jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
15,779 Commits 33 Branches 583 Tags
aecc16af5d8d9bab4d118657d10934b04ac3a738
Commit Graph

22 Commits

Author SHA1 Message Date
Johannes Zellner
187389638c oidc: add RSA-SHA256 aka rs256 signature algorithm 2023-04-04 11:32:43 +02:00
Johannes Zellner
3aa13c3090 oidc: give every Cloudron its own EdDSA key 2023-03-23 18:11:51 +01:00
Girish Ramakrishnan
d2f0bb2b44 sftp: ed25519 keys 2023-03-09 11:03:13 +01:00
Girish Ramakrishnan
d20958760b rename constant to have RSA in it 2023-03-09 10:36:49 +01:00
Girish Ramakrishnan
89127e1df7 reverseproxy: rework cert logic 
9c8f78a059 already fixed many of the cert issues.

However, some issues were caught in the CI:

* The TLS addon has to be rebuilt and not just restarted. For this reason, we now
  move things to a directory instead of mounting files. This way the container is just restarted.

* Cleanups must be driven by the database and not the filesystem . Deleting files on disk or after a restore,
  the certs are left dangling forever in the db.

* Separate the db cert logic and disk cert logic. This way we can sync as many times as we want and whenever we want.
 2022-11-29 11:07:23 +01:00
Girish Ramakrishnan
aeef815bf7 proxyAuth: persist the secret token 2022-02-01 17:35:21 -08:00
Girish Ramakrishnan
1c8e699a71 generate dhparams per server 
this way we don't need to save/restore it from the database.
 2021-11-16 23:03:16 -08:00
Girish Ramakrishnan
c4db0d746d acme: if account key was revoked, generate new account key 
the plan was to migrate only specific keys but this allows us the
flexibility to revoke keys after the release (since we have not
gotten response from DO about access to old 1-click images so far).
 2021-11-16 22:57:40 -08:00
Girish Ramakrishnan
b7c5c99301 move turn secret generation 2021-11-16 22:37:42 -08:00
Girish Ramakrishnan
132c1872f4 sftp: move key generation to sftp code 2021-11-16 21:52:39 -08:00
Girish Ramakrishnan
39be267805 restore: secrets must be copied over after downloading box backup 2021-11-16 11:14:41 -08:00
Girish Ramakrishnan
f6356b2dff speed up dhparam creation 2021-11-16 09:53:43 -08:00
Girish Ramakrishnan
b5539120f1 tests: cache dhparams in /tmp 2021-09-16 16:39:13 -07:00
Johannes Zellner
f13e641af4 Also generate dhparams in test to let the platform finish startup 2021-09-16 17:19:59 +02:00
Girish Ramakrishnan
a5e34cf775 delete certs that have long expired (6 months) 
fixes #783
 2021-05-18 13:37:35 -07:00
Girish Ramakrishnan
84af9580a6 migrate certs into the blobs database 
use platformdata/nginx/cert to store the certs
 2021-05-07 21:26:49 -07:00
Girish Ramakrishnan
d8e464d9c7 Fix sftp paths 2021-05-04 15:55:37 -07:00
Girish Ramakrishnan
fc2e2665b9 restore: write secrets into platformdata on start 
this is required when cloudron is restored and we have to then write
keys from the db into the platformdata.
 2021-05-04 14:56:25 -07:00
Girish Ramakrishnan
7d8d6d4913 better error messages 2021-05-04 10:45:36 -07:00
Girish Ramakrishnan
c17743d869 migrate secrets into the database 
the infra version is bumped because the nginx's dhparams path has changed
and the sftp server key path has changed.
 2021-05-03 22:11:18 -07:00
Girish Ramakrishnan
035f356dff add async support to database.query() 2021-05-02 23:18:07 -07:00
Girish Ramakrishnan
907ae4f233 secrets -> blobs 
this will also have certs which are not really "secrets"
 2021-04-30 22:34:27 -07:00