Merge 3856b6b03d into c4df89df1f

backend/internal/certificate.js

@@ -576,6 +576,7 @@ const internalCertificate = {
 		return internalCertificate.create(access, {
 			provider:     'letsencrypt',
 			domain_names: data.domain_names,
+			ssl_key_type: data.ssl_key_type,
 			meta:         data.meta
 		});
 	},
@@ -838,6 +839,7 @@ const internalCertificate = {
 
 		const cmd = `${certbotCommand} certonly ` +
 			`--config '${letsencryptConfig}' ` +
+			`--key-type '${certificate.ssl_key_type}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
 			`--cert-name "npm-${certificate.id}" ` +
@@ -879,6 +881,7 @@ const internalCertificate = {
 
 		let mainCmd = certbotCommand + ' certonly ' +
 			`--config '${letsencryptConfig}' ` +
+			`--key-type '${certificate.ssl_key_type}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
 			`--cert-name 'npm-${certificate.id}' ` +
@@ -975,6 +978,7 @@ const internalCertificate = {
 
 		const cmd = certbotCommand + ' renew --force-renewal ' +
 			`--config '${letsencryptConfig}' ` +
+			`--key-type '${certificate.ssl_key_type}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
 			`--cert-name 'npm-${certificate.id}' ` +
@@ -1008,6 +1012,7 @@ const internalCertificate = {
 
 		let mainCmd = certbotCommand + ' renew --force-renewal ' +
 			`--config "${letsencryptConfig}" ` +
+			`--key-type '${certificate.ssl_key_type}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
 			`--cert-name 'npm-${certificate.id}' ` +
@@ -1038,9 +1043,10 @@ const internalCertificate = {
 	 */
 	revokeLetsEncryptSsl: (certificate, throw_errors) => {
 		logger.info('Revoking Let\'sEncrypt certificates for Cert #' + certificate.id + ': ' + certificate.domain_names.join(', '));
-
+		
 		const mainCmd = certbotCommand + ' revoke ' +
 			`--config '${letsencryptConfig}' ` +
+			`--key-type '${certificate.ssl_key_type}' ` +
 			'--work-dir "/tmp/letsencrypt-lib" ' +
 			'--logs-dir "/tmp/letsencrypt-log" ' +
 			`--cert-path '/etc/letsencrypt/live/npm-${certificate.id}/fullchain.pem' ` +

backend/internal/host.js

@@ -229,8 +229,32 @@ const internalHost = {
 		}
 
 		return response;
-	}
+	},
 
+	/**
+	 * Internal use only, checks to see if the there is another default server record
+	 *
+	 * @param   {String}   hostname
+	 * @param   {String}   [ignore_type]   'proxy', 'redirection', 'dead'
+	 * @param   {Integer}  [ignore_id]     Must be supplied if type was also supplied
+	 * @returns {Promise}
+	 */
+	checkDefaultServerNotExist: function (hostname) {
+		let promises = proxyHostModel
+			.query()
+			.where('default_server', true)
+			.andWhere('domain_names', 'not like', '%' + hostname + '%');
+
+		
+		return Promise.resolve(promises)
+			.then((promises_results) => {
+				if (promises_results.length > 0){
+					return false;
+				}
+				return true;
+			});
+		
+	}
 };
 
 module.exports = internalHost;

backend/internal/proxy-host.js

@@ -44,6 +44,22 @@ const internalProxyHost = {
 						});
 					});
 			})
+			.then(() => {
+				// Get a list of the domain names and check each of them against default records
+				if (data.default_server){
+					if (data.domain_names.length > 1) {
+						throw new error.ValidationError('Default server cant be set for multiple domain!');
+					}
+	
+					return internalHost
+						.checkDefaultServerNotExist(data.domain_names[0])
+						.then((result) => {
+							if (!result){
+								throw new error.ValidationError('One default server already exists');
+							}
+						});
+				}
+			})
 			.then(() => {
 				// At this point the domains should have been checked
 				data.owner_user_id = access.token.getUserId(1);
@@ -141,6 +157,22 @@ const internalProxyHost = {
 						});
 				}
 			})
+			.then(() => {
+				// Get a list of the domain names and check each of them against default records
+				if (data.default_server){
+					if (data.domain_names.length > 1) {
+						throw new error.ValidationError('Default server cant be set for multiple domain!');
+					}
+	
+					return internalHost
+						.checkDefaultServerNotExist(data.domain_names[0])
+						.then((result) => {
+							if (!result){
+								throw new error.ValidationError('One default server already exists');
+							}
+						});
+				}
+			})
 			.then(() => {
 				return internalProxyHost.get(access, {id: data.id});
 			})
@@ -153,6 +185,7 @@ const internalProxyHost = {
 				if (create_certificate) {
 					return internalCertificate.createQuickCertificate(access, {
 						domain_names: data.domain_names || row.domain_names,
+						ssl_key_type: data.ssl_key_type || row.ssl_key_type,
 						meta:         _.assign({}, row.meta, data.meta)
 					})
 						.then((cert) => {

