jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
1,508 Commits 33 Branches 583 Tags
2f20ff8defd357236299988d6ead2d8a35bad4e5
Commit Graph

1508 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Girish Ramakrishnan
66441f133d fix typo 2015-12-11 20:09:16 -08:00
Girish Ramakrishnan
8a12d6019a assert assert everywhere, hope none fires! 2015-12-11 14:50:30 -08:00
Girish Ramakrishnan
39c626dc75 more moving of nginx code 2015-12-11 14:48:39 -08:00
Girish Ramakrishnan
a7480c3f29 implement installation of admin certificate via acme 2015-12-11 14:37:55 -08:00
Girish Ramakrishnan
8af682acf1 add attempt 2015-12-11 14:20:37 -08:00
Girish Ramakrishnan
95eba1db81 Add certificates.ensureCertificate which gets cert via acme 2015-12-11 14:15:44 -08:00
Girish Ramakrishnan
0b8fde7d8d rename app.setAppCertificate 2015-12-11 14:13:29 -08:00
Girish Ramakrishnan
2f7517152a rename certificates.initialize 2015-12-11 14:02:58 -08:00
Girish Ramakrishnan
3e2ea0e087 refactor certificate settings 2015-12-11 13:58:43 -08:00
Girish Ramakrishnan
723556d6a2 Add CertificatesError 2015-12-11 13:43:33 -08:00
Girish Ramakrishnan
1f53d76cef wait forever by default 2015-12-11 13:41:17 -08:00
Girish Ramakrishnan
d15488431b add waitfordns.js (refactored from appstore) 2015-12-11 13:14:27 -08:00
Girish Ramakrishnan
cf80fd7dc5 rename certificatemanager 2015-12-11 12:24:52 -08:00
Girish Ramakrishnan
73d891b98e move validateCertificate to certificateManager 2015-12-10 20:38:49 -08:00
Girish Ramakrishnan
875ec1028d remove backward compat code now that we have migrated 2015-12-10 16:31:22 -08:00
Girish Ramakrishnan
fd985c2011 configure nginx as the last step 
this allow us to wait for certificate (in the case of LE)
v0.4.5 		2015-12-10 15:26:36 -08:00
Girish Ramakrishnan
47981004c9 split port reserving to separate function 
this allows us to move nginx configuration to the bottom of apptask
(required for tls cert download support)
 2015-12-10 15:25:15 -08:00
Girish Ramakrishnan
e3f7c8f63d use fqdn to save admin certs as well 2015-12-10 14:29:54 -08:00
Girish Ramakrishnan
853db53f82 rename admin.cert/.key to {admin_fqdn}.cert/.key 2015-12-10 14:05:44 -08:00
Girish Ramakrishnan
5992c0534a remove dead comment 2015-12-10 13:56:00 -08:00
Girish Ramakrishnan
1874c93c5c no need to template main nginx config 2015-12-10 13:54:53 -08:00
Girish Ramakrishnan
3c4adb1aed fix config path 2015-12-10 13:36:44 -08:00
Girish Ramakrishnan
66db918273 add certificate manager stub 2015-12-10 13:35:02 -08:00
Girish Ramakrishnan
69845d5ddd add config.adminFqdn() 2015-12-10 13:14:13 -08:00
Girish Ramakrishnan
42181d597b keep the requires sorted 2015-12-10 13:08:38 -08:00
Girish Ramakrishnan
b56e9ca745 do not log the token 2015-12-10 12:50:54 -08:00
Girish Ramakrishnan
5fc4788269 remove test code 2015-12-10 11:09:37 -08:00
Girish Ramakrishnan
d0f8293b73 treat acme as a cert backend 2015-12-10 11:08:22 -08:00
Girish Ramakrishnan
44582bcd4b download the certificate as binary 2015-12-10 11:07:10 -08:00
Girish Ramakrishnan
5c73aed953 remove unused require 2015-12-10 09:54:21 -08:00
Girish Ramakrishnan
e1ec48530e acme: create cert file with the chain 2015-12-10 09:11:08 -08:00
Girish Ramakrishnan
54c4053728 add LE cross signed 
https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem.txt
 2015-12-10 09:06:36 -08:00
Girish Ramakrishnan
79ffb0df5c acme: openssl does not play well with buffers. use files instead 2015-12-10 08:57:53 -08:00
Girish Ramakrishnan
c510952c88 s/privateKeyPem/accountKeyPem 2015-12-09 19:23:19 -08:00
Girish Ramakrishnan
6109da531d acme: use safe 2015-12-09 19:22:53 -08:00
Girish Ramakrishnan
56877332db pull in urlBase64Encode 2015-12-09 18:34:27 -08:00
Girish Ramakrishnan
6fc972d160 set default response type to text/plain 2015-12-09 18:34:13 -08:00
Girish Ramakrishnan
5346153d9b add ursa 2015-12-09 18:33:35 -08:00
Girish Ramakrishnan
aaf266d272 convert cert to pem v0.4.4 2015-12-08 20:05:14 -08:00
Girish Ramakrishnan
0750db9aae rename function 2015-12-08 19:54:37 -08:00
Girish Ramakrishnan
316976d295 generate the acme account key on first run 2015-12-08 19:42:33 -08:00
Girish Ramakrishnan
593b5d945b use this fake email as the account owner for now 2015-12-08 19:15:17 -08:00
Girish Ramakrishnan
88f0240757 serve acme directory from nginx 2015-12-08 19:04:48 -08:00
Girish Ramakrishnan
f5c2f8849d Add LE staging url for testing 2015-12-08 18:25:45 -08:00
Girish Ramakrishnan
5c4a8f7803 add acme support 
this is not used anywhere since we want to wait for rate limits to be
fixed.

The current limits are :

    Rate limit on registrations per IP is currently 10 per 3 hours
    Rate limit on certificates per Domain is currently 5 per 7 days

The domains are counted based on https://publicsuffix.org/list/ (not TLD). Like appspot.com, herokuapp.com while not a TLD, it a public suffix. This list allows browser authors to limit how cookies can be manipulated by the subdomain of those domains. like app1.appspot.com cannot go and change things of app2.appspot.com.

This means
a) we cannot use LE for cloudron.me, cloudron.us (or we have to get on that list)

b) even for custom domains we get only 5 certs every 7 days. And one of them is taken for my.xx domain.

https://community.letsencrypt.org/t/public-beta-rate-limits/4772/38
 2015-12-08 15:52:30 -08:00
Girish Ramakrishnan
5b8fdad5cb Revert "remove targetBoxVersion checks since all apps are now ported" 
This reverts commit d104f2a077.

gitlab is not ported :-(
 2015-12-05 02:29:06 -08:00
Girish Ramakrishnan
fe819f95ec always return logs regardless of state 2015-12-04 13:13:54 -08:00
Girish Ramakrishnan
be6728f8cb send support an email for app crashes 2015-12-02 16:50:00 -08:00
Girish Ramakrishnan
24d3a81bc8 remove targetBoxVersion checks since all apps are now ported 2015-12-02 15:02:16 -08:00
Girish Ramakrishnan
268c7b5bcf always create an isolated network ns v0.4.3 2015-12-01 13:59:45 -08:00