jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
10,516 Commits 33 Branches 583 Tags
b0bdfbd8703e157b50a5061d61fa96e554db4e3d
Commit Graph

611 Commits

Author SHA1 Message Date
Girish Ramakrishnan
73315a42fe setup: fix journalctl configuration 
/var/log/journal/*/system.journal does not exist on some systems

https://forum.cloudron.io/topic/4068/installation-failed-on-20-04-server
https://forum.cloudron.io/topic/5731/time4vps-installation-error
 2021-09-28 19:21:16 -07:00
Girish Ramakrishnan
ad3dbe8daa mail: keep mail backups separately from box backups 
part of #717
 2021-09-26 21:47:24 -07:00
Girish Ramakrishnan
9584990d7a remove old migration code 2021-09-26 18:10:39 -07:00
Girish Ramakrishnan
77989893df remove boxdata/well-known directory 
this has already moved into the domains table
 2021-06-17 11:37:03 -07:00
Girish Ramakrishnan
593038907c unbound: on ubuntu 16, sd_notify is not working 
not clear, when unbound added support for this.

on ubuntu 16, unbound is 1.5.8.
on ubuntu 20, unbound is 1.9.4
 2021-06-04 09:41:54 -07:00
Girish Ramakrishnan
2421536c23 add indexes for ORDER BY fields used in code 
we hit ER_OUT_OF_SORTMEMORY with large tables
 2021-05-17 07:06:11 -07:00
Girish Ramakrishnan
a56766ab0e ensure nss-lookup.target is hit after unbound starts 
https://github.com/NLnetLabs/unbound/issues/296

this fixes volume hostname resolution on reboot
 2021-05-14 12:07:05 -07:00
Girish Ramakrishnan
50407eba0b volumes: generate systemd mount files based on mount type 2021-05-12 23:57:12 -07:00
Girish Ramakrishnan
84af9580a6 migrate certs into the blobs database 
use platformdata/nginx/cert to store the certs
 2021-05-07 21:26:49 -07:00
Girish Ramakrishnan
182918b13d add note 2021-05-07 20:20:15 -07:00
Girish Ramakrishnan
963e92b517 store fallback certs in the database 2021-05-04 22:30:28 -07:00
Girish Ramakrishnan
7de454911e migrate firewall configuration into database 
the ports.json is for the moment server specific
 2021-05-04 15:55:54 -07:00
Girish Ramakrishnan
dcea55cd81 chown the sftp directory 2021-05-04 00:27:45 -07:00
Girish Ramakrishnan
c17743d869 migrate secrets into the database 
the infra version is bumped because the nginx's dhparams path has changed
and the sftp server key path has changed.
 2021-05-03 22:11:18 -07:00
Girish Ramakrishnan
6a32291609 Move updatechecker.json into platform data 2021-04-29 14:01:24 -07:00
Girish Ramakrishnan
b8ea9de439 move profile icons into the database 2021-04-29 13:57:24 -07:00
Girish Ramakrishnan
7b8fd3596e well known is now stored in the database 2021-04-29 12:17:44 -07:00
Girish Ramakrishnan
00856b79dd firewall: Set BOX_ENV 2021-04-14 23:01:08 -07:00
Girish Ramakrishnan
131711ef5c mysql: bump connection limit to 200 2021-04-09 10:55:31 -07:00
Girish Ramakrishnan
84dfd4aa84 firewall: no need to keep 25 always open 2021-03-30 15:56:01 -07:00
Girish Ramakrishnan
c1ee3dcbd4 collectd: cache du values and send it every Interval (20) 
collectd plugin ordering matters. the write_graphite plugin establishes
a TCP connection but there is a race between that and the df/du values that
get reported. du is especially problematic since we report this only every 12 hours.

so, instead we cache the values and report it every 20 seconds. on the carbon side,
it will just retain every 12 hours (since that is the whisper retention period).

there is also FlushInterval which I am not 100% sure has any effect. by default, the
write_graphite plugin waits for 1428 bytes to be accumulated. (https://manpages.debian.org/unstable/collectd-core/collectd.conf.5.en.html)

https://github.com/collectd/collectd/issues/2672
https://github.com/collectd/collectd/pull/1044

I found this syntax hidden deep inside https://www.cisco.com/c/en/us/td/docs/net_mgmt/virtual_topology_system/2_6_3/user_guide/Cisco_VTS_2_6_3_User_Guide/Cisco_VTS_2_6_1_User_Guide_chapter_01111.pdf
 2021-03-26 00:21:38 -07:00
Girish Ramakrishnan
c1b61bc56b add note 2021-03-24 20:30:02 -07:00
Girish Ramakrishnan
0447dce0d6 graphite: restart collectd as well 2021-03-23 16:34:36 -07:00
Girish Ramakrishnan
32f385741a graphite: implement upgrade 
for the moment, we wipe out the old data and start afresh. this is because
the graphite web app keeps changing quite drastically.
 2021-03-23 16:34:32 -07:00
Girish Ramakrishnan
8048e68eb6 graphite: disable tagdb 2021-03-18 18:03:45 -07:00
Girish Ramakrishnan
f7bd47888a Fix issue where df output is not parsed correctly 
LANG is the default locale i.e when LC_* are not specificall
LC_ALL will override them all

https://forum.cloudron.io/topic/4681/going-to-system-info-triggers-assertion-error
 2021-03-17 11:14:07 -07:00
Girish Ramakrishnan
4d4aad084c remove hard dep on systemd-resolved 
the start.sh script does a "systemctl restart systemd-resolved". this
ends up restarting the box code prematurely! and then later when mysql
restarts, the box code loses connection and bad things happen (tm)
especially during a platform update.

