Added migrations for mysql and postgres, added ci testing suites for them

backend/embed/migrations/mysql/20201013035318_initial_schema.sql

@@ -0,0 +1,246 @@
+-- migrate:up
+
+CREATE TABLE IF NOT EXISTS `jwt_keys`
+(
+	`id` INT AUTO_INCREMENT PRIMARY KEY,
+	`created_at` BIGINT NOT NULL DEFAULT 0,
+	`updated_at` BIGINT NOT NULL DEFAULT 0,
+	`is_deleted` INT NOT NULL DEFAULT 0,
+	`public_key` TEXT NOT NULL,
+	`private_key` TEXT NOT NULL
+);
+
+CREATE TABLE IF NOT EXISTS `user`
+(
+	`id` INT AUTO_INCREMENT PRIMARY KEY,
+	`created_at` BIGINT NOT NULL DEFAULT 0,
+	`updated_at` BIGINT NOT NULL DEFAULT 0,
+	`is_deleted` INT NOT NULL DEFAULT 0,
+	`name` VARCHAR(50) NOT NULL,
+	`nickname` VARCHAR(50) NOT NULL,
+	`email` VARCHAR(255) NOT NULL,
+	`is_system` INT NOT NULL DEFAULT 0,
+	`is_disabled` INT NOT NULL DEFAULT 0
+);
+
+CREATE TABLE IF NOT EXISTS `capability`
+(
+	`name` VARCHAR(50) PRIMARY KEY,
+	UNIQUE (`name`)
+);
+
+CREATE TABLE IF NOT EXISTS `user_has_capability`
+(
+	`user_id` INT NOT NULL,
+	`capability_name` VARCHAR(50) NOT NULL,
+	UNIQUE (`user_id`, `capability_name`),
+	FOREIGN KEY (`capability_name`) REFERENCES `capability`(`name`)
+);
+
+CREATE TABLE IF NOT EXISTS `auth`
+(
+	`id` INT AUTO_INCREMENT PRIMARY KEY,
+	`created_at` BIGINT NOT NULL DEFAULT 0,
+	`updated_at` BIGINT NOT NULL DEFAULT 0,
+	`is_deleted` INT NOT NULL DEFAULT 0,
+	`user_id` INT NOT NULL,
+	`type` VARCHAR(50) NOT NULL,
+	`secret` VARCHAR(255) NOT NULL,
+	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`),
+	UNIQUE (`user_id`, `type`)
+);
+
+CREATE TABLE IF NOT EXISTS `setting`
+(
+	`id` INT AUTO_INCREMENT PRIMARY KEY,
+	`created_at` BIGINT NOT NULL DEFAULT 0,
+	`updated_at` BIGINT NOT NULL DEFAULT 0,
+	`is_deleted` INT NOT NULL DEFAULT 0,
+	`name` VARCHAR(50) NOT NULL,
+	`description` VARCHAR(255) NOT NULL DEFAULT '',
+	`value` TEXT NOT NULL,
+	UNIQUE (`name`)
+);
+
+CREATE TABLE IF NOT EXISTS `audit_log`
+(
+	`id` INT AUTO_INCREMENT PRIMARY KEY,
+	`created_at` BIGINT NOT NULL DEFAULT 0,
+	`updated_at` BIGINT NOT NULL DEFAULT 0,
+	`is_deleted` INT NOT NULL DEFAULT 0,
+	`user_id` INT NOT NULL,
+	`object_type` VARCHAR(50) NOT NULL,
+	`object_id` INT NOT NULL,
+	`action` VARCHAR(50) NOT NULL,
+	`meta` TEXT NOT NULL,
+	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`)
+);
+
+CREATE TABLE IF NOT EXISTS `certificate_authority`
+(
+	`id` INT AUTO_INCREMENT PRIMARY KEY,
+	`created_at` BIGINT NOT NULL DEFAULT 0,
+	`updated_at` BIGINT NOT NULL DEFAULT 0,
+	`is_deleted` INT NOT NULL DEFAULT 0,
+	`name` VARCHAR(50) NOT NULL,
+	`acmesh_server` VARCHAR(255) NOT NULL DEFAULT '',
+	`ca_bundle` VARCHAR(255) NOT NULL DEFAULT '',
+	`is_wildcard_supported` INT NOT NULL DEFAULT 0, -- specific to each CA, acme v1 doesn't usually have wildcards
+	`max_domains` INT NOT NULL DEFAULT 5, -- per request
+	`is_readonly` INT NOT NULL DEFAULT 0
+);
+
+CREATE TABLE IF NOT EXISTS `dns_provider`
+(
+	`id` INT AUTO_INCREMENT PRIMARY KEY,
+	`created_at` BIGINT NOT NULL DEFAULT 0,
+	`updated_at` BIGINT NOT NULL DEFAULT 0,
+	`is_deleted` INT NOT NULL DEFAULT 0,
+	`user_id` INT NOT NULL,
+	`name` VARCHAR(50) NOT NULL,
+	`acmesh_name` VARCHAR(50) NOT NULL,
+	`dns_sleep` INT NOT NULL DEFAULT 0,
+	`meta` TEXT NOT NULL,
+	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`)
+);
+
+CREATE TABLE IF NOT EXISTS certificate
+(
+	`id` INT AUTO_INCREMENT PRIMARY KEY,
+	`created_at` BIGINT NOT NULL DEFAULT 0,
+	`updated_at` BIGINT NOT NULL DEFAULT 0,
+	`is_deleted` INT NOT NULL DEFAULT 0,
+	`user_id` INT NOT NULL,
+	`type` VARCHAR(50) NOT NULL, -- custom,dns,http
+	`certificate_authority_id` INT, -- 0 for a custom cert
+	`dns_provider_id` INT, -- 0, for a http or custom cert
+	`name` VARCHAR(50) NOT NULL,
+	`domain_names` TEXT NOT NULL,
+	`expires_on` INT DEFAULT 0,
+	`status` VARCHAR(50) NOT NULL, -- ready,requesting,failed,provided
+	`error_message` TEXT NOT NULL,
+	`meta` TEXT NOT NULL,
+	`is_ecc` INT NOT NULL DEFAULT 0,
+	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`),
+	FOREIGN KEY (`certificate_authority_id`) REFERENCES `certificate_authority`(`id`),
+	FOREIGN KEY (`dns_provider_id`) REFERENCES `dns_provider`(`id`)
+);
+
+CREATE TABLE IF NOT EXISTS `stream`
+(
+	`id` INT AUTO_INCREMENT PRIMARY KEY,
+	`created_at` BIGINT NOT NULL DEFAULT 0,
