7f87af5a08
firewall: open up NDP port
...
Port 546 is reserved for the client-side of the Neighbor Discovery Protocol (NDP).
This is used for communication between IPv6 nodes (such as a device and its router)
to discover and configure network information (such as IP address).
Router Advertisement (RA) messages sent by routers use port 547 (router-side), and
devices use port 546 to receive these messages.
See https://forum.cloudron.io/topic/13566/infomaniak-ipv6-issues/61
2025-04-29 22:06:34 +02:00
a138425298
storage: start migration of s3 api
2025-02-12 23:04:37 +01:00
42ce3cb405
Limit motd lines to 90
2025-01-27 22:02:29 +01:00
e34e479c33
services: separate volume clear and rm
2025-01-12 18:08:53 +01:00
e536c94028
firewall: add dockerproxy
2025-01-03 21:14:19 +01:00
d57020d269
firewall: allow udp responses to come back from docker
2025-01-03 19:50:42 +01:00
d47aa816d3
firewall: accept ldap connections
2025-01-03 19:33:51 +01:00
29a9b3d68a
firewall: use a chain instead of adding rules directly
...
this helps in updating rules across upgrades
2025-01-03 17:59:24 +01:00
746bcb1dd0
firewall: ip6tables requires ipv6
2025-01-02 23:48:19 +01:00
874f8328b8
firewall: wait-interval is deprecated
2025-01-02 23:44:50 +01:00
62e2283992
firewall: add masquerade rule for access via public IP
2025-01-02 23:34:46 +01:00
1894ed7721
box: no oidc messages
2024-12-14 19:04:59 +01:00
19c744b17d
unbound-anchor is now part of ExecStartPre
...
it seems unbound-anchor is not a dep of unbound in ubuntu 24. some
installations are thus missing this package.
in any case, ignore unbound-anchor exit status
2024-09-20 10:00:01 +02:00
22a0874188
grammar
2024-09-16 10:37:01 +02:00
859fef62d4
Revert "Make unbound prefer ipv4 to avoid using ipv6 for spam checking"
...
This reverts commit aedf55dba0
2024-09-12 17:41:12 +02:00
0647a3a233
unbound: prefer ip4 on ubuntu 24 and above
...
ip6 queries seems to be blocked by spamhaus
2024-09-12 17:13:50 +02:00
aedf55dba0
Make unbound prefer ipv4 to avoid using ipv6 for spam checking
2024-09-12 16:43:34 +02:00
e5dcf78ceb
unbound: setup anchor on service restart
2024-09-10 09:48:10 +02:00
d892cc5763
Add comment how to debug the openid provider
2024-07-03 11:33:58 +02:00
cd5cae33ce
dns: switch over to systemd for the host
...
this changes unbound to listen to 127.0.0.150 (150 is roman CL)
we cannot only bind on docker bridge because unbound is relied
upon for the initial domain setup. docker itself is only initialized
when the platform initializes
2024-04-29 11:06:03 +02:00
88231e3d35
sftp: add rate limit
2024-04-21 21:04:00 +02:00
1aa683aeab
add comments on the rate limits
2024-04-21 21:02:55 +02:00
95eeb9ce93
s/your/the
2024-04-19 18:33:17 +02:00
caf1c37171
motd: mention troubleshooting tool
2024-04-15 13:46:44 +02:00
4ee56782ba
move syslog.js to top level
2024-03-21 19:09:51 +01:00
d0dc104ede
logs: make logPaths work
...
we have to tail via sudo script
Fixes #811
2024-02-23 17:46:22 +01:00
b8c297b178
ldap allow list is not a json
2024-01-13 12:29:00 +01:00
793c4ac017
add some debugs to the firewall script
2023-12-08 11:05:55 +01:00
48f0c75c57
network: increase maxelem of the ipsets
2023-12-07 23:20:24 +01:00
e7208278fc
Only collect stats for app main containers
2023-10-23 22:23:23 +02:00
ec23c7d2b8
Suppress aws sdk warning
...
https://github.com/aws/aws-sdk-js/issues/4354#issuecomment-1664694545
2023-08-04 09:21:48 +05:30
ff539e2669
remove crashnotifier
...
it's not really used
2023-05-15 11:08:00 +02:00
b26c8d20cd
network: add trusted ips
...
This allows the user to set trusted ips to Cloudflare or some other CDN
and have the logs have the correct IPs.
fixes #801
2023-05-13 16:15:47 +02:00
4c475818bc
syslog: restructure code
2023-04-14 20:06:28 +02:00
928e61e0f6
Revert "Only use "kill" as done in the upstream docs"
...
This reverts commit 829d53915d
2023-03-29 11:18:44 +02:00
10e07fa300
Add disk speeds to disk usage data
2023-01-27 21:05:25 +01:00
829d53915d
Only use "kill" as done in the upstream docs
...
https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecReload=
2023-01-09 20:18:51 +01:00
144fc7b7be
Ubuntu 18 does not have /usr/bin/kill
2023-01-09 20:12:30 +01:00
ae30fe25d7
unbound: disable controller interface explicitly
...
https://github.com/NLnetLabs/unbound/issues/806
2022-12-22 11:11:33 +01:00
e3b0d3960a
reverseproxy: create configs in subdirectories for easy management
2022-11-17 12:16:11 +01:00
720bafaf02
logrotate: only keep 14 days of logs
...
https://unix.stackexchange.com/questions/261696/logrotation-rotate-and-maxage-command
https://blog.gsterling.de/2017/10/03/logrotate-misconceptions-about-maxsize-and-size/
2022-11-17 00:47:39 +01:00
f82f533f36
Add SIGHUP handler to reload certs
...
we have to reload directory server certs out of process
2022-11-16 08:24:42 +01:00
1872cea763
graphs: do not average cpu use
...
Show like htop/top: cpu core count * 100
2022-10-13 22:36:20 +02:00
656f3fcc13
add system.du
2022-10-11 23:06:54 +02:00
6f61145b01
configurecollectd.sh is no more
2022-10-11 21:04:25 +02:00
cbaf86b8c7
Use counter values for docker stats in collectd and grafana queries
2022-10-11 19:06:40 +02:00
ad29f51833
Fixup typo guage -> gauge in docker-stats.py
2022-10-11 10:54:53 +02:00
3caffdb4e1
Rework app stats
...
Previously, the du plugin was collecting data every 20 seconds but
carbon was configured to only keep data every 12 hours causing much
confusion.
In the process of reworking this, it was determined:
* No need to collect disk usage info over time. Not sure how that is useful
* Instead, collect CPU/Network/Block info over time. We get this now from docker stats
* We also collect info about the services (addon containers)
* No need to reconfigure collectd for each app change anymore since there is no per
app collectd configuration anymore.
2022-10-10 21:13:26 +02:00
d5e5b64df2
cloudron-setup/motd: show ipv4 or ipv6 setup link
2022-08-01 18:32:07 +02:00
4a18ecc0ef
unbound: enable ip6
2022-08-01 14:15:09 +02:00
Girish Ramakrishnan