diff --git a/conf/apache/maintenance/.htaccess b/conf/apache/maintenance/.htaccess
new file mode 100644
index 0000000000000000000000000000000000000000..f731745b0b4cfd7a39311b059d636273f3bcdf82
--- /dev/null
+++ b/conf/apache/maintenance/.htaccess
@@ -0,0 +1,3 @@
+SetOutputFilter SUBSTITUTE;DEFLATE
+Substitute "s/__MAINTENANCE_START__/YYYY-MM-DD HH:MM/n"
+Substitute "s/__MAINTENANCE_END__/YYYY-MM-DD HH:MM/n"
diff --git a/conf/apache/maintenance/index.html b/conf/apache/maintenance/index.html
new file mode 100644
index 0000000000000000000000000000000000000000..31906d1bbbf2250fb4378c79a3e52bc4dfa5b5e7
--- /dev/null
+++ b/conf/apache/maintenance/index.html
@@ -0,0 +1,57 @@
+<!DOCTYPE html>
+<html lang="en">
+ <head>
+ <meta charset="utf-8">
+ <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+ <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
+ <title>Mentat - Under maintenance</title>
+ </head>
+ <body>
+ <div class="container">
+ <br>
+ <div class="jumbotron">
+ <h1 class="display-4">
+ Sorry! We are under maintenance.
+ </h1>
+ <p class="lead">
+ The Mentat system is currently undergoing some maintenance. It will be up and running shortly, please try again later.
+ </p>
+ <table>
+ <tr>
+ <th>Maintenance start: </th> <td> __MAINTENANCE_START__ </td>
+ </tr>
+ <tr>
+ <th>Expected end: </th> <td> __MAINTENANCE_END__ </td>
+ </tr>
+ </table>
+ <hr class="my-4">
+ <h1 class="display-4">
+ Omlouváme se! PrávÄ› probĂhá ĂşdrĹľba.
+ </h1>
+ <p class="lead">
+ Na systĂ©mu Mentat v tuto chvĂli probĂhá plánovaná ĂşdrĹľba. Co nevidÄ›t bude opÄ›t funkÄŤnĂ, zkuste to prosĂm pozdÄ›ji.
+ </p>
+ <table>
+ <tr>
+ <th>ĂšdrĹľba zaÄŤala: </th> <td> __MAINTENANCE_START__ </td>
+ </tr>
+ <tr>
+ <th>Očekávaný konec: </th> <td> __MAINTENANCE_END__ </td>
+ </tr>
+ </table>
+ </div>
+ <div style="text-align: right; font-size: smaller;">
+ <span>
+ Mentat
+ </span> |
+ © since 2011 |
+ <a href="http://csirt.cesnet.cz">
+ CESNET-CERTS
+ </a> |
+ <a href="https://www.cesnet.cz">
+ CESNET
+ </a>
+ </div>
+ </div>
+ </body>
+</html>
diff --git a/conf/apache/site_maintenance.conf.example b/conf/apache/site_maintenance.conf.example
new file mode 100644
index 0000000000000000000000000000000000000000..70ecbe175e65eb8dd50c5570fb6949bc0c416799
--- /dev/null
+++ b/conf/apache/site_maintenance.conf.example
@@ -0,0 +1,89 @@
+#-------------------------------------------------------------------------------
+# Example APACHE web server configuration file for HAWAT maintenance site.
+#
+# This is an example configuration that can be used to inform users about undergoing
+# maintenance. Please adjust the configuration file according to your needs.
+# In most cases customization of following directives should be enough to
+# get it working properly and quickly:
+#
+# * ServerAdmin
+# * ServerName
+# * SSLCertificateFile
+# * SSLCertificateKeyFile
+# * SSLCertificateChainFile
+#
+# This file is part of Mentat system (https://mentat.cesnet.cz/).
+#
+# Copyright (C) since 2011 CESNET, z.s.p.o (http://www.ces.net/)
+# Use of this source is governed by the MIT license, see LICENSE file.
+#-------------------------------------------------------------------------------
+
+<IfModule mod_ssl.c>
+ <VirtualHost _default_:443>
+ ServerAdmin webmaster@mentat.organization.org
+ ServerName mentat.organization.org
+
+ <IfModule mod_headers.c>
+ # Enforce HTTPS protocol at all times.
+ Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+ # Deny access to content via HTML iframe.
+ Header always set X-Frame-Options DENY
+ </IfModule>
+
+ DocumentRoot /etc/mentat/apache/maintenance
+
+ <Location />
+ Require all granted
+ </Location>
+ <Directory /etc/mentat/apache/maintenance>
+ AllowOverride All
+ Require all granted
+ </Directory>
+
+ # Rewrite any URL to server root to maintenance information page.
+ RewriteEngine on
+ RewriteRule ^/mentat / [R=307]
+
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+
+ # Possible values: debug, info, notice, warn, error, crit, alert, emerg.
+ LogLevel warn
+
+ CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
+
+ SSLEngine on
+ #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+
+ # Using default self-signed server certificates
+ SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
+ SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+
+ # Using custom server certificates
+ #SSLCertificateFile /etc/ssl/servercert/cert.pem
+ #SSLCertificateKeyFile /etc/ssl/servercert/key.pem
+ #SSLCertificateChainFile /etc/ssl/servercert/chain.pem
+
+ # Enforce only strong SSL protocols. Generator as of August 2016. This
+ # tool is available at https://mozilla.github.io/server-side-tls/ssl-config-generator/
+ # Resource: https://httpd.apache.org/docs/trunk/ssl/ssl_howto.html#onlystrong
+ SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
+ SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
+ SSLHonorCipherOrder on
+ SSLCompression off
+ SSLSessionTickets off
+
+ <FilesMatch "\.(cgi|shtml|phtml|php)$">
+ SSLOptions +StdEnvVars
+ </FilesMatch>
+ <Directory /usr/lib/cgi-bin>
+ SSLOptions +StdEnvVars
+ </Directory>
+
+ BrowserMatch "MSIE [2-6]" \
+ nokeepalive ssl-unclean-shutdown \
+ downgrade-1.0 force-response-1.0
+ # MSIE 7 and newer should be able to use keepalive
+ BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+
+ </VirtualHost>
+</IfModule>
diff --git a/doc/sphinx/_doclib/upgrading.rst b/doc/sphinx/_doclib/upgrading.rst
index 8a72f379a3ef9c06e0dac9afef073607d83b240e..b9e900c67982787e776e59e9c244447ea9c23870 100644
--- a/doc/sphinx/_doclib/upgrading.rst
+++ b/doc/sphinx/_doclib/upgrading.rst
@@ -23,6 +23,15 @@ to latest version:
.. code-block:: shell
+ # Step 0: Activate maintenance mode in case the downtime will be noticable for users:
+ # First update timestamps of maintenance start and maintenance end:
+ $ vim /etc/mentat/apache/maintenance/.htaccess
+ # Now bring the Mentat system web interface down and maintenance site up:
+ $ a2enmod substitute
+ $ a2dissite site_mentat-ng.conf
+ $ a2ensite site_maintenance.conf
+ $ systemctl restart apache2
+
# Step 1: It is recommended to stop Mentat daemons and cronjobs before upgrade:
$ mentat-controller.py --command stop
$ mentat-controller.py --command disable
@@ -47,7 +56,10 @@ to latest version:
$ mentat-controller.py --command enable
# Step 7: Restart the web server that is serving web interface:
- $ service apache2 restart
+ $ a2dismod substitute
+ $ a2dissite site_maintenance.conf
+ $ a2ensite site_mentat-ng.conf
+ $ systemctl restart apache2
.. _section-upgrading-postgresql:
diff --git a/lib/mentat/__init__.py b/lib/mentat/__init__.py
index 720ce0e7b90502ca3c0884365cf36bad1fac0cbc..a19016b96737317bc2e078329b3f6e4a23ee4eca 100644
--- a/lib/mentat/__init__.py
+++ b/lib/mentat/__init__.py
@@ -20,4 +20,4 @@ open-source project.
__author__ = "Jan Mach <jan.mach@cesnet.cz>"
__credits__ = "Pavel Kácha <pavel.kacha@cesnet.cz>, Andrea Kropáčová <andrea.kropacova@cesnet.cz>"
-__version__ = "2.4.22"
+__version__ = "2.4.23"