Date: Fri, 16 Oct 2020 13:43:13 +1000
Subject: [PATCH 003/780] Updated version
---
.version | 2 +-
README.md | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/.version b/.version
index e70b4523a..6a6a3d8e3 100644
--- a/.version
+++ b/.version
@@ -1 +1 @@
-2.6.0
+2.6.1
diff --git a/README.md b/README.md
index b94dbcd80..c798a6f9a 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
- 
+ 
From 1028de8158a3e9396930c2e91d5862de5d7866ba Mon Sep 17 00:00:00 2001
From: chaptergy <26956711+chaptergy@users.noreply.github.com>
Date: Sat, 17 Oct 2020 12:13:08 +0200
Subject: [PATCH 004/780] Adds certbot plugin installation check on startup
---
backend/internal/certificate.js | 50 +++++++++++++--------------------
backend/setup.js | 43 +++++++++++++++++++++++++++-
frontend/js/i18n/messages.json | 2 +-
global/certbot-dns-plugins.js | 2 +-
4 files changed, 64 insertions(+), 33 deletions(-)
diff --git a/backend/internal/certificate.js b/backend/internal/certificate.js
index 613c837c5..e00d1f243 100644
--- a/backend/internal/certificate.js
+++ b/backend/internal/certificate.js
@@ -788,7 +788,7 @@ const internalCertificate = {
logger.info(`Requesting Let'sEncrypt certificates via ${dns_plugin.display_name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`);
- const credentials_loc = '/etc/letsencrypt/credentials-' + certificate.id;
+ const credentials_loc = '/etc/letsencrypt/credentials/credentials-' + certificate.id;
const credentials_cmd = 'echo \'' + certificate.meta.dns_provider_credentials.replace('\'', '\\\'') + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\'';
const prepare_cmd = 'pip3 install ' + dns_plugin.package_name + '==' + dns_plugin.package_version;
@@ -818,11 +818,9 @@ const internalCertificate = {
if (certificate.meta.dns_provider === 'route53') {
main_cmd = 'AWS_CONFIG_FILE=\'' + credentials_loc + '\' ' + main_cmd;
}
-
- const teardown_cmd = `rm '${credentials_loc}'`;
if (debug_mode) {
- logger.info('Command:', `${credentials_cmd} && ${prepare_cmd} && ${main_cmd} && ${teardown_cmd}`);
+ logger.info('Command:', `${credentials_cmd} && ${prepare_cmd} && ${main_cmd}`);
}
return utils.exec(credentials_cmd)
@@ -831,11 +829,15 @@ const internalCertificate = {
.then(() => {
return utils.exec(main_cmd)
.then(async (result) => {
- await utils.exec(teardown_cmd);
logger.info(result);
return result;
});
});
+ }).catch(async (err) => {
+ // Don't fail if file does not exist
+ const delete_credentials_cmd = `rm -f '${credentials_loc}' || true`;
+ await utils.exec(delete_credentials_cmd);
+ throw err;
});
},
@@ -922,10 +924,6 @@ const internalCertificate = {
logger.info(`Renewing Let'sEncrypt certificates via ${dns_plugin.display_name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`);
- const credentials_loc = '/etc/letsencrypt/credentials-' + certificate.id;
- const credentials_cmd = 'echo \'' + certificate.meta.dns_provider_credentials.replace('\'', '\\\'') + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\'';
- const prepare_cmd = 'pip3 install ' + dns_plugin.package_name + '==' + dns_plugin.package_version;
-
let main_cmd =
certbot_command + ' renew --non-interactive ' +
'--cert-name "npm-' + certificate.id + '" ' +
@@ -937,23 +935,14 @@ const internalCertificate = {
main_cmd = 'AWS_CONFIG_FILE=\'' + credentials_loc + '\' ' + main_cmd;
}
- const teardown_cmd = `rm '${credentials_loc}'`;
-
if (debug_mode) {
- logger.info('Command:', `${credentials_cmd} && ${prepare_cmd} && ${main_cmd} && ${teardown_cmd}`);
+ logger.info('Command:', main_cmd);
}
- return utils.exec(credentials_cmd)
- .then(() => {
- return utils.exec(prepare_cmd)
- .then(() => {
- return utils.exec(main_cmd)
- .then(async (result) => {
- await utils.exec(teardown_cmd);
- logger.info(result);
- return result;
- });
- });
+ return utils.exec(main_cmd)
+ .then(async (result) => {
+ logger.info(result);
+ return result;
});
},
@@ -965,20 +954,21 @@ const internalCertificate = {
revokeLetsEncryptSsl: (certificate, throw_errors) => {
logger.info('Revoking Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));
- let cmd = certbot_command + ' revoke --non-interactive ' +
+ const main_cmd = certbot_command + ' revoke --non-interactive ' +
'--cert-path "/etc/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem" ' +
'--delete-after-revoke ' +
(le_staging ? '--staging' : '');
+ // Don't fail command if file does not exist
+ const delete_credentials_cmd = `rm -f '/etc/letsencrypt/credentials/credentials-${certificate.id}' || true`;
+
if (debug_mode) {
- logger.info('Command:', cmd);
+ logger.info('Command:', main_cmd + '; ' + delete_credentials_cmd);
}
- return utils.exec(cmd)
- .then((result) => {
- if (debug_mode) {
- logger.info('Command:', cmd);
- }
+ return utils.exec(main_cmd)
+ .then(async (result) => {
+ await utils.exec(delete_credentials_cmd);
logger.info(result);
return result;
})
diff --git a/backend/setup.js b/backend/setup.js
index e47431f05..13ebc700f 100644
--- a/backend/setup.js
+++ b/backend/setup.js
@@ -2,10 +2,13 @@ const fs = require('fs');
const NodeRSA = require('node-rsa');
const config = require('config');
const logger = require('./logger').setup;
+const certificateModel = require('./models/certificate');
const userModel = require('./models/user');
const userPermissionModel = require('./models/user_permission');
+const utils = require('./lib/utils');
const authModel = require('./models/auth');
const settingModel = require('./models/setting');
+const dns_plugins = require('./global/certbot-dns-plugins');
const debug_mode = process.env.NODE_ENV !== 'production' || !!process.env.DEBUG;
/**
@@ -155,8 +158,46 @@ const setupDefaultSettings = () => {
});
};
+/**
+ * Installs all Certbot plugins which are required for an installed certificate
+ *
+ * @returns {Promise}
+ */
+const setupCertbotPlugins = () => {
+ return certificateModel
+ .query()
+ .where('is_deleted', 0)
+ .andWhere('provider', 'letsencrypt')
+ .then((certificates) => {
+ if (certificates && certificates.length) {
+ let plugins = [];
+ let promises = [];
+
+ certificates.map(function (certificate) {
+ if (certificate.meta && certificate.meta.dns_challenge === true) {
+ const dns_plugin = dns_plugins[certificate.meta.dns_provider];
+ const package = `${dns_plugin.package_name}==${dns_plugin.package_version}`;
+ if (plugins.indexOf(package) === -1) plugins.push(package);
+
+ // Make sure credentials file exists
+ const credentials_loc = '/etc/letsencrypt/credentials/credentials-' + certificate.id;
+ const credentials_cmd = '[ -f \'' + credentials_loc + '\' ] || { mkdir /etc/letsencrypt/credentials; echo \'' + certificate.meta.dns_provider_credentials.replace('\'', '\\\'') + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\'; }';
+ promises.push(utils.exec(credentials_cmd));
+ }
+ });
+
+ const install_cmd = 'pip3 install ' + plugins.join(' ');
+ promises.push(utils.exec(install_cmd));
+ return Promise.all(promises).then(() => {
+ logger.info('Added Certbot plugins ' + plugins.join(', '));
+ });
+ }
+ });
+};
+
module.exports = function () {
return setupJwt()
.then(setupDefaultUser)
- .then(setupDefaultSettings);
+ .then(setupDefaultSettings)
+ .then(setupCertbotPlugins);
};
diff --git a/frontend/js/i18n/messages.json b/frontend/js/i18n/messages.json
index 8ce201aad..eb0f2d298 100644
--- a/frontend/js/i18n/messages.json
+++ b/frontend/js/i18n/messages.json
@@ -109,7 +109,7 @@
"please-choose": "Please Choose...",
"credentials-file-content": "Credentials File Content",
"credentials-file-content-info": "This plugin requires a configuration file containing an API token or other credentials to your provider",
- "stored-as-plaintext-info": "This data will be stored as plaintext in the database!",
+ "stored-as-plaintext-info": "This data will be stored as plaintext in the database and in a file!",
"propagation-seconds": "Propagation Seconds",
"propagation-seconds-info": "Leave empty to use the plugins default value. Number of seconds to wait for DNS propagation.",
"processing-info": "Processing... This might take a few minutes."
diff --git a/global/certbot-dns-plugins.js b/global/certbot-dns-plugins.js
index 8170f73ed..e87425ca9 100644
--- a/global/certbot-dns-plugins.js
+++ b/global/certbot-dns-plugins.js
@@ -181,7 +181,7 @@ dns_netcup_api_password = abcdef0123456789abcdef01234567abcdef0123`,
njalla: {
display_name: 'Njalla',
package_name: 'certbot-dns-njalla',
- package_version: '0.0.4',
+ package_version: '1.0.0',
credentials: 'certbot_dns_njalla:dns_njalla_token = 0123456789abcdef0123456789abcdef01234567',
full_plugin_name: 'certbot-dns-njalla:dns-njalla',
},
From 08ab62108fb76d8e39e06be46fdc1604fb33c1e3 Mon Sep 17 00:00:00 2001
From: chaptergy <26956711+chaptergy@users.noreply.github.com>
Date: Sat, 17 Oct 2020 12:25:36 +0200
Subject: [PATCH 005/780] Fixes eslint errors
---
backend/internal/certificate.js | 3 +-
backend/setup.js | 61 +++++++++++++++++----------------
2 files changed, 33 insertions(+), 31 deletions(-)
diff --git a/backend/internal/certificate.js b/backend/internal/certificate.js
index e00d1f243..97749b90d 100644
--- a/backend/internal/certificate.js
+++ b/backend/internal/certificate.js
@@ -932,7 +932,8 @@ const internalCertificate = {
// Prepend the path to the credentials file as an environment variable
if (certificate.meta.dns_provider === 'route53') {
- main_cmd = 'AWS_CONFIG_FILE=\'' + credentials_loc + '\' ' + main_cmd;
+ const credentials_loc = '/etc/letsencrypt/credentials/credentials-' + certificate.id;
+ main_cmd = 'AWS_CONFIG_FILE=\'' + credentials_loc + '\' ' + main_cmd;
}
if (debug_mode) {
diff --git a/backend/setup.js b/backend/setup.js
index 13ebc700f..7e18c926f 100644
--- a/backend/setup.js
+++ b/backend/setup.js
@@ -2,10 +2,10 @@ const fs = require('fs');
const NodeRSA = require('node-rsa');
const config = require('config');
const logger = require('./logger').setup;
-const certificateModel = require('./models/certificate');
+const certificateModel = require('./models/certificate');
const userModel = require('./models/user');
const userPermissionModel = require('./models/user_permission');
-const utils = require('./lib/utils');
+const utils = require('./lib/utils');
const authModel = require('./models/auth');
const settingModel = require('./models/setting');
const dns_plugins = require('./global/certbot-dns-plugins');
@@ -165,34 +165,35 @@ const setupDefaultSettings = () => {
*/
const setupCertbotPlugins = () => {
return certificateModel
- .query()
- .where('is_deleted', 0)
- .andWhere('provider', 'letsencrypt')
- .then((certificates) => {
- if (certificates && certificates.length) {
- let plugins = [];
- let promises = [];
-
- certificates.map(function (certificate) {
- if (certificate.meta && certificate.meta.dns_challenge === true) {
- const dns_plugin = dns_plugins[certificate.meta.dns_provider];
- const package = `${dns_plugin.package_name}==${dns_plugin.package_version}`;
- if (plugins.indexOf(package) === -1) plugins.push(package);
-
- // Make sure credentials file exists
- const credentials_loc = '/etc/letsencrypt/credentials/credentials-' + certificate.id;
- const credentials_cmd = '[ -f \'' + credentials_loc + '\' ] || { mkdir /etc/letsencrypt/credentials; echo \'' + certificate.meta.dns_provider_credentials.replace('\'', '\\\'') + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\'; }';
- promises.push(utils.exec(credentials_cmd));
- }
- });
-
- const install_cmd = 'pip3 install ' + plugins.join(' ');
- promises.push(utils.exec(install_cmd));
- return Promise.all(promises).then(() => {
- logger.info('Added Certbot plugins ' + plugins.join(', '));
- });
- }
- });
+ .query()
+ .where('is_deleted', 0)
+ .andWhere('provider', 'letsencrypt')
+ .then((certificates) => {
+ if (certificates && certificates.length) {
+ let plugins = [];
+ let promises = [];
+
+ certificates.map(function (certificate) {
+ if (certificate.meta && certificate.meta.dns_challenge === true) {
+ const dns_plugin = dns_plugins[certificate.meta.dns_provider];
+ const package_to_install = `${dns_plugin.package_name}==${dns_plugin.package_version}`;
+
+ if (plugins.indexOf(package_to_install) === -1) plugins.push(package_to_install);
+
+ // Make sure credentials file exists
+ const credentials_loc = '/etc/letsencrypt/credentials/credentials-' + certificate.id;
+ const credentials_cmd = '[ -f \'' + credentials_loc + '\' ] || { mkdir /etc/letsencrypt/credentials; echo \'' + certificate.meta.dns_provider_credentials.replace('\'', '\\\'') + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\'; }';
+ promises.push(utils.exec(credentials_cmd));
+ }
+ });
+
+ const install_cmd = 'pip3 install ' + plugins.join(' ');
+ promises.push(utils.exec(install_cmd));
+ return Promise.all(promises).then(() => {
+ logger.info('Added Certbot plugins ' + plugins.join(', '));
+ });
+ }
+ });
};
module.exports = function () {
From 7ba58bdbd3d0667337fc1e48281828e49c0ec56b Mon Sep 17 00:00:00 2001
From: MarceloLagos <4932984+MarceloLagos@users.noreply.github.com>
Date: Sat, 17 Oct 2020 23:27:12 -0600
Subject: [PATCH 006/780] Update certificate.js
---
