dave/coolify
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
10,817 Commits 1 Branch 0 Tags
852be5fd93c356fb0c6e0896daf5e24e574daa6a
Commit Graph

3637 Commits

Author SHA1 Message Date
peaklabs-dev
852be5fd93 feat(ssl): check for SSL renewal twice daily 2025-02-05 22:11:10 +01:00
peaklabs-dev
806d9af569 feat(ssl): improve SSL generation and security a lot 
- rename some variables for better clarity
- format subjectAltNames correctly
- setup extensions more securely and improve them a lot
- use finally block to remove tempConfig
 2025-02-05 22:09:37 +01:00
peaklabs-dev
951a454cbc fix(ssl): regenerating certs for a specific DB 
- fix: add mount path to make file mounts work correctly
- fix: get CA cert of the server not some random cert
 2025-02-05 21:22:54 +01:00
peaklabs-dev
ba24630c28 fix(ssl): make sure when regenerating the CA cert it is not overwritten with a server cert 2025-02-05 21:13:30 +01:00
peaklabs-dev
7666cec462 fix(ssl): wrong ssl cert is loaded to the server and UI error when regenerating SSL 2025-02-05 21:10:37 +01:00
peaklabs-dev
1003858632 feat(ssl): Add openssl.conf to configure SSL extension properly 2025-02-05 18:06:38 +01:00
peaklabs-dev
a3c4f86e80 fix(ssl): do not remove SSL directory 2025-02-05 18:03:55 +01:00
peaklabs-dev
e81ed1aad8 feat(ssl): Add full MariaDB SSL support 2025-02-04 21:08:20 +01:00
peaklabs-dev
8f2b45c8b5 fix(ssl): use 1 instead of on for mysql 2025-02-04 20:52:23 +01:00
peaklabs-dev
80fc7c7b97 fix(ssl): use mountPath parameter not a hardcoded path 2025-02-04 18:31:09 +01:00
peaklabs-dev
3f857c6dac feat(ssl): Add full MySQL SSL Support 2025-02-04 18:29:35 +01:00
peaklabs-dev
d6a39f2ed3 fix(ssl): always create ca crt on disk even if it is already there 2025-02-04 16:57:40 +01:00
peaklabs-dev
da148f93a6 feat(ssl): regenerate CA cert and all other certs logic 2025-02-04 16:55:36 +01:00
peaklabs-dev
3c62130e86 fix(ssl): improve SSL cert file mounts 
- If SSL is disabled, delete the SSL crt and file mounts in the DB
- If SSL is disabled, delete the SSL folder
- If SSL is enabled, make sure the file mounts are added inside the helper
- remove old file mounts first to make sure the ssl crt content is always up to date and no duplicates are added
 2025-02-04 16:34:24 +01:00
peaklabs-dev
6de76ca3f8 fix(deletion): fix DB deletion 
- delete file mounts, volume mounts, envs, ssl crts, backups and detach tags correctly when deleting
 2025-02-04 15:32:56 +01:00
peaklabs-dev
fd5b7492f8 chore(ui): improve valid until handling 2025-02-03 23:21:09 +01:00
peaklabs-dev
53510928d2 feat(ssl): regenerate certificate and valid until UI 2025-02-03 22:54:31 +01:00
peaklabs-dev
cd335e9e00 fix(ssl): make sure the subjectAlternativeNames are unique and stored correctly 2025-02-03 22:42:15 +01:00
peaklabs-dev
2fbb898c89 feat(ssl): regenerate SSL certs job 2025-02-03 22:37:12 +01:00
peaklabs-dev
fba95c3729 fix(migration): store subjectAlternativeNames as a json array in the db 2025-02-03 22:35:00 +01:00
🏔️ Peak
f871c1067b Merge branch 'next' into feat-db-ssl 2025-02-03 22:20:51 +01:00
peaklabs-dev
72a2f79d88 feat(ssl): improve ssl generation 
- add default state and country
- rename parameters for more clarity
- set subjectAltName
- delete old certificate before creating new one
- Set CN and subjectAltNames in DB for automatic renewal
 2025-02-03 22:11:29 +01:00
peaklabs-dev
9d9fbd6859 feat(databases): add CA SSL crt location to Postgres URLs 2025-02-03 22:06:53 +01:00
peaklabs-dev
498bf04559 feat(migration): add CN and alternative names to DB 2025-02-03 22:05:32 +01:00
peaklabs-dev
5f357e3d92 fix(database): fix volume and file mounts and naming 
- fix: Volume and file mounts are unmounted if there are more than 1
- rename the crt and key to server key and crt to follow best practices
