jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
9,310 Commits 33 Branches 583 Tags
324344d11856d3473c7c7aabbb457648a4d68bd4
Commit Graph

6035 Commits

Author SHA1 Message Date
Girish Ramakrishnan 007a8d248d make eventlog routes owner only 2020-03-26 18:54:16 -07:00
Girish Ramakrishnan 58d4a3455b email: add type filter to eventlog 2020-03-25 22:05:49 -07:00
Girish Ramakrishnan 91af2495a6 Make key validation work for ecc certs 2020-03-24 21:20:21 -07:00
Girish Ramakrishnan 7d7df5247b Update cipher suite based on ssl-config recommendation 
ssl_prefer_server_ciphers off is the recommendation since the cpihers
are deprecated

https://serverfault.com/questions/997614/setting-ssl-prefer-server-ciphers-directive-in-nginx-config
 2020-03-24 19:24:58 -07:00
Girish Ramakrishnan f99450d264 Enable TLSv1.3 and remove TLSv1 and 1.1 
IE10 does not have 1.2, so maybe we can risk it

As per Android documentaion TLS 1.2 is fully supported after API level 20/Android 5(Lolipop)

https://discussions.qualys.com/thread/17020-tls-12-support-for-android-devices
https://www.ryandesignstudio.com/what-is-tls/
 2020-03-24 14:37:08 -07:00
Girish Ramakrishnan d3eeb5f48a mail: disable host and proto mismatch 2020-03-24 11:50:52 -07:00
Girish Ramakrishnan 1e8a02f91a Make token expiry a year 
we now have a UI to invalid all tokens easily, so this should be OK.
 2020-03-23 21:51:13 -07:00
Girish Ramakrishnan 97c3bd8b8e mail: incoming mail from dynamic hostnames was rejected 2020-03-23 21:50:36 -07:00
Girish Ramakrishnan 09ce27d74b bump default token expiry to a month 2020-03-21 18:46:38 -07:00
Girish Ramakrishnan 2447e91a9f mail: throttle denied events 2020-03-20 14:04:16 -07:00
Girish Ramakrishnan e6d881b75d Use owner email for LE certs 
https://forum.cloudron.io/topic/2244/email-contact-on-let-s-encrypt-ssl-tls-certificates-uses-password-recovery-email-rather-than-primary-email-address
 2020-03-20 13:39:58 -07:00
Girish Ramakrishnan 36f963dce8 remove unncessary debug in routes 2020-03-19 17:05:31 -07:00
Girish Ramakrishnan 1b15d28212 eventlog: add start/stop/restart logs 2020-03-19 17:02:55 -07:00
Girish Ramakrishnan 4e0c15e102 use short form syntax 2020-03-19 16:48:31 -07:00
Girish Ramakrishnan c9e40f59de bump the timeout for really slow disks 2020-03-19 13:33:53 -07:00
Girish Ramakrishnan 38cf31885c Make backup configure owner only 2020-03-18 17:23:23 -07:00
Girish Ramakrishnan 4420470242 comcast does not allow port 25 check anymore 2020-03-17 13:55:35 -07:00
Girish Ramakrishnan 9b05786615 appstore: add whitelist/blacklist 2020-03-15 17:20:48 -07:00
Girish Ramakrishnan 661965f2e0 Add branding tests 2020-03-15 16:38:15 -07:00
Girish Ramakrishnan 7e0ef60305 Fix incorrect role comparison 2020-03-15 16:19:22 -07:00
Girish Ramakrishnan 2ac0fe21c6 ghost file depends on base dir 2020-03-15 11:41:39 -07:00
Girish Ramakrishnan b997f2329d make branding route for owner only 2020-03-15 11:39:02 -07:00
Girish Ramakrishnan 23ee758ac9 do not check for updates for stopped apps 2020-03-15 09:48:08 -07:00
Girish Ramakrishnan 9ea12e71f0 linode: dns backend 
the dns is very slow - https://github.com/certbot/certbot/pull/6320
takes a good 15 minutes at minimum to propagate

https://certbot-dns-linode.readthedocs.io/en/stable/
https://www.linode.com/community/questions/17296/linode-dns-propagation-time
 2020-03-13 11:44:43 -07:00
Girish Ramakrishnan 6ee4b0da27 Move out ghost file to platformdata 
Since /tmp is world writable this might cause privilege escalation

https://forum.cloudron.io/topic/2222/impersonate-user-privilege-escalation
 2020-03-12 10:24:21 -07:00
Girish Ramakrishnan 3e66feb514 mail: add mailbox acl 2020-03-10 22:12:15 -07:00
Girish Ramakrishnan cf89609633 mail: acl was enabled by mistake 2020-03-10 17:15:23 -07:00
Girish Ramakrishnan 67c24c1282 mail: make spamd_user case insensitive 2020-03-10 12:08:43 -07:00
Girish Ramakrishnan 7d3df3c55f Fix sa usage 2020-03-10 09:22:41 -07:00
Girish Ramakrishnan 17c881da47 Fix spam training 2020-03-09 13:51:17 -07:00
Girish Ramakrishnan 6e30c4917c Do not wait for dns when re-configured 2020-03-09 12:36:29 -07:00
Girish Ramakrishnan c6d4f0d2f0 mail: fix word boundary regexp 2020-03-07 19:16:10 -08:00
Girish Ramakrishnan b32128bebf Fix quoting in emails 2020-03-07 19:12:39 -08:00
Girish Ramakrishnan a3f3d86908 More spam fixes 2020-03-07 18:52:20 -08:00
Girish Ramakrishnan b29c82087a Bump the mail container version 2020-03-07 17:08:35 -08:00
Girish Ramakrishnan b4f5ecb304 mail: fix eventlog search 2020-03-07 15:56:56 -08:00
Girish Ramakrishnan 3dabad5e91 Detect that domain is in use by app correctly 2020-03-07 14:52:34 -08:00
Johannes Zellner 890b46836b Do not allow lower level roles to edit higher level ones 2020-03-07 13:53:01 -08:00
Girish Ramakrishnan 835b3224c6 disable getting user token in demo mode 2020-03-07 11:44:38 -08:00
Girish Ramakrishnan f8d27f3139 mail: Fix ownership issue with /app/data 2020-03-07 11:40:49 -08:00
Girish Ramakrishnan 33f263ebb9 Fix spamd logs 2020-03-07 01:00:08 -08:00
Girish Ramakrishnan 027925c0ba Only do spam processing when we have incoming domains 2020-03-07 00:22:00 -08:00
Girish Ramakrishnan 17c4819d41 eventlog updates 2020-03-06 23:16:32 -08:00
Johannes Zellner 017d19a8c8 Do not send internal link for update notification 2020-03-06 19:18:01 -08:00
Girish Ramakrishnan 46b6e319f5 add some spacing in the footer 2020-03-06 19:13:37 -08:00
Johannes Zellner 8f087e1c30 Take default footer from constants and keep settingsdb pristine 2020-03-06 18:08:26 -08:00
Johannes Zellner c3fc0e83a8 Optimize collectd restart to be skipped if profile hasn't actually changed 2020-03-06 17:44:31 -08:00
Johannes Zellner 7ed0ef7b37 Ensure collectd backup config on startup 2020-03-06 17:44:31 -08:00
Girish Ramakrishnan 46ede3d60d search for request_uri in try_files 
this lets us put images in app_not_responding.html
 2020-03-06 17:01:48 -08:00
Girish Ramakrishnan 7a63fd4711 Failed quickly if docker image not found 2020-03-06 16:39:20 -08:00