Added dhparams creation with 60 sec delay

src/user/ServiceManager.ts

@@ -936,11 +936,7 @@ class ServiceManager {
         Logger.d('Updating Load Balancer')
         const self = this
         return self.loadBalancerManager
-            .rePopulateNginxConfigFile(self.dataStore)
-            .then(function() {
-                Logger.d('sendReloadSignal...')
-                return self.loadBalancerManager.sendReloadSignal()
-            })
+            .rePopulateNginxConfigFile(self.dataStore);
     }
 }
 

src/user/system/CaptainManager.ts

@@ -663,16 +663,6 @@ class CaptainManager {
         return this.loadBalancerManager
     }
 
-    reloadLoadBalancer(datastore: DataStore) {
-        const self = this
-        return self.loadBalancerManager
-            .rePopulateNginxConfigFile(datastore)
-            .then(function() {
-                Logger.d('sendReloadSignal...')
-                return self.loadBalancerManager.sendReloadSignal()
-            })
-    }
-
     getDockerRegistry() {
         return this.dockerRegistry
     }
@@ -697,7 +687,7 @@ class CaptainManager {
                 return self.dataStore.setHasRootSsl(true)
             })
             .then(function() {
-                return self.reloadLoadBalancer(self.dataStore)
+                return self.loadBalancerManager.rePopulateNginxConfigFile(self.dataStore)
             })
     }
 
@@ -801,7 +791,7 @@ class CaptainManager {
                 return self.dataStore.setCustomDomain(requestedCustomDomain)
             })
             .then(function() {
-                return self.reloadLoadBalancer(self.dataStore)
+                return self.loadBalancerManager.rePopulateNginxConfigFile(self.dataStore)
             })
     }
 

src/user/system/LoadBalancerManager.ts

@@ -11,7 +11,10 @@ import CertbotManager = require('./CertbotManager')
 import { AnyError } from '../../models/OtherTypes'
 import LoadBalancerInfo from '../../models/LoadBalancerInfo'
 import * as path from 'path'
+import * as util from 'util'
+import * as chileProcess from 'child_process'
 import Utils from '../../utils/Utils'
+const exec = util.promisify(chileProcess.exec)
 
 const defaultPageTemplate = fs
     .readFileSync(__dirname + '/../../../template/default-page.ejs')
@@ -30,6 +33,16 @@ if (!fs.existsSync(CAPROVER_CONTAINER_PATH_OF_FAKE_CERTS))
     throw new Error('CAPROVER_CONTAINER_PATH_OF_FAKE_CERTS  is empty')
 if (!defaultPageTemplate) throw new Error('defaultPageTemplate  is empty')
 
+const DH_PARAMS_FILE_PATH_ON_HOST = path.join(
+    CaptainConstants.nginxSharedPathOnHost,
+    CaptainConstants.nginxDhParamFileName
+)
+
+const DH_PARAMS_FILE_PATH_ON_NGINX = path.join(
+    CaptainConstants.nginxSharedPathOnNginx,
+    CaptainConstants.nginxDhParamFileName
+)
+
 class LoadBalancerManager {
     private reloadInProcess: boolean
     private requestedReloadPromises: {
@@ -55,7 +68,7 @@ class LoadBalancerManager {
      * @param dataStoreToQueue
      * @returns {Promise.<>}
      */
-    rePopulateNginxConfigFile(dataStoreToQueue: DataStore) {
+    rePopulateNginxConfigFile(dataStoreToQueue: DataStore, noReload?: boolean) {
         const self = this
 
         return new Promise<void>(function(res, rej) {
@@ -65,6 +78,12 @@ class LoadBalancerManager {
                 reject: rej,
             })
             self.consumeQueueIfAnyInNginxReloadQueue()
+        }).then(function() {
+            if (!!noReload) return
+            Logger.d('sendReloadSignal...')
+            return self.dockerApi.sendSingleContainerKillHUP(
+                CaptainConstants.nginxServiceName
+            )
         })
     }
 
