jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
482169c8054d98df8f3e1f43e2d5297607efec83
cloudron-box/src
T
History
Girish Ramakrishnan 7a7223a261 OCSP: do not set must-staple in certificate request 
On first visit in firefox, must-staple certs (unlike chrome which ignores must-staple) always fail.
Investigating, it turns out, nginx does not fetch OCSP responses on reload or restart - https://trac.nginx.org/nginx/ticket/812 .
So, one has to prime the OCSP cache using curl requests. Alternately, one can use `openssl ocsp -noverify -no_nonce` and
then set `ssl_stapling_file`. Both approaches won't work if the OCSP servers are down and then we have to have some retry logic.
Also, the cache is per nginx worker, so I have no clue how many times one has to call curl. The `ssl_stapling_file` approach
requires some refresh logic as well. All very messy.

For the moment, do not set must-staple in the cert. Instead, check if the cert has a CSP URL and then enable
stapling in nginx accordingly.
2021-04-16 13:33:32 -07:00
..
cert
OCSP: do not set must-staple in certificate request
2021-04-16 13:33:32 -07:00
collectd
volumes: collect du data
2021-01-04 15:14:00 -08:00
dns
namecheap: fix del
2021-04-13 22:27:38 -07:00
mail_templates
notifications: no email for app up/down/oom events
2021-04-15 15:29:25 -07:00
middleware
add routes to get/set solr config
2020-11-19 20:19:24 -08:00
routes
mail: add active flag to mailboxes and lists
2021-04-15 11:49:19 -07:00
scripts
Fix failing dns and network test
2021-04-14 21:43:51 -07:00
storage
check for autofs mounts
2021-03-19 09:59:09 -07:00
sysinfo
Use debug instead of console.* everywhere
2020-08-02 12:04:55 -07:00
test
Fix failing dns and network test
2021-04-14 21:43:51 -07:00
accesscontrol.js
tokens: add lastUsedTime
2021-03-16 16:04:17 -07:00
appdb.js
clone: copy services config
2021-03-30 12:45:28 -07:00
apphealthmonitor.js
apphealthmonitor: 403 is ok
2021-03-30 11:57:30 -07:00
apps.js
Add missing callback()
2021-04-15 16:33:21 -07:00
appstore.js
appstore: on dashboard domain change, update cloudron label
2021-04-13 14:19:45 -07:00
apptask.js
add progress message for restoring addons
2021-04-05 11:35:47 -07:00
apptaskmanager.js
sftp: only rebuild when app task queue is empty
2021-03-16 18:29:01 -07:00
auditsource.js
autoconfig.xml.ejs
email autoconfig
2021-01-28 16:58:37 -08:00
backupdb.js
backups: remove entries from database that don't exist in storage
2021-02-19 11:34:22 -08:00
backups.js
Send translation keys instead of raw english string for backup checks
2021-04-01 16:35:50 +02:00
boxerror.js
firewall: implement blocklist
2020-08-31 21:46:07 -07:00
branding.js
branding: add template variables
2020-10-18 10:19:13 -07:00
changelog.js
cloudron.js
mail: add active flag to mailboxes and lists
2021-04-15 11:49:19 -07:00
collectd.js
Optimize collectd restart to be skipped if profile hasn't actually changed
2020-03-06 17:44:31 -08:00
constants.js
blacklist couchpotato on demo
2021-01-11 22:29:21 -08:00
crashnotifier.js
cron.js
Add missing require
2021-01-31 20:47:33 -08:00
database.js
make tests pass again
2020-07-10 09:33:35 -07:00
datalayout.js
docker.js
fix registry config setter
2021-03-02 18:34:06 -08:00
dockerproxy.js
Use debug instead of console.* everywhere
2020-08-02 12:04:55 -07:00
domaindb.js
move wellKnownJson to domains
2020-12-23 17:13:22 -08:00
domains.js
Fix progress indicator
