lasthourcloud/src/lib/letsencrypt.ts

import { dev } from '$app/env';
import { forceSSLOffApplication, forceSSLOnApplication, getNextTransactionId } from '$lib/haproxy';
import { asyncExecShell, getEngine } from './common';
import * as db from '$lib/database';
import cuid from 'cuid';

export async function letsEncrypt({ domain, isCoolify = false, id = null }) {
	try {
		const nakedDomain = domain.replace('www.', '');
		const wwwDomain = `www.${nakedDomain}`;
		const randomCuid = cuid();
		if (dev) {
			return await forceSSLOnApplication({ domain });
		} else {
			if (isCoolify) {
				const { stderr: certError } = await asyncExecShell(
					`docker run --rm --name certbot-${randomCuid} -p 9080:9080 -v "coolify-letsencrypt:/etc/letsencrypt" certbot/certbot --logs-dir /etc/letsencrypt/logs certonly --standalone --preferred-challenges http --http-01-address 0.0.0.0 --http-01-port 9080 -d ${nakedDomain} -d ${wwwDomain} --expand --agree-tos --non-interactive --register-unsafely-without-email`
				);
				if (certError) throw new Error(certError);

				const { stderr: copyError } = await asyncExecShell(
					`docker run --rm -v "coolify-letsencrypt:/etc/letsencrypt" -v "coolify-ssl-certs:/app/ssl" alpine:latest sh -c "test -d /etc/letsencrypt/live/${nakedDomain}/ && cat /etc/letsencrypt/live/${nakedDomain}/fullchain.pem /etc/letsencrypt/live/${nakedDomain}/privkey.pem > /app/ssl/${nakedDomain}.pem || cat /etc/letsencrypt/live/${wwwDomain}/fullchain.pem /etc/letsencrypt/live/${wwwDomain}/privkey.pem > /app/ssl/${wwwDomain}.pem"`
				);
				if (copyError) throw new Error(copyError);
				return;
			}
			let data: any = await db.prisma.application.findUnique({
				where: { id },
				include: { destinationDocker: true }
			});
			if (!data) {
				data = await db.prisma.service.findUnique({
					where: { id },
					include: { destinationDocker: true }
				});
			}
			// Set SSL with Let's encrypt
			if (data.destinationDockerId && data.destinationDocker) {
				const host = getEngine(data.destinationDocker.engine);
				const { stderr: certError } = await asyncExecShell(
					`DOCKER_HOST=${host} docker run --rm --name certbot-${randomCuid} -p 9080:9080 -v "coolify-letsencrypt:/etc/letsencrypt" certbot/certbot --logs-dir /etc/letsencrypt/logs certonly --standalone --preferred-challenges http --http-01-address 0.0.0.0 --http-01-port 9080 -d ${nakedDomain} -d ${wwwDomain} --expand --agree-tos --non-interactive --register-unsafely-without-email`
				);
				if (certError) throw new Error(certError);
				const { stderr: copyError } = await asyncExecShell(
					`DOCKER_HOST=${host} docker run --rm -v "coolify-letsencrypt:/etc/letsencrypt" -v "coolify-ssl-certs:/app/ssl" alpine:latest sh -c "test -d /etc/letsencrypt/live/${nakedDomain}/ && cat /etc/letsencrypt/live/${nakedDomain}/fullchain.pem /etc/letsencrypt/live/${nakedDomain}/privkey.pem > /app/ssl/${nakedDomain}.pem || cat /etc/letsencrypt/live/${wwwDomain}/fullchain.pem /etc/letsencrypt/live/${wwwDomain}/privkey.pem > /app/ssl/${wwwDomain}.pem"`
				);
				if (copyError) throw new Error(copyError);
				await forceSSLOnApplication({ domain });
			}
		}
	} catch (error) {
		throw error;
	}
}
V2 (#111) Just v2 2022-02-10 15:47:44 +01:00			`import { dev } from '$app/env';`
			`import { forceSSLOffApplication, forceSSLOnApplication, getNextTransactionId } from '$lib/haproxy';`
			`import { asyncExecShell, getEngine } from './common';`
			`import * as db from '$lib/database';`
- Rename error handler. - Truncate errors. - Better error tags, release version etc. 2022-02-14 09:28:37 +01:00			`import cuid from 'cuid';`
V2 (#111) Just v2 2022-02-10 15:47:44 +01:00
			`export async function letsEncrypt({ domain, isCoolify = false, id = null }) {`
