jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
15,658 Commits 33 Branches 583 Tags
7499aa920104dff7865eaa1b6e622977fdfcd682
Commit Graph

261 Commits

Author SHA1 Message Date
Girish Ramakrishnan
4844f6d927 dashboard: remove old domain config on switch 2023-09-29 09:26:42 +05:30
Girish Ramakrishnan
28bfab6700 LOCATION_TYPE can move into location.js 2023-08-17 16:05:19 +05:30
Girish Ramakrishnan
5c98b6f080 crash fixes 2023-08-17 13:02:36 +05:30
Girish Ramakrishnan
3d0ba557e5 add Location class 2023-08-17 10:44:07 +05:30
Girish Ramakrishnan
4acbb7136a proper task name for dashboard change 2023-08-14 10:45:12 +05:30
Girish Ramakrishnan
eee49a8291 move dashboard setting into dashboard.js 2023-08-11 21:04:10 +05:30
Girish Ramakrishnan
4cdf37b060 settings: move mailFqdn/Domain into mailServer 2023-08-04 22:02:24 +05:30
Girish Ramakrishnan
946e5caacb split mail and mailserver 
mail = all the per-domain code
mailserver = all the mail server level code
 2023-08-04 20:54:39 +05:30
Girish Ramakrishnan
1264cd1dd7 reverseproxy: move renew and trusted ip routes 2023-08-04 13:19:48 +05:30
Girish Ramakrishnan
47d57a3971 fold sysinfo into network 
the backends are network backends
 2023-08-03 13:38:42 +05:30
Girish Ramakrishnan
bbc6ba1a35 settings: move service setting into services.js 
this also introduces getJson/setJson
 2023-08-03 11:50:00 +05:30
Girish Ramakrishnan
c7f2a04e8c settings: move reverse proxy config 2023-08-02 23:02:39 +05:30
Girish Ramakrishnan
8fe992318e settings: move trusted ip setting to reverseproxy 2023-08-02 23:02:39 +05:30
Girish Ramakrishnan
b26c8d20cd network: add trusted ips 
This allows the user to set trusted ips to Cloudflare or some other CDN
and have the logs have the correct IPs.

fixes #801
 2023-05-13 16:15:47 +02:00
Girish Ramakrishnan
8448d28f6f Implement HSTS preload 
This allows browsers to query https directly instead of the initial http redirect

https://hstspreload.org/#opt-in says it should be explicitly opt in
 2023-03-06 11:46:05 +01:00
Girish Ramakrishnan
abacc60181 tls: fix wildcard alias cert file names 
also, do not provision redirect certs. redirect domains can never
hit the server anyway.
 2023-02-25 20:22:09 +01:00
Girish Ramakrishnan
54add73d2a reverseproxy: LE backdates certs by an hour 
https://community.letsencrypt.org/t/valid-from-date-on-cert-off-by-1-hour/103239
 2023-02-01 12:52:37 +01:00
Girish Ramakrishnan
3f70edf3ec print subject and fix notBefore parsing 2023-02-01 12:38:29 +01:00
Girish Ramakrishnan
c63e0036cb typo 2023-02-01 12:28:46 +01:00
Girish Ramakrishnan
3b9486596d reverseproxy: force renewal only renews if not issued in last 5 mins 
otherwise, this leads to repeated renewals in checkCerts
 2023-02-01 11:18:39 +01:00
Girish Ramakrishnan
eddfd20f24 reverseproxy: get dates 2023-02-01 11:05:50 +01:00
Girish Ramakrishnan
690df0e5c4 reverseproxy: add option to force renewal for e2e 2023-01-31 23:45:17 +01:00
Girish Ramakrishnan
ce9e78d23b reverseproxy: fix issue where renewed certs are not written to disk 2023-01-31 17:58:28 +01:00
Girish Ramakrishnan
d7d43c73fe reverseproxy: fix typo in regexp matching 2022-12-08 10:05:36 +01:00
Girish Ramakrishnan
f27847950c reverseproxy: notify cert change only in cron job 
notifying this in ensureCertificate does not work if provider changed in the middle anyway.
might as well get them to be in sync in the cronjob.

