diff --git a/docs/references/selfhosting.md b/docs/references/selfhosting.md index 004839b86..0c3a9fa67 100644 --- a/docs/references/selfhosting.md +++ b/docs/references/selfhosting.md @@ -122,6 +122,13 @@ we have to add some vendor specific quirks. Please open a * `--encryption-key` is the key to be used for encrypting backup data. +Optional arguments for installation: + +* `--tls-provider` is the name of the SSL/TLS certificate backend. Defaults to Let's encrypt. +If Let's encrypt is not wanted, specifying `fallback` will always use the fallback wildcard certificate. +Initially a self-signed one is provided, which can be overwritten later in the admin interface. +This may be useful for non-public installations. + Optional arguments used for update and restore: * `--version` is the version of Cloudron to install. By default, the setup script installs @@ -130,6 +137,7 @@ the latest version. This is useful when restoring a Cloudron from a backup. * `--restore-url` is an URL to the backup to restore to. + ## Finish setup Once the setup script completes, visit `https://my.` to complete the installation. diff --git a/scripts/cloudron-setup b/scripts/cloudron-setup index 7f0c8b9ad..1136e763d 100755 --- a/scripts/cloudron-setup +++ b/scripts/cloudron-setup @@ -54,7 +54,7 @@ domain="" provider="" encryptionKey="" restoreUrl="" -tlsProvider="letsencrypt-prod" +tlsProvider="le-prod" versionsUrl="https://s3.amazonaws.com/prod-cloudron-releases/versions.json" version="latest" apiServer="https://api.cloudron.io" diff --git a/src/cert/fallback.js b/src/cert/fallback.js new file mode 100644 index 000000000..8527bdb07 --- /dev/null +++ b/src/cert/fallback.js @@ -0,0 +1,21 @@ +'use strict'; + +exports = module.exports = { + getCertificate: getCertificate, + + // testing + _name: 'fallback' +}; + +var assert = require('assert'), + debug = require('debug')('box:cert/fallback.js'); + +function getCertificate(domain, options, callback) { + assert.strictEqual(typeof domain, 'string'); + assert.strictEqual(typeof options, 'object'); + assert.strictEqual(typeof callback, 'function'); + + debug('getCertificate: using fallback certificate', domain); + + return callback(null, 'cert/host.cert', 'cert/host.key'); +} diff --git a/src/certificates.js b/src/certificates.js index 8eab49454..06df4fda0 100644 --- a/src/certificates.js +++ b/src/certificates.js @@ -23,6 +23,7 @@ var acme = require('./cert/acme.js'), constants = require('./constants.js'), debug = require('debug')('box:src/certificates'), eventlog = require('./eventlog.js'), + fallback = require('./cert/fallback.js'), fs = require('fs'), mailer = require('./mailer.js'), nginx = require('./nginx.js'), @@ -66,6 +67,8 @@ function getApi(app, callback) { settings.getTlsConfig(function (error, tlsConfig) { if (error) return callback(error); + if (tlsConfig.provider === 'fallback') callback(null, fallback, {}); + // use acme if we have altDomain or the tlsConfig is not caas var api = (app.altDomain || tlsConfig.provider) !== 'caas' ? acme : caas; diff --git a/src/settings.js b/src/settings.js index fea8125a4..e4f4f27d8 100644 --- a/src/settings.js +++ b/src/settings.js @@ -397,8 +397,8 @@ function setTlsConfig(tlsConfig, callback) { assert.strictEqual(typeof tlsConfig, 'object'); assert.strictEqual(typeof callback, 'function'); - if (tlsConfig.provider !== 'caas' && tlsConfig.provider.indexOf('le-') !== 0) { - return callback(new SettingsError(SettingsError.BAD_FIELD, 'provider must be caas or le-*')); + if (tlsConfig.provider !== 'fallback' && tlsConfig.provider !== 'caas' && tlsConfig.provider.indexOf('le-') !== 0) { + return callback(new SettingsError(SettingsError.BAD_FIELD, 'provider must be caas, fallback or le-*')); } settingsdb.set(exports.TLS_CONFIG_KEY, JSON.stringify(tlsConfig), function (error) {