+	`updated_at` BIGINT NOT NULL DEFAULT 0,
+	`is_deleted` INT NOT NULL DEFAULT 0,
+	`user_id` INT NOT NULL,
+	`listen_interface` VARCHAR(50) NOT NULL,
+	`incoming_port` INT NOT NULL,
+	`tcp_forwarding` INT NOT NULL DEFAULT 0,
+	`udp_forwarding` INT NOT NULL DEFAULT 0,
+	`advanced_config` TEXT NOT NULL,
+	`is_disabled` INT NOT NULL DEFAULT 0,
+	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`)
+);
+
+CREATE TABLE IF NOT EXISTS `nginx_template`
+(
+	`id` INT AUTO_INCREMENT PRIMARY KEY,
+	`created_at` BIGINT NOT NULL DEFAULT 0,
+	`updated_at` BIGINT NOT NULL DEFAULT 0,
+	`is_deleted` INT NOT NULL DEFAULT 0,
+	`user_id` INT NOT NULL,
+	`name` VARCHAR(50) NOT NULL,
+	`type` VARCHAR(50) NOT NULL,
+	`template` TEXT NOT NULL,
+	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`)
+);
+
+CREATE TABLE IF NOT EXISTS `upstream`
+(
+	`id` INT AUTO_INCREMENT PRIMARY KEY,
+	`created_at` BIGINT NOT NULL DEFAULT 0,
+	`updated_at` BIGINT NOT NULL DEFAULT 0,
+	`is_deleted` INT NOT NULL DEFAULT 0,
+	`user_id` INT NOT NULL,
+	`name` VARCHAR(50) NOT NULL,
+	`nginx_template_id` INT NOT NULL,
+	`ip_hash` INT NOT NULL DEFAULT 0,
+	`ntlm` INT NOT NULL DEFAULT 0,
+	`keepalive` INT NOT NULL DEFAULT 0,
+	`keepalive_requests` INT NOT NULL DEFAULT 0,
+	`keepalive_time` VARCHAR(50) NOT NULL DEFAULT '',
+	`keepalive_timeout` VARCHAR(50) NOT NULL DEFAULT '',
+	`advanced_config` TEXT NOT NULL,
+	`status` VARCHAR(50) NOT NULL DEFAULT '',
+	`error_message` TEXT NOT NULL,
+	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`),
+	FOREIGN KEY (`nginx_template_id`) REFERENCES `nginx_template`(`id`)
+);
+
+CREATE TABLE IF NOT EXISTS `upstream_server`
+(
+	`id` INT AUTO_INCREMENT PRIMARY KEY,
+	`created_at` BIGINT NOT NULL DEFAULT 0,
+	`updated_at` BIGINT NOT NULL DEFAULT 0,
+	`is_deleted` INT NOT NULL DEFAULT 0,
+	`upstream_id` INT NOT NULL,
+	`server` VARCHAR(50) NOT NULL,
+	`weight` INT NOT NULL DEFAULT 0,
+	`max_conns` INT NOT NULL DEFAULT 0,
+	`max_fails` INT NOT NULL DEFAULT 0,
+	`fail_timeout` INT NOT NULL DEFAULT 0,
+	`is_backup` INT NOT NULL DEFAULT 0,
+	FOREIGN KEY (`upstream_id`) REFERENCES `upstream`(`id`)
+);
+
+CREATE TABLE IF NOT EXISTS `access_list`
+(
+	`id` INT AUTO_INCREMENT PRIMARY KEY,
+	`created_at` BIGINT NOT NULL DEFAULT 0,
+	`updated_at` BIGINT NOT NULL DEFAULT 0,
+	`is_deleted` INT NOT NULL DEFAULT 0,
+	`user_id` INT NOT NULL,
+	`name` VARCHAR(50) NOT NULL,
+	`meta` TEXT NOT NULL,
+	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`)
+);
+
+CREATE TABLE IF NOT EXISTS host
+(
+	`id` INT AUTO_INCREMENT PRIMARY KEY,
+	`created_at` BIGINT NOT NULL DEFAULT 0,
+	`updated_at` BIGINT NOT NULL DEFAULT 0,
+	`is_deleted` INT NOT NULL DEFAULT 0,
+	`user_id` INT NOT NULL,
+	`type` VARCHAR(50) NOT NULL,
+	`nginx_template_id` INT NOT NULL,
+	`listen_interface` VARCHAR(50) NOT NULL DEFAULT '',
+	`domain_names` TEXT NOT NULL,
+	`upstream_id` INT NOT NULL DEFAULT 0,
+	`proxy_scheme` VARCHAR(50) NOT NULL DEFAULT '',
+	`proxy_host` VARCHAR(50) NOT NULL DEFAULT '',
+	`proxy_port` INT NOT NULL DEFAULT 0,
+	`certificate_id` INT NOT NULL DEFAULT 0,
+	`access_list_id` INT NOT NULL DEFAULT 0,
+	`ssl_forced` INT NOT NULL DEFAULT 0,
+	`caching_enabled` INT NOT NULL DEFAULT 0,
+	`block_exploits` INT NOT NULL DEFAULT 0,
+	`allow_websocket_upgrade` INT NOT NULL DEFAULT 0,
+	`http2_support` INT NOT NULL DEFAULT 0,
+	`hsts_enabled` INT NOT NULL DEFAULT 0,
+	`hsts_subdomains` INT NOT NULL DEFAULT 0,
+	`paths` TEXT NOT NULL,
+	`advanced_config` TEXT NOT NULL,
+	`status` VARCHAR(50) NOT NULL DEFAULT '',
+	`error_message` TEXT NOT NULL,
+	`is_disabled` INT NOT NULL DEFAULT 0,
+	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`),
+	FOREIGN KEY (`nginx_template_id`) REFERENCES `nginx_template`(`id`),
+	FOREIGN KEY (`upstream_id`) REFERENCES `upstream`(`id`),
+	FOREIGN KEY (`certificate_id`) REFERENCES `certificate`(`id`),
+	FOREIGN KEY (`access_list_id`) REFERENCES `access_list`(`id`)
+);
+
+-- migrate:down
+
+-- Not allowed to go down from initial

backend/embed/migrations/mysql/20201013035839_initial_data.sql

@@ -0,0 +1,332 @@
+-- migrate:up
+
+-- User permissions
+INSERT INTO capability (
+	name
+) VALUES
+	("full-admin"),
+	("access-lists.view"),
+	("access-lists.manage"),
+	("audit-log.view"),
+	("certificates.view"),
+	("certificates.manage"),
