mirror of
https://github.com/NginxProxyManager/nginx-proxy-manager.git
synced 2025-06-18 18:16:26 +00:00
Initial commit
This commit is contained in:
Jamie Curnow
261
manager/src/backend/internal/access.js
Normal file
261
manager/src/backend/internal/access.js
Normal file
@ -0,0 +1,261 @@
|
||||
'use strict';
|
||||
|
||||
const _ = require('lodash');
|
||||
const fs = require('fs');
|
||||
const batchflow = require('batchflow');
|
||||
const db = require('../db');
|
||||
const logger = require('../logger');
|
||||
const internalNginx = require('./nginx');
|
||||
const utils = require('../lib/utils');
|
||||
|
||||
const internalAccess = {
|
||||
|
||||
/**
|
||||
* All Access Lists
|
||||
*
|
||||
* @returns {Promise}
|
||||
*/
|
||||
getAll: () => {
|
||||
return new Promise((resolve/*, reject*/) => {
|
||||
resolve(db.access.find());
|
||||
})
|
||||
.then(list => {
|
||||
_.map(list, (list_item, idx) => {
|
||||
list[idx] = internalAccess.maskItems(list_item);
|
||||
list[idx].hosts = db.hosts.find({access_list_id: list_item._id});
|
||||
});
|
||||
|
||||
return list;
|
||||
});
|
||||
},
|
||||
|
||||
/**
|
||||
* Specific Access List
|
||||
*
|
||||
* @param {String} id
|
||||
* @returns {Promise}
|
||||
*/
|
||||
get: id => {
|
||||
return new Promise((resolve/*, reject*/) => {
|
||||
resolve(db.access.findOne({_id: id}));
|
||||
})
|
||||
.then(list => {
|
||||
if (list) {
|
||||
return internalAccess.maskItems(list);
|
||||
}
|
||||
|
||||
list.hosts = db.hosts.find({access_list_id: list._id});
|
||||
|
||||
return list;
|
||||
});
|
||||
},
|
||||
|
||||
/**
|
||||
* Create a Access List
|
||||
*
|
||||
* @param {Object} payload
|
||||
* @returns {Promise}
|
||||
*/
|
||||
create: payload => {
|
||||
return new Promise((resolve/*, reject*/) => {
|
||||
// Add list to db
|
||||
resolve(db.access.save(payload));
|
||||
})
|
||||
.then(list => {
|
||||
return internalAccess.build(list)
|
||||
.then(() => {
|
||||
return internalAccess.maskItems(list);
|
||||
});
|
||||
});
|
||||
},
|
||||
|
||||
/**
|
||||
* Update a Access List
|
||||
*
|
||||
* @param {String} id
|
||||
* @param {Object} payload
|
||||
* @returns {Promise}
|
||||
*/
|
||||
update: (id, payload) => {
|
||||
return new Promise((resolve, reject) => {
|
||||
// get existing list
|
||||
let list = db.access.findOne({_id: id});
|
||||
|
||||
if (!list) {
|
||||
reject(new error.ValidationError('Access List not found'));
|
||||
} else {
|
||||
|
||||
if (typeof payload.name !== 'undefined') {
|
||||
list.name = payload.name;
|
||||
}
|
||||
|
||||
if (typeof payload.items !== 'undefined') {
|
||||
// go through each of the items in the payload and assess how they apply to the original items
|
||||
let new_items = [];
|
||||
_.map(payload.items, (payload_item) => {
|
||||
if (!payload_item.password) {
|
||||
// try to find original item and use the password from there, this is essentially keeping existing users
|
||||
let old = _.find(list.items, {username: payload_item.username});
|
||||
if (old) {
|
||||
new_items.push(old);
|
||||
}
|
||||
} else {
|
||||
new_items.push(payload_item);
|
||||
}
|
