jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
9,457 Commits 33 Branches 583 Tags
9a5dce33dbed0068443d34c8128d7111acc06256
Commit Graph

114 Commits

Author SHA1 Message Date
Girish Ramakrishnan
510121bf54 remove support for hyphentated domains 
this has not been used for a long time
 2020-08-15 18:50:07 -07:00
Girish Ramakrishnan
ba29889f54 remove IP nginx configuration that redirects to dashboard after activation 
fixes #728
 2020-08-13 14:10:17 -07:00
Girish Ramakrishnan
bf5b7294a0 Add missing debugs 2020-08-10 14:54:37 -07:00
Girish Ramakrishnan
1f1c94de70 Fix certificate ordering logic 
* app certs set by user are always preferred
* If fallback, choose fallback certs. ignore others
* If LE, try to pick LE certs. Otherwise, provider fallback.

Fixes #724
 2020-08-07 23:02:24 -07:00
Girish Ramakrishnan
6b9454100e certs: remove caas backend 2020-08-07 17:58:27 -07:00
Girish Ramakrishnan
b94dbf5fa3 remove restricted fallback cert 
this feature was never used. iirc, it was for managed hosting
 2020-08-07 17:57:25 -07:00
Johannes Zellner
d60714e4e6 Use webmaster@ instead of support@ as LetsEncrypt fallback 2020-05-03 11:02:18 +02:00
Girish Ramakrishnan
91af2495a6 Make key validation work for ecc certs 2020-03-24 21:20:21 -07:00
Girish Ramakrishnan
e6d881b75d Use owner email for LE certs 
https://forum.cloudron.io/topic/2244/email-contact-on-let-s-encrypt-ssl-tls-certificates-uses-password-recovery-email-rather-than-primary-email-address
 2020-03-20 13:39:58 -07:00
Girish Ramakrishnan
db330b23cb Stopped apps should not renew certificates 
We had a case where a stopped/ununsed app was generating cert renewal
errors.

One idea might be to suppress the notification as well.
 2020-01-26 16:22:20 -08:00
Girish Ramakrishnan
3ec5c713bf debug: certFilePath is undefined 2019-12-08 18:23:12 -08:00
Girish Ramakrishnan
53e39f571c Make addons code remove a BoxError 2019-12-04 14:28:42 -08:00
Girish Ramakrishnan
8d944f74c0 Make reverseProxy return BoxError consistently 2019-10-24 10:28:38 -07:00
Girish Ramakrishnan
51cb3b0ba8 Move DomainsError to BoxError 2019-10-23 15:15:19 -07:00
Girish Ramakrishnan
db6c07f86a Move ReverseProxyError with BoxError 2019-10-22 21:24:31 -07:00
Girish Ramakrishnan
8878bc4bf9 frameAncestors -> csp 
It seems we cannot separate frame ancestors from CSP because the hide
header just hides everything and not a specific resource. This means
that the user has to set or unset the full policy whole sale.
 2019-10-14 17:12:01 -07:00
Girish Ramakrishnan
9c12f1fe15 Add field to configure the reverse proxy 
part of #596
 2019-10-14 15:05:25 -07:00
Girish Ramakrishnan
488763fc42 rename appconfig to nginxconfig 2019-10-13 17:08:33 -07:00
Girish Ramakrishnan
0542ab16d4 If cert renewal failed, continue using old cert 2019-10-03 11:11:02 -07:00
Girish Ramakrishnan
7e75ef7685 cert: add more debugs 2019-10-03 10:36:57 -07:00
Girish Ramakrishnan
c428f649aa typo 2019-10-01 14:40:24 -07:00
Girish Ramakrishnan
ccecaca047 Fix crash 2019-10-01 14:04:39 -07:00
Girish Ramakrishnan
c7ee684f25 Fix bug where nginx was not reloaded on cert renewal 
Looks like it worked so far because nginx got reloaded in situations
like apptask or server reboot.
 2019-10-01 11:25:57 -07:00
Girish Ramakrishnan
52156c9a35 Remove unused type field 2019-10-01 11:17:12 -07:00
Girish Ramakrishnan
1d00c788d1 Remove dead code 2019-09-30 15:54:18 -07:00
Girish Ramakrishnan
d891d39587 reverseproxy: rename to writeDefaultConfig 2019-09-30 15:28:05 -07:00
Girish Ramakrishnan
cfde6e31ad reverseproxy: improve the note 2019-09-30 15:25:53 -07:00
Girish Ramakrishnan
243772d1f5 reverseproxy: do not export reload 2019-09-30 15:23:53 -07:00
Girish Ramakrishnan
1c36b8eaf7 Add debugs 2019-09-30 11:52:23 -07:00
Girish Ramakrishnan
79f9963792 Add robotsTxt tests 2019-09-09 21:52:01 -07:00
Girish Ramakrishnan
6dfafae342 move the comment 2019-07-26 22:19:14 -07:00
Girish Ramakrishnan
9b74bb73aa config.js is dead, long live config.js 
we use settings now
 2019-07-26 14:51:51 -07:00
Girish Ramakrishnan
6a77a58489 Move hasIPv6 into sysinfo 2019-07-25 14:35:08 -07:00
Girish Ramakrishnan
9d2f81d6b9 Remove X-Frame-Options 
This option is now obsolete in the standards and browsers are complaining.
This needs to move to be a CSP header but this is hard to do from outside
the app (since it has to be 'merged' with the app's existing CSP).