backend/internal/certificate.js | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/backend/internal/certificate.js b/backend/internal/certificate.js
index 613c837c5..707e5ecdf 100644
--- a/backend/internal/certificate.js
+++ b/backend/internal/certificate.js
@@ -608,11 +608,12 @@ const internalCertificate = {
checkPrivateKey: (private_key) => {
return tempWrite(private_key, '/tmp')
.then((filepath) => {
- return utils.exec('openssl rsa -in ' + filepath + ' -check -noout')
- .then((result) => {
- if (!result.toLowerCase().includes('key ok')) {
- throw new error.ValidationError(result);
- }
+ let key_type = private_key.includes('-----BEGIN RSA') ? 'rsa' : 'ec';
+ return utils.exec('openssl ' + key_type + ' -in ' + filepath + ' -check -noout 2>&1 ')
+ .then((result) => {
+ if (!result.toLowerCase().includes('key ok') && !result.toLowerCase().includes('key valid') ) {
+ throw new error.ValidationError('Result Validation Error: ' + result);
+ }
fs.unlinkSync(filepath);
return true;
From 190cd2d6bb48e63127d03f9dde070e0934f1919c Mon Sep 17 00:00:00 2001
From: MarceloLagos <4932984+MarceloLagos@users.noreply.github.com>
Date: Sat, 17 Oct 2020 23:46:18 -0600
Subject: [PATCH 007/780] Update certificate.js
---
backend/internal/certificate.js | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/backend/internal/certificate.js b/backend/internal/certificate.js
index 707e5ecdf..bd3155dab 100644
--- a/backend/internal/certificate.js
+++ b/backend/internal/certificate.js
@@ -608,13 +608,12 @@ const internalCertificate = {
checkPrivateKey: (private_key) => {
return tempWrite(private_key, '/tmp')
.then((filepath) => {
- let key_type = private_key.includes('-----BEGIN RSA') ? 'rsa' : 'ec';
- return utils.exec('openssl ' + key_type + ' -in ' + filepath + ' -check -noout 2>&1 ')
- .then((result) => {
- if (!result.toLowerCase().includes('key ok') && !result.toLowerCase().includes('key valid') ) {
- throw new error.ValidationError('Result Validation Error: ' + result);
- }
-
+ let key_type = private_key.includes('-----BEGIN RSA') ? 'rsa' : 'ec';
+ return utils.exec('openssl ' + key_type + ' -in ' + filepath + ' -check -noout 2>&1 ')
+ .then((result) => {
+ if (!result.toLowerCase().includes('key ok') && !result.toLowerCase().includes('key valid') ) {
+ throw new error.ValidationError('Result Validation Error: ' + result);
+ }
fs.unlinkSync(filepath);
return true;
}).catch((err) => {
From f192748bf9e61b3dce8f43668f947022f1ba04fc Mon Sep 17 00:00:00 2001
From: Jamie Curnow
Date: Mon, 19 Oct 2020 11:40:50 +1000
Subject: [PATCH 008/780] Use x-real-ip header for the real-ip module
---
.../etc/nginx/conf.d/include/ip_ranges.conf | 198 +-----------------
docker/rootfs/etc/nginx/nginx.conf | 2 +-
2 files changed, 3 insertions(+), 197 deletions(-)
diff --git a/docker/rootfs/etc/nginx/conf.d/include/ip_ranges.conf b/docker/rootfs/etc/nginx/conf.d/include/ip_ranges.conf
index 2542b7fe4..342493254 100644
--- a/docker/rootfs/etc/nginx/conf.d/include/ip_ranges.conf
+++ b/docker/rootfs/etc/nginx/conf.d/include/ip_ranges.conf
@@ -1,196 +1,2 @@
-
-set_real_ip_from 144.220.0.0/16;
-
-set_real_ip_from 52.124.128.0/17;
-
-set_real_ip_from 54.230.0.0/16;
-
-set_real_ip_from 54.239.128.0/18;
-
-set_real_ip_from 52.82.128.0/19;
-
-set_real_ip_from 99.84.0.0/16;
-
-set_real_ip_from 204.246.172.0/24;
-
-set_real_ip_from 205.251.192.0/19;
-
-set_real_ip_from 54.239.192.0/19;
-
-set_real_ip_from 70.132.0.0/18;
-
-set_real_ip_from 13.32.0.0/15;
-
-set_real_ip_from 13.224.0.0/14;
-
-set_real_ip_from 13.35.0.0/16;
-
-set_real_ip_from 204.246.164.0/22;
-
-set_real_ip_from 204.246.168.0/22;
-
-set_real_ip_from 71.152.0.0/17;
-
-set_real_ip_from 216.137.32.0/19;
-
-set_real_ip_from 205.251.249.0/24;
-
-set_real_ip_from 99.86.0.0/16;
-
-set_real_ip_from 52.46.0.0/18;
-
-set_real_ip_from 52.84.0.0/15;
-
-set_real_ip_from 204.246.173.0/24;
-
-set_real_ip_from 130.176.0.0/16;
-
-set_real_ip_from 64.252.64.0/18;
-
-set_real_ip_from 204.246.174.0/23;
-
-set_real_ip_from 64.252.128.0/18;
-
-set_real_ip_from 205.251.254.0/24;
-
-set_real_ip_from 143.204.0.0/16;
-
-set_real_ip_from 205.251.252.0/23;
-
-set_real_ip_from 204.246.176.0/20;
-
-set_real_ip_from 13.249.0.0/16;
-
-set_real_ip_from 54.240.128.0/18;
-
-set_real_ip_from 205.251.250.0/23;
-
-set_real_ip_from 52.222.128.0/17;
-
-set_real_ip_from 54.182.0.0/16;
-
-set_real_ip_from 54.192.0.0/16;
-
-set_real_ip_from 13.124.199.0/24;
-
-set_real_ip_from 34.226.14.0/24;
-
-set_real_ip_from 52.15.127.128/26;
-
-set_real_ip_from 35.158.136.0/24;
-
-set_real_ip_from 52.57.254.0/24;
-
-set_real_ip_from 18.216.170.128/25;
-
-set_real_ip_from 13.52.204.0/23;
-
-set_real_ip_from 13.54.63.128/26;
-
-set_real_ip_from 13.59.250.0/26;
-
-set_real_ip_from 13.210.67.128/26;
-
-set_real_ip_from 35.167.191.128/26;
-
-set_real_ip_from 52.47.139.0/24;
-
-set_real_ip_from 52.199.127.192/26;
-
-set_real_ip_from 52.212.248.0/26;
-
-set_real_ip_from 52.66.194.128/26;
-
-set_real_ip_from 13.113.203.0/24;
-
-set_real_ip_from 99.79.168.0/23;
-
-set_real_ip_from 34.195.252.0/24;
-
-set_real_ip_from 35.162.63.192/26;
-
-set_real_ip_from 34.223.12.224/27;
-
-set_real_ip_from 52.56.127.0/25;
-
-set_real_ip_from 34.223.80.192/26;
-
-set_real_ip_from 13.228.69.0/24;
-
-set_real_ip_from 34.216.51.0/25;
-
-set_real_ip_from 3.231.2.0/25;
-
-set_real_ip_from 54.233.255.128/26;
-
-set_real_ip_from 18.200.212.0/23;
-
-set_real_ip_from 52.52.191.128/26;
-
-set_real_ip_from 3.234.232.224/27;
-
-set_real_ip_from 52.78.247.128/26;
-
-set_real_ip_from 52.220.191.0/26;
-
-set_real_ip_from 34.232.163.208/29;
-
-set_real_ip_from 2600:9000:eee::/48;
-
-set_real_ip_from 2600:9000:4000::/36;
-
-set_real_ip_from 2600:9000:3000::/36;
-
-set_real_ip_from 2600:9000:f000::/36;
-
-set_real_ip_from 2600:9000:fff::/48;
-
-set_real_ip_from 2600:9000:2000::/36;
-
-set_real_ip_from 2600:9000:1000::/36;
-
-set_real_ip_from 2600:9000:ddd::/48;
-
-set_real_ip_from 2600:9000:5300::/40;
-
-set_real_ip_from 173.245.48.0/20;
-
-set_real_ip_from 103.21.244.0/22;
-
-set_real_ip_from 103.22.200.0/22;
-
-set_real_ip_from 103.31.4.0/22;
-
-set_real_ip_from 141.101.64.0/18;
-
-set_real_ip_from 108.162.192.0/18;
-
-set_real_ip_from 190.93.240.0/20;
-
-set_real_ip_from 188.114.96.0/20;
-
-set_real_ip_from 197.234.240.0/22;
-
-set_real_ip_from 198.41.128.0/17;
-
-set_real_ip_from 162.158.0.0/15;
-
-set_real_ip_from 104.16.0.0/12;
-
-set_real_ip_from 172.64.0.0/13;
-
-set_real_ip_from 131.0.72.0/22;
-
-set_real_ip_from 2400:cb00::/32;
-
-set_real_ip_from 2606:4700::/32;
-
-set_real_ip_from 2803:f800::/32;
-
-set_real_ip_from 2405:b500::/32;
-
-set_real_ip_from 2405:8100::/32;
-
-set_real_ip_from 2a06:98c0::/29;
-
-set_real_ip_from 2c0f:f248::/32;
+# This should be left blank is it is populated programatically
+# by the application backend.
diff --git a/docker/rootfs/etc/nginx/nginx.conf b/docker/rootfs/etc/nginx/nginx.conf
index 23335e5e7..ed58a5f24 100644
--- a/docker/rootfs/etc/nginx/nginx.conf
+++ b/docker/rootfs/etc/nginx/nginx.conf
@@ -66,7 +66,7 @@ http {
# NPM generated CDN ip ranges:
include conf.d/include/ip_ranges.conf;
# always put the following 2 lines after ip subnets:
- real_ip_header X-Forwarded-For;
+ real_ip_header X-Real-IP;
real_ip_recursive on;
# Files generated by NPM
From 7d693a4271135ffc2f4201dc47df9aa9792ee2e2 Mon Sep 17 00:00:00 2001
From: chaptergy <26956711+chaptergy@users.noreply.github.com>
Date: Tue, 3 Nov 2020 21:28:50 +0100
Subject: [PATCH 009/780] Expands and refactors dns plugin list
---
global/certbot-dns-plugins.js | 170 +++++++++++++++++++---------------
1 file changed, 97 insertions(+), 73 deletions(-)
diff --git a/global/certbot-dns-plugins.js b/global/certbot-dns-plugins.js
index e87425ca9..3fdd5efcf 100644
--- a/global/certbot-dns-plugins.js
+++ b/global/certbot-dns-plugins.js
@@ -10,9 +10,9 @@
* display_name: "Name displayed to the user",
* package_name: "Package name in PyPi repo",
* package_version: "Package version in PyPi repo",
+ * dependencies: "Additional dependencies, space separated (as you would pass it to pip install)",
* credentials: `Template of the credentials file`,
* full_plugin_name: "The full plugin name as used in the commandline with certbot, including prefixes, e.g. 'certbot-dns-njalla:dns-njalla'",
- * credentials_file: Whether the plugin has a credentials file
* },
* ...
* }
@@ -21,37 +21,41 @@
module.exports = {
cloudflare: {
- display_name: 'Cloudflare',
- package_name: 'certbot-dns-cloudflare',
- package_version: '1.8.0',
- credentials: `# Cloudflare API token
+ display_name: 'Cloudflare',
+ package_name: 'certbot-dns-cloudflare',
+ package_version: '1.8.0',
+ dependencies: '',
+ credentials: `# Cloudflare API token
dns_cloudflare_api_token = 0123456789abcdef0123456789abcdef01234567`,
full_plugin_name: 'dns-cloudflare',
},
//####################################################//
cloudxns: {
- display_name: 'CloudXNS',
- package_name: 'certbot-dns-cloudxns',
- package_version: '1.8.0',
- credentials: `dns_cloudxns_api_key = 1234567890abcdef1234567890abcdef
+ display_name: 'CloudXNS',
+ package_name: 'certbot-dns-cloudxns',
+ package_version: '1.8.0',
+ dependencies: '',
+ credentials: `dns_cloudxns_api_key = 1234567890abcdef1234567890abcdef
dns_cloudxns_secret_key = 1122334455667788`,
full_plugin_name: 'dns-cloudxns',
},
//####################################################//
corenetworks: {
- display_name: 'Core Networks',
- package_name: 'certbot-dns-corenetworks',
- package_version: '0.1.4',
- credentials: `certbot_dns_corenetworks:dns_corenetworks_username = asaHB12r
+ display_name: 'Core Networks',
+ package_name: 'certbot-dns-corenetworks',
+ package_version: '0.1.4',
+ dependencies: '',
+ credentials: `certbot_dns_corenetworks:dns_corenetworks_username = asaHB12r
certbot_dns_corenetworks:dns_corenetworks_password = secure_password`,
full_plugin_name: 'certbot-dns-corenetworks:dns-corenetworks',
},
//####################################################//
cpanel: {
- display_name: 'cPanel',
- package_name: 'certbot-dns-cpanel',
- package_version: '0.2.2',
- credentials: `certbot_dns_cpanel:cpanel_url = https://cpanel.example.com:2083
+ display_name: 'cPanel',
+ package_name: 'certbot-dns-cpanel',
+ package_version: '0.2.2',
+ dependencies: '',
+ credentials: `certbot_dns_cpanel:cpanel_url = https://cpanel.example.com:2083
certbot_dns_cpanel:cpanel_username = user
certbot_dns_cpanel:cpanel_password = hunter2`,
full_plugin_name: 'certbot-dns-cpanel:cpanel',
@@ -61,15 +65,17 @@ certbot_dns_cpanel:cpanel_password = hunter2`,
display_name: 'DigitalOcean',
package_name: 'certbot-dns-digitalocean',
package_version: '1.8.0',
+ dependencies: '',
credentials: 'dns_digitalocean_token = 0000111122223333444455556666777788889999aaaabbbbccccddddeeeeffff',
full_plugin_name: 'dns-digitalocean',
},
//####################################################//
directadmin: {
- display_name: 'DirectAdmin',
- package_name: 'certbot-dns-directadmin',
- package_version: '0.0.20',
- credentials: `directadmin_url = https://my.directadminserver.com:2222
+ display_name: 'DirectAdmin',
+ package_name: 'certbot-dns-directadmin',
+ package_version: '0.0.20',
+ dependencies: '',
+ credentials: `directadmin_url = https://my.directadminserver.com:2222
directadmin_username = username
directadmin_password = aSuperStrongPassword`,
full_plugin_name: 'certbot-dns-directadmin:directadmin',
@@ -79,33 +85,37 @@ directadmin_password = aSuperStrongPassword`,
display_name: 'DNSimple',
package_name: 'certbot-dns-dnsimple',
package_version: '1.8.0',
+ dependencies: '',
credentials: 'dns_dnsimple_token = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw',
full_plugin_name: 'dns-dnsimple',
},
//####################################################//
dnsmadeeasy: {
- display_name: 'DNS Made Easy',
- package_name: 'certbot-dns-dnsmadeeasy',
- package_version: '1.8.0',
- credentials: `dns_dnsmadeeasy_api_key = 1c1a3c91-4770-4ce7-96f4-54c0eb0e457a
+ display_name: 'DNS Made Easy',
+ package_name: 'certbot-dns-dnsmadeeasy',
+ package_version: '1.8.0',
+ dependencies: '',
+ credentials: `dns_dnsmadeeasy_api_key = 1c1a3c91-4770-4ce7-96f4-54c0eb0e457a
dns_dnsmadeeasy_secret_key = c9b5625f-9834-4ff8-baba-4ed5f32cae55`,
full_plugin_name: 'dns-dnsmadeeasy',
},
//####################################################//
dnspod: {
- display_name: 'DNSPod',
- package_name: 'certbot-dns-dnspod',
- package_version: '0.1.0',
- credentials: `certbot_dns_dnspod:dns_dnspod_email = "DNSPOD-API-REQUIRES-A-VALID-EMAIL"
+ display_name: 'DNSPod',
+ package_name: 'certbot-dns-dnspod',
+ package_version: '0.1.0',
+ dependencies: '',
+ credentials: `certbot_dns_dnspod:dns_dnspod_email = "DNSPOD-API-REQUIRES-A-VALID-EMAIL"
certbot_dns_dnspod:dns_dnspod_api_token = "DNSPOD-API-TOKEN"`,
full_plugin_name: 'certbot-dns-dnspod:dns-dnspod',
},
//####################################################//
google: {
- display_name: 'Google',
- package_name: 'certbot-dns-google',
- package_version: '1.8.0',
- credentials: `{
+ display_name: 'Google',
+ package_name: 'certbot-dns-google',
+ package_version: '1.8.0',
+ dependencies: '',
+ credentials: `{
"type": "service_account",
...
