jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
11,383 Commits 33 Branches 583 Tags
89127e1df738a54213a05b9314f37f8319d088e3
Commit Graph

11383 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Girish Ramakrishnan
89127e1df7 reverseproxy: rework cert logic 
9c8f78a059 already fixed many of the cert issues.

However, some issues were caught in the CI:

* The TLS addon has to be rebuilt and not just restarted. For this reason, we now
  move things to a directory instead of mounting files. This way the container is just restarted.

* Cleanups must be driven by the database and not the filesystem . Deleting files on disk or after a restore,
  the certs are left dangling forever in the db.

* Separate the db cert logic and disk cert logic. This way we can sync as many times as we want and whenever we want.
 2022-11-29 11:07:23 +01:00
Girish Ramakrishnan
c844be5be1 make validateLocations return error 2022-11-28 22:16:22 +01:00
Girish Ramakrishnan
e15c6324e4 getDuplicateErrorDetails does not need domain map 2022-11-28 22:14:10 +01:00
Girish Ramakrishnan
b70572a6e9 dns: fqdn only needs domain string 
This is from the caas days, when we had hyphenated subdomains flag
 2022-11-28 21:56:25 +01:00
Girish Ramakrishnan
cab7409d85 mail: update haraka 2022-11-24 18:27:33 +01:00
Girish Ramakrishnan
ce00165e41 Update containterd 
this possible fixes stuck containers - https://github.com/containerd/containerd/issues/6772
 2022-11-24 14:49:12 +01:00
Girish Ramakrishnan
38312b810a add note 2022-11-24 01:21:32 +01:00
Girish Ramakrishnan
9477e0bbb5 Fix crash when accessing memory_stats 2022-11-24 00:40:40 +01:00
Girish Ramakrishnan
4c6f7de10a more debug messages 2022-11-23 22:03:18 +01:00
Girish Ramakrishnan
28f3b697a1 tokens: add test for readonly token 2022-11-23 18:16:03 +01:00
Girish Ramakrishnan
f728971479 add test that only owner can open tickets 2022-11-23 17:56:24 +01:00
Girish Ramakrishnan
30fb1aa351 proxy: do not set Host header when proxying 
The default when proxying is $proxy_host.

