jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
10,969 Commits 33 Branches 583 Tags
b0a09a8a00c596f27bbb04a3df0a84db7ff0cbb2
Commit Graph

110 Commits

Author SHA1 Message Date
Girish Ramakrishnan
7ec1594428 create a separate support user 
This creates a separate user named 'cloudron-support' using which we
can provide remote support. The hyphen username convention follows the
systemd sytem username convention.

With a separate user, we don't need to ask users to keep changing PermitRootLogin
(and remind them to change it back).

Using a sudo user has various advantages:

* https://askubuntu.com/questions/687249/why-does-ubuntu-have-a-disabled-root-account
* https://wiki.debian.org/sudo
* https://askubuntu.com/questions/16178/why-is-it-bad-to-log-in-as-root

The yellowtent user is also locked down further - no password and no shell login.
 2022-03-30 15:08:20 -07:00
Girish Ramakrishnan
bfb233eca1 installer.sh: move installation of docker/node/nginx etc 
no need to dup the code in two places. i think this will also
fix the unbound/resolvconf DNS resolution issue. this way unbound is configured
and is what gets used when docker is installed.

https://forum.cloudron.io/topic/6660/help-please-failing-setup-of-cloudron
https://forum.cloudron.io/topic/6632/help-me-please-got-error-while-installing-the-cloudron-on-a-fresh-ubuntu-20-04-x64-server
https://forum.cloudron.io/topic/6561/that-install-script-fails-74-times-out-of-75
 2022-03-29 22:34:03 -07:00
Girish Ramakrishnan
5b27eb9c54 initializeBaseUbuntuImage: create yellowtent user 2022-03-29 21:41:46 -07:00
Girish Ramakrishnan
faf91d4d00 sshfs and mount.nfs are in base image now 2022-03-29 21:32:48 -07:00
Girish Ramakrishnan
6933ccefe2 Update nginx to 1.20.0-1 2022-03-28 13:25:05 -07:00
Girish Ramakrishnan
7bfa237d26 Update docker to 20.10.12 2022-02-08 10:57:24 -08:00
Girish Ramakrishnan
e9945d8010 Update cloudron-syslog 2022-01-13 16:29:50 -08:00
Girish Ramakrishnan
09d3d258b6 do not retry forever if dpkg install fails 
https://forum.cloudron.io/topic/6329/cloudron-update-failing
 2022-01-13 11:04:45 -08:00
Girish Ramakrishnan
a3280a0e30 Update node to 16.13.1 
useful for using stream.promises
 2021-12-14 20:49:25 -08:00
Girish Ramakrishnan
8e8d2e0182 Update docker to 20.10.7 2021-10-11 10:24:08 -07:00
Girish Ramakrishnan
cdf6988156 Update node to 14.17.6 2021-09-10 14:34:11 -07:00
Girish Ramakrishnan
e51dd8f530 installer: prepare apt before installing more packages 
currently, this is only prepared when needed because don't want this
to happen on every update
 2021-06-25 12:14:24 -07:00
Girish Ramakrishnan
5f509f802f install sshfs 2021-06-18 14:46:54 -07:00
Girish Ramakrishnan
50407eba0b volumes: generate systemd mount files based on mount type 2021-05-12 23:57:12 -07:00
Girish Ramakrishnan
83872a0a1d installer: is_update is not set correctly 2021-03-04 23:14:00 -08:00
Girish Ramakrishnan
39864fbbb9 use the curl that retries 2021-03-04 12:09:23 -08:00
Girish Ramakrishnan
94dcec9df1 while...do 2021-03-04 12:09:23 -08:00
Girish Ramakrishnan
cfcc210f9c try pulling images in a loop 2021-03-03 21:54:08 -08:00
Girish Ramakrishnan
d81ee7d99a timestamp the setup and installer logs 
at some point, mysql disconnects the box code and it becomes hard to
debug without the timestamps
 2021-03-02 23:06:37 -08:00
Girish Ramakrishnan
8f08c52103 not required anymore to uninstall gnome-shell 2021-02-23 18:57:15 -08:00
Girish Ramakrishnan
92c43e58c7 update docker to 20.10.3 2021-02-04 11:01:30 -08:00
Girish Ramakrishnan
dc91abb800 update node to 14.15.4 2021-02-04 11:01:08 -08:00
Girish Ramakrishnan
f3165c4e3b installer: move unzip to base image 2021-01-03 15:09:58 -08:00
Girish Ramakrishnan
a8187216af installer: ipset is now in base image 2021-01-03 15:08:44 -08:00
Girish Ramakrishnan
cf79e7f1ec Do not install xorg-server package 
~# aptitude why xserver-xorg
i   collectd    Recommends libnotify4 (>= 0.7.0)
i A libnotify4  Recommends gnome-shell | notification-daemon
i A gnome-shell Recommends gdm3 (>= 3.10.0.1-3~)
i A gdm3        Recommends xserver-xorg
 2021-01-03 14:53:47 -08:00
Girish Ramakrishnan
eec54e93bf Need nginx 1.18.0-2 for fresh ubuntu 16 installs 
it fails with missing /run/nginx.pid message
 2020-11-25 17:57:58 -08:00
Girish Ramakrishnan
7b3b826f87 DNS fixes that work on all ubuntu versions 2020-11-23 00:27:17 -08:00
Girish Ramakrishnan
bd9c664b1a Free up port 53 
It's all very complicated.

