systemd: fix crashnotifier

systemd: pass the instance name as argument
Output some logs in crashnotifier
2015-09-07 21:40:01 -07:00 · 2015-09-07 21:16:22 -07:00 · 2015-09-07 21:10:00 -07:00 · 2015-09-07 20:58:14 -07:00 · 2015-09-07 20:54:58 -07:00 · 2015-09-07 20:48:29 -07:00
85 changed files with 2109 additions and 695 deletions
@@ -4,10 +4,6 @@ docs/
 webadmin/dist/
 setup/splash/website/

-# vim swam files
+# vim swap files
 *.swp

-# supervisor
-supervisord.pid
-supervisord.log
-
@@ -4,7 +4,6 @@ The Box
 Development setup
 -----------------
 * sudo useradd -m yellowtent
-** This dummy user is required for supervisor 'box' configs
 ** Add admin-localhost as 127.0.0.1 in /etc/hosts
 ** All apps will be installed as hypened-subdomains of localhost. You should add
   hyphened-subdomains of your apps into /etc/hosts
@@ -2,77 +2,46 @@

 'use strict';

-// WARNING This is a supervisor eventlistener!
-//         The communication happens via stdin/stdout
-//         !! No console.log() allowed
-//         !! Do not set DEBUG
+var assert = require('assert'),
+    mailer = require('./src/mailer.js'),
+    safe = require('safetydance'),
+    path = require('path'),
+    util = require('util');

-var supervisor = require('supervisord-eventlistener'),
-    assert = require('assert'),
-    exec = require('child_process').exec,
-    util = require('util'),
-    fs = require('fs'),
-    mailer = require('./src/mailer.js');
-
-var gLastNotifyTime = {};
-var gCooldownTime = 1000 * 60  * 5; // 5 min
+var COLLECT_LOGS_CMD = path.join(__dirname, 'src/scripts/collectlogs.sh');

 function collectLogs(program, callback) {
    assert.strictEqual(typeof program, 'string');
    assert.strictEqual(typeof callback, 'function');

-    var logFilePath = util.format('/var/log/supervisor/%s.log', program);
-
-    if (!fs.existsSync(logFilePath)) return callback(new Error(util.format('Log file %s does not exist.', logFilePath)));
-
-    fs.readFile(logFilePath, 'utf-8', function (error, data) {
-        if (error) return callback(error);
-
-        var lines = data.split('\n');
-        var boxLogLines = lines.slice(-100);
-
-        exec('dmesg', function (error, stdout /*, stderr */) {
-            if (error) console.error(error);
-
-            var lines = stdout.split('\n');
-            var dmesgLogLines = lines.slice(-100);
-
-            var result = '';
-            result += program + '.log\n';
-            result += '-------------------------------------\n';
-            result += boxLogLines.join('\n');
-            result += '\n\n';
-            result += 'dmesg\n';
-            result += '-------------------------------------\n';
-            result += dmesgLogLines.join('\n');
-
-            callback(null, result);
-        });
-    });
+    var logs = safe.child_process.execSync('sudo ' + COLLECT_LOGS_CMD + ' ' + program, { encoding: 'utf8' });
+    callback(null, logs);
 }

-supervisor.on('PROCESS_STATE_EXITED', function (headers, data) {
-    if (data.expected === '1') return console.error('Normal app %s exit', data.processname);
-
-    console.error('%s exited unexpectedly', data.processname);
-
-    collectLogs(data.processname, function (error, result) {
+function sendCrashNotification(processName) {
+    collectLogs(processName, function (error, result) {
        if (error) {
            console.error('Failed to collect logs.', error);
            result = util.format('Failed to collect logs.', error);
        }

-        if (!gLastNotifyTime[data.processname] || gLastNotifyTime[data.processname] < Date.now() - gCooldownTime) {
-            console.error('Send mail.');
-            mailer.sendCrashNotification(data.processname, result);
-            gLastNotifyTime[data.processname] = Date.now();
-        } else {
-            console.error('Do not send mail, already sent one recently.');
-        }
+        console.log('Sending crash notification email for', processName);
+        mailer.sendCrashNotification(processName, result);
    });
-});
+}
+
+function main() {
+    if (process.argv.length !== 3) return console.error('Usage: crashnotifier.js <processName>');
+
+    var processName = process.argv[2];
+    console.log('Started crash notifier for', processName);
+
+    mailer.initialize(function (error) {
+        if (error) return console.error(error);
+
+        sendCrashNotification(processName);
+    });
+}
+
+main();

-mailer.initialize(function () {
-    supervisor.listen(process.stdin, process.stdout);
-    console.error('Crashnotifier listening...');
-});
@@ -7,6 +7,28 @@
      "from": "https://registry.npmjs.org/async/-/async-1.2.1.tgz",
      "resolved": "https://registry.npmjs.org/async/-/async-1.2.1.tgz"
    },
+    "aws-sdk": {
+      "version": "2.1.46",
+      "from": "https://registry.npmjs.org/aws-sdk/-/aws-sdk-2.1.46.tgz",
+      "resolved": "https://registry.npmjs.org/aws-sdk/-/aws-sdk-2.1.46.tgz",
+      "dependencies": {
+        "sax": {
+          "version": "0.5.3",
+          "from": "http://registry.npmjs.org/sax/-/sax-0.5.3.tgz",
+          "resolved": "http://registry.npmjs.org/sax/-/sax-0.5.3.tgz"
+        },
+        "xml2js": {
+          "version": "0.2.8",
+          "from": "https://registry.npmjs.org/xml2js/-/xml2js-0.2.8.tgz",
+          "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.2.8.tgz"
+        },
+        "xmlbuilder": {
+          "version": "0.4.2",
+          "from": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-0.4.2.tgz",
+          "resolved": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-0.4.2.tgz"
+        }
+      }
+    },
    "body-parser": {
      "version": "1.13.1",
      "from": "https://registry.npmjs.org/body-parser/-/body-parser-1.13.1.tgz",
@@ -105,9 +127,9 @@
      }
    },
    "cloudron-manifestformat": {
-      "version": "1.4.0",
-      "from": "cloudron-manifestformat@1.4.0",
-      "resolved": "https://registry.npmjs.org/cloudron-manifestformat/-/cloudron-manifestformat-1.4.0.tgz",
+      "version": "1.7.0",
+      "from": "https://registry.npmjs.org/cloudron-manifestformat/-/cloudron-manifestformat-1.7.0.tgz",
+      "resolved": "https://registry.npmjs.org/cloudron-manifestformat/-/cloudron-manifestformat-1.7.0.tgz",
      "dependencies": {
        "java-packagename-regex": {
          "version": "1.0.0",
@@ -120,9 +142,9 @@
          "resolved": "http://registry.npmjs.org/safetydance/-/safetydance-0.0.15.tgz"
        },
        "tv4": {
-          "version": "1.1.12",
-          "from": "http://registry.npmjs.org/tv4/-/tv4-1.1.12.tgz",
-          "resolved": "http://registry.npmjs.org/tv4/-/tv4-1.1.12.tgz"
+          "version": "1.2.3",
+          "from": "https://registry.npmjs.org/tv4/-/tv4-1.2.3.tgz",
+          "resolved": "https://registry.npmjs.org/tv4/-/tv4-1.2.3.tgz"
        }
      }
    },
@@ -132,18 +154,17 @@
      "resolved": "https://registry.npmjs.org/connect-ensure-login/-/connect-ensure-login-0.1.1.tgz"
    },
    "connect-lastmile": {
-      "version": "0.0.12",
-      "from": "https://registry.npmjs.org/connect-lastmile/-/connect-lastmile-0.0.12.tgz",
-      "resolved": "https://registry.npmjs.org/connect-lastmile/-/connect-lastmile-0.0.12.tgz",
+      "version": "0.0.13",
+      "from": "connect-lastmile@0.0.13",
      "dependencies": {
        "debug": {
          "version": "2.1.3",
-          "from": "https://registry.npmjs.org/debug/-/debug-2.1.3.tgz",
+          "from": "debug@>=2.1.0 <2.2.0",
          "resolved": "https://registry.npmjs.org/debug/-/debug-2.1.3.tgz",
          "dependencies": {
            "ms": {
              "version": "0.7.0",
-              "from": "http://registry.npmjs.org/ms/-/ms-0.7.0.tgz",
+              "from": "ms@0.7.0",
              "resolved": "http://registry.npmjs.org/ms/-/ms-0.7.0.tgz"
            }
          }
@@ -162,7 +183,7 @@
          "dependencies": {
            "inherits": {
              "version": "2.0.1",
-              "from": "inherits@>=2.0.0 <3.0.0",
+              "from": "http://registry.npmjs.org/inherits/-/inherits-2.0.1.tgz",
              "resolved": "http://registry.npmjs.org/inherits/-/inherits-2.0.1.tgz"
            },
            "statuses": {
@@ -305,7 +326,7 @@
          "dependencies": {
            "inherits": {
              "version": "2.0.1",
-              "from": "inherits@>=2.0.0 <3.0.0",
+              "from": "http://registry.npmjs.org/inherits/-/inherits-2.0.1.tgz",
              "resolved": "http://registry.npmjs.org/inherits/-/inherits-2.0.1.tgz"
            },
            "statuses": {
@@ -1708,14 +1729,7 @@
        "bunyan": {
          "version": "0.22.1",
          "from": "https://registry.npmjs.org/bunyan/-/bunyan-0.22.1.tgz",
-          "resolved": "https://registry.npmjs.org/bunyan/-/bunyan-0.22.1.tgz",
-          "dependencies": {
-            "mv": {
-              "version": "0.0.5",
-              "from": "https://registry.npmjs.org/mv/-/mv-0.0.5.tgz",
-              "resolved": "https://registry.npmjs.org/mv/-/mv-0.0.5.tgz"
-            }
-          }
+          "resolved": "https://registry.npmjs.org/bunyan/-/bunyan-0.22.1.tgz"
        },
        "nopt": {
          "version": "2.1.1",
@@ -1781,11 +1795,6 @@
              }
            }
          }
-        },
-        "dtrace-provider": {
-          "version": "0.2.8",
-          "from": "https://registry.npmjs.org/dtrace-provider/-/dtrace-provider-0.2.8.tgz",
-          "resolved": "https://registry.npmjs.org/dtrace-provider/-/dtrace-provider-0.2.8.tgz"
        }
      }
    },
@@ -1951,23 +1960,6 @@
      "from": "https://registry.npmjs.org/node-uuid/-/node-uuid-1.4.3.tgz",
      "resolved": "https://registry.npmjs.org/node-uuid/-/node-uuid-1.4.3.tgz"
    },
-    "nodejs-disks": {
-      "version": "0.2.1",
-      "from": "https://registry.npmjs.org/nodejs-disks/-/nodejs-disks-0.2.1.tgz",
-      "resolved": "https://registry.npmjs.org/nodejs-disks/-/nodejs-disks-0.2.1.tgz",
-      "dependencies": {
-        "async": {
-          "version": "0.2.10",
-          "from": "https://registry.npmjs.org/async/-/async-0.2.10.tgz",
-          "resolved": "https://registry.npmjs.org/async/-/async-0.2.10.tgz"
-        },
-        "numeral": {
-          "version": "1.4.8",
-          "from": "https://registry.npmjs.org/numeral/-/numeral-1.4.8.tgz",
-          "resolved": "https://registry.npmjs.org/numeral/-/numeral-1.4.8.tgz"
-        }
-      }
-    },
    "nodemailer": {
      "version": "1.3.4",
      "from": "https://registry.npmjs.org/nodemailer/-/nodemailer-1.3.4.tgz",
@@ -2274,9 +2266,9 @@
      "resolved": "https://registry.npmjs.org/proxy-middleware/-/proxy-middleware-0.13.0.tgz"
    },
    "safetydance": {
-      "version": "0.0.16",
-      "from": "http://registry.npmjs.org/safetydance/-/safetydance-0.0.16.tgz",
-      "resolved": "http://registry.npmjs.org/safetydance/-/safetydance-0.0.16.tgz"
+      "version": "0.0.19",
+      "from": "safetydance@0.0.19",
+      "resolved": "https://registry.npmjs.org/safetydance/-/safetydance-0.0.19.tgz"
    },
    "semver": {
      "version": "4.3.6",
@@ -2449,11 +2441,6 @@
        }
      }
    },
-    "supervisord-eventlistener": {
-      "version": "0.1.0",
-      "from": "https://registry.npmjs.org/supervisord-eventlistener/-/supervisord-eventlistener-0.1.0.tgz",
-      "resolved": "https://registry.npmjs.org/supervisord-eventlistener/-/supervisord-eventlistener-0.1.0.tgz"
-    },
    "tail-stream": {
      "version": "0.2.1",
      "from": "https://registry.npmjs.org/tail-stream/-/tail-stream-0.2.1.tgz",
@@ -17,10 +17,11 @@
  },
  "dependencies": {
    "async": "^1.2.1",
+    "aws-sdk": "^2.1.46",
    "body-parser": "^1.13.1",
-    "cloudron-manifestformat": "^1.4.0",
+    "cloudron-manifestformat": "^1.7.0",
    "connect-ensure-login": "^0.1.1",
-    "connect-lastmile": "0.0.12",
+    "connect-lastmile": "0.0.13",
    "connect-timeout": "^1.5.0",
    "cookie-parser": "^1.3.5",
    "cookie-session": "^1.1.0",
@@ -35,7 +36,7 @@
    "express-session": "^1.11.3",
    "hat": "0.0.3",
    "json": "^9.0.3",
-    "ldapjs": "git+https://github.com/mcavage/node-ldapjs.git#acc1ca8f4314fd9d67561feabc8ce4c235076a5e",
+    "ldapjs": "^0.7.1",
    "memorystream": "^0.3.0",
    "mime": "^1.3.4",
    "morgan": "^1.6.0",
@@ -43,7 +44,6 @@
    "mysql": "^2.7.0",
    "native-dns": "^0.7.0",
    "node-uuid": "^1.4.3",
-    "nodejs-disks": "^0.2.1",
    "nodemailer": "^1.3.0",
    "nodemailer-smtp-transport": "^1.0.3",
    "oauth2orize": "^1.0.1",
@@ -55,13 +55,12 @@
    "passport-oauth2-client-password": "^0.1.2",
    "password-generator": "^1.0.0",
    "proxy-middleware": "^0.13.0",
-    "safetydance": "0.0.16",
+    "safetydance": "0.0.19",
    "semver": "^4.3.6",
    "serve-favicon": "^2.2.0",
    "split": "^1.0.0",
    "superagent": "~0.21.0",
    "supererror": "^0.7.0",
-    "supervisord-eventlistener": "^0.1.0",
    "tail-stream": "https://registry.npmjs.org/tail-stream/-/tail-stream-0.2.1.tgz",
    "underscore": "^1.7.0",
    "valid-url": "^1.0.9",
@@ -69,7 +68,6 @@
  },
  "devDependencies": {
    "apidoc": "*",
-    "aws-sdk": "^2.1.10",
    "bootstrap-sass": "^3.3.3",
    "del": "^1.1.1",
    "expect.js": "*",
@@ -16,7 +16,7 @@ and replace it with a new one for an update.

 Because we do not package things as Docker yet, we should be careful
 about the code here. We have to expect remains of an older setup code.
-For example, older supervisor or nginx configs might be around.
+For example, older systemd or nginx configs might be around.

 The config directory is _part_ of the container and is not a VOLUME.
 Which is to say that the files will be nuked from one update to the next.
@@ -40,7 +40,7 @@ version (see below) or the mysql/postgresql data etc.

  * It then setups up the cloud infra (setup_infra.sh) and creates cloudron.conf.

-  * supervisor is then started
+  * box services are then started

 setup_infra.sh
 This setups containers like graphite, mail and the addons containers.
@@ -3,4 +3,15 @@
 # If you change the infra version, be sure to put a warning
 # in the change log

-INFRA_VERSION=4
+INFRA_VERSION=8
+
+# WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+# These constants are used in the installer script as well
+BASE_IMAGE=cloudron/base:0.3.3
+MYSQL_IMAGE=cloudron/mysql:0.3.3
+POSTGRESQL_IMAGE=cloudron/postgresql:0.3.2
+MONGODB_IMAGE=cloudron/mongodb:0.3.2
+REDIS_IMAGE=cloudron/redis:0.3.2 # if you change this, fix src/addons.js as well
+MAIL_IMAGE=cloudron/mail:0.3.2
+GRAPHITE_IMAGE=cloudron/graphite:0.3.4
+
@@ -16,6 +16,8 @@ arg_tls_key=""
 arg_token=""
 arg_version=""
 arg_web_server_origin=""
+arg_backup_key=""
+arg_aws=""

 args=$(getopt -o "" -l "data:,retire" -n "$0" -- "$@")
 eval set -- "${args}"
@@ -41,6 +43,12 @@ EOF
        arg_restore_key=$(echo "$2" | $json restoreKey)
        [[ "${arg_restore_key}" == "null" ]] && arg_restore_key=""

+        arg_backup_key=$(echo "$2" | $json backupKey)
+        [[ "${arg_backup_key}" == "null" ]] && arg_backup_key=""
+
+        arg_aws=$(echo "$2" | $json aws)
+        [[ "${arg_aws}" == "null" ]] && arg_aws=""
+
        shift 2
        ;;
    --) break;;
@@ -13,13 +13,10 @@ readonly DATA_DIR="/home/yellowtent/data"
 rm -rf "${CONFIG_DIR}"
 sudo -u yellowtent mkdir "${CONFIG_DIR}"

-########## logrotate (default ubuntu runs this daily)
-rm -rf /etc/logrotate.d/*
-cp -r "${container_files}/logrotate/." /etc/logrotate.d/
-
-########## supervisor
-rm -rf /etc/supervisor/*
-cp -r "${container_files}/supervisor/." /etc/supervisor/
+########## systemd
+cp -r "${container_files}/systemd/." /etc/systemd/system/
+systemctl daemon-reload
+systemctl enable cloudron.target

 ########## sudoers
 rm /etc/sudoers.d/*
@@ -34,6 +31,9 @@ ln -sfF "${DATA_DIR}/collectd" /etc/collectd
 unlink /etc/nginx 2>/dev/null || rm -rf /etc/nginx
 ln -s "${DATA_DIR}/nginx" /etc/nginx

+########## mysql
+cp "${container_files}/mysql.cnf" /etc/mysql/mysql.cnf
+
 ########## Enable services
 update-rc.d -f collectd defaults

@@ -1,6 +0,0 @@
-/var/log/cloudron/*log {
-    missingok
-    notifempty
-    size 100k
-    nocompress
-}
@@ -1,7 +0,0 @@
-/var/log/supervisor/*log {
-    missingok
-    copytruncate
-    notifempty
-    size 100k
-    nocompress
-}
@@ -0,0 +1,7 @@
+!includedir /etc/mysql/conf.d/
+!includedir /etc/mysql/mysql.conf.d/
+
+# http://bugs.mysql.com/bug.php?id=68514
+[mysqld]
+performance_schema=OFF
+max_connection=50
@@ -24,3 +24,6 @@ yellowtent ALL=(root) NOPASSWD: /home/yellowtent/box/src/scripts/reloadcollectd.

 Defaults!/home/yellowtent/box/src/scripts/backupswap.sh env_keep="HOME BOX_ENV"
 yellowtent ALL=(root) NOPASSWD: /home/yellowtent/box/src/scripts/backupswap.sh
+
+Defaults!/home/yellowtent/box/src/scripts/collectlogs.sh env_keep="HOME BOX_ENV"
+yellowtent ALL=(root) NOPASSWD: /home/yellowtent/box/src/scripts/collectlogs.sh
@@ -1,10 +0,0 @@
-[program:apphealthtask]
-command=/usr/bin/node "/home/yellowtent/box/apphealthtask.js"
-autostart=true
-autorestart=true
-redirect_stderr=true
-stdout_logfile=/var/log/supervisor/apphealthtask.log
-stdout_logfile_maxbytes=50MB
-stdout_logfile_backups=2
-user=yellowtent
-environment=HOME="/home/yellowtent",USER="yellowtent",DEBUG="box*",BOX_ENV="cloudron",NODE_ENV="production"
@@ -1,10 +0,0 @@
-[program:box]
-command=/usr/bin/node "/home/yellowtent/box/app.js"
-autostart=true
-autorestart=true
-redirect_stderr=true
-stdout_logfile=/var/log/supervisor/box.log
-stdout_logfile_maxbytes=50MB
-stdout_logfile_backups=2
-user=yellowtent
-environment=HOME="/home/yellowtent",USER="yellowtent",DEBUG="box*,connect-lastmile",BOX_ENV="cloudron",NODE_ENV="production"
@@ -1,11 +0,0 @@
-[eventlistener:crashnotifier]
-command=/usr/bin/node "/home/yellowtent/box/crashnotifier.js"
-events=PROCESS_STATE
-autostart=true
-autorestart=true
-redirect_stderr=false
-stderr_logfile=/var/log/supervisor/crashnotifier.log
-stderr_logfile_maxbytes=50MB
-stderr_logfile_backups=2
-user=yellowtent
-environment=HOME="/home/yellowtent",USER="yellowtent",BOX_ENV="cloudron",NODE_ENV="production"
@@ -1,10 +0,0 @@
-[program:janitor]
-command=/usr/bin/node "/home/yellowtent/box/janitor.js"
-autostart=true
-autorestart=true
-redirect_stderr=true
-stdout_logfile=/var/log/supervisor/janitor.log
-stdout_logfile_maxbytes=50MB
-stdout_logfile_backups=2
-user=yellowtent
-environment=HOME="/home/yellowtent",USER="yellowtent",DEBUG="box*",BOX_ENV="cloudron",NODE_ENV="production"
@@ -1,10 +0,0 @@
-[program:oauthproxy]
-command=/usr/bin/node "/home/yellowtent/box/oauthproxy.js"
-autostart=true
-autorestart=true
-redirect_stderr=true
-stdout_logfile=/var/log/supervisor/oauthproxy.log
-stdout_logfile_maxbytes=50MB
-stdout_logfile_backups=2
-user=yellowtent
-environment=HOME="/home/yellowtent",USER="yellowtent",DEBUG="box*",BOX_ENV="cloudron",NODE_ENV="production"
@@ -1,33 +0,0 @@
-; supervisor config file
-
-; http://coffeeonthekeyboard.com/using-supervisorctl-with-linux-permissions-but-without-root-or-sudo-977/
-[inet_http_server]
-port = 127.0.0.1:9001
-
-[supervisord]
-logfile=/var/log/supervisor/supervisord.log ; (main log file;default $CWD/supervisord.log)
-pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
-logfile_maxbytes = 50MB
-logfile_backups=10
-loglevel = info
-nodaemon = false
-childlogdir = /var/log/supervisor/
-
-; the below section must remain in the config file for RPC
-; (supervisorctl/web interface) to work, additional interfaces may be
-; added by defining them in separate rpcinterface: sections
-[rpcinterface:supervisor]
-supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
-
-[supervisorctl]
-serverurl=http://127.0.0.1:9001
-
-; The [include] section can just contain the "files" setting.  This
-; setting can list multiple files (separated by whitespace or
-; newlines).  It can also contain wildcards.  The filenames are
-; interpreted as relative to this file.  Included files *cannot*
-; include files themselves.
-
-[include]
-files = conf.d/*.conf
-
@@ -0,0 +1,15 @@
+[Unit]
+Description=Cloudron App Health Monitor
+OnFailure=crashnotifier@%n.service
+StopWhenUnneeded=true
+
+[Service]
+Type=idle
+WorkingDirectory=/home/yellowtent/box
+Restart=always
+ExecStart="/home/yellowtent/box/apphealthtask.js"
+Environment="HOME=/home/yellowtent" "USER=yellowtent" "DEBUG=box*,connect-lastmile" "BOX_ENV=cloudron" "NODE_ENV=production"
+KillMode=process
+User=yellowtent
+Group=yellowtent
+MemoryLimit=50M
@@ -0,0 +1,17 @@
+[Unit]
+Description=Cloudron Admin
+OnFailure=crashnotifier@%n.service
+StopWhenUnneeded=true
+
+[Service]
+Type=idle
+WorkingDirectory=/home/yellowtent/box
+Restart=always
+ExecStart="/home/yellowtent/box/app.js"
+Environment="HOME=/home/yellowtent" "USER=yellowtent" "DEBUG=box*,connect-lastmile" "BOX_ENV=cloudron" "NODE_ENV=production"
+KillMode=process
+User=yellowtent
+Group=yellowtent
+MemoryLimit=200M
+TimeoutStopSec=5s
+
@@ -0,0 +1,10 @@
+[Unit]
+Description=Cloudron Smart Cloud
+Documentation=https://cloudron.io/documentation.html
+StopWhenUnneeded=true
+Requires=apphealthtask.service box.service janitor.service oauthproxy.service
+After=apphealthtask.service box.service janitor.service oauthproxy.service
+# AllowIsolate=yes
+
+[Install]
+WantedBy=multi-user.target
@@ -0,0 +1,15 @@
+# http://northernlightlabs.se/systemd.status.mail.on.unit.failure
+[Unit]
+Description=Cloudron Crash Notifier for %i
+# otherwise, systemd will kill this unit immediately as nobody requires it
+StopWhenUnneeded=false
+
+[Service]
+Type=idle
+WorkingDirectory=/home/yellowtent/box
+ExecStart="/home/yellowtent/box/crashnotifier.js" %I
+Environment="HOME=/home/yellowtent" "USER=yellowtent" "DEBUG=box*,connect-lastmile" "BOX_ENV=cloudron" "NODE_ENV=production"
+KillMode=process
+User=yellowtent
+Group=yellowtent
+
@@ -0,0 +1,16 @@
+[Unit]
+Description=Cloudron Janitor
+OnFailure=crashnotifier@%n.service
+StopWhenUnneeded=true
+
+[Service]
+Type=idle
+WorkingDirectory=/home/yellowtent/box
+Restart=always
+ExecStart="/home/yellowtent/box/janitor.js"
+Environment="HOME=/home/yellowtent" "USER=yellowtent" "DEBUG=box*,connect-lastmile" "BOX_ENV=cloudron" "NODE_ENV=production"
+KillMode=process
+User=yellowtent
+Group=yellowtent
+MemoryLimit=50M
+
@@ -0,0 +1,16 @@
+[Unit]
+Description=Cloudron OAuth Proxy Service
+OnFailure=crashnotifier@%n.service
+StopWhenUnneeded=true
+
+[Service]
+Type=idle
+WorkingDirectory=/home/yellowtent/box
+Restart=always
+ExecStart="/home/yellowtent/box/oauthproxy.js"
+Environment="HOME=/home/yellowtent" "USER=yellowtent" "DEBUG=box*,connect-lastmile" "BOX_ENV=cloudron" "NODE_ENV=production"
+KillMode=process
+User=yellowtent
+Group=yellowtent
+MemoryLimit=50M
+
@@ -41,6 +41,9 @@ mkdir -p "${DATA_DIR}/box/appicons"
 mkdir -p "${DATA_DIR}/box/mail"
 mkdir -p "${DATA_DIR}/graphite"

