Home Explore Help
Register Sign In
Apq
/
nginx-proxy-manager
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: 8d98a417c5
Branches Tags
nginx-proxy-man...
/
backend
/
setup.js

setup.js 6.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231 
  1. const fs                  = require('fs');
    2. 

  2. const NodeRSA             = require('node-rsa');
    3. 

  3. const config              = require('config');
    4. 

  4. const logger              = require('./logger').setup;
    5. 

  5. const certificateModel    = require('./models/certificate');
    6. 

  6. const userModel           = require('./models/user');
    7. 

  7. const userPermissionModel = require('./models/user_permission');
    8. 

  8. const utils               = require('./lib/utils');
    9. 

  9. const authModel           = require('./models/auth');
    10. 

  10. const settingModel        = require('./models/setting');
    11. 

  11. const dns_plugins         = require('./global/certbot-dns-plugins');
    12. 

  12. const debug_mode          = process.env.NODE_ENV !== 'production' || !!process.env.DEBUG;
    13. 

  13. 

  14. /**
    15. 

  15.  * Creates a new JWT RSA Keypair if not alread set on the config
    16. 

  16.  *
    17. 

  17.  * @returns {Promise}
    18. 

  18.  */
    19. 

  19. const setupJwt = () => {
    20. 

  20. 	return new Promise((resolve, reject) => {
    21. 

  21. 		// Now go and check if the jwt gpg keys have been created and if not, create them
    22. 

  22. 		if (!config.has('jwt') || !config.has('jwt.key') || !config.has('jwt.pub')) {
    23. 

  23. 			logger.info('Creating a new JWT key pair...');
    24. 

  24. 

  25. 			// jwt keys are not configured properly
    26. 

  26. 			const filename  = config.util.getEnv('NODE_CONFIG_DIR') + '/' + (config.util.getEnv('NODE_ENV') || 'default') + '.json';
    27. 

  27. 			let config_data = {};
    28. 

  28. 

  29. 			try {
    30. 

  30. 				config_data = require(filename);
    31. 

  31. 			} catch (err) {
    32. 

  32. 				// do nothing
    33. 

  33. 				if (debug_mode) {
    34. 

  34. 					logger.debug(filename + ' config file could not be required');
    35. 

  35. 				}
    36. 

  36. 			}
    37. 

  37. 

  38. 			// Now create the keys and save them in the config.
    39. 

  39. 			let key = new NodeRSA({ b: 2048 });
    40. 

  40. 			key.generateKeyPair();
    41. 

  41. 

  42. 			config_data.jwt = {
    43. 

  43. 				key: key.exportKey('private').toString(),
    44. 

  44. 				pub: key.exportKey('public').toString(),
    45. 

  45. 			};
    46. 

  46. 

  47. 			// Write config
    48. 

  48. 			fs.writeFile(filename, JSON.stringify(config_data, null, 2), (err) => {
    49. 

  49. 				if (err) {
    50. 

  50. 					logger.error('Could not write JWT key pair to config file: ' + filename);
    51. 

  51. 					reject(err);
    52. 

  52. 				} else {
    53. 

  53. 					logger.info('Wrote JWT key pair to config file: ' + filename);
    54. 

  54. 					delete require.cache[require.resolve('config')];
    55. 

  55. 					resolve();
    56. 

  56. 				}
    57. 

  57. 			});
    58. 

  58. 		} else {
    59. 

  59. 			// JWT key pair exists
    60. 

  60. 			if (debug_mode) {
    61. 

  61. 				logger.debug('JWT Keypair already exists');
    62. 

  62. 			}
    63. 

  63. 

  64. 			resolve();
    65. 

  65. 		}
    66. 

  66. 	});
    67. 

  67. };
    68. 

  68. 

  69. /**
    70. 

  70.  * Creates a default admin users if one doesn't already exist in the database
    71. 

  71.  *
    72. 

  72.  * @returns {Promise}
    73. 

