jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
9,678 Commits 33 Branches 583 Tags
a8928d26d1845e6432023466f66249dbb96f4c97
Commit Graph

559 Commits

Author SHA1 Message Date
Girish Ramakrishnan
a8928d26d1 Fix appdb get query 
the get() query was wrong when we had multiple port bindings.

we did apps JOIN X JOIN Y JOIN Z. This will return apps times x times y times z rows.
this just accidentally worked in the past. when we have multiple mounts,
we get duplicate values now.

the fix is do the joins separately and then merge them together.

an alternate approach to this mega query is to SET TRANSACTION SERIALIZABLE and do
multiple selects. but that requires database.js support which is a bit of work (and not
sure how it works with "connections").
 2020-11-22 16:03:41 -08:00
Girish Ramakrishnan
bd9c664b1a Free up port 53 
It's all very complicated.

Approach 1: Simple move unbound to not listen on 0.0.0.0 and only the internal
ones. However, docker has no way to bind only to the "public" interface.

Approach 2: Move the internal unbound to some other port. This required a PR
for haraka - https://github.com/haraka/Haraka/pull/2863 . This works and we use
systemd-resolved by default. However, it turns out systemd-resolved with hog the
lo and thus docker cannot bind again to port 53.

Approach 3: Get rid of systemd-resolved and try to put the dns server list in
/etc/resolv.conf. This is surprisingly hard because the DNS listing can come from
DHCP or netplan or wherever. We can hardcode some public DNS servers but this seems
not a good idea for privacy.

Approach 4: So maybe we don't move the unbound away to different port after all.
However, all the work for approach 2 is done and it's quite nice that the default
resolver is used with the default dns server of the network (probably a caching
server + also maybe has some home network firewalled dns).

So, the final solution is to bind to the make docker bind to the IP explicity.
It's unclear what will happen if the IP changes, maybe it needs a restart.
 2020-11-18 23:25:56 -08:00
Girish Ramakrishnan
625dc7c49b Add proxyAuth as an addon 2020-11-10 16:50:36 -08:00
Girish Ramakrishnan
71666a028b add support for protected sites 
https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication/
https://gock.net/blog/2020/nginx-subrequest-authentication-server/
https://github.com/andygock/auth-server
 2020-11-10 01:06:39 -08:00
Girish Ramakrishnan
cd3dc00f2f Do not allow duplicate mounts 2020-10-29 23:07:48 -07:00
Girish Ramakrishnan
88ed545830 rename appVolumes to appMounts 2020-10-28 22:06:33 -07:00
Girish Ramakrishnan
4388f6e87c Send volumes in REST response 2020-10-28 19:33:32 -07:00
Girish Ramakrishnan
6a3df679fa Add volume management 
the volumes table can later have backup flag, mount options etc
 2020-10-28 15:31:21 -07:00
Girish Ramakrishnan
b525b6e4fa fix code style 2020-10-27 17:15:19 -07:00
Johannes Zellner
678fca6704 For app tickets, send the log files along 2020-10-06 17:53:07 +02:00
Girish Ramakrishnan
491af5bd9a stop apps before updating the databases because postgres will "lock" them preventing import 2020-08-31 17:53:29 -07:00
Johannes Zellner
90fb1cd735 We also need enableBackup property for app listing api 2020-06-25 12:31:00 +02:00
Johannes Zellner
9c868135f3 app sso flag is not restricted now 2020-06-16 13:09:06 +02:00
Girish Ramakrishnan
e3829eb24b typo 2020-06-14 14:00:29 -07:00
Girish Ramakrishnan
f6cb1a0863 backups: query using identifier instead of type 
this allows us to move the enums into backups.js instead of backupdb.js
 2020-06-14 12:27:41 -07:00
Johannes Zellner
d6ec65d456 Do not remove alternateDomains to allow apps view filter to work 2020-06-14 13:39:15 +02:00
Girish Ramakrishnan
3df61c9ab8 do not automatically update unstable updates 
part of #698
 2020-06-05 16:26:23 -07:00
Girish Ramakrishnan
a4516776d6 make canAutoupdateApp take updateInfo object 
part of #698
 2020-06-05 16:06:37 -07:00
Girish Ramakrishnan
433e783ede do not allow backup, import, update in stopped state 2020-05-28 12:41:51 -07:00
Girish Ramakrishnan
f6c4614275 Do not restart stopped apps 
(cherry picked from commit 2e76b8bed9)
 2020-05-26 07:54:35 -07:00
Girish Ramakrishnan
1438ee52a1 import: fix crash because encryption is unset 2020-05-24 18:42:04 -07:00
Girish Ramakrishnan
b39261c8cf remove extra $ 2020-05-22 16:56:01 -07:00
Girish Ramakrishnan
7efb57c8da restart apps on addon container change 
when the IP changes on addon container re-create, the apps don't
detect this (maybe there is some large DNS cache timeout in docker)
 2020-05-22 16:45:03 -07:00
Girish Ramakrishnan
f417a49b34 Add encryptionVersion to backups 
this will identify the old style backups and warn user that a restore
doesn't work anymore
 2020-05-13 22:37:02 -07:00
Girish Ramakrishnan
ea8a3d798e create encryption keys from password during app import & restore 2020-05-12 15:53:18 -07:00
Girish Ramakrishnan
991c1a0137 check if manifest property is present in network response 2020-05-11 14:52:55 -07:00
Johannes Zellner
e27c5583bb Apps without dockerImage cannot be auto-updated 2020-05-11 23:20:17 +02:00
Girish Ramakrishnan
74b0ff338b Disallow cloudtorrent in demo mode 2020-05-04 14:56:10 -07:00
Girish Ramakrishnan
3357ca76fe specify the invalid bind name in error message 2020-05-02 11:07:58 -07:00
Girish Ramakrishnan
e9d0ed8e1e Add binds support to containers 2020-04-29 22:51:46 -07:00
Girish Ramakrishnan
2cdf68379b Revert "add volume support" 
This reverts commit b8bb69f730.

