nginx-proxy-manager/backend/setup.js

const config              = require('./lib/config');
const logger              = require('./logger').setup;
const certificateModel    = require('./models/certificate');
const userModel           = require('./models/user');
const userPermissionModel = require('./models/user_permission');
const utils               = require('./lib/utils');
const authModel           = require('./models/auth');
const settingModel        = require('./models/setting');
const certbot             = require('./lib/certbot');
/**
 * Creates a default admin users if one doesn't already exist in the database
 *
 * @returns {Promise}
 */
const setupDefaultUser = () => {
	return userModel
		.query()
		.select(userModel.raw('COUNT(`id`) as `count`'))
		.where('is_deleted', 0)
		.first()
		.then((row) => {
			if (!row.count) {
				// Create a new user and set password
				logger.info('Creating a new user: admin@example.com with password: changeme');

				let data = {
					is_deleted: 0,
					email:      'admin@example.com',
					name:       'Administrator',
					nickname:   'Admin',
					avatar:     '',
					roles:      ['admin'],
				};

				return userModel
					.query()
					.insertAndFetch(data)
					.then((user) => {
						return authModel
							.query()
							.insert({
								user_id: user.id,
								type:    'password',
								secret:  'changeme',
								meta:    {},
							})
							.then(() => {
								return userPermissionModel.query().insert({
									user_id:           user.id,
									visibility:        'all',
									proxy_hosts:       'manage',
									redirection_hosts: 'manage',
									dead_hosts:        'manage',
									streams:           'manage',
									access_lists:      'manage',
									certificates:      'manage',
								});
							});
					})
					.then(() => {
						logger.info('Initial admin setup completed');
					});
			} else if (config.debug()) {
				logger.info('Admin user setup not required');
			}
		});
};

/**
 * Creates default settings if they don't already exist in the database
 *
 * @returns {Promise}
 */
const setupDefaultSettings = () => {
	return settingModel
		.query()
		.select(settingModel.raw('COUNT(`id`) as `count`'))
		.where({id: 'default-site'})
		.first()
		.then((row) => {
			if (!row.count) {
				settingModel
					.query()
					.insert({
						id:          'default-site',
						name:        'Default Site',
						description: 'What to show when Nginx is hit with an unknown Host',
						value:       'congratulations',
						meta:        {},
					})
					.then(() => {
						logger.info('Default settings added');
					});
			}
			if (config.debug()) {
				logger.info('Default setting setup not required');
			}
		});
};

/**
 * Installs all Certbot plugins which are required for an installed certificate
 *
 * @returns {Promise}
 */
const setupCertbotPlugins = () => {
	return certificateModel
		.query()
		.where('is_deleted', 0)
		.andWhere('provider', 'letsencrypt')
		.then((certificates) => {
			if (certificates && certificates.length) {
				let plugins  = [];
				let promises = [];

				certificates.map(function (certificate) {
					if (certificate.meta && certificate.meta.dns_challenge === true) {
						if (plugins.indexOf(certificate.meta.dns_provider) === -1) {
							plugins.push(certificate.meta.dns_provider);
						}

						// Make sure credentials file exists
						const credentials_loc = '/etc/letsencrypt/credentials/credentials-' + certificate.id;
						// Escape single quotes and backslashes
						const escapedCredentials = certificate.meta.dns_provider_credentials.replaceAll('\'', '\\\'').replaceAll('\\', '\\\\');
						const credentials_cmd    = '[ -f \'' + credentials_loc + '\' ] || { mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo \'' + escapedCredentials + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\'; }';
						promises.push(utils.exec(credentials_cmd));
					}
				});

				return certbot.installPlugins(plugins)
					.then(() => {
						if (promises.length) {
							return Promise.all(promises)
								.then(() => {
									logger.info('Added Certbot plugins ' + plugins.join(', '));
								});
						}
					});
			}
		});
};