+mkdir -p "${DATA_DIR}/mysql"
+mkdir -p "${DATA_DIR}/postgresql"
+mkdir -p "${DATA_DIR}/mongodb"
 mkdir -p "${DATA_DIR}/snapshots"
 mkdir -p "${DATA_DIR}/addons"
 mkdir -p "${DATA_DIR}/collectd/collectd.conf.d"
@@ -53,6 +56,9 @@ echo "{ \"version\": \"${arg_version}\", \"boxVersionsUrl\": \"${arg_box_version
 echo "Cleaning up snapshots"
 find "${DATA_DIR}/snapshots" -mindepth 1 -maxdepth 1 | xargs --no-run-if-empty btrfs subvolume delete

+# restart mysql to make sure it has latest config
+service mysql restart
+
 readonly mysql_root_password="password"
 mysqladmin -u root -ppassword password password # reset default root password
 mysql -u root -p${mysql_root_password} -e 'CREATE DATABASE IF NOT EXISTS box'
@@ -83,6 +89,10 @@ EOF

 set_progress "28" "Setup collectd"
 cp "${script_dir}/start/collectd.conf" "${DATA_DIR}/collectd/collectd.conf"
+# collectd 5.4.1 has some bug where we simply cannot get it to create df-vda1
+mkdir -p "${DATA_DIR}/graphite/whisper/collectd/localhost/"
+vda1_id=$(blkid -s UUID -o value /dev/vda1)
+ln -sfF "df-disk_by-uuid_${vda1_id}" "${DATA_DIR}/graphite/whisper/collectd/localhost/df-vda1"
 service collectd restart

 set_progress "30" "Setup nginx"
@@ -112,6 +122,7 @@ set_progress "65" "Creating cloudron.conf"
 sudo -u yellowtent -H bash <<EOF
 set -eu
 echo "Creating cloudron.conf"
+# note that arg_aws is a javascript object and intentionally unquoted below
 cat > "${CONFIG_DIR}/cloudron.conf" <<CONF_END
 {
    "version": "${arg_version}",
@@ -128,7 +139,9 @@ cat > "${CONFIG_DIR}/cloudron.conf" <<CONF_END
        "password": "${mysql_root_password}",
        "port": 3306,
        "name": "box"
-    }
+    },
+    "backupKey": "${arg_backup_key}",
+    "aws": ${arg_aws}
 }
 CONF_END

@@ -153,22 +166,10 @@ ADMIN_SCOPES="root,developer,profile,users,apps,settings,roleUser"
 mysql -u root -p${mysql_root_password} \
    -e "REPLACE INTO clients (id, appId, clientSecret, redirectURI, scope) VALUES (\"cid-test\", \"test\", \"secret-test\", \"http://127.0.0.1:5000\", \"${ADMIN_SCOPES}\")" box

-set_progress "80" "Reloading supervisor"
-# looks like restarting supervisor completely is the only way to reload it
-service supervisor stop || true
+set_progress "80" "Starting Cloudron"
+systemctl start cloudron.target

-echo -n "Waiting for supervisord to stop"
-while test -e "/var/run/supervisord.pid" && kill -0 `cat /var/run/supervisord.pid`; do
-    echo -n "."
-    sleep 1
-done
-echo ""
-
-echo "Starting supervisor"
-
-service supervisor start
-
-sleep 2 # give supervisor sometime to start the processes
+sleep 2 # give systemd sometime to start the processes

 set_progress "85" "Reloading nginx"
 nginx -s reload
@@ -193,12 +193,11 @@ LoadPlugin write_graphite
 </Plugin>

 <Plugin df>
-   Device "/dev/vda1"
-   Device "/dev/loop0"
-   Device "/dev/loop1"
+   FSType "tmpfs"
+   MountPoint "/dev"

   ReportByDevice true
-   IgnoreSelected false
+   IgnoreSelected true

   ValuesAbsolute true
   ValuesPercentage true
@@ -27,11 +27,13 @@ if [[ -n "${existing_containers}" ]]; then
 fi

 # graphite
-docker run --restart=always -d --name="graphite" \
+graphite_container_id=$(docker run --restart=always -d --name="graphite" \
    -p 127.0.0.1:2003:2003 \
    -p 127.0.0.1:2004:2004 \
    -p 127.0.0.1:8000:8000 \
-    -v "${DATA_DIR}/graphite:/app/data" cloudron/graphite:0.3.1
+    -v "${DATA_DIR}/graphite:/app/data" \
+    "${GRAPHITE_IMAGE}")
+echo "Graphite container id: ${graphite_container_id}"

 # mail
 mail_container_id=$(docker run --restart=always -d --name="mail" \
@@ -39,7 +41,7 @@ mail_container_id=$(docker run --restart=always -d --name="mail" \
    -h "${arg_fqdn}" \
    -e "DOMAIN_NAME=${arg_fqdn}" \
    -v "${DATA_DIR}/box/mail:/app/data" \
-    cloudron/mail:0.3.0)
+    "${MAIL_IMAGE}")
 echo "Mail container id: ${mail_container_id}"

 # mysql
@@ -52,8 +54,8 @@ EOF
 mysql_container_id=$(docker run --restart=always -d --name="mysql" \
    -h "${arg_fqdn}" \
    -v "${DATA_DIR}/mysql:/var/lib/mysql" \
-    -v "${DATA_DIR}/addons/mysql_vars.sh:/etc/mysql/mysql_vars.sh:r" \
-    cloudron/mysql:0.3.0)
+    -v "${DATA_DIR}/addons/mysql_vars.sh:/etc/mysql/mysql_vars.sh:ro" \
+    "${MYSQL_IMAGE}")
 echo "MySQL container id: ${mysql_container_id}"

 # postgresql
@@ -64,8 +66,8 @@ EOF
 postgresql_container_id=$(docker run --restart=always -d --name="postgresql" \
    -h "${arg_fqdn}" \
    -v "${DATA_DIR}/postgresql:/var/lib/postgresql" \
-    -v "${DATA_DIR}/addons/postgresql_vars.sh:/etc/postgresql/postgresql_vars.sh:r" \
-    cloudron/postgresql:0.3.0)
+    -v "${DATA_DIR}/addons/postgresql_vars.sh:/etc/postgresql/postgresql_vars.sh:ro" \
+    "${POSTGRESQL_IMAGE}")
 echo "PostgreSQL container id: ${postgresql_container_id}"

 # mongodb
@@ -76,8 +78,8 @@ EOF
 mongodb_container_id=$(docker run --restart=always -d --name="mongodb" \
    -h "${arg_fqdn}" \
    -v "${DATA_DIR}/mongodb:/var/lib/mongodb" \
-    -v "${DATA_DIR}/addons/mongodb_vars.sh:/etc/mongodb_vars.sh:r" \
-    cloudron/mongodb:0.3.0)
+    -v "${DATA_DIR}/addons/mongodb_vars.sh:/etc/mongodb_vars.sh:ro" \
+    "${MONGODB_IMAGE}")
 echo "Mongodb container id: ${mongodb_container_id}"

 if [[ "${infra_version}" == "none" ]]; then
@@ -2,14 +2,6 @@

 set -eu -o pipefail

-echo "Stopping box code"
-
-service supervisor stop || true
-
-echo -n "Waiting for supervisord to stop"
-while test -e "/var/run/supervisord.pid" && kill -0 `cat /var/run/supervisord.pid`; do
-    echo -n "."
-    sleep 1
-done
-echo ""
+echo "Stopping cloudron"

+systemctl stop cloudron.target
@@ -38,8 +38,7 @@ var appdb = require('./appdb.js'),
    tokendb = require('./tokendb.js'),
    util = require('util'),
    uuid = require('node-uuid'),
-    vbox = require('./vbox.js'),
-    _ = require('underscore');
+    vbox = require('./vbox.js');

 var NOOP = function (app, callback) { return callback(); };

@@ -665,7 +664,7 @@ function setupRedis(app, callback) {
        name: 'redis-' + app.id,
        Hostname: config.appFqdn(app.location),
        Tty: true,
-        Image: 'cloudron/redis:0.3.0',
+        Image: 'cloudron/redis:0.3.2', // if you change this, fix setup/INFRA_VERSION as well
        Cmd: null,
        Volumes: {},
        VolumesFrom: []
@@ -675,7 +674,7 @@ function setupRedis(app, callback) {

    var startOptions = {
        Binds: [
-            redisVarsFile + ':/etc/redis/redis_vars.sh:r',
+            redisVarsFile + ':/etc/redis/redis_vars.sh:ro',
            redisDataDir + ':/var/lib/redis:rw'
        ],
        // On Mac (boot2docker), we have to export the port to external world for port forwarding from Mac to work
@@ -35,12 +35,13 @@ exports = module.exports = {
    ISTATE_ERROR: 'error', // error executing last pending_* command
    ISTATE_INSTALLED: 'installed', // app is installed

-    // run codes (keep in sync in UI)
    RSTATE_RUNNING: 'running',
    RSTATE_PENDING_START: 'pending_start',
    RSTATE_PENDING_STOP: 'pending_stop',
    RSTATE_STOPPED: 'stopped', // app stopped by use
+    RSTATE_ERROR: 'error',

+    // run codes (keep in sync in UI)
    HEALTH_HEALTHY: 'healthy',
    HEALTH_UNHEALTHY: 'unhealthy',
    HEALTH_ERROR: 'error',
@@ -335,6 +336,7 @@ function setInstallationCommand(appId, installationState, values, callback) {

    // Rules are:
    // uninstall is allowed in any state
+    // force update is allowed in any state including pending_uninstall! (for better or worse)
    // restore is allowed from installed or error state
    // update and configure are allowed only in installed state

@@ -490,28 +490,30 @@ function restore(appId, callback) {
        if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new AppsError(AppsError.NOT_FOUND));
        if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));

-        var restoreConfig = app.lastBackupConfig;
-        if (!restoreConfig) return callback(new AppsError(AppsError.BAD_STATE, 'No restore point'));
+        // restore without a backup is the same as re-install
+        var restoreConfig = app.lastBackupConfig, values = { };
+        if (restoreConfig) {
+            // re-validate because this new box version may not accept old configs.
+            // if we restore location, it should be validated here as well
+            error = checkManifestConstraints(restoreConfig.manifest);
+            if (error) return callback(new AppsError(AppsError.BAD_FIELD, 'Manifest cannot be installed: ' + error.message));

-        // re-validate because this new box version may not accept old configs. if we restore location, it should be validated here as well
-        error = checkManifestConstraints(restoreConfig.manifest);
-        if (error) return callback(new AppsError(AppsError.BAD_FIELD, 'Manifest cannot be installed: ' + error.message));
+            error = validatePortBindings(restoreConfig.portBindings, restoreConfig.manifest.tcpPorts); // maybe new ports got reserved now
+            if (error) return callback(error);

-        error = validatePortBindings(restoreConfig.portBindings, restoreConfig.manifest.tcpPorts); // maybe new ports got reserved now
-        if (error) return callback(error);
+            // ## should probably query new location, access restriction from user
+            values = {
+                manifest: restoreConfig.manifest,
+                portBindings: restoreConfig.portBindings,

-        // ## should probably query new location, access restriction from user
-        var values = {
-            manifest: restoreConfig.manifest,
-            portBindings: restoreConfig.portBindings,
-
-            oldConfig: {
-                location: app.location,
-                accessRestriction: app.accessRestriction,
-                portBindings: app.portBindings,
-                manifest: app.manifest
-            }
-        };
+                oldConfig: {
+                    location: app.location,
+                    accessRestriction: app.accessRestriction,
+                    portBindings: app.portBindings,
+                    manifest: app.manifest
+                }
+            };
+        }

        appdb.setInstallationCommand(appId, appdb.ISTATE_PENDING_RESTORE, values, function (error) {
            if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new AppsError(AppsError.BAD_STATE)); // might be a bad guess
@@ -573,6 +575,8 @@ function stop(appId, callback) {
 }

 function checkManifestConstraints(manifest) {
+    if (!manifest.dockerImage) return new Error('Missing dockerImage'); // dockerImage is optional in manifest
+
    if (semver.valid(manifest.maxBoxVersion) && semver.gt(config.version(), manifest.maxBoxVersion)) {
        return new Error('Box version exceeds Apps maxBoxVersion');
    }
@@ -664,7 +668,7 @@ function autoupdateApps(updateInfo, callback) { // updateInfo is { appId -> { ma
                return iteratorDone();
            }

-           update(appId, updateInfo[appId].manifest, app.portBindings, null /* icon */, function (error) {
+           update(appId, false /* force */, updateInfo[appId].manifest, app.portBindings, null /* icon */, function (error) {
                if (error) debug('Error initiating autoupdate of %s', appId);

                iteratorDone(null);
@@ -675,16 +679,16 @@ function autoupdateApps(updateInfo, callback) { // updateInfo is { appId -> { ma

 function backupApp(app, addonsToBackup, callback) {
    assert.strictEqual(typeof app, 'object');
-    assert.strictEqual(typeof addonsToBackup, 'object');
+    assert(!addonsToBackup || typeof addonsToBackup, 'object');
    assert.strictEqual(typeof callback, 'function');

    function canBackupApp(app) {
        // only backup apps that are installed or pending configure. Rest of them are in some
        // state not good for consistent backup (i.e addons may not have been setup completely)
-        return (app.installationState === appdb.ISTATE_INSTALLED && app.health === appdb.HEALTH_HEALTHY)
-                || app.installationState === appdb.ISTATE_PENDING_CONFIGURE
-                || app.installationState === appdb.ISTATE_PENDING_BACKUP
-                || app.installationState === appdb.ISTATE_PENDING_UPDATE; // called from apptask
+        return (app.installationState === appdb.ISTATE_INSTALLED && app.health === appdb.HEALTH_HEALTHY) ||
+                app.installationState === appdb.ISTATE_PENDING_CONFIGURE ||
+                app.installationState === appdb.ISTATE_PENDING_BACKUP ||
+                app.installationState === appdb.ISTATE_PENDING_UPDATE; // called from apptask
    }

    if (!canBackupApp(app)) return callback(new AppsError(AppsError.BAD_STATE, 'App not healthy'));
@@ -700,7 +704,7 @@ function backupApp(app, addonsToBackup, callback) {
        return callback(safe.error);
    }

-    backups.getBackupUrl(app, null, function (error, result) {
+    backups.getBackupUrl(app, function (error, result) {
        if (error && error.reason === BackupsError.EXTERNAL_ERROR) return callback(new AppsError(AppsError.EXTERNAL_ERROR, error.message));
        if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));

@@ -709,7 +713,7 @@ function backupApp(app, addonsToBackup, callback) {
        async.series([
            ignoreError(shell.sudo.bind(null, 'mountSwap', [ BACKUP_SWAP_CMD, '--on' ])),
            addons.backupAddons.bind(null, app, addonsToBackup),
-            shell.sudo.bind(null, 'backupApp', [ BACKUP_APP_CMD,  app.id, result.url, result.backupKey ]),
+            shell.sudo.bind(null, 'backupApp', [ BACKUP_APP_CMD,  app.id, result.url, result.backupKey, result.sessionToken ]),
            ignoreError(shell.sudo.bind(null, 'unmountSwap', [ BACKUP_SWAP_CMD, '--off' ])),
        ], function (error) {
            if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));
@@ -756,7 +760,7 @@ function restoreApp(app, addonsToRestore, callback) {

        debugApp(app, 'restoreApp: restoreUrl:%s', result.url);

-        shell.sudo('restoreApp', [ RESTORE_APP_CMD,  app.id, result.url, result.backupKey ], function (error) {
+        shell.sudo('restoreApp', [ RESTORE_APP_CMD,  app.id, result.url, result.backupKey, result.sessionToken ], function (error) {
            if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error));

            addons.restoreAddons(app, addonsToRestore, callback);
@@ -46,6 +46,7 @@ var addons = require('./addons.js'),
    paths = require('./paths.js'),
    safe = require('safetydance'),
    shell = require('./shell.js'),
+    subdomains = require('./subdomains.js'),
    superagent = require('superagent'),
    sysinfo = require('./sysinfo.js'),
    util = require('util'),
@@ -189,7 +190,6 @@ function createContainer(app, callback) {
        }

        env.push('CLOUDRON=1');
-        env.push('ADMIN_ORIGIN' + '=' + config.adminOrigin()); // ## remove
        env.push('WEBADMIN_ORIGIN' + '=' + config.adminOrigin());
        env.push('API_ORIGIN' + '=' + config.adminOrigin());

@@ -202,8 +202,6 @@ function createContainer(app, callback) {
                Tty: true,
                Image: app.manifest.dockerImage,
                Cmd: null,
-                Volumes: {},
-                VolumesFrom: [],
                Env: env.concat(addonEnv),
                ExposedPorts: exposedPorts
            };
@@ -251,7 +249,7 @@ function deleteImage(app, manifest, callback) {
            noprune: false
        };

-        // delete image by id because docker pull pulls down all the tags and this is the only way to delete all tags
+         // delete image by id because 'docker pull' pulls down all the tags and this is the only way to delete all tags
        docker.getImage(result.Id).remove(removeOptions, function (error) {
            if (error && error.statusCode === 404) return callback(null);
            if (error && error.statusCode === 409) return callback(null); // another container using the image
@@ -334,15 +332,20 @@ function startContainer(app, callback) {
            vbox.forwardFromHostToVirtualBox(app.id + '-tcp' + containerPort, hostPort);
        }

+        var memoryLimit = manifest.memoryLimit || 1024 * 1024 * 200; // 200mb by default
+
        var startOptions = {
            Binds: addons.getBindsSync(app, app.manifest.addons),
+            Memory: memoryLimit / 2,
+            MemorySwap: memoryLimit, // Memory + Swap
            PortBindings: dockerPortBindings,
            PublishAllPorts: false,
            Links: addons.getLinksSync(app, app.manifest.addons),
            RestartPolicy: {
                "Name": "always",
                "MaximumRetryCount": 0
-            }
+            },
+            CpuShares: 512 // relative to 1024 for system processes
        };

        var container = docker.getContainer(app.containerId);
@@ -357,6 +360,11 @@ function startContainer(app, callback) {
 }

 function stopContainer(app, callback) {
+    if (!app.containerId) {
+        debugApp(app, 'No previous container to stop');
+        return callback();
+    }
+
    var container = docker.getContainer(app.containerId);
    debugApp(app, 'Stopping container %s', container.id);

@@ -422,43 +430,27 @@ function registerSubdomain(app, callback) {
    // need to register it so that we have a dnsRecordId to wait for it to complete
    var record = { subdomain: app.location, type: 'A', value: sysinfo.getIp() };

-    superagent
-        .post(config.apiServerOrigin() + '/api/v1/subdomains')
-        .set('Accept', 'application/json')
-        .query({ token: config.token() })
-        .send({ records: [ record ] })
-        .end(function (error, res) {
-            if (error) return callback(error);
+    subdomains.add(record, function (error, changeId) {
+        if (error) return callback(error);

-            debugApp(app, 'Registered subdomain status: %s', res.status);
+        debugApp(app, 'Registered subdomain.');

-            if (res.status === 409) return callback(null); // already registered
-            if (res.status !== 201) return callback(new Error(util.format('Subdomain Registration failed. %s %j', res.status, res.body)));
-
-            updateApp(app, { dnsRecordId: res.body.ids[0] }, callback);
-        });
+        updateApp(app, { dnsRecordId: changeId }, callback);
+    });
 }

-function unregisterSubdomain(app, callback) {
-    debugApp(app, 'Unregistering subdomain: dnsRecordId=%s', app.dnsRecordId);
-
-    if (!app.dnsRecordId) return callback(null);
+function unregisterSubdomain(app, location, callback) {
+    debugApp(app, 'Unregistering subdomain: %s', location);

    // do not unregister bare domain because we show a error/cloudron info page there
-    if (app.location === '') return updateApp(app, { dnsRecordId: null }, callback);
+    if (location === '') return callback(null);

-    superagent
-        .del(config.apiServerOrigin() + '/api/v1/subdomains/' + app.dnsRecordId)
-        .query({ token: config.token() })
-        .end(function (error, res) {
-            if (error) {
-                debugApp(app, 'Error making request: %s', error);
-            } else if (res.status !== 204) {
-                debugApp(app, 'Error unregistering subdomain:', res.status, res.body);
-            }
+    var record = { subdomain: location, type: 'A', value: sysinfo.getIp() };
+    subdomains.remove(record, function (error) {
+        if (error) debugApp(app, 'Error unregistering subdomain: %s', error);

-            updateApp(app, { dnsRecordId: null }, callback);
-        });
+        updateApp(app, { dnsRecordId: null }, callback);
+    });
 }

 function removeIcon(app, callback) {
@@ -479,21 +471,15 @@ function waitForDnsPropagation(app, callback) {
        setTimeout(waitForDnsPropagation.bind(null, app, callback), 5000);
    }

-    superagent
-        .get(config.apiServerOrigin() + '/api/v1/subdomains/' + app.dnsRecordId + '/status')
-        .set('Accept', 'application/json')
-        .query({ token: config.token() })
-        .end(function (error, res) {
-            if (error) return retry(new Error('Failed to get dns record status : ' + error.message));
+    subdomains.status(app.dnsRecordId, function (error, result) {
+        if (error) return retry(new Error('Failed to get dns record status : ' + error.message));

