cloudron-box

Author	SHA1	Message	Date
Girish Ramakrishnan	7a7223a261	OCSP: do not set must-staple in certificate request On first visit in firefox, must-staple certs (unlike chrome which ignores must-staple) always fail. Investigating, it turns out, nginx does not fetch OCSP responses on reload or restart - https://trac.nginx.org/nginx/ticket/812 . So, one has to prime the OCSP cache using curl requests. Alternately, one can use `openssl ocsp -noverify -no_nonce` and then set `ssl_stapling_file`. Both approaches won't work if the OCSP servers are down and then we have to have some retry logic. Also, the cache is per nginx worker, so I have no clue how many times one has to call curl. The `ssl_stapling_file` approach requires some refresh logic as well. All very messy. For the moment, do not set must-staple in the cert. Instead, check if the cert has a CSP URL and then enable stapling in nginx accordingly.	2021-04-16 13:33:32 -07:00
Girish Ramakrishnan	4d919127a7	implement OCSP stapling can verify stapling using openssl s_client -connect hostname:443 -status status_request is RFC6066. there is also status_request_v2 (RFC6961) but this is not implemented even in openssl libs yet	2021-04-16 12:13:54 -07:00
Girish Ramakrishnan	5d2fd81c0d	Add missing callback()	2021-04-15 16:33:21 -07:00
Girish Ramakrishnan	ef476f74bf	notifications: no email for app up/down/oom events emails will not be used for self monitoring events. these are best done from the outside. we just log everything in eventlog and raise notifications as well.	2021-04-15 15:29:25 -07:00
Girish Ramakrishnan	d29d46d812	mail: add active flag to mailboxes and lists	2021-04-15 11:49:19 -07:00
Girish Ramakrishnan	00856b79dd	firewall: Set BOX_ENV	2021-04-14 23:01:08 -07:00
Girish Ramakrishnan	c3e14cd11f	user: return 2fa status for the UI	2021-04-14 21:46:35 -07:00
Girish Ramakrishnan	5833d6ed5d	Fix failing dns and network test	2021-04-14 21:43:51 -07:00
Girish Ramakrishnan	f15714182b	users: add route to disable 2fa	2021-04-14 20:45:35 -07:00
Girish Ramakrishnan	6d214cf0f2	2fa: fix routes to not have a slash otherwise, it feels like it is some sort of resource	2021-04-14 19:59:46 -07:00
Girish Ramakrishnan	f9a72b530c	Fix coding style	2021-04-14 15:54:09 -07:00
Girish Ramakrishnan	e983b0d385	more changes	2021-04-14 15:54:01 -07:00
Girish Ramakrishnan	0712eb1250	namecheap: fix del	2021-04-13 22:27:38 -07:00
Girish Ramakrishnan	564409d8b7	namecheap: Send it as POST	2021-04-13 22:17:01 -07:00
Girish Ramakrishnan	1c9c8e8e2b	namecheap: refactor	2021-04-13 15:10:24 -07:00
Girish Ramakrishnan	04398c9b16	appstore: on dashboard domain change, update cloudron label	2021-04-13 14:19:45 -07:00
Girish Ramakrishnan	9a9c406fbe	appstore: remove track begin/end we used these to track error rates which we don't need anymore since it's quite reliable	2021-04-13 14:10:30 -07:00
Johannes Zellner	8757e5ba42	print dashboard domain on --owner-login	2021-04-13 15:49:42 +02:00
Girish Ramakrishnan	131711ef5c	mysql: bump connection limit to 200	2021-04-09 10:55:31 -07:00
Johannes Zellner	5ae5566ce8	Fix blocklist setting when source and list have mixed ip versions	2021-04-07 17:31:04 +02:00
Johannes Zellner	114a5ee2b1	Ensure we have a valid but unused iptables blocklist for testing	2021-04-07 17:30:19 +02:00
Johannes Zellner	c2c8e92d24	Allow to skip docker container cleanup when running tests	2021-04-07 16:46:12 +02:00
Girish Ramakrishnan	6d044bfbf3	mysql: Fix "mbind: Operation not permitted" warning" https://github.com/docker-library/mysql/issues/303#issuecomment-643154859	2021-04-05 15:28:46 -07:00
Girish Ramakrishnan	d161fe9ebd	add progress message for restoring addons	2021-04-05 11:35:47 -07:00
Girish Ramakrishnan	919f510796	linode object storage: update aws sdk https://github.com/aws/aws-sdk-js/pull/3674	2021-04-02 11:54:22 -07:00
Girish Ramakrishnan	e613452058	mysql: remove use of mysql_upgrade	2021-04-01 11:50:03 -07:00
Johannes Zellner	5ccb1d44fe	Send translation keys instead of raw english string for backup checks	2021-04-01 16:35:50 +02:00
Girish Ramakrishnan	84dfd4aa84	firewall: no need to keep 25 always open	2021-03-30 15:56:01 -07:00
Girish Ramakrishnan	726c028360	clone: copy services config	2021-03-30 12:45:28 -07:00
Girish Ramakrishnan	f211de1ff4	apphealthmonitor: 403 is ok	2021-03-30 11:57:30 -07:00
Girish Ramakrishnan	c1ee3dcbd4	collectd: cache du values and send it every Interval (20) collectd plugin ordering matters. the write_graphite plugin establishes a TCP connection but there is a race between that and the df/du values that get reported. du is especially problematic since we report this only every 12 hours. so, instead we cache the values and report it every 20 seconds. on the carbon side, it will just retain every 12 hours (since that is the whisper retention period). there is also FlushInterval which I am not 100% sure has any effect. by default, the write_graphite plugin waits for 1428 bytes to be accumulated. (https://manpages.debian.org/unstable/collectd-core/collectd.conf.5.en.html) https://github.com/collectd/collectd/issues/2672 https://github.com/collectd/collectd/pull/1044 I found this syntax hidden deep inside https://www.cisco.com/c/en/us/td/docs/net_mgmt/virtual_topology_system/2_6_3/user_guide/Cisco_VTS_2_6_3_User_Guide/Cisco_VTS_2_6_1_User_Guide_chapter_01111.pdf	2021-03-26 00:21:38 -07:00
Johannes Zellner	0402dce1ee	Invite token should be valid for 7 days	2021-03-25 17:25:56 +01:00
Girish Ramakrishnan	c1b61bc56b	add note	2021-03-24 20:30:02 -07:00
Girish Ramakrishnan	2d771d7c44	6.2.7 changes	2021-03-24 19:37:18 -07:00
Girish Ramakrishnan	d277f8137b	redis: backup before upgrade	2021-03-24 19:27:24 -07:00
Girish Ramakrishnan	7ae79fe3a5	graphite: restart collectd on upgrade	2021-03-24 14:10:31 -07:00
Girish Ramakrishnan	407dda5c25	Add 6.2.6 changes (cherry picked from commit `6cc07cd005`)	2021-03-24 10:37:22 -07:00
Girish Ramakrishnan	1f59974e83	give graphite more time to start before restarting collectd	2021-03-24 10:26:19 -07:00
Girish Ramakrishnan	8e8e90b390	Add changes for 6.2.5	2021-03-24 09:45:58 -07:00
Girish Ramakrishnan	0447dce0d6	graphite: restart collectd as well	2021-03-23 16:34:36 -07:00
Girish Ramakrishnan	32f385741a	graphite: implement upgrade for the moment, we wipe out the old data and start afresh. this is because the graphite web app keeps changing quite drastically.	2021-03-23 16:34:32 -07:00
Girish Ramakrishnan	91a4ae90f2	better logs	2021-03-23 13:06:37 -07:00
Girish Ramakrishnan	3201c5bda3	remove CLOUDRON_MAIL_SMTP_SERVER_HOST from sendmail let's keep it in email addon because that will trigger reconfigure of apps on server name change	2021-03-23 10:40:47 -07:00
Girish Ramakrishnan	c6920bd860	HSTS: bump the max-age to 2 years Side note: https://hstspreload.org/ . This is what the chromium project expects for preloading.	2021-03-22 19:04:28 -07:00
Girish Ramakrishnan	66ff2a9eb7	Revert "make box code send emails with STARTTLS" This reverts commit `ca496df535`. 2525 has no TLS anymore	2021-03-22 14:34:07 -07:00
Girish Ramakrishnan	c3d30a1d99	mail: rework STARTTLS strategy instead of fixing all apps which is a royal pain, we instead make Haraka offer STARTTLS for 2587 and no STARTTLS for 2525.	2021-03-21 20:38:05 -07:00
Girish Ramakrishnan	7df89e66c8	request has no retry method i thought it was using superagent	2021-03-20 11:19:45 -07:00
Girish Ramakrishnan	4954b94d4a	acme2: add a retry to getDirectory, since users are reporting a 429	2021-03-19 09:59:09 -07:00
Girish Ramakrishnan	f3d9b81942	check for autofs mounts autofs mounts are "mounts on demand". this way, instead of mounting lots of things on startup, you can mount it on first access.	2021-03-19 09:59:09 -07:00
Girish Ramakrishnan	93510654a5	nfs: also check for nfs4 mount type it seems in some version of ubuntu you mount with "-t nfs4". this still doesn't handle autofs yet. https://help.ubuntu.com/community/NFSv4Howto	2021-03-19 09:54:09 -07:00

... 4 5 6 7 8 ...

10301 Commits