jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
15,779 Commits 33 Branches 583 Tags
aecc16af5d8d9bab4d118657d10934b04ac3a738
Commit Graph

8393 Commits

Author SHA1 Message Date
Girish Ramakrishnan cb573c0a37 reverseproxy: identify LE staging correctly 2021-04-27 12:55:11 -07:00
Johannes Zellner 70f2337b09 Allow apps to override the Referrer-Policy header 2021-04-26 11:48:18 +02:00
Girish Ramakrishnan f3d870978b add tests for inactive mailbox and list 2021-04-21 12:39:18 -07:00
Girish Ramakrishnan d437acebe2 notifications: can also mark it as unread 2021-04-21 12:20:58 -07:00
Girish Ramakrishnan bb3f9744fb notifications: fix pagination of listByUserIdPaged 
we have to filter in sql query, otherwise we don't get consistent per page count
 2021-04-21 10:55:31 -07:00
Girish Ramakrishnan fbceb67df9 notifications: remove app up/down 2021-04-21 10:55:31 -07:00
Johannes Zellner 61e51c7875 Send new login location notification mail 2021-04-21 16:14:49 +02:00
Girish Ramakrishnan 8b99af952a turn: turn off verbose logging 2021-04-20 11:30:31 -07:00
Johannes Zellner d74f2b8506 Stop using deprecated developer/login route in tests 2021-04-20 17:52:53 +02:00
Girish Ramakrishnan 142af8e700 Fix notifications schema 2021-04-19 21:00:31 -07:00
Girish Ramakrishnan 0c8e0c4715 notifications: send backup fail only to owner 
only superadmin has access to server and can adjust backup config
 2021-04-19 20:57:10 -07:00
Girish Ramakrishnan 613da5fff9 notifications: remove user add/edit/update notifications 
these just clutter the real notifications. these are in the eventlog
anyways.
 2021-04-19 20:44:35 -07:00
Girish Ramakrishnan 355de5b0a4 notifications: fix update notification 
the notification wasn't working because this was in apptask and the apptask died
before it could send out the email. we now move the notification to box process
and also remove the email notification.
 2021-04-19 15:14:04 -07:00
Girish Ramakrishnan 7a7223a261 OCSP: do not set must-staple in certificate request 
On first visit in firefox, must-staple certs (unlike chrome which ignores must-staple) always fail.
Investigating, it turns out, nginx does not fetch OCSP responses on reload or restart - https://trac.nginx.org/nginx/ticket/812 .
So, one has to prime the OCSP cache using curl requests. Alternately, one can use `openssl ocsp -noverify -no_nonce` and
then set `ssl_stapling_file`. Both approaches won't work if the OCSP servers are down and then we have to have some retry logic.
Also, the cache is per nginx worker, so I have no clue how many times one has to call curl. The `ssl_stapling_file` approach
requires some refresh logic as well. All very messy.

For the moment, do not set must-staple in the cert. Instead, check if the cert has a CSP URL and then enable
stapling in nginx accordingly.
 2021-04-16 13:33:32 -07:00
Girish Ramakrishnan 4d919127a7 implement OCSP stapling 
can verify stapling using openssl s_client -connect hostname:443 -status

