jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

addons: stable IPv4 addresses

Browse Source 
give addons static IPv4 so one can reliably connect from outside via
SSH tunnel
This commit is contained in:
Girish Ramakrishnan
2023-02-21 12:03:58 +01:00
parent 8c59528cc2
commit 582994b9d6
6 changed files with 21 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@@ -2597,3 +2597,5 @@
* Update addons to use Ubuntu jammy * Update addons to use Ubuntu jammy
* cloudflare: add config for default value of proxied * cloudflare: add config for default value of proxied
* eventlog: keep 3 months * eventlog: keep 3 months
* services: give static IPs to internal databases

4
src/apptask.js
View File

@@ -72,9 +72,9 @@ async function allocateContainerIp(app) {
if (app.manifest.id === constants.PROXY_APP_APPSTORE_ID) return; if (app.manifest.id === constants.PROXY_APP_APPSTORE_ID) return;
await promiseRetry({ times: 10, interval: 0, debug }, async function () { await promiseRetry({ times: 10, interval: 0, debug }, async function () {
const iprange = iputils.intFromIp('172.18.20.255') - iputils.intFromIp('172.18.16.1'); const iprange = iputils.intFromIp(constants.APPS_IPv4_END) - iputils.intFromIp(constants.APPS_IPv4_START);
let rnd = Math.floor(Math.random() * iprange); let rnd = Math.floor(Math.random() * iprange);
const containerIp = iputils.ipFromInt(iputils.intFromIp('172.18.16.1') + rnd); const containerIp = iputils.ipFromInt(iputils.intFromIp(constants.APPS_IPv4_START) + rnd);
await updateApp(app, { containerIp }); await updateApp(app, { containerIp });
}); });
} }

11
src/constants.js
View File

@@ -31,6 +31,17 @@ exports = module.exports = {
DOCKER_PROXY_PORT: 3003, DOCKER_PROXY_PORT: 3003,
USER_DIRECTORY_LDAPS_PORT: 3004, // user directory LDAP with TLS rerouting in iptables, public port is 636 USER_DIRECTORY_LDAPS_PORT: 3004, // user directory LDAP with TLS rerouting in iptables, public port is 636
// docker IPs
DOCKER_IPv4_SUBNET: '172.18.0.0/16',
DOCKER_IPv4_RANGE: '172.18.0.0/20',
DOCKER_IPv4_GATEWAY: '172.18.0.1',
APPS_IPv4_START: '172.18.16.1',
APPS_IPv4_END: '172.18.20.255',
// these are hardcoded to allow connections from outside. this is not in "172.18.0.xx" since docker starts allocating from there
MYSQL_SERVICE_IPv4: '172.18.30.1',
POSTGRESQL_SERVICE_IPv4: '172.18.30.2',
MONGODB_SERVICE_IPv4: '172.18.30.3',
NGINX_DEFAULT_CONFIG_FILE_NAME: 'default.conf', NGINX_DEFAULT_CONFIG_FILE_NAME: 'default.conf',
DEFAULT_TOKEN_EXPIRATION_MSECS: 365 * 24 * 60 * 60 * 1000, // 1 year DEFAULT_TOKEN_EXPIRATION_MSECS: 365 * 24 * 60 * 60 * 1000, // 1 year

2
src/infra_version.js
View File

@@ -6,7 +6,7 @@
exports = module.exports = { exports = module.exports = {
// a version change recreates all containers with latest docker config // a version change recreates all containers with latest docker config
'version': '49.4.0', 'version': '49.5.0',
'baseImages': [ 'baseImages': [
{ repo: 'cloudron/base', tag: 'cloudron/base:4.0.0@sha256:31b195ed0662bdb06a6e8a5ddbedb6f191ce92e8bee04c03fb02dd4e9d0286df' } { repo: 'cloudron/base', tag: 'cloudron/base:4.0.0@sha256:31b195ed0662bdb06a6e8a5ddbedb6f191ce92e8bee04c03fb02dd4e9d0286df' }

