jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
15,988 Commits 33 Branches 583 Tags
cab7e0d8a3068aae01078bf7a3ad8919939acb74
Commit Graph

22 Commits

Author SHA1 Message Date
Johannes Zellner 187389638c oidc: add RSA-SHA256 aka rs256 signature algorithm 2023-04-04 11:32:43 +02:00
Johannes Zellner 3aa13c3090 oidc: give every Cloudron its own EdDSA key 2023-03-23 18:11:51 +01:00
Girish Ramakrishnan d2f0bb2b44 sftp: ed25519 keys 2023-03-09 11:03:13 +01:00
Girish Ramakrishnan d20958760b rename constant to have RSA in it 2023-03-09 10:36:49 +01:00
Girish Ramakrishnan 89127e1df7 reverseproxy: rework cert logic 
9c8f78a059 already fixed many of the cert issues.

However, some issues were caught in the CI:

* The TLS addon has to be rebuilt and not just restarted. For this reason, we now
  move things to a directory instead of mounting files. This way the container is just restarted.

* Cleanups must be driven by the database and not the filesystem . Deleting files on disk or after a restore,
  the certs are left dangling forever in the db.

* Separate the db cert logic and disk cert logic. This way we can sync as many times as we want and whenever we want.
 2022-11-29 11:07:23 +01:00
Girish Ramakrishnan aeef815bf7 proxyAuth: persist the secret token 2022-02-01 17:35:21 -08:00
Girish Ramakrishnan 1c8e699a71 generate dhparams per server 
this way we don't need to save/restore it from the database.
 2021-11-16 23:03:16 -08:00
Girish Ramakrishnan c4db0d746d acme: if account key was revoked, generate new account key 
the plan was to migrate only specific keys but this allows us the
flexibility to revoke keys after the release (since we have not
gotten response from DO about access to old 1-click images so far).
 2021-11-16 22:57:40 -08:00
Girish Ramakrishnan b7c5c99301 move turn secret generation 2021-11-16 22:37:42 -08:00
Girish Ramakrishnan 132c1872f4 sftp: move key generation to sftp code 2021-11-16 21:52:39 -08:00
Girish Ramakrishnan 39be267805 restore: secrets must be copied over after downloading box backup 2021-11-16 11:14:41 -08:00
Girish Ramakrishnan f6356b2dff speed up dhparam creation 2021-11-16 09:53:43 -08:00
Girish Ramakrishnan b5539120f1 tests: cache dhparams in /tmp 2021-09-16 16:39:13 -07:00
Johannes Zellner f13e641af4 Also generate dhparams in test to let the platform finish startup 2021-09-16 17:19:59 +02:00
Girish Ramakrishnan a5e34cf775 delete certs that have long expired (6 months) 
fixes #783
 2021-05-18 13:37:35 -07:00
Girish Ramakrishnan 84af9580a6 migrate certs into the blobs database 
use platformdata/nginx/cert to store the certs
 2021-05-07 21:26:49 -07:00
Girish Ramakrishnan d8e464d9c7 Fix sftp paths 2021-05-04 15:55:37 -07:00
Girish Ramakrishnan fc2e2665b9 restore: write secrets into platformdata on start 
this is required when cloudron is restored and we have to then write
keys from the db into the platformdata.
 2021-05-04 14:56:25 -07:00
Girish Ramakrishnan 7d8d6d4913 better error messages 2021-05-04 10:45:36 -07:00
Girish Ramakrishnan c17743d869 migrate secrets into the database 
the infra version is bumped because the nginx's dhparams path has changed
and the sftp server key path has changed.
 2021-05-03 22:11:18 -07:00
Girish Ramakrishnan 035f356dff add async support to database.query() 2021-05-02 23:18:07 -07:00
Girish Ramakrishnan 907ae4f233 secrets -> blobs 
this will also have certs which are not really "secrets"
 2021-04-30 22:34:27 -07:00