Add ability to mark a node as being over a proxy
This commit is contained in:
Dane Everitt
parent
801aae968c
commit
3ee7b7cff1
7 changed files with 86 additions and 21 deletions
|
|
@ -11,6 +11,7 @@ This project follows [Semantic Versioning](http://semver.org) guidelines.
|
||||||
* Added new scripts for service options that allows installation of software in a privileged Docker container on the node prior to marking a server as installed.
|
* Added new scripts for service options that allows installation of software in a privileged Docker container on the node prior to marking a server as installed.
|
||||||
* Added ability to reinstall a server using the currently assigned service and option.
|
* Added ability to reinstall a server using the currently assigned service and option.
|
||||||
* Added ability to change a server's service and service option, as well as change pack assignments and other management services in that regard.
|
* Added ability to change a server's service and service option, as well as change pack assignments and other management services in that regard.
|
||||||
|
* Added support for using a proxy such as Cloudflare with a node connection. Previously there was no way to tell the panel to connect over SSL without marking the Daemon as also using SSL.
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
* Environment setting commands now attempt to auto-quote strings with spaces in them, as well as comment lines that are edited to avoid manual changes being overwritten.
|
* Environment setting commands now attempt to auto-quote strings with spaces in them, as well as comment lines that are edited to avoid manual changes being overwritten.
|
||||||
|
|
|
||||||
|
|
@ -88,7 +88,7 @@ class NodesController extends Controller
|
||||||
]),
|
]),
|
||||||
$request->intersect([
|
$request->intersect([
|
||||||
'name', 'location_id', 'fqdn',
|
'name', 'location_id', 'fqdn',
|
||||||
'scheme', 'memory', 'disk',
|
'scheme', 'memory', 'disk', 'behind_proxy',
|
||||||
'daemonBase', 'daemonSFTP', 'daemonListen',
|
'daemonBase', 'daemonSFTP', 'daemonListen',
|
||||||
])
|
])
|
||||||
));
|
));
|
||||||
|
|
@ -218,7 +218,7 @@ class NodesController extends Controller
|
||||||
'public', 'disk_overallocate', 'memory_overallocate',
|
'public', 'disk_overallocate', 'memory_overallocate',
|
||||||
]),
|
]),
|
||||||
$request->intersect([
|
$request->intersect([
|
||||||
'name', 'location_id', 'fqdn',
|
'name', 'location_id', 'fqdn', 'behind_proxy',
|
||||||
'scheme', 'memory', 'disk', 'upload_size',
|
'scheme', 'memory', 'disk', 'upload_size',
|
||||||
'reset_secret', 'daemonSFTP', 'daemonListen',
|
'reset_secret', 'daemonSFTP', 'daemonListen',
|
||||||
])
|
])
|
||||||
|
|
|
||||||
|
|
@ -59,6 +59,7 @@ class Node extends Model
|
||||||
'disk' => 'integer',
|
'disk' => 'integer',
|
||||||
'daemonListen' => 'integer',
|
'daemonListen' => 'integer',
|
||||||
'daemonSFTP' => 'integer',
|
'daemonSFTP' => 'integer',
|
||||||
|
'behind_proxy' => 'boolean',
|
||||||
];
|
];
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -68,8 +69,8 @@ class Node extends Model
|
||||||
*/
|
*/
|
||||||
protected $fillable = [
|
protected $fillable = [
|
||||||
'public', 'name', 'location_id',
|
'public', 'name', 'location_id',
|
||||||
'fqdn', 'scheme', 'memory',
|
'fqdn', 'scheme', 'behind_proxy',
|
||||||
'memory_overallocate', 'disk',
|
'memory', 'memory_overallocate', 'disk',
