jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
10,532 Commits 33 Branches 583 Tags
671e0d1e6f4e8c28ef3b929e447a80b78899d249
Commit Graph

65 Commits

Author SHA1 Message Date
Johannes Zellner
7277727307 Fixup some of app route tests 2021-09-16 17:20:19 +02:00
Johannes Zellner
0db62b4fd8 Make avatar apis buffer based 2021-07-08 11:17:13 +02:00
Johannes Zellner
81e6cd6195 Make gravatar support explicit only 2021-07-07 16:16:04 +02:00
Girish Ramakrishnan
44ac406e57 admin -> dashboard 2021-05-05 12:29:04 -07:00
Girish Ramakrishnan
8ff68331a8 proxyAuth: use default expiry time in cookie (1 year) 2021-04-30 10:31:09 -07:00
Girish Ramakrishnan
a5dc65bda7 blacklist couchpotato on demo 2021-01-11 22:29:21 -08:00
Girish Ramakrishnan
6c8be9a47a add sickchill to demo blacklist 2021-01-11 22:04:12 -08:00
Girish Ramakrishnan
79a7e5d4a1 Also blacklist transmission on the demo 2020-12-13 12:36:13 -08:00
Girish Ramakrishnan
c6fd922fcd Blacklist adguard on the demo 2020-12-04 23:01:47 -08:00
Girish Ramakrishnan
bcc9eda66c Remove ununsed constant 2020-11-25 10:33:40 -08:00
Girish Ramakrishnan
6ae1de6989 test: make apps test work 2020-11-21 23:25:28 -08:00
Girish Ramakrishnan
bd9c664b1a Free up port 53 
It's all very complicated.

Approach 1: Simple move unbound to not listen on 0.0.0.0 and only the internal
ones. However, docker has no way to bind only to the "public" interface.

Approach 2: Move the internal unbound to some other port. This required a PR
for haraka - https://github.com/haraka/Haraka/pull/2863 . This works and we use
systemd-resolved by default. However, it turns out systemd-resolved with hog the
lo and thus docker cannot bind again to port 53.

Approach 3: Get rid of systemd-resolved and try to put the dns server list in
/etc/resolv.conf. This is surprisingly hard because the DNS listing can come from
DHCP or netplan or wherever. We can hardcode some public DNS servers but this seems
not a good idea for privacy.

Approach 4: So maybe we don't move the unbound away to different port after all.
However, all the work for approach 2 is done and it's quite nice that the default
resolver is used with the default dns server of the network (probably a caching
server + also maybe has some home network firewalled dns).

So, the final solution is to bind to the make docker bind to the IP explicity.
It's unclear what will happen if the IP changes, maybe it needs a restart.
 2020-11-18 23:25:56 -08:00
Girish Ramakrishnan
71666a028b add support for protected sites 
https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication/
https://gock.net/blog/2020/nginx-subrequest-authentication-server/
https://github.com/andygock/auth-server
 2020-11-10 01:06:39 -08:00
Girish Ramakrishnan
b5a83ab902 demo: blacklist alltube as well 2020-11-02 15:16:21 -08:00
Girish Ramakrishnan
2aa5c387c7 branding: add template variables 
we can now have %YEAR% and %VERSION% in the footer
 2020-10-18 10:19:13 -07:00
Johannes Zellner
00cff1a728 Mention that SECRET_PLACEHOLDER is also used in dashboard client.js 2020-05-14 23:04:08 +02:00
Girish Ramakrishnan
74b0ff338b Disallow cloudtorrent in demo mode 2020-05-04 14:56:10 -07:00
Girish Ramakrishnan
ef9aeb0772 Bump default version for tests 2020-04-08 14:24:58 -07:00
Girish Ramakrishnan
1e8a02f91a Make token expiry a year 
we now have a UI to invalid all tokens easily, so this should be OK.
 2020-03-23 21:51:13 -07:00
Girish Ramakrishnan
09ce27d74b bump default token expiry to a month 2020-03-21 18:46:38 -07:00
Girish Ramakrishnan
2ac0fe21c6 ghost file depends on base dir 2020-03-15 11:41:39 -07:00
Girish Ramakrishnan
6ee4b0da27 Move out ghost file to platformdata 
Since /tmp is world writable this might cause privilege escalation