||||
});
|
||||
|
||||
list.items = new_items;
|
||||
}
|
||||
|
||||
db.access.update({_id: id}, list, {multi: false, upsert: false});
|
||||
resolve(list);
|
||||
}
|
||||
})
|
||||
.then(list => {
|
||||
return internalAccess.build(list)
|
||||
.then(() => {
|
||||
return internalAccess.maskItems(list);
|
||||
});
|
||||
});
|
||||
},
|
||||
|
||||
/**
|
||||
* Deletes a Access List
|
||||
*
|
||||
* @param {String} id
|
||||
* @returns {Promise}
|
||||
*/
|
||||
delete: id => {
|
||||
const internalHost = require('./host');
|
||||
let associated_hosts = db.hosts.find({access_list_id: id});
|
||||
|
||||
return new Promise((resolve/*, reject*/) => {
|
||||
db.hosts.update({access_list_id: id}, {access_list_id: ''}, {multi: true, upsert: false});
|
||||
|
||||
if (associated_hosts.length) {
|
||||
// regenerate config for these hosts
|
||||
let promises = [];
|
||||
|
||||
_.map(associated_hosts, associated_host => {
|
||||
promises.push(internalHost.configure(db.hosts.findOne({_id: associated_host._id})));
|
||||
});
|
||||
|
||||
resolve(Promise.all(promises));
|
||||
} else {
|
||||
resolve();
|
||||
}
|
||||
})
|
||||
.then(() => {
|
||||
// restart nginx
|
||||
if (associated_hosts.length) {
|
||||
return internalNginx.reload();
|
||||
}
|
||||
})
|
||||
.then(() => {
|
||||
db.access.remove({_id: id}, false);
|
||||
|
||||
// delete access file
|
||||
try {
|
||||
fs.unlinkSync(internalAccess.getFilename(id));
|
||||
} catch (err) {
|
||||
// do nothing
|
||||
}
|
||||
|
||||
return true;
|
||||
});
|
||||
},
|
||||
|
||||
/**
|
||||
* @param {Object} list
|
||||
* @returns {Object}
|
||||
*/
|
||||
maskItems: list => {
|
||||
if (list && typeof list.items !== 'undefined') {
|
||||
_.map(list.items, (val, idx) => {
|
||||
list.items[idx].hint = val.password.charAt(0) + ('*').repeat(val.password.length - 1);
|
||||
list.items[idx].password = '';
|
||||
});
|
||||
}
|
||||
|
||||
return list;
|
||||
},
|
||||
|
||||
/**
|
||||
* @param {String|Object} list
|
||||
* @returns {String}
|
||||
*/
|
||||
getFilename: (list) => {
|
||||
return '/config/access/' + (typeof list === 'string' ? list : list._id);
|
||||
},
|
||||
|
||||
/**
|
||||
* @param {Object} list
|
||||
* @returns {Promise}
|
||||
*/
|
||||
build: list => {
|
||||
logger.info('Building Access file for: ' + list.name);
|
||||
|
||||
return new Promise((resolve, reject) => {
|
||||
if (typeof list._id !== 'undefined') {
|
||||
|
||||
let htpasswd_file = internalAccess.getFilename(list);
|
||||
|
||||
// 1. remove any existing access file
|
||||
try {
|
||||
fs.unlinkSync(htpasswd_file);
|
||||
} catch (err) {
|
||||
// do nothing
|
||||
}
|
||||
|
||||
// 2. create empty access file
|
||||
try {
|
||||
fs.writeFileSync(htpasswd_file, '', {encoding: 'utf8'});
|
||||
resolve(htpasswd_file);
|
||||
} catch (err) {
|
||||
reject(err);
|
||||
}
|
||||
} else {
|
||||
reject(new Error('List does not have an _id'));
|
||||
}
|
||||
})
|
||||
.then(htpasswd_file => {
|
||||
// 3. generate password for each user
|
||||
if (list.items.length) {
|
||||
return new Promise((resolve, reject) => {
|
||||