+	("certificate-authorities.view"),
+	("certificate-authorities.manage"),
+	("dns-providers.view"),
+	("dns-providers.manage"),
+	("hosts.view"),
+	("hosts.manage"),
+	("nginx-templates.view"),
+	("nginx-templates.manage"),
+	("settings.manage"),
+	("streams.view"),
+	("streams.manage"),
+	("users.manage");
+
+-- Default error reporting setting
+INSERT INTO setting (
+	created_at,
+	updated_at,
+	name,
+	description,
+	value
+) VALUES (
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	"error-reporting",
+	"If enabled, any application errors are reported to Sentry. Sensitive information is not sent.",
+	"true" -- remember this is json
+);
+
+-- Default site
+INSERT INTO setting (
+	created_at,
+	updated_at,
+	name,
+	description,
+	value
+) VALUES (
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	"default-site",
+	"What to show users who hit your Nginx server by default",
+	'"welcome"' -- remember this is json
+);
+
+-- Default Certificate Authorities
+
+INSERT INTO certificate_authority (
+	created_at,
+	updated_at,
+	name,
+	acmesh_server,
+	is_wildcard_supported,
+	max_domains,
+	is_readonly
+) VALUES (
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	"ZeroSSL",
+	"zerossl",
+	1,
+	10,
+	1
+), (
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	"Let's Encrypt",
+	"https://acme-v02.api.letsencrypt.org/directory",
+	1,
+	10,
+	1
+), (
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	"Buypass Go SSL",
+	"https://api.buypass.com/acme/directory",
+	0,
+	5,
+	1
+), (
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	"SSL.com",
+	"ssl.com",
+	0,
+	10,
+	1
+), (
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	"Let's Encrypt (Testing)",
+	"https://acme-staging-v02.api.letsencrypt.org/directory",
+	1,
+	10,
+	1
+), (
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	"Buypass Go SSL (Testing)",
+	"https://api.test4.buypass.no/acme/directory",
+	0,
+	5,
+	1
+);
+
+-- System User
+INSERT INTO user (
+	created_at,
+	updated_at,
+	name,
+	nickname,
+	email,
+	is_system
+) VALUES (
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	"System",
+	"System",
+	"system@localhost",
+	1
+);
+
+-- Host Templates
+INSERT INTO nginx_template (
+	created_at,
+	updated_at,
+	user_id,
+	name,
+	type,
+	template
+) VALUES (
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	(SELECT id FROM user WHERE is_system = 1 LIMIT 1),
+	"Default Proxy Template",
+	"proxy",
+	"# ------------------------------------------------------------
+{{#each Host.DomainNames}}
+# {{this}}
+{{/each}}
+# ------------------------------------------------------------
+
+server {
+  {{#if Config.Ipv4}}
+  listen 80;
+  {{/if}}
+  {{#if Config.Ipv6}}
+  listen [::]:80;
+  {{/if}}
+
+  {{#if Certificate.ID}}
+  {{#if Config.Ipv4}}
+  listen 443 ssl {{#if Host.HTTP2Support}}http2{{/if}};
+  {{/if}}
+  {{#if Config.Ipv6}}
+  listen [::]:443 ssl {{#if Host.HTTP2Support}}http2{{/if}};
+  {{/if}}
+  {{/if}}
+
+  server_name {{#each Host.DomainNames}}{{this}} {{/each}};
+
+  {{#if Certificate.ID}}
+  include conf.d/include/ssl-ciphers.conf;
+  {{#if Certificate.IsAcme}}
+  ssl_certificate {{Certificate.Folder}}/fullchain.pem;
+  ssl_certificate_key {{Certificate.Folder}}/privkey.pem;
+  {{else}}
+  # Custom SSL
+  ssl_certificate /data/custom_ssl/npm-{{Certicicate.ID}}/fullchain.pem;
+  ssl_certificate_key /data/custom_ssl/npm-{{Certificate.ID}}/privkey.pem;
+  {{/if}}
+  {{/if}}
+
+  {{#if Host.CachingEnabled}}
+  include conf.d/include/assets.conf;
+  {{/if}}
+
+  {{#if Host.BlockExploits}}
+  include conf.d/include/block-exploits.conf;
+  {{/if}}
+
+  {{#if Certificate.ID}}
+  {{#if Host.SSLForced}}
+  {{#if Host.HSTSEnabled}}
+  # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
+  add_header Strict-Transport-Security ""max-age=63072000;{{#if Host.HSTSSubdomains}} includeSubDomains;{{/if}} preload"" always;
+  {{/if}}
+  # Force SSL
+  include conf.d/include/force-ssl.conf;
+  {{/if}}
+  {{/if}}
+
+  {{#if Host.AllowWebsocketUpgrade}}
+  proxy_set_header Upgrade $http_upgrade;
+  proxy_set_header Connection $http_connection;
+  proxy_http_version 1.1;
+  {{/if}}
+
+  access_log /data/logs/host-{{Host.ID}}_access.log proxy;
+  error_log /data/logs/host-{{Host.ID}}_error.log warn;
+
+  {{Host.AdvancedConfig}}
+
+  # locations ?
