jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
11,430 Commits 33 Branches 583 Tags
06cbea11ace5d2d634857d915311a9223afd9e55
Commit Graph

230 Commits

Author SHA1 Message Date
Girish Ramakrishnan
89127e1df7 reverseproxy: rework cert logic 
9c8f78a059 already fixed many of the cert issues.

However, some issues were caught in the CI:

* The TLS addon has to be rebuilt and not just restarted. For this reason, we now
  move things to a directory instead of mounting files. This way the container is just restarted.

* Cleanups must be driven by the database and not the filesystem . Deleting files on disk or after a restore,
  the certs are left dangling forever in the db.

* Separate the db cert logic and disk cert logic. This way we can sync as many times as we want and whenever we want.
 2022-11-29 11:07:23 +01:00
Girish Ramakrishnan
549cb92ce7 return swap listing in the disk route 2022-11-04 15:25:12 +01:00
Girish Ramakrishnan
2f946de775 make cache folders always writable 2022-10-24 23:58:20 +02:00
Girish Ramakrishnan
d8eb8d23bb manifest: add runtimeDirs 2022-10-24 22:34:06 +02:00
Girish Ramakrishnan
760301ce02 Add docker.df 2022-10-11 23:06:51 +02:00
Girish Ramakrishnan
0250661402 Revert spurious change 2022-09-14 17:59:44 +02:00
Johannes Zellner
bead9589a1 Move app graphs graphite query to backend 2022-09-14 14:39:28 +02:00
Girish Ramakrishnan
d33fd7b886 do not use bundle terminology 
apparently, bundle is also like a cert chain
 2022-07-14 12:39:41 +05:30
Girish Ramakrishnan
6c67f13d90 Use bind mount instead of volume 
see also c76b211ce0
 2022-06-06 15:59:59 -07:00
Girish Ramakrishnan
c76b211ce0 localstorage: remove usage of docker volumes 
just move bind mounts. the initial idea was to use docker volume backends
but we have no plans for this. in addition, usage of volumes means that
files get copied from the image and into volume on first run which is
not desired. people are putting /app/data stuff into images which ideally
should break.
 2022-06-02 11:09:27 -07:00
Girish Ramakrishnan
d366f3107d net_admin: enable IPv6 forwarding in the container 2022-05-19 17:10:05 -07:00
Girish Ramakrishnan
b5c2a0ff44 exec: rework API to get exit code 2022-05-16 11:23:58 -07:00
Girish Ramakrishnan
765f6d1b12 Revert "proxyAuth: use default fallback icon when no appstore icon or custom icon" 
This reverts commit 045c3917c9.

This was committed by mistake, not sure how. 3d28833c35 is the commit
that fixes this issue.
 2022-04-28 17:05:46 -07:00
Girish Ramakrishnan
045c3917c9 proxyAuth: use default fallback icon when no appstore icon or custom icon 2022-04-28 10:48:25 +02:00
Girish Ramakrishnan
43f86674b4 Remove delay module 2022-04-15 07:52:35 -05:00
Girish Ramakrishnan
05d7a7f496 constness 2022-04-14 17:50:41 -05:00
Girish Ramakrishnan
144e98abab image name cannot start with '/' 
https://forum.cloudron.io/topic/6689/cannot-uninstall-custom-app
https://stackoverflow.com/questions/43091075/docker-restrictions-regarding-naming-image
 2022-03-24 10:03:40 -07:00
Girish Ramakrishnan
e0e0c049c8 add link to upstream issue 2022-03-23 09:52:17 -07:00
Girish Ramakrishnan
af42008fd3 Enable IPv6 on new interfaces with net_admin cap 2022-03-12 09:14:37 -08:00
Girish Ramakrishnan
c100be4131 dns: filter out link local addresses 
Unlike IPv4, IPv6 requires a link-local address on every network interface on which the IPv6 protocol is enabled, even when routable addresses are also assigned
 2022-03-01 12:13:59 -08:00
Girish Ramakrishnan
6f7bede7bd listen on ipv6 as well for port 53 2022-02-17 11:56:08 -08:00
Girish Ramakrishnan
ca83deb761 Docker IPv6 support 
Docker's initial IPv6 support is based on allocating public IPv6 to containers.
This approach has many issues:
* The server may not get a block of IPv6 assigned to it
* It's complicated to allocate a block of IPv6 to cloudron server on home setups
* It's unclear how dynamic IPv6 is. If it's dynamic, then should containers be recreated?
* DNS setup is complicated
* Not a issue for Cloudron itself, but with -P, it just exposed the full container into the world

Given these issues, IPv6 NAT is being considered. Even though NAT is not a security mechanism as such,
it does offer benefits that we care about:
* We can allocate some private IPv6 to containers
* Have docker NAT66 the exposed ports
* Works similar to IPv4

Currently, the IPv6 ports are always mapped and exposed. The "Enable IPv6" config option is only whether
to automate AAAA records or not. This way, user can enable it and 'sync' dns and we don't need to
re-create containers etc. There is no inherent benefit is not exposing IPv6 at all everywhere unless we find
it unstable.