batchflow(list.items).sequential()
|
||||
.each((i, item, next) => {
|
||||
if (typeof item.password !== 'undefined' && item.password.length) {
|
||||
logger.info('Adding: ' + item.username);
|
||||
|
||||
utils.exec('/usr/bin/htpasswd -b "' + htpasswd_file + '" "' + item.username + '" "' + item.password + '"')
|
||||
.then((/*result*/) => {
|
||||
next();
|
||||
})
|
||||
.catch(err => {
|
||||
logger.error(err);
|
||||
next(err);
|
||||
});
|
||||
}
|
||||
})
|
||||
.error(err => {
|
||||
logger.error(err);
|
||||
reject(err);
|
||||
})
|
||||
.end(results => {
|
||||
logger.info('Built Access file for: ' + list.name);
|
||||
resolve(results);
|
||||
});
|
||||
});
|
||||
}
|
||||
})
|
||||
.then(() => {
|
||||
// only reload nginx if any hosts are using this access
|
||||
let hosts = db.hosts.find({access_list_id: list._id});
|
||||
if (hosts && hosts.length) {
|
||||
return internalNginx.reload();
|
||||
}
|
||||
});
|
||||
}
|
||||
};
|
||||
|
||||
module.exports = internalAccess;
|
||||
263
manager/src/backend/internal/host.js
Normal file
263
manager/src/backend/internal/host.js
Normal file
@ -0,0 +1,263 @@
|
||||
'use strict';
|
||||
|
||||
const _ = require('lodash');
|
||||
|
||||
const db = require('../db');
|
||||
const error = require('../lib/error');
|
||||
const internalAccess = require('./access');
|
||||
const internalSsl = require('./ssl');
|
||||
const internalNginx = require('./nginx');
|
||||
const timestamp = require('unix-timestamp');
|
||||
|
||||
timestamp.round = true;
|
||||
|
||||
const internalHost = {
|
||||
|
||||
/**
|
||||
* All Hosts
|
||||
*
|
||||
* @returns {Promise}
|
||||
*/
|
||||
getAll: () => {
|
||||
return new Promise((resolve/*, reject*/) => {
|
||||
resolve(db.hosts.find());
|
||||
})
|
||||
.then(hosts => {
|
||||
_.map(hosts, (host, idx) => {
|
||||
if (typeof host.access_list_id !== 'undefined' && host.access_list_id) {
|
||||
hosts[idx].access_list = internalAccess.maskItems(db.access.findOne({_id: host.access_list_id}));
|
||||
} else {
|
||||
hosts[idx].access_list_id = '';
|
||||
hosts[idx].access_list = null;
|
||||
}
|
||||
});
|
||||
|
||||
return hosts;
|
||||
});
|
||||
},
|
||||
|
||||
/**
|
||||
* Create a Host
|
||||
*
|
||||
* @param {Object} payload
|
||||
* @returns {Promise}
|
||||
*/
|
||||
create: payload => {
|
||||
return new Promise((resolve, reject) => {
|
||||
// Enforce lowercase hostnames
|
||||
payload.hostname = payload.hostname.toLowerCase();
|
||||
|
||||
// 1. Check that the hostname doesn't already exist
|
||||
let existing_host = db.hosts.findOne({hostname: payload.hostname});
|
||||
|
||||
if (existing_host) {
|
||||
reject(new error.ValidationError('Hostname already exists'));
|
||||
} else {
|
||||
// 2. Add host to db
|
||||
let host = db.hosts.save(payload);
|
||||
|
||||
// 3. Fire the config generation for this host
|
||||
internalHost.configure(host, true)
|
||||
.then((/*result*/) => {
|
||||
resolve(host);
|
||||
})
|
||||
.catch(err => {
|
||||
reject(err);
|
||||
});
|
||||
}
|
||||
})
|
||||
.catch(err => {
|
||||
// Remove host if the configuration failed
|
||||
if (err instanceof error.ConfigurationError) {