+
+  # default location:
+  location / {
+    {{#if Host.AccessListID}}
+    # Authorization
+    auth_basic            ""Authorization required"";
+    auth_basic_user_file  /data/access/{{Host.AccessListID}};
+    # access_list.passauth ? todo
+    {{/if}}
+
+    # Access Rules ? todo
+
+    # Access checks must...? todo
+
+    {{#if Certificate.ID}}
+    {{#if Host.SSLForced}}
+    {{#if Host.HSTSEnabled}}
+    # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
+    add_header Strict-Transport-Security ""max-age=63072000;{{#if Host.HSTSSubdomains}} includeSubDomains;{{/if}} preload"" always;
+    {{/if}}
+    {{/if}}
+    {{/if}}
+
+    {{#if Host.AllowWebsocketUpgrade}}
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $http_connection;
+    {{/if}}
+
+    # Proxy!
+    add_header       X-Served-By $host;
+    proxy_set_header Host $host;
+    proxy_set_header X-Forwarded-Scheme $scheme;
+    proxy_set_header X-Forwarded-Proto  $scheme;
+    proxy_set_header X-Forwarded-For    $remote_addr;
+    proxy_http_version 1.1;
+
+    {{#if Upstream.ID}}
+    # upstream
+    proxy_pass {{Host.ProxyScheme}}://npm_upstream_{{Upstream.ID}};
+    {{else}}
+    # proxy a single host
+    proxy_pass {{Host.ProxyScheme}}://{{Host.ProxyHost}}:{{Host.ProxyPort}};
+    {{/if}}
+  }
+
+  # Legacy Custom Configuration
+  include /data/nginx/custom/server_proxy[.]conf;
+}
+"
+), (
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	(SELECT id FROM user WHERE is_system = 1 LIMIT 1),
+	"Default Redirect Template",
+	"redirect",
+	"# this is a redirect template"
+), (
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	(SELECT id FROM user WHERE is_system = 1 LIMIT 1),
+	"Default Dead Template",
+	"dead",
+	"# this is a dead template"
+), (
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	(SELECT id FROM user WHERE is_system = 1 LIMIT 1),
+	"Default Stream Template",
+	"stream",
+	"# this is a stream template"
+), (
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	ROUND(UNIX_TIMESTAMP(CURTIME(4)) * 1000),
+	(SELECT id FROM user WHERE is_system = 1 LIMIT 1),
+	"Default Upstream Template",
+	"upstream",
+	"# ------------------------------------------------------------
+# Upstream {{Upstream.ID}}: {{Upstream.Name}}
+# ------------------------------------------------------------
+
+upstream npm_upstream_{{Upstream.ID}} {
+
+  {{#if Upstream.IPHash~}}
+  ip_hash;
+  {{~/if}}
+
+  {{#if Upstream.NTLM~}}
+  ntlm;
+  {{~/if}}
+
+  {{#if Upstream.Keepalive~}}
+  keepalive {{Upstream.Keepalive}};
+  {{~/if}}
+
+  {{#if Upstream.KeepaliveRequests~}}
+  keepalive_requests {{Upstream.KeepaliveRequests}};
+  {{~/if}}
+
+  {{#if Upstream.KeepaliveTime~}}
+  keepalive_time {{Upstream.KeepaliveTime}};
+  {{~/if}}
+
+  {{#if Upstream.KeepaliveTimeout~}}
+  keepalive_timeout {{Upstream.KeepaliveTimeout}};
+  {{~/if}}
+
+  {{Upstream.AdvancedConfig}}
+
+  {{#each Upstream.Servers~}}
+  {{#unless IsDeleted~}}
+  server {{Server}} {{#if Weight}}weight={{Weight}} {{/if}}{{#if MaxConns}}max_conns={{MaxConns}} {{/if}}{{#if MaxFails}}max_fails={{MaxFails}} {{/if}}{{#if FailTimeout}}fail_timeout={{FailTimeout}} {{/if}}{{#if Backup}}backup{{/if}};
+  {{/unless}}
+  {{/each}}
+}
+"
+);
+
+-- migrate:down

backend/embed/migrations/postgres/20201013035318_initial_schema.sql

@@ -0,0 +1,212 @@
+-- migrate:up
+
+CREATE TABLE "jwt_keys" (
+	"id" SERIAL PRIMARY KEY,
+	"created_at" BIGINT NOT NULL DEFAULT 0,
+	"updated_at" BIGINT NOT NULL DEFAULT 0,
+	"is_deleted" INTEGER NOT NULL DEFAULT 0,
+	"public_key" TEXT NOT NULL,
+	"private_key" TEXT NOT NULL
+);
+
+CREATE TABLE "user" (
+	"id" SERIAL PRIMARY KEY,
+	"created_at" BIGINT NOT NULL DEFAULT 0,
+	"updated_at" BIGINT NOT NULL DEFAULT 0,
+	"is_deleted" INTEGER NOT NULL DEFAULT 0,
+	"name" VARCHAR(50) NOT NULL,
+	"nickname" VARCHAR(50) NOT NULL,
+	"email" VARCHAR(255) NOT NULL,
+	"is_system" INTEGER NOT NULL DEFAULT 0,
+	"is_disabled" INTEGER NOT NULL DEFAULT 0
+);
+
+CREATE TABLE "capability" (
+	"name" TEXT NOT NULL PRIMARY KEY,
+	UNIQUE ("name")
