From 1028de8158a3e9396930c2e91d5862de5d7866ba Mon Sep 17 00:00:00 2001 From: chaptergy <26956711+chaptergy@users.noreply.github.com> Date: Sat, 17 Oct 2020 12:13:08 +0200 Subject: [PATCH 01/14] Adds certbot plugin installation check on startup --- backend/internal/certificate.js | 50 +++++++++++++-------------------- backend/setup.js | 43 +++++++++++++++++++++++++++- frontend/js/i18n/messages.json | 2 +- global/certbot-dns-plugins.js | 2 +- 4 files changed, 64 insertions(+), 33 deletions(-) diff --git a/backend/internal/certificate.js b/backend/internal/certificate.js index 613c837..e00d1f2 100644 --- a/backend/internal/certificate.js +++ b/backend/internal/certificate.js @@ -788,7 +788,7 @@ const internalCertificate = { logger.info(`Requesting Let'sEncrypt certificates via ${dns_plugin.display_name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`); - const credentials_loc = '/etc/letsencrypt/credentials-' + certificate.id; + const credentials_loc = '/etc/letsencrypt/credentials/credentials-' + certificate.id; const credentials_cmd = 'echo \'' + certificate.meta.dns_provider_credentials.replace('\'', '\\\'') + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\''; const prepare_cmd = 'pip3 install ' + dns_plugin.package_name + '==' + dns_plugin.package_version; @@ -818,11 +818,9 @@ const internalCertificate = { if (certificate.meta.dns_provider === 'route53') { main_cmd = 'AWS_CONFIG_FILE=\'' + credentials_loc + '\' ' + main_cmd; } - - const teardown_cmd = `rm '${credentials_loc}'`; if (debug_mode) { - logger.info('Command:', `${credentials_cmd} && ${prepare_cmd} && ${main_cmd} && ${teardown_cmd}`); + logger.info('Command:', `${credentials_cmd} && ${prepare_cmd} && ${main_cmd}`); } return utils.exec(credentials_cmd) @@ -831,11 +829,15 @@ const internalCertificate = { .then(() => { return utils.exec(main_cmd) .then(async (result) => { - await utils.exec(teardown_cmd); logger.info(result); return result; }); }); + }).catch(async (err) => { + // Don't fail if file does not exist + const delete_credentials_cmd = `rm -f '${credentials_loc}' || true`; + await utils.exec(delete_credentials_cmd); + throw err; }); }, @@ -922,10 +924,6 @@ const internalCertificate = { logger.info(`Renewing Let'sEncrypt certificates via ${dns_plugin.display_name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`); - const credentials_loc = '/etc/letsencrypt/credentials-' + certificate.id; - const credentials_cmd = 'echo \'' + certificate.meta.dns_provider_credentials.replace('\'', '\\\'') + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\''; - const prepare_cmd = 'pip3 install ' + dns_plugin.package_name + '==' + dns_plugin.package_version; - let main_cmd = certbot_command + ' renew --non-interactive ' + '--cert-name "npm-' + certificate.id + '" ' + @@ -937,23 +935,14 @@ const internalCertificate = { main_cmd = 'AWS_CONFIG_FILE=\'' + credentials_loc + '\' ' + main_cmd; } - const teardown_cmd = `rm '${credentials_loc}'`; - if (debug_mode) { - logger.info('Command:', `${credentials_cmd} && ${prepare_cmd} && ${main_cmd} && ${teardown_cmd}`); + logger.info('Command:', main_cmd); } - return utils.exec(credentials_cmd) - .then(() => { - return utils.exec(prepare_cmd) - .then(() => { - return utils.exec(main_cmd) - .then(async (result) => { - await utils.exec(teardown_cmd); - logger.info(result); - return result; - }); - }); + return utils.exec(main_cmd) + .then(async (result) => { + logger.info(result); + return result; }); }, @@ -965,20 +954,21 @@ const internalCertificate = { revokeLetsEncryptSsl: (certificate, throw_errors) => { logger.info('Revoking Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', ')); - let cmd = certbot_command + ' revoke --non-interactive ' + + const main_cmd = certbot_command + ' revoke --non-interactive ' + '--cert-path "/etc/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem" ' + '--delete-after-revoke ' + (le_staging ? '--staging' : ''); + // Don't fail command if file does not exist + const delete_credentials_cmd = `rm -f '/etc/letsencrypt/credentials/credentials-${certificate.id}' || true`; + if (debug_mode) { - logger.info('Command:', cmd); + logger.info('Command:', main_cmd + '; ' + delete_credentials_cmd); } - return utils.exec(cmd) - .then((result) => { - if (debug_mode) { - logger.info('Command:', cmd); - } + return utils.exec(main_cmd) + .then(async (result) => { + await utils.exec(delete_credentials_cmd); logger.info(result); return result; }) diff --git a/backend/setup.js b/backend/setup.js index e47431f..13ebc70 100644 --- a/backend/setup.js +++ b/backend/setup.js @@ -2,10 +2,13 @@ const fs = require('fs'); const NodeRSA = require('node-rsa'); const config = require('config'); const logger = require('./logger').setup; +const certificateModel = require('./models/certificate'); const userModel = require('./models/user'); const userPermissionModel = require('./models/user_permission'); +const utils = require('./lib/utils'); const authModel = require('./models/auth'); const settingModel = require('./models/setting'); +const dns_plugins = require('./global/certbot-dns-plugins'); const debug_mode = process.env.NODE_ENV !== 'production' || !!process.env.DEBUG; /** @@ -155,8 +158,46 @@ const setupDefaultSettings = () => { }); }; +/** + * Installs all Certbot plugins which are required for an installed certificate + * + * @returns {Promise} + */ +const setupCertbotPlugins = () => { + return certificateModel + .query() + .where('is_deleted', 0) + .andWhere('provider', 'letsencrypt') + .then((certificates) => { + if (certificates && certificates.length) { + let plugins = []; + let promises = []; + + certificates.map(function (certificate) { + if (certificate.meta && certificate.meta.dns_challenge === true) { + const dns_plugin = dns_plugins[certificate.meta.dns_provider]; + const package = `${dns_plugin.package_name}==${dns_plugin.package_version}`; + if (plugins.indexOf(package) === -1) plugins.push(package); + + // Make sure credentials file exists + const credentials_loc = '/etc/letsencrypt/credentials/credentials-' + certificate.id; + const credentials_cmd = '[ -f \'' + credentials_loc + '\' ] || { mkdir /etc/letsencrypt/credentials; echo \'' + certificate.meta.dns_provider_credentials.replace('\'', '\\\'') + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\'; }'; + promises.push(utils.exec(credentials_cmd)); + } + }); + + const install_cmd = 'pip3 install ' + plugins.join(' '); + promises.push(utils.exec(install_cmd)); + return Promise.all(promises).then(() => { + logger.info('Added Certbot plugins ' + plugins.join(', ')); + }); + } + }); +}; + module.exports = function () { return setupJwt() .then(setupDefaultUser) - .then(setupDefaultSettings); + .then(setupDefaultSettings) + .then(setupCertbotPlugins); }; diff --git a/frontend/js/i18n/messages.json b/frontend/js/i18n/messages.json index 8ce201a..eb0f2d2 100644 --- a/frontend/js/i18n/messages.json +++ b/frontend/js/i18n/messages.json @@ -109,7 +109,7 @@ "please-choose": "Please Choose...", "credentials-file-content": "Credentials File Content", "credentials-file-content-info": "This plugin requires a configuration file containing an API token or other credentials to your provider", - "stored-as-plaintext-info": "This data will be stored as plaintext in the database!", + "stored-as-plaintext-info": "This data will be stored as plaintext in the database and in a file!", "propagation-seconds": "Propagation Seconds", "propagation-seconds-info": "Leave empty to use the plugins default value. Number of seconds to wait for DNS propagation.", "processing-info": "Processing... This might take a few minutes." diff --git a/global/certbot-dns-plugins.js b/global/certbot-dns-plugins.js index 8170f73..e87425c 100644 --- a/global/certbot-dns-plugins.js +++ b/global/certbot-dns-plugins.js @@ -181,7 +181,7 @@ dns_netcup_api_password = abcdef0123456789abcdef01234567abcdef0123`, njalla: { display_name: 'Njalla', package_name: 'certbot-dns-njalla', - package_version: '0.0.4', + package_version: '1.0.0', credentials: 'certbot_dns_njalla:dns_njalla_token = 0123456789abcdef0123456789abcdef01234567', full_plugin_name: 'certbot-dns-njalla:dns-njalla', }, From 08ab62108fb76d8e39e06be46fdc1604fb33c1e3 Mon Sep 17 00:00:00 2001 From: chaptergy <26956711+chaptergy@users.noreply.github.com> Date: Sat, 17 Oct 2020 12:25:36 +0200 Subject: [PATCH 02/14] Fixes eslint errors --- backend/internal/certificate.js | 3 +- backend/setup.js | 55 +++++++++++++++++---------------- 2 files changed, 30 insertions(+), 28 deletions(-) diff --git a/backend/internal/certificate.js b/backend/internal/certificate.js index e00d1f2..97749b9 100644 --- a/backend/internal/certificate.js +++ b/backend/internal/certificate.js @@ -932,7 +932,8 @@ const internalCertificate = { // Prepend the path to the credentials file as an environment variable if (certificate.meta.dns_provider === 'route53') { - main_cmd = 'AWS_CONFIG_FILE=\'' + credentials_loc + '\' ' + main_cmd; + const credentials_loc = '/etc/letsencrypt/credentials/credentials-' + certificate.id; + main_cmd = 'AWS_CONFIG_FILE=\'' + credentials_loc + '\' ' + main_cmd; } if (debug_mode) { diff --git a/backend/setup.js b/backend/setup.js index 13ebc70..7e18c92 100644 --- a/backend/setup.js +++ b/backend/setup.js @@ -2,10 +2,10 @@ const fs = require('fs'); const NodeRSA = require('node-rsa'); const config = require('config'); const logger = require('./logger').setup; -const certificateModel = require('./models/certificate'); +const certificateModel = require('./models/certificate'); const userModel = require('./models/user'); const userPermissionModel = require('./models/user_permission'); -const utils = require('./lib/utils'); +const utils = require('./lib/utils'); const authModel = require('./models/auth'); const settingModel = require('./models/setting'); const dns_plugins = require('./global/certbot-dns-plugins'); @@ -165,34 +165,35 @@ const setupDefaultSettings = () => { */ const setupCertbotPlugins = () => { return certificateModel - .query() - .where('is_deleted', 0) - .andWhere('provider', 'letsencrypt') - .then((certificates) => { - if (certificates && certificates.length) { - let plugins = []; - let promises = []; + .query() + .where('is_deleted', 0) + .andWhere('provider', 'letsencrypt') + .then((certificates) => { + if (certificates && certificates.length) { + let plugins = []; + let promises = []; - certificates.map(function (certificate) { - if (certificate.meta && certificate.meta.dns_challenge === true) { - const dns_plugin = dns_plugins[certificate.meta.dns_provider]; - const package = `${dns_plugin.package_name}==${dns_plugin.package_version}`; - if (plugins.indexOf(package) === -1) plugins.push(package); + certificates.map(function (certificate) { + if (certificate.meta && certificate.meta.dns_challenge === true) { + const dns_plugin = dns_plugins[certificate.meta.dns_provider]; + const package_to_install = `${dns_plugin.package_name}==${dns_plugin.package_version}`; - // Make sure credentials file exists - const credentials_loc = '/etc/letsencrypt/credentials/credentials-' + certificate.id; - const credentials_cmd = '[ -f \'' + credentials_loc + '\' ] || { mkdir /etc/letsencrypt/credentials; echo \'' + certificate.meta.dns_provider_credentials.replace('\'', '\\\'') + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\'; }'; - promises.push(utils.exec(credentials_cmd)); - } - }); + if (plugins.indexOf(package_to_install) === -1) plugins.push(package_to_install); - const install_cmd = 'pip3 install ' + plugins.join(' '); - promises.push(utils.exec(install_cmd)); - return Promise.all(promises).then(() => { - logger.info('Added Certbot plugins ' + plugins.join(', ')); - }); - } - }); + // Make sure credentials file exists + const credentials_loc = '/etc/letsencrypt/credentials/credentials-' + certificate.id; + const credentials_cmd = '[ -f \'' + credentials_loc + '\' ] || { mkdir /etc/letsencrypt/credentials; echo \'' + certificate.meta.dns_provider_credentials.replace('\'', '\\\'') + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\'; }'; + promises.push(utils.exec(credentials_cmd)); + } + }); + + const install_cmd = 'pip3 install ' + plugins.join(' '); + promises.push(utils.exec(install_cmd)); + return Promise.all(promises).then(() => { + logger.info('Added Certbot plugins ' + plugins.join(', ')); + }); + } + }); }; module.exports = function () { From 7ba58bdbd3d0667337fc1e48281828e49c0ec56b Mon Sep 17 00:00:00 2001 From: MarceloLagos <4932984+MarceloLagos@users.noreply.github.com> Date: Sat, 17 Oct 2020 23:27:12 -0600 Subject: [PATCH 03/14] Update certificate.js --- backend/internal/certificate.js | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/backend/internal/certificate.js b/backend/internal/certificate.js index 613c837..707e5ec 100644 --- a/backend/internal/certificate.js +++ b/backend/internal/certificate.js @@ -608,11 +608,12 @@ const internalCertificate = { checkPrivateKey: (private_key) => { return tempWrite(private_key, '/tmp') .then((filepath) => { - return utils.exec('openssl rsa -in ' + filepath + ' -check -noout') - .then((result) => { - if (!result.toLowerCase().includes('key ok')) { - throw new error.ValidationError(result); - } + let key_type = private_key.includes('-----BEGIN RSA') ? 'rsa' : 'ec'; + return utils.exec('openssl ' + key_type + ' -in ' + filepath + ' -check -noout 2>&1 ') + .then((result) => { + if (!result.toLowerCase().includes('key ok') && !result.toLowerCase().includes('key valid') ) { + throw new error.ValidationError('Result Validation Error: ' + result); + } fs.unlinkSync(filepath); return true; From 190cd2d6bb48e63127d03f9dde070e0934f1919c Mon Sep 17 00:00:00 2001 From: MarceloLagos <4932984+MarceloLagos@users.noreply.github.com> Date: Sat, 17 Oct 2020 23:46:18 -0600 Subject: [PATCH 04/14] Update certificate.js --- backend/internal/certificate.js | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/backend/internal/certificate.js b/backend/internal/certificate.js index 707e5ec..bd3155d 100644 --- a/backend/internal/certificate.js +++ b/backend/internal/certificate.js @@ -608,13 +608,12 @@ const internalCertificate = { checkPrivateKey: (private_key) => { return tempWrite(private_key, '/tmp') .then((filepath) => { - let key_type = private_key.includes('-----BEGIN RSA') ? 'rsa' : 'ec'; - return utils.exec('openssl ' + key_type + ' -in ' + filepath + ' -check -noout 2>&1 ') - .then((result) => { - if (!result.toLowerCase().includes('key ok') && !result.toLowerCase().includes('key valid') ) { - throw new error.ValidationError('Result Validation Error: ' + result); - } - + let key_type = private_key.includes('-----BEGIN RSA') ? 'rsa' : 'ec'; + return utils.exec('openssl ' + key_type + ' -in ' + filepath + ' -check -noout 2>&1 ') + .then((result) => { + if (!result.toLowerCase().includes('key ok') && !result.toLowerCase().includes('key valid') ) { + throw new error.ValidationError('Result Validation Error: ' + result); + } fs.unlinkSync(filepath); return true; }).catch((err) => { From f192748bf9e61b3dce8f43668f947022f1ba04fc Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Mon, 19 Oct 2020 11:40:50 +1000 Subject: [PATCH 05/14] Use x-real-ip header for the real-ip module --- .../etc/nginx/conf.d/include/ip_ranges.conf | 198 +----------------- docker/rootfs/etc/nginx/nginx.conf | 2 +- 2 files changed, 3 insertions(+), 197 deletions(-) diff --git a/docker/rootfs/etc/nginx/conf.d/include/ip_ranges.conf b/docker/rootfs/etc/nginx/conf.d/include/ip_ranges.conf index 2542b7f..3424932 100644 --- a/docker/rootfs/etc/nginx/conf.d/include/ip_ranges.conf +++ b/docker/rootfs/etc/nginx/conf.d/include/ip_ranges.conf @@ -1,196 +1,2 @@ - -set_real_ip_from 144.220.0.0/16; - -set_real_ip_from 52.124.128.0/17; - -set_real_ip_from 54.230.0.0/16; - -set_real_ip_from 54.239.128.0/18; - -set_real_ip_from 52.82.128.0/19; - -set_real_ip_from 99.84.0.0/16; - -set_real_ip_from 204.246.172.0/24; - -set_real_ip_from 205.251.192.0/19; - -set_real_ip_from 54.239.192.0/19; - -set_real_ip_from 70.132.0.0/18; - -set_real_ip_from 13.32.0.0/15; - -set_real_ip_from 13.224.0.0/14; - -set_real_ip_from 13.35.0.0/16; - -set_real_ip_from 204.246.164.0/22; - -set_real_ip_from 204.246.168.0/22; - -set_real_ip_from 71.152.0.0/17; - -set_real_ip_from 216.137.32.0/19; - -set_real_ip_from 205.251.249.0/24; - -set_real_ip_from 99.86.0.0/16; - -set_real_ip_from 52.46.0.0/18; - -set_real_ip_from 52.84.0.0/15; - -set_real_ip_from 204.246.173.0/24; - -set_real_ip_from 130.176.0.0/16; - -set_real_ip_from 64.252.64.0/18; - -set_real_ip_from 204.246.174.0/23; - -set_real_ip_from 64.252.128.0/18; - -set_real_ip_from 205.251.254.0/24; - -set_real_ip_from 143.204.0.0/16; - -set_real_ip_from 205.251.252.0/23; - -set_real_ip_from 204.246.176.0/20; - -set_real_ip_from 13.249.0.0/16; - -set_real_ip_from 54.240.128.0/18; - -set_real_ip_from 205.251.250.0/23; - -set_real_ip_from 52.222.128.0/17; - -set_real_ip_from 54.182.0.0/16; - -set_real_ip_from 54.192.0.0/16; - -set_real_ip_from 13.124.199.0/24; - -set_real_ip_from 34.226.14.0/24; - -set_real_ip_from 52.15.127.128/26; - -set_real_ip_from 35.158.136.0/24; - -set_real_ip_from 52.57.254.0/24; - -set_real_ip_from 18.216.170.128/25; - -set_real_ip_from 13.52.204.0/23; - -set_real_ip_from 13.54.63.128/26; - -set_real_ip_from 13.59.250.0/26; - -set_real_ip_from 13.210.67.128/26; - -set_real_ip_from 35.167.191.128/26; - -set_real_ip_from 52.47.139.0/24; - -set_real_ip_from 52.199.127.192/26; - -set_real_ip_from 52.212.248.0/26; - -set_real_ip_from 52.66.194.128/26; - -set_real_ip_from 13.113.203.0/24; - -set_real_ip_from 99.79.168.0/23; - -set_real_ip_from 34.195.252.0/24; - -set_real_ip_from 35.162.63.192/26; - -set_real_ip_from 34.223.12.224/27; - -set_real_ip_from 52.56.127.0/25; - -set_real_ip_from 34.223.80.192/26; - -set_real_ip_from 13.228.69.0/24; - -set_real_ip_from 34.216.51.0/25; - -set_real_ip_from 3.231.2.0/25; - -set_real_ip_from 54.233.255.128/26; - -set_real_ip_from 18.200.212.0/23; - -set_real_ip_from 52.52.191.128/26; - -set_real_ip_from 3.234.232.224/27; - -set_real_ip_from 52.78.247.128/26; - -set_real_ip_from 52.220.191.0/26; - -set_real_ip_from 34.232.163.208/29; - -set_real_ip_from 2600:9000:eee::/48; - -set_real_ip_from 2600:9000:4000::/36; - -set_real_ip_from 