lee/caprover
1
0
Fork 0
mirror of https://github.com/caprover/caprover synced 2025-12-08 04:25:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Added dhparams creation with 60 sec delay

Browse Source
This commit is contained in:
Kasra Bigdeli
2020-06-17 15:48:52 -04:00
parent f896eef1cf
commit 3c26291898
6 changed files with 72 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/user/ServiceManager.ts
View File

@@ -936,11 +936,7 @@ class ServiceManager {
Logger.d('Updating Load Balancer') Logger.d('Updating Load Balancer')
const self = this const self = this
return self.loadBalancerManager return self.loadBalancerManager
.rePopulateNginxConfigFile(self.dataStore) .rePopulateNginxConfigFile(self.dataStore);
.then(function() {
Logger.d('sendReloadSignal...')
return self.loadBalancerManager.sendReloadSignal()
})
} }
} }

14
src/user/system/CaptainManager.ts
View File

@@ -663,16 +663,6 @@ class CaptainManager {
return this.loadBalancerManager return this.loadBalancerManager
} }
reloadLoadBalancer(datastore: DataStore) {
const self = this
return self.loadBalancerManager
.rePopulateNginxConfigFile(datastore)
.then(function() {
Logger.d('sendReloadSignal...')
return self.loadBalancerManager.sendReloadSignal()
})
}
getDockerRegistry() { getDockerRegistry() {
return this.dockerRegistry return this.dockerRegistry
} }
@@ -697,7 +687,7 @@ class CaptainManager {
return self.dataStore.setHasRootSsl(true) return self.dataStore.setHasRootSsl(true)
}) })
.then(function() { .then(function() {
return self.reloadLoadBalancer(self.dataStore) return self.loadBalancerManager.rePopulateNginxConfigFile(self.dataStore)
}) })
} }
@@ -801,7 +791,7 @@ class CaptainManager {
return self.dataStore.setCustomDomain(requestedCustomDomain) return self.dataStore.setCustomDomain(requestedCustomDomain)
}) })
.then(function() { .then(function() {
return self.reloadLoadBalancer(self.dataStore) return self.loadBalancerManager.rePopulateNginxConfigFile(self.dataStore)
}) })
} }