|
||||
db.hosts.remove({hostname: payload.hostname});
|
||||
internalNginx.deleteConfig(payload);
|
||||
internalSsl.deleteCerts(payload);
|
||||
}
|
||||
|
||||
throw err;
|
||||
});
|
||||
},
|
||||
|
||||
/**
|
||||
* Update a Host
|
||||
*
|
||||
* @param {String} id
|
||||
* @param {Object} payload
|
||||
* @returns {Promise}
|
||||
*/
|
||||
update: (id, payload) => {
|
||||
return new Promise((resolve, reject) => {
|
||||
let original_host = db.hosts.findOne({_id: id});
|
||||
|
||||
if (!original_host) {
|
||||
reject(new error.ValidationError('Host not found'));
|
||||
} else {
|
||||
// Enforce lowercase hostnames
|
||||
if (typeof payload.hostname !== 'undefined') {
|
||||
payload.hostname = payload.hostname.toLowerCase();
|
||||
}
|
||||
|
||||
// Check that the hostname doesn't already exist
|
||||
let other_host = db.hosts.findOne({hostname: payload.hostname});
|
||||
|
||||
if (other_host && other_host._id !== id) {
|
||||
reject(new error.ValidationError('Hostname already exists'));
|
||||
} else {
|
||||
// 2. Update host
|
||||
db.hosts.update({_id: id}, payload, {multi: false, upsert: false});
|
||||
let updated_host = db.hosts.findOne({_id: id});
|
||||
|
||||
resolve({
|
||||
original: original_host,
|
||||
updated: updated_host
|
||||
});
|
||||
}
|
||||
}
|
||||
})
|
||||
.then(data => {
|
||||
if (data.original.hostname !== data.updated.hostname) {
|
||||
// Hostname has changed, delete the old file
|
||||
return internalNginx.deleteConfig(data.original)
|
||||
.then(() => {
|
||||
return data;
|
||||
});
|
||||
}
|
||||
|
||||
return data;
|
||||
})
|
||||
.then(data => {
|
||||
if (
|
||||
(data.original.ssl && !data.updated.ssl) || // ssl was enabled and is now disabled
|
||||
(data.original.ssl && data.original.hostname !== data.updated.hostname) // hostname was changed for a previously ssl-enabled host
|
||||
) {
|
||||
// SSL was turned off or hostname for ssl has changed so we should remove certs for the original
|
||||
return internalSsl.deleteCerts(data.original)
|
||||
.then(() => {
|
||||
db.hosts.update({_id: data.updated._id}, {ssl_expires: 0}, {multi: false, upsert: false});
|
||||
data.updated.ssl_expires = 0;
|
||||
return data;
|
||||
});
|
||||
}
|
||||
|
||||
return data;
|
||||
})
|
||||
.then(data => {
|
||||
// 3. Fire the config generation for this host
|
||||
return internalHost.configure(data.updated, true)
|
||||
.then((/*result*/) => {
|
||||
return data.updated;
|
||||
});
|
||||
});
|
||||
},
|
||||
|
||||
/**
|
||||
* This will create the nginx config for the host and fire off letsencrypt duties if required
|
||||
*
|
||||
* @param {Object} host
|
||||
* @param {Boolean} [reload_nginx]
|
||||
* @param {Boolean} [force_ssl_renew]
|
||||
* @returns {Promise}
|
||||
*/
|
||||
configure: (host, reload_nginx, force_ssl_renew) => {
|
||||
return new Promise((resolve/*, reject*/) => {
|
||||
resolve(internalNginx.deleteConfig(host));
|
||||
})
|
||||
.then(() => {
|
||||
if (host.ssl && (force_ssl_renew || !internalSsl.hasValidSslCerts(host))) {
|
||||
return internalSsl.configureSsl(host);
|
||||
}
|
||||