}`,
@@ -116,15 +126,17 @@ certbot_dns_dnspod:dns_dnspod_api_token = "DNSPOD-API-TOKEN"`,
display_name: 'Hetzner',
package_name: 'certbot-dns-hetzner',
package_version: '1.0.4',
+ dependencies: '',
credentials: 'certbot_dns_hetzner:dns_hetzner_api_token = 0123456789abcdef0123456789abcdef',
full_plugin_name: 'certbot-dns-hetzner:dns-hetzner',
},
//####################################################//
inwx: {
- display_name: 'INWX',
- package_name: 'certbot-dns-inwx',
- package_version: '2.1.2',
- credentials: `certbot_dns_inwx:dns_inwx_url = https://api.domrobot.com/xmlrpc/
+ display_name: 'INWX',
+ package_name: 'certbot-dns-inwx',
+ package_version: '2.1.2',
+ dependencies: '',
+ credentials: `certbot_dns_inwx:dns_inwx_url = https://api.domrobot.com/xmlrpc/
certbot_dns_inwx:dns_inwx_username = your_username
certbot_dns_inwx:dns_inwx_password = your_password
certbot_dns_inwx:dns_inwx_shared_secret = your_shared_secret optional`,
@@ -132,47 +144,52 @@ certbot_dns_inwx:dns_inwx_shared_secret = your_shared_secret optional`,
},
//####################################################//
ispconfig: {
- display_name: 'ISPConfig',
- package_name: 'certbot-dns-ispconfig',
- package_version: '0.2.0',
- credentials: `certbot_dns_ispconfig:dns_ispconfig_username = myremoteuser
+ display_name: 'ISPConfig',
+ package_name: 'certbot-dns-ispconfig',
+ package_version: '0.2.0',
+ dependencies: '',
+ credentials: `certbot_dns_ispconfig:dns_ispconfig_username = myremoteuser
certbot_dns_ispconfig:dns_ispconfig_password = verysecureremoteuserpassword
certbot_dns_ispconfig:dns_ispconfig_endpoint = https://localhost:8080`,
full_plugin_name: 'certbot-dns-ispconfig:dns-ispconfig',
},
//####################################################//
isset: {
- display_name: 'Isset',
- package_name: 'certbot-dns-isset',
- package_version: '0.0.3',
- credentials: `certbot_dns_isset:dns_isset_endpoint="https://customer.isset.net/api"
+ display_name: 'Isset',
+ package_name: 'certbot-dns-isset',
+ package_version: '0.0.3',
+ dependencies: '',
+ credentials: `certbot_dns_isset:dns_isset_endpoint="https://customer.isset.net/api"
certbot_dns_isset:dns_isset_token=""`,
full_plugin_name: 'certbot-dns-isset:dns-isset',
},
//####################################################//
linode: {
- display_name: 'Linode',
- package_name: 'certbot-dns-linode',
- package_version: '1.8.0',
- credentials: `dns_linode_key = 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ64
+ display_name: 'Linode',
+ package_name: 'certbot-dns-linode',
+ package_version: '1.8.0',
+ dependencies: '',
+ credentials: `dns_linode_key = 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ64
dns_linode_version = [|3|4]`,
full_plugin_name: 'dns-linode',
},
//####################################################//
luadns: {
- display_name: 'LuaDNS',
- package_name: 'certbot-dns-luadns',
- package_version: '1.8.0',
- credentials: `dns_luadns_email = user@example.com
+ display_name: 'LuaDNS',
+ package_name: 'certbot-dns-luadns',
+ package_version: '1.8.0',
+ dependencies: '',
+ credentials: `dns_luadns_email = user@example.com
dns_luadns_token = 0123456789abcdef0123456789abcdef`,
full_plugin_name: 'dns-luadns',
},
//####################################################//
netcup: {
- display_name: 'netcup',
- package_name: 'certbot-dns-netcup',
- package_version: '1.0.0',
- credentials: `dns_netcup_customer_id = 123456
+ display_name: 'netcup',
+ package_name: 'certbot-dns-netcup',
+ package_version: '1.0.0',
+ dependencies: '',
+ credentials: `dns_netcup_customer_id = 123456
dns_netcup_api_key = 0123456789abcdef0123456789abcdef01234567
dns_netcup_api_password = abcdef0123456789abcdef01234567abcdef0123`,
full_plugin_name: 'certbot-dns-netcup:dns-netcup',
@@ -182,6 +199,7 @@ dns_netcup_api_password = abcdef0123456789abcdef01234567abcdef0123`,
display_name: 'Njalla',
package_name: 'certbot-dns-njalla',
package_version: '1.0.0',
+ dependencies: '',
credentials: 'certbot_dns_njalla:dns_njalla_token = 0123456789abcdef0123456789abcdef01234567',
full_plugin_name: 'certbot-dns-njalla:dns-njalla',
},
@@ -190,15 +208,17 @@ dns_netcup_api_password = abcdef0123456789abcdef01234567abcdef0123`,
display_name: 'NS1',
package_name: 'certbot-dns-nsone',
package_version: '1.8.0',
+ dependencies: '',
credentials: 'dns_nsone_api_key = MDAwMDAwMDAwMDAwMDAw',
full_plugin_name: 'dns-nsone',
},
//####################################################//
ovh: {
- display_name: 'OVH',
- package_name: 'certbot-dns-ovh',
- package_version: '1.8.0',
- credentials: `dns_ovh_endpoint = ovh-eu
+ display_name: 'OVH',
+ package_name: 'certbot-dns-ovh',
+ package_version: '1.8.0',
+ dependencies: '',
+ credentials: `dns_ovh_endpoint = ovh-eu
dns_ovh_application_key = MDAwMDAwMDAwMDAw
dns_ovh_application_secret = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
dns_ovh_consumer_key = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw`,
@@ -206,19 +226,21 @@ dns_ovh_consumer_key = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw`,
},
//####################################################//
powerdns: {
- display_name: 'PowerDNS',
- package_name: 'certbot-dns-powerdns',
- package_version: '0.2.0',
- credentials: `certbot_dns_powerdns:dns_powerdns_api_url = https://api.mypowerdns.example.org
+ display_name: 'PowerDNS',
+ package_name: 'certbot-dns-powerdns',
+ package_version: '0.2.0',
+ dependencies: '',
+ credentials: `certbot_dns_powerdns:dns_powerdns_api_url = https://api.mypowerdns.example.org
certbot_dns_powerdns:dns_powerdns_api_key = AbCbASsd!@34`,
full_plugin_name: 'certbot-dns-powerdns:dns-powerdns',
},
//####################################################//
rfc2136: {
- display_name: 'RFC 2136',
- package_name: 'certbot-dns-rfc2136',
- package_version: '1.8.0',
- credentials: `# Target DNS server
+ display_name: 'RFC 2136',
+ package_name: 'certbot-dns-rfc2136',
+ package_version: '1.8.0',
+ dependencies: '',
+ credentials: `# Target DNS server
dns_rfc2136_server = 192.0.2.1
# Target DNS port
dns_rfc2136_port = 53
@@ -232,10 +254,11 @@ dns_rfc2136_algorithm = HMAC-SHA512`,
},
//####################################################//
route53: {
- display_name: 'Route 53 (Amazon)',
- package_name: 'certbot-dns-route53',
- package_version: '1.8.0',
- credentials: `[default]
+ display_name: 'Route 53 (Amazon)',
+ package_name: 'certbot-dns-route53',
+ package_version: '1.8.0',
+ dependencies: '',
+ credentials: `[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY`,
full_plugin_name: 'dns-route53',
@@ -245,6 +268,7 @@ aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY`,
display_name: 'Vultr',
package_name: 'certbot-dns-vultr',
package_version: '1.0.3',
+ dependencies: '',
credentials: 'certbot_dns_vultr:dns_vultr_key = YOUR_VULTR_API_KEY',
full_plugin_name: 'certbot-dns-vultr:dns-vultr',
},
From 60a40197f13c93294c5c480daebb95cf853a851c Mon Sep 17 00:00:00 2001
From: chaptergy <26956711+chaptergy@users.noreply.github.com>
Date: Tue, 3 Nov 2020 21:59:18 +0100
Subject: [PATCH 010/780] Always install additional dependencies for dns
plugins
---
backend/internal/certificate.js | 2 +-
backend/setup.js | 4 ++--
docker/Dockerfile | 1 +
docker/dev/Dockerfile | 1 +
global/certbot-dns-plugins.js | 2 +-
5 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/backend/internal/certificate.js b/backend/internal/certificate.js
index 13f172e66..6f1fc4dad 100644
--- a/backend/internal/certificate.js
+++ b/backend/internal/certificate.js
@@ -790,7 +790,7 @@ const internalCertificate = {
const credentials_loc = '/etc/letsencrypt/credentials/credentials-' + certificate.id;
const credentials_cmd = 'echo \'' + certificate.meta.dns_provider_credentials.replace('\'', '\\\'') + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\'';
- const prepare_cmd = 'pip3 install ' + dns_plugin.package_name + '==' + dns_plugin.package_version;
+ const prepare_cmd = 'pip3 install ' + dns_plugin.package_name + '==' + dns_plugin.package_version + ' ' + dns_plugin.dependencies;
// Whether the plugin has a ---credentials argument
const has_config_arg = certificate.meta.dns_provider !== 'route53';
diff --git a/backend/setup.js b/backend/setup.js
index 7e18c926f..24429e87e 100644
--- a/backend/setup.js
+++ b/backend/setup.js
@@ -176,9 +176,9 @@ const setupCertbotPlugins = () => {
certificates.map(function (certificate) {
if (certificate.meta && certificate.meta.dns_challenge === true) {
const dns_plugin = dns_plugins[certificate.meta.dns_provider];
- const package_to_install = `${dns_plugin.package_name}==${dns_plugin.package_version}`;
+ const packages_to_install = `${dns_plugin.package_name}==${dns_plugin.package_version} ${dns_plugin.dependencies}`;
- if (plugins.indexOf(package_to_install) === -1) plugins.push(package_to_install);
+ if (plugins.indexOf(packages_to_install) === -1) plugins.push(packages_to_install);
// Make sure credentials file exists
const credentials_loc = '/etc/letsencrypt/credentials/credentials-' + certificate.id;
diff --git a/docker/Dockerfile b/docker/Dockerfile
index acac5fafb..011f5d62f 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -38,6 +38,7 @@ COPY global /app/global
WORKDIR /app
RUN yarn install
+RUN mkdir -p /etc/letsencrypt/credentials
# Remove frontend service not required for prod, dev nginx config as well
RUN rm -rf /etc/services.d/frontend RUN rm -f /etc/nginx/conf.d/dev.conf
diff --git a/docker/dev/Dockerfile b/docker/dev/Dockerfile
index 45ee534ca..2d06d168f 100644
--- a/docker/dev/Dockerfile
+++ b/docker/dev/Dockerfile
@@ -18,6 +18,7 @@ RUN cd /usr \
COPY rootfs /
RUN rm -f /etc/nginx/conf.d/production.conf
+RUN mkdir -p /etc/letsencrypt/credentials
# s6 overlay
RUN curl -L -o /tmp/s6-overlay-amd64.tar.gz "https://github.com/just-containers/s6-overlay/releases/download/v1.22.1.0/s6-overlay-amd64.tar.gz" \
diff --git a/global/certbot-dns-plugins.js b/global/certbot-dns-plugins.js
index 3fdd5efcf..5ae187288 100644
--- a/global/certbot-dns-plugins.js
+++ b/global/certbot-dns-plugins.js
@@ -24,7 +24,7 @@ module.exports = {
display_name: 'Cloudflare',
package_name: 'certbot-dns-cloudflare',
package_version: '1.8.0',
- dependencies: '',
+ dependencies: 'cloudflare',
credentials: `# Cloudflare API token
dns_cloudflare_api_token = 0123456789abcdef0123456789abcdef01234567`,
full_plugin_name: 'dns-cloudflare',
From a3159ad59e2f1b15878ec89384b0021183da78e4 Mon Sep 17 00:00:00 2001
From: chaptergy <26956711+chaptergy@users.noreply.github.com>
Date: Tue, 3 Nov 2020 22:24:03 +0100
Subject: [PATCH 011/780] Converts tabs to spaces
---
global/certbot-dns-plugins.js | 294 +++++++++++++++++-----------------
1 file changed, 147 insertions(+), 147 deletions(-)
diff --git a/global/certbot-dns-plugins.js b/global/certbot-dns-plugins.js
index 5ae187288..7bcf1ce56 100644
--- a/global/certbot-dns-plugins.js
+++ b/global/certbot-dns-plugins.js
@@ -21,226 +21,226 @@
module.exports = {
cloudflare: {
- display_name: 'Cloudflare',
- package_name: 'certbot-dns-cloudflare',
- package_version: '1.8.0',
- dependencies: 'cloudflare',
- credentials: `# Cloudflare API token
+ display_name: 'Cloudflare',
+ package_name: 'certbot-dns-cloudflare',
+ package_version: '1.8.0',
+ dependencies: 'cloudflare',
+ credentials: `# Cloudflare API token
dns_cloudflare_api_token = 0123456789abcdef0123456789abcdef01234567`,
- full_plugin_name: 'dns-cloudflare',
+ full_plugin_name: 'dns-cloudflare',
},
//####################################################//
cloudxns: {
- display_name: 'CloudXNS',
- package_name: 'certbot-dns-cloudxns',
- package_version: '1.8.0',
- dependencies: '',
- credentials: `dns_cloudxns_api_key = 1234567890abcdef1234567890abcdef
+ display_name: 'CloudXNS',
+ package_name: 'certbot-dns-cloudxns',
+ package_version: '1.8.0',
+ dependencies: '',
+ credentials: `dns_cloudxns_api_key = 1234567890abcdef1234567890abcdef
dns_cloudxns_secret_key = 1122334455667788`,
- full_plugin_name: 'dns-cloudxns',
+ full_plugin_name: 'dns-cloudxns',
},
//####################################################//
corenetworks: {
- display_name: 'Core Networks',
