diff --git a/app/Actions/Database/StartDragonfly.php b/app/Actions/Database/StartDragonfly.php index 99bb5fa89..882ed3c2e 100644 --- a/app/Actions/Database/StartDragonfly.php +++ b/app/Actions/Database/StartDragonfly.php @@ -36,9 +36,7 @@ class StartDragonfly if (! $this->database->enable_ssl) { $this->commands[] = "rm -rf $this->configuration_dir/ssl"; - SslCertificate::where('resource_type', $this->database->getMorphClass()) - ->where('resource_id', $this->database->id) - ->delete(); + $this->database->sslCertificates()->delete(); $this->database->fileStorages() ->where('resource_type', $this->database->getMorphClass()) ->where('resource_id', $this->database->id) @@ -59,9 +57,7 @@ class StartDragonfly $server = $this->database->destination->server; $caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first(); - $this->ssl_certificate = SslCertificate::where('resource_type', $this->database->getMorphClass()) - ->where('resource_id', $this->database->id) - ->first(); + $this->ssl_certificate = $this->database->sslCertificates()->first(); if (! $this->ssl_certificate) { $this->commands[] = "echo 'No SSL certificate found, generating new SSL certificate for this database.'"; diff --git a/app/Actions/Database/StartKeydb.php b/app/Actions/Database/StartKeydb.php index 8ec076dd2..311b5094a 100644 --- a/app/Actions/Database/StartKeydb.php +++ b/app/Actions/Database/StartKeydb.php @@ -37,9 +37,7 @@ class StartKeydb if (! $this->database->enable_ssl) { $this->commands[] = "rm -rf $this->configuration_dir/ssl"; - SslCertificate::where('resource_type', $this->database->getMorphClass()) - ->where('resource_id', $this->database->id) - ->delete(); + $this->database->sslCertificates()->delete(); $this->database->fileStorages() ->where('resource_type', $this->database->getMorphClass()) ->where('resource_id', $this->database->id) @@ -60,9 +58,7 @@ class StartKeydb $server = $this->database->destination->server; $caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first(); - $this->ssl_certificate = SslCertificate::where('resource_type', $this->database->getMorphClass()) - ->where('resource_id', $this->database->id) - ->first(); + $this->ssl_certificate = $this->database->sslCertificates()->first(); if (! $this->ssl_certificate) { $this->commands[] = "echo 'No SSL certificate found, generating new SSL certificate for this database.'"; diff --git a/app/Actions/Database/StartMariadb.php b/app/Actions/Database/StartMariadb.php index 87185d064..14df9b017 100644 --- a/app/Actions/Database/StartMariadb.php +++ b/app/Actions/Database/StartMariadb.php @@ -37,9 +37,7 @@ class StartMariadb if (! $this->database->enable_ssl) { $this->commands[] = "rm -rf $this->configuration_dir/ssl"; - SslCertificate::where('resource_type', $this->database->getMorphClass()) - ->where('resource_id', $this->database->id) - ->delete(); + $this->database->sslCertificates()->delete(); $this->database->fileStorages() ->where('resource_type', $this->database->getMorphClass()) @@ -61,7 +59,7 @@ class StartMariadb $server = $this->database->destination->server; $caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first(); - $this->ssl_certificate = SslCertificate::where('resource_type', $this->database->getMorphClass())->where('resource_id', $this->database->id)->first(); + $this->ssl_certificate = $this->database->sslCertificates()->first(); if (! $this->ssl_certificate) { $this->commands[] = "echo 'No SSL certificate found, generating new SSL certificate for this database.'"; diff --git a/app/Actions/Database/StartMongodb.php b/app/Actions/Database/StartMongodb.php index 250cb321d..3ea8287ac 100644 --- a/app/Actions/Database/StartMongodb.php +++ b/app/Actions/Database/StartMongodb.php @@ -42,9 +42,7 @@ class StartMongodb