-            debugApp(app, 'waitForDnsPropagation: dnsRecordId:%s status:%s', app.dnsRecordId, res.status);
+        debugApp(app, 'waitForDnsPropagation: dnsRecordId:%s status:%s', app.dnsRecordId, result);

-            if (res.status !== 200) return retry(new Error(util.format('Error getting record status: %s %j', res.status, res.body)));
+        if (result !== 'done') return retry(new Error(util.format('app:%s not ready yet: %s', app.id, result)));

-            if (res.body.status !== 'done') return retry(new Error(util.format('app:%s not ready yet: %s', app.id, res.body.status)));
-
-            callback(null);
-        });
+        callback(null);
+    });
 }

 // updates the app object and the database
@@ -532,9 +518,9 @@ function install(app, callback) {
        deleteContainer.bind(null, app),
        addons.teardownAddons.bind(null, app, app.manifest.addons),
        deleteVolume.bind(null, app),
-        unregisterSubdomain.bind(null, app),
+        unregisterSubdomain.bind(null, app, app.location),
        removeOAuthProxyCredentials.bind(null, app),
-        removeIcon.bind(null, app),
+        // removeIcon.bind(null, app), // do not remove icon for non-appstore installs
        unconfigureNginx.bind(null, app),

        updateApp.bind(null, app, { installationProgress: '15, Configure nginx' }),
@@ -619,7 +605,11 @@ function restore(app, callback) {
         // oldConfig can be null during upgrades
        addons.teardownAddons.bind(null, app, app.oldConfig ? app.oldConfig.manifest.addons : null),
        deleteVolume.bind(null, app),
-        deleteImage.bind(null, app, app.manifest),
+        function deleteImageIfChanged(done) {
+             if (!app.oldConfig || (app.oldConfig.manifest.dockerImage === app.manifest.dockerImage)) return done();
+
+             deleteImage(app, app.oldConfig.manifest, done);
+        },
        removeOAuthProxyCredentials.bind(null, app),
        removeIcon.bind(null, app),
        unconfigureNginx.bind(null, app),
@@ -673,16 +663,15 @@ function restore(app, callback) {

 // note that configure is called after an infra update as well
 function configure(app, callback) {
-    var locationChanged = app.oldConfig.location !== app.location;
-
    async.series([
        updateApp.bind(null, app, { installationProgress: '10, Cleaning up old install' }),
        removeCollectdProfile.bind(null, app),
        stopApp.bind(null, app),
        deleteContainer.bind(null, app),
        function (next) {
-            if (!locationChanged) return next();
-            unregisterSubdomain(app, next);
+            // oldConfig can be null during an infra update
+            if (!app.oldConfig || app.oldConfig.location === app.location) return next();
+            unregisterSubdomain(app, app.oldConfig.location, next);
        },
        removeOAuthProxyCredentials.bind(null, app),
        unconfigureNginx.bind(null, app),
@@ -693,14 +682,8 @@ function configure(app, callback) {
        updateApp.bind(null, app, { installationProgress: '30, Create OAuth proxy credentials' }),
        allocateOAuthProxyCredentials.bind(null, app),

-        function (next) {
-            if (!locationChanged) return next();
-
-            async.series([
-                updateApp.bind(null, app, { installationProgress: '35, Registering subdomain' }),
-                registerSubdomain.bind(null, app)
-            ], next);
-        },
+        updateApp.bind(null, app, { installationProgress: '35, Registering subdomain' }),
+        registerSubdomain.bind(null, app),

        // re-setup addons since they rely on the app's fqdn (e.g oauth)
        updateApp.bind(null, app, { installationProgress: '50, Setting up addons' }),
@@ -714,14 +697,8 @@ function configure(app, callback) {

        runApp.bind(null, app),

-        function (next) {
-            if (!locationChanged) return next();
-
-            async.series([
-                updateApp.bind(null, app, { installationProgress: '80, Waiting for DNS propagation' }),
-                exports._waitForDnsPropagation.bind(null, app)
-            ], next);
-        },
+        updateApp.bind(null, app, { installationProgress: '80, Waiting for DNS propagation' }),
+        exports._waitForDnsPropagation.bind(null, app),

        // done!
        function (callback) {
@@ -755,7 +732,11 @@ function update(app, callback) {
        stopApp.bind(null, app),
        deleteContainer.bind(null, app),
        addons.teardownAddons.bind(null, app, unusedAddons),
-        deleteImage.bind(null, app, app.manifest), // delete image even if did not change (see df158b111f)
+        function deleteImageIfChanged(done) {
+             if (app.oldConfig.manifest.dockerImage === app.manifest.dockerImage) return done();
+
+             deleteImage(app, app.oldConfig.manifest, done);
+        },
        // removeIcon.bind(null, app), // do not remove icon, otherwise the UI breaks for a short time...

        function (next) {
@@ -821,7 +802,7 @@ function uninstall(app, callback) {
        deleteImage.bind(null, app, app.manifest),

        updateApp.bind(null, app, { installationProgress: '60, Unregistering subdomain' }),
-        unregisterSubdomain.bind(null, app),
+        unregisterSubdomain.bind(null, app, app.location),

        updateApp.bind(null, app, { installationProgress: '70, Remove OAuth credentials' }),
        removeOAuthProxyCredentials.bind(null, app),
@@ -0,0 +1,282 @@
+/* jslint node:true */
+
+'use strict';
+
+exports = module.exports = {
+    AWSError: AWSError,
+
+    getAWSCredentials: getAWSCredentials,
+
+    getSignedUploadUrl: getSignedUploadUrl,
+    getSignedDownloadUrl: getSignedDownloadUrl,
+
+    addSubdomain: addSubdomain,
+    delSubdomain: delSubdomain,
+    getChangeStatus: getChangeStatus
+};
+
+var assert = require('assert'),
+    AWS = require('aws-sdk'),
+    config = require('./config.js'),
+    debug = require('debug')('box:aws'),
+    SubdomainError = require('./subdomainerror.js'),
+    superagent = require('superagent'),
+    util = require('util');
+
+// http://dustinsenos.com/articles/customErrorsInNode
+// http://code.google.com/p/v8/wiki/JavaScriptStackTraceApi
+function AWSError(reason, errorOrMessage) {
+    assert.strictEqual(typeof reason, 'string');
+    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
+
+    Error.call(this);
+    Error.captureStackTrace(this, this.constructor);
+
+    this.name = this.constructor.name;
+    this.reason = reason;
+    if (typeof errorOrMessage === 'undefined') {
+        this.message = reason;
+    } else if (typeof errorOrMessage === 'string') {
+        this.message = errorOrMessage;
+    } else {
+        this.message = 'Internal error';
+        this.nestedError = errorOrMessage;
+    }
+}
+util.inherits(AWSError, Error);
+AWSError.INTERNAL_ERROR = 'Internal Error';
+AWSError.MISSING_CREDENTIALS = 'Missing AWS credentials';
+
+function getAWSCredentials(callback) {
+    assert.strictEqual(typeof callback, 'function');
+
+    // CaaS
+    if (config.token()) {
+        var url = config.apiServerOrigin() + '/api/v1/boxes/' + config.fqdn() + '/awscredentials';
+        superagent.get(url).query({ token: config.token() }).end(function (error, result) {
+            if (error) return callback(error);
+            if (result.statusCode !== 201) return callback(new Error(result.text));
+            if (!result.body || !result.body.credentials) return callback(new Error('Unexpected response'));
+
+            return callback(null, {
+                accessKeyId: result.body.credentials.AccessKeyId,
+                secretAccessKey: result.body.credentials.SecretAccessKey,
+                sessionToken: result.body.credentials.SessionToken,
+                region: 'us-east-1'
+            });
+        });
+    } else {
+        if (!config.aws().accessKeyId || !config.aws().secretAccessKey) return callback(new AWSError(AWSError.MISSING_CREDENTIALS));
+
+        callback(null, {
+            accessKeyId: config.aws().accessKeyId,
+            secretAccessKey: config.aws().secretAccessKey,
+            region: 'us-east-1'
+        });
+    }
+}
+
+function getSignedUploadUrl(filename, callback) {
+    assert.strictEqual(typeof filename, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    debug('getSignedUploadUrl()');
+
+    getAWSCredentials(function (error, credentials) {
+        if (error) return callback(error);
+
+        var s3 = new AWS.S3(credentials);
+
+        var params = {
+            Bucket: config.aws().backupBucket,
+            Key: config.aws().backupPrefix + '/' + filename,
+            Expires: 60 * 30 /* 30 minutes */
+        };
+
+        var url = s3.getSignedUrl('putObject', params);
+
+        callback(null, { url : url, sessionToken: credentials.sessionToken });
+    });
+}
+
+function getSignedDownloadUrl(filename, callback) {
+    assert.strictEqual(typeof filename, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    debug('getSignedDownloadUrl()');
+
+    getAWSCredentials(function (error, credentials) {
+        if (error) return callback(error);
+
+        var s3 = new AWS.S3(credentials);
+
+        var params = {
+            Bucket: config.aws().backupBucket,
+            Key: config.aws().backupPrefix + '/' + filename,
+            Expires: 60 * 30 /* 30 minutes */
+        };
+
+        var url = s3.getSignedUrl('getObject', params);
+
+        callback(null, { url: url, sessionToken: credentials.sessionToken });
+    });
+}
+
+function getZoneByName(zoneName, callback) {
+    assert.strictEqual(typeof zoneName, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    debug('getZoneByName: %s', zoneName);
+
+    getAWSCredentials(function (error, credentials) {
+        if (error) return callback(error);
+
+        var route53 = new AWS.Route53(credentials);
+        route53.listHostedZones({}, function (error, result) {
+            if (error) return callback(new SubdomainError(SubdomainError.EXTERNAL_ERROR, new Error(error)));
+
+            var zone = result.HostedZones.filter(function (zone) {
+                return zone.Name.slice(0, -1) === zoneName;     // aws zone name contains a '.' at the end
+            })[0];
+
+            if (!zone) return callback(new SubdomainError(SubdomainError.NOT_FOUND, 'no such zone'));
+
+            debug('getZoneByName: found zone', zone);
+
+            callback(null, zone);
+        });
+    });
+}
+
+function addSubdomain(zoneName, subdomain, type, value, callback) {
+    assert.strictEqual(typeof zoneName, 'string');
+    assert.strictEqual(typeof subdomain, 'string');
+    assert.strictEqual(typeof type, 'string');
+    assert.strictEqual(typeof value, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    debug('addSubdomain: ' + subdomain + ' for domain ' + zoneName + ' with value ' + value);
+
+    getZoneByName(zoneName, function (error, zone) {
+        if (error) return callback(error);
+
+        var fqdn = config.appFqdn(subdomain);
+        var params = {
+            ChangeBatch: {
+                Changes: [{
+                    Action: 'UPSERT',
+                    ResourceRecordSet: {
+                        Type: type,
+                        Name: fqdn,
+                        ResourceRecords: [{
+                            Value: value
+                        }],
+                        Weight: 0,
+                        SetIdentifier: fqdn,
+                        TTL: 1
+                    }
+                }]
+            },
+            HostedZoneId: zone.Id
+        };
+
+        getAWSCredentials(function (error, credentials) {
+            if (error) return callback(error);
+
+            var route53 = new AWS.Route53(credentials);
+            route53.changeResourceRecordSets(params, function(error, result) {
+                if (error && error.code === 'PriorRequestNotComplete') {
+                    return callback(new SubdomainError(SubdomainError.STILL_BUSY, new Error(error)));
+                } else if (error) {
+                    return callback(new SubdomainError(SubdomainError.EXTERNAL_ERROR, new Error(error)));
+                }
+
+                debug('addSubdomain: success. changeInfoId:%j', result);
+
+                callback(null, result.ChangeInfo.Id);
+            });
+        });
+    });
+}
+
+function delSubdomain(zoneName, subdomain, type, value, callback) {
+    assert.strictEqual(typeof zoneName, 'string');
+    assert.strictEqual(typeof subdomain, 'string');
+    assert.strictEqual(typeof type, 'string');
+    assert.strictEqual(typeof value, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    debug('delSubdomain: %s for domain %s.', subdomain, zoneName);
+
+    getZoneByName(zoneName, function (error, zone) {
+        if (error) return callback(error);
+
+        var fqdn = config.appFqdn(subdomain);
+        var resourceRecordSet = {
+            Name: fqdn,
+            Type: type,
+            ResourceRecords: [{
+                Value: value
+            }],
+            Weight: 0,
+            SetIdentifier: fqdn,
+            TTL: 1
+        };
+
+        var params = {
+            ChangeBatch: {
+                Changes: [{
+                    Action: 'DELETE',
+                    ResourceRecordSet: resourceRecordSet
+                }]
+            },
+            HostedZoneId: zone.Id
+        };
+
+        getAWSCredentials(function (error, credentials) {
+            if (error) return callback(error);
+
+            var route53 = new AWS.Route53(credentials);
+            route53.changeResourceRecordSets(params, function(error, result) {
+                if (error && error.message && error.message.indexOf('it was not found') !== -1) {
+                    debug('delSubdomain: resource record set not found.', error);
+                    return callback(new SubdomainError(SubdomainError.NOT_FOUND, new Error(error)));
+                } else if (error && error.code === 'NoSuchHostedZone') {
+                    debug('delSubdomain: hosted zone not found.', error);
+                    return callback(new SubdomainError(SubdomainError.NOT_FOUND, new Error(error)));
+                } else if (error && error.code === 'PriorRequestNotComplete') {
+                    debug('delSubdomain: resource is still busy', error);
+                    return callback(new SubdomainError(SubdomainError.STILL_BUSY, new Error(error)));
+                } else if (error && error.code === 'InvalidChangeBatch') {
+                    debug('delSubdomain: invalid change batch. No such record to be deleted.');
+                    return callback(new SubdomainError(SubdomainError.NOT_FOUND, new Error(error)));
+                } else if (error) {
+                    debug('delSubdomain: error', error);
+                    return callback(new SubdomainError(SubdomainError.EXTERNAL_ERROR, new Error(error)));
+                }
+
+                debug('delSubdomain: success');
+
+                callback(null);
+            });
+        });
+    });
+}
+
+function getChangeStatus(changeId, callback) {
+    assert.strictEqual(typeof changeId, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    if (changeId === '') return callback(null, 'INSYNC');
+
+    getAWSCredentials(function (error, credentials) {
+        if (error) return callback(error);
+
+        var route53 = new AWS.Route53(credentials);
+        route53.getChange({ Id: changeId }, function (error, result) {
+            if (error) return callback(error);
+
+            callback(null, result.ChangeInfo.Status);
+        });
+    });
+}
@@ -10,6 +10,7 @@ exports = module.exports = {
 };

 var assert = require('assert'),
+    aws = require('./aws.js'),
    config = require('./config.js'),
    debug = require('debug')('box:backups'),
    superagent = require('superagent'),
@@ -54,42 +55,50 @@ function getAllPaged(page, perPage, callback) {
    });
 }

-function getBackupUrl(app, appBackupIds, callback) {
+function getBackupUrl(app, callback) {
    assert(!app || typeof app === 'object');
-    assert(!appBackupIds || util.isArray(appBackupIds));
    assert.strictEqual(typeof callback, 'function');

-    var url = config.apiServerOrigin() + '/api/v1/boxes/' + config.fqdn() + '/backupurl';
+    var filename = '';
+    if (app) {
+        filename = util.format('appbackup_%s_%s-v%s.tar.gz', app.id, (new Date()).toISOString(), app.manifest.version);
+    } else {
+        filename = util.format('backup_%s-v%s.tar.gz', (new Date()).toISOString(), config.version());
+    }

-    var data = {
-        boxVersion: config.version(),
-        appId: app ? app.id : null,
-        appVersion: app ? app.manifest.version : null,
-        appBackupIds: appBackupIds
-    };
+    aws.getSignedUploadUrl(filename, function (error, result) {
+        if (error) return callback(error);

-    superagent.put(url).query({ token: config.token() }).send(data).end(function (error, result) {
-        if (error) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, error));
-        if (result.statusCode !== 201) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, result.text));
-        if (!result.body || !result.body.url) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, 'Unexpected response'));
+        var obj = {
+            id: filename,
+            url: result.url,
+            sessionToken: result.sessionToken,
+            backupKey: config.backupKey()
+        };

-        return callback(null, result.body);
+        debug('getBackupUrl: ', obj);
+
+        callback(null, obj);
    });
 }

+// backupId is the s3 filename. appbackup_%s_%s-v%s.tar.gz
 function getRestoreUrl(backupId, callback) {
    assert.strictEqual(typeof backupId, 'string');
    assert.strictEqual(typeof callback, 'function');

-    var url = config.apiServerOrigin() + '/api/v1/boxes/' + config.fqdn() + '/restoreurl';
+    aws.getSignedDownloadUrl(backupId, function (error, result) {
+        if (error) return callback(error);

-    superagent.put(url).query({ token: config.token(), backupId: backupId }).end(function (error, result) {
-        if (error) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, error));
-        if (result.statusCode !== 201) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, result.text));
-        if (!result.body || !result.body.url) return callback(new BackupsError(BackupsError.EXTERNAL_ERROR, 'Unexpected response'));
+        var obj = {
+            id: backupId,
+            url: result.url,
+            sessionToken: result.sessionToken,
+            backupKey: config.backupKey()
+        };

-        return callback(null, result.body);
+        debug('getRestoreUrl: ', obj);
+
+        callback(null, obj);
    });
 }
-
-
@@ -19,8 +19,7 @@ exports = module.exports = {
    reboot: reboot,
    migrate: migrate,
    backup: backup,
-    ensureBackup: ensureBackup
-};
+    ensureBackup: ensureBackup};

 var apps = require('./apps.js'),
    AppsError = require('./apps.js').AppsError,
@@ -40,6 +39,7 @@ var apps = require('./apps.js'),
    settings = require('./settings.js'),
    SettingsError = settings.SettingsError,
    shell = require('./shell.js'),
+    subdomains = require('./subdomains.js'),
    superagent = require('superagent'),
    sysinfo = require('./sysinfo.js'),
    tokendb = require('./tokendb.js'),
@@ -47,7 +47,8 @@ var apps = require('./apps.js'),
    user = require('./user.js'),
    UserError = user.UserError,
    userdb = require('./userdb.js'),
-    util = require('util');
+    util = require('util'),
+    webhooks = require('./webhooks.js');

 var RELOAD_NGINX_CMD = path.join(__dirname, 'scripts/reloadnginx.sh'),
    REBOOT_CMD = path.join(__dirname, 'scripts/reboot.sh'),
@@ -55,7 +56,7 @@ var RELOAD_NGINX_CMD = path.join(__dirname, 'scripts/reloadnginx.sh'),
    BACKUP_SWAP_CMD = path.join(__dirname, 'scripts/backupswap.sh'),
    INSTALLER_UPDATE_URL = 'http://127.0.0.1:2020/api/v1/installer/update';

-var gAddMailDnsRecordsTimerId = null,
+var gAddDnsRecordsTimerId = null,
    gCloudronDetails = null;            // cached cloudron details like region,size...

 function debugApp(app, args) {
@@ -109,20 +110,17 @@ function initialize(callback) {
    assert.strictEqual(typeof callback, 'function');

    if (process.env.BOX_ENV !== 'test') {
-        addMailDnsRecords();
+        addDnsRecords();
    }

-    // Send heartbeat once we are up and running, this speeds up the Cloudron creation, as otherwise we are bound to the cron.js settings
-    sendHeartbeat();
-
    callback(null);
 }

 function uninitialize(callback) {
    assert.strictEqual(typeof callback, 'function');

-    clearTimeout(gAddMailDnsRecordsTimerId);
-    gAddMailDnsRecordsTimerId = null;
+    clearTimeout(gAddDnsRecordsTimerId);
+    gAddDnsRecordsTimerId = null;

    callback(null);
 }
@@ -270,18 +268,20 @@ function getConfig(callback) {
 }

 function sendHeartbeat() {
+    // Only send heartbeats after the admin dns record is synced to give appstore a chance to know that fact
+    if (!config.get('dnsInSync')) return;
+
    var url = config.apiServerOrigin() + '/api/v1/boxes/' + config.fqdn() + '/heartbeat';

-    // TODO: this must be a POST
-    superagent.get(url).query({ token: config.token(), version: config.version() }).timeout(10000).end(function (error, result) {
+    superagent.post(url).query({ token: config.token(), version: config.version() }).timeout(10000).end(function (error, result) {
        if (error) debug('Error sending heartbeat.', error);
        else if (result.statusCode !== 200) debug('Server responded to heartbeat with %s %s', result.statusCode, result.text);
        else debug('Heartbeat sent to %s', url);
    });
 }

-function sendMailDnsRecordsRequest(callback) {
-    assert.strictEqual(typeof callback, 'function');
+function addDnsRecords() {
+    if (config.get('dnsInSync')) return sendHeartbeat(); // already registered send heartbeat

    var DKIM_SELECTOR = 'mail';
    var DMARC_REPORT_EMAIL = 'dmarc-report@cloudron.io';
@@ -289,13 +289,20 @@ function sendMailDnsRecordsRequest(callback) {
    var dkimPublicKeyFile = path.join(paths.MAIL_DATA_DIR, 'dkim/' + config.fqdn() + '/public');
    var publicKey = safe.fs.readFileSync(dkimPublicKeyFile, 'utf8');

-    if (publicKey === null) return callback(new Error('Error reading dkim public key'));
+    if (publicKey === null) {
+        console.error('Error reading dkim public key. Stop DNS setup.');
+        return;
+    }

    // remove header, footer and new lines
    publicKey = publicKey.split('\n').slice(1, -2).join('');

    // note that dmarc requires special DNS records for external RUF and RUA
    var records = [
+        // naked domain
+        { subdomain: '', type: 'A', value: sysinfo.getIp() },
+        // webadmin domain
+        { subdomain: 'my', type: 'A', value: sysinfo.getIp() },
        // softfail all mails not from our IP. Note that this uses IP instead of 'a' should we use a load balancer in the future
        { subdomain: '', type: 'TXT', value: '"v=spf1 ip4:' + sysinfo.getIp() + ' ~all"' },
        // t=s limits the domainkey to this domain and not it's subdomains
@@ -304,38 +311,47 @@ function sendMailDnsRecordsRequest(callback) {
        { subdomain: '_dmarc', type: 'TXT', value: '"v=DMARC1; p=none; pct=100; rua=mailto:' + DMARC_REPORT_EMAIL + '; ruf=' + DMARC_REPORT_EMAIL + '"' }
    ];

-    debug('sendMailDnsRecords request:%s', JSON.stringify(records));
+    debug('addDnsRecords:', records);

-    superagent
-        .post(config.apiServerOrigin() + '/api/v1/subdomains')
-        .set('Accept', 'application/json')
-        .query({ token: config.token() })
-        .send({ records: records })
-        .end(function (error, res) {
-            if (error) return callback(error);
-
-            debug('sendMailDnsRecords status: %s', res.status);
-
-            if (res.status === 409) return callback(null); // already registered
-
-            if (res.status !== 201) return callback(new Error(util.format('Failed to add Mail DNS records: %s %j', res.status, res.body)));
-
-            return callback(null, res.body.ids);
-        });
-}
-
-function addMailDnsRecords() {
-    if (config.get('mailDnsRecordIds').length !== 0) return; // already registered
-
-    sendMailDnsRecordsRequest(function (error, ids) {
+    subdomains.addMany(records, function (error, changeIds) {
        if (error) {
-            console.error('Mail DNS record addition failed', error);
-            gAddMailDnsRecordsTimerId = setTimeout(addMailDnsRecords, 30000);
+            console.error('Admin DNS record addition failed', error);
+            gAddDnsRecordsTimerId = setTimeout(addDnsRecords, 10000);
            return;
        }

