jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

provision: delay initialization of secrets until provision time

Browse Source 
when we create the DO 1-click image, the key also gets snapshotted.

https://community.letsencrypt.org/t/receiving-expiration-emails-for-dozens-of-domains/165441
This commit is contained in:
Girish Ramakrishnan
2021-11-15 23:28:19 -08:00
parent 42eef42cf3
commit 01a1803625
3 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/nginxconfig.ejs
+3
View File
@@ -87,7 +87,10 @@ server {
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256;
ssl_prefer_server_ciphers off; ssl_prefer_server_ciphers off;
# dhparams is generated only after dns setup
<% if (endpoint !== 'ip' && endpoint !== 'setup') { -%>
ssl_dhparam /home/yellowtent/platformdata/dhparams.pem; ssl_dhparam /home/yellowtent/platformdata/dhparams.pem;
<% } -%>
add_header Strict-Transport-Security "max-age=63072000"; add_header Strict-Transport-Security "max-age=63072000";
<% if ( ocsp ) { -%> <% if ( ocsp ) { -%>
src/provision.js
+2
View File
@@ -10,6 +10,7 @@ exports = module.exports = {
const assert = require('assert'), const assert = require('assert'),
backups = require('./backups.js'), backups = require('./backups.js'),
backuptask = require('./backuptask.js'), backuptask = require('./backuptask.js'),
blobs = require('./blobs.js'),
BoxError = require('./boxerror.js'), BoxError = require('./boxerror.js'),
branding = require('./branding.js'), branding = require('./branding.js'),
constants = require('./constants.js'), constants = require('./constants.js'),
@@ -61,6 +62,7 @@ async function setupTask(domain, auditSource) {
assert.strictEqual(typeof auditSource, 'object'); assert.strictEqual(typeof auditSource, 'object');
try { try {
await blobs.initSecrets();
await cloudron.setupDnsAndCert(constants.DASHBOARD_LOCATION, domain, auditSource, (progress) => setProgress('setup', progress.message)); await cloudron.setupDnsAndCert(constants.DASHBOARD_LOCATION, domain, auditSource, (progress) => setProgress('setup', progress.message));
await cloudron.setDashboardDomain(domain, auditSource); await cloudron.setDashboardDomain(domain, auditSource);
setProgress('setup', 'Done'), setProgress('setup', 'Done'),
src/server.js
-2
View File
@@ -6,7 +6,6 @@ exports = module.exports = {
}; };
const assert = require('assert'), const assert = require('assert'),
blobs = require('./blobs.js'),
cloudron = require('./cloudron.js'), cloudron = require('./cloudron.js'),
constants = require('./constants.js'), constants = require('./constants.js'),
database = require('./database.js'), database = require('./database.js'),
@@ -380,7 +379,6 @@ async function start() {
await database.initialize(); await database.initialize();
await settings.initCache(); // pre-load very often used settings await settings.initCache(); // pre-load very often used settings
await blobs.initSecrets();
await cloudron.initialize(); await cloudron.initialize();
await util.promisify(gHttpServer.listen.bind(gHttpServer))(constants.PORT, '127.0.0.1'); await util.promisify(gHttpServer.listen.bind(gHttpServer))(constants.PORT, '127.0.0.1');
await safe(eventlog.add(eventlog.ACTION_START, { userId: null, username: 'boot' }, { version: constants.VERSION })); // can fail if db down await safe(eventlog.add(eventlog.ACTION_START, { userId: null, username: 'boot' }, { version: constants.VERSION })); // can fail if db down