mirror of
https://github.com/0xJacky/nginx-ui.git
synced 2025-05-12 10:55:51 +02:00
fix: certificate dir cannot be created in some windows-docker setup #403
This commit is contained in:
Jacky
parent
805934567a
commit
11e460765a
2 changed files with 68 additions and 31 deletions
|
|
@ -3,13 +3,11 @@ package certificate
|
||||||
import (
|
import (
|
||||||
"github.com/0xJacky/Nginx-UI/internal/cert"
|
"github.com/0xJacky/Nginx-UI/internal/cert"
|
||||||
"github.com/0xJacky/Nginx-UI/internal/logger"
|
"github.com/0xJacky/Nginx-UI/internal/logger"
|
||||||
"github.com/0xJacky/Nginx-UI/internal/nginx"
|
|
||||||
"github.com/0xJacky/Nginx-UI/model"
|
"github.com/0xJacky/Nginx-UI/model"
|
||||||
"github.com/gin-gonic/gin"
|
"github.com/gin-gonic/gin"
|
||||||
"github.com/go-acme/lego/v4/certcrypto"
|
"github.com/go-acme/lego/v4/certcrypto"
|
||||||
"github.com/gorilla/websocket"
|
"github.com/gorilla/websocket"
|
||||||
"net/http"
|
"net/http"
|
||||||
"strings"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
|
@ -71,7 +69,6 @@ func IssueCert(c *gin.Context) {
|
||||||
payload := &cert.ConfigPayload{}
|
payload := &cert.ConfigPayload{}
|
||||||
|
|
||||||
err = ws.ReadJSON(payload)
|
err = ws.ReadJSON(payload)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Error(err)
|
logger.Error(err)
|
||||||
return
|
return
|
||||||
|
|
@ -122,14 +119,10 @@ func IssueCert(c *gin.Context) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
certDirName := strings.Join(payload.ServerName, "_") + "_" + string(payload.GetKeyType())
|
|
||||||
sslCertificatePath := nginx.GetConfPath("ssl", certDirName, "fullchain.cer")
|
|
||||||
sslCertificateKeyPath := nginx.GetConfPath("ssl", certDirName, "private.key")
|
|
||||||
|
|
||||||
err = certModel.Updates(&model.Cert{
|
err = certModel.Updates(&model.Cert{
|
||||||
Domains: payload.ServerName,
|
Domains: payload.ServerName,
|
||||||
SSLCertificatePath: sslCertificatePath,
|
SSLCertificatePath: payload.GetCertificatePath(),
|
||||||
SSLCertificateKeyPath: sslCertificateKeyPath,
|
SSLCertificateKeyPath: payload.GetCertificateKeyPath(),
|
||||||
AutoCert: model.AutoCertEnabled,
|
AutoCert: model.AutoCertEnabled,
|
||||||
KeyType: payload.KeyType,
|
KeyType: payload.KeyType,
|
||||||
ChallengeMethod: payload.ChallengeMethod,
|
ChallengeMethod: payload.ChallengeMethod,
|
||||||
|
|
@ -152,8 +145,8 @@ func IssueCert(c *gin.Context) {
|
||||||
err = ws.WriteJSON(IssueCertResponse{
|
err = ws.WriteJSON(IssueCertResponse{
|
||||||
Status: Success,
|
Status: Success,
|
||||||
Message: "Issued certificate successfully",
|
Message: "Issued certificate successfully",
|
||||||
SSLCertificate: sslCertificatePath,
|
SSLCertificate: payload.GetCertificatePath(),
|
||||||
SSLCertificateKey: sslCertificateKeyPath,
|
SSLCertificateKey: payload.GetCertificateKeyPath(),
|
||||||
KeyType: payload.GetKeyType(),
|
KeyType: payload.GetKeyType(),
|
||||||
})
|
})
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -23,7 +23,10 @@ type ConfigPayload struct {
|
||||||
ACMEUserID int `json:"acme_user_id"`
|
ACMEUserID int `json:"acme_user_id"`
|
||||||
KeyType certcrypto.KeyType `json:"key_type"`
|
KeyType certcrypto.KeyType `json:"key_type"`
|
||||||
Resource *model.CertificateResource `json:"resource,omitempty"`
|
Resource *model.CertificateResource `json:"resource,omitempty"`
|
||||||
NotBefore time.Time
|
NotBefore time.Time `json:"-"`
|
||||||
|
CertificateDir string `json:"-"`
|
||||||
|
SSLCertificatePath string `json:"-"`
|
||||||
|
SSLCertificateKeyPath string `json:"-"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *ConfigPayload) GetACMEUser() (user *model.AcmeUser, err error) {
|
func (c *ConfigPayload) GetACMEUser() (user *model.AcmeUser, err error) {
|
||||||
|
|
@ -46,21 +49,38 @@ func (c *ConfigPayload) GetKeyType() certcrypto.KeyType {
|
||||||
return helper.GetKeyType(c.KeyType)
|
return helper.GetKeyType(c.KeyType)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *ConfigPayload) WriteFile(l *log.Logger, errChan chan error) {
