jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
15,896 Commits 33 Branches 583 Tags
d89f8d99a3e3d081bca9a9febb7d9fe4e082e830
Commit Graph

1021 Commits

Author SHA1 Message Date
Girish Ramakrishnan
76aa0b4a70 add to changes 2024-04-04 18:25:35 +02:00
Girish Ramakrishnan
774f14327c addons: optional start mongodb based on AVX 2024-03-30 19:20:24 +01:00
Girish Ramakrishnan
497b3016c0 7.7.2 changes 2024-03-27 10:12:37 +01:00
Girish Ramakrishnan
4b4c8d8052 7.7.2 changes 2024-03-21 19:11:57 +01:00
Girish Ramakrishnan
4ee56782ba move syslog.js to top level 2024-03-21 19:09:51 +01:00
Girish Ramakrishnan
50179dd7eb 7.7.1 changes 2024-03-12 11:28:27 +01:00
Girish Ramakrishnan
3521815646 Next release is 7.7.0 2024-02-28 11:24:37 +01:00
Girish Ramakrishnan
6525504923 profile: store preferred language in the database 2024-02-26 13:30:35 +01:00
Girish Ramakrishnan
41f92c52e9 add to changes 2024-02-23 17:47:21 +01:00
Girish Ramakrishnan
ce42680888 update mail container (solr, spam acl) 2024-02-23 11:37:08 +01:00
Girish Ramakrishnan
bfafcea0b9 Update changes 2024-02-17 16:42:37 +01:00
Girish Ramakrishnan
2bf711f1f7 acme2: default to using secp256r1 key 
the secp384r1 is not getting accepted by a few mail servers.

the upstream server is TLS 1.2 and advertises:
        {0xC0, 0x2C} TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        {0xCC, 0xA9} TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
        {0xC0, 0x2B} TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        {0xC0, 0x24} TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
        {0xC0, 0x23} TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
        {0xC0, 0x09} TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

the connection fails with:
client connection error: Error: C0E703901F7F0000:error:0A0000C1:SSL routines:tls_post_process_client_hello:no shared cipher:../deps/openssl/openssl/ssl/statem/statem_srvr.c:2241:

node's current cipher list is https://nodejs.org/api/tls.html#modifying-the-default-tls-cipher-suite.
It says default cipher suite prefers GCM ciphers. ECDHE-ECDSA-AES256-GCM-SHA384 and ECDHE-ECDSA-AES128-GCM-SHA256
are the valid TLS 1.2 options but neither of these are selected.

the public key strength is somehow tied to cipher selection, I am not entirely sure how. from what i remember
`ecdsa_secp384r1_sha384` was listed in signature_algorithms extension.

Note that one document I found said that exchange server has a further _P256 and _P384 to cipher combinations.
Which suggests to me that one can also select specific curve+cipher combination.

anyway, with this curve, atleast the connection work with TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
 2024-02-09 22:01:55 +01:00
Girish Ramakrishnan
3d1a4f8802 mongodb: update mongo to 6.0 2024-02-08 11:37:03 +01:00
Girish Ramakrishnan
0b201cee71 mail: update haraka to 3.0.3 2024-02-08 10:36:56 +01:00
Girish Ramakrishnan
8a63f0368e Fix parsing of displayName 
Currently, we only have one field for the name. The first part is
first name. The rest is last name. Obviously, this won't work in all
cases but is the best we can do for the moment.
 2024-02-06 16:53:03 +01:00
Girish Ramakrishnan
bfbc41d5a7 Add changes 2024-01-29 23:42:59 +01:00
Girish Ramakrishnan
f43a601e86 profile: email change now requires password 2024-01-18 18:11:42 +01:00
Girish Ramakrishnan
a007a8e40c externalldap: sync log history 2024-01-13 16:50:10 +01:00
Girish Ramakrishnan
6e42cf4ec5 externalldap: available on all plans 
looks like an oversight that this needs a subscription
 2024-01-13 16:49:35 +01:00
Girish Ramakrishnan
4136272382 externalldap: add eventlog 2024-01-13 13:22:26 +01:00
Girish Ramakrishnan
7a5e990ad4 email: rewrite loading of email status using async 
we start a bunch of requests in the background for each domain. when
we switch views immediately, to say the eventlog, these requests are
still active in the background.

canceling the requests will require a much bigger refactor.

