suppress reset-failed warning message

(cherry picked from commit f9f44b18ad)

CHANGES

@@ -2091,3 +2091,28 @@
 * Blocklists are now stored in a text file instead of json
 * regenerate nginx configs
 
+[5.6.2]
+* Update docker to 19.03.12
+* Fix sorting of user listing in the UI
+* namecheap: fix crash when server returns invalid response
+* unlink ghost file automatically on successful login
+* Bump mysql addon connection limit to 200
+* Fix install issue where `/dev/dri` may not be present
+* import: when importing filesystem backups, the input box is a path
+* firewall: fix race condition where blocklist was not added in correct position in the FORWARD chain
+* services: fix issue where services where scaled up/down too fast
+* turn: realm variable was not updated properly on dashboard change
+* nginx: add splash pages for IP based browser access
+* Give services panel a separate top-level view
+* Add app state filter
+* gcs: copy concurrency was not used
+* Mention why an app update cannot be applied and provide shortcut to start the app if stopped
+* Remove version from footer into the setting view
+* Give services panel a separate top-level view
+* postgresql: set collation order explicity when creating database to C.UTF-8 (for confluence)
+* rsync: fix error while goes missing when syncing
+* Pre-select app domain by default in the redirection drop down
+* robots: preseve leading and trailing whitespaces/newlines
+
+[6.0.0]
+* Focal support

README.md

@@ -48,6 +48,28 @@ the dashboard, database addons, graph container, base image etc. Cloudron also r
 on external services such as the App Store for apps to be installed. As such, don't
 clone this repo and npm install and expect something to work.
 
+## Development
+
+This is the backend code of Cloudron. The frontend code is [here](https://git.cloudron.io/cloudron/dashboard).
+
+The way to develop is to first install a full instance of Cloudron in a VM. Then you can use the [hotfix](https://git.cloudron.io/cloudron/cloudron-machine)
+tool to patch the VM with the latest code.
+
+```
+SSH_PASSPHRASE=sshkeypassword cloudron-machine hotfix --cloudron my.example.com --release 6.0.0 --ssh-key keyname
+```
+
+## License
+
+Please note that the Cloudron code is under a source-available license. This is not the same as an
+open source license but ensures the code is available for introspection (and hacking!).
+
+## Contributions
+
+Just to give some heads up, we are a bit restrictive in merging changes. We are a small team and
+would like to keep our maintenance burden low. It might be best to discuss features first in the [forum](https://forum.cloudron.io),
+to also figure out how many other people will use it to justify maintenance for a feature.
+
 ## Support
 
 * [Documentation](https://docs.cloudron.io/)

baseimage/initializeBaseUbuntuImage.sh

@@ -30,6 +30,7 @@ debconf-set-selections <<< 'mysql-server mysql-server/root_password_again passwo
 # this enables automatic security upgrades (https://help.ubuntu.com/community/AutomaticSecurityUpdates)
 # resolvconf is needed for unbound to work property after disabling systemd-resolved in 18.04
 gpg_package=$([[ "${ubuntu_version}" == "16.04" ]] && echo "gnupg" || echo "gpg")
+mysql_package=$([[ "${ubuntu_version}" == "20.04" ]] && echo "mysql-server-8.0" || echo "mysql-server-5.7")
 apt-get -y install \
     acl \
     build-essential \
@@ -44,7 +45,7 @@ apt-get -y install \
     libpython2.7 \
     linux-generic \
     logrotate \
-    mysql-server-5.7 \
+    $mysql_package \
     openssh-server \
     pwgen \
     resolvconf \
@@ -83,9 +84,9 @@ mkdir -p /etc/systemd/system/docker.service.d
 echo -e "[Service]\nExecStart=\nExecStart=/usr/bin/dockerd -H fd:// --log-driver=journald --exec-opt native.cgroupdriver=cgroupfs --storage-driver=overlay2" > /etc/systemd/system/docker.service.d/cloudron.conf
 
 # there are 3 packages for docker - containerd, CLI and the daemon
-curl -sL "https://download.docker.com/linux/ubuntu/dists/${ubuntu_codename}/pool/stable/amd64/containerd.io_1.2.2-3_amd64.deb" -o /tmp/containerd.deb
-curl -sL "https://download.docker.com/linux/ubuntu/dists/${ubuntu_codename}/pool/stable/amd64/docker-ce-cli_18.09.2~3-0~ubuntu-${ubuntu_codename}_amd64.deb" -o /tmp/docker-ce-cli.deb
-curl -sL "https://download.docker.com/linux/ubuntu/dists/${ubuntu_codename}/pool/stable/amd64/docker-ce_18.09.2~3-0~ubuntu-${ubuntu_codename}_amd64.deb" -o /tmp/docker.deb
+curl -sL "https://download.docker.com/linux/ubuntu/dists/${ubuntu_codename}/pool/stable/amd64/containerd.io_1.2.13-2_amd64.deb" -o /tmp/containerd.deb
+curl -sL "https://download.docker.com/linux/ubuntu/dists/${ubuntu_codename}/pool/stable/amd64/docker-ce-cli_19.03.12~3-0~ubuntu-${ubuntu_codename}_amd64.deb" -o /tmp/docker-ce-cli.deb
+curl -sL "https://download.docker.com/linux/ubuntu/dists/${ubuntu_codename}/pool/stable/amd64/docker-ce_19.03.12~3-0~ubuntu-${ubuntu_codename}_amd64.deb" -o /tmp/docker.deb
 # apt install with install deps (as opposed to dpkg -i)
 apt install -y /tmp/containerd.deb  /tmp/docker-ce-cli.deb /tmp/docker.deb
 rm /tmp/containerd.deb /tmp/docker-ce-cli.deb /tmp/docker.deb
@@ -122,6 +123,8 @@ if ! apt-get install -y libcurl3-gnutls collectd collectd-utils; then
     echo "Failed to install collectd. Presumably because of http://mailman.verplant.org/pipermail/collectd/2015-March/006491.html"
     sed -e 's/^FQDNLookup true/FQDNLookup false/' -i /etc/collectd/collectd.conf
 fi
+# https://bugs.launchpad.net/ubuntu/+source/collectd/+bug/1872281
+[[ "${ubuntu_version}" == "20.04" ]] && echo -e "\nLD_PRELOAD=/usr/lib/python3.8/config-3.8-x86_64-linux-gnu/libpython3.8.so" >> /etc/default/collectd
 
 echo "==> Configuring host"
 sed -e 's/^#NTP=/NTP=0.ubuntu.pool.ntp.org 1.ubuntu.pool.ntp.org 2.ubuntu.pool.ntp.org 3.ubuntu.pool.ntp.org/' -i /etc/systemd/timesyncd.conf

