jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

migrate certs into the blobs database

Browse Source 
use platformdata/nginx/cert to store the certs
This commit is contained in:
Girish Ramakrishnan
2021-05-07 20:19:18 -07:00
parent 182918b13d
commit 84af9580a6
7 changed files with 84 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
src/reverseproxy.js
View File

@@ -234,8 +234,8 @@ function setFallbackCertificate(domain, fallback, callback) {
assert.strictEqual(typeof callback, 'function');
debug(`setFallbackCertificate: setting certs for domain ${domain}`);
if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, `${domain}.host.cert`), fallback.cert)) return callback(new BoxError(BoxError.FS_ERROR, safe.error.message));
if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, `${domain}.host.key`), fallback.key)) return callback(new BoxError(BoxError.FS_ERROR, safe.error.message));
if (!safe.fs.writeFileSync(path.join(paths.NGINX_CERT_DIR, `${domain}.host.cert`), fallback.cert)) return callback(new BoxError(BoxError.FS_ERROR, safe.error.message));
if (!safe.fs.writeFileSync(path.join(paths.NGINX_CERT_DIR, `${domain}.host.key`), fallback.key)) return callback(new BoxError(BoxError.FS_ERROR, safe.error.message));
// TODO: maybe the cert is being used by the mail container
reload(callback);
@@ -248,8 +248,8 @@ function restoreFallbackCertificates(callback) {
if (error) return callback(error);
result.forEach(function (domain) {
if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, `${domain.domain}.host.cert`), domain.fallbackCertificate.cert)) return callback(new BoxError(BoxError.FS_ERROR, safe.error.message));
if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, `${domain.domain}.host.key`), domains.fallbackCertificate.key)) return callback(new BoxError(BoxError.FS_ERROR, safe.error.message));
if (!safe.fs.writeFileSync(path.join(paths.NGINX_CERT_DIR, `${domain.domain}.host.cert`), domain.fallbackCertificate.cert)) return callback(new BoxError(BoxError.FS_ERROR, safe.error.message));
if (!safe.fs.writeFileSync(path.join(paths.NGINX_CERT_DIR, `${domain.domain}.host.key`), domains.fallbackCertificate.key)) return callback(new BoxError(BoxError.FS_ERROR, safe.error.message));
});
callback(null);
@@ -259,8 +259,8 @@ function restoreFallbackCertificates(callback) {
function getFallbackCertificatePathSync(domain) {
assert.strictEqual(typeof domain, 'string');
const certFilePath = path.join(paths.APP_CERTS_DIR, `${domain}.host.cert`);
const keyFilePath = path.join(paths.APP_CERTS_DIR, `${domain}.host.key`);
const certFilePath = path.join(paths.NGINX_CERT_DIR, `${domain}.host.cert`);
const keyFilePath = path.join(paths.NGINX_CERT_DIR, `${domain}.host.key`);
return { certFilePath, keyFilePath };
}
@@ -273,11 +273,11 @@ function setAppCertificate(location, domainObject, certificate, callback) {
let fqdn = domains.fqdn(location, domainObject);
if (certificate.cert && certificate.key) {
if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, `${fqdn}.user.cert`), certificate.cert)) return safe.error;
if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, `${fqdn}.user.key`), certificate.key)) return safe.error;
if (!safe.fs.writeFileSync(path.join(paths.NGINX_CERT_DIR, `${fqdn}.user.cert`), certificate.cert)) return safe.error;
if (!safe.fs.writeFileSync(path.join(paths.NGINX_CERT_DIR, `${fqdn}.user.key`), certificate.key)) return safe.error;
} else { // remove existing cert/key
if (!safe.fs.unlinkSync(path.join(paths.APP_CERTS_DIR, `${fqdn}.user.cert`))) debug('Error removing cert: ' + safe.error.message);
if (!safe.fs.unlinkSync(path.join(paths.APP_CERTS_DIR, `${fqdn}.user.key`))) debug('Error removing key: ' + safe.error.message);
if (!safe.fs.unlinkSync(path.join(paths.NGINX_CERT_DIR, `${fqdn}.user.cert`))) debug('Error removing cert: ' + safe.error.message);
if (!safe.fs.unlinkSync(path.join(paths.NGINX_CERT_DIR, `${fqdn}.user.key`))) debug('Error removing key: ' + safe.error.message);
}
reload(callback);
@@ -292,13 +292,13 @@ function getAcmeCertificatePath(vhost, domainObject, callback) {
if (vhost !== domainObject.domain && domainObject.tlsConfig.wildcard) { // bare domain is not part of wildcard SAN
let certName = domains.makeWildcard(vhost).replace('*.', '_.');
certFilePath = path.join(paths.APP_CERTS_DIR, `${certName}.cert`);
keyFilePath = path.join(paths.APP_CERTS_DIR, `${certName}.key`);
certFilePath = path.join(paths.NGINX_CERT_DIR, `${certName}.cert`);
keyFilePath = path.join(paths.NGINX_CERT_DIR, `${certName}.key`);
if (fs.existsSync(certFilePath) && fs.existsSync(keyFilePath)) return callback(null, { certFilePath, keyFilePath });
} else {
certFilePath = path.join(paths.APP_CERTS_DIR, `${vhost}.cert`);
keyFilePath = path.join(paths.APP_CERTS_DIR, `${vhost}.key`);
certFilePath = path.join(paths.NGINX_CERT_DIR, `${vhost}.cert`);
keyFilePath = path.join(paths.NGINX_CERT_DIR, `${vhost}.key`);
if (fs.existsSync(certFilePath) && fs.existsSync(keyFilePath)) return callback(null, { certFilePath, keyFilePath });
}
@@ -319,8 +319,8 @@ function getCertificatePath(fqdn, domain, callback) {
if (error) return callback(error);
// user cert always wins
let certFilePath = path.join(paths.APP_CERTS_DIR, `${fqdn}.user.cert`);
let keyFilePath = path.join(paths.APP_CERTS_DIR, `${fqdn}.user.key`);
let certFilePath = path.join(paths.NGINX_CERT_DIR, `${fqdn}.user.cert`);
let keyFilePath = path.join(paths.NGINX_CERT_DIR, `${fqdn}.user.key`);
if (fs.existsSync(certFilePath) && fs.existsSync(keyFilePath)) return callback(null, { certFilePath, keyFilePath });
@@ -344,8 +344,8 @@ function ensureCertificate(vhost, domain, auditSource, callback) {
if (error) return callback(error);
// user cert always wins
let certFilePath = path.join(paths.APP_CERTS_DIR, `${vhost}.user.cert`);
let keyFilePath = path.join(paths.APP_CERTS_DIR, `${vhost}.user.key`);
let certFilePath = path.join(paths.NGINX_CERT_DIR, `${vhost}.user.cert`);
let keyFilePath = path.join(paths.NGINX_CERT_DIR, `${vhost}.user.key`);
if (fs.existsSync(certFilePath) && fs.existsSync(keyFilePath)) {
debug(`ensureCertificate: ${vhost} will use custom app certs`);