|
||||||
'disk_overallocate', 'upload_size',
|
'disk_overallocate', 'upload_size',
|
||||||
'daemonSecret', 'daemonBase',
|
'daemonSecret', 'daemonBase',
|
||||||
'daemonSFTP', 'daemonListen',
|
'daemonSFTP', 'daemonListen',
|
||||||
|
|
@ -121,7 +122,7 @@ class Node extends Model
|
||||||
'host' => '0.0.0.0',
|
'host' => '0.0.0.0',
|
||||||
'listen' => $this->daemonListen,
|
'listen' => $this->daemonListen,
|
||||||
'ssl' => [
|
'ssl' => [
|
||||||
'enabled' => $this->scheme === 'https',
|
'enabled' => (! $this->behind_proxy && $this->scheme === 'https'),
|
||||||
'certificate' => '/etc/letsencrypt/live/' . $this->fqdn . '/fullchain.pem',
|
'certificate' => '/etc/letsencrypt/live/' . $this->fqdn . '/fullchain.pem',
|
||||||
'key' => '/etc/letsencrypt/live/' . $this->fqdn . '/privkey.pem',
|
'key' => '/etc/letsencrypt/live/' . $this->fqdn . '/privkey.pem',
|
||||||
],
|
],
|
||||||
|
|
@ -143,7 +144,7 @@ class Node extends Model
|
||||||
'count' => 3,
|
'count' => 3,
|
||||||
],
|
],
|
||||||
'remote' => [
|
'remote' => [
|
||||||
'base' => config('app.url'),
|
'base' => route('index'),
|
||||||
'download' => route('remote.download'),
|
'download' => route('remote.download'),
|
||||||
'installed' => route('remote.install'),
|
'installed' => route('remote.install'),
|
||||||
],
|
],
|
||||||
|
|
|
||||||
|
|
@ -52,6 +52,7 @@ class NodeRepository
|
||||||
'public' => 'required|numeric|between:0,1',
|
'public' => 'required|numeric|between:0,1',
|
||||||
'fqdn' => 'required|string|unique:nodes,fqdn',
|
'fqdn' => 'required|string|unique:nodes,fqdn',
|
||||||
'scheme' => 'required|regex:/^(http(s)?)$/',
|
'scheme' => 'required|regex:/^(http(s)?)$/',
|
||||||
|
'behind_proxy' => 'required|boolean',
|
||||||
'memory' => 'required|numeric|min:1',
|
'memory' => 'required|numeric|min:1',
|
||||||
'memory_overallocate' => 'required|numeric|min:-1',
|
'memory_overallocate' => 'required|numeric|min:-1',
|
||||||
'disk' => 'required|numeric|min:1',
|
'disk' => 'required|numeric|min:1',
|
||||||
|
|
@ -109,6 +110,7 @@ class NodeRepository
|
||||||
'public' => 'numeric|between:0,1',
|
'public' => 'numeric|between:0,1',
|
||||||
'fqdn' => 'string|unique:nodes,fqdn,' . $id,
|
'fqdn' => 'string|unique:nodes,fqdn,' . $id,
|
||||||
'scheme' => 'regex:/^(http(s)?)$/',
|
'scheme' => 'regex:/^(http(s)?)$/',
|
||||||
|
'behind_proxy' => 'boolean',
|
||||||
'memory' => 'numeric|min:1',
|
'memory' => 'numeric|min:1',
|
||||||
'memory_overallocate' => 'numeric|min:-1',
|
'memory_overallocate' => 'numeric|min:-1',
|
||||||
'disk' => 'numeric|min:1',
|
'disk' => 'numeric|min:1',
|
||||||
|
|
@ -166,7 +168,7 @@ class NodeRepository
|
||||||
'web' => [
|
'web' => [
|
||||||
'listen' => $node->daemonListen,
|
'listen' => $node->daemonListen,
|
||||||
'ssl' => [
|
'ssl' => [
|
||||||
'enabled' => ($node->scheme === 'https'),
|
'enabled' => (! $node->behind_proxy && $node->scheme === 'https'),
|
||||||
],
|
],
|
||||||
],
|
],
|
||||||
'sftp' => [
|
'sftp' => [
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,32 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
use Illuminate\Support\Facades\Schema;
|
||||||
|
use Illuminate\Database\Schema\Blueprint;
|
||||||
|
use Illuminate\Database\Migrations\Migration;
|
||||||
|
|
||||||
|
class AddAbilityToDefineConnectionOverSSLWithDaemonBehindProxy extends Migration
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Run the migrations.
