From 01660b5b805e94f1e5cba1802a526c5c127cf5b3 Mon Sep 17 00:00:00 2001 From: Jocelyn Le Sage Date: Thu, 6 Aug 2020 17:16:22 -0400 Subject: [PATCH 01/17] Fixed now_helper for sqlite: it should also returns the time. --- backend/models/now_helper.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/models/now_helper.js b/backend/models/now_helper.js index a1258a86..def16d08 100644 --- a/backend/models/now_helper.js +++ b/backend/models/now_helper.js @@ -6,7 +6,7 @@ Model.knex(db); module.exports = function () { if (config.database.knex && config.database.knex.client === 'sqlite3') { - return Model.raw('date(\'now\')'); + return Model.raw('datetime(\'now\',\'localtime\')'); } else { return Model.raw('NOW()'); } From 70346138a72b1864117554787102184cc88832cf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 8 Aug 2020 00:02:04 +0000 Subject: [PATCH 02/17] Bump prismjs from 1.20.0 to 1.21.0 in /docs Bumps [prismjs](https://github.com/PrismJS/prism) from 1.20.0 to 1.21.0. - [Release notes](https://github.com/PrismJS/prism/releases) - [Changelog](https://github.com/PrismJS/prism/blob/master/CHANGELOG.md) - [Commits](https://github.com/PrismJS/prism/compare/v1.20.0...v1.21.0) Signed-off-by: dependabot[bot] --- docs/yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/yarn.lock b/docs/yarn.lock index 02434ddc..4dd7fac9 100644 --- a/docs/yarn.lock +++ b/docs/yarn.lock @@ -7679,9 +7679,9 @@ pretty-time@^1.1.0: integrity sha512-28iF6xPQrP8Oa6uxE6a1biz+lWeTOAPKggvjB8HAs6nVMKZwf5bG++632Dx614hIWgUPkgivRfG+a8uAXGTIbA== prismjs@^1.13.0, prismjs@^1.20.0: - version "1.20.0" - resolved "https://registry.yarnpkg.com/prismjs/-/prismjs-1.20.0.tgz#9b685fc480a3514ee7198eac6a3bf5024319ff03" - integrity sha512-AEDjSrVNkynnw6A+B1DsFkd6AVdTnp+/WoUixFRULlCLZVRZlVQMVWio/16jv7G1FscUxQxOQhWwApgbnxr6kQ== + version "1.21.0" + resolved "https://registry.yarnpkg.com/prismjs/-/prismjs-1.21.0.tgz#36c086ec36b45319ec4218ee164c110f9fc015a3" + integrity sha512-uGdSIu1nk3kej2iZsLyDoJ7e9bnPzIgY0naW/HdknGj61zScaprVEVGHrPoXqI+M9sP0NDnTK2jpkvmldpuqDw== optionalDependencies: clipboard "^2.0.0" From 5d6516677791bc2edc22bf3e386eaa05fbfa9f12 Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Wed, 12 Aug 2020 09:32:40 +1000 Subject: [PATCH 03/17] Ignore local subnets for real IP determination --- docker/rootfs/etc/nginx/nginx.conf | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/docker/rootfs/etc/nginx/nginx.conf b/docker/rootfs/etc/nginx/nginx.conf index 0643cc2a..23335e5e 100644 --- a/docker/rootfs/etc/nginx/nginx.conf +++ b/docker/rootfs/etc/nginx/nginx.conf @@ -27,9 +27,9 @@ http { tcp_nodelay on; client_body_temp_path /tmp/nginx/body 1 2; keepalive_timeout 90s; - proxy_connect_timeout 90s; - proxy_send_timeout 90s; - proxy_read_timeout 90s; + proxy_connect_timeout 90s; + proxy_send_timeout 90s; + proxy_read_timeout 90s; ssl_prefer_server_ciphers on; gzip on; proxy_ignore_client_abort off; @@ -60,6 +60,9 @@ http { # Real IP Determination # Docker subnet: set_real_ip_from 172.0.0.0/8; + # Local subnets: + set_real_ip_from 10.0.0.0/8; + set_real_ip_from 192.0.0.0/8; # NPM generated CDN ip ranges: include