jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
16,584 Commits 33 Branches 583 Tags
490840b71d17b4e9f9d64adf262f251be3b5498c
Commit Graph

804 Commits

Author SHA1 Message Date
Johannes Zellner
d98b09f802 Forward portCount during the portBinding translation 2024-02-25 16:52:10 +01:00
Johannes Zellner
97c012b3df Use full portBindings object internally also for validation 2024-02-25 16:28:57 +01:00
Johannes Zellner
867b8e0253 Also adjust portbindings env variable name check according to the manifest uppercase fix 2024-02-25 16:18:02 +01:00
Johannes Zellner
80400db92a Handle portCount in translatePortBindings 2024-02-25 14:33:57 +01:00
Girish Ramakrishnan
13e62bc738 logs: use stream.destroy() instead of custom hooks 2024-02-24 17:35:37 +01:00
Girish Ramakrishnan
0e83658aa3 make sudo commands terminate properly 
sudo forks and execs the program. sudo also hangs around as the parent of the program waiting on the program and also forwarding signals.
sudo does not forward signals when the originator comes from the same process group. recently, there has been a change where it will
forward signals as long as sudo or the command is not the group leader (https://www.sudo.ws/repos/sudo/rev/d1bf60eac57f)
for us, this means that calling kill from this node process doesn't work since it's in the same group (and ubuntu 22 doesn't have the above fix).
the workaround is to invoke a kill from a different process group and this is done by starting detached
another idea is: use "ps --pid cp.pid -o pid=" to get the pid of the command and then send it signal directly

see also: https://dxuuu.xyz/sudo.html
 2024-02-24 16:19:07 +01:00
Johannes Zellner
909fe5dc15 Add appPortBindings port count column 2024-02-23 17:57:24 +01:00
Girish Ramakrishnan
d0dc104ede logs: make logPaths work 
we have to tail via sudo script

Fixes #811
 2024-02-23 17:46:22 +01:00
Girish Ramakrishnan
a6f078330f shell: no need to promise scoping 2024-02-21 19:40:27 +01:00
Girish Ramakrishnan
14c9260ab0 shell: exec encoding is utf8 by default and no shell 
explicitly mark calls that require the shell
 2024-02-21 17:47:25 +01:00
Girish Ramakrishnan
c1bb4de6a3 reverseproxy: use async exec 2024-02-21 12:33:04 +01:00
Girish Ramakrishnan
9b94cf18d0 convert more execSync to async 2024-02-21 11:00:12 +01:00
Girish Ramakrishnan
307a3ee015 apps: rename the config functions 2024-02-10 11:53:25 +01:00
Girish Ramakrishnan
95be147eb4 make config.json readable 2024-02-10 10:40:56 +01:00
Johannes Zellner
37a6e60e90 Do not allow newlines in CSP rules 2023-10-18 13:53:21 +02:00
Girish Ramakrishnan
79af6c1a68 On dashboard or email location change, reconfigure immediately 2023-08-21 18:34:07 +05:30
Girish Ramakrishnan
28bfab6700 LOCATION_TYPE can move into location.js 2023-08-17 16:05:19 +05:30
Girish Ramakrishnan
aa8c23c8b3 rework backup root 
notes:
* backup root cannot come from backend. for dynamic mounts backend cannot know where it is mounted
* backupConfig is 3 parts - format / mount / password . there is also this rootPath (which should not be in db)
* password should be stored separately in settings at some point
* format has to be passed along everywhere because we allow restore from  same backupConfig but different format. we do this by saving the format in the backups table