|
||||||
|
*
|
||||||
|
* @return void
|
||||||
|
*/
|
||||||
|
public function up()
|
||||||
|
{
|
||||||
|
Schema::table('nodes', function (Blueprint $table) {
|
||||||
|
$table->boolean('behind_proxy')->after('scheme')->default(false);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Reverse the migrations.
|
||||||
|
*
|
||||||
|
* @return void
|
||||||
|
*/
|
||||||
|
public function down()
|
||||||
|
{
|
||||||
|
Schema::table('nodes', function (Blueprint $table) {
|
||||||
|
$table->dropColumn('behind_proxy');
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -78,19 +78,28 @@
|
||||||
<div>
|
<div>
|
||||||
<div class="radio radio-success radio-inline">
|
<div class="radio radio-success radio-inline">
|
||||||
<input type="radio" id="pSSLTrue" value="https" name="scheme" checked>
|
<input type="radio" id="pSSLTrue" value="https" name="scheme" checked>
|
||||||
<label for="pSSLTrue"> Enable SSL </label>
|
<label for="pSSLTrue"> Use SSL Connection</label>
|
||||||
</div>
|
</div>
|
||||||
<div class="radio radio-danger radio-inline">
|
<div class="radio radio-danger radio-inline">
|
||||||
<input type="radio" id="pSSLFalse" value="http" name="scheme">
|
<input type="radio" id="pSSLFalse" value="http" name="scheme">
|
||||||
<label for="pSSLFalse"> Disable SSL </label>
|
<label for="pSSLFalse"> Use HTTP Connection</label>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<p class="text-muted small">SSL should only be disabled if this node is assigned an IP address as the FQDN and not an actual FQDN. Disabling SSL could allow a malicious user to intercept traffic between the panel and the daemon potentially exposing sensitive information.</p>
|
<p class="text-muted small">In most cases you should select to use a SSL connection. If using an IP Address or you do not wish to use SSL at all, select a HTTP connection.</p>
|
||||||
</div>
|
</div>
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label for="pDaemonBase" class="form-label">Daemon Server File Directory</label>
|
<label class="form-label">Behind Proxy</label>
|
||||||
<input type="text" name="daemonBase" id="pDaemonBase" class="form-control" value="/srv/daemon-data" />
|
<div>
|
||||||
<p class="text-muted small">Enter the directory where server files should be stored. <strong>If you use OVH you should check your partition scheme. You may need to use <code>/home/daemon-data</code> to have enough space.</strong></p>
|
<div class="radio radio-success radio-inline">
|
||||||
|
<input type="radio" id="pProxyFalse" value="0" name="behind_proxy" checked>
|
||||||
|
<label for="pProxyFalse"> Not Behind Proxy </label>
|
||||||
|
</div>
|
||||||
|
<div class="radio radio-info radio-inline">
|
||||||
|
<input type="radio" id="pProxyTrue" value="1" name="behind_proxy">
|
||||||
|
<label for="pProxyTrue"> Behind Proxy </label>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<p class="text-muted small">If you are running the daemon behind a proxy such as Cloudflare, select this to have the daemon skip looking for certificates on boot.</p>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
@ -102,6 +111,11 @@
|
||||||
</div>
|
</div>
|
||||||
<div class="box-body">
|
<div class="box-body">
|
||||||
<div class="row">
|
<div class="row">
|
||||||
|
<div class="form-group col-xs-12">
|
||||||
|
<label for="pDaemonBase" class="form-label">Daemon Server File Directory</label>
|
||||||
|
<input type="text" name="daemonBase" id="pDaemonBase" class="form-control" value="/srv/daemon-data" />
|
||||||
|
