Add ability to mark a node as being over a proxy
This commit is contained in:
parent
801aae968c
commit
3ee7b7cff1
|
@ -11,6 +11,7 @@ This project follows [Semantic Versioning](http://semver.org) guidelines.
|
|||
* Added new scripts for service options that allows installation of software in a privileged Docker container on the node prior to marking a server as installed.
|
||||
* Added ability to reinstall a server using the currently assigned service and option.
|
||||
* Added ability to change a server's service and service option, as well as change pack assignments and other management services in that regard.
|
||||
* Added support for using a proxy such as Cloudflare with a node connection. Previously there was no way to tell the panel to connect over SSL without marking the Daemon as also using SSL.
|
||||
|
||||
### Changed
|
||||
* Environment setting commands now attempt to auto-quote strings with spaces in them, as well as comment lines that are edited to avoid manual changes being overwritten.
|
||||
|
|
|
@ -88,7 +88,7 @@ class NodesController extends Controller
|
|||
]),
|
||||
$request->intersect([
|
||||
'name', 'location_id', 'fqdn',
|
||||
'scheme', 'memory', 'disk',
|
||||
'scheme', 'memory', 'disk', 'behind_proxy',
|
||||
'daemonBase', 'daemonSFTP', 'daemonListen',
|
||||
])
|
||||
));
|
||||
|
@ -218,7 +218,7 @@ class NodesController extends Controller
|
|||
'public', 'disk_overallocate', 'memory_overallocate',
|
||||
]),
|
||||
$request->intersect([
|
||||
'name', 'location_id', 'fqdn',
|
||||
'name', 'location_id', 'fqdn', 'behind_proxy',
|
||||
'scheme', 'memory', 'disk', 'upload_size',
|
||||
'reset_secret', 'daemonSFTP', 'daemonListen',
|
||||
])
|
||||
|
|
|
@ -59,6 +59,7 @@ class Node extends Model
|
|||
'disk' => 'integer',
|
||||
'daemonListen' => 'integer',
|
||||
'daemonSFTP' => 'integer',
|
||||
'behind_proxy' => 'boolean',
|
||||
];
|
||||
|
||||
/**
|
||||
|
@ -68,8 +69,8 @@ class Node extends Model
|
|||
*/
|
||||
protected $fillable = [
|
||||
'public', 'name', 'location_id',
|
||||
'fqdn', 'scheme', 'memory',
|
||||
'memory_overallocate', 'disk',
|
||||
'fqdn', 'scheme', 'behind_proxy',
|
||||
'memory', 'memory_overallocate', 'disk',
|
||||
'disk_overallocate', 'upload_size',
|
||||
'daemonSecret', 'daemonBase',
|
||||
'daemonSFTP', 'daemonListen',
|
||||
|
@ -121,7 +122,7 @@ class Node extends Model
|
|||
'host' => '0.0.0.0',
|
||||
'listen' => $this->daemonListen,
|
||||
'ssl' => [
|
||||
'enabled' => $this->scheme === 'https',
|
||||
'enabled' => (! $this->behind_proxy && $this->scheme === 'https'),
|
||||
'certificate' => '/etc/letsencrypt/live/' . $this->fqdn . '/fullchain.pem',
|
||||
'key' => '/etc/letsencrypt/live/' . $this->fqdn . '/privkey.pem',
|
||||
],
|
||||
|
@ -143,7 +144,7 @@ class Node extends Model
|
|||
'count' => 3,
|
||||
],
|
||||
'remote' => [
|
||||
'base' => config('app.url'),
|
||||
'base' => route('index'),
|
||||
'download' => route('remote.download'),
|
||||
'installed' => route('remote.install'),
|
||||
],
|
||||
|
|
|
@ -52,6 +52,7 @@ class NodeRepository
|
|||
'public' => 'required|numeric|between:0,1',
|
||||
'fqdn' => 'required|string|unique:nodes,fqdn',
|
||||
'scheme' => 'required|regex:/^(http(s)?)$/',
|
||||
'behind_proxy' => 'required|boolean',
|
||||
'memory' => 'required|numeric|min:1',
|
||||
'memory_overallocate' => 'required|numeric|min:-1',
|
||||
'disk' => 'required|numeric|min:1',
|
||||
|
@ -109,6 +110,7 @@ class NodeRepository
|
|||
'public' => 'numeric|between:0,1',
|
||||
'fqdn' => 'string|unique:nodes,fqdn,' . $id,
|
||||
