allow to run as non-root (#246)

Signed-off-by: Zoey <zoey@z0ey.de>
2025-08-03 07:53:39 +00:00 · 2023-04-24 11:35:05 +02:00
parent ec29d4ce8d
commit 9ca59b9a38
10 changed files with 129 additions and 79 deletions
--- a/backend/internal/certificate.js
+++ b/backend/internal/certificate.js
@@ -16,7 +16,7 @@ const path             = require('path');
 const { isArray }      = require('lodash');

 const certbotConfig  = '/data/tls/certbot/config.ini';
-const certbotCommand = 'certbot --config-dir /data/tls/certbot';
+const certbotCommand = 'certbot --logs-dir /tmp/certbot-log --work-dir /tmp/certbot-work --config-dir /data/tls/certbot';

 function omissions() {
 	return ['is_deleted'];
@@ -875,7 +875,7 @@ const internalCertificate = {
 		// Escape single quotes and backslashes
 		const escapedCredentials = certificate.meta.dns_provider_credentials.replaceAll('\'', '\\\'').replaceAll('\\', '\\\\');
 		const credentialsCmd     = 'mkdir -p /data/tls/certbot/credentials 2> /dev/null; echo \'' + escapedCredentials + '\' > \'' + credentialsLocation + '\' && chmod 600 \'' + credentialsLocation + '\'';
-		const prepareCmd         = 'pip install --no-cache-dir ' + dns_plugin.package_name + (dns_plugin.version_requirement || '') + ' ' + dns_plugin.dependencies;
+		const prepareCmd         = 'pip install --no-cache-dir ' + dns_plugin.package_name;

 		// Whether the plugin has a --<name>-credentials argument
 		const hasConfigArg = certificate.meta.dns_provider !== 'route53';
--- a/backend/internal/ip_ranges.js
+++ b/backend/internal/ip_ranges.js
@@ -122,7 +122,7 @@ const internalIpRanges = {
 		const renderEngine = utils.getRenderEngine();
 		return new Promise((resolve, reject) => {
 			let template = null;
-			let filename = '/usr/local/nginx/conf/conf.d/include/ip_ranges.conf';
+			let filename = '/data/nginx/ip_ranges.conf';
 			try {
 				template = fs.readFileSync(__dirname + '/../templates/ip_ranges.conf', {encoding: 'utf8'});
 			} catch (err) {
--- a/backend/setup.js
+++ b/backend/setup.js
@@ -117,7 +117,7 @@ const setupCertbotPlugins = () => {
 				certificates.map(function (certificate) {
 					if (certificate.meta && certificate.meta.dns_challenge === true) {
 						const dns_plugin          = dns_plugins[certificate.meta.dns_provider];
-						const packages_to_install = `${dns_plugin.package_name}${dns_plugin.version_requirement || ''} ${dns_plugin.dependencies}`;
+						const packages_to_install = `${dns_plugin.package_name}`;

 						if (plugins.indexOf(packages_to_install) === -1) plugins.push(packages_to_install);