})
|
||||
.then(() => {
|
||||
return internalNginx.generateConfig(host);
|
||||
})
|
||||
.then(() => {
|
||||
if (reload_nginx) {
|
||||
return internalNginx.reload();
|
||||
}
|
||||
});
|
||||
},
|
||||
|
||||
/**
|
||||
* Deletes a Host
|
||||
*
|
||||
* @param {String} id
|
||||
* @returns {Promise}
|
||||
*/
|
||||
delete: id => {
|
||||
let existing_host = db.hosts.findOne({_id: id});
|
||||
return new Promise((resolve, reject) => {
|
||||
if (existing_host) {
|
||||
db.hosts.update({_id: id}, {is_deleted: true}, {multi: true, upsert: false});
|
||||
resolve(internalNginx.deleteConfig(existing_host));
|
||||
} else {
|
||||
reject(new error.ValidationError('Hostname does not exist'));
|
||||
}
|
||||
})
|
||||
.then(() => {
|
||||
if (existing_host.ssl) {
|
||||
return internalSsl.deleteCerts(existing_host);
|
||||
}
|
||||
})
|
||||
.then(() => {
|
||||
db.hosts.remove({_id: id}, false);
|
||||
return internalNginx.reload();
|
||||
})
|
||||
.then(() => {
|
||||
return true;
|
||||
});
|
||||
},
|
||||
|
||||
/**
|
||||
* Reconfigure a Host
|
||||
*
|
||||
* @param {String} id
|
||||
* @returns {Promise}
|
||||
*/
|
||||
reconfigure: id => {
|
||||
return new Promise((resolve, reject) => {
|
||||
let host = db.hosts.findOne({_id: id});
|
||||
|
||||
if (!host) {
|
||||
reject(new error.ValidationError('Host does not exist: ' + id));
|
||||
} else {
|
||||
// 3. Fire the config generation for this host
|
||||
internalHost.configure(host, true)
|
||||
.then((/*result*/) => {
|
||||
resolve(host);
|
||||
})
|
||||
.catch(err => {
|
||||
reject(err);
|
||||
});
|
||||
}
|
||||
});
|
||||
},
|
||||
|
||||
/**
|
||||
* Renew SSL for a Host
|
||||
*
|
||||
* @param {String} id
|
||||
* @returns {Promise}
|
||||
*/
|
||||
renew: id => {
|
||||
return new Promise((resolve, reject) => {
|
||||
let host = db.hosts.findOne({_id: id});
|
||||
|
||||
if (!host) {
|
||||
reject(new error.ValidationError('Host does not exist'));
|
||||
} else if (!host.ssl) {
|
||||
reject(new error.ValidationError('Host does not have SSL enabled'));
|
||||
} else {
|
||||
// 3. Fire the ssl and config generation for this host, forcing ssl
|
||||
internalHost.configure(host, true, true)
|
||||
.then((/*result*/) => {
|
||||
resolve(host);
|
||||
})
|
||||
.catch(err => {
|
||||
reject(err);
|
||||
});
|
||||
}
|
||||
});
|
||||
}
|
||||
};
|
||||
|
||||
module.exports = internalHost;
|
||||
78
manager/src/backend/internal/nginx.js
Normal file
78
manager/src/backend/internal/nginx.js
Normal file
@ -0,0 +1,78 @@
|
||||
'use strict';
|
||||
|
||||
const fs = require('fs');
|
||||
const ejs = require('ejs');
|
||||
const logger = require('../logger');
|
||||
const utils = require('../lib/utils');
|
||||
const error = require('../lib/error');
|
||||
|
||||
const internalNginx = {
|
||||
|
||||
/**
|
||||
* @returns {Promise}
|
||||
*/
|
||||
test: () => {
|
||||
logger.info('Testing Nginx configuration');
|
||||
return utils.exec('/usr/sbin/nginx -t');
|
||||
},
|
||||
|
||||
/**
|
||||
* @returns {Promise}
|
||||
*/
|
||||
reload: () => {
|
||||
return internalNginx.test()
|
||||
.then(() => {
|