2021-03-02 21:25:23 -08:00
dyndns.js
eventlog.js
eventlog: only merge ldap login events (and not dashboard)
2021-01-06 22:09:37 -08:00
eventlogdb.js
externalldap.js
Use debug instead of console.* everywhere
2020-08-02 12:04:55 -07:00
groupdb.js
groupMembers: add unique constraint
2020-12-22 16:18:15 -08:00
groups.js
groupMembers: add unique constraint
2020-12-22 16:18:15 -08:00
hat.js
infra_version.js
mysql: remove use of mysql_upgrade
2021-04-01 11:50:03 -07:00
iputils.js
statically allocate app container IPs
2020-11-20 16:19:59 -08:00
janitor.js
Fallback to NOOP callback if not supplied
2020-08-04 14:32:01 +02:00
ldap.js
mail: add active flag to mailboxes and lists
2021-04-15 11:49:19 -07:00
locker.js
logrotate.ejs
logrotate: add some comments
2020-05-11 14:38:50 -07:00
mail.js
mail: add active flag to mailboxes and lists
2021-04-15 11:49:19 -07:00
mailboxdb.js
mail: add active flag to mailboxes and lists
2021-04-15 11:49:19 -07:00
maildb.js
mail: add API to get/set banner
2020-08-24 08:56:13 -07:00
mailer.js
notifications: no email for app up/down/oom events
2021-04-15 15:29:25 -07:00
native-dns.js
bring back resolvconf and unbound DNS
2020-11-25 10:02:43 -08:00
network.js
Fix blocklist setting when source and list have mixed ip versions
2021-04-07 17:31:04 +02:00
nginxconfig.ejs
implement OCSP stapling
2021-04-16 12:13:54 -07:00
notificationdb.js
notifications.js
notifications: no email for app up/down/oom events
2021-04-15 15:29:25 -07:00
paths.js
read ratio from swap-ratio
2021-01-20 20:20:00 -08:00
platform.js
restore: add skipDnsSetup flag
2021-02-24 14:56:09 -08:00
provision.js
restore: add skipDnsSetup flag
2021-02-24 14:56:09 -08:00
proxyauth.js
proxyAuth: check for basicAuth flag to permit basic auth
2021-02-23 21:54:49 -08:00
releases.gpg
new public gpg key that doesn't expire
2020-08-07 22:17:30 -07:00
reverseproxy.js
OCSP: do not set must-staple in certificate request
2021-04-16 13:33:32 -07:00
scheduler.js
scheduler: fix crash when container already exists
2020-12-08 11:36:57 -08:00
server.js
users: add route to disable 2fa
2021-04-14 20:45:35 -07:00
services.js
mysql: Fix "mbind: Operation not permitted" warning"
2021-04-05 15:28:46 -07:00
settings.js
fix registry config setter
2021-03-02 18:34:06 -08:00
settingsdb.js
sftp.js
sftp: only rebuild when app task queue is empty
2021-03-16 18:29:01 -07:00
shell.js
Only rebuild sftp is something has changed
2020-08-21 09:24:06 +02:00
support.js
Fix provider usage
2020-06-25 11:20:05 -07:00
syncer.js
sysinfo.js
system.js
Fix disk usage graphs
2021-01-27 21:48:06 -08:00
taskdb.js
tasks.js
stopAllTasks: the box dir might disappear
2021-03-02 22:26:43 -08:00
taskworker.js
mysql: bump connection limit to 200
2021-04-09 10:55:31 -07:00
tokendb.js
tokens: add lastUsedTime
2021-03-16 16:04:17 -07:00
tokens.js
tokens: add lastUsedTime
2021-03-16 16:04:17 -07:00
translation.js
remove debug
2021-02-24 16:39:41 -08:00
updatechecker.js
better logs
2021-03-03 13:49:22 -08:00
updater.js
better error message when update-info.json is old
2021-03-03 10:21:52 -08:00
userdb.js
users: replace modifiedAt with ts
2020-07-09 16:02:49 -07:00
users.js
user: return 2fa status for the UI
2021-04-14 21:46:35 -07:00
volumedb.js
Fix error code handling
2020-10-30 10:04:00 -07:00
volumes.js
it is uuid.v4() now
2021-02-17 23:18:36 -08:00
wellknown.js
email autoconfig
2021-01-28 16:58:37 -08:00