+);
+
+CREATE TABLE "user_has_capability" (
+	"user_id" INTEGER NOT NULL,
+	"capability_name" TEXT NOT NULL REFERENCES "capability"("name"),
+	UNIQUE ("user_id", "capability_name")
+);
+
+CREATE TABLE "auth" (
+	"id" SERIAL PRIMARY KEY,
+	"created_at" BIGINT NOT NULL DEFAULT 0,
+	"updated_at" BIGINT NOT NULL DEFAULT 0,
+	"is_deleted" INTEGER NOT NULL DEFAULT 0,
+	"user_id" INTEGER NOT NULL REFERENCES "user"("id"),
+	"type" VARCHAR(50) NOT NULL,
+	"secret" VARCHAR(255) NOT NULL,
+	UNIQUE ("user_id", "type")
+);
+
+CREATE TABLE "setting" (
+	"id" SERIAL PRIMARY KEY,
+	"created_at" BIGINT NOT NULL DEFAULT 0,
+	"updated_at" BIGINT NOT NULL DEFAULT 0,
+	"is_deleted" INTEGER NOT NULL DEFAULT 0,
+	"name" VARCHAR(50) NOT NULL,
+	"description" VARCHAR(255) NOT NULL DEFAULT '',
+	"value" TEXT NOT NULL,
+	UNIQUE ("name")
+);
+
+CREATE TABLE "audit_log" (
+	"id" SERIAL PRIMARY KEY,
+	"created_at" BIGINT NOT NULL DEFAULT 0,
+	"updated_at" BIGINT NOT NULL DEFAULT 0,
+	"is_deleted" INTEGER NOT NULL DEFAULT 0,
+	"user_id" INTEGER NOT NULL REFERENCES "user"("id"),
+	"object_type" VARCHAR(50) NOT NULL,
+	"object_id" INTEGER NOT NULL,
+	"action" VARCHAR(50) NOT NULL,
+	"meta" TEXT NOT NULL
+);
+
+CREATE TABLE "certificate_authority" (
+	"id" SERIAL PRIMARY KEY,
+	"created_at" BIGINT NOT NULL DEFAULT 0,
+	"updated_at" BIGINT NOT NULL DEFAULT 0,
+	"is_deleted" INTEGER NOT NULL DEFAULT 0,
+	"name" VARCHAR(50) NOT NULL,
+	"acmesh_server" VARCHAR(255) NOT NULL DEFAULT '',
+	"ca_bundle" VARCHAR(255) NOT NULL DEFAULT '',
+	"is_wildcard_supported" INTEGER NOT NULL DEFAULT 0, -- specific to each CA, acme v1 doesn't usually have wildcards
+	"max_domains" INTEGER NOT NULL DEFAULT 5, -- per request
+	"is_readonly" INTEGER NOT NULL DEFAULT 0
+);
+
+CREATE TABLE "dns_provider" (
+	"id" SERIAL PRIMARY KEY,
+	"created_at" BIGINT NOT NULL DEFAULT 0,
+	"updated_at" BIGINT NOT NULL DEFAULT 0,
+	"is_deleted" INTEGER NOT NULL DEFAULT 0,
+	"user_id" INTEGER NOT NULL REFERENCES "user"("id"),
+	"name" VARCHAR(50) NOT NULL,
+	"acmesh_name" VARCHAR(50) NOT NULL,
+	"dns_sleep" INTEGER NOT NULL DEFAULT 0,
+	"meta" TEXT NOT NULL
+);
+
+CREATE TABLE "certificate" (
+	"id" SERIAL PRIMARY KEY,
+	"created_at" BIGINT NOT NULL DEFAULT 0,
+	"updated_at" BIGINT NOT NULL DEFAULT 0,
+	"is_deleted" INTEGER NOT NULL DEFAULT 0,
+	"user_id" INTEGER NOT NULL REFERENCES "user"("id"),
+	"type" VARCHAR(50) NOT NULL, -- custom,dns,http
+	"certificate_authority_id" INTEGER REFERENCES "certificate_authority"("id"), -- 0 for a custom cert
+	"dns_provider_id" INTEGER REFERENCES "dns_provider"("id"), -- 0, for a http or custom cert
+	"name" VARCHAR(50) NOT NULL,
+	"domain_names" TEXT NOT NULL,
+	"expires_on" INTEGER DEFAULT 0,
+	"status" VARCHAR(50) NOT NULL, -- ready,requesting,failed,provided
+	"error_message" TEXT NOT NULL DEFAULT '',
+	"meta" TEXT NOT NULL,
+	"is_ecc" INTEGER NOT NULL DEFAULT 0
+);
+
+CREATE TABLE "stream" (
+	"id" SERIAL PRIMARY KEY,
+	"created_at" BIGINT NOT NULL DEFAULT 0,
+	"updated_at" BIGINT NOT NULL DEFAULT 0,
+	"is_deleted" INTEGER NOT NULL DEFAULT 0,
+	"user_id" INTEGER NOT NULL REFERENCES "user"("id"),
+	"listen_interface" VARCHAR(50) NOT NULL,
+	"incoming_port" INTEGER NOT NULL,
+	"tcp_forwarding" INTEGER NOT NULL DEFAULT 0,
+	"udp_forwarding" INTEGER NOT NULL DEFAULT 0,
+	"advanced_config" TEXT NOT NULL,
+	"is_disabled" INTEGER NOT NULL DEFAULT 0
+);
+
+CREATE TABLE "nginx_template" (
+	"id" SERIAL PRIMARY KEY,
+	"created_at" BIGINT NOT NULL DEFAULT 0,
+	"updated_at" BIGINT NOT NULL DEFAULT 0,
+	"is_deleted" INTEGER NOT NULL DEFAULT 0,
+	"user_id" INTEGER NOT NULL REFERENCES "user"("id"),
+	"name" VARCHAR(50) NOT NULL,
+	"type" VARCHAR(50) NOT NULL,
+	"template" TEXT NOT NULL
+);
+
+CREATE TABLE "upstream" (
+	"id" SERIAL PRIMARY KEY,
+	"created_at" BIGINT NOT NULL DEFAULT 0,
+	"updated_at" BIGINT NOT NULL DEFAULT 0,
+	"is_deleted" INTEGER NOT NULL DEFAULT 0,
+	"user_id" INTEGER NOT NULL REFERENCES "user"("id"),
+	"name" VARCHAR(50) NOT NULL,
+	"nginx_template_id" INTEGER NOT NULL REFERENCES "nginx_template"("id"),
