jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
16,456 Commits 33 Branches 583 Tags
e6232189e7222eb11d4e7b239eecdbb5467b8ba1
Commit Graph

1066 Commits

Author SHA1 Message Date
Girish Ramakrishnan
ce5a2b1f0a gandi: use PAT token instead 
https://api.gandi.net/docs/authentication/
 2024-10-08 17:51:01 +02:00
Girish Ramakrishnan
b70747de6f Add Cloudron Container Registry as option 2024-09-26 20:35:28 +02:00
Girish Ramakrishnan
0504e0423a backups: add hetzner object storage 2024-09-25 12:21:42 +02:00
Girish Ramakrishnan
e8850eeac2 8.0.6 changelog 2024-09-18 15:33:42 +02:00
Girish Ramakrishnan
a932a5251a update: all operators to update an app 
previously, the update info was restricted to admins. this can now be queried
by any authenticated user. update information can be gathered from listing apps and
then checking against appstore anyway.
 2024-09-13 16:46:58 +02:00
Girish Ramakrishnan
0647a3a233 unbound: prefer ip4 on ubuntu 24 and above 
ip6 queries seems to be blocked by spamhaus
 2024-09-12 17:13:50 +02:00
Girish Ramakrishnan
e9a422b657 logs: handle logs not found (logrotated) 
we show an error message in the UI now
 2024-09-12 10:32:00 +02:00
Girish Ramakrishnan
23df6bdfbf add to changes 2024-09-11 17:55:35 +02:00
Girish Ramakrishnan
63457d2de4 Revert "docker: use the system dns for app containers" 
This reverts commit 92bce26e22.
 2024-09-10 19:37:39 +02:00
Girish Ramakrishnan
732c944e98 changelog: update release version 2024-09-10 17:43:18 +02:00
Girish Ramakrishnan
8c0c9981de remove usage of nsyslog-parser-2 
this module is somehow parsing the syslog incorrectly causing
incorrect directories being created in the logs directory
(since appName got parsed incorrectly)
 2024-09-10 13:09:43 +02:00
Girish Ramakrishnan
92bce26e22 docker: use the system dns for app containers 2024-09-10 09:42:31 +02:00
Girish Ramakrishnan
6742cdf373 backups: remount remote if not mounted before a backup 2024-09-09 18:15:49 +02:00
Girish Ramakrishnan
565ad83399 add to changes 2024-09-09 09:29:54 +02:00
Girish Ramakrishnan
4301c70ba7 exoscale: add sos AT-VIE-2 region 2024-09-02 22:01:29 +02:00
Girish Ramakrishnan
d5e9e556ab digitalocean: add LON1 region 2024-09-02 20:58:14 +02:00
Girish Ramakrishnan
bdf9e04963 memory: ensure slider is always usable 2024-08-30 12:07:55 +02:00
Girish Ramakrishnan
b95285365d 8.1.0 changes 2024-08-28 11:51:01 +02:00
Girish Ramakrishnan
a865320e3a 8.0.4 changes 2024-08-18 10:40:40 +02:00
Girish Ramakrishnan
1e5e4e3189 ionos: add contract-owned eu-central-3 2024-08-12 15:56:18 +02:00
Girish Ramakrishnan
468d4dd9b0 ami: imdsv2 support 
https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/

One has to get a token now via PUT. This is because there is a bunch of
open proxies out there which blindly forwarded everything to internal network
including metadata requests. They have found that PUT requests don't cleanly
proxy and also AWS rejects token requests with X-Forwarded-For.
 2024-07-27 14:48:42 +02:00
Girish Ramakrishnan
06e46e0f1e 8.0.3 changes 2024-07-26 09:09:35 +02:00
Girish Ramakrishnan
3132b3035a 8.0.2 changes 2024-07-23 08:34:26 +02:00
Girish Ramakrishnan
885aac69c5 tgz: handle addEntryToPack to error 2024-07-18 14:47:31 +02:00
Girish Ramakrishnan
421567ff14 Add to changes 2024-07-15 21:52:04 +02:00
Girish Ramakrishnan
1dc6b40a68 tgz: extract using tar-stream directly 
we used have a fork of tar-fs. using tar-stream directly gives us
more control
 2024-07-08 13:06:56 +02:00
Girish Ramakrishnan
86530df37e mailer: add html version of test mail 2024-07-05 11:07:51 +02:00
Girish Ramakrishnan
a363e508b6 ami: disable route53 
we got an email from AWS team that their policy prevents collection
of AMI credentials in AMI images
 2024-07-02 16:09:36 +02:00
Girish Ramakrishnan
082e659c7b disable rpcbind 
rpcbind is required for NFSv2 and v3 . It seems this gets installed
by nfs-common. It was never used by us since the firewall blocks
port 111 anyways.