if (! $this->database->enable_ssl) { $this->commands[] = "rm -rf $this->configuration_dir/ssl"; - SslCertificate::where('resource_type', $this->database->getMorphClass()) - ->where('resource_id', $this->database->id) - ->delete(); + $this->database->sslCertificates()->delete(); $this->database->fileStorages() ->where('resource_type', $this->database->getMorphClass()) @@ -65,7 +63,7 @@ class StartMongodb $server = $this->database->destination->server; $caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first(); - $this->ssl_certificate = SslCertificate::where('resource_type', $this->database->getMorphClass())->where('resource_id', $this->database->id)->first(); + $this->ssl_certificate = $this->database->sslCertificates()->first(); if (! $this->ssl_certificate) { $this->commands[] = "echo 'No SSL certificate found, generating new SSL certificate for this database.'"; diff --git a/app/Actions/Database/StartMysql.php b/app/Actions/Database/StartMysql.php index 2a9e37f9c..a2e08c316 100644 --- a/app/Actions/Database/StartMysql.php +++ b/app/Actions/Database/StartMysql.php @@ -37,9 +37,7 @@ class StartMysql if (! $this->database->enable_ssl) { $this->commands[] = "rm -rf $this->configuration_dir/ssl"; - SslCertificate::where('resource_type', $this->database->getMorphClass()) - ->where('resource_id', $this->database->id) - ->delete(); + $this->database->sslCertificates()->delete(); $this->database->fileStorages() ->where('resource_type', $this->database->getMorphClass()) @@ -61,7 +59,7 @@ class StartMysql $server = $this->database->destination->server; $caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first(); - $this->ssl_certificate = SslCertificate::where('resource_type', $this->database->getMorphClass())->where('resource_id', $this->database->id)->first(); + $this->ssl_certificate = $this->database->sslCertificates()->first(); if (! $this->ssl_certificate) { $this->commands[] = "echo 'No SSL certificate found, generating new SSL certificate for this database.'"; diff --git a/app/Actions/Database/StartPostgresql.php b/app/Actions/Database/StartPostgresql.php index 8f4bcb0d9..97e565ec8 100644 --- a/app/Actions/Database/StartPostgresql.php +++ b/app/Actions/Database/StartPostgresql.php @@ -42,9 +42,7 @@ class StartPostgresql if (! $this->database->enable_ssl) { $this->commands[] = "rm -rf $this->configuration_dir/ssl"; - SslCertificate::where('resource_type', $this->database->getMorphClass()) - ->where('resource_id', $this->database->id) - ->delete(); + $this->database->sslCertificates()->delete(); $this->database->fileStorages() ->where('resource_type', $this->database->getMorphClass()) @@ -66,7 +64,7 @@ class StartPostgresql $server = $this->database->destination->server; $caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first(); - $this->ssl_certificate = SslCertificate::where('resource_type', $this->database->getMorphClass())->where('resource_id', $this->database->id)->first(); + $this->ssl_certificate = $this->database->sslCertificates()->first(); if (! $this->ssl_certificate) { $this->commands[] = "echo 'No SSL certificate found, generating new SSL certificate for this database.'"; diff --git a/app/Actions/Database/StartRedis.php b/app/Actions/Database/StartRedis.php index edc7e0cce..9e7a2a084 100644 --- a/app/Actions/Database/StartRedis.php +++ b/app/Actions/Database/StartRedis.php @@ -37,9 +37,7 @@ class StartRedis if (! $this->database->enable_ssl) { $this->commands[] = "rm -rf $this->configuration_dir/ssl"; - SslCertificate::where('resource_type', $this->database->getMorphClass()) - ->where('resource_id', $this->database->id) - ->delete(); + $this->database->sslCertificates()->delete(); $this->database->fileStorages() ->where('resource_type', $this->database->getMorphClass()) ->where('resource_id', $this->database->id) @@ -60,7 +58,7 @@ class StartRedis $server = $this->database->destination->server; $caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first(); - $this->ssl_certificate = SslCertificate::where('resource_type', $this->database->getMorphClass())->where('resource_id', $this->database->id)->first(); + $this->ssl_certificate = $this->database->sslCertificates()->first(); if (! $this->ssl_certificate) { $this->commands[] = "echo 'No SSL certificate found, generating new SSL certificate for this database.'"; diff --git a/app/Actions/Server/InstallDocker.php b/app/Actions/Server/InstallDocker.php index bbb3ea066..5410b1cbd 100644 --- a/app/Actions/Server/InstallDocker.php +++ b/app/Actions/Server/InstallDocker.php @@ -25,7 +25,7 @@ class InstallDocker commonName: 'Coolify CA Certificate', serverId: $server->id, isCaCertificate: true, - validityDays: 15 * 365 + validityDays: 10 * 365 ); $caCertPath = config('constants.coolify.base_config_path').'/ssl/'; diff --git a/app/Jobs/RegenerateSslCertJob.php b/app/Jobs/RegenerateSslCertJob.php index 3e4bf9070..0570227b6 100644 --- a/app/Jobs/RegenerateSslCertJob.php +++ b/app/Jobs/RegenerateSslCertJob.php @@ -17,6 +17,10 @@ class RegenerateSslCertJob implements ShouldQueue { use Dispatchable, InteractsWithQueue, Queueable, SerializesModels; + public $tries = 3; + + public $backoff = 60; + public function __construct( protected ?Team $team = null, protected ?int $server_id = null, @@ -37,17 +41,13 @@ class RegenerateSslCertJob implements ShouldQueue $query->where('is_ca_certificate', false); - $certificates = $query->get(); - - if ($certificates->isEmpty()) { - return; - } - $regenerated = collect(); - foreach ($certificates as $certificate) { + $query->cursor()->each(function ($certificate) use ($regenerated) { try { - $caCert = SslCertificate::where('server_id', $certificate->server_id)->where('is_ca_certificate', true)->first(); + $caCert = SslCertificate::where('server_id', $certificate->server_id) + ->where('is_ca_certificate', true) + ->first(); SSLHelper::generateSslCertificate( commonName: $certificate->common_name, @@ -64,7 +64,7 @@ class RegenerateSslCertJob implements ShouldQueue } catch (\Exception $e) { Log::error('Failed to regenerate SSL certificate: '.$e->getMessage()); } - } + }); if ($regenerated->isNotEmpty()) { $this->team?->notify(new SslExpirationNotification($regenerated)); diff --git a/app/Livewire/Project/Database/Dragonfly/General.php b/app/Livewire/Project/Database/Dragonfly/General.php index bd04e4d38..51f8b5a66 100644 --- a/app/Livewire/Project/Database/Dragonfly/General.php +++ b/app/Livewire/Project/Database/Dragonfly/General.php @@ -8,6 +8,7 @@ use App\Helpers\SslHelper; use App\Models\Server; use App\Models\SslCertificate; use App\Models\StandaloneDragonfly; +use Carbon\Carbon; use Exception; use Illuminate\Support\Facades\Auth; use Livewire\Attributes\Validate; @@ -52,7 +53,7 @@ class General extends Component #[Validate(['nullable', 'boolean'])] public bool $isLogDrainEnabled = false; - public $certificateValidUntil = null; + public ?Carbon $certificateValidUntil = null; #[Validate(['nullable', 'boolean'])] public bool $enable_ssl = false; @@ -72,9 +73,7 @@ class General extends Component $this->syncData(); $this->server = data_get($this->database, 'destination.server'); - $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass()) - ->where('resource_id', $this->database->id) - ->first(); + $existingCert = $this->database->sslCertificates()->first(); if ($existingCert) { $this->certificateValidUntil = $existingCert->valid_until; @@ -205,10 +204,7 @@ class General extends Component public function regenerateSslCertificate() { try { - $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass()) - ->where('resource_id', $this->database->id) - ->where('server_id', $this->server->id) - ->first(); + $existingCert = $this->database->sslCertificates()->first(); if (! $existingCert) { $this->dispatch('error', 'No existing SSL certificate found for this database.'); diff --git a/app/Livewire/Project/Database/Keydb/General.php b/app/Livewire/Project/Database/Keydb/General.php index fd7737343..213b0d2d3 100644 --- a/app/Livewire/Project/Database/Keydb/General.php +++ b/app/Livewire/Project/Database/Keydb/General.php @@ -8,6 +8,7 @@ use App\Helpers\SslHelper; use App\Models\Server; use App\Models\SslCertificate; use App\Models\StandaloneKeydb; +use Carbon\Carbon; use Exception; use Illuminate\Support\Facades\Auth; use Livewire\Attributes\Validate; @@ -55,7 +56,7 @@ class General extends Component #[Validate(['nullable', 'boolean'])] public bool $isLogDrainEnabled = false; - public $certificateValidUntil = null; + public ?Carbon $certificateValidUntil = null; #[Validate(['boolean'])] public bool $enable_ssl = false; @@ -75,9 +76,7 @@ class General extends Component $this->syncData(); $this->server = data_get($this->database, 'destination.server'); - $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass()) - ->where('resource_id', $this->database->id) - ->first(); + $existingCert = $this->database->sslCertificates()->first(); if ($existingCert) { $this->certificateValidUntil = $existingCert->valid_until; @@ -210,10 +209,7 @@ class General extends Component public function regenerateSslCertificate() { try { - $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass()) - ->where('resource_id', $this->database->id) - ->where('server_id', $this->server->id) - ->first(); + $existingCert = $this->database->sslCertificates()->first(); if (! $existingCert) { $this->dispatch('error', 'No existing SSL certificate found for this database.'); diff --git a/app/Livewire/Project/Database/Mariadb/General.php b/app/Livewire/Project/Database/Mariadb/General.php index a963e0ca3..b0c4f5d3e 100644 --- a/app/Livewire/Project/Database/Mariadb/General.php +++ b/app/Livewire/Project/Database/Mariadb/General.php @@ -8,6 +8,7 @@ use App\Helpers\SslHelper; use App\Models\Server; use App\Models\SslCertificate; use App\Models\StandaloneMariadb; +use Carbon\Carbon; use Exception; use Livewire\Component; @@ -23,7 +24,7 @@ class General extends Component public ?string $db_url_public = null; - public $certificateValidUntil = null; + public ?Carbon $certificateValidUntil = null; protected $rules = [ 'database.name' => 'required', @@ -64,9 +65,7 @@ class General extends Component $this->db_url_public = $this->database->external_db_url; $this->server = data_get($this->database, 'destination.server'); - $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass()) - ->where('resource_id', $this->database->id) - ->first(); + $existingCert = $this->database->sslCertificates()->first(); if ($existingCert) { $this->certificateValidUntil = $existingCert->valid_until; @@ -155,10 +154,7 @@ class General extends Component public function regenerateSslCertificate() { try { - $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass()) - ->where('resource_id', $this->database->id) - ->where('server_id', $this->server->id) - ->first(); + $existingCert = $this->database->sslCertificates()->first(); if (! $existingCert) { $this->dispatch('error', 'No existing SSL certificate found for this database.'); diff --git a/app/Livewire/Project/Database/Mongodb/General.php b/app/Livewire/Project/Database/Mongodb/General.php index 526aae9ea..28be1c69d 100644 --- a/app/Livewire/Project/Database/Mongodb/General.php +++ b/app/Livewire/Project/Database/Mongodb/General.php @@ -8,6 +8,7 @@ use App\Helpers\SslHelper; use App\Models\Server; use App\Models\SslCertificate; use App\Models\StandaloneMongodb; +use Carbon\Carbon; use Exception; use Livewire\Component; @@ -23,7 +24,7 @@ class General extends Component public ?string $db_url_public = null; - public $certificateValidUntil = null; + public ?Carbon $certificateValidUntil = null; protected $rules = [ 'database.name' => 'required', @@ -64,9 +65,7 @@ class General extends Component $this->db_url_public = $this->database->external_db_url; $this->server = data_get($this->database, 'destination.server'); - $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass()) - ->where('resource_id', $this->database->id) - ->first(); + $existingCert = $this->database->sslCertificates()->first(); if ($existingCert) { $this->certificateValidUntil = $existingCert->valid_until; @@ -159,10 +158,7 @@ class General extends Component public function regenerateSslCertificate() { try { - $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass()) - ->where('resource_id', $this->database->id) - ->where('server_id', $this->server->id) - ->first(); + $existingCert = $this->database->sslCertificates()->first(); if (! $existingCert) { $this->dispatch('error', 'No existing SSL certificate found for this database.'); diff --git a/app/Livewire/Project/Database/Mysql/General.php b/app/Livewire/Project/Database/Mysql/General.php index ad19db2a3..3e164d885 100644 --- a/app/Livewire/Project/Database/Mysql/General.php +++ b/app/Livewire/Project/Database/Mysql/General.php @@ -8,6 +8,7 @@ use App\Helpers\SslHelper; use App\Models\Server; use App\Models\SslCertificate; use App\Models\StandaloneMysql; +use Carbon\Carbon; use Exception; use Livewire\Component; @@ -23,7 +24,7 @@ class General extends Component public ?string $db_url_public = null; - public $certificateValidUntil = null; + public ?Carbon $certificateValidUntil = null; protected $rules = [ 'database.name' => 'required', @@ -66,9 +67,7 @@ class General extends Component $this->db_url_public = $this->database->external_db_url; $this->server = data_get($this->database, 'destination.server'); - $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass()) - ->where('resource_id', $this->database->id) - ->first(); + $existingCert = $this->database->sslCertificates()->first(); if ($existingCert) { $this->certificateValidUntil = $existingCert->valid_until; @@ -158,10 +157,7 @@ class General extends Component public function regenerateSslCertificate() { try { - $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass()) - ->where('resource_id', $this->database->id) - ->where('server_id', $this->server->id) - ->first(); + $existingCert = $this->database->sslCertificates()->first(); if (! $existingCert) { $this->dispatch('error', 'No existing SSL certificate found for this database.'); diff --git a/app/Livewire/Project/Database/Postgresql/General.php b/app/Livewire/Project/Database/Postgresql/General.php index f5ea25865..881c74d53 100644 --- a/app/Livewire/Project/Database/Postgresql/General.php +++ b/app/Livewire/Project/Database/Postgresql/General.php @@ -8,6 +8,7 @@ use App\Helpers\SslHelper; use App\Models\Server; use App\Models\SslCertificate; use App\Models\StandalonePostgresql; +use Carbon\Carbon; use Exception; use Livewire\Component; @@ -25,7 +26,7 @@ class General extends Component public ?string $db_url_public = null; - public $certificateValidUntil = null; + public ?Carbon $certificateValidUntil = null; public function getListeners() { @@ -81,9 +82,7 @@ class General extends Component $this->db_url_public = $this->database->external_db_url; $this->server = data_get($this->database, 'destination.server'); - $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass()) - ->where('resource_id', $this->database->id) - ->first(); + $existingCert = $this->database->sslCertificates()->first(); if ($existingCert) { $this->certificateValidUntil = $existingCert->valid_until; @@ -122,10 +121,7 @@ class General extends Component public function regenerateSslCertificate() { try { - $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass()) - ->where('resource_id', $this->database->id) - ->where('server_id', $this->server->id) - ->first(); + $existingCert = $this->database->sslCertificates()->first(); if (! $existingCert) { $this->dispatch('error', 'No existing SSL certificate found for this database.'); diff --git a/app/Livewire/Project/Database/Redis/General.php b/app/Livewire/Project/Database/Redis/General.php index ea896e294..a3916277d 100644 --- a/app/Livewire/Project/Database/Redis/General.php +++ b/app/Livewire/Project/Database/Redis/General.php @@ -8,6 +8,7 @@ use App\Helpers\SslHelper; use App\Models\Server; use App\Models\SslCertificate; use App\Models\StandaloneRedis; +use Carbon\Carbon; use Exception; use Livewire\Component; @@ -32,7 +33,7 @@ class General extends Component public ?string $db_url_public = null; - public $certificateValidUntil = null; + public ?Carbon $certificateValidUntil = null; protected $rules = [ 'database.name' => 'required', @@ -67,9 +68,7 @@ class General extends Component { $this->server = data_get($this->database, 'destination.server'); $this->refreshView(); - $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass()) - ->where('resource_id', $this->database->id) - ->first(); + $existingCert = $this->database->sslCertificates()->first(); if ($existingCert) { $this->certificateValidUntil = $existingCert->valid_until; @@ -163,10 +162,7 @@ class General extends Component public function regenerateSslCertificate() { try { - $existingCert = SslCertificate::where('resource_type', $this->database->getMorphClass()) - ->where('resource_id', $this->database->id) - ->where('server_id', $this->server->id) - ->first(); + $existingCert = $this->database->sslCertificates()->first(); if (! $existingCert) { $this->dispatch('error', 'No existing SSL certificate found for this database.'); diff --git a/app/Livewire/Server/Advanced.php b/app/Livewire/Server/Advanced.php index 497ec697e..b2b8b1518 100644 --- a/app/Livewire/Server/Advanced.php +++ b/app/Livewire/Server/Advanced.php @@ -6,6 +6,7 @@ use App\Helpers\SslHelper; use App\Jobs\RegenerateSslCertJob; use App\Models\Server; use App\Models\SslCertificate; +use Carbon\Carbon; use Livewire\Attributes\Validate; use Livewire\Component; @@ -19,7 +20,7 @@ class Advanced extends Component public $certificateContent = ''; - public $certificateValidUntil = null; + public ?Carbon $certificateValidUntil = null; public array $parameters = []; @@ -99,7 +100,7 @@ class Advanced extends Component commonName: 'Coolify CA Certificate', serverId: $this->server->id, isCaCertificate: true, - validityDays: 15 * 365 + validityDays: 10 * 365 ); $this->loadCaCertificate(); diff --git a/app/Models/StandaloneClickhouse.php b/app/Models/StandaloneClickhouse.php index 2f86c2060..bc1f9b4b3 100644 --- a/app/Models/StandaloneClickhouse.php +++ b/app/Models/StandaloneClickhouse.php @@ -223,7 +223,12 @@ class StandaloneClickhouse extends BaseModel protected function internalDbUrl(): Attribute { return new Attribute( - get: fn () => "clickhouse://{$this->clickhouse_admin_user}:{$this->clickhouse_admin_password}@{$this->uuid}:9000/{$this->clickhouse_db}", + get: function () { + $encodedUser = rawurlencode($this->clickhouse_admin_user); + $encodedPass = rawurlencode($this->clickhouse_admin_password); + + return "clickhouse://{$encodedUser}:{$encodedPass}@{$this->uuid}:9000/{$this->clickhouse_db}"; + }, ); } @@ -232,7 +237,10 @@ class StandaloneClickhouse extends BaseModel return new Attribute( get: function () { if ($this->is_public && $this->public_port) { - return "clickhouse://{$this->clickhouse_admin_user}:{$this->clickhouse_admin_password}@{$this->destination->server->getIp}:{$this->public_port}/{$this->clickhouse_db}"; + $encodedUser = rawurlencode($this->clickhouse_admin_user); + $encodedPass = rawurlencode($this->clickhouse_admin_password); + + return "clickhouse://{$encodedUser}:{$encodedPass}@{$this->destination->server->getIp}:{$this->public_port}/{$this->clickhouse_db}"; } return null; diff --git a/app/Models/StandaloneDragonfly.php b/app/Models/StandaloneDragonfly.php index 3aaedfc52..a14c5e378 100644 --- a/app/Models/StandaloneDragonfly.php +++ b/app/Models/StandaloneDragonfly.php @@ -226,7 +226,8 @@ class StandaloneDragonfly extends BaseModel get: function () { $scheme = $this->enable_ssl ? 'rediss' : 'redis'; $port = $this->enable_ssl ? 6380 : 6379; - $url = "{$scheme}://:{$this->dragonfly_password}@{$this->uuid}:{$port}/0"; + $encodedPass = rawurlencode($this->dragonfly_password); + $url = "{$scheme}://:{$encodedPass}@{$this->uuid}:{$port}/0"; if ($this->enable_ssl && $this->ssl_mode === 'verify-ca') { $url .= '?cacert=/etc/ssl/certs/coolify-ca.crt'; @@ -243,7 +244,8 @@ class StandaloneDragonfly extends BaseModel get: function () { if ($this->is_public && $this->public_port) { $scheme = $this->enable_ssl ? 'rediss' : 'redis'; - $url = "{$scheme}://:{$this->dragonfly_password}@{$this->destination->server->getIp}:{$this->public_port}/0"; + $encodedPass = rawurlencode($this->dragonfly_password); + $url = "{$scheme}://:{$encodedPass}@{$this->destination->server->getIp}:{$this->public_port}/0"; if ($this->enable_ssl && $this->ssl_mode === 'verify-ca') { $url .= '?cacert=/etc/ssl/certs/coolify-ca.crt'; diff --git a/app/Models/StandaloneKeydb.php b/app/Models/StandaloneKeydb.php index af95d58e5..2d3aea755 100644 --- a/app/Models/StandaloneKeydb.php +++ b/app/Models/StandaloneKeydb.php @@ -226,7 +226,8 @@ class StandaloneKeydb extends BaseModel get: function () { $scheme = $this->enable_ssl ? 'rediss' : 'redis'; $port = $this->enable_ssl ? 6380 : 6379; - $url = "{$scheme}://:{$this->keydb_password}@{$this->uuid}:{$port}/0"; + $encodedPass = rawurlencode($this->keydb_password); + $url = "{$scheme}://:{$encodedPass}@{$this->uuid}:{$port}/0"; if ($this->enable_ssl && $this->ssl_mode === 'verify-ca') { $url .= '?cacert=/etc/ssl/certs/coolify-ca.crt'; @@ -243,7 +244,8 @@ class StandaloneKeydb extends BaseModel get: function () { if ($this->is_public && $this->public_port) { $scheme = $this->enable_ssl ? 'rediss' : 'redis'; - $url = "{$scheme}://:{$this->keydb_password}@{$this->destination->server->getIp}:{$this->public_port}/0"; + $encodedPass = rawurlencode($this->keydb_password); + $url = "{$scheme}://:{$encodedPass}@{$this->destination->server->getIp}:{$this->public_port}/0"; if ($this->enable_ssl && $this->ssl_mode === 'verify-ca') { $url .= '?cacert=/etc/ssl/certs/coolify-ca.crt'; diff --git a/app/Models/StandaloneMariadb.php b/app/Models/StandaloneMariadb.php index 523fde3c5..7549ace3e 100644 --- a/app/Models/StandaloneMariadb.php +++ b/app/Models/StandaloneMariadb.php @@ -218,7 +218,12 @@ class StandaloneMariadb extends BaseModel protected function internalDbUrl(): Attribute { return new Attribute( - get: fn () => "mysql://{$this->mariadb_user}:{$this->mariadb_password}@{$this->uuid}:3306/{$this->mariadb_database}", + get: function () { + $encodedUser = rawurlencode($this->mariadb_user); + $encodedPass = rawurlencode($this->mariadb_password); + + return "mysql://{$encodedUser}:{$encodedPass}@{$this->uuid}:3306/{$this->mariadb_database}"; + }, ); } @@ -227,7 +232,10 @@ class