring the proxy to send `X-Forwarded-Proto` is always a
better solution than using this configuration parameter, so use of
this should be viewed as a last resort.