conf.d/include/ip_ranges.conf; # always put the following 2 lines after ip subnets: From f539e813aafc997d52633dc17ee7a4f9c828b8a3 Mon Sep 17 00:00:00 2001 From: Jocelyn Le Sage Date: Fri, 14 Aug 2020 14:27:44 -0400 Subject: [PATCH 04/17] Removed the hardcoded `--webroot` certbot argument to better support DNS challenge. Also, this option is already set in the default `letsencrypt.ini`. --- backend/internal/certificate.js | 1 - 1 file changed, 1 deletion(-) diff --git a/backend/internal/certificate.js b/backend/internal/certificate.js index 4f0caf3d..62947daf 100644 --- a/backend/internal/certificate.js +++ b/backend/internal/certificate.js @@ -733,7 +733,6 @@ const internalCertificate = { '--agree-tos ' + '--email "' + certificate.meta.letsencrypt_email + '" ' + '--preferred-challenges "dns,http" ' + - '--webroot ' + '--domains "' + certificate.domain_names.join(',') + '" ' + (le_staging ? '--staging' : ''); From 83fad8bcda54944b73496485de8874db055a1e3a Mon Sep 17 00:00:00 2001 From: Jocelyn Le Sage Date: Fri, 14 Aug 2020 19:23:19 -0400 Subject: [PATCH 05/17] Removed usage of `FROM_UNIXTIME` mysql-specific function. This provide better interoperability with different databases (e.g. sqlite). Fixes #557 --- backend/internal/certificate.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/backend/internal/certificate.js b/backend/internal/certificate.js index 4f0caf3d..0d8cb858 100644 --- a/backend/internal/certificate.js +++ b/backend/internal/certificate.js @@ -77,7 +77,7 @@ const internalCertificate = { .where('id', certificate.id) .andWhere('provider', 'letsencrypt') .patch({ - expires_on: certificateModel.raw('FROM_UNIXTIME(' + cert_info.dates.to + ')') + expires_on: moment(cert_info.dates.to, 'X').format('YYYY-MM-DD HH:mm:ss') }); }) .catch((err) => { @@ -180,7 +180,7 @@ const internalCertificate = { return certificateModel .query() .patchAndFetchById(certificate.id, { - expires_on: certificateModel.raw('FROM_UNIXTIME(' + cert_info.dates.to + ')') + expires_on: moment(cert_info.dates.to, 'X').format('YYYY-MM-DD HH:mm:ss') }) .then((saved_row) => { // Add cert data for audit log @@ -558,7 +558,7 @@ const internalCertificate = { // TODO: This uses a mysql only raw function that won't translate to postgres return internalCertificate.update(access, { id: data.id, - expires_on: certificateModel.raw('FROM_UNIXTIME(' + validations.certificate.dates.to + ')'), + expires_on: moment(validations.certificate.dates.to, 'X').format('YYYY-MM-DD HH:mm:ss'), domain_names: [validations.certificate.cn], meta: _.clone(row.meta) // Prevent the update method from changing this value that we'll use later }) @@ -769,7 +769,7 @@ const internalCertificate = { return certificateModel .query() .patchAndFetchById(certificate.id, { - expires_on: certificateModel.raw('FROM_UNIXTIME(' + cert_info.dates.to + ')') + expires_on: moment(cert_info.dates.to, 'X').format('YYYY-MM-DD HH:mm:ss') }); }) .then((updated_certificate) => { From f78a4c6ad128dc78b02ff3df7cf00503dfd25756 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 20 Aug 2020 17:01:00 +0000 Subject: [PATCH 06/17] Bump bcrypt from 4.0.1 to 