+	"ip_hash" INTEGER NOT NULL DEFAULT 0,
+	"ntlm" INTEGER NOT NULL DEFAULT 0,
+	"keepalive" INTEGER NOT NULL DEFAULT 0,
+	"keepalive_requests" INTEGER NOT NULL DEFAULT 0,
+	"keepalive_time" VARCHAR(50) NOT NULL DEFAULT '',
+	"keepalive_timeout" VARCHAR(50) NOT NULL DEFAULT '',
+	"advanced_config" TEXT NOT NULL,
+	"status" VARCHAR(50) NOT NULL DEFAULT '',
+	"error_message" TEXT NOT NULL DEFAULT ''
+);
+
+CREATE TABLE "upstream_server" (
+	"id" SERIAL PRIMARY KEY,
+	"created_at" BIGINT NOT NULL DEFAULT 0,
+	"updated_at" BIGINT NOT NULL DEFAULT 0,
+	"is_deleted" INTEGER NOT NULL DEFAULT 0,
+	"upstream_id" INTEGER NOT NULL REFERENCES "upstream"("id"),
+	"server" VARCHAR(50) NOT NULL,
+	"weight" INTEGER NOT NULL DEFAULT 0,
+	"max_conns" INTEGER NOT NULL DEFAULT 0,
+	"max_fails" INTEGER NOT NULL DEFAULT 0,
+	"fail_timeout" INTEGER NOT NULL DEFAULT 0,
+	"is_backup" INTEGER NOT NULL DEFAULT 0
+);
+
+CREATE TABLE "access_list" (
+	"id" SERIAL PRIMARY KEY,
+	"created_at" BIGINT NOT NULL DEFAULT 0,
+	"updated_at" BIGINT NOT NULL DEFAULT 0,
+	"is_deleted" INTEGER NOT NULL DEFAULT 0,
+	"user_id" INTEGER NOT NULL REFERENCES "user"("id"),
+	"name" VARCHAR(50) NOT NULL,
+	"meta" TEXT NOT NULL
+);
+
+CREATE TABLE "host" (
+	"id" SERIAL PRIMARY KEY,
+	"created_at" BIGINT NOT NULL DEFAULT 0,
+	"updated_at" BIGINT NOT NULL DEFAULT 0,
+	"is_deleted" INTEGER NOT NULL DEFAULT 0,
+	"user_id" INTEGER NOT NULL REFERENCES "user"("id"),
+	"type" TEXT NOT NULL,
+	"nginx_template_id" INTEGER NOT NULL REFERENCES "nginx_template"("id"),
+	"listen_interface" TEXT NOT NULL DEFAULT '',
+	"domain_names" TEXT NOT NULL,
+	"upstream_id" INTEGER NOT NULL DEFAULT 0 REFERENCES "upstream"("id"),
+	"proxy_scheme" TEXT NOT NULL DEFAULT '',
+	"proxy_host" TEXT NOT NULL DEFAULT '',
+	"proxy_port" INTEGER NOT NULL DEFAULT 0,
+	"certificate_id" INTEGER NOT NULL DEFAULT 0 REFERENCES "certificate"("id"),
+	"access_list_id" INTEGER NOT NULL DEFAULT 0 REFERENCES "access_list"("id"),
+	"ssl_forced" INTEGER NOT NULL DEFAULT 0,
+	"caching_enabled" INTEGER NOT NULL DEFAULT 0,
+	"block_exploits" INTEGER NOT NULL DEFAULT 0,
+	"allow_websocket_upgrade" INTEGER NOT NULL DEFAULT 0,
+	"http2_support" INTEGER NOT NULL DEFAULT 0,
+	"hsts_enabled" INTEGER NOT NULL DEFAULT 0,
+	"hsts_subdomains" INTEGER NOT NULL DEFAULT 0,
+	"paths" TEXT NOT NULL DEFAULT '',
+	"advanced_config" TEXT NOT NULL DEFAULT '',
+	"status" TEXT NOT NULL DEFAULT '',
+	"error_message" TEXT NOT NULL DEFAULT '',
+	"is_disabled" INTEGER NOT NULL DEFAULT 0
+);
+
+-- migrate:down
+
+-- Not allowed to go down from initial

backend/embed/migrations/postgres/20201013035839_initial_data.sql

@@ -0,0 +1,332 @@
+-- migrate:up
+
+-- User permissions
+INSERT INTO "capability" (
+	"name"
+) VALUES
+	('full-admin'),
+	('access-lists.view'),
+	('access-lists.manage'),
+	('audit-log.view'),
+	('certificates.view'),
+	('certificates.manage'),
+	('certificate-authorities.view'),
+	('certificate-authorities.manage'),
+	('dns-providers.view'),
+	('dns-providers.manage'),
+	('hosts.view'),
+	('hosts.manage'),
+	('nginx-templates.view'),
+	('nginx-templates.manage'),
+	('settings.manage'),
+	('streams.view'),
+	('streams.manage'),
+	('users.manage');
+
+-- Default error reporting setting
+INSERT INTO "setting" (
+	"created_at",
+	"updated_at",
+	"name",
+	"description",
+	"value"
+) VALUES (
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	'error-reporting',
+	'If enabled, any application errors are reported to Sentry. Sensitive information is not sent.',
+	'true' -- remember this is json
+);
+
+-- Default site
+INSERT INTO "setting" (
+	"created_at",
+	"updated_at",
+	"name",
+	"description",
+	"value"
+) VALUES (
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	'default-site',
+	'What to show users who hit your Nginx server by default',
+	'"welcome"' -- remember this is json
+);
+
+-- Default Certificate Authorities
+
+INSERT INTO "certificate_authority" (
+	"created_at",
+	"updated_at",
+	"name",
+	"acmesh_server",
+	"is_wildcard_supported",
