jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Move nginx config and cert generation to box code

Browse Source
This commit is contained in:
Girish Ramakrishnan
2017-01-05 14:38:36 -08:00
committed by Johannes Zellner
parent 16ab523cb2
commit cc9904c8c7
5 changed files with 61 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/certificates.js
+38 -1
View File
@@ -1,6 +1,8 @@
'use strict';
exports = module.exports = {
initialize: initialize,
installAdminCertificate: installAdminCertificate,
renewAll: renewAll,
setFallbackCertificate: setFallbackCertificate,
@@ -92,12 +94,47 @@ function getApi(app, callback) {
});
}
function initialize(callback) {
// ensure a fallback certificate that much of our code requires
var certFilePath = path.join(paths.APP_CERTS_DIR, 'host.cert');
var keyFilePath = path.join(paths.APP_CERTS_DIR, 'host.key');
var fallbackCertPath = path.join(paths.NGINX_CERT_DIR, 'host.cert');
var fallbackKeyPath = path.join(paths.NGINX_CERT_DIR, 'host.key');
if (fs.existsSync(certFilePath) && fs.existsSync(keyFilePath)) { // user's custom fallback certs (when restoring, updating)
debug('ensureFallbackCertificate: using fallback certs provided by user');
if (!safe.child_process.execSync('cp ' + certFilePath + ' ' + fallbackCertPath)) return callback(new CertificatesError(CertificatesError.INTERNAL_ERROR, safe.error.message));
if (!safe.child_process.execSync('cp ' + keyFilePath + ' ' + fallbackKeyPath)) return callback(new CertificatesError(CertificatesError.INTERNAL_ERROR, safe.error.message));
return callback();
}
if (config.tlsCert() && config.tlsKey()) { // cert from CaaS or cloudron-setup
debug('ensureFallbackCertificate: using CaaS/cloudron-setup fallback certs');
if (!safe.fs.writeFileSync(fallbackCertPath, config.tlsCert())) return callback(new CertificatesError(CertificatesError.INTERNAL_ERROR, safe.error.message));
if (!safe.fs.writeFileSync(fallbackKeyPath, config.tlsKey())) return callback(new CertificatesError(CertificatesError.INTERNAL_ERROR, safe.error.message));
return callback();
}
// generate a self-signed cert (FIXME: this cert does not cover the naked domain. needs SAN)
if (config.fqdn()) {
debug('ensureFallbackCertificate: generating self-signed certificate');
var certCommand = util.format('openssl req -x509 -newkey rsa:2048 -keyout %s -out %s -days 3650 -subj /CN=*.%s -nodes', fallbackKeyPath, fallbackCertPath, config.fqdn());
safe.child_process.execSync(certCommand);
} else {
debug('ensureFallbackCertificate: skip generating self-signed certificate (no domain set)');
}
return callback();
}
function installAdminCertificate(callback) {
if (process.env.BOX_ENV === 'test') return callback();
debug('installAdminCertificate');
sysinfo.getIp(function (error, ip) {
if (error) return callback(error);