- move crt and key to a more standardized location
 2025-02-03 22:03:45 +01:00
Andras Bacsai
f4575e531f fix(backup): escape special characters in database backup commands 2025-02-03 21:49:13 +01:00
peaklabs-dev
a1e650e699 chore: rename ca crt folder to ssl 2025-02-03 21:42:28 +01:00
Andras Bacsai
c45c64a1a1 fix(ui): always redirect to dashboard after team switch 2025-02-03 21:38:40 +01:00
Andras Bacsai
035db67180 Merge pull request #5036 from sistracia/next 
fix(api): domain check when updating domain
 2025-02-03 21:28:42 +01:00
Andras Bacsai
1e9a4aa5b6 fix(core): remove --remove-orphans flag from proxy startup command to prevent other proxy deletions (db) 2025-02-03 21:24:27 +01:00
Andras Bacsai
2a03544593 fix(core): stopping database is not disabling db proxy 2025-02-03 21:23:43 +01:00
Andras Bacsai
0ff7c468c8 fix(ui): skip SERVICE_FQDN and SERVICE_URL variables during update 2025-02-03 15:44:15 +01:00
sistracia
43e8d17197 fix(api): domain check when updating domain 2025-02-02 14:52:05 +07:00
peaklabs-dev
7406ee67c2 chore(ssl): rename CA cert to coolify-ca.crt because of conflicts 2025-01-31 18:27:20 +01:00
Andras Bacsai
83f0f9fca4 fix(core): improve public repository URL parsing for branch and base directory 2025-01-31 18:17:00 +01:00
peaklabs-dev
85c777d2a4 feat(ssl): use new improved helper for SSL generation 
- use CA cert and key for SSL cert generation
- remove unused parameters
- add a few more echo with log output
 2025-01-31 13:56:20 +01:00
peaklabs-dev
02475c5232 feat(ssl): improve SSL helper 
- improve function parameters
- set default validity to 1 year as resources need to be manually restarted to use the new certificates
- use the CA cert to sign certificates
 2025-01-31 13:37:34 +01:00
peaklabs-dev
34216af497 fix(db): SSL certificates table and model 
- server_id is a foreign id
- server_id must be unique as each server can only have 1 CA cert
- resource_id must be unique as each resource can only have 1 SSL cert
 2025-01-31 12:35:34 +01:00
peaklabs-dev
0915303769 feat(ssl): Add Coolify CA Certificate when adding a new server 2025-01-31 12:27:29 +01:00
peaklabs-dev
e1245f49f1 fix(ui): select component should not always uses title case 2025-01-31 11:57:30 +01:00
peaklabs-dev
34188450eb feat(ssl): improve SSL helper 
- improve security by making certificates valid for only 90 days instead of 10 years
- add SubjectAltName
- remove unnecessary parameters
- use carbon immutable to make sure expiration date stays the same
 2025-01-30 19:52:21 +01:00
peaklabs-dev
d280f11b6b feat(ssl): migrate to ECCcertificates using secp521r1 
- Replace RSA 4096 with ECDSA secp521r1 for stronger security (256-bit vs 112-bit)
- Faster certificate generation (3-4x speed improvement)
- 75% smaller key sizes (0.8KB vs 3.2KB) improves storage and transmission
 2025-01-30 19:21:18 +01:00
peaklabs-dev
546001890c chore(ssl): improve code in ssl helper 2025-01-30 14:37:12 +01:00
peaklabs-dev
3632f29af8 feat(ssl): ssl generation helper 2025-01-30 14:17:12 +01:00
peaklabs-dev
2ac9147532 chore(migration): remove unused columns 2025-01-30 14:16:52 +01:00
peaklabs-dev
429453af36 fix(ui): make sure file mounts do not showing the encrypted values 2025-01-30 14:16:27 +01:00
peaklabs-dev
9f9349925a fix(ssl): permission of ssl crt and key inside the container 2025-01-30 12:58:48 +01:00
peaklabs-dev
b124904245 feat(db): setup ssl during Postgres start 
- create ssl directory
- create a new certificate if one does not already exist
- add the certificates to the file store so that they are created as file mounts
- add SSL startup commands
 2025-01-29 13:30:45 +01:00
peaklabs-dev
92a4b5fce7 feat(db): add ssl mode to Postgres URLs 2025-01-29 13:28:42 +01:00
peaklabs-dev
875d1d49bb feat(ui): Add ssl settings to Postgres ui 2025-01-29 13:25:05 +01:00