jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
6,079 Commits 33 Branches 583 Tags
f030aa95ba3b77db9c8507e854ab13ec668f1596
Commit Graph

407 Commits

Author SHA1 Message Date
Girish Ramakrishnan f17bde2d97 Add motd message for cloudron admins about updates 
Fixes #351
 2017-08-10 12:14:51 -07:00
Girish Ramakrishnan 392492be04 Only collect info on the / mountpoint 
The original intention was to collect information on the data
dirs as well but we have long moved away from that design.
On some VPS like scaleway, this ends up collecting info on
devicemapper stuff (which are on ext4, not sure why).

In future, we should collect info of other disks as well (#348)

Fixes #389
 2017-08-03 11:45:23 -07:00
Girish Ramakrishnan eb99f8b844 escape and quote the robotsTxt when templating 
for now, we restrict the string length to 4096 since that is what
nginx allows
 2017-07-23 19:56:28 -07:00
Girish Ramakrishnan db7a4b75ae log the host in nginx logs 2017-07-21 09:43:44 -07:00
Girish Ramakrishnan b5aed7b00a Set full path for nginx access log 2017-07-18 21:49:12 -07:00
Dick Tang 67486b8177 add X-Forwarded-Port in nginx reverse proxy for jetpack 
jetpack require X-Forward for the port, or "requested method jetpack.jsonAPI does not exist"
ref: https://github.com/ViBiOh/docker-wordpress/issues/1
 2017-07-18 15:58:46 +00:00
Girish Ramakrishnan 6dd4d40692 parse and save zoneName to cloudron.conf 
part of #377
 2017-07-17 09:16:06 -07:00
Girish Ramakrishnan acd00222e5 Allow per-app configuration of robots.txt 
https://developers.google.com/search/reference/robots_txt has
the specification

Part of #344
 2017-07-14 15:25:05 -05:00
Girish Ramakrishnan 49de39a1f3 Set max ttl to 5 minutes 
This means the web ui will atleast work in 5 minutes.

Fixes #373
 2017-07-07 09:50:29 -05:00
Girish Ramakrishnan 50e712a93e preserve existing docker storage driver 
fixes #364
 2017-06-30 16:50:31 -05:00
Girish Ramakrishnan f45da2efc4 Merge branch 'http2' into 'master' 
Add HTTP/2 support to NGINX configs

See merge request !9
 2017-05-12 23:23:41 +00:00
Girish Ramakrishnan 180cafad0c Fix restore of unencrypted backups 2017-05-08 15:48:32 -07:00
Ian Fijolek 788004245a Add HTTP/2 support to NGINX configs 
This easy fix should improve performance with newer browsers especially
for applications that require many files to be sent over the wire
*cough*Nextcloud11*cough*

NGINX blog post about HTTP/2 support: https://www.nginx.com/blog/nginx-1-9-5/
 2017-05-02 22:00:55 +00:00
Girish Ramakrishnan be5221d5b8 bash gymnastics for password with spaces 2017-05-01 11:40:08 -07:00
Girish Ramakrishnan b531922175 do not quote the argument 2017-04-30 22:17:23 -07:00
Girish Ramakrishnan 6cbf64b88e use openssl password only when restore key is non-empty or backup ends with .enc 2017-04-28 15:00:17 -07:00
Girish Ramakrishnan 8deadece05 handle null tlsCert and tlsKey 2017-04-25 17:29:26 -07:00
Girish Ramakrishnan 41edd3778d Merge branch 'dns-fixes' into 'master' 
Set DNS per container rather than the daemon

Closes #307

See merge request !6
 2017-04-25 17:06:31 +00:00
Girish Ramakrishnan a0e122e578 Try to make tests work again 2017-04-23 18:03:40 -07:00
Girish Ramakrishnan 8c011ea9b0 setup: do not dump sensitive fields in args 2017-04-22 11:57:00 -07:00
Johannes Zellner 8a76788e7a From this version on encrypted backups don't use the openssl implicit salt 2017-04-21 10:58:52 +02:00
Ian Fijolek f0ba126156 Move dns-search from daemon to client as well 
Verified no regression of #130
 2017-04-20 21:33:16 +00:00
Ian Fijolek 9dd51575ab Set DNS per container rather than the daemon 
All Cloudron containers need to have the nameserver 172.18.0.1. This was
being done at the daemon level, however since there are also iptables
rules restricting access to the nameserver from containers that aren't
on the Cloudron Docker network, this broke DNS for non-Cloudron
containers.