package-lock.json

@@ -5,9 +5,9 @@
   "requires": true,
   "dependencies": {
     "@google-cloud/common": {
-      "version": "2.3.0",
-      "resolved": "https://registry.npmjs.org/@google-cloud/common/-/common-2.3.0.tgz",
-      "integrity": "sha512-nmIyi3q/FL2j6ZJ61xK/863DoJEZayI2/W/iCgwrCYUYsem277XO45MBTAimjgiKBCA0c9InmQyfT48h/IK4jg==",
+      "version": "2.4.0",
+      "resolved": "https://registry.npmjs.org/@google-cloud/common/-/common-2.4.0.tgz",
+      "integrity": "sha512-zWFjBS35eI9leAHhjfeOYlK5Plcuj/77EzstnrJIZbKgF/nkqjcQuGiMCpzCwOfPyUbz8ZaEOYgbHa759AKbjg==",
       "requires": {
         "@google-cloud/projectify": "^1.0.0",
         "@google-cloud/promisify": "^1.0.0",
@@ -21,15 +21,15 @@
       }
     },
     "@google-cloud/dns": {
-      "version": "1.2.8",
-      "resolved": "https://registry.npmjs.org/@google-cloud/dns/-/dns-1.2.8.tgz",
-      "integrity": "sha512-4dDYUPJHjxYPtx6ioTht5DoHHZC3lM3cKUTxxMWCBcczHpGYxfSMhj5zfiWctULcBhorW5ufHz4+HZHNwspHvg==",
+      "version": "1.2.9",
+      "resolved": "https://registry.npmjs.org/@google-cloud/dns/-/dns-1.2.9.tgz",
+      "integrity": "sha512-5TLLs0d3pXetWD7H/DWnGA+rQwBmjXj+XOWDe79/cDo3IihEueBK5YrWXgfBRYgTT7vsQnDkP7pdfDkcI0Wnag==",
       "requires": {
         "@google-cloud/common": "^2.0.0",
         "@google-cloud/paginator": "^2.0.0",
         "@google-cloud/promisify": "^1.0.0",
         "arrify": "^2.0.0",
-        "dns-zonefile": "0.2.3",
+        "dns-zonefile": "0.2.6",
         "lodash.groupby": "^4.6.0",
         "string-format-obj": "^1.1.1"
       }
@@ -262,6 +262,11 @@
         "execa": "^2.0.1"
       }
     },
+    "@tootallnate/once": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/@tootallnate/once/-/once-1.1.2.tgz",
+      "integrity": "sha512-RbzJvlNzmRq5c3O09UipeuXno4tA1FE6ikOjxZK0tuxVv3412l64l5t1W5pj4+rJq9vpkm/kwiR07aZXnsKPxw=="
+    },
     "@types/caseless": {
       "version": "0.12.2",
       "resolved": "https://registry.npmjs.org/@types/caseless/-/caseless-0.12.2.tgz",
@@ -316,6 +321,11 @@
         "event-target-shim": "^5.0.0"
       }
     },
+    "abstract-logging": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/abstract-logging/-/abstract-logging-2.0.0.tgz",
+      "integrity": "sha512-/oA9z7JszpIioo6J6dB79LVUgJ3eD3cxkAmdCkvWWS+Y9tPtALs1rLqOekLUXUbYqM2fB9TTK0ibAyZJJOP/CA=="
+    },
     "accepts": {
       "version": "1.3.7",
       "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.7.tgz",
@@ -326,9 +336,12 @@
       }
     },
     "agent-base": {
-      "version": "5.1.1",
-      "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-5.1.1.tgz",
-      "integrity": "sha512-TMeqbNl2fMW0nMjTEPOwe3J/PRFP4vqeoNuQMG0HlMrtm5QxKqdvAkZ1pRBQ/ulIyDD5Yq0nJ7YbdD8ey0TO3g=="
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.1.tgz",
+      "integrity": "sha512-01q25QQDwLSsyfhrKbn8yuur+JNw0H+0Y4JiGIKd3z9aYk/w/2kxD/Upc+t2ZBBSUNff50VjPsSW2YxM8QYKVg==",
+      "requires": {
+        "debug": "4"
+      }
     },
     "ajv": {
       "version": "6.12.2",
@@ -445,11 +458,11 @@
       "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k="
     },
     "aws-sdk": {
-      "version": "2.685.0",
-      "resolved": "https://registry.npmjs.org/aws-sdk/-/aws-sdk-2.685.0.tgz",
-      "integrity": "sha512-mAOj7b4PuXRxIZkNdSkBWZ28lS2wYUY7O9u33nH9a7BawlttMNbxOgE/wDCPMrTLfj+RLQx0jvoIYj8BKCTRFw==",
+      "version": "2.759.0",
+      "resolved": "https://registry.npmjs.org/aws-sdk/-/aws-sdk-2.759.0.tgz",
+      "integrity": "sha512-XTmt6b8NfluqmixO18Bu9ZttZMW9rwEDVO+XITsIQ5dZvLectwrjlbEn2refudJI1Y2pxLguw+tABvXi1wtbbQ==",
       "requires": {
-        "buffer": "4.9.1",
+        "buffer": "4.9.2",
         "events": "1.1.1",
         "ieee754": "1.1.13",
         "jmespath": "0.15.0",
@@ -488,7 +501,7 @@
     },
     "backoff": {
       "version": "2.5.0",
-      "resolved": false,
+      "resolved": "https://registry.npmjs.org/backoff/-/backoff-2.5.0.tgz",
       "integrity": "sha1-9hbtqdPktmuMp/ynn2lXIsX44m8=",
       "requires": {
         "precond": "0.2"
@@ -601,9 +614,9 @@
       "dev": true
     },
     "buffer": {
-      "version": "4.9.1",
-      "resolved": "https://registry.npmjs.org/buffer/-/buffer-4.9.1.tgz",
-      "integrity": "sha1-bRu2AbB6TvztlwlBMgkwJ8lbwpg=",
+      "version": "4.9.2",
+      "resolved": "https://registry.npmjs.org/buffer/-/buffer-4.9.2.tgz",
+      "integrity": "sha512-xq+q3SRMOxGivLhBNaUdC64hDTQwejJ+H0T/NB1XMtTVEwNTrfFF3gAxiyW0Bu/xWEGhjVKgUcMhCrUy2+uCWg==",
       "requires": {
         "base64-js": "^1.0.2",
         "ieee754": "^1.1.4",
@@ -639,17 +652,6 @@
       "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.1.tgz",
       "integrity": "sha512-MQcXEUbCKtEo7bhqEs6560Hyd4XaovZlO/k9V3hjVUF/zwW7KBVdSK4gIt/bzwS9MbR5qob+F5jusZsb0YQK2A=="
     },
-    "bunyan": {
-      "version": "1.8.12",
-      "resolved": false,
-      "integrity": "sha1-8VDw9nSKvdcq6uhPBEA74u8RN5c=",
-      "requires": {
-        "dtrace-provider": "~0.8",
-        "moment": "^2.10.6",
-        "mv": "~2",
-        "safe-json-stringify": "~1"
-      }
-    },
     "bytes": {
       "version": "3.1.0",
       "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.0.tgz",
@@ -1013,9 +1015,9 @@
       }
     },
     "cross-spawn": {
-      "version": "7.0.1",
-      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.1.tgz",
-      "integrity": "sha512-u7v4o84SwFpD32Z8IIcPZ6z1/ie24O6RU3RbtL5Y316l3KuHVPx9ItBgWQ6VlfAFnRnTtMUrsQ9MUUTuEZjogg==",
+      "version": "7.0.3",
+      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz",
+      "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
       "requires": {
         "path-key": "^3.1.0",
         "shebang-command": "^2.0.0",
@@ -1216,22 +1218,22 @@
       }
     },
     "db-migrate-base": {
-      "version": "1.6.3",
-      "resolved": "https://registry.npmjs.org/db-migrate-base/-/db-migrate-base-1.6.3.tgz",
-      "integrity": "sha512-O6Kh72Yh0DfvRAKg9QKzu1KkMwI5iI0dFHO6RmDLvbiYvtRW3faFXJNFwJYeioVBx22QA3AkVFbDIcw4j4QxGw==",
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/db-migrate-base/-/db-migrate-base-2.3.0.tgz",
+      "integrity": "sha512-mxaCkSe7JC2uksvI/rKs+wOQGBSZ6B87xa4b3i+QhB+XRBpGdpMzldKE6INf+EnM6kwhbIPKjyJZgyxui9xBfQ==",
       "requires": {
         "bluebird": "^3.1.1"
       }
     },
     "db-migrate-mysql": {
-      "version": "1.1.10",
-      "resolved": "https://registry.npmjs.org/db-migrate-mysql/-/db-migrate-mysql-1.1.10.tgz",
-      "integrity": "sha1-TB1e8R9ZO1qPHxIkkIO+5xWnzKw=",
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/db-migrate-mysql/-/db-migrate-mysql-2.1.1.tgz",
+      "integrity": "sha512-dqyH+N8NyfDP1NSUHmkOuUDBhscTt3obubJ3VKz4BRyKtB/NOdx/hKxREV/rpytFGZbI2LT+ELeINSXU8N5IKQ==",
       "requires": {
         "bluebird": "^3.2.1",
-        "db-migrate-base": "^1.2.5",
+        "db-migrate-base": "^2.1.1",
         "moment": "^2.11.2",
-        "mysql": "^2.10.2"
+        "mysql": "^2.17.1"
       }
     },
     "db-migrate-shared": {
@@ -1240,11 +1242,11 @@
       "integrity": "sha512-65k86bVeHaMxb2L0Gw3y5V+CgZSRwhVQMwDMydmw5MvIpHHwD6SmBciqIwHsZfzJ9yzV/yYhdRefRM6FV5/siw=="
     },
     "debug": {
-      "version": "4.1.1",
-      "resolved": "https://registry.npmjs.org/debug/-/debug-4.1.1.tgz",
-      "integrity": "sha512-pYAIzeRo8J6KPEaJ0VWOh5Pzkbw/RetuzehGM7QRRX5he4fPHx2rdKMB256ehJCkX+XRQm16eZLqLNS8RSZXZw==",
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-4.2.0.tgz",
+      "integrity": "sha512-IX2ncY78vDTjZMFUdmsvIRFY2Cf4FnD0wRs+nQwJU8Lu99/tPFdb0VybiiMTPe3I6rQmwsqQqRBvxU+bZ/I8sg==",
       "requires": {
-        "ms": "^2.1.1"
+        "ms": "2.1.2"
       }
     },
     "decamelize": {
@@ -1313,9 +1315,9 @@
       "integrity": "sha1-082BIh4+pAdCz83lVtTpnpjdxxs="
     },
     "dns-zonefile": {
-      "version": "0.2.3",
-      "resolved": "https://registry.npmjs.org/dns-zonefile/-/dns-zonefile-0.2.3.tgz",
-      "integrity": "sha512-ijQM13UI3a1uFvN4IB0LNesgBdYhzJugSzpiEzfeIgZmPNvkTkO/U7Z5sjwxBGuhCc3vCClOhA762bGQchmr1Q=="
+      "version": "0.2.6",
+      "resolved": "https://registry.npmjs.org/dns-zonefile/-/dns-zonefile-0.2.6.tgz",
+      "integrity": "sha512-8hkrtLbVNqCgnRQv8jjit8MnGzqYBouxoP/WMAObbN0aPr43hy/Ml+VxMXKC75lRz2DEwUFN2SNpVnrrQWobew=="
     },
     "docker-modem": {
       "version": "1.0.9",
@@ -1429,15 +1431,6 @@
       "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-5.0.1.tgz",
       "integrity": "sha512-4As8uPrjfwb7VXC+WnLCbXK7y+Ueb2B3zgNCePYfhxS1PYeaO1YTeplffTEcbfLhvFNGLAz90VvJs9yomG7bow=="
     },
-    "dtrace-provider": {
-      "version": "0.8.8",
-      "resolved": "https://registry.npmjs.org/dtrace-provider/-/dtrace-provider-0.8.8.tgz",
-      "integrity": "sha512-b7Z7cNtHPhH9EJhNNbbeqTcXB8LGFFZhq1PGgEvpeHlzd36bhbdTWoE/Ba/YguqpBSlAPKnARWhVlhunCMwfxg==",
-      "optional": true,
-      "requires": {
-        "nan": "^2.14.0"
-      }
-    },
     "duplexify": {
       "version": "3.7.1",
       "resolved": "https://registry.npmjs.org/duplexify/-/duplexify-3.7.1.tgz",
@@ -1477,9 +1470,9 @@
       "integrity": "sha512-7vmuyh5+kuUyJKePhQfRQBhXV5Ce+RnaeeQArKu1EAMpL3WbgMt5WG6uQZpEVvYSSsxMXRKOewtDk9RaTKXRlA=="
     },
     "ejs-cli": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmjs.org/ejs-cli/-/ejs-cli-2.2.0.tgz",
-      "integrity": "sha512-siC0o+kz6zM5CUNbm08FLj6LeyVoIOAccc1Ze3uOBAYpK7leP5WJpJPLCMBVtivSkH5BZaqPU8XpgP0ffjVteA==",
+      "version": "2.2.1",
+      "resolved": "https://registry.npmjs.org/ejs-cli/-/ejs-cli-2.2.1.tgz",
+      "integrity": "sha512-rLCGrRtTRKVJgZpv5HrVXnhJdi8EJSslQki/0WZqSC52m1njdcQCvsm5fiP/IKErPB1j8Sf9FzFm6hIwdpC4Tw==",
       "requires": {
         "async": "^3.2.0",
         "colors": "^1.4.0",
@@ -1729,14 +1722,6 @@
       "resolved": "https://registry.npmjs.org/fast-text-encoding/-/fast-text-encoding-1.0.0.tgz",
       "integrity": "sha512-R9bHCvweUxxwkDwhjav5vxpFvdPGlVngtqmx4pIZfSUhM/Q4NiIUHB456BAf+Q1Nwu3HEZYONtu+Rya+af4jiQ=="
     },
-    "fd-slicer": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/fd-slicer/-/fd-slicer-1.1.0.tgz",
-      "integrity": "sha1-JcfInLH5B3+IkbvmHY85Dq4lbx4=",
-      "requires": {
-        "pend": "~1.2.0"
-      }
-    },
     "final-fs": {
       "version": "1.6.1",
       "resolved": "https://registry.npmjs.org/final-fs/-/final-fs-1.6.1.tgz",
@@ -1827,6 +1812,38 @@
       "resolved": "https://registry.npmjs.org/fs-constants/-/fs-constants-1.0.0.tgz",
       "integrity": "sha512-y6OAwoSIf7FyjMIv94u+b5rdheZEjzR63GTyZJm5qh4Bi+2YgwLCcI/fPFZkL5PSixOt6ZNKm+w+Hfp/Bciwow=="
     },
+    "fs-extra": {
+      "version": "0.6.4",
+      "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-0.6.4.tgz",
+      "integrity": "sha1-9G8MdbeEH40gCzNIzU1pHVoJnRU=",
+      "dev": true,
+      "requires": {
+        "jsonfile": "~1.0.1",
+        "mkdirp": "0.3.x",
+        "ncp": "~0.4.2",
+        "rimraf": "~2.2.0"
+      },
+      "dependencies": {
+        "mkdirp": {
+          "version": "0.3.5",
+          "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.3.5.tgz",
+          "integrity": "sha1-3j5fiWHIjHh+4TaN+EmsRBPsqNc=",
+          "dev": true
+        },
+        "ncp": {
+          "version": "0.4.2",
+          "resolved": "https://registry.npmjs.org/ncp/-/ncp-0.4.2.tgz",
+          "integrity": "sha1-q8xsvT7C7Spyn/bnwfqPAXhKhXQ=",
+          "dev": true
+        },
+        "rimraf": {
+          "version": "2.2.8",
+          "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.2.8.tgz",
+          "integrity": "sha1-5Dm+Kq7jJzIZUnMPmaiSnk/FBYI=",
+          "dev": true
+        }
+      }
+    },
     "fs.realpath": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
@@ -1904,13 +1921,13 @@
       }
     },
     "gaxios": {
-      "version": "2.3.0",
-      "resolved": "https://registry.npmjs.org/gaxios/-/gaxios-2.3.0.tgz",
-      "integrity": "sha512-VgC4JKJQAAAGK5rFZbPcS5mXsdIYVMIUJOxMjSOkYdfhB74R0L6y8PFQDdS0r1ObG6hdP11e71EjHh3xbI+6fQ==",
+      "version": "2.3.4",
+      "resolved": "https://registry.npmjs.org/gaxios/-/gaxios-2.3.4.tgz",
+      "integrity": "sha512-US8UMj8C5pRnao3Zykc4AAVr+cffoNKRTg9Rsf2GiuZCW69vgJj38VK2PzlPuQU73FZ/nTk9/Av6/JGcE1N9vA==",
       "requires": {