<p class="text-muted small">Enter the directory where server files should be stored. <strong>If you use OVH you should check your partition scheme. You may need to use <code>/home/daemon-data</code> to have enough space.</strong></p>
|
||||||
|
</div>
|
||||||
<div class="form-group col-md-6">
|
<div class="form-group col-md-6">
|
||||||
<label for="pMemory" class="form-label">Total Memory</label>
|
<label for="pMemory" class="form-label">Total Memory</label>
|
||||||
<div class="input-group">
|
<div class="input-group">
|
||||||
|
|
|
||||||
|
|
@ -89,18 +89,33 @@
|
||||||
</small></p>
|
</small></p>
|
||||||
</div>
|
</div>
|
||||||
<div class="form-group col-xs-12">
|
<div class="form-group col-xs-12">
|
||||||
<label for="scheme" class="control-label"><span class="label label-warning"><i class="fa fa-power-off"></i></span> Secure Socket Layer</label>
|
<label class="form-label"><span class="label label-warning"><i class="fa fa-power-off"></i></span> Communicate Over SSL</label>
|
||||||
<div class="row" style="padding: 7px 0;">
|
<div>
|
||||||
<div class="col-xs-6">
|
<div class="radio radio-success radio-inline">
|
||||||
<input type="radio" name="scheme" value="https" id="scheme_ssl" {{ (old('scheme', $node->scheme) === 'https') ? 'checked' : '' }}/> <label for="scheme_ssl" style="padding-left: 5px;">Enable HTTPS/SSL</label>
|
<input type="radio" id="pSSLTrue" value="https" name="scheme" {{ (old('scheme', $node->scheme) === 'https') ? 'checked' : '' }}>
|
||||||
|
<label for="pSSLTrue"> Use SSL Connection</label>
|
||||||
</div>
|
</div>
|
||||||
<div class="col-xs-6">
|
<div class="radio radio-danger radio-inline">
|
||||||
<input type="radio" name="scheme" value="http" id="scheme_nossl" {{ (old('scheme', $node->scheme) === 'http') ? 'checked' : '' }}/> <label for="scheme_nossl" style="padding-left: 5px;">Disable HTTPS/SSL</label>
|
<input type="radio" id="pSSLFalse" value="http" name="scheme" {{ (old('scheme', $node->scheme) !== 'https') ? 'checked' : '' }}>
|
||||||
|
<label for="pSSLFalse"> Use HTTP Connection</label>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<p class="text-muted"><small>You should always leave SSL enabled for nodes. Disabling SSL could allow a malicious user to intercept traffic between the panel and the daemon potentially exposing sensitive information.</small></p>
|
<p class="text-muted small">In most cases you should select to use a SSL connection. If using an IP Address or you do not wish to use SSL at all, select a HTTP connection.</p>
|
||||||
|
</div>
|
||||||
|
<div class="form-group col-xs-12">
|
||||||
|
<label class="form-label"><span class="label label-warning"><i class="fa fa-power-off"></i></span> Behind Proxy</label>
|
||||||
|
<div>
|
||||||
|
<div class="radio radio-success radio-inline">
|
||||||
|
<input type="radio" id="pProxyFalse" value="0" name="behind_proxy" {{ (old('behind_proxy', $node->behind_proxy) == false) ? 'checked' : '' }}>
|
||||||
|
<label for="pProxyFalse"> Not Behind Proxy </label>
|
||||||
|
</div>
|
||||||
|
<div class="radio radio-info radio-inline">
|
||||||
|
<input type="radio" id="pProxyTrue" value="1" name="behind_proxy" {{ (old('behind_proxy', $node->behind_proxy) == true) ? 'checked' : '' }}>
|
||||||
|
<label for="pProxyTrue"> Behind Proxy </label>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<p class="text-muted small">If you are running the daemon behind a proxy such as Cloudflare, select this to have the daemon skip looking for certificates on boot.</p>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue