WIP: started adding new host type ssl passthrough

Author: chaptergy

backend/internal/host.js

@@ -1,7 +1,8 @@
-const _                    = require('lodash');
-const proxyHostModel       = require('../models/proxy_host');
-const redirectionHostModel = require('../models/redirection_host');
-const deadHostModel        = require('../models/dead_host');
+const _                       = require('lodash');
+const proxyHostModel          = require('../models/proxy_host');
+const redirectionHostModel    = require('../models/redirection_host');
+const deadHostModel           = require('../models/dead_host');
+const sslPassthroughHostModel = require('../models/ssl_passthrough_host');
 
 const internalHost = {
 
@@ -81,6 +82,9 @@ const internalHost = {
 				.query()
 				.where('is_deleted', 0),
 			deadHostModel
+				.query()
+				.where('is_deleted', 0),
+			sslPassthroughHostModel
 				.query()
 				.where('is_deleted', 0)
 		];
@@ -112,6 +116,12 @@ const internalHost = {
 					response_object.total_count += response_object.dead_hosts.length;
 				}
 
+				if (promises_results[3]) {
+					// SSL Passthrough Hosts
+					response_object.ssl_passthrough_hosts   = internalHost._getHostsWithDomains(promises_results[3], domain_names);
+					response_object.total_count += response_object.ssl_passthrough_hosts.length;
+				}
+
 				return response_object;
 			});
 	},
@@ -137,7 +147,11 @@ const internalHost = {
 			deadHostModel
 				.query()
 				.where('is_deleted', 0)
-				.andWhere('domain_names', 'like', '%' + hostname + '%')
+				.andWhere('domain_names', 'like', '%' + hostname + '%'),
+			sslPassthroughHostModel
+				.query()
+				.where('is_deleted', 0)
+				.andWhere('domain_name', '=', hostname),
 		];
 
 		return Promise.all(promises)
@@ -165,6 +179,13 @@ const internalHost = {
 					}
 				}
 
+				if (promises_results[3]) {
+					// SSL Passthrough Hosts
+					if (internalHost._checkHostnameRecordsTaken(hostname, promises_results[3], ignore_type === 'ssl_passthrough' && ignore_id ? ignore_id : 0)) {
+						is_taken = true;
+					}
+				}
+
 				return {
 					hostname: hostname,
 					is_taken: is_taken

backend/internal/nginx.js

@@ -1,10 +1,11 @@
-const _          = require('lodash');
-const fs         = require('fs');
-const logger     = require('../logger').nginx;
-const utils      = require('../lib/utils');
-const error      = require('../lib/error');
-const { Liquid } = require('liquidjs');
-const debug_mode = process.env.NODE_ENV !== 'production' || !!process.env.DEBUG;
+const _                       = require('lodash');
+const fs                      = require('fs');
+const logger                  = require('../logger').nginx;
+const utils                   = require('../lib/utils');
+const error                   = require('../lib/error');
+const { Liquid }              = require('liquidjs');
+const passthroughHostModel    = require('../models/ssl_passthrough_host');
+const debug_mode              = process.env.NODE_ENV !== 'production' || !!process.env.DEBUG;
 
 const internalNginx = {
 
@@ -44,12 +45,21 @@ const internalNginx = {
 							nginx_err:    null
 						});
 
+						if(host_type === 'ssl_passthrough_host'){
+							return passthroughHostModel
+								.query()
+								.patch({
+									meta: combined_meta
+								});
+						}
+
 						return model
 							.query()
 							.where('id', host.id)
 							.patch({
 								meta: combined_meta
 							});
+						
 					})
 					.catch((err) => {
 						// Remove the error_log line because it's a docker-ism false positive that doesn't need to be reported.
@@ -125,6 +135,8 @@ const internalNginx = {
 
 		if (host_type === 'default') {
 			return '/data/nginx/default_host/site.conf';
+		} else if (host_type === 'ssl_passthrough_host') {
+			return '/data/nginx/ssl_passthrough_host/hosts.conf';
 		}
 
 		return '/data/nginx/' + host_type + '/' + host_id + '.conf';
@@ -199,7 +211,7 @@ const internalNginx = {
 			root: __dirname + '/../templates/'
 		});
 
-		return new Promise((resolve, reject) => {
+		return new Promise(async (resolve, reject) => {
 			let template = null;
 			let filename = internalNginx.getConfigName(host_type, host.id);
 
@@ -214,7 +226,25 @@ const internalNginx = {
 			let origLocations;
 
 			// Manipulate the data a bit before sending it to the template
-			if (host_type !== 'default') {
+			if (host_type === 'ssl_passthrough_host') {
+				if(internalNginx.sslPassthroughEnabled()){
+					const allHosts = await passthroughHostModel
+						.query()
+						.where('is_deleted', 0)
+						.groupBy('id')
+						.omit(['is_deleted']);
+					host = {
+						all_passthrough_hosts: allHosts.map((host) => {
+							// Replace dots in ___domain
+							host.escaped_name = host.domain_name.replace(/\./, '_');
+							host.forwarding_host = internalNginx.addIpv6Brackets(host.forwarding_host);
+						}),
+					}
+				} else {
+					internalNginx.deleteConfig(host_type, host)
+				}
+				
+			} else if (host_type !== 'default') {
 				host.use_default_location = true;
 				if (typeof host.advanced_config !== 'undefined' && host.advanced_config) {
 					host.use_default_location = !internalNginx.advancedConfigHasDefaultLocation(host.advanced_config);
@@ -429,6 +459,33 @@ const internalNginx = {
 		}
 
 		return true;
+	},
+
+	/**
+	 * @returns {boolean}
+	 */
+	sslPassthroughEnabled: function () {
+		if (typeof process.env.ENABLE_SSL_PASSTHROUGH !== 'undefined') {
+			const enabled = process.env.ENABLE_SSL_PASSTHROUGH.toLowerCase();
+			return (enabled === 'on' || enabled === 'true' || enabled === '1' || enabled === 'yes');
+		}
+
+		return true;
+	},
+
+	/**
+	 * Helper function to add brackets to an IP if it is IPv6
+	 * @returns {string}
+	 */
+	 addIpv6Brackets: function (ip) {
+		// Only run check if ipv6 is enabled
+		if (internalNginx.ipv6Enabled()) {
+			const ipv6Regex = /^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$/gi;
+			if(ipv6Regex.test(ip)){
+				return `[${ip}]`
+			}
+		}
+		return ip;
 	}
 };