-        debug('Added Mail DNS records successfully');
-        config.set('mailDnsRecordIds', ids);
+        function checkIfInSync() {
+            debug('addDnsRecords: Check if admin DNS record is in sync.');
+
+            var allDone = true;
+
+            async.each(changeIds, function (changeId, callback) {
+                subdomains.status(changeId, function (error, result) {
+                    if (error) return callback(new Error('Failed to check if admin DNS record is in sync.', error));
+
+                    if (result !== 'done') allDone = false;
+
+                    callback(null);
+                });
+            }, function (error) {
+                if (error) console.error(error);
+
+                // retry if needed
+                if (error || !allDone) {
+                    gAddDnsRecordsTimerId = setTimeout(checkIfInSync, 5000);
+                    return;
+                }
+
+                config.set('dnsInSync', true);
+
+                // send heartbeat after the dns records are done
+                sendHeartbeat();
+
+                debug('addDnsRecords: done');
+            });
+        }
+
+        checkIfInSync();
    });
 }

@@ -493,19 +509,20 @@ function doUpdate(boxUpdateInfo, callback) {
            var args = {
                sourceTarballUrl: result.body.url,

-                // IMPORTANT: if you change this, fix up argparser.sh as well. keep these sorted for readability
+                // this data is opaque to the installer
                data: {
-                    apiServerOrigin: config.apiServerOrigin(),
                    boxVersionsUrl: config.get('boxVersionsUrl'),
-                    fqdn: config.fqdn(),
-                    isCustomDomain: config.isCustomDomain(),
-                    restoreKey: null,
-                    restoreUrl: null,
-                    tlsKey: fs.readFileSync(path.join(paths.NGINX_CERT_DIR, 'host.key'), 'utf8'),
-                    tlsCert: fs.readFileSync(path.join(paths.NGINX_CERT_DIR, 'host.cert'), 'utf8'),
-                    token: config.token(),
                    version: boxUpdateInfo.version,
-                    webServerOrigin: config.webServerOrigin()
+                    apiServerOrigin: config.apiServerOrigin(),
+                    webServerOrigin: config.webServerOrigin(),
+                    fqdn: config.fqdn(),
+                    token: config.token(),
+                    tlsCert: fs.readFileSync(path.join(paths.NGINX_CERT_DIR, 'host.cert'), 'utf8'),
+                    tlsKey: fs.readFileSync(path.join(paths.NGINX_CERT_DIR, 'host.key'), 'utf8'),
+                    isCustomDomain: config.isCustomDomain(),
+                    restoreUrl: null,
+                    restoreKey: null,
+                    aws: config.aws()
                }
            };

@@ -562,7 +579,7 @@ function ensureBackup(callback) {
 function backupBoxWithAppBackupIds(appBackupIds, callback) {
    assert(util.isArray(appBackupIds));

-    backups.getBackupUrl(null /* app */, appBackupIds, function (error, result) {
+    backups.getBackupUrl(null /* app */, function (error, result) {
        if (error && error.reason === BackupsError.EXTERNAL_ERROR) return callback(new CloudronError(CloudronError.EXTERNAL_ERROR, error.message));
        if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));

@@ -570,14 +587,17 @@ function backupBoxWithAppBackupIds(appBackupIds, callback) {

        async.series([
            ignoreError(shell.sudo.bind(null, 'mountSwap', [ BACKUP_SWAP_CMD, '--on' ])),
-            shell.sudo.bind(null, 'backupBox', [ BACKUP_BOX_CMD, result.url, result.backupKey ]),
+            shell.sudo.bind(null, 'backupBox', [ BACKUP_BOX_CMD, result.url, result.backupKey, result.sessionToken ]),
            ignoreError(shell.sudo.bind(null, 'unmountSwap', [ BACKUP_SWAP_CMD, '--off' ])),
        ], function (error) {
            if (error) return callback(new CloudronError(CloudronError.INTERNAL_ERROR, error));

            debug('backup: successful');

-            callback(null, result.id);
+            webhooks.backupDone(result.id, null /* app */, appBackupIds, function (error) {
+                if (error) return callback(error);
+                callback(null, result.id);
+            });
        });
    });
 }
@@ -610,7 +630,7 @@ function backupBoxAndApps(callback) {
            ++processed;

            apps.backupApp(app, app.manifest.addons, function (error, backupId) {
-                progress.set(progress.BACKUP, step * processed, 'Backing up app at ' + app.location);
+                progress.set(progress.BACKUP, step * processed, 'Backed up app at ' + app.location);

                if (error && error.reason === AppsError.BAD_STATE) {
                    debugApp(app, 'Skipping backup (istate:%s health:%s). using lastBackupId:%s', app.installationState, app.health, app.lastBackupId);
@@ -634,4 +654,3 @@ function backupBoxAndApps(callback) {
        });
    });
 }
-
@@ -1,6 +1,6 @@
 LoadPlugin "table"
 <Plugin table>
-  <Table "/sys/fs/cgroup/memory/docker/<%= containerId %>/memory.stat">
+  <Table "/sys/fs/cgroup/memory/system.slice/docker-<%= containerId %>.scope/memory.stat">
    Instance "<%= appId %>-memory"
    Separator " \\n"
    <Result>
@@ -10,7 +10,7 @@ LoadPlugin "table"
    </Result>
  </Table>

-  <Table "/sys/fs/cgroup/memory/docker/<%= containerId %>/memory.max_usage_in_bytes">
+  <Table "/sys/fs/cgroup/memory/system.slice/docker-<%= containerId %>.scope/memory.max_usage_in_bytes">
    Instance "<%= appId %>-memory"
    Separator "\\n"
    <Result>
@@ -20,7 +20,7 @@ LoadPlugin "table"
    </Result>
  </Table>

-  <Table "/sys/fs/cgroup/cpuacct/docker/<%= containerId %>/cpuacct.stat">
+  <Table "/sys/fs/cgroup/cpuacct/system.slice/docker-<%= containerId %>.scope/cpuacct.stat">
    Instance "<%= appId %>-cpu"
    Separator " \\n"
    <Result>
@@ -30,6 +30,9 @@ exports = module.exports = {

    isDev: isDev,

+    backupKey: backupKey,
+    aws: aws,
+
    // for testing resets to defaults
    _reset: initConfig
 };
@@ -70,6 +73,14 @@ function initConfig() {
    data.webServerOrigin = null;
    data.internalPort = 3001;
    data.ldapPort = 3002;
+    data.backupKey = 'backupKey';
+    data.aws = {
+        backupBucket: null,
+        backupPrefix: null,
+        accessKeyId: null,      // selfhosting only
+        secretAccessKey: null   // selfhosting only
+    };
+    data.dnsInSync = false;

    if (exports.CLOUDRON) {
        data.port = 3000;
@@ -86,6 +97,7 @@ function initConfig() {
            name: 'boxtest'
        };
        data.token = 'APPSTORE_TOKEN';
+        data.aws.backupBucket = 'testbucket';
    } else {
        assert(false, 'Unknown environment. This should not happen!');
    }
@@ -99,6 +111,9 @@ function initConfig() {
    saveSync();
 }

+// cleanup any old config file we have for tests
+if (exports.TEST) safe.fs.unlinkSync(cloudronConfigFileName);
+
 initConfig();

 // set(obj) or set(key, value)
@@ -172,3 +187,10 @@ function isDev() {
    return /dev/i.test(get('boxVersionsUrl'));
 }

+function backupKey() {
+    return get('backupKey');
+}
+
+function aws() {
+    return get('aws');
+}
@@ -24,6 +24,9 @@ var gLogger = {
    fatal: console.error
 };

+var GROUP_USERS_DN = 'cn=users,ou=groups,dc=cloudron';
+var GROUP_ADMINS_DN = 'cn=admins,ou=groups,dc=cloudron';
+
 function start(callback) {
    assert(typeof callback === 'function');

@@ -39,6 +42,9 @@ function start(callback) {
            result.forEach(function (entry) {
                var dn = ldap.parseDN('cn=' + entry.id + ',ou=users,dc=cloudron');

+                var groups = [ GROUP_USERS_DN ];
+                if (entry.admin) groups.push(GROUP_ADMINS_DN);
+
                var tmp = {
                    dn: dn.toString(),
                    attributes: {
@@ -49,7 +55,8 @@ function start(callback) {
                        mail: entry.email,
                        displayname: entry.username,
                        username: entry.username,
-                        samaccountname: entry.username      // to support ActiveDirectory clients
+                        samaccountname: entry.username,      // to support ActiveDirectory clients
+                        memberof: groups
                    }
                };

@@ -69,22 +76,32 @@ function start(callback) {
        user.list(function (error, result){
            if (error) return next(new ldap.OperationsError(error.toString()));

-            // we only have an admin group
-            var dn = ldap.parseDN('cn=admin,ou=groups,dc=cloudron');
+            var groups = [{
+                name: 'users',
+                admin: false
+            }, {
+                name: 'admins',
+                admin: true
+            }];

-            var tmp = {
-                dn: dn.toString(),
-                attributes: {
-                    objectclass: ['group'],
-                    cn: 'admin',
-                    memberuid: result.filter(function (entry) { return entry.admin; }).map(function(entry) { return entry.id; })
+            groups.forEach(function (group) {
+                var dn = ldap.parseDN('cn=' + group.name + ',ou=groups,dc=cloudron');
+                var members = group.admin ? result.filter(function (entry) { return entry.admin; }) : result;
+
+                var tmp = {
+                    dn: dn.toString(),
+                    attributes: {
+                        objectclass: ['group'],
+                        cn: group.name,
+                        memberuid: members.map(function(entry) { return entry.id; })
+                    }
+                };
+
+                if ((req.dn.equals(dn) || req.dn.parentOf(dn)) && req.filter.matches(tmp.attributes)) {
+                    res.send(tmp);
+                    debug('ldap group send:', tmp);
                }
-            };
-
-            if ((req.dn.equals(dn) || req.dn.parentOf(dn)) && req.filter.matches(tmp.attributes)) {
-                res.send(tmp);
-                debug('ldap group send:', tmp);
-            }
+            });

            res.end();
        });
@@ -9,6 +9,7 @@ function Locker() {
    this._operation = null;
    this._timestamp = null;
    this._watcherId = -1;
+    this._lockDepth = 0; // recursive locks
 }
 util.inherits(Locker, EventEmitter);

@@ -24,6 +25,7 @@ Locker.prototype.lock = function (operation) {
    if (this._operation !== null) return new Error('Already locked for ' + this._operation);

    this._operation = operation;
+    ++this._lockDepth;
    this._timestamp = new Date();
    var that = this;
    this._watcherId = setInterval(function () { debug('Lock unreleased %s', that._operation); }, 1000 * 60 * 5);
@@ -35,17 +37,31 @@ Locker.prototype.lock = function (operation) {
    return null;
 };

+Locker.prototype.recursiveLock = function (operation) {
+    if (this._operation === operation) {
+        ++this._lockDepth;
+        debug('Re-acquired : %s Depth : %s', this._operation, this._lockDepth);
+        return null;
+    }
+
+    return this.lock(operation);
+};
+
 Locker.prototype.unlock = function (operation) {
    assert.strictEqual(typeof operation, 'string');

    if (this._operation !== operation) throw new Error('Mismatched unlock. Current lock is for ' + this._operation); // throw because this is a programming error

-    debug('Released : %s', this._operation);
+    if (--this._lockDepth === 0) {
+        debug('Released : %s', this._operation);

-    this._operation = null;
-    this._timestamp = null;
-    clearInterval(this._watcherId);
-    this._watcherId = -1;
+        this._operation = null;
+        this._timestamp = null;
+        clearInterval(this._watcherId);
+        this._watcherId = -1;
+    } else {
+        debug('Recursive lock released : %s. Depth : %s', this._operation, this._lockDepth);
+    }

    this.emit('unlocked', operation);

@@ -0,0 +1,15 @@
+<%if (format === 'text') { %>
+
+New <%= type %> from <%= fqdn %>.
+
+Sender:  <%= user.email %>
+Sent at: <%= new Date().toUTCString() %>
+
+Subject: <%= subject %>
+-----------------------------------------------------------
+<%= description %>
+
+<% } else { %>
+
+<% } %>
+
@@ -15,7 +15,12 @@ exports = module.exports = {

    sendCrashNotification: sendCrashNotification,

-    appDied: appDied
+    appDied: appDied,
+
+    FEEDBACK_TYPE_FEEDBACK: 'feedback',
+    FEEDBACK_TYPE_TICKET: 'ticket',
+    FEEDBACK_TYPE_APP: 'app',
+    sendFeedback: sendFeedback
 };

 var assert = require('assert'),
@@ -277,3 +282,21 @@ function sendCrashNotification(program, context) {

    enqueue(mailOptions);
 }
+
+function sendFeedback(user, type, subject, description) {
+    assert.strictEqual(typeof user, 'object');
+    assert.strictEqual(typeof type, 'string');
+    assert.strictEqual(typeof subject, 'string');
+    assert.strictEqual(typeof description, 'string');
+
+    assert(type === exports.FEEDBACK_TYPE_TICKET || type === exports.FEEDBACK_TYPE_FEEDBACK || type === exports.FEEDBACK_TYPE_APP);
+
+    var mailOptions = {
+        from: config.get('adminEmail'),
+        to: 'support@cloudron.io',
+        subject: util.format('[%s] %s - %s', type, config.fqdn(), subject),
+        text: render('feedback.ejs', { fqdn: config.fqdn(), type: type, user: user, subject: subject, description: description, format: 'text'})
+    };
+
+    enqueue(mailOptions);
+}
@@ -25,4 +25,4 @@

 </head>

-<body>
+<body class="oauth">
@@ -1,32 +1,42 @@
 <% include header %>

-<center>
-    <h1>Login to <%= applicationName %></h1>
-</center>
-
-<% if (error) { %>
-<center>
-    <br/><br/>
-    <h4 class="has-error"><%= error %></h4>
-</center>
-<% } %>
-
 <div class="container">
    <div class="row">
        <div class="col-md-6 col-md-offset-3">
-            <form id="loginForm" action="" method="post">
-                <input type="hidden" name="_csrf" value="<%= csrf %>"/>
-                <div class="form-group">
-                    <label class="control-label" for="inputUsername">Username or Email</label>
-                    <input type="text" class="form-control" id="inputUsername" name="username" autofocus required>
+            <div class="card">
+                <div class="row">
+                    <div class="col-md-12" style="text-align: center;">
+                        <img width="128" height="128" src="<%= applicationLogo %>"/>
+                        <h1>Login to <%= applicationName %> on <%= cloudronName %></h1>
+                        <br/>
+                    </div>
                </div>
-                <div class="form-group">
-                    <label class="control-label" for="inputPassword">Password</label>
-                    <input type="password" class="form-control" name="password" id="inputPassword" required>
+                <br/>
+            <% if (error) { %>
+                <div class="row">
+                    <div class="col-md-12">
+                        <h4 class="has-error"><%= error %></h4>
+                    </div>
                </div>
-                <input class="btn btn-primary btn-outline pull-right" type="submit" value="Sign in"/>
-            </form>
-            <a href="/api/v1/session/password/resetRequest.html">Reset your password</a>
+            <% } %>
+                <div class="row">
+                    <div class="col-md-12">
+                        <form id="loginForm" action="" method="post">
+                            <input type="hidden" name="_csrf" value="<%= csrf %>"/>
+                            <div class="form-group">
+                                <label class="control-label" for="inputUsername">Username or Email</label>
+                                <input type="text" class="form-control" id="inputUsername" name="username" autofocus required>
+                            </div>
+                            <div class="form-group">
+                                <label class="control-label" for="inputPassword">Password</label>
+                                <input type="password" class="form-control" name="password" id="inputPassword" required>
+                            </div>
+                            <input class="btn btn-primary btn-outline pull-right" type="submit" value="Sign in"/>
+                        </form>
+                        <a href="/api/v1/session/password/resetRequest.html">Reset your password</a>
+                    </div>
+                </div>
+            </div>
        </div>
    </div>
 </div>
@@ -34,6 +44,8 @@
 <script>

 (function () {
+    'use strict';
+
    var search = window.location.search.slice(1).split('&').map(function (item) { return item.split('='); }).reduce(function (o, k) { o[k[0]] = k[1]; return o; }, {});

    document.getElementById('loginForm').action = '/api/v1/session/login?returnTo=' + search.returnTo;
@@ -11,13 +11,15 @@ exports = module.exports = {
    getConfig: getConfig,
    update: update,
    migrate: migrate,
-    setCertificate: setCertificate
+    setCertificate: setCertificate,
+    feedback: feedback
 };

 var assert = require('assert'),
    cloudron = require('../cloudron.js'),
    config = require('../config.js'),
    progress = require('../progress.js'),
+    mailer = require('../mailer.js'),
    CloudronError = cloudron.CloudronError,
    debug = require('debug')('box:routes/cloudron'),
    HttpError = require('connect-lastmile').HttpError,
@@ -157,3 +159,15 @@ function setCertificate(req, res, next) {
        next(new HttpSuccess(202, {}));
    });
 }
+
+function feedback(req, res, next) {
+    assert.strictEqual(typeof req.user, 'object');
+
+    if (req.body.type !== mailer.FEEDBACK_TYPE_FEEDBACK && req.body.type !== mailer.FEEDBACK_TYPE_TICKET && req.body.type !== mailer.FEEDBACK_TYPE_APP) return next(new HttpError(400, 'type must be either "ticket", "feedback" or "app"'));
+    if (typeof req.body.subject !== 'string' || !req.body.subject) return next(new HttpError(400, 'subject must be string'));
+    if (typeof req.body.description !== 'string' || !req.body.description) return next(new HttpError(400, 'description must be string'));
+
+    mailer.sendFeedback(req.user, req.body.type, req.body.subject, req.body.description);
+
+    next(new HttpSuccess(201, {}));
+}
@@ -16,6 +16,7 @@ var assert = require('assert'),
    querystring = require('querystring'),
    util = require('util'),
    session = require('connect-ensure-login'),
+    settings = require('../settings.js'),
    tokendb = require('../tokendb'),
    appdb = require('../appdb'),
    url = require('url'),
@@ -170,6 +171,8 @@ function sendErrorPageOrRedirect(req, res, message) {
    }
 }

+// use this instead of sendErrorPageOrRedirect(), in case we have a returnTo provided in the query, to avoid login loops
+// This usually happens when the OAuth client ID is wrong
 function sendError(req, res, message) {
    assert.strictEqual(typeof req, 'object');
    assert.strictEqual(typeof res, 'object');
@@ -188,37 +191,47 @@ function loginForm(req, res) {
    var u = url.parse(req.session.returnTo, true);
    if (!u.query.client_id) return sendErrorPageOrRedirect(req, res, 'Invalid login request. No client_id provided.');

-    function render(applicationName) {
+    var cloudronName = '';
+
+    function render(applicationName, applicationLogo) {
        res.render('login', {
            adminOrigin: config.adminOrigin(),
            csrf: req.csrfToken(),
+            cloudronName: cloudronName,
            applicationName: applicationName,
+            applicationLogo: applicationLogo,
            error: req.query.error || null
        });
    }

-    clientdb.get(u.query.client_id, function (error, result) {
-        if (error) return sendError(req, res, 'Unknown OAuth client');
+    settings.getCloudronName(function (error, name) {
+        if (error) return sendError(req, res, 'Internal Error');

-        // Handle our different types of oauth clients
-        var appId = result.appId;
-        if (appId === constants.ADMIN_CLIENT_ID) {
-            return render(constants.ADMIN_NAME);
-        } else if (appId === constants.TEST_CLIENT_ID) {
-            return render(constants.TEST_NAME);
-        } else if (appId.indexOf('external-') === 0) {
-            return render('External Application');
-        } else if (appId.indexOf('addon-') === 0) {
-            appId = appId.slice('addon-'.length);
-        } else if (appId.indexOf('proxy-') === 0) {
-            appId = appId.slice('proxy-'.length);
-        }
+        cloudronName = name;

-        appdb.get(appId, function (error, result) {
-            if (error) return sendErrorPageOrRedirect(req, res, 'Unknown Application for those OAuth credentials');
+        clientdb.get(u.query.client_id, function (error, result) {
+            if (error) return sendError(req, res, 'Unknown OAuth client');

-            var applicationName = result.location || config.fqdn();
-            render(applicationName);
+            // Handle our different types of oauth clients
+            var appId = result.appId;
+            if (appId === constants.ADMIN_CLIENT_ID) {
+                return render(constants.ADMIN_NAME, '/api/v1/cloudron/avatar');
+            } else if (appId === constants.TEST_CLIENT_ID) {
+                return render(constants.TEST_NAME, '/api/v1/cloudron/avatar');
+            } else if (appId.indexOf('external-') === 0) {
+                return render('External Application', '/api/v1/cloudron/avatar');
+            } else if (appId.indexOf('addon-') === 0) {
+                appId = appId.slice('addon-'.length);
+            } else if (appId.indexOf('proxy-') === 0) {
+                appId = appId.slice('proxy-'.length);
+            }
+
+            appdb.get(appId, function (error, result) {
+                if (error) return sendErrorPageOrRedirect(req, res, 'Unknown Application for those OAuth credentials');
+
+                var applicationName = result.location || config.fqdn();
+                render(applicationName, '/api/v1/cloudron/avatar');
+            });
        });
    });
 }
@@ -573,7 +573,8 @@ describe('App installation', function () {
        docker.getContainer(appEntry.containerId).inspect(function (error, data) {
            expect(error).to.not.be.ok();
            expect(data.Config.ExposedPorts['7777/tcp']).to.eql({ });
-            expect(data.Config.Env).to.contain('ADMIN_ORIGIN=' + config.adminOrigin());
+            expect(data.Config.Env).to.contain('WEBADMIN_ORIGIN=' + config.adminOrigin());
+            expect(data.Config.Env).to.contain('API_ORIGIN=' + config.adminOrigin());
            expect(data.Config.Env).to.contain('CLOUDRON=1');
            clientdb.getByAppId('addon-' + appResult.id, function (error, client) {
                expect(error).to.not.be.ok();
@@ -119,8 +119,8 @@ describe('Backups API', function () {

        it('succeeds', function (done) {
            var scope = nock(config.apiServerOrigin())
-                        .put('/api/v1/boxes/' + config.fqdn() + '/backupurl?token=APPSTORE_TOKEN', { boxVersion: '0.5.0', appId: null, appVersion: null, appBackupIds: [] })
-                        .reply(201, { id: 'someid', url: 'http://foobar', backupKey: 'somerestorekey' });
+                        .get('/api/v1/boxes/' + config.fqdn() + '/awscredentials?token=APPSTORE_TOKEN')
+                        .reply(201, { accessKeyId: 'accessKeyId', secretAccessKey: 'secretAccessKey', sessionToken: 'sessionToken' });

            request.post(SERVER_URL + '/api/v1/backups')
                   .query({ access_token: token })
@@ -26,6 +26,7 @@ var token = null; // authentication token

 var server;
 function setup(done) {
+    nock.cleanAll();
    config.set('version', '0.5.0');
    server.start(done);
 }
@@ -449,8 +450,18 @@ describe('Cloudron', function () {
        });

        it('fails when in wrong state', function (done) {
-            var scope1 = nock(config.apiServerOrigin()).post('/api/v1/boxes/' + config.fqdn() + '/migrate?token=APPSTORE_TOKEN', { size: 'small', region: 'sfo', restoreKey: 'someid' }).reply(409, {});
-            var scope2 = nock(config.apiServerOrigin()).put('/api/v1/boxes/' + config.fqdn() + '/backupurl?token=APPSTORE_TOKEN', { boxVersion: '0.5.0', appId: null, appVersion: null, appBackupIds: [] }).reply(201, { id: 'someid', url: 'http://foobar', backupKey: 'somerestorekey' });
+            var scope2 = nock(config.apiServerOrigin())
+                    .get('/api/v1/boxes/' + config.fqdn() + '/awscredentials?token=APPSTORE_TOKEN')
+                    .reply(201, { credentials: { accessKeyId: 'accessKeyId', secretAccessKey: 'secretAccessKey', sessionToken: 'sessionToken' } });
+
+            var scope3 = nock(config.apiServerOrigin())
+                    .filteringRequestBody(function () { return false; })
+                    .post('/api/v1/boxes/' + config.fqdn() + '/backupDone?token=APPSTORE_TOKEN')
+                    .reply(200, { id: 'someid' });
+
+            var scope1 = nock(config.apiServerOrigin())
+                .filteringRequestBody(function () { return false; })
+                .post('/api/v1/boxes/' + config.fqdn() + '/migrate?token=APPSTORE_TOKEN', { }).reply(409, {});

            injectShellMock();

