Johannes Zellner
31e900cb9c
Add hooks for providing our own login UI
2023-03-19 13:08:06 +01:00
Johannes Zellner
bab3de137b
Fix typo
2023-03-19 13:08:06 +01:00
Johannes Zellner
4ac70d70f9
oidc: set interaction routes prefix to the same as the main oidc routes
2023-03-19 13:08:06 +01:00
Johannes Zellner
1ea76ebb60
oidc: add initial findAccount and fixup findByUid
2023-03-19 13:08:06 +01:00
Johannes Zellner
47e35d0b06
Support consume api
2023-03-19 13:08:06 +01:00
Johannes Zellner
5fcadcce9c
Add initial OpenID connect support
...
This currently uses a fake json file storage and does not yet verify
credentials
2023-03-19 13:08:06 +01:00
Girish Ramakrishnan
33ad0829ad
Add workaround for porkbun rate limit
2023-03-18 16:20:17 +01:00
Girish Ramakrishnan
f74e2cbee3
porkbun: cleanup implementation
2023-03-18 09:58:04 +01:00
Girish Ramakrishnan
3616fbb51c
dns: add porkbun
...
domain setup ui
2023-03-16 20:21:39 +01:00
Girish Ramakrishnan
45a1122889
Revert back infra version to match 7.3
...
The code is not smart enough to do both infra bump and database major upgrades.
The db upgrade logic relies on the container to be running to export and re-import.
2023-03-15 21:16:08 +01:00
Girish Ramakrishnan
abd6ab06de
mongodb: fix restart
2023-03-14 11:59:25 +01:00
Girish Ramakrishnan
e86a613d86
proxyauth: typo in basic auth validation
2023-03-14 11:35:24 +01:00
Girish Ramakrishnan
ef3d23ebd9
Fix error message
2023-03-14 11:35:10 +01:00
Girish Ramakrishnan
53e9eccf72
unify totp check
...
the totp check is done in several places causing errors like 3552232e99
2023-03-12 16:01:12 +01:00
Girish Ramakrishnan
8e0d1b61af
Make tests run again
2023-03-11 23:41:01 +01:00
Girish Ramakrishnan
3aa040bf01
apps: remove repository
2023-03-11 16:25:39 +01:00
Girish Ramakrishnan
d242afd9fc
pass debug object
2023-03-10 12:10:40 +01:00
Girish Ramakrishnan
5e606c50a4
docker: better error message when out of disk space
2023-03-10 12:09:23 +01:00
Girish Ramakrishnan
59a8b001b7
Fix tests
2023-03-09 19:50:14 +01:00
Girish Ramakrishnan
d2f0bb2b44
sftp: ed25519 keys
2023-03-09 11:03:13 +01:00
Girish Ramakrishnan
d20958760b
rename constant to have RSA in it
2023-03-09 10:36:49 +01:00
Girish Ramakrishnan
d1398659a3
Move sftp to new base image
2023-03-09 09:18:26 +01:00
Girish Ramakrishnan
5d425fbce5
Update graphite
2023-03-09 01:55:12 +01:00
Girish Ramakrishnan
2402bf45f4
hold off on mongodb update because it needs avx
2023-03-09 00:44:58 +01:00
Girish Ramakrishnan
b9a484f72e
Update mongodb
2023-03-08 23:44:21 +01:00
Girish Ramakrishnan
8448d28f6f
Implement HSTS preload
...
This allows browsers to query https directly instead of the initial http redirect
https://hstspreload.org/#opt-in says it should be explicitly opt in
2023-03-06 11:46:05 +01:00
Girish Ramakrishnan
5bbeb1196a
add root as reserved name for gogs
2023-03-05 10:52:30 +01:00
Girish Ramakrishnan
9cd3874b57
mysql: set secure_file_priv
2023-03-02 21:20:46 +01:00
Girish Ramakrishnan
03a77ddf01
Fix validation of hostPath
...
When adding a volume, this comes in mountOptions. The hostPath in the
database is the computed host path.
2023-02-25 23:41:11 +01:00
Girish Ramakrishnan
abacc60181
tls: fix wildcard alias cert file names
...
also, do not provision redirect certs. redirect domains can never
hit the server anyway.
2023-02-25 20:22:09 +01:00
Girish Ramakrishnan
dbbe93955c
acme2: add bare domain to altNames when requesting wildcard cert
...
this is primarily to support DoT + ClientID. the adguard package
can now use this cert when the DoT port is enabled.
we thought of adding a "dot: true" flag for the manifest. that flag
would request a special wildcard cert as well as setup the dns. setting
up the dns is complicated ux wise because it would be totally hidden
from the user. It's better they add an alias and thus we make things
a bit more explicit (what if user was using the wildcard domain for something
else etc).
2023-02-25 20:22:09 +01:00
Johannes Zellner
bfeea414d8
Use sftp 3.6.2
2023-02-25 15:38:41 +01:00
Girish Ramakrishnan
edf87739fc
eventlog: only prune login and logout events
2023-02-25 01:20:43 +01:00
Girish Ramakrishnan
582994b9d6
addons: stable IPv4 addresses
...
give addons static IPv4 so one can reliably connect from outside via
SSH tunnel
2023-02-21 12:20:44 +01:00
Girish Ramakrishnan
8c59528cc2
eventlog: keep 3 months
2023-02-21 10:38:15 +01:00
Girish Ramakrishnan
f9ec2bc06a
cloudflare: add config for default value of proxied
2023-02-11 10:07:46 +01:00
Girish Ramakrishnan
3bdc5731ea
syncDns: sync secondary dns records
2023-02-08 23:16:48 +01:00
Girish Ramakrishnan
c33266ce03
dyndns: update secondary/redirect/alias domains as well
2023-02-08 23:07:53 +01:00
Girish Ramakrishnan
d4be2b54a2
typo
2023-02-02 11:32:42 +01:00
Girish Ramakrishnan
e856681b3a
typo
2023-02-01 21:52:15 +01:00
Girish Ramakrishnan
c07c8b5bb8
ubuntu 18: systemd kill ends up killing the script itself
...
This is because KillMode=control-group by default
2023-02-01 18:50:45 +01:00
Girish Ramakrishnan
7bbc7c2306
ubuntu 18: ExecReload does not work
2023-02-01 17:28:05 +01:00
Girish Ramakrishnan
c2a7e0f092
lint
2023-02-01 15:43:59 +01:00
Girish Ramakrishnan
54add73d2a
reverseproxy: LE backdates certs by an hour
...
https://community.letsencrypt.org/t/valid-from-date-on-cert-off-by-1-hour/103239
2023-02-01 12:52:37 +01:00
Girish Ramakrishnan
3f70edf3ec
print subject and fix notBefore parsing
2023-02-01 12:38:29 +01:00
Girish Ramakrishnan
c63e0036cb
typo
2023-02-01 12:28:46 +01:00
Girish Ramakrishnan
3b9486596d
reverseproxy: force renewal only renews if not issued in last 5 mins
...
otherwise, this leads to repeated renewals in checkCerts
2023-02-01 11:18:39 +01:00
Girish Ramakrishnan
eddfd20f24
reverseproxy: get dates
2023-02-01 11:05:50 +01:00
Girish Ramakrishnan
690df0e5c4
reverseproxy: add option to force renewal for e2e
2023-01-31 23:45:17 +01:00
Girish Ramakrishnan
ce9e78d23b
reverseproxy: fix issue where renewed certs are not written to disk
2023-01-31 17:58:28 +01:00