5.0.0 in /backend Bumps [bcrypt](https://github.com/kelektiv/node.bcrypt.js) from 4.0.1 to 5.0.0. - [Release notes](https://github.com/kelektiv/node.bcrypt.js/releases) - [Changelog](https://github.com/kelektiv/node.bcrypt.js/blob/master/CHANGELOG.md) - [Commits](https://github.com/kelektiv/node.bcrypt.js/compare/v4.0.1...v5.0.0) Signed-off-by: dependabot[bot] --- backend/package.json | 2 +- backend/yarn.lock | 36 ++++++++++++++++++------------------ 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/backend/package.json b/backend/package.json index d2a8c4c1..b4edda63 100644 --- a/backend/package.json +++ b/backend/package.json @@ -6,7 +6,7 @@ "dependencies": { "ajv": "^6.12.0", "batchflow": "^0.4.0", - "bcrypt": "^4.0.1", + "bcrypt": "^5.0.0", "body-parser": "^1.19.0", "compression": "^1.7.4", "config": "^3.3.1", diff --git a/backend/yarn.lock b/backend/yarn.lock index f95dbf7a..8e3d3dfb 100644 --- a/backend/yarn.lock +++ b/backend/yarn.lock @@ -249,13 +249,13 @@ batchflow@^0.4.0: resolved "https://registry.yarnpkg.com/batchflow/-/batchflow-0.4.0.tgz#7d419df79b6b7587b06f9ea34f96ccef6f74e5b5" integrity sha1-fUGd95trdYewb56jT5bM72905bU= -bcrypt@^4.0.1: - version "4.0.1" - resolved "https://registry.yarnpkg.com/bcrypt/-/bcrypt-4.0.1.tgz#06e21e749a061020e4ff1283c1faa93187ac57fe" - integrity sha512-hSIZHkUxIDS5zA2o00Kf2O5RfVbQ888n54xQoF/eIaquU4uaLxK8vhhBdktd0B3n2MjkcAWzv4mnhogykBKOUQ== +bcrypt@^5.0.0: + version "5.0.0" + resolved "https://registry.yarnpkg.com/bcrypt/-/bcrypt-5.0.0.tgz#051407c7cd5ffbfb773d541ca3760ea0754e37e2" + integrity sha512-jB0yCBl4W/kVHM2whjfyqnxTmOHkCX4kHEa5nYKSoGeYe8YrjTYTc87/6bwt1g8cmV0QrbhKriETg9jWtcREhg== dependencies: - node-addon-api "^2.0.0" - node-pre-gyp "0.14.0" + node-addon-api "^3.0.0" + node-pre-gyp "0.15.0" bignumber.js@9.0.0: version "9.0.0" @@ -2166,7 +2166,7 @@ mixin-deep@^1.2.0: for-in "^1.0.2" is-extendable "^1.0.1" -mkdirp@^0.5.0, mkdirp@^0.5.1: +mkdirp@^0.5.0, mkdirp@^0.5.1, mkdirp@^0.5.3: version "0.5.5" resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-0.5.5.tgz#d91cefd62d1436ca0f41620e251288d420099def" integrity sha512-NKmAlESf6jMGym1++R0Ra7wvhV+wFW63FaSOFPwRahvea0gMUcGUhVeAg/0BC0wiv9ih5NYPB1Wn1UEI1/L+xQ== @@ -2235,7 +2235,7 @@ natural-compare@^1.4.0: resolved "https://registry.yarnpkg.com/natural-compare/-/natural-compare-1.4.0.tgz#4abebfeed7541f2c27acfb29bdbbd15c8d5ba4f7" integrity sha1-Sr6/7tdUHywnrPspvbvRXI1bpPc= -needle@^2.2.1: +needle@^2.2.1, needle@^2.5.0: version "2.5.0" resolved "https://registry.yarnpkg.com/needle/-/needle-2.5.0.tgz#e6fc4b3cc6c25caed7554bd613a5cf0bac8c31c0" integrity sha512-o/qITSDR0JCyCKEQ1/1bnUXMmznxabbwi/Y4WwJElf+evwJNFNwIDMCCt5IigFVxgeGBJESLohGtIS9gEzo1fA== @@ -2254,19 +2254,19 @@ nice-try@^1.0.4: resolved "https://registry.yarnpkg.com/nice-try/-/nice-try-1.0.5.tgz#a3378a7696ce7d223e88fc9b764bd7ef1089e366" integrity sha512-1nh45deeb5olNY7eX82BkPO7SSxR5SSYJiPTrTdFUVYwAl8CKMA5N9PjTYkHiRjisVcxcQ1HXdLhx2qxxJzLNQ== -node-addon-api@^2.0.0: - version "2.0.2" - resolved "https://registry.yarnpkg.com/node-addon-api/-/node-addon-api-2.0.2.tgz#432cfa82962ce494b132e9d72a15b29f71ff5d32" - integrity