@@ -462,7 +473,7 @@ describe('Cloudron', function () {
                expect(result.statusCode).to.equal(202);

                function checkAppstoreServerCalled() {
-                    if (scope1.isDone() && scope2.isDone()) {
+                    if (scope1.isDone() && scope2.isDone() && scope3.isDone()) {
                        restoreShellMock();
                        return done();
                    }
@@ -501,6 +512,158 @@ describe('Cloudron', function () {
            });
        });
    });
+
+    describe('feedback', function () {
+        before(function (done) {
+            async.series([
+                setup,
+
+                function (callback) {
+                    var scope1 = nock(config.apiServerOrigin()).get('/api/v1/boxes/' + config.fqdn() + '/setup/verify?setupToken=somesetuptoken').reply(200, {});
+                    var scope2 = nock(config.apiServerOrigin()).post('/api/v1/boxes/' + config.fqdn() + '/setup/done?setupToken=somesetuptoken').reply(201, {});
+
+                    config._reset();
+
+                    request.post(SERVER_URL + '/api/v1/cloudron/activate')
+                           .query({ setupToken: 'somesetuptoken' })
+                           .send({ username: USERNAME, password: PASSWORD, email: EMAIL })
+                           .end(function (error, result) {
+                        expect(error).to.not.be.ok();
+                        expect(result).to.be.ok();
+                        expect(scope1.isDone()).to.be.ok();
+                        expect(scope2.isDone()).to.be.ok();
+
+                        // stash token for further use
+                        token = result.body.token;
+
+                        callback();
+                    });
+                },
+            ], done);
+        });
+
+        after(cleanup);
+
+        it('fails without token', function (done) {
+            request.post(SERVER_URL + '/api/v1/cloudron/feedback')
+                   .send({ type: 'ticket', subject: 'some subject', description: 'some description' })
+                   .end(function (error, result) {
+                expect(error).to.not.be.ok();
+                expect(result.statusCode).to.equal(401);
+                done();
+            });
+        });
+
+        it('fails without type', function (done) {
+            request.post(SERVER_URL + '/api/v1/cloudron/feedback')
+                   .send({ subject: 'some subject', description: 'some description' })
+                   .query({ access_token: token })
+                   .end(function (error, result) {
+                expect(error).to.not.be.ok();
+                expect(result.statusCode).to.equal(400);
+                done();
+            });
+        });
+
+        it('fails with empty type', function (done) {
+            request.post(SERVER_URL + '/api/v1/cloudron/feedback')
+                   .send({ type: '', subject: 'some subject', description: 'some description' })
+                   .query({ access_token: token })
+                   .end(function (error, result) {
+                expect(error).to.not.be.ok();
+                expect(result.statusCode).to.equal(400);
+                done();
+            });
+        });
+
+        it('fails with unknown type', function (done) {
+            request.post(SERVER_URL + '/api/v1/cloudron/feedback')
+                   .send({ type: 'foobar', subject: 'some subject', description: 'some description' })
+                   .query({ access_token: token })
+                   .end(function (error, result) {
+                expect(error).to.not.be.ok();
+                expect(result.statusCode).to.equal(400);
+                done();
+            });
+        });
+
+        it('succeeds with ticket type', function (done) {
+            request.post(SERVER_URL + '/api/v1/cloudron/feedback')
+                   .send({ type: 'ticket', subject: 'some subject', description: 'some description' })
+                   .query({ access_token: token })
+                   .end(function (error, result) {
+                expect(error).to.not.be.ok();
+                expect(result.statusCode).to.equal(201);
+                done();
+            });
+        });
+
+        it('succeeds with app type', function (done) {
+            request.post(SERVER_URL + '/api/v1/cloudron/feedback')
+                   .send({ type: 'app', subject: 'some subject', description: 'some description' })
+                   .query({ access_token: token })
+                   .end(function (error, result) {
+                expect(error).to.not.be.ok();
+                expect(result.statusCode).to.equal(201);
+                done();
+            });
+        });
+
+        it('fails without description', function (done) {
+            request.post(SERVER_URL + '/api/v1/cloudron/feedback')
+                   .send({ type: 'ticket', subject: 'some subject' })
+                   .query({ access_token: token })
+                   .end(function (error, result) {
+                expect(error).to.not.be.ok();
+                expect(result.statusCode).to.equal(400);
+                done();
+            });
+        });
+
+        it('fails with empty subject', function (done) {
+            request.post(SERVER_URL + '/api/v1/cloudron/feedback')
+                   .send({ type: 'ticket', subject: '', description: 'some description' })
+                   .query({ access_token: token })
+                   .end(function (error, result) {
+                expect(error).to.not.be.ok();
+                expect(result.statusCode).to.equal(400);
+                done();
+            });
+        });
+
+        it('fails with empty description', function (done) {
+            request.post(SERVER_URL + '/api/v1/cloudron/feedback')
+                   .send({ type: 'ticket', subject: 'some subject', description: '' })
+                   .query({ access_token: token })
+                   .end(function (error, result) {
+                expect(error).to.not.be.ok();
+                expect(result.statusCode).to.equal(400);
+                done();
+            });
+        });
+
+        it('succeeds with feedback type', function (done) {
+            request.post(SERVER_URL + '/api/v1/cloudron/feedback')
+                   .send({ type: 'feedback', subject: 'some subject', description: 'some description' })
+                   .query({ access_token: token })
+                   .end(function (error, result) {
+                expect(error).to.not.be.ok();
+                expect(result.statusCode).to.equal(201);
+                done();
+            });
+        });
+
+        it('fails without subject', function (done) {
+            request.post(SERVER_URL + '/api/v1/cloudron/feedback')
+                   .send({ type: 'ticket', description: 'some description' })
+                   .query({ access_token: token })
+                   .end(function (error, result) {
+                expect(error).to.not.be.ok();
+                expect(result.statusCode).to.equal(400);
+                done();
+            });
+        });
+    });
 });


@@ -2,6 +2,10 @@

 set -eu -o pipefail

+readonly SOURCE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/../../.." && pwd)"
+
+source ${SOURCE_DIR}/setup/INFRA_VERSION
+
 readonly mysqldatadir="/tmp/mysqldata-$(date +%s)"
 readonly postgresqldatadir="/tmp/postgresqldata-$(date +%s)"
 readonly mongodbdatadir="/tmp/mongodbdata-$(date +%s)"
@@ -20,7 +24,7 @@ start_postgresql() {

    docker rm -f postgresql 2>/dev/null 1>&2 || true

-    docker run -dtP --name=postgresql -v "${postgresqldatadir}:/var/lib/postgresql" -v /tmp/postgresql_vars.sh:/etc/postgresql/postgresql_vars.sh cloudron/postgresql:0.3.0 >/dev/null
+    docker run -dtP --name=postgresql -v "${postgresqldatadir}:/var/lib/postgresql" -v /tmp/postgresql_vars.sh:/etc/postgresql/postgresql_vars.sh "${POSTGRESQL_IMAGE}" >/dev/null
 }

 start_mysql() {
@@ -36,7 +40,7 @@ start_mysql() {

    docker rm -f mysql 2>/dev/null 1>&2 || true

-    docker run -dP --name=mysql -v "${mysqldatadir}:/var/lib/mysql" -v /tmp/mysql_vars.sh:/etc/mysql/mysql_vars.sh cloudron/mysql:0.3.0 >/dev/null
+    docker run -dP --name=mysql -v "${mysqldatadir}:/var/lib/mysql" -v /tmp/mysql_vars.sh:/etc/mysql/mysql_vars.sh "${MYSQL_IMAGE}" >/dev/null
 }

 start_mongodb() {
@@ -52,7 +56,7 @@ start_mongodb() {

    docker rm -f mongodb 2>/dev/null 1>&2 || true

-    docker run -dP --name=mongodb -v "${mongodbdatadir}:/var/lib/mongodb" -v /tmp/mongodb_vars.sh:/etc/mongodb_vars.sh cloudron/mongodb:0.3.0 >/dev/null
+    docker run -dP --name=mongodb -v "${mongodbdatadir}:/var/lib/mongodb" -v /tmp/mongodb_vars.sh:/etc/mongodb_vars.sh "${MONGODB_IMAGE}" >/dev/null
 }

 start_mysql
@@ -13,7 +13,7 @@ if [[ $# == 1 && "$1" == "--check" ]]; then
 fi

 if [ $# -lt 3 ]; then
-    echo "Usage: backup.sh <appid> <url> <key>"
+    echo "Usage: backupapp.sh <appid> <url> <key> [aws session token]"
    exit 1
 fi

@@ -22,6 +22,7 @@ readonly DATA_DIR="${HOME}/data"
 app_id="$1"
 backup_url="$2"
 backup_key="$3"
+session_token="$4"
 readonly now=$(date "+%Y-%m-%dT%H:%M:%S")
 readonly app_data_dir="${DATA_DIR}/${app_id}"
 readonly app_data_snapshot="${DATA_DIR}/snapshots/${app_id}-${now}"
@@ -31,9 +32,17 @@ btrfs subvolume snapshot -r "${app_data_dir}" "${app_data_snapshot}"
 for try in `seq 1 5`; do
    echo "Uploading backup to ${backup_url} (try ${try})"
    error_log=$(mktemp)
+
+    headers=("-H" "Content-Type:")
+
+    # federated tokens in CaaS case need session token
+    if [ ! -z "$session_token" ]; then
+        headers=(${headers[@]} "-H" "x-amz-security-token: ${session_token}")
+    fi
+
    if tar -cvzf - -C "${app_data_snapshot}" . \
           | openssl aes-256-cbc -e -pass "pass:${backup_key}" \
-           | curl --fail -H "Content-Type:" -X PUT --data-binary @- "${backup_url}" 2>"${error_log}"; then
+           | curl --fail -X PUT "${headers[@]}" --data-binary @- "${backup_url}" 2>"${error_log}"; then
        break
    fi
    cat "${error_log}" && rm "${error_log}"
@@ -13,12 +13,13 @@ if [[ $# == 1 && "$1" == "--check" ]]; then
 fi

 if [ $# -lt 2 ]; then
-    echo "Usage: backupbox.sh <url> <key>"
+    echo "Usage: backupbox.sh <url> <key> [aws session token]"
    exit 1
 fi

 backup_url="$1"
 backup_key="$2"
+session_token="$3"
 now=$(date "+%Y-%m-%dT%H:%M:%S")
 BOX_DATA_DIR="${HOME}/data/box"
 box_snapshot_dir="${HOME}/data/snapshots/box-${now}"
@@ -32,9 +33,17 @@ btrfs subvolume snapshot -r "${BOX_DATA_DIR}" "${box_snapshot_dir}"
 for try in `seq 1 5`; do
    echo "Uploading backup to ${backup_url} (try ${try})"
    error_log=$(mktemp)
+
+    headers=("-H" "Content-Type:")
+
+    # federated tokens in CaaS case need session token
+    if [ ! -z "$session_token" ]; then
+        headers=(${headers[@]} "-H" "x-amz-security-token: ${session_token}")
+    fi
+
    if tar -cvzf - -C "${box_snapshot_dir}" . \
           | openssl aes-256-cbc -e -pass "pass:${backup_key}" \
-           | curl --fail -H "Content-Type:" -X PUT --data-binary @- "${backup_url}" 2>"${error_log}"; then
+           | curl --fail -X PUT ${headers[@]} --data-binary @- "${backup_url}" 2>"${error_log}"; then
        break
    fi
    cat "${error_log}" && rm "${error_log}"
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+set -eu -o pipefail
+
+if [[ $EUID -ne 0 ]]; then
+    echo "This script should be run as root." >&2
+    exit 1
+fi
+
+if [[ $# == 1 && "$1" == "--check" ]]; then
+    echo "OK"
+    exit 0
+fi
+
+if [ $# -lt 1 ]; then
+    echo "Usage: collectlogs.sh <program>"
+    exit 1
+fi
+
+readonly program_name=$1
+
+echo "${program_name}.log"
+echo "-------------------"
+journalctl --no-pager -u ${program_name} -n 100
+echo
+echo
+echo "dmesg"
+echo "-----"
+dmesg | tail --lines=100
+echo
+echo
+echo "docker"
+echo "------"
+journalctl --no-pager -u docker -n 50
+echo
+echo
+
+
+
@@ -12,12 +12,6 @@ if [[ $# == 1 && "$1" == "--check" ]]; then
    exit 0
 fi

-if [[ "${OSTYPE}" == "darwin"* ]]; then
-    # On Mac, brew installs supervisor in /usr/local/bin
-    export PATH=$PATH:/usr/local/bin
-fi
-
 if [[ "${BOX_ENV}" == "cloudron" ]]; then
    nginx -s reload
 fi
-
@@ -13,7 +13,7 @@ if [[ $# == 1 && "$1" == "--check" ]]; then
 fi

 if [ $# -lt 3 ]; then
-    echo "Usage: restoreapp.sh <appid> <url> <key>"
+    echo "Usage: restoreapp.sh <appid> <url> <key> [aws session token]"
    exit 1
 fi

@@ -23,6 +23,7 @@ readonly curl="curl --fail --connect-timeout 20 --retry 10 --retry-delay 2 --max
 app_id="$1"
 restore_url="$2"
 restore_key="$3"
+session_token="$4"

 echo "Downloading backup: ${restore_url} and key: ${restore_key}"

@@ -30,7 +31,14 @@ for try in `seq 1 5`; do
    echo "Download backup from ${restore_url} (try ${try})"
    error_log=$(mktemp)

-    if $curl -L "${restore_url}" \
+    headers=("") # empty element required (http://stackoverflow.com/questions/7577052/bash-empty-array-expansion-with-set-u)
+
+    # federated tokens in CaaS case need session token
+    if [[ ! -z "${session_token}" ]]; then
+        headers=(${headers[@]} "-H" "x-amz-security-token: ${session_token}")
+    fi
+
+    if $curl -L "${headers[@]}" "${restore_url}" \
        | openssl aes-256-cbc -d -pass "pass:${restore_key}" \
        | tar -zxf - -C "${DATA_DIR}/${app_id}" 2>"${error_log}"; then
        chown -R yellowtent:yellowtent "${DATA_DIR}/${app_id}"
@@ -97,11 +97,14 @@ function initializeExpressSync() {
    // private routes
    router.get ('/api/v1/cloudron/config', rootScope, routes.cloudron.getConfig);
    router.post('/api/v1/cloudron/update', rootScope, routes.user.requireAdmin, routes.user.verifyPassword, routes.cloudron.update);
-    router.get ('/api/v1/cloudron/reboot', rootScope, routes.cloudron.reboot);
+    router.post('/api/v1/cloudron/reboot', rootScope, routes.cloudron.reboot);
    router.post('/api/v1/cloudron/migrate', rootScope, routes.user.requireAdmin, routes.user.verifyPassword, routes.cloudron.migrate);
    router.post('/api/v1/cloudron/certificate', rootScope, multipart, routes.cloudron.setCertificate);
    router.get ('/api/v1/cloudron/graphs', rootScope, routes.graphs.getGraphs);

+    // feedback
+    router.post('/api/v1/cloudron/feedback', usersScope, routes.cloudron.feedback);
+
    router.get ('/api/v1/profile', profileScope, routes.user.profile);

    router.get ('/api/v1/users', usersScope, routes.user.list);
@@ -0,0 +1,39 @@
+/* jslint node:true */
+
+'use strict';
+
+var assert = require('assert'),
+    util = require('util');
+
+exports = module.exports = SubdomainError;
+
+function SubdomainError(reason, errorOrMessage) {
+    assert.strictEqual(typeof reason, 'string');
+    assert(errorOrMessage instanceof Error || typeof errorOrMessage === 'string' || typeof errorOrMessage === 'undefined');
+
+    Error.call(this);
+    Error.captureStackTrace(this, this.constructor);
+
+    this.name = this.constructor.name;
+    this.reason = reason;
+    if (typeof errorOrMessage === 'undefined') {
+        this.message = reason;
+    } else if (typeof errorOrMessage === 'string') {
+        this.message = errorOrMessage;
+    } else {
+        this.message = 'Internal error';
+        this.nestedError = errorOrMessage;
+    }
+}
+util.inherits(SubdomainError, Error);
+
+SubdomainError.NOT_FOUND = 'No such domain';
+SubdomainError.INTERNAL_ERROR = 'Internal error';
+SubdomainError.EXTERNAL_ERROR = 'External error';
+SubdomainError.STILL_BUSY = 'Still busy';
+SubdomainError.FAILED_TOO_OFTEN = 'Failed too often';
+SubdomainError.ALREADY_EXISTS = 'Domain already exists';
+SubdomainError.BAD_FIELD = 'Bad Field';
+SubdomainError.BAD_STATE = 'Bad State';
+SubdomainError.INVALID_ZONE_NAME = 'Invalid domain name';
+SubdomainError.INVALID_TASK = 'Invalid task';
@@ -0,0 +1,82 @@
+/* jslint node:true */
+
+'use strict';
+
+var assert = require('assert'),
+    async = require('async'),
+    aws = require('./aws.js'),
+    config = require('./config.js'),
+    debug = require('debug')('box:subdomains'),
+    util = require('util'),
+    SubdomainError = require('./subdomainerror.js');
+
+module.exports = exports = {
+    add: add,
+    addMany: addMany,
+    remove: remove,
+    status: status
+};
+
+function add(record, callback) {
+    assert.strictEqual(typeof record, 'object');
+    assert.strictEqual(typeof record.subdomain, 'string');
+    assert.strictEqual(typeof record.type, 'string');
+    assert.strictEqual(typeof record.value, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    debug('add: ', record);
+
+    aws.addSubdomain(config.zoneName(), record.subdomain, record.type, record.value, function (error, changeId) {
+        if (error) return callback(error);
+        callback(null, changeId);
+    });
+}
+
+function addMany(records, callback) {
+    assert(util.isArray(records));
+    assert.strictEqual(typeof callback, 'function');
+
+    debug('addMany: ', records);
+
+    var changeIds = [];
+
+    async.eachSeries(records, function (record, callback) {
+        add(record, function (error, changeId) {
+            if (error) return callback(error);
+
+            changeIds.push(changeId);
+
+            callback(null);
+        });
+    }, function (error) {
+        if (error) return callback(error);
+        callback(null, changeIds);
+    });
+}
+
+function remove(record, callback) {
+    assert.strictEqual(typeof record, 'object');
+    assert.strictEqual(typeof callback, 'function');
+
+    debug('remove: ', record);
+
+    aws.delSubdomain(config.zoneName(), record.subdomain, record.type, record.value, function (error) {
+        if (error && error.reason !== SubdomainError.NOT_FOUND) return callback(error);
+
+        debug('deleteSubdomain: successfully deleted subdomain from aws.');
+
+        callback(null);
+    });
+}
+
+function status(changeId, callback) {
+    assert.strictEqual(typeof changeId, 'string');
+    assert.strictEqual(typeof callback, 'function');
+
+    debug('status: ', changeId);
+
+    aws.getChangeStatus(changeId, function (error, status) {
+        if (error) return callback(new SubdomainError(SubdomainError.EXTERNAL_ERROR, error));
+        callback(null, status === 'INSYNC' ? 'done' : 'pending');
+    });
+}
@@ -17,10 +17,7 @@ var appdb = require('./appdb.js'),
 var gActiveTasks = { };
 var gPendingTasks = [ ];

-// Task concurrency is 1 for two reasons:
-// 1. The backup scripts (app and box) turn off swap after finish disregarding other backup processes
-// 2. apptask getFreePort has race with multiprocess
-var TASK_CONCURRENCY = 1;
+var TASK_CONCURRENCY = 5;
 var NOOP_CALLBACK = function (error) { console.error(error); };

 function initialize(callback) {
@@ -54,7 +51,8 @@ function uninitialize(callback) {

 function startNextTask() {
    if (gPendingTasks.length === 0) return;
-    assert(Object.keys(gActiveTasks).length === 0); // since we allow only one task at a time
+
+    assert(Object.keys(gActiveTasks).length < TASK_CONCURRENCY);

    startAppTask(gPendingTasks.shift());
 }
@@ -63,7 +61,7 @@ function startAppTask(appId) {
    assert.strictEqual(typeof appId, 'string');
    assert(!(appId in gActiveTasks));

-    var lockError = locker.lock(locker.OP_APPTASK);
+    var lockError = locker.recursiveLock(locker.OP_APPTASK);

    if (lockError || Object.keys(gActiveTasks).length >= TASK_CONCURRENCY) {
        debug('Reached concurrency limit, queueing task for %s', appId);
@@ -2,21 +2,24 @@

 set -eu

-readonly SOURCE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+readonly SOURCE_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
+
+source ${SOURCE_DIR}/setup/INFRA_VERSION

 # reset sudo timestamp to avoid wrong success
 sudo -k || sudo --reset-timestamp

 # checks if all scripts are sudo access
-scripts=("${SOURCE_DIR}/scripts/rmappdir.sh" \
-         "${SOURCE_DIR}/scripts/createappdir.sh" \
-         "${SOURCE_DIR}/scripts/reloadnginx.sh" \
-         "${SOURCE_DIR}/scripts/backupbox.sh" \
-         "${SOURCE_DIR}/scripts/backupapp.sh" \
-         "${SOURCE_DIR}/scripts/restoreapp.sh" \
-         "${SOURCE_DIR}/scripts/reboot.sh" \
-         "${SOURCE_DIR}/scripts/backupswap.sh" \
-         "${SOURCE_DIR}/scripts/reloadcollectd.sh")
+scripts=("${SOURCE_DIR}/src/scripts/rmappdir.sh" \
+         "${SOURCE_DIR}/src/scripts/createappdir.sh" \
+         "${SOURCE_DIR}/src/scripts/reloadnginx.sh" \
+         "${SOURCE_DIR}/src/scripts/backupbox.sh" \
+         "${SOURCE_DIR}/src/scripts/backupapp.sh" \
+         "${SOURCE_DIR}/src/scripts/restoreapp.sh" \
+         "${SOURCE_DIR}/src/scripts/reboot.sh" \
+         "${SOURCE_DIR}/src/scripts/backupswap.sh" \
+         "${SOURCE_DIR}/src/scripts/collectlogs.sh" \
+         "${SOURCE_DIR}/src/scripts/reloadcollectd.sh")

 for script in "${scripts[@]}"; do
    if [[ $(sudo -n "${script}" --check 2>/dev/null) != "OK" ]]; then
@@ -36,23 +39,23 @@ if ! docker inspect girish/test:0.2.0 >/dev/null 2>/dev/null; then
    exit 1
 fi

-if ! docker inspect cloudron/redis:0.3.0 >/dev/null 2>/dev/null; then
-    echo "docker pull cloudron/redis:0.3.0 for tests to run"
+if ! docker inspect "${REDIS_IMAGE}" >/dev/null 2>/dev/null; then
+    echo "docker pull ${REDIS_IMAGE} for tests to run"
    exit 1
 fi

-if ! docker inspect cloudron/mysql:0.3.0 >/dev/null 2>/dev/null; then
-    echo "docker pull cloudron/mysql:0.3.0 for tests to run"
+if ! docker inspect "${MYSQL_IMAGE}" >/dev/null 2>/dev/null; then
+    echo "docker pull ${MYSQL_IMAGE} for tests to run"
    exit 1
 fi

-if ! docker inspect cloudron/postgresql:0.3.0 >/dev/null 2>/dev/null; then
-    echo "docker pull cloudron/postgresql:0.3.0 for tests to run"
+if ! docker inspect "${POSTGRESQL_IMAGE}" >/dev/null 2>/dev/null; then
+    echo "docker pull ${POSTGRESQL_IMAGE} for tests to run"
    exit 1
 fi

-if ! docker inspect cloudron/mongodb:0.3.0 >/dev/null 2>/dev/null; then
-    echo "docker pull cloudron/mongodb:0.3.0 for tests to run"
+if ! docker inspect "${MONGODB_IMAGE}" >/dev/null 2>/dev/null; then
+    echo "docker pull ${MONGODB_IMAGE} for tests to run"
    exit 1
 fi

