Skip to content

Ssl passthrough hosts - updated #3331

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 15 commits into from
Closed

Ssl passthrough hosts - updated #3331

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
66cbd12
WIP: started adding new host type ssl passthrough
chaptergy Oct 10, 2021
b44dcd4
WIP: complete control of new passthrough host type
chaptergy Oct 10, 2021
b9ab4a2
Finalizes SSL Passthrough hosts
chaptergy Oct 12, 2021
c6a50e0
Fixes eslint errors
chaptergy Oct 12, 2021
040f4a7
Adds comments to docker compose dev
chaptergy Oct 12, 2021
48aac78
Fixes migration
Oct 25, 2021
c5b9752
compose file fix
acul009 Nov 17, 2023
c91084b
fixed broken syntax and padding
acul009 Nov 17, 2023
676db1c
fixed padding and syntax
acul009 Nov 17, 2023
467f4ab
fixed remove functions
acul009 Nov 17, 2023
a697b43
fixed db errors
acul009 Nov 17, 2023
ac2b959
fixed antipatter by using async main func
acul009 Nov 17, 2023
c746ec8
Merge branch 'develop' into ssl-passthrough-hosts
acul009 Jan 9, 2024
1be4aac
Merge branch 'develop' into ssl-passthrough-hosts
acul009 Jan 30, 2024
6fbc3f5
Make linter happy
acul009 Jan 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 35 additions & 7 deletions backend/internal/host.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
const _ = require('lodash');
const proxyHostModel = require('../models/proxy_host');
const redirectionHostModel = require('../models/redirection_host');
const deadHostModel = require('../models/dead_host');
const _ = require('lodash');
const proxyHostModel = require('../models/proxy_host');
const redirectionHostModel = require('../models/redirection_host');
const deadHostModel = require('../models/dead_host');
const sslPassthroughHostModel = require('../models/ssl_passthrough_host');

const internalHost = {

Expand Down Expand Up @@ -81,6 +82,9 @@ const internalHost = {
.query()
.where('is_deleted', 0),
deadHostModel
.query()
.where('is_deleted', 0),
sslPassthroughHostModel
.query()
.where('is_deleted', 0)
];
Expand Down Expand Up @@ -112,6 +116,12 @@ const internalHost = {
response_object.total_count += response_object.dead_hosts.length;
}

if (promises_results[3]) {
// SSL Passthrough Hosts
response_object.ssl_passthrough_hosts = internalHost._getHostsWithDomains(promises_results[3], domain_names);
response_object.total_count += response_object.ssl_passthrough_hosts.length;
}

return response_object;
});
},
Expand All @@ -137,7 +147,11 @@ const internalHost = {
deadHostModel
.query()
.where('is_deleted', 0)
.andWhere('domain_names', 'like', '%' + hostname + '%')
.andWhere('domain_names', 'like', '%' + hostname + '%'),
sslPassthroughHostModel
.query()
.where('is_deleted', 0)
.andWhere('domain_name', '=', hostname),
];

return Promise.all(promises)
Expand Down Expand Up @@ -165,6 +179,13 @@ const internalHost = {
}
}

if (promises_results[3]) {
// SSL Passthrough Hosts
if (internalHost._checkHostnameRecordsTaken(hostname, promises_results[3], ignore_type === 'ssl_passthrough' && ignore_id ? ignore_id : 0)) {
is_taken = true;
}
}

return {
hostname: hostname,
is_taken: is_taken
Expand All @@ -185,14 +206,21 @@ const internalHost = {

if (existing_rows && existing_rows.length) {
existing_rows.map(function (existing_row) {
existing_row.domain_names.map(function (existing_hostname) {

function checkHostname(existing_hostname) {
// Does this domain match?
if (existing_hostname.toLowerCase() === hostname.toLowerCase()) {
if (!ignore_id || ignore_id !== existing_row.id) {
is_taken = true;
}
}
});
}

if (existing_row.domain_names) {
existing_row.domain_names.map(checkHostname);
} else if (existing_row.domain_name) {
checkHostname(existing_row.domain_name);
}
});
}