- package_name: 'certbot-dns-corenetworks',
- package_version: '0.1.4',
- dependencies: '',
- credentials: `certbot_dns_corenetworks:dns_corenetworks_username = asaHB12r
+ display_name: 'Core Networks',
+ package_name: 'certbot-dns-corenetworks',
+ package_version: '0.1.4',
+ dependencies: '',
+ credentials: `certbot_dns_corenetworks:dns_corenetworks_username = asaHB12r
certbot_dns_corenetworks:dns_corenetworks_password = secure_password`,
- full_plugin_name: 'certbot-dns-corenetworks:dns-corenetworks',
+ full_plugin_name: 'certbot-dns-corenetworks:dns-corenetworks',
},
//####################################################//
cpanel: {
- display_name: 'cPanel',
- package_name: 'certbot-dns-cpanel',
- package_version: '0.2.2',
- dependencies: '',
- credentials: `certbot_dns_cpanel:cpanel_url = https://cpanel.example.com:2083
+ display_name: 'cPanel',
+ package_name: 'certbot-dns-cpanel',
+ package_version: '0.2.2',
+ dependencies: '',
+ credentials: `certbot_dns_cpanel:cpanel_url = https://cpanel.example.com:2083
certbot_dns_cpanel:cpanel_username = user
certbot_dns_cpanel:cpanel_password = hunter2`,
- full_plugin_name: 'certbot-dns-cpanel:cpanel',
+ full_plugin_name: 'certbot-dns-cpanel:cpanel',
},
//####################################################//
digitalocean: {
- display_name: 'DigitalOcean',
- package_name: 'certbot-dns-digitalocean',
- package_version: '1.8.0',
- dependencies: '',
- credentials: 'dns_digitalocean_token = 0000111122223333444455556666777788889999aaaabbbbccccddddeeeeffff',
- full_plugin_name: 'dns-digitalocean',
+ display_name: 'DigitalOcean',
+ package_name: 'certbot-dns-digitalocean',
+ package_version: '1.8.0',
+ dependencies: '',
+ credentials: 'dns_digitalocean_token = 0000111122223333444455556666777788889999aaaabbbbccccddddeeeeffff',
+ full_plugin_name: 'dns-digitalocean',
},
//####################################################//
directadmin: {
- display_name: 'DirectAdmin',
- package_name: 'certbot-dns-directadmin',
- package_version: '0.0.20',
- dependencies: '',
- credentials: `directadmin_url = https://my.directadminserver.com:2222
+ display_name: 'DirectAdmin',
+ package_name: 'certbot-dns-directadmin',
+ package_version: '0.0.20',
+ dependencies: '',
+ credentials: `directadmin_url = https://my.directadminserver.com:2222
directadmin_username = username
directadmin_password = aSuperStrongPassword`,
- full_plugin_name: 'certbot-dns-directadmin:directadmin',
+ full_plugin_name: 'certbot-dns-directadmin:directadmin',
},
//####################################################//
dnsimple: {
- display_name: 'DNSimple',
- package_name: 'certbot-dns-dnsimple',
- package_version: '1.8.0',
- dependencies: '',
- credentials: 'dns_dnsimple_token = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw',
- full_plugin_name: 'dns-dnsimple',
+ display_name: 'DNSimple',
+ package_name: 'certbot-dns-dnsimple',
+ package_version: '1.8.0',
+ dependencies: '',
+ credentials: 'dns_dnsimple_token = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw',
+ full_plugin_name: 'dns-dnsimple',
},
//####################################################//
dnsmadeeasy: {
- display_name: 'DNS Made Easy',
- package_name: 'certbot-dns-dnsmadeeasy',
- package_version: '1.8.0',
- dependencies: '',
- credentials: `dns_dnsmadeeasy_api_key = 1c1a3c91-4770-4ce7-96f4-54c0eb0e457a
+ display_name: 'DNS Made Easy',
+ package_name: 'certbot-dns-dnsmadeeasy',
+ package_version: '1.8.0',
+ dependencies: '',
+ credentials: `dns_dnsmadeeasy_api_key = 1c1a3c91-4770-4ce7-96f4-54c0eb0e457a
dns_dnsmadeeasy_secret_key = c9b5625f-9834-4ff8-baba-4ed5f32cae55`,
- full_plugin_name: 'dns-dnsmadeeasy',
+ full_plugin_name: 'dns-dnsmadeeasy',
},
//####################################################//
dnspod: {
- display_name: 'DNSPod',
- package_name: 'certbot-dns-dnspod',
- package_version: '0.1.0',
- dependencies: '',
- credentials: `certbot_dns_dnspod:dns_dnspod_email = "DNSPOD-API-REQUIRES-A-VALID-EMAIL"
+ display_name: 'DNSPod',
+ package_name: 'certbot-dns-dnspod',
+ package_version: '0.1.0',
+ dependencies: '',
+ credentials: `certbot_dns_dnspod:dns_dnspod_email = "DNSPOD-API-REQUIRES-A-VALID-EMAIL"
certbot_dns_dnspod:dns_dnspod_api_token = "DNSPOD-API-TOKEN"`,
- full_plugin_name: 'certbot-dns-dnspod:dns-dnspod',
+ full_plugin_name: 'certbot-dns-dnspod:dns-dnspod',
},
//####################################################//
google: {
- display_name: 'Google',
- package_name: 'certbot-dns-google',
- package_version: '1.8.0',
- dependencies: '',
- credentials: `{
- "type": "service_account",
- ...
+ display_name: 'Google',
+ package_name: 'certbot-dns-google',
+ package_version: '1.8.0',
+ dependencies: '',
+ credentials: `{
+"type": "service_account",
+...
}`,
- full_plugin_name: 'dns-google',
+ full_plugin_name: 'dns-google',
},
//####################################################//
hetzner: {
- display_name: 'Hetzner',
- package_name: 'certbot-dns-hetzner',
- package_version: '1.0.4',
- dependencies: '',
- credentials: 'certbot_dns_hetzner:dns_hetzner_api_token = 0123456789abcdef0123456789abcdef',
- full_plugin_name: 'certbot-dns-hetzner:dns-hetzner',
+ display_name: 'Hetzner',
+ package_name: 'certbot-dns-hetzner',
+ package_version: '1.0.4',
+ dependencies: '',
+ credentials: 'certbot_dns_hetzner:dns_hetzner_api_token = 0123456789abcdef0123456789abcdef',
+ full_plugin_name: 'certbot-dns-hetzner:dns-hetzner',
},
//####################################################//
inwx: {
- display_name: 'INWX',
- package_name: 'certbot-dns-inwx',
- package_version: '2.1.2',
- dependencies: '',
- credentials: `certbot_dns_inwx:dns_inwx_url = https://api.domrobot.com/xmlrpc/
+ display_name: 'INWX',
+ package_name: 'certbot-dns-inwx',
+ package_version: '2.1.2',
+ dependencies: '',
+ credentials: `certbot_dns_inwx:dns_inwx_url = https://api.domrobot.com/xmlrpc/
certbot_dns_inwx:dns_inwx_username = your_username
certbot_dns_inwx:dns_inwx_password = your_password
certbot_dns_inwx:dns_inwx_shared_secret = your_shared_secret optional`,
- full_plugin_name: 'certbot-dns-inwx:dns-inwx',
+ full_plugin_name: 'certbot-dns-inwx:dns-inwx',
},
//####################################################//
ispconfig: {
- display_name: 'ISPConfig',
- package_name: 'certbot-dns-ispconfig',
- package_version: '0.2.0',
- dependencies: '',
- credentials: `certbot_dns_ispconfig:dns_ispconfig_username = myremoteuser
+ display_name: 'ISPConfig',
+ package_name: 'certbot-dns-ispconfig',
+ package_version: '0.2.0',
+ dependencies: '',
+ credentials: `certbot_dns_ispconfig:dns_ispconfig_username = myremoteuser
certbot_dns_ispconfig:dns_ispconfig_password = verysecureremoteuserpassword
certbot_dns_ispconfig:dns_ispconfig_endpoint = https://localhost:8080`,
- full_plugin_name: 'certbot-dns-ispconfig:dns-ispconfig',
+ full_plugin_name: 'certbot-dns-ispconfig:dns-ispconfig',
},
//####################################################//
isset: {
- display_name: 'Isset',
- package_name: 'certbot-dns-isset',
- package_version: '0.0.3',
- dependencies: '',
- credentials: `certbot_dns_isset:dns_isset_endpoint="https://customer.isset.net/api"
+ display_name: 'Isset',
+ package_name: 'certbot-dns-isset',
+ package_version: '0.0.3',
+ dependencies: '',
+ credentials: `certbot_dns_isset:dns_isset_endpoint="https://customer.isset.net/api"
certbot_dns_isset:dns_isset_token=""`,
- full_plugin_name: 'certbot-dns-isset:dns-isset',
+ full_plugin_name: 'certbot-dns-isset:dns-isset',
},
//####################################################//
linode: {
- display_name: 'Linode',
- package_name: 'certbot-dns-linode',
- package_version: '1.8.0',
- dependencies: '',
- credentials: `dns_linode_key = 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ64
+ display_name: 'Linode',
+ package_name: 'certbot-dns-linode',
+ package_version: '1.8.0',
+ dependencies: '',
+ credentials: `dns_linode_key = 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ64
dns_linode_version = [|3|4]`,
- full_plugin_name: 'dns-linode',
+ full_plugin_name: 'dns-linode',
},
//####################################################//
luadns: {
- display_name: 'LuaDNS',
- package_name: 'certbot-dns-luadns',
- package_version: '1.8.0',
- dependencies: '',
- credentials: `dns_luadns_email = user@example.com
+ display_name: 'LuaDNS',
+ package_name: 'certbot-dns-luadns',
+ package_version: '1.8.0',
+ dependencies: '',
+ credentials: `dns_luadns_email = user@example.com
dns_luadns_token = 0123456789abcdef0123456789abcdef`,
- full_plugin_name: 'dns-luadns',
+ full_plugin_name: 'dns-luadns',
},
//####################################################//
netcup: {
- display_name: 'netcup',
- package_name: 'certbot-dns-netcup',
- package_version: '1.0.0',
- dependencies: '',
- credentials: `dns_netcup_customer_id = 123456
+ display_name: 'netcup',
+ package_name: 'certbot-dns-netcup',
+ package_version: '1.0.0',
+ dependencies: '',
+ credentials: `dns_netcup_customer_id = 123456
dns_netcup_api_key = 0123456789abcdef0123456789abcdef01234567
dns_netcup_api_password = abcdef0123456789abcdef01234567abcdef0123`,
- full_plugin_name: 'certbot-dns-netcup:dns-netcup',
+ full_plugin_name: 'certbot-dns-netcup:dns-netcup',
},
//####################################################//
njalla: {
- display_name: 'Njalla',
- package_name: 'certbot-dns-njalla',
- package_version: '1.0.0',
- dependencies: '',
- credentials: 'certbot_dns_njalla:dns_njalla_token = 0123456789abcdef0123456789abcdef01234567',
- full_plugin_name: 'certbot-dns-njalla:dns-njalla',
+ display_name: 'Njalla',
+ package_name: 'certbot-dns-njalla',
+ package_version: '1.0.0',
+ dependencies: '',
+ credentials: 'certbot_dns_njalla:dns_njalla_token = 0123456789abcdef0123456789abcdef01234567',
+ full_plugin_name: 'certbot-dns-njalla:dns-njalla',
},
//####################################################//
nsone: {
- display_name: 'NS1',
- package_name: 'certbot-dns-nsone',
- package_version: '1.8.0',
- dependencies: '',
- credentials: 'dns_nsone_api_key = MDAwMDAwMDAwMDAwMDAw',
- full_plugin_name: 'dns-nsone',
+ display_name: 'NS1',
+ package_name: 'certbot-dns-nsone',
+ package_version: '1.8.0',
+ dependencies: '',
+ credentials: 'dns_nsone_api_key = MDAwMDAwMDAwMDAwMDAw',
+ full_plugin_name: 'dns-nsone',
},
//####################################################//
ovh: {
- display_name: 'OVH',
- package_name: 'certbot-dns-ovh',
- package_version: '1.8.0',
- dependencies: '',
- credentials: `dns_ovh_endpoint = ovh-eu
+ display_name: 'OVH',
+ package_name: 'certbot-dns-ovh',
+ package_version: '1.8.0',
+ dependencies: '',
+ credentials: `dns_ovh_endpoint = ovh-eu
dns_ovh_application_key = MDAwMDAwMDAwMDAw
dns_ovh_application_secret = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
dns_ovh_consumer_key = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw`,
- full_plugin_name: 'dns-ovh',
+ full_plugin_name: 'dns-ovh',
},
//####################################################//
powerdns: {
- display_name: 'PowerDNS',
- package_name: 'certbot-dns-powerdns',
- package_version: '0.2.0',
- dependencies: '',
- credentials: `certbot_dns_powerdns:dns_powerdns_api_url = https://api.mypowerdns.example.org
+ display_name: 'PowerDNS',
+ package_name: 'certbot-dns-powerdns',
+ package_version: '0.2.0',
+ dependencies: '',
+ credentials: `certbot_dns_powerdns:dns_powerdns_api_url = https://api.mypowerdns.example.org
certbot_dns_powerdns:dns_powerdns_api_key = AbCbASsd!@34`,
- full_plugin_name: 'certbot-dns-powerdns:dns-powerdns',
+ full_plugin_name: 'certbot-dns-powerdns:dns-powerdns',
},
//####################################################//
rfc2136: {
- display_name: 'RFC 2136',
- package_name: 'certbot-dns-rfc2136',
- package_version: '1.8.0',
- dependencies: '',
- credentials: `# Target DNS server
+ display_name: 'RFC 2136',
+ package_name: 'certbot-dns-rfc2136',
+ package_version: '1.8.0',
+ dependencies: '',
+ credentials: `# Target DNS server
dns_rfc2136_server = 192.0.2.1
# Target DNS port
dns_rfc2136_port = 53
@@ -250,26 +250,26 @@ dns_rfc2136_name = keyname.
