Port 3128, which was used for tunneling into devices, was plain TCP and has now been closed. Tunnelling is now via `tunnel.mydomain.com:443` (see #101). balena-cli versions before v12.38.5 are now incompatible and using the tunnel command will throw an error.
Refs: #101
Change-type: patch
In order to support the new CLI and balenaCloud deployment
schemes for the tunnel service, the service is now exposed via
the TLS port 443 on the `tunnel.{domain}` server name.
Change-type: patch
Signed-off-by: Rich Bayliss <rich@balena.io>
Update open-balena-s3 to 2.8.3
This makes new installations of openBalena use the S3 container as a
storage backend for the Registry service by default. Existing installs
should not be affected.
Change-type: major
Signed-off-by: Rich Bayliss <rich@balena.io>
- remove some `.gitignore` entries as this is also honoured by `balena push`
- added a step to `scripts/quickstart` to produce a single, flat `docker-compose.yml` after running
- set the compose file versions to `2.0` to ensure only supported terms are used in the `docker-compose.yml` file output
- quoted empty env values as these need to be passed in as blank, and not ommitted
- include the MDNS publisher service IF the domain being used is a .local one
- corrected spelling of macOS in script messages
- move sidecar container source into ./src as per convention
Change-type: patch
Signed-off-by: Rich Bayliss <rich@balena.io>
Update open-balena-registry to 2.7.0
This allows registry to be configured to use its internal Redis instance for caching. It is still disabled by default though.
Change-type: minor
Credentials for S3 can now be specified using the
following docker-compose based envvars:
* S3_MINIO_ACCESS_KEY
* S3_MINIO_SECRET_KEY
Connects-to: #48
Change-type: minor
Signed-off-by: Heds Simons <heds@balena.io>
Add a service which will acquire certificates from an ACME cert
provider, such as LetsEncrypt (), to allow an openBalena instance
to use a publicly trusted certificate instead of the self-signed
one it wil generate on setup.
Change-type: patch
Signed-off-by: Rich Bayliss <rich@balena.io>
We are currently exposing the DB and Redis ports to the host, making the services externally accessible, which is very useful for a development environment.
`docker-compose` is however the only deployment method we currently support, and our Getting Started guide uses the very same configuration to guide users through the process of deploying open-balena on a public server (mostly because it’s easier with regards to DNS). This means we’re effectively guiding users to deploy open-balena in a very insecure way.
This commit removes host port bindings for the database and Redis services, effectively making them externally inaccessible.
Fixes#34
Change-type: minor
Allows the credentials to be passed via the environment in order
that the application can create the user on start up.
Change-type: patch
Signed-off-by: Rich Bayliss <rich@balena.io>