2600:9000:3000::/36; - -set_real_ip_from 2600:9000:f000::/36; - -set_real_ip_from 2600:9000:fff::/48; - -set_real_ip_from 2600:9000:2000::/36; - -set_real_ip_from 2600:9000:1000::/36; - -set_real_ip_from 2600:9000:ddd::/48; - -set_real_ip_from 2600:9000:5300::/40; - -set_real_ip_from 173.245.48.0/20; - -set_real_ip_from 103.21.244.0/22; - -set_real_ip_from 103.22.200.0/22; - -set_real_ip_from 103.31.4.0/22; - -set_real_ip_from 141.101.64.0/18; - -set_real_ip_from 108.162.192.0/18; - -set_real_ip_from 190.93.240.0/20; - -set_real_ip_from 188.114.96.0/20; - -set_real_ip_from 197.234.240.0/22; - -set_real_ip_from 198.41.128.0/17; - -set_real_ip_from 162.158.0.0/15; - -set_real_ip_from 104.16.0.0/12; - -set_real_ip_from 172.64.0.0/13; - -set_real_ip_from 131.0.72.0/22; - -set_real_ip_from 2400:cb00::/32; - -set_real_ip_from 2606:4700::/32; - -set_real_ip_from 2803:f800::/32; - -set_real_ip_from 2405:b500::/32; - -set_real_ip_from 2405:8100::/32; - -set_real_ip_from 2a06:98c0::/29; - -set_real_ip_from 2c0f:f248::/32; +# This should be left blank is it is populated programatically +# by the application backend. diff --git a/docker/rootfs/etc/nginx/nginx.conf b/docker/rootfs/etc/nginx/nginx.conf index 23335e5..ed58a5f 100644 --- a/docker/rootfs/etc/nginx/nginx.conf +++ b/docker/rootfs/etc/nginx/nginx.conf @@ -66,7 +66,7 @@ http { # NPM generated CDN ip ranges: include conf.d/include/ip_ranges.conf; # always put the following 2 lines after ip subnets: - real_ip_header X-Forwarded-For; + real_ip_header X-Real-IP; real_ip_recursive on; # Files generated by NPM From 7d693a4271135ffc2f4201dc47df9aa9792ee2e2 Mon Sep 17 00:00:00 2001 From: chaptergy <26956711+chaptergy@users.noreply.github.com> Date: Tue, 3 Nov 2020 21:28:50 +0100 Subject: [PATCH 06/14] Expands and refactors dns plugin list --- global/certbot-dns-plugins.js | 170 +++++++++++++++++++--------------- 1 file changed, 97 insertions(+), 73 deletions(-) diff --git a/global/certbot-dns-plugins.js b/global/certbot-dns-plugins.js index e87425c..3fdd5ef 100644 --- a/global/certbot-dns-plugins.js +++ b/global/certbot-dns-plugins.js @@ -10,9 +10,9 @@ * display_name: "Name displayed to the user", * package_name: "Package name in PyPi repo", * package_version: "Package version in PyPi repo", + * dependencies: "Additional dependencies, space separated (as you would pass it to pip install)", * credentials: `Template of the credentials file`, * full_plugin_name: "The full plugin name as used in the commandline with certbot, including prefixes, e.g. 'certbot-dns-njalla:dns-njalla'", - * credentials_file: Whether the plugin has a credentials file * }, * ... * } @@ -21,37 +21,41 @@ module.exports = { cloudflare: { - display_name: 'Cloudflare', - package_name: 'certbot-dns-cloudflare', - package_version: '1.8.0', - credentials: `# Cloudflare API token + display_name: 'Cloudflare', + package_name: 'certbot-dns-cloudflare', + package_version: '1.8.0', + dependencies: '', + credentials: `# Cloudflare API token dns_cloudflare_api_token = 0123456789abcdef0123456789abcdef01234567`, full_plugin_name: 'dns-cloudflare', }, //####################################################// cloudxns: { - display_name: 'CloudXNS', - package_name: 'certbot-dns-cloudxns', - package_version: '1.8.0', - credentials: `dns_cloudxns_api_key = 1234567890abcdef1234567890abcdef + display_name: 'CloudXNS', + package_name: 'certbot-dns-cloudxns', + package_version: '1.8.0', + dependencies: '', + credentials: `dns_cloudxns_api_key = 1234567890abcdef1234567890abcdef dns_cloudxns_secret_key = 1122334455667788`, full_plugin_name: 'dns-cloudxns', }, //####################################################// corenetworks: { - display_name: 'Core Networks', - package_name: 'certbot-dns-corenetworks', - package_version: '0.1.4', - credentials: `certbot_dns_corenetworks:dns_corenetworks_username = asaHB12r + display_name: 'Core Networks', + package_name: 'certbot-dns-corenetworks', + package_version: '0.1.4', + dependencies: '', + credentials: `certbot_dns_corenetworks:dns_corenetworks_username = asaHB12r certbot_dns_corenetworks:dns_corenetworks_password = secure_password`, full_plugin_name: 'certbot-dns-corenetworks:dns-corenetworks', }, //####################################################// cpanel: { - display_name: 'cPanel', - package_name: 'certbot-dns-cpanel', - package_version: '0.2.2', - credentials: `certbot_dns_cpanel:cpanel_url = https://cpanel.example.com:2083 + display_name: 'cPanel', + package_name: 'certbot-dns-cpanel', + package_version: '0.2.2', + dependencies: '', + credentials: `certbot_dns_cpanel:cpanel_url = https://cpanel.example.com:2083 certbot_dns_cpanel:cpanel_username = user certbot_dns_cpanel:cpanel_password = hunter2`, full_plugin_name: 'certbot-dns-cpanel:cpanel', @@ -61,15 +65,17 @@ certbot_dns_cpanel:cpanel_password = hunter2`, display_name: 'DigitalOcean', package_name: 'certbot-dns-digitalocean', package_version: '1.8.0', + dependencies: '', credentials: 'dns_digitalocean_token = 0000111122223333444455556666777788889999aaaabbbbccccddddeeeeffff', full_plugin_name: 'dns-digitalocean', }, //####################################################// directadmin: { - display_name: 'DirectAdmin', - package_name: 'certbot-dns-directadmin', - package_version: '0.0.20', - credentials: `directadmin_url = https://my.directadminserver.com:2222 + display_name: 'DirectAdmin', + package_name: 'certbot-dns-directadmin', + package_version: '0.0.20', + dependencies: '', + credentials: `directadmin_url = https://my.directadminserver.com:2222 directadmin_username = username directadmin_password = aSuperStrongPassword`, full_plugin_name: 'certbot-dns-directadmin:directadmin', @@ -79,33 +85,37 @@ directadmin_password = aSuperStrongPassword`, display_name: 'DNSimple', package_name: 'certbot-dns-dnsimple', package_version: '1.8.0', + dependencies: '', credentials: 'dns_dnsimple_token = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw', full_plugin_name: 'dns-dnsimple', }, //####################################################// dnsmadeeasy: { - display_name: 'DNS Made Easy', - package_name: 'certbot-dns-dnsmadeeasy', - package_version: '1.8.0', - credentials: `dns_dnsmadeeasy_api_key = 1c1a3c91-4770-4ce7-96f4-54c0eb0e457a + display_name: 'DNS Made Easy', + package_name: 'certbot-dns-dnsmadeeasy', + package_version: '1.8.0', + dependencies: '', + credentials: `dns_dnsmadeeasy_api_key = 1c1a3c91-4770-4ce7-96f4-54c0eb0e457a dns_dnsmadeeasy_secret_key = c9b5625f-9834-4ff8-baba-4ed5f32cae55`, full_plugin_name: 'dns-dnsmadeeasy', }, //####################################################// dnspod: { - display_name: 'DNSPod', - package_name: 'certbot-dns-dnspod', - package_version: '0.1.0', - credentials: `certbot_dns_dnspod:dns_dnspod_email = "DNSPOD-API-REQUIRES-A-VALID-EMAIL" + display_name: 'DNSPod', + package_name: 'certbot-dns-dnspod', + package_version: '0.1.0', + dependencies: '', + credentials: `certbot_dns_dnspod:dns_dnspod_email = "DNSPOD-API-REQUIRES-A-VALID-EMAIL" certbot_dns_dnspod:dns_dnspod_api_token = "DNSPOD-API-TOKEN"`, full_plugin_name: 'certbot-dns-dnspod:dns-dnspod', }, //####################################################// google: { - display_name: 'Google', - package_name: 'certbot-dns-google', - package_version: '1.8.0', - credentials: `{ + display_name: 'Google', + package_name: 'certbot-dns-google', + package_version: '1.8.0', + dependencies: '', + credentials: `{ "type": "service_account", ... }`, @@ -116,15 +126,17 @@ certbot_dns_dnspod:dns_dnspod_api_token = "DNSPOD-API-TOKEN"`, display_name: 'Hetzner', package_name: 'certbot-dns-hetzner', package_version: '1.0.4', + dependencies: '', credentials: 'certbot_dns_hetzner:dns_hetzner_api_token = 0123456789abcdef0123456789abcdef', full_plugin_name: 'certbot-dns-hetzner:dns-hetzner', }, //####################################################// inwx: { - display_name: 'INWX', - package_name: 'certbot-dns-inwx', - package_version: '2.1.2', - credentials: `certbot_dns_inwx:dns_inwx_url = https://api.domrobot.com/xmlrpc/ + display_name: 'INWX', + package_name: 'certbot-dns-inwx', + package_version: '2.1.2', + dependencies: '', + credentials: `certbot_dns_inwx:dns_inwx_url = https://api.domrobot.com/xmlrpc/ certbot_dns_inwx:dns_inwx_username = your_username certbot_dns_inwx:dns_inwx_password = your_password certbot_dns_inwx:dns_inwx_shared_secret = your_shared_secret optional`, @@ -132,47 +144,52 @@ certbot_dns_inwx:dns_inwx_shared_secret = your_shared_secret optional`, }, //####################################################// ispconfig: { - display_name: 'ISPConfig', - package_name: 'certbot-dns-ispconfig', - package_version: '0.2.0', - credentials: `certbot_dns_ispconfig:dns_ispconfig_username = myremoteuser + display_name: 'ISPConfig', + package_name: 'certbot-dns-ispconfig', + package_version: '0.2.0', + dependencies: '', + credentials: `certbot_dns_ispconfig:dns_ispconfig_username = myremoteuser certbot_dns_ispconfig:dns_ispconfig_password = verysecureremoteuserpassword certbot_dns_ispconfig:dns_ispconfig_endpoint = https://localhost:8080`, full_plugin_name: 