jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
2,169 Commits 33 Branches 583 Tags
a4e73e747cbc5a8c74dc8a39baaa41d8d42ac33c
Commit Graph

2169 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Girish Ramakrishnan
ec380aa41e each change really needs to be in separate line 2016-03-30 15:34:09 -07:00
Girish Ramakrishnan
7d1a663a87 0.10.3 changes 2016-03-30 15:26:52 -07:00
Girish Ramakrishnan
ba69316c14 add note that filename is reused as id 2016-03-30 15:17:04 -07:00
Girish Ramakrishnan
c097651a88 store backup configuration as part of backups table 2016-03-30 15:04:39 -07:00
Girish Ramakrishnan
22b8154a39 0.11.0 changes 2016-03-30 11:39:50 -07:00
Girish Ramakrishnan
9e8179a235 up link is relative v0.10.2 2016-03-29 14:02:53 -07:00
Girish Ramakrishnan
3fbeb2a1c1 more 0.10.2 changes 2016-03-29 13:24:26 -07:00
Girish Ramakrishnan
2c4cf0a505 Download intermediate cert following the 'up' Link 2016-03-29 12:51:05 -07:00
Girish Ramakrishnan
adab544e99 Version 0.10.2 changes 2016-03-28 10:55:20 -07:00
Girish Ramakrishnan
ae8a371597 add adminFqdn in the spf record 
For custom domains, we do not set the A record for the naked domain
(because the user might be using it for his own). This means that
a:domain.com will not work.

The solution is to simply use the admin domain.
 2016-03-27 23:05:29 -07:00
Girish Ramakrishnan
ead076bd9f add MAIL_SMTP_PASSWORD 2016-03-25 23:14:09 -07:00
Girish Ramakrishnan
f8c683f451 Disallow updating an app with mismatching manifest id 
Story so far:
1. App installed from store. appStoreId is set to manifest.id.
2. User installed a custom built app with a custom manifest.id using cloudron install --app <id>. The appStoreId is still set.
3. When we make a new release, it overrides the users install.

The fix (for now) is:
1. Do not allow mismatching ids to start with.
2. When forced, it is allowed but appStoreId is cleared so as to not get any auto updates.

This leaves the user vulnerable to 'cloudron uninstall' simply autoselecting this new app.
For this, they have to simply disable CLI mode for now.