https://forum.cloudron.io/topic/2222/impersonate-user-privilege-escalation
 2020-03-12 10:24:21 -07:00
Girish Ramakrishnan
46b6e319f5 add some spacing in the footer 2020-03-06 19:13:37 -08:00
Johannes Zellner
8f087e1c30 Take default footer from constants and keep settingsdb pristine 2020-03-06 18:08:26 -08:00
Girish Ramakrishnan
c9e96cd97a custom: remove support section 2020-02-04 13:07:36 -08:00
Girish Ramakrishnan
e97606ca87 Remove internal sysadmin server 
this is now unused
 2019-09-12 13:33:01 -07:00
Girish Ramakrishnan
77cf7d0da6 Bump test version 2019-08-05 06:39:16 -07:00
Girish Ramakrishnan
12eae1eff2 Make port a constant 2019-07-25 16:08:54 -07:00
Girish Ramakrishnan
c32718b164 Make ldap and docker proxy port as constants 2019-07-25 16:08:54 -07:00
Girish Ramakrishnan
a6ea12fedc Make internal smtp port a constant 2019-07-25 16:08:54 -07:00
Girish Ramakrishnan
2d260eb0d5 Make sysadminPort a constant 2019-07-25 16:08:51 -07:00
Girish Ramakrishnan
d7dd069ae0 Use constants.version instead of config.version 2019-07-25 15:02:14 -07:00
Girish Ramakrishnan
7e9885012d vary dkim selector per mail domain 
this is required for the case where the domain is added on multiple
cloudrons. initially, the plan was to just vary this as a derivation
of the dashboard domain. but this will break existing installation (wildcard
and manual domain setups cannot be re-programmed automatically).
 2019-06-10 18:35:38 -07:00
Girish Ramakrishnan
88fa4cf188 remove reserved 'api' location 
this is unused and we have no plans to use it.
 2019-06-09 18:16:31 -07:00
Girish Ramakrishnan
2051b3921b Use constants.ADMIN_LOCATION instead 
part of #621
 2019-03-09 20:06:12 -08:00
Girish Ramakrishnan
671b5e29d0 Hide mail relay password 2019-02-15 11:25:51 -08:00
Girish Ramakrishnan
357e44284d Write nginx config into my.<domain>.conf 
This way we can switch the domain as an independent task that does
not affect the existing admin conf
 2018-12-14 09:20:10 -08:00
Girish Ramakrishnan
f0dbf2fc4d Make reverseProxy.configureAdmin not use config 
This way we can set things up before modifying config for dashboard switch
 2018-12-13 21:42:48 -08:00
Girish Ramakrishnan
a3cc17705d Do not remove default.conf and admin.conf when re-configuring apps 2018-11-10 22:02:42 -08:00
Girish Ramakrishnan
b4c9f64721 Issue token on password reset and setup 2018-08-21 18:42:18 -07:00
Girish Ramakrishnan
78a2176d1d Make admin simply a boolean instead of group 
This simplifies a lot of logic. Keeping an admin group has no benefit
 2018-07-26 22:29:57 -07:00
Girish Ramakrishnan
0e4a0658b2 Remove postman location (unused by dovecot) 2018-01-19 22:10:10 -08:00
Girish Ramakrishnan
d001647704 Change path of autoprovision.conf since /root is not readable 2017-11-28 01:23:10 -08:00
Girish Ramakrishnan
c56a24d4fb Autoprovision from autoprovision.json 
This is done so that CaaS restore code path can provision correctly
 2017-11-27 22:41:32 -08:00
Johannes Zellner
33e7c8e904 Create the admin group only on owner creation 
For new cloudrons this will first remove the previously added group and
mailbox entry from the db migration scripts and readds it once we have a
domain on owner creation
 2017-11-20 20:01:50 +01:00
Girish Ramakrishnan
8ede37a43d Make the dkim selector dynamic 
it has to change with the adminLocation so that multiple cloudrons
can send out emails at the same time.
 2017-10-31 12:18:40 -07:00
Girish Ramakrishnan
d9ab1a78d5 Make the my location customizable 
Fixes #22
 2017-10-25 23:00:43 -07:00
Johannes Zellner
0b03018a7b Add constant for special 'never' autoupdate pattern 2017-01-26 15:36:24 -08:00
Johannes Zellner
a243478fff Create separate ip and my. domain nginx configs 2017-01-06 16:01:49 +01:00
Johannes Zellner
e7fc40cfdd Minor code style changes 2016-12-15 16:57:29 +01:00