jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
15,839 Commits 33 Branches 583 Tags
4e618540f8de00f8ce1fdf4e3c8cedf2ed891187
Commit Graph

532 Commits

Author SHA1 Message Date
Girish Ramakrishnan
0735353ab4 cloudron-setup: add --env unstable 
this installs the latest unstable code but with prod appstore
 2021-01-10 11:26:17 -08:00
Girish Ramakrishnan
29c513df78 apt: do not install recommended packages, only deps 2021-01-04 23:30:41 -08:00
Girish Ramakrishnan
a541c0e048 Fix installation on atlantic.net 2021-01-04 17:56:14 -08:00
Girish Ramakrishnan
f3165c4e3b installer: move unzip to base image 2021-01-03 15:09:58 -08:00
Girish Ramakrishnan
a8187216af installer: ipset is now in base image 2021-01-03 15:08:44 -08:00
Girish Ramakrishnan
cf79e7f1ec Do not install xorg-server package 
~# aptitude why xserver-xorg
i   collectd    Recommends libnotify4 (>= 0.7.0)
i A libnotify4  Recommends gnome-shell | notification-daemon
i A gnome-shell Recommends gdm3 (>= 3.10.0.1-3~)
i A gdm3        Recommends xserver-xorg
 2021-01-03 14:53:47 -08:00
Girish Ramakrishnan
7bdeaca75b secure the provision and activation routes with a token 
fixes #751
 2020-12-21 23:33:31 -08:00
Girish Ramakrishnan
eec54e93bf Need nginx 1.18.0-2 for fresh ubuntu 16 installs 
it fails with missing /run/nginx.pid message
 2020-11-25 17:57:58 -08:00
Girish Ramakrishnan
7b3b826f87 DNS fixes that work on all ubuntu versions 2020-11-23 00:27:17 -08:00
Girish Ramakrishnan
bd9c664b1a Free up port 53 
It's all very complicated.

Approach 1: Simple move unbound to not listen on 0.0.0.0 and only the internal
ones. However, docker has no way to bind only to the "public" interface.

Approach 2: Move the internal unbound to some other port. This required a PR
for haraka - https://github.com/haraka/Haraka/pull/2863 . This works and we use
systemd-resolved by default. However, it turns out systemd-resolved with hog the
lo and thus docker cannot bind again to port 53.

Approach 3: Get rid of systemd-resolved and try to put the dns server list in
/etc/resolv.conf. This is surprisingly hard because the DNS listing can come from
DHCP or netplan or wherever. We can hardcode some public DNS servers but this seems
not a good idea for privacy.

Approach 4: So maybe we don't move the unbound away to different port after all.
However, all the work for approach 2 is done and it's quite nice that the default
resolver is used with the default dns server of the network (probably a caching
server + also maybe has some home network firewalled dns).

So, the final solution is to bind to the make docker bind to the IP explicity.
It's unclear what will happen if the IP changes, maybe it needs a restart.
 2020-11-18 23:25:56 -08:00
Johannes Zellner
b64acb412e Add cloudron-translation-update script 2020-11-18 23:16:42 +01:00
Girish Ramakrishnan
d4f5b7ca34 cloudron-setup: mention "After reboot" 2020-10-08 23:23:05 -07:00
Girish Ramakrishnan
9b57329f56 Ghost password can now only be used once 2020-10-08 22:19:18 -07:00
Girish Ramakrishnan
9b2a3d23b2 cloudron-setup: there could be owners who have not selected a username yet 2020-09-17 13:56:04 -07:00
Girish Ramakrishnan
baa5122fcb Update mysql and docker 
part of #684
 2020-09-15 21:58:40 -07:00
Girish Ramakrishnan
933918ea27 Fix docs url 2020-09-15 14:46:22 -07:00
Girish Ramakrishnan
e4b06b16a9 firewall: implement blocklist 2020-08-31 21:46:07 -07:00
Girish Ramakrishnan
f4a322478d cloudron.target is not needed 2020-08-01 20:00:20 -07:00
Girish Ramakrishnan
7edeb0c358 nginx displays version in stderr 2020-07-22 17:57:55 -07:00
Girish Ramakrishnan
a9fb444622 Use nginx 1.18 for security fixes 2020-06-26 14:57:53 -07:00
Girish Ramakrishnan
f1fcb65fbe Do not install sshfs. user will install it if they want 
we don't use sshfs anywhere in our code ourselves
 2020-06-25 12:21:49 -07:00
Girish Ramakrishnan
215aa65d5a Fix provider usage 
* do not send to appstore anymore
* do not set in getStatus/getConfig
* provider is not needed when registering cloudron
 2020-06-25 11:20:05 -07:00
Johannes Zellner
7dc2596b3b Ensure we support pre 5.3 Cloudron installation 2020-06-16 14:10:14 +02:00
Girish Ramakrishnan
54d0ade997 curl uses -s and not -q 2020-06-05 13:50:40 -07:00
Johannes Zellner
6f60495d4d Initial version of sshfs storage backend 2020-06-05 11:39:51 +02:00
Girish Ramakrishnan
a47d6e1f3a cloudron-setup: --provider is dead 
Long live --provider