|
func (c *ConfigPayload) mkCertificateDir() (err error) {
|
||||||
name := strings.Join(c.ServerName, "_")
|
dir := c.getCertificateDirPath()
|
||||||
saveDir := nginx.GetConfPath("ssl/" + name + "_" + string(c.KeyType))
|
if _, err = os.Stat(dir); os.IsNotExist(err) {
|
||||||
if _, err := os.Stat(saveDir); os.IsNotExist(err) {
|
err = os.MkdirAll(dir, 0755)
|
||||||
err = os.MkdirAll(saveDir, 0755)
|
if err == nil {
|
||||||
if err != nil {
|
return nil
|
||||||
errChan <- errors.Wrap(err, "mkdir error")
|
|
||||||
return
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// For windows, replace # with * (issue #403)
|
||||||
|
c.CertificateDir = strings.ReplaceAll(c.CertificateDir, "#", "*")
|
||||||
|
if _, err = os.Stat(c.CertificateDir); os.IsNotExist(err) {
|
||||||
|
err = os.MkdirAll(c.CertificateDir, 0755)
|
||||||
|
if err == nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *ConfigPayload) WriteFile(l *log.Logger, errChan chan error) {
|
||||||
|
err := c.mkCertificateDir()
|
||||||
|
if err != nil {
|
||||||
|
errChan <- errors.Wrap(err, "make certificate dir error")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
// Each certificate comes back with the cert bytes, the bytes of the client's
|
// Each certificate comes back with the cert bytes, the bytes of the client's
|
||||||
// private key, and a certificate URL. SAVE THESE TO DISK.
|
// private key, and a certificate URL. SAVE THESE TO DISK.
|
||||||
l.Println("[INFO] [Nginx UI] Writing certificate to disk")
|
l.Println("[INFO] [Nginx UI] Writing certificate to disk")
|
||||||
err := os.WriteFile(filepath.Join(saveDir, "fullchain.cer"),
|
err = os.WriteFile(c.GetCertificatePath(),
|
||||||
c.Resource.Certificate, 0644)
|
c.Resource.Certificate, 0644)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
@ -69,7 +89,7 @@ func (c *ConfigPayload) WriteFile(l *log.Logger, errChan chan error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
l.Println("[INFO] [Nginx UI] Writing certificate private key to disk")
|
l.Println("[INFO] [Nginx UI] Writing certificate private key to disk")
|
||||||
err = os.WriteFile(filepath.Join(saveDir, "private.key"),
|
err = os.WriteFile(c.GetCertificateKeyPath(),
|
||||||
c.Resource.PrivateKey, 0644)
|
c.Resource.PrivateKey, 0644)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
@ -84,7 +104,31 @@ func (c *ConfigPayload) WriteFile(l *log.Logger, errChan chan error) {
|
||||||
|
|
||||||
db := model.UseDB()
|
db := model.UseDB()
|
||||||
db.Where("id = ?", c.CertID).Updates(&model.Cert{
|
db.Where("id = ?", c.CertID).Updates(&model.Cert{
|
||||||
SSLCertificatePath: filepath.Join(saveDir, "fullchain.cer"),
|
SSLCertificatePath: c.GetCertificatePath(),
|
||||||
SSLCertificateKeyPath: filepath.Join(saveDir, "private.key"),
|
SSLCertificateKeyPath: c.GetCertificateKeyPath(),
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (c *ConfigPayload) getCertificateDirPath() string {
|
||||||
|
if c.CertificateDir != "" {
|
||||||
|
return c.CertificateDir
|
||||||
|
}
|
||||||
|
c.CertificateDir = nginx.GetConfPath("ssl", strings.Join(c.ServerName, "_")+"_"+string(c.GetKeyType()))
|
||||||
|
return c.CertificateDir
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *ConfigPayload) GetCertificatePath() string {
|
||||||
|
if c.SSLCertificatePath != "" {
|
||||||
|
return c.SSLCertificatePath
|
||||||
|
}
|
||||||
|
c.SSLCertificatePath = filepath.Join(c.getCertificateDirPath(), "fullchain.cer")
|
||||||
|
return c.SSLCertificatePath
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *ConfigPayload) GetCertificateKeyPath() string {
|
||||||
|
if c.SSLCertificateKeyPath != "" {
|
||||||
|
return c.SSLCertificateKeyPath
|
||||||
|
}
|
||||||
|
c.SSLCertificateKeyPath = filepath.Join(c.getCertificateDirPath(), "private.key")
|
||||||
|
return c.SSLCertificateKeyPath
|
||||||
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue