pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-03-10 12:46:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

remove custom cery type form config file

Browse Source
This commit is contained in:
Pallavi Kumari
2025-10-07 12:28:29 +05:30
parent 2f1aec02f0
commit d6681733dd
3 changed files with 84 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
server/lib/readConfigFile.ts
View File

@@ -51,7 +51,6 @@ export const configSchema = z
.nonempty("base_domain must not be empty") .nonempty("base_domain must not be empty")
.transform((url) => url.toLowerCase()), .transform((url) => url.toLowerCase()),
cert_resolver: z.string().optional().default("letsencrypt"), cert_resolver: z.string().optional().default("letsencrypt"),
custom_cert_resolver: z.string().optional(),
prefer_wildcard_cert: z.boolean().optional().default(false) prefer_wildcard_cert: z.boolean().optional().default(false)
}) })
) )
@@ -188,7 +187,6 @@ export const configSchema = z
https_entrypoint: z.string().optional().default("websecure"), https_entrypoint: z.string().optional().default("websecure"),
additional_middlewares: z.array(z.string()).optional(), additional_middlewares: z.array(z.string()).optional(),
cert_resolver: z.string().optional().default("letsencrypt"), cert_resolver: z.string().optional().default("letsencrypt"),
custom_cert_resolver: z.string().optional(),
prefer_wildcard_cert: z.boolean().optional().default(false), prefer_wildcard_cert: z.boolean().optional().default(false),
certificates_path: z.string().default("/var/certificates"), certificates_path: z.string().default("/var/certificates"),
monitor_interval: z.number().default(5000), monitor_interval: z.number().default(5000),

69
server/lib/traefik/getTraefikConfig.ts
View File

@@ -248,68 +248,24 @@ export async function getTraefikConfig(
} }
const configDomain = config.getDomain(resource.domainId); const configDomain = config.getDomain(resource.domainId);
let certResolverFromConfig: string | undefined;
let preferWildcardCert = false;
const rawTraefikCfg = config.getRawConfig().traefik || {}; const rawTraefikCfg = config.getRawConfig().traefik || {};
const globalDefaultResolver: string | undefined = rawTraefikCfg.cert_resolver; const globalDefaultResolver = rawTraefikCfg.cert_resolver;
const availableResolvers = rawTraefikCfg.custom_cert_resolver
? Object.keys(rawTraefikCfg.custom_cert_resolver)
: [];
// Priority 1: Read from YAML config (if exists)
if (configDomain) {
certResolverFromConfig =
configDomain.cert_resolver ??
configDomain.custom_cert_resolver;
preferWildcardCert = !!(configDomain.prefer_wildcard_cert);
}
// Priority 2: Override with database domain settings (if exists) const domainCertResolver =
let finalCertResolver: string | undefined; resource.domainCertResolver ?? configDomain?.cert_resolver;
let finalCustomCertResolver: string | undefined; const domainCustomResolver =
resource.domainCustomCertResolver;
const preferWildcardCert =
resource.preferWildcardCert ?? configDomain?.prefer_wildcard_cert ?? false;
if (resource.domainCertResolver) {
finalCertResolver = resource.domainCertResolver;
if (resource.domainCertResolver === "custom" && resource.domainCustomCertResolver) {
finalCustomCertResolver = resource.domainCustomCertResolver;
}
} else {
// Fall back to config
finalCertResolver = certResolverFromConfig;
}
// Resolve the final resolver name
let resolverName: string | undefined; let resolverName: string | undefined;
if (finalCertResolver) { // Handle both letsencrypt & custom cases
if (finalCertResolver === "custom") { if (domainCertResolver === "custom") {
// Check database custom resolver first, then config resolverName = domainCustomResolver?.trim();
const customResolver = finalCustomCertResolver || configDomain?.custom_cert_resolver; } else if (domainCertResolver) {
resolverName = domainCertResolver;
if (customResolver && typeof customResolver === "string" && customResolver.trim()) {
resolverName = customResolver.trim();
} else {
resolverName = globalDefaultResolver;
logger.warn(
`Domain ${resource.domainId} requested custom cert resolver but none set; falling back to global resolver ${resolverName}`
);
}
} else {
// Validate against available resolvers
if (
availableResolvers.length === 0 ||
availableResolvers.includes(finalCertResolver)
) {
resolverName = finalCertResolver;
} else {
logger.warn(
`Unknown cert resolver "${finalCertResolver}" for domain ${resource.domainId}; falling back to global resolver.`
);
resolverName = globalDefaultResolver;
}
}
} else { } else {
resolverName = globalDefaultResolver; resolverName = globalDefaultResolver;
} }
@@ -327,6 +283,7 @@ export async function getTraefikConfig(
: {}) : {})
}; };
const additionalMiddlewares = const additionalMiddlewares =
config.getRawConfig().traefik.additional_middlewares || []; config.getRawConfig().traefik.additional_middlewares || [];