fixes #819
 2023-08-15 22:51:45 +05:30
Girish Ramakrishnan
da49a69562 backups: testConfig is really testStorage 2023-08-15 19:59:00 +05:30
Girish Ramakrishnan
9dedf0ec05 validate the backup format 2023-08-15 19:57:51 +05:30
Girish Ramakrishnan
eee49a8291 move dashboard setting into dashboard.js 2023-08-11 21:04:10 +05:30
Girish Ramakrishnan
fb9d8c23e1 move appstore urls into appstore.js 2023-08-04 15:41:41 +05:30
Girish Ramakrishnan
6aad89ae6e demo is just a constant, not a setting 2023-08-04 14:13:30 +05:30
Girish Ramakrishnan
e73b75e4b5 settings: move backup settings 2023-08-04 11:54:12 +05:30
Girish Ramakrishnan
ee836e6646 mail: 'my' location is available as mail location 
move the reserve domains check to app location validation code
 2023-08-01 19:33:59 +05:30
Girish Ramakrishnan
3d5c21d9ca backups: encrypted backups must have .enc extension 2023-07-24 22:25:06 +05:30
Johannes Zellner
4c185fb3b4 Reconfigure apps on dashboard domain change, if they use oidc addon 2023-07-21 20:02:35 +02:00
Girish Ramakrishnan
866cf75012 add a TODO 2023-07-14 08:34:05 +05:30
Girish Ramakrishnan
25328d884f redis: make optional 
part of #810
 2023-07-13 16:46:09 +05:30
Girish Ramakrishnan
f34840e1a3 mail: use the new services change task type 2023-07-13 16:46:09 +05:30
Girish Ramakrishnan
519b258a25 make turn service optional 
part of #810
 2023-07-13 15:32:28 +05:30
Girish Ramakrishnan
68e56f903d validate encryption password separately 2023-07-13 12:42:38 +05:30
Girish Ramakrishnan
c86059e070 backups: move limits into a sub object 
fixes #817
 2023-07-13 12:17:57 +05:30
Girish Ramakrishnan
0ab72f5900 appdata: cannot use cifs or sshfs 
Fixes #827
 2023-07-11 21:37:26 +05:30
Girish Ramakrishnan
e6ba2a6e7a replace usage of _.extend with Object.assign 2023-05-25 11:45:14 +02:00
Johannes Zellner
828e77ad80 Also set sso in configure accordingly for oidc 2023-04-21 15:36:05 +02:00
Johannes Zellner
da38d8a045 oidc: support app addon oidc configs as normal clients 2023-04-14 22:22:04 +02:00
Girish Ramakrishnan
61b7dfa58c log: date is iso string 2023-04-04 19:12:30 +02:00
Girish Ramakrishnan
42a4912cc7 logs: prepend date and append newline 2023-04-04 18:58:50 +02:00
Girish Ramakrishnan
603f92251e refactor tail invokation into logtail.sh 2023-03-27 11:39:34 +02:00
Girish Ramakrishnan
8205beeabf notifications: make update alerts non-persistent 
once acked, they remain acked. no need to keep nagging the user about them.
 2023-03-26 15:12:39 +02:00
Girish Ramakrishnan
3aa040bf01 apps: remove repository 2023-03-11 16:25:39 +01:00
Girish Ramakrishnan
8448d28f6f Implement HSTS preload 
This allows browsers to query https directly instead of the initial http redirect

https://hstspreload.org/#opt-in says it should be explicitly opt in
 2023-03-06 11:46:05 +01:00
Johannes Zellner
20cec7d5ef Fixup location conflict message for bare domain 2023-01-09 13:27:02 +01:00
Girish Ramakrishnan
89127e1df7 reverseproxy: rework cert logic 
9c8f78a059 already fixed many of the cert issues.

However, some issues were caught in the CI:

* The TLS addon has to be rebuilt and not just restarted. For this reason, we now
  move things to a directory instead of mounting files. This way the container is just restarted.

* Cleanups must be driven by the database and not the filesystem . Deleting files on disk or after a restore,
  the certs are left dangling forever in the db.

* Separate the db cert logic and disk cert logic. This way we can sync as many times as we want and whenever we want.
 2022-11-29 11:07:23 +01:00
Girish Ramakrishnan
c844be5be1 make validateLocations return error 2022-11-28 22:16:22 +01:00
Girish Ramakrishnan
e15c6324e4 getDuplicateErrorDetails does not need domain map 2022-11-28 22:14:10 +01:00
Girish Ramakrishnan
b70572a6e9 dns: fqdn only needs domain string 
This is from the caas days, when we had hyphenated subdomains flag
 2022-11-28 21:56:25 +01:00
Johannes Zellner
a5d244b593 Add tests for proxy app upstreamUri 2022-11-23 14:36:57 +01:00
Girish Ramakrishnan
817e950d47 Fix upstreamUri verification 2022-11-23 12:58:17 +01:00