jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
15,906 Commits 33 Branches 583 Tags
2b1b304c6ec41514bf10f951596f93648524ff75
Commit Graph

685 Commits

Author SHA1 Message Date
Girish Ramakrishnan
4ee56782ba move syslog.js to top level 2024-03-21 19:09:51 +01:00
Girish Ramakrishnan
d0dc104ede logs: make logPaths work 
we have to tail via sudo script

Fixes #811
 2024-02-23 17:46:22 +01:00
Johannes Zellner
ec990bd16a WIP: Add some portrange support 2024-02-08 17:39:22 +01:00
Girish Ramakrishnan
b8c297b178 ldap allow list is not a json 2024-01-13 12:29:00 +01:00
Girish Ramakrishnan
793c4ac017 add some debugs to the firewall script 2023-12-08 11:05:55 +01:00
Girish Ramakrishnan
48f0c75c57 network: increase maxelem of the ipsets 2023-12-07 23:20:24 +01:00
Johannes Zellner
e7208278fc Only collect stats for app main containers 2023-10-23 22:23:23 +02:00
Girish Ramakrishnan
ec23c7d2b8 Suppress aws sdk warning 
https://github.com/aws/aws-sdk-js/issues/4354#issuecomment-1664694545
 2023-08-04 09:21:48 +05:30
Girish Ramakrishnan
ff539e2669 remove crashnotifier 
it's not really used
 2023-05-15 11:08:00 +02:00
Girish Ramakrishnan
b26c8d20cd network: add trusted ips 
This allows the user to set trusted ips to Cloudflare or some other CDN
and have the logs have the correct IPs.

fixes #801
 2023-05-13 16:15:47 +02:00
Johannes Zellner
89c5b81eb0 Add very basic initial cloudron-logs helper 2023-05-11 12:30:00 +02:00
Girish Ramakrishnan
4c475818bc syslog: restructure code 2023-04-14 20:06:28 +02:00
Girish Ramakrishnan
928e61e0f6 Revert "Only use "kill" as done in the upstream docs" 
This reverts commit 829d53915d.

This breaks on Ubuntu 18

systemd[1]: /etc/systemd/system/unbound.service:12: Executable path is not absolute: kill -HUP $MAINPID
 2023-03-29 11:18:44 +02:00
Johannes Zellner
9089616e85 Store oidc data in platformdata/oidc 2023-03-19 16:01:22 +01:00
Girish Ramakrishnan
495e54b54a cloudron.conf is long gone 2023-01-31 18:03:23 +01:00
Johannes Zellner
10e07fa300 Add disk speeds to disk usage data 2023-01-27 21:05:25 +01:00
Johannes Zellner
829d53915d Only use "kill" as done in the upstream docs 
https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecReload=
 2023-01-09 20:18:51 +01:00
Johannes Zellner
144fc7b7be Ubuntu 18 does not have /usr/bin/kill 2023-01-09 20:12:30 +01:00
Girish Ramakrishnan
ae30fe25d7 unbound: disable controller interface explicitly 
https://github.com/NLnetLabs/unbound/issues/806
 2022-12-22 11:11:33 +01:00
Girish Ramakrishnan
89127e1df7 reverseproxy: rework cert logic 
9c8f78a059 already fixed many of the cert issues.

However, some issues were caught in the CI:

* The TLS addon has to be rebuilt and not just restarted. For this reason, we now
  move things to a directory instead of mounting files. This way the container is just restarted.

* Cleanups must be driven by the database and not the filesystem . Deleting files on disk or after a restore,
  the certs are left dangling forever in the db.

* Separate the db cert logic and disk cert logic. This way we can sync as many times as we want and whenever we want.
 2022-11-29 11:07:23 +01:00
Girish Ramakrishnan
00771d8197 reverseproxy: move dashboard config to subdir as well 2022-11-17 15:50:34 +01:00
Girish Ramakrishnan
e3b0d3960a reverseproxy: create configs in subdirectories for easy management 2022-11-17 12:16:11 +01:00
Girish Ramakrishnan
720bafaf02 logrotate: only keep 14 days of logs 
https://unix.stackexchange.com/questions/261696/logrotation-rotate-and-maxage-command
https://blog.gsterling.de/2017/10/03/logrotate-misconceptions-about-maxsize-and-size/
 2022-11-17 00:47:39 +01:00
Girish Ramakrishnan
f82f533f36 Add SIGHUP handler to reload certs 
we have to reload directory server certs out of process
 2022-11-16 08:24:42 +01:00
Girish Ramakrishnan
4918d2099f remove json module (not used) 2022-11-05 15:15:53 +01:00
Girish Ramakrishnan
80a3ca0f46 remove 16.04 related task logic 2022-11-02 21:22:42 +01:00
Girish Ramakrishnan
ae66692eda Ensure collectd directory 2022-10-14 10:43:30 +02:00
Girish Ramakrishnan
1872cea763 graphs: do not average cpu use 
Show like htop/top: cpu core count * 100
 2022-10-13 22:36:20 +02:00
Girish Ramakrishnan
656f3fcc13 add system.du 2022-10-11 23:06:54 +02:00
Girish Ramakrishnan
6f61145b01 configurecollectd.sh is no more 2022-10-11 21:04:25 +02:00
Johannes Zellner
cbaf86b8c7 Use counter values for docker stats in collectd and grafana queries 2022-10-11 19:06:40 +02:00
Johannes Zellner
ad29f51833 Fixup typo guage -> gauge in docker-stats.py 2022-10-11 10:54:53 +02:00
Girish Ramakrishnan
3caffdb4e1 Rework app stats 
Previously, the du plugin was collecting data every 20 seconds but
carbon was configured to only keep data every 12 hours causing much
confusion.

