From 76eb74b182c27f3459f5b1abe099aa1ac9637232 Mon Sep 17 00:00:00 2001 From: Torsten Dittmann Date: Tue, 2 Feb 2021 15:48:07 +0100 Subject: [PATCH 1/2] adapt ssl issuing for swoole --- app/config/variables.php | 8 ++++++++ app/controllers/api/projects.php | 4 ++-- app/controllers/general.php | 2 +- app/workers/certificates.php | 10 +++++----- src/Appwrite/Utopia/Response/Model/Domain.php | 6 ++++++ 5 files changed, 22 insertions(+), 8 deletions(-) diff --git a/app/config/variables.php b/app/config/variables.php index 5a5e0e951b..6d7efcfc99 100644 --- a/app/config/variables.php +++ b/app/config/variables.php @@ -103,6 +103,14 @@ return [ 'required' => false, 'question' => '', ], + [ + 'name' => '_APP_SYSTEM_SECURITY_EMAIL_ADDRESS', + 'description' => 'This is the email address that used to issue SSL certificates for the domains or the user agent in webhooks. The default value is \'security@localhost.test\'.', + 'introduction' => '0.7.0', + 'default' => 'security@localhost.test', + 'required' => false, + 'question' => '', + ], [ 'name' => '_APP_USAGE_STATS', 'description' => 'This variable allows you to disable the collection and displaying of usage stats. This value is set to \'enabled\' by default, to disable the usage stats set the value to \'disabled\'. When disabled, it\'s recommended to turn off the Worker Usage, Influxdb and Telegraf containers for better resource usage.', diff --git a/app/controllers/api/projects.php b/app/controllers/api/projects.php index 0b22e40614..04ff453830 100644 --- a/app/controllers/api/projects.php +++ b/app/controllers/api/projects.php @@ -1397,7 +1397,7 @@ App::post('/v1/projects/:projectId/domains') $target = new Domain(App::getEnv('_APP_DOMAIN_TARGET', '')); if (!$target->isKnown() || $target->isTest()) { - throw new Exception('Unreachable CNAME target ('.$target->get().'), plesse use a domain with a public suffix.', 500); + throw new Exception('Unreachable CNAME target ('.$target->get().'), please use a domain with a public suffix.', 500); } $domain = new Domain($domain); @@ -1528,7 +1528,7 @@ App::patch('/v1/projects/:projectId/domains/:domainId/verification') $target = new Domain(App::getEnv('_APP_DOMAIN_TARGET', '')); if (!$target->isKnown() || $target->isTest()) { - throw new Exception('Unreachable CNAME target ('.$target->get().'), plesse use a domain with a public suffix.', 500); + throw new Exception('Unreachable CNAME target ('.$target->get().'), please use a domain with a public suffix.', 500); } if ($domain->getAttribute('verification') === true) { diff --git a/app/controllers/general.php b/app/controllers/general.php index f5a3c09c9b..3d9ed7a7e9 100644 --- a/app/controllers/general.php +++ b/app/controllers/general.php @@ -388,7 +388,7 @@ App::get('/.well-known/acme-challenge') ->inject('response') ->action(function ($request, $response) { $base = \realpath(APP_STORAGE_CERTIFICATES); - $path = \str_replace('/.well-known/acme-challenge/', '', $request->getParam('q')); + $path = \str_replace('/.well-known/acme-challenge/', '', $request->getURI()); $absolute = \realpath($base.'/.well-known/acme-challenge/'.$path); if (!$base) { diff --git a/app/workers/certificates.php b/app/workers/certificates.php index a072897d82..938a987ea8 100644 --- a/app/workers/certificates.php +++ b/app/workers/certificates.php @@ -73,7 +73,7 @@ class CertificatesV1 $target = new Domain(App::getEnv('_APP_DOMAIN_TARGET', '')); if(!$target->isKnown() || $target->isTest()) { - throw new Exception('Unreachable CNAME target ('.$target->get().'), plesse use a domain with a public suffix.'); + throw new Exception('Unreachable CNAME target ('.$target->get().'), please use a domain with a public suffix.'); } } @@ -111,10 +111,10 @@ class CertificatesV1 $staging = (App::isProduction()) ? '' : ' --dry-run'; - $response = \shell_exec("certbot certonly --webroot --noninteractive --agree-tos{$staging} \ - --email ".App::getEnv('_APP_SYSTEM_SECURITY_EMAIL_ADDRESS', 'security@localhost.test')." \ - -w ".APP_STORAGE_CERTIFICATES." \ - -d {$domain->get()}"); + $response = \shell_exec("certbot certonly --webroot --noninteractive --agree-tos{$staging}" + ." --email ".App::getEnv('_APP_SYSTEM_SECURITY_EMAIL_ADDRESS', 'security@localhost.test') + ." -w ".APP_STORAGE_CERTIFICATES + ." -d {$domain->get()}"); if(!$response) { throw new Exception('Failed to issue a certificate'); diff --git a/src/Appwrite/Utopia/Response/Model/Domain.php b/src/Appwrite/Utopia/Response/Model/Domain.php index 46aff1a567..fb56312871 100644 --- a/src/Appwrite/Utopia/Response/Model/Domain.php +++ b/src/Appwrite/Utopia/Response/Model/Domain.php @@ -45,6 +45,12 @@ class Domain extends Model 'default' => false, 'example' => true, ]) + ->addRule('certificateId', [ + 'type' => self::TYPE_STRING, + 'description' => 'Certificate ID.', + 'default' => '', + 'example' => '6ejea5c13377e', + ]) ; } From 7d96186fa9db80dc851192602e25bc2ee9cf25c6 Mon Sep 17 00:00:00 2001 From: Torsten Dittmann Date: Tue, 2 Feb 2021 15:55:50 +0100 Subject: [PATCH 2/2] fixes typos --- app/config/variables.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/config/variables.php b/app/config/variables.php index 6d7efcfc99..ce251e375f 100644 --- a/app/config/variables.php +++ b/app/config/variables.php @@ -105,7 +105,7 @@ return [ ], [ 'name' => '_APP_SYSTEM_SECURITY_EMAIL_ADDRESS', - 'description' => 'This is the email address that used to issue SSL certificates for the domains or the user agent in webhooks. The default value is \'security@localhost.test\'.', + 'description' => 'This is the email address used to issue SSL certificates for custom domains or the user agent in webhooks. The default value is \'security@localhost.test\'.', 'introduction' => '0.7.0', 'default' => 'security@localhost.test', 'required' => false,