@@ -0,0 +1,263 @@
+/* jslint node:true */
+/* global it:false */
+/* global describe:false */
+/* global before:false */
+/* global after:false */
+
+'use strict';
+
+require('supererror', { splatchError: true});
+
+var database = require('../database.js'),
+    expect = require('expect.js'),
+    EventEmitter = require('events').EventEmitter,
+    async = require('async'),
+    user = require('../user.js'),
+    config = require('../config.js'),
+    ldapServer = require('../ldap.js'),
+    ldap = require('ldapjs');
+
+var USER_0 = {
+    username: 'foobar0',
+    password: 'password0',
+    email: 'foo0@bar.com'
+};
+
+var USER_1 = {
+    username: 'foobar1',
+    password: 'password1',
+    email: 'foo1@bar.com'
+};
+
+function setup(done) {
+    async.series([
+        database.initialize.bind(null),
+        database._clear.bind(null),
+        ldapServer.start.bind(null),
+        user.create.bind(null, USER_0.username, USER_0.password, USER_0.email, true, null),
+        user.create.bind(null, USER_1.username, USER_1.password, USER_1.email, false, USER_0)
+    ], done);
+}
+
+function cleanup(done) {
+    database._clear(done);
+}
+
+describe('Ldap', function () {
+    before(setup);
+    after(cleanup);
+
+    describe('bind', function () {
+        it('fails for nonexisting user', function (done) {
+            var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
+
+            client.bind('cn=doesnotexist,ou=users,dc=cloudron', 'password', function (error) {
+                expect(error).to.be.a(ldap.NoSuchObjectError);
+                done();
+            });
+        });
+
+        it('fails with wrong password', function (done) {
+            var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
+
+            client.bind('cn=' + USER_0.username + ',ou=users,dc=cloudron', 'wrongpassword', function (error) {
+                expect(error).to.be.a(ldap.InvalidCredentialsError);
+                done();
+            });
+        });
+
+        it('succeeds', function (done) {
+            var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
+
+            client.bind('cn=' + USER_0.username + ',ou=users,dc=cloudron', USER_0.password, function (error) {
+                expect(error).to.be(null);
+                done();
+            });
+        });
+    });
+
+    describe('search users', function () {
+        it ('fails for non existing tree', function (done) {
+            var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
+
+            var opts = {
+                filter: '(&(l=Seattle)(email=*@foo.com))'
+            };
+
+            client.search('o=example', opts, function (error, result) {
+                expect(error).to.be(null);
+                expect(result).to.be.an(EventEmitter);
+
+                result.on('error', function (error) {
+                    expect(error).to.be.a(ldap.NoSuchObjectError);
+                    done();
+                });
+                result.on('end', function (result) {
+                    done(new Error('Should not succeed. Status ' + result.status));
+                });
+            });
+        });
+
+        it ('succeeds with basic filter', function (done) {
+            var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
+
+            var opts = {
+                filter: 'objectcategory=person'
+            };
+
+            client.search('ou=users,dc=cloudron', opts, function (error, result) {
+                expect(error).to.be(null);
+                expect(result).to.be.an(EventEmitter);
+
+                var entries = [];
+
+                result.on('searchEntry', function (entry) { entries.push(entry.object); });
+                result.on('error', done);
+                result.on('end', function (result) {
+                    expect(result.status).to.equal(0);
+                    expect(entries.length).to.equal(2);
+                    expect(entries[0].username).to.equal(USER_0.username);
+                    expect(entries[1].username).to.equal(USER_1.username);
+                    done();
+                });
+            });
+        });
+
+        it ('succeeds with username wildcard filter', function (done) {
+            var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
+
+            var opts = {
+                filter: '&(objectcategory=person)(username=foobar*)'
+            };
+
+            client.search('ou=users,dc=cloudron', opts, function (error, result) {
+                expect(error).to.be(null);
+                expect(result).to.be.an(EventEmitter);
+
+                var entries = [];
+
+                result.on('searchEntry', function (entry) { entries.push(entry.object); });
+                result.on('error', done);
+                result.on('end', function (result) {
+                    expect(result.status).to.equal(0);
+                    expect(entries.length).to.equal(2);
+                    expect(entries[0].username).to.equal(USER_0.username);
+                    expect(entries[1].username).to.equal(USER_1.username);
+                    done();
+                });
+            });
+        });
+
+        it ('succeeds with username filter', function (done) {
+            var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
+
+            var opts = {
+                filter: '&(objectcategory=person)(username=' + USER_0.username + ')'
+            };
+
+            client.search('ou=users,dc=cloudron', opts, function (error, result) {
+                expect(error).to.be(null);
+                expect(result).to.be.an(EventEmitter);
+
+                var entries = [];
+
+                result.on('searchEntry', function (entry) { entries.push(entry.object); });
+                result.on('error', done);
+                result.on('end', function (result) {
+                    expect(result.status).to.equal(0);
+                    expect(entries.length).to.equal(1);
+                    expect(entries[0].username).to.equal(USER_0.username);
+                    expect(entries[0].memberof.length).to.equal(2);
+                    done();
+                });
+            });
+        });
+    });
+
+    describe('search groups', function () {
+        it ('succeeds with basic filter', function (done) {
+            var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
+
+            var opts = {
+                filter: 'objectclass=group'
+            };
+
+            client.search('ou=groups,dc=cloudron', opts, function (error, result) {
+                expect(error).to.be(null);
+                expect(result).to.be.an(EventEmitter);
+
+                var entries = [];
+
+                result.on('searchEntry', function (entry) { entries.push(entry.object); });
+                result.on('error', done);
+                result.on('end', function (result) {
+                    expect(result.status).to.equal(0);
+                    expect(entries.length).to.equal(2);
+                    expect(entries[0].cn).to.equal('users');
+                    expect(entries[0].memberuid.length).to.equal(2);
+                    expect(entries[0].memberuid[0]).to.equal(USER_0.username);
+                    expect(entries[0].memberuid[1]).to.equal(USER_1.username);
+                    expect(entries[1].cn).to.equal('admins');
+                    // if only one entry, the array becomes a string :-/
+                    expect(entries[1].memberuid).to.equal(USER_0.username);
+                    done();
+                });
+            });
+        });
+
+        it ('succeeds with cn wildcard filter', function (done) {
+            var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
+
+            var opts = {
+                filter: '&(objectclass=group)(cn=*)'
+            };
+
+            client.search('ou=groups,dc=cloudron', opts, function (error, result) {
+                expect(error).to.be(null);
+                expect(result).to.be.an(EventEmitter);
+
+                var entries = [];
+
+                result.on('searchEntry', function (entry) { entries.push(entry.object); });
+                result.on('error', done);
+                result.on('end', function (result) {
+                    expect(result.status).to.equal(0);
+                    expect(entries.length).to.equal(2);
+                    expect(entries[0].cn).to.equal('users');
+                    expect(entries[0].memberuid.length).to.equal(2);
+                    expect(entries[0].memberuid[0]).to.equal(USER_0.username);
+                    expect(entries[0].memberuid[1]).to.equal(USER_1.username);
+                    expect(entries[1].cn).to.equal('admins');
+                    // if only one entry, the array becomes a string :-/
+                    expect(entries[1].memberuid).to.equal(USER_0.username);
+                    done();
+                });
+            });
+        });
+
+        it('succeeds with memberuid filter', function (done) {
+            var client = ldap.createClient({ url: 'ldap://127.0.0.1:' + config.get('ldapPort') });
+
+            var opts = {
+                filter: '&(objectclass=group)(memberuid=' + USER_1.username + ')'
+            };
+
+            client.search('ou=groups,dc=cloudron', opts, function (error, result) {
+                expect(error).to.be(null);
+                expect(result).to.be.an(EventEmitter);
+
+                var entries = [];
+
+                result.on('searchEntry', function (entry) { entries.push(entry.object); });
+                result.on('error', done);
+                result.on('end', function (result) {
+                    expect(result.status).to.equal(0);
+                    expect(entries.length).to.equal(1);
+                    expect(entries[0].cn).to.equal('users');
+                    expect(entries[0].memberuid.length).to.equal(2);
+                    done();
+                });
+            });
+        });
+    });
+});
@@ -0,0 +1,47 @@
+/* jslint node:true */
+
+'use strict';
+
+exports = module.exports = {
+    backupDone: backupDone
+};
+
+var assert = require('assert'),
+    config = require('./config.js'),
+    debug = require('debug')('box:webhooks'),
+    superagent = require('superagent'),
+    util = require('util');
+
+function backupDone(filename, app, appBackupIds, callback) {
+    assert.strictEqual(typeof filename, 'string');
+    assert(!app || typeof app === 'object');
+    assert(!appBackupIds || util.isArray(appBackupIds));
+    assert.strictEqual(typeof callback, 'function');
+
+    debug('backupDone():', filename);
+
+    // CaaS
+    if (config.token()) {
+        var url = config.apiServerOrigin() + '/api/v1/boxes/' + config.fqdn() + '/backupDone';
+        var data = {
+            boxVersion: config.version(),
+            restoreKey: filename,
+            appId: app ? app.id : null,
+            appVersion: app ? app.manifest.version : null,
+            appBackupIds: appBackupIds
+        };
+
+        superagent.post(url).send(data).query({ token: config.token() }).end(function (error, result) {
+            if (error) return callback(error);
+            if (result.statusCode !== 200) return callback(new Error(result.text));
+            if (!result.body) return callback(new Error('Unexpected response'));
+
+            debug('backupDone()', filename);
+
+            return callback(null);
+        });
+    } else {
+        // TODO call custom webhook
+        callback(null);
+    }
+}
@@ -6,13 +6,13 @@

    <title> Cloudron App Error </title>

+    <!-- Theme CSS -->
+    <link href="theme.css" rel="stylesheet" type="text/css">
+
    <!-- external fonts and CSS -->
    <link href="//maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css" rel="stylesheet" type="text/css">
    <link href="//fonts.googleapis.com/css?family=Roboto:300" rel="stylesheet" type="text/css">

-    <!-- Theme CSS -->
-    <link href="theme.css" rel="stylesheet" type="text/css">
-
    <!-- jQuery-->
    <script src="3rdparty/js/jquery.min.js"></script>

@@ -6,13 +6,13 @@

    <title> Cloudron Error </title>

+    <!-- Theme CSS -->
+    <link href="theme.css" rel="stylesheet" type="text/css">
+
    <!-- external fonts and CSS -->
    <link href="//maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css" rel="stylesheet" type="text/css">
    <link href="//fonts.googleapis.com/css?family=Roboto:300" rel="stylesheet" type="text/css">

-    <!-- Theme CSS -->
-    <link href="theme.css" rel="stylesheet" type="text/css">
-
    <!-- jQuery-->
    <script src="3rdparty/js/jquery.min.js"></script>

@@ -8,6 +8,9 @@

    <link href="/api/v1/cloudron/avatar" rel="icon" type="image/png">

+    <!-- Theme CSS -->
+    <link href="theme.css" rel="stylesheet">
+
    <!-- Custom Fonts -->
    <link href="//maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css" rel="stylesheet" type="text/css">
    <link href="//fonts.googleapis.com/css?family=Roboto:300" rel="stylesheet" type="text/css">
@@ -48,9 +51,6 @@
    <!-- Main Application -->
    <script src="js/index.js"></script>

-    <!-- Theme CSS -->
-    <link href="theme.css" rel="stylesheet">
-
 </head>

 <body>
@@ -81,7 +81,7 @@
                        <li ng-repeat="change in config.update.box.changelog">{{change}}</li>
                    </ul>
                    <br/>
-                    <fieldset>
+                    <fieldset ng-show="installedApps | readyToUpdate">
                        <form name="update_form" role="form" ng-submit="doUpdate()" autocomplete="off">
                            <div class="form-group" ng-class="{ 'has-error': update_form.password.$dirty && update_form.password.$invalid }">
                                <label class="control-label" for="inputUpdatePassword">Give your password to verify that you are performing that action</label>
@@ -99,7 +99,7 @@
                </div>
                <div class="modal-footer">
                    <button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
-                    <button type="button" class="btn btn-danger" ng-click="doUpdate()" ng-disabled="update_form.$invalid || update.busy"><i class="fa fa-spinner fa-pulse" ng-show="update.busy"></i> Update</button>
+                    <button type="button" class="btn btn-danger" ng-click="doUpdate()" ng-disabled="update_form.$invalid || update.busy" ng-show="installedApps | readyToUpdate"><i class="fa fa-spinner fa-pulse" ng-show="update.busy"></i> Update</button>
                </div>
            </div>
        </div>
@@ -143,9 +143,10 @@
                            <ul class="dropdown-menu" role="menu">
                                <li><a href="#/account"><i class="fa fa-user fa-fw"></i> Account</a></li>
                                <li ng-show="user.admin && config.isDev"><a href="#/dns"><i class="fa fa-wrench fa-fw"></i> DNS Management</a></li>
-                                <li ng-show="user.admin"><a href="#/upgrade"><i class="fa fa-arrow-up fa-fw"></i> Upgrade</a></li>
-                                <li ng-show="user.admin"><a href="#/settings"><i class="fa fa-wrench fa-fw"></i> Settings</a></li>
                                <li ng-show="user.admin"><a href="#/graphs"><i class="fa fa-bar-chart fa-fw"></i> Graphs</a></li>
+                                <li ng-show="user.admin"><a href="#/upgrade"><i class="fa fa-arrow-up fa-fw"></i> Upgrade</a></li>
+                                <li><a href="#/support"><i class="fa fa-comment fa-fw"></i> Support</a></li>
+                                <li ng-show="user.admin"><a href="#/settings"><i class="fa fa-wrench fa-fw"></i> Settings</a></li>
                                <li class="divider"></li>
                                <li><a href="" ng-click="logout($event)"><i class="fa fa-sign-out fa-fw"></i> Logout</a></li>
                            </ul>
@@ -63,6 +63,17 @@ angular.module('Application').service('AppStore', ['$http', 'Client', function (
        });
    };

+    AppStore.prototype.getAppByIdAndVersion = function (appId, version, callback) {
+        if (Client.getConfig().apiServerOrigin === null) return callback(new AppStoreError(420, 'Enhance Your Calm'));
+
+        $http.get(Client.getConfig().apiServerOrigin + '/api/v1/apps/' + appId + '/versions/' + version).success(function (data, status) {
+            if (status !== 200) return callback(new AppStoreError(status, data));
+            return callback(null, data);
+        }).error(function (data, status) {
+            return callback(new AppStoreError(status, data));
+        });
+    };
+
    AppStore.prototype.getManifest = function (appId, callback) {
        if (Client.getConfig().apiServerOrigin === null) return callback(new AppStoreError(420, 'Enhance Your Calm'));

@@ -425,7 +425,7 @@ angular.module('Application').service('Client', ['$http', 'md5', 'Notification',
    };

    Client.prototype.reboot = function (callback) {
-        $http.get(client.apiOrigin + '/api/v1/cloudron/reboot').success(function(data, status) {
+        $http.post(client.apiOrigin + '/api/v1/cloudron/reboot', { }).success(function(data, status) {
            if (status !== 202 || typeof data !== 'object') return callback(new ClientError(status, data));
            callback(null, data);
        }).error(defaultErrorHandler(callback));
@@ -469,6 +469,19 @@ angular.module('Application').service('Client', ['$http', 'md5', 'Notification',
        }).error(defaultErrorHandler(callback));
    };

+    Client.prototype.feedback = function (type, subject, description, callback) {
+        var data = {
+            type: type,
+            subject: subject,
+            description: description
+        };
+
+        $http.post(client.apiOrigin + '/api/v1/cloudron/feedback', data).success(function (data, status) {
+            if (status !== 201) return callback(new ClientError(status, data));
+            callback(null);
+        }).error(defaultErrorHandler(callback));
+    };
+
    Client.prototype.createUser = function (username, email, callback) {
        var data = {
            username: username,
@@ -37,6 +37,9 @@ app.config(['$routeProvider', function ($routeProvider) {
    }).when('/settings', {
        controller: 'SettingsController',
        templateUrl: 'views/settings.html'
+    }).when('/support', {
+        controller: 'SupportController',
+        templateUrl: 'views/support.html'
    }).when('/upgrade', {
        controller: 'UpgradeController',
        templateUrl: 'views/upgrade.html'
@@ -6,13 +6,13 @@

    <title> Cloudron </title>

+    <!-- Theme CSS -->
+    <link href="theme.css" rel="stylesheet" type="text/css">
+
    <!-- external fonts and CSS -->
    <link href="//maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css" rel="stylesheet" type="text/css">
    <link href="//fonts.googleapis.com/css?family=Roboto:300" rel="stylesheet" type="text/css">

-    <!-- Theme CSS -->
-    <link href="theme.css" rel="stylesheet" type="text/css">
-
    <!-- jQuery-->
    <script src="3rdparty/js/jquery.min.js"></script>

@@ -6,6 +6,9 @@

    <title> Cloudron Setup </title>

+    <!-- Theme CSS -->
+    <link href="theme.css" rel="stylesheet">
+
    <!-- Custom Fonts -->
    <link href="//maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css" rel="stylesheet" type="text/css">
    <link href="//fonts.googleapis.com/css?family=Roboto:300" rel="stylesheet" type="text/css">
@@ -31,9 +34,6 @@
    <!-- Setup Application -->
    <script src="js/setup.js"></script>

-    <!-- Theme CSS -->
-    <link href="theme.css" rel="stylesheet">
-
 </head>

 <body class="setup" ng-app="Application" ng-controller="SetupController">
@@ -120,6 +120,14 @@ html {
 .grid-item {
    padding: 10px;
    min-width: 200px;
+    overflow: hidden;
+}
+
+.grid-item:hover .grid-item-bottom {
+    @media(min-width:768px) {
+        opacity: 1;
+        right: 10px;
+    }
 }

 .grid-item-content {
@@ -132,10 +140,39 @@ html {
    padding: 10px 15px;
 }

-.grid-item-bottom {
+.grid-item-top-title {
+    text-overflow: ellipsis;
+    white-space: nowrap;
+    overflow: hidden;
+    font-size: 24px;
+}
+
+.grid-item-bottom-mobile {
    padding: 10px 15px;
    border-top: 1px solid #ddd;
-    background-color: white
+    background-color: white;
+
+    @media(min-width:768px) {
+        display: none;
+    }
+}
+
+.grid-item-bottom {
+    display: none;
+    padding: 10px 15px;
+    border-top: 1px solid #ddd;
+    background-color: white;
+
+    @media(min-width:768px) {
+        display: block;
+        position: absolute;
+        top: 0;
+        right: -10px;
+        opacity: 0;
+        background-color: transparent;
+
+        transition: all 250ms;
+    }
 }

 // ----------------------------
@@ -158,8 +195,8 @@ html {

 .appstore-item-badge-testing {
    position: absolute;
-    right: 15px;
-    top: 15px;
+    right: 0;
+    top: 2px;
 }

 .appstore-item-content-testing {
@@ -195,15 +232,53 @@ html {
 }

 .appstore-category-link {
+    display: block;
    padding: 10px;
    margin: 0;
+    overflow: hidden;
    color: black;
-    color: inherit;
    text-overflow: ellipsis;
    white-space: nowrap;
-    overflow: hidden;
-    display: block;
    font-size: 18px;
+
+    &:hover,
+    &:focus,
+    &.category-active {
+        text-decoration: none;
+        background-color: white;
+        color: black;
+    }
+
+    &.category-active {
+        background-color: $navbar-default-link-hover-color;
+        color: white;
+    }
+}
+
+
+.appstore-category-missing {
+    padding: 10px;
+    background-color: white;
+
+    p {
+        font-weight: bold;
+    }
+
+    textarea {
+        display: block;
+        width: 100%;
+        height: 50px;
+        margin-bottom: 10px;
+        transition: all 250ms ease-out;
+
+        &:focus {
+            height: 200px;
+        }
+    }
+
+    button {
+        width: 100%;
+    }
 }

 .appstore-install-description {
@@ -226,14 +301,6 @@ html {
    color: $text-muted;
 }

-.appstore-category-link:hover,
-.appstore-category-link:focus,
-.appstore-category-link.category-active {
-    text-decoration: none;
-    background-color: $navbar-default-link-hover-color;
-    color: white;
-}
-
 .appstore-item-rating {
    color: $navbar-default-link-hover-color;
 }
@@ -263,6 +330,10 @@ html {
    background-color: #5CB85C;
 }

+.badge-warning {
+    background-color: #EFBD48;
+}
+
 .badge-danger {
    background-color: $brand-danger;
 }
@@ -304,6 +375,10 @@ html {
    color: #5CB85C;
 }

+.text-bold {
+    font-weight: bold;
+}
+
 .text-large {
    font-size: $font-size-h1;
 }
@@ -329,12 +404,9 @@ html {
 .grid-item-top .progress {
    border-radius: 0;
    box-shadown: none;
-    margin-left: -15px;
-    margin-right: -15px;
-    margin-bottom: -11px;
-    margin-top: 9px;
+    margin-top: 10px;
    width: inherit;
-    height: 2px;
+    height: 10px;
 }

 .grid-item-top .progress-bar {
@@ -636,6 +708,33 @@ footer a {
 }


+// ----------------------------
+// Oauth classes
+// ----------------------------
+
+.oauth {
+    height: 100%;
+    width: 100%;
+    padding: 0;
+    background: #F7F7F7;
+
+    h1 {
+        font-size: 33px;
+    }
+
+    .card {
+        max-width: none;
+        padding: 20px;
+        text-align: left;
+        margin-top: 15px;
+
+        @media(min-width:768px) {
+            margin-top: 20%;
+        }
+    }
+}
+
+
 // ----------------------------
 // Graphs classes
 // ----------------------------
@@ -779,3 +878,17 @@ $graphs-success-alt:    lighten(#27CE65, 20%);
        }
    }
 }
+
+// ----------------------------
+// Support
+// ----------------------------
+
+.support {
+
+    max-width: 600px;
+
+    h3 {
+        margin-top: 0;
+        margin-bottom: 20px;
+    }
+}
@@ -6,6 +6,9 @@

    <title> Cloudron Update </title>

+    <!-- Theme CSS -->
+    <link href="theme.css" rel="stylesheet">
+
    <!-- Custom Fonts -->
    <link href="//maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css" rel="stylesheet" type="text/css">
    <link href="//fonts.googleapis.com/css?family=Roboto:300" rel="stylesheet" type="text/css">
@@ -23,9 +26,6 @@
    <!-- Update Application -->
    <script src="js/update.js"></script>

-    <!-- Theme CSS -->
-    <link href="theme.css" rel="stylesheet">
-
 </head>

 <body ng-app="Application" ng-controller="Controller" style="background-color: #7F7F7F">
@@ -89,6 +89,8 @@
    </div>
 </div>

+<br/>
+
 <div style="max-width: 600px; margin: 0 auto;">
    <div class="text-left">
        <h1>Account</h1>
@@ -43,6 +43,7 @@
                                <option value="roleUser">Visible only to Cloudron users</option>
                            </select>
                        </div>
+                        <a ng-show="!!appConfigure.app.manifest.configurePath" ng-href="https://{{ appConfigure.app.location }}{{ !appConfigure.app.location ? '' : (config.isCustomDomain ? '.' : '-') }}{{ config.fqdn }}/{{ appConfigure.app.manifest.configurePath }}" target="_blank">Application Specific Settings</a>
                        <br/>
                        <br/>
                        <div class="form-group" ng-class="{ 'has-error': (appConfigureForm.password.$dirty && appConfigureForm.password.$invalid) || (!appConfigureForm.password.$dirty && appConfigure.error.password) }">
@@ -53,7 +54,7 @@
                    </form>
                </fieldset>
            </div>
-            <div class="modal-footer">
+            <div class="modal-footer ">
                <button type="button" class="btn btn-default" style="float: left;" ng-click="startApp(appConfigure.app)" ng-show="appConfigure.app.runState === 'stopped' && !appConfigure.runStateBusy && !(appConfigure.app | installationActive)"><i class="fa fa-play"></i> Start</button>
                <button type="button" class="btn btn-default" style="float: left;" ng-show="appConfigure.app.runState !== 'stopped' && appConfigure.app.runState !== 'running' || appConfigure.runStateBusy && !(appConfigure.app | installationActive)" disabled ><i class="fa fa-refresh fa-spin"></i></button>
                <button type="button" class="btn btn-default" style="float: left;" ng-click="stopApp(appConfigure.app)" ng-show="appConfigure.app.runState === 'running' && !appConfigure.runStateBusy && !(appConfigure.app | installationActive)"><i class="fa fa-pause"></i> Stop</button>
@@ -182,6 +183,9 @@
 </script>

