jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
16,973 Commits 33 Branches 583 Tags
99f30fe09a70d9727ddca1eb42a87e4dcd348bd8
Commit Graph

8916 Commits

Author SHA1 Message Date
Girish Ramakrishnan dca9246450 Fix AdGuard resolving dashboard to docker bridge IP 
Issue 1: DO droplet when given the name my.blah.com , will put an entry
in /etc/hosts with `127.0.1.1 my.blah.com` . When app containers use
system DNS, they get this IP address which does not work inside a container.

An idea is to remove this entry when running cloudron-setup, but maybe this
causes trouble later.

Issue 2: Some networks seem to lack loopback networking. With OIDC changes,
we want the apps to access my.blah.com even if hairpin nat is not working.

Solution: make my.blah.com to resolve to the docker bridge IP (172.18.0.1)
where nginx also listens to. This means that such requests never go outside the server

Caveats:
* This breaks AdGuard which now starts resolving it to 172.18.0.1 for
the entire network! So, we skip ExtraHosts configuration for adguard

* Maybe ExtraHosts should be scoped to OIDC apps only. But the thought here is
that it will help apps like say n8n which are querying dasahboard.
 2024-09-18 14:42:11 +02:00
Girish Ramakrishnan 767f7ab40e capitalize view name 2024-09-18 13:10:26 +02:00
Johannes Zellner 1b810ec74f Only add unchecked checklist items on fresh installs for the moment 2024-09-16 13:46:19 +02:00
Girish Ramakrishnan 067b02dba1 dashboard: reconfigure all apps on location change 
continuation of 1b5fee233e

all containers have ExtraHosts , so we have to reconfigure everything
 2024-09-16 11:23:06 +02:00
Girish Ramakrishnan 305d877896 operator: fix resource view 
app resources view requires the cpu and memory information
 2024-09-13 16:47:13 +02:00
Girish Ramakrishnan a932a5251a update: all operators to update an app 
previously, the update info was restricted to admins. this can now be queried
by any authenticated user. update information can be gathered from listing apps and
then checking against appstore anyway.
 2024-09-13 16:46:58 +02:00
Girish Ramakrishnan 1b5fee233e docker: use the system dns for app containers 
take 2 after failed attempt with 92bce26e22

this makes the dashboard domain resolve internally to nginx

can test with `getent ahosts my.domain.com` inside the container.
 2024-09-11 17:52:25 +02:00
Girish Ramakrishnan 63457d2de4 Revert "docker: use the system dns for app containers" 
This reverts commit 92bce26e22.
 2024-09-10 19:37:39 +02:00
Girish Ramakrishnan 92bce26e22 docker: use the system dns for app containers 2024-09-10 09:42:31 +02:00
Girish Ramakrishnan 6742cdf373 backups: remount remote if not mounted before a backup 2024-09-09 18:15:49 +02:00
Girish Ramakrishnan ea72cef7f9 storage: remove getProviderStatus 2024-09-09 17:36:51 +02:00
Girish Ramakrishnan 1cd577cc65 filesystem: remove debug warning 2024-09-08 15:25:49 +02:00
Johannes Zellner 13d8db3daa For the moment new checklist items on update are acknowledged 2024-09-07 09:37:39 +02:00
Girish Ramakrishnan abf445e969 docker: fix rounding 
toFixed() returns a string!
 2024-08-28 11:45:53 +02:00
Girish Ramakrishnan e988e3a303 storage: fix noop test 2024-08-27 15:16:18 +02:00
Girish Ramakrishnan dca548b8a0 apptask: better progress message 2024-08-26 17:26:23 +02:00
Girish Ramakrishnan 56ecfdb4eb Fix crash on missing translation 2024-08-26 17:26:12 +02:00
Johannes Zellner 88b8cb48fc Deliver translation files as content type json 2024-08-23 18:34:53 +02:00
Girish Ramakrishnan d32819da4e i18n: fix crash if language file is missing 2024-08-23 10:20:35 +02:00
Girish Ramakrishnan b6becae396 make TRANSLATIONS_DIR a constant 2024-08-23 10:09:21 +02:00
Johannes Zellner aabdea8627 New sftp addon version to not overwrite files 2024-08-19 14:38:53 +02:00
Johannes Zellner ed1d537f60 Use sftp addong 3.8.9 to fix file upload on drop 2024-08-19 12:31:10 +02:00
Girish Ramakrishnan 9704eefc21 backupcleaner: do not remove the backup in progress 
the backup cleaner erroneously removes any "creating" state backups.
backups that are stuck are cleaned up elsewhere already (in the
backup retention logic with discardReason of "creating-too-long").
the missing backup logic is intended for any upstream lifecycle policies.
 2024-08-15 15:53:31 +02:00
Girish Ramakrishnan 52cd52d83c lint 2024-08-15 15:46:19 +02:00
Girish Ramakrishnan 4a29371907 s3: sometimes message is null and only code is valid 2024-08-13 07:08:33 +02:00
Girish Ramakrishnan 041f7da59b backups: make noop upload work again 2024-08-12 10:05:14 +02:00
Girish Ramakrishnan 7391af6f08 tail does not support doubledash it seems 2024-08-10 11:13:07 +02:00
Girish Ramakrishnan 8a640c8219 better app autoupdate logs 2024-08-10 11:04:17 +02:00
Girish Ramakrishnan 2ff995aa95 filemanager: do not respond again 2024-08-08 15:20:50 +02:00
Girish Ramakrishnan 21705a0e96 volumes: /mnt/volumes is reserved 2024-08-08 14:45:50 +02:00
Girish Ramakrishnan c03da3be54 volumes: check provider instead of hostPath 2024-08-08 14:41:43 +02:00
Girish Ramakrishnan 69f48ed11a apps: do not log app logs to output 2024-08-07 15:51:04 +02:00
Johannes Zellner caa0c342a4 sftp: restore mode and owner 2024-08-01 21:44:34 +02:00
Girish Ramakrishnan b870f98ec2 proxy-middleware: no more a middleware 2024-07-30 13:34:41 +02:00
Girish Ramakrishnan a5249102f2 proxy-middleware: just pass a string 2024-07-30 12:04:35 +02:00
Girish Ramakrishnan 5aa0c57a74 proxy-middleware: remove https and custom headers 2024-07-30 11:46:54 +02:00
Girish Ramakrishnan 053b076af0 proxy-middleware: remove via header and cookie support 2024-07-30 11:35:46 +02:00
Girish Ramakrishnan 247309e11b use constant 2024-07-30 11:00:50 +02:00
Girish Ramakrishnan 468d4dd9b0 ami: imdsv2 support 
https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/

One has to get a token now via PUT. This is because there is a bunch of
open proxies out there which blindly forwarded everything to internal network
including metadata requests. They have found that PUT requests don't cleanly
proxy and also AWS rejects token requests with X-Forwarded-For.
 2024-07-27 14:48:42 +02:00
Johannes Zellner 6056ba6475 Another missing check for manifest.addons 2024-07-27 11:56:36 +02:00
Girish Ramakrishnan d8aa4bc5e4 filemanager: fix sending of double header 
we should not proceed to notFoundHandler if proxy handled it just fine
 2024-07-26 11:58:41 +02:00
Girish Ramakrishnan 731295f708 system: simplify logic 2024-07-25 17:50:50 +02:00
Girish Ramakrishnan 9399040cd3 Fix log recursion 
shell.sudo logs output to stdout/stderr intentionally. It is not meant
for scripts that generate much output (basically scripts/* files).

core of the issue is that none of the log commands require to use sudo.
they can just use normal tail. only app logs requires sudo because of the
logPaths directive in the manifest.
 2024-07-25 17:48:58 +02:00
Girish Ramakrishnan b6fbc46b58 Revert "Add option to not log shell subprocess stdout+stderr" 
This reverts commit 51bb2d2bc2.
 2024-07-25 11:53:56 +02:00
Johannes Zellner 51bb2d2bc2 Add option to not log shell subprocess stdout+stderr 
When tailing the box log file this leads to logline recursion
 2024-07-25 10:22:02 +02:00
Girish Ramakrishnan 7ebf5ca16a Bring back upload route to keep e2e happy 
let's maybe remove it in next release
 2024-07-23 08:28:44 +02:00
Girish Ramakrishnan b26ff08a3c shell: copy over code and signal values from cp object 2024-07-22 21:24:27 +02:00
Girish Ramakrishnan 44678cf5f1 sshfs: if remote copy fails, fallback to sshfs based copy 
remote copy can file if there is no cp in the remote . for example,
if it was a windows server.
 2024-07-22 20:53:19 +02:00
Girish Ramakrishnan 5084ee761e update postgresql conf notes 2024-07-22 18:53:51 +02:00
Girish Ramakrishnan 91f50ae949 mysql: add template custom.cnf 2024-07-22 18:53:51 +02:00