const fs = require('fs'); const NodeRSA = require('node-rsa'); const config = require('config'); const logger = require('./logger').setup; const certificateModel = require('./models/certificate'); const userModel = require('./models/user'); const userPermissionModel = require('./models/user_permission'); const utils = require('./lib/utils'); const authModel = require('./models/auth'); const settingModel = require('./models/setting'); const dns_plugins = require('./global/certbot-dns-plugins'); const debug_mode = process.env.NODE_ENV !== 'production' || !!process.env.DEBUG; /** * Creates a new JWT RSA Keypair if not alread set on the config * * @returns {Promise} */ const setupJwt = () => { return new Promise((resolve, reject) => { // Now go and check if the jwt gpg keys have been created and if not, create them if (!config.has('jwt') || !config.has('jwt.key') || !config.has('jwt.pub')) { logger.info('Creating a new JWT key pair...'); // jwt keys are not configured properly const filename = config.util.getEnv('NODE_CONFIG_DIR') + '/' + (config.util.getEnv('NODE_ENV') || 'default') + '.json'; let config_data = {}; try { config_data = require(filename); } catch (err) { // do nothing if (debug_mode) { logger.debug(filename + ' config file could not be required'); } } // Now create the keys and save them in the config. let key = new NodeRSA({ b: 2048 }); key.generateKeyPair(); config_data.jwt = { key: key.exportKey('private').toString(), pub: key.exportKey('public').toString(), }; // Write config fs.writeFile(filename, JSON.stringify(config_data, null, 2), (err) => { if (err) { logger.error('Could not write JWT key pair to config file: ' + filename); reject(err); } else { logger.info('Wrote JWT key pair to config file: ' + filename); delete require.cache[require.resolve('config')]; resolve(); } }); } else { // JWT key pair exists if (debug_mode) { logger.debug('JWT Keypair already exists'); } resolve(); } }); }; /** * Creates a default admin users if one doesn't already exist in the database * * @returns {Promise} */ const setupDefaultUser = () => { return userModel .query() .select(userModel.raw('COUNT(`id`) as `count`')) .where('is_deleted', 0) .first() .then((row) => { if (!row.count) { // Create a new user and set password logger.info('Creating a new user: admin@example.com with password: changeme'); let data = { is_deleted: 0, email: 'admin@example.com', name: 'Administrator', nickname: 'Admin', avatar: '', roles: ['admin'], }; return userModel .query() .insertAndFetch(data) .then((user) => { return authModel .query() .insert({ user_id: user.id, type: 'password', secret: 'changeme', meta: {}, }) .then(() => { return userPermissionModel.query().insert({ user_id: user.id, visibility: 'all', proxy_hosts: 'manage', redirection_hosts: 'manage', dead_hosts: 'manage', streams: 'manage', access_lists: 'manage', certificates: 'manage', }); }); }) .then(() => { logger.info('Initial admin setup completed'); }); } else if (debug_mode) { logger.debug('Admin user setup not required'); } }); }; /** * Creates default settings if they don't already exist in the database * * @returns {Promise} */ const setupDefaultSettings = () => { return settingModel .query() .select(settingModel.raw('COUNT(`id`) as `count`')) .where({id: 'default-site'}) .first() .then((row) => { if (!row.count) { settingModel .query() .insert({ id: 'default-site', name: 'Default Site', description: 'What to show when Nginx is hit with an unknown Host', value: 'congratulations', meta: {}, }) .then(() => { logger.info('Default settings added'); }); } if (debug_mode) { logger.debug('Default setting setup not required'); } }); }; /** * Installs all Certbot plugins which are required for an installed certificate * * @returns {Promise} */ const setupCertbotPlugins = () => { return certificateModel .query() .where('is_deleted', 0) .andWhere('provider', 'letsencrypt') .then((certificates) => { if (certificates && certificates.length) { let plugins = []; let promises = []; let install_cloudflare_plugin = false; certificates.map(function (certificate) { if (certificate.meta && certificate.meta.dns_challenge === true) { const dns_plugin = dns_plugins[certificate.meta.dns_provider]; if (dns_plugin.package_name === 'certbot-dns-cloudflare') { install_cloudflare_plugin = true; } else { const packages_to_install = `${dns_plugin.package_name}${dns_plugin.version_requirement || ''} ${dns_plugin.dependencies}`; if (plugins.indexOf(packages_to_install) === -1) plugins.push(packages_to_install); } // Make sure credentials file exists const credentials_loc = '/etc/letsencrypt/credentials/credentials-' + certificate.id; // Escape single quotes and backslashes const escapedCredentials = certificate.meta.dns_provider_credentials.replaceAll('\'', '\\\'').replaceAll('\\', '\\\\'); const credentials_cmd = '[ -f \'' + credentials_loc + '\' ] || { mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo \'' + escapedCredentials + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\'; }'; promises.push(utils.exec(credentials_cmd)); } }); if (plugins.length) { const install_cmd = 'pip install ' + plugins.join(' '); promises.push(utils.exec(install_cmd)); } if (install_cloudflare_plugin) { promises.push(utils.exec('pip install certbot-dns-cloudflare --index-url https://www.piwheels.org/simple --prefer-binary')); } if (promises.length) { return Promise.all(promises) .then(() => { logger.info('Added Certbot plugins ' + plugins.join(', ')); }); } } }); }; /** * Starts a timer to call run the logrotation binary every two days * @returns {Promise} */ const setupLogrotation = () => { const intervalTimeout = 1000 * 60 * 60 * 24 * 2; // 2 days const runLogrotate = async () => { try { await utils.exec('logrotate /etc/logrotate.d/nginx-proxy-manager'); logger.info('Logrotate completed.'); } catch (e) { logger.warn(e); } }; logger.info('Logrotate Timer initialized'); setInterval(runLogrotate, intervalTimeout); // And do this now as well return runLogrotate(); }; module.exports = function () { return setupJwt() .then(setupDefaultUser) .then(setupDefaultSettings) .then(setupCertbotPlugins) .then(setupLogrotation); };