jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
5,508 Commits 33 Branches 583 Tags
6eb6eab3f44a44a0379f348cfbec1040cdcc4e4b
Commit Graph

153 Commits

Author SHA1 Message Date
Girish Ramakrishnan
57d5c2cc47 Use IPv4 address to connect to mysql 
Fixes #412
 2017-08-31 10:59:14 -07:00
Girish Ramakrishnan
f34840d127 remove old data migration paths 2017-08-29 13:08:31 -07:00
Johannes Zellner
2f51088e67 Add logrotate support for *.log files in /run mounts of apps 
logrotate config files may contain arbitrary commands which are
exectued as root, thus the config files have to be owned by root.
This is the reason we need the sudo scripts :-/

To test the generated scripts, just run:
$ logrotate /etc/logrotate.conf -v

Fixes #396
 2017-08-12 00:04:00 +02:00
Girish Ramakrishnan
5fe73c5a46 Replace df plugin with custom df plugin 
The built-in df plugin cannot do the following:
    * if we choose by type ext4, we want to skip devicemapper (on scaleway)
    * the MountPoint of the appsdata directory is not possible to know at install time

Fixes #398
 2017-08-11 01:39:51 -07:00
Girish Ramakrishnan
86d23a4d35 Switch default storage backend to overlay2 
This does not try to migrate existing cloudrons from devicemapper.
We will possibly do that in a future version.

61e130fb7 takes care of checking that we run on ext4

https://cloudron.io/documentation/server/#using-overlay2-backend-for-docker

Fixes #364
 2017-08-10 14:11:03 -07:00
Girish Ramakrishnan
f17bde2d97 Add motd message for cloudron admins about updates 
Fixes #351
 2017-08-10 12:14:51 -07:00
Girish Ramakrishnan
6dd4d40692 parse and save zoneName to cloudron.conf 
part of #377
 2017-07-17 09:16:06 -07:00
Girish Ramakrishnan
49de39a1f3 Set max ttl to 5 minutes 
This means the web ui will atleast work in 5 minutes.

Fixes #373
 2017-07-07 09:50:29 -05:00
Girish Ramakrishnan
50e712a93e preserve existing docker storage driver 
fixes #364
 2017-06-30 16:50:31 -05:00
Girish Ramakrishnan
180cafad0c Fix restore of unencrypted backups 2017-05-08 15:48:32 -07:00
Girish Ramakrishnan
be5221d5b8 bash gymnastics for password with spaces 2017-05-01 11:40:08 -07:00
Girish Ramakrishnan
b531922175 do not quote the argument 2017-04-30 22:17:23 -07:00
Girish Ramakrishnan
6cbf64b88e use openssl password only when restore key is non-empty or backup ends with .enc 2017-04-28 15:00:17 -07:00
Girish Ramakrishnan
41edd3778d Merge branch 'dns-fixes' into 'master' 
Set DNS per container rather than the daemon

Closes #307

See merge request !6
 2017-04-25 17:06:31 +00:00
Johannes Zellner
8a76788e7a From this version on encrypted backups don't use the openssl implicit salt 2017-04-21 10:58:52 +02:00
Ian Fijolek
f0ba126156 Move dns-search from daemon to client as well 
Verified no regression of #130
 2017-04-20 21:33:16 +00:00
Ian Fijolek
9dd51575ab Set DNS per container rather than the daemon 
All Cloudron containers need to have the nameserver 172.18.0.1. This was
being done at the daemon level, however since there are also iptables
rules restricting access to the nameserver from containers that aren't
on the Cloudron Docker network, this broke DNS for non-Cloudron
containers.