         "abort-controller": "^3.0.0",
         "extend": "^3.0.2",
-        "https-proxy-agent": "^4.0.0",
+        "https-proxy-agent": "^5.0.0",
         "is-stream": "^2.0.0",
         "node-fetch": "^2.3.0"
       }
@@ -1925,9 +1942,9 @@
       }
     },
     "gcp-metadata": {
-      "version": "3.3.1",
-      "resolved": "https://registry.npmjs.org/gcp-metadata/-/gcp-metadata-3.3.1.tgz",
-      "integrity": "sha512-RrASg1HaVAxoB9Q/8sYfJ++v9PMiiqIgOrOxZeagMgS4osZtICT1lKBx2uvzYgwetxj8i6K99Z0iuKMg7WraTg==",
+      "version": "3.5.0",
+      "resolved": "https://registry.npmjs.org/gcp-metadata/-/gcp-metadata-3.5.0.tgz",
+      "integrity": "sha512-ZQf+DLZ5aKcRpLzYUyBS3yo3N0JSa82lNDO8rj3nMSlovLcz2riKFBsYgDzeXcv75oo5eqB2lx+B14UvPoCRnA==",
       "requires": {
         "gaxios": "^2.1.0",
         "json-bigint": "^0.3.0"
@@ -2095,9 +2112,9 @@
       "dev": true
     },
     "get-stream": {
-      "version": "5.1.0",
-      "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-5.1.0.tgz",
-      "integrity": "sha512-EXr1FOzrzTfGeL0gQdeFEvOMm2mzMOglyiOXSTpPC+iAjAKftbr3jpCMWynogwYnM+eSj9sHGc6wjIcDvYiygw==",
+      "version": "5.2.0",
+      "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-5.2.0.tgz",
+      "integrity": "sha512-nBF+F1rAZVCu/p7rjzgA+Yb4lfYXrpl7a6VmJrU8wF9I1CKvP/QwPNZHnOlwbTkY6dvtFIzFMSyQXbLoTQPRpA==",
       "requires": {
         "pump": "^3.0.0"
       },
@@ -2146,15 +2163,16 @@
       }
     },
     "google-auth-library": {
-      "version": "5.9.2",
-      "resolved": "https://registry.npmjs.org/google-auth-library/-/google-auth-library-5.9.2.tgz",
-      "integrity": "sha512-rBE1YTOZ3/Hu6Mojkr+UUmbdc/F28hyMGYEGxjyfVA9ZFmq12oqS3AeftX4h9XpdVIcxPooSo8hECYGT6B9XqQ==",
+      "version": "5.10.1",
+      "resolved": "https://registry.npmjs.org/google-auth-library/-/google-auth-library-5.10.1.tgz",
+      "integrity": "sha512-rOlaok5vlpV9rSiUu5EpR0vVpc+PhN62oF4RyX/6++DG1VsaulAFEMlDYBLjJDDPI6OcNOCGAKy9UVB/3NIDXg==",
       "requires": {
         "arrify": "^2.0.0",
         "base64-js": "^1.3.0",
+        "ecdsa-sig-formatter": "^1.0.11",
         "fast-text-encoding": "^1.0.0",
         "gaxios": "^2.1.0",
-        "gcp-metadata": "^3.3.0",
+        "gcp-metadata": "^3.4.0",
         "gtoken": "^4.1.0",
         "jws": "^4.0.0",
         "lru-cache": "^5.0.0"
@@ -2317,22 +2335,13 @@
       }
     },
     "http-proxy-agent": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-4.0.0.tgz",
-      "integrity": "sha512-GX0FA6+IcDf4Oxc/FBWgYj4zKgo/DnZrksaG9jyuQLExs6xlX+uI5lcA8ymM3JaZTRrF/4s2UX19wJolyo7OBA==",
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-4.0.1.tgz",
+      "integrity": "sha512-k0zdNgqWTGA6aeIRVpvfVob4fL52dTfaehylg0Y4UvSySvOq/Y+BOyPrgpUrA7HylqvU8vIZGsRuXmspskV0Tg==",
       "requires": {
+        "@tootallnate/once": "1",
         "agent-base": "6",
         "debug": "4"
-      },
-      "dependencies": {
-        "agent-base": {
-          "version": "6.0.0",
-          "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.0.tgz",
-          "integrity": "sha512-j1Q7cSCqN+AwrmDd+pzgqc0/NpC655x2bUf5ZjRIO77DcNBFmh+OgRNzF6OKdCC9RSCb19fGd99+bhXFdkRNqw==",
-          "requires": {
-            "debug": "4"
-          }
-        }
       }
     },
     "http-signature": {
@@ -2367,11 +2376,11 @@
       "integrity": "sha1-QzX/2CzZaWaKOUZckprGHWOTYn8="
     },
     "https-proxy-agent": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-4.0.0.tgz",
-      "integrity": "sha512-zoDhWrkR3of1l9QAL8/scJZyLu8j/gBkcwcaQOZh7Gyh/+uJQzGVETdgT30akuwkpL8HTRfssqI3BZuV18teDg==",
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.0.tgz",
+      "integrity": "sha512-EkYm5BcKUGiduxzSt3Eppko+PiNWNEpa4ySk9vTC6wDsQJW9rHSa+UhGNJoRYp7bz6Ht1eaRIa6QaJqO5rCFbA==",
       "requires": {
-        "agent-base": "5",
+        "agent-base": "6",
         "debug": "4"
       }
     },
@@ -2609,6 +2618,12 @@
       "resolved": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz",
       "integrity": "sha1-Epai1Y/UXxmg9s4B1lcB4sc1tus="
     },
+    "jsonfile": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-1.0.1.tgz",
+      "integrity": "sha1-6l7+QLg2kLmGZ2FKc5L8YOhCwN0=",
+      "dev": true
+    },
     "jsonparse": {
       "version": "1.3.1",
       "resolved": "https://registry.npmjs.org/jsonparse/-/jsonparse-1.3.1.tgz",
@@ -2660,42 +2675,26 @@
       }
     },
     "ldap-filter": {
-      "version": "0.2.2",
-      "resolved": false,
-      "integrity": "sha1-8rhCvguG2jNSeYUFsx68rlkNd9A=",
+      "version": "0.3.3",
+      "resolved": "https://registry.npmjs.org/ldap-filter/-/ldap-filter-0.3.3.tgz",
+      "integrity": "sha1-KxTGiiqdQQTb28kQocqF/Riel5c=",
       "requires": {
-        "assert-plus": "0.1.5"
-      },
-      "dependencies": {
-        "assert-plus": {
-          "version": "0.1.5",
-          "resolved": false,
-          "integrity": "sha1-7nQAlBMALYTOxyGcasgRgS5yMWA="
-        }
+        "assert-plus": "^1.0.0"
       }
     },
     "ldapjs": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/ldapjs/-/ldapjs-1.0.2.tgz",
-      "integrity": "sha1-VE/3Ayt7g8aPBwEyjZKXqmlDQPk=",
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/ldapjs/-/ldapjs-2.2.0.tgz",
+      "integrity": "sha512-9+ekbj97nxRYQMRgEm/HYFhFLWSRKah2PnReUfhfM5f62XBeUSFolB+AQ2Jij5tqowpksTnrdNCZLP6C+V3uag==",
       "requires": {
-        "asn1": "0.2.3",
+        "abstract-logging": "^2.0.0",
+        "asn1": "^0.2.4",
         "assert-plus": "^1.0.0",
         "backoff": "^2.5.0",
-        "bunyan": "^1.8.3",
-        "dashdash": "^1.14.0",
-        "dtrace-provider": "~0.8",
-        "ldap-filter": "0.2.2",
+        "ldap-filter": "^0.3.3",
         "once": "^1.4.0",
-        "vasync": "^1.6.4",
+        "vasync": "^2.2.0",
         "verror": "^1.8.1"
-      },
-      "dependencies": {
-        "asn1": {
-          "version": "0.2.3",
-          "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.3.tgz",
-          "integrity": "sha1-2sh4dxPJlmhJ/IGAd36+nB3fO4Y="
-        }
       }
     },
     "load-json-file": {
@@ -2729,9 +2728,9 @@
       }
     },
     "lodash": {
-      "version": "4.17.15",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz",
-      "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A=="
+      "version": "4.17.20",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz",
+      "integrity": "sha512-PlhdFcillOINfeV7Ni6oF1TAEayyZBoZ8bcshTHqOYJYlrqzRK5hagpagky5o4HfCzzd1TRkXPMFq6cKk9rGmA=="
     },
     "lodash.chunk": {
       "version": "4.2.0",
@@ -2887,9 +2886,9 @@
       }
     },
     "mocha": {
-      "version": "6.2.2",
-      "resolved": "https://registry.npmjs.org/mocha/-/mocha-6.2.2.tgz",
-      "integrity": "sha512-FgDS9Re79yU1xz5d+C4rv1G7QagNGHZ+iXF81hO8zY35YZZcLEsJVfFolfsqKFWunATEvNzMK0r/CwWd/szO9A==",
+      "version": "6.2.3",
+      "resolved": "https://registry.npmjs.org/mocha/-/mocha-6.2.3.tgz",
+      "integrity": "sha512-0R/3FvjIGH3eEuG17ccFPk117XL2rWxatr81a57D+r/x2uTYZRbdZ4oVidEUMh2W2TJDa7MdAb12Lm2/qrKajg==",
       "dev": true,
       "requires": {
         "ansi-colors": "3.2.3",
@@ -2904,7 +2903,7 @@
         "js-yaml": "3.13.1",
         "log-symbols": "2.2.0",
         "minimatch": "3.0.4",
-        "mkdirp": "0.5.1",
+        "mkdirp": "0.5.4",
         "ms": "2.1.1",
         "node-environment-flags": "1.0.5",
         "object.assign": "4.1.0",
@@ -2912,8 +2911,8 @@
         "supports-color": "6.0.0",
         "which": "1.3.1",
         "wide-align": "1.1.3",
-        "yargs": "13.3.0",
-        "yargs-parser": "13.1.1",
+        "yargs": "13.3.2",
+        "yargs-parser": "13.1.2",
         "yargs-unparser": "1.6.0"
       },
       "dependencies": {
@@ -2950,6 +2949,21 @@
             "esprima": "^4.0.0"
           }
         },
+        "minimist": {
+          "version": "1.2.5",
+          "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz",
+          "integrity": "sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==",
+          "dev": true
+        },
+        "mkdirp": {
+          "version": "0.5.4",
+          "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.4.tgz",
+          "integrity": "sha512-iG9AK/dJLtJ0XNgTuDbSyNS3zECqDlAhnQW4CsNxBG3LQJBbHmRX1egw39DmtOdCAqY+dKXV+sgPgilNWUKMVw==",
+          "dev": true,
+          "requires": {
+            "minimist": "^1.2.5"
+          }
+        },
         "ms": {
           "version": "2.1.1",
           "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.1.tgz",
@@ -2964,6 +2978,34 @@
           "requires": {
             "isexe": "^2.0.0"
           }
+        },
+        "yargs": {
+          "version": "13.3.2",
+          "resolved": "https://registry.npmjs.org/yargs/-/yargs-13.3.2.tgz",
+          "integrity": "sha512-AX3Zw5iPruN5ie6xGRIDgqkT+ZhnRlZMLMHAs8tg7nRruy2Nb+i5o9bwghAogtM08q1dpr2LVoS8KSTMYpWXUw==",
+          "dev": true,
+          "requires": {
+            "cliui": "^5.0.0",
+            "find-up": "^3.0.0",
+            "get-caller-file": "^2.0.1",
+            "require-directory": "^2.1.1",
+            "require-main-filename": "^2.0.0",
+            "set-blocking": "^2.0.0",
+            "string-width": "^3.0.0",
+            "which-module": "^2.0.0",
+            "y18n": "^4.0.0",
+            "yargs-parser": "^13.1.2"
+          }
+        },
+        "yargs-parser": {
+          "version": "13.1.2",
+          "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-13.1.2.tgz",
+          "integrity": "sha512-3lbsNRf/j+A4QuSZfDRA7HRSfWrzO0YjqTJd5kjAq37Zep1CEgaYmrH9Q3GwPiB9cHyd1Y1UwggGhJGoxipbzg==",
+          "dev": true,
+          "requires": {
+            "camelcase": "^5.0.0",
+            "decamelize": "^1.2.0"
+          }
         }
       }
     },
@@ -2976,42 +3018,6 @@
         "underscore": "1.8.3"
       },
       "dependencies": {
-        "fs-extra": {
-          "version": "0.6.4",
-          "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-0.6.4.tgz",
-          "integrity": "sha1-9G8MdbeEH40gCzNIzU1pHVoJnRU=",
-          "dev": true,
-          "requires": {
-            "jsonfile": "~1.0.1",
-            "mkdirp": "0.3.x",
-            "ncp": "~0.4.2",
-            "rimraf": "~2.2.0"
-          }
-        },
-        "jsonfile": {
-          "version": "1.0.1",
-          "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-1.0.1.tgz",
-          "integrity": "sha1-6l7+QLg2kLmGZ2FKc5L8YOhCwN0=",
-          "dev": true
-        },
-        "mkdirp": {
-          "version": "0.3.5",
-          "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.3.5.tgz",
-          "integrity": "sha1-3j5fiWHIjHh+4TaN+EmsRBPsqNc=",
-          "dev": true
-        },
-        "ncp": {
-          "version": "0.4.2",
-          "resolved": "https://registry.npmjs.org/ncp/-/ncp-0.4.2.tgz",
-          "integrity": "sha1-q8xsvT7C7Spyn/bnwfqPAXhKhXQ=",
-          "dev": true
-        },
-        "rimraf": {
-          "version": "2.2.8",
-          "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.2.8.tgz",
-          "integrity": "sha1-5Dm+Kq7jJzIZUnMPmaiSnk/FBYI=",
-          "dev": true
-        },
         "underscore": {
           "version": "1.8.3",
           "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.8.3.tgz",
@@ -3021,9 +3027,9 @@
       }
     },
     "moment": {
-      "version": "2.26.0",
-      "resolved": "https://registry.npmjs.org/moment/-/moment-2.26.0.tgz",
-      "integrity": "sha512-oIixUO+OamkUkwjhAVE18rAMfRJNsNe/Stid/gwHSOfHrOtw9EhAY2AHvdKZ/k/MggcYELFCJz/Sn2pL8b8JMw=="
+      "version": "2.29.0",
+      "resolved": "https://registry.npmjs.org/moment/-/moment-2.29.0.tgz",
+      "integrity": "sha512-z6IJ5HXYiuxvFTI6eiQ9dm77uE0gyy1yXNApVHqTcnIKfY9tIwEjlzsZ6u1LQXvVgKeTnv9Xm7NDvJ7lso3MtA=="
     },
     "moment-timezone": {
       "version": "0.5.31",
@@ -3076,14 +3082,37 @@
       "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w=="
     },
     "multiparty": {
-      "version": "4.2.1",
-      "resolved": "https://registry.npmjs.org/multiparty/-/multiparty-4.2.1.tgz",
-      "integrity": "sha512-AvESCnNoQlZiOfP9R4mxN8M9csy2L16EIbWIkt3l4FuGti9kXBS8QVzlfyg4HEnarJhrzZilgNFlZtqmoiAIIA==",
+      "version": "4.2.2",
+      "resolved": "https://registry.npmjs.org/multiparty/-/multiparty-4.2.2.tgz",
+      "integrity": "sha512-NtZLjlvsjcoGrzojtwQwn/Tm90aWJ6XXtPppYF4WmOk/6ncdwMMKggFY2NlRRN9yiCEIVxpOfPWahVEG2HAG8Q==",
       "requires": {
-        "fd-slicer": "1.1.0",
-        "http-errors": "~1.7.0",
-        "safe-buffer": "5.1.2",
+        "http-errors": "~1.8.0",
+        "safe-buffer": "5.2.1",
         "uid-safe": "2.1.5"
+      },
+      "dependencies": {
+        "http-errors": {
+          "version": "1.8.0",
+          "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.8.0.tgz",
+          "integrity": "sha512-4I8r0C5JDhT5VkvI47QktDW75rNlGVsUf/8hzjCC/wkWI/jdTRmBb9aI7erSG82r1bjKY3F6k28WnsVxB1C73A==",
+          "requires": {
+            "depd": "~1.1.2",
+            "inherits": "2.0.4",
+            "setprototypeof": "1.2.0",
+            "statuses": ">= 1.5.0 < 2",
+            "toidentifier": "1.0.0"
+          }
+        },
+        "safe-buffer": {
+          "version": "5.2.1",
+          "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
+          "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ=="
+        },
+        "setprototypeof": {
+          "version": "1.2.0",
+          "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz",
+          "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw=="
+        }
       }
     },
     "mute-stream": {
@@ -3091,47 +3120,6 @@
       "resolved": "https://registry.npmjs.org/mute-stream/-/mute-stream-0.0.8.tgz",
       "integrity": "sha512-nnbWWOkoWyUsTjKrhgD0dcz22mdkSnpYqbEjIm2nhwhuxlSkpywJmBo8h0ZqJdkp73mb90SssHkN4rsRaBAfAA=="
     },
-    "mv": {
-      "version": "2.1.1",
-      "resolved": false,
-      "integrity": "sha1-rmzg1vbV4KT32JN5jQPB6pVZtqI=",
-      "optional": true,
-      "requires": {
-        "mkdirp": "~0.5.1",
-        "ncp": "~2.0.0",
-        "rimraf": "~2.4.0"
-      },
-      "dependencies": {
-        "glob": {
-          "version": "6.0.4",
-          "resolved": false,
-          "integrity": "sha1-DwiGD2oVUSey+t1PnOJLGqtuTSI=",
-          "optional": true,
-          "requires": {
-            "inflight": "^1.0.4",
-            "inherits": "2",
-            "minimatch": "2 || 3",
-            "once": "^1.3.0",
-            "path-is-absolute": "^1.0.0"
-          }
-        },
-        "ncp": {
-          "version": "2.0.0",
-          "resolved": false,
-          "integrity": "sha1-GVoh1sRuNh0vsSgbo4uR6d9727M=",
-          "optional": true
-        },
-        "rimraf": {
-          "version": "2.4.5",
-          "resolved": false,
-          "integrity": "sha1-7nEM5dk6j9uFb7Xqj/Di11k0sto=",
-          "optional": true,
-          "requires": {
-            "glob": "^6.0.1"
-          }
-        }
-      }
-    },
     "mysql": {
       "version": "2.18.1",
       "resolved": "https://registry.npmjs.org/mysql/-/mysql-2.18.1.tgz",
@@ -3153,7 +3141,8 @@
     "nan": {
       "version": "2.14.0",
       "resolved": "https://registry.npmjs.org/nan/-/nan-2.14.0.tgz",
-      "integrity": "sha512-INOFj37C7k3AfaNTtX8RhsTw7qRy7eLET14cROi9+5HAVbbHuIWUHEauBv5qT4Av2tWasiTY1Jw6puUNqRJXQg=="
+      "integrity": "sha512-INOFj37C7k3AfaNTtX8RhsTw7qRy7eLET14cROi9+5HAVbbHuIWUHEauBv5qT4Av2tWasiTY1Jw6puUNqRJXQg==",
+      "dev": true
     },
     "ncp": {
       "version": "1.0.1",
@@ -3228,9 +3217,9 @@
       "integrity": "sha512-8dG4H5ujfvFiqDmVu9fQ5bOHUC15JMjMY/Zumv26oOvvVJjM67KF8koCWIabKQ1GJIa9r2mMZscBq/TbdOcmNA=="
     },
     "node-forge": {
-      "version": "0.9.1",
-      "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-0.9.1.tgz",
-      "integrity": "sha512-G6RlQt5Sb4GMBzXvhfkeFmbqR6MzhtnT7VTHuLadjkii3rdYHNdw0m8zA4BTxVIh68FicCQ2NSUANpsqkr9jvQ=="
+      "version": "0.9.2",
+      "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-0.9.2.tgz",
+      "integrity": "sha512-naKSScof4Wn+aoHU6HBsifh92Zeicm1GDQKd1vp3Y/kOi8ub0DozCa9KpvYNCXslFHYRmLNiqRopGdTGwNLpNw=="
     },
     "node-fs": {
       "version": "0.1.7",
@@ -3377,9 +3366,9 @@
       }
     },
     "nodemailer": {
-      "version": "6.4.6",
-      "resolved": "https://registry.npmjs.org/nodemailer/-/nodemailer-6.4.6.tgz",
-      "integrity": "sha512-/kJ+FYVEm2HuUlw87hjSqTss+GU35D4giOpdSfGp7DO+5h6RlJj7R94YaYHOkoxu1CSaM0d3WRBtCzwXrY6MKA=="
+      "version": "6.4.11",
+      "resolved": "https://registry.npmjs.org/nodemailer/-/nodemailer-6.4.11.tgz",
+      "integrity": "sha512-BVZBDi+aJV4O38rxsUh164Dk1NCqgh6Cm0rQSb9SK/DHGll/DrCMnycVDD7msJgZCnmVa8ASo8EZzR7jsgTukQ=="
     },
     "nodemailer-fetch": {
       "version": "1.6.0",
@@ -3673,11 +3662,6 @@
       "integrity": "sha1-uULm1L3mUwBe9rcTYd74cn0GReA=",
       "dev": true
     },
-    "pend": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz",
-      "integrity": "sha1-elfrVQpng/kRUzH89GY9XI4AelA="
-    },
     "performance-now": {
       "version": "2.1.0",
       "resolved": "https://registry.npmjs.org/performance-now/-/performance-now-2.1.0.tgz",
@@ -3720,13 +3704,13 @@
     },
     "precond": {
       "version": "0.2.3",
-      "resolved": false,
+      "resolved": "https://registry.npmjs.org/precond/-/precond-0.2.3.tgz",
       "integrity": "sha1-qpWRvKokkj8eD0hJ0kD0fvwQdaw="
     },
     "pretty-bytes": {
-      "version": "5.3.0",
-      "resolved": "https://registry.npmjs.org/pretty-bytes/-/pretty-bytes-5.3.0.tgz",
-      "integrity": "sha512-hjGrh+P926p4R4WbaB6OckyRtO0F0/lQBiT+0gnxjV+5kjPBrfVBFCsCLbMqVQeydvIoouYTCmmEURiH3R1Bdg=="
+      "version": "5.4.1",
+      "resolved": "https://registry.npmjs.org/pretty-bytes/-/pretty-bytes-5.4.1.tgz",
+      "integrity": "sha512-s1Iam6Gwz3JI5Hweaz4GoCD1WUNUIyzePFy5+Js2hjwGVt2Z79wNN+ZKOZ2vB6C+Xs6njyB84Z1IthQg8d9LxA=="
     },
     "process-nextick-args": {
       "version": "2.0.1",
@@ -4111,12 +4095,6 @@
       "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
       "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
     },
-    "safe-json-stringify": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/safe-json-stringify/-/safe-json-stringify-1.2.0.tgz",
-      "integrity": "sha512-gH8eh2nZudPQO6TytOvbxnuhYBOvDBBLW52tz5q6X58lJcd/tkmqFR+5Z9adS8aJtURSXWThWy/xJtJwixErvg==",
-      "optional": true
-    },
     "safer-buffer": {
       "version": "2.1.2",
       "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
@@ -4574,21 +4552,21 @@
       "integrity": "sha1-6NK6H6nJBXAwPAMLaQD31fiavls="
     },
     "superagent": {
-      "version": "5.2.2",
-      "resolved": "https://registry.npmjs.org/superagent/-/superagent-5.2.2.tgz",
-      "integrity": "sha512-pMWBUnIllK4ZTw7p/UaobiQPwAO5w/1NRRTDpV0FTVNmECztsxKspj3ZWEordVEaqpZtmOQJJna4yTLyC/q7PQ==",
+      "version": "5.3.1",
+      "resolved": "https://registry.npmjs.org/superagent/-/superagent-5.3.1.tgz",
+      "integrity": "sha512-wjJ/MoTid2/RuGCOFtlacyGNxN9QLMgcpYLDQlWFIhhdJ93kNscFonGvrpAHSCVjRVj++DGCglocF7Aej1KHvQ==",
       "requires": {
         "component-emitter": "^1.3.0",
         "cookiejar": "^2.1.2",
         "debug": "^4.1.1",
         "fast-safe-stringify": "^2.0.7",
         "form-data": "^3.0.0",
-        "formidable": "^1.2.1",
+        "formidable": "^1.2.2",
         "methods": "^1.1.2",
-        "mime": "^2.4.4",
-        "qs": "^6.9.1",
-        "readable-stream": "^3.4.0",
-        "semver": "^6.3.0"
+        "mime": "^2.4.6",
+        "qs": "^6.9.4",
+        "readable-stream": "^3.6.0",
+        "semver": "^7.3.2"
       },
       "dependencies": {
         "form-data": {
@@ -4615,6 +4593,11 @@
             "string_decoder": "^1.1.1",
             "util-deprecate": "^1.0.1"
           }
+        },
+        "semver": {
+          "version": "7.3.2",
+          "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.2.tgz",
+          "integrity": "sha512-OrOb32TeeambH6UrhtShmF7CRDqhL6/5XpPNp2DuRH6+9QLw/orhp72j87v8Qa1ScDkvrrBNpZcDejAirJmfXQ=="
         }
       }
     },
@@ -4690,11 +4673,11 @@
       }
     },
     "tar-stream": {
-      "version": "2.1.2",
-      "resolved": "https://registry.npmjs.org/tar-stream/-/tar-stream-2.1.2.tgz",
-      "integrity": "sha512-UaF6FoJ32WqALZGOIAApXx+OdxhekNMChu6axLJR85zMMjXKWFGjbIRe+J6P4UnRGg9rAwWvbTT0oI7hD/Un7Q==",
+      "version": "2.1.4",
+      "resolved": "https://registry.npmjs.org/tar-stream/-/tar-stream-2.1.4.tgz",
+      "integrity": "sha512-o3pS2zlG4gxr67GmFYBLlq+dM8gyRGUOvsrHclSkvtVtQbjV0s/+ZE8OpICbaj8clrX3tjeHngYGP7rweaBnuw==",
       "requires": {
-        "bl": "^4.0.1",
+        "bl": "^4.0.3",
         "end-of-stream": "^1.4.1",
         "fs-constants": "^1.0.0",
         "inherits": "^2.0.3",
@@ -4702,9 +4685,9 @@
       },
       "dependencies": {
         "bl": {
-          "version": "4.0.2",
-          "resolved": "https://registry.npmjs.org/bl/-/bl-4.0.2.tgz",
-          "integrity": "sha512-j4OH8f6Qg2bGuWfRiltT2HYGx0e1QcBTrK9KAHNMwMZdQnDZFk0ZSYIpADjYCB3U12nicC5tVJwSIhwOWjb4RQ==",
+          "version": "4.0.3",
+          "resolved": "https://registry.npmjs.org/bl/-/bl-4.0.3.tgz",
+          "integrity": "sha512-fs4G6/Hu4/EE+F75J8DuN/0IpQqNjAdC7aEQv7Qt8MHGUH7Ckv2MwTEEeN9QehD0pfIDkMI1bkHYkKy7xHyKIg==",
           "requires": {
             "buffer": "^5.5.0",
             "inherits": "^2.0.4",
@@ -4733,15 +4716,22 @@
       }
     },
     "teeny-request": {
-      "version": "6.0.1",
-      "resolved": "https://registry.npmjs.org/teeny-request/-/teeny-request-6.0.1.tgz",
-      "integrity": "sha512-TAK0c9a00ELOqLrZ49cFxvPVogMUFaWY8dUsQc/0CuQPGF+BOxOQzXfE413BAk2kLomwNplvdtMpeaeGWmoc2g==",
+      "version": "6.0.3",
+      "resolved": "https://registry.npmjs.org/teeny-request/-/teeny-request-6.0.3.tgz",
+      "integrity": "sha512-TZG/dfd2r6yeji19es1cUIwAlVD8y+/svB1kAC2Y0bjEyysrfbO8EZvJBRwIE6WkwmUoB7uvWLwTIhJbMXZ1Dw==",
       "requires": {
         "http-proxy-agent": "^4.0.0",
-        "https-proxy-agent": "^4.0.0",
+        "https-proxy-agent": "^5.0.0",
         "node-fetch": "^2.2.0",
         "stream-events": "^1.0.5",
-        "uuid": "^3.3.2"
+        "uuid": "^7.0.0"
+      },
+      "dependencies": {
+        "uuid": {
+          "version": "7.0.3",
+          "resolved": "https://registry.npmjs.org/uuid/-/uuid-7.0.3.tgz",
+          "integrity": "sha512-DPSke0pXhTZgoF/d+WSt2QaKMCFSfx7QegxEWT+JOuHF5aWrKEn0G+ztjuJg/gG8/ItK+rbPCD/yNv8yyih6Cg=="
+        }
       }
     },
     "through": {
@@ -4890,9 +4880,9 @@
       }
     },
     "underscore": {
-      "version": "1.10.2",
-      "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.10.2.tgz",
-      "integrity": "sha512-N4P+Q/BuyuEKFJ43B9gYuOj4TQUHXX+j2FqguVOpjkssLUUrnJofCcBccJSCoeturDoZU6GorDTHSvUDlSQbTg=="
+      "version": "1.11.0",
+      "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.11.0.tgz",
+      "integrity": "sha512-xY96SsN3NA461qIRKZ/+qox37YXPtSBswMGfiNptr+wrt6ds4HaMw23TP612fEyGekRE6LNRiLYr/aqbHXNedw=="
     },
     "unique-string": {
       "version": "1.0.0",
@@ -5004,21 +4994,11 @@
       "integrity": "sha1-IpnwLG3tMNSllhsLn3RSShj2NPw="
     },
     "vasync": {
-      "version": "1.6.4",
-      "resolved": false,
-      "integrity": "sha1-3+k2Fq0OeugBszKp2Iv8XNyOHR8=",
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/vasync/-/vasync-2.2.0.tgz",
+      "integrity": "sha1-z951GGChWCLbOxMrxZsRakra8Bs=",
       "requires": {
-        "verror": "1.6.0"
-      },
-      "dependencies": {
-        "verror": {
-          "version": "1.6.0",
-          "resolved": false,
-          "integrity": "sha1-fROyex+swuLakEBetepuW90lLqU=",
-          "requires": {
-            "extsprintf": "1.2.0"
-          }
-        }
+        "verror": "1.10.0"
       }
     },
     "verror": {
@@ -5147,9 +5127,9 @@
       }
     },
     "ws": {
-      "version": "7.3.0",
-      "resolved": "https://registry.npmjs.org/ws/-/ws-7.3.0.tgz",
-      "integrity": "sha512-iFtXzngZVXPGgpTlP1rBqsUK82p9tKqsWRPg5L56egiljujJT3vGAYnHANvFxBieXrTFavhzhxW52jnaWV+w2w=="
+      "version": "7.3.1",
+      "resolved": "https://registry.npmjs.org/ws/-/ws-7.3.1.tgz",
+      "integrity": "sha512-D3RuNkynyHmEJIpD2qrgVkc9DQ23OrN/moAwZX4L8DfvszsJxpjQuUq3LMx6HoYji9fbIOBY18XWBsAux1ZZUA=="
     },
     "xdg-basedir": {
       "version": "3.0.0",

