jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
10,266 Commits 33 Branches 583 Tags
50d7610bfdee9aa8cae4812a605aab2b33bf8612
Commit Graph

338 Commits

Author SHA1 Message Date
Girish Ramakrishnan 097a7d6b60 sftp: rework appdata and volume mounting logic 
this tries to solve two issues:

* the current approach mounts the data directories of apps/volumes individually.
this causes a problem with volume mounts that mount after the container is started i.e not
network time/delay but systemd ordering. With CIFS, the mount is a hostname. This requires
unbound to be running but unbound can only start after docker because it wants to bind to
the docker network. one way to fix is to not start sftp automatically and only start sftp
container in the box code. This results in the sftp container attaching itself of the
directory before mounting and it appears empty. (on the host, the directory will appear
to have mount data!)

* every time apptask runs we keep rebuilding this sftp container. this results in much race.

the fix is: mount the parent directory of apps and volumes. in addition, then any specialized appdata
paths and volume paths are mounted individually. this greatly minimized rebuilding and also since we don't rely
on binding to the mount point itself. the child directories can mount in leisure. this limits the race
issue to only no-op volume mounts.

part of #789
 2021-06-24 16:51:58 -07:00
Girish Ramakrishnan 406b3394cb mail: fix issue where spam to internal lists was not blocked 2021-06-18 10:35:42 -07:00
Girish Ramakrishnan 9e34a95732 postgresql: fix backup hogging connections 
This fixes the "FATAL: remaining connection slots are reserved for non-replication superuser connections"
 2021-06-05 09:43:53 -07:00
Girish Ramakrishnan 3ba62f2ba1 mail: do not forward spam 2021-05-27 22:21:17 -07:00
Girish Ramakrishnan 0342865129 sieve: redirects do not do SRS 2021-05-26 15:22:10 -07:00
Girish Ramakrishnan 76d0abae43 postgresql: set max conn limit per db 2021-05-18 09:04:29 -07:00
Girish Ramakrishnan 31503e2625 postgresql: bump max connections 2021-05-06 10:58:48 -07:00
Girish Ramakrishnan c17743d869 migrate secrets into the database 
the infra version is bumped because the nginx's dhparams path has changed
and the sftp server key path has changed.
 2021-05-03 22:11:18 -07:00
Girish Ramakrishnan cd300bb6e2 graphite: carbon crash fix 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923464
https://forum.cloudron.io/topic/4797/graphite-keeps-crashing-oom/34
 2021-04-27 14:25:12 -07:00
Girish Ramakrishnan 8b99af952a turn: turn off verbose logging 2021-04-20 11:30:31 -07:00
Girish Ramakrishnan e613452058 mysql: remove use of mysql_upgrade 2021-04-01 11:50:03 -07:00
Girish Ramakrishnan 32f385741a graphite: implement upgrade 
for the moment, we wipe out the old data and start afresh. this is because
the graphite web app keeps changing quite drastically.
 2021-03-23 16:34:32 -07:00
Girish Ramakrishnan c3d30a1d99 mail: rework STARTTLS strategy 
instead of fixing all apps which is a royal pain, we instead make Haraka
offer STARTTLS for 2587 and no STARTTLS for 2525.
 2021-03-21 20:38:05 -07:00
Girish Ramakrishnan 8048e68eb6 graphite: disable tagdb 2021-03-18 18:03:45 -07:00
Girish Ramakrishnan 098da7426c Add CLOUDRON_MAIL_SMTP_STARTTLS env 
starting 6.3, the internal mail server will do STARTTLS. this env
allows apps to configure themselves appropriately for pre 6.3 and
post 6.3 appropriately.

we trigger a re-configure which ensures that the new env gets put
in the database and then in the container.
 2021-03-16 16:20:08 -07:00
Girish Ramakrishnan 79d37cf361 update redis 2021-03-12 14:29:57 -08:00
Girish Ramakrishnan 8cc9fe5504 addons: better error handling 2021-03-12 14:17:19 -08:00
Girish Ramakrishnan 825835b3d1 mail: allow TLS from internal hosts 
We need to only provide a cert that matches the MX record

