Skip to content

Commit 3a9fc8e

Browse files
Jamie Curnowjc21
authored andcommitted
certificates work
1 parent cf417fb commit 3a9fc8e

File tree

12 files changed

+507
-105
lines changed

12 files changed

+507
-105
lines changed

rootfs/etc/nginx/nginx.conf

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,7 @@ http {
5454
include /data/nginx/proxy_host/*.conf;
5555
include /data/nginx/redirection_host/*.conf;
5656
include /data/nginx/dead_host/*.conf;
57+
include /data/nginx/temp/*.conf;
5758
}
5859

5960
stream {

rootfs/etc/services.d/nginx/run

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
mkdir -p /tmp/nginx/body \
44
/var/log/nginx \
55
/data/{nginx,logs,access} \
6-
/data/nginx/{proxy_host,redirection_host,stream,dead_host} \
6+
/data/nginx/{proxy_host,redirection_host,stream,dead_host,temp} \
77
/var/lib/nginx/cache/{public,private}
88

99
touch /var/log/nginx/error.log && chmod 777 /var/log/nginx/error.log

src/backend/internal/certificate.js

Lines changed: 276 additions & 76 deletions
Large diffs are not rendered by default.

src/backend/internal/host.js

Lines changed: 82 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,57 @@ const deadHostModel = require('../models/dead_host');
66

77
const internalHost = {
88

9+
/**
10+
* This returns all the host types with any ___domain listed in the provided domain_names array.
11+
* This is used by the certificates to temporarily disable any host that is using the ___domain
12+
*
13+
* @param {Array} domain_names
14+
* @returns {Promise}
15+
*/
16+
getHostsWithDomains: function (domain_names) {
17+
let promises = [
18+
proxyHostModel
19+
.query()
20+
.where('is_deleted', 0),
21+
redirectionHostModel
22+
.query()
23+
.where('is_deleted', 0),
24+
deadHostModel
25+
.query()
26+
.where('is_deleted', 0)
27+
];
28+
29+
return Promise.all(promises)
30+
.then(promises_results => {
31+
let response_object = {
32+
total_count: 0,
33+
dead_hosts: [],
34+
proxy_hosts: [],
35+
redirection_hosts: []
36+
};
37+
38+
if (promises_results[0]) {
39+
// Proxy Hosts
40+
response_object.proxy_hosts = internalHost._getHostsWithDomains(promises_results[0], domain_names);
41+
response_object.total_count += response_object.proxy_hosts.length;
42+
}
43+
44+
if (promises_results[1]) {
45+
// Redirection Hosts
46+
response_object.redirection_hosts = internalHost._getHostsWithDomains(promises_results[1], domain_names);
47+
response_object.total_count += response_object.redirection_hosts.length;
48+
}
49+
50+
if (promises_results[1]) {
51+
// Dead Hosts
52+
response_object.dead_hosts = internalHost._getHostsWithDomains(promises_results[2], domain_names);
53+
response_object.total_count += response_object.dead_hosts.length;
54+
}
55+
56+
return response_object;
57+
});
58+
},
59+
960
/**
1061
* Internal use only, checks to see if the ___domain is already taken by any other record
1162
*
@@ -87,6 +138,37 @@ const internalHost = {
87138
}
88139

89140
return is_taken;
141+
},
142+
143+
/**
144+
* Private call only
145+
*
146+
* @param {Array} hosts
147+
* @param {Array} domain_names
148+
* @returns {Array}
149+
*/
150+
_getHostsWithDomains: function (hosts, domain_names) {
151+
let response = [];
152+
153+
if (hosts && hosts.length) {
154+
hosts.map(function (host) {
155+
let host_matches = false;
156+
157+
domain_names.map(function (domain_name) {
158+
host.domain_names.map(function (host_domain_name) {
159+
if (domain_name.toLowerCase() === host_domain_name.toLowerCase()) {
160+
host_matches = true;
161+
}
162+
});
163+
});
164+
165+
if (host_matches) {
166+
response.push(host);
167+
}
168+
});
169+
}
170+
171+
return response;
90172
}
91173

92174
};

src/backend/internal/nginx.js

Lines changed: 116 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,12 @@
11
'use strict';
22

3-
const _ = require('lodash');
4-
const fs = require('fs');
5-
const Liquid = require('liquidjs');
6-
const logger = require('../logger').nginx;
7-
const utils = require('../lib/utils');
8-
const error = require('../lib/error');
9-
const internalCertificate = require('./certificate');
10-
const debug_mode = process.env.NODE_ENV !== 'production';
3+
const _ = require('lodash');
4+
const fs = require('fs');
5+
const Liquid = require('liquidjs');
6+
const logger = require('../logger').nginx;
7+
const utils = require('../lib/utils');
8+
const error = require('../lib/error');
9+
const debug_mode = process.env.NODE_ENV !== 'production';
1110

1211
const internalNginx = {
1312

@@ -120,7 +119,7 @@ const internalNginx = {
120119
}
121120

122121
let renderEngine = Liquid({
123-
root: __dirname + '/../templates/',
122+
root: __dirname + '/../templates/'
124123
});
125124

126125
return new Promise((resolve, reject) => {
@@ -154,6 +153,85 @@ const internalNginx = {
154153
});
155154
},
156155

