diff --git a/src/certificates.js b/src/certificates.js index d8377d29a..e1b6b8c87 100644 --- a/src/certificates.js +++ b/src/certificates.js @@ -3,7 +3,6 @@ exports = module.exports = { initialize: initialize, - installAdminCertificate: installAdminCertificate, renewAll: renewAll, setFallbackCertificate: setFallbackCertificate, setAdminCertificate: setAdminCertificate, @@ -34,8 +33,6 @@ var acme = require('./cert/acme.js'), paths = require('./paths.js'), safe = require('safetydance'), settings = require('./settings.js'), - subdomains = require('./subdomains.js'), - sysinfo = require('./sysinfo.js'), user = require('./user.js'), util = require('util'), x509 = require('x509'); @@ -130,40 +127,6 @@ function initialize(callback) { return callback(); } -function installAdminCertificate(callback) { - if (process.env.BOX_ENV === 'test') return callback(); - - debug('installAdminCertificate'); - - sysinfo.getIp(function (error, ip) { - if (error) return callback(error); - - if (!config.fqdn()) { - var certFilePath = path.join(paths.NGINX_CERT_DIR, ip + '.cert'); - var keyFilePath = path.join(paths.NGINX_CERT_DIR, ip + '.key'); - var certCommandArgs = util.format('req -x509 -newkey rsa:2048 -keyout %s -out %s -days 3650 -subj /CN=%s -nodes', keyFilePath, certFilePath, ip); - - var result = safe.child_process.spawnSync('/usr/bin/openssl', certCommandArgs.split(' ')); - if (result.status !== 0) return callback(new CertificatesError(CertificatesError.INTERNAL_ERROR, 'unable to create cert for ip')); - - nginx.configureAdmin(certFilePath, keyFilePath, ip, callback); - } else { - subdomains.waitForDns(config.adminFqdn(), ip, 'A', { interval: 30000, times: 50000 }, function (error) { - if (error) return callback(error); - - ensureCertificate({ location: constants.ADMIN_LOCATION }, function (error, certFilePath, keyFilePath) { - if (error) { // currently, this can never happen - debug('Error obtaining certificate. Proceed anyway', error); - return callback(); - } - - nginx.configureAdmin(certFilePath, keyFilePath, config.adminFqdn(), callback); - }); - }); - } - }); -} - function isExpiringSync(certFilePath, hours) { assert.strictEqual(typeof certFilePath, 'string'); assert.strictEqual(typeof hours, 'number'); diff --git a/src/cloudron.js b/src/cloudron.js index 5e422bf35..31d1f28f9 100644 --- a/src/cloudron.js +++ b/src/cloudron.js @@ -24,6 +24,8 @@ exports = module.exports = { readDkimPublicKeySync: readDkimPublicKeySync, refreshDNS: refreshDNS, + configureAdmin: configureAdmin, + events: new (require('events').EventEmitter)(), EVENT_CONFIGURED: 'configured' @@ -33,6 +35,7 @@ var apps = require('./apps.js'), assert = require('assert'), async = require('async'), backups = require('./backups.js'), + certificates = require('./certificates.js'), child_process = require('child_process'), clients = require('./clients.js'), config = require('./config.js'), @@ -43,6 +46,7 @@ var apps = require('./apps.js'), fs = require('fs'), locker = require('./locker.js'), mailer = require('./mailer.js'), + nginx = require('./nginx.js'), os = require('os'), path = require('path'), paths = require('./paths.js'), @@ -117,6 +121,7 @@ function initialize(callback) { assert.strictEqual(typeof callback, 'function'); exports.events.on(exports.EVENT_CONFIGURED, addDnsRecords); + exports.events.on(exports.EVENT_CONFIGURED, configureAdmin); if (!fs.existsSync(paths.FIRST_RUN_FILE)) { debug('initialize: installing app bundle on first run'); @@ -180,6 +185,41 @@ function syncConfigState(callback) { }); } +function configureAdmin(callback) { + callback = callback || NOOP_CALLBACK; + + if (process.env.BOX_ENV === 'test') return callback(); + + debug('configureAdmin'); + + sysinfo.getIp(function (error, ip) { + if (error) return callback(error); + + if (!config.fqdn()) { + var certFilePath = path.join(paths.NGINX_CERT_DIR, ip + '.cert'); + var keyFilePath = path.join(paths.NGINX_CERT_DIR, ip + '.key'); + var certCommand = util.format('openssl req -x509 -newkey rsa:2048 -keyout %s -out %s -days 3650 -subj /CN=%s -nodes', keyFilePath, certFilePath, ip); + + safe.child_process.execSync(certCommand); + + nginx.configureAdmin(certFilePath, keyFilePath, ip, callback); + } else { + subdomains.waitForDns(config.adminFqdn(), ip, 'A', { interval: 30000, times: 50000 }, function (error) { + if (error) return callback(error); + + certificates.ensureCertificate({ location: constants.ADMIN_LOCATION }, function (error, certFilePath, keyFilePath) { + if (error) { // currently, this can never happen + debug('Error obtaining certificate. Proceed anyway', error); + return callback(); + } + + nginx.configureAdmin(certFilePath, keyFilePath, config.adminFqdn(), callback); + }); + }); + } + }); +} + function setTimeZone(ip, callback) { assert.strictEqual(typeof ip, 'string'); assert.strictEqual(typeof callback, 'function'); diff --git a/src/server.js b/src/server.js index 5fc0f1813..75c93bc44 100644 --- a/src/server.js +++ b/src/server.js @@ -269,9 +269,9 @@ function start(callback) { async.series([ auth.initialize, database.initialize, - cloudron.initialize, // keep this here because it reads activation state that others depend on certificates.initialize, - certificates.installAdminCertificate, // keep this before cron to block heartbeats until cert is ready + cloudron.initialize, // keep this here because it reads activation state that others depend on + cloudron.configureAdmin, // keep this before cron to block heartbeats until cert is ready platform.initialize, taskmanager.initialize, mailer.initialize,