https://serverfault.com/questions/389413/what-host-name-should-the-ssl-certificate-for-an-smtp-server-contain
 2021-03-12 10:44:42 -08:00
Girish Ramakrishnan 0067766284 Fix addon crashes with missing databases 
this happens because we have some bug in sftp container causing uninstall(s) to
fail. the database of those apps are gone but the export logic then tries to export
them and it all fails.
 2021-03-10 15:09:15 -08:00
Girish Ramakrishnan bb0b5550e0 Update mail container for LMTP cert fix 2021-03-10 09:50:09 -08:00
Girish Ramakrishnan 376e070b72 update mail container 
new solr and higher concurrency
 2021-02-28 18:45:43 -08:00
Girish Ramakrishnan f0e0372127 Update addons (move code to /app/code convention) 2021-02-28 15:52:06 -08:00
Girish Ramakrishnan 5e2c655ccb update mongodb 
fixes #767
 2021-02-28 12:49:44 -08:00
Girish Ramakrishnan 03a59cd500 mysql: disable binlogs altogether 
this is useful primarily for replication

http://dimitrik.free.fr/blog/archives/2018/04/mysql-performance-testing-80-with-less-blood.html
 2021-02-26 09:53:37 -08:00
Girish Ramakrishnan b71ab187ff mysql: update binlog in addon 2021-02-25 19:10:28 -08:00
Girish Ramakrishnan 9ccd82ce4e set binlog config in mysql 
keep max binlog file size to 100M. and rotate then in 10 days
 2021-02-23 14:24:58 -08:00
Girish Ramakrishnan 013669e872 Update mail container 
this disables TLSv1 and 1.1 in dovecot
 2021-02-22 14:16:55 -08:00
Girish Ramakrishnan ab2d246945 Update graphite to base image 2021-02-16 16:56:33 -08:00
Girish Ramakrishnan 615198cd36 mail: use latest base image 2021-02-11 15:35:04 -08:00
Girish Ramakrishnan 664b3ab958 sftp: multiparty fix for node 14 2021-02-09 23:35:32 -08:00
Girish Ramakrishnan fd2087d7e4 Fix mysql auth issue 
only PHP 7.4 supports the caching_sha2_password mechanism. so we
make the default as mysql_native_password
 2021-02-09 17:31:45 -08:00
Girish Ramakrishnan 283f1aac21 Update base image because of mongodb issue 2021-02-06 21:57:37 -08:00
Girish Ramakrishnan 8ba1f3914c Update postgresql for latest base image 2021-02-06 11:14:23 -08:00
Girish Ramakrishnan a262b08887 Update redis for latest base image 2021-02-06 10:26:54 -08:00
Girish Ramakrishnan 925408ffcd Update turn image to use latest base image 2021-02-06 10:20:31 -08:00
Girish Ramakrishnan 04d4375297 Update sftp image to use latest base image 2021-02-06 10:10:03 -08:00
Girish Ramakrishnan 691b15363a base image: fix yq typo 2021-02-05 21:15:07 -08:00
Girish Ramakrishnan caadb1d418 new base image 3.0 2021-02-05 20:25:17 -08:00
Girish Ramakrishnan 6073d2ba7e Use new base image 3.0.0 2021-02-04 16:22:23 -08:00
Johannes Zellner 14b2fa55c3 Update sftp 3.1.0 addon image 2021-02-01 19:20:58 +01:00
Johannes Zellner 04e103a32d Do not bump infra version 2021-02-01 19:06:13 +01:00
Johannes Zellner 0b0c02e421 Update sftp image for copy function 2021-02-01 16:13:46 +01:00
Girish Ramakrishnan 19fcabd32b mail: data.headers is now headers 2021-01-29 00:02:03 -08:00
Girish Ramakrishnan 953c65788c mail: haraka update 2021-01-15 11:22:27 -08:00
Girish Ramakrishnan dbf3d3abd7 mail: better event log for bounces 2021-01-13 23:12:14 -08:00
Girish Ramakrishnan d67598ab7e turn: use correct base image 2021-01-12 17:06:48 -08:00
Girish Ramakrishnan d8fd6be832 turn: fix for CVE-2020-26262 2021-01-12 17:03:30 -08:00
Girish Ramakrishnan f9c6c0102e mail: https://github.com/haraka/Haraka/pull/2893 2021-01-06 17:51:51 -08:00
Girish Ramakrishnan f71fbce249 mail: do not send client certs 2021-01-06 17:08:26 -08:00
Girish Ramakrishnan 3bf50af09a mail: update haraka 2021-01-06 11:43:49 -08:00