  73.  */
    74. 

  74. const setupDefaultUser = () => {
    75. 

  75. 	return userModel
    76. 

  76. 		.query()
    77. 

  77. 		.select(userModel.raw('COUNT(`id`) as `count`'))
    78. 

  78. 		.where('is_deleted', 0)
    79. 

  79. 		.first()
    80. 

  80. 		.then((row) => {
    81. 

  81. 			if (!row.count) {
    82. 

  82. 				// Create a new user and set password
    83. 

  83. 				logger.info('Creating a new user: [email protected] with password: changeme');
    84. 

  84. 

  85. 				let data = {
    86. 

  86. 					is_deleted: 0,
    87. 

  87. 					email:      '[email protected]',
    88. 

  88. 					name:       'Administrator',
    89. 

  89. 					nickname:   'Admin',
    90. 

  90. 					avatar:     '',
    91. 

  91. 					roles:      ['admin'],
    92. 

  92. 				};
    93. 

  93. 

  94. 				return userModel
    95. 

  95. 					.query()
    96. 

  96. 					.insertAndFetch(data)
    97. 

  97. 					.then((user) => {
    98. 

  98. 						return authModel
    99. 

  99. 							.query()
    100. 

  100. 							.insert({
    101. 

  101. 								user_id: user.id,
    102. 

  102. 								type:    'password',
    103. 

  103. 								secret:  'changeme',
    104. 

  104. 								meta:    {},
    105. 

  105. 							})
    106. 

  106. 							.then(() => {
    107. 

  107. 								return userPermissionModel.query().insert({
    108. 

  108. 									user_id:           user.id,
    109. 

  109. 									visibility:        'all',
    110. 

  110. 									proxy_hosts:       'manage',
    111. 

  111. 									redirection_hosts: 'manage',
    112. 

  112. 									dead_hosts:        'manage',
    113. 

  113. 									streams:           'manage',
    114. 

  114. 									access_lists:      'manage',
    115. 

  115. 									certificates:      'manage',
    116. 

  116. 								});
    117. 

  117. 							});
    118. 

  118. 					})
    119. 

  119. 					.then(() => {
    120. 

  120. 						logger.info('Initial admin setup completed');
    121. 

  121. 					});
    122. 

  122. 			} else if (debug_mode) {
    123. 

  123. 				logger.debug('Admin user setup not required');
    124. 

  124. 			}
    125. 

  125. 		});
    126. 

  126. };
    127. 

  127. 

  128. /**
    129. 

  129.  * Creates default settings if they don't already exist in the database
    130. 

  130.  *
    131. 

  131.  * @returns {Promise}
    132. 

  132.  */
    133. 

  133. const setupDefaultSettings = () => {
    134. 

  134. 	return settingModel
    135. 

  135. 		.query()
    136. 

  136. 		.select(settingModel.raw('COUNT(`id`) as `count`'))
    137. 

  137. 		.where({id: 'default-site'})
    138. 

  138. 		.first()
    139. 

  139. 		.then((row) => {
    140. 

  140. 			if (!row.count) {
    141. 

  141. 				settingModel
    142. 

  142. 					.query()
    143. 

  143. 					.insert({
    144. 

  144. 						id:          'default-site',
    145. 

  145. 						name:        'Default Site',
    146. 

  146. 						description: 'What to show when Nginx is hit with an unknown Host',
    147. 

  147. 						value:       'congratulations',
    148. 

  148. 						meta:        {},
    149. 

  149. 					})
    150. 

  150. 					.then(() => {
    151. 

  151. 						logger.info('Default settings added');
    152. 

  152. 					});
    153. 

  153. 			}
    154. 

  154. 			if (debug_mode) {
    155. 

  155. 				logger.debug('Default setting setup not required');
    156. 

  156. 			}
    157. 

  157. 		});
    158. 

  158. };
    159. 

  159. 

  160. /**
    161. 