/**
 * Starts a timer to call run the logrotation binary every two days
 * @returns {Promise}
 */
const setupLogrotation = () => {
	const intervalTimeout = 1000 * 60 * 60 * 24 * 2; // 2 days

	const runLogrotate = async () => {
		try {
			await utils.exec('logrotate /etc/logrotate.d/nginx-proxy-manager');
			logger.info('Logrotate completed.');
		} catch (e) { logger.warn(e); }
	};

	logger.info('Logrotate Timer initialized');
	setInterval(runLogrotate, intervalTimeout);
	// And do this now as well
	return runLogrotate();
};

module.exports = function () {
	return setupDefaultUser()
		.then(setupDefaultSettings)
		.then(setupCertbotPlugins)
		.then(setupLogrotation);
};
Refactor configuration - No longer use config npm package - Prefer config from env vars, though still has support for config file - No longer writes a config file for database config - Writes keys to a new file in /data folder - Removes a lot of cruft and improves config understanding 2023-03-21 06:53:39 +00:00			`const config = require('./lib/config');`
v2.1.0 (#293) * Fix wrapping when too many hosts are shown (#207) * Update npm packages, fixes CVE-2019-10757 * Revert some breaking packages * Major overhaul - Docker buildx support in CI - Cypress API Testing in CI - Restructured folder layout (insert clean face meme) - Added Swagger documentation and validate API against that (to be completed) - Use common base image for all supported archs, which includes updated nginx with ipv6 support - Updated certbot and changes required for it - Large amount of Hosts names will wrap in UI - Updated packages for frontend - Version bump 2.1.0 * Updated documentation * Fix JWT expire time going crazy. Now set to 1day * Backend JS formatting rules * Remove v1 importer, I doubt anyone is using v1 anymore * Added backend formatting rules and enforce them in Jenkins builds * Fix CI, doesn't need a tty * Thanks bcrypt. Why can't you just be normal. * Cleanup after syntax check Co-authored-by: Marcelo Castagna <margaale@users.noreply.github.com> 2020-02-19 04:55:06 +00:00			`const logger = require('./logger').setup;`
Fixes eslint errors 2020-10-17 10:25:36 +00:00			`const certificateModel = require('./models/certificate');`
v2.1.0 (#293) * Fix wrapping when too many hosts are shown (#207) * Update npm packages, fixes CVE-2019-10757 * Revert some breaking packages * Major overhaul - Docker buildx support in CI - Cypress API Testing in CI - Restructured folder layout (insert clean face meme) - Added Swagger documentation and validate API against that (to be completed) - Use common base image for all supported archs, which includes updated nginx with ipv6 support - Updated certbot and changes required for it - Large amount of Hosts names will wrap in UI - Updated packages for frontend - Version bump 2.1.0 * Updated documentation * Fix JWT expire time going crazy. Now set to 1day * Backend JS formatting rules * Remove v1 importer, I doubt anyone is using v1 anymore * Added backend formatting rules and enforce them in Jenkins builds * Fix CI, doesn't need a tty * Thanks bcrypt. Why can't you just be normal. * Cleanup after syntax check Co-authored-by: Marcelo Castagna <margaale@users.noreply.github.com> 2020-02-19 04:55:06 +00:00			`const userModel = require('./models/user');`
			`const userPermissionModel = require('./models/user_permission');`
Fixes eslint errors 2020-10-17 10:25:36 +00:00			`const utils = require('./lib/utils');`
v2.1.0 (#293) * Fix wrapping when too many hosts are shown (#207) * Update npm packages, fixes CVE-2019-10757 * Revert some breaking packages * Major overhaul - Docker buildx support in CI - Cypress API Testing in CI - Restructured folder layout (insert clean face meme) - Added Swagger documentation and validate API against that (to be completed) - Use common base image for all supported archs, which includes updated nginx with ipv6 support - Updated certbot and changes required for it - Large amount of Hosts names will wrap in UI - Updated packages for frontend - Version bump 2.1.0 * Updated documentation * Fix JWT expire time going crazy. Now set to 1day * Backend JS formatting rules * Remove v1 importer, I doubt anyone is using v1 anymore * Added backend formatting rules and enforce them in Jenkins builds * Fix CI, doesn't need a tty * Thanks bcrypt. Why can't you just be normal. * Cleanup after syntax check Co-authored-by: Marcelo Castagna <margaale@users.noreply.github.com> 2020-02-19 04:55:06 +00:00			`const authModel = require('./models/auth');`
