jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
11,383 Commits 33 Branches 583 Tags
89127e1df738a54213a05b9314f37f8319d088e3
Commit Graph

229 Commits

Author SHA1 Message Date
Girish Ramakrishnan
89c3847fb0 reverseProxy: refactor 2022-01-16 10:28:49 -08:00
Girish Ramakrishnan
aeeeaae62a pass domain object to reduce one query 2022-01-16 10:16:14 -08:00
Girish Ramakrishnan
1e98a2affb change argument order to match others 2022-01-16 09:45:59 -08:00
Girish Ramakrishnan
3da19d5fa6 Use constants 2022-01-14 22:57:44 -08:00
Girish Ramakrishnan
d7d46a5a81 rename alternateDomains to redirectDomains 2022-01-14 22:32:34 -08:00
Girish Ramakrishnan
2ab2255115 fix dhparam generation 
it cannot be created in default config creation time since it is
already run pre-VM snapshot time
 2021-11-17 11:48:06 -08:00
Girish Ramakrishnan
1c8e699a71 generate dhparams per server 
this way we don't need to save/restore it from the database.
 2021-11-16 23:03:16 -08:00
Girish Ramakrishnan
c4db0d746d acme: if account key was revoked, generate new account key 
the plan was to migrate only specific keys but this allows us the
flexibility to revoke keys after the release (since we have not
gotten response from DO about access to old 1-click images so far).
 2021-11-16 22:57:40 -08:00
Girish Ramakrishnan
68db4524f1 remove unused httpPaths from manifest 2021-11-09 21:50:33 -08:00
Girish Ramakrishnan
b642bc98a5 ensure fallback certificates of all domains 
https://forum.cloudron.io/topic/5683/data-argument-must-be-of-type-received-null-error-during-restore-process
 2021-10-06 13:34:06 -07:00
Girish Ramakrishnan
4a9d074b50 Use for..of instead of forEach for clarity 2021-10-06 13:01:12 -07:00
Girish Ramakrishnan
05e8339555 Fix typos in cert renewal 2021-09-23 17:54:54 -07:00
Girish Ramakrishnan
3090307c1d tasks: remove superfluous update code 2021-09-23 17:44:41 -07:00
Girish Ramakrishnan
dff2275a9b add a flag to disable ocsp globally 
fixes #796
 2021-09-22 09:13:16 -07:00
Girish Ramakrishnan
e7f51d992f acme: getCertificate can be async now 2021-09-07 09:34:23 -07:00
Girish Ramakrishnan
b1da86c97f rename variable to avoid shadowing 2021-08-30 15:30:50 -07:00
Girish Ramakrishnan
1cc11fece8 Fix crash in renewCerts() 2021-08-25 15:52:05 -07:00
Girish Ramakrishnan
77f5cb183b merge appdb.js into apps.js 2021-08-23 15:35:38 -07:00
Girish Ramakrishnan
5dd6f85025 reverseproxy: async'ify 2021-08-17 14:34:55 -07:00
Girish Ramakrishnan
5bcf1bc47b merge domaindb.js into domains.js 2021-08-16 14:41:42 -07:00
Johannes Zellner
f11cc7389d owner may be null even without error 2021-07-29 17:08:01 +02:00
Girish Ramakrishnan
24eaea3523 add missing await 2021-07-26 22:16:01 -07:00
Girish Ramakrishnan
a1c61facdc merge userdb.js into users.js 2021-07-16 22:33:22 -07:00
Girish Ramakrishnan
c052882de9 reverseproxy: remove any old dashboard domain configs 2021-06-27 08:58:33 -07:00
Girish Ramakrishnan
b24cf78bc0 certs: fix renewal notification 2021-06-24 01:12:33 -07:00
Girish Ramakrishnan
6da7218d34 certs: show daysLeft in the logs 2021-06-24 00:48:59 -07:00
Girish Ramakrishnan
ee7cddfbbc acme: fix http challenge 2021-06-04 17:51:26 -07:00
Girish Ramakrishnan
8da4eaf4a3 fix tests 2021-06-03 16:08:39 -07:00
Girish Ramakrishnan
e9ace613e2 cert: only inform user if renewal fails and only 10 days left 2021-06-01 09:09:16 -07:00