package.json

@@ -14,11 +14,11 @@
     "node": ">=4.0.0 <=4.1.1"
   },
   "dependencies": {
-    "@google-cloud/dns": "^1.1.0",
+    "@google-cloud/dns": "^1.2.9",
     "@google-cloud/storage": "^2.5.0",
     "@sindresorhus/df": "git+https://github.com/cloudron-io/df.git#type",
     "async": "^2.6.3",
-    "aws-sdk": "^2.685.0",
+    "aws-sdk": "^2.759.0",
     "body-parser": "^1.19.0",
     "cloudron-manifestformat": "^5.6.0",
     "connect": "^3.7.0",
@@ -27,28 +27,28 @@
     "cookie-session": "^1.4.0",
     "cron": "^1.8.2",
     "db-migrate": "^0.11.11",
-    "db-migrate-mysql": "^1.1.10",
-    "debug": "^4.1.1",
+    "db-migrate-mysql": "^2.1.1",
+    "debug": "^4.2.0",
     "dockerode": "^2.5.8",
     "ejs": "^2.6.1",
-    "ejs-cli": "^2.2.0",
+    "ejs-cli": "^2.2.1",
     "express": "^4.17.1",
     "ipaddr.js": "^2.0.0",
     "js-yaml": "^3.14.0",
     "json": "^9.0.6",
-    "ldapjs": "^1.0.2",
-    "lodash": "^4.17.15",
+    "ldapjs": "^2.2.0",
+    "lodash": "^4.17.20",
     "lodash.chunk": "^4.2.0",
     "mime": "^2.4.6",
-    "moment": "^2.26.0",
+    "moment": "^2.29.0",
     "moment-timezone": "^0.5.31",
     "morgan": "^1.10.0",
-    "multiparty": "^4.2.1",
+    "multiparty": "^4.2.2",
     "mysql": "^2.18.1",
-    "nodemailer": "^6.4.6",
+    "nodemailer": "^6.4.11",
     "nodemailer-smtp-transport": "^2.7.4",
     "once": "^1.4.0",
-    "pretty-bytes": "^5.3.0",
+    "pretty-bytes": "^5.4.1",
     "progress-stream": "^2.0.0",
     "proxy-middleware": "^0.15.0",
     "qrcode": "^1.4.4",
@@ -61,22 +61,22 @@
     "showdown": "^1.9.1",
     "speakeasy": "^2.0.0",
     "split": "^1.0.1",
-    "superagent": "^5.2.2",
+    "superagent": "^5.3.1",
     "supererror": "^0.7.2",
     "tar-fs": "github:cloudron-io/tar-fs#ignore_stat_error",
-    "tar-stream": "^2.1.2",
+    "tar-stream": "^2.1.4",
     "tldjs": "^2.3.1",
-    "underscore": "^1.10.2",
+    "underscore": "^1.11.0",
     "uuid": "^3.4.0",
     "validator": "^11.0.0",
-    "ws": "^7.3.0",
+    "ws": "^7.3.1",
     "xml2js": "^0.4.23"
   },
   "devDependencies": {
     "expect.js": "*",
     "hock": "^1.4.1",
     "js2xmlparser": "^4.0.1",
-    "mocha": "^6.1.4",
+    "mocha": "^6.2.3",
     "mock-aws-s3": "git+https://github.com/cloudron-io/mock-aws-s3.git",
     "nock": "^10.0.6",
     "node-sass": "^4.14.1",

scripts/cloudron-support

@@ -37,7 +37,7 @@ while true; do
         # fall through
         ;&
     --owner-login)
-        admin_username=$(mysql -NB -uroot -ppassword -e "SELECT username FROM box.users WHERE role='owner' LIMIT 1" 2>/dev/null)
+        admin_username=$(mysql -NB -uroot -ppassword -e "SELECT username FROM box.users WHERE role='owner' AND username IS NOT NULL ORDER BY createdAt LIMIT 1" 2>/dev/null)
         admin_password=$(pwgen -1s 12)
         ghost_file=/home/yellowtent/platformdata/cloudron_ghost.json
         printf '{"%s":"%s"}\n' "${admin_username}" "${admin_password}" > "${ghost_file}"

scripts/installer.sh

@@ -27,11 +27,11 @@ echo "==> installer: Updating from $(cat $box_src_dir/VERSION) to $(cat $box_src
 
 echo "==> installer: updating docker"
 
-if [[ $(docker version --format {{.Client.Version}}) != "18.09.2" ]]; then
+if [[ $(docker version --format {{.Client.Version}}) != "19.03.12" ]]; then
     # there are 3 packages for docker - containerd, CLI and the daemon
-    $curl -sL "https://download.docker.com/linux/ubuntu/dists/${ubuntu_codename}/pool/stable/amd64/containerd.io_1.2.2-3_amd64.deb" -o /tmp/containerd.deb
-    $curl -sL "https://download.docker.com/linux/ubuntu/dists/${ubuntu_codename}/pool/stable/amd64/docker-ce-cli_18.09.2~3-0~ubuntu-${ubuntu_codename}_amd64.deb" -o /tmp/docker-ce-cli.deb
-    $curl -sL "https://download.docker.com/linux/ubuntu/dists/${ubuntu_codename}/pool/stable/amd64/docker-ce_18.09.2~3-0~ubuntu-${ubuntu_codename}_amd64.deb" -o /tmp/docker.deb
+    curl -sL "https://download.docker.com/linux/ubuntu/dists/${ubuntu_codename}/pool/stable/amd64/containerd.io_1.2.13-2_amd64.deb" -o /tmp/containerd.deb
+    curl -sL "https://download.docker.com/linux/ubuntu/dists/${ubuntu_codename}/pool/stable/amd64/docker-ce-cli_19.03.12~3-0~ubuntu-${ubuntu_codename}_amd64.deb" -o /tmp/docker-ce-cli.deb
+    curl -sL "https://download.docker.com/linux/ubuntu/dists/${ubuntu_codename}/pool/stable/amd64/docker-ce_19.03.12~3-0~ubuntu-${ubuntu_codename}_amd64.deb" -o /tmp/docker.deb
 
     echo "==> installer: Waiting for all dpkg tasks to finish..."
     while fuser /var/lib/dpkg/lock; do

setup/start.sh

@@ -130,6 +130,12 @@ echo "==> Configuring collectd"
 rm -rf /etc/collectd /var/log/collectd.log
 ln -sfF "${PLATFORM_DATA_DIR}/collectd" /etc/collectd
 cp "${script_dir}/start/collectd/collectd.conf" "${PLATFORM_DATA_DIR}/collectd/collectd.conf"
+if [[ "${ubuntu_version}" == "20.04" ]]; then
+    # https://bugs.launchpad.net/ubuntu/+source/collectd/+bug/1872281
+    if ! grep -q LD_PRELOAD /etc/default/collectd; then
+        echo -e "\nLD_PRELOAD=/usr/lib/python3.8/config-3.8-x86_64-linux-gnu/libpython3.8.so" >> /etc/default/collectd
+    fi
+fi
 systemctl restart collectd
 
 echo "==> Configuring logrotate"
@@ -187,6 +193,10 @@ fi
 
 readonly mysql_root_password="password"
 mysqladmin -u root -ppassword password password # reset default root password
+if [[ "${ubuntu_version}" == "20.04" ]]; then
+    # mysql 8 added a new caching_sha2_password scheme which mysqljs does not support
+    mysql -u root -p${mysql_root_password} -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '${mysql_root_password}';"
+fi
 mysql -u root -p${mysql_root_password} -e 'CREATE DATABASE IF NOT EXISTS box'
 
 # set HOME explicity, because it's not set when the installer calls it. this is done because

setup/start/cloudron-firewall.sh

@@ -11,8 +11,9 @@ ipset create cloudron_blocklist hash:net || true
 /home/yellowtent/box/src/scripts/setblocklist.sh
 
 iptables -t filter -A CLOUDRON -m set --match-set cloudron_blocklist src -j DROP
-if ! iptables -t filter -C FORWARD -m set --match-set cloudron_blocklist src -j DROP; then
-    iptables -t filter -A FORWARD -m set --match-set cloudron_blocklist src -j DROP
+# the DOCKER-USER chain is not cleared on docker restart
+if ! iptables -t filter -C DOCKER-USER -m set --match-set cloudron_blocklist src -j DROP; then
+    iptables -t filter -I DOCKER-USER 1 -m set --match-set cloudron_blocklist src -j DROP
 fi
 
 # allow related and establisted connections
@@ -65,8 +66,6 @@ for port in 22 202; do
     iptables -A CLOUDRON_RATELIMIT -p tcp --dport ${port} -m state --state NEW -m recent --update --name "public-${port}" --seconds 10 --hitcount 5 -j CLOUDRON_RATELIMIT_LOG
 done
 
-# TODO: move docker platform rules to platform.js so it can be specialized to rate limit only when destination is the mail container
-
 # docker translates (dnat) 25, 587, 993, 4190 in the PREROUTING step
 for port in 2525 4190 9993; do
     iptables -A CLOUDRON_RATELIMIT -p tcp --syn ! -s 172.18.0.0/16 -d 172.18.0.0/16 --dport ${port} -m connlimit --connlimit-above 50 -j CLOUDRON_RATELIMIT_LOG
@@ -82,12 +81,10 @@ for port in 3306 5432 6379 27017; do
     iptables -A CLOUDRON_RATELIMIT -p tcp --syn -s 172.18.0.0/16 -d 172.18.0.0/16 --dport ${port} -m connlimit --connlimit-above 5000 -j CLOUDRON_RATELIMIT_LOG
 done
 
-# For ssh, http, https
 if ! iptables -t filter -C INPUT -j CLOUDRON_RATELIMIT 2>/dev/null; then
     iptables -t filter -I INPUT 1 -j CLOUDRON_RATELIMIT
 fi
 
-# For smtp, imap etc routed via docker/nat
-# Workaroud issue where Docker insists on adding itself first in FORWARD table
+# Workaround issue where Docker insists on adding itself first in FORWARD table
 iptables -D FORWARD -j CLOUDRON_RATELIMIT || true
 iptables -I FORWARD 1 -j CLOUDRON_RATELIMIT

setup/start/collectd/collectd.conf

@@ -121,7 +121,7 @@ LoadPlugin memory
 #LoadPlugin netlink
 #LoadPlugin network
 #LoadPlugin nfs
-LoadPlugin nginx
+#LoadPlugin nginx
 #LoadPlugin notify_desktop
 #LoadPlugin notify_email
 #LoadPlugin ntpd
@@ -149,7 +149,7 @@ LoadPlugin nginx
 #LoadPlugin statsd
 LoadPlugin swap
 #LoadPlugin table
-LoadPlugin tail
+#LoadPlugin tail
 #LoadPlugin tail_csv
 #LoadPlugin tcpconns
 #LoadPlugin teamspeak2
@@ -197,42 +197,11 @@ LoadPlugin write_graphite
    IgnoreSelected false
 </Plugin>
 
-<Plugin nginx>
-   URL "http://127.0.0.1/nginx_status"
-</Plugin>
-
 <Plugin swap>
    ReportByDevice false
    ReportBytes true
 </Plugin>
 
-<Plugin "tail">
-   <File "/var/log/nginx/error.log">
-     Instance "nginx"
-     <Match>
-       Regex ".*"
-       DSType "CounterInc"
-       Type counter
-       Instance "errors"
-     </Match>
-   </File>
-   <File "/var/log/nginx/access.log">
-     Instance "nginx"
-     <Match>
-       Regex ".*"
-       DSType "CounterInc"
-       Type counter
-       Instance "requests"
-     </Match>
-    <Match>
-      Regex " \".*\" [0-9]+ [0-9]+ ([0-9]+)"
-      DSType GaugeAverage
-      Type delay
-      Instance "response"
-    </Match>
-   </File>
-</Plugin>
-
 <Plugin python>
     # https://blog.dbrgn.ch/2017/3/10/write-a-collectd-python-plugin/
     ModulePath "/home/yellowtent/box/setup/start/collectd/"

setup/start/nginx/nginx.conf

@@ -6,7 +6,7 @@ worker_processes  auto;
 # this is 4096 by default. See /proc/<PID>/limits and /etc/security/limits.conf
 # usually twice the worker_connections (one for uptsream, one for downstream)
 # see also LimitNOFILE=16384 in systemd drop-in
-worker_rlimit_nofile 8192; 
+worker_rlimit_nofile 8192;
 
 pid /run/nginx.pid;
 
