jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
15,779 Commits 33 Branches 583 Tags
aecc16af5d8d9bab4d118657d10934b04ac3a738
Commit Graph

8393 Commits

Author SHA1 Message Date
Girish Ramakrishnan
d42c524a46 prune all images instead of parsing output 
nothing is really lost since these are just unused images
 2022-11-30 10:01:50 +01:00
Girish Ramakrishnan
15cc624fa5 do string compare in certs 2022-11-30 09:59:19 +01:00
Girish Ramakrishnan
7e1c56161d reverseproxy: notify services immediately 
there are 2 cases where certs change (in db):
* LE cert is new or renewed
* fallback cert changes with fallback provider

if something is off i.e we crashed midway of above, then user can click the
rebuild button.
 2022-11-29 18:27:08 +01:00
Girish Ramakrishnan
77a5f01585 reverseproxy: rebuild only when needed 
re-creating nginx configs is only needed in 3 cases:
* provider changes. we create a rebuild file for this
* nginx config is somehow corrupt by external changes. user can click ui button

on startup, dashboard also always creates the nginx configs. so it's always up to provide the button
 2022-11-29 18:17:53 +01:00
Girish Ramakrishnan
3aa3cb6e39 tls: remove any old location certs 2022-11-29 17:58:51 +01:00
Girish Ramakrishnan
302f975d5c handle type mismatch 2022-11-29 17:13:58 +01:00
Girish Ramakrishnan
d23c65a7e7 reverseproxy: cert/key/csr are all pem 
just use strings instead of binary/string confusion
 2022-11-29 14:33:52 +01:00
Girish Ramakrishnan
1cf613dca6 Fix name of wildcard alias domain cert and configs 2022-11-29 13:35:17 +01:00
Girish Ramakrishnan
89127e1df7 reverseproxy: rework cert logic 
9c8f78a059 already fixed many of the cert issues.

However, some issues were caught in the CI:

* The TLS addon has to be rebuilt and not just restarted. For this reason, we now
  move things to a directory instead of mounting files. This way the container is just restarted.

* Cleanups must be driven by the database and not the filesystem . Deleting files on disk or after a restore,
  the certs are left dangling forever in the db.

* Separate the db cert logic and disk cert logic. This way we can sync as many times as we want and whenever we want.
 2022-11-29 11:07:23 +01:00
Girish Ramakrishnan
c844be5be1 make validateLocations return error 2022-11-28 22:16:22 +01:00
Girish Ramakrishnan
e15c6324e4 getDuplicateErrorDetails does not need domain map 2022-11-28 22:14:10 +01:00
Girish Ramakrishnan
b70572a6e9 dns: fqdn only needs domain string 
This is from the caas days, when we had hyphenated subdomains flag
 2022-11-28 21:56:25 +01:00
Girish Ramakrishnan
cab7409d85 mail: update haraka 2022-11-24 18:27:33 +01:00
Girish Ramakrishnan
38312b810a add note 2022-11-24 01:21:32 +01:00
Girish Ramakrishnan
9477e0bbb5 Fix crash when accessing memory_stats 2022-11-24 00:40:40 +01:00
Girish Ramakrishnan
4c6f7de10a more debug messages 2022-11-23 22:03:18 +01:00
Girish Ramakrishnan
28f3b697a1 tokens: add test for readonly token 2022-11-23 18:16:03 +01:00
Girish Ramakrishnan
f728971479 add test that only owner can open tickets 2022-11-23 17:56:24 +01:00
Girish Ramakrishnan
30fb1aa351 proxy: do not set Host header when proxying 
The default when proxying is $proxy_host.

