reverseproxy: rework cert logic

9c8f78a059 already fixed many of the cert issues. However, some issues were caught in the CI: * The TLS addon has to be rebuilt and not just restarted. For this reason, we now move things to a directory instead of mounting files. This way the container is just restarted. * Cleanups must be driven by the database and not the filesystem . Deleting files on disk or after a restore, the certs are left dangling forever in the db. * Separate the db cert logic and disk cert logic. This way we can sync as many times as we want and whenever we want.
2022-11-28 22:32:34 +01:00
parent c844be5be1
commit 89127e1df7
12 changed files with 279 additions and 348 deletions
--- a/src/docker.js
+++ b/src/docker.js
@@ -39,7 +39,7 @@ const apps = require('./apps.js'),
    debug = require('debug')('box:docker'),
    delay = require('./delay.js'),
    Docker = require('dockerode'),
-    reverseProxy = require('./reverseproxy.js'),
+    paths = require('./paths.js'),
    services = require('./services.js'),
    settings = require('./settings.js'),
    shell = require('./shell.js'),
@@ -205,18 +205,11 @@ async function getAddonMounts(app) {
            break;
        }
        case 'tls': {
-            const certificatePath = await reverseProxy.getCertificatePath(app.fqdn, app.domain);
+            const certificateDir = `${paths.PLATFORM_DATA_DIR}/tls/${app.id}`;

            mounts.push({
-                Target: '/etc/certs/tls_cert.pem',
-                Source: certificatePath.certFilePath,
-                Type: 'bind',
-                ReadOnly: true
-            });
-
-            mounts.push({
-                Target: '/etc/certs/tls_key.pem',
-                Source: certificatePath.keyFilePath,
+                Target: '/etc/certs',
+                Source: certificateDir,
                Type: 'bind',
                ReadOnly: true
            });