fixed migration and setup more info: https://github.com/knex/knex/issues/2820 2020-07-19 14:35:13 +00:00			`const settingModel = require('./models/setting');`
Refactor certbot plugin install for setup 2024-01-18 05:13:16 +00:00			`const certbot = require('./lib/certbot');`
Sqlite Tweaks - Added cypress testing in CI for sqlite - Cleaned up promises in setup - Ensure check for settings is strict 2020-08-05 22:58:20 +00:00			`/**`
			`* Creates a default admin users if one doesn't already exist in the database`
			`*`
			`* @returns {Promise}`
			`*/`
			`const setupDefaultUser = () => {`
			`return userModel`
fixed migration and setup more info: https://github.com/knex/knex/issues/2820 2020-07-19 14:35:13 +00:00			`.query()`
			.select(userModel.raw('COUNT(`id`) as `count`'))
			`.where('is_deleted', 0)`
			`.first()`
Sqlite Tweaks - Added cypress testing in CI for sqlite - Cleaned up promises in setup - Ensure check for settings is strict 2020-08-05 22:58:20 +00:00			`.then((row) => {`
			`if (!row.count) {`
			`// Create a new user and set password`
			`logger.info('Creating a new user: admin@example.com with password: changeme');`
fixed migration and setup more info: https://github.com/knex/knex/issues/2820 2020-07-19 14:35:13 +00:00
Sqlite Tweaks - Added cypress testing in CI for sqlite - Cleaned up promises in setup - Ensure check for settings is strict 2020-08-05 22:58:20 +00:00			`let data = {`
			`is_deleted: 0,`
			`email: 'admin@example.com',`
			`name: 'Administrator',`
			`nickname: 'Admin',`
			`avatar: '',`
			`roles: ['admin'],`
			`};`
fixed migration and setup more info: https://github.com/knex/knex/issues/2820 2020-07-19 14:35:13 +00:00
Sqlite Tweaks - Added cypress testing in CI for sqlite - Cleaned up promises in setup - Ensure check for settings is strict 2020-08-05 22:58:20 +00:00			`return userModel`
			`.query()`
			`.insertAndFetch(data)`
			`.then((user) => {`
			`return authModel`
			`.query()`
			`.insert({`
			`user_id: user.id,`
			`type: 'password',`
			`secret: 'changeme',`
			`meta: {},`
			`})`
			`.then(() => {`
			`return userPermissionModel.query().insert({`
fixed migration and setup more info: https://github.com/knex/knex/issues/2820 2020-07-19 14:35:13 +00:00			`user_id: user.id,`
			`visibility: 'all',`
			`proxy_hosts: 'manage',`
			`redirection_hosts: 'manage',`
			`dead_hosts: 'manage',`
			`streams: 'manage',`
			`access_lists: 'manage',`
Sqlite Tweaks - Added cypress testing in CI for sqlite - Cleaned up promises in setup - Ensure check for settings is strict 2020-08-05 22:58:20 +00:00			`certificates: 'manage',`
fixed migration and setup more info: https://github.com/knex/knex/issues/2820 2020-07-19 14:35:13 +00:00			`});`
Sqlite Tweaks - Added cypress testing in CI for sqlite - Cleaned up promises in setup - Ensure check for settings is strict 2020-08-05 22:58:20 +00:00			`});`
			`})`
			`.then(() => {`
			`logger.info('Initial admin setup completed');`
			`});`
Refactor configuration - No longer use config npm package - Prefer config from env vars, though still has support for config file - No longer writes a config file for database config - Writes keys to a new file in /data folder - Removes a lot of cruft and improves config understanding 2023-03-21 06:53:39 +00:00			`} else if (config.debug()) {`
			`logger.info('Admin user setup not required');`
Sqlite Tweaks - Added cypress testing in CI for sqlite - Cleaned up promises in setup - Ensure check for settings is strict 2020-08-05 22:58:20 +00:00			`}`
			`});`
			`};`
