jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
16,278 Commits 33 Branches 583 Tags
b6fbc46b58dd76d514182c0221c2917f44bb5ed6
Commit Graph

25 Commits

Author SHA1 Message Date
Girish Ramakrishnan
082e659c7b disable rpcbind 
rpcbind is required for NFSv2 and v3 . It seems this gets installed
by nfs-common. It was never used by us since the firewall blocks
port 111 anyways.

NFSv3 needs 2049 for NFS, 111 for portmap, 635 for mountd, 4045 for NLM, 4046 for NSM, 4049 for rquota ...

NFSv4 works better because there's just a single target port, plus the "heartbeat" of lease renewal would keep the TCP/IP session alive.

https://serverfault.com/questions/949127/nfs-client-firewall-settings-and-rpcbind
https://docs.redhat.com/en/documentation/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/s2-nfs-methodology-portmap.html#s2-nfs-methodology-portmap
https://community.netapp.com/t5/Tech-ONTAP-Blogs/NFSv3-and-NFSv4-What-s-the-difference/ba-p/441316
 2024-06-27 20:37:08 +02:00
Girish Ramakrishnan
6681f2e5c8 netcup: dns fixes 2024-05-04 18:37:40 +02:00
Girish Ramakrishnan
c49a440211 init-ubuntu: resolvconf is not needed anymore 
unbound is still needed since it's running but not for resolv.conf
 2024-04-29 13:22:19 +02:00
Girish Ramakrishnan
8df97de8c6 Ubuntu 24.04 
* update docker to 26.0.1
* cloudron-syslog needs to have correct perms for fifo socket
 2024-04-29 11:07:10 +02:00
Girish Ramakrishnan
cd5cae33ce dns: switch over to systemd for the host 
this changes unbound to listen to 127.0.0.150 (150 is roman CL)

we cannot only bind on docker bridge because unbound is relied
upon for the initial domain setup. docker itself is only initialized
when the platform initializes
 2024-04-29 11:06:03 +02:00
Girish Ramakrishnan
ce4bf7e10c Fix cloudron installation on netcup 
https://forum.cloudron.io/topic/10097/cloudron-install-error-dpkg-error/
https://twitter.com/netcup/status/1735265955364720757
 2024-01-31 17:24:29 +01:00
Girish Ramakrishnan
a54c6d3c32 install whois 2023-12-14 17:05:22 +01:00
Girish Ramakrishnan
56324e3e8e Fixup sshd comment 2023-11-24 15:46:24 +01:00
Girish Ramakrishnan
e6c43c84e4 hardcode yellowtent user uid 
when we use an external disk, we chown 777 the mountpoint so that the
yellowtent user can write to it. the files are created as the 'yellowtent'
user.

when this disk is attached to another server for a restore, the new server's
yellowtent user may not be able to access the files if the uid does not match
between the old and new server.

for this, reason hardcode the uid
 2023-08-08 23:18:43 +05:30
Girish Ramakrishnan
7a68f4e7b9 Fix misleading pending security updates message 
python3-magic is missing in DO 22.04.2 LTS

https://forum.cloudron.io/topic/9072/debugging-ubuntu-security-updates
 2023-04-21 20:26:00 +02:00
Girish Ramakrishnan
ac9f08ba2a unattended-upgrades: another log file 2023-04-17 09:40:31 +02:00
Girish Ramakrishnan
b6f640aca2 unattended-upgrades: log file comment 2023-04-17 09:36:04 +02:00
Girish Ramakrishnan
3d2e9bd448 init-ubuntu: more logs 2022-12-24 11:54:30 +01:00
Girish Ramakrishnan
ae30fe25d7 unbound: disable controller interface explicitly 
https://github.com/NLnetLabs/unbound/issues/806
 2022-12-22 11:11:33 +01:00
Girish Ramakrishnan
9ad7fda3cd ubuntu: do not explicitly disable ipv6 
IIRC, we had this because unbound will not start up on servers with IPv6 disabled (in the kernel).
Maybe this is a thing of the past by now.
 2022-07-27 06:16:03 +02:00
Girish Ramakrishnan
c0eedc97ac collectd: always disable FQDNLookup 2022-07-25 17:01:49 +02:00
Girish Ramakrishnan
5d16aca8f4 add script to recreate containers 2022-07-12 20:51:51 +05:30
Girish Ramakrishnan
c9916c4107 Really disable FQDNLookup 2022-05-25 15:48:25 -07:00
Girish Ramakrishnan
3adf8b5176 collectd: FQDNLookup causes collectd install to fail 
this is on ubuntu 20

https://forum.cloudron.io/topic/7091/aws-ubuntu-20-04-installation-issue
 2022-05-25 15:10:55 -07:00
Girish Ramakrishnan
622ba01c7a ubuntu 22: collectd disappeared 
https://bugs.launchpad.net/ubuntu/+source/collectd/+bug/1971093

also, remove the ubuntu 16 hack
 2022-05-06 20:02:02 -07:00
Girish Ramakrishnan
1e711f7928 Ubuntu 22 has private home directories by default (https://discourse.ubuntu.com/t/private-home-directories-for-ubuntu-21-04-onwards/) 2022-04-27 17:49:29 -07:00
Girish Ramakrishnan
070a425c85 typo 2022-04-27 13:11:20 -07:00
Girish Ramakrishnan
32153ed47d nginx: switch to ubuntu's repo package 
ubuntu 18.04 has nginx 1.14
ubuntu 20.04, 22.04 has nginx 1.18

We used a custom nginx for TLSv1.3 support (ssl_protocols TLSv1.3).

OpenSSL itself has TLS 1.3 only from Ubuntu 18.10. This is why we
installed custom packages on Ubuntu 18.04
 2022-04-27 10:59:27 -07:00
Girish Ramakrishnan
f5a2e8545b Initial support for ubuntu 22.04 Jammy Jellyfish 2022-04-21 12:30:37 -07:00
Girish Ramakrishnan
3d1f2bf716 move init script into scripts 
the baseimage directory was from a time when we used to build a
base image and snapshot it. this is not done anymore.

init-ubuntu.sh - static packages installed one time and managed by ubuntu
installer.sh - packages installed and maintained by cloudron. run before an update.
    this can "fail" and the updater can thus abort
start.sh - configuring packages
 2022-04-01 09:48:40 -07:00