diff --git a/CHANGELOG.md b/CHANGELOG.md index 860db8c76..532e6bad9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,7 @@ This project follows [Semantic Versioning](http://semver.org) guidelines. * Added new scripts for service options that allows installation of software in a privileged Docker container on the node prior to marking a server as installed. * Added ability to reinstall a server using the currently assigned service and option. * Added ability to change a server's service and service option, as well as change pack assignments and other management services in that regard. +* Added support for using a proxy such as Cloudflare with a node connection. Previously there was no way to tell the panel to connect over SSL without marking the Daemon as also using SSL. ### Changed * Environment setting commands now attempt to auto-quote strings with spaces in them, as well as comment lines that are edited to avoid manual changes being overwritten. diff --git a/app/Http/Controllers/Admin/NodesController.php b/app/Http/Controllers/Admin/NodesController.php index 1300b9643..653992ce9 100644 --- a/app/Http/Controllers/Admin/NodesController.php +++ b/app/Http/Controllers/Admin/NodesController.php @@ -88,7 +88,7 @@ class NodesController extends Controller ]), $request->intersect([ 'name', 'location_id', 'fqdn', - 'scheme', 'memory', 'disk', + 'scheme', 'memory', 'disk', 'behind_proxy', 'daemonBase', 'daemonSFTP', 'daemonListen', ]) )); @@ -218,7 +218,7 @@ class NodesController extends Controller 'public', 'disk_overallocate', 'memory_overallocate', ]), $request->intersect([ - 'name', 'location_id', 'fqdn', + 'name', 'location_id', 'fqdn', 'behind_proxy', 'scheme', 'memory', 'disk', 'upload_size', 'reset_secret', 'daemonSFTP', 'daemonListen', ]) diff --git a/app/Models/Node.php b/app/Models/Node.php index 5b0464561..62b4c891a 100644 --- a/app/Models/Node.php +++ b/app/Models/Node.php @@ -59,6 +59,7 @@ class Node extends Model 'disk' => 'integer', 'daemonListen' => 'integer', 'daemonSFTP' => 'integer', + 'behind_proxy' => 'boolean', ]; /** @@ -68,8 +69,8 @@ class Node extends Model */ protected $fillable = [ 'public', 'name', 'location_id', - 'fqdn', 'scheme', 'memory', - 'memory_overallocate', 'disk', + 'fqdn', 'scheme', 'behind_proxy', + 'memory', 'memory_overallocate', 'disk', 'disk_overallocate', 'upload_size', 'daemonSecret', 'daemonBase', 'daemonSFTP', 'daemonListen', @@ -121,7 +122,7 @@ class Node extends Model 'host' => '0.0.0.0', 'listen' => $this->daemonListen, 'ssl' => [ - 'enabled' => $this->scheme === 'https', + 'enabled' => (! $this->behind_proxy && $this->scheme === 'https'), 'certificate' => '/etc/letsencrypt/live/' . $this->fqdn . '/fullchain.pem', 'key' => '/etc/letsencrypt/live/' . $this->fqdn . '/privkey.pem', ], @@ -143,7 +144,7 @@ class Node extends Model 'count' => 3, ], 'remote' => [ - 'base' => config('app.url'), + 'base' => route('index'), 'download' => route('remote.download'), 'installed' => route('remote.install'), ], diff --git a/app/Repositories/NodeRepository.php b/app/Repositories/NodeRepository.php index 0b361c3d5..6cb61daa1 100644 --- a/app/Repositories/NodeRepository.php +++ b/app/Repositories/NodeRepository.php @@ -52,6 +52,7 @@ class NodeRepository 'public' => 'required|numeric|between:0,1', 'fqdn' => 'required|string|unique:nodes,fqdn', 'scheme' => 'required|regex:/^(http(s)?)$/', + 'behind_proxy' => 'required|boolean', 'memory' => 'required|numeric|min:1', 'memory_overallocate' => 'required|numeric|min:-1', 'disk' => 'required|numeric|min:1', @@ -109,6 +110,7 @@ class NodeRepository 'public' => 'numeric|between:0,1', 'fqdn' => 'string|unique:nodes,fqdn,' . $id, 'scheme' => 'regex:/^(http(s)?)$/', + 'behind_proxy' => 'boolean', 'memory' => 'numeric|min:1', 'memory_overallocate' => 'numeric|min:-1', 'disk' => 'numeric|min:1', @@ -166,7 +168,7 @@ class NodeRepository 'web' => [ 'listen' => $node->daemonListen, 'ssl' => [ - 'enabled' => ($node->scheme === 'https'), + 'enabled' => (! $node->behind_proxy && $node->scheme === 'https'), ], ], 'sftp' => [ diff --git a/database/migrations/2017_04_27_223629_AddAbilityToDefineConnectionOverSSLWithDaemonBehindProxy.php b/database/migrations/2017_04_27_223629_AddAbilityToDefineConnectionOverSSLWithDaemonBehindProxy.php new file mode 100644 index 000000000..f82d39258 --- /dev/null +++ b/database/migrations/2017_04_27_223629_AddAbilityToDefineConnectionOverSSLWithDaemonBehindProxy.php @@ -0,0 +1,32 @@ +boolean('behind_proxy')->after('scheme')->default(false); + }); + } + + /** + * Reverse the migrations. + * + * @return void + */ + public function down() + { + Schema::table('nodes', function (Blueprint $table) { + $table->dropColumn('behind_proxy'); + }); + } +} diff --git a/resources/themes/pterodactyl/admin/nodes/new.blade.php b/resources/themes/pterodactyl/admin/nodes/new.blade.php index eb58e32fa..98765bee0 100644 --- a/resources/themes/pterodactyl/admin/nodes/new.blade.php +++ b/resources/themes/pterodactyl/admin/nodes/new.blade.php @@ -78,19 +78,28 @@
SSL should only be disabled if this node is assigned an IP address as the FQDN and not an actual FQDN. Disabling SSL could allow a malicious user to intercept traffic between the panel and the daemon potentially exposing sensitive information.
+In most cases you should select to use a SSL connection. If using an IP Address or you do not wish to use SSL at all, select a HTTP connection.
Enter the directory where server files should be stored. If you use OVH you should check your partition scheme. You may need to use /home/daemon-data
to have enough space.
If you are running the daemon behind a proxy such as Cloudflare, select this to have the daemon skip looking for certificates on boot.
Enter the directory where server files should be stored. If you use OVH you should check your partition scheme. You may need to use /home/daemon-data
to have enough space.
You should always leave SSL enabled for nodes. Disabling SSL could allow a malicious user to intercept traffic between the panel and the daemon potentially exposing sensitive information.
+In most cases you should select to use a SSL connection. If using an IP Address or you do not wish to use SSL at all, select a HTTP connection.
+If you are running the daemon behind a proxy such as Cloudflare, select this to have the daemon skip looking for certificates on boot.