jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
10,363 Commits 33 Branches 583 Tags
ba3a93e648d44cc2f0652cc95c4e73cb2e01a3b3
Commit Graph

772 Commits

Author SHA1 Message Date
Girish Ramakrishnan
3934e59bd3 filemanager: allow downloading dirs as zip 2020-11-29 16:28:10 -08:00
Girish Ramakrishnan
213ce114e3 disable thp 
https://docs.mongodb.com/manual/tutorial/transparent-huge-pages/

redis complains loudly and this oftens results in support requests
 2020-11-28 16:30:04 -08:00
Girish Ramakrishnan
ad8b9cfc9f mail: enable acl 2020-11-27 18:14:49 -08:00
Girish Ramakrishnan
25cc60e648 mail: change the namespace separator to / 2020-11-24 12:55:58 -08:00
Girish Ramakrishnan
aad50fb5b2 add routes to get/set solr config 2020-11-19 20:19:24 -08:00
Girish Ramakrishnan
7663360ce6 add to changes 2020-11-19 11:20:22 -08:00
Girish Ramakrishnan
0a3aad0205 Add httpPaths support 2020-11-19 11:02:53 -08:00
Girish Ramakrishnan
bd9c664b1a Free up port 53 
It's all very complicated.

Approach 1: Simple move unbound to not listen on 0.0.0.0 and only the internal
ones. However, docker has no way to bind only to the "public" interface.

Approach 2: Move the internal unbound to some other port. This required a PR
for haraka - https://github.com/haraka/Haraka/pull/2863 . This works and we use
systemd-resolved by default. However, it turns out systemd-resolved with hog the
lo and thus docker cannot bind again to port 53.

Approach 3: Get rid of systemd-resolved and try to put the dns server list in
/etc/resolv.conf. This is surprisingly hard because the DNS listing can come from
DHCP or netplan or wherever. We can hardcode some public DNS servers but this seems
not a good idea for privacy.

Approach 4: So maybe we don't move the unbound away to different port after all.
However, all the work for approach 2 is done and it's quite nice that the default
resolver is used with the default dns server of the network (probably a caching
server + also maybe has some home network firewalled dns).

So, the final solution is to bind to the make docker bind to the IP explicity.
It's unclear what will happen if the IP changes, maybe it needs a restart.
 2020-11-18 23:25:56 -08:00
Girish Ramakrishnan
064eff0ac1 add changes 2020-11-16 22:50:56 -08:00
Girish Ramakrishnan
8c0bd97064 mail: owner can be a group 2020-11-13 00:31:34 -08:00
Girish Ramakrishnan
71666a028b add support for protected sites 
https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication/
https://gock.net/blog/2020/nginx-subrequest-authentication-server/
https://github.com/andygock/auth-server
 2020-11-10 01:06:39 -08:00
Girish Ramakrishnan
01e6301332 collectd: adjust collectd config when app is stopped and started 2020-11-09 10:37:22 -08:00
Johannes Zellner
13050f7bff Give log files better names on download 2020-11-09 11:07:16 +01:00
Girish Ramakrishnan
bedcd6fccf Disable the timeout altogether for chunk to upload 2020-11-06 14:47:14 -08:00
Girish Ramakrishnan
df8a71cd8b Each chunk can take up to 30 mins to upload 2020-11-06 00:05:53 -08:00
Girish Ramakrishnan
02eb362f37 Set the heap size with large backup memory limits 
I had to also give the server some more swap for the backup to succeed
 2020-11-05 16:06:12 -08:00
Girish Ramakrishnan
6a3df679fa Add volume management 
the volumes table can later have backup flag, mount options etc
 2020-10-28 15:31:21 -07:00
Johannes Zellner
03e49c59e2 Revert "more changes" 
This reverts commit d69af56c90.
 2020-10-28 16:16:10 +01:00
Girish Ramakrishnan
d69af56c90 more changes 2020-10-26 10:04:37 -07:00
Girish Ramakrishnan
37fa27d54f more changes 2020-10-22 10:04:27 -07:00
Girish Ramakrishnan
be4fed2c19 postgresql: whitelist pgcrypto extension for loomio 2020-10-22 08:56:55 -07:00
Girish Ramakrishnan
4881d8e3a1 Add option to allow non-admins to access SFTP 2020-10-21 23:38:13 -07:00
Girish Ramakrishnan
546e381325 skip downloading image if image present locally 
if we use build service app locally (without push), then we can skip
the download altogether.
 2020-10-19 22:22:29 -07:00
Girish Ramakrishnan
9d1bb29a00 sftp: Make extract work 2020-10-19 19:58:39 -07:00
Girish Ramakrishnan
876d0d5873 sftp: init and access API with a token 2020-10-19 19:13:54 -07:00
Girish Ramakrishnan
2aa5c387c7 branding: add template variables 
we can now have %YEAR% and %VERSION% in the footer
 2020-10-18 10:19:13 -07:00
Girish Ramakrishnan
9ca8e49a4e More changes 2020-10-15 16:46:22 -07:00
Girish Ramakrishnan
6ceed03f6b 5.6.3 changes 2020-10-12 21:09:47 -07:00
Girish Ramakrishnan
0064ac5ead reduce the duration of self-signed certs 
https://support.apple.com/en-us/HT210176
https://forum.cloudron.io/topic/3346/automatically-generated-self-signed-wildcard-certificate-doesn-t-appear-to-be-able-to-be-trusted-by-ios-13-or-greater
 2020-10-08 14:39:23 -07:00
Girish Ramakrishnan
b7ed6d8463 add changes 2020-10-05 21:32:25 -07:00
Girish Ramakrishnan
4176317250 Fix version in changes to prepare for 5.6.2 2020-10-05 12:45:12 -07:00
Girish Ramakrishnan
bbd562f711 Add changes 2020-10-04 16:40:47 -07:00
Girish Ramakrishnan
1eed16bc97 postgresql: set collation order explicitly 2020-10-01 12:04:52 -07:00
Girish Ramakrishnan
b4552ddb5f more changes 2020-09-29 14:46:52 -07:00
Girish Ramakrishnan
1da2450b10 gcs: use copy concurrency 2020-09-28 22:03:08 -07:00
Girish Ramakrishnan
9536b42244 Add changes 2020-09-28 10:27:34 -07:00
Girish Ramakrishnan
0f9168052a nginx: add separate endpoint for ip/setup screens 
'setup' endpoint for setup/restore. we show the setup wizard.
'ip' endpoint is post activation. we show a splash screen here.

