jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
17,639 Commits 33 Branches 583 Tags
6151a1ca7f5bc13ab4e8e74b90fe6cd585083380
Commit Graph

47 Commits

Author SHA1 Message Date
Girish Ramakrishnan
6151a1ca7f box.service: change description 2025-06-17 22:28:38 +02:00
Girish Ramakrishnan
6143f792f3 oidc: enable debugging by default 2025-06-12 22:58:48 +02:00
Girish Ramakrishnan
1ca8eeeb50 split oidc into server and clients 2025-06-11 22:26:23 +02:00
Girish Ramakrishnan
a138425298 storage: start migration of s3 api 2025-02-12 23:04:37 +01:00
Girish Ramakrishnan
1894ed7721 box: no oidc messages 2024-12-14 19:04:59 +01:00
Girish Ramakrishnan
19c744b17d unbound-anchor is now part of ExecStartPre 
it seems unbound-anchor is not a dep of unbound in ubuntu 24. some
installations are thus missing this package.

in any case, ignore unbound-anchor exit status
 2024-09-20 10:00:01 +02:00
Girish Ramakrishnan
e5dcf78ceb unbound: setup anchor on service restart 2024-09-10 09:48:10 +02:00
Johannes Zellner
d892cc5763 Add comment how to debug the openid provider 2024-07-03 11:33:58 +02:00
Girish Ramakrishnan
4ee56782ba move syslog.js to top level 2024-03-21 19:09:51 +01:00
Girish Ramakrishnan
ec23c7d2b8 Suppress aws sdk warning 
https://github.com/aws/aws-sdk-js/issues/4354#issuecomment-1664694545
 2023-08-04 09:21:48 +05:30
Girish Ramakrishnan
ff539e2669 remove crashnotifier 
it's not really used
 2023-05-15 11:08:00 +02:00
Girish Ramakrishnan
4c475818bc syslog: restructure code 2023-04-14 20:06:28 +02:00
Girish Ramakrishnan
928e61e0f6 Revert "Only use "kill" as done in the upstream docs" 
This reverts commit 829d53915d.

This breaks on Ubuntu 18

systemd[1]: /etc/systemd/system/unbound.service:12: Executable path is not absolute: kill -HUP $MAINPID
 2023-03-29 11:18:44 +02:00
Johannes Zellner
829d53915d Only use "kill" as done in the upstream docs 
https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecReload=
 2023-01-09 20:18:51 +01:00
Johannes Zellner
144fc7b7be Ubuntu 18 does not have /usr/bin/kill 2023-01-09 20:12:30 +01:00
Girish Ramakrishnan
f82f533f36 Add SIGHUP handler to reload certs 
we have to reload directory server certs out of process
 2022-11-16 08:24:42 +01:00
Johannes Zellner
8f8a59bd87 Unbound does no longer depend on docker 2022-01-26 16:33:19 +01:00
Johannes Zellner
63fe75ecd2 Reduce noisy externalldap debug()s 2021-11-26 09:55:59 +01:00
Girish Ramakrishnan
e5301fead5 exclude externalldap debugs by default 2021-11-25 14:49:59 -08:00
Girish Ramakrishnan
593038907c unbound: on ubuntu 16, sd_notify is not working 
not clear, when unbound added support for this.

on ubuntu 16, unbound is 1.5.8.
on ubuntu 20, unbound is 1.9.4
 2021-06-04 09:41:54 -07:00
Girish Ramakrishnan
a56766ab0e ensure nss-lookup.target is hit after unbound starts 
https://github.com/NLnetLabs/unbound/issues/296

this fixes volume hostname resolution on reboot
 2021-05-14 12:07:05 -07:00
Girish Ramakrishnan
00856b79dd firewall: Set BOX_ENV 2021-04-14 23:01:08 -07:00
Girish Ramakrishnan
f7bd47888a Fix issue where df output is not parsed correctly 
LANG is the default locale i.e when LC_* are not specificall
LC_ALL will override them all

https://forum.cloudron.io/topic/4681/going-to-system-info-triggers-assertion-error
 2021-03-17 11:14:07 -07:00
Girish Ramakrishnan
4d4aad084c remove hard dep on systemd-resolved 
the start.sh script does a "systemctl restart systemd-resolved". this
ends up restarting the box code prematurely! and then later when mysql
restarts, the box code loses connection and bad things happen (tm)
especially during a platform update.