Part of #693
 2020-06-03 13:47:30 -07:00
Girish Ramakrishnan
f6ff1abb00 cloudron-setup: remove --license arg. unused 2020-06-03 13:16:39 -07:00
Girish Ramakrishnan
3ffa935da7 Revert "part focal support" 
This reverts commit 7d36533524.

not ready yet
 2020-05-30 10:58:28 -07:00
Girish Ramakrishnan
7d36533524 part focal support 
part of #684
 2020-05-25 19:49:15 -07:00
Girish Ramakrishnan
a3ac343fe2 installer: print from and to versions 2020-05-17 21:34:39 -07:00
Girish Ramakrishnan
16f3cee5c5 install custom nginx only on xenial 
https://nginx.org/en/linux_packages.html#Ubuntu
http://nginx.org/packages/ubuntu/pool/nginx/n/nginx/
 2020-04-02 11:54:22 -07:00
Johannes Zellner
57afb46cbd Ensure nginx installation will not overwrite our conf files 2020-04-02 16:57:55 +02:00
Johannes Zellner
91dde5147a add-apt-repository does not call apt-get update 2020-04-02 13:54:39 +02:00
Johannes Zellner
d0692f7379 Ensure we have latest nginx 2020-04-02 12:37:02 +02:00
Girish Ramakrishnan
f9e7a8207a cloudron-support: make it --owner-login 2020-03-27 18:58:12 -07:00
Girish Ramakrishnan
d3594c2dd6 change ownership of ghost file for good measure 2020-03-12 10:30:51 -07:00
Girish Ramakrishnan
6ee4b0da27 Move out ghost file to platformdata 
Since /tmp is world writable this might cause privilege escalation

https://forum.cloudron.io/topic/2222/impersonate-user-privilege-escalation
 2020-03-12 10:24:21 -07:00
Girish Ramakrishnan
dfe5cec46f Show the public IP to finish setup 2020-03-09 15:18:39 -07:00
Girish Ramakrishnan
c1801d6e71 Add linode-oneclick provider 2020-03-05 11:25:43 -08:00
Girish Ramakrishnan
d10957d6df remove galaxygate from cloudron-setup help 2020-02-28 11:14:06 -08:00
Girish Ramakrishnan
50dc90d7ae remove galaxygate 2020-02-28 11:13:44 -08:00
Girish Ramakrishnan
c3e0d9086e cloudron-support: backups and appsdata can be empty 2020-02-24 14:12:25 -08:00
Girish Ramakrishnan
0e156b9376 migrate permissions and admin flag to user.role 2020-02-21 16:49:20 -08:00
Girish Ramakrishnan
596f4c01a4 cloudron-setup: remove support for pre-4.2 2020-02-07 09:15:12 -08:00
Girish Ramakrishnan
c4ed471d1c Update node to 10.18.1 2020-01-29 20:54:57 -08:00
Johannes Zellner
ca4fdc1be8 Add azure-image provider argument 2019-12-17 16:42:25 +01:00
Girish Ramakrishnan
a5f31e8724 Revert "rename ami to aws-mp" 
This reverts commit 72ac00b69a.

Existing code relies on this, so don't change it
 2019-12-11 12:56:30 -08:00
Girish Ramakrishnan
72ac00b69a rename ami to aws-mp 2019-12-11 12:27:55 -08:00
Girish Ramakrishnan
3a10003246 libssl1 asking for restart prompt during install 
https://unix.stackexchange.com/questions/146283/how-to-prevent-prompt-that-ask-to-restart-services-when-installing-libpq-dev
https://github.com/confluentinc/castle/pull/1
https://bugs.launchpad.net/ubuntu/+source/ansible/+bug/1833013
 2019-09-17 14:43:11 -07:00
Girish Ramakrishnan
021fb4bb94 Add skysilk provider 2019-09-11 09:14:04 -07:00