diff --git a/box.js b/box.js index e67dca4ec..7a3986f8f 100755 --- a/box.js +++ b/box.js @@ -2,8 +2,7 @@ 'use strict'; -const dockerProxy = require('./src/dockerproxy.js'), - fs = require('fs'), +const fs = require('fs'), ldap = require('./src/ldap.js'), paths = require('./src/paths.js'), proxyAuth = require('./src/proxyauth.js'), @@ -38,7 +37,6 @@ async function startServers() { await server.start(); // do this first since it also inits the database await proxyAuth.start(); await ldap.start(); - await dockerProxy.start(); const conf = await settings.getUserDirectoryConfig(); if (conf.enabled) await userdirectory.start(); @@ -59,7 +57,6 @@ async function main() { await server.stop(); await userdirectory.stop(); await ldap.stop(); - await dockerProxy.stop(); setTimeout(process.exit.bind(process), 3000); }); @@ -70,7 +67,6 @@ async function main() { await server.stop(); await userdirectory.stop(); await ldap.stop(); - await dockerProxy.stop(); setTimeout(process.exit.bind(process), 3000); }); diff --git a/setup/start.sh b/setup/start.sh index 6bf04dcb6..e7be5199f 100755 --- a/setup/start.sh +++ b/setup/start.sh @@ -37,8 +37,6 @@ systemctl enable apparmor systemctl restart apparmor usermod ${USER} -a -G docker -# unbound (which starts after box code) relies on this interface to exist. dockerproxy also relies on this. -docker network create --subnet=172.18.0.0/16 --ip-range=172.18.0.0/20 --gateway 172.18.0.1 cloudron || true mkdir -p "${BOX_DATA_DIR}" mkdir -p "${APPS_DATA_DIR}" diff --git a/src/cloudron.js b/src/cloudron.js index 308108692..ae5babed2 100644 --- a/src/cloudron.js +++ b/src/cloudron.js @@ -34,6 +34,7 @@ const apps = require('./apps.js'), debug = require('debug')('box:cloudron'), delay = require('delay'), dns = require('./dns.js'), + dockerProxy = require('./dockerproxy.js'), domains = require('./domains.js'), eventlog = require('./eventlog.js'), fs = require('fs'), @@ -63,6 +64,7 @@ async function initialize() { async function uninitialize() { await cron.stopJobs(); + await dockerProxy.stop(); await platform.stopAllTasks(); } @@ -76,6 +78,7 @@ async function onActivated(options) { // 2. the restore code path can run without sudo (since mail/ is non-root) await platform.start(options); await cron.startJobs(); + await dockerProxy.start(); // this relies on the 'cloudron' docker network interface to be available // disable responding to api calls via IP to not leak domain info. this is carefully placed as the last item, so it buys // the UI some time to query the dashboard domain in the restore code path diff --git a/src/platform.js b/src/platform.js index 8775e42e3..2d22cf425 100644 --- a/src/platform.js +++ b/src/platform.js @@ -53,6 +53,7 @@ async function start(options) { try { if (existingInfra.version !== infra.version) await removeAllContainers(); if (existingInfra.version === 'none') await volumes.mountAll(); // when restoring, mount all volumes + await createDockerNetwork(); await markApps(existingInfra, options); // mark app state before we start addons. this gives the db import logic a chance to mark an app as errored await services.startServices(existingInfra); await fs.promises.writeFile(paths.INFRA_VERSION_FILE, JSON.stringify(infra, null, 4)); @@ -111,6 +112,13 @@ async function pruneInfraImages() { } } +async function createDockerNetwork() { + debug('createDockerNetwork: recreating docker network'); + + await shell.promises.exec('createDockerNetwork', 'docker network rm cloudron'); + await shell.promises.exec('createDockerNetwork', 'docker network create --subnet=172.18.0.0/16 --ip-range=172.18.0.0/20 --gateway 172.18.0.1 cloudron'); +} + async function removeAllContainers() { debug('removeAllContainers: removing all containers for infra upgrade');