v2.1.0 (#293) * Fix wrapping when too many hosts are shown (#207) * Update npm packages, fixes CVE-2019-10757 * Revert some breaking packages * Major overhaul - Docker buildx support in CI - Cypress API Testing in CI - Restructured folder layout (insert clean face meme) - Added Swagger documentation and validate API against that (to be completed) - Use common base image for all supported archs, which includes updated nginx with ipv6 support - Updated certbot and changes required for it - Large amount of Hosts names will wrap in UI - Updated packages for frontend - Version bump 2.1.0 * Updated documentation * Fix JWT expire time going crazy. Now set to 1day * Backend JS formatting rules * Remove v1 importer, I doubt anyone is using v1 anymore * Added backend formatting rules and enforce them in Jenkins builds * Fix CI, doesn't need a tty * Thanks bcrypt. Why can't you just be normal. * Cleanup after syntax check Co-authored-by: Marcelo Castagna <margaale@users.noreply.github.com> 2020-02-19 04:55:06 +00:00
Sqlite Tweaks - Added cypress testing in CI for sqlite - Cleaned up promises in setup - Ensure check for settings is strict 2020-08-05 22:58:20 +00:00			`/**`
			`* Creates default settings if they don't already exist in the database`
			`*`
			`* @returns {Promise}`
			`*/`
			`const setupDefaultSettings = () => {`
fixed migration and setup more info: https://github.com/knex/knex/issues/2820 2020-07-19 14:35:13 +00:00			`return settingModel`
			`.query()`
Sqlite Tweaks - Added cypress testing in CI for sqlite - Cleaned up promises in setup - Ensure check for settings is strict 2020-08-05 22:58:20 +00:00			.select(settingModel.raw('COUNT(`id`) as `count`'))
			`.where({id: 'default-site'})`
fixed migration and setup more info: https://github.com/knex/knex/issues/2820 2020-07-19 14:35:13 +00:00			`.first()`
Sqlite Tweaks - Added cypress testing in CI for sqlite - Cleaned up promises in setup - Ensure check for settings is strict 2020-08-05 22:58:20 +00:00			`.then((row) => {`
fixed migration and setup more info: https://github.com/knex/knex/issues/2820 2020-07-19 14:35:13 +00:00			`if (!row.count) {`
			`settingModel`
v2.1.0 (#293) * Fix wrapping when too many hosts are shown (#207) * Update npm packages, fixes CVE-2019-10757 * Revert some breaking packages * Major overhaul - Docker buildx support in CI - Cypress API Testing in CI - Restructured folder layout (insert clean face meme) - Added Swagger documentation and validate API against that (to be completed) - Use common base image for all supported archs, which includes updated nginx with ipv6 support - Updated certbot and changes required for it - Large amount of Hosts names will wrap in UI - Updated packages for frontend - Version bump 2.1.0 * Updated documentation * Fix JWT expire time going crazy. Now set to 1day * Backend JS formatting rules * Remove v1 importer, I doubt anyone is using v1 anymore * Added backend formatting rules and enforce them in Jenkins builds * Fix CI, doesn't need a tty * Thanks bcrypt. Why can't you just be normal. * Cleanup after syntax check Co-authored-by: Marcelo Castagna <margaale@users.noreply.github.com> 2020-02-19 04:55:06 +00:00			`.query()`
fixed migration and setup more info: https://github.com/knex/knex/issues/2820 2020-07-19 14:35:13 +00:00			`.insert({`
			`id: 'default-site',`
			`name: 'Default Site',`
			`description: 'What to show when Nginx is hit with an unknown Host',`
			`value: 'congratulations',`
Sqlite Tweaks - Added cypress testing in CI for sqlite - Cleaned up promises in setup - Ensure check for settings is strict 2020-08-05 22:58:20 +00:00			`meta: {},`
			`})`
			`.then(() => {`
fixed migration and setup more info: https://github.com/knex/knex/issues/2820 2020-07-19 14:35:13 +00:00			`logger.info('Default settings added');`
v2.1.0 (#293) * Fix wrapping when too many hosts are shown (#207) * Update npm packages, fixes CVE-2019-10757 * Revert some breaking packages * Major overhaul - Docker buildx support in CI - Cypress API Testing in CI - Restructured folder layout (insert clean face meme) - Added Swagger documentation and validate API against that (to be completed) - Use common base image for all supported archs, which includes updated nginx with ipv6 support - Updated certbot and changes required for it - Large amount of Hosts names will wrap in UI - Updated packages for frontend - Version bump 2.1.0 * Updated documentation * Fix JWT expire time going crazy. Now set to 1day * Backend JS formatting rules * Remove v1 importer, I doubt anyone is using v1 anymore * Added backend formatting rules and enforce them in Jenkins builds * Fix CI, doesn't need a tty * Thanks bcrypt. Why can't you just be normal. * Cleanup after syntax check Co-authored-by: Marcelo Castagna <margaale@users.noreply.github.com> 2020-02-19 04:55:06 +00:00			`});`
