jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
11,198 Commits 33 Branches 583 Tags
4e75694ac6fd107764ec4f3a5447b59e0dc62e0e
Commit Graph

7575 Commits

Author SHA1 Message Date
Girish Ramakrishnan
cae528158c appstore: check login response 2022-03-31 22:43:34 -07:00
Girish Ramakrishnan
566a03cd59 remove unnecessary temp variables 2022-03-31 22:41:48 -07:00
Girish Ramakrishnan
ad2221350f Add appstore web token 
* For existing installs, migrate using the soon to be obsoleted user_token route
* For new installs, the token post login is stashed during registration time
 2022-03-31 22:35:45 -07:00
Girish Ramakrishnan
656dca7c66 rename cloudron_token to appstore_api_token 2022-03-31 22:18:08 -07:00
Girish Ramakrishnan
638fe2e6c8 ldap: add rootDSE test 2022-03-31 21:18:56 -07:00
Girish Ramakrishnan
3295d2b727 settings: remove licenseKey 
this is unused
 2022-03-31 12:47:45 -07:00
Johannes Zellner
c4689a8385 Add registerWithSetupToken() to be used 2022-03-31 17:29:44 +02:00
Girish Ramakrishnan
d09d6c21fa sshfs: fix bug where sshfs mounts were generated without unbound dependancy 2022-03-30 21:39:15 -07:00
Girish Ramakrishnan
7ec1594428 create a separate support user 
This creates a separate user named 'cloudron-support' using which we
can provide remote support. The hyphen username convention follows the
systemd sytem username convention.

With a separate user, we don't need to ask users to keep changing PermitRootLogin
(and remind them to change it back).

Using a sudo user has various advantages:

* https://askubuntu.com/questions/687249/why-does-ubuntu-have-a-disabled-root-account
* https://wiki.debian.org/sudo
* https://askubuntu.com/questions/16178/why-is-it-bad-to-log-in-as-root

The yellowtent user is also locked down further - no password and no shell login.
 2022-03-30 15:08:20 -07:00
Girish Ramakrishnan
529f6fb2cd sftp: fix private key file permissions on restore 2022-03-30 11:58:21 -07:00
Girish Ramakrishnan
74e849e2a1 backup cleaner: do not clean when provider is not mounted 2022-03-30 10:17:20 -07:00
Girish Ramakrishnan
dbb803ff5e cifs: use credentials file 
this supports special characters in passwords better

https://forum.cloudron.io/topic/6577/failed-to-mount-inactive-mount-error-13-when-mounting-cifs-from-synology
 2022-03-29 21:26:58 -07:00
Girish Ramakrishnan
0dea2d283b move sshfs key write logic to renderMountFile 2022-03-29 20:15:55 -07:00
Girish Ramakrishnan
cbc44da102 create sshfs dir in start.sh 2022-03-29 20:13:41 -07:00
Girish Ramakrishnan
3f633c9779 dns: check for CNAME record 
Check if CNAME record exists and remove it if overwrite is set
 2022-03-29 13:53:34 -07:00
Girish Ramakrishnan
54aeff1419 ldap: send rootDSE response 
some apps like osTicket require this
 2022-03-25 14:15:18 -07:00
Girish Ramakrishnan
144e98abab image name cannot start with '/' 
https://forum.cloudron.io/topic/6689/cannot-uninstall-custom-app
https://stackoverflow.com/questions/43091075/docker-restrictions-regarding-naming-image
 2022-03-24 10:03:40 -07:00
Girish Ramakrishnan
e0e0c049c8 add link to upstream issue 2022-03-23 09:52:17 -07:00
Johannes Zellner
ef0f9c5298 Fixup cn attribute for ldap to be according to spec 
Bring back b54c4bb399
 2022-03-22 10:19:21 -07:00
Girish Ramakrishnan
f48690ee11 dyndns: fix typo 2022-03-15 09:53:54 -07:00
Girish Ramakrishnan
3b0bdd9807 support: send the server IPv4 when remote support enabled 2022-03-14 21:30:54 -07:00
Girish Ramakrishnan
6dc5c4f13b ldap: add dummy apps search route for directus 2022-03-14 09:17:49 -07:00
Girish Ramakrishnan
9bb5096f1c nginx: enable underscores in headers 
chatwoot requires this

https://www.chatwoot.com/docs/self-hosted/deployment/caprover#api-requests-failing-with-you-need-to-sign-in-or-sign-up-before-continuing