dns_rfc2136_secret = 4q4wM/2I180UXoMyN4INVhJNi8V9BCV+jMw2mXgZw/CSuxUT8C7NKKFs AmKd7ak51vWKgSl12ib86oQRPkpDjg==
# TSIG key algorithm
dns_rfc2136_algorithm = HMAC-SHA512`,
- full_plugin_name: 'dns-rfc2136',
+ full_plugin_name: 'dns-rfc2136',
},
//####################################################//
route53: {
- display_name: 'Route 53 (Amazon)',
- package_name: 'certbot-dns-route53',
- package_version: '1.8.0',
- dependencies: '',
- credentials: `[default]
+ display_name: 'Route 53 (Amazon)',
+ package_name: 'certbot-dns-route53',
+ package_version: '1.8.0',
+ dependencies: '',
+ credentials: `[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY`,
- full_plugin_name: 'dns-route53',
+ full_plugin_name: 'dns-route53',
},
//####################################################//
vultr: {
- display_name: 'Vultr',
- package_name: 'certbot-dns-vultr',
- package_version: '1.0.3',
- dependencies: '',
- credentials: 'certbot_dns_vultr:dns_vultr_key = YOUR_VULTR_API_KEY',
- full_plugin_name: 'certbot-dns-vultr:dns-vultr',
+ display_name: 'Vultr',
+ package_name: 'certbot-dns-vultr',
+ package_version: '1.0.3',
+ dependencies: '',
+ credentials: 'certbot_dns_vultr:dns_vultr_key = YOUR_VULTR_API_KEY',
+ full_plugin_name: 'certbot-dns-vultr:dns-vultr',
},
-};
+};
\ No newline at end of file
From 32e51557837b4f668750338d8067a571e114a6db Mon Sep 17 00:00:00 2001
From: chaptergy <26956711+chaptergy@users.noreply.github.com>
Date: Tue, 3 Nov 2020 22:38:09 +0100
Subject: [PATCH 012/780] Fixes Linting errors
---
backend/setup.js | 2 +-
global/certbot-dns-plugins.js | 288 +++++++++++++++++-----------------
2 files changed, 145 insertions(+), 145 deletions(-)
diff --git a/backend/setup.js b/backend/setup.js
index 24429e87e..76957bea2 100644
--- a/backend/setup.js
+++ b/backend/setup.js
@@ -175,7 +175,7 @@ const setupCertbotPlugins = () => {
certificates.map(function (certificate) {
if (certificate.meta && certificate.meta.dns_challenge === true) {
- const dns_plugin = dns_plugins[certificate.meta.dns_provider];
+ const dns_plugin = dns_plugins[certificate.meta.dns_provider];
const packages_to_install = `${dns_plugin.package_name}==${dns_plugin.package_version} ${dns_plugin.dependencies}`;
if (plugins.indexOf(packages_to_install) === -1) plugins.push(packages_to_install);
diff --git a/global/certbot-dns-plugins.js b/global/certbot-dns-plugins.js
index 7bcf1ce56..d0afafd45 100644
--- a/global/certbot-dns-plugins.js
+++ b/global/certbot-dns-plugins.js
@@ -21,226 +21,226 @@
module.exports = {
cloudflare: {
- display_name: 'Cloudflare',
- package_name: 'certbot-dns-cloudflare',
- package_version: '1.8.0',
- dependencies: 'cloudflare',
- credentials: `# Cloudflare API token
+ display_name: 'Cloudflare',
+ package_name: 'certbot-dns-cloudflare',
+ package_version: '1.8.0',
+ dependencies: 'cloudflare',
+ credentials: `# Cloudflare API token
dns_cloudflare_api_token = 0123456789abcdef0123456789abcdef01234567`,
- full_plugin_name: 'dns-cloudflare',
+ full_plugin_name: 'dns-cloudflare',
},
//####################################################//
cloudxns: {
- display_name: 'CloudXNS',
- package_name: 'certbot-dns-cloudxns',
- package_version: '1.8.0',
- dependencies: '',
- credentials: `dns_cloudxns_api_key = 1234567890abcdef1234567890abcdef
+ display_name: 'CloudXNS',
+ package_name: 'certbot-dns-cloudxns',
+ package_version: '1.8.0',
+ dependencies: '',
+ credentials: `dns_cloudxns_api_key = 1234567890abcdef1234567890abcdef
dns_cloudxns_secret_key = 1122334455667788`,
- full_plugin_name: 'dns-cloudxns',
+ full_plugin_name: 'dns-cloudxns',
},
//####################################################//
corenetworks: {
- display_name: 'Core Networks',
- package_name: 'certbot-dns-corenetworks',
- package_version: '0.1.4',
- dependencies: '',
- credentials: `certbot_dns_corenetworks:dns_corenetworks_username = asaHB12r
+ display_name: 'Core Networks',
+ package_name: 'certbot-dns-corenetworks',
+ package_version: '0.1.4',
+ dependencies: '',
+ credentials: `certbot_dns_corenetworks:dns_corenetworks_username = asaHB12r
certbot_dns_corenetworks:dns_corenetworks_password = secure_password`,
- full_plugin_name: 'certbot-dns-corenetworks:dns-corenetworks',
+ full_plugin_name: 'certbot-dns-corenetworks:dns-corenetworks',
},
//####################################################//
cpanel: {
- display_name: 'cPanel',
- package_name: 'certbot-dns-cpanel',
- package_version: '0.2.2',
- dependencies: '',
- credentials: `certbot_dns_cpanel:cpanel_url = https://cpanel.example.com:2083
+ display_name: 'cPanel',
+ package_name: 'certbot-dns-cpanel',
+ package_version: '0.2.2',
+ dependencies: '',
+ credentials: `certbot_dns_cpanel:cpanel_url = https://cpanel.example.com:2083
certbot_dns_cpanel:cpanel_username = user
certbot_dns_cpanel:cpanel_password = hunter2`,
- full_plugin_name: 'certbot-dns-cpanel:cpanel',
+ full_plugin_name: 'certbot-dns-cpanel:cpanel',
},
//####################################################//
digitalocean: {
- display_name: 'DigitalOcean',
- package_name: 'certbot-dns-digitalocean',
- package_version: '1.8.0',
- dependencies: '',
- credentials: 'dns_digitalocean_token = 0000111122223333444455556666777788889999aaaabbbbccccddddeeeeffff',
- full_plugin_name: 'dns-digitalocean',
+ display_name: 'DigitalOcean',
+ package_name: 'certbot-dns-digitalocean',
+ package_version: '1.8.0',
+ dependencies: '',
+ credentials: 'dns_digitalocean_token = 0000111122223333444455556666777788889999aaaabbbbccccddddeeeeffff',
+ full_plugin_name: 'dns-digitalocean',
},
//####################################################//
directadmin: {
- display_name: 'DirectAdmin',
- package_name: 'certbot-dns-directadmin',
- package_version: '0.0.20',
- dependencies: '',
- credentials: `directadmin_url = https://my.directadminserver.com:2222
+ display_name: 'DirectAdmin',
+ package_name: 'certbot-dns-directadmin',
+ package_version: '0.0.20',
+ dependencies: '',
+ credentials: `directadmin_url = https://my.directadminserver.com:2222
directadmin_username = username
directadmin_password = aSuperStrongPassword`,
- full_plugin_name: 'certbot-dns-directadmin:directadmin',
+ full_plugin_name: 'certbot-dns-directadmin:directadmin',
},
//####################################################//
dnsimple: {
- display_name: 'DNSimple',
- package_name: 'certbot-dns-dnsimple',
- package_version: '1.8.0',
- dependencies: '',
- credentials: 'dns_dnsimple_token = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw',
- full_plugin_name: 'dns-dnsimple',
+ display_name: 'DNSimple',
+ package_name: 'certbot-dns-dnsimple',
+ package_version: '1.8.0',
+ dependencies: '',
+ credentials: 'dns_dnsimple_token = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw',
+ full_plugin_name: 'dns-dnsimple',
},
//####################################################//
dnsmadeeasy: {
- display_name: 'DNS Made Easy',
- package_name: 'certbot-dns-dnsmadeeasy',
- package_version: '1.8.0',
- dependencies: '',
- credentials: `dns_dnsmadeeasy_api_key = 1c1a3c91-4770-4ce7-96f4-54c0eb0e457a
+ display_name: 'DNS Made Easy',
+ package_name: 'certbot-dns-dnsmadeeasy',
+ package_version: '1.8.0',
+ dependencies: '',
+ credentials: `dns_dnsmadeeasy_api_key = 1c1a3c91-4770-4ce7-96f4-54c0eb0e457a
dns_dnsmadeeasy_secret_key = c9b5625f-9834-4ff8-baba-4ed5f32cae55`,
- full_plugin_name: 'dns-dnsmadeeasy',
+ full_plugin_name: 'dns-dnsmadeeasy',
},
//####################################################//
dnspod: {
- display_name: 'DNSPod',
- package_name: 'certbot-dns-dnspod',
- package_version: '0.1.0',
- dependencies: '',
- credentials: `certbot_dns_dnspod:dns_dnspod_email = "DNSPOD-API-REQUIRES-A-VALID-EMAIL"
+ display_name: 'DNSPod',
+ package_name: 'certbot-dns-dnspod',
+ package_version: '0.1.0',
+ dependencies: '',
+ credentials: `certbot_dns_dnspod:dns_dnspod_email = "DNSPOD-API-REQUIRES-A-VALID-EMAIL"
certbot_dns_dnspod:dns_dnspod_api_token = "DNSPOD-API-TOKEN"`,
- full_plugin_name: 'certbot-dns-dnspod:dns-dnspod',
+ full_plugin_name: 'certbot-dns-dnspod:dns-dnspod',
},
//####################################################//
google: {
- display_name: 'Google',
- package_name: 'certbot-dns-google',
- package_version: '1.8.0',
- dependencies: '',
- credentials: `{
+ display_name: 'Google',
+ package_name: 'certbot-dns-google',
+ package_version: '1.8.0',
+ dependencies: '',
+ credentials: `{
"type": "service_account",
...
}`,
- full_plugin_name: 'dns-google',
+ full_plugin_name: 'dns-google',
},
//####################################################//
hetzner: {
- display_name: 'Hetzner',
- package_name: 'certbot-dns-hetzner',
- package_version: '1.0.4',
- dependencies: '',
- credentials: 'certbot_dns_hetzner:dns_hetzner_api_token = 0123456789abcdef0123456789abcdef',
- full_plugin_name: 'certbot-dns-hetzner:dns-hetzner',
+ display_name: 'Hetzner',
+ package_name: 'certbot-dns-hetzner',
+ package_version: '1.0.4',
+ dependencies: '',
+ credentials: 'certbot_dns_hetzner:dns_hetzner_api_token = 0123456789abcdef0123456789abcdef',
+ full_plugin_name: 'certbot-dns-hetzner:dns-hetzner',
},
//####################################################//
inwx: {
- display_name: 'INWX',
- package_name: 'certbot-dns-inwx',
- package_version: '2.1.2',
- dependencies: '',
- credentials: `certbot_dns_inwx:dns_inwx_url = https://api.domrobot.com/xmlrpc/
+ display_name: 'INWX',
+ package_name: 'certbot-dns-inwx',
+ package_version: '2.1.2',
+ dependencies: '',
+ credentials: `certbot_dns_inwx:dns_inwx_url = https://api.domrobot.com/xmlrpc/
certbot_dns_inwx:dns_inwx_username = your_username
certbot_dns_inwx:dns_inwx_password = your_password
certbot_dns_inwx:dns_inwx_shared_secret = your_shared_secret optional`,
- full_plugin_name: 'certbot-dns-inwx:dns-inwx',
+ full_plugin_name: 'certbot-dns-inwx:dns-inwx',
},
//####################################################//
ispconfig: {
- display_name: 'ISPConfig',
- package_name: 'certbot-dns-ispconfig',
- package_version: '0.2.0',
- dependencies: '',
- credentials: `certbot_dns_ispconfig:dns_ispconfig_username = myremoteuser
+ display_name: 'ISPConfig',
+ package_name: 'certbot-dns-ispconfig',
+ package_version: '0.2.0',
+ dependencies: '',
+ credentials: `certbot_dns_ispconfig:dns_ispconfig_username = myremoteuser
certbot_dns_ispconfig:dns_ispconfig_password = verysecureremoteuserpassword
certbot_dns_ispconfig:dns_ispconfig_endpoint = https://localhost:8080`,
- full_plugin_name: 'certbot-dns-ispconfig:dns-ispconfig',
+ full_plugin_name: 'certbot-dns-ispconfig:dns-ispconfig',
},
//####################################################//
isset: {
- display_name: 'Isset',
- package_name: 'certbot-dns-isset',
- package_version: '0.0.3',
- dependencies: '',
- credentials: `certbot_dns_isset:dns_isset_endpoint="https://customer.isset.net/api"
+ display_name: 'Isset',
+ package_name: 'certbot-dns-isset',
+ package_version: '0.0.3',
+ dependencies: '',
+ credentials: `certbot_dns_isset:dns_isset_endpoint="https://customer.isset.net/api"
certbot_dns_isset:dns_isset_token=""`,
- full_plugin_name: 'certbot-dns-isset:dns-isset',
+ full_plugin_name: 'certbot-dns-isset:dns-isset',
},
//####################################################//
linode: {
- display_name: 'Linode',
- package_name: 'certbot-dns-linode',
- package_version: '1.8.0',
- dependencies: '',
- credentials: `dns_linode_key = 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ64
+ display_name: 'Linode',
+ package_name: 'certbot-dns-linode',
+ package_version: '1.8.0',
+ dependencies: '',
+ credentials: `dns_linode_key = 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ64
dns_linode_version = [|3|4]`,
- full_plugin_name: 'dns-linode',
+ full_plugin_name: 'dns-linode',
},
//####################################################//
luadns: {
- display_name: 'LuaDNS',
- package_name: 'certbot-dns-luadns',
- package_version: '1.8.0',
- dependencies: '',
- credentials: `dns_luadns_email = user@example.com
+ display_name: 'LuaDNS',
+ package_name: 'certbot-dns-luadns',
+ package_version: '1.8.0',
+ dependencies: '',
+ credentials: `dns_luadns_email = user@example.com
dns_luadns_token = 0123456789abcdef0123456789abcdef`,
- full_plugin_name: 'dns-luadns',
+ full_plugin_name: 'dns-luadns',
},
//####################################################//
netcup: {
- display_name: 'netcup',
- package_name: 'certbot-dns-netcup',
- package_version: '1.0.0',
- dependencies: '',
- credentials: `dns_netcup_customer_id = 123456
+ display_name: 'netcup',
+ package_name: 'certbot-dns-netcup',
+ package_version: '1.0.0',
+ dependencies: '',
+ credentials: `dns_netcup_customer_id = 123456
dns_netcup_api_key = 0123456789abcdef0123456789abcdef01234567
dns_netcup_api_password = abcdef0123456789abcdef01234567abcdef0123`,
- full_plugin_name: 'certbot-dns-netcup:dns-netcup',
+ full_plugin_name: 'certbot-dns-netcup:dns-netcup',
},
//####################################################//
njalla: {
- display_name: 'Njalla',
- package_name: 'certbot-dns-njalla',
- package_version: '1.0.0',
- dependencies: '',
- credentials: 'certbot_dns_njalla:dns_njalla_token = 0123456789abcdef0123456789abcdef01234567',
- full_plugin_name: 'certbot-dns-njalla:dns-njalla',
+ display_name: 'Njalla',
+ package_name: 'certbot-dns-njalla',
+ package_version: '1.0.0',
+ dependencies: '',
+ credentials: 'certbot_dns_njalla:dns_njalla_token = 0123456789abcdef0123456789abcdef01234567',
+ full_plugin_name: 'certbot-dns-njalla:dns-njalla',
},
//####################################################//
nsone: {
- display_name: 'NS1',
- package_name: 'certbot-dns-nsone',
- package_version: '1.8.0',
- dependencies: '',
- credentials: 'dns_nsone_api_key = MDAwMDAwMDAwMDAwMDAw',
- full_plugin_name: 'dns-nsone',
+ display_name: 'NS1',
+ package_name: 'certbot-dns-nsone',
+ package_version: '1.8.0',
+ dependencies: '',
+ credentials: 'dns_nsone_api_key = MDAwMDAwMDAwMDAwMDAw',
+ full_plugin_name: 'dns-nsone',
},
//####################################################//
ovh: {
- display_name: 'OVH',
- package_name: 'certbot-dns-ovh',
- package_version: '1.8.0',
- dependencies: '',
- credentials: `dns_ovh_endpoint = ovh-eu
+ display_name: 'OVH',
+ package_name: 'certbot-dns-ovh',
+ package_version: '1.8.0',
+ dependencies: '',
+ credentials: `dns_ovh_endpoint = ovh-eu
dns_ovh_application_key = MDAwMDAwMDAwMDAw
dns_ovh_application_secret = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
dns_ovh_consumer_key = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw`,
- full_plugin_name: 'dns-ovh',
+ full_plugin_name: 'dns-ovh',
},
//####################################################//
powerdns: {
- display_name: 'PowerDNS',
- package_name: 'certbot-dns-powerdns',
- package_version: '0.2.0',
- dependencies: '',
- credentials: `certbot_dns_powerdns:dns_powerdns_api_url = https://api.mypowerdns.example.org
+ display_name: 'PowerDNS',
+ package_name: 'certbot-dns-powerdns',
+ package_version: '0.2.0',
+ dependencies: '',
+ credentials: `certbot_dns_powerdns:dns_powerdns_api_url = https://api.mypowerdns.example.org
certbot_dns_powerdns:dns_powerdns_api_key = AbCbASsd!@34`,
- full_plugin_name: 'certbot-dns-powerdns:dns-powerdns',
+ full_plugin_name: 'certbot-dns-powerdns:dns-powerdns',
},
//####################################################//
rfc2136: {
- display_name: 'RFC 2136',
- package_name: 'certbot-dns-rfc2136',
- package_version: '1.8.0',
- dependencies: '',
- credentials: `# Target DNS server
+ display_name: 'RFC 2136',
+ package_name: 'certbot-dns-rfc2136',
+ package_version: '1.8.0',
+ dependencies: '',
+ credentials: `# Target DNS server
dns_rfc2136_server = 192.0.2.1
# Target DNS port
dns_rfc2136_port = 53
@@ -250,26 +250,26 @@ dns_rfc2136_name = keyname.
