Skip to content

Commit

Permalink
Fix going out from ssl sharing
Browse files Browse the repository at this point in the history
  • Loading branch information
@willnode
willnode committed Dec 27, 2023
1 parent ac9f6d4 commit 8127f87
Show file tree
Hide file tree
Showing 3 changed files with 35 additions and 37 deletions.
4 changes: 2 additions & 2 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "domcloud-bridge",
"version": "0.35.0",
"version": "0.35.1",
"description": "Deployment runner for DOM Cloud",
"main": "app.js",
"engines": {
Expand Down
66 changes: 32 additions & 34 deletions src/executor/runner.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,11 +58,12 @@ export default async function runConfig(config, domain, writer, sandbox = false)
// create new domain
await writeLog("$> virtualmin create-domain");
await writeLog("Creating virtual domain. This will take a moment...");
await virtExec("create-domain", config.features[0].create, process.env.MODE === 'dev' ? {
dir: true,
webmin: true,
unix: true,
} : {
await virtExec("create-domain", config.features[0].create,
// process.env.MODE === 'dev' ? {
// dir: true,
// webmin: true,
// unix: true, } :
{
dir: true,
'virtualmin-nginx': true,
'virtualmin-nginx-ssl': true,
Expand Down Expand Up @@ -337,9 +338,9 @@ export default async function runConfig(config, domain, writer, sandbox = false)
}
break;
case 'dns':
if (process.env.MODE === 'dev') {
break;
}
// if (process.env.MODE === 'dev') {
// break;
// }
enabled = isFeatureEnabled('dns');
if (value === "off") {
await writeLog("$> Disabling DNS");
Expand Down Expand Up @@ -383,9 +384,9 @@ export default async function runConfig(config, domain, writer, sandbox = false)
}
break;
case 'firewall':
if (process.env.MODE === 'dev') {
break;
}
// if (process.env.MODE === 'dev') {
// break;
// }
if (value === '' || value === 'on') {
await writeLog("$> changing firewall protection to " + (value || 'on'));
await writeLog(await iptablesExec.setAddUser(domaindata['Username']));
Expand Down Expand Up @@ -667,33 +668,44 @@ export async function runConfigSubdomain(config, domaindata, subdomain, sshExec,
break;
case 'ssl':
// ssl now also fix any misconfigurations
if (process.env.MODE === 'dev') {
break;
}
// if (process.env.MODE === 'dev') {
// break;
// }
let regenerateSsl = false;
let selfSignSsl = false;
let expectedSslMode = null;
let wasBreaking = false;
if (['off', 'always', 'on'].includes(value)) {
expectedSslMode = value;
} else if (value == 'letsencrypt' || value == 'lets-encrypt') {
regenerateSsl = true;
} else if (value == 'selfsign' || value == 'self-sign') {
selfSignSsl = true;
}
var sharedSSL = regenerateSsl ? null : detectCanShareSSL(subdomain);
if (regenerateSsl || (!expectedSslMode && !sharedSSL && !selfSignSsl)) {
if (domaindata['SSL shared with']) {
await writeLog("$> Breaking ssl cert sharing with the global domain");
await virtExec("modify-web", {
domain: subdomain,
'break-ssl-cert': true,
});
wasBreaking = true;
}
}
var nginxNodes = await nginxExec.get(subdomain);
var nginxInfos = nginxExec.extractInfo(nginxNodes, subdomain);
var sharedSSL = regenerateSsl ? null : detectCanShareSSL(subdomain);
var changed = false;
var expectCert = sharedSSL ? path.join(sharedSSL, 'ssl.combined') : (domaindata['SSL cert and CA file'] || domaindata['SSL cert file']);
var expectKey = sharedSSL ? path.join(sharedSSL, 'ssl.key') : domaindata['SSL key file'];
if (!expectCert || !expectKey) {
expectedSslMode = 'off';
}
if (expectCert != nginxInfos.ssl_certificate) {
if (!wasBreaking && expectCert != nginxInfos.ssl_certificate) {
nginxInfos.ssl_certificate = expectCert
changed = true;
}
if (expectKey != nginxInfos.ssl_certificate_key) {
if (!wasBreaking && expectKey != nginxInfos.ssl_certificate_key) {
nginxInfos.ssl_certificate_key = expectKey
changed = true;
}
Expand All @@ -706,27 +718,13 @@ export async function runConfigSubdomain(config, domaindata, subdomain, sshExec,
changed = true;
}
if (regenerateSsl || (!expectedSslMode && !sharedSSL && !selfSignSsl)) {
if (domaindata['SSL shared with']) {
await writeLog("$> Breaking ssl cert sharing with the global domain");
await virtExec("modify-web", {
domain: subdomain,
'break-ssl-cert': true,
});
}
await writeLog("$> Generating ssl cert with let's encrypt");
await spawnSudoUtil('OPENSSL_CLEAN');
await virtExec("generate-letsencrypt-cert", {
domain: subdomain,
'renew': 2,
'web': true,
});
var nginxInfos2 = nginxExec.extractInfo(nginxNodes, subdomain);
if (nginxInfos2.ssl_certificate != nginxInfos.ssl_certificate) {
// data is invalid!
nginxInfos.ssl_certificate = nginxInfos2.ssl_certificate;
nginxInfos.ssl_certificate_key = nginxInfos2.ssl_certificate_key;
changed = true;
}
} else if ((selfSignSsl || sharedSSL) && domaindata['Lets Encrypt renewal'] == 'Enabled') {
await writeLog("$> Generating self signed cert and turning off let's encrypt renewal");
await virtExec("generate-cert", {
Expand All @@ -742,9 +740,9 @@ export async function runConfigSubdomain(config, domaindata, subdomain, sshExec,
}
break;
case 'root':
if (process.env.MODE === 'dev') {
break;
}
// if (process.env.MODE === 'dev') {
// break;
// }
// remove prefix and trailing slash
value = value.replace(/^\/+/, '').replace(/\/+$/, '');
var absolutePath = path.join(subdomaindata['Home directory'], value);
Expand Down

0 comments on commit 8127f87

Please sign in to comment.