@@ -174,6 +193,9 @@ class LoadBalancerManager {
             .then(function() {
                 return fs.renameSync(FUTURE, CONFIG) // sync method. It's really fast.
             })
+            .then(function() {
+                return self.ensureBaseNginxConf()
+            })
             .then(function() {
                 return self.createRootConfFile(dataStore)
             })
@@ -302,12 +324,6 @@ class LoadBalancerManager {
             })
     }
 
-    sendReloadSignal() {
-        return this.dockerApi.sendSingleContainerKillHUP(
-            CaptainConstants.nginxServiceName
-        )
-    }
-
     getCaptainPublicRandomKey() {
         return this.captainPublicRandomKey
     }
@@ -476,7 +492,15 @@ class LoadBalancerManager {
                     captainConfig.baseConfig.customValue ||
                     captainConfig.baseConfig.byDefault
 
-                return ejs.render(baseConfigTemplate, {})
+                return ejs.render(baseConfigTemplate, {
+                    base: {
+                        dhparamsFilePath: fs.existsSync(
+                            DH_PARAMS_FILE_PATH_ON_HOST
+                        )
+                            ? DH_PARAMS_FILE_PATH_ON_NGINX
+                            : '',
+                    },
+                })
             })
             .then(function(baseNginxConfFileContent) {
                 return fs.outputFile(
@@ -486,6 +510,29 @@ class LoadBalancerManager {
             })
     }
 
+    ensureDhParamFileExistsAfterDelay(dataStore: DataStore) {
+        const self = this
+        fs.pathExists(DH_PARAMS_FILE_PATH_ON_HOST) //
+            .then(function(dhParamExists) {
+                if (dhParamExists) {
+                    return
+                }
+                return Utils.getDelayedPromise(60 * 1000)
+                    .then(function() {
+                        Logger.d(
+                            'Creating dhparams for the first time - high CPU load is expected.'
+                        )
+                        return exec(
+                            `openssl dhparam -out ${DH_PARAMS_FILE_PATH_ON_HOST} 2048`
+                        )
+                    })
+                    .then(function() {
+                        return self.rePopulateNginxConfigFile(dataStore)
+                    })
+            })
+            .catch(err => Logger.e(err))
+    }
+
     init(myNodeId: string, dataStore: DataStore) {
         const dockerApi = this.dockerApi
         const self = this
@@ -604,11 +651,7 @@ class LoadBalancerManager {
             })
             .then(function() {
                 Logger.d('Setting up NGINX conf file...')
-
-                return self.ensureBaseNginxConf()
-            })
-            .then(function() {
-                return self.rePopulateNginxConfigFile(dataStore)
+                return self.rePopulateNginxConfigFile(dataStore, true)
             })
             .then(function() {
                 return fs.ensureDir(CaptainConstants.letsEncryptEtcPath)
@@ -703,6 +746,8 @@ class LoadBalancerManager {
                 )
             })
             .then(function() {
+                self.ensureDhParamFileExistsAfterDelay(dataStore)
+
                 const waitTimeInMillis = 5000
                 Logger.d(
                     'Waiting for ' +

src/user/system/SelfHostedDockerRegistry.ts

@@ -50,9 +50,6 @@ class SelfHostedDockerRegistry {
                     self.dataStore
                 )
             })
-            .then(function() {
-                return self.loadBalancerManager.sendReloadSignal()
-            })
     }
 
     getLocalRegistryDomainAndPort() {

src/utils/CaptainConstants.ts

@@ -69,6 +69,8 @@ let data = {
 
     nginxSharedPathOnNginx: '/nginx-shared',
 
+    nginxDhParamFileName: 'dhparam.pem',
+
     nginxDefaultHtmlDir: '/default',
 
     letsEncryptEtcPathOnNginx: '/letencrypt/etc',

template/base-nginx-conf.ejs

@@ -47,6 +47,15 @@ http {
     ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
     ssl_prefer_server_ciphers off;
 
+    
+    <%
+        if (base.dhparamsFilePath) {
+    %>
+        ssl_dhparam <%-base.dhparamsFilePath%>;
+    <%
+        }
+    %>
+
     # Don't emit NGINX version on error pages and in the “Server” response header field.
     server_tokens off;