'scheme' => 'regex:/^(http(s)?)$/',
|
||||
'behind_proxy' => 'boolean',
|
||||
'memory' => 'numeric|min:1',
|
||||
'memory_overallocate' => 'numeric|min:-1',
|
||||
'disk' => 'numeric|min:1',
|
||||
|
@ -166,7 +168,7 @@ class NodeRepository
|
|||
'web' => [
|
||||
'listen' => $node->daemonListen,
|
||||
'ssl' => [
|
||||
'enabled' => ($node->scheme === 'https'),
|
||||
'enabled' => (! $node->behind_proxy && $node->scheme === 'https'),
|
||||
],
|
||||
],
|
||||
'sftp' => [
|
||||
|
|
|
@ -0,0 +1,32 @@
|
|||
<?php
|
||||
|
||||
use Illuminate\Support\Facades\Schema;
|
||||
use Illuminate\Database\Schema\Blueprint;
|
||||
use Illuminate\Database\Migrations\Migration;
|
||||
|
||||
class AddAbilityToDefineConnectionOverSSLWithDaemonBehindProxy extends Migration
|
||||
{
|
||||
/**
|
||||
* Run the migrations.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function up()
|
||||
{
|
||||
Schema::table('nodes', function (Blueprint $table) {
|
||||
$table->boolean('behind_proxy')->after('scheme')->default(false);
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* Reverse the migrations.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function down()
|
||||
{
|
||||
Schema::table('nodes', function (Blueprint $table) {
|
||||
$table->dropColumn('behind_proxy');
|
||||
});
|
||||
}
|
||||
}
|
|
@ -78,19 +78,28 @@
|
|||
<div>
|
||||
<div class="radio radio-success radio-inline">
|
||||
<input type="radio" id="pSSLTrue" value="https" name="scheme" checked>
|
||||
<label for="pSSLTrue"> Enable SSL </label>
|
||||
<label for="pSSLTrue"> Use SSL Connection</label>
|
||||
</div>
|
||||
<div class="radio radio-danger radio-inline">
|
||||
<input type="radio" id="pSSLFalse" value="http" name="scheme">
|
||||
<label for="pSSLFalse"> Disable SSL </label>
|
||||
<label for="pSSLFalse"> Use HTTP Connection</label>
|
||||
</div>
|
||||
</div>
|
||||
<p class="text-muted small">SSL should only be disabled if this node is assigned an IP address as the FQDN and not an actual FQDN. Disabling SSL could allow a malicious user to intercept traffic between the panel and the daemon potentially exposing sensitive information.</p>
|
||||
<p class="text-muted small">In most cases you should select to use a SSL connection. If using an IP Address or you do not wish to use SSL at all, select a HTTP connection.</p>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="pDaemonBase" class="form-label">Daemon Server File Directory</label>
|
||||
<input type="text" name="daemonBase" id="pDaemonBase" class="form-control" value="/srv/daemon-data" />
|
||||
<p class="text-muted small">Enter the directory where server files should be stored. <strong>If you use OVH you should check your partition scheme. You may need to use <code>/home/daemon-data</code> to have enough space.</strong></p>
|
||||
<label class="form-label">Behind Proxy</label>
|
||||
<div>
|
||||
<div class="radio radio-success radio-inline">
|
||||
<input type="radio" id="pProxyFalse" value="0" name="behind_proxy" checked>
|
||||
<label for="pProxyFalse"> Not Behind Proxy </label>
|
||||
</div>
|
||||
<div class="radio radio-info radio-inline">
|
||||
<input type="radio" id="pProxyTrue" value="1" name="behind_proxy">
|
||||
<label for="pProxyTrue"> Behind Proxy </label>
|
||||
</div>
|
||||
</div>
|
||||
<p class="text-muted small">If you are running the daemon behind a proxy such as Cloudflare, select this to have the daemon skip looking for certificates on boot.</p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
@ -102,6 +111,11 @@
|
|||
</div>
|
||||
<div class="box-body">
|
