Generate Self Signed Certs

2026-04-06 00:32:12 +02:00 · 2023-01-02 11:31:50 +00:00
parent 61b27ea8c3
commit 9402ea90b7
5 changed files with 119 additions and 3 deletions
--- a/Model/Models/StatusPageDomain.ts
+++ b/Model/Models/StatusPageDomain.ts
@@ -322,4 +322,23 @@ export default class StatusPageDomain extends BaseModel {
        default: false,
    })
    public isSslProvisioned?: boolean = undefined;
+
+
+    @ColumnAccessControl({
+        create: [],
+        read: [Permission.ProjectOwner, Permission.CanReadStatusPageDomain],
+        update: [],
+    })
+    @TableColumn({
+        isDefaultValueColumn: true,
+        required: true,
+        type: TableColumnType.Boolean,
+    })
+    @Column({
+        type: ColumnType.Boolean,
+        nullable: false,
+        unique: false,
+        default: false,
+    })
+    public isSelfSignedSslGenerated?: boolean = undefined;
 }
--- a/Workers/Jobs/StatusPageCerts/StausPageCerts.ts
+++ b/Workers/Jobs/StatusPageCerts/StausPageCerts.ts
@@ -1,4 +1,4 @@
-import { EVERY_HOUR, EVERY_MINUTE } from '../../Utils/CronTime';
+import { EVERY_FIVE_MINUTE, EVERY_HOUR, EVERY_MINUTE } from '../../Utils/CronTime';
 import RunCron from '../../Utils/Cron';
 import { IsDevelopment } from 'CommonServer/Config';
 import StatusPageDomain from 'Model/Models/StatusPageDomain';
@@ -22,6 +22,7 @@ import axios, { AxiosResponse } from 'axios';
 import GreenlockCertificate from 'Model/Models/GreenlockCertificate';
 import GreenlockCertificateService from 'CommonServer/Services/GreenlockCertificateService';
 import fs from 'fs';
+import SelfSignedSSL from '../../Utils/SelfSignedSSL';

 const router: ExpressRouter = Express.getRouter();

@@ -326,8 +327,83 @@ RunCron(
    }
 );

+
 RunCron(
-    'StatusPageCerts:WriteCertsToDisk',
+    'StatusPageCerts:WriteSelfSignedCertsToDisk',
+    EVERY_FIVE_MINUTE,
+    async () => {
+        // Fetch all domains where certs are added to greenlock.
+
+        const certs: Array<GreenlockCertificate> =
+            await GreenlockCertificateService.findBy({
+                query: {},
+                select: {
+                    key: true,
+                },
+                limit: LIMIT_MAX,
+                skip: 0,
+                props: {
+                    isRoot: true,
+                },
+            });
+
+        const stausPageDomains: Array<StatusPageDomain> =
+            await StatusPageDomainService.findBy({
+                query: {
+                    isCnameVerified: true,
+                    isSelfSignedSslGenerated: false,
+                },
+                select: {
+                    fullDomain: true,
+                    _id: true,
+                },
+                limit: LIMIT_MAX,
+                skip: 0,
+                props: {
+                    isRoot: true,
+                    ignoreHooks: true,
+                },
+            });
+
+        const greenlockCertDomains: Array<string | undefined> = certs.map(
+            (cert) => {
+                return cert.key;
+            }
+        );
+
+
+        // Generate self signed certs
+        for (const domain of stausPageDomains) {
+            if (greenlockCertDomains.includes(domain.fullDomain)) {
+                continue;
+            }
+
+            if (!domain.fullDomain) {
+                continue;
+            }
+
+            await SelfSignedSSL.generate(
+                '/usr/src/Certs/StatusPageCerts',
+                domain.fullDomain
+            );
+
+            await StatusPageDomainService.updateOneById({
+                id: domain.id!,
+                data: {
+                    isSelfSignedSslGenerated: true,
+                },
+                props: {
+                    ignoreHooks: true,
+                    isRoot: true,
+                }
+            });
+        }
+    }
+);
+
+
+RunCron(
+    'StatusPageCerts:WriteGreelockCertsToDisk',
    IsDevelopment ? EVERY_MINUTE : EVERY_HOUR,
    async () => {
        // Fetch all domains where certs are added to greenlock.
@@ -347,6 +423,8 @@ RunCron(
                },
            });

+       
+
        for (const cert of certs) {
            if (!cert.isKeyPair) {
                continue;
--- a/Workers/Utils/CronTime.ts
+++ b/Workers/Utils/CronTime.ts
@@ -1,3 +1,4 @@
 export const EVERY_MINUTE: string = '* * * * *';
 export const EVERY_DAY: string = '0 8 * * *';
 export const EVERY_HOUR: string = '1 * * * *';
+export const EVERY_FIVE_MINUTE: string = '*/5 * * * *';
--- a/Workers/Utils/SelfSignedSSL.ts
+++ b/Workers/Utils/SelfSignedSSL.ts
@@ -0,0 +1,18 @@
+import { exec } from 'node:child_process';
+
+export default class SelfSignedSSL {
+    public static generate(path: string, host: string): Promise<void> {
+        return new Promise((resolve, reject) => {
+            exec(
+                `openssl req -new -x509 -nodes -subj "/C=US/ST=NY/L=NYC/O=Global Security/OU=IT Department/CN=example.com" -out ${path}/${host}.crt -keyout ${path}/${host}.key`,
+                (err) => {
+                    if (err) {
+                        return reject(err);
+                    }
+
+                    return resolve();
+                }
+            );
+        });
+    }
+}
--- a/preinstall.sh
+++ b/preinstall.sh
@@ -152,7 +152,7 @@ if test -f "$CERT"; then
    echo "SSL Certificate exists. Skipping generating a new one."
 else
    echo "SSL Certificate not found. Generating a new certificate."
-    openssl req -new -x509 -nodes -subj "/C=GB/ST=London/L=London/O=Global Security/OU=IT Department/CN=example.com" -out ./Certs/ServerCerts/Cert.crt -keyout ./Certs/ServerCerts/Key.key
+    openssl req -new -x509 -nodes -subj "/C=GB/ST=London/L=London/O=Global Security/OU=IT Department/CN=example.com" -out ./Certs/ServerCerts/Cert.crt -keyout ./Certs/ServerCerts/Key.key -days 99999
 fi

 # Create .env file if it does not exist.