 <div class="content">
+
+    <br/>
+
    <div class="row animateMeOpacity ng-hide" ng-show="installedApps.length > 0">
        <div class="col-lg-12">
            <h1>Installed Applications</h1>
@@ -200,11 +204,12 @@
                        </div>
                        <br/>
                        <div class="row">
-                            <div class="col-xs-12 text-left">
-                                <div style="text-overflow: ellipsis; white-space: nowrap; overflow: hidden">{{ app.location || app.fqdn }}</div>
+                            <div class="col-xs-12 text-center">
+                                <div class="grid-item-top-title">{{ app.location || app.fqdn }}</div>
                                <div class="text-muted" style="text-overflow: ellipsis; white-space: nowrap; overflow: hidden">
                                    {{ app | installationStateLabel }}
                                </div>
+                                <br ng-hide="app | installationActive"/>
                                <div ng-show="app | installationActive">
                                    <div class="progress progress-striped active">
                                        <div class="progress-bar progress-bar-success" role="progressbar" style="width: {{ app.progress }}%"></div>
@@ -213,32 +218,57 @@
                            </div>
                        </div>
                    </div>
-                </a>
-                <div class="grid-item-bottom" ng-show="user.admin">
-                    <div class="row">
-                        <div class="col-xs-4 text-left">
-                            <a href="" ng-click="showRestore(app)" ng-show="(app | installError) === true">
-                                <i class="fa fa-undo scale"></i>
-                            </a>
+                    <div class="grid-item-bottom-mobile" ng-show="user.admin">
+                        <div class="row">
+                            <div class="col-xs-4 text-left">
+                                <a href="" ng-click="showRestore(app)" ng-show="(app | installError) === true">
+                                    <i class="fa fa-undo scale"></i>
+                                </a>

-                            <a href="" ng-click="showConfigure(app)" ng-show="(app | installSuccess) == true">
-                                <i class="fa fa-wrench scale"></i>
-                            </a>
-                        </div>
-                        <div class="col-xs-4 text-center">
-                            <!-- we check the version here because the box updater does not know when an app gets updated -->
-                            <a href="" ng-click="showUpdate(app)" class="ng-hide animateMe" ng-show="config.update.apps[app.id].manifest.version && config.update.apps[app.id].manifest.version !== app.manifest.version && (app | installSuccess)">
-                                <i class="fa fa-arrow-up text-success scale"></i>
-                            </a>
-                        </div>
-                        <div class="col-xs-4 text-right">
-                            <a href="" ng-click="showUninstall(app)">
-                                <i class="fa fa-remove scale"></i>
-                            </a>
+                                <a href="" ng-click="showConfigure(app)" ng-show="(app | installSuccess) == true">
+                                    <i class="fa fa-wrench scale"></i>
+                                </a>
+                            </div>
+                            <div class="col-xs-4 text-center">
+                                <!-- we check the version here because the box updater does not know when an app gets updated -->
+                                <a href="" ng-click="showUpdate(app)" class="ng-hide animateMe" ng-show="config.update.apps[app.id].manifest.version && config.update.apps[app.id].manifest.version !== app.manifest.version && (app | installSuccess)">
+                                    <i class="fa fa-arrow-up text-success scale"></i>
+                                </a>
+                            </div>
+                            <div class="col-xs-4 text-right">
+                                <a href="" ng-click="showUninstall(app)">
+                                    <i class="fa fa-remove scale"></i>
+                                </a>
+                            </div>
                        </div>
                    </div>
-                </div>
+                    <div class="grid-item-bottom" ng-show="user.admin">
+                        <br/>
+
+                        <div>
+                            <a href="" ng-click="showUninstall(app)"><i class="fa fa-remove scale"></i></a>
+                        </div>
+
+                        <div ng-show="(app | installError) === true">
+                            <a href="" ng-click="showRestore(app)"><i class="fa fa-undo scale"></i></a>
+                        </div>
+
+                        <div ng-show="(app | installSuccess) == true">
+                            <a href="" ng-click="showConfigure(app)"><i class="fa fa-wrench scale"></i></a>
+                        </div>
+
+                        <!-- we check the version here because the box updater does not know when an app gets updated -->
+                        <div ng-show="config.update.apps[app.id].manifest.version && config.update.apps[app.id].manifest.version !== app.manifest.version && (app | installSuccess)">
+                            <a href="" ng-click="showUpdate(app)"><i class="fa fa-arrow-up text-success scale"></i></a>
+                        </div>
+
+                        <br/>
+                    </div>
+                </a>
            </div>
        </div>
    </div>
 </div>
+
+<!-- Offset the footer -->
+<br/><br/>
@@ -214,7 +214,7 @@ angular.module('Application').controller('AppsController', ['$scope', '$location
        AppStore.getManifest(app.appStoreId, function (error, manifest) {
            if (error) return console.error(error);

-            $scope.appUpdate.manifest = manifest;
+            $scope.appUpdate.manifest = angular.copy(manifest);

            // ensure we always operate on objects here
            app.portBindings = app.portBindings || {};
@@ -334,7 +334,7 @@ angular.module('Application').controller('AppsController', ['$scope', '$location
    };

    // setup all the dialog focus handling
-    ['appConfigureModal', 'appUninstallModal', 'appUpdateModal'].forEach(function (id) {
+    ['appConfigureModal', 'appUninstallModal', 'appUpdateModal', 'appRestoreModal'].forEach(function (id) {
        $('#' + id).on('shown.bs.modal', function () {
            $(this).find("[autofocus]:first").focus();
        });
@@ -64,6 +64,47 @@
    </div>
 </div>

+<!-- Modal feedback -->
+<div class="modal fade" id="feedbackModal" tabindex="-1" role="dialog">
+    <div class="modal-dialog">
+        <div class="modal-content">
+            <div class="modal-header">
+                <h4 class="modal-title">App Feedback</h4>
+            </div>
+            <div class="modal-body">
+                <fieldset>
+                    <form name="feedbackForm" ng-submit="submitFeedback()">
+                        <div ng-show="feedback.error" class="text-danger text-bold">{{feedback.error}}</div>
+                        <textarea class="form-control" id="feedbackDescriptionTextarea" cols="3" ng-model="feedback.description" ng-minlength="1" required placeholder="Name, Category, Links ..." autofocus></textarea>
+                        <input class="ng-hide" type="submit" ng-disabled="feedbackForm.$invalid || feedback.busy"/>
+                    </form>
+                </fieldset>
+            </div>
+            <div class="modal-footer">
+                <button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
+                <button type="button" class="btn btn-success" ng-click="submitFeedback()" ng-disabled="feedbackForm.$invalid || feedback.busy"><i class="fa fa-fw fa-paper-plane"></i> Submit</button>
+            </div>
+        </div>
+    </div>
+</div>
+
+<!-- Modal app not found -->
+<div class="modal fade" id="appNotFoundModal" tabindex="-1" role="dialog">
+    <div class="modal-dialog">
+        <div class="modal-content">
+            <div class="modal-header">
+                <h4 class="modal-title">App not found</h4>
+            </div>
+            <div class="modal-body">
+                There is no such app <b>{{ appNotFound.appId }}</b><span ng-show="appNotFound.version"> with version <b>{{ appNotFound.version }}</b></span>.
+            </div>
+            <div class="modal-footer">
+                <button type="button" class="btn btn-primary" data-dismiss="modal">Ok</button>
+            </div>
+        </div>
+    </div>
+</div>
+
 <div>
    <div class="row-no-margin">
        <div class="col-md-2">
@@ -98,12 +139,17 @@
            <a href="" class="appstore-category-link" ng-click="showCategory($event);" ng-class="{'category-active': category === 'wiki' }" category="wiki">Wiki</a>
            <br/>
            <a href="" class="appstore-category-link" ng-click="showCategory($event);" ng-class="{'category-active': category === 'testing' }" category="testing" ng-show="config.developerMode">Testing</a>
+            <br/>
+            <br/>
+            <br/>
+            <a href="" ng-click="showFeedbackModal()">Missing an app? Let us know.</a>
        </div>
        <div class="col-md-10" ng-show="ready && apps.length">
            <div class="row-no-margin">
                <div class="col-sm-1 appstore-item" ng-repeat="app in apps">
-                    <div class="appstore-item-content highlight" ng-click="showInstall(app)" ng-class="{ 'appstore-item-content-testing': app.publishState === 'testing' }">
+                    <div class="appstore-item-content highlight" ng-click="showInstall(app)" ng-class="{ 'appstore-item-content-testing': (app.publishState === 'testing' || app.publishState === 'pending_approval') }">
                        <span class="badge badge-danger appstore-item-badge-testing" ng-show="app.publishState === 'testing'">Testing</span>
+                        <span class="badge badge-warning appstore-item-badge-testing" ng-show="app.publishState === 'pending_approval'">Pending Approval</span>
                        <div class="appstore-item-content-icon col-same-height">
                            <img ng-src="{{app.iconUrl}}" onerror="this.onerror=null;this.src='img/appicon_fallback.png'" class="app-icon"/>
                        </div>
@@ -117,7 +163,8 @@
            </div>
        </div>
        <div class="col-md-10 animateMeOpacity loading-banner" ng-show="ready && !apps.length">
-            <h3 class="text-muted">No applications in this category</h3>
+            <h3 class="text-muted">No applications in this category.</h3>
+            <a href="" ng-click="showFeedbackModal()"><h3>Let us know if you miss something.</h3></a>
        </div>
        <div class="col-md-10 animateMeOpacity loading-banner" ng-show="!ready">
            <h2><i class="fa fa-spinner fa-pulse"></i> Loading</h2>
@@ -20,6 +20,47 @@ angular.module('Application').controller('AppStoreController', ['$scope', '$loca
        mediaLinks: []
    };

+    $scope.appNotFound = {
+        appId: '',
+        version: ''
+    };
+
+    $scope.feedback = {
+        error: null,
+        success: false,
+        subject: 'App feedback',
+        description: '',
+        type: 'app'
+    };
+
+    function resetFeedback() {
+        $scope.feedback.description = '';
+
+        $scope.feedbackForm.$setUntouched();
+        $scope.feedbackForm.$setPristine();
+    }
+
+    $scope.submitFeedback = function () {
+        $scope.feedback.busy = true;
+        $scope.feedback.success = false;
+        $scope.feedback.error = null;
+
+        Client.feedback($scope.feedback.type, $scope.feedback.subject, $scope.feedback.description, function (error) {
+            if (error) {
+                $scope.feedback.error = error;
+            } else {
+                $scope.feedback.success = true;
+                $('#feedbackModal').modal('hide');
+                resetFeedback();
+            }
+
+            $scope.feedback.busy = false;
+        });
+    };
+
+    $scope.showFeedbackModal = function () {
+        $('#feedbackModal').modal('show');
+    };

    function getAppList(callback) {
        AppStore.getApps(function (error, apps) {
@@ -132,6 +173,13 @@ angular.module('Application').controller('AppStoreController', ['$scope', '$loca
        }
    };

+    $scope.showAppNotFound = function (appId, version) {
+        $scope.appNotFound.appId = appId;
+        $scope.appNotFound.version = version;
+
+        $('#appNotFoundModal').modal('show');
+    };
+
    $scope.doInstall = function () {
        $scope.appInstall.busy = true;
        $scope.appInstall.error.other = null;
@@ -189,11 +237,26 @@ angular.module('Application').controller('AppStoreController', ['$scope', '$loca

            // show install app dialog immediately if an app id was passed in the query
            if ($routeParams.appId) {
-                var found = apps.filter(function (app) {
-                    return (app.id === $routeParams.appId) && ($routeParams.version ? $routeParams.version === app.manifest.version : true);
-                });
-                if (found.length) {
-                    $scope.showInstall(found[0]);
+                if ($routeParams.version) {
+                    AppStore.getAppByIdAndVersion($routeParams.appId, $routeParams.version, function (error, result) {
+                        if (error) {
+                            $scope.showAppNotFound($routeParams.appId, $routeParams.version);
+                            console.error(error);
+                            return;
+                        }
+
+                        $scope.showInstall(result);
+                    });
+                } else {
+                    var found = apps.filter(function (app) {
+                        return (app.id === $routeParams.appId) && ($routeParams.version ? $routeParams.version === app.manifest.version : true);
+                    });
+
+                    if (found.length) {
+                        $scope.showInstall(found[0]);
+                    } else {
+                        $scope.showAppNotFound($routeParams.appId, null);
+                    }
                }
            }

@@ -204,7 +267,7 @@ angular.module('Application').controller('AppStoreController', ['$scope', '$loca
    refresh();

    // setup all the dialog focus handling
-    ['appInstallModal'].forEach(function (id) {
+    ['appInstallModal', 'feedbackModal'].forEach(function (id) {
        $('#' + id).on('shown.bs.modal', function () {
            $(this).find("[autofocus]:first").focus();
        });
@@ -1,4 +1,6 @@

+<br/>
+
 <div class="row">
    <div class="col-md-12">
        <h1>Graphs</h1>
@@ -12,39 +14,15 @@
    <div class="row shadow memory-app-container">
        <h2>Disk Usage</h2>
        <br/>
-        <div class="col-md-4">
-            <h4>Applications <span class="badge">{{ diskUsage['docker'].sum }} GB</span></h4>
-            <canvas id="dockerDiskUsageChart" width="200" height="200"></canvas>
-            <p>
-                <span class="text-success">Free {{ diskUsage['docker'].free }} GB</span>
-                &nbsp;
-                <span class="text-warning">Reserved {{ diskUsage['docker'].reserved }} GB</span>
-                &nbsp;
-                <span class="text-primary">Used {{ diskUsage['docker'].used }} GB</span>
-            </p>
-        </div>
-        <div class="col-md-4">
+        <div class="col-md-offset-4 col-md-4">
            <h4>Data <span class="badge">{{ diskUsage['box'].sum }} GB</span></h4>
            <canvas id="boxDiskUsageChart" width="200" height="200"></canvas>
            <p>
                <span class="text-success">Free {{ diskUsage['box'].free }} GB</span>
                &nbsp;
-                <span class="text-warning">Reserved {{ diskUsage['box'].reserved }} GB</span>
-                &nbsp;
                <span class="text-primary">Used {{ diskUsage['box'].used }} GB</span>
            </p>
        </div>
-        <div class="col-md-4">
-            <h4>System (all) <span class="badge">{{ diskUsage['cloudron'].sum }} GB</span></h4>
-            <canvas id="cloudronDiskUsageChart" width="200" height="200"></canvas>
-            <p>
-                <span class="text-success">Free {{ diskUsage['cloudron'].free }} GB</span>
-                &nbsp;
-                <span class="text-warning">Reserved {{ diskUsage['cloudron'].reserved }} GB</span>
-                &nbsp;
-                <span class="text-primary">Used {{ diskUsage['cloudron'].used }} GB</span>
-            </p>
-        </div>
    </div>

    <br/>
@@ -33,8 +33,7 @@ angular.module('Application').controller('GraphsController', ['$scope', '$locati

    function renderDisk(type, free, reserved, used) {
        $scope.diskUsage[type] = {
-            used: bytesToGigaBytes(used.datapoints[0][0]),
-            reserved: bytesToGigaBytes(reserved.datapoints[0][0]),
+            used: bytesToGigaBytes(used.datapoints[0][0] + reserved.datapoints[0][0]),
            free: bytesToGigaBytes(free.datapoints[0][0]),
            sum: bytesToGigaBytes(used.datapoints[0][0] + reserved.datapoints[0][0] + free.datapoints[0][0])
        };
@@ -44,11 +43,6 @@ angular.module('Application').controller('GraphsController', ['$scope', '$locati
            color: "#2196F3",
            highlight: "#82C4F8",
            label: "Used"
-        }, {
-            value: $scope.diskUsage[type].reserved,
-            color: "#f0ad4e",
-            highlight: "#F8D9AC",
-            label: "Reserved"
        }, {
            value: $scope.diskUsage[type].free,
            color:"#27CE65",
@@ -98,7 +92,7 @@ angular.module('Application').controller('GraphsController', ['$scope', '$locati
            var options = {
                scaleOverride: true,
                scaleSteps: 10,
-                scaleStepWidth: $scope.activeApp === 'system' ? 100 : 10,
+                scaleStepWidth: $scope.activeApp === 'system' ? 200 : 60,
                scaleStartValue: 0
            };

@@ -111,21 +105,11 @@ angular.module('Application').controller('GraphsController', ['$scope', '$locati
        Client.graphs([
            'averageSeries(collectd.localhost.df-loop0.df_complex-free)',
            'averageSeries(collectd.localhost.df-loop0.df_complex-reserved)',
-            'averageSeries(collectd.localhost.df-loop0.df_complex-used)',
-
-            'averageSeries(collectd.localhost.df-loop1.df_complex-free)',
-            'averageSeries(collectd.localhost.df-loop1.df_complex-reserved)',
-            'averageSeries(collectd.localhost.df-loop1.df_complex-used)',
-
-            'averageSeries(collectd.localhost.df-vda1.df_complex-free)',
-            'averageSeries(collectd.localhost.df-vda1.df_complex-reserved)',
-            'averageSeries(collectd.localhost.df-vda1.df_complex-used)',
+            'averageSeries(collectd.localhost.df-loop0.df_complex-used)'
        ], '-1min', function (error, data) {
            if (error) return console.log(error);

-            renderDisk('docker', data[0], data[1], data[2]);
-            renderDisk('box', data[3], data[4], data[5]);
-            renderDisk('cloudron', data[6], data[7], data[8]);
+            renderDisk('box', data[0], data[1], data[2]);
        });
    };

@@ -107,6 +107,14 @@
    </div>
 </div>

+<br/>
+
+<div style="max-width: 600px; margin: 0 auto;">
+    <div class="text-left">
+        <h1>Settings</h1>
+    </div>
+</div>
+
 <div style="max-width: 600px; margin: 0 auto;" ng-show="user.admin">
    <div class="text-left">
        <h3>Backups</h3>
@@ -3,28 +3,34 @@
        <h1>Welcome to your Cloudron!</h1>
        <hr/>
        <h3 class="">
-                Choose a name and avatar
+                Choose a name and avatar for your Cloudron
        </h3>
    </div>
 </div>

 <br/>

+<div class="row">
+    <div class="col-md-4 col-md-offset-4 text-center">
+        <img id="previewAvatar" width="98" height="98" ng-src="{{wizard.avatar.data || wizard.avatar.url}}"/>
+    </div>
+</div>
+
+<br/>
+<br/>
+
 <div class="row">
    <div class="col-md-4 col-md-offset-4 text-center">
        <div class="form-group" ng-class="{ 'has-error': setup_form.name.$dirty && setup_form.name.$invalid }">
            <!-- <label class="control-label" for="inputName">Name</label> -->
-            <input type="text" class="form-control" ng-model="wizard.name" id="inputName" name="name" placeholder="Name" ng-enter="next('/step3', setup_form.name.$invalid)" ng-maxlength="512" ng-minlength="1" autofocus required autocomplete="off">
+            <input type="text" class="form-control" ng-model="wizard.name" id="inputName" name="name" placeholder="Name" ng-enter="next('/step2', setup_form.name.$invalid)" ng-maxlength="512" ng-minlength="1" autofocus required autocomplete="off">
        </div>
    </div>
 </div>


-<br/>
-
 <div class="row">
    <div class="col-md-12 settings-avatar-selector">
-        <img id="previewAvatar" width="80" height="80" ng-src="{{wizard.avatar.data || wizard.avatar.url}}"/>
        <input type="file" id="avatarFileInput" style="display: none" accept="image/png"/>

        <br/>
@@ -0,0 +1,58 @@
+<div class="content support">
+    <br/>
+
+    <div>
+        <div class="text-left">
+            <h1>Support</h1>
+        </div>
+    </div>
+
+    <div class="card card-large">
+        <div class="grid-item-top">
+            <div class="row animateMeOpacity">
+                <div class="col-lg-12">
+                    If you have any questions, please revise our <a href="{{ config.webServerOrigin }}/faq.html" target="_blank">Frequently Asked Questions</a>. We add more answers as we go, if you couldn't find your answers, just let us know using the forms below.<br/>
+                    <br/>
+                    For any developer related issues, please see our <a href="{{ config.webServerOrigin }}/documentation.html" target="_blank">Developer documentation</a>.
+                </div>
+            </div>
+        </div>
+    </div>
+
+    <br/>
+
+    <div class="card card-large">
+        <div class="grid-item-top">
+            <div class="row animateMeOpacity">
+                <div class="col-lg-12">
+                    <h3>Feedback</h3>
+                    We would love to hear any ideas or feature requests from your side.<br/>
+                    If you found any issue or bugs, let us know as well, we will resolve that for you as soon as possible.
+                    <br/>
+                    <br/>
+                    <form name="feedbackForm" ng-submit="submitFeedback()">
+                        <div class="form-group">
+                            <select class="form-control" name="type" style="width: 50%;" ng-model="feedback.type" required>
+                                <option value="feedback">Enhancement / Idea</option>
+                                <option value="ticket">Bug Report</option>
+                                <option value="app">Missing App</option>
+                            </select>
+                        </div>
+                        <div class="form-group" ng-class="{ 'has-error': (feedbackForm.subject.$dirty && feedbackForm.subject.$invalid) }">
+                            <input type="text" class="form-control" name="subject" placeholder="Enter your idea or issue" ng-model="feedback.subject" ng-maxlength="512" ng-minlength="1" required>
+                        </div>
+                        <div class="form-group" ng-class="{ 'has-error': (feedbackForm.description.$dirty && feedbackForm.description.$invalid) }">
+                            <textarea class="form-control" name="description" rows="3" placeholder="Describe your idea or issue" ng-model="feedback.description" ng-minlength="1" required></textarea>
+                        </div>
+                        <button type="submit" class="btn btn-primary" ng-disabled="feedbackForm.$invalid || feedback.busy"><i class="fa fa-spinner fa-pulse" ng-show="feedback.busy"></i> Submit</button>
+                        <span ng-show="feedback.error" class="text-danger text-bold">{{feedback.error}}</span>
+                        <span ng-show="feedback.success" class="text-success text-bold">Thank You!</span>
+                    </form>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>
+
+<!-- Offset the footer -->
+<br/><br/>
@@ -0,0 +1,40 @@
+'use strict';
+
+angular.module('Application').controller('SupportController', ['$scope', '$location', 'Client', function ($scope, $location, Client) {
+    $scope.config = Client.getConfig();
+
+    $scope.feedback = {
+        error: null,
+        success: false,
+        busy: false,
+        subject: '',
+        type: '',
+        description: ''
+    };
+
+    function resetFeedback() {
+        $scope.feedback.subject = '';
+        $scope.feedback.description = '';
+        $scope.feedback.type = '';
+
+        $scope.feedbackForm.$setUntouched();
+        $scope.feedbackForm.$setPristine();
+    }
+
+    $scope.submitFeedback = function () {
+        $scope.feedback.busy = true;
+        $scope.feedback.success = false;
+        $scope.feedback.error = null;
+
+        Client.feedback($scope.feedback.type, $scope.feedback.subject, $scope.feedback.description, function (error) {
+            if (error) {
+                $scope.feedback.error = error;
+            } else {
+                $scope.feedback.success = true;
+                resetFeedback();
+            }
+
+            $scope.feedback.busy = false;
+        });
+    };
+}]);
@@ -77,7 +77,7 @@
                    <div class="cloudron-model-item-content shadow" ng-class="{ 'selected': size.slug === currentSize.slug }" style="height: {{ 120 + $index * 30 }}px">
                        <!-- <img src="img/box.png" style="transform: scale({{ size.price/50.0 }});"/><br/> -->
                        <h3>{{ size.name }}</h3>
-                        <h5>${{ size.price }}/mo</h5>
+                        <h5>${{ (size.price/100).toFixed() }}/mo</h5>
                        <button class="btn btn-success" ng-disabled="busy" ng-hide="size.slug === currentSize.slug" ng-click="showUpgradeConfirm(size)">Upgrade</button>
                        <button class="btn btn-success" ng-show="size.slug === currentSize.slug" data-toggle="tooltip" data-placement="top" title="Your Current Model"><i class="fa fa-check"></i></button>
                    </div>
@@ -80,6 +80,9 @@
 </div>

