lee/caprover
1
0
Fork 0
mirror of https://github.com/caprover/caprover synced 2025-10-30 01:57:03 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Added self-sign certs

Browse Source
This commit is contained in:
Kasra Bigdeli
2019-08-06 11:31:25 -04:00
parent 6c133f0b87
commit f7df74af8b
4 changed files with 83 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
src/user/system/LoadBalancerManager.ts
View File

@@ -18,6 +18,18 @@ const defaultPageTemplate = fs
const CONTAINER_PATH_OF_CONFIG = '/etc/nginx/conf.d'
const NGINX_CONTAINER_PATH_OF_FAKE_CERTS = '/etc/nginx/fake-certs'
const CAPROVER_CONTAINER_PATH_OF_FAKE_CERTS =
__dirname + '/../../../template/fake-certs-src'
const HOST_PATH_OF_FAKE_CERTS =
CaptainConstants.captainRootDirectoryGenerated +
'/nginx/fake-certs-self-signed'
if (!fs.existsSync(CAPROVER_CONTAINER_PATH_OF_FAKE_CERTS))
throw new Error('CAPROVER_CONTAINER_PATH_OF_FAKE_CERTS is empty')
if (!defaultPageTemplate)
throw new Error('defaultPageTemplate is empty')
class LoadBalancerManager {
private reloadInProcess: boolean
private requestedReloadPromises: {
@@ -393,6 +405,10 @@ class LoadBalancerManager {
})
.then(function(hasRegistrySsl) {
return ejs.render(rootNginxTemplate!, {
fake: {
crtPath: self.getSslCertPath(captainDomain), // ---
keyPath: self.getSslKeyPath(captainDomain),
},
captain: {
crtPath: self.getSslCertPath(captainDomain),
keyPath: self.getSslKeyPath(captainDomain),
@@ -569,6 +585,14 @@ class LoadBalancerManager {
error502PageContent
)
})
.then(function() {
Logger.d('Copying fake certificates...')
return fs.copy(
CAPROVER_CONTAINER_PATH_OF_FAKE_CERTS,
HOST_PATH_OF_FAKE_CERTS
)
})
.then(function() {
Logger.d('Setting up NGINX conf file...')
@@ -632,6 +656,10 @@ class LoadBalancerManager {
containerPath: CaptainConstants.nginxStaticRootDir,
hostPath: CaptainConstants.captainStaticFilesDir,
},
{
containerPath: NGINX_CONTAINER_PATH_OF_FAKE_CERTS,
hostPath: HOST_PATH_OF_FAKE_CERTS,
},
{
containerPath: '/etc/nginx/nginx.conf',
hostPath: CaptainConstants.baseNginxConfigPath,

24
template/fake-certs-src/nginx.crt Normal file
View File

@@ -0,0 +1,24 @@
-----BEGIN CERTIFICATE-----
MIID+zCCAuOgAwIBAgIUCT3sZoh9Bd45wgtcVQFWTMy2aZAwDQYJKoZIhvcNAQEL
BQAwgYwxCzAJBgNVBAYTAkNBMRkwFwYDVQQIDBBCcml0aXNoIENvbHVtYmlhMRIw
EAYDVQQHDAlWYW5jb3V2ZXIxFTATBgNVBAoMDENhcFJvdmVyLmNvbTEVMBMGA1UE
AwwMY2Fwcm92ZXIuY29tMSAwHgYJKoZIhvcNAQkBFhFpbmZvQGNhcHJvdmVyLmNv
bTAeFw0xOTA4MDYxNTAyMDFaFw0yOTA4MDMxNTAyMDFaMIGMMQswCQYDVQQGEwJD
QTEZMBcGA1UECAwQQnJpdGlzaCBDb2x1bWJpYTESMBAGA1UEBwwJVmFuY291dmVy
MRUwEwYDVQQKDAxDYXBSb3Zlci5jb20xFTATBgNVBAMMDGNhcHJvdmVyLmNvbTEg
MB4GCSqGSIb3DQEJARYRaW5mb0BjYXByb3Zlci5jb20wggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQCqPd87zM6XgTkzU45V/AXjY/MQR2vrBrCGfXBNxZFE
w4VwFWrhxlY9qox++TRkeMQcvjG4b+VpOWtx8sz+m/D2Bx4S6i0o3NKEMju7AUCr
rO7df8tdtvBHxOP2djPIhj/Llth1IFr0AsCNKYz2P5jdVWvvsYpPQkCFtnl+vTlC
rhxAW2cV2A5XYEf48lT8230pRzeJvej6A5sqYeCZTCJjTGrOLEetmKW6Kaf/vxl4
1Yxlee8+BkNpvt9NgDjL6L+zy6klKhU88eNmZNrTwKvBWQ9r7sepCfqQd2UW9Axd
Xza5VnT54Bl/Y5LIsA1SAe6rxNNbN61WqQfza+jVbPu/AgMBAAGjUzBRMB0GA1Ud
DgQWBBTwawsvkg21tjYfexHS1XQZ8jUSFjAfBgNVHSMEGDAWgBTwawsvkg21tjYf
exHS1XQZ8jUSFjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBu
IAVf+VN8Wco9p2PuViKwYvV385ZRq9ZsOd0TzrcVIa8noy0dkImIGhshKpxLGJGh
fC/alYHom7MnUESOMf5nVmzJ9hLFjHXwEUbX3MnSIXqlfdzEqBVqOWnfaFqUYFW8
2cTrOooSrWgJPJTATSRO2xxtVn7c5o0GjM+jIuse0E/GzWWMSSTPm3gsNLiexdz4
MV1xGhmZKKK+AtBk6EGXRnvBPJJfK6FxFsO1e8RLzJfVBEbl3/i3NyPs+X3suoTA
iew3GgEedzVi6yDgvGxU79hB26TB41qdcU41PY+Zj/bIhhnCxu/RqDURFLf7wwbE
AsT0Japd7ARFPEBdkqnD
-----END CERTIFICATE-----