fixes #596
 2019-05-20 10:11:52 -07:00
Girish Ramakrishnan
c7f6ae5be9 remove unused require 2019-03-04 19:49:25 -08:00
Girish Ramakrishnan
d83d2d5f4e Do not restart mail container when setting fallback certs 2019-03-04 19:35:22 -08:00
Girish Ramakrishnan
da2b00c9cf Move cert change notification into ensureCertificate() 
When ensureCertificate renews the cert, the filename will match the
nginx config cert file. The current code detects that this implies
that the cert has not changed and thus does not update mail container.

Move the notification into ensureCertificate() itself. If we have a wildcard
cert and it gets renewed when installing a new app, then mail container will
still get it.
 2019-03-04 15:24:09 -08:00
Girish Ramakrishnan
b1b2bd5b97 move cert renewal notification to notification logic 2019-03-04 14:53:19 -08:00
Girish Ramakrishnan
e5964f9d93 Remove unused function 2019-03-02 19:31:19 -08:00
Girish Ramakrishnan
65210ea91d rework dns api to take domainObject 
the DNS backends require many different params, it's just easier to
pass them all together and have backends do whatever.

For example, route53 API requires the fqdn. Some other backends require just the
"part" to insert.

* location - location in the database (where app is installed)
* zoneName - the dns zone name
* domain - domain in the database (where apps are installed into)
* name/getName() - this returns the name to insert in the DNS based on zoneName/location
* fqdn - the fully resolved location in zoneName

verifyDnsConfig also takes a domain object even if it's not in db just so that we can
test even existing domain objects, if required. The IP param is removed since it's not
required.

for caas, we also don't need the fqdn hack in dnsConfig anymore
 2019-01-04 22:38:12 -08:00
Girish Ramakrishnan
16c1622b1f Make domains.fqdn take config and domain separately 
This way it can be used in the dns backends which don't have the domain object
 2019-01-04 14:11:29 -08:00
Girish Ramakrishnan
b5b20452cc Fix reverseProxy.getCertificate API 2018-12-19 14:20:48 -08:00
Girish Ramakrishnan
bdf9671280 Split dashboard dns setup and db operations 
The dns setup is now a task that we can wait on. Once that task
is done, we can do db operations to switch the domain in a separate
route
 2018-12-14 09:57:28 -08:00
Girish Ramakrishnan
357e44284d Write nginx config into my.<domain>.conf 
This way we can switch the domain as an independent task that does
not affect the existing admin conf
 2018-12-14 09:20:10 -08:00
Girish Ramakrishnan
63e3560dd7 on startup, only re-generate the admin config 
should not try to get certificates on startup
 2018-12-14 09:20:06 -08:00
Girish Ramakrishnan
434525943c move appconfig.ejs 2018-12-13 21:53:31 -08:00
Girish Ramakrishnan
f0dbf2fc4d Make reverseProxy.configureAdmin not use config 
This way we can set things up before modifying config for dashboard switch
 2018-12-13 21:42:48 -08:00
Girish Ramakrishnan
e7294f2950 Make handleCertChanged take a callback 2018-12-11 11:02:32 -08:00
Girish Ramakrishnan
c9f325e75d renewCerts does not call callback 2018-12-11 10:49:04 -08:00
Girish Ramakrishnan
d2f4b68c9f Make certificate renewal a task 2018-12-10 20:48:10 -08:00