Also, the https://ip will not respond to any api calls anymore
(since this will leak the admin fqdn otherwise).

We should probably make this customizable at some point.

Fixes #739
 2020-09-23 23:07:40 -07:00
Girish Ramakrishnan
e422dd1198 turn service must be rebuilt on dashboard domain change 
restart only restarts the container and does not affect the env
variables.
 2020-09-23 15:18:28 -07:00
Girish Ramakrishnan
4da8c8d6db updateServiceConfig: remove retry from platform code 2020-09-22 21:46:11 -07:00
Girish Ramakrishnan
191be658d5 firewall: fix race where blocklist was added after docker rules 2020-09-22 12:02:40 -07:00
Girish Ramakrishnan
ba91e1dfb2 Add change 2020-09-21 22:10:58 -07:00
Girish Ramakrishnan
6766884cd8 Update changes 2020-09-21 16:50:13 -07:00
Girish Ramakrishnan
aa8586d273 bump mysql for connection limit 2020-09-17 19:24:24 -07:00
Girish Ramakrishnan
6a43a4bd20 unlink ghost file automatically on successful login 2020-09-17 10:46:32 -07:00
Girish Ramakrishnan
8c78889e88 namecheap: fix crash if server returns invalid response 2020-09-16 16:44:40 -07:00
Girish Ramakrishnan
873159b793 Add to changes 2020-09-16 16:05:09 -07:00
Girish Ramakrishnan
baa5122fcb Update mysql and docker 
part of #684
 2020-09-15 21:58:40 -07:00
Girish Ramakrishnan
cbbcdc5df1 regenerate nginx configs 
Users are seeing SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET. Probably related
some of the app configs had ssl_session_tickets off and some didn't . It seems nginx
has some issue if they are inconsistent (see also https://github.com/nginx-proxy/nginx-proxy/issues/580#issuecomment-249587149).

https://forum.cloudron.io/topic/3157/ssl-error-after-upgrading-to-5-6-0-on-ubuntu-16
 2020-09-15 08:26:41 -07:00
Girish Ramakrishnan
20e206fa43 migrate blocklist to a txt file 
this allows easy copy/pasting of existing deny lists which contain
comments and blank lines
 2020-09-14 12:10:29 -07:00
Girish Ramakrishnan
fc08f9823e s3: copy parts in parallel 2020-09-03 14:31:56 -07:00