From e81db9728a590b0c3e656dbb0a7ac37d63eef727 Mon Sep 17 00:00:00 2001 From: Johannes Zellner Date: Wed, 28 Oct 2015 12:42:04 +0100 Subject: [PATCH] Set the cert and key dynamically when rendering nginx appconfig --- setup/splashpage.sh | 4 ++-- setup/start.sh | 2 +- setup/start/nginx/appconfig.ejs | 4 ++-- src/apps.js | 4 ++-- src/apptask.js | 15 ++++++++++++++- src/paths.js | 2 +- 6 files changed, 22 insertions(+), 9 deletions(-) diff --git a/setup/splashpage.sh b/setup/splashpage.sh index c336f65da..9dacb0915 100755 --- a/setup/splashpage.sh +++ b/setup/splashpage.sh @@ -29,10 +29,10 @@ infra_version="none" if [[ "${arg_retire}" == "true" || "${infra_version}" != "${INFRA_VERSION}" ]]; then rm -f ${DATA_DIR}/nginx/applications/* ${BOX_SRC_DIR}/node_modules/.bin/ejs-cli -f "${script_dir}/start/nginx/appconfig.ejs" \ - -O "{ \"vhost\": \"~^(.+)\$\", \"adminOrigin\": \"${admin_origin}\", \"endpoint\": \"splash\", \"sourceDir\": \"${SETUP_WEBSITE_DIR}\" }" > "${DATA_DIR}/nginx/applications/admin.conf" + -O "{ \"vhost\": \"~^(.+)\$\", \"adminOrigin\": \"${admin_origin}\", \"endpoint\": \"splash\", \"sourceDir\": \"${SETUP_WEBSITE_DIR}\", \"certFilePath\": \"cert/host.cert\", \"keyFilePath\": \"cert/host.key\" }" > "${DATA_DIR}/nginx/applications/admin.conf" else ${BOX_SRC_DIR}/node_modules/.bin/ejs-cli -f "${script_dir}/start/nginx/appconfig.ejs" \ - -O "{ \"vhost\": \"${admin_fqdn}\", \"adminOrigin\": \"${admin_origin}\", \"endpoint\": \"splash\", \"sourceDir\": \"${SETUP_WEBSITE_DIR}\" }" > "${DATA_DIR}/nginx/applications/admin.conf" + -O "{ \"vhost\": \"${admin_fqdn}\", \"adminOrigin\": \"${admin_origin}\", \"endpoint\": \"splash\", \"sourceDir\": \"${SETUP_WEBSITE_DIR}\", \"certFilePath\": \"cert/host.cert\", \"keyFilePath\": \"cert/host.key\" }" > "${DATA_DIR}/nginx/applications/admin.conf" fi echo '{ "update": { "percent": "10", "message": "Updating cloudron software" }, "backup": null }' > "${SETUP_WEBSITE_DIR}/progress.json" diff --git a/setup/start.sh b/setup/start.sh index e53aee6bc..070a4a95e 100755 --- a/setup/start.sh +++ b/setup/start.sh @@ -107,7 +107,7 @@ ${BOX_SRC_DIR}/node_modules/.bin/ejs-cli -f "${script_dir}/start/nginx/nginx.ejs # generate these for update code paths as well to overwrite splash ${BOX_SRC_DIR}/node_modules/.bin/ejs-cli -f "${script_dir}/start/nginx/appconfig.ejs" \ - -O "{ \"vhost\": \"${admin_fqdn}\", \"adminOrigin\": \"${admin_origin}\", \"endpoint\": \"admin\", \"sourceDir\": \"${BOX_SRC_DIR}\" }" > "${DATA_DIR}/nginx/applications/admin.conf" + -O "{ \"vhost\": \"${admin_fqdn}\", \"adminOrigin\": \"${admin_origin}\", \"endpoint\": \"admin\", \"sourceDir\": \"${BOX_SRC_DIR}\", \"certFilePath\": \"cert/host.cert\", \"keyFilePath\": \"cert/host.key\" }" > "${DATA_DIR}/nginx/applications/admin.conf" mkdir -p "${DATA_DIR}/nginx/cert" echo "${arg_tls_cert}" > ${DATA_DIR}/nginx/cert/host.cert diff --git a/setup/start/nginx/appconfig.ejs b/setup/start/nginx/appconfig.ejs index 60a9a75ce..fc2e1b258 100644 --- a/setup/start/nginx/appconfig.ejs +++ b/setup/start/nginx/appconfig.ejs @@ -10,8 +10,8 @@ server { ssl on; # paths are relative to prefix and not