From c543a1dc346b9185fa30de8380ba00efe62fcf21 Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Wed, 22 Aug 2018 14:31:03 +1000 Subject: [PATCH] Finished importer, advanced nginx config for hosts, custom certs used in nginx templates --- TODO.md | 8 ++- rootfs/etc/services.d/nginx/run | 1 + src/backend/importer.js | 31 ++++------- src/backend/internal/certificate.js | 53 ++++++++++++++++++- .../migrations/20180618015850_initial.js | 3 ++ src/backend/schema/endpoints/dead-hosts.json | 24 +++++---- src/backend/schema/endpoints/proxy-hosts.json | 12 +++++ .../schema/endpoints/redirection-hosts.json | 24 +++++---- src/backend/templates/_certificates.conf | 5 +- src/backend/templates/dead_host.conf | 2 +- src/backend/templates/proxy_host.conf | 2 +- src/backend/templates/redirection_host.conf | 2 +- src/frontend/js/app/nginx/dead/form.ejs | 15 +++++- src/frontend/js/app/nginx/proxy/form.ejs | 16 ++++-- .../js/app/nginx/redirection/form.ejs | 15 +++++- src/frontend/js/i18n/messages.json | 5 +- src/frontend/js/models/dead-host.js | 19 +++---- src/frontend/js/models/proxy-host.js | 1 + src/frontend/js/models/redirection-host.js | 1 + src/frontend/scss/tabler-extra.scss | 7 +++ 20 files changed, 174 insertions(+), 72 deletions(-) diff --git a/TODO.md b/TODO.md index e3d47829..222e77b5 100644 --- a/TODO.md +++ b/TODO.md @@ -2,14 +2,12 @@ In order of importance, somewhat.. -- v1 Importer - - ssl certificates - - nginx advanced config -- Redirection host preserve path nginx configuration -- Custom ssl certificate saving to disk and usage in nginx configs +- Nginx config output: + - Redirection host preserve path nginx configuration - Dashboard stats are caching instead of querying - UI Log tail - Custom Nginx Config Editor +- Enable/Disable a config Testing: diff --git a/rootfs/etc/services.d/nginx/run b/rootfs/etc/services.d/nginx/run index 8eb883b5..27f4bd1f 100755 --- a/rootfs/etc/services.d/nginx/run +++ b/rootfs/etc/services.d/nginx/run @@ -3,6 +3,7 @@ mkdir -p /tmp/nginx/body \ /var/log/nginx \ /data/nginx \ + /data/custom_ssl \ /data/logs \ /data/access \ /data/nginx/proxy_host \ diff --git a/src/backend/importer.js b/src/backend/importer.js index 2ef3e8f7..25a36b6a 100644 --- a/src/backend/importer.js +++ b/src/backend/importer.js @@ -186,8 +186,6 @@ module.exports = function () { // 2. rename archive folder name new_archive_path = new_archive_path + 'npm-' + certificate.id; - //logger.debug('Renaming archive folder:', full_archive_path, '->', new_archive_path); - fs.renameSync(full_archive_path, new_archive_path); return certificate; @@ -195,9 +193,6 @@ module.exports = function () { .then(certificate => { // 3. rename live folder name new_live_path = new_live_path + 'npm-' + certificate.id; - - //logger.debug('Renaming live folder:', full_live_path, '->', new_live_path); - fs.renameSync(full_live_path, new_live_path); // and also update the symlinks in this folder: @@ -211,8 +206,6 @@ module.exports = function () { ]; names.map(function (name) { - //logger.debug('Live Link:', name); - // remove symlink try { fs.unlinkSync(new_live_path + '/' + name[0]); @@ -221,7 +214,6 @@ module.exports = function () { logger.error(err); } - //logger.debug('Creating Link:', '../../archive/npm-' + certificate.id + '/' + name[1]); // create new symlink fs.symlinkSync('../../archive/npm-' + certificate.id + '/' + name[1], name[0]); }); @@ -356,8 +348,6 @@ module.exports = function () { certificate_id = certificate_map[host.hostname]; } - // TODO: Advanced nginx config - return proxyHostModel .query() .insertAndFetch({ @@ -370,6 +360,7 @@ module.exports = function () { ssl_forced: host.force_ssl || false, caching_enabled: host.asset_caching || false, block_exploits: host.block_exploits || false, + advanced_config: host.advanced || '', meta: meta }) .then(row => { @@ -405,16 +396,15 @@ module.exports = function () { certificate_id = certificate_map[host.hostname]; } - // TODO: Advanced nginx config - return deadHostModel .query() .insertAndFetch({ - owner_user_id: 1, - domain_names: [host.hostname], - certificate_id: certificate_id, - ssl_forced: host.force_ssl || false, - meta: meta + owner_user_id: 1, + domain_names: [host.hostname], + certificate_id: certificate_id, + ssl_forced: host.force_ssl || false, + advanced_config: host.advanced || '', + meta: meta }) .then(row => { // re-fetch with cert @@ -449,8 +439,6 @@ module.exports = function () { certificate_id = certificate_map[host.hostname]; } - // TODO: Advanced nginx config - return redirectionHostModel .query() .insertAndFetch({ @@ -460,6 +448,7 @@ module.exports = function () { block_exploits: host.block_exploits || false, certificate_id: certificate_id, ssl_forced: host.force_ssl || false, + advanced_config: host.advanced || '', meta: meta }) .then(row => { @@ -483,8 +472,6 @@ module.exports = function () { const importStream = function (access, host) { logger.info('Creating Stream: ' + host.incoming_port); - // TODO: Advanced nginx config - return streamModel .query() .insertAndFetch({ @@ -537,7 +524,7 @@ module.exports = function () { }) .then(() => { // Write the /config/v2-imported file so we don't import again - fs.writeFile('/config/v2-imported', 'true', function(err) { + fs.writeFile('/config/v2-imported', 'true', function (err) { if (err) { logger.err(err); } diff --git a/src/backend/internal/certificate.js b/src/backend/internal/certificate.js index 93bcfe9c..d5028ba1 100644 --- a/src/backend/internal/certificate.js +++ b/src/backend/internal/certificate.js @@ -183,7 +183,10 @@ const internalCertificate = { }); }); } else { - return certificate; + return internalCertificate.writeCustomCert(certificate) + .then(() => { + return certificate; + }); } }).then(certificate => { @@ -401,6 +404,54 @@ const internalCertificate = { }); }, + /** + * @param {Object} certificate + * @returns {Promise} + */ + writeCustomCert: certificate => { + return new Promise((resolve, reject) => { + let dir = '/data/custom_ssl/npm-' + certificate.id; + + if (certificate.provider === 'letsencrypt') { + reject(new Error('Refusing to write letsencrypt certs here')); + return; + } + + let cert_data = certificate.meta.certificate; + if (typeof certificate.meta.intermediate_certificate !== 'undefined') { + cert_data = cert_data + "\n" + certificate.meta.intermediate_certificate; + } + + try { + if (!fs.existsSync(dir)) { + fs.mkdirSync(dir); + } + } catch (err) { + reject(err); + return; + } + + fs.writeFile(dir + '/fullchain.pem', cert_data, function (err) { + if (err) { + reject(err); + } else { + resolve(); + } + }); + }) + .then(() => { + return new Promise((resolve, reject) => { + fs.writeFile(dir + '/privkey.pem', certificate.meta.certificate_key, function (err) { + if (err) { + reject(err); + } else { + resolve(); + } + }); + }); + }); + }, + /** * @param {Access} access * @param {Object} data