jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
8,154 Commits 33 Branches 583 Tags
a864af52df06dccbdee0b2a14dac7d85a106b4e6
Commit Graph

505 Commits

Author SHA1 Message Date
Girish Ramakrishnan
eb99f8b844 escape and quote the robotsTxt when templating 
for now, we restrict the string length to 4096 since that is what
nginx allows
 2017-07-23 19:56:28 -07:00
Girish Ramakrishnan
db7a4b75ae log the host in nginx logs 2017-07-21 09:43:44 -07:00
Girish Ramakrishnan
b5aed7b00a Set full path for nginx access log 2017-07-18 21:49:12 -07:00
Dick Tang
67486b8177 add X-Forwarded-Port in nginx reverse proxy for jetpack 
jetpack require X-Forward for the port, or "requested method jetpack.jsonAPI does not exist"
ref: https://github.com/ViBiOh/docker-wordpress/issues/1
 2017-07-18 15:58:46 +00:00
Girish Ramakrishnan
6dd4d40692 parse and save zoneName to cloudron.conf 
part of #377
 2017-07-17 09:16:06 -07:00
Girish Ramakrishnan
acd00222e5 Allow per-app configuration of robots.txt 
https://developers.google.com/search/reference/robots_txt has
the specification

Part of #344
 2017-07-14 15:25:05 -05:00
Girish Ramakrishnan
49de39a1f3 Set max ttl to 5 minutes 
This means the web ui will atleast work in 5 minutes.

Fixes #373
 2017-07-07 09:50:29 -05:00
Girish Ramakrishnan
50e712a93e preserve existing docker storage driver 
fixes #364
 2017-06-30 16:50:31 -05:00
Girish Ramakrishnan
f45da2efc4 Merge branch 'http2' into 'master' 
Add HTTP/2 support to NGINX configs

See merge request !9
 2017-05-12 23:23:41 +00:00
Girish Ramakrishnan
180cafad0c Fix restore of unencrypted backups 2017-05-08 15:48:32 -07:00
Ian Fijolek
788004245a Add HTTP/2 support to NGINX configs 
This easy fix should improve performance with newer browsers especially
for applications that require many files to be sent over the wire
*cough*Nextcloud11*cough*

NGINX blog post about HTTP/2 support: https://www.nginx.com/blog/nginx-1-9-5/
 2017-05-02 22:00:55 +00:00
Girish Ramakrishnan
be5221d5b8 bash gymnastics for password with spaces 2017-05-01 11:40:08 -07:00
Girish Ramakrishnan
b531922175 do not quote the argument 2017-04-30 22:17:23 -07:00
Girish Ramakrishnan
6cbf64b88e use openssl password only when restore key is non-empty or backup ends with .enc 2017-04-28 15:00:17 -07:00
Girish Ramakrishnan
8deadece05 handle null tlsCert and tlsKey 2017-04-25 17:29:26 -07:00
Girish Ramakrishnan
41edd3778d Merge branch 'dns-fixes' into 'master' 
Set DNS per container rather than the daemon

Closes #307

See merge request !6
 2017-04-25 17:06:31 +00:00
Girish Ramakrishnan
a0e122e578 Try to make tests work again 2017-04-23 18:03:40 -07:00
Girish Ramakrishnan
8c011ea9b0 setup: do not dump sensitive fields in args 2017-04-22 11:57:00 -07:00
Johannes Zellner
8a76788e7a From this version on encrypted backups don't use the openssl implicit salt 2017-04-21 10:58:52 +02:00
Ian Fijolek
f0ba126156 Move dns-search from daemon to client as well 
Verified no regression of #130
 2017-04-20 21:33:16 +00:00
Ian Fijolek
9dd51575ab Set DNS per container rather than the daemon 
All Cloudron containers need to have the nameserver 172.18.0.1. This was
being done at the daemon level, however since there are also iptables
rules restricting access to the nameserver from containers that aren't
on the Cloudron Docker network, this broke DNS for non-Cloudron
containers.

