jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
16,408 Commits 33 Branches 583 Tags
4e0961ae5a58686ea31908aa13c750ac7b6e273c
Commit Graph

8676 Commits

Author SHA1 Message Date
Girish Ramakrishnan
ea2479beda system: also get rota information 2024-09-30 14:09:15 +02:00
Girish Ramakrishnan
0504e0423a backups: add hetzner object storage 2024-09-25 12:21:42 +02:00
Girish Ramakrishnan
c1c16ab54e test: add simple gitlab-ci file 2024-09-20 18:48:55 +02:00
Girish Ramakrishnan
76dc856dbf test: fix system test 2024-09-20 15:37:34 +02:00
Vladimir D
227fdf10dd OIDC: id_token added to client response types 2024-09-20 14:16:40 +02:00
Girish Ramakrishnan
19c744b17d unbound-anchor is now part of ExecStartPre 
it seems unbound-anchor is not a dep of unbound in ubuntu 24. some
installations are thus missing this package.

in any case, ignore unbound-anchor exit status
 2024-09-20 10:00:01 +02:00
Vladimir D
3ce74d04d0 OIDC: groups claim added to make groups provisioned 2024-09-19 13:08:20 +02:00
Girish Ramakrishnan
1148724613 boxerror: handle AggregateError 2024-09-19 11:44:47 +02:00
Girish Ramakrishnan
f526695aae cloudron-support: enable-ssh has an alias enable-remote-support 2024-09-19 08:38:59 +02:00
Girish Ramakrishnan
777834d790 dig: set tries parameter 2024-09-18 15:25:48 +02:00
Girish Ramakrishnan
dca9246450 Fix AdGuard resolving dashboard to docker bridge IP 
Issue 1: DO droplet when given the name my.blah.com , will put an entry
in /etc/hosts with `127.0.1.1 my.blah.com` . When app containers use
system DNS, they get this IP address which does not work inside a container.

An idea is to remove this entry when running cloudron-setup, but maybe this
causes trouble later.

Issue 2: Some networks seem to lack loopback networking. With OIDC changes,
we want the apps to access my.blah.com even if hairpin nat is not working.

Solution: make my.blah.com to resolve to the docker bridge IP (172.18.0.1)
where nginx also listens to. This means that such requests never go outside the server

Caveats:
* This breaks AdGuard which now starts resolving it to 172.18.0.1 for
the entire network! So, we skip ExtraHosts configuration for adguard

* Maybe ExtraHosts should be scoped to OIDC apps only. But the thought here is
that it will help apps like say n8n which are querying dasahboard.
 2024-09-18 14:42:11 +02:00
Girish Ramakrishnan
767f7ab40e capitalize view name 2024-09-18 13:10:26 +02:00
Johannes Zellner
1b810ec74f Only add unchecked checklist items on fresh installs for the moment 2024-09-16 13:46:19 +02:00
Girish Ramakrishnan
067b02dba1 dashboard: reconfigure all apps on location change 
continuation of 1b5fee233e

all containers have ExtraHosts , so we have to reconfigure everything
 2024-09-16 11:23:06 +02:00
Girish Ramakrishnan
305d877896 operator: fix resource view 
app resources view requires the cpu and memory information
 2024-09-13 16:47:13 +02:00
Girish Ramakrishnan
a932a5251a update: all operators to update an app 
previously, the update info was restricted to admins. this can now be queried
by any authenticated user. update information can be gathered from listing apps and
then checking against appstore anyway.
 2024-09-13 16:46:58 +02:00
Girish Ramakrishnan
1b5fee233e docker: use the system dns for app containers 
take 2 after failed attempt with 92bce26e22