Proxied apps must used X-Forwarded-Host header to determine the intended
target. I think we overwrote the Host header back in the day because apps
had varied support for this. Ideally, it can be removed across all our configurations.
 2022-11-23 16:50:38 +01:00
Johannes Zellner
a5d244b593 Add tests for proxy app upstreamUri 2022-11-23 14:36:57 +01:00
Girish Ramakrishnan
817e950d47 Fix upstreamUri verification 2022-11-23 12:58:17 +01:00
Girish Ramakrishnan
258eea4318 Fix appstore-test 2022-11-22 22:14:59 +01:00
Girish Ramakrishnan
1b0c33fc73 Fix system-test 2022-11-22 21:38:22 +01:00
Johannes Zellner
35ea3b1575 Also include potential swap files in the disk usage stats 2022-11-22 12:15:17 +01:00
Girish Ramakrishnan
b437466f8c mail: send quota value as raw bytes 2022-11-21 09:45:17 +01:00
Girish Ramakrishnan
3b8221190d Better error mesasge 2022-11-20 18:16:16 +01:00
Girish Ramakrishnan
250d54f157 postgresql: fix issue with pg_ctl timing out 2022-11-20 18:05:37 +01:00
Girish Ramakrishnan
5d0309f1ca reverseproxy: check renewal against cert instead of the files 2022-11-17 16:40:14 +01:00
Girish Ramakrishnan
00771d8197 reverseproxy: move dashboard config to subdir as well 2022-11-17 15:50:34 +01:00
Girish Ramakrishnan
641752a222 reverseproxy: remove getAcmeApiOptions 2022-11-17 12:39:23 +01:00
Girish Ramakrishnan
e3b0d3960a reverseproxy: create configs in subdirectories for easy management 2022-11-17 12:16:11 +01:00
Girish Ramakrishnan
cd90864bc3 typos 2022-11-17 11:46:29 +01:00
Girish Ramakrishnan
23cc0d6f0e acme2: do not pass around paths 2022-11-17 11:44:36 +01:00
Girish Ramakrishnan
51f43597bc Make location have subdomain just like in the database 2022-11-17 10:22:46 +01:00
Girish Ramakrishnan
28b5457e9c Fix validateLocations return value 2022-11-17 10:22:46 +01:00
Girish Ramakrishnan
35076b0e93 use vhost naming for nginx config terminology 2022-11-17 10:22:46 +01:00
Girish Ramakrishnan
293b8a0d34 remove location type from nginx filename 
this will keep it consistent with upcoming cert filenames
 2022-11-17 10:22:46 +01:00
Girish Ramakrishnan
0c8b8346f4 Move getLocationsSync into apps.js 2022-11-17 10:22:43 +01:00
Girish Ramakrishnan
720bafaf02 logrotate: only keep 14 days of logs 
https://unix.stackexchange.com/questions/261696/logrotation-rotate-and-maxage-command
https://blog.gsterling.de/2017/10/03/logrotate-misconceptions-about-maxsize-and-size/
 2022-11-17 00:47:39 +01:00
Johannes Zellner
0b6bbf4cc2 Set exec LANG via rest API only 2022-11-16 16:14:54 +01:00
Girish Ramakrishnan
013e15e361 reverseproxy: do deep compare in tlsConfig 
wildcard field might change
 2022-11-16 16:04:26 +01:00
Johannes Zellner
9da4f55754 Set default LANG in exec container to make umlauts and other special characters work 2022-11-16 15:49:06 +01:00
Girish Ramakrishnan
e3642f4278 reverse proxy: rebuild configs on provider change 2022-11-16 12:42:06 +01:00
Girish Ramakrishnan
19b0d47988 remove obsolete fixme 2022-11-16 11:46:31 +01:00
Girish Ramakrishnan
f82f533f36 Add SIGHUP handler to reload certs 
we have to reload directory server certs out of process
 2022-11-16 08:24:42 +01:00
Girish Ramakrishnan
15d5dfd406 reverseproxy: move the reload out of the write functions 2022-11-16 07:55:26 +01:00
Girish Ramakrishnan
af870d0eac mail: fix dnsbl count 
empty string was parsed as [''] leading the UI to think there is one zone
 2022-11-14 22:06:33 +01:00
Girish Ramakrishnan
7b7e5d24de domains: update event not generated 2022-11-14 10:58:47 +01:00
Girish Ramakrishnan
0843baad8b reverseproxy: remove options from renewCerts 2022-11-14 08:13:47 +01:00
Girish Ramakrishnan
5e2a55ecad add debug 2022-11-13 22:10:01 +01:00