to this file - ssl_certificate cert/host.cert; - ssl_certificate_key cert/host.key; + ssl_certificate <%= certFilePath %>; + ssl_certificate_key <%= keyFilePath %>; ssl_session_timeout 5m; ssl_session_cache shared:SSL:50m; diff --git a/src/apps.js b/src/apps.js index 2e933765f..3a5218c48 100644 --- a/src/apps.js +++ b/src/apps.js @@ -390,8 +390,8 @@ function configure(appId, location, portBindings, accessRestriction, oauthProxy, // save cert to data/box/certs if (cert && key) { - if (!safe.fs.writeFileSync(path.join(paths.APP_CERT_DIR, config.appFqdn(location) + '.cert'), cert)) return callback(new AppsError(AppsError.INTERNAL_ERROR, 'Error saving cert: ' + safe.error.message)); - if (!safe.fs.writeFileSync(path.join(paths.APP_CERT_DIR, config.appFqdn(location) + '.key'), key)) return callback(new AppsError(AppsError.INTERNAL_ERROR, 'Error saving key: ' + safe.error.message)); + if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, config.appFqdn(location) + '.cert'), cert)) return callback(new AppsError(AppsError.INTERNAL_ERROR, 'Error saving cert: ' + safe.error.message)); + if (!safe.fs.writeFileSync(path.join(paths.APP_CERTS_DIR, config.appFqdn(location) + '.key'), key)) return callback(new AppsError(AppsError.INTERNAL_ERROR, 'Error saving key: ' + safe.error.message)); } var values = { diff --git a/src/apptask.js b/src/apptask.js index b2d80322d..4aad96789 100644 --- a/src/apptask.js +++ b/src/apptask.js @@ -99,7 +99,20 @@ function configureNginx(app, callback) { var sourceDir = path.resolve(__dirname, '..'); var endpoint = app.oauthProxy ? 'oauthproxy' : 'app'; - var nginxConf = ejs.render(NGINX_APPCONFIG_EJS, { sourceDir: sourceDir, adminOrigin: config.adminOrigin(), vhost: config.appFqdn(app.location), port: freePort, endpoint: endpoint }); + var vhost = config.appFqdn(app.location); + var certFilePath = safe.statSync(path.join(paths.APP_CERTS_DIR, vhost + '.cert')) ? path.join(paths.APP_CERTS_DIR, vhost + '.cert') : 'cert/host.cert'; + var keyFilePath = safe.statSync(path.join(paths.APP_CERTS_DIR, vhost + '.key')) ? path.join(paths.APP_CERTS_DIR, vhost + '.key') : 'cert/host.key'; + + var data = { + sourceDir: sourceDir, + adminOrigin: config.adminOrigin(), + vhost: vhost, + port: freePort, + endpoint: endpoint, + certFilePath: certFilePath, + keyFilePath: keyFilePath + }; + var nginxConf = ejs.render(NGINX_APPCONFIG_EJS, data); var nginxConfigFilename = path.join(paths.NGINX_APPCONFIG_DIR, app.id + '.conf'); debugApp(app, 'writing config to %s', nginxConfigFilename); diff --git a/src/paths.js b/src/paths.js index b024e775a..944b37f4a 100644 --- a/src/paths.js +++ b/src/paths.js @@ -22,7 +22,7 @@ exports = module.exports = { BOX_DATA_DIR: path.join(config.baseDir(), 'data/box'), // this is not part of appdata because an icon may be set before install APPICONS_DIR: path.join(config.baseDir(), 'data/box/appicons'), - APP_CERT_DIR: path.join(config.baseDir(), 'data/box/certs'), + APP_CERTS_DIR: path.join(config.baseDir(), 'data/box/certs'), MAIL_DATA_DIR: path.join(config.baseDir(), 'data/box/mail'), CLOUDRON_AVATAR_FILE: path.join(config.baseDir(), 'data/box/avatar.png'),