jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
5,155 Commits 33 Branches 583 Tags
b04a417cfce4256e1e4e10f5d4a452fb35b96231
Commit Graph

144 Commits

Author SHA1 Message Date
Girish Ramakrishnan 180cafad0c Fix restore of unencrypted backups 2017-05-08 15:48:32 -07:00
Girish Ramakrishnan be5221d5b8 bash gymnastics for password with spaces 2017-05-01 11:40:08 -07:00
Girish Ramakrishnan b531922175 do not quote the argument 2017-04-30 22:17:23 -07:00
Girish Ramakrishnan 6cbf64b88e use openssl password only when restore key is non-empty or backup ends with .enc 2017-04-28 15:00:17 -07:00
Girish Ramakrishnan 41edd3778d Merge branch 'dns-fixes' into 'master' 
Set DNS per container rather than the daemon

Closes #307

See merge request !6
 2017-04-25 17:06:31 +00:00
Johannes Zellner 8a76788e7a From this version on encrypted backups don't use the openssl implicit salt 2017-04-21 10:58:52 +02:00
Ian Fijolek f0ba126156 Move dns-search from daemon to client as well 
Verified no regression of #130
 2017-04-20 21:33:16 +00:00
Ian Fijolek 9dd51575ab Set DNS per container rather than the daemon 
All Cloudron containers need to have the nameserver 172.18.0.1. This was
being done at the daemon level, however since there are also iptables
rules restricting access to the nameserver from containers that aren't
on the Cloudron Docker network, this broke DNS for non-Cloudron
containers.

Since the DNS is only required for Cloudron containers in the first
place, this patch specifies 172.18.0.1 as the nameserver when Cloudron
creates a container and reverts the change at the daemon level
 2017-04-20 19:02:10 +00:00
Johannes Zellner d9a0bf457d Don't make backup files executable 2017-04-20 16:02:13 +02:00
Girish Ramakrishnan eb2ef47df1 remove boxVersionsUrl 
update checker now uses the appstore routes
 2017-04-13 11:38:42 -07:00
Johannes Zellner 51d5b96fa1 use "mountpoint" to check if we have the user data mounted 2017-04-05 14:34:18 +02:00
Girish Ramakrishnan 1a3e3638ff iptables-restore is not used anymore 2017-04-04 13:00:48 -07:00
Johannes Zellner da857f520b Only stop apps and addons on data migration 2017-04-04 14:30:45 +02:00
Johannes Zellner aa22ab8847 Cleanup the btrfs mounts and the user data file 2017-04-04 12:34:55 +02:00
Johannes Zellner 3e23c3efce Do not move the whole mail folder but only its content 2017-04-04 12:34:55 +02:00
Johannes Zellner c4f96bbd6b Some directory creation fixes 2017-04-04 12:34:55 +02:00
Johannes Zellner 3a17bf9a0f Ensure apps and platform data dirs exist 2017-04-04 12:34:55 +02:00
Johannes Zellner 602f8bcd04 Split platform and app data folders and get rid of btrfs volumes 2017-04-04 12:34:55 +02:00
Girish Ramakrishnan 956fe86250 Add firewall service 
Docker really insists on adding itself to the top of the FORWARD
chain. Making our firewall side-steps this docker design.
 2017-03-29 02:31:53 -07:00
Girish Ramakrishnan 4d000e377f Enable iptables based ratelimit for cloudron auth services 
The goal here is to simply add a rate limit to prevent brute
force password attacks.

Covered services includes:
    (public) http, https, ssh, smtp, msa, imap, sieve
    (private) postgres, redis, mysql, ldap, mongodb. msa

The private limits are higher because some apps will create
a db connection for each page request.  Some apps like mailtrain
will send out lots of emails etc.

Note that apps that use SSO are ratelimited by the ldap limit.