They are apparently disabled by default since they conflict with some CGI headers:

https://stackoverflow.com/questions/22856136/why-do-http-servers-forbid-underscores-in-http-header-names
https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/?highlight=disappearing%20http%20headers#missing-disappearing-http-headers
 2022-03-13 23:04:34 -07:00
Girish Ramakrishnan
af42008fd3 Enable IPv6 on new interfaces with net_admin cap 2022-03-12 09:14:37 -08:00
Girish Ramakrishnan
4396bd3ea7 wildcard: handle ENODATA 2022-03-08 17:14:42 -08:00
Girish Ramakrishnan
db03053e05 cloudflare: remove async 2022-03-08 14:30:27 -08:00
Girish Ramakrishnan
193dff8c30 Better log 2022-03-03 10:08:34 -08:00
Girish Ramakrishnan
59582d081a port25check: log the error message 2022-03-03 09:58:58 -08:00
Girish Ramakrishnan
ef684d32a2 port25checker: Use random tick to not bombard our checker service 2022-03-03 09:57:41 -08:00
Girish Ramakrishnan
fc2a326332 mysql: Fix default collation 
https://github.com/mattermost/mattermost-server/issues/19602#issuecomment-1057360142

> SELECT @@character_set_database, @@collation_database;

This will show utf8mb4 and utf8mb4_0900_ai_ci (was utf8mb4_unicode_ci)

To see the table schemas:

> SELECT table_schema, table_name, table_collation FROM information_schema.tables;
 2022-03-02 22:34:30 -08:00
Girish Ramakrishnan
5afa7345a5 route53: check permissions to perform route53:ListResourceRecordSets 
otherwise, at install time we see "DNS credentials for xx are invalid. Update it in Domains & Certs view"

the exact error from route 53 is:

User: arn:aws:iam::xx:user/yy is not authorized to perform: route53:ListResourceRecordSets on resource: arn:aws:route53:::hostedzone/zz because no identity-based policy allows the route53:ListResourceRecordSets action
 2022-03-02 10:44:52 -08:00
Girish Ramakrishnan
c100be4131 dns: filter out link local addresses 
Unlike IPv4, IPv6 requires a link-local address on every network interface on which the IPv6 protocol is enabled, even when routable addresses are also assigned
 2022-03-01 12:13:59 -08:00
Girish Ramakrishnan
d326d05ad6 sysinfo: add noop provider 2022-03-01 12:05:01 -08:00
Girish Ramakrishnan
eb0662b245 Up the json size to 2mb for block list route 
https://forum.cloudron.io/topic/6575/cloudron-7-1-2-firewall-not-ipv6-ready
 2022-03-01 11:57:50 -08:00
Johannes Zellner
71dac64c4c Only allow impersonation for equal or less powerful roles 2022-02-28 20:42:33 +01:00
Girish Ramakrishnan
aab6f222b3 better log 2022-02-28 11:04:44 -08:00
Girish Ramakrishnan
1cb1be321c remove usage of deprecated fs.rmdir 2022-02-25 16:43:20 -08:00
Girish Ramakrishnan
2434e81383 backups: fix incorrect mountpoint check with managed mounts 2022-02-25 12:53:05 -08:00
Girish Ramakrishnan
62142c42ea Fix crash 2022-02-25 11:03:16 -08:00
Girish Ramakrishnan
0ae30e6447 disable routes/test/apps-test for now 2022-02-24 20:50:35 -08:00
Girish Ramakrishnan
1a87856655 eventlog: log event on alias update 2022-02-24 20:30:42 -08:00
Girish Ramakrishnan
a3e097d541 add missing awaits for eventlog.add 2022-02-24 20:04:46 -08:00
Girish Ramakrishnan
9a6694286a eventlog: event type typo 2022-02-24 19:59:29 -08:00
Girish Ramakrishnan
a662a60332 eventlog: add event for certificate cleanup 2022-02-24 19:55:43 -08:00
Girish Ramakrishnan
69f3b4e987 better debugs 2022-02-24 12:57:56 -08:00
Girish Ramakrishnan
481586d7b7 add missing return 2022-02-24 12:51:27 -08:00
Girish Ramakrishnan
34c3a2b42d mail: increase pool_timeout 2022-02-24 12:25:38 -08:00
Johannes Zellner
c4a9295d3e Fix typo 2022-02-24 19:10:04 +01:00
Girish Ramakrishnan
ba5c2f623c remove supererror, not really used 2022-02-21 17:34:51 -08:00
Girish Ramakrishnan
24a16cf8b4 redis: fix issue where protected mode was enabled with no password 2022-02-21 12:21:37 -08:00