Approach 1: Simple move unbound to not listen on 0.0.0.0 and only the internal
ones. However, docker has no way to bind only to the "public" interface.

Approach 2: Move the internal unbound to some other port. This required a PR
for haraka - https://github.com/haraka/Haraka/pull/2863 . This works and we use
systemd-resolved by default. However, it turns out systemd-resolved with hog the
lo and thus docker cannot bind again to port 53.

Approach 3: Get rid of systemd-resolved and try to put the dns server list in
/etc/resolv.conf. This is surprisingly hard because the DNS listing can come from
DHCP or netplan or wherever. We can hardcode some public DNS servers but this seems
not a good idea for privacy.

Approach 4: So maybe we don't move the unbound away to different port after all.
However, all the work for approach 2 is done and it's quite nice that the default
resolver is used with the default dns server of the network (probably a caching
server + also maybe has some home network firewalled dns).

So, the final solution is to bind to the make docker bind to the IP explicity.
It's unclear what will happen if the IP changes, maybe it needs a restart.
 2020-11-18 23:25:56 -08:00
Johannes Zellner
b64acb412e Add cloudron-translation-update script 2020-11-18 23:16:42 +01:00
Girish Ramakrishnan
baa5122fcb Update mysql and docker 
part of #684
 2020-09-15 21:58:40 -07:00
Girish Ramakrishnan
e4b06b16a9 firewall: implement blocklist 2020-08-31 21:46:07 -07:00
Girish Ramakrishnan
f4a322478d cloudron.target is not needed 2020-08-01 20:00:20 -07:00
Girish Ramakrishnan
7edeb0c358 nginx displays version in stderr 2020-07-22 17:57:55 -07:00
Girish Ramakrishnan
a9fb444622 Use nginx 1.18 for security fixes 2020-06-26 14:57:53 -07:00
Girish Ramakrishnan
f1fcb65fbe Do not install sshfs. user will install it if they want 
we don't use sshfs anywhere in our code ourselves
 2020-06-25 12:21:49 -07:00
Johannes Zellner
6f60495d4d Initial version of sshfs storage backend 2020-06-05 11:39:51 +02:00
Girish Ramakrishnan
3ffa935da7 Revert "part focal support" 
This reverts commit 7d36533524.

not ready yet
 2020-05-30 10:58:28 -07:00
Girish Ramakrishnan
7d36533524 part focal support 
part of #684
 2020-05-25 19:49:15 -07:00
Girish Ramakrishnan
a3ac343fe2 installer: print from and to versions 2020-05-17 21:34:39 -07:00
Girish Ramakrishnan
16f3cee5c5 install custom nginx only on xenial 
https://nginx.org/en/linux_packages.html#Ubuntu
http://nginx.org/packages/ubuntu/pool/nginx/n/nginx/
 2020-04-02 11:54:22 -07:00
Johannes Zellner
57afb46cbd Ensure nginx installation will not overwrite our conf files 2020-04-02 16:57:55 +02:00
Johannes Zellner
91dde5147a add-apt-repository does not call apt-get update 2020-04-02 13:54:39 +02:00
Johannes Zellner
d0692f7379 Ensure we have latest nginx 2020-04-02 12:37:02 +02:00
Girish Ramakrishnan
c4ed471d1c Update node to 10.18.1 2020-01-29 20:54:57 -08:00
Girish Ramakrishnan
a0d1016c01 containerize sftp 2019-04-04 22:43:02 -07:00
Girish Ramakrishnan
e352562c51 proftpd: unattended install 
on 16.04,
debconf: falling back to frontend: Readline
ProFTPD configuration
---------------------

ProFTPD can be run either as a service from inetd, or as a standalone server.
Each choice has its own benefits. With only a few FTP connections per day, it is
probably better to run ProFTPD from inetd in order to save resources.

On the other hand, with higher traffic, ProFTPD should run as a standalone
server to avoid spawning a new process for each incoming connection.

  1. from inetd  2. standalone
 2019-03-27 14:16:55 -07:00
Girish Ramakrishnan
3dd2a19915 Handle case where proftpd is not installed 
also, don't install a specific version since it doesn't work in 16.04
 2019-03-27 14:07:23 -07:00
Girish Ramakrishnan
823bad2ace add proftpd to base image 2019-03-25 16:15:03 -07:00
Girish Ramakrishnan
ffe30289ee Revert "revert node to 8.15.1" 
This reverts commit bec63c1ad0.

ldap: unbind callback never fires in node 10.15 it seems. otherwise,
it all works..
 2019-03-23 13:35:12 -07:00
Girish Ramakrishnan
bec63c1ad0 revert node to 8.15.1 
the ldap search test fail with 10.15 for some reason

https://github.com/nodejs/Release

maybe related:
https://github.com/joyent/node-ldapjs/issues/510
 2019-03-22 17:27:23 -07:00