dns_rfc2136_secret = 4q4wM/2I180UXoMyN4INVhJNi8V9BCV+jMw2mXgZw/CSuxUT8C7NKKFs AmKd7ak51vWKgSl12ib86oQRPkpDjg==
# TSIG key algorithm
dns_rfc2136_algorithm = HMAC-SHA512`,
- full_plugin_name: 'dns-rfc2136',
+ full_plugin_name: 'dns-rfc2136',
},
//####################################################//
route53: {
- display_name: 'Route 53 (Amazon)',
- package_name: 'certbot-dns-route53',
- package_version: '1.8.0',
- dependencies: '',
- credentials: `[default]
+ display_name: 'Route 53 (Amazon)',
+ package_name: 'certbot-dns-route53',
+ package_version: '1.8.0',
+ dependencies: '',
+ credentials: `[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY`,
- full_plugin_name: 'dns-route53',
+ full_plugin_name: 'dns-route53',
},
//####################################################//
vultr: {
- display_name: 'Vultr',
- package_name: 'certbot-dns-vultr',
- package_version: '1.0.3',
- dependencies: '',
- credentials: 'certbot_dns_vultr:dns_vultr_key = YOUR_VULTR_API_KEY',
- full_plugin_name: 'certbot-dns-vultr:dns-vultr',
+ display_name: 'Vultr',
+ package_name: 'certbot-dns-vultr',
+ package_version: '1.0.3',
+ dependencies: '',
+ credentials: 'certbot_dns_vultr:dns_vultr_key = YOUR_VULTR_API_KEY',
+ full_plugin_name: 'certbot-dns-vultr:dns-vultr',
},
};
\ No newline at end of file
From cb014027bb9412d20913b296e30d613da53d413f Mon Sep 17 00:00:00 2001
From: chaptergy <26956711+chaptergy@users.noreply.github.com>
Date: Wed, 4 Nov 2020 19:31:40 +0100
Subject: [PATCH 013/780] Makes sure credentials folder exist every time before
saving credentials
---
backend/internal/certificate.js | 2 +-
backend/setup.js | 2 +-
docker/Dockerfile | 1 -
docker/dev/Dockerfile | 1 -
4 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/backend/internal/certificate.js b/backend/internal/certificate.js
index 6f1fc4dad..19e0592e9 100644
--- a/backend/internal/certificate.js
+++ b/backend/internal/certificate.js
@@ -789,7 +789,7 @@ const internalCertificate = {
logger.info(`Requesting Let'sEncrypt certificates via ${dns_plugin.display_name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`);
const credentials_loc = '/etc/letsencrypt/credentials/credentials-' + certificate.id;
- const credentials_cmd = 'echo \'' + certificate.meta.dns_provider_credentials.replace('\'', '\\\'') + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\'';
+ const credentials_cmd = 'mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo \'' + certificate.meta.dns_provider_credentials.replace('\'', '\\\'') + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\'';
const prepare_cmd = 'pip3 install ' + dns_plugin.package_name + '==' + dns_plugin.package_version + ' ' + dns_plugin.dependencies;
// Whether the plugin has a ---credentials argument
diff --git a/backend/setup.js b/backend/setup.js
index 76957bea2..2a5ba9697 100644
--- a/backend/setup.js
+++ b/backend/setup.js
@@ -182,7 +182,7 @@ const setupCertbotPlugins = () => {
// Make sure credentials file exists
const credentials_loc = '/etc/letsencrypt/credentials/credentials-' + certificate.id;
- const credentials_cmd = '[ -f \'' + credentials_loc + '\' ] || { mkdir /etc/letsencrypt/credentials; echo \'' + certificate.meta.dns_provider_credentials.replace('\'', '\\\'') + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\'; }';
+ const credentials_cmd = '[ -f \'' + credentials_loc + '\' ] || { mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo \'' + certificate.meta.dns_provider_credentials.replace('\'', '\\\'') + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\'; }';
promises.push(utils.exec(credentials_cmd));
}
});
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 011f5d62f..acac5fafb 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -38,7 +38,6 @@ COPY global /app/global
WORKDIR /app
RUN yarn install
-RUN mkdir -p /etc/letsencrypt/credentials
# Remove frontend service not required for prod, dev nginx config as well
RUN rm -rf /etc/services.d/frontend RUN rm -f /etc/nginx/conf.d/dev.conf
diff --git a/docker/dev/Dockerfile b/docker/dev/Dockerfile
index 2d06d168f..45ee534ca 100644
--- a/docker/dev/Dockerfile
+++ b/docker/dev/Dockerfile
@@ -18,7 +18,6 @@ RUN cd /usr \
COPY rootfs /
RUN rm -f /etc/nginx/conf.d/production.conf
-RUN mkdir -p /etc/letsencrypt/credentials
# s6 overlay
RUN curl -L -o /tmp/s6-overlay-amd64.tar.gz "https://github.com/just-containers/s6-overlay/releases/download/v1.22.1.0/s6-overlay-amd64.tar.gz" \
From 3651b9484fa2179eeeba0d41263fc4a51e467e65 Mon Sep 17 00:00:00 2001
From: Jamie Curnow
Date: Fri, 6 Nov 2020 09:17:52 +1000
Subject: [PATCH 014/780] Fix for pip install error when there are no plugins
to install
---
backend/setup.js | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/backend/setup.js b/backend/setup.js
index 2a5ba9697..d58a16066 100644
--- a/backend/setup.js
+++ b/backend/setup.js
@@ -187,11 +187,17 @@ const setupCertbotPlugins = () => {
}
});
- const install_cmd = 'pip3 install ' + plugins.join(' ');
- promises.push(utils.exec(install_cmd));
- return Promise.all(promises).then(() => {
- logger.info('Added Certbot plugins ' + plugins.join(', '));
- });
+ if (plugins.length) {
+ const install_cmd = 'pip3 install ' + plugins.join(' ');
+ promises.push(utils.exec(install_cmd));
+ }
+
+ if (promises.length) {
+ return Promise.all(promises)
+ .then(() => {
+ logger.info('Added Certbot plugins ' + plugins.join(', '));
+ });
+ }
}
});
};
From ddb3c6590cc60cb35bba8a0abfacbbb8dc58e68e Mon Sep 17 00:00:00 2001
From: Jamie Curnow
Date: Fri, 6 Nov 2020 13:06:15 +1000
Subject: [PATCH 015/780] Version bump
---
.version | 2 +-
README.md | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/.version b/.version
index 6a6a3d8e3..097a15a2a 100644
--- a/.version
+++ b/.version
@@ -1 +1 @@
-2.6.1
+2.6.2
diff --git a/README.md b/README.md
index c798a6f9a..9fb93d717 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
-
+ 
From d7437cc4a7403c3fc0eb5c5ad53b4f377a702a65 Mon Sep 17 00:00:00 2001
From: Jamie Curnow
Date: Fri, 6 Nov 2020 13:17:30 +1000
Subject: [PATCH 016/780] Test for real-ip header
---
docker/rootfs/etc/nginx/conf.d/include/proxy.conf | 2 ++
1 file changed, 2 insertions(+)
diff --git a/docker/rootfs/etc/nginx/conf.d/include/proxy.conf b/docker/rootfs/etc/nginx/conf.d/include/proxy.conf
index b84a45135..bb0141f9d 100644
--- a/docker/rootfs/etc/nginx/conf.d/include/proxy.conf
+++ b/docker/rootfs/etc/nginx/conf.d/include/proxy.conf
@@ -3,4 +3,6 @@ proxy_set_header Host $host;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
+proxy_set_header X-Real-IP $http_x_real_ip;
proxy_pass $forward_scheme://$server:$port;
+
From 13eaa346bcbbb7e8bf41b8b6965e2644d5436363 Mon Sep 17 00:00:00 2001
From: Jamie Curnow
Date: Fri, 6 Nov 2020 13:21:22 +1000
Subject: [PATCH 017/780] Use remote addr as real ip
---
docker/rootfs/etc/nginx/conf.d/include/proxy.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docker/rootfs/etc/nginx/conf.d/include/proxy.conf b/docker/rootfs/etc/nginx/conf.d/include/proxy.conf
index bb0141f9d..c0dce0613 100644
--- a/docker/rootfs/etc/nginx/conf.d/include/proxy.conf
+++ b/docker/rootfs/etc/nginx/conf.d/include/proxy.conf
@@ -3,6 +3,6 @@ proxy_set_header Host $host;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
-proxy_set_header X-Real-IP $http_x_real_ip;
+proxy_set_header X-Real-IP $remote_addr;
proxy_pass $forward_scheme://$server:$port;
From 6be0343918a0fa82d767a026cce77e9178f0f243 Mon Sep 17 00:00:00 2001
From: chaptergy <26956711+chaptergy@users.noreply.github.com>
Date: Fri, 6 Nov 2020 11:49:47 +0100
Subject: [PATCH 018/780] Adds visual indicator for certificate deletion
---
frontend/js/app/nginx/certificates/delete.js | 3 +++
1 file changed, 3 insertions(+)
diff --git a/frontend/js/app/nginx/certificates/delete.js b/frontend/js/app/nginx/certificates/delete.js
index 426e25064..89a2e5e83 100644
--- a/frontend/js/app/nginx/certificates/delete.js
+++ b/frontend/js/app/nginx/certificates/delete.js
@@ -16,6 +16,8 @@ module.exports = Mn.View.extend({
events: {
'click @ui.save': function (e) {
e.preventDefault();
+ this.ui.save.addClass('btn-loading');
+ this.ui.buttons.prop('disabled', true).addClass('btn-disabled');
App.Api.Nginx.Certificates.delete(this.model.get('id'))
.then(() => {
@@ -25,6 +27,7 @@ module.exports = Mn.View.extend({
.catch(err => {
alert(err.message);
this.ui.buttons.prop('disabled', false).removeClass('btn-disabled');
+ this.ui.save.removeClass('btn-loading');
});
}
}
From 1518ecd1e981ade371bea9c11e06844159116d3a Mon Sep 17 00:00:00 2001
From: chaptergy <26956711+chaptergy@users.noreply.github.com>
Date: Fri, 6 Nov 2020 12:29:38 +0100
Subject: [PATCH 019/780] Adds autoremove of failed certificate creations in DB
---
backend/internal/certificate.js | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/backend/internal/certificate.js b/backend/internal/certificate.js
index 19e0592e9..3725c1c8f 100644
--- a/backend/internal/certificate.js
+++ b/backend/internal/certificate.js
@@ -216,6 +216,13 @@ const internalCertificate = {
return saved_row;
});
});
+ }).catch(async (error) => {
+ // Delete the certificate from the database if it was not created successfully
+ await certificateModel
+ .query()
+ .deleteById(certificate.id);
+
+ throw error;
});
} else {
return certificate;
From 57fc1d8f08cdba4c18d881ea8673f7c2c038a6a9 Mon Sep 17 00:00:00 2001
From: chaptergy <26956711+chaptergy@users.noreply.github.com>
Date: Sat, 7 Nov 2020 13:24:01 +0100
Subject: [PATCH 020/780] Removes the need of a config file and allows db
config via environment
---
.jenkins/config-mysql.json | 10 ----
.jenkins/config-sqlite.json | 11 ----
backend/index.js | 87 ++++++++++++++++++++++++++-
docker/docker-compose.ci.yml | 15 +++--
docker/docker-compose.dev.yml | 14 +++--
docs/README.md | 27 +++------
docs/setup/README.md | 107 ++++++++++++++++++----------------
7 files changed, 172 insertions(+), 99 deletions(-)
delete mode 100644 .jenkins/config-mysql.json
delete mode 100644 .jenkins/config-sqlite.json
diff --git a/.jenkins/config-mysql.json b/.jenkins/config-mysql.json
deleted file mode 100644
index 19ad2237f..000000000
--- a/.jenkins/config-mysql.json
+++ /dev/null
@@ -1,10 +0,0 @@
-{
- "database": {
- "engine": "mysql",
- "host": "db",
- "name": "npm",
- "user": "npm",
- "password": "npm",
- "port": 3306
- }