Since the DNS is only required for Cloudron containers in the first
place, this patch specifies 172.18.0.1 as the nameserver when Cloudron
creates a container and reverts the change at the daemon level
 2017-04-20 19:02:10 +00:00
Johannes Zellner d9a0bf457d Don't make backup files executable 2017-04-20 16:02:13 +02:00
Johannes Zellner a94d44da75 Add generic node.sh to run node apps as root and with memory limitations 2017-04-20 15:20:11 +02:00
Johannes Zellner dda16331f6 Remove unused rmbackup.sh 2017-04-17 20:26:06 +02:00
Johannes Zellner d95e68926b Remove unused backupapp.sh and backupbox.sh 2017-04-17 20:26:06 +02:00
Johannes Zellner ff3a748398 Call backuptask.js directly as root to avoid trampoline shell scripts 2017-04-17 20:26:05 +02:00
Johannes Zellner 9354784f01 Remove unused cpbackup.sh 2017-04-17 20:26:05 +02:00
Johannes Zellner e021a4b377 Remove unused restoreapp.sh 2017-04-17 20:26:05 +02:00
Johannes Zellner 5e1ad4ad93 We need root access to copy backup files with the filesystem backend 2017-04-17 20:26:05 +02:00
Girish Ramakrishnan bb91faf23c mysql: Use utf8mb4 character set 2017-04-14 13:29:01 -07:00
Girish Ramakrishnan eb2ef47df1 remove boxVersionsUrl 
update checker now uses the appstore routes
 2017-04-13 11:38:42 -07:00
mehdi fce2cdce7f Adding proxy_max_temp_file_size 0 to nginx config. 
Explanation:
When proxying an HTTP request, nginx first fills up the memory buffers (set by proxy_buffer_size and proxy_buffers).
When these are full, it then writes them to a temporary file in batches of proxy_temp_file_write_size until it reaches proxy_max_temp_file_size.
When proxy_max_temp_file_size is not set, and a very large file is being served, it reaches the maximum of 1GB, and nginx begins to behave weirdly.
 2017-04-10 22:47:19 +02:00
Johannes Zellner 51d5b96fa1 use "mountpoint" to check if we have the user data mounted 2017-04-05 14:34:18 +02:00
Girish Ramakrishnan 1a3e3638ff iptables-restore is not used anymore 2017-04-04 13:00:48 -07:00
Girish Ramakrishnan 8f912d8a1b add note on how to view graphite browser 2017-04-04 12:35:29 -07:00
Johannes Zellner da857f520b Only stop apps and addons on data migration 2017-04-04 14:30:45 +02:00
Johannes Zellner 7c7ef15e1c Do not collect data for btrfs file systems 2017-04-04 12:34:55 +02:00
Johannes Zellner aa22ab8847 Cleanup the btrfs mounts and the user data file 2017-04-04 12:34:55 +02:00
Johannes Zellner 3e23c3efce Do not move the whole mail folder but only its content 2017-04-04 12:34:55 +02:00
Johannes Zellner c4f96bbd6b Some directory creation fixes 2017-04-04 12:34:55 +02:00
Johannes Zellner 3a17bf9a0f Ensure apps and platform data dirs exist 2017-04-04 12:34:55 +02:00
Johannes Zellner 602f8bcd04 Split platform and app data folders and get rid of btrfs volumes 2017-04-04 12:34:55 +02:00
Girish Ramakrishnan 2c871705c7 Add a referrer policy 2017-03-31 16:11:54 -07:00
Girish Ramakrishnan e9456f70f9 use connlimit module to rate limit 
hitcount cannot be more than 255 in recent module
 2017-03-29 21:51:24 -07:00
Girish Ramakrishnan ffbda22145 Fine tune rate limits a bit more 2017-03-29 16:03:08 -07:00
Girish Ramakrishnan 956fe86250 Add firewall service 
Docker really insists on adding itself to the top of the FORWARD
chain. Making our firewall side-steps this docker design.
 2017-03-29 02:31:53 -07:00
Girish Ramakrishnan 4d000e377f Enable iptables based ratelimit for cloudron auth services 
The goal here is to simply add a rate limit to prevent brute
force password attacks.

Covered services includes:
    (public) http, https, ssh, smtp, msa, imap, sieve
    (private) postgres, redis, mysql, ldap, mongodb. msa

The private limits are higher because some apps will create
a db connection for each page request.  Some apps like mailtrain
will send out lots of emails etc.

Note that apps that use SSO are ratelimited by the ldap limit.

Part of #187
 2017-03-29 00:02:05 -07:00
Johannes Zellner 9d98b55881 Merge branch 'tobru/fix_278' into 'master' 
get disk_size_bytes by directly querying df /. fixes #278

Closes #278

See merge request !4
 2017-03-27 11:46:49 +00:00