jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

ensure fallback certificates of all domains

Browse Source 
https://forum.cloudron.io/topic/5683/data-argument-must-be-of-type-received-null-error-during-restore-process
This commit is contained in:
Girish Ramakrishnan
2021-10-06 13:16:36 -07:00
parent da2f561257
commit b642bc98a5
4 changed files with 42 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/reverseproxy.js
View File

@@ -192,36 +192,37 @@ async function reload() {
if (error) throw new BoxError(BoxError.NGINX_ERROR, `Error reloading nginx: ${error.message}`);
}
// this is used in migration - 20211006200150-domains-ensure-fallbackCertificate.js
async function generateFallbackCertificate(domain) {
assert.strictEqual(typeof domain, 'string');
const certFilePath = path.join(os.tmpdir(), `${domain}-${crypto.randomBytes(4).readUInt32LE(0)}.cert`);
const keyFilePath = path.join(os.tmpdir(), `${domain}-${crypto.randomBytes(4).readUInt32LE(0)}.key`);
let opensslConf = safe.fs.readFileSync('/etc/ssl/openssl.cnf', 'utf8');
const opensslConf = safe.fs.readFileSync('/etc/ssl/openssl.cnf', 'utf8');
// SAN must contain all the domains since CN check is based on implementation if SAN is found. -checkhost also checks only SAN if present!
let opensslConfWithSan;
let cn = domain;
const cn = domain;
debug(`generateFallbackCertificateSync: domain=${domain} cn=${cn}`);
opensslConfWithSan = `${opensslConf}\n[SAN]\nsubjectAltName=DNS:${domain},DNS:*.${cn}\n`;
let configFile = path.join(os.tmpdir(), 'openssl-' + crypto.randomBytes(4).readUInt32LE(0) + '.conf');
const configFile = path.join(os.tmpdir(), 'openssl-' + crypto.randomBytes(4).readUInt32LE(0) + '.conf');
safe.fs.writeFileSync(configFile, opensslConfWithSan, 'utf8');
// the days field is chosen to be less than 825 days per apple requirement (https://support.apple.com/en-us/HT210176)
let certCommand = util.format(`openssl req -x509 -newkey rsa:2048 -keyout ${keyFilePath} -out ${certFilePath} -days 800 -subj /CN=*.${cn} -extensions SAN -config ${configFile} -nodes`);
if (!safe.child_process.execSync(certCommand)) return { error: new BoxError(BoxError.OPENSSL_ERROR, safe.error.message) };
const certCommand = util.format(`openssl req -x509 -newkey rsa:2048 -keyout ${keyFilePath} -out ${certFilePath} -days 800 -subj /CN=*.${cn} -extensions SAN -config ${configFile} -nodes`);
if (!safe.child_process.execSync(certCommand)) throw new BoxError(BoxError.OPENSSL_ERROR, safe.error.message);
safe.fs.unlinkSync(configFile);
const cert = safe.fs.readFileSync(certFilePath, 'utf8');
if (!cert) return { error: new BoxError(BoxError.FS_ERROR, safe.error.message) };
if (!cert) throw new BoxError(BoxError.FS_ERROR, safe.error.message);
safe.fs.unlinkSync(certFilePath);
const key = safe.fs.readFileSync(keyFilePath, 'utf8');
if (!key) return { error: new BoxError(BoxError.FS_ERROR, safe.error.message) };
if (!key) throw new BoxError(BoxError.FS_ERROR, safe.error.message);
safe.fs.unlinkSync(keyFilePath);
return { cert: cert, key: key, error: null };
return { cert, key };
}
async function setFallbackCertificate(domain, fallback) {