-}
\ No newline at end of file
diff --git a/.jenkins/config-sqlite.json b/.jenkins/config-sqlite.json
deleted file mode 100644
index 97d688d21..000000000
--- a/.jenkins/config-sqlite.json
+++ /dev/null
@@ -1,11 +0,0 @@
-{
- "database": {
- "engine": "knex-native",
- "knex": {
- "client": "sqlite3",
- "connection": {
- "filename": "/data/database.sqlite"
- }
- }
- }
-}
diff --git a/backend/index.js b/backend/index.js
index 0c08af328..50a263bac 100644
--- a/backend/index.js
+++ b/backend/index.js
@@ -2,7 +2,10 @@
const logger = require('./logger').global;
-function appStart () {
+async function appStart () {
+ // Create config file db settings if environment variables have been set
+ await createDbConfigFromEnvironment();
+
const migrate = require('./migrate');
const setup = require('./setup');
const app = require('./app');
@@ -10,6 +13,7 @@ function appStart () {
const internalCertificate = require('./internal/certificate');
const internalIpRanges = require('./internal/ip_ranges');
+
return migrate.latest()
.then(setup)
.then(() => {
@@ -39,6 +43,87 @@ function appStart () {
});
}
+async function createDbConfigFromEnvironment(){
+ return new Promise((resolve, reject) => {
+ const envMysqlHost = process.env.DB_MYSQL_HOST;
+ const envMysqlPort = process.env.DB_MYSQL_PORT;
+ const envMysqlUser = process.env.DB_MYSQL_USER;
+ const envMysqlName = process.env.DB_MYSQL_NAME;
+ const envSqliteFile = process.env.DB_SQLITE_FILE;
+ if ((envMysqlHost && envMysqlPort && envMysqlUser && envMysqlName) || envSqliteFile) {
+ const fs = require('fs');
+ const filename = (process.env.NODE_CONFIG_DIR || './config') + '/' + (process.env.NODE_ENV || 'default') + '.json';
+ let configData = {};
+
+ try {
+ configData = require(filename);
+ } catch (err) {
+ // do nothing
+ }
+
+ if (configData.database && configData.database.engine && !configData.database.fromEnv) {
+ logger.info('Manual db configuration already exists, skipping config creation from environment variables');
+ resolve();
+ return;
+ }
+
+ if (envMysqlHost && envMysqlPort && envMysqlUser && envMysqlName) {
+ const newConfig = {
+ fromEnv: true,
+ engine: 'mysql',
+ host: envMysqlHost,
+ port: envMysqlPort,
+ user: envMysqlUser,
+ password: process.env.DB_MYSQL_PASSWORD,
+ name: envMysqlName,
+ };
+
+ if (JSON.stringify(configData.database) === JSON.stringify(newConfig)) {
+ // Config is unchanged, skip overwrite
+ resolve();
+ return;
+ }
+
+ logger.info('Generating MySQL db configuration from environment variables');
+ configData.database = newConfig;
+
+ } else {
+ const newConfig = {
+ fromEnv: true,
+ engine: 'knex-native',
+ knex: {
+ client: 'sqlite3',
+ connection: {
+ filename: envSqliteFile
+ }
+ }
+ };
+ if (JSON.stringify(configData.database) === JSON.stringify(newConfig)) {
+ // Config is unchanged, skip overwrite
+ resolve();
+ return;
+ }
+
+ logger.info('Generating Sqlite db configuration from environment variables');
+ configData.database = newConfig;
+ }
+
+ // Write config
+ fs.writeFile(filename, JSON.stringify(configData, null, 2), (err) => {
+ if (err) {
+ logger.error('Could not write db config to config file: ' + filename);
+ reject(err);
+ } else {
+ logger.info('Wrote db configuration to config file: ' + filename);
+ resolve();
+ }
+ });
+ } else {
+ // resolve();
+ }
+ });
+}
+
try {
appStart();
} catch (err) {
diff --git a/docker/docker-compose.ci.yml b/docker/docker-compose.ci.yml
index 2228623f5..c162a77cf 100644
--- a/docker/docker-compose.ci.yml
+++ b/docker/docker-compose.ci.yml
@@ -5,11 +5,15 @@ services:
fullstack-mysql:
image: ${IMAGE}:ci-${BUILD_NUMBER}
environment:
- - NODE_ENV=development
- - FORCE_COLOR=1
+ NODE_ENV: "development"
+ FORCE_COLOR: 1
+ DB_MYSQL_HOST: "db"
+ DB_MYSQL_PORT: 3306
+ DB_MYSQL_USER: "npm"
+ DB_MYSQL_PASSWORD: "npm"
+ DB_MYSQL_NAME: "npm"
volumes:
- npm_data:/data
- - ../.jenkins/config-mysql.json:/app/config/development.json
expose:
- 81
- 80
@@ -20,8 +24,9 @@ services:
fullstack-sqlite:
image: ${IMAGE}:ci-${BUILD_NUMBER}
environment:
- - NODE_ENV=development
- - FORCE_COLOR=1
+ NODE_ENV: "development"
+ FORCE_COLOR: 1
+ DB_SQLITE_FILE: "/data/database.sqlite"
volumes:
- npm_data:/data
- ../.jenkins/config-sqlite.json:/app/config/development.json
diff --git a/docker/docker-compose.dev.yml b/docker/docker-compose.dev.yml
index 5668dbd27..a0b4547ba 100644
--- a/docker/docker-compose.dev.yml
+++ b/docker/docker-compose.dev.yml
@@ -14,10 +14,16 @@ services:
networks:
- nginx_proxy_manager
environment:
- - NODE_ENV=development
- - FORCE_COLOR=1
- - DEVELOPMENT=true
- #- DISABLE_IPV6=true
+ NODE_ENV: "development"
+ FORCE_COLOR: 1
+ DEVELOPMENT: "true"
+ DB_MYSQL_HOST: "db"
+ DB_MYSQL_PORT: 3306
+ DB_MYSQL_USER: "npm"
+ DB_MYSQL_PASSWORD: "npm"
+ DB_MYSQL_NAME: "npm"
+ # DB_SQLITE_FILE: "/data/database.sqlite"
+ # DISABLE_IPV6: "true"
volumes:
- npm_data:/data
- le_data:/etc/letsencrypt
diff --git a/docs/README.md b/docs/README.md
index 0ee8154ec..3f2f62822 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -45,21 +45,7 @@ footer: MIT Licensed | Copyright © 2016-present jc21.com
- [Docker Install documentation](https://docs.docker.com/install/)
- [Docker-Compose Install documentation](https://docs.docker.com/compose/install/)
-2. Create a config file for example
-```json
-{
- "database": {
- "engine": "mysql",
- "host": "db",
- "name": "npm",
- "user": "npm",
- "password": "npm",
- "port": 3306
- }
-}
-```
-
-3. Create a docker-compose.yml file similar to this:
+2. Create a docker-compose.yml file similar to this:
```yml
version: '3'
@@ -70,8 +56,13 @@ services:
- '80:80'
- '81:81'
- '443:443'
+ environment:
+ DB_MYSQL_HOST: "db"
+ DB_MYSQL_PORT: 3306
+ DB_MYSQL_USER: "npm"
+ DB_MYSQL_PASSWORD: "npm"
+ DB_MYSQL_NAME: "npm"
volumes:
- - ./config.json:/app/config/production.json
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
db:
@@ -85,13 +76,13 @@ services:
- ./data/mysql:/var/lib/mysql
```
-4. Bring up your stack
+3. Bring up your stack
```bash
docker-compose up -d
```
-5. Log in to the Admin UI
+4. Log in to the Admin UI
When your docker container is running, connect to it on port `81` for the admin interface.
Sometimes this can take a little bit because of the entropy of keys.
diff --git a/docs/setup/README.md b/docs/setup/README.md
index 52160e177..42f83c47b 100644
--- a/docs/setup/README.md
+++ b/docs/setup/README.md
@@ -1,50 +1,5 @@
# Full Setup Instructions
-### Configuration File
-
-**The configuration file needs to be provided by you!**
-
-Don't worry, this is easy to do.
-
-The app requires a configuration file to let it know what database you're using. By default, this file is called `config.json`
-
-Here's an example configuration for `mysql` (or mariadb) that is compatible with the docker-compose example below:
-
-```json
-{
- "database": {
- "engine": "mysql",
- "host": "db",
- "name": "npm",
- "user": "npm",
- "password": "npm",
- "port": 3306
- }
-}
-```
-
-Alternatively if you would like to use a Sqlite database file:
-
-```json
-{
- "database": {
- "engine": "knex-native",
- "knex": {
- "client": "sqlite3",
- "connection": {
- "filename": "/data/database.sqlite"
- }
- }
- }
-}
-```
-
-Once you've created your configuration file it's easy to mount it in the docker container.
-
-**Note:** After the first run of the application, the config file will be altered to include generated encryption keys unique to your installation. These keys
-affect the login and session management of the application. If these keys change for any reason, all users will be logged out.
-
-
### MySQL Database
If you opt for the MySQL configuration you will have to provide the database server yourself. You can also use MariaDB. Here are the minimum supported versions:
@@ -61,7 +16,6 @@ When using a `mariadb` database, the NPM configuration file should still use the
:::
-
### Running the App
Via `docker-compose`:
@@ -80,11 +34,18 @@ services:
# Admin Web Port:
- '81:81'
environment:
+ # These are the settings to access your db
+ DB_MYSQL_HOST: "db"
+ DB_MYSQL_PORT: 3306
+ DB_MYSQL_USER: "npm"
+ DB_MYSQL_PASSWORD: "npm"
+ DB_MYSQL_NAME: "npm"
+ # If you would rather use Sqlite uncomment this
+ # and remove all DB_MYSQL_* lines above
+ # DB_SQLITE_FILE: "/data/database.sqlite"
# Uncomment this if IPv6 is not enabled on your host
# DISABLE_IPV6: 'true'
volumes:
- # Make sure this config.json file exists as per instructions above:
- - ./config.json:/app/config/production.json
- ./data:/data
- ./letsencrypt:/etc/letsencrypt
depends_on:
@@ -101,14 +62,14 @@ services:
- ./data/mysql:/var/lib/mysql
```
+_Please note, that `DB_MYSQL_*` environment variables will take precedent over `DB_SQLITE_*` variables. So if you keep the MySQL variables, you will not be able to use Sqlite._
+
Then:
```bash
docker-compose up -d
```
-The config file (config.json) must be present in this directory.
-
### Running on Raspberry PI / ARM devices
The docker images support the following architectures:
@@ -146,3 +107,49 @@ Password: changeme
```
Immediately after logging in with this default user you will be asked to modify your details and change your password.
+
+### Configuration File
+
+::: warning
+
+This section is meant for advanced users
+
+:::
+
+If you would like more control over the database settings you can define a custom config JSON file.
+
+
+Here's an example for `sqlite` configuration as it is generated from the environment variables:
+
+```json
+{
+ "database": {
+ "engine": "knex-native",
+ "knex": {
+ "client": "sqlite3",
+ "connection": {
+ "filename": "/data/database.sqlite"
+ }
+ }
+ }
+}
+```
+
+You can modify the `knex` object with your custom configuration, but note that not all knex clients might be installed in the image.
+
+Once you've created your configuration file you can mount it to `/app/config/production.json` inside you container using:
+
+```
+[...]
+services:
+ app:
+ image: 'jc21/nginx-proxy-manager:latest'
+ [...]
+ volumes:
+ - ./config.json:/app/config/production.json
+ [...]
+[...]
+```
+
+**Note:** After the first run of the application, the config file will be altered to include generated encryption keys unique to your installation.
+These keys affect the login and session management of the application. If these keys change for any reason, all users will be logged out.