Fixes #264
 2022-02-09 23:54:53 -08:00
Girish Ramakrishnan
964c1a5f5a remove field from errors 
we have standardized on indexOf in error.message by now
 2022-02-07 13:44:29 -08:00
Girish Ramakrishnan
43759061a4 set secondaryDomains environment variables 
part of #809
 2022-01-21 11:35:01 -08:00
Girish Ramakrishnan
3d57b2b47c docker: loop through the ip net addr output 
all of a sudden, my linux box has the actual address in [1].

ip -f inet -j addr show wlp2s0

[{
        "addr_info": [{}]
    },{
        "ifindex": 3,
        "ifname": "wlp2s0",
        "flags": ["BROADCAST","MULTICAST","UP","LOWER_UP"],
        "mtu": 1500,
        "qdisc": "mq",
        "operstate": "UP",
        "group": "default",
        "txqlen": 1000,
        "addr_info": [{
                "family": "inet",
                "local": "192.168.1.8",
                "prefixlen": 24,
                "broadcast": "192.168.1.255",
                "scope": "global",
                "dynamic": true,
                "noprefixroute": true,
                "label": "wlp2s0",
                "valid_life_time": 78146,
                "preferred_life_time": 78146
            }]
    },{
        "addr_info": [{}]
    },{
        "addr_info": [{}]
    }
]
 2021-12-22 16:48:00 -08:00
Girish Ramakrishnan
683ac9b16e remove support for manifest version 1 
this is long untested by now
 2021-12-06 17:44:09 -08:00
Girish Ramakrishnan
7413ccd22e Fix some more crashes 2021-08-26 21:29:40 -07:00
Girish Ramakrishnan
f5c169f881 Fix service status 2021-08-26 21:18:20 -07:00
Girish Ramakrishnan
42774eac8c docker.js and services.js: async'ify 2021-08-26 18:23:31 -07:00
Girish Ramakrishnan
62eb4ab90e Fix addon crash 
getAddonConfigByName returns null now when not found
 2021-08-22 15:41:42 -07:00
Girish Ramakrishnan
a4b5219706 more removal of unused functions 2021-08-20 09:11:38 -07:00
Girish Ramakrishnan
c5fff756d1 move addon config db code to addonconfigs.js 2021-08-19 22:08:31 -07:00
Girish Ramakrishnan
411cc7daa1 merge settingsdb into settings code 2021-08-19 17:45:40 -07:00
Girish Ramakrishnan
4cd5137292 mailer: fix error handling 
previous mailer code has no callback and thus no way to pass back errors.
now with asyncification it passes back the error
 2021-08-19 12:40:53 -07:00
Girish Ramakrishnan
5dd6f85025 reverseproxy: async'ify 2021-08-17 14:34:55 -07:00
Girish Ramakrishnan
1e665b6323 Use the addresses of all available interfaces 
See https://forum.cloudron.io/topic/5481/special-treatment-of-port-53-does-not-work-in-all-cases
 2021-08-10 22:20:35 -07:00
Girish Ramakrishnan
fa81491bf3 Fix uninstall of apps with bad docker images names 
Some day we can implement https://github.com/distribution/distribution/blob/main/reference/regexp.go
 2021-06-16 11:55:23 -07:00
Girish Ramakrishnan
938b88d61b Fix crash 2021-05-13 22:52:41 -07:00
Girish Ramakrishnan
fc52cd7e0c volumes: async'ify 2021-05-12 11:46:04 -07:00
Girish Ramakrishnan
44ac406e57 admin -> dashboard 2021-05-05 12:29:04 -07:00
Girish Ramakrishnan
7f6a0555b2 store custom app certificates in subdomains table 
the REST route and model code is still ununsed as before since there
is no way to set the certs from the UI.
 2021-05-05 10:58:20 -07:00
Girish Ramakrishnan
199eda82d1 Use Array.isArray instead 2021-05-02 11:26:47 -07:00
Girish Ramakrishnan
53cb9b1f7a fix registry config setter 
* default registry provider is noop
* when testing config, skip noop provider
 2021-03-02 18:34:06 -08:00
Girish Ramakrishnan
a304c7f4a5 implement tls addon 2021-02-17 23:20:08 -08:00
Girish Ramakrishnan
6bd87485c6 rename addons.js to services.js 
services is the named container (services view)
addons is more like a heroku concept
 2021-01-21 11:31:35 -08:00
Girish Ramakrishnan
4d482d11ee add apps.getMemoryLimit 2021-01-20 19:16:21 -08:00
Girish Ramakrishnan
a14dbbe77a refactor into docker.update 2021-01-20 18:58:23 -08:00
Girish Ramakrishnan
0d535d2d5c allocate swap size for containers based on system ratio 2021-01-20 18:41:51 -08:00
Girish Ramakrishnan
ce86cb892d the ip is now available in the appdb 2020-12-03 11:48:25 -08:00
Girish Ramakrishnan
77b965cada Add DNS to app containers as well 
infra has to be bumped since we removed httpPort and moved to containerIp
 2020-11-25 12:04:59 -08:00