backend/migrations/20241209062244_ssl_key_type.js

@@ -0,0 +1,51 @@
+const migrate_name = 'identifier_for_migrate';
+const logger       = require('../logger').migrate;
+
+/**
+ * Migrate
+ *
+ * @see http://knexjs.org/#Schema
+ *
+ * @param {Object} knex
+ * @param {Promise} Promise
+ * @returns {Promise}
+ */
+exports.up = function (knex) {
+
+	logger.info(`[${migrate_name}] Migrating Up...`);
+
+	return knex.schema.alterTable('proxy_host', (table) => {
+		table.enum('ssl_key_type', ['ecdsa', 'rsa']).defaultTo('ecdsa').notNullable();
+	}).then(() => {
+		logger.info(`[${migrate_name}] Column 'ssl_key_type' added to table 'proxy_host'`);
+
+		return knex.schema.alterTable('certificate', (table) => {
+			table.enum('ssl_key_type', ['ecdsa', 'rsa']).defaultTo('ecdsa').notNullable();
+		});
+	}).then(() => {
+		logger.info(`[${migrate_name}] Column 'ssl_key_type' added to table 'proxy_host'`);
+	});
+};
+
+/**
+ * Undo Migrate
+ *
+ * @param {Object} knex
+ * @param {Promise} Promise
+ * @returns {Promise}
+ */
+exports.down = function (knex) {
+	logger.info(`[${migrate_name}] Migrating Down...`);
+
+	return knex.schema.alterTable('proxy_host', (table) => {
+		table.dropColumn('ssl_key_type');
+	}).then(() => {
+		logger.info(`[${migrate_name}] Column 'ssl_key_type' removed from table 'proxy_host'`);
+
+		return knex.schema.alterTable('certificate', (table) => {
+			table.dropColumn('ssl_key_type');
+		});
+	}).then(() => {
+		logger.info(`[${migrate_name}] Column 'ssl_key_type' removed from table 'proxy_host'`);
+	});
+};

backend/migrations/20241221201400_default_server.js

@@ -0,0 +1,40 @@
+const migrate_name = 'default_server';
+const logger       = require('../logger').migrate;
+
+/**
+ * Migrate Up
+ *
+ * @param {Object} knex
+ * @param {Promise} Promise
+ * @returns {Promise}
+ */
+exports.up = function (knex) {
+	logger.info(`[${migrate_name}] Migrating Up...`);
+
+	// Add default_server column to proxy_host table
+	return knex.schema.table('proxy_host', (table) => {
+		table.boolean('default_server').notNullable().defaultTo(false);
+	})
+		.then(() => {
+			logger.info(`[${migrate_name}] Column 'default_server' added to 'proxy_host' table`);
+		});
+};
+
+/**
+ * Migrate Down
+ *
+ * @param {Object} knex
+ * @param {Promise} Promise
+ * @returns {Promise}
+ */
+exports.down = function (knex) {
+	logger.info(`[${migrate_name}] Migrating Down...`);
+
+	// Remove default_server column from proxy_host table
+	return knex.schema.table('proxy_host', (table) => {
+		table.dropColumn('default_server');
+	})
+		.then(() => {
+			logger.info(`[${migrate_name}] Column 'default_server' removed from 'proxy_host' table`);
+		});
+};

backend/models/proxy_host.js

@@ -21,6 +21,7 @@ const boolFields = [
 	'enabled',
 	'hsts_enabled',
 	'hsts_subdomains',
+	'default_server',
 ];
 
 class ProxyHost extends Model {

backend/schema/components/certificate-object.json

@@ -41,6 +41,11 @@
 		"owner": {
 			"$ref": "./user-object.json"
 		},
+		"ssl_key_type": {
+			"type": "string",
+			"enum": ["ecdsa", "rsa"],
+			"description": "Type of SSL key (either ecdsa or rsa)"
+		},
 		"meta": {
 			"type": "object",
 			"additionalProperties": false,

backend/schema/components/proxy-host-object.json

@@ -23,6 +23,7 @@
 		"locations",
 		"hsts_enabled",
 		"hsts_subdomains",
+		"default_server",
 		"certificate"
 	],
 	"additionalProperties": false,
@@ -149,6 +150,15 @@
 					"$ref": "./access-list-object.json"
 				}
 			]
+		},
+		"ssl_key_type": {
+			"type": "string",
+			"enum": ["ecdsa", "rsa"],
+			"description": "Type of SSL key (either ecdsa or rsa)"
+		},
+		"default_server": {
+			"type": "boolean",
+			"description": "Defines if the server is the default for unmatched requests"
 		}
 	}
 }

backend/schema/paths/nginx/proxy-hosts/hostID/put.json

@@ -79,6 +79,12 @@
 						},
 						"locations": {
 							"$ref": "../../../../components/proxy-host-object.json#/properties/locations"
+						},
+						"ssl_key_type": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/ssl_key_type"
+						},
+						"default_server": {
+							"$ref": "../../../../components/proxy-host-object.json#/properties/default_server"
 						}
 					}
 				}

backend/schema/paths/nginx/proxy-hosts/post.json

@@ -67,6 +67,12 @@
 						},
 						"locations": {
 							"$ref": "../../../components/proxy-host-object.json#/properties/locations"
+						},
+						"ssl_key_type": {
+							"$ref": "../../../components/proxy-host-object.json#/properties/ssl_key_type"
+						},
+						"default_server": {
+							"$ref": "../../../components/proxy-host-object.json#/properties/default_server"
 						}
 					}
 				}

backend/templates/_listen.conf

@@ -1,13 +1,13 @@
-  listen 80;
+listen 80{% if default_server == true %} default_server{% endif %};
 {% if ipv6 -%}
-  listen [::]:80;
+  listen [::]:80{% if default_server == true %} default_server{% endif %};
 {% else -%}
   #listen [::]:80;
 {% endif %}
 {% if certificate -%}
-  listen 443 ssl;
+  listen 443 ssl{% if default_server == true %} default_server{% endif %};
 {% if ipv6 -%}
-  listen [::]:443 ssl;
+  listen [::]:443 ssl{% if default_server == true %} default_server{% endif %};
 {% else -%}
   #listen [::]:443;
 {% endif %}