Proxied apps must used X-Forwarded-Host header to determine the intended
target. I think we overwrote the Host header back in the day because apps
had varied support for this. Ideally, it can be removed across all our configurations.
 2022-11-23 16:50:38 +01:00
Johannes Zellner
a5d244b593 Add tests for proxy app upstreamUri 2022-11-23 14:36:57 +01:00
Girish Ramakrishnan
817e950d47 Fix upstreamUri verification 2022-11-23 12:58:17 +01:00
Girish Ramakrishnan
258eea4318 Fix appstore-test 2022-11-22 22:14:59 +01:00
Girish Ramakrishnan
1b0c33fc73 Fix system-test 2022-11-22 21:38:22 +01:00
Girish Ramakrishnan
1d56bcb2e0 Update node to 16.18.1 2022-11-22 19:29:54 +01:00
Johannes Zellner
35ea3b1575 Also include potential swap files in the disk usage stats 2022-11-22 12:15:17 +01:00
Girish Ramakrishnan
c639559a6d Update docker 20.10.21 
many users reporting hangs in docker, maybe this solves it
 2022-11-21 13:20:49 +01:00
Girish Ramakrishnan
b437466f8c mail: send quota value as raw bytes 2022-11-21 09:45:17 +01:00
Girish Ramakrishnan
3b8221190d Better error mesasge 2022-11-20 18:16:16 +01:00
Girish Ramakrishnan
250d54f157 postgresql: fix issue with pg_ctl timing out 2022-11-20 18:05:37 +01:00
Girish Ramakrishnan
5d0309f1ca reverseproxy: check renewal against cert instead of the files 2022-11-17 16:40:14 +01:00
Girish Ramakrishnan
00771d8197 reverseproxy: move dashboard config to subdir as well 2022-11-17 15:50:34 +01:00
Girish Ramakrishnan
641752a222 reverseproxy: remove getAcmeApiOptions 2022-11-17 12:39:23 +01:00
Girish Ramakrishnan
e3b0d3960a reverseproxy: create configs in subdirectories for easy management 2022-11-17 12:16:11 +01:00
Girish Ramakrishnan
cd90864bc3 typos 2022-11-17 11:46:29 +01:00
Girish Ramakrishnan
23cc0d6f0e acme2: do not pass around paths 2022-11-17 11:44:36 +01:00
Girish Ramakrishnan
51f43597bc Make location have subdomain just like in the database 2022-11-17 10:22:46 +01:00
Girish Ramakrishnan
28b5457e9c Fix validateLocations return value 2022-11-17 10:22:46 +01:00
Girish Ramakrishnan
35076b0e93 use vhost naming for nginx config terminology 2022-11-17 10:22:46 +01:00
Girish Ramakrishnan
293b8a0d34 remove location type from nginx filename 
this will keep it consistent with upcoming cert filenames
 2022-11-17 10:22:46 +01:00
Girish Ramakrishnan
0c8b8346f4 Move getLocationsSync into apps.js 2022-11-17 10:22:43 +01:00
Girish Ramakrishnan
8c2a1906ba Add to changes 2022-11-17 08:00:44 +01:00
Girish Ramakrishnan
720bafaf02 logrotate: only keep 14 days of logs 
https://unix.stackexchange.com/questions/261696/logrotation-rotate-and-maxage-command
https://blog.gsterling.de/2017/10/03/logrotate-misconceptions-about-maxsize-and-size/
 2022-11-17 00:47:39 +01:00
Johannes Zellner
0b6bbf4cc2 Set exec LANG via rest API only 2022-11-16 16:14:54 +01:00
Girish Ramakrishnan
013e15e361 reverseproxy: do deep compare in tlsConfig 
wildcard field might change
 2022-11-16 16:04:26 +01:00
Johannes Zellner
9da4f55754 Set default LANG in exec container to make umlauts and other special characters work 2022-11-16 15:49:06 +01:00
Girish Ramakrishnan
e3642f4278 reverse proxy: rebuild configs on provider change 2022-11-16 12:42:06 +01:00
Girish Ramakrishnan
19b0d47988 remove obsolete fixme 2022-11-16 11:46:31 +01:00
Girish Ramakrishnan
f82f533f36 Add SIGHUP handler to reload certs 
we have to reload directory server certs out of process
 2022-11-16 08:24:42 +01:00
Girish Ramakrishnan
15d5dfd406 reverseproxy: move the reload out of the write functions 2022-11-16 07:55:26 +01:00
Girish Ramakrishnan
af870d0eac mail: fix dnsbl count 
empty string was parsed as [''] leading the UI to think there is one zone
 2022-11-14 22:06:33 +01:00
Girish Ramakrishnan
7b7e5d24de domains: update event not generated 2022-11-14 10:58:47 +01:00
Girish Ramakrishnan
0843baad8b reverseproxy: remove options from renewCerts 2022-11-14 08:13:47 +01:00
Girish Ramakrishnan
5e2a55ecad add debug 2022-11-13 22:10:01 +01:00
Girish Ramakrishnan
c597d9fbaa add fixme 2022-11-13 21:55:13 +01:00
Girish Ramakrishnan
8b43d43e35 reverseproxy: compare the cert path on cert renewal 
fqdn will not match for wildcard certs
 2022-11-13 18:06:34 +01:00
Girish Ramakrishnan
5447181e41 cert: add some asserts 2022-11-13 17:27:05 +01:00
Girish Ramakrishnan
3caf77cee6 cert: add message for fallback cert 2022-11-13 16:59:22 +01:00