			`try {`
feat: Generate www & non-www SSL certs 2022-02-15 23:02:03 +01:00			`const nakedDomain = domain.replace('www.', '');`
			const wwwDomain = `www.${nakedDomain}`;
- Rename error handler. - Truncate errors. - Better error tags, release version etc. 2022-02-14 09:28:37 +01:00			`const randomCuid = cuid();`
V2 (#111) Just v2 2022-02-10 15:47:44 +01:00			`if (dev) {`
			`return await forceSSLOnApplication({ domain });`
			`} else {`
			`if (isCoolify) {`
Fix 2022-02-15 23:38:10 +01:00			`const { stderr: certError } = await asyncExecShell(`
Expand flag for lets encrypt 2022-02-15 23:12:28 +01:00			`docker run --rm --name certbot-${randomCuid} -p 9080:9080 -v "coolify-letsencrypt:/etc/letsencrypt" certbot/certbot --logs-dir /etc/letsencrypt/logs certonly --standalone --preferred-challenges http --http-01-address 0.0.0.0 --http-01-port 9080 -d ${nakedDomain} -d ${wwwDomain} --expand --agree-tos --non-interactive --register-unsafely-without-email`
V2 (#111) Just v2 2022-02-10 15:47:44 +01:00			`);`
Fix 2022-02-15 23:38:10 +01:00			`if (certError) throw new Error(certError);`
V2 (#111) Just v2 2022-02-10 15:47:44 +01:00
Fix 2022-02-15 23:38:10 +01:00			`const { stderr: copyError } = await asyncExecShell(`
			`docker run --rm -v "coolify-letsencrypt:/etc/letsencrypt" -v "coolify-ssl-certs:/app/ssl" alpine:latest sh -c "test -d /etc/letsencrypt/live/${nakedDomain}/ && cat /etc/letsencrypt/live/${nakedDomain}/fullchain.pem /etc/letsencrypt/live/${nakedDomain}/privkey.pem > /app/ssl/${nakedDomain}.pem \|\| cat /etc/letsencrypt/live/${wwwDomain}/fullchain.pem /etc/letsencrypt/live/${wwwDomain}/privkey.pem > /app/ssl/${wwwDomain}.pem"`
V2 (#111) Just v2 2022-02-10 15:47:44 +01:00			`);`
Fix 2022-02-15 23:38:10 +01:00			`if (copyError) throw new Error(copyError);`
V2 (#111) Just v2 2022-02-10 15:47:44 +01:00			`return;`
			`}`
			`let data: any = await db.prisma.application.findUnique({`
			`where: { id },`
			`include: { destinationDocker: true }`
			`});`
			`if (!data) {`
			`data = await db.prisma.service.findUnique({`
			`where: { id },`
			`include: { destinationDocker: true }`
			`});`
			`}`
			`// Set SSL with Let's encrypt`
			`if (data.destinationDockerId && data.destinationDocker) {`
			`const host = getEngine(data.destinationDocker.engine);`
Fix 2022-02-15 23:38:10 +01:00			`const { stderr: certError } = await asyncExecShell(`
Expand flag for lets encrypt 2022-02-15 23:12:28 +01:00			`DOCKER_HOST=${host} docker run --rm --name certbot-${randomCuid} -p 9080:9080 -v "coolify-letsencrypt:/etc/letsencrypt" certbot/certbot --logs-dir /etc/letsencrypt/logs certonly --standalone --preferred-challenges http --http-01-address 0.0.0.0 --http-01-port 9080 -d ${nakedDomain} -d ${wwwDomain} --expand --agree-tos --non-interactive --register-unsafely-without-email`
V2 (#111) Just v2 2022-02-10 15:47:44 +01:00			`);`
Fix 2022-02-15 23:38:10 +01:00			`if (certError) throw new Error(certError);`
			`const { stderr: copyError } = await asyncExecShell(`
			`DOCKER_HOST=${host} docker run --rm -v "coolify-letsencrypt:/etc/letsencrypt" -v "coolify-ssl-certs:/app/ssl" alpine:latest sh -c "test -d /etc/letsencrypt/live/${nakedDomain}/ && cat /etc/letsencrypt/live/${nakedDomain}/fullchain.pem /etc/letsencrypt/live/${nakedDomain}/privkey.pem > /app/ssl/${nakedDomain}.pem \|\| cat /etc/letsencrypt/live/${wwwDomain}/fullchain.pem /etc/letsencrypt/live/${wwwDomain}/privkey.pem > /app/ssl/${wwwDomain}.pem"`
V2 (#111) Just v2 2022-02-10 15:47:44 +01:00			`);`
Fix 2022-02-15 23:38:10 +01:00			`if (copyError) throw new Error(copyError);`
V2 (#111) Just v2 2022-02-10 15:47:44 +01:00			`await forceSSLOnApplication({ domain });`
			`}`
			`}`
			`} catch (error) {`
			`throw error;`
			`}`
			`}`