Expand Down
216 changes: 153 additions & 63 deletions backend/internal/nginx.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
const _ = require('lodash');
const fs = require('fs');
const logger = require('../logger').nginx;
const config = require('../lib/config');
const utils = require('../lib/utils');
const error = require('../lib/error');
const _ = require('lodash');
const fs = require('fs');
const logger = require('../logger').nginx;
const config = require('../lib/config');
const utils = require('../lib/utils');
const error = require('../lib/error');
const passthroughHostModel = require('../models/ssl_passthrough_host');

const internalNginx = {

Expand All @@ -22,7 +23,8 @@ const internalNginx = {
* @returns {Promise}
*/
configure: (model, host_type, host) => {
let combined_meta = {};
let combined_meta = {};
const sslPassthroughEnabled = internalNginx.sslPassthroughEnabled();

return internalNginx.test()
.then(() => {
Expand All @@ -33,7 +35,25 @@ const internalNginx = {
return internalNginx.deleteConfig(host_type, host, false, true);
})
.then(() => {
return internalNginx.generateConfig(host_type, host);
if (host_type === 'ssl_passthrough_host' && !sslPassthroughEnabled){
// ssl passthrough is disabled
const meta = {
nginx_online: false,
nginx_err: 'SSL passthrough is not enabled in environment'
};

return passthroughHostModel
.query()
.where('is_deleted', 0)
.andWhere('enabled', 1)
.patch({
meta
}).then(() => {
return internalNginx.deleteConfig('ssl_passthrough_host', host, false);
});
} else {
return internalNginx.generateConfig(host_type, host);
}
})
.then(() => {
// Test nginx again and update meta with result
Expand All @@ -45,12 +65,27 @@ const internalNginx = {
nginx_err: null
});

if (host_type === 'ssl_passthrough_host'){
// If passthrough is disabled we have already marked the hosts as offline
if (sslPassthroughEnabled) {
return passthroughHostModel
.query()
.where('is_deleted', 0)
.andWhere('enabled', 1)
.patch({
meta: combined_meta
});
}
return Promise.resolve();
}

return model
.query()
.where('id', host.id)
.patch({
meta: combined_meta
});

})
.catch((err) => {
// Remove the error_log line because it's a docker-ism false positive that doesn't need to be reported.
Expand All @@ -75,6 +110,18 @@ const internalNginx = {
nginx_err: valid_lines.join('\n')
});

if (host_type === 'ssl_passthrough_host'){
return passthroughHostModel
.query()
.where('is_deleted', 0)
.andWhere('enabled', 1)
.patch({
meta: combined_meta
}).then(() => {
return internalNginx.deleteConfig('ssl_passthrough_host', host, true);
});
}

return model
.query()
.where('id', host.id)
Expand Down Expand Up @@ -127,6 +174,8 @@ const internalNginx = {
getConfigName: (host_type, host_id) => {
if (host_type === 'default') {
return '/data/nginx/default_host/site.conf';
} else if (host_type === 'ssl_passthrough_host') {
return '/data/nginx/ssl_passthrough_host/hosts.conf';
}
return '/data/nginx/' + internalNginx.getFileFriendlyHostType(host_type) + '/' + host_id + '.conf';
},
Expand Down Expand Up @@ -181,7 +230,7 @@ const internalNginx = {
* @param {Object} host
* @returns {Promise}
*/
generateConfig: (host_type, host) => {
generateConfig: async (host_type, host) => {
const nice_host_type = internalNginx.getFileFriendlyHostType(host_type);

if (config.debug()) {
Expand All @@ -190,72 +239,86 @@ const internalNginx = {

const renderEngine = utils.getRenderEngine();

return new Promise((resolve, reject) => {
let template = null;
let filename = internalNginx.getConfigName(nice_host_type, host.id);

try {
template = fs.readFileSync(__dirname + '/../templates/' + nice_host_type + '.conf', {encoding: 'utf8'});
} catch (err) {
reject(new error.ConfigurationError(err.message));
return;
}
let template = null;
let filename = internalNginx.getConfigName(nice_host_type, host.id);

let locationsPromise;
let origLocations;
try {
template = fs.readFileSync(__dirname + '/../templates/' + nice_host_type + '.conf', {encoding: 'utf8'});
} catch (err) {
throw new error.ConfigurationError(err.message);
}

