jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
4,860 Commits 33 Branches 583 Tags
39ff21bdf4d68bcae8d4a6d6af41a5233fd32d9a
Commit Graph

131 Commits

Author SHA1 Message Date
Johannes Zellner
aa22ab8847 Cleanup the btrfs mounts and the user data file 2017-04-04 12:34:55 +02:00
Johannes Zellner
3e23c3efce Do not move the whole mail folder but only its content 2017-04-04 12:34:55 +02:00
Johannes Zellner
c4f96bbd6b Some directory creation fixes 2017-04-04 12:34:55 +02:00
Johannes Zellner
3a17bf9a0f Ensure apps and platform data dirs exist 2017-04-04 12:34:55 +02:00
Johannes Zellner
602f8bcd04 Split platform and app data folders and get rid of btrfs volumes 2017-04-04 12:34:55 +02:00
Girish Ramakrishnan
956fe86250 Add firewall service 
Docker really insists on adding itself to the top of the FORWARD
chain. Making our firewall side-steps this docker design.
 2017-03-29 02:31:53 -07:00
Girish Ramakrishnan
4d000e377f Enable iptables based ratelimit for cloudron auth services 
The goal here is to simply add a rate limit to prevent brute
force password attacks.

Covered services includes:
    (public) http, https, ssh, smtp, msa, imap, sieve
    (private) postgres, redis, mysql, ldap, mongodb. msa

The private limits are higher because some apps will create
a db connection for each page request.  Some apps like mailtrain
will send out lots of emails etc.

Note that apps that use SSO are ratelimited by the ldap limit.

Part of #187
 2017-03-29 00:02:05 -07:00
Girish Ramakrishnan
7e8757a78c grep quietly 2017-03-13 13:52:16 -07:00
Girish Ramakrishnan
81313d1c40 reduce nxdomain caching timeout 
the other option is to use "/usr/sbin/unbound-control flush_negative"
on demand
 2017-03-09 15:03:14 -08:00
Girish Ramakrishnan
1c36918e92 Done -> Almost done 2017-03-09 10:21:52 -08:00
Girish Ramakrishnan
9d52397bcc Move dhparam creation 
Now that all cloudrons have the dhparams file, we can generate this
*after* restoring from backup and if required.
 2017-03-01 15:25:20 -08:00
Girish Ramakrishnan
3a5000ab1d Detect loop support on linode correctly 
We don't need any of the loop logic since it seems scaleway
also supports automatically this now
 2017-02-15 15:40:19 -08:00
Girish Ramakrishnan
7f4f525551 dhparams.pem must be part of backup 2017-02-14 14:12:03 -08:00
Girish Ramakrishnan
9e2850ffad setup: do not restart mysql unnecessarily 2017-02-08 07:53:55 -08:00
Girish Ramakrishnan
19c665d747 docker daemon is deprecated 2017-02-06 11:33:10 -08:00
Girish Ramakrishnan
0cee6de476 Check if cloudron.conf file exists 2017-01-31 01:53:06 -08:00
Girish Ramakrishnan
7b547e7ae9 Revert scaleway specific overlay2 support 
This reverts commit 16d65d3665.

Rainloop app breaks with overlay2
 2017-01-30 15:43:42 -08:00
Girish Ramakrishnan
16d65d3665 Use overlay2 for scaleway 
https://github.com/scaleway/image-ubuntu/issues/68
 2017-01-30 14:01:29 -08:00
Girish Ramakrishnan
ccb340cf80 Use systemd drop in to configure docker 
The built-in service files get overwritten by updates

Fixes #203
 2017-01-30 12:41:07 -08:00
Girish Ramakrishnan
56b0f57e11 Move unbound systemd config to separate file 2017-01-30 12:39:19 -08:00
Girish Ramakrishnan
ddf5c51737 Make it 90 instead 2017-01-26 15:45:07 -08:00
Girish Ramakrishnan
88fc7ca915 move the files and not the directory 
... because box is a btrfs subvolume
 2017-01-26 14:16:27 -08:00
Girish Ramakrishnan
ebd3a15140 always restart nginx 2017-01-25 12:04:52 -08:00
Girish Ramakrishnan
f142d34f83 Move box data out of appdata volume 
This lets us restore the box if the app volume becomes full