Sqlite Tweaks - Added cypress testing in CI for sqlite - Cleaned up promises in setup - Ensure check for settings is strict 2020-08-05 22:58:20 +00:00			`}`
Refactor configuration - No longer use config npm package - Prefer config from env vars, though still has support for config file - No longer writes a config file for database config - Writes keys to a new file in /data folder - Removes a lot of cruft and improves config understanding 2023-03-21 06:53:39 +00:00			`if (config.debug()) {`
			`logger.info('Default setting setup not required');`
v2.1.0 (#293) * Fix wrapping when too many hosts are shown (#207) * Update npm packages, fixes CVE-2019-10757 * Revert some breaking packages * Major overhaul - Docker buildx support in CI - Cypress API Testing in CI - Restructured folder layout (insert clean face meme) - Added Swagger documentation and validate API against that (to be completed) - Use common base image for all supported archs, which includes updated nginx with ipv6 support - Updated certbot and changes required for it - Large amount of Hosts names will wrap in UI - Updated packages for frontend - Version bump 2.1.0 * Updated documentation * Fix JWT expire time going crazy. Now set to 1day * Backend JS formatting rules * Remove v1 importer, I doubt anyone is using v1 anymore * Added backend formatting rules and enforce them in Jenkins builds * Fix CI, doesn't need a tty * Thanks bcrypt. Why can't you just be normal. * Cleanup after syntax check Co-authored-by: Marcelo Castagna <margaale@users.noreply.github.com> 2020-02-19 04:55:06 +00:00			`}`
			`});`
Sqlite Tweaks - Added cypress testing in CI for sqlite - Cleaned up promises in setup - Ensure check for settings is strict 2020-08-05 22:58:20 +00:00			`};`
fixed migration and setup more info: https://github.com/knex/knex/issues/2820 2020-07-19 14:35:13 +00:00
Adds certbot plugin installation check on startup 2020-10-17 10:13:08 +00:00			`/**`
			`* Installs all Certbot plugins which are required for an installed certificate`
			`*`
			`* @returns {Promise}`
			`*/`
			`const setupCertbotPlugins = () => {`
			`return certificateModel`
Fixes eslint errors 2020-10-17 10:25:36 +00:00			`.query()`
			`.where('is_deleted', 0)`
			`.andWhere('provider', 'letsencrypt')`
			`.then((certificates) => {`
			`if (certificates && certificates.length) {`
Fix linter issues 2022-11-20 22:46:42 +00:00			`let plugins = [];`
			`let promises = [];`
Fixes eslint errors 2020-10-17 10:25:36 +00:00
			`certificates.map(function (certificate) {`
			`if (certificate.meta && certificate.meta.dns_challenge === true) {`
Prevent installing same plugin over and over 2024-01-18 06:06:09 +00:00			`if (plugins.indexOf(certificate.meta.dns_provider) === -1) {`
			`plugins.push(certificate.meta.dns_provider);`
			`}`
Fixes eslint errors 2020-10-17 10:25:36 +00:00
			`// Make sure credentials file exists`
Workaround for cloudflare plugin install (#2381) 2022-11-14 21:48:57 +00:00			`const credentials_loc = '/etc/letsencrypt/credentials/credentials-' + certificate.id;`
Correctly escape backslashes in dns plugin credentials 2021-12-29 15:30:49 +00:00			`// Escape single quotes and backslashes`
			`const escapedCredentials = certificate.meta.dns_provider_credentials.replaceAll('\'', '\\\'').replaceAll('\\', '\\\\');`
			`const credentials_cmd = '[ -f \'' + credentials_loc + '\' ] \|\| { mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo \'' + escapedCredentials + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\'; }';`
Fixes eslint errors 2020-10-17 10:25:36 +00:00			`promises.push(utils.exec(credentials_cmd));`
			`}`
			`});`