+	"max_domains",
+	"is_readonly"
+) VALUES (
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	'ZeroSSL',
+	'zerossl',
+	1,
+	10,
+	1
+), (
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	'Let''s Encrypt',
+	'https://acme-v02.api.letsencrypt.org/directory',
+	1,
+	10,
+	1
+), (
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	'Buypass Go SSL',
+	'https://api.buypass.com/acme/directory',
+	0,
+	5,
+	1
+), (
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	'SSL.com',
+	'ssl.com',
+	0,
+	10,
+	1
+), (
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	'Let''s Encrypt (Testing)',
+	'https://acme-staging-v02.api.letsencrypt.org/directory',
+	1,
+	10,
+	1
+), (
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	'Buypass Go SSL (Testing)',
+	'https://api.test4.buypass.no/acme/directory',
+	0,
+	5,
+	1
+);
+
+-- System User
+INSERT INTO "user" (
+	"created_at",
+	"updated_at",
+	"name",
+	"nickname",
+	"email",
+	"is_system"
+) VALUES (
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	'System',
+	'System',
+	'system@localhost',
+	1
+);
+
+-- Host Templates
+INSERT INTO "nginx_template" (
+	"created_at",
+	"updated_at",
+	"user_id",
+	"name",
+	"type",
+	"template"
+) VALUES (
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	(SELECT "id" FROM "user" WHERE "is_system" = 1 LIMIT 1),
+	'Default Proxy Template',
+	'proxy',
+	'# ------------------------------------------------------------
+{{#each Host.DomainNames}}
+# {{this}}
+{{/each}}
+# ------------------------------------------------------------
+
+server {
+  {{#if Config.Ipv4}}
+  listen 80;
+  {{/if}}
+  {{#if Config.Ipv6}}
+  listen [::]:80;
+  {{/if}}
+
+  {{#if Certificate.ID}}
+  {{#if Config.Ipv4}}
+  listen 443 ssl {{#if Host.HTTP2Support}}http2{{/if}};
+  {{/if}}
+  {{#if Config.Ipv6}}
+  listen [::]:443 ssl {{#if Host.HTTP2Support}}http2{{/if}};
+  {{/if}}
+  {{/if}}
+
+  server_name {{#each Host.DomainNames}}{{this}} {{/each}};
+
+  {{#if Certificate.ID}}
+  include conf.d/include/ssl-ciphers.conf;
+  {{#if Certificate.IsAcme}}
+  ssl_certificate {{Certificate.Folder}}/fullchain.pem;
+  ssl_certificate_key {{Certificate.Folder}}/privkey.pem;
+  {{else}}
+  # Custom SSL
+  ssl_certificate /data/custom_ssl/npm-{{Certicicate.ID}}/fullchain.pem;
+  ssl_certificate_key /data/custom_ssl/npm-{{Certificate.ID}}/privkey.pem;
+  {{/if}}
+  {{/if}}
+
+  {{#if Host.CachingEnabled}}
+  include conf.d/include/assets.conf;
+  {{/if}}
+
+  {{#if Host.BlockExploits}}
+  include conf.d/include/block-exploits.conf;
+  {{/if}}
+
+  {{#if Certificate.ID}}
+  {{#if Host.SSLForced}}
+  {{#if Host.HSTSEnabled}}
+  # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
+  add_header Strict-Transport-Security "max-age=63072000;{{#if Host.HSTSSubdomains}} includeSubDomains;{{/if}} preload" always;
+  {{/if}}
+  # Force SSL
+  include conf.d/include/force-ssl.conf;
+  {{/if}}
+  {{/if}}
+
+  {{#if Host.AllowWebsocketUpgrade}}
+  proxy_set_header Upgrade $http_upgrade;
+  proxy_set_header Connection $http_connection;
+  proxy_http_version 1.1;
+  {{/if}}
+
+  access_log /data/logs/host-{{Host.ID}}_access.log proxy;
+  error_log /data/logs/host-{{Host.ID}}_error.log warn;
+
+  {{Host.AdvancedConfig}}
+
+  # locations ?
+
+  # default location:
+  location / {
+    {{#if Host.AccessListID}}
+    # Authorization
+    auth_basic            "Authorization required";
+    auth_basic_user_file  /data/access/{{Host.AccessListID}};
+    # access_list.passauth ? todo
+    {{/if}}
+
+    # Access Rules ? todo
+
+    # Access checks must...? todo
+
+    {{#if Certificate.ID}}
+    {{#if Host.SSLForced}}
+    {{#if Host.HSTSEnabled}}
+    # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
+    add_header Strict-Transport-Security "max-age=63072000;{{#if Host.HSTSSubdomains}} includeSubDomains;{{/if}} preload" always;
+    {{/if}}
+    {{/if}}
+    {{/if}}
+
+    {{#if Host.AllowWebsocketUpgrade}}
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $http_connection;
+    {{/if}}
+
+    # Proxy!