There is also a corner case where:
1. Dev installs from app store
2. Dev compiles from source and updates on top of app store install with --app <id>
3. Dev find out that his installation has auto-updated the next day.
 2016-03-25 11:46:25 -07:00
Johannes Zellner
b56bc08e9a Allow to use email and username for ldap bind 2016-03-24 21:03:04 +01:00
Girish Ramakrishnan
daadbfa23f fix wording 2016-03-23 12:00:30 -07:00
Girish Ramakrishnan
a215443c56 do not renew apps without any cert 
autoRenew was mistakenly reconfiguring app without a cert (this
is the common case for apps in non-custom domain)
v0.10.1 		2016-03-23 08:49:08 -07:00
girish@cloudron.io
4e22c6d5ac minor nakedomain fixes 2016-03-21 15:07:10 -07:00
girish@cloudron.io
d43810fea9 add comment on why we add naked domain for custom domains 2016-03-21 13:50:26 -07:00
girish@cloudron.io
f5ab63e8ec naked domain page styling 2016-03-21 13:49:11 -07:00
girish@cloudron.io
b1f172ed17 trim the output string 2016-03-21 08:25:10 -07:00
Girish Ramakrishnan
413f9231b3 fix formatting 2016-03-20 12:12:22 -07:00
Girish Ramakrishnan
11513f9428 send a message for cert renewal status 2016-03-19 20:40:03 -07:00
Girish Ramakrishnan
5042741435 renew cert every 12 hours 2016-03-19 20:30:01 -07:00
Girish Ramakrishnan
75ed9c4a63 Check for key file instead of csr file 
1) csr file in older backups got corrupt
2) new key results in a new cert request in LE (for rate limits)
 2016-03-19 18:49:55 -07:00
Girish Ramakrishnan
8c36f3aab4 add debug for fallback case 2016-03-19 18:37:05 -07:00
Girish Ramakrishnan
7aa5e8720a 0.10.1 changes 2016-03-19 14:17:28 -07:00
Girish Ramakrishnan
14ef71002f write the DER cert properly into the csr file 2016-03-19 14:07:58 -07:00
Girish Ramakrishnan
ea87841e77 merge fallback cert job into renewal 
this is becase we need to reconfigure for the case where we got a
renewed cert (but the app was switched to fallback cert at some point)
 2016-03-19 13:54:52 -07:00
Girish Ramakrishnan
091e424c0e Fix description 2016-03-19 13:37:58 -07:00
Girish Ramakrishnan
20629ea078 fix linter errors 2016-03-19 13:22:38 -07:00
Girish Ramakrishnan
b1b6a9ae65 reconfigure admin using configureAdmin 2016-03-19 12:54:11 -07:00
Girish Ramakrishnan
7ddbf7b652 refactor expiry check 2016-03-19 12:50:31 -07:00
Girish Ramakrishnan
3d088aa9c4 fix debug message 2016-03-19 12:31:48 -07:00
Girish Ramakrishnan
f329e0da92 fix typo 2016-03-19 12:14:23 -07:00
Girish Ramakrishnan
a18737882b run more aggressively in test mode 2016-03-19 12:12:39 -07:00
Girish Ramakrishnan
a58a458950 do not abbrev 2016-03-19 12:11:28 -07:00
Girish Ramakrishnan
44c5f84c56 Fix usage of isExpiringSync 2016-03-19 12:06:13 -07:00
Girish Ramakrishnan
d6b92ee301 remove Job suffix 2016-03-19 10:25:19 -07:00
Girish Ramakrishnan
c769a12c45 set the box version for test for pass 2016-03-19 10:23:12 -07:00
Girish Ramakrishnan
017c32c3dd fix certificate renewal 
Do the whole acme flow for certificate renewal. the idea here is
simply reuse the key and the csr. In this case, it does not count
as a new certificate issuance.

https://github.com/diafygi/letsencrypt-nosudo/issues/55
 2016-03-19 02:44:05 -07:00
Girish Ramakrishnan
5d54c9e668 check my domain for expiry and falling back 2016-03-18 23:43:56 -07:00
Girish Ramakrishnan
adaaca5ceb switch expired certs of domains to use fallback cert 
1) nginx won't reload when using expired certs
2) this is the only way the user can use the app now
 2016-03-18 23:26:57 -07:00
Girish Ramakrishnan
4a73e1490e Refactor code to take hours 2016-03-18 23:00:02 -07:00
Girish Ramakrishnan
f31a7a5061 use fallback certs if renewal fails 2016-03-17 12:20:02 -07:00
Girish Ramakrishnan
3499a4cc6c move requiresOAuthProxy to nginx 
we have 3 levels
    * routes, cron, apptask
    * everything else where everyone calls everyone :-)
    * the db layer
 2016-03-17 11:38:29 -07:00
girish@cloudron.io
42796b12dc update safetydance to 0.1.1 2016-03-14 22:50:48 -07:00
girish@cloudron.io
20ac040dde cert: check expiry correctly 2016-03-14 22:50:06 -07:00
girish@cloudron.io
7f2b3eb835 acme: disable renewal via url fetch for now 
this does not seem to work.

From cf85854177:

// RenewCertificate attempts to renew an existing certificate.
// Let's Encrypt may return the same certificate. You should load your
// current x509.Certificate and use the Equal method to compare to the "new"
// certificate. If it's identical, you'll need to run NewCertificate and/or
// start a new certificate flow.
 2016-03-14 22:22:57 -07:00
girish@cloudron.io
2b562f76ea le: handle renewal upto 30 days in advance 2016-03-14 22:18:43 -07:00
Girish Ramakrishnan
b942033512 acme: debug output the domain 2016-03-14 16:21:03 -07:00
Girish Ramakrishnan
fa4a8c2036 add debug for successful renewal 2016-03-14 15:55:51 -07:00