e0a56f75c3
typo
2015-12-11 22:27:00 -08:00
4cfd30f9e8
use tlsConfig to determine acme or not
2015-12-11 22:25:57 -08:00
3fbcbf0e5d
store tls config in database
2015-12-11 22:14:56 -08:00
8b7833e8b1
fix debug namespacing
2015-12-11 21:49:24 -08:00
66441f133d
fix typo
2015-12-11 20:09:16 -08:00
8a12d6019a
assert assert everywhere, hope none fires!
2015-12-11 14:50:30 -08:00
39c626dc75
more moving of nginx code
2015-12-11 14:48:39 -08:00
a7480c3f29
implement installation of admin certificate via acme
2015-12-11 14:37:55 -08:00
95eba1db81
Add certificates.ensureCertificate which gets cert via acme
2015-12-11 14:15:44 -08:00
0b8fde7d8d
rename app.setAppCertificate
2015-12-11 14:13:29 -08:00
2f7517152a
rename certificates.initialize
2015-12-11 14:02:58 -08:00
3e2ea0e087
refactor certificate settings
2015-12-11 13:58:43 -08:00
723556d6a2
Add CertificatesError
2015-12-11 13:43:33 -08:00
1f53d76cef
wait forever by default
2015-12-11 13:41:17 -08:00
d15488431b
add waitfordns.js (refactored from appstore)
2015-12-11 13:14:27 -08:00
cf80fd7dc5
rename certificatemanager
2015-12-11 12:24:52 -08:00
73d891b98e
move validateCertificate to certificateManager
2015-12-10 20:38:49 -08:00
fd985c2011
configure nginx as the last step
...
this allow us to wait for certificate (in the case of LE)
2015-12-10 15:26:36 -08:00
47981004c9
split port reserving to separate function
...
this allows us to move nginx configuration to the bottom of apptask
(required for tls cert download support)
2015-12-10 15:25:15 -08:00
e3f7c8f63d
use fqdn to save admin certs as well
2015-12-10 14:29:54 -08:00
3c4adb1aed
fix config path
2015-12-10 13:36:44 -08:00
66db918273
add certificate manager stub
2015-12-10 13:35:02 -08:00
69845d5ddd
add config.adminFqdn()
2015-12-10 13:14:13 -08:00
5fc4788269
remove test code
2015-12-10 11:09:37 -08:00
d0f8293b73
treat acme as a cert backend
2015-12-10 11:08:22 -08:00
44582bcd4b
download the certificate as binary
2015-12-10 11:07:10 -08:00
5c73aed953
remove unused require
2015-12-10 09:54:21 -08:00
e1ec48530e
acme: create cert file with the chain
2015-12-10 09:11:08 -08:00
54c4053728
add LE cross signed
...
https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem.txt
2015-12-10 09:06:36 -08:00
79ffb0df5c
acme: openssl does not play well with buffers. use files instead
2015-12-10 08:57:53 -08:00
c510952c88
s/privateKeyPem/accountKeyPem
2015-12-09 19:23:19 -08:00
6109da531d
acme: use safe
2015-12-09 19:22:53 -08:00
56877332db
pull in urlBase64Encode
2015-12-09 18:34:27 -08:00
aaf266d272
convert cert to pem
2015-12-08 20:05:14 -08:00
0750db9aae
rename function
2015-12-08 19:54:37 -08:00
316976d295
generate the acme account key on first run
2015-12-08 19:42:33 -08:00
593b5d945b
use this fake email as the account owner for now
2015-12-08 19:15:17 -08:00
88f0240757
serve acme directory from nginx
2015-12-08 19:04:48 -08:00
f5c2f8849d
Add LE staging url for testing
2015-12-08 18:25:45 -08:00
5c4a8f7803
add acme support
...
this is not used anywhere since we want to wait for rate limits to be
fixed.
The current limits are :
Rate limit on registrations per IP is currently 10 per 3 hours
Rate limit on certificates per Domain is currently 5 per 7 days
The domains are counted based on https://publicsuffix.org/list/ (not TLD). Like appspot.com, herokuapp.com while not a TLD, it a public suffix. This list allows browser authors to limit how cookies can be manipulated by the subdomain of those domains. like app1.appspot.com cannot go and change things of app2.appspot.com.
This means
a) we cannot use LE for cloudron.me, cloudron.us (or we have to get on that list)
b) even for custom domains we get only 5 certs every 7 days. And one of them is taken for my.xx domain.
https://community.letsencrypt.org/t/public-beta-rate-limits/4772/38
2015-12-08 15:52:30 -08:00
5b8fdad5cb
Revert "remove targetBoxVersion checks since all apps are now ported"
...
This reverts commit d104f2a077
2015-12-05 02:29:06 -08:00
fe819f95ec
always return logs regardless of state
2015-12-04 13:13:54 -08:00
be6728f8cb
send support an email for app crashes
2015-12-02 16:50:00 -08:00
24d3a81bc8
remove targetBoxVersion checks since all apps are now ported
2015-12-02 15:02:16 -08:00
268c7b5bcf
always create an isolated network ns
2015-12-01 13:59:45 -08:00
64716a2de5
cloudron exec: disable links for subcontainers
...
Dec 01 08:36:53 girish.cloudron.us node[5431]: Error: HTTP code is 409 which indicates error: undefined - Conflicting options: --net=container can't be used with links. This would result in undefined behavior
2015-12-01 00:51:41 -08:00
d2c8457ab1
reset health when app is stopped
2015-11-30 15:41:56 -08:00
667cb84af7
Protect from crash on shutdown
2015-11-27 10:05:57 +01:00
df8653cdd5
Do not set Hostname for subcontainers
2015-11-26 19:26:29 -08:00
32f677ca0d
make app subcontainers share network namespace with app
...
pid namespace sharing is coming in https://github.com/docker/docker/issues/10163
2015-11-26 19:18:31 -08:00
Girish Ramakrishnan