WIP: complete control of new passthrough host type
This commit is contained in:
chaptergy
@ -516,6 +516,15 @@ module.exports = {
|
||||
},
|
||||
|
||||
SslPassthroughHosts: {
|
||||
/**
|
||||
* @param {Array} [expand]
|
||||
* @param {String} [query]
|
||||
* @returns {Promise}
|
||||
*/
|
||||
getFeatureEnabled: function () {
|
||||
return fetch('get', 'ssl-passthrough-enabled');
|
||||
},
|
||||
|
||||
/**
|
||||
* @param {Array} [expand]
|
||||
* @param {String} [query]
|
||||
|
||||
@ -21,7 +21,7 @@
|
||||
<div class="col-sm-4 col-md-4">
|
||||
<div class="form-group">
|
||||
<label class="form-label"><%- i18n('ssl-passthrough-hosts', 'forwarding-port') %> <span class="form-required">*</span></label>
|
||||
<input name="forwarding_port" type="number" class="form-control text-monospace" placeholder="eg: 80" value="<%- forwarding_port %>" required>
|
||||
<input name="forwarding_port" type="number" class="form-control text-monospace" placeholder="eg: 443" value="<%- forwarding_port %>" required>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@ -14,9 +14,7 @@ module.exports = Mn.View.extend({
|
||||
ui: {
|
||||
form: 'form',
|
||||
forwarding_host: 'input[name="forwarding_host"]',
|
||||
type_error: '.forward-type-error',
|
||||
buttons: '.modal-footer button',
|
||||
switches: '.custom-switch-input',
|
||||
cancel: 'button.cancel',
|
||||
save: 'button.save'
|
||||
},
|
||||
@ -38,7 +36,6 @@ module.exports = Mn.View.extend({
|
||||
let data = this.ui.form.serializeJSON();
|
||||
|
||||
// Manipulate
|
||||
data.incoming_port = parseInt(data.incoming_port, 10);
|
||||
data.forwarding_port = parseInt(data.forwarding_port, 10);
|
||||
|
||||
let method = App.Api.Nginx.SslPassthroughHosts.create;
|
||||
|
||||
@ -10,6 +10,9 @@
|
||||
</div>
|
||||
</div>
|
||||
<div class="card-body no-padding min-100">
|
||||
<div id="ssl-passthrough-disabled-info">
|
||||
Disabled
|
||||
</div>
|
||||
<div class="dimmer active">
|
||||
<div class="loader"></div>
|
||||
<div class="dimmer-content list-region">
|
||||
|
||||
@ -11,10 +11,11 @@ module.exports = Mn.View.extend({
|
||||
template: template,
|
||||
|
||||
ui: {
|
||||
list_region: '.list-region',
|
||||
add: '.add-item',
|
||||
help: '.help',
|
||||
dimmer: '.dimmer'
|
||||
list_region: '.list-region',
|
||||
add: '.add-item',
|
||||
help: '.help',
|
||||
dimmer: '.dimmer',
|
||||
disabled_info: '#ssl-passthrough-disabled-info'
|
||||
},
|
||||
|
||||
regions: {
|
||||
@ -39,6 +40,16 @@ module.exports = Mn.View.extend({
|
||||
|
||||
onRender: function () {
|
||||
let view = this;
|
||||
view.ui.disabled_info.hide();
|
||||
|
||||
App.Api.Nginx.SslPassthroughHosts.getFeatureEnabled().then((response) => {
|
||||
console.debug(response)
|
||||
if (response.ssl_passthrough_enabled === false) {
|
||||
view.ui.disabled_info.show();
|
||||
} else {
|
||||
view.ui.disabled_info.hide();
|
||||
}
|
||||
});
|
||||
|
||||
App.Api.Nginx.SslPassthroughHosts.getAll(['owner'])
|
||||
.then(response => {
|
||||
@ -53,7 +64,7 @@ module.exports = Mn.View.extend({
|
||||
view.showChildView('list_region', new EmptyView({
|
||||
title: App.i18n('ssl-passthrough-hosts', 'empty'),
|
||||
subtitle: App.i18n('all-hosts', 'empty-subtitle', {manage: manage}),
|
||||
link: manage ? App.i18n('ssl_passthrough_hosts', 'add') : null,
|
||||
link: manage ? App.i18n('ssl-passthrough-hosts', 'add') : null,
|
||||
btn_color: 'blue',
|
||||
permission: 'ssl-passthrough-hosts',
|
||||
action: function () {
|
||||
|
||||
@ -20,6 +20,10 @@
|
||||
<a href="/nginx/stream" class="dropdown-item "><%- i18n('streams', 'title') %></a>
|
||||
<% } %>
|
||||
|
||||
<% if (canShow('ssl_passthrough_hosts')) { %>
|
||||
<a href="/nginx/ssl-passthrough" class="dropdown-item "><%- i18n('ssl-passthrough-hosts', 'title') %></a>
|
||||
<% } %>
|
||||
|
||||
<% if (canShow('dead_hosts')) { %>
|
||||