'certbot-dns-ispconfig:dns-ispconfig', }, //####################################################// isset: { - display_name: 'Isset', - package_name: 'certbot-dns-isset', - package_version: '0.0.3', - credentials: `certbot_dns_isset:dns_isset_endpoint="https://customer.isset.net/api" + display_name: 'Isset', + package_name: 'certbot-dns-isset', + package_version: '0.0.3', + dependencies: '', + credentials: `certbot_dns_isset:dns_isset_endpoint="https://customer.isset.net/api" certbot_dns_isset:dns_isset_token=""`, full_plugin_name: 'certbot-dns-isset:dns-isset', }, //####################################################// linode: { - display_name: 'Linode', - package_name: 'certbot-dns-linode', - package_version: '1.8.0', - credentials: `dns_linode_key = 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ64 + display_name: 'Linode', + package_name: 'certbot-dns-linode', + package_version: '1.8.0', + dependencies: '', + credentials: `dns_linode_key = 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ64 dns_linode_version = [|3|4]`, full_plugin_name: 'dns-linode', }, //####################################################// luadns: { - display_name: 'LuaDNS', - package_name: 'certbot-dns-luadns', - package_version: '1.8.0', - credentials: `dns_luadns_email = user@example.com + display_name: 'LuaDNS', + package_name: 'certbot-dns-luadns', + package_version: '1.8.0', + dependencies: '', + credentials: `dns_luadns_email = user@example.com dns_luadns_token = 0123456789abcdef0123456789abcdef`, full_plugin_name: 'dns-luadns', }, //####################################################// netcup: { - display_name: 'netcup', - package_name: 'certbot-dns-netcup', - package_version: '1.0.0', - credentials: `dns_netcup_customer_id = 123456 + display_name: 'netcup', + package_name: 'certbot-dns-netcup', + package_version: '1.0.0', + dependencies: '', + credentials: `dns_netcup_customer_id = 123456 dns_netcup_api_key = 0123456789abcdef0123456789abcdef01234567 dns_netcup_api_password = abcdef0123456789abcdef01234567abcdef0123`, full_plugin_name: 'certbot-dns-netcup:dns-netcup', @@ -182,6 +199,7 @@ dns_netcup_api_password = abcdef0123456789abcdef01234567abcdef0123`, display_name: 'Njalla', package_name: 'certbot-dns-njalla', package_version: '1.0.0', + dependencies: '', credentials: 'certbot_dns_njalla:dns_njalla_token = 0123456789abcdef0123456789abcdef01234567', full_plugin_name: 'certbot-dns-njalla:dns-njalla', }, @@ -190,15 +208,17 @@ dns_netcup_api_password = abcdef0123456789abcdef01234567abcdef0123`, display_name: 'NS1', package_name: 'certbot-dns-nsone', package_version: '1.8.0', + dependencies: '', credentials: 'dns_nsone_api_key = MDAwMDAwMDAwMDAwMDAw', full_plugin_name: 'dns-nsone', }, //####################################################// ovh: { - display_name: 'OVH', - package_name: 'certbot-dns-ovh', - package_version: '1.8.0', - credentials: `dns_ovh_endpoint = ovh-eu + display_name: 'OVH', + package_name: 'certbot-dns-ovh', + package_version: '1.8.0', + dependencies: '', + credentials: `dns_ovh_endpoint = ovh-eu dns_ovh_application_key = MDAwMDAwMDAwMDAw dns_ovh_application_secret = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw dns_ovh_consumer_key = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw`, @@ -206,19 +226,21 @@ dns_ovh_consumer_key = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw`, }, //####################################################// powerdns: { - display_name: 'PowerDNS', - package_name: 'certbot-dns-powerdns', - package_version: '0.2.0', - credentials: `certbot_dns_powerdns:dns_powerdns_api_url = https://api.mypowerdns.example.org + display_name: 'PowerDNS', + package_name: 'certbot-dns-powerdns', + package_version: '0.2.0', + dependencies: '', + credentials: `certbot_dns_powerdns:dns_powerdns_api_url = https://api.mypowerdns.example.org certbot_dns_powerdns:dns_powerdns_api_key = AbCbASsd!@34`, full_plugin_name: 'certbot-dns-powerdns:dns-powerdns', }, //####################################################// rfc2136: { - display_name: 'RFC 2136', - package_name: 'certbot-dns-rfc2136', - package_version: '1.8.0', - credentials: `# Target DNS server + display_name: 'RFC 2136', + package_name: 'certbot-dns-rfc2136', + package_version: '1.8.0', + dependencies: '', + credentials: `# Target DNS server dns_rfc2136_server = 192.0.2.1 # Target DNS port dns_rfc2136_port = 53 @@ -232,10 +254,11 @@ dns_rfc2136_algorithm = HMAC-SHA512`, }, //####################################################// route53: { - display_name: 'Route 53 (Amazon)', - package_name: 'certbot-dns-route53', - package_version: '1.8.0', - credentials: `[default] + display_name: 'Route 53 (Amazon)', + package_name: 'certbot-dns-route53', + package_version: '1.8.0', + dependencies: '', + credentials: `[default] aws_access_key_id=AKIAIOSFODNN7EXAMPLE aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY`, full_plugin_name: 'dns-route53', @@ -245,6 +268,7 @@ aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY`, display_name: 'Vultr', package_name: 'certbot-dns-vultr', package_version: '1.0.3', + dependencies: '', credentials: 'certbot_dns_vultr:dns_vultr_key = YOUR_VULTR_API_KEY', full_plugin_name: 'certbot-dns-vultr:dns-vultr', }, From 60a40197f13c93294c5c480daebb95cf853a851c Mon Sep 17 00:00:00 2001 From: chaptergy <26956711+chaptergy@users.noreply.github.com> Date: Tue, 3 Nov 2020 21:59:18 +0100 Subject: [PATCH 07/14] Always install additional dependencies for dns plugins --- backend/internal/certificate.js | 2 +- backend/setup.js | 4 ++-- docker/Dockerfile | 1 + docker/dev/Dockerfile | 1 + global/certbot-dns-plugins.js | 2 +- 5 files changed, 6 insertions(+), 4 deletions(-) diff --git a/backend/internal/certificate.js b/backend/internal/certificate.js index 13f172e..6f1fc4d 100644 --- a/backend/internal/certificate.js +++ b/backend/internal/certificate.js @@ -790,7 +790,7 @@ const internalCertificate = { const credentials_loc = '/etc/letsencrypt/credentials/credentials-' + certificate.id; const credentials_cmd = 'echo \'' + certificate.meta.dns_provider_credentials.replace('\'', '\\\'') + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\''; - const prepare_cmd = 'pip3 install ' + dns_plugin.package_name + '==' + dns_plugin.package_version; + const prepare_cmd = 'pip3 install ' + dns_plugin.package_name + '==' + dns_plugin.package_version + ' ' + dns_plugin.dependencies; // Whether the plugin has a ---credentials argument const has_config_arg = certificate.meta.dns_provider !== 'route53'; diff --git a/backend/setup.js b/backend/setup.js index 7e18c92..24429e8 100644 --- a/backend/setup.js +++ b/backend/setup.js @@ -176,9 +176,9 @@ const setupCertbotPlugins = () => { certificates.map(function (certificate) { if (certificate.meta && certificate.meta.dns_challenge === true) { const dns_plugin = dns_plugins[certificate.meta.dns_provider]; - const package_to_install = `${dns_plugin.package_name}==${dns_plugin.package_version}`; + const packages_to_install = `${dns_plugin.package_name}==${dns_plugin.package_version} ${dns_plugin.dependencies}`; - if (plugins.indexOf(package_to_install) === -1) plugins.push(package_to_install); + if (plugins.indexOf(packages_to_install) === -1) plugins.push(packages_to_install); // Make sure credentials file exists const credentials_loc = '/etc/letsencrypt/credentials/credentials-' + certificate.id; diff --git a/docker/Dockerfile b/docker/Dockerfile index acac5fa..011f5d6 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -38,6 +38,7 @@ COPY global /app/global WORKDIR /app RUN yarn install +RUN mkdir -p /etc/letsencrypt/credentials # Remove frontend service not required for prod, dev nginx config as well RUN rm -rf /etc/services.d/frontend RUN rm -f /etc/nginx/conf.d/dev.conf diff --git a/docker/dev/Dockerfile b/docker/dev/Dockerfile index 45ee534..2d06d16 100644 --- a/docker/dev/Dockerfile +++ b/docker/dev/Dockerfile @@ -18,6 +18,7 @@ RUN cd /usr \ COPY rootfs / RUN rm -f /etc/nginx/conf.d/production.conf +RUN mkdir -p /etc/letsencrypt/credentials # s6 overlay RUN curl -L -o /tmp/s6-overlay-amd64.tar.gz "https://github.com/just-containers/s6-overlay/releases/download/v1.22.1.0/s6-overlay-amd64.tar.gz" \ diff --git a/global/certbot-dns-plugins.js b/global/certbot-dns-plugins.js index 3fdd5ef..5ae1872 100644 --- a/global/certbot-dns-plugins.js +++ b/global/certbot-dns-plugins.js @@ -24,7 +24,7 @@ module.exports = { display_name: 'Cloudflare', package_name: 'certbot-dns-cloudflare', package_version: '1.8.0', - dependencies: '', + dependencies: 'cloudflare', credentials: `# Cloudflare API token dns_cloudflare_api_token = 0123456789abcdef0123456789abcdef01234567`, full_plugin_name: 'dns-cloudflare', From a3159ad59e2f1b15878ec89384b0021183da78e4 Mon Sep 17 00:00:00 2001 From: chaptergy <26956711+chaptergy@users.noreply.github.com> Date: Tue, 3 Nov 2020 22:24:03 +0100 Subject: [PATCH 08/14] Converts tabs to spaces --- global/certbot-dns-plugins.js | 294 +++++++++++++++++----------------- 1 file changed, 147 insertions(+), 147 deletions(-) diff --git a/global/certbot-dns-plugins.js b/global/certbot-dns-plugins.js index 5ae1872..7bcf1ce 