when requiresValidCertificate is set, we ended up injecting mutliple
IP addresses for my.domain.com - 172.18.0.1 (bridge) and the mail container IP.
Since the mail server is not running on the bridge, email may or may not be
sent depending on which IP is picked up by the app.
The solution is to make the mail container listen on the bridge as well.
The other solution might have been to introduce a new subdomain for mail container
and ensuring it is different from the dashboard subdomain. That way we can route
the requests to different IPs.
recent version of node throws this error:
(node:210013) [DEP0190] DeprecationWarning: Passing args to a child process with shell option true can lead to security vulnerabilities, as the arguments are not escaped, only concatenated.
Docker Error: (HTTP code 500) server error - failed to set up container networking: driver failed programming external connectivity on endpoint a877975d-38be-4088-bc92-e0d7a486a818 (2e5adaa635a95bd65ca0f290712065d444528e3420c49f2f88323b40c62caaa5): failed to bind host port for 0.0.0.0:40014:172.18.16.130:40014/tcp: address already in use
This happens during app updates. Can only be two reasons:
- some race in docker not freeing up ports (unlikely)
- ephemeral port got reallocated between destroy and create as part of app update
A future commit will reserve net.ipv4.ip_local_reserved_ports as well
Similar fix as b08e3a5128
we found sha256: null as the integrity in some of the cache files.
not sure how this happenned. for now, we just mark files with invalid
or missing sha256 for re-upload.
Docker Error: (HTTP code 500) server error - failed to set up container networking: driver failed programming external connectivity on endpoint a877975d-38be-4088-bc92-e0d7a486a818 (2e5adaa635a95bd65ca0f290712065d444528e3420c49f2f88323b40c62caaa5): failed to bind host port for 0.0.0.0:40014:172.18.16.130:40014/tcp: address already in use
This happens during app updates. Can only be two reasons:
- some race in docker not freeing up ports (unlikely)
- ephemeral port got reallocated between destroy and create as part of app update
A future commit will reserve net.ipv4.ip_local_reserved_ports as well
we now use pkce . main advantage is that we don't see the access token
in the url anymore.
in pkce, the auth code by itself is useless. need the verifier.
fixes#844
