Shiloh/lasthourcloud
Shiloh/lasthourcloud
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases 4 Wiki Activity

fix: scp without host verification & cert copy

Browse Source
This commit is contained in:
Andras Bacsai 2022-09-26 09:52:04 +02:00
parent d8ce673088
commit 6f57298cbb
2 changed files with 36 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
apps/api/src/jobs/infrastructure.ts
View File

@ -53,38 +53,22 @@ async function checkFluentBit() {
} }
} }
} }
async function copySSLCertificates() { async function copyRemoteCertificates(certificate: any, dockerId: string, remoteIpAddress: string) {
try {
const certificates = await prisma.certificate.findMany({ include: { team: true } })
const teamIds = certificates.map(c => c.teamId)
const destinations = await prisma.destinationDocker.findMany({ where: { isCoolifyProxyUsed: true, teams: { some: { id: { in: [...teamIds] } } } } })
for (const destination of destinations) {
if (destination.remoteEngine) {
const { id: dockerId, remoteIpAddress, remoteVerified } = destination
if (!remoteVerified) {
continue;
}
for (const certificate of certificates) {
try { try {
const { id, key, cert } = certificate const { id, key, cert } = certificate
const decryptedKey = decrypt(key) const decryptedKey = decrypt(key)
await fs.writeFile(`/tmp/${id}-key.pem`, decryptedKey) await fs.writeFile(`/tmp/${id}-key.pem`, decryptedKey)
await fs.writeFile(`/tmp/${id}-cert.pem`, cert) await fs.writeFile(`/tmp/${id}-cert.pem`, cert)
await asyncExecShell(`scp /tmp/${id}-cert.pem /tmp/${id}-key.pem ${remoteIpAddress}:/tmp/`) await asyncExecShell(`scp /tmp/${id}-cert.pem /tmp/${id}-key.pem ${remoteIpAddress}:/tmp/`)
await fs.rm(`/tmp/${id}-key.pem`)
await fs.rm(`/tmp/${id}-cert.pem`)
await executeSSHCmd({ dockerId, command: `docker exec coolify-proxy sh -c 'test -d /etc/traefik/acme/custom/ || mkdir -p /etc/traefik/acme/custom/'` }) await executeSSHCmd({ dockerId, command: `docker exec coolify-proxy sh -c 'test -d /etc/traefik/acme/custom/ || mkdir -p /etc/traefik/acme/custom/'` })
await executeSSHCmd({ dockerId, command: `docker cp /tmp/${id}-key.pem coolify-proxy:/etc/traefik/acme/custom/ && rm /tmp/${id}-key.pem` }) await executeSSHCmd({ dockerId, command: `docker cp /tmp/${id}-key.pem coolify-proxy:/etc/traefik/acme/custom/` })
await executeSSHCmd({ dockerId, command: `docker cp /tmp/${id}-cert.pem coolify-proxy:/etc/traefik/acme/custom/ && rm /tmp/${id}-cert.pem` }) await executeSSHCmd({ dockerId, command: `docker cp /tmp/${id}-cert.pem coolify-proxy:/etc/traefik/acme/custom/` })
} catch (error) { } catch (error) {
console.log('Error copying SSL certificates to remote engine', error) console.log('Error copying SSL certificates to remote engine', error)
} }
} }
async function copyLocalCertificates(certificate: any) {
} else {
for (const certificate of certificates) {
try { try {
const { id, key, cert } = certificate const { id, key, cert } = certificate
const decryptedKey = decrypt(key) const decryptedKey = decrypt(key)
@ -93,16 +77,37 @@ async function copySSLCertificates() {
await fs.writeFile(`/tmp/${id}-cert.pem`, cert) await fs.writeFile(`/tmp/${id}-cert.pem`, cert)
await asyncExecShell(`docker cp /tmp/${id}-key.pem coolify-proxy:/etc/traefik/acme/custom/`) await asyncExecShell(`docker cp /tmp/${id}-key.pem coolify-proxy:/etc/traefik/acme/custom/`)
await asyncExecShell(`docker cp /tmp/${id}-cert.pem coolify-proxy:/etc/traefik/acme/custom/`) await asyncExecShell(`docker cp /tmp/${id}-cert.pem coolify-proxy:/etc/traefik/acme/custom/`)
await fs.rm(`/tmp/${id}-key.pem`)
await fs.rm(`/tmp/${id}-cert.pem`)
} catch (error) { } catch (error) {
console.log('Error copying SSL certificates to remote engine', error) console.log('Error copying SSL certificates to remote engine', error)
} }
} }
async function copySSLCertificates() {
try {
const certificates = await prisma.certificate.findMany({ include: { team: true } })
const teamIds = certificates.map(c => c.teamId)
const destinations = await prisma.destinationDocker.findMany({ where: { isCoolifyProxyUsed: true, teams: { some: { id: { in: [...teamIds] } } } } })
let promises = []
for (const destination of destinations) {
if (destination.remoteEngine) {
const { id: dockerId, remoteIpAddress, remoteVerified } = destination
if (!remoteVerified) {
continue;
}
for (const certificate of certificates) {
promises.push(copyRemoteCertificates(certificate, dockerId, remoteIpAddress))
}
} else {
for (const certificate of certificates) {
promises.push(copyLocalCertificates(certificate))
} }
} }
}
await Promise.all(promises)
} catch (error) { } catch (error) {
console.log('Error copying SSL certificates', error) console.log('Error copying SSL certificates', error)
} finally {
await asyncExecShell(`find /tmp/ -maxdepth 1 -type f -name '*-*.pem' -delete`)
} }
} }
async function checkProxies() { async function checkProxies() {

1
apps/api/src/lib/common.ts
View File

@ -531,6 +531,7 @@ export async function createRemoteEngineConfiguration(id: string) {
if (!foundWildcard) { if (!foundWildcard) {
config.append({ config.append({
Host: '*', Host: '*',
StrictHostKeyChecking: 'no',
ControlMaster: 'auto', ControlMaster: 'auto',
ControlPath: `${homedir}/.ssh/coolify-%r@%h:%p`, ControlPath: `${homedir}/.ssh/coolify-%r@%h:%p`,
}) })