this makes the dashboard domain resolve internally to nginx

can test with `getent ahosts my.domain.com` inside the container.
 2024-09-11 17:52:25 +02:00
Girish Ramakrishnan
63457d2de4 Revert "docker: use the system dns for app containers" 
This reverts commit 92bce26e22.
 2024-09-10 19:37:39 +02:00
Girish Ramakrishnan
92bce26e22 docker: use the system dns for app containers 2024-09-10 09:42:31 +02:00
Girish Ramakrishnan
6742cdf373 backups: remount remote if not mounted before a backup 2024-09-09 18:15:49 +02:00
Girish Ramakrishnan
ea72cef7f9 storage: remove getProviderStatus 2024-09-09 17:36:51 +02:00
Girish Ramakrishnan
1cd577cc65 filesystem: remove debug warning 2024-09-08 15:25:49 +02:00
Johannes Zellner
13d8db3daa For the moment new checklist items on update are acknowledged 2024-09-07 09:37:39 +02:00
Girish Ramakrishnan
abf445e969 docker: fix rounding 
toFixed() returns a string!
 2024-08-28 11:45:53 +02:00
Girish Ramakrishnan
e988e3a303 storage: fix noop test 2024-08-27 15:16:18 +02:00
Girish Ramakrishnan
dca548b8a0 apptask: better progress message 2024-08-26 17:26:23 +02:00
Girish Ramakrishnan
56ecfdb4eb Fix crash on missing translation 2024-08-26 17:26:12 +02:00
Johannes Zellner
88b8cb48fc Deliver translation files as content type json 2024-08-23 18:34:53 +02:00
Girish Ramakrishnan
d32819da4e i18n: fix crash if language file is missing 2024-08-23 10:20:35 +02:00
Girish Ramakrishnan
b6becae396 make TRANSLATIONS_DIR a constant 2024-08-23 10:09:21 +02:00
Johannes Zellner
aabdea8627 New sftp addon version to not overwrite files 2024-08-19 14:38:53 +02:00
Johannes Zellner
ed1d537f60 Use sftp addong 3.8.9 to fix file upload on drop 2024-08-19 12:31:10 +02:00
Girish Ramakrishnan
9704eefc21 backupcleaner: do not remove the backup in progress 
the backup cleaner erroneously removes any "creating" state backups.
backups that are stuck are cleaned up elsewhere already (in the
backup retention logic with discardReason of "creating-too-long").
the missing backup logic is intended for any upstream lifecycle policies.
 2024-08-15 15:53:31 +02:00
Girish Ramakrishnan
52cd52d83c lint 2024-08-15 15:46:19 +02:00
Girish Ramakrishnan
4a29371907 s3: sometimes message is null and only code is valid 2024-08-13 07:08:33 +02:00
Girish Ramakrishnan
041f7da59b backups: make noop upload work again 2024-08-12 10:05:14 +02:00
Girish Ramakrishnan
7391af6f08 tail does not support doubledash it seems 2024-08-10 11:13:07 +02:00
Girish Ramakrishnan
8a640c8219 better app autoupdate logs 2024-08-10 11:04:17 +02:00
Girish Ramakrishnan
2ff995aa95 filemanager: do not respond again 2024-08-08 15:20:50 +02:00
Girish Ramakrishnan
21705a0e96 volumes: /mnt/volumes is reserved 2024-08-08 14:45:50 +02:00
Girish Ramakrishnan
c03da3be54 volumes: check provider instead of hostPath 2024-08-08 14:41:43 +02:00
Girish Ramakrishnan
69f48ed11a apps: do not log app logs to output 2024-08-07 15:51:04 +02:00
Johannes Zellner
caa0c342a4 sftp: restore mode and owner 2024-08-01 21:44:34 +02:00
Girish Ramakrishnan
b870f98ec2 proxy-middleware: no more a middleware 2024-07-30 13:34:41 +02:00
Girish Ramakrishnan
a5249102f2 proxy-middleware: just pass a string 2024-07-30 12:04:35 +02:00
Girish Ramakrishnan
5aa0c57a74 proxy-middleware: remove https and custom headers 2024-07-30 11:46:54 +02:00
Girish Ramakrishnan
053b076af0 proxy-middleware: remove via header and cookie support 2024-07-30 11:35:46 +02:00
Girish Ramakrishnan
247309e11b use constant 2024-07-30 11:00:50 +02:00
Girish Ramakrishnan
468d4dd9b0 ami: imdsv2 support 
https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/

One has to get a token now via PUT. This is because there is a bunch of
open proxies out there which blindly forwarded everything to internal network
including metadata requests. They have found that PUT requests don't cleanly
proxy and also AWS rejects token requests with X-Forwarded-For.
 2024-07-27 14:48:42 +02:00
Johannes Zellner
6056ba6475 Another missing check for manifest.addons 2024-07-27 11:56:36 +02:00