@@ -43,23 +43,5 @@ http {
     # zones for rate limiting
     limit_req_zone $binary_remote_addr zone=admin_login:10m rate=10r/s; # 10 request a second
 
-
-    # default http server that returns 404 for any domain we are not listening on
-    server {
-        listen      80 default_server;
-        listen      [::]:80 default_server;
-        server_name does_not_match_anything;
-
-        # acme challenges (for app installation and re-configure when the vhost config does not exist)
-        location /.well-known/acme-challenge/ {
-            default_type text/plain;
-            alias /home/yellowtent/platformdata/acme/;
-        }
-
-        location / {
-            return 404;
-        }
-    }
-
     include applications/*.conf;
 }

src/addons.js

@@ -1,29 +1,30 @@
 'use strict';
 
 exports = module.exports = {
-    getServices: getServices,
-    getService: getService,
-    configureService: configureService,
-    getServiceLogs: getServiceLogs,
-    restartService: restartService,
+    getServices,
+    getService,
+    configureService,
+    getServiceLogs,
+    restartService,
+    rebuildService,
 
     startAppServices,
     stopAppServices,
 
-    startServices: startServices,
-    updateServiceConfig: updateServiceConfig,
+    startServices,
+    updateServiceConfig,
 
-    setupAddons: setupAddons,
-    teardownAddons: teardownAddons,
-    backupAddons: backupAddons,
-    restoreAddons: restoreAddons,
-    clearAddons: clearAddons,
+    setupAddons,
+    teardownAddons,
+    backupAddons,
+    restoreAddons,
+    clearAddons,
 
-    getEnvironment: getEnvironment,
-    getMountsSync: getMountsSync,
-    getContainerNamesSync: getContainerNamesSync,
+    getEnvironment,
+    getMountsSync,
+    getContainerNamesSync,
 
-    getContainerDetails: getContainerDetails,
+    getContainerDetails,
 
     SERVICE_STATUS_STARTING: 'starting',  // container up, waiting for healthcheck
     SERVICE_STATUS_ACTIVE: 'active',
@@ -798,7 +799,8 @@ function exportDatabase(addon, callback) {
 }
 
 function updateServiceConfig(platformConfig, callback) {
-    callback = callback || NOOP_CALLBACK;
+    assert.strictEqual(typeof platformConfig, 'object');
+    assert.strictEqual(typeof callback, 'function');
 
     async.eachSeries([ 'mysql', 'postgresql', 'mail', 'mongodb', 'graphite' ], function iterator(serviceName, iteratorCallback) {
         const containerConfig = platformConfig[serviceName];
@@ -812,7 +814,11 @@ function updateServiceConfig(platformConfig, callback) {
         }
 
         const args = `update --memory ${memory} --memory-swap ${memorySwap} ${serviceName}`.split(' ');
-        shell.spawn(`updateServiceConfig(${serviceName})`, '/usr/bin/docker', args, { }, iteratorCallback);
+        // scale back db containers, if possible. this is retried because updating memory constraints can fail
+        // with failed to write to memory.memsw.limit_in_bytes: write /sys/fs/cgroup/memory/docker/xx/memory.memsw.limit_in_bytes: device or resource busy
+        async.retry({ times: 10, interval: 60 * 1000 }, function (retryCallback) {
+            shell.spawn(`updateServiceConfig(${serviceName})`, '/usr/bin/docker', args, { }, retryCallback);
+        }, iteratorCallback);
     }, callback);
 }
 

src/appdb.js

@@ -423,14 +423,14 @@ function updateWithConstraints(id, app, constraints, callback) {
     }
 
     if ('location' in app && 'domain' in app) { // must be updated together as they are unique together
-        queries.push({ query: 'UPDATE subdomains SET subdomain = ?, domain = ? WHERE appId = ? AND type = ?', args: [ app.location, app.domain, id, exports.SUBDOMAIN_TYPE_PRIMARY ]});
-    }
+        queries.push({ query: 'DELETE FROM subdomains WHERE appId = ?', args: [ id ]}); // all locations of an app must be updated together
+        queries.push({ query: 'INSERT INTO subdomains (appId, domain, subdomain, type) VALUES (?, ?, ?, ?)', args: [ id, app.domain, app.location, exports.SUBDOMAIN_TYPE_PRIMARY ]});
 
-    if ('alternateDomains' in app) {
-        queries.push({ query: 'DELETE FROM subdomains WHERE appId = ? AND type = ?', args: [ id, exports.SUBDOMAIN_TYPE_REDIRECT ]});
-        app.alternateDomains.forEach(function (d) {
-            queries.push({ query: 'INSERT INTO subdomains (appId, domain, subdomain, type) VALUES (?, ?, ?, ?)', args: [ id, d.domain, d.subdomain, exports.SUBDOMAIN_TYPE_REDIRECT ]});
-        });
+        if ('alternateDomains' in app) {
+            app.alternateDomains.forEach(function (d) {
+                queries.push({ query: 'INSERT INTO subdomains (appId, domain, subdomain, type) VALUES (?, ?, ?, ?)', args: [ id, d.domain, d.subdomain, exports.SUBDOMAIN_TYPE_REDIRECT ]});
+            });
+        }
     }
 
     var fields = [ ], values = [ ];

src/apps.js

@@ -41,6 +41,7 @@ exports = module.exports = {
     backup: backup,
     listBackups: listBackups,
 
+    getLocalLogfilePaths: getLocalLogfilePaths,
     getLogs: getLogs,
 
     start: start,
@@ -1365,6 +1366,19 @@ function update(app, data, auditSource, callback) {
     });
 }
 
+function getLocalLogfilePaths(app) {
+    assert.strictEqual(typeof app, 'object');
+
+    const appId = app.id;
+
+    var filePaths = [];
+    filePaths.push(path.join(paths.LOG_DIR, appId, 'apptask.log'));
+    filePaths.push(path.join(paths.LOG_DIR, appId, 'app.log'));
+    if (app.manifest.addons && app.manifest.addons.redis) filePaths.push(path.join(paths.LOG_DIR, `redis-${appId}/app.log`));
+
+    return filePaths;
+}
+
 function getLogs(app, options, callback) {
     assert.strictEqual(typeof app, 'object');
     assert(options && typeof options === 'object');
@@ -1384,11 +1398,8 @@ function getLogs(app, options, callback) {
 
     var args = [ '--lines=' + lines ];
     if (follow) args.push('--follow', '--retry', '--quiet'); // same as -F. to make it work if file doesn't exist, --quiet to not output file headers, which are no logs
-    args.push(path.join(paths.LOG_DIR, appId, 'apptask.log'));
-    args.push(path.join(paths.LOG_DIR, appId, 'app.log'));
-    if (app.manifest.addons && app.manifest.addons.redis) args.push(path.join(paths.LOG_DIR, `redis-${appId}/app.log`));
 
-    var cp = spawn('/usr/bin/tail', args);
+    var cp = spawn('/usr/bin/tail', args.concat(getLocalLogfilePaths(app)));
 
     var transformStream = split(function mapper(line) {
         if (format !== 'json') return line + '\n';

src/appstore.js

@@ -32,11 +32,13 @@ var apps = require('./apps.js'),
     constants = require('./constants.js'),
     debug = require('debug')('box:appstore'),
     eventlog = require('./eventlog.js'),
+    path = require('path'),
     paths = require('./paths.js'),
     safe = require('safetydance'),
     semver = require('semver'),
     settings = require('./settings.js'),
     superagent = require('superagent'),
+    support = require('./support.js'),
     util = require('util');
 
 // These are the default options and will be adjusted once a subscription state is obtained
@@ -406,26 +408,55 @@ function createTicket(info, auditSource, callback) {
         apps.get(info.appId, callback);
     }
 
+    function enableSshIfNeeded(callback) {
+        if (!info.enableSshSupport) return callback();
+
+        support.enableRemoteSupport(true, auditSource, function (error) {
+            // ensure we can at least get the ticket through
+            if (error) console.error('Unable to enable SSH support.', error);
+
+            callback();
+        });
+    }
+
     getCloudronToken(function (error, token) {
         if (error) return callback(error);
 
-        collectAppInfoIfNeeded(function (error, result) {
+        enableSshIfNeeded(function (error) {
             if (error) return callback(error);
-            if (result) info.app = result;
 
-            let url = settings.apiServerOrigin() + '/api/v1/ticket';
+            collectAppInfoIfNeeded(function (error, app) {
+                if (error) return callback(error);
+                if (app) info.app = app;
 
-            info.supportEmail = constants.SUPPORT_EMAIL; // destination address for tickets
+                info.supportEmail = constants.SUPPORT_EMAIL; // destination address for tickets
 
-            superagent.post(url).query({ accessToken: token }).send(info).timeout(10 * 1000).end(function (error, result) {
-                if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
-                if (result.statusCode === 401) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
-                if (result.statusCode === 422) return callback(new BoxError(BoxError.LICENSE_ERROR, result.body.message));
-                if (result.statusCode !== 201) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Bad response: %s %s', result.statusCode, result.text)));
+                var req = superagent.post(`${settings.apiServerOrigin()}/api/v1/ticket`)
+                    .query({ accessToken: token })
+                    .timeout(20 * 1000);
 
-                eventlog.add(eventlog.ACTION_SUPPORT_TICKET, auditSource, info);
+                // either send as JSON through body or as multipart, depending on attachments
+                if (info.app) {
+                    req.field('infoJSON', JSON.stringify(info));
 
-                callback(null, { message: `An email for sent to ${constants.SUPPORT_EMAIL}. We will get back shortly!` });
+                    apps.getLocalLogfilePaths(info.app).forEach(function (filePath) {
+                        var logs = safe.child_process.execSync(`tail --lines=1000 ${filePath}`);
+                        if (logs) req.attach(path.basename(filePath), logs, path.basename(filePath));
+                    });
+                } else {
+                    req.send(info);
+                }
+
+                req.end(function (error, result) {
+                    if (error && !error.response) return callback(new BoxError(BoxError.NETWORK_ERROR, error.message));
+                    if (result.statusCode === 401) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
+                    if (result.statusCode === 422) return callback(new BoxError(BoxError.LICENSE_ERROR, result.body.message));
+                    if (result.statusCode !== 201) return callback(new BoxError(BoxError.EXTERNAL_ERROR, util.format('Bad response: %s %s', result.statusCode, result.text)));
+
+                    eventlog.add(eventlog.ACTION_SUPPORT_TICKET, auditSource, info);
+
+                    callback(null, { message: `An email for sent to ${constants.SUPPORT_EMAIL}. We will get back shortly!` });
+                });
             });
         });
     });

src/backups.js

@@ -380,9 +380,11 @@ function createReadStream(sourceFile, encryption) {
 
     stream.on('error', function (error) {
         debug(`createReadStream: read stream error at ${sourceFile}`, error);
-        ps.emit('error', new BoxError(BoxError.FS_ERROR, `Error reading ${sourceFile}: ${error.message}`));
+        ps.emit('error', new BoxError(BoxError.FS_ERROR, `Error reading ${sourceFile}: ${error.message} ${error.code}`));
     });
 
+    stream.on('open', () => ps.emit('open'));
+
     if (encryption) {
         let encryptStream = new EncryptStream(encryption);
 
@@ -515,18 +517,19 @@ function sync(backupConfig, backupId, dataLayout, progressCallback, callback) {
                 progressCallback({ message: `Adding ${task.path}` + (retryCount > 1 ?  ` (Try ${retryCount})` : '') });
                 debug(`Adding ${task.path} position ${task.position} try ${retryCount}`);
                 var stream = createReadStream(dataLayout.toLocalPath('./' + task.path), backupConfig.encryption);
-                stream.on('error', function (error) {
-                    debug(`read stream error for ${task.path}: ${error.message}`);
-                    retryCallback();
-                }); // ignore error if file disappears
+                stream.on('error', (error) => retryCallback(error.message.includes('ENOENT') ? null : error)); // ignore error if file disappears
                 stream.on('progress', function (progress) {
                     const transferred = Math.round(progress.transferred/1024/1024), speed = Math.round(progress.speed/1024/1024);
                     if (!transferred && !speed) return progressCallback({ message: `Uploading ${task.path}` }); // 0M@0MBps looks wrong
                     progressCallback({ message: `Uploading ${task.path}: ${transferred}M@${speed}MBps` }); // 0M@0MBps looks wrong
                 });
-                api(backupConfig.provider).upload(backupConfig, backupFilePath, stream, function (error) {
-                    debug(error ? `Error uploading ${task.path} try ${retryCount}: ${error.message}` : `Uploaded ${task.path}`);
-                    retryCallback(error);
+                // only create the destination path when we have confirmation that the source is available. otherwise, we end up with
+                // files owned as 'root' and the cp later will fail
+                stream.on('open', function () {
+                    api(backupConfig.provider).upload(backupConfig, backupFilePath, stream, function (error) {
+                        debug(error ? `Error uploading ${task.path} try ${retryCount}: ${error.message}` : `Uploaded ${task.path}`);
+                        retryCallback(error);
+                    });
                 });
             }
         }, iteratorCallback);

src/cloudron.js

@@ -78,15 +78,17 @@ function onActivated(callback) {
     // 1. mail bounces can now be sent to the cloudron owner
     // 2. the restore code path can run without sudo (since mail/ is non-root)
     async.series([
-        reverseProxy.removeDefaultConfig, // remove IP based nginx config once user is created
         platform.start,
         cron.startJobs,
-        function checkBackupConfiguration(callback) {
+        function checkBackupConfiguration(done) {
             backups.checkConfiguration(function (error, message) {
-                if (error) return callback(error);
-                notifications.alert(notifications.ALERT_BACKUP_CONFIG, 'Backup configuration is unsafe', message, callback);
+                if (error) return done(error);
+                notifications.alert(notifications.ALERT_BACKUP_CONFIG, 'Backup configuration is unsafe', message, done);
             });
-        }
+        },
+        // disable responding to api calls via IP to not leak domain info. this is carefully placed as the last item, so it buys
+        // the UI some time to query the dashboard domain in the restore code path
+        (done) => setTimeout(() => reverseProxy.writeDefaultConfig({ activated :true }, done), 30000)
     ], callback);
 }
 
