bastion/nginx-proxy-manager
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Finished importer, advanced nginx config for hosts, custom certs used in nginx templates

Browse Source
This commit is contained in:
Jamie Curnow
2018-08-22 14:31:03 +10:00
parent d092d4bbe7
commit c543a1dc34
20 changed files with 174 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/backend/importer.js
View File

@ -186,8 +186,6 @@ module.exports = function () {
// 2. rename archive folder name
new_archive_path = new_archive_path + 'npm-' + certificate.id;
//logger.debug('Renaming archive folder:', full_archive_path, '->', new_archive_path);
fs.renameSync(full_archive_path, new_archive_path);
return certificate;
@ -195,9 +193,6 @@ module.exports = function () {
.then(certificate => {
// 3. rename live folder name
new_live_path = new_live_path + 'npm-' + certificate.id;
//logger.debug('Renaming live folder:', full_live_path, '->', new_live_path);
fs.renameSync(full_live_path, new_live_path);
// and also update the symlinks in this folder:
@ -211,8 +206,6 @@ module.exports = function () {
];
names.map(function (name) {
//logger.debug('Live Link:', name);
// remove symlink
try {
fs.unlinkSync(new_live_path + '/' + name[0]);
@ -221,7 +214,6 @@ module.exports = function () {
logger.error(err);
}
//logger.debug('Creating Link:', '../../archive/npm-' + certificate.id + '/' + name[1]);
// create new symlink
fs.symlinkSync('../../archive/npm-' + certificate.id + '/' + name[1], name[0]);
});
@ -356,8 +348,6 @@ module.exports = function () {
certificate_id = certificate_map[host.hostname];
}
// TODO: Advanced nginx config
return proxyHostModel
.query()
.insertAndFetch({
@ -370,6 +360,7 @@ module.exports = function () {
ssl_forced: host.force_ssl || false,
caching_enabled: host.asset_caching || false,
block_exploits: host.block_exploits || false,
advanced_config: host.advanced || '',
meta: meta
})
.then(row => {
@ -405,16 +396,15 @@ module.exports = function () {
certificate_id = certificate_map[host.hostname];
}
// TODO: Advanced nginx config
return deadHostModel
.query()
.insertAndFetch({
owner_user_id: 1,
domain_names: [host.hostname],
certificate_id: certificate_id,
ssl_forced: host.force_ssl || false,
meta: meta
owner_user_id: 1,
domain_names: [host.hostname],
certificate_id: certificate_id,
ssl_forced: host.force_ssl || false,
advanced_config: host.advanced || '',
meta: meta
})
.then(row => {
// re-fetch with cert
@ -449,8 +439,6 @@ module.exports = function () {
certificate_id = certificate_map[host.hostname];
}
// TODO: Advanced nginx config
return redirectionHostModel
.query()
.insertAndFetch({
@ -460,6 +448,7 @@ module.exports = function () {
block_exploits: host.block_exploits || false,
certificate_id: certificate_id,
ssl_forced: host.force_ssl || false,
advanced_config: host.advanced || '',
meta: meta
})
.then(row => {
@ -483,8 +472,6 @@ module.exports = function () {
const importStream = function (access, host) {
logger.info('Creating Stream: ' + host.incoming_port);
// TODO: Advanced nginx config
return streamModel
.query()
.insertAndFetch({
@ -537,7 +524,7 @@ module.exports = function () {
})
.then(() => {
// Write the /config/v2-imported file so we don't import again
fs.writeFile('/config/v2-imported', 'true', function(err) {
fs.writeFile('/config/v2-imported', 'true', function (err) {
if (err) {
logger.err(err);
}

53
src/backend/internal/certificate.js
View File

@ -183,7 +183,10 @@ const internalCertificate = {
});
});
} else {
return certificate;
return internalCertificate.writeCustomCert(certificate)
.then(() => {
return certificate;
});
}
}).then(certificate => {
@ -401,6 +404,54 @@ const internalCertificate = {
});
},
/**
* @param {Object} certificate
* @returns {Promise}
*/
writeCustomCert: certificate => {
return new Promise((resolve, reject) => {
let dir = '/data/custom_ssl/npm-' + certificate.id;
if (certificate.provider === 'letsencrypt') {
reject(new Error('Refusing to write letsencrypt certs here'));
return;
}
let cert_data = certificate.meta.certificate;
if (typeof certificate.meta.intermediate_certificate !== 'undefined') {
cert_data = cert_data + "\n" + certificate.meta.intermediate_certificate;
}
try {
if (!fs.existsSync(dir)) {
fs.mkdirSync(dir);
}
} catch (err) {
reject(err);
return;
}
fs.writeFile(dir + '/fullchain.pem', cert_data, function (err) {
if (err) {
reject(err);
} else {
resolve();
}
});
})
.then(() => {
return new Promise((resolve, reject) => {
fs.writeFile(dir + '/privkey.pem', certificate.meta.certificate_key, function (err) {
if (err) {
reject(err);
} else {
resolve();
}
});
});
});
},
/**
* @param {Access} access
* @param {Object} data

3
src/backend/migrations/20180618015850_initial.js
View File

@ -76,6 +76,7 @@ exports.up = function (knex/*, Promise*/) {
table.integer('ssl_forced').notNull().unsigned().defaultTo(0);
table.integer('caching_enabled').notNull().unsigned().defaultTo(0);
table.integer('block_exploits').notNull().unsigned().defaultTo(0);
table.text('advanced_config').notNull().defaultTo('');
table.json('meta').notNull().defaultTo('{}');
});
})
@ -94,6 +95,7 @@ exports.up = function (knex/*, Promise*/) {
table.integer('certificate_id').notNull().unsigned().defaultTo(0);
table.integer('ssl_forced').notNull().unsigned().defaultTo(0);
table.integer('block_exploits').notNull().unsigned().defaultTo(0);
table.text('advanced_config').notNull().defaultTo('');
table.json('meta').notNull().defaultTo('{}');
});
})
@ -109,6 +111,7 @@ exports.up = function (knex/*, Promise*/) {
table.json('domain_names').notNull();
table.integer('certificate_id').notNull().unsigned().defaultTo(0);
table.integer('ssl_forced').notNull().unsigned().defaultTo(0);
table.text('advanced_config').notNull().defaultTo('');
table.json('meta').notNull().defaultTo('{}');
});
})

24
src/backend/schema/endpoints/dead-hosts.json
View File

@ -24,18 +24,11 @@
"ssl_forced": {
"$ref": "../definitions.json#/definitions/ssl_forced"
},
"advanced_config": {
"type": "string"
},
"meta": {
"type": "object",
"additionalProperties": false,
"properties": {
"letsencrypt_email": {
"type": "string",
"format": "email"
},
"letsencrypt_agree": {
"type": "boolean"
}
}
"type": "object"
}
},
"properties": {
@ -57,6 +50,9 @@
"ssl_forced": {
"$ref": "#/definitions/ssl_forced"
},
"advanced_config": {
"$ref": "#/definitions/advanced_config"
},
"meta": {
"$ref": "#/definitions/meta"
}
@ -105,6 +101,9 @@
"ssl_forced": {
"$ref": "#/definitions/ssl_forced"
},
"advanced_config": {
"$ref": "#/definitions/advanced_config"
},
"meta": {
"$ref": "#/definitions/meta"
}
@ -139,6 +138,9 @@
"ssl_forced": {
"$ref": "#/definitions/ssl_forced"
},
"advanced_config": {
"$ref": "#/definitions/advanced_config"
},
"meta": {
"$ref": "#/definitions/meta"
}

12
src/backend/schema/endpoints/proxy-hosts.json
View File

@ -42,6 +42,9 @@
"access_list_id": {
"$ref": "../definitions.json#/definitions/access_list_id"
},
"advanced_config": {
"type": "string"
},
"meta": {
"type": "object"
}
@ -80,6 +83,9 @@
"access_list_id": {
"$ref": "#/definitions/access_list_id"
},
"advanced_config": {
"$ref": "#/definitions/advanced_config"
},
"meta": {
"$ref": "#/definitions/meta"
}
@ -145,6 +151,9 @@
"access_list_id": {
"$ref": "#/definitions/access_list_id"
},
"advanced_config": {
"$ref": "#/definitions/advanced_config"
},
"meta": {
"$ref": "#/definitions/meta"
}
@ -194,6 +203,9 @@
"access_list_id": {
"$ref": "#/definitions/access_list_id"
},
"advanced_config": {
"$ref": "#/definitions/advanced_config"
},
"meta": {
"$ref": "#/definitions/meta"
}

24
src/backend/schema/endpoints/redirection-hosts.json
View File

@ -35,18 +35,11 @@
"block_exploits": {
"$ref": "../definitions.json#/definitions/block_exploits"
},
"advanced_config": {
"type": "string"
},
"meta": {
"type": "object",
"additionalProperties": false,
"properties": {
"letsencrypt_email": {
"type": "string",
"format": "email"
},
"letsencrypt_agree": {
"type": "boolean"
}
}
"type": "object"
}
},
"properties": {
@ -77,6 +70,9 @@
"block_exploits": {
"$ref": "#/definitions/block_exploits"
},
"advanced_config": {
"$ref": "#/definitions/advanced_config"
},
"meta": {
"$ref": "#/definitions/meta"
}
@ -135,6 +131,9 @@
"block_exploits": {
"$ref": "#/definitions/block_exploits"
},
"advanced_config": {
"$ref": "#/definitions/advanced_config"
},
"meta": {
"$ref": "#/definitions/meta"
}
@ -178,6 +177,9 @@
"block_exploits": {
"$ref": "#/definitions/block_exploits"
},
"advanced_config": {
"$ref": "#/definitions/advanced_config"
},
"meta": {
"$ref": "#/definitions/meta"
}

5
src/backend/templates/_certificates.conf
View File

@ -6,5 +6,6 @@
ssl_certificate /etc/letsencrypt/live/npm-{{ certificate_id }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/npm-{{ certificate_id }}/privkey.pem;
{% endif %}
# TODO: Custom SSL paths
{% endif %}
ssl_certificate /data/custom_ssl/npm-{{ certificate_id }}/fullchain.pem;
ssl_certificate_key /data/custom_ssl/npm-{{ certificate_id }}/privkey.pem;
{% endif %}

2
src/backend/templates/dead_host.conf
View File

@ -6,7 +6,7 @@ server {
access_log /data/logs/dead_host-{{ id }}.log proxy;
# TODO: Advanced config options
{{ advanced_config }}
return 404;
}

2
src/backend/templates/proxy_host.conf
View File

@ -11,7 +11,7 @@ server {
access_log /data/logs/proxy_host-{{ id }}.log proxy;
# TODO: Advanced config options
{{ advanced_config }}
location / {
{%- if access_list_id > 0 -%}

2
src/backend/templates/redirection_host.conf
View File

@ -8,7 +8,7 @@ server {
access_log /data/logs/redirection_host-{{ id }}.log proxy;
# TODO: Advanced config options
{{ advanced_config }}
# TODO: Preserve Path Option