<a href="/nginx/404" class="dropdown-item "><%- i18n('dead-hosts', 'title') %></a>
|
||||
<% } %>
|
||||
|
||||
@ -31,9 +31,9 @@
|
||||
</div>
|
||||
|
||||
<%
|
||||
var list = ['proxy-hosts', 'redirection-hosts', 'dead-hosts', 'streams', 'access-lists', 'certificates'];
|
||||
var list = ['proxy-hosts', 'redirection-hosts', 'dead-hosts', 'streams', 'ssl-passthrough-hosts', 'access-lists', 'certificates'];
|
||||
list.map(function(item) {
|
||||
var perm = item.replace('-', '_');
|
||||
var perm = item.replace(/-/g, '_');
|
||||
%>
|
||||
<div class="col-sm-12 col-md-12">
|
||||
<div class="form-group">
|
||||
|
||||
@ -29,12 +29,13 @@ module.exports = Mn.View.extend({
|
||||
if (view.model.isAdmin()) {
|
||||
// Force some attributes for admin
|
||||
data = _.assign({}, data, {
|
||||
access_lists: 'manage',
|
||||
dead_hosts: 'manage',
|
||||
proxy_hosts: 'manage',
|
||||
redirection_hosts: 'manage',
|
||||
streams: 'manage',
|
||||
certificates: 'manage'
|
||||
access_lists: 'manage',
|
||||
dead_hosts: 'manage',
|
||||
proxy_hosts: 'manage',
|
||||
redirection_hosts: 'manage',
|
||||
ssl_passthrough_hosts: 'manage',
|
||||
streams: 'manage',
|
||||
certificates: 'manage'
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
@ -72,6 +72,7 @@
|
||||
"enable-ssl": "Enable SSL",
|
||||
"force-ssl": "Force SSL",
|
||||
"http2-support": "HTTP/2 Support",
|
||||
"domain-name": "Domain Name",
|
||||
"domain-names": "Domain Names",
|
||||
"cert-provider": "Certificate Provider",
|
||||
"block-exploits": "Block Common Exploits",
|
||||
@ -125,8 +126,8 @@
|
||||
"forwarding-port": "Forward Port",
|
||||
"delete": "Delete SSL Passthrough Host",
|
||||
"delete-confirm": "Are you sure you want to delete this SSL Passthrough Host?",
|
||||
"help-title": "What is a SSL Passthrough Host?",
|
||||
"help-content": "An SSL Passthrough Host will allow you to proxy a server without SSL termination. This means the SSL encryption of the server will be passed right through the proxy, retaining the upstream certificates.\nThough this also means the proxy does not know anything about the traffic, and it just relies on an SSL feature called Server Name Indication, to know where to send this packet. This also means, if the client does not provide this additional information, accessing the site through the proxy won't be possible. However most modern browsers include this information in HTTP requests.\n\nHowever using SSL Passthrough comes with a performance penalty, since all hosts (including normal proxy hosts) now have to pass through this additional step of checking the destination. If you do not need your service to be available on port 443, it is recommended to use a stream host instead."
|
||||
"help-title": "What is an SSL Passthrough Host?",
|
||||
"help-content": "An SSL Passthrough Host will allow you to proxy a server without SSL termination. This means the SSL encryption of the server will be passed right through the proxy, retaining the upstream certificate.\n Because of the SSL encryption the proxy does not know anything about the traffic, and it just relies on an SSL feature called Server Name Indication to know where to send this packet. This also means if the client does not provide this additional information, accessing the site through the proxy won't be possible. But most modern browsers include this information in HTTP requests.\n\nDue to nginx constraints using SSL Passthrough comes with a performance penalty for other hosts, since all hosts (including normal proxy hosts) now have to pass through this additional step and basically being proxied twice. If you want to retain the upstream SSL certificate but do not need your service to be available on port 443, it is recommended to use a stream host instead."
|
||||
},
|
||||
"proxy-hosts": {
|
||||
"title": "Proxy Hosts",
|
||||
|
||||
Reference in New Issue
Block a user