||||
logger.info('Reloading Nginx');
|
||||
return utils.exec('/usr/sbin/nginx -s reload');
|
||||
});
|
||||
},
|
||||
|
||||
/**
|
||||
* @param {Object} host
|
||||
* @returns {String}
|
||||
*/
|
||||
getConfigName: host => {
|
||||
return '/config/nginx/' + host.hostname + '.conf';
|
||||
},
|
||||
|
||||
/**
|
||||
* @param {Object} host
|
||||
* @returns {Promise}
|
||||
*/
|
||||
generateConfig: host => {
|
||||
return new Promise((resolve, reject) => {
|
||||
let template = null;
|
||||
let filename = internalNginx.getConfigName(host);
|
||||
|
||||
try {
|
||||
template = fs.readFileSync(__dirname + '/../templates/host.conf.ejs', {encoding: 'utf8'});
|
||||
let config_text = ejs.render(template, host);
|
||||
fs.writeFileSync(filename, config_text, {encoding: 'utf8'});
|
||||
resolve(true);
|
||||
} catch (err) {
|
||||
reject(new error.ConfigurationError(err.message));
|
||||
}
|
||||
});
|
||||
},
|
||||
|
||||
/**
|
||||
* @param {Object} host
|
||||
* @param {Boolean} [throw_errors]
|
||||
* @returns {Promise}
|
||||
*/
|
||||
deleteConfig: (host, throw_errors) => {
|
||||
return new Promise((resolve, reject) => {
|
||||
try {
|
||||
fs.unlinkSync(internalNginx.getConfigName(host));
|
||||
} catch (err) {
|
||||
if (throw_errors) {
|
||||
reject(err);
|
||||
}
|
||||
}
|
||||
|
||||
resolve();
|
||||
});
|
||||
}
|
||||
};
|
||||
|
||||
module.exports = internalNginx;
|
||||
151
manager/src/backend/internal/ssl.js
Normal file
151
manager/src/backend/internal/ssl.js
Normal file
@ -0,0 +1,151 @@
|
||||
'use strict';
|
||||
|
||||
const _ = require('lodash');
|
||||
const fs = require('fs');
|
||||
const ejs = require('ejs');
|
||||
const timestamp = require('unix-timestamp');
|
||||
const batchflow = require('batchflow');
|
||||
const internalNginx = require('./nginx');
|
||||
const logger = require('../logger');
|
||||
const db = require('../db');
|
||||
const utils = require('../lib/utils');
|
||||
const error = require('../lib/error');
|
||||
|
||||
timestamp.round = true;
|
||||
|
||||
const internalSsl = {
|
||||
|
||||
interval_timeout: 60 * 1000,
|
||||
interval: null,
|
||||
interval_processing: false,
|
||||
|
||||
initTimer: () => {
|
||||
internalSsl.interval = setInterval(internalSsl.processExpiringHosts, internalSsl.interval_timeout);
|
||||
},
|
||||
|
||||
/**
|
||||
* Triggered by a timer, this will check for expiring hosts and renew their ssl certs if required
|
||||
*/
|
||||
processExpiringHosts: () => {
|
||||
if (!internalSsl.interval_processing) {
|
||||
let hosts = db.hosts.find();
|
||||
|
||||
if (hosts && hosts.length) {
|
||||
internalSsl.interval_processing = true;
|
||||
|
||||
batchflow(hosts).sequential()
|
||||
.each((i, host, next) => {
|
||||
if ((typeof host.is_deleted === 'undefined' || !host.is_deleted) && host.ssl && typeof host.ssl_expires !== 'undefined' && !internalSsl.hasValidSslCerts(host)) {
|
||||
// This host is due to expire in 1 day, time to renew
|
||||
logger.info('Host ' + host.hostname + ' is due for SSL renewal');
|
||||
|
||||
internalSsl.configureSsl(host)
|
||||
.then(() => {
|
||||
return internalNginx.generateConfig(host);
