Merge pull request #439 from coollabsio/next

v2.9.2
2022-05-31 20:54:55 +02:00 · 2022-05-31 20:54:55 +02:00 · 5c6fcfebf9
commit 5c6fcfebf9
parent db9db61d92 84cfe6fb42
7 changed files with 50 additions and 12011 deletions
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -1,7 +1,7 @@
 {
 	"name": "coolify",
 	"description": "An open-source & self-hostable Heroku / Netlify alternative.",
-	"version": "2.9.1",
+	"version": "2.9.2",
 	"license": "AGPL-3.0",
 	"scripts": {
 		"dev": "docker-compose -f docker-compose-dev.yaml up -d && cross-env NODE_ENV=development & svelte-kit dev --host 0.0.0.0",
--- a/prisma/seed.cjs
+++ b/prisma/seed.cjs
@ -5,6 +5,12 @@ const prisma = new PrismaClient();
 const crypto = require('crypto');
 const generator = require('generate-password');
 const cuid = require('cuid');
+const compare = require('compare-versions');
+const { version } = require('../package.json');
+const child = require('child_process');
+const util = require('util');
+
+const algorithm = 'aes-256-ctr';

 function generatePassword(length = 24) {
 	return generator.generate({
@ -13,7 +19,7 @@ function generatePassword(length = 24) {
 		strict: true
 	});
 }
-const algorithm = 'aes-256-ctr';
+const asyncExecShell = util.promisify(child.exec);

 async function main() {
 	// Enable registration for the first user
@ -64,6 +70,42 @@ async function main() {
 			}
 		});
 	}
+	if (compare('2.9.2', version) >= 0) {
+		// Force stop Coolify Proxy, as it had a bug in < 2.9.2. TrustProxy + api.insecure
+		try {
+			await asyncExecShell(`docker stop -t 0 coolify-proxy && docker rm coolify-proxy`);
+			const { stdout: Config } = await asyncExecShell(
+				`docker network inspect bridge --format '{{json .IPAM.Config }}'`
+			);
+			const ip = JSON.parse(Config)[0].Gateway;
+			await asyncExecShell(
+				`docker run --restart always \
+				--add-host 'host.docker.internal:host-gateway' \
+				--add-host 'host.docker.internal:${ip}' \
+				-v coolify-traefik-letsencrypt:/etc/traefik/acme \
+				-v /var/run/docker.sock:/var/run/docker.sock \
+				--network coolify-infra \
+				-p "80:80" \
+				-p "443:443" \
+				--name coolify-proxy \
+				-d traefik:v2.6 \
+				--entrypoints.web.address=:80 \
+				--entrypoints.web.forwardedHeaders.insecure=true \
+				--entrypoints.websecure.address=:443 \
+				--entrypoints.websecure.forwardedHeaders.insecure=true \
+				--providers.docker=true \
+				--providers.docker.exposedbydefault=false \
+				--providers.http.endpoint=http://coolify:3000/webhooks/traefik/main.json \
+				--providers.http.pollTimeout=5s \
+				--certificatesresolvers.letsencrypt.acme.httpchallenge=true \
+				--certificatesresolvers.letsencrypt.acme.storage=/etc/traefik/acme/acme.json \
+				--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web \
+				--log.level=error`
+			);
+		} catch (error) {
+			console.log(error);
+		}
+	}
 }
 main()
 	.catch((e) => {
--- a/src/lib/haproxy/index.ts
+++ b/src/lib/haproxy/index.ts
@ -161,6 +161,7 @@ export async function startTraefikTCPProxy(
 						image: 'traefik:v2.6',
 						command: [
 							`--entrypoints.tcp.address=:${publicPort}`,
+							`--entryPoints.tcp.forwardedHeaders.insecure=true`,
 							`--providers.http.endpoint=${otherTraefikEndpoint}?id=${id}&privatePort=${privatePort}&publicPort=${publicPort}&type=tcp&address=${dependentId}`,
 							'--providers.http.pollTimeout=2s',
 							'--log.level=error'
@ -257,6 +258,7 @@ export async function startTraefikHTTPProxy(
 						image: 'traefik:v2.6',
 						command: [
 							`--entrypoints.http.address=:${publicPort}`,
+							`--entryPoints.http.forwardedHeaders.insecure=true`,
 							`--providers.http.endpoint=${otherTraefikEndpoint}?id=${id}&privatePort=${privatePort}&publicPort=${publicPort}&type=http`,
 							'--providers.http.pollTimeout=2s',
 							'--certificatesresolvers.letsencrypt.acme.httpchallenge=true',
@ -368,12 +370,12 @@ export async function startTraefikProxy(engine: string): Promise<void> {
 			--network coolify-infra \
 			-p "80:80" \
 			-p "443:443" \
-			-p "8080:8080" \
 			--name coolify-proxy \
 			-d ${defaultTraefikImage} \
-			--api.insecure=true \
 			--entrypoints.web.address=:80 \
+			--entrypoints.web.forwardedHeaders.insecure=true \
 			--entrypoints.websecure.address=:443 \
+			--entrypoints.websecure.forwardedHeaders.insecure=true \
 			--providers.docker=true \
 			--providers.docker.exposedbydefault=false \
 			--providers.http.endpoint=${mainTraefikEndpoint} \
--- a/src/lib/importers/github.ts
+++ b/src/lib/importers/github.ts
@ -49,7 +49,7 @@ export default async function ({
 		applicationId
 	});
 	await asyncExecShell(
-		`GIT_SSH_COMMAND='ssh -o StrictHostKeyChecking=no' git clone -q -b ${branch} https://x-access-token:${token}@${url}/${repository}.git ${workdir}/ && cd ${workdir} && git submodule update --init --recursive && git lfs pull && cd .. `
+		`GIT_SSH_COMMAND='ssh -o StrictHostKeyChecking=no' git clone -q -b ${branch} https://x-access-token:${token}@${url}/${repository}.git ${workdir}/ && cd ${workdir} && GIT_SSH_COMMAND='ssh -o StrictHostKeyChecking=no' git submodule update --init --recursive && GIT_SSH_COMMAND='ssh -o StrictHostKeyChecking=no' git lfs pull && cd .. `
 	);
 	const { stdout: commit } = await asyncExecShell(`cd ${workdir}/ && git rev-parse HEAD`);
 	return commit.replace('\n', '');
--- a/src/lib/importers/gitlab.ts
+++ b/src/lib/importers/gitlab.ts
@ -31,7 +31,7 @@ export default async function ({
 	});