this change also resulted in tls addon getting restarted non-stop if you change from wildcard
to non-wildcard since ensureCertificate notifies the change.
 2022-11-30 15:55:32 +01:00
Girish Ramakrishnan
69b46d82ab Fix typo 2022-11-30 14:56:40 +01:00
Girish Ramakrishnan
7e1c56161d reverseproxy: notify services immediately 
there are 2 cases where certs change (in db):
* LE cert is new or renewed
* fallback cert changes with fallback provider

if something is off i.e we crashed midway of above, then user can click the
rebuild button.
 2022-11-29 18:27:08 +01:00
Girish Ramakrishnan
77a5f01585 reverseproxy: rebuild only when needed 
re-creating nginx configs is only needed in 3 cases:
* provider changes. we create a rebuild file for this
* nginx config is somehow corrupt by external changes. user can click ui button

on startup, dashboard also always creates the nginx configs. so it's always up to provide the button
 2022-11-29 18:17:53 +01:00
Girish Ramakrishnan
3aa3cb6e39 tls: remove any old location certs 2022-11-29 17:58:51 +01:00
Girish Ramakrishnan
302f975d5c handle type mismatch 2022-11-29 17:13:58 +01:00
Girish Ramakrishnan
d23c65a7e7 reverseproxy: cert/key/csr are all pem 
just use strings instead of binary/string confusion
 2022-11-29 14:33:52 +01:00
Girish Ramakrishnan
1cf613dca6 Fix name of wildcard alias domain cert and configs 2022-11-29 13:35:17 +01:00
Girish Ramakrishnan
89127e1df7 reverseproxy: rework cert logic 
9c8f78a059 already fixed many of the cert issues.

However, some issues were caught in the CI:

* The TLS addon has to be rebuilt and not just restarted. For this reason, we now
  move things to a directory instead of mounting files. This way the container is just restarted.

* Cleanups must be driven by the database and not the filesystem . Deleting files on disk or after a restore,
  the certs are left dangling forever in the db.

* Separate the db cert logic and disk cert logic. This way we can sync as many times as we want and whenever we want.
 2022-11-29 11:07:23 +01:00
Girish Ramakrishnan
b70572a6e9 dns: fqdn only needs domain string 
This is from the caas days, when we had hyphenated subdomains flag
 2022-11-28 21:56:25 +01:00
Girish Ramakrishnan
817e950d47 Fix upstreamUri verification 2022-11-23 12:58:17 +01:00
Girish Ramakrishnan
5d0309f1ca reverseproxy: check renewal against cert instead of the files 2022-11-17 16:40:14 +01:00
Girish Ramakrishnan
00771d8197 reverseproxy: move dashboard config to subdir as well 2022-11-17 15:50:34 +01:00
Girish Ramakrishnan
641752a222 reverseproxy: remove getAcmeApiOptions 2022-11-17 12:39:23 +01:00
Girish Ramakrishnan
e3b0d3960a reverseproxy: create configs in subdirectories for easy management 2022-11-17 12:16:11 +01:00
Girish Ramakrishnan
cd90864bc3 typos 2022-11-17 11:46:29 +01:00
Girish Ramakrishnan
23cc0d6f0e acme2: do not pass around paths 2022-11-17 11:44:36 +01:00
Girish Ramakrishnan
35076b0e93 use vhost naming for nginx config terminology 2022-11-17 10:22:46 +01:00
Girish Ramakrishnan
293b8a0d34 remove location type from nginx filename 
this will keep it consistent with upcoming cert filenames
 2022-11-17 10:22:46 +01:00
Girish Ramakrishnan
0c8b8346f4 Move getLocationsSync into apps.js 2022-11-17 10:22:43 +01:00
Girish Ramakrishnan
e3642f4278 reverse proxy: rebuild configs on provider change 2022-11-16 12:42:06 +01:00
Girish Ramakrishnan
19b0d47988 remove obsolete fixme 2022-11-16 11:46:31 +01:00
Girish Ramakrishnan
f82f533f36 Add SIGHUP handler to reload certs 
we have to reload directory server certs out of process
 2022-11-16 08:24:42 +01:00
Girish Ramakrishnan
15d5dfd406 reverseproxy: move the reload out of the write functions 2022-11-16 07:55:26 +01:00
Girish Ramakrishnan
0843baad8b reverseproxy: remove options from renewCerts 2022-11-14 08:13:47 +01:00
Girish Ramakrishnan
5e2a55ecad add debug 2022-11-13 22:10:01 +01:00