sha512-Ntyt4AIXyaLIuMHF6IOoTakB3K+RWxwtsHNRxllEoA6vPwP9o4866g6YWDLUdnucilZhmkxiHwHr11gAENw+QA== +node-addon-api@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/node-addon-api/-/node-addon-api-3.0.0.tgz#812446a1001a54f71663bed188314bba07e09247" + integrity sha512-sSHCgWfJ+Lui/u+0msF3oyCgvdkhxDbkCS6Q8uiJquzOimkJBvX6hl5aSSA7DR1XbMpdM8r7phjcF63sF4rkKg== -node-pre-gyp@0.14.0: - version "0.14.0" - resolved "https://registry.yarnpkg.com/node-pre-gyp/-/node-pre-gyp-0.14.0.tgz#9a0596533b877289bcad4e143982ca3d904ddc83" - integrity sha512-+CvDC7ZttU/sSt9rFjix/P05iS43qHCOOGzcr3Ry99bXG7VX953+vFyEuph/tfqoYu8dttBkE86JSKBO2OzcxA== +node-pre-gyp@0.15.0: + version "0.15.0" + resolved "https://registry.yarnpkg.com/node-pre-gyp/-/node-pre-gyp-0.15.0.tgz#c2fc383276b74c7ffa842925241553e8b40f1087" + integrity sha512-7QcZa8/fpaU/BKenjcaeFF9hLz2+7S9AqyXFhlH/rilsQ/hPZKK32RtR5EQHJElgu+q5RfbJ34KriI79UWaorA== dependencies: detect-libc "^1.0.2" - mkdirp "^0.5.1" - needle "^2.2.1" + mkdirp "^0.5.3" + needle "^2.5.0" nopt "^4.0.1" npm-packlist "^1.1.6" npmlog "^4.0.2" From 251aac716a707d730733444b71247402be678f08 Mon Sep 17 00:00:00 2001 From: Jaap-Jan Date: Fri, 21 Aug 2020 09:49:43 +0200 Subject: [PATCH 07/17] Add CloudFlare DNS plugin to certbot --- docker/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index e3eefb34..5224416a 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -17,7 +17,8 @@ ENV NODE_ENV=production RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \ && apk update \ - && apk add python2 certbot jq \ + && apk add python2 py-pip certbot jq \ + && pip install certbot-dns-cloudflare \ && rm -rf /var/cache/apk/* ENV NPM_BUILD_VERSION="${BUILD_VERSION}" NPM_BUILD_COMMIT="${BUILD_COMMIT}" NPM_BUILD_DATE="${BUILD_DATE}" From 2d7576c57ea9d0219a5321678adf162f580e26b3 Mon Sep 17 00:00:00 2001 From: Jaap-Jan de Wit Date: Sun, 23 Aug 2020 10:54:36 +0000 Subject: [PATCH 08/17] add cloudflare dns also to dev docker file --- docker/dev/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docker/dev/Dockerfile b/docker/dev/Dockerfile index 35f5651d..5b679818 100644 --- a/docker/dev/Dockerfile +++ b/docker/dev/Dockerfile @@ -7,7 +7,8 @@ ENV S6_FIX_ATTRS_HIDDEN=1 RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \ && apk update \ - && apk add python2 certbot jq \ + && apk add python2 py-pip certbot jq \ + && pip install certbot-dns-cloudflare \ && rm -rf /var/cache/apk/* # Task From b9a95840e09fa2a633c8cade91c206dfc5821492 Mon Sep 17 00:00:00 2001 From: Jaap-Jan de Wit Date: Sun, 23 Aug 2020 11:40:41 +0000 Subject: [PATCH 09/17] add cloudflare dns option to letsencrypt via manual certificate --- frontend/js/app/nginx/certificates/form.ejs | 18 ++++++++++++++++++ frontend/js/app/nginx/certificates/form.js | 13 ++++++++++++- frontend/js/i18n/messages.json | 3 ++- 3 files changed, 32 insertions(+), 2 deletions(-) diff --git a/frontend/js/app/nginx/certificates/form.ejs b/frontend/js/app/nginx/certificates/form.ejs index 32edb6bf..98de2602 100644 --- a/frontend/js/app/nginx/certificates/form.ejs +++ b/frontend/js/app/nginx/certificates/form.ejs @@ -20,6 +20,24 @@ + + +
+
+ +
+
+
+
+ + +
+
+