From c5ceb3b2b11690b51868f25fe4bec56cb19a66a1 Mon Sep 17 00:00:00 2001
From: chaptergy <26956711+chaptergy@users.noreply.github.com>
Date: Sat, 7 Nov 2020 13:54:18 +0100
Subject: [PATCH 021/780] Removes obsolete file mount
---
docker/docker-compose.ci.yml | 1 -
1 file changed, 1 deletion(-)
diff --git a/docker/docker-compose.ci.yml b/docker/docker-compose.ci.yml
index c162a77cf..89c38572d 100644
--- a/docker/docker-compose.ci.yml
+++ b/docker/docker-compose.ci.yml
@@ -29,7 +29,6 @@ services:
DB_SQLITE_FILE: "/data/database.sqlite"
volumes:
- npm_data:/data
- - ../.jenkins/config-sqlite.json:/app/config/development.json
expose:
- 81
- 80
From 1337c50d283241ea0b0624539f1c9cb09c9b1a3a Mon Sep 17 00:00:00 2001
From: chaptergy <26956711+chaptergy@users.noreply.github.com>
Date: Sat, 7 Nov 2020 19:37:35 +0100
Subject: [PATCH 022/780] Use `latest` tag in full setup instructions
---
docs/setup/README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/setup/README.md b/docs/setup/README.md
index 42f83c47b..8af7eee23 100644
--- a/docs/setup/README.md
+++ b/docs/setup/README.md
@@ -24,7 +24,7 @@ Via `docker-compose`:
version: "3"
services:
app:
- image: jc21/nginx-proxy-manager:2
+ image: 'jc21/nginx-proxy-manager:latest'
restart: always
ports:
# Public HTTP Port:
From 4ee5d993cf797bee4a6297b3c3d01b2e6ffc3351 Mon Sep 17 00:00:00 2001
From: Jamie Curnow
Date: Wed, 18 Nov 2020 12:21:35 +1000
Subject: [PATCH 023/780] Bumped version
---
.version | 2 +-
README.md | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/.version b/.version
index 097a15a2a..24ba9a38d 100644
--- a/.version
+++ b/.version
@@ -1 +1 @@
-2.6.2
+2.7.0
diff --git a/README.md b/README.md
index 9fb93d717..a80d05243 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
-
+ 
From 05a940e7324ad135258d36232ad378b128764354 Mon Sep 17 00:00:00 2001
From: Jamie Curnow
Date: Wed, 18 Nov 2020 21:42:03 +1000
Subject: [PATCH 024/780] Fix instances where config file exists and env vars
don't
---
backend/index.js | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/backend/index.js b/backend/index.js
index 50a263bac..3118cdc07 100644
--- a/backend/index.js
+++ b/backend/index.js
@@ -13,7 +13,6 @@ async function appStart () {
const internalCertificate = require('./internal/certificate');
const internalIpRanges = require('./internal/ip_ranges');
-
return migrate.latest()
.then(setup)
.then(() => {
@@ -43,13 +42,14 @@ async function appStart () {
});
}
-async function createDbConfigFromEnvironment(){
+async function createDbConfigFromEnvironment() {
return new Promise((resolve, reject) => {
- const envMysqlHost = process.env.DB_MYSQL_HOST;
- const envMysqlPort = process.env.DB_MYSQL_PORT;
- const envMysqlUser = process.env.DB_MYSQL_USER;
- const envMysqlName = process.env.DB_MYSQL_NAME;
- const envSqliteFile = process.env.DB_SQLITE_FILE;
+ const envMysqlHost = process.env.DB_MYSQL_HOST || null;
+ const envMysqlPort = process.env.DB_MYSQL_PORT || null;
+ const envMysqlUser = process.env.DB_MYSQL_USER || null;
+ const envMysqlName = process.env.DB_MYSQL_NAME || null;
+ const envSqliteFile = process.env.DB_SQLITE_FILE || null;
+
if ((envMysqlHost && envMysqlPort && envMysqlUser && envMysqlName) || envSqliteFile) {
const fs = require('fs');
const filename = (process.env.NODE_CONFIG_DIR || './config') + '/' + (process.env.NODE_ENV || 'default') + '.json';
@@ -119,7 +119,7 @@ async function createDbConfigFromEnvironment(){
}
});
} else {
- // resolve();
+ resolve();
}
});
}
@@ -130,3 +130,4 @@ try {
logger.error(err.message, err);
process.exit(1);
}
+
From 94eec805df2bc2f92f1902f66da513e1740d4670 Mon Sep 17 00:00:00 2001
From: Jamie Curnow
Date: Wed, 18 Nov 2020 21:46:21 +1000
Subject: [PATCH 025/780] Version bump
---
.version | 2 +-
README.md | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/.version b/.version
index 24ba9a38d..860487ca1 100644
--- a/.version
+++ b/.version
@@ -1 +1 @@
-2.7.0
+2.7.1
diff --git a/README.md b/README.md
index a80d05243..a6e99bc06 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
-
+ 
From 6fed642aba0c81098f0a87b1a7d067472ba70876 Mon Sep 17 00:00:00 2001
From: Jamie Curnow
Date: Sun, 22 Nov 2020 16:57:12 +1000
Subject: [PATCH 026/780] Cypress docker build should be faster and added
mkcert for later
---
docker/Dockerfile | 2 +-
docker/docker-compose.ci.yml | 8 ++++----
test/.dockerignore | 1 +
test/cypress/Dockerfile | 9 +++++++--
test/package.json | 2 +-
5 files changed, 14 insertions(+), 8 deletions(-)
create mode 100644 test/.dockerignore
diff --git a/docker/Dockerfile b/docker/Dockerfile
index acac5fafb..f243208c4 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -34,7 +34,7 @@ EXPOSE 443
COPY docker/rootfs /
ADD backend /app
ADD frontend/dist /app/frontend
-COPY global /app/global
+COPY global /app/global
WORKDIR /app
RUN yarn install
diff --git a/docker/docker-compose.ci.yml b/docker/docker-compose.ci.yml
index 89c38572d..771b82990 100644
--- a/docker/docker-compose.ci.yml
+++ b/docker/docker-compose.ci.yml
@@ -47,8 +47,8 @@ services:
cypress-mysql:
image: ${IMAGE}-cypress:ci-${BUILD_NUMBER}
build:
- context: ../
- dockerfile: test/cypress/Dockerfile
+ context: ../test/
+ dockerfile: cypress/Dockerfile
environment:
CYPRESS_baseUrl: "http://fullstack-mysql:81"
volumes:
@@ -58,8 +58,8 @@ services:
cypress-sqlite:
image: ${IMAGE}-cypress:ci-${BUILD_NUMBER}
build:
- context: ../
- dockerfile: test/cypress/Dockerfile
+ context: ../test/
+ dockerfile: cypress/Dockerfile
environment:
CYPRESS_baseUrl: "http://fullstack-sqlite:81"
volumes:
diff --git a/test/.dockerignore b/test/.dockerignore
new file mode 100644
index 000000000..b512c09d4
--- /dev/null
+++ b/test/.dockerignore
@@ -0,0 +1 @@
+node_modules
\ No newline at end of file
diff --git a/test/cypress/Dockerfile b/test/cypress/Dockerfile
index 107fa9651..be04748a2 100644
--- a/test/cypress/Dockerfile
+++ b/test/cypress/Dockerfile
@@ -1,6 +1,11 @@
-FROM cypress/included:4.12.1
+FROM cypress/included:5.6.0
-COPY --chown=1000 ./test /test
+COPY --chown=1000 ./ /test
+
+# mkcert
+ENV MKCERT=1.4.2
+RUN wget -O /usr/bin/mkcert "https://github.com/FiloSottile/mkcert/releases/download/v${MKCERT}/mkcert-v${MKCERT}-linux-amd64" \
+ && chmod +x /usr/bin/mkcert
WORKDIR /test
RUN yarn install
diff --git a/test/package.json b/test/package.json
index 4dd02249a..781597b33 100644
--- a/test/package.json
+++ b/test/package.json
@@ -7,7 +7,7 @@
"@jc21/cypress-swagger-validation": "^0.0.9",
"@jc21/restler": "^3.4.0",
"chalk": "^4.1.0",
- "cypress": "^4.12.1",
+ "cypress": "^5.6.0",
"cypress-multi-reporters": "^1.4.0",
"cypress-plugin-retries": "^1.5.2",
"eslint": "^7.6.0",
From 62053d15d48044e02a1b9ad3b3dc726d2a976c5f Mon Sep 17 00:00:00 2001
From: WaterCalm
Date: Sun, 22 Nov 2020 16:08:56 +0800
Subject: [PATCH 027/780] add aliyun DNS plugin
add aliyun DNS plugin
---
global/certbot-dns-plugins.js | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/global/certbot-dns-plugins.js b/global/certbot-dns-plugins.js
index d0afafd45..45f478e3a 100644
--- a/global/certbot-dns-plugins.js
+++ b/global/certbot-dns-plugins.js
@@ -20,6 +20,16 @@
*/
module.exports = {
+ aliyun: {
+ display_name: 'Aliyun',
+ package_name: 'certbot-dns-aliyun',
+ package_version: '0.38.1',
+ dependencies: '',
+ credentials: `certbot_dns_aliyun:dns_aliyun_access_key = 12345678
+certbot_dns_aliyun:dns_aliyun_access_key_secret = 1234567890abcdef1234567890abcdef`,
+ full_plugin_name: 'certbot-dns-aliyun:dns-aliyun',
+ },
+ //####################################################//
cloudflare: {
display_name: 'Cloudflare',
package_name: 'certbot-dns-cloudflare',
@@ -272,4 +282,4 @@ aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY`,
credentials: 'certbot_dns_vultr:dns_vultr_key = YOUR_VULTR_API_KEY',
full_plugin_name: 'certbot-dns-vultr:dns-vultr',
},
-};
\ No newline at end of file
+};
From bc1c50ac92396b82169f2551d0df0a963b415b40 Mon Sep 17 00:00:00 2001
From: Jamie Curnow
Date: Sun, 22 Nov 2020 21:50:57 +1000
Subject: [PATCH 028/780] Added contributor
---
README.md | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/README.md b/README.md
index a6e99bc06..4a0fef72f 100644
--- a/README.md
+++ b/README.md
@@ -205,6 +205,12 @@ Special thanks to the following contributors:
Philip Mooney
+
+
+ 
+
WaterCalm
+
+ |
From 528e5ef3bcf84fae7afd614493e8a9876940cd79 Mon Sep 17 00:00:00 2001
From: Kyle Harding
Date: Tue, 1 Dec 2020 14:22:31 -0500
Subject: [PATCH 029/780] allow custom stream conf
Allow a top-level custom `stream` configuration file to be loaded.
---
docker/rootfs/etc/nginx/nginx.conf | 3 +++
1 file changed, 3 insertions(+)
diff --git a/docker/rootfs/etc/nginx/nginx.conf b/docker/rootfs/etc/nginx/nginx.conf
index ed58a5f24..4524d2d23 100644
--- a/docker/rootfs/etc/nginx/nginx.conf
+++ b/docker/rootfs/etc/nginx/nginx.conf
@@ -84,6 +84,9 @@ http {
stream {
# Files generated by NPM
include /data/nginx/stream/*.conf;
+
+ # Custom
+ include /data/nginx/custom/stream[.]conf;
}
# Custom
From 6bd2ac7d6dd354d8415b3d28346c68e962e7f163 Mon Sep 17 00:00:00 2001
From: Kyle Harding
Date: Tue, 1 Dec 2020 14:24:14 -0500
Subject: [PATCH 030/780] Update README.md
---
docs/advanced-config/README.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/docs/advanced-config/README.md b/docs/advanced-config/README.md
index 30daf2593..7c622d59c 100644
--- a/docs/advanced-config/README.md
+++ b/docs/advanced-config/README.md
@@ -24,6 +24,7 @@ You can add your custom configuration snippet files at `/data/nginx/custom` as f
- `/data/nginx/custom/root.conf`: Included at the very end of nginx.conf
- `/data/nginx/custom/http.conf`: Included at the end of the main http block
+ - `/data/nginx/custom/stream.conf`: Included at the end of the main stream block
- `/data/nginx/custom/server_proxy.conf`: Included at the end of every proxy server block
- `/data/nginx/custom/server_redirect.conf`: Included at the end of every redirection server block
- `/data/nginx/custom/server_stream.conf`: Included at the end of every stream server block
From 07b69f41ebf37ef060d329fad23d7362039d5df5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 12 Dec 2020 08:23:45 +0000
Subject: [PATCH 031/780] Bump ini from 1.3.5 to 1.3.8 in /backend
Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.8.
- [Release notes](https://github.com/isaacs/ini/releases)
- [Commits](https://github.com/isaacs/ini/compare/v1.3.5...v1.3.8)
Signed-off-by: dependabot[bot]
---
backend/yarn.lock | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/backend/yarn.lock b/backend/yarn.lock
index 8e3d3dfb4..8152980b0 100644
--- a/backend/yarn.lock
+++ b/backend/yarn.lock
@@ -1548,9 +1548,9 @@ inherits@2.0.3:
integrity sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4=
ini@^1.3.4, ini@^1.3.5, ini@~1.3.0:
- version "1.3.5"
- resolved "https://registry.yarnpkg.com/ini/-/ini-1.3.5.tgz#eee25f56db1c9ec6085e0c22778083f596abf927"
- integrity sha512-RZY5huIKCMRWDUqZlEi72f/lmXKMvuszcMBduliQ3nnWbx9X/ZBQO7DijMEYS9EhHBb2qacRUMtC7svLwe0lcw==
+ version "1.3.8"
+ resolved "https://registry.yarnpkg.com/ini/-/ini-1.3.8.tgz#a29da425b48806f34767a4efce397269af28432c"
+ integrity sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew==
inquirer@^7.0.0:
version "7.3.3"
From 6e97bfa71756f022159b6cf49d123cad2cd86bb6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 12 Dec 2020 08:23:59 +0000
Subject: [PATCH 032/780] Bump ini from 1.3.5 to 1.3.8 in /test
Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.8.
- [Release notes](https://github.com/isaacs/ini/releases)
- [Commits](https://github.com/isaacs/ini/compare/v1.3.5...v1.3.8)
Signed-off-by: dependabot[bot]
---
test/yarn.lock | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/test/yarn.lock b/test/yarn.lock
index 65dd86257..c1fe005bc 100644
--- a/test/yarn.lock
+++ b/test/yarn.lock
@@ -1293,9 +1293,9 @@ inherits@2, inherits@^2.0.3, inherits@~2.0.3:
integrity sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==
ini@^1.3.5:
- version "1.3.5"
- resolved "https://registry.yarnpkg.com/ini/-/ini-1.3.5.tgz#eee25f56db1c9ec6085e0c22778083f596abf927"
- integrity sha512-RZY5huIKCMRWDUqZlEi72f/lmXKMvuszcMBduliQ3nnWbx9X/ZBQO7DijMEYS9EhHBb2qacRUMtC7svLwe0lcw==
+ version "1.3.8"
+ resolved "https://registry.yarnpkg.com/ini/-/ini-1.3.8.tgz#a29da425b48806f34767a4efce397269af28432c"
+ integrity sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew==
is-arguments@^1.0.4:
version "1.0.4"
From 9dd0ebd899ffda5170afbd2e94209747c55f49b5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 12 Dec 2020 10:17:11 +0000
Subject: [PATCH 033/780] Bump ini from 1.3.5 to 1.3.8 in /docs
Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.8.
- [Release notes](https://github.com/isaacs/ini/releases)
- [Commits](https://github.com/isaacs/ini/compare/v1.3.5...v1.3.8)
Signed-off-by: dependabot[bot]
---
docs/yarn.lock | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/docs/yarn.lock b/docs/yarn.lock
index f87d49264..0911a239a 100644
--- a/docs/yarn.lock
+++ b/docs/yarn.lock
@@ -5125,9 +5125,9 @@ inherits@2.0.3:
integrity sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4=
ini@^1.3.5, ini@~1.3.0:
- version "1.3.5"
- resolved "https://registry.yarnpkg.com/ini/-/ini-1.3.5.tgz#eee25f56db1c9ec6085e0c22778083f596abf927"
- integrity sha512-RZY5huIKCMRWDUqZlEi72f/lmXKMvuszcMBduliQ3nnWbx9X/ZBQO7DijMEYS9EhHBb2qacRUMtC7svLwe0lcw==
+ version "1.3.8"
+ resolved "https://registry.yarnpkg.com/ini/-/ini-1.3.8.tgz#a29da425b48806f34767a4efce397269af28432c"
+ integrity sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew==
internal-ip@^4.3.0:
version "4.3.0"
From 6af13d4f40f3735a5026269a1809c5b41f9d08e4 Mon Sep 17 00:00:00 2001
From: chaptergy <26956711+chaptergy@users.noreply.github.com>
Date: Mon, 14 Dec 2020 12:08:39 +0100
Subject: [PATCH 034/780] Removes explicit privkeytype check and adds
passphrase error
---
backend/internal/certificate.js | 32 +++++++++++++--------
frontend/js/app/nginx/certificates/form.ejs | 3 ++
frontend/js/i18n/messages.json | 3 +-
3 files changed, 25 insertions(+), 13 deletions(-)
diff --git a/backend/internal/certificate.js b/backend/internal/certificate.js
index 3725c1c8f..030b344cd 100644
--- a/backend/internal/certificate.js
+++ b/backend/internal/certificate.js
@@ -615,18 +615,26 @@ const internalCertificate = {
checkPrivateKey: (private_key) => {
return tempWrite(private_key, '/tmp')
.then((filepath) => {
- let key_type = private_key.includes('-----BEGIN RSA') ? 'rsa' : 'ec';
- return utils.exec('openssl ' + key_type + ' -in ' + filepath + ' -check -noout 2>&1 ')
- .then((result) => {
- if (!result.toLowerCase().includes('key ok') && !result.toLowerCase().includes('key valid') ) {
- throw new error.ValidationError('Result Validation Error: ' + result);
- }
- fs.unlinkSync(filepath);
- return true;
- }).catch((err) => {
- fs.unlinkSync(filepath);
- throw new error.ValidationError('Certificate Key is not valid (' + err.message + ')', err);
- });
+ return new Promise((resolve, reject) => {
+ const failTimeout = setTimeout(() => {
+ reject(new error.ValidationError('Result Validation Error: Validation timed out. This could be due to the key being passphrase-protected.'));
+ }, 10000);
+ utils
+ .exec('openssl pkey -in ' + filepath + ' -check -noout 2>&1 ')
+ .then((result) => {
+ clearTimeout(failTimeout);
+ if (!result.toLowerCase().includes('key is valid')) {
+ reject(new error.ValidationError('Result Validation Error: ' + result));
+ }
+ fs.unlinkSync(filepath);
+ resolve(true);
+ })
+ .catch((err) => {
+ clearTimeout(failTimeout);
+ fs.unlinkSync(filepath);
+ reject(new error.ValidationError('Certificate Key is not valid (' + err.message + ')', err));
+ });
+ });
});
},
diff --git a/frontend/js/app/nginx/certificates/form.ejs b/frontend/js/app/nginx/certificates/form.ejs
index 4e40e0bf6..c8b1369fb 100644
--- a/frontend/js/app/nginx/certificates/form.ejs
+++ b/frontend/js/app/nginx/certificates/form.ejs
@@ -129,6 +129,9 @@