||||
<div class="row">
|
||||
<div class="form-group col-xs-12">
|
||||
<label for="pDaemonBase" class="form-label">Daemon Server File Directory</label>
|
||||
<input type="text" name="daemonBase" id="pDaemonBase" class="form-control" value="/srv/daemon-data" />
|
||||
<p class="text-muted small">Enter the directory where server files should be stored. <strong>If you use OVH you should check your partition scheme. You may need to use <code>/home/daemon-data</code> to have enough space.</strong></p>
|
||||
</div>
|
||||
<div class="form-group col-md-6">
|
||||
<label for="pMemory" class="form-label">Total Memory</label>
|
||||
<div class="input-group">
|
||||
|
|
|
@ -89,18 +89,33 @@
|
|||
</small></p>
|
||||
</div>
|
||||
<div class="form-group col-xs-12">
|
||||
<label for="scheme" class="control-label"><span class="label label-warning"><i class="fa fa-power-off"></i></span> Secure Socket Layer</label>
|
||||
<div class="row" style="padding: 7px 0;">
|
||||
<div class="col-xs-6">
|
||||
<input type="radio" name="scheme" value="https" id="scheme_ssl" {{ (old('scheme', $node->scheme) === 'https') ? 'checked' : '' }}/> <label for="scheme_ssl" style="padding-left: 5px;">Enable HTTPS/SSL</label>
|
||||
<label class="form-label"><span class="label label-warning"><i class="fa fa-power-off"></i></span> Communicate Over SSL</label>
|
||||
<div>
|
||||
<div class="radio radio-success radio-inline">
|
||||
<input type="radio" id="pSSLTrue" value="https" name="scheme" {{ (old('scheme', $node->scheme) === 'https') ? 'checked' : '' }}>
|
||||
<label for="pSSLTrue"> Use SSL Connection</label>
|
||||
</div>
|
||||
<div class="col-xs-6">
|
||||
<input type="radio" name="scheme" value="http" id="scheme_nossl" {{ (old('scheme', $node->scheme) === 'http') ? 'checked' : '' }}/> <label for="scheme_nossl" style="padding-left: 5px;">Disable HTTPS/SSL</label>
|
||||
<div class="radio radio-danger radio-inline">
|
||||
<input type="radio" id="pSSLFalse" value="http" name="scheme" {{ (old('scheme', $node->scheme) !== 'https') ? 'checked' : '' }}>
|
||||
<label for="pSSLFalse"> Use HTTP Connection</label>
|
||||
</div>
|
||||
</div>
|
||||
<p class="text-muted"><small>You should always leave SSL enabled for nodes. Disabling SSL could allow a malicious user to intercept traffic between the panel and the daemon potentially exposing sensitive information.</small></p>
|
||||
<p class="text-muted small">In most cases you should select to use a SSL connection. If using an IP Address or you do not wish to use SSL at all, select a HTTP connection.</p>
|
||||
</div>
|
||||
<div class="form-group col-xs-12">
|
||||
<label class="form-label"><span class="label label-warning"><i class="fa fa-power-off"></i></span> Behind Proxy</label>
|
||||
<div>
|
||||
<div class="radio radio-success radio-inline">
|
||||
<input type="radio" id="pProxyFalse" value="0" name="behind_proxy" {{ (old('behind_proxy', $node->behind_proxy) == false) ? 'checked' : '' }}>
|
||||
<label for="pProxyFalse"> Not Behind Proxy </label>
|
||||
</div>
|
||||
<div class="radio radio-info radio-inline">
|
||||
<input type="radio" id="pProxyTrue" value="1" name="behind_proxy" {{ (old('behind_proxy', $node->behind_proxy) == true) ? 'checked' : '' }}>
|
||||
<label for="pProxyTrue"> Behind Proxy </label>
|
||||
</div>
|
||||
</div>
|
||||
<p class="text-muted small">If you are running the daemon behind a proxy such as Cloudflare, select this to have the daemon skip looking for certificates on boot.</p>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
|
Loading…
Reference in New Issue