NFSv3 needs 2049 for NFS, 111 for portmap, 635 for mountd, 4045 for NLM, 4046 for NSM, 4049 for rquota ...

NFSv4 works better because there's just a single target port, plus the "heartbeat" of lease renewal would keep the TCP/IP session alive.

https://serverfault.com/questions/949127/nfs-client-firewall-settings-and-rpcbind
https://docs.redhat.com/en/documentation/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/s2-nfs-methodology-portmap.html#s2-nfs-methodology-portmap
https://community.netapp.com/t5/Tech-ONTAP-Blogs/NFSv3-and-NFSv4-What-s-the-difference/ba-p/441316
 2024-06-27 20:37:08 +02:00
Girish Ramakrishnan
c3aafb2979 even more changes 2024-06-21 17:09:17 +02:00
Girish Ramakrishnan
f089329e12 more changes 2024-06-21 15:21:59 +02:00
Girish Ramakrishnan
b54eaf2964 more changes 2024-06-20 13:02:54 +02:00
Girish Ramakrishnan
649c06b641 notification: do not send login notification for external users 2024-06-13 16:55:35 +02:00
Girish Ramakrishnan
d34b102e52 mandatory2fa: fix workflow when using external LDAP 
* Always allow the mandatory 2fa setting to be saved
* Show warning for user if they have no 2fa setup and if not external 2fa
* If they get locked out anyway, they have to use CLI tool
* redirect for mandatory 2fa only if not external 2fa as well
 2024-06-12 12:26:40 +02:00
Girish Ramakrishnan
37d1dc7c6d add to changes 2024-05-16 14:56:57 +02:00
Girish Ramakrishnan
8df97de8c6 Ubuntu 24.04 
* update docker to 26.0.1
* cloudron-syslog needs to have correct perms for fifo socket
 2024-04-29 11:07:10 +02:00
Girish Ramakrishnan
afb5e5ac5d add to changes 2024-04-27 19:27:11 +02:00
Girish Ramakrishnan
a783944700 notfound: better error message for IP 2024-04-26 21:25:33 +02:00
Girish Ramakrishnan
cae2bfbdc2 domains: add desec provider 2024-04-24 21:29:42 +02:00
Girish Ramakrishnan
58d6142460 ovh: storage location has changed 2024-04-24 16:37:41 +02:00
Girish Ramakrishnan
a572374ad7 updatechecker: deep compare update object from appstore 
When 'changelog' , 'unstable' fields change the box code is not
getting it.
 2024-04-16 19:30:14 +02:00
Girish Ramakrishnan
37e2269387 import: add seal option 2024-04-15 22:20:04 +02:00
Girish Ramakrishnan
b4e4f26361 Rework cpuShares into cpuQuota 
cpuShares is the relative weight wrt other apps. This is used when
there is contention for CPU. If we want this, maybe we implement
a UI where we show all the apps and let the user re-order them.
As it stands, it is confusing.

cpuQuota is a more straightforward "hard limit" of the CPU% that you
want the app to consume.

Can be tested with : stress -c 8 -t 20s
 2024-04-10 18:25:14 +02:00
Girish Ramakrishnan
2afaf1f36d more changes 2024-04-10 12:52:42 +02:00
Girish Ramakrishnan
6c3f8b9b84 various changes 2024-04-09 18:48:46 +02:00
Girish Ramakrishnan
76aa0b4a70 add to changes 2024-04-04 18:25:35 +02:00
Girish Ramakrishnan
774f14327c addons: optional start mongodb based on AVX 2024-03-30 19:20:24 +01:00
Girish Ramakrishnan
497b3016c0 7.7.2 changes 2024-03-27 10:12:37 +01:00
Girish Ramakrishnan
4b4c8d8052 7.7.2 changes 2024-03-21 19:11:57 +01:00
Girish Ramakrishnan
4ee56782ba move syslog.js to top level 2024-03-21 19:09:51 +01:00