156+
/**
157+
* This generates a temporary nginx config listening on port 80 for the ___domain names listed
158+
* in the certificate setup. It allows the letsencrypt acme challenge to be requested by letsencrypt
159+
* when requesting a certificate without having a hostname set up already.
160+
*
161+
* @param {Object} certificate
162+
* @returns {Promise}
163+
*/
164+
generateLetsEncryptRequestConfig: certificate => {
165+
if (debug_mode) {
166+
logger.info('Generating LetsEncrypt Request Config:', certificate);
167+
}
168+
169+
let renderEngine = Liquid({
170+
root: __dirname + '/../templates/'
171+
});
172+
173+
return new Promise((resolve, reject) => {
174+
let template = null;
175+
let filename = '/data/nginx/temp/letsencrypt_' + certificate.id + '.conf';
176+
try {
177+
template = fs.readFileSync(__dirname + '/../templates/letsencrypt-request.conf', {encoding: 'utf8'});
178+
} catch (err) {
179+
reject(new error.ConfigurationError(err.message));
180+
return;
181+
}
182+
183+
renderEngine
184+
.parseAndRender(template, certificate)
185+
.then(config_text => {
186+
fs.writeFileSync(filename, config_text, {encoding: 'utf8'});
187+
188+
if (debug_mode) {
189+
logger.success('Wrote config:', filename, config_text);
190+
}
191+
192+
resolve(true);
193+
})
194+
.catch(err => {
195+
if (debug_mode) {
196+
logger.warn('Could not write ' + filename + ':', err.message);
197+
}
198+
199+
reject(new error.ConfigurationError(err.message));
200+
});
201+
});
202+
},
203+
204+
/**
205+
* This removes the temporary nginx config file generated by `generateLetsEncryptRequestConfig`
206+
*
207+
* @param {Object} certificate
208+
* @param {Boolean} [throw_errors]
209+
* @returns {Promise}
210+
*/
211+
deleteLetsEncryptRequestConfig: (certificate, throw_errors) => {
212+
return new Promise((resolve, reject) => {
213+
try {
214+
let config_file = '/data/nginx/temp/letsencrypt_' + certificate.id + '.conf';
215+
216+
if (debug_mode) {
217+
logger.warn('Deleting nginx config: ' + config_file);
218+
}
219+
220+
fs.unlinkSync(config_file);
221+
} catch (err) {
222+
if (debug_mode) {
223+
logger.warn('Could not delete config:', err.message);
224+
}
225+
226+
if (throw_errors) {
227+
reject(err);
228+
}
229+
}
230+
231+
resolve();
232+
});
233+
},
234+
157235
/**
158236
* @param {String} host_type
159237
* @param {Object} host
@@ -184,6 +262,35 @@ const internalNginx = {
184262

185263
resolve();
186264
});
265+
},
266+
267+
/**
268+
* @param {String} host_type
269+
* @param {Array} hosts
270+
* @returns {Promise}
271+
*/
272+
bulkGenerateConfigs: (host_type, hosts) => {
273+
let promises = [];
274+
hosts.map(function (host) {
275+
promises.push(internalNginx.generateConfig(host_type, host));
276+
});
277+
278+
return Promise.all(promises);
279+
},
280+
281+
/**
282+
* @param {String} host_type
283+
* @param {Array} hosts
284+
* @param {Boolean} [throw_errors]
285+
* @returns {Promise}
286+
*/
287+
bulkDeleteConfigs: (host_type, hosts, throw_errors) => {
288+
let promises = [];
289+
hosts.map(function (host) {
290+
promises.push(internalNginx.deleteConfig(host_type, host, throw_errors));
291+
});
292+
293+
return Promise.all(promises);
187294
}
188295
};
189296

src/backend/templates/_assets.conf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
11
{% if caching_enabled == 1 or caching_enabled == true -%}
22
# Asset Caching
33
include conf.d/include/assets.conf;
4-
{%- endif %}
4+
{% endif %}
Lines changed: 6 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,10 @@
1-
{%- if certificate and certificate_id > 0 -%}
2-
{%- if certificate.provider == "letsencrypt" %}
1+
{% if certificate and certificate_id > 0 -%}
2+
{% if certificate.provider == "letsencrypt" %}
33
# Let's Encrypt SSL
44
include conf.d/include/letsencrypt-acme-challenge.conf;
55
include conf.d/include/ssl-ciphers.conf;
6-
ssl_certificate /etc/letsencrypt/live/npm-{{ certificate.id }}/fullchain.pem;
7-
ssl_certificate_key /etc/letsencrypt/live/npm-{{ certificate.id }}/privkey.pem;
8-
{%- endif -%}
9-
6+
ssl_certificate /etc/letsencrypt/live/npm-{{ certificate_id }}/fullchain.pem;
7+
ssl_certificate_key /etc/letsencrypt/live/npm-{{ certificate_id }}/privkey.pem;
8+
{% endif %}
109
# TODO: Custom SSL paths
11-
12-
{%- endif %}
10+
{% endif %}

src/backend/templates/_exploits.conf

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
{% if block_exploits == 1 or block_exploits == true -%}
1+
{% if block_exploits == 1 or block_exploits == true %}
22
# Block Exploits
33
include conf.d/include/block-exploits.conf;
4-
{%- endif -%}
4+
{% endif %}
Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
1-
{%- if certificate and certificate_id > 0 -%}
2-
{%- if ssl_forced == 1 or ssl_forced == true -%}
1+
{% if certificate and certificate_id > 0 -%}
2+
{% if ssl_forced == 1 or ssl_forced == true %}
33
# Force SSL
44
include conf.d/include/force-ssl.conf;
5-
{%- endif -%}
6-
{%- endif %}
5+
{% endif %}
6+
{% endif %}
Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,3 @@
11
# ------------------------------------------------------------
22
# {{ domain_names | join: ", " }}
3-
# ------------------------------------------------------------
3+
# ------------------------------------------------------------

0 commit comments

Comments
 (0)