Since the DNS is only required for Cloudron containers in the first
place, this patch specifies 172.18.0.1 as the nameserver when Cloudron
creates a container and reverts the change at the daemon level
 2017-04-20 19:02:10 +00:00
Johannes Zellner
d9a0bf457d Don't make backup files executable 2017-04-20 16:02:13 +02:00
Johannes Zellner
a94d44da75 Add generic node.sh to run node apps as root and with memory limitations 2017-04-20 15:20:11 +02:00
Johannes Zellner
dda16331f6 Remove unused rmbackup.sh 2017-04-17 20:26:06 +02:00
Johannes Zellner
d95e68926b Remove unused backupapp.sh and backupbox.sh 2017-04-17 20:26:06 +02:00
Johannes Zellner
ff3a748398 Call backuptask.js directly as root to avoid trampoline shell scripts 2017-04-17 20:26:05 +02:00
Johannes Zellner
9354784f01 Remove unused cpbackup.sh 2017-04-17 20:26:05 +02:00
Johannes Zellner
e021a4b377 Remove unused restoreapp.sh 2017-04-17 20:26:05 +02:00
Johannes Zellner
5e1ad4ad93 We need root access to copy backup files with the filesystem backend 2017-04-17 20:26:05 +02:00
Girish Ramakrishnan
bb91faf23c mysql: Use utf8mb4 character set 2017-04-14 13:29:01 -07:00
Girish Ramakrishnan
eb2ef47df1 remove boxVersionsUrl 
update checker now uses the appstore routes
 2017-04-13 11:38:42 -07:00
mehdi
fce2cdce7f Adding proxy_max_temp_file_size 0 to nginx config. 
Explanation:
When proxying an HTTP request, nginx first fills up the memory buffers (set by proxy_buffer_size and proxy_buffers).
When these are full, it then writes them to a temporary file in batches of proxy_temp_file_write_size until it reaches proxy_max_temp_file_size.
When proxy_max_temp_file_size is not set, and a very large file is being served, it reaches the maximum of 1GB, and nginx begins to behave weirdly.
 2017-04-10 22:47:19 +02:00
Johannes Zellner
51d5b96fa1 use "mountpoint" to check if we have the user data mounted 2017-04-05 14:34:18 +02:00
Girish Ramakrishnan
1a3e3638ff iptables-restore is not used anymore 2017-04-04 13:00:48 -07:00
Girish Ramakrishnan
8f912d8a1b add note on how to view graphite browser 2017-04-04 12:35:29 -07:00
Johannes Zellner
da857f520b Only stop apps and addons on data migration 2017-04-04 14:30:45 +02:00
Johannes Zellner
7c7ef15e1c Do not collect data for btrfs file systems 2017-04-04 12:34:55 +02:00
Johannes Zellner
aa22ab8847 Cleanup the btrfs mounts and the user data file 2017-04-04 12:34:55 +02:00
Johannes Zellner
3e23c3efce Do not move the whole mail folder but only its content 2017-04-04 12:34:55 +02:00
Johannes Zellner
c4f96bbd6b Some directory creation fixes 2017-04-04 12:34:55 +02:00
Johannes Zellner
3a17bf9a0f Ensure apps and platform data dirs exist 2017-04-04 12:34:55 +02:00
Johannes Zellner
602f8bcd04 Split platform and app data folders and get rid of btrfs volumes 2017-04-04 12:34:55 +02:00
Girish Ramakrishnan
2c871705c7 Add a referrer policy 2017-03-31 16:11:54 -07:00
Girish Ramakrishnan
e9456f70f9 use connlimit module to rate limit 
hitcount cannot be more than 255 in recent module
 2017-03-29 21:51:24 -07:00
Girish Ramakrishnan
ffbda22145 Fine tune rate limits a bit more 2017-03-29 16:03:08 -07:00
Girish Ramakrishnan
956fe86250 Add firewall service 
Docker really insists on adding itself to the top of the FORWARD
chain. Making our firewall side-steps this docker design.
 2017-03-29 02:31:53 -07:00
Girish Ramakrishnan
4d000e377f Enable iptables based ratelimit for cloudron auth services 
The goal here is to simply add a rate limit to prevent brute
force password attacks.

Covered services includes:
    (public) http, https, ssh, smtp, msa, imap, sieve
    (private) postgres, redis, mysql, ldap, mongodb. msa

The private limits are higher because some apps will create
a db connection for each page request.  Some apps like mailtrain
will send out lots of emails etc.

Note that apps that use SSO are ratelimited by the ldap limit.

Part of #187
 2017-03-29 00:02:05 -07:00
Johannes Zellner
9d98b55881 Merge branch 'tobru/fix_278' into 'master' 
get disk_size_bytes by directly querying df /. fixes #278

Closes #278

See merge request !4
 2017-03-27 11:46:49 +00:00
Girish Ramakrishnan
18e59c4754 Rate limit nginx routes that verify the password 
Also remove rate-limit middleware

Test using something like:

    ab -v 1 -n 1000 -c 10 -s 5 -m POST https://my.<doamain>/api/v1/developer/login

Part of #187
 2017-03-27 00:06:42 -07:00
Tobias Brunner
0c6c835a39 get disk_size_bytes by directly querying df /. fixes #278 
This simplifies the logic to get the available space the root
mountpoint has available and makes it more robust.
 2017-03-26 18:03:10 +02:00