jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
8,988 Commits 33 Branches 583 Tags
2135fe5dd0146bd021774e8d3b5d70054c4417f2
Commit Graph

5785 Commits

Author SHA1 Message Date
Girish Ramakrishnan
007a8d248d make eventlog routes owner only 2020-03-26 18:54:16 -07:00
Girish Ramakrishnan
58d4a3455b email: add type filter to eventlog 2020-03-25 22:05:49 -07:00
Girish Ramakrishnan
91af2495a6 Make key validation work for ecc certs 2020-03-24 21:20:21 -07:00
Girish Ramakrishnan
7d7df5247b Update cipher suite based on ssl-config recommendation 
ssl_prefer_server_ciphers off is the recommendation since the cpihers
are deprecated

https://serverfault.com/questions/997614/setting-ssl-prefer-server-ciphers-directive-in-nginx-config
 2020-03-24 19:24:58 -07:00
Girish Ramakrishnan
f99450d264 Enable TLSv1.3 and remove TLSv1 and 1.1 
IE10 does not have 1.2, so maybe we can risk it

As per Android documentaion TLS 1.2 is fully supported after API level 20/Android 5(Lolipop)

https://discussions.qualys.com/thread/17020-tls-12-support-for-android-devices
https://www.ryandesignstudio.com/what-is-tls/
 2020-03-24 14:37:08 -07:00
Girish Ramakrishnan
d3eeb5f48a mail: disable host and proto mismatch 2020-03-24 11:50:52 -07:00
Girish Ramakrishnan
1e8a02f91a Make token expiry a year 
we now have a UI to invalid all tokens easily, so this should be OK.
 2020-03-23 21:51:13 -07:00
Girish Ramakrishnan
97c3bd8b8e mail: incoming mail from dynamic hostnames was rejected 2020-03-23 21:50:36 -07:00
Girish Ramakrishnan
09ce27d74b bump default token expiry to a month 2020-03-21 18:46:38 -07:00
Girish Ramakrishnan
2447e91a9f mail: throttle denied events 2020-03-20 14:04:16 -07:00
Girish Ramakrishnan
e6d881b75d Use owner email for LE certs 
https://forum.cloudron.io/topic/2244/email-contact-on-let-s-encrypt-ssl-tls-certificates-uses-password-recovery-email-rather-than-primary-email-address
 2020-03-20 13:39:58 -07:00
Girish Ramakrishnan
36f963dce8 remove unncessary debug in routes 2020-03-19 17:05:31 -07:00
Girish Ramakrishnan
1b15d28212 eventlog: add start/stop/restart logs 2020-03-19 17:02:55 -07:00
Girish Ramakrishnan
4e0c15e102 use short form syntax 2020-03-19 16:48:31 -07:00
Girish Ramakrishnan
c9e40f59de bump the timeout for really slow disks 2020-03-19 13:33:53 -07:00
Girish Ramakrishnan
38cf31885c Make backup configure owner only 2020-03-18 17:23:23 -07:00
Girish Ramakrishnan
4420470242 comcast does not allow port 25 check anymore 2020-03-17 13:55:35 -07:00
Girish Ramakrishnan
9b05786615 appstore: add whitelist/blacklist 2020-03-15 17:20:48 -07:00
Girish Ramakrishnan
661965f2e0 Add branding tests 2020-03-15 16:38:15 -07:00
Girish Ramakrishnan
7e0ef60305 Fix incorrect role comparison 2020-03-15 16:19:22 -07:00
Girish Ramakrishnan
2ac0fe21c6 ghost file depends on base dir 2020-03-15 11:41:39 -07:00
Girish Ramakrishnan
b997f2329d make branding route for owner only 2020-03-15 11:39:02 -07:00
Girish Ramakrishnan
23ee758ac9 do not check for updates for stopped apps 2020-03-15 09:48:08 -07:00
Girish Ramakrishnan
9ea12e71f0 linode: dns backend 
the dns is very slow - https://github.com/certbot/certbot/pull/6320
takes a good 15 minutes at minimum to propagate

https://certbot-dns-linode.readthedocs.io/en/stable/
https://www.linode.com/community/questions/17296/linode-dns-propagation-time
 2020-03-13 11:44:43 -07:00
Girish Ramakrishnan
6ee4b0da27 Move out ghost file to platformdata 
Since /tmp is world writable this might cause privilege escalation

https://forum.cloudron.io/topic/2222/impersonate-user-privilege-escalation
 2020-03-12 10:24:21 -07:00
Girish Ramakrishnan
3e66feb514 mail: add mailbox acl 2020-03-10 22:12:15 -07:00
Girish Ramakrishnan
cf89609633 mail: acl was enabled by mistake 2020-03-10 17:15:23 -07:00
Girish Ramakrishnan
67c24c1282 mail: make spamd_user case insensitive 2020-03-10 12:08:43 -07:00
Girish Ramakrishnan
7d3df3c55f Fix sa usage 2020-03-10 09:22:41 -07:00
Girish Ramakrishnan
17c881da47 Fix spam training 2020-03-09 13:51:17 -07:00
Girish Ramakrishnan
6e30c4917c Do not wait for dns when re-configured 2020-03-09 12:36:29 -07:00
Girish Ramakrishnan
c6d4f0d2f0 mail: fix word boundary regexp 2020-03-07 19:16:10 -08:00
Girish Ramakrishnan
b32128bebf Fix quoting in emails 2020-03-07 19:12:39 -08:00
Girish Ramakrishnan
a3f3d86908 More spam fixes 2020-03-07 18:52:20 -08:00
Girish Ramakrishnan
b29c82087a Bump the mail container version 2020-03-07 17:08:35 -08:00
Girish Ramakrishnan
b4f5ecb304 mail: fix eventlog search 2020-03-07 15:56:56 -08:00
Girish Ramakrishnan
3dabad5e91 Detect that domain is in use by app correctly 2020-03-07 14:52:34 -08:00
Johannes Zellner
890b46836b Do not allow lower level roles to edit higher level ones 2020-03-07 13:53:01 -08:00
Girish Ramakrishnan
835b3224c6 disable getting user token in demo mode 2020-03-07 11:44:38 -08:00
Girish Ramakrishnan
f8d27f3139 mail: Fix ownership issue with /app/data 2020-03-07 11:40:49 -08:00
Girish Ramakrishnan
33f263ebb9 Fix spamd logs 2020-03-07 01:00:08 -08:00
Girish Ramakrishnan
027925c0ba Only do spam processing when we have incoming domains 2020-03-07 00:22:00 -08:00
Girish Ramakrishnan
17c4819d41 eventlog updates 2020-03-06 23:16:32 -08:00
Johannes Zellner
017d19a8c8 Do not send internal link for update notification 2020-03-06 19:18:01 -08:00
Girish Ramakrishnan
46b6e319f5 add some spacing in the footer 2020-03-06 19:13:37 -08:00
Johannes Zellner
8f087e1c30 Take default footer from constants and keep settingsdb pristine 2020-03-06 18:08:26 -08:00
Johannes Zellner
c3fc0e83a8 Optimize collectd restart to be skipped if profile hasn't actually changed 2020-03-06 17:44:31 -08:00
Johannes Zellner
7ed0ef7b37 Ensure collectd backup config on startup 2020-03-06 17:44:31 -08:00
Girish Ramakrishnan
46ede3d60d search for request_uri in try_files 
this lets us put images in app_not_responding.html
 2020-03-06 17:01:48 -08:00
Girish Ramakrishnan
7a63fd4711 Failed quickly if docker image not found 2020-03-06 16:39:20 -08:00