jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

migrate secrets into the database

Browse Source 
the infra version is bumped because the nginx's dhparams path has changed
and the sftp server key path has changed.
This commit is contained in:
Girish Ramakrishnan
2021-05-02 23:28:41 -07:00
parent 4015f8fdf2
commit c17743d869
19 changed files with 195 additions and 99 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/reverseproxy.js
View File

@@ -30,10 +30,11 @@ exports = module.exports = {
_getAcmeApi: getAcmeApi
};
var acme2 = require('./cert/acme2.js'),
const acme2 = require('./cert/acme2.js'),
apps = require('./apps.js'),
assert = require('assert'),
async = require('async'),
blobs = require('./blobs.js'),
BoxError = require('./boxerror.js'),
constants = require('./constants.js'),
crypto = require('crypto'),
@@ -52,7 +53,8 @@ var acme2 = require('./cert/acme2.js'),
shell = require('./shell.js'),
sysinfo = require('./sysinfo.js'),
users = require('./users.js'),
util = require('util');
util = require('util'),
_ = require('underscore');
const NGINX_APPCONFIG_EJS = fs.readFileSync(__dirname + '/nginxconfig.ejs', { encoding: 'utf8' });
const RESTART_SERVICE_CMD = path.join(__dirname, 'scripts/restartservice.sh');
@@ -83,7 +85,15 @@ function getAcmeApi(domainObject, callback) {
users.getOwner(function (error, owner) {
options.email = error ? 'webmaster@cloudron.io' : owner.email; // can error if not activated yet
callback(null, api, options);
const blobGet = util.callbackify(blobs.get);
blobGet(blobs.ACME_ACCOUNT_KEY, function (error, accountKeyPem) {
if (error) return callback(error);
if (!accountKeyPem) return callback(new BoxError(BoxError.NOT_FOUND, 'acme account key not found'));
options.accountKeyPem = accountKeyPem;
callback(null, api, options);
});
});
}
@@ -356,7 +366,7 @@ function ensureCertificate(vhost, domain, auditSource, callback) {
debug(`ensureCertificate: ${vhost} cert does not exist`);
}
debug('ensureCertificate: getting certificate for %s with options %j', vhost, apiOptions);
debug('ensureCertificate: getting certificate for %s with options %j', vhost, _.omit(apiOptions, 'accountKeyPem'));
acmeApi.getCertificate(vhost, domain, apiOptions, function (error, certFilePath, keyFilePath) {
debug(`ensureCertificate: error: ${error ? error.message : 'null'} cert: ${certFilePath || 'null'}`);