28
template/fake-certs-src/nginx.key Executable file
View File

@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCqPd87zM6XgTkz
U45V/AXjY/MQR2vrBrCGfXBNxZFEw4VwFWrhxlY9qox++TRkeMQcvjG4b+VpOWtx
8sz+m/D2Bx4S6i0o3NKEMju7AUCrrO7df8tdtvBHxOP2djPIhj/Llth1IFr0AsCN
KYz2P5jdVWvvsYpPQkCFtnl+vTlCrhxAW2cV2A5XYEf48lT8230pRzeJvej6A5sq
YeCZTCJjTGrOLEetmKW6Kaf/vxl41Yxlee8+BkNpvt9NgDjL6L+zy6klKhU88eNm
ZNrTwKvBWQ9r7sepCfqQd2UW9AxdXza5VnT54Bl/Y5LIsA1SAe6rxNNbN61WqQfz
a+jVbPu/AgMBAAECggEBAIDV1CQQaeRUYjKKsHQ4B0i/8knGk1BJPrx5H81rj/WH
NmvNeZaln8yJTkwlUlYa4ueRtFUNMYOBdePFSQgCgcffOQ49dLGw9Awha/ypBQUn
GZo9RW2Fra/SvGZfq+68UnlDjkqNkueJUalC4a/WD1ypccbzCGXVELlgj++vSi9A
EpfqdY7WOETof5o0pRwHbLa5JEa/TcqE8UDc/Q8/9nIEmwMWtzfSLaAFY6YLA5EX
63c/uWyyhKRhPTJn51tjltrFWgBm7gZGNYfafq2pIJikmqOdUGRW+P2P9qVI8VAg
qDx9ChNhc/4M7AoM+PZqXVgRQfbn46HQfHi+izndMWECgYEA0wg6FjvWs306uNG3
3V6gPoKcGTt1QOzV+YXrD38oT1A5GUPclNyPCNiMxJA8WBylPUU/uPZOxMUebizn
ngDl1yL6O7BxzdcVJfR0oUueVcbH8l8YV/ZcGfUGSSEzPqTO9Eu3lgwCM6dAgoyO
MllnZKd9mOFzNJhduY4MIdUc9s8CgYEAzoSIKyucgxoF0rG/wPIMRTNKuGVL4TJN
R0OHKfvSEPj5FPnBw19Iu1Qc01rfCqeBGcubasGH6Ht1WZECmB954dP0N8rCSkrh
oQpa7tZhPn/1BR6tJ17Ghba57uXc2UG7tpBCOOjCXSmWZiJpc64mqZKQpZqXQiaN
gemqeekb6BECgYEAhfueLYmWWeTzSG5WJyUx5h40j0yRuEPl4oNk5zTbWefcKK9O
N/EEmyAp146f0W12d70kpQE0p3djR54Y+9ckFgAuEYGH76FT2wImnlWNVHZdcgNw
SECw3wYTFJEQoQAwKSh9ibVcHIFe0sP8b/kVTPGOK2dQJp9qOin2h/BvcD8CgYB0
YCTnxuysyEZNw9Kd5QhbGptZq+OFpLX9maUaWIi4/cRHOLMi6Jfw0GZqCAQ2Wcwb
gCw1jZeLv76SWXAPz3T8eFdf9UdlXCsnd9FkU7R65tppJy9GR1cx1JWUdT3tw+gG
6eYXcbrNivjw1yV7hcDNwAT4/VONeHI3qjhh+KW8MQKBgQCCgbpyAkS7vjA3WvXP
h4e0rynI3wapYf53JB1AD9FkreBiGERNhfQr93y82w5t3CHbVwR/k9Ox5IlRgDQ0
1YNRmk10W9LCmigxzZlSW2jlb9xBE/dGtJ50z6vWdtfz15vYdfTgEUIAfvZv1fzX
61laVO1ttaYSZMtARor0rPrz4Q==
-----END PRIVATE KEY-----

12
template/root-nginx-conf.ejs
View File

@@ -6,15 +6,9 @@
listen 80;
# Catch all HTTPS
<%
if (captain.hasRootSsl) {
%>
listen 443 ssl;
ssl_certificate <%-captain.crtPath%>;
ssl_certificate_key <%-captain.keyPath%>;
<%
}
%>
listen 443 ssl;
ssl_certificate <%-fake.crtPath%>;
ssl_certificate_key <%-fake.keyPath%>;
server_name _;