99
server/private/lib/traefik/getTraefikConfig.ts
View File

@@ -15,6 +15,7 @@ import {
certificates, certificates,
db, db,
domainNamespaces, domainNamespaces,
domains,
exitNodes, exitNodes,
loginPage, loginPage,
targetHealthCheck targetHealthCheck
@@ -103,11 +104,17 @@ export async function getTraefikConfig(
subnet: sites.subnet, subnet: sites.subnet,
exitNodeId: sites.exitNodeId, exitNodeId: sites.exitNodeId,
// Namespace // Namespace
domainNamespaceId: domainNamespaces.domainNamespaceId domainNamespaceId: domainNamespaces.domainNamespaceId,
// Certificate
certificateStatus: certificates.status,
domainCertResolver: domains.certResolver,
domainCustomCertResolver: domains.customCertResolver
}) })
.from(sites) .from(sites)
.innerJoin(targets, eq(targets.siteId, sites.siteId)) .innerJoin(targets, eq(targets.siteId, sites.siteId))
.innerJoin(resources, eq(resources.resourceId, targets.resourceId)) .innerJoin(resources, eq(resources.resourceId, targets.resourceId))
.leftJoin(certificates, eq(certificates.domainId, resources.domainId))
.leftJoin(domains, eq(domains.domainId, resources.domainId))
.leftJoin( .leftJoin(
targetHealthCheck, targetHealthCheck,
eq(targetHealthCheck.targetId, targets.targetId) eq(targetHealthCheck.targetId, targets.targetId)
@@ -197,7 +204,9 @@ export async function getTraefikConfig(
pathMatchType: row.pathMatchType, // the targets will all have the same pathMatchType pathMatchType: row.pathMatchType, // the targets will all have the same pathMatchType
rewritePath: row.rewritePath, rewritePath: row.rewritePath,
rewritePathType: row.rewritePathType, rewritePathType: row.rewritePathType,
priority: priority // may be null, we fallback later priority: priority, // may be null, we fallback later
domainCertResolver: row.domainCertResolver,
domainCustomCertResolver: row.domainCustomCertResolver
}); });
} }
@@ -285,6 +294,41 @@ export async function getTraefikConfig(
config_output.http.services = {}; config_output.http.services = {};
} }
const domainParts = fullDomain.split(".");
let wildCard;
if (domainParts.length <= 2) {
wildCard = `*.${domainParts.join(".")}`;
} else {
wildCard = `*.${domainParts.slice(1).join(".")}`;
}
if (!resource.subdomain) {
wildCard = resource.fullDomain;
}
const configDomain = config.getDomain(resource.domainId);
const rawTraefikCfg = config.getRawConfig().traefik || {};
const globalDefaultResolver = rawTraefikCfg.cert_resolver;
const domainCertResolver =
resource.domainCertResolver ?? configDomain?.cert_resolver;
const domainCustomResolver =
resource.domainCustomCertResolver;
const preferWildcardCert =
resource.preferWildcardCert ?? configDomain?.prefer_wildcard_cert ?? false;
let resolverName: string | undefined;
// Handle both letsencrypt & custom cases
if (domainCertResolver === "custom") {
resolverName = domainCustomResolver?.trim();
} else if (domainCertResolver) {
resolverName = domainCertResolver;
} else {
resolverName = globalDefaultResolver;
}
let tls = {}; let tls = {};
if (!privateConfig.getRawPrivateConfig().flags.use_pangolin_dns) { if (!privateConfig.getRawPrivateConfig().flags.use_pangolin_dns) {
const domainParts = fullDomain.split("."); const domainParts = fullDomain.split(".");
@@ -312,16 +356,16 @@ export async function getTraefikConfig(
} }
tls = { tls = {
certResolver: certResolver, certResolver: resolverName,
...(preferWildcardCert ...(preferWildcardCert
? { ? {
domains: [ domains: [
{ {
main: wildCard main: wildCard,
} },
] ],
} }
: {}) : {}),
}; };
} else { } else {
// find a cert that matches the full domain, if not continue // find a cert that matches the full domain, if not continue
@@ -573,14 +617,14 @@ export async function getTraefikConfig(
})(), })(),
...(resource.stickySession ...(resource.stickySession
? { ? {
sticky: { sticky: {
cookie: { cookie: {
name: "p_sticky", // TODO: make this configurable via config.yml like other cookies name: "p_sticky", // TODO: make this configurable via config.yml like other cookies
secure: resource.ssl, secure: resource.ssl,
httpOnly: true httpOnly: true
} }
} }
} }
: {}) : {})
} }
}; };
@@ -681,13 +725,13 @@ export async function getTraefikConfig(
})(), })(),
...(resource.stickySession ...(resource.stickySession
? { ? {
sticky: { sticky: {
ipStrategy: { ipStrategy: {
depth: 0, depth: 0,
sourcePort: true sourcePort: true
} }
} }
} }
: {}) : {})
} }
}; };
@@ -735,10 +779,9 @@ export async function getTraefikConfig(
loadBalancer: { loadBalancer: {
servers: [ servers: [
{ {
url: `http://${ url: `http://${config.getRawConfig().server
config.getRawConfig().server
.internal_hostname .internal_hostname
}:${config.getRawConfig().server.next_port}` }:${config.getRawConfig().server.next_port}`
} }
] ]
} }