Fixes #186
 2017-01-24 13:48:09 -08:00
Girish Ramakrishnan
357ca55dec remove unused var 2017-01-24 10:41:58 -08:00
Girish Ramakrishnan
d7a8731027 remove unused var 2017-01-24 10:41:38 -08:00
Girish Ramakrishnan
9117c7d141 Use $USER 2017-01-24 10:32:32 -08:00
Johannes Zellner
db8db430b9 Avoid warning from systemd by reloading the daemon after chaning journald config 2017-01-23 11:01:02 +01:00
Johannes Zellner
c0b2b1c26d Escape shell vars in the unbound unit file 2017-01-23 10:27:23 +01:00
Johannes Zellner
7da20e95e3 Use a proper systemd unit file for unbound 
Part of #191
 2017-01-23 10:14:20 +01:00
Girish Ramakrishnan
f30f90e6be Stop mail container before moving the dirs 2017-01-22 21:57:34 -08:00
Girish Ramakrishnan
7f05b48bd7 Revert "Migrate mail data after downloading restore data" 
This reverts commit e7c399c36a.
 2017-01-22 02:42:14 -08:00
Girish Ramakrishnan
e7c399c36a Migrate mail data after downloading restore data 
This allows us to be backward compatible
 2017-01-21 23:33:57 -08:00
Girish Ramakrishnan
d84666fb43 Move mail data out of box 
This will help us with putting a size on box data

Mail container version is bumped because we want to recreate it

Part of #186
 2017-01-20 20:22:08 -08:00
Girish Ramakrishnan
1eb33099af dkim directory is now automatically created in cloudron.js 2017-01-20 15:18:03 -08:00
Girish Ramakrishnan
804947f039 use dir mount instead of file mount 
file mounting is fraught with problems wrt change notifications.

first, we must be carefule that the inode does not change.

second, changes outside container do not result in fs events inside the container.
haraka cache settings files and relies on fs events. So, even
though the file gets updated inside the container, haraka doesn't
see it.

https://github.com/docker/docker/issues/15793
 2017-01-17 23:59:23 -08:00
Girish Ramakrishnan
d45927cdf4 unbound: listen on 0.0.0.0 2017-01-13 15:22:54 -08:00
Girish Ramakrishnan
055e41ac90 Make unbound reply on cloudron network 
Because of the docker upgrade, dnsbl queries are failing again
since we are not using the unbound server from the containers.

For some reason, docker cannot query 127.0.0.1 (https://github.com/docker/docker/issues/14627).

Make unbound listed on the cloudron network and let docker proxy
DNS calls to unbound (docker always use the embedded DNS server
when using UDN).

See also #130
 2017-01-12 19:28:23 -08:00
Johannes Zellner
1c9f2495e3 Show the detailed backup progress during update 
Fixes #157
 2017-01-12 16:00:34 +01:00
Girish Ramakrishnan
b4477d26b7 Reload the docker service file 2017-01-11 15:40:16 -08:00
Girish Ramakrishnan
ce0afb3d80 Explicitly specify the storage driver as devicemapper 
For reasons unknown, the images build by the buildbot (which currently
uses btrfs), does not work with devicemapper.

Existing cloudrons with aufs will not be affected because docker will
just ignore it.

devmapper: Base device already exists and has filesystem xfs on it. User specified filesystem will be ignored.

Existing AUFS users can move to devicemapper either by restoring to
a new cloudron (recommended) OR
* systemctl stop box
* systemctl stop docker
* rm -rf /var/lib/docker
* Edit /home/yellowtent/data/INFRA_VERSION. Change the "version" field to "1"
* systemctl start docker
* systemctl start box # this will download images all over

Fixes #182
 2017-01-11 14:53:11 -08:00
Girish Ramakrishnan
4c719de86c restart docker only if config changed 2017-01-10 18:50:21 -08:00
Girish Ramakrishnan
6f2b2adca9 Enable apparmor explicitly 2017-01-10 18:15:10 -08:00
Girish Ramakrishnan
26ed331f8e Add default clients in clients.js 2017-01-09 15:41:29 -08:00
Girish Ramakrishnan
cc9904c8c7 Move nginx config and cert generation to box code 2017-01-06 10:23:10 +01:00
Johannes Zellner
2d6d8a7ea8 Create fallback certs only if fqdn is already set 2017-01-05 16:29:10 +01:00
Johannes Zellner
5b5ed9e043 Always create box/mail/dkim folder 2017-01-05 16:15:00 +01:00
Johannes Zellner
d9865f9b0f Allow box to startup without fqdn 2017-01-05 14:02:04 +01:00
Girish Ramakrishnan
c8a9412995 suppress error message 2016-12-30 14:23:16 -08:00
Girish Ramakrishnan
90c1fd4c31 rename the service to cloudron-resize-fs 2016-12-30 11:27:00 -08:00