jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
16,663 Commits 33 Branches 583 Tags
6e34f84b143ec2f1dfcf62f47284d00d9e4eaaee
Commit Graph

704 Commits

Author SHA1 Message Date
Girish Ramakrishnan
1894ed7721 box: no oidc messages 2024-12-14 19:04:59 +01:00
Girish Ramakrishnan
de0909248d start.sh: collapse the mkdir lines 2024-12-05 15:53:03 +01:00
Girish Ramakrishnan
2a6c52800b system: filesystems in exclude are excluded from content analysis 
some disks can be very slow and noisy (at home). this allows users to simply skip them.
also, applicable for large storage boxes
 2024-11-30 13:08:21 +01:00
Girish Ramakrishnan
19c744b17d unbound-anchor is now part of ExecStartPre 
it seems unbound-anchor is not a dep of unbound in ubuntu 24. some
installations are thus missing this package.

in any case, ignore unbound-anchor exit status
 2024-09-20 10:00:01 +02:00
Girish Ramakrishnan
22a0874188 grammar 2024-09-16 10:37:01 +02:00
Johannes Zellner
859fef62d4 Revert "Make unbound prefer ipv4 to avoid using ipv6 for spam checking" 
This reverts commit aedf55dba0.
 2024-09-12 17:41:12 +02:00
Girish Ramakrishnan
0647a3a233 unbound: prefer ip4 on ubuntu 24 and above 
ip6 queries seems to be blocked by spamhaus
 2024-09-12 17:13:50 +02:00
Johannes Zellner
aedf55dba0 Make unbound prefer ipv4 to avoid using ipv6 for spam checking 2024-09-12 16:43:34 +02:00
Girish Ramakrishnan
e5dcf78ceb unbound: setup anchor on service restart 2024-09-10 09:48:10 +02:00
Girish Ramakrishnan
ba99e3b9b7 already in setup script now 2024-07-14 17:06:13 +02:00
Johannes Zellner
d892cc5763 Add comment how to debug the openid provider 2024-07-03 11:33:58 +02:00
Girish Ramakrishnan
082e659c7b disable rpcbind 
rpcbind is required for NFSv2 and v3 . It seems this gets installed
by nfs-common. It was never used by us since the firewall blocks
port 111 anyways.

NFSv3 needs 2049 for NFS, 111 for portmap, 635 for mountd, 4045 for NLM, 4046 for NSM, 4049 for rquota ...

NFSv4 works better because there's just a single target port, plus the "heartbeat" of lease renewal would keep the TCP/IP session alive.

https://serverfault.com/questions/949127/nfs-client-firewall-settings-and-rpcbind
https://docs.redhat.com/en/documentation/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/s2-nfs-methodology-portmap.html#s2-nfs-methodology-portmap
https://community.netapp.com/t5/Tech-ONTAP-Blogs/NFSv3-and-NFSv4-What-s-the-difference/ba-p/441316
 2024-06-27 20:37:08 +02:00
Girish Ramakrishnan
8df97de8c6 Ubuntu 24.04 
* update docker to 26.0.1
* cloudron-syslog needs to have correct perms for fifo socket
 2024-04-29 11:07:10 +02:00
Girish Ramakrishnan
cd5cae33ce dns: switch over to systemd for the host 
this changes unbound to listen to 127.0.0.150 (150 is roman CL)

we cannot only bind on docker bridge because unbound is relied
upon for the initial domain setup. docker itself is only initialized
when the platform initializes
 2024-04-29 11:06:03 +02:00
Girish Ramakrishnan
608ce53e7d scripts: remove unused cloudron-logs 2024-04-29 10:21:33 +02:00
Girish Ramakrishnan
88231e3d35 sftp: add rate limit 2024-04-21 21:04:00 +02:00
Girish Ramakrishnan
1aa683aeab add comments on the rate limits 2024-04-21 21:02:55 +02:00
Girish Ramakrishnan
95eeb9ce93 s/your/the 2024-04-19 18:33:17 +02:00
Girish Ramakrishnan
caf1c37171 motd: mention troubleshooting tool 2024-04-15 13:46:44 +02:00
Girish Ramakrishnan
4ee56782ba move syslog.js to top level 2024-03-21 19:09:51 +01:00
Girish Ramakrishnan
d0dc104ede logs: make logPaths work 
we have to tail via sudo script

Fixes #811
 2024-02-23 17:46:22 +01:00
Johannes Zellner
ec990bd16a WIP: Add some portrange support 2024-02-08 17:39:22 +01:00
Girish Ramakrishnan
b8c297b178 ldap allow list is not a json 2024-01-13 12:29:00 +01:00
Girish Ramakrishnan
793c4ac017 add some debugs to the firewall script 2023-12-08 11:05:55 +01:00
Girish Ramakrishnan
48f0c75c57 network: increase maxelem of the ipsets 2023-12-07 23:20:24 +01:00
Johannes Zellner
e7208278fc Only collect stats for app main containers 2023-10-23 22:23:23 +02:00
Girish Ramakrishnan
ec23c7d2b8 Suppress aws sdk warning 
https://github.com/aws/aws-sdk-js/issues/4354#issuecomment-1664694545
 2023-08-04 09:21:48 +05:30
Girish Ramakrishnan
ff539e2669 remove crashnotifier 
it's not really used
 2023-05-15 11:08:00 +02:00
Girish Ramakrishnan
b26c8d20cd network: add trusted ips 
This allows the user to set trusted ips to Cloudflare or some other CDN
and have the logs have the correct IPs.

fixes #801
 2023-05-13 16:15:47 +02:00
Johannes Zellner
89c5b81eb0 Add very basic initial cloudron-logs helper 2023-05-11 12:30:00 +02:00
Girish Ramakrishnan
4c475818bc syslog: restructure code 2023-04-14 20:06:28 +02:00
Girish Ramakrishnan
928e61e0f6 Revert "Only use "kill" as done in the upstream docs" 
This reverts commit 829d53915d.

This breaks on Ubuntu 18

systemd[1]: /etc/systemd/system/unbound.service:12: Executable path is not absolute: kill -HUP $MAINPID
 2023-03-29 11:18:44 +02:00
Johannes Zellner
9089616e85 Store oidc data in platformdata/oidc 2023-03-19 16:01:22 +01:00
Girish Ramakrishnan
495e54b54a cloudron.conf is long gone 2023-01-31 18:03:23 +01:00
Johannes Zellner
10e07fa300 Add disk speeds to disk usage data 2023-01-27 21:05:25 +01:00
Johannes Zellner
829d53915d Only use "kill" as done in the upstream docs 
https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecReload=
 2023-01-09 20:18:51 +01:00
Johannes Zellner
144fc7b7be Ubuntu 18 does not have /usr/bin/kill 2023-01-09 20:12:30 +01:00
Girish Ramakrishnan
ae30fe25d7 unbound: disable controller interface explicitly 
https://github.com/NLnetLabs/unbound/issues/806
 2022-12-22 11:11:33 +01:00
Girish Ramakrishnan
89127e1df7 reverseproxy: rework cert logic 
9c8f78a059 already fixed many of the cert issues.

However, some issues were caught in the CI:

* The TLS addon has to be rebuilt and not just restarted. For this reason, we now
  move things to a directory instead of mounting files. This way the container is just restarted.

* Cleanups must be driven by the database and not the filesystem . Deleting files on disk or after a restore,
  the certs are left dangling forever in the db.

* Separate the db cert logic and disk cert logic. This way we can sync as many times as we want and whenever we want.
 2022-11-29 11:07:23 +01:00
Girish Ramakrishnan
00771d8197 reverseproxy: move dashboard config to subdir as well 2022-11-17 15:50:34 +01:00
Girish Ramakrishnan
e3b0d3960a reverseproxy: create configs in subdirectories for easy management 2022-11-17 12:16:11 +01:00
Girish Ramakrishnan
720bafaf02 logrotate: only keep 14 days of logs 
https://unix.stackexchange.com/questions/261696/logrotation-rotate-and-maxage-command
https://blog.gsterling.de/2017/10/03/logrotate-misconceptions-about-maxsize-and-size/
 2022-11-17 00:47:39 +01:00
Girish Ramakrishnan
f82f533f36 Add SIGHUP handler to reload certs 
we have to reload directory server certs out of process
 2022-11-16 08:24:42 +01:00
Girish Ramakrishnan
4918d2099f remove json module (not used) 2022-11-05 15:15:53 +01:00
Girish Ramakrishnan
80a3ca0f46 remove 16.04 related task logic 2022-11-02 21:22:42 +01:00
Girish Ramakrishnan
ae66692eda Ensure collectd directory 2022-10-14 10:43:30 +02:00
Girish Ramakrishnan
1872cea763 graphs: do not average cpu use 
Show like htop/top: cpu core count * 100
 2022-10-13 22:36:20 +02:00
Girish Ramakrishnan
656f3fcc13 add system.du 2022-10-11 23:06:54 +02:00
Girish Ramakrishnan
6f61145b01 configurecollectd.sh is no more 2022-10-11 21:04:25 +02:00
Johannes Zellner
cbaf86b8c7 Use counter values for docker stats in collectd and grafana queries 2022-10-11 19:06:40 +02:00