|
||||
})
|
||||
.then(internalNginx.reload)
|
||||
.then(next)
|
||||
.catch(err => {
|
||||
logger.error(err);
|
||||
next(err);
|
||||
});
|
||||
} else {
|
||||
next();
|
||||
}
|
||||
})
|
||||
.error(err => {
|
||||
logger.error(err);
|
||||
internalSsl.interval_processing = false;
|
||||
})
|
||||
.end((/*results*/) => {
|
||||
internalSsl.interval_processing = false;
|
||||
});
|
||||
}
|
||||
}
|
||||
},
|
||||
|
||||
/**
|
||||
* @param {Object} host
|
||||
* @returns {Boolean}
|
||||
*/
|
||||
hasValidSslCerts: host => {
|
||||
return fs.existsSync('/etc/letsencrypt/live/' + host.hostname + '/fullchain.pem') &&
|
||||
fs.existsSync('/etc/letsencrypt/live/' + host.hostname + '/privkey.pem') &&
|
||||
host.ssl_expires > timestamp.now('+1d');
|
||||
},
|
||||
|
||||
/**
|
||||
* @param {Object} host
|
||||
* @returns {Promise}
|
||||
*/
|
||||
requestSsl: host => {
|
||||
logger.info('Requesting SSL certificates for ' + host.hostname);
|
||||
|
||||
return utils.exec('/usr/bin/letsencrypt certonly --agree-tos --email "' + host.letsencrypt_email + '" -n -a webroot --webroot-path=' + host.root_path + ' -d "' + host.hostname + '"')
|
||||
.then(result => {
|
||||
logger.info(result);
|
||||
return result;
|
||||
});
|
||||
},
|
||||
|
||||
/**
|
||||
* @param {Object} host
|
||||
* @returns {Promise}
|
||||
*/
|
||||
deleteCerts: host => {
|
||||
logger.info('Deleting SSL certificates for ' + host.hostname);
|
||||
|
||||
return utils.exec('/usr/bin/letsencrypt delete -n --cert-name "' + host.hostname + '"')
|
||||
.then(result => {
|
||||
logger.info(result);
|
||||
})
|
||||
.catch(err => {
|
||||
logger.error(err);
|
||||
});
|
||||
},
|
||||
|
||||
/**
|
||||
* @param {Object} host
|
||||
* @returns {Promise}
|
||||
*/
|
||||
generateSslSetupConfig: host => {
|
||||
let template = null;
|
||||
let filename = internalNginx.getConfigName(host);
|
||||
let template_data = host;
|
||||
|
||||
template_data.root_path = '/tmp/' + host.hostname;
|
||||
|
||||
return utils.exec('mkdir -p ' + template_data.root_path)
|
||||
.then(() => {
|
||||
try {
|
||||
template = fs.readFileSync(__dirname + '/../templates/letsencrypt.conf.ejs', {encoding: 'utf8'});
|
||||
let config_text = ejs.render(template, template_data);
|
||||
fs.writeFileSync(filename, config_text, {encoding: 'utf8'});
|
||||
|
||||
return template_data;
|
||||
} catch (err) {
|
||||
throw new error.ConfigurationError(err.message);
|
||||
}
|
||||
});
|
||||
},
|
||||
|
||||
/**
|
||||
* @param {Object} host
|
||||
* @returns {Promise}
|
||||
*/
|
||||
configureSsl: host => {
|
||||
return internalSsl.generateSslSetupConfig(host)
|
||||
.then(data => {
|
||||
return internalNginx.reload()
|
||||
.then(() => {
|
||||
return internalSsl.requestSsl(data);
|
||||
});
|
||||
})
|
||||
.then(() => {
|
||||
// Certificate was requested ok, update the timestamp on the host
|
||||
db.hosts.update({_id: host._id}, {ssl_expires: timestamp.now('+90d')}, {multi: false, upsert: false});
|
||||
});
|
||||
}
|
||||
};
|
||||
|
||||
module.exports = internalSsl;
|
||||
Reference in New Issue
Block a user