diff --git a/src/backend/migrations/20180618015850_initial.js b/src/backend/migrations/20180618015850_initial.js index 379385b4..f9777072 100644 --- a/src/backend/migrations/20180618015850_initial.js +++ b/src/backend/migrations/20180618015850_initial.js @@ -76,6 +76,7 @@ exports.up = function (knex/*, Promise*/) { table.integer('ssl_forced').notNull().unsigned().defaultTo(0); table.integer('caching_enabled').notNull().unsigned().defaultTo(0); table.integer('block_exploits').notNull().unsigned().defaultTo(0); + table.text('advanced_config').notNull().defaultTo(''); table.json('meta').notNull().defaultTo('{}'); }); }) @@ -94,6 +95,7 @@ exports.up = function (knex/*, Promise*/) { table.integer('certificate_id').notNull().unsigned().defaultTo(0); table.integer('ssl_forced').notNull().unsigned().defaultTo(0); table.integer('block_exploits').notNull().unsigned().defaultTo(0); + table.text('advanced_config').notNull().defaultTo(''); table.json('meta').notNull().defaultTo('{}'); }); }) @@ -109,6 +111,7 @@ exports.up = function (knex/*, Promise*/) { table.json('domain_names').notNull(); table.integer('certificate_id').notNull().unsigned().defaultTo(0); table.integer('ssl_forced').notNull().unsigned().defaultTo(0); + table.text('advanced_config').notNull().defaultTo(''); table.json('meta').notNull().defaultTo('{}'); }); }) diff --git a/src/backend/schema/endpoints/dead-hosts.json b/src/backend/schema/endpoints/dead-hosts.json index b15adca9..34d38e7d 100644 --- a/src/backend/schema/endpoints/dead-hosts.json +++ b/src/backend/schema/endpoints/dead-hosts.json @@ -24,18 +24,11 @@ "ssl_forced": { "$ref": "../definitions.json#/definitions/ssl_forced" }, + "advanced_config": { + "type": "string" + }, "meta": { - "type": "object", - "additionalProperties": false, - "properties": { - "letsencrypt_email": { - "type": "string", - "format": "email" - }, - "letsencrypt_agree": { - "type": "boolean" - } - } + "type": "object" } }, "properties": { @@ -57,6 +50,9 @@ "ssl_forced": { "$ref": "#/definitions/ssl_forced" }, + "advanced_config": { + "$ref": "#/definitions/advanced_config" + }, "meta": { "$ref": "#/definitions/meta" } @@ -105,6 +101,9 @@ "ssl_forced": { "$ref": "#/definitions/ssl_forced" }, + "advanced_config": { + "$ref": "#/definitions/advanced_config" + }, "meta": { "$ref": "#/definitions/meta" } @@ -139,6 +138,9 @@ "ssl_forced": { "$ref": "#/definitions/ssl_forced" }, + "advanced_config": { + "$ref": "#/definitions/advanced_config" + }, "meta": { "$ref": "#/definitions/meta" } diff --git a/src/backend/schema/endpoints/proxy-hosts.json b/src/backend/schema/endpoints/proxy-hosts.json index d5352c8c..bde76cd7 100644 --- a/src/backend/schema/endpoints/proxy-hosts.json +++ b/src/backend/schema/endpoints/proxy-hosts.json @@ -42,6 +42,9 @@ "access_list_id": { "$ref": "../definitions.json#/definitions/access_list_id" }, + "advanced_config": { + "type": "string" + }, "meta": { "type": "object" } @@ -80,6 +83,9 @@ "access_list_id": { "$ref": "#/definitions/access_list_id" }, + "advanced_config": { + "$ref": "#/definitions/advanced_config" + }, "meta": { "$ref": "#/definitions/meta" } @@ -145,6 +151,9 @@ "access_list_id": { "$ref": "#/definitions/access_list_id" }, + "advanced_config": { + "$ref": "#/definitions/advanced_config" + }, "meta": { "$ref": "#/definitions/meta" } @@ -194,6 +203,9 @@ "access_list_id": { "$ref": "#/definitions/access_list_id" }, + "advanced_config": { + "$ref": "#/definitions/advanced_config" + }, "meta": { "$ref": "#/definitions/meta" } diff --git a/src/backend/schema/endpoints/redirection-hosts.json b/src/backend/schema/endpoints/redirection-hosts.json index 24bd88e2..e843e609 100644 --- a/src/backend/schema/endpoints/redirection-hosts.json +++ b/src/backend/schema/endpoints/redirection-hosts.json @@ -35,18 +35,11 @@ "block_exploits": { "$ref": "../definitions.json#/definitions/block_exploits" }, + "advanced_config": { + "type": "string" + }, "meta": { - "type": "object", - "additionalProperties": false, - "properties": { - "letsencrypt_email": { - "type": "string", - "format": "email" - }, - "letsencrypt_agree": { - "type": "boolean" - } - } + "type": "object" } }, "properties": { @@ -77,6 +70,9 @@ "block_exploits": { "$ref": "#/definitions/block_exploits" }, + "advanced_config": { + "$ref": "#/definitions/advanced_config" + }, "meta": { "$ref": "#/definitions/meta" } @@ -135,6 +131,9 @@ "block_exploits": { "$ref": "#/definitions/block_exploits" }, + "advanced_config": { + "$ref": "#/definitions/advanced_config" + }, "meta": { "$ref": "#/definitions/meta" } @@ -178,6 +177,9 @@ "block_exploits": { "$ref": "#/definitions/block_exploits" }, + "advanced_config": { + "$ref": "#/definitions/advanced_config" + }, "meta": { "$ref": "#/definitions/meta" } diff --git a/src/backend/templates/_certificates.conf b/src/backend/templates/_certificates.conf index 7e1f2753..4a4d9886 100644 --- a/src/backend/templates/_certificates.conf +++ b/src/backend/templates/_certificates.conf @@ -6,5 +6,6 @@ ssl_certificate /etc/letsencrypt/live/npm-{{ certificate_id }}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/npm-{{ certificate_id }}/privkey.pem; {% endif %} - # TODO: Custom SSL paths -{% endif %} \ No newline at end of file + ssl_certificate /data/custom_ssl/npm-{{ certificate_id }}/fullchain.pem; + ssl_certificate_key /data/custom_ssl/npm-{{ certificate_id }}/privkey.pem; +{% endif %} diff --git a/src/backend/templates/dead_host.conf b/src/backend/templates/dead_host.conf index c5a10b92..908b497a 100644 --- a/src/backend/templates/dead_host.conf +++ b/src/backend/templates/dead_host.conf @@ -6,7 +6,7 @@ server { access_log /data/logs/dead_host-{{ id }}.log proxy; - # TODO: Advanced config options +{{ advanced_config }} return 404; } diff --git a/src/backend/templates/proxy_host.conf b/src/backend/templates/proxy_host.conf index 76655c17..17fc87c7 100644 --- a/src/backend/templates/proxy_host.conf +++ b/src/backend/templates/proxy_host.conf @@ -11,7 +11,7 @@ server { access_log /data/logs/proxy_host-{{ id }}.log proxy; - # TODO: Advanced config options +{{ advanced_config }} location / { {%- if access_list_id > 0 -%} diff --git a/src/backend/templates/redirection_host.conf b/src/backend/templates/redirection_host.conf index 3e349eda..d84012f8 100644 --- a/src/backend/templates/redirection_host.conf +++ b/src/backend/templates/redirection_host.conf @@ -8,7 +8,7 @@ server { access_log /data/logs/redirection_host-{{ id }}.log proxy; - # TODO: Advanced config options +{{ advanced_config }} # TODO: Preserve Path Option diff --git a/src/frontend/js/app/nginx/dead/form.ejs b/src/frontend/js/app/nginx/dead/form.ejs index 54fb9440..e014ec9b 100644 --- a/src/frontend/js/app/nginx/dead/form.ejs +++ b/src/frontend/js/app/nginx/dead/form.ejs @@ -8,6 +8,7 @@
@@ -63,9 +64,19 @@
+ + +
+
+
+
+ + +
+
+
+
- - + + +
+
+
+
+ + +
+
+
+
- -