  161.  * Installs all Certbot plugins which are required for an installed certificate
    162. 

  162.  *
    163. 

  163.  * @returns {Promise}
    164. 

  164.  */
    165. 

  165. const setupCertbotPlugins = () => {
    166. 

  166. 	return certificateModel
    167. 

  167. 		.query()
    168. 

  168. 		.where('is_deleted', 0)
    169. 

  169. 		.andWhere('provider', 'letsencrypt')
    170. 

  170. 		.then((certificates) => {
    171. 

  171. 			if (certificates && certificates.length) {
    172. 

  172. 				let plugins  = [];
    173. 

  173. 				let promises = [];
    174. 

  174. 

  175. 				certificates.map(function (certificate) {
    176. 

  176. 					if (certificate.meta && certificate.meta.dns_challenge === true) {
    177. 

  177. 						const dns_plugin          = dns_plugins[certificate.meta.dns_provider];
    178. 

  178. 						const packages_to_install = `${dns_plugin.package_name}${dns_plugin.version_requirement || ''} ${dns_plugin.dependencies}`;
    179. 

  179. 

  180. 						if (plugins.indexOf(packages_to_install) === -1) plugins.push(packages_to_install);
    181. 

  181. 

  182. 						// Make sure credentials file exists
    183. 

  183. 						const credentials_loc = '/etc/letsencrypt/credentials/credentials-' + certificate.id; 
    184. 

  184. 						const credentials_cmd = '[ -f \'' + credentials_loc + '\' ] || { mkdir -p /etc/letsencrypt/credentials 2> /dev/null; echo \'' + certificate.meta.dns_provider_credentials.replace('\'', '\\\'') + '\' > \'' + credentials_loc + '\' && chmod 600 \'' + credentials_loc + '\'; }';
    185. 

  185. 						promises.push(utils.exec(credentials_cmd));
    186. 

  186. 					}
    187. 

  187. 				});
    188. 

  188. 

  189. 				if (plugins.length) {
    190. 

  190. 					const install_cmd = 'pip install ' + plugins.join(' ');
    191. 

  191. 					promises.push(utils.exec(install_cmd));
    192. 

  192. 				}
    193. 

  193. 

  194. 				if (promises.length) {
    195. 

  195. 					return Promise.all(promises)
    196. 

  196. 						.then(() => { 
    197. 

  197. 							logger.info('Added Certbot plugins ' + plugins.join(', ')); 
    198. 

  198. 						});
    199. 

  199. 				}
    200. 

  200. 			}
    201. 

  201. 		});
    202. 

  202. };
    203. 

  203. 

  204. 

  205. /**
    206. 

  206.  * Starts a timer to call run the logrotation binary every two days
    207. 

  207.  * @returns {Promise}
    208. 

  208.  */
    209. 

  209. const setupLogrotation = () => {
    210. 

  210. 	const intervalTimeout = 1000 * 60 * 60 * 24 * 2; // 2 days
    211. 

  211. 

  212. 	const runLogrotate = async () => {
    213. 

  213. 		try {
    214. 

  214. 			await utils.exec('logrotate /etc/logrotate.d/nginx-proxy-manager');
    215. 

  215. 			logger.info('Logrotate completed.');
    216. 

  216. 		} catch (e) { logger.warn(e); }
    217. 

  217. 	};
    218. 

  218. 

  219. 	logger.info('Logrotate Timer initialized');
    220. 

  220. 	setInterval(runLogrotate, intervalTimeout);
    221. 

  221. 	// And do this now as well
    222. 

  222. 	return runLogrotate();
    223. 

  223. };
    224. 

  224. 

  225. module.exports = function () {
    226. 

  226. 	return setupJwt()
    227. 

  227. 		.then(setupDefaultUser)
    228. 

  228. 		.then(setupDefaultSettings)
    229. 

  229. 		.then(setupCertbotPlugins)
    230. 

  230. 		.then(setupLogrotation);
    231. 

  231. };
    232.