Since the DNS is only required for Cloudron containers in the first
place, this patch specifies 172.18.0.1 as the nameserver when Cloudron
creates a container and reverts the change at the daemon level
 2017-04-20 19:02:10 +00:00
Johannes Zellner
d9a0bf457d Don't make backup files executable 2017-04-20 16:02:13 +02:00
Girish Ramakrishnan
eb2ef47df1 remove boxVersionsUrl 
update checker now uses the appstore routes
 2017-04-13 11:38:42 -07:00
Johannes Zellner
51d5b96fa1 use "mountpoint" to check if we have the user data mounted 2017-04-05 14:34:18 +02:00
Girish Ramakrishnan
1a3e3638ff iptables-restore is not used anymore 2017-04-04 13:00:48 -07:00
Johannes Zellner
da857f520b Only stop apps and addons on data migration 2017-04-04 14:30:45 +02:00
Johannes Zellner
aa22ab8847 Cleanup the btrfs mounts and the user data file 2017-04-04 12:34:55 +02:00
Johannes Zellner
3e23c3efce Do not move the whole mail folder but only its content 2017-04-04 12:34:55 +02:00
Johannes Zellner
c4f96bbd6b Some directory creation fixes 2017-04-04 12:34:55 +02:00
Johannes Zellner
3a17bf9a0f Ensure apps and platform data dirs exist 2017-04-04 12:34:55 +02:00
Johannes Zellner
602f8bcd04 Split platform and app data folders and get rid of btrfs volumes 2017-04-04 12:34:55 +02:00
Girish Ramakrishnan
956fe86250 Add firewall service 
Docker really insists on adding itself to the top of the FORWARD
chain. Making our firewall side-steps this docker design.
 2017-03-29 02:31:53 -07:00
Girish Ramakrishnan
4d000e377f Enable iptables based ratelimit for cloudron auth services 
The goal here is to simply add a rate limit to prevent brute
force password attacks.

Covered services includes:
    (public) http, https, ssh, smtp, msa, imap, sieve
    (private) postgres, redis, mysql, ldap, mongodb. msa

The private limits are higher because some apps will create
a db connection for each page request.  Some apps like mailtrain
will send out lots of emails etc.

Note that apps that use SSO are ratelimited by the ldap limit.

Part of #187
 2017-03-29 00:02:05 -07:00
Girish Ramakrishnan
7e8757a78c grep quietly 2017-03-13 13:52:16 -07:00
Girish Ramakrishnan
81313d1c40 reduce nxdomain caching timeout 
the other option is to use "/usr/sbin/unbound-control flush_negative"
on demand
 2017-03-09 15:03:14 -08:00
Girish Ramakrishnan
1c36918e92 Done -> Almost done 2017-03-09 10:21:52 -08:00
Girish Ramakrishnan
9d52397bcc Move dhparam creation 
Now that all cloudrons have the dhparams file, we can generate this
*after* restoring from backup and if required.
 2017-03-01 15:25:20 -08:00
Girish Ramakrishnan
3a5000ab1d Detect loop support on linode correctly 
We don't need any of the loop logic since it seems scaleway
also supports automatically this now
 2017-02-15 15:40:19 -08:00
Girish Ramakrishnan
7f4f525551 dhparams.pem must be part of backup 2017-02-14 14:12:03 -08:00
Girish Ramakrishnan
9e2850ffad setup: do not restart mysql unnecessarily 2017-02-08 07:53:55 -08:00
Girish Ramakrishnan
19c665d747 docker daemon is deprecated 2017-02-06 11:33:10 -08:00
Girish Ramakrishnan
0cee6de476 Check if cloudron.conf file exists 2017-01-31 01:53:06 -08:00
Girish Ramakrishnan
7b547e7ae9 Revert scaleway specific overlay2 support 
This reverts commit 16d65d3665.

Rainloop app breaks with overlay2
 2017-01-30 15:43:42 -08:00
Girish Ramakrishnan
16d65d3665 Use overlay2 for scaleway 
https://github.com/scaleway/image-ubuntu/issues/68
 2017-01-30 14:01:29 -08:00
Girish Ramakrishnan
ccb340cf80 Use systemd drop in to configure docker 
The built-in service files get overwritten by updates

Fixes #203
 2017-01-30 12:41:07 -08:00
Girish Ramakrishnan
56b0f57e11 Move unbound systemd config to separate file 2017-01-30 12:39:19 -08:00
Girish Ramakrishnan
ddf5c51737 Make it 90 instead 2017-01-26 15:45:07 -08:00
Girish Ramakrishnan
88fc7ca915 move the files and not the directory 
... because box is a btrfs subvolume
 2017-01-26 14:16:27 -08:00
Girish Ramakrishnan
ebd3a15140 always restart nginx 2017-01-25 12:04:52 -08:00
Girish Ramakrishnan
f142d34f83 Move box data out of appdata volume 
This lets us restore the box if the app volume becomes full

Fixes #186
 2017-01-24 13:48:09 -08:00
Girish Ramakrishnan
357ca55dec remove unused var 2017-01-24 10:41:58 -08:00
Girish Ramakrishnan
d7a8731027 remove unused var 2017-01-24 10:41:38 -08:00
Girish Ramakrishnan
9117c7d141 Use $USER 2017-01-24 10:32:32 -08:00
Johannes Zellner
db8db430b9 Avoid warning from systemd by reloading the daemon after chaning journald config 2017-01-23 11:01:02 +01:00