3
src/platform.js
View File

@@ -11,6 +11,7 @@ const apps = require('./apps.js'),
assert = require('assert'), assert = require('assert'),
AuditSource = require('./auditsource.js'), AuditSource = require('./auditsource.js'),
BoxError = require('./boxerror.js'), BoxError = require('./boxerror.js'),
constants = require('./constants.js'),
debug = require('debug')('box:platform'), debug = require('debug')('box:platform'),
delay = require('./delay.js'), delay = require('./delay.js'),
fs = require('fs'), fs = require('fs'),
@@ -128,7 +129,7 @@ async function createDockerNetwork() {
await shell.promises.exec('createDockerNetwork', 'docker network rm cloudron || true'); await shell.promises.exec('createDockerNetwork', 'docker network rm cloudron || true');
// the --ipv6 option will work even in ipv6 is disabled. fd00 is IPv6 ULA // the --ipv6 option will work even in ipv6 is disabled. fd00 is IPv6 ULA
await shell.promises.exec('createDockerNetwork', 'docker network create --subnet=172.18.0.0/16 --ip-range=172.18.0.0/20 --gateway 172.18.0.1 --ipv6 --subnet=fd00:c107:d509::/64 cloudron'); await shell.promises.exec('createDockerNetwork', `docker network create --subnet=${constants.DOCKER_IPv4_SUBNET} --ip-range=${constants.DOCKER_IPv4_RANGE} --gateway ${constants.DOCKER_IPv4_GATEWAY} --ipv6 --subnet=fd00:c107:d509::/64 cloudron`);
} }
async function removeAllContainers() { async function removeAllContainers() {

3
src/services.js
View File

@@ -1134,6 +1134,7 @@ async function startMysql(existingInfra) {
--log-opt tag=mysql \ --log-opt tag=mysql \
--dns 172.18.0.1 \ --dns 172.18.0.1 \
--dns-search=. \ --dns-search=. \
--ip ${constants.MYSQL_SERVICE_IPv4} \
-e CLOUDRON_MYSQL_TOKEN=${cloudronToken} \ -e CLOUDRON_MYSQL_TOKEN=${cloudronToken} \
-e CLOUDRON_MYSQL_ROOT_HOST=172.18.0.1 \ -e CLOUDRON_MYSQL_ROOT_HOST=172.18.0.1 \
-e CLOUDRON_MYSQL_ROOT_PASSWORD=${rootPassword} \ -e CLOUDRON_MYSQL_ROOT_PASSWORD=${rootPassword} \
@@ -1351,6 +1352,7 @@ async function startPostgresql(existingInfra) {
--log-opt tag=postgresql \ --log-opt tag=postgresql \
--dns 172.18.0.1 \ --dns 172.18.0.1 \
--dns-search=. \ --dns-search=. \
--ip ${constants.POSTGRESQL_SERVICE_IPv4} \
--shm-size=128M \ --shm-size=128M \
-e CLOUDRON_POSTGRESQL_ROOT_PASSWORD="${rootPassword}" \ -e CLOUDRON_POSTGRESQL_ROOT_PASSWORD="${rootPassword}" \
-e CLOUDRON_POSTGRESQL_TOKEN="${cloudronToken}" \ -e CLOUDRON_POSTGRESQL_TOKEN="${cloudronToken}" \
@@ -1494,6 +1496,7 @@ async function startMongodb(existingInfra) {
--log-opt tag=mongodb \ --log-opt tag=mongodb \
--dns 172.18.0.1 \ --dns 172.18.0.1 \
--dns-search=. \ --dns-search=. \
--ip ${constants.MONGODB_SERVICE_IPv4} \
-e CLOUDRON_MONGODB_ROOT_PASSWORD="${rootPassword}" \ -e CLOUDRON_MONGODB_ROOT_PASSWORD="${rootPassword}" \
-e CLOUDRON_MONGODB_TOKEN="${cloudronToken}" \ -e CLOUDRON_MONGODB_TOKEN="${cloudronToken}" \
-v "${dataDir}/mongodb:/var/lib/mongodb" \ -v "${dataDir}/mongodb:/var/lib/mongodb" \