Create separate ip and my. domain nginx configs
This commit is contained in:
Johannes Zellner
+2
-2
@@ -212,7 +212,7 @@ function renewAll(auditSource, callback) {
|
||||
|
||||
// reconfigure and reload nginx. this is required for the case where we got a renewed cert after fallback
|
||||
var configureFunc = app.location === constants.ADMIN_LOCATION ?
|
||||
nginx.configureAdmin.bind(null, certFilePath, keyFilePath, config.adminFqdn())
|
||||
nginx.configureAdmin.bind(null, certFilePath, keyFilePath, constants.NGINX_ADMIN_CONFIG_FILE_NAME, config.adminFqdn())
|
||||
: nginx.configureApp.bind(null, app, certFilePath, keyFilePath);
|
||||
|
||||
configureFunc(function (ignoredError) {
|
||||
@@ -313,7 +313,7 @@ function setAdminCertificate(cert, key, callback) {
|
||||
if (!safe.fs.writeFileSync(certFilePath, cert)) return callback(new CertificatesError(CertificatesError.INTERNAL_ERROR, safe.error.message));
|
||||
if (!safe.fs.writeFileSync(keyFilePath, key)) return callback(new CertificatesError(CertificatesError.INTERNAL_ERROR, safe.error.message));
|
||||
|
||||
nginx.configureAdmin(certFilePath, keyFilePath, config.adminFqdn(), callback);
|
||||
nginx.configureAdmin(certFilePath, keyFilePath, constants.NGINX_ADMIN_CONFIG_FILE_NAME, config.adminFqdn(), callback);
|
||||
}
|
||||
|
||||
function getAdminCertificatePath(callback) {
|
||||
|
||||
+17
-10
@@ -194,17 +194,24 @@ function configureAdmin(callback) {
|
||||
sysinfo.getIp(function (error, ip) {
|
||||
if (error) return callback(error);
|
||||
|
||||
// always setup cert and nginx config for ip
|
||||
// TODO we should only regenerate the cert if the ip changes?
|
||||
var certFilePath = path.join(paths.NGINX_CERT_DIR, IP_BASED_SETUP_NAME + '.cert');
|
||||
var keyFilePath = path.join(paths.NGINX_CERT_DIR, IP_BASED_SETUP_NAME + '.key');
|
||||
var certCommand = util.format('openssl req -x509 -newkey rsa:2048 -keyout %s -out %s -days 3650 -subj /CN=%s -nodes', keyFilePath, certFilePath, ip);
|
||||
var certFilePath = path.join(paths.NGINX_CERT_DIR, IP_BASED_SETUP_NAME + '-' + ip + '.cert');
|
||||
var keyFilePath = path.join(paths.NGINX_CERT_DIR, IP_BASED_SETUP_NAME + '-' + ip + '.key');
|
||||
|
||||
safe.child_process.execSync(certCommand);
|
||||
// check if we already have a cert for this IP, otherwise create one, this is mostly useful for servers with changing IPs
|
||||
if (!fs.existsSync(certFilePath) || !fs.existsSync(keyFilePath)) {
|
||||
debug('configureAdmin: create new cert for %s', ip);
|
||||
|
||||
nginx.configureAdmin(certFilePath, keyFilePath, ip, callback);
|
||||
var certCommand = util.format('openssl req -x509 -newkey rsa:2048 -keyout %s -out %s -days 3650 -subj /CN=%s -nodes', keyFilePath, certFilePath, ip);
|
||||
safe.child_process.execSync(certCommand);
|
||||
}
|
||||
|
||||
// always create a configuration for the ip
|
||||
nginx.configureAdmin(certFilePath, keyFilePath, IP_BASED_SETUP_NAME + '.conf', ip, function (error) {
|
||||
if (error) return callback(error);
|
||||
|
||||
// skip my.domain.com setup if we don't have a domain
|
||||
if (!config.fqdn()) return callback(null);
|
||||
|
||||
if (config.fqdn()) {
|
||||
gConfigState.domain = config.fqdn();
|
||||
|
||||
subdomains.waitForDns(config.adminFqdn(), ip, 'A', { interval: 30000, times: 50000 }, function (error) {
|
||||
@@ -220,10 +227,10 @@ function configureAdmin(callback) {
|
||||
|
||||
gConfigState.tls = true;
|
||||
|
||||
nginx.configureAdmin(certFilePath, keyFilePath, config.adminFqdn(), callback);
|
||||
nginx.configureAdmin(certFilePath, keyFilePath, constants.NGINX_ADMIN_CONFIG_FILE_NAME, config.adminFqdn(), callback);
|
||||
});
|
||||
});
|
||||
}
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
@@ -26,6 +26,8 @@ exports = module.exports = {
|
||||
|
||||
ADMIN_GROUP_ID: 'admin',
|
||||
|
||||
NGINX_ADMIN_CONFIG_FILE_NAME: 'admin.conf',
|
||||
|
||||
GHOST_USER_FILE: '/tmp/cloudron_ghost.json',
|
||||
|
||||
DEFAULT_TOKEN_EXPIRATION: 7 * 24 * 60 * 60 * 1000, // 1 week
|
||||
|
||||
+3
-2
@@ -20,9 +20,10 @@ exports = module.exports = {
|
||||
var NGINX_APPCONFIG_EJS = fs.readFileSync(__dirname + '/../setup/start/nginx/appconfig.ejs', { encoding: 'utf8' }),
|
||||
RELOAD_NGINX_CMD = path.join(__dirname, 'scripts/reloadnginx.sh');
|
||||
|
||||
function configureAdmin(certFilePath, keyFilePath, vhost, callback) {
|
||||
function configureAdmin(certFilePath, keyFilePath, configFileName, vhost, callback) {
|
||||
assert.strictEqual(typeof certFilePath, 'string');
|
||||
assert.strictEqual(typeof keyFilePath, 'string');
|
||||
assert.strictEqual(typeof configFileName, 'string');
|
||||
assert.strictEqual(typeof vhost, 'string');
|
||||
assert.strictEqual(typeof callback, 'function');
|
||||
|
||||
@@ -36,7 +37,7 @@ function configureAdmin(certFilePath, keyFilePath, vhost, callback) {
|
||||
xFrameOptions: 'SAMEORIGIN'
|
||||
};
|
||||
var nginxConf = ejs.render(NGINX_APPCONFIG_EJS, data);
|
||||
var nginxConfigFilename = path.join(paths.NGINX_APPCONFIG_DIR, 'admin.conf');
|
||||
var nginxConfigFilename = path.join(paths.NGINX_APPCONFIG_DIR, configFileName);
|
||||
|
||||
if (!safe.fs.writeFileSync(nginxConfigFilename, nginxConf)) return callback(safe.error);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user