Girish Ramakrishnan
9d664a7d7c typo 2021-05-27 15:15:29 -07:00
Girish Ramakrishnan
a5e34cf775 delete certs that have long expired (6 months) 
fixes #783
 2021-05-18 13:37:35 -07:00
Girish Ramakrishnan
4482da6148 move acme2.js one level up 2021-05-07 23:21:45 -07:00
Girish Ramakrishnan
302ea60b8d consolidate acme paths in the reverseproxy code 2021-05-07 23:21:42 -07:00
Girish Ramakrishnan
b3a805faff ensureCertificate: copy certs from db to disk as needed 2021-05-07 22:07:14 -07:00
Girish Ramakrishnan
84af9580a6 migrate certs into the blobs database 
use platformdata/nginx/cert to store the certs
 2021-05-07 21:26:49 -07:00
Girish Ramakrishnan
9418e93428 reverseproxy: adminOrigin is not used in the ejs 2021-05-05 13:13:04 -07:00
Girish Ramakrishnan
44ac406e57 admin -> dashboard 2021-05-05 12:29:04 -07:00
Girish Ramakrishnan
cc9b43450c configureAdmin is never used 2021-05-05 12:16:25 -07:00
Girish Ramakrishnan
7f6a0555b2 store custom app certificates in subdomains table 
the REST route and model code is still ununsed as before since there
is no way to set the certs from the UI.
 2021-05-05 10:58:20 -07:00
Girish Ramakrishnan
963e92b517 store fallback certs in the database 2021-05-04 22:30:28 -07:00
Girish Ramakrishnan
c17743d869 migrate secrets into the database 
the infra version is bumped because the nginx's dhparams path has changed
and the sftp server key path has changed.
 2021-05-03 22:11:18 -07:00
Girish Ramakrishnan
fe6ee45645 typo 2021-04-27 15:25:11 -07:00
Girish Ramakrishnan
cb573c0a37 reverseproxy: identify LE staging correctly 2021-04-27 12:55:11 -07:00
Girish Ramakrishnan
7a7223a261 OCSP: do not set must-staple in certificate request 
On first visit in firefox, must-staple certs (unlike chrome which ignores must-staple) always fail.
Investigating, it turns out, nginx does not fetch OCSP responses on reload or restart - https://trac.nginx.org/nginx/ticket/812 .
So, one has to prime the OCSP cache using curl requests. Alternately, one can use `openssl ocsp -noverify -no_nonce` and
then set `ssl_stapling_file`. Both approaches won't work if the OCSP servers are down and then we have to have some retry logic.
Also, the cache is per nginx worker, so I have no clue how many times one has to call curl. The `ssl_stapling_file` approach
requires some refresh logic as well. All very messy.

For the moment, do not set must-staple in the cert. Instead, check if the cert has a CSP URL and then enable
stapling in nginx accordingly.
 2021-04-16 13:33:32 -07:00
Girish Ramakrishnan
4d919127a7 implement OCSP stapling 
can verify stapling using openssl s_client -connect hostname:443 -status

status_request is RFC6066. there is also status_request_v2 (RFC6961) but this is
not implemented even in openssl libs yet
 2021-04-16 12:13:54 -07:00
Girish Ramakrishnan
0447dce0d6 graphite: restart collectd as well 2021-03-23 16:34:36 -07:00
Girish Ramakrishnan
a5c4b5d8a1 tls addon: restart apps on cert change 2021-02-18 09:44:13 -08:00
Girish Ramakrishnan
67bdf47ef6 rename hostname to vhost to make the code less magical 2021-01-19 14:09:31 -08:00
Girish Ramakrishnan
de869b90ee replace * in alias domain with _ for better filenames 
this is similar to what we do for cert filenames
 2021-01-19 13:36:31 -08:00
Girish Ramakrishnan
88cd857f97 rename main to primary 2021-01-18 22:31:10 -08:00