mirror of
https://github.com/fosrl/pangolin.git
synced 2026-01-28 22:00:51 +00:00
remove custom cery type form config file
This commit is contained in:
Pallavi Kumari
@@ -51,7 +51,6 @@ export const configSchema = z
|
||||
.nonempty("base_domain must not be empty")
|
||||
.transform((url) => url.toLowerCase()),
|
||||
cert_resolver: z.string().optional().default("letsencrypt"),
|
||||
custom_cert_resolver: z.string().optional(),
|
||||
prefer_wildcard_cert: z.boolean().optional().default(false)
|
||||
})
|
||||
)
|
||||
@@ -188,7 +187,6 @@ export const configSchema = z
|
||||
https_entrypoint: z.string().optional().default("websecure"),
|
||||
additional_middlewares: z.array(z.string()).optional(),
|
||||
cert_resolver: z.string().optional().default("letsencrypt"),
|
||||
custom_cert_resolver: z.string().optional(),
|
||||
prefer_wildcard_cert: z.boolean().optional().default(false),
|
||||
certificates_path: z.string().default("/var/certificates"),
|
||||
monitor_interval: z.number().default(5000),
|
||||
|
||||
@@ -248,68 +248,24 @@ export async function getTraefikConfig(
|
||||
}
|
||||
|
||||
const configDomain = config.getDomain(resource.domainId);
|
||||
|
||||
let certResolverFromConfig: string | undefined;
|
||||
let preferWildcardCert = false;
|
||||
|
||||
const rawTraefikCfg = config.getRawConfig().traefik || {};
|
||||
const globalDefaultResolver: string | undefined = rawTraefikCfg.cert_resolver;
|
||||
const availableResolvers = rawTraefikCfg.custom_cert_resolver
|
||||
? Object.keys(rawTraefikCfg.custom_cert_resolver)
|
||||
: [];
|
||||
const globalDefaultResolver = rawTraefikCfg.cert_resolver;
|
||||
|
||||
// Priority 1: Read from YAML config (if exists)
|
||||
if (configDomain) {
|
||||
certResolverFromConfig =
|
||||
configDomain.cert_resolver ??
|
||||
configDomain.custom_cert_resolver;
|
||||
preferWildcardCert = !!(configDomain.prefer_wildcard_cert);
|
||||
}
|
||||
|
||||
// Priority 2: Override with database domain settings (if exists)
|
||||
let finalCertResolver: string | undefined;
|
||||
let finalCustomCertResolver: string | undefined;
|
||||
const domainCertResolver =
|
||||
resource.domainCertResolver ?? configDomain?.cert_resolver;
|
||||
const domainCustomResolver =
|
||||
resource.domainCustomCertResolver;
|
||||
const preferWildcardCert =
|
||||
resource.preferWildcardCert ?? configDomain?.prefer_wildcard_cert ?? false;
|
||||
|
||||
if (resource.domainCertResolver) {
|
||||
finalCertResolver = resource.domainCertResolver;
|
||||
if (resource.domainCertResolver === "custom" && resource.domainCustomCertResolver) {
|
||||
finalCustomCertResolver = resource.domainCustomCertResolver;
|
||||
}
|
||||
} else {
|
||||
// Fall back to config
|
||||
finalCertResolver = certResolverFromConfig;
|
||||
}
|
||||
|
||||
// Resolve the final resolver name
|
||||
let resolverName: string | undefined;
|
||||
|
||||
if (finalCertResolver) {
|
||||
if (finalCertResolver === "custom") {
|
||||
// Check database custom resolver first, then config
|
||||
const customResolver = finalCustomCertResolver || configDomain?.custom_cert_resolver;
|
||||
|
||||
if (customResolver && typeof customResolver === "string" && customResolver.trim()) {
|
||||
resolverName = customResolver.trim();
|
||||
} else {
|
||||
resolverName = globalDefaultResolver;
|
||||
logger.warn(
|
||||
`Domain ${resource.domainId} requested custom cert resolver but none set; falling back to global resolver ${resolverName}`
|
||||
);
|
||||
}
|
||||
} else {
|
||||
// Validate against available resolvers
|
||||
if (
|
||||
availableResolvers.length === 0 ||
|
||||
availableResolvers.includes(finalCertResolver)
|
||||
) {
|
||||
resolverName = finalCertResolver;
|
||||
} else {
|
||||
logger.warn(
|
||||
`Unknown cert resolver "${finalCertResolver}" for domain ${resource.domainId}; falling back to global resolver.`
|
||||
);
|
||||
resolverName = globalDefaultResolver;
|
||||
}
|
||||
}
|
||||
// Handle both letsencrypt & custom cases
|
||||
if (domainCertResolver === "custom") {
|
||||
resolverName = domainCustomResolver?.trim();
|
||||
} else if (domainCertResolver) {
|
||||
resolverName = domainCertResolver;
|
||||
} else {
|
||||
resolverName = globalDefaultResolver;
|
||||
}
|
||||
@@ -327,6 +283,7 @@ export async function getTraefikConfig(
|
||||
: {})
|
||||
};
|
||||
|
||||
|
||||
const additionalMiddlewares =
|
||||
config.getRawConfig().traefik.additional_middlewares || [];
|
||||
|
||||
|
||||
@@ -15,6 +15,7 @@ import {
|
||||
certificates,
|
||||
db,
|
||||
domainNamespaces,
|
||||
domains,
|
||||
exitNodes,
|
||||
loginPage,
|
||||
targetHealthCheck
|
||||