+    add_header       X-Served-By $host;
+    proxy_set_header Host $host;
+    proxy_set_header X-Forwarded-Scheme $scheme;
+    proxy_set_header X-Forwarded-Proto  $scheme;
+    proxy_set_header X-Forwarded-For    $remote_addr;
+    proxy_http_version 1.1;
+
+    {{#if Upstream.ID}}
+    # upstream
+    proxy_pass {{Host.ProxyScheme}}://npm_upstream_{{Upstream.ID}};
+    {{else}}
+    # proxy a single host
+    proxy_pass {{Host.ProxyScheme}}://{{Host.ProxyHost}}:{{Host.ProxyPort}};
+    {{/if}}
+  }
+
+  # Legacy Custom Configuration
+  include /data/nginx/custom/server_proxy[.]conf;
+}
+'
+), (
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	(SELECT "id" FROM "user" WHERE "is_system" = 1 LIMIT 1),
+	'Default Redirect Template',
+	'redirect',
+	'# this is a redirect template'
+), (
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	(SELECT "id" FROM "user" WHERE "is_system" = 1 LIMIT 1),
+	'Default Dead Template',
+	'dead',
+	'# this is a dead template'
+), (
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	(SELECT "id" FROM "user" WHERE "is_system" = 1 LIMIT 1),
+	'Default Stream Template',
+	'stream',
+	'# this is a stream template'
+), (
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	EXTRACT(EPOCH FROM TIMESTAMP '2011-05-17 10:40:28.876944') * 1000,
+	(SELECT "id" FROM "user" WHERE "is_system" = 1 LIMIT 1),
+	'Default Upstream Template',
+	'upstream',
+	'# ------------------------------------------------------------
+# Upstream {{Upstream.ID}}: {{Upstream.Name}}
+# ------------------------------------------------------------
+
+upstream npm_upstream_{{Upstream.ID}} {
+
+  {{#if Upstream.IPHash~}}
+  ip_hash;
+  {{~/if}}
+
+  {{#if Upstream.NTLM~}}
+  ntlm;
+  {{~/if}}
+
+  {{#if Upstream.Keepalive~}}
+  keepalive {{Upstream.Keepalive}};
+  {{~/if}}
+
+  {{#if Upstream.KeepaliveRequests~}}
+  keepalive_requests {{Upstream.KeepaliveRequests}};
+  {{~/if}}
+
+  {{#if Upstream.KeepaliveTime~}}
+  keepalive_time {{Upstream.KeepaliveTime}};
+  {{~/if}}
+
+  {{#if Upstream.KeepaliveTimeout~}}
+  keepalive_timeout {{Upstream.KeepaliveTimeout}};
+  {{~/if}}
+
+  {{Upstream.AdvancedConfig}}
+
+  {{#each Upstream.Servers~}}
+  {{#unless IsDeleted~}}
+  server {{Server}} {{#if Weight}}weight={{Weight}} {{/if}}{{#if MaxConns}}max_conns={{MaxConns}} {{/if}}{{#if MaxFails}}max_fails={{MaxFails}} {{/if}}{{#if FailTimeout}}fail_timeout={{FailTimeout}} {{/if}}{{#if Backup}}backup{{/if}};
+  {{/unless}}
+  {{/each}}
+}
+'
+);
+
+-- migrate:down

backend/embed/migrations/sqlite/20201013035318_initial_schema.sql

@@ -1,6 +1,6 @@
 -- migrate:up
 
-CREATE TABLE IF NOT EXISTS `keys`
+CREATE TABLE IF NOT EXISTS `jwt_keys`
 (
 	id INTEGER PRIMARY KEY AUTOINCREMENT,
 	created_at INTEGER NOT NULL DEFAULT 0,
@@ -110,15 +110,15 @@ CREATE TABLE IF NOT EXISTS `certificate`
 	created_at INTEGER NOT NULL DEFAULT 0,
 	updated_at INTEGER NOT NULL DEFAULT 0,
 	is_deleted INTEGER NOT NULL DEFAULT 0,
-	type TEXT NOT NULL, -- custom,dns,http
 	user_id INTEGER NOT NULL,
+	type TEXT NOT NULL, -- custom,dns,http
 	certificate_authority_id INTEGER, -- 0 for a custom cert
 	dns_provider_id INTEGER, -- 0, for a http or custom cert
 	name TEXT NOT NULL,
 	domain_names TEXT NOT NULL,
 	expires_on INTEGER DEFAULT 0,
 	status TEXT NOT NULL, -- ready,requesting,failed,provided
-	error_message text NOT NULL DEFAULT "",
+	error_message TEXT NOT NULL DEFAULT "",
 	meta TEXT NOT NULL,
 	is_ecc INTEGER NOT NULL DEFAULT 0,
 	FOREIGN KEY (user_id) REFERENCES user (id),
@@ -142,6 +142,19 @@ CREATE TABLE IF NOT EXISTS `stream`
 	FOREIGN KEY (user_id) REFERENCES user (id)
 );
 
+CREATE TABLE IF NOT EXISTS `nginx_template`
+(
+	id INTEGER PRIMARY KEY AUTOINCREMENT,
+	created_at INTEGER NOT NULL DEFAULT 0,
+	updated_at INTEGER NOT NULL DEFAULT 0,
+	is_deleted INTEGER NOT NULL DEFAULT 0,
+	user_id INTEGER NOT NULL,
+	name TEXT NOT NULL,
+	type TEXT NOT NULL,
+	template TEXT NOT NULL,
+	FOREIGN KEY (user_id) REFERENCES user (id)
+);
+
 CREATE TABLE IF NOT EXISTS `upstream`
 (
 	id INTEGER PRIMARY KEY AUTOINCREMENT,
@@ -192,19 +205,6 @@ CREATE TABLE IF NOT EXISTS `access_list`
 	FOREIGN KEY (user_id) REFERENCES user (id)
 );
 
-CREATE TABLE IF NOT EXISTS `nginx_template`
-(
-	id INTEGER PRIMARY KEY AUTOINCREMENT,
-	created_at INTEGER NOT NULL DEFAULT 0,
-	updated_at INTEGER NOT NULL DEFAULT 0,
-	is_deleted INTEGER NOT NULL DEFAULT 0,
-	user_id INTEGER NOT NULL,
-	name TEXT NOT NULL,
-	type TEXT NOT NULL,
-	template TEXT NOT NULL,
-	FOREIGN KEY (user_id) REFERENCES user (id)
-);
-
 CREATE TABLE IF NOT EXISTS `host`
 (
 	id INTEGER PRIMARY KEY AUTOINCREMENT,