71
src/user/system/LoadBalancerManager.ts
View File

@@ -11,7 +11,10 @@ import CertbotManager = require('./CertbotManager')
import { AnyError } from '../../models/OtherTypes' import { AnyError } from '../../models/OtherTypes'
import LoadBalancerInfo from '../../models/LoadBalancerInfo' import LoadBalancerInfo from '../../models/LoadBalancerInfo'
import * as path from 'path' import * as path from 'path'
import * as util from 'util'
import * as chileProcess from 'child_process'
import Utils from '../../utils/Utils' import Utils from '../../utils/Utils'
const exec = util.promisify(chileProcess.exec)
const defaultPageTemplate = fs const defaultPageTemplate = fs
.readFileSync(__dirname + '/../../../template/default-page.ejs') .readFileSync(__dirname + '/../../../template/default-page.ejs')
@@ -30,6 +33,16 @@ if (!fs.existsSync(CAPROVER_CONTAINER_PATH_OF_FAKE_CERTS))
throw new Error('CAPROVER_CONTAINER_PATH_OF_FAKE_CERTS is empty') throw new Error('CAPROVER_CONTAINER_PATH_OF_FAKE_CERTS is empty')
if (!defaultPageTemplate) throw new Error('defaultPageTemplate is empty') if (!defaultPageTemplate) throw new Error('defaultPageTemplate is empty')
const DH_PARAMS_FILE_PATH_ON_HOST = path.join(
CaptainConstants.nginxSharedPathOnHost,
CaptainConstants.nginxDhParamFileName
)
const DH_PARAMS_FILE_PATH_ON_NGINX = path.join(
CaptainConstants.nginxSharedPathOnNginx,
CaptainConstants.nginxDhParamFileName
)
class LoadBalancerManager { class LoadBalancerManager {
private reloadInProcess: boolean private reloadInProcess: boolean
private requestedReloadPromises: { private requestedReloadPromises: {
@@ -55,7 +68,7 @@ class LoadBalancerManager {
* @param dataStoreToQueue * @param dataStoreToQueue
* @returns {Promise.<>} * @returns {Promise.<>}
*/ */
rePopulateNginxConfigFile(dataStoreToQueue: DataStore) { rePopulateNginxConfigFile(dataStoreToQueue: DataStore, noReload?: boolean) {
const self = this const self = this
return new Promise<void>(function(res, rej) { return new Promise<void>(function(res, rej) {
@@ -65,6 +78,12 @@ class LoadBalancerManager {
reject: rej, reject: rej,
}) })
self.consumeQueueIfAnyInNginxReloadQueue() self.consumeQueueIfAnyInNginxReloadQueue()
}).then(function() {
if (!!noReload) return
Logger.d('sendReloadSignal...')
return self.dockerApi.sendSingleContainerKillHUP(
CaptainConstants.nginxServiceName
)
}) })
} }
@@ -174,6 +193,9 @@ class LoadBalancerManager {
.then(function() { .then(function() {
return fs.renameSync(FUTURE, CONFIG) // sync method. It's really fast. return fs.renameSync(FUTURE, CONFIG) // sync method. It's really fast.
}) })
.then(function() {
return self.ensureBaseNginxConf()
})
.then(function() { .then(function() {
return self.createRootConfFile(dataStore) return self.createRootConfFile(dataStore)
}) })
@@ -302,12 +324,6 @@ class LoadBalancerManager {
}) })
} }
sendReloadSignal() {
return this.dockerApi.sendSingleContainerKillHUP(
CaptainConstants.nginxServiceName
)
}
getCaptainPublicRandomKey() { getCaptainPublicRandomKey() {
return this.captainPublicRandomKey return this.captainPublicRandomKey
} }
@@ -476,7 +492,15 @@ class LoadBalancerManager {
captainConfig.baseConfig.customValue || captainConfig.baseConfig.customValue ||
captainConfig.baseConfig.byDefault captainConfig.baseConfig.byDefault
return ejs.render(baseConfigTemplate, {}) return ejs.render(baseConfigTemplate, {
base: {
dhparamsFilePath: fs.existsSync(
DH_PARAMS_FILE_PATH_ON_HOST
)
? DH_PARAMS_FILE_PATH_ON_NGINX
: '',
},
})
}) })
.then(function(baseNginxConfFileContent) { .then(function(baseNginxConfFileContent) {
return fs.outputFile( return fs.outputFile(
@@ -486,6 +510,29 @@ class LoadBalancerManager {
}) })
} }
ensureDhParamFileExistsAfterDelay(dataStore: DataStore) {
const self = this
fs.pathExists(DH_PARAMS_FILE_PATH_ON_HOST) //
.then(function(dhParamExists) {
if (dhParamExists) {
return
}
return Utils.getDelayedPromise(60 * 1000)
.then(function() {
Logger.d(
'Creating dhparams for the first time - high CPU load is expected.'
)
return exec(
`openssl dhparam -out ${DH_PARAMS_FILE_PATH_ON_HOST} 2048`
)
})
.then(function() {
return self.rePopulateNginxConfigFile(dataStore)
})
})
.catch(err => Logger.e(err))
}
init(myNodeId: string, dataStore: DataStore) { init(myNodeId: string, dataStore: DataStore) {
const dockerApi = this.dockerApi const dockerApi = this.dockerApi
const self = this const self = this
@@ -604,11 +651,7 @@ class LoadBalancerManager {
}) })
.then(function() { .then(function() {
Logger.d('Setting up NGINX conf file...') Logger.d('Setting up NGINX conf file...')
return self.rePopulateNginxConfigFile(dataStore, true)
return self.ensureBaseNginxConf()
})
.then(function() {
return self.rePopulateNginxConfigFile(dataStore)
}) })
.then(function() { .then(function() {
return fs.ensureDir(CaptainConstants.letsEncryptEtcPath) return fs.ensureDir(CaptainConstants.letsEncryptEtcPath)
@@ -703,6 +746,8 @@ class LoadBalancerManager {
) )
}) })
.then(function() { .then(function() {
self.ensureDhParamFileExistsAfterDelay(dataStore)
const waitTimeInMillis = 5000 const waitTimeInMillis = 5000
Logger.d( Logger.d(
'Waiting for ' + 'Waiting for ' +

3
src/user/system/SelfHostedDockerRegistry.ts
View File

@@ -50,9 +50,6 @@ class SelfHostedDockerRegistry {
self.dataStore self.dataStore
) )
}) })
.then(function() {
return self.loadBalancerManager.sendReloadSignal()
})
} }
getLocalRegistryDomainAndPort() { getLocalRegistryDomainAndPort() {

2
src/utils/CaptainConstants.ts
View File

@@ -69,6 +69,8 @@ let data = {
nginxSharedPathOnNginx: '/nginx-shared', nginxSharedPathOnNginx: '/nginx-shared',
nginxDhParamFileName: 'dhparam.pem',
nginxDefaultHtmlDir: '/default', nginxDefaultHtmlDir: '/default',
letsEncryptEtcPathOnNginx: '/letencrypt/etc', letsEncryptEtcPathOnNginx: '/letencrypt/etc',

9
template/base-nginx-conf.ejs
View File

@@ -47,6 +47,15 @@ http {
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off; ssl_prefer_server_ciphers off;
<%
if (base.dhparamsFilePath) {
%>
ssl_dhparam <%-base.dhparamsFilePath%>;
<%
}
%>
# Don't emit NGINX version on error pages and in the “Server” response header field. # Don't emit NGINX version on error pages and in the “Server” response header field.
server_tokens off; server_tokens off;