we don't log to journald anymore, so not sure if EPIPE is still an issue
 2021-03-04 21:07:52 -08:00
Girish Ramakrishnan
aa71a734b9 Fix issue where mysql was restarting after new box code has started up 
not 100% sure because of missing log timestamps, but mysql restarts after the box
has started up. As seen from logs below, we try to mark the apps for restart on
platform update. But this failed because mysql was restarting at that time.
This ended up with e2e test failing.

box:apps restartAppsUsingAddons: marking nc4801.autoupdatetest.domain.io for restart
box:apps restartAppsUsingAddons: error marking nc4801.autoupdatetest.domain.io for restart: {"name":"BoxError","reason":"Database Error","details":{"fatal":true,"code":"PROTOCOL_CONNECTION_LOST"},"message":"Connection lost: The server closed the connection.","nestedError":{"fatal":true,"code":"PROTOCOL_CONNECTION_LOST"}}
box:apps restartAppsUsingAddons: marking wekan1398.autoupdatetest.domain.io for restart
box:database Connection 51 error: Connection lost: The server closed the connection. PROTOCOL_CONNECTION_LOST
box:database Connection 52 error: Connection lost: The server closed the connection. PROTOCOL_CONNECTION_LOST
Box GET /api/v1/cloudron/status 500 Internal Server Error connect ECONNREFUSED 127.0.0.1:3306 41.251 ms - 217
 2021-03-02 23:27:31 -08:00
Girish Ramakrishnan
d81ee7d99a timestamp the setup and installer logs 
at some point, mysql disconnects the box code and it becomes hard to
debug without the timestamps
 2021-03-02 23:06:37 -08:00
Girish Ramakrishnan
03a59cd500 mysql: disable binlogs altogether 
this is useful primarily for replication

http://dimitrik.free.fr/blog/archives/2018/04/mysql-performance-testing-80-with-less-blood.html
 2021-02-26 09:53:37 -08:00
Girish Ramakrishnan
bbed7c1d8a stack scripts: add hint that cloudron is installing 
with linode, user has no clue that cloudron is installing when they SSH in.
 2021-02-25 13:36:57 -08:00
Girish Ramakrishnan
7a6a170451 remove retire.sh 2021-02-25 10:32:53 -08:00
Girish Ramakrishnan
a546914796 mysql: keep binlog to couple of days 2021-02-24 16:00:46 -08:00
Girish Ramakrishnan
38607048ee mysql: make binlog have 5 day expiry 2021-02-24 09:19:26 -08:00
Girish Ramakrishnan
9ccd82ce4e set binlog config in mysql 
keep max binlog file size to 100M. and rotate then in 10 days
 2021-02-23 14:24:58 -08:00
Girish Ramakrishnan
48c52533c4 firewall: syntax cleanup 2021-02-12 08:13:47 -08:00
Johannes Zellner
1a98d6d2bd iptables --dports only supports up to 15 ports apparently 2021-02-12 15:56:19 +01:00
Girish Ramakrishnan
d2e03c009a redis: remove dead code 2021-01-04 19:36:43 -08:00
Girish Ramakrishnan
7bdeaca75b secure the provision and activation routes with a token 
fixes #751
 2020-12-21 23:33:31 -08:00
Girish Ramakrishnan
f497d5d309 fix thp disable on kernels that have it disabled 2020-12-07 11:38:11 -08:00
Girish Ramakrishnan
6810d823f5 collectd(df): convert byte string to string 
this makes the graphs work
 2020-12-04 12:10:59 -08:00
Girish Ramakrishnan
3a25c8da9f remove old code 2020-12-01 22:49:59 -08:00
Girish Ramakrishnan
4287642308 firewall: add udp ports to allowed list 2020-11-30 10:26:39 -08:00
Girish Ramakrishnan
213ce114e3 disable thp 
https://docs.mongodb.com/manual/tutorial/transparent-huge-pages/

redis complains loudly and this oftens results in support requests
 2020-11-28 16:30:04 -08:00
Girish Ramakrishnan
976f072ef4 sftp: ubuntu 20 requires keys in legacy format 2020-11-26 11:53:28 -08:00
Girish Ramakrishnan
1d3d8288a9 unbound does not depend on box 2020-11-25 18:31:30 -08:00
Girish Ramakrishnan
e511b70d8f bring back resolvconf and unbound DNS 
bd9c664b1a tried to remove it and use
the system resolver. However, we found that debian has a quirk that it adds
it adds the fqdn as 127.0.1.1. This means that the docker containers
resolve the my.example.com domain to that and can't connect.

This affects any apps doing a turn test (CLOUDRON_TURN/STUN_SERVER)
and also apps like SOGo which use the mail server hostname directly (since
they require proper certs).

https://www.debian.org/doc/manuals/debian-reference/ch05.en.html#_the_hostname_resolution

So, the solution is to go back to unbound, now that port 53 binding is specially
handled anyway in docker.js
 2020-11-25 10:02:43 -08:00
Girish Ramakrishnan
7b3b826f87 DNS fixes that work on all ubuntu versions 2020-11-23 00:27:17 -08:00
Girish Ramakrishnan
09c8248e31 move back docker network creation to start.sh 
dockerproxy and unbound rely on it.
 2020-11-20 17:22:57 -08:00
Girish Ramakrishnan
c0b0029935 statically allocate app container IPs 
We removed httpPort with the assumption that docker allocated IPs
and kept them as long as the container is around. This turned out
to be not true because the IP changes on even container restart.

So we now allocate IPs statically. The iprange makes sure we don't
overlap with addons and other CI app or JupyterHub apps.

https://github.com/moby/moby/issues/6743
https://github.com/moby/moby/pull/19001
 2020-11-20 16:19:59 -08:00