Revert this for now, we will try a simpler non-object volume first
 2020-04-27 22:55:43 -07:00
Girish Ramakrishnan
b8bb69f730 add volume support 
part of #668, #569
 2020-04-24 22:09:07 -07:00
Girish Ramakrishnan
e72622ed4f Fix crash during auto-update 2020-04-02 19:47:29 -07:00
Girish Ramakrishnan
5b62d63463 clear mailbox on update and restore 
part of #669
 2020-03-31 17:51:27 -07:00
Girish Ramakrishnan
e30ea9f143 make mailbox domain nullable 
for apps that do not use sendmail/recvmail addon, these are now null.
otherwise, there is no way to edit the mailbox in the UI

part of #669
 2020-03-31 11:26:19 -07:00
Girish Ramakrishnan
3e6b66751c typoe in assert 2020-03-30 15:17:34 -07:00
Johannes Zellner
f78571e46d Support reserved port ranges 2020-03-30 10:01:52 +02:00
Johannes Zellner
5ac9c6ce02 add turn,stun ports to RESERVED ones 
We still need to protect the TURN port range
 2020-03-30 08:30:06 +02:00
Girish Ramakrishnan
25c000599f Fix assert (appStoreId is optional) 2020-03-29 19:12:07 -07:00
Girish Ramakrishnan
7110240e73 Only a Cloudron owner can install/update/exec apps with the docker addon 
this should have been part of f1975d8f2b
 2020-03-29 18:52:37 -07:00
Girish Ramakrishnan
1da37b66d8 use resource pattern in apps routes 
this makes it easy to implement access control in route handlers
 2020-03-29 17:11:10 -07:00
Girish Ramakrishnan
f1975d8f2b only owner can install/repair/update/exec docker addon apps 2020-03-29 16:24:04 -07:00
Girish Ramakrishnan
acc2b5a1a3 remove unused param 2020-03-28 22:05:43 -07:00
Girish Ramakrishnan
1b15d28212 eventlog: add start/stop/restart logs 2020-03-19 17:02:55 -07:00
Girish Ramakrishnan
4e0c15e102 use short form syntax 2020-03-19 16:48:31 -07:00
Girish Ramakrishnan
0e156b9376 migrate permissions and admin flag to user.role 2020-02-21 16:49:20 -08:00
Girish Ramakrishnan
e092074d77 2020 is unused 2020-02-11 22:12:34 -08:00
Girish Ramakrishnan
f80f40cbcd repair: take optional docker image for re-configure 2020-02-11 21:05:01 -08:00
Girish Ramakrishnan
b8cddf559a min cpu shares is 2 2020-01-28 22:38:54 -08:00
Girish Ramakrishnan
4ba9f80d44 apps: configure cpuShares 2020-01-28 22:16:25 -08:00