100644 --- a/global/certbot-dns-plugins.js +++ b/global/certbot-dns-plugins.js @@ -21,226 +21,226 @@ module.exports = { cloudflare: { - display_name: 'Cloudflare', - package_name: 'certbot-dns-cloudflare', - package_version: '1.8.0', - dependencies: 'cloudflare', - credentials: `# Cloudflare API token + display_name: 'Cloudflare', + package_name: 'certbot-dns-cloudflare', + package_version: '1.8.0', + dependencies: 'cloudflare', + credentials: `# Cloudflare API token dns_cloudflare_api_token = 0123456789abcdef0123456789abcdef01234567`, - full_plugin_name: 'dns-cloudflare', + full_plugin_name: 'dns-cloudflare', }, //####################################################// cloudxns: { - display_name: 'CloudXNS', - package_name: 'certbot-dns-cloudxns', - package_version: '1.8.0', - dependencies: '', - credentials: `dns_cloudxns_api_key = 1234567890abcdef1234567890abcdef + display_name: 'CloudXNS', + package_name: 'certbot-dns-cloudxns', + package_version: '1.8.0', + dependencies: '', + credentials: `dns_cloudxns_api_key = 1234567890abcdef1234567890abcdef dns_cloudxns_secret_key = 1122334455667788`, - full_plugin_name: 'dns-cloudxns', + full_plugin_name: 'dns-cloudxns', }, //####################################################// corenetworks: { - display_name: 'Core Networks', - package_name: 'certbot-dns-corenetworks', - package_version: '0.1.4', - dependencies: '', - credentials: `certbot_dns_corenetworks:dns_corenetworks_username = asaHB12r + display_name: 'Core Networks', + package_name: 'certbot-dns-corenetworks', + package_version: '0.1.4', + dependencies: '', + credentials: `certbot_dns_corenetworks:dns_corenetworks_username = asaHB12r certbot_dns_corenetworks:dns_corenetworks_password = secure_password`, - full_plugin_name: 'certbot-dns-corenetworks:dns-corenetworks', + full_plugin_name: 'certbot-dns-corenetworks:dns-corenetworks', }, //####################################################// cpanel: { - display_name: 'cPanel', - package_name: 'certbot-dns-cpanel', - package_version: '0.2.2', - dependencies: '', - credentials: `certbot_dns_cpanel:cpanel_url = https://cpanel.example.com:2083 + display_name: 'cPanel', + package_name: 'certbot-dns-cpanel', + package_version: '0.2.2', + dependencies: '', + credentials: `certbot_dns_cpanel:cpanel_url = https://cpanel.example.com:2083 certbot_dns_cpanel:cpanel_username = user certbot_dns_cpanel:cpanel_password = hunter2`, - full_plugin_name: 'certbot-dns-cpanel:cpanel', + full_plugin_name: 'certbot-dns-cpanel:cpanel', }, //####################################################// digitalocean: { - display_name: 'DigitalOcean', - package_name: 'certbot-dns-digitalocean', - package_version: '1.8.0', - dependencies: '', - credentials: 'dns_digitalocean_token = 0000111122223333444455556666777788889999aaaabbbbccccddddeeeeffff', - full_plugin_name: 'dns-digitalocean', + display_name: 'DigitalOcean', + package_name: 'certbot-dns-digitalocean', + package_version: '1.8.0', + dependencies: '', + credentials: 'dns_digitalocean_token = 0000111122223333444455556666777788889999aaaabbbbccccddddeeeeffff', + full_plugin_name: 'dns-digitalocean', }, //####################################################// directadmin: { - display_name: 'DirectAdmin', - package_name: 'certbot-dns-directadmin', - package_version: '0.0.20', - dependencies: '', - credentials: `directadmin_url = https://my.directadminserver.com:2222 + display_name: 'DirectAdmin', + package_name: 'certbot-dns-directadmin', + package_version: '0.0.20', + dependencies: '', + credentials: `directadmin_url = https://my.directadminserver.com:2222 directadmin_username = username directadmin_password = aSuperStrongPassword`, - full_plugin_name: 'certbot-dns-directadmin:directadmin', + full_plugin_name: 'certbot-dns-directadmin:directadmin', }, //####################################################// dnsimple: { - display_name: 'DNSimple', - package_name: 'certbot-dns-dnsimple', - package_version: '1.8.0', - dependencies: '', - credentials: 'dns_dnsimple_token = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw', - full_plugin_name: 'dns-dnsimple', + display_name: 'DNSimple', + package_name: 'certbot-dns-dnsimple', + package_version: '1.8.0', + dependencies: '', + credentials: 'dns_dnsimple_token = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw', + full_plugin_name: 'dns-dnsimple', }, //####################################################// dnsmadeeasy: { - display_name: 'DNS Made Easy', - package_name: 'certbot-dns-dnsmadeeasy', - package_version: '1.8.0', - dependencies: '', - credentials: `dns_dnsmadeeasy_api_key = 1c1a3c91-4770-4ce7-96f4-54c0eb0e457a + display_name: 'DNS Made Easy', + package_name: 'certbot-dns-dnsmadeeasy', + package_version: '1.8.0', + dependencies: '', + credentials: `dns_dnsmadeeasy_api_key = 1c1a3c91-4770-4ce7-96f4-54c0eb0e457a dns_dnsmadeeasy_secret_key = c9b5625f-9834-4ff8-baba-4ed5f32cae55`, - full_plugin_name: 'dns-dnsmadeeasy', + full_plugin_name: 'dns-dnsmadeeasy', }, //####################################################// dnspod: { - display_name: 'DNSPod', - package_name: 'certbot-dns-dnspod', - package_version: '0.1.0', - dependencies: '', - credentials: `certbot_dns_dnspod:dns_dnspod_email = "DNSPOD-API-REQUIRES-A-VALID-EMAIL" + display_name: 'DNSPod', + package_name: 'certbot-dns-dnspod', + package_version: '0.1.0', + dependencies: '', + credentials: `certbot_dns_dnspod:dns_dnspod_email = "DNSPOD-API-REQUIRES-A-VALID-EMAIL" certbot_dns_dnspod:dns_dnspod_api_token = "DNSPOD-API-TOKEN"`, - full_plugin_name: 'certbot-dns-dnspod:dns-dnspod', + full_plugin_name: 'certbot-dns-dnspod:dns-dnspod', }, //####################################################// google: { - display_name: 'Google', - package_name: 'certbot-dns-google', - package_version: '1.8.0', - dependencies: '', - credentials: `{ - "type": "service_account", - ... + display_name: 'Google', + package_name: 'certbot-dns-google', + package_version: '1.8.0', + dependencies: '', + credentials: `{ +"type": "service_account", +... }`, - full_plugin_name: 'dns-google', + full_plugin_name: 'dns-google', }, //####################################################// hetzner: { - display_name: 'Hetzner', - package_name: 'certbot-dns-hetzner', - package_version: '1.0.4', - dependencies: '', - credentials: 'certbot_dns_hetzner:dns_hetzner_api_token = 0123456789abcdef0123456789abcdef', - full_plugin_name: 'certbot-dns-hetzner:dns-hetzner', + display_name: 'Hetzner', + package_name: 'certbot-dns-hetzner', + package_version: '1.0.4', + dependencies: '', + credentials: 'certbot_dns_hetzner:dns_hetzner_api_token = 0123456789abcdef0123456789abcdef', + full_plugin_name: 'certbot-dns-hetzner:dns-hetzner', }, //####################################################// inwx: { - display_name: 'INWX', - package_name: 'certbot-dns-inwx', - package_version: '2.1.2', - dependencies: '', - credentials: `certbot_dns_inwx:dns_inwx_url = https://api.domrobot.com/xmlrpc/ + display_name: 'INWX', + package_name: 'certbot-dns-inwx', + package_version: '2.1.2', + dependencies: '', + credentials: `certbot_dns_inwx:dns_inwx_url = https://api.domrobot.com/xmlrpc/ certbot_dns_inwx:dns_inwx_username = your_username certbot_dns_inwx:dns_inwx_password = your_password certbot_dns_inwx:dns_inwx_shared_secret = your_shared_secret optional`, - full_plugin_name: 'certbot-dns-inwx:dns-inwx', + full_plugin_name: 'certbot-dns-inwx:dns-inwx', }, //####################################################// ispconfig: { - display_name: 'ISPConfig', - package_name: 'certbot-dns-ispconfig', - package_version: '0.2.0', - dependencies: '', - credentials: `certbot_dns_ispconfig:dns_ispconfig_username = myremoteuser + display_name: 'ISPConfig', + package_name: 'certbot-dns-ispconfig', + package_version: '0.2.0', + dependencies: '', + credentials: `certbot_dns_ispconfig:dns_ispconfig_username = myremoteuser certbot_dns_ispconfig:dns_ispconfig_password = verysecureremoteuserpassword certbot_dns_ispconfig:dns_ispconfig_endpoint = https://localhost:8080`, - full_plugin_name: 'certbot-dns-ispconfig:dns-ispconfig', + full_plugin_name: 'certbot-dns-ispconfig:dns-ispconfig', }, //####################################################// isset: { - display_name: 'Isset', - package_name: 'certbot-dns-isset', - package_version: '0.0.3', - dependencies: '', - credentials: `certbot_dns_isset:dns_isset_endpoint="https://customer.isset.net/api" + display_name: 'Isset', + package_name: 'certbot-dns-isset', + package_version: '0.0.3', + dependencies: '', + credentials: `certbot_dns_isset:dns_isset_endpoint="https://customer.isset.net/api" certbot_dns_isset:dns_isset_token=""`, - full_plugin_name: 'certbot-dns-isset:dns-isset', + full_plugin_name: 'certbot-dns-isset:dns-isset', }, //####################################################// linode: { - display_name: 'Linode', - package_name: 'certbot-dns-linode', - package_version: '1.8.0', - dependencies: '', - credentials: `dns_linode_key = 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ64 + display_name: 'Linode', + package_name: 'certbot-dns-linode', + package_version: '1.8.0', + dependencies: '', + credentials: `dns_linode_key = 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ64 dns_linode_version = [|3|4]`, - full_plugin_name: 'dns-linode', + full_plugin_name: 'dns-linode', }, //####################################################// luadns: { - display_name: 'LuaDNS', - package_name: 'certbot-dns-luadns', - package_version: '1.8.0', - dependencies: '', - credentials: `dns_luadns_email = user@example.com + display_name: 'LuaDNS', + package_name: 'certbot-dns-luadns', + package_version: '1.8.0', + dependencies: '', + credentials: `dns_luadns_email = user@example.com dns_luadns_token = 0123456789abcdef0123456789abcdef`, - full_plugin_name: 'dns-luadns', + full_plugin_name: 'dns-luadns', }, //####################################################// netcup: { - display_name: 'netcup', - package_name: 'certbot-dns-netcup', - package_version: '1.0.0', - dependencies: '', - credentials: `dns_netcup_customer_id = 123456 + display_name: 'netcup', + package_name: 'certbot-dns-netcup', + package_version: '1.0.0', + dependencies: '', + credentials: `dns_netcup_customer_id = 123456 dns_netcup_api_key = 0123456789abcdef0123456789abcdef01234567 dns_netcup_api_password = abcdef0123456789abcdef01234567abcdef0123`, - full_plugin_name: 'certbot-dns-netcup:dns-netcup', + full_plugin_name: 'certbot-dns-netcup:dns-netcup', }, //####################################################// njalla: { - display_name: 'Njalla', - package_name: 'certbot-dns-njalla', - package_version: '1.0.0', - dependencies: '', - credentials: 'certbot_dns_njalla:dns_njalla_token = 0123456789abcdef0123456789abcdef01234567', - full_plugin_name: 'certbot-dns-njalla:dns-njalla', + display_name: 'Njalla', + package_name: 'certbot-dns-njalla', + package_version: '1.0.0', + dependencies: '', + credentials: 'certbot_dns_njalla:dns_njalla_token = 0123456789abcdef0123456789abcdef01234567', + full_plugin_name: 'certbot-dns-njalla:dns-njalla', }, //####################################################// nsone: { - display_name: 'NS1', - package_name: 'certbot-dns-nsone', - package_version: '1.8.0', - dependencies: '', - credentials: 'dns_nsone_api_key = MDAwMDAwMDAwMDAwMDAw', - full_plugin_name: 'dns-nsone', + display_name: 'NS1', + package_name: 'certbot-dns-nsone', + package_version: '1.8.0', + dependencies: '', + credentials: 'dns_nsone_api_key = MDAwMDAwMDAwMDAwMDAw', + full_plugin_name: 'dns-nsone', }, //####################################################// ovh: { - display_name: 'OVH', - package_name: 'certbot-dns-ovh', - package_version: '1.8.0', - dependencies: '', - credentials: `dns_ovh_endpoint = ovh-eu + display_name: 'OVH', + package_name: 'certbot-dns-ovh', + package_version: '1.8.0', + dependencies: '', + credentials: `dns_ovh_endpoint = ovh-eu dns_ovh_application_key = MDAwMDAwMDAwMDAw dns_ovh_application_secret = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw dns_ovh_consumer_key = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw`, - full_plugin_name: 'dns-ovh', + full_plugin_name: 'dns-ovh', }, //####################################################// powerdns: { - display_name: 'PowerDNS', - package_name: 'certbot-dns-powerdns', - package_version: '0.2.0', - dependencies: '', - credentials: `certbot_dns_powerdns:dns_powerdns_api_url = https://api.mypowerdns.example.org + display_name: 'PowerDNS', + package_name: 'certbot-dns-powerdns', + package_version: '0.2.0', + dependencies: '', + credentials: `certbot_dns_powerdns:dns_powerdns_api_url = https://api.mypowerdns.example.org certbot_dns_powerdns:dns_powerdns_api_key = AbCbASsd!@34`, - full_plugin_name: 'certbot-dns-powerdns:dns-powerdns', + full_plugin_name: 'certbot-dns-powerdns:dns-powerdns', }, //####################################################// rfc2136: { - display_name: 'RFC 2136', - package_name: 'certbot-dns-rfc2136', - package_version: '1.8.0', - dependencies: '', - credentials: `# Target DNS server + display_name: 'RFC 2136', + package_name: 'certbot-dns-rfc2136', + package_version: '1.8.0', + dependencies: '', + credentials: `# Target DNS server dns_rfc2136_server = 192.0.2.1 # Target DNS port dns_rfc2136_port = 53 @@ -250,26 +250,26 @@ dns_rfc2136_name = keyname. dns_rfc2136_secret = 4q4wM/2I180UXoMyN4INVhJNi8V9BCV+jMw2mXgZw/CSuxUT8C7NKKFs AmKd7ak51vWKgSl12ib86oQRPkpDjg== # TSIG key algorithm dns_rfc2136_algorithm = HMAC-SHA512`, - full_plugin_name: 'dns-rfc2136', + full_plugin_name: 'dns-rfc2136', }, //####################################################// route53: { - display_name: 'Route 53 (Amazon)', - package_name: 'certbot-dns-route53', - package_version: '1.8.0', - dependencies: '', - credentials: `[default] + display_name: 'Route 53 (Amazon)', + package_name: 'certbot-dns-route53', + package_version: '1.8.0', + dependencies: '', + credentials: `[default] aws_access_key_id=AKIAIOSFODNN7EXAMPLE aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY`, - full_plugin_name: 'dns-route53', + full_plugin_name: 'dns-route53', }, //####################################################// vultr: { - display_name: 'Vultr', - package_name: 'certbot-dns-vultr', - package_version: '1.0.3', - dependencies: '', - credentials: 'certbot_dns_vultr:dns_vultr_key = YOUR_VULTR_API_KEY', - full_plugin_name: 'certbot-dns-vultr:dns-vultr', + display_name: 'Vultr', + package_name: 'certbot-dns-vultr', + package_version: '1.0.3', + dependencies: '', + credentials: 'certbot_dns_vultr:dns_vultr_key = YOUR_VULTR_API_KEY', + full_plugin_name: 'certbot-dns-vultr:dns-vultr', }, -}; +}; \ No newline at end of file From 32e51557837b4f668750338d8067a571e114a6db Mon Sep 17 00:00:00 2001 From: chaptergy <26956711+chaptergy@users.noreply.github.com> Date: Tue, 3 Nov 2020 22:38:09 +0100 Subject: [PATCH 09/14] Fixes Linting errors --- backend/setup.js | 2 +- global/certbot-dns-plugins.js | 288 +++++++++++++++++----------------- 2 files changed, 145 insertions(+), 145 deletions(-) diff --git a/backend/setup.js b/backend/setup.js index 24429e8..76957be 100644 --- a/backend/setup.js +++ b/backend/setup.js @@ -175,7 +175,7 @@ const setupCertbotPlugins = () => { certificates.map(function (certificate) { if (certificate.meta && certificate.meta.dns_challenge === true) { - const dns_plugin = dns_plugins[certificate.meta.dns_provider]; + const dns_plugin = dns_plugins[certificate.meta.dns_provider]; const packages_to_install = `${dns_plugin.package_name}==${dns_plugin.package_version} ${dns_plugin.dependencies}`; if (plugins.indexOf(packages_to_install) === -1) plugins.push(packages_to_install); diff --git a/global/certbot-dns-plugins.js b/global/certbot-dns-plugins.js index 7bcf1ce..d0afafd 100644 --- a/global/certbot-dns-plugins.js +++ b/global/certbot-dns-plugins.js @@ -21,226 +21,226 @@ module.exports = { cloudflare: { - display_name: 'Cloudflare', - package_name: 'certbot-dns-cloudflare', - package_version: '1.8.0', - dependencies: 'cloudflare', - credentials: `# Cloudflare API token + display_name: 'Cloudflare', + package_name: 'certbot-dns-cloudflare', + package_version: '1.8.0', + dependencies: 'cloudflare', + credentials: `# Cloudflare API token dns_cloudflare_api_token = 0123456789abcdef0123456789abcdef01234567`, - full_plugin_name: 'dns-cloudflare', + full_plugin_name: 'dns-cloudflare', }, //####################################################// cloudxns: { - display_name: 'CloudXNS', - package_name: 'certbot-dns-cloudxns', - package_version: '1.8.0', - dependencies: '', - credentials: `dns_cloudxns_api_key = 1234567890abcdef1234567890abcdef + display_name: 'CloudXNS', + package_name: 'certbot-dns-cloudxns', + package_version: '1.8.0', + dependencies: '', + credentials: `dns_cloudxns_api_key = 1234567890abcdef1234567890abcdef dns_cloudxns_secret_key = 1122334455667788`, - full_plugin_name: 'dns-cloudxns', + full_plugin_name: 'dns-cloudxns', }, //####################################################// corenetworks: { - display_name: 'Core Networks', - package_name: 'certbot-dns-corenetworks', - package_version: '0.1.4', - dependencies: '', - credentials: `certbot_dns_corenetworks:dns_corenetworks_username = asaHB12r + display_name: 'Core Networks', + package_name: 'certbot-dns-corenetworks', + package_version: '0.1.4', + dependencies: '', + credentials: `certbot_dns_corenetworks:dns_corenetworks_username = asaHB12r certbot_dns_corenetworks:dns_corenetworks_password = secure_password`, - full_plugin_name: 'certbot-dns-corenetworks:dns-corenetworks', + full_plugin_name: 'certbot-dns-corenetworks:dns-corenetworks', }, //####################################################// cpanel: { - display_name: 'cPanel', - package_name: 'certbot-dns-cpanel', - package_version: '0.2.2', - dependencies: '', - credentials: `certbot_dns_cpanel:cpanel_url = https://cpanel.example.com:2083 + display_name: 'cPanel', + package_name: 'certbot-dns-cpanel', + package_version: '0.2.2', + dependencies: '', + credentials: `certbot_dns_cpanel:cpanel_url = https://cpanel.example.com:2083 certbot_dns_cpanel:cpanel_username = user certbot_dns_cpanel:cpanel_password = hunter2`, - full_plugin_name: 'certbot-dns-cpanel:cpanel', + full_plugin_name: 'certbot-dns-cpanel:cpanel', }, //####################################################// digitalocean: { - display_name: 'DigitalOcean', - package_name: 'certbot-dns-digitalocean', - package_version: '1.8.0', - dependencies: '', - credentials: 'dns_digitalocean_token = 0000111122223333444455556666777788889999aaaabbbbccccddddeeeeffff', - full_plugin_name: 'dns-digitalocean', + display_name: 'DigitalOcean', + package_name: 'certbot-dns-digitalocean', + package_version: '1.8.0', + dependencies: '', + credentials: 'dns_digitalocean_token = 0000111122223333444455556666777788889999aaaabbbbccccddddeeeeffff', + full_plugin_name: 'dns-digitalocean', }, //####################################################// directadmin: { - display_name: 'DirectAdmin', - package_name: 'certbot-dns-directadmin', - package_version: '0.0.20', - dependencies: '', - credentials: `directadmin_url = https://my.directadminserver.com:2222 + display_name: 'DirectAdmin', + package_name: 'certbot-dns-directadmin', + package_version: '0.0.20', + dependencies: '', + credentials: `directadmin_url = https://my.directadminserver.com:2222 directadmin_username = username directadmin_password = aSuperStrongPassword`, - full_plugin_name: 'certbot-dns-directadmin:directadmin', + full_plugin_name: 'certbot-dns-directadmin:directadmin', }, //####################################################// dnsimple: { - display_name: 'DNSimple', - package_name: 'certbot-dns-dnsimple', - package_version: '1.8.0', - dependencies: '', - credentials: 'dns_dnsimple_token = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw', - full_plugin_name: 'dns-dnsimple', + display_name: 'DNSimple', + package_name: 'certbot-dns-dnsimple', + package_version: '1.8.0', + dependencies: '', + credentials: 'dns_dnsimple_token = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw', + full_plugin_name: 'dns-dnsimple', }, //####################################################// dnsmadeeasy: { - display_name: 'DNS Made Easy', - package_name: 'certbot-dns-dnsmadeeasy', - package_version: '1.8.0', - dependencies: '', - credentials: `dns_dnsmadeeasy_api_key = 1c1a3c91-4770-4ce7-96f4-54c0eb0e457a + display_name: 'DNS Made Easy', + package_name: 'certbot-dns-dnsmadeeasy', + package_version: '1.8.0', + dependencies: '', + credentials: `dns_dnsmadeeasy_api_key = 1c1a3c91-4770-4ce7-96f4-54c0eb0e457a dns_dnsmadeeasy_secret_key = c9b5625f-9834-4ff8-baba-4ed5f32cae55`, - full_plugin_name: 'dns-dnsmadeeasy', + full_plugin_name: 'dns-dnsmadeeasy', }, //####################################################// dnspod: { - display_name: 'DNSPod', - package_name: 'certbot-dns-dnspod', - package_version: '0.1.0', - dependencies: '', - credentials: `certbot_dns_dnspod:dns_dnspod_email = "DNSPOD-API-REQUIRES-A-VALID-EMAIL" + display_name: 'DNSPod', + package_name: 'certbot-dns-dnspod', + package_version: '0.1.0', + dependencies: '', + credentials: `certbot_dns_dnspod:dns_dnspod_email = "DNSPOD-API-REQUIRES-A-VALID-EMAIL" certbot_dns_dnspod:dns_dnspod_api_token = "DNSPOD-API-TOKEN"`, - full_plugin_name: 'certbot-dns-dnspod:dns-dnspod', + full_plugin_name: 'certbot-dns-dnspod:dns-dnspod', }, //####################################################// google: { - display_name: 'Google', - package_name: 'certbot-dns-google', - package_version: '1.8.0', - dependencies: '', - credentials: `{ + display_name: 'Google', + package_name: 'certbot-dns-google', + package_version: '1.8.0', + dependencies: '', + credentials: `{ "type": "service_account", ... }`, - full_plugin_name: 'dns-google', + full_plugin_name: 'dns-google', }, //####################################################// hetzner: { - display_name: 'Hetzner', - package_name: 'certbot-dns-hetzner', - package_version: '1.0.4', - dependencies: '', - credentials: 'certbot_dns_hetzner:dns_hetzner_api_token = 0123456789abcdef0123456789abcdef', - full_plugin_name: 'certbot-dns-hetzner:dns-hetzner', + display_name: 'Hetzner', + package_name: 'certbot-dns-hetzner', + package_version: '1.0.4', + dependencies: '', + credentials: 'certbot_dns_hetzner:dns_hetzner_api_token = 0123456789abcdef0123456789abcdef', + full_plugin_name: 'certbot-dns-hetzner:dns-hetzner', }, //####################################################// inwx: { - display_name: 'INWX', - package_name: 'certbot-dns-inwx', - package_version: '2.1.2', - dependencies: '', - credentials: `certbot_dns_inwx:dns_inwx_url = https://api.domrobot.com/xmlrpc/ + display_name: 'INWX', + package_name: 'certbot-dns-inwx', + package_version: '2.1.2', + dependencies: '', + credentials: `certbot_dns_inwx:dns_inwx_url = https://api.domrobot.com/xmlrpc/ certbot_dns_inwx:dns_inwx_username = your_username certbot_dns_inwx:dns_inwx_password = your_password certbot_dns_inwx:dns_inwx_shared_secret = your_shared_secret optional`, - full_plugin_name: 'certbot-dns-inwx:dns-inwx', + full_plugin_name: 'certbot-dns-inwx:dns-inwx', }, //####################################################// ispconfig: { - display_name: 'ISPConfig', - package_name: 'certbot-dns-ispconfig', - package_version: '0.2.0', - dependencies: '', - credentials: `certbot_dns_ispconfig:dns_ispconfig_username = myremoteuser + display_name: 'ISPConfig', + package_name: 'certbot-dns-ispconfig', + package_version: '0.2.0', + dependencies: '', + credentials: `certbot_dns_ispconfig:dns_ispconfig_username = myremoteuser certbot_dns_ispconfig:dns_ispconfig_password = verysecureremoteuserpassword certbot_dns_ispconfig:dns_ispconfig_endpoint = https://localhost:8080`, - full_plugin_name: 'certbot-dns-ispconfig:dns-ispconfig', + full_plugin_name: 'certbot-dns-ispconfig:dns-ispconfig', }, //####################################################// isset: { - display_name: 'Isset', - package_name: 'certbot-dns-isset', - package_version: '0.0.3', - dependencies: '', - credentials: `certbot_dns_isset:dns_isset_endpoint="https://customer.isset.net/api" + display_name: 'Isset', + package_name: 'certbot-dns-isset', + package_version: '0.0.3', + dependencies: '', + credentials: `certbot_dns_isset:dns_isset_endpoint="https://customer.isset.net/api" certbot_dns_isset:dns_isset_token=""`, - full_plugin_name: 'certbot-dns-isset:dns-isset', + full_plugin_name: 'certbot-dns-isset:dns-isset', }, //####################################################// linode: { - display_name: 'Linode', - package_name: 'certbot-dns-linode', - package_version: '1.8.0', - dependencies: '', - credentials: `dns_linode_key = 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ64 + display_name: 'Linode', + package_name: 'certbot-dns-linode', + package_version: '1.8.0', + dependencies: '', + credentials: `dns_linode_key = 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ64 dns_linode_version = [|3|4]`, - full_plugin_name: 'dns-linode', + full_plugin_name: 'dns-linode', }, //####################################################// luadns: { - display_name: 'LuaDNS', - package_name: 'certbot-dns-luadns', - package_version: '1.8.0', - dependencies: '', - credentials: `dns_luadns_email = user@example.com + display_name: 'LuaDNS', + package_name: 'certbot-dns-luadns', + package_version: '1.8.0', + dependencies: '', + credentials: `dns_luadns_email = user@example.com dns_luadns_token = 0123456789abcdef0123456789abcdef`, - full_plugin_name: 'dns-luadns', + full_plugin_name: 'dns-luadns', }, //####################################################// netcup: { - display_name: 'netcup', - package_name: 'certbot-dns-netcup', - package_version: '1.0.0', - dependencies: '', - credentials: `dns_netcup_customer_id = 123456 + display_name: 'netcup', + package_name: 'certbot-dns-netcup', + package_version: '1.0.0', + dependencies: '', + credentials: `dns_netcup_customer_id = 123456 dns_netcup_api_key = 0123456789abcdef0123456789abcdef01234567 dns_netcup_api_password = abcdef0123456789abcdef01234567abcdef0123`, - full_plugin_name: 'certbot-dns-netcup:dns-netcup', + full_plugin_name: 'certbot-dns-netcup:dns-netcup', }, //####################################################// njalla: { - display_name: 'Njalla', - package_name: 'certbot-dns-njalla', - package_version: '1.0.0', - dependencies: '', - credentials: 'certbot_dns_njalla:dns_njalla_token = 0123456789abcdef0123456789abcdef01234567', - full_plugin_name: 'certbot-dns-njalla:dns-njalla', + display_name: 'Njalla', + package_name: 'certbot-dns-njalla', + package_version: '1.0.0', + dependencies: '', + credentials: 'certbot_dns_njalla:dns_njalla_token = 0123456789abcdef0123456789abcdef01234567', + full_plugin_name: 'certbot-dns-njalla:dns-njalla', }, //####################################################// nsone: { - display_name: 'NS1', - package_name: 'certbot-dns-nsone', - package_version: '1.8.0', - dependencies: '', - credentials: 'dns_nsone_api_key = MDAwMDAwMDAwMDAwMDAw', - full_plugin_name: 'dns-nsone', + display_name: 'NS1', + package_name: 'certbot-dns-nsone', + package_version: '1.8.0', + dependencies: '', + credentials: 'dns_nsone_api_key = MDAwMDAwMDAwMDAwMDAw', + full_plugin_name: 'dns-nsone', }, //####################################################// ovh: { - display_name: 'OVH', - package_name: 'certbot-dns-ovh', - package_version: '1.8.0', - dependencies: '', - credentials: `dns_ovh_endpoint = ovh-eu + display_name: 'OVH', + package_name: 'certbot-dns-ovh', + package_version: '1.8.0', + dependencies: '', + credentials: `dns_ovh_endpoint = ovh-eu dns_ovh_application_key = MDAwMDAwMDAwMDAw dns_ovh_application_secret = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw dns_ovh_consumer_key = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw`, - full_plugin_name: 'dns-ovh', + full_plugin_name: 'dns-ovh', }, //####################################################// powerdns: { - display_name: 'PowerDNS', - package_name: 'certbot-dns-powerdns', - package_version: '0.2.0', - dependencies: '', - credentials: `certbot_dns_powerdns:dns_powerdns_api_url = https://api.mypowerdns.example.org + display_name: 'PowerDNS', + package_name: 'certbot-dns-powerdns', + package_version: '0.2.0', + dependencies: '', + credentials: `certbot_dns_powerdns:dns_powerdns_api_url = https://api.mypowerdns.example.org certbot_dns_powerdns:dns_powerdns_api_key = AbCbASsd!