https://forum.cloudron.io/topic/10434/email-event-log-loading-very-slowly-seems-tied-to-overall-email-domain-list-health-checks
 2024-01-09 17:34:54 +01:00
Girish Ramakrishnan
053f81a53e externalldap: add tests 2024-01-07 22:04:22 +01:00
Girish Ramakrishnan
b3f91c4868 make branding and email config available to admin 2024-01-04 21:46:46 +01:00
Girish Ramakrishnan
1ca46a064c ldap: use proper error message instead of dn 
the dn is already in lde_dn field of the error object.
lde_message is the message
 2024-01-03 15:23:22 +01:00
Girish Ramakrishnan
c5480bfcc1 mail: update limit plugin 2024-01-02 15:50:34 +01:00
Girish Ramakrishnan
fa842034ed update: continue to update apps if box update never starts 
https://forum.cloudron.io/topic/10699/no-automatic-app-updates-with-pending-box-update
 2023-12-28 12:16:03 +01:00
Girish Ramakrishnan
37ed87f9c1 route53: retry on rate limit 
route53 has a limit of 5 req/sec/region - https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DNSLimitations.html#limits-api-requests

see https://forum.cloudron.io/topic/10656/improve-dns-updates-to-avoid-rate-limits/
 2023-12-27 12:23:09 +01:00
Johannes Zellner
cbefd4195f Add some 7.6.3 changes 2023-12-13 17:44:33 +01:00
Girish Ramakrishnan
620e3af525 add to changelog 2023-12-08 10:17:30 +01:00
Girish Ramakrishnan
48f0c75c57 network: increase maxelem of the ipsets 2023-12-07 23:20:24 +01:00
Girish Ramakrishnan
2b8d0f60e7 add to changes 2023-12-04 15:35:35 +01:00
Girish Ramakrishnan
740c0fe318 dockerproxy: all volumes to be mounted in child containers 
this will allow jupyterhub notebooks to access volumes
 2023-11-27 23:06:11 +01:00
Girish Ramakrishnan
e64182d791 mail: make redis non-persistent 
it keeps emitting warnings non-stop about bgsave not working
 2023-11-23 14:27:58 +01:00
Girish Ramakrishnan
b88afbac4e dns: add ovh backend 2023-11-06 15:22:24 +01:00
Girish Ramakrishnan
1ddc1cec20 Fix role definitions 2023-10-30 18:40:20 +01:00
Girish Ramakrishnan
eb1f3d8b55 dns: add dnsimple 2023-10-24 00:26:10 +02:00
Johannes Zellner
1f8c55f536 Add docker-volume disk usage info 2023-10-17 16:51:57 +02:00
Girish Ramakrishnan
4844f6d927 dashboard: remove old domain config on switch 2023-09-29 09:26:42 +05:30
Girish Ramakrishnan
64381e2a04 backups: remove validation mount point after testing it 
this also moves out the attempt validation logic from mounts code
into volumes. mounts.tryAddMount is also used in backup code
 2023-09-29 08:01:58 +05:30
Girish Ramakrishnan
661bd47202 more changes 2023-09-28 10:34:49 +05:30
Girish Ramakrishnan
7d5d857c28 More changes 2023-09-27 17:08:46 +05:30
Girish Ramakrishnan
925ca1d79d Update base image for more symlink fixes 2023-09-27 11:20:05 +05:30
Girish Ramakrishnan
efa1a2d5ca Update changes 2023-09-27 08:27:22 +05:30
Girish Ramakrishnan
26d6464360 add to changes 2023-09-21 13:05:10 +05:30
Girish Ramakrishnan
17e6266384 mail: make virtual "All Mail" togglable 
Mac clients behave poorly when this virtual mailbox is present
 2023-09-21 13:04:41 +05:30
Girish Ramakrishnan
a2450be63a Update addons to new base image 2023-09-20 19:36:40 +05:30
Girish Ramakrishnan
c1a53f7b29 oidc: loginRedirectUri can be empty string 
this is required for ttrss
 2023-09-20 14:47:27 +05:30
Girish Ramakrishnan
20a4136eb5 remove morgan 
morgan breaks our log output parsing. debug() puts a timestamp in
the front.
 2023-09-07 17:08:05 +05:30
Girish Ramakrishnan
f22a2b2053 mongo: update to 5.0 2023-09-02 09:40:50 +05:30
Girish Ramakrishnan
6b30b6211a Add to Changes 2023-08-29 06:48:52 +05:30