 <div class="content">
+
+    <br/>
+
    <div>
        <div class="text-left">
            <h1>Users <button class="btn btn-primary btn-outline pull-right" data-toggle="modal" data-target="#userAddModal"><i class="fa fa-user-plus"></i> New User</button></h1>
Author	SHA1	Message	Date
Girish Ramakrishnan	26aefadfba	systemd: fix crashnotifier	2015-09-07 21:40:01 -07:00
Girish Ramakrishnan	51a28842cf	systemd: pass the instance name as argument	2015-09-07 21:16:22 -07:00
Girish Ramakrishnan	210c2f3cc1	Output some logs in crashnotifier	2015-09-07 21:10:00 -07:00
Girish Ramakrishnan	773c326eb7	systemd: just wait for 5 seconds for box to die	2015-09-07 20:58:14 -07:00
Girish Ramakrishnan	cb2fb026c5	systemd: do not restart crashnotifier	2015-09-07 20:54:58 -07:00
Girish Ramakrishnan	a4731ad054	200m is a more sane memory limit	2015-09-07 20:48:29 -07:00
Girish Ramakrishnan	aa33938fb5	systemd: fix config files	2015-09-07 20:46:32 -07:00
Girish Ramakrishnan	edfe8f1ad0	disable pager when collecting logs	2015-09-07 20:27:27 -07:00
Girish Ramakrishnan	41399a2593	Make crashnotifier.js executable	2015-09-07 20:15:13 -07:00
Girish Ramakrishnan	2a4c467ab8	systemd: Fix crashnotifier	2015-09-07 20:14:37 -07:00
Girish Ramakrishnan	6be6092c0e	Add memory limits on services	2015-09-07 19:16:34 -07:00
Girish Ramakrishnan	e76584b0da	Move from supervisor to systemd This removes logrotate as well since we use systemd logging	2015-09-07 14:31:25 -07:00
Girish Ramakrishnan	b3816615db	run upto 5 apptasks in parallel fixes #482	2015-09-05 09:17:46 -07:00
Johannes Zellner	212d0bd55a	Revert "Add hack for broken app backup tarballs" This reverts commit `9723951bfc`.	2015-08-31 21:44:24 -07:00
Girish Ramakrishnan	712ada940e	Add hack for broken app backup tarballs	2015-08-31 18:58:38 -07:00
Johannes Zellner	ba690c6346	Add missing records argument	2015-08-30 23:00:01 -07:00
Johannes Zellner	e910e19f57	Fix debug tag	2015-08-30 22:54:52 -07:00
Johannes Zellner	0c2532b0b5	Give default value to config.dnsInSync	2015-08-30 22:35:44 -07:00
Johannes Zellner	9c9b17a5f0	Remove cloudron.config prior to every test run	2015-08-30 22:35:44 -07:00
Johannes Zellner	816dea91ec	Assert for dns record values	2015-08-30 22:35:44 -07:00
Johannes Zellner	c228f8d4d5	Merge admin dns and mail dns setup This now also checks if the mail records are in sync	2015-08-30 22:35:43 -07:00
Johannes Zellner	05bb99fad4	give dns record changeIds as a result for addMany()	2015-08-30 22:35:43 -07:00
Johannes Zellner	51b2457b3d	Setup webadmin domain on the box side	2015-08-30 22:35:43 -07:00
Girish Ramakrishnan	ed71fca23e	Fix css	2015-08-30 22:25:18 -07:00
Girish Ramakrishnan	20e8e72ac2	reserved blocks are used	2015-08-30 22:24:57 -07:00
Girish Ramakrishnan	13fe0eb882	Only display one donut for memory usage	2015-08-30 22:13:01 -07:00
Girish Ramakrishnan	e0476c9030	Reboot is a post route	2015-08-30 21:38:54 -07:00
Girish Ramakrishnan	fca82fd775	Display upto 600mb for apps	2015-08-30 17:21:44 -07:00
Johannes Zellner	37c8ba8ddd	Reduce logging for aws credentials	2015-08-30 17:03:10 -07:00
Johannes Zellner	f87011b5c2	Also always check for dns propagation	2015-08-30 17:00:23 -07:00
Johannes Zellner	7f149700f8	Remove wrong optimization for subdomain records	2015-08-30 16:54:33 -07:00
Johannes Zellner	78ba9070fc	use config.appFqdn() to handle custom domains	2015-08-30 16:29:09 -07:00
Johannes Zellner	e31e5e1f69	Reuse dnsRecordId for record status id	2015-08-30 15:58:54 -07:00
Johannes Zellner	31d9027677	Query dns status with aws statusId	2015-08-30 15:51:33 -07:00
Johannes Zellner	debcd6f353	aws provides uppercase properties	2015-08-30 15:47:08 -07:00
Johannes Zellner	5cb1681922	Fixup the zonename comparison	2015-08-30 15:37:18 -07:00
Johannes Zellner	9074bccea0	Move subdomain management from appstore to box	2015-08-30 15:29:14 -07:00
Girish Ramakrishnan	291798f574	Pass along aws config for updates	2015-08-27 22:45:04 -07:00
Girish Ramakrishnan	b104843ae1	Add missing quotes to cloudron.conf	2015-08-27 20:15:04 -07:00
Girish Ramakrishnan	dd062c656f	Fix failing test	2015-08-27 11:43:36 -07:00
Girish Ramakrishnan	ae2eb718c6	check if response has credentials object	2015-08-27 11:43:02 -07:00
Girish Ramakrishnan	7ac26bb653	Fix backup response	2015-08-27 11:19:40 -07:00
Girish Ramakrishnan	41a726e8a7	Fix backup test	2015-08-27 11:17:36 -07:00
Girish Ramakrishnan	4b69216548	bash: quote the array expansion	2015-08-27 10:13:05 -07:00
Girish Ramakrishnan	99395ddf5a	bash: quoting array expansion because thats how it is	2015-08-27 09:49:44 -07:00
Girish Ramakrishnan	5f9fa5c352	bash: empty array expansion barfs with set -u	2015-08-27 09:33:40 -07:00
Girish Ramakrishnan	9013331917	Fix coding style	2015-08-27 09:30:32 -07:00
Girish Ramakrishnan	3a8f80477b	getSignedDownloadUrl must return an object with url and sessionToken	2015-08-27 09:26:19 -07:00
Johannes Zellner	813c680ed0	pass full box data to the update	2015-08-26 10:59:17 -07:00
Johannes Zellner	a0eccd615f	Send new version to update to to the installer	2015-08-26 09:42:48 -07:00
Johannes Zellner	59be539ecd	make restoreapp.sh support aws session tokens	2015-08-26 09:14:15 -07:00
Johannes Zellner	a04740114c	Generate app restore urls locally	2015-08-26 09:11:28 -07:00
Johannes Zellner	60b5d71c74	appBackupIds are not needed for backup url generation	2015-08-26 09:06:45 -07:00
Johannes Zellner	0a8b4b0c43	Load our style sheet as early as possible	2015-08-25 21:59:01 -07:00
Johannes Zellner	ec21105c47	use backupKey from userData	2015-08-25 18:44:52 -07:00
Girish Ramakrishnan	444258e7ee	backupKey is a function	2015-08-25 18:37:51 -07:00
Johannes Zellner	e6fd05c2bd	Support optional aws related userData	2015-08-25 17:52:01 -07:00
Johannes Zellner	9fdcd452d0	Use locally generate signed urls for app backup	2015-08-25 17:52:01 -07:00
Johannes Zellner	f39b9d5618	Support session tokens in backupapp.sh	2015-08-25 17:52:00 -07:00
Johannes Zellner	76e4c4919d	Only federated tokens need session token	2015-08-25 17:52:00 -07:00
Johannes Zellner	d1f159cdb4	Also send the restoreKey for the backup done webhook	2015-08-25 17:52:00 -07:00
Johannes Zellner	c63065e460	Also send the sessionToken when using the pre-signed url	2015-08-25 17:52:00 -07:00
Johannes Zellner	124c1d94a4	Translate the federated credentials	2015-08-25 17:52:00 -07:00
Johannes Zellner	e9161b726a	AWS credential creation returns 201	2015-08-25 17:52:00 -07:00
Johannes Zellner	fd0d27b192	AWS credentials are now dealt with a level down	2015-08-25 17:52:00 -07:00
Johannes Zellner	50064a40fe	Use dev bucket for now as a default	2015-08-25 17:52:00 -07:00
Johannes Zellner	c9bc5fc38e	Use signed urls for upload on the box side	2015-08-25 17:52:00 -07:00
Johannes Zellner	58f533fe50	Add config.aws().backupPrefix	2015-08-25 17:52:00 -07:00
Johannes Zellner	efcdffd8ff	Add getSignedUploadUrl() to aws.js	2015-08-25 17:52:00 -07:00
Johannes Zellner	22793c3886	move aws-sdk from dev to normal dependencies	2015-08-25 17:52:00 -07:00
Johannes Zellner	797ddbacc0	Return aws credentials from config.js	2015-08-25 17:52:00 -07:00
Johannes Zellner	e011962469	refactor backupBoxWithAppBackupIds()	2015-08-25 17:52:00 -07:00
Johannes Zellner	b376ad9815	Add webhooks.js	2015-08-25 17:51:59 -07:00
Johannes Zellner	77248fe65c	Construct backupUrl locally	2015-08-25 17:51:59 -07:00
Johannes Zellner	1dad115203	Add initial aws object to config.js	2015-08-25 17:51:59 -07:00
Johannes Zellner	8812d58031	Add backupKey to config	2015-08-25 17:51:59 -07:00
Johannes Zellner	fff7568f7e	Add aws.js	2015-08-25 17:51:59 -07:00
Johannes Zellner	ff6662579d	Fix typo in backupapp.sh help output	2015-08-25 17:51:59 -07:00
Girish Ramakrishnan	0cf9fbd909	Merge data into args	2015-08-25 15:55:52 -07:00
Girish Ramakrishnan	848b745fcb	Fix boolean logic	2015-08-25 12:24:02 -07:00
Girish Ramakrishnan	9a35c40b24	Add force argument This fixes crash when auto-updating apps	2015-08-25 10:01:20 -07:00
Girish Ramakrishnan	1f1e6124cd	oldConfig can be null during a restore/upgrade	2015-08-25 09:59:44 -07:00
Girish Ramakrishnan	033df970ad	Update manifestformat@1.7.0	2015-08-24 22:56:02 -07:00
Girish Ramakrishnan	dd80a795a0	Read memoryLimit from manifest	2015-08-24 22:44:35 -07:00
Girish Ramakrishnan	1eec6a39c6	Show upto 200mb	2015-08-24 22:39:06 -07:00
Girish Ramakrishnan	dd6b8face9	Set app memory limit to 200MB (includes 100 MB swap)	2015-08-24 21:58:19 -07:00
Girish Ramakrishnan	288de7e03a	Add RSTATE_ERROR	2015-08-24 21:58:19 -07:00
Girish Ramakrishnan	a760ef4d22	Rebase addons to use base image 0.3.3	2015-08-24 10:19:18 -07:00
Johannes Zellner	0dd745bce4	Fix form submit with enter for update form	2015-08-22 17:21:25 -07:00
Johannes Zellner	d4d5d371ac	Use POST heartbeat route instead of GET	2015-08-22 16:51:56 -07:00
Johannes Zellner	205bf4ddbd	Offset the footer in apps view	2015-08-20 23:50:52 -07:00
Girish Ramakrishnan	4ab84d42c6	Delete image only if it changed This optimization won't work if we have two dockerImage with same image id....	2015-08-19 14:24:32 -07:00
Girish Ramakrishnan	ee74badf3a	Check for dockerImage in manifest in install/update/restore routes	2015-08-19 11:08:45 -07:00
Girish Ramakrishnan	aa173ff74c	restore without a backup is the same as re-install	2015-08-19 11:00:00 -07:00
Girish Ramakrishnan	b584fc33f5	CN of admin group is admins	2015-08-18 16:35:52 -07:00
Girish Ramakrishnan	15c9d8682e	Base image is now 0.3.3	2015-08-18 15:43:50 -07:00
Girish Ramakrishnan	361be8c26b	containerId can be null	2015-08-18 15:43:50 -07:00
Girish Ramakrishnan	4db9a5edd6	Clean up the old image and not the current one	2015-08-18 10:01:15 -07:00
Johannes Zellner	bcc878da43	Hide update input fields and update button if it is blocked by apps	2015-08-18 16:59:36 +02:00
Johannes Zellner	79f179fed4	Add note, why sendError() is required	2015-08-18 16:53:29 +02:00
Johannes Zellner	a924a9a627	Revert "remove obsolete sendError() function" This reverts commit `5d9b122dd5`.	2015-08-18 16:49:53 +02:00
Girish Ramakrishnan	45d444df0e	leave a note about force_update	2015-08-17 21:30:56 -07:00
Girish Ramakrishnan	92461a3366	Remove ununsed require	2015-08-17 21:23:32 -07:00
Girish Ramakrishnan	032a430c51	Fix debug message	2015-08-17 21:23:27 -07:00
Girish Ramakrishnan	a6a3855e79	Do not remove icon for non-appstore installs Fixes #466	2015-08-17 19:37:51 -07:00
Girish Ramakrishnan	2386545814	Add a note why oldConfig can be null	2015-08-17 10:05:07 -07:00
Johannes Zellner	2059152dd3	remove obsolete sendError() function	2015-08-17 14:55:56 +02:00
Johannes Zellner	32d2c260ab	Move appstore badges out of the way for the app titles	2015-08-17 11:50:31 +02:00
Johannes Zellner	384c7873aa	Correctly mark apps pending for approval Fixes #339	2015-08-17 11:50:08 +02:00
Girish Ramakrishnan	9266302c4c	Print graphite container id	2015-08-13 15:57:36 -07:00
Girish Ramakrishnan	755dce7bc4	fix graph issue finally	2015-08-13 15:54:27 -07:00
Girish Ramakrishnan	dd3e38ae55	Use latest graphite	2015-08-13 15:53:36 -07:00
Girish Ramakrishnan	9dfaa2d20f	Create symlink in start.sh (and not container setup)	2015-08-13 15:36:21 -07:00
Girish Ramakrishnan	d6a4ff23e2	restart mysql in start.sh and not container setup	2015-08-13 15:16:01 -07:00
Girish Ramakrishnan	c2ab7e2c1f	restart collectd	2015-08-13 15:04:57 -07:00
Girish Ramakrishnan	b9e4662dbb	fix graphs again	2015-08-13 15:03:44 -07:00
Girish Ramakrishnan	10df0a527f	Fix typo remove thead_cache_size. it's dynamic anyways	2015-08-13 14:53:05 -07:00
Girish Ramakrishnan	9aad3688e1	Revert "Add hack to make graphs work with latest collectd" This reverts commit `a959418544`.	2015-08-13 14:42:47 -07:00
Girish Ramakrishnan	e78dbcb5d4	limit threads and max connections	2015-08-13 14:42:36 -07:00
Girish Ramakrishnan	5e8cd09f51	Bump infra version	2015-08-13 14:22:39 -07:00
Girish Ramakrishnan	22f65a9364	Add hack to make graphs work with latest collectd For some reason df-vda1 is not being collected by carbon. I have tried all sorts of things and nothing works. This is a hack to get it working.	2015-08-13 13:47:44 -07:00
Girish Ramakrishnan	81b7432044	Turn off performance_schema in mysql 5.6	2015-08-13 13:47:44 -07:00
Girish Ramakrishnan	d49b90d9f2	Remove unused nodejs-disks	2015-08-13 10:34:06 -07:00
Girish Ramakrishnan	9face9cf35	systemd has moved around the cgroup hierarchy https://github.com/docker/docker/issues/9902 There is some rationale here: https://libvirt.org/cgroups.html	2015-08-13 10:21:33 -07:00
Girish Ramakrishnan	33ac34296e	CpuShares is part of HostConfig	2015-08-12 23:47:35 -07:00
Girish Ramakrishnan	670ffcd489	Add warning	2015-08-12 19:52:23 -07:00
Girish Ramakrishnan	ec7b365c31	Use BASE_IMAGE as well	2015-08-12 19:51:44 -07:00
Girish Ramakrishnan	433d78c7ff	Fix graphite version	2015-08-12 19:51:08 -07:00
Girish Ramakrishnan	ed041fdca6	Put image names in one place	2015-08-12 19:38:44 -07:00
Girish Ramakrishnan	b8e4ed2369	Use latest images	2015-08-12 19:19:58 -07:00
Johannes Zellner	d12f260d12	Prevent accessing oldConfig if it does not exist	2015-08-12 21:17:52 +02:00
Johannes Zellner	ba7989b57b	Add ldap 'users' group	2015-08-12 17:38:31 +02:00
Johannes Zellner	88df410f5b	Add ldap search unit tests	2015-08-12 15:31:54 +02:00
Johannes Zellner	2436db3b1f	Add ldap memberof attribute	2015-08-12 15:31:44 +02:00
Johannes Zellner	d15874df63	Add initial ldap unit tests	2015-08-12 15:00:38 +02:00
Johannes Zellner	8fb90254cd	Ensure the focus is properly set when restoring	2015-08-12 14:35:51 +02:00
Johannes Zellner	cbd712c20e	Better integrate the progress bar	2015-08-12 14:32:20 +02:00
Johannes Zellner	8c004798f2	Improve login form layout	2015-08-12 14:23:13 +02:00
Johannes Zellner	c1b0cbe78d	Give appstore hover a different color	2015-08-12 14:07:40 +02:00
Johannes Zellner	5ee72c8e98	Make webadmin pages a bit more streamlined with padding	2015-08-12 13:48:55 +02:00
Girish Ramakrishnan	c125cc17dc	Apps must only get 50% less cpu than system processes when there is a contention for cpu	2015-08-11 17:00:48 -07:00
Johannes Zellner	18feff1bfb	Increase installed app title	2015-08-11 15:22:30 +02:00
Johannes Zellner	f74f713bbd	Hide geeky toolbar in apps icons	2015-08-11 13:04:50 +02:00
Girish Ramakrishnan	0ea14db172	Fix redis installation on 1.7	2015-08-10 23:00:24 -07:00
Girish Ramakrishnan	74785a40d5	r -> ro (docker 1.7)	2015-08-10 21:14:28 -07:00
Girish Ramakrishnan	dcfcd5be84	Create docker volume directories since docker 1.7 does not create them	2015-08-10 21:00:56 -07:00
Girish Ramakrishnan	814674eac5	addons can be null in apps.backupApp addons.backup already takes care of null. a future commit will give defaults for all non-default manifest fields at some point and document them as so	2015-08-10 13:47:51 -07:00
Girish Ramakrishnan	1a7fff9867	Keep linter happy	2015-08-10 13:42:04 -07:00
Johannes Zellner	30b248a0f6	Allow non published versions to be shown if explicitly requested Fixes #468	2015-08-10 16:16:40 +02:00
Johannes Zellner	7168455de3	Do not use table layout for login view Fixes #458	2015-08-10 15:26:45 +02:00
Johannes Zellner	085f63e3c7	Show cloudron name in login screen	2015-08-10 15:04:12 +02:00
Johannes Zellner	015be64923	Show cloudron avatar in login screen	2015-08-10 15:01:58 +02:00
Johannes Zellner	2c2471811d	Restructure the login page	2015-08-10 14:51:04 +02:00
Johannes Zellner	1025249e93	Since addons are optional, ensure we have a valid empty object in the db	2015-08-10 10:37:55 +02:00
Johannes Zellner	41ffc4bcf3	If we have an empty app search show modal dialog link	2015-08-09 15:19:21 +02:00
Johannes Zellner	2739d54cc1	Make appstore feedback form a modal dialog	2015-08-09 14:48:00 +02:00
Girish Ramakrishnan	c4c463cbc2	collect logs using a sudo script docker logs can only be read by root	2015-08-08 19:04:59 -07:00
Girish Ramakrishnan	8cd13bd43f	Update safetydance	2015-08-08 18:53:16 -07:00
Girish Ramakrishnan	e4ef279759	Update safetydance and lastmile	2015-08-06 13:54:15 -07:00
Girish Ramakrishnan	cf7fecb57b	bump cloudron-manifestformat	2015-08-06 13:50:27 -07:00
Girish Ramakrishnan	226041dcb1	Display settings path Fixes #465	2015-08-06 13:44:09 -07:00
Johannes Zellner	7548025561	If an app search is empty, show hint to give feedback	2015-08-06 18:35:08 +02:00
Johannes Zellner	fdbee427ee	Show app feedback form in appstore Fixes #461	2015-08-06 18:30:49 +02:00
Johannes Zellner	d861d6d6e4	Properly offset the footer in support view	2015-08-06 18:30:25 +02:00
Johannes Zellner	0a648edcaa	Add app feedback category	2015-08-06 17:34:40 +02:00
Johannes Zellner	18850c1fba	Cloudron prices are in cents	2015-08-06 16:24:19 +02:00
Girish Ramakrishnan	f6df4cab67	Remove ADMIN_ORIGIN	2015-08-05 17:27:55 -07:00
Johannes Zellner	019d29c5b7	Use assert.strictEqual() to see the values	2015-08-05 17:49:19 +02:00
Johannes Zellner	0b4256a992	Unify feedback and ticket forms	2015-08-05 14:27:04 +02:00
Johannes Zellner	7d58d69389	Fix setup step on ng-enter	2015-08-04 22:17:58 +02:00
Johannes Zellner	864dd5bf26	New shrinkwrap for ldapjs without dtrace-provider We have to install ldapjs with --no-optional Fixes #460	2015-08-04 20:43:36 +02:00
Johannes Zellner	abdde7a950	Put the correct faq and docs links	2015-08-04 19:36:05 +02:00
Johannes Zellner	8bcbd860be	Add unit tests for feedback route and fix the route	2015-08-04 16:59:35 +02:00
Johannes Zellner	be61c42fe8	Send feedback and tickets to support@cloudron.io	2015-08-04 16:05:20 +02:00
Johannes Zellner	6d5afc2d75	Give support form headers more space	2015-08-04 16:04:44 +02:00
Johannes Zellner	88d905e8cc	Add support form feedback	2015-08-04 16:01:50 +02:00
Johannes Zellner	d8ccc766b9	Add text-bold class	2015-08-04 16:01:33 +02:00
Johannes Zellner	d22e0f0483	mailer functions only enqueue, respond immediately	2015-08-04 15:39:14 +02:00
Johannes Zellner	c8f6973312	Do not send adminEmail for feedback mails	2015-08-04 14:56:43 +02:00
Johannes Zellner	3f0f0048bc	add missing email format	2015-08-04 14:52:40 +02:00
Johannes Zellner	88643f0875	Add missing %>	2015-08-04 14:49:43 +02:00
Johannes Zellner	e11bb10bb8	The requested function is in mailer	2015-08-04 14:45:42 +02:00
Johannes Zellner	7b9930c7f0	Do the feedback and ticket form plumbing	2015-08-04 14:44:39 +02:00
Johannes Zellner	da48e32bcc	Add feedback route	2015-08-04 14:31:40 +02:00
Johannes Zellner	57e2803bd2	Add feedback email template	2015-08-04 14:31:33 +02:00
Johannes Zellner	0d1ba01d65	Add initial support view	2015-08-04 11:33:36 +02:00
Girish Ramakrishnan	95cbec19af	Copy the manifest because changes are made to it Because of that, manifest verification fails (isNew property appears in manfiest)	2015-08-03 21:31:15 -07:00
Girish Ramakrishnan	cc97654b23	Fix text	2015-08-02 19:02:45 -07:00
Girish Ramakrishnan	5bb983f175	Send docker log in crash email	2015-08-01 21:42:34 -07:00
Johannes Zellner	7cb6434de1	Move avatar name below the selected avatar preview	2015-07-30 16:38:10 +02:00