StandaloneMariadb extends BaseModel return new Attribute( get: function () { if ($this->is_public && $this->public_port) { - return "mysql://{$this->mariadb_user}:{$this->mariadb_password}@{$this->destination->server->getIp}:{$this->public_port}/{$this->mariadb_database}"; + $encodedUser = rawurlencode($this->mariadb_user); + $encodedPass = rawurlencode($this->mariadb_password); + + return "mysql://{$encodedUser}:{$encodedPass}@{$this->destination->server->getIp}:{$this->public_port}/{$this->mariadb_database}"; } return null; diff --git a/app/Models/StandaloneMongodb.php b/app/Models/StandaloneMongodb.php index 0367b8650..1b181e7d5 100644 --- a/app/Models/StandaloneMongodb.php +++ b/app/Models/StandaloneMongodb.php @@ -244,13 +244,14 @@ class StandaloneMongodb extends BaseModel { return new Attribute( get: function () { - $url = "mongodb://{$this->mongo_initdb_root_username}:{$this->mongo_initdb_root_password}@{$this->uuid}:27017/?directConnection=true"; + $encodedUser = rawurlencode($this->mongo_initdb_root_username); + $encodedPass = rawurlencode($this->mongo_initdb_root_password); + $url = "mongodb://{$encodedUser}:{$encodedPass}@{$this->uuid}:27017/?directConnection=true"; if ($this->enable_ssl) { $url .= '&tls=true'; if (in_array($this->ssl_mode, ['verify-full'])) { $url .= '&tlsCAFile=/etc/ssl/certs/coolify-ca.crt'; } - } return $url; @@ -263,7 +264,9 @@ class StandaloneMongodb extends BaseModel return new Attribute( get: function () { if ($this->is_public && $this->public_port) { - $url = "mongodb://{$this->mongo_initdb_root_username}:{$this->mongo_initdb_root_password}@{$this->destination->server->getIp}:{$this->public_port}/?directConnection=true"; + $encodedUser = rawurlencode($this->mongo_initdb_root_username); + $encodedPass = rawurlencode($this->mongo_initdb_root_password); + $url = "mongodb://{$encodedUser}:{$encodedPass}@{$this->destination->server->getIp}:{$this->public_port}/?directConnection=true"; if ($this->enable_ssl) { $url .= '&tls=true'; if (in_array($this->ssl_mode, ['verify-full'])) { diff --git a/app/Models/StandaloneMysql.php b/app/Models/StandaloneMysql.php index cf45df578..dbb5b1ae6 100644 --- a/app/Models/StandaloneMysql.php +++ b/app/Models/StandaloneMysql.php @@ -225,7 +225,9 @@ class StandaloneMysql extends BaseModel { return new Attribute( get: function () { - $url = "mysql://{$this->mysql_user}:{$this->mysql_password}@{$this->uuid}:3306/{$this->mysql_database}"; + $encodedUser = rawurlencode($this->mysql_user); + $encodedPass = rawurlencode($this->mysql_password); + $url = "mysql://{$encodedUser}:{$encodedPass}@{$this->uuid}:3306/{$this->mysql_database}"; if ($this->enable_ssl) { $url .= "?ssl-mode={$this->ssl_mode}"; if (in_array($this->ssl_mode, ['VERIFY_CA', 'VERIFY_IDENTITY'])) { @@ -243,7 +245,9 @@ class StandaloneMysql extends BaseModel return new Attribute( get: function () { if ($this->is_public && $this->public_port) { - $url = "mysql://{$this->mysql_user}:{$this->mysql_password}@{$this->destination->server->getIp}:{$this->public_port}/{$this->mysql_database}"; + $encodedUser = rawurlencode($this->mysql_user); + $encodedPass = rawurlencode($this->mysql_password); + $url = "mysql://{$encodedUser}:{$encodedPass}@{$this->destination->server->getIp}:{$this->public_port}/{$this->mysql_database}"; if ($this->enable_ssl) { $url .= "?ssl-mode={$this->ssl_mode}"; if (in_array($this->ssl_mode, ['VERIFY_CA', 'VERIFY_IDENTITY'])) { diff --git a/app/Models/StandalonePostgresql.php b/app/Models/StandalonePostgresql.php index 51b9d2c31..a74d567a0 100644 --- a/app/Models/StandalonePostgresql.php +++ b/app/Models/StandalonePostgresql.php @@ -220,7 +220,9 @@ class StandalonePostgresql extends BaseModel { return new Attribute( get: function () { - $url = "