 	await asyncExecShell(
-		`GIT_SSH_COMMAND='ssh -o StrictHostKeyChecking=no' git clone -q -b ${branch} git@${url}:${repository}.git --config core.sshCommand="ssh -q -i ${repodir}id.rsa -o StrictHostKeyChecking=no" ${workdir}/ && cd ${workdir}/ && git submodule update --init --recursive && git lfs pull && cd .. `
+		`GIT_SSH_COMMAND='ssh -o StrictHostKeyChecking=no' git clone -q -b ${branch} git@${url}:${repository}.git --config core.sshCommand="ssh -q -i ${repodir}id.rsa -o StrictHostKeyChecking=no" ${workdir}/ && cd ${workdir}/ && GIT_SSH_COMMAND='ssh -o StrictHostKeyChecking=no' git submodule update --init --recursive && GIT_SSH_COMMAND='ssh -o StrictHostKeyChecking=no' git lfs pull && cd .. `
 	);
 	const { stdout: commit } = await asyncExecShell(`cd ${workdir}/ && git rev-parse HEAD`);
 	return commit.replace('\n', '');
--- a/src/routes/update.json.ts
+++ b/src/routes/update.json.ts
@ -6,7 +6,6 @@ import * as db from '$lib/database';
 import type { RequestHandler } from '@sveltejs/kit';
 import compare from 'compare-versions';
 import got from 'got';
-import { checkContainer, startCoolifyProxy, startTraefikProxy } from '$lib/haproxy';

 export const get: RequestHandler = async (request) => {
 	try {