@34`, - full_plugin_name: 'certbot-dns-powerdns:dns-powerdns', + full_plugin_name: 'certbot-dns-powerdns:dns-powerdns', }, //####################################################// rfc2136: { - display_name: 'RFC 2136', - package_name: 'certbot-dns-rfc2136', - package_version: '1.8.0', - dependencies: '', - credentials: `# Target DNS server + display_name: 'RFC 2136', + package_name: 'certbot-dns-rfc2136', + package_version: '1.8.0', + dependencies: '', + credentials: `# Target DNS server dns_rfc2136_server = 192.0.2.1 # Target DNS port dns_rfc2136_port = 53 @@ -250,26 +250,26 @@ dns_rfc2136_name = keyname. dns_rfc2136_secret = 4q4wM/2I180UXoMyN4INVhJNi8V9BCV+jMw2mXgZw/CSuxUT8C7NKKFs AmKd7ak51vWKgSl12ib86oQRPkpDjg== # TSIG key algorithm dns_rfc2136_algorithm = HMAC-SHA512`, - full_plugin_name: 'dns-rfc2136', + full_plugin_name: 'dns-rfc2136', }, //####################################################// route53: { - display_name: 'Route 53 (Amazon)', - package_name: 'certbot-dns-route53', - package_version: '1.8.0', - dependencies: '', - credentials: `[default] + display_name: 'Route 53 (Amazon)', + package_name: 'certbot-dns-route53', + package_version: '1.8.0', + dependencies: '', + credentials: `[default] aws_access_key_id=AKIAIOSFODNN7EXAMPLE aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY`, - full_plugin_name: 'dns-route53', + full_plugin_name: 'dns-route53', }, //####################################################// vultr: { - display_name: 'Vultr', - package_name: 'certbot-dns-vultr', - package_version: '1.0.3', - dependencies: '', - credentials: 'certbot_dns_vultr:dns_vultr_key = YOUR_VULTR_API_KEY', - full_plugin_name: 'certbot-dns-vultr:dns-vultr', + display_name: 'Vultr', + package_name: 'certbot-dns-vultr', + package_version: '1.0.3', + dependencies: '', + credentials: 'certbot_dns_vultr:dns_vultr_key = YOUR_VULTR_API_KEY', + full_plugin_name: 'certbot-dns-vultr:dns-vultr', }, }; \ No newline at end of file From cb014027bb9412d20913b296e30d613da53d413f Mon Sep 17 00:00:00 2001 From: chaptergy <26956711+chaptergy@users.noreply.github.com> Date: Wed, 4 Nov 2020 19:31:40 +0100 Subject: [PATCH 10/14] Makes sure credentials folder exist every time before saving credentials --- backend/internal/certificate.js | 2 +- backend/setup.js | 2 +- docker/Dockerfile | 1 - docker/dev/Dockerfile | 1 - 4 files changed, 2 insertions(+), 4 deletions(-) diff --git a/backend/internal/certificate.js b/backend/internal/certificate.js index 6f1fc4d..19e0592 100644 --- a/backend/internal/certificate.js +++ b/backend/internal/certificate.js @@ -789,7 +789,7 @@ const internalCertificate = { logger.info(`Requesting Let'sEncrypt certificates via ${dns_plugin.display_name} for Cert #${certificate.id}: ${certificate.domain_names.join(', ')}`); const credentials_loc = '/etc/letsencrypt/credentials/credentials-' + certificate.id; - const credentials_cmd = 'echo \'' + certificate.meta.dns_provider_credentials.replace('\'', '\\\'') + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\''; + const credentials_cmd = 'mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo \'' + certificate.meta.dns_provider_credentials.replace('\'', '\\\'') + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\''; const prepare_cmd = 'pip3 install ' + dns_plugin.package_name + '==' + dns_plugin.package_version + ' ' + dns_plugin.dependencies; // Whether the plugin has a ---credentials argument diff --git a/backend/setup.js b/backend/setup.js index 76957be..2a5ba96 100644 --- a/backend/setup.js +++ b/backend/setup.js @@ -182,7 +182,7 @@ const setupCertbotPlugins = () => { // Make sure credentials file exists const credentials_loc = '/etc/letsencrypt/credentials/credentials-' + certificate.id; - const credentials_cmd = '[ -f \'' + credentials_loc + '\' ] || { mkdir /etc/letsencrypt/credentials; echo \'' + certificate.meta.dns_provider_credentials.replace('\'', '\\\'') + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\'; }'; + const credentials_cmd = '[ -f \'' + credentials_loc + '\' ] || { mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo \'' + certificate.meta.dns_provider_credentials.replace('\'', '\\\'') + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\'; }'; promises.push(utils.exec(credentials_cmd)); } }); diff --git a/docker/Dockerfile b/docker/Dockerfile index 011f5d6..acac5fa 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -38,7 +38,6 @@ COPY global /app/global WORKDIR /app RUN yarn install -RUN mkdir -p /etc/letsencrypt/credentials # Remove frontend service not required for prod, dev nginx config as well RUN rm -rf /etc/services.d/frontend RUN rm -f /etc/nginx/conf.d/dev.conf diff --git a/docker/dev/Dockerfile b/docker/dev/Dockerfile index 2d06d16..45ee534 100644 --- a/docker/dev/Dockerfile +++ b/docker/dev/Dockerfile @@ -18,7 +18,6 @@ RUN cd /usr \ COPY rootfs / RUN rm -f /etc/nginx/conf.d/production.conf -RUN mkdir -p /etc/letsencrypt/credentials # s6 overlay RUN curl -L -o /tmp/s6-overlay-amd64.tar.gz "https://github.com/just-containers/s6-overlay/releases/download/v1.22.1.0/s6-overlay-amd64.tar.gz" \ From 3651b9484fa2179eeeba0d41263fc4a51e467e65 Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Fri, 6 Nov 2020 09:17:52 +1000 Subject: [PATCH 11/14] Fix for pip install error when there are no plugins to install --- backend/setup.js | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/backend/setup.js b/backend/setup.js index 2a5ba96..d58a160 100644 --- a/backend/setup.js +++ b/backend/setup.js @@ -187,11 +187,17 @@ const setupCertbotPlugins = () => { } }); - const install_cmd = 'pip3 install ' + plugins.join(' '); - promises.push(utils.exec(install_cmd)); - return Promise.all(promises).then(() => { - logger.info('Added Certbot plugins ' + plugins.join(', ')); - }); + if (plugins.length) { + const install_cmd = 'pip3 install ' + plugins.join(' '); + promises.push(utils.exec(install_cmd)); + } + + if (promises.length) { + return Promise.all(promises) + .then(() => { + logger.info('Added Certbot plugins ' + plugins.join(', ')); + }); + } } }); }; From ddb3c6590cc60cb35bba8a0abfacbbb8dc58e68e Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Fri, 6 Nov 2020 13:06:15 +1000 Subject: [PATCH 12/14] Version bump --- .version | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.version b/.version index 6a6a3d8..097a15a 100644 --- a/.version +++ b/.version @@ -1 +1 @@ -2.6.1 +2.6.2 diff --git a/README.md b/README.md index c798a6f..9fb93d7 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@



- + From d7437cc4a7403c3fc0eb5c5ad53b4f377a702a65 Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Fri, 6 Nov 2020 13:17:30 +1000 Subject: [PATCH 13/14] Test for real-ip header --- docker/rootfs/etc/nginx/conf.d/include/proxy.conf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker/rootfs/etc/nginx/conf.d/include/proxy.conf b/docker/rootfs/etc/nginx/conf.d/include/proxy.conf index b84a451..bb0141f 100644 --- a/docker/rootfs/etc/nginx/conf.d/include/proxy.conf +++ b/docker/rootfs/etc/nginx/conf.d/include/proxy.conf @@ -3,4 +3,6 @@ proxy_set_header Host $host; proxy_set_header X-Forwarded-Scheme $scheme; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $remote_addr; +proxy_set_header X-Real-IP $http_x_real_ip; proxy_pass $forward_scheme://$server:$port; + From 13eaa346bcbbb7e8bf41b8b6965e2644d5436363 Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Fri, 6 Nov 2020 13:21:22 +1000 Subject: [PATCH 14/14] Use remote addr as real ip --- docker/rootfs/etc/nginx/conf.d/include/proxy.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/rootfs/etc/nginx/conf.d/include/proxy.conf b/docker/rootfs/etc/nginx/conf.d/include/proxy.conf index bb0141f..c0dce06 100644 --- a/docker/rootfs/etc/nginx/conf.d/include/proxy.conf +++ b/docker/rootfs/etc/nginx/conf.d/include/proxy.conf @@ -3,6 +3,6 @@ proxy_set_header Host $host; proxy_set_header X-Forwarded-Scheme $scheme; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $remote_addr; -proxy_set_header X-Real-IP $http_x_real_ip; +proxy_set_header X-Real-IP $remote_addr; proxy_pass $forward_scheme://$server:$port;