// Manipulate the data a bit before sending it to the template
if (nice_host_type !== 'default') {
host.use_default_location = true;
if (typeof host.advanced_config !== 'undefined' && host.advanced_config) {
host.use_default_location = !internalNginx.advancedConfigHasDefaultLocation(host.advanced_config);
}
let locationsPromise;
let origLocations;

// Manipulate the data a bit before sending it to the template
if (host_type === 'ssl_passthrough_host') {
if (internalNginx.sslPassthroughEnabled()){
const allHosts = await passthroughHostModel
.query()
.where('is_deleted', 0)
.groupBy('id');
host = {
all_passthrough_hosts: allHosts.map((host) => {
// Replace dots in domain
host.forwarding_host = internalNginx.addIpv6Brackets(host.forwarding_host);
return host;
}),
};
} else {
internalNginx.deleteConfig(host_type, host, false);
}

} else if (host_type !== 'default') {
host.use_default_location = true;
if (typeof host.advanced_config !== 'undefined' && host.advanced_config) {
host.use_default_location = !internalNginx.advancedConfigHasDefaultLocation(host.advanced_config);
}
}

if (host.locations) {
//logger.info ('host.locations = ' + JSON.stringify(host.locations, null, 2));
origLocations = [].concat(host.locations);
locationsPromise = internalNginx.renderLocations(host).then((renderedLocations) => {
host.locations = renderedLocations;
});
if (host.locations) {
//logger.info ('host.locations = ' + JSON.stringify(host.locations, null, 2));
origLocations = [].concat(host.locations);
locationsPromise = internalNginx.renderLocations(host).then((renderedLocations) => {
host.locations = renderedLocations;
});

// Allow someone who is using / custom location path to use it, and skip the default / location
_.map(host.locations, (location) => {
if (location.path === '/') {
host.use_default_location = false;
}
});
// Allow someone who is using / custom location path to use it, and skip the default / location
_.map(host.locations, (location) => {
if (location.path === '/') {
host.use_default_location = false;
}
});

} else {
locationsPromise = Promise.resolve();
}
} else {
locationsPromise = Promise.resolve();
}

// Set the IPv6 setting for the host
host.ipv6 = internalNginx.ipv6Enabled();
// Set the IPv6 setting for the host
host.ipv6 = internalNginx.ipv6Enabled();

locationsPromise.then(() => {
renderEngine
.parseAndRender(template, host)
.then((config_text) => {
fs.writeFileSync(filename, config_text, {encoding: 'utf8'});
return locationsPromise.then(() => {
renderEngine
.parseAndRender(template, host)
.then((config_text) => {
fs.writeFileSync(filename, config_text, {encoding: 'utf8'});

if (config.debug()) {
logger.success('Wrote config:', filename, config_text);
}
if (config.debug()) {
logger.success('Wrote config:', filename, config_text);
}

// Restore locations array
host.locations = origLocations;
// Restore locations array
host.locations = origLocations;

resolve(true);
})
.catch((err) => {
if (config.debug()) {
logger.warn('Could not write ' + filename + ':', err.message);
}
return true;
})
.catch((err) => {
if (config.debug()) {
logger.warn('Could not write ' + filename + ':', err.message);
}

reject(new error.ConfigurationError(err.message));
});
});
throw new error.ConfigurationError(err.message);
});
});
},

Expand Down Expand Up @@ -430,6 +493,33 @@ const internalNginx = {
}

return true;
},

/**
* @returns {boolean}
*/
sslPassthroughEnabled: function () {
if (typeof process.env.ENABLE_SSL_PASSTHROUGH !== 'undefined') {
const enabled = process.env.ENABLE_SSL_PASSTHROUGH.toLowerCase();
return (enabled === 'on' || enabled === 'true' || enabled === '1' || enabled === 'yes');
}

return false;
},

/**
* Helper function to add brackets to an IP if it is IPv6
* @returns {string}
*/
addIpv6Brackets: function (ip) {
// Only run check if ipv6 is enabled
if (internalNginx.ipv6Enabled()) {
const ipv6Regex = /^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$/gi;
if (ipv6Regex.test(ip)){
return `[${ip}]`;
}
}
return ip;
}
};

Expand Down
Loading