we don't log to journald anymore, so not sure if EPIPE is still an issue
 2021-03-04 21:07:52 -08:00
Girish Ramakrishnan
f497d5d309 fix thp disable on kernels that have it disabled 2020-12-07 11:38:11 -08:00
Girish Ramakrishnan
213ce114e3 disable thp 
https://docs.mongodb.com/manual/tutorial/transparent-huge-pages/

redis complains loudly and this oftens results in support requests
 2020-11-28 16:30:04 -08:00
Girish Ramakrishnan
1d3d8288a9 unbound does not depend on box 2020-11-25 18:31:30 -08:00
Girish Ramakrishnan
09c8248e31 move back docker network creation to start.sh 
dockerproxy and unbound rely on it.
 2020-11-20 17:22:57 -08:00
Girish Ramakrishnan
4d55783ed8 unbound: start it after docker 2020-11-19 23:22:11 -08:00
Girish Ramakrishnan
182c162dc4 hardcode logging of box code to box.log 2020-08-04 13:30:18 -07:00
Girish Ramakrishnan
f4a322478d cloudron.target is not needed 2020-08-01 20:00:20 -07:00
Girish Ramakrishnan
9c53bfb7fb Do not show LDAP logs, it spams a lot 2020-07-07 11:16:47 -07:00
Girish Ramakrishnan
03edd8c96b remove max_old_space_size 
we have limited understanding of this option
 2020-05-12 20:14:35 -07:00
Girish Ramakrishnan
a7fe35513a Ubuntu 16 needs MemoryLimit 
systemd[1]: [/etc/systemd/system/box.service:25] Unknown lvalue 'MemoryMax' in section 'Service'
 2019-01-17 09:28:35 -08:00
Girish Ramakrishnan
e62d417324 Set OOMScoreAdjust to stop box code from being killed 
OOMScoreAdjust can be set between -1000 and +1000. This value is inherited
and systemd has no easy way to control this for children (box code also
runs as non-root, so it cannot easily set it for the children using
/proc/<pid>/oom_score_adj.

When set to -1000 and the process reaches the MemoryMax, it seems the kernel
does not kill any process in the cgroup and it spins up in high memory. In fact,
'systemctl status <service>' stops displaying child process (but ps does), not sure
what is happenning.

Keeping it -999 means that if a child process consumed a lot of memory, the kernel
will kill something in the group. If the main box itself is killed, systemd will
kill it at all because of KillMode=control-group.

Keeping it -999 also saves box service group being killed relative to other docker
processes (apps and addons).

Fixes #605
 2019-01-06 19:16:53 -08:00
Girish Ramakrishnan
6bdd7f7a57 Give more memory to the control group 
this allows backups to take more memory as part of the systemd group.
the node box code itself runs under little more constraints using
--max_old_space_size=150
 2018-12-20 10:44:42 -08:00
Johannes Zellner
ac25477cd7 Ensure we prefix all output with a timestamp 
note that debug() already does this now on its own in the same format
it does not use console.log but process.stderr
 2018-11-16 13:02:37 +01:00
Johannes Zellner
59b86aa090 Stop logging box to journald 2018-11-16 12:15:38 +01:00
Girish Ramakrishnan
0fc4f4bbff Explicitly pass port and logdir 2018-06-11 22:53:12 -07:00
Girish Ramakrishnan
0b82146b3e Install cloudron-syslog service file from box repo 2018-06-11 22:42:49 -07:00
Girish Ramakrishnan
956fe86250 Add firewall service 
Docker really insists on adding itself to the top of the FORWARD
chain. Making our firewall side-steps this docker design.
 2017-03-29 02:31:53 -07:00
Girish Ramakrishnan
56b0f57e11 Move unbound systemd config to separate file 2017-01-30 12:39:19 -08:00
Girish Ramakrishnan
d93edc6375 box.service: start after nginx 2017-01-25 11:28:31 -08:00
Girish Ramakrishnan
90c1fd4c31 rename the service to cloudron-resize-fs 2016-12-30 11:27:00 -08:00
Girish Ramakrishnan
fad6221750 Run cloudron-system-setup before box 2016-12-30 11:23:53 -08:00
Girish Ramakrishnan
379042616f Ensure box.service starts after mysql.service 2016-12-29 14:24:29 -08:00
Girish Ramakrishnan
7de94fff1b Merge container logic into start.sh 
This whole container thinking is over-engineered and we will get to
it if and when we need to.
 2016-12-29 12:01:59 -08:00