Refactor certbot plugin install for setup 2024-01-18 05:13:16 +00:00			`return certbot.installPlugins(plugins)`
			`.then(() => {`
			`if (promises.length) {`
			`return Promise.all(promises)`
			`.then(() => {`
			`logger.info('Added Certbot plugins ' + plugins.join(', '));`
			`});`
			`}`
			`});`
Fixes eslint errors 2020-10-17 10:25:36 +00:00			`}`
			`});`
Adds certbot plugin installation check on startup 2020-10-17 10:13:08 +00:00			`};`

Run logrotation binary from program 2021-06-29 18:40:56 +00:00
			`/**`
			`* Starts a timer to call run the logrotation binary every two days`
			`* @returns {Promise}`
			`*/`
			`const setupLogrotation = () => {`
			`const intervalTimeout = 1000 * 60 * 60 * 24 * 2; // 2 days`

			`const runLogrotate = async () => {`
Fixes crash when logrotate fails 2021-07-22 12:05:21 +00:00			`try {`
			`await utils.exec('logrotate /etc/logrotate.d/nginx-proxy-manager');`
			`logger.info('Logrotate completed.');`
			`} catch (e) { logger.warn(e); }`
Run logrotation binary from program 2021-06-29 18:40:56 +00:00			`};`

			`logger.info('Logrotate Timer initialized');`
			`setInterval(runLogrotate, intervalTimeout);`
			`// And do this now as well`
			`return runLogrotate();`
			`};`

fixed migration and setup more info: https://github.com/knex/knex/issues/2820 2020-07-19 14:35:13 +00:00			`module.exports = function () {`
Refactor configuration - No longer use config npm package - Prefer config from env vars, though still has support for config file - No longer writes a config file for database config - Writes keys to a new file in /data folder - Removes a lot of cruft and improves config understanding 2023-03-21 06:53:39 +00:00			`return setupDefaultUser()`
Adds certbot plugin installation check on startup 2020-10-17 10:13:08 +00:00			`.then(setupDefaultSettings)`
Run logrotation binary from program 2021-06-29 18:40:56 +00:00			`.then(setupCertbotPlugins)`
			`.then(setupLogrotation);`
v2.1.0 (#293) * Fix wrapping when too many hosts are shown (#207) * Update npm packages, fixes CVE-2019-10757 * Revert some breaking packages * Major overhaul - Docker buildx support in CI - Cypress API Testing in CI - Restructured folder layout (insert clean face meme) - Added Swagger documentation and validate API against that (to be completed) - Use common base image for all supported archs, which includes updated nginx with ipv6 support - Updated certbot and changes required for it - Large amount of Hosts names will wrap in UI - Updated packages for frontend - Version bump 2.1.0 * Updated documentation * Fix JWT expire time going crazy. Now set to 1day * Backend JS formatting rules * Remove v1 importer, I doubt anyone is using v1 anymore * Added backend formatting rules and enforce them in Jenkins builds * Fix CI, doesn't need a tty * Thanks bcrypt. Why can't you just be normal. * Cleanup after syntax check Co-authored-by: Marcelo Castagna <margaale@users.noreply.github.com> 2020-02-19 04:55:06 +00:00			`};`