@@ -103,11 +104,17 @@ export async function getTraefikConfig(
|
||||
subnet: sites.subnet,
|
||||
exitNodeId: sites.exitNodeId,
|
||||
// Namespace
|
||||
domainNamespaceId: domainNamespaces.domainNamespaceId
|
||||
domainNamespaceId: domainNamespaces.domainNamespaceId,
|
||||
// Certificate
|
||||
certificateStatus: certificates.status,
|
||||
domainCertResolver: domains.certResolver,
|
||||
domainCustomCertResolver: domains.customCertResolver
|
||||
})
|
||||
.from(sites)
|
||||
.innerJoin(targets, eq(targets.siteId, sites.siteId))
|
||||
.innerJoin(resources, eq(resources.resourceId, targets.resourceId))
|
||||
.leftJoin(certificates, eq(certificates.domainId, resources.domainId))
|
||||
.leftJoin(domains, eq(domains.domainId, resources.domainId))
|
||||
.leftJoin(
|
||||
targetHealthCheck,
|
||||
eq(targetHealthCheck.targetId, targets.targetId)
|
||||
@@ -197,7 +204,9 @@ export async function getTraefikConfig(
|
||||
pathMatchType: row.pathMatchType, // the targets will all have the same pathMatchType
|
||||
rewritePath: row.rewritePath,
|
||||
rewritePathType: row.rewritePathType,
|
||||
priority: priority // may be null, we fallback later
|
||||
priority: priority, // may be null, we fallback later
|
||||
domainCertResolver: row.domainCertResolver,
|
||||
domainCustomCertResolver: row.domainCustomCertResolver
|
||||
});
|
||||
}
|
||||
|
||||
@@ -285,6 +294,41 @@ export async function getTraefikConfig(
|
||||
config_output.http.services = {};
|
||||
}
|
||||
|
||||
const domainParts = fullDomain.split(".");
|
||||
let wildCard;
|
||||
if (domainParts.length <= 2) {
|
||||
wildCard = `*.${domainParts.join(".")}`;
|
||||
} else {
|
||||
wildCard = `*.${domainParts.slice(1).join(".")}`;
|
||||
}
|
||||
|
||||
if (!resource.subdomain) {
|
||||
wildCard = resource.fullDomain;
|
||||
}
|
||||
|
||||
const configDomain = config.getDomain(resource.domainId);
|
||||
const rawTraefikCfg = config.getRawConfig().traefik || {};
|
||||
const globalDefaultResolver = rawTraefikCfg.cert_resolver;
|
||||
|
||||
|
||||
const domainCertResolver =
|
||||
resource.domainCertResolver ?? configDomain?.cert_resolver;
|
||||
const domainCustomResolver =
|
||||
resource.domainCustomCertResolver;
|
||||
const preferWildcardCert =
|
||||
resource.preferWildcardCert ?? configDomain?.prefer_wildcard_cert ?? false;
|
||||
|
||||
let resolverName: string | undefined;
|
||||
|
||||
// Handle both letsencrypt & custom cases
|
||||
if (domainCertResolver === "custom") {
|
||||
resolverName = domainCustomResolver?.trim();
|
||||
} else if (domainCertResolver) {
|
||||
resolverName = domainCertResolver;
|
||||
} else {
|
||||
resolverName = globalDefaultResolver;
|
||||
}
|
||||
|
||||
let tls = {};
|
||||
if (!privateConfig.getRawPrivateConfig().flags.use_pangolin_dns) {
|
||||
const domainParts = fullDomain.split(".");
|
||||
@@ -312,16 +356,16 @@ export async function getTraefikConfig(
|
||||
}
|
||||
|
||||
tls = {
|
||||
certResolver: certResolver,
|
||||
certResolver: resolverName,
|
||||
...(preferWildcardCert
|
||||
? {
|
||||
domains: [
|
||||
{
|
||||
main: wildCard
|
||||
}
|
||||
]
|
||||
}
|
||||
: {})
|
||||
domains: [
|
||||
{
|
||||
main: wildCard,
|
||||
},
|
||||
],
|
||||
}
|
||||
: {}),
|
||||
};
|
||||
} else {
|
||||
// find a cert that matches the full domain, if not continue
|
||||
@@ -573,14 +617,14 @@ export async function getTraefikConfig(
|
||||
})(),
|
||||
...(resource.stickySession
|
||||
? {
|
||||
sticky: {
|
||||
cookie: {
|
||||
name: "p_sticky", // TODO: make this configurable via config.yml like other cookies
|
||||
secure: resource.ssl,
|
||||
httpOnly: true
|
||||
}
|
||||
}
|
||||
}
|
||||
sticky: {
|
||||
cookie: {
|
||||
name: "p_sticky", // TODO: make this configurable via config.yml like other cookies
|
||||
secure: resource.ssl,
|
||||
httpOnly: true
|
||||
}
|
||||
}
|
||||
}
|
||||
: {})
|
||||
}
|
||||
};
|
||||
@@ -681,13 +725,13 @@ export async function getTraefikConfig(
|
||||
})(),
|
||||
...(resource.stickySession
|
||||
? {
|
||||
sticky: {
|
||||
ipStrategy: {
|
||||
depth: 0,
|
||||
sourcePort: true
|
||||
}
|
||||
}
|
||||
}
|
||||
sticky: {
|
||||
ipStrategy: {
|
||||
depth: 0,
|
||||
sourcePort: true
|
||||
}
|
||||
}
|
||||
}
|
||||
: {})
|
||||
}
|
||||
};
|
||||
@@ -735,10 +779,9 @@ export async function getTraefikConfig(
|
||||
loadBalancer: {
|
||||
servers: [
|
||||
{
|
||||
url: `http://${
|
||||
config.getRawConfig().server
|
||||
url: `http://${config.getRawConfig().server
|
||||
.internal_hostname
|
||||
}:${config.getRawConfig().server.next_port}`
|
||||
}:${config.getRawConfig().server.next_port}`
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user