Part of #187
 2017-03-29 00:02:05 -07:00
Girish Ramakrishnan 7e8757a78c grep quietly 2017-03-13 13:52:16 -07:00
Girish Ramakrishnan 81313d1c40 reduce nxdomain caching timeout 
the other option is to use "/usr/sbin/unbound-control flush_negative"
on demand
 2017-03-09 15:03:14 -08:00
Girish Ramakrishnan 1c36918e92 Done -> Almost done 2017-03-09 10:21:52 -08:00
Girish Ramakrishnan 9d52397bcc Move dhparam creation 
Now that all cloudrons have the dhparams file, we can generate this
*after* restoring from backup and if required.
 2017-03-01 15:25:20 -08:00
Girish Ramakrishnan 3a5000ab1d Detect loop support on linode correctly 
We don't need any of the loop logic since it seems scaleway
also supports automatically this now
 2017-02-15 15:40:19 -08:00
Girish Ramakrishnan 7f4f525551 dhparams.pem must be part of backup 2017-02-14 14:12:03 -08:00
Girish Ramakrishnan 9e2850ffad setup: do not restart mysql unnecessarily 2017-02-08 07:53:55 -08:00
Girish Ramakrishnan 19c665d747 docker daemon is deprecated 2017-02-06 11:33:10 -08:00
Girish Ramakrishnan 0cee6de476 Check if cloudron.conf file exists 2017-01-31 01:53:06 -08:00
Girish Ramakrishnan 7b547e7ae9 Revert scaleway specific overlay2 support 
This reverts commit 16d65d3665.

Rainloop app breaks with overlay2
 2017-01-30 15:43:42 -08:00
Girish Ramakrishnan 16d65d3665 Use overlay2 for scaleway 
https://github.com/scaleway/image-ubuntu/issues/68
 2017-01-30 14:01:29 -08:00
Girish Ramakrishnan ccb340cf80 Use systemd drop in to configure docker 
The built-in service files get overwritten by updates

Fixes #203
 2017-01-30 12:41:07 -08:00
Girish Ramakrishnan 56b0f57e11 Move unbound systemd config to separate file 2017-01-30 12:39:19 -08:00
Girish Ramakrishnan ddf5c51737 Make it 90 instead 2017-01-26 15:45:07 -08:00
Girish Ramakrishnan 88fc7ca915 move the files and not the directory 
... because box is a btrfs subvolume
 2017-01-26 14:16:27 -08:00
Girish Ramakrishnan ebd3a15140 always restart nginx 2017-01-25 12:04:52 -08:00
Girish Ramakrishnan f142d34f83 Move box data out of appdata volume 
This lets us restore the box if the app volume becomes full

Fixes #186
 2017-01-24 13:48:09 -08:00
Girish Ramakrishnan 357ca55dec remove unused var 2017-01-24 10:41:58 -08:00
Girish Ramakrishnan d7a8731027 remove unused var 2017-01-24 10:41:38 -08:00
Girish Ramakrishnan 9117c7d141 Use $USER 2017-01-24 10:32:32 -08:00
Johannes Zellner db8db430b9 Avoid warning from systemd by reloading the daemon after chaning journald config 2017-01-23 11:01:02 +01:00
Johannes Zellner c0b2b1c26d Escape shell vars in the unbound unit file 2017-01-23 10:27:23 +01:00
Johannes Zellner 7da20e95e3 Use a proper systemd unit file for unbound 
Part of #191
 2017-01-23 10:14:20 +01:00
Girish Ramakrishnan f30f90e6be Stop mail container before moving the dirs 2017-01-22 21:57:34 -08:00
Girish Ramakrishnan 7f05b48bd7 Revert "Migrate mail data after downloading restore data" 
This reverts commit e7c399c36a.
 2017-01-22 02:42:14 -08:00
Girish Ramakrishnan e7c399c36a Migrate mail data after downloading restore data 
This allows us to be backward compatible
 2017-01-21 23:33:57 -08:00
Girish Ramakrishnan d84666fb43 Move mail data out of box 
This will help us with putting a size on box data

Mail container version is bumped because we want to recreate it

Part of #186
 2017-01-20 20:22:08 -08:00
Girish Ramakrishnan 1eb33099af dkim directory is now automatically created in cloudron.js 2017-01-20 15:18:03 -08:00
Girish Ramakrishnan 804947f039 use dir mount instead of file mount 
file mounting is fraught with problems wrt change notifications.

first, we must be carefule that the inode does not change.

second, changes outside container do not result in fs events inside the container.
haraka cache settings files and relies on fs events. So, even
though the file gets updated inside the container, haraka doesn't
see it.

https://github.com/docker/docker/issues/15793
 2017-01-17 23:59:23 -08:00
Girish Ramakrishnan d45927cdf4 unbound: listen on 0.0.0.0 2017-01-13 15:22:54 -08:00