status_request is RFC6066. there is also status_request_v2 (RFC6961) but this is
not implemented even in openssl libs yet
 2021-04-16 12:13:54 -07:00
Girish Ramakrishnan 5d2fd81c0d Add missing callback() 2021-04-15 16:33:21 -07:00
Girish Ramakrishnan ef476f74bf notifications: no email for app up/down/oom events 
emails will not be used for self monitoring events. these are best done
from the outside. we just log everything in eventlog and raise notifications
as well.
 2021-04-15 15:29:25 -07:00
Girish Ramakrishnan d29d46d812 mail: add active flag to mailboxes and lists 2021-04-15 11:49:19 -07:00
Girish Ramakrishnan c3e14cd11f user: return 2fa status for the UI 2021-04-14 21:46:35 -07:00
Girish Ramakrishnan 5833d6ed5d Fix failing dns and network test 2021-04-14 21:43:51 -07:00
Girish Ramakrishnan f15714182b users: add route to disable 2fa 2021-04-14 20:45:35 -07:00
Girish Ramakrishnan 6d214cf0f2 2fa: fix routes to not have a slash 
otherwise, it feels like it is some sort of resource
 2021-04-14 19:59:46 -07:00
Girish Ramakrishnan f9a72b530c Fix coding style 2021-04-14 15:54:09 -07:00
Girish Ramakrishnan 0712eb1250 namecheap: fix del 2021-04-13 22:27:38 -07:00
Girish Ramakrishnan 564409d8b7 namecheap: Send it as POST 2021-04-13 22:17:01 -07:00
Girish Ramakrishnan 1c9c8e8e2b namecheap: refactor 2021-04-13 15:10:24 -07:00
Girish Ramakrishnan 04398c9b16 appstore: on dashboard domain change, update cloudron label 2021-04-13 14:19:45 -07:00
Girish Ramakrishnan 9a9c406fbe appstore: remove track begin/end 
we used these to track error rates which we don't need anymore since
it's quite reliable
 2021-04-13 14:10:30 -07:00
Girish Ramakrishnan 131711ef5c mysql: bump connection limit to 200 2021-04-09 10:55:31 -07:00
Johannes Zellner 5ae5566ce8 Fix blocklist setting when source and list have mixed ip versions 2021-04-07 17:31:04 +02:00
Girish Ramakrishnan 6d044bfbf3 mysql: Fix "mbind: Operation not permitted" warning" 
https://github.com/docker-library/mysql/issues/303#issuecomment-643154859
 2021-04-05 15:28:46 -07:00
Girish Ramakrishnan d161fe9ebd add progress message for restoring addons 2021-04-05 11:35:47 -07:00
Girish Ramakrishnan e613452058 mysql: remove use of mysql_upgrade 2021-04-01 11:50:03 -07:00
Johannes Zellner 5ccb1d44fe Send translation keys instead of raw english string for backup checks 2021-04-01 16:35:50 +02:00
Girish Ramakrishnan 726c028360 clone: copy services config 2021-03-30 12:45:28 -07:00
Girish Ramakrishnan f211de1ff4 apphealthmonitor: 403 is ok 2021-03-30 11:57:30 -07:00
Johannes Zellner 0402dce1ee Invite token should be valid for 7 days 2021-03-25 17:25:56 +01:00
Girish Ramakrishnan d277f8137b redis: backup before upgrade 2021-03-24 19:27:24 -07:00
Girish Ramakrishnan 7ae79fe3a5 graphite: restart collectd on upgrade 2021-03-24 14:10:31 -07:00
Girish Ramakrishnan 1f59974e83 give graphite more time to start before restarting collectd 2021-03-24 10:26:19 -07:00
Girish Ramakrishnan 0447dce0d6 graphite: restart collectd as well 2021-03-23 16:34:36 -07:00
Girish Ramakrishnan 32f385741a graphite: implement upgrade 
for the moment, we wipe out the old data and start afresh. this is because
the graphite web app keeps changing quite drastically.
 2021-03-23 16:34:32 -07:00
Girish Ramakrishnan 91a4ae90f2 better logs 2021-03-23 13:06:37 -07:00
Girish Ramakrishnan 3201c5bda3 remove CLOUDRON_MAIL_SMTP_SERVER_HOST from sendmail 
let's keep it in email addon because that will trigger reconfigure of apps
on server name change
 2021-03-23 10:40:47 -07:00
Girish Ramakrishnan c6920bd860 HSTS: bump the max-age to 2 years 
Side note: https://hstspreload.org/ . This is what the chromium project expects
for preloading.
 2021-03-22 19:04:28 -07:00
Girish Ramakrishnan 66ff2a9eb7 Revert "make box code send emails with STARTTLS" 
This reverts commit ca496df535.

2525 has no TLS anymore
 2021-03-22 14:34:07 -07:00
Girish Ramakrishnan c3d30a1d99 mail: rework STARTTLS strategy 
instead of fixing all apps which is a royal pain, we instead make Haraka
offer STARTTLS for 2587 and no STARTTLS for 2525.
 2021-03-21 20:38:05 -07:00
Girish Ramakrishnan 7df89e66c8 request has no retry method 
i thought it was using superagent
 2021-03-20 11:19:45 -07:00
Girish Ramakrishnan 4954b94d4a acme2: add a retry to getDirectory, since users are reporting a 429 2021-03-19 09:59:09 -07:00
Girish Ramakrishnan f3d9b81942 check for autofs mounts 
autofs mounts are "mounts on demand". this way, instead of mounting
lots of things on startup, you can mount it on first access.
 2021-03-19 09:59:09 -07:00