In the process of reworking this, it was determined:

* No need to collect disk usage info over time. Not sure how that is useful
* Instead, collect CPU/Network/Block info over time. We get this now from docker stats
* We also collect info about the services (addon containers)
* No need to reconfigure collectd for each app change anymore since there is no per
app collectd configuration anymore.
 2022-10-10 21:13:26 +02:00
Girish Ramakrishnan
d5e5b64df2 cloudron-setup/motd: show ipv4 or ipv6 setup link 2022-08-01 18:32:07 +02:00
Girish Ramakrishnan
4a18ecc0ef unbound: enable ip6 2022-08-01 14:15:09 +02:00
Girish Ramakrishnan
7598cf2baf consolidate storage validation logic 2022-06-06 12:50:21 -07:00
Girish Ramakrishnan
39c5c44ac3 cloudron-firewall: fix spurious line 2022-06-01 09:28:50 -07:00
Girish Ramakrishnan
534c8f9c3f collectd: on one system, localhost was missing in /etc/hosts 2022-05-27 16:10:38 -07:00
Girish Ramakrishnan
5ee9feb0d2 If disk name has '.', replace with '_' 
graphite uses . as the separator between different metric parts

see #348
 2022-05-27 16:00:08 -07:00
Girish Ramakrishnan
3adf8b5176 collectd: FQDNLookup causes collectd install to fail 
this is on ubuntu 20

https://forum.cloudron.io/topic/7091/aws-ubuntu-20-04-installation-issue
 2022-05-25 15:10:55 -07:00
Girish Ramakrishnan
eafccde6cb Reset mysql password by detecting version (instead of ubuntu version) 2022-04-27 15:45:53 -07:00
Girish Ramakrishnan
6b85e11a22 update: collectd configuration can be removed 2022-04-27 15:41:28 -07:00
Girish Ramakrishnan
7ec1594428 create a separate support user 
This creates a separate user named 'cloudron-support' using which we
can provide remote support. The hyphen username convention follows the
systemd sytem username convention.

With a separate user, we don't need to ask users to keep changing PermitRootLogin
(and remind them to change it back).

Using a sudo user has various advantages:

* https://askubuntu.com/questions/687249/why-does-ubuntu-have-a-disabled-root-account
* https://wiki.debian.org/sudo
* https://askubuntu.com/questions/16178/why-is-it-bad-to-log-in-as-root

The yellowtent user is also locked down further - no password and no shell login.
 2022-03-30 15:08:20 -07:00
Girish Ramakrishnan
724f5643bc suppress grep message 2022-03-30 11:10:00 -07:00
Girish Ramakrishnan
dbb803ff5e cifs: use credentials file 
this supports special characters in passwords better

https://forum.cloudron.io/topic/6577/failed-to-mount-inactive-mount-error-13-when-mounting-cifs-from-synology
 2022-03-29 21:26:58 -07:00
Girish Ramakrishnan
cbc44da102 create sshfs dir in start.sh 2022-03-29 20:13:41 -07:00
Girish Ramakrishnan
d13905377c firewall: do not add duplicate ldap redirect rules 2022-03-21 12:25:30 -07:00
Girish Ramakrishnan
993ff50681 cloudron-firewall: fix crash when ports are whitelisted 
it failed with:
Feb 22 08:52:30 strawberry cloudron-firewall.sh[14300]: /home/yellowtent/box/setup/start/cloudron-firewall.sh: line 14: iptables --wait 120 --wait-interval 1: command not found

the root cause was that IFS was getting set but not getting reset later.
the IFS=xx line is not line local as it seems to appear (just a bash statement)
 2022-02-22 00:56:57 -08:00
Girish Ramakrishnan
8ef5e35677 cloudron-firewall: add retry for xtables lock 
cloudron-firewall.sh[30679]: ==> Setting up firewall
cloudron-firewall.sh[30693]: iptables: Chain already exists.
cloudron-firewall.sh[30694]: ip6tables: Chain already exists.
cloudron-firewall.sh[30699]: ipset v7.5: Set cannot be created: set with the same name already exists
cloudron-firewall.sh[30702]: ipset v7.5: Set cannot be created: set with the same name already exists
cloudron-firewall.sh[30740]: Another app is currently holding the xtables lock. Perhaps you want to use the -w option?
 2022-02-20 17:42:20 -08:00
Girish Ramakrishnan
773dfd9a7b ipv6 support in firewall allow and block lists 2022-02-16 13:39:35 -08:00