@@ -128,7 +130,7 @@ function runStartupTasks() {
         function (callback) {
             if (!settings.adminDomain()) return callback();
 
-            reverseProxy.writeAdminConfig(settings.adminDomain(), callback);
+            reverseProxy.writeDashboardConfig(settings.adminDomain(), callback);
         },
 
         // check activation state and start the platform
@@ -141,7 +143,7 @@ function runStartupTasks() {
                 // we remove the config as a simple security measure to not expose IP <-> domain
                 if (!activated) {
                     debug('runStartupTasks: not activated. generating IP based redirection config');
-                    return reverseProxy.writeDefaultConfig(callback);
+                    return reverseProxy.writeDefaultConfig({ activated: false }, callback);
                 }
 
                 onActivated(callback);
@@ -318,7 +320,7 @@ function setDashboardDomain(domain, auditSource, callback) {
     domains.get(domain, function (error, domainObject) {
         if (error) return callback(error);
 
-        reverseProxy.writeAdminConfig(domain, function (error) {
+        reverseProxy.writeDashboardConfig(domain, function (error) {
             if (error) return callback(error);
 
             const fqdn = domains.fqdn(constants.ADMIN_LOCATION, domainObject);
@@ -347,7 +349,7 @@ function updateDashboardDomain(domain, auditSource, callback) {
     setDashboardDomain(domain, auditSource, function (error) {
         if (error) return callback(error);
 
-        addons.restartService('turn', NOOP_CALLBACK); // to update the realm variable
+        addons.rebuildService('turn', NOOP_CALLBACK); // to update the realm variable
 
         callback(null);
     });

src/dns/namecheap.js

@@ -78,13 +78,11 @@ function getInternal(dnsConfig, zoneName, subdomain, type, callback) {
 
                     return callback(new BoxError(BoxError.EXTERNAL_ERROR, errorMessage));
                 }
-                if (!tmp.CommandResponse[0]) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Invalid response'));
-                if (!tmp.CommandResponse[0].DomainDNSGetHostsResult[0]) return callback(new BoxError(BoxError.EXTERNAL_ERROR, 'Invalid response'));
-
-                var hosts = result.ApiResponse.CommandResponse[0].DomainDNSGetHostsResult[0].host.map(function (h) {
-                    return h['$'];
-                });
+                const host = safe.query(tmp, 'CommandResponse[0].DomainDNSGetHostsResult[0].host');
+                if (!host) return callback(new BoxError(BoxError.EXTERNAL_ERROR, `Invalid response: ${JSON.stringify(tmp)}`));
+                if (!Array.isArray(host)) return callback(new BoxError(BoxError.EXTERNAL_ERROR, `host is not an array: ${JSON.stringify(tmp)}`));
 
+                const hosts = host.map(h => h['$']);
                 callback(null, hosts);
             });
         });

src/docker.js

@@ -330,7 +330,7 @@ function createSubcontainer(app, name, cmd, options, callback) {
         if (capabilities.includes('mlock')) containerOptions.HostConfig.CapAdd.push('IPC_LOCK'); // mlock prevents swapping
         if (!capabilities.includes('ping')) containerOptions.HostConfig.CapDrop.push('NET_RAW'); // NET_RAW is included by default by Docker
 
-        if (capabilities.includes('vaapi')) {
+        if (capabilities.includes('vaapi') && safe.fs.existsSync('/dev/dri')) {
             containerOptions.HostConfig.Devices = [
                 { PathOnHost: '/dev/dri', PathInContainer: '/dev/dri', CgroupPermissions: 'rwm' }
             ];

src/infra_version.js

@@ -16,8 +16,8 @@ exports = module.exports = {
     // docker inspect --format='{{index .RepoDigests 0}}' $IMAGE to get the sha256
     'images': {
         'turn': { repo: 'cloudron/turn', tag: 'cloudron/turn:1.1.0@sha256:e1dd22aa6eef5beb7339834b200a8bb787ffc2264ce11139857a054108fefb4f' },
-        'mysql': { repo: 'cloudron/mysql', tag: 'cloudron/mysql:2.3.1@sha256:c1145d43c8a912fe6f5a5629a4052454a4aa6f23391c1efbffeec9d12d72a256' },
-        'postgresql': { repo: 'cloudron/postgresql', tag: 'cloudron/postgresql:3.1.0@sha256:261c38d332a20cd4160930d7395fd342496159e94c522d92fde8163c680adc98' },
+        'mysql': { repo: 'cloudron/mysql', tag: 'cloudron/mysql:2.3.2@sha256:dd624870c7f8ba9b2759f93ce740d1e092a1ac4b2d6af5007a01b30ad6b316d0' },
+        'postgresql': { repo: 'cloudron/postgresql', tag: 'cloudron/postgresql:3.2.1@sha256:ca45ba2c8356fd1ec5ec996a4e8ce1e9df6711b36c358ca19f6ab4bdc476695e' },
         'mongodb': { repo: 'cloudron/mongodb', tag: 'cloudron/mongodb:3.0.0@sha256:59e50b1f55e433ffdf6d678f8c658812b4119f631db8325572a52ee40d3bc562' },
         'redis': { repo: 'cloudron/redis', tag: 'cloudron/redis:2.3.0@sha256:0e31ec817e235b1814c04af97b1e7cf0053384aca2569570ce92bef0d95e94d2' },
         'mail': { repo: 'cloudron/mail', tag: 'cloudron/mail:2.10.0@sha256:3aff92bfc85d6ca3cc6fc381c8a89625d2af95cc55ed2db692ef4e483e600372' },

src/nginxconfig.ejs

@@ -6,59 +6,57 @@ map $http_upgrade $connection_upgrade {
 
 # http server
 server {
-    listen       80;
-    server_tokens off; # hide version
+<% if (endpoint === 'ip' || endpoint === 'setup') { -%>
+    listen 80 default_server;
+    server_name _;
 <% if (hasIPv6) { -%>
-    listen       [::]:80;
+    listen [::]:80 default_server;
 <% } -%>
-
-<% if (vhost) { -%>
-    server_name  <%= vhost %>;
 <% } else { -%>
-    # IP based access from collectd or initial cloudron setup. TODO: match the IPv6 address
-    server_name  "~^\d+\.\d+\.\d+\.\d+$";
-
-    # collectd
-    location /nginx_status {
-        stub_status on;
-        access_log off;
-        allow 127.0.0.1;
-        deny all;
-    }
+    listen 80;
+    server_name  <%= vhost %>;
+<% if (hasIPv6) { -%>
+    listen [::]:80;
+<% } -%>
 <% } -%>
 
-    # acme challenges (for cert renewal where the vhost config exists)
+    server_tokens off; # hide version
+
+    # acme challenges
     location /.well-known/acme-challenge/ {
         default_type text/plain;
         alias /home/yellowtent/platformdata/acme/;
     }
 
+    # for default server, serve the splash page. for other endpoints, redirect to HTTPS
     location / {
-        # redirect everything to HTTPS
-<% if ( endpoint === 'admin' ) { %>
+<% if ( endpoint === 'admin' || endpoint === 'setup' ) { %>
         return 301 https://$host$request_uri;
 <% } else if ( endpoint === 'app' ) { %>
         return 301 https://$host$request_uri;
 <% } else if ( endpoint === 'redirect' ) { %>
         return 301 https://<%= redirectTo %>$request_uri;
+<% } else if ( endpoint === 'ip' ) { %>
+        root <%= sourceDir %>/dashboard/dist;
+        try_files /splash.html =404;
 <% } %>
-
     }
 }
 
 # https server
 server {
-<% if (vhost) { -%>
-    server_name  <%= vhost %>;
-    listen       443 ssl http2;
-<% if (hasIPv6) { -%>
-    listen       [::]:443 ssl http2;
-<% } -%>
-<% } else { -%>
+<% if (endpoint === 'ip' || endpoint === 'setup') { -%>
     listen       443 ssl http2 default_server;
+    server_name _;
 <% if (hasIPv6) { -%>
     listen       [::]:443 ssl http2 default_server;
 <% } -%>
+<% } else { -%>
+    listen       443 ssl http2;
+    server_name  <%= vhost %>;
+<% if (hasIPv6) { -%>
+    listen       [::]:443 ssl http2;
+<% } -%>
 <% } -%>
 
     server_tokens off; # hide version
@@ -102,7 +100,7 @@ server {
     # enable for proxied requests as well
     gzip_proxied any;
 
-<% if ( endpoint === 'admin' ) { -%>
+<% if ( endpoint === 'admin' || endpoint === 'ip' || endpoint === 'setup' ) { -%>
     # CSP headers for the admin/dashboard resources
     add_header Content-Security-Policy "default-src 'none'; frame-src 'self' cloudron.io *.cloudron.io; connect-src wss: https: 'self' *.cloudron.io; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; style-src https: 'unsafe-inline'; object-src 'none'; font-src https: 'self'; frame-ancestors 'none'; base-uri 'none'; form-action 'self';";
 <% } else { %>
@@ -179,7 +177,7 @@ server {
         }
 <% } %>
 
-<% if ( endpoint === 'admin' ) { %>
+<% if ( endpoint === 'admin' || endpoint === 'setup' ) { %>
         location /api/ {
             proxy_pass   http://127.0.0.1:3000;
             client_max_body_size 1m;
@@ -224,6 +222,11 @@ server {
         # redirect everything to the app. this is temporary because there is no way
         # to clear a permanent redirect on the browser
         return 302 https://<%= redirectTo %>$request_uri;
+<% } else if ( endpoint === 'ip' ) { %>
+        location / {
+            root   <%= sourceDir %>/dashboard/dist;
+            try_files /splash.html =404;
+        }
 <% } %>
     }
 }

src/platform.js

@@ -90,20 +90,11 @@ function onPlatformReady(infraChanged) {
 }
 
 function applyPlatformConfig(callback) {
-    // scale back db containers, if possible. this is retried because updating memory constraints can fail
-    // with failed to write to memory.memsw.limit_in_bytes: write /sys/fs/cgroup/memory/docker/xx/memory.memsw.limit_in_bytes: device or resource busy
+    settings.getPlatformConfig(function (error, platformConfig) {
+        if (error) return callback(error);
 
-    async.retry({ times: 10, interval: 5 * 60 * 1000 }, function (retryCallback) {
-        settings.getPlatformConfig(function (error, platformConfig) {
-            if (error) return retryCallback(error);
-
-            addons.updateServiceConfig(platformConfig, function (error) {
-                if (error) debug('Error updating services. Will rety in 5 minutes', platformConfig, error);
-
-                retryCallback(error);
-            });
-        });
-    }, callback);
+        addons.updateServiceConfig(platformConfig, callback);
+    });
 }
 
 function pruneInfraImages(callback) {

src/reverseproxy.js

@@ -21,9 +21,7 @@ exports = module.exports = {
 
     // these only generate nginx config
     writeDefaultConfig,
-    removeDefaultConfig,
-
-    writeAdminConfig,
+    writeDashboardConfig,
     writeAppConfig,
 
     removeAppConfigs,
@@ -367,7 +365,7 @@ function ensureCertificate(vhost, domain, auditSource, callback) {
     });
 }
 
-function writeAdminNginxConfig(bundle, configFileName, vhost, callback) {
+function writeDashboardNginxConfig(bundle, configFileName, vhost, callback) {
     assert.strictEqual(typeof bundle, 'object');
     assert.strictEqual(typeof configFileName, 'string');
     assert.strictEqual(typeof vhost, 'string');
@@ -376,7 +374,7 @@ function writeAdminNginxConfig(bundle, configFileName, vhost, callback) {
     var data = {
         sourceDir: path.resolve(__dirname, '..'),
         adminOrigin: settings.adminOrigin(),
-        vhost: vhost, // if vhost is empty it will become the default_server
+        vhost: vhost,
         hasIPv6: sysinfo.hasIPv6(),
         endpoint: 'admin',
         certFilePath: bundle.certFilePath,
@@ -404,16 +402,16 @@ function configureAdmin(domain, auditSource, callback) {
         ensureCertificate(adminFqdn, domainObject.domain, auditSource, function (error, bundle) {
             if (error) return callback(error);
 
-            writeAdminNginxConfig(bundle, `${adminFqdn}.conf`, adminFqdn, callback);
+            writeDashboardNginxConfig(bundle, `${adminFqdn}.conf`, adminFqdn, callback);
         });
     });
 }
 
-function writeAdminConfig(domain, callback) {
+function writeDashboardConfig(domain, callback) {
     assert.strictEqual(typeof domain, 'string');
     assert.strictEqual(typeof callback, 'function');
 
-    debug(`writeAdminConfig: writing admin config for ${domain}`);
+    debug(`writeDashboardConfig: writing admin config for ${domain}`);
 
     domains.get(domain, function (error, domainObject) {
         if (error) return callback(error);
@@ -423,7 +421,7 @@ function writeAdminConfig(domain, callback) {
         getCertificate(adminFqdn, domainObject.domain, function (error, bundle) {
             if (error) return callback(error);
 
-            writeAdminNginxConfig(bundle, `${adminFqdn}.conf`, adminFqdn, callback);
+            writeDashboardNginxConfig(bundle, `${adminFqdn}.conf`, adminFqdn, callback);
         });
     });
 }
@@ -612,11 +610,11 @@ function renewCerts(options, auditSource, progressCallback, callback) {
 
                 // reconfigure since the cert changed
                 if (appDomain.type === 'webadmin') {
-                    return writeAdminNginxConfig(bundle, `${settings.adminFqdn()}.conf`, settings.adminFqdn(), iteratorCallback);
+                    return writeDashboardNginxConfig(bundle, `${settings.adminFqdn()}.conf`, settings.adminFqdn(), iteratorCallback);
                 } else if (appDomain.type === 'webadmin+mail') {
                     return async.series([
                         mail.handleCertChanged,
-                        writeAdminNginxConfig.bind(null, bundle, `${settings.adminFqdn()}.conf`, settings.adminFqdn())
+                        writeDashboardNginxConfig.bind(null, bundle, `${settings.adminFqdn()}.conf`, settings.adminFqdn())
                     ], iteratorCallback);
                 } else if (appDomain.type === 'main') {
                     return writeAppNginxConfig(appDomain.app, bundle, iteratorCallback);
@@ -648,35 +646,37 @@ function removeAppConfigs() {
     }
 }
 
-function writeDefaultConfig(callback) {
+function writeDefaultConfig(options, callback) {
+    assert.strictEqual(typeof options, 'object');
     assert.strictEqual(typeof callback, 'function');
 
-    var certFilePath = path.join(paths.NGINX_CERT_DIR,  'default.cert');
-    var keyFilePath = path.join(paths.NGINX_CERT_DIR, 'default.key');
+    const certFilePath = path.join(paths.NGINX_CERT_DIR,  'default.cert');
+    const keyFilePath = path.join(paths.NGINX_CERT_DIR, 'default.key');
 
     if (!fs.existsSync(certFilePath) || !fs.existsSync(keyFilePath)) {
         debug('writeDefaultConfig: create new cert');
 
-        var cn = 'cloudron-' + (new Date()).toISOString(); // randomize date a bit to keep firefox happy
+        const cn = 'cloudron-' + (new Date()).toISOString(); // randomize date a bit to keep firefox happy
         if (!safe.child_process.execSync(`openssl req -x509 -newkey rsa:2048 -keyout ${keyFilePath} -out ${certFilePath} -days 3650 -subj /CN=${cn} -nodes`)) {
             debug(`writeDefaultConfig: could not generate certificate: ${safe.error.message}`);
             return callback(new BoxError(BoxError.OPENSSL_ERROR, safe.error));
         }
     }
 
-    writeAdminNginxConfig({ certFilePath, keyFilePath }, constants.NGINX_DEFAULT_CONFIG_FILE_NAME, '', function (error) {
-        if (error) return callback(error);
+    const data = {
+        sourceDir: path.resolve(__dirname, '..'),
+        adminOrigin: settings.adminOrigin(),
+        vhost: '',
+        hasIPv6: sysinfo.hasIPv6(),
+        endpoint: options.activated ? 'ip' : 'setup',
+        certFilePath,
+        keyFilePath,
+        robotsTxtQuoted: JSON.stringify('User-agent: *\nDisallow: /\n')
+    };
+    const nginxConf = ejs.render(NGINX_APPCONFIG_EJS, data);
+    const nginxConfigFilename = path.join(paths.NGINX_APPCONFIG_DIR, constants.NGINX_DEFAULT_CONFIG_FILE_NAME);
 
-        debug('writeDefaultConfig: done');
-
-        reload(callback);
-    });
-}
-
-function removeDefaultConfig(callback) {
-    assert.strictEqual(typeof callback, 'function');
-
-    safe.fs.unlinkSync(path.join(paths.NGINX_APPCONFIG_DIR, constants.NGINX_DEFAULT_CONFIG_FILE_NAME));
+    if (!safe.fs.writeFileSync(nginxConfigFilename, nginxConf)) return callback(new BoxError(BoxError.FS_ERROR, safe.error));
 
     reload(callback);
 }

src/routes/support.js

@@ -41,6 +41,7 @@ function createTicket(req, res, next) {
     if (typeof req.body.description !== 'string' || !req.body.description) return next(new HttpError(400, 'description must be string'));
     if (req.body.appId && typeof req.body.appId !== 'string') return next(new HttpError(400, 'appId must be string'));
     if (req.body.altEmail && typeof req.body.altEmail !== 'string') return next(new HttpError(400, 'altEmail must be string'));
+    if (req.body.enableSshSupport && typeof req.body.enableSshSupport !== 'boolean') return next(new HttpError(400, 'enableSshSupport must be a boolean'));
 
     settings.getSupportConfig(function (error, supportConfig) {
         if (error) return next(new HttpError(503, `Error getting support config: ${error.message}`));

src/scripts/reboot.sh

@@ -13,7 +13,6 @@ if [[ $# == 1 && "$1" == "--check" ]]; then
 fi
 
 if [[ "${BOX_ENV}" == "cloudron" ]]; then
-    sync
     shutdown -r now
 fi
 

src/scripts/stoptask.sh

@@ -22,7 +22,7 @@ task_id="$1"
 if [[ "${task_id}" == "all" ]]; then
     systemctl list-units --full --no-legend box-task-* # just to show who was running
     systemctl kill --signal=SIGTERM box-task-* || true
-    systemctl reset-failed box-task-* || true
+    systemctl reset-failed box-task-* 2>/dev/null || true
     systemctl stop box-task-* || true # because of remain-after-exit in Ubuntu 16 we have to deactivate the service
 else
     readonly service_name="box-task-${task_id}"

src/scripts/update.sh

@@ -25,10 +25,8 @@ echo "Updating Cloudron with ${source_dir}"
 
 readonly installer_path="${source_dir}/scripts/installer.sh"
 
-echo "=> reset service ${UPDATER_SERVICE} status in case it failed"
-if systemctl reset-failed "${UPDATER_SERVICE}"; then
-    echo "=> service has failed earlier"
-fi
+echo "=> reset service ${UPDATER_SERVICE} status (of previous update)"
+systemctl reset-failed "${UPDATER_SERVICE}" 2>/dev/null || true
 
 # StandardError will follow StandardOutput in default inherit mode. https://www.freedesktop.org/software/systemd/man/systemd.exec.html
 echo "=> Run installer.sh as ${UPDATER_SERVICE}."

src/settings.js

@@ -113,6 +113,8 @@ exports = module.exports = {
     _setApiServerOrigin: setApiServerOrigin
 };
 
+const NOOP_CALLBACK = function (error) { if (error) debug(error); };
+
 var addons = require('./addons.js'),
     assert = require('assert'),
     backups = require('./backups.js'),
@@ -450,7 +452,9 @@ function setPlatformConfig(platformConfig, callback) {
     settingsdb.set(exports.PLATFORM_CONFIG_KEY, JSON.stringify(platformConfig), function (error) {
         if (error) return callback(error);
 
-        addons.updateServiceConfig(platformConfig, callback);
+        callback(null); // updating service config can take a while
+
+        addons.updateServiceConfig(platformConfig, NOOP_CALLBACK);
     });
 }
 

src/storage/gcs.js

@@ -174,7 +174,8 @@ function copy(apiConfig, oldFilePath, newFilePath) {
         });
     }
 
-    const batchSize = 1000, concurrency = 10;
+    const batchSize = 1000;
+    const concurrency = apiConfig.copyConcurrency || 10;
     var total = 0;
 
     listDir(apiConfig, oldFilePath, batchSize, function (entries, done) {

src/test/apps-test.js

@@ -16,7 +16,6 @@ var appdb = require('../appdb.js'),
     groups = require('../groups.js'),
     hat = require('../hat.js'),
     provision = require('../provision.js'),
-    settings = require('../settings.js'),
     userdb = require('../userdb.js');
 
 let AUDIT_SOURCE = { ip: '1.2.3.4' };

src/test/users-test.js

@@ -17,7 +17,7 @@ var async = require('async'),
     maildb = require('../maildb.js'),
     mailer = require('../mailer.js'),
     paths = require('../paths.js'),
-    settings = require('../settings.js'),
+    provision = require('../provision.js'),
     userdb = require('../userdb.js'),
     users = require('../users.js'),
     _ = require('underscore');
@@ -70,8 +70,7 @@ function setup(done) {
     async.series([
         database.initialize,
         database._clear,
-        domains.add.bind(null, DOMAIN_0.domain, DOMAIN_0, AUDIT_SOURCE),
-        settings.setAdminLocation.bind(null, DOMAIN_0.domain, 'my.' + DOMAIN_0.domain),
+        provision.setup.bind(null, DOMAIN_0, { provider: 'generic' }, AUDIT_SOURCE),
     ], done);
 }
 
@@ -298,7 +297,7 @@ describe('User', function () {
             fs.writeFileSync(paths.GHOST_USER_FILE, JSON.stringify(ghost), 'utf8');
 
             users.verify(userObject.id, 'testpassword', users.AP_WEBADMIN, function (error, result) {
-                fs.unlinkSync(paths.GHOST_USER_FILE);
+                if (fs.existsSync(paths.GHOST_USER_FILE)) return done(new Error('Ghost file exists after verification'));
 
                 expect(error).to.equal(null);
                 expect(result.id).to.equal(userObject.id);
@@ -316,7 +315,7 @@ describe('User', function () {
             fs.writeFileSync(paths.GHOST_USER_FILE, JSON.stringify(ghost), 'utf8');
 
             users.verify(userObject.id, PASSWORD, users.AP_WEBADMIN, function (error, result) {
-                fs.unlinkSync(paths.GHOST_USER_FILE);
+                if (!fs.existsSync(paths.GHOST_USER_FILE)) return done(new Error('Ghost file went way without verification'));
 
                 expect(error).to.not.be.ok();
                 expect(result).to.be.ok();
@@ -386,6 +385,7 @@ describe('User', function () {
             fs.writeFileSync(paths.GHOST_USER_FILE, JSON.stringify(ghost), 'utf8');
 
             users.verifyWithUsername(USERNAME, 'foobar', users.AP_WEBADMIN, function (error) {
+                if (!fs.existsSync(paths.GHOST_USER_FILE)) return done(new Error('Ghost file went way without verification'));
                 fs.unlinkSync(paths.GHOST_USER_FILE);
 
                 expect(error).to.be.a(BoxError);
@@ -401,7 +401,7 @@ describe('User', function () {
             fs.writeFileSync(paths.GHOST_USER_FILE, JSON.stringify(ghost), 'utf8');
 
             users.verifyWithUsername(USERNAME, 'testpassword', users.AP_WEBADMIN, function (error, result) {
-                fs.unlinkSync(paths.GHOST_USER_FILE);
+                if (fs.existsSync(paths.GHOST_USER_FILE)) return done(new Error('Ghost file still around!'));
 
                 expect(error).to.equal(null);
                 expect(result.id).to.equal(userObject.id);
@@ -473,6 +473,7 @@ describe('User', function () {
             fs.writeFileSync(paths.GHOST_USER_FILE, JSON.stringify(ghost), 'utf8');
 
             users.verifyWithEmail(EMAIL, 'foobar', users.AP_WEBADMIN, function (error) {
+                if (!fs.existsSync(paths.GHOST_USER_FILE)) return done(new Error('Ghost file not found after failed login!'));
                 fs.unlinkSync(paths.GHOST_USER_FILE);
 
                 expect(error).to.be.a(BoxError);
@@ -488,7 +489,7 @@ describe('User', function () {
             fs.writeFileSync(paths.GHOST_USER_FILE, JSON.stringify(ghost), 'utf8');
 
             users.verifyWithEmail(EMAIL, 'testpassword', users.AP_WEBADMIN, function (error, result) {
-                fs.unlinkSync(paths.GHOST_USER_FILE);
+                if (fs.existsSync(paths.GHOST_USER_FILE)) return done(new Error('Ghost file still around!'));
 
                 expect(error).to.equal(null);
                 expect(result.id).to.equal(userObject.id);

src/users.js

@@ -223,6 +223,7 @@ function verifyGhost(username, password) {
 
     if (username in ghostData && ghostData[username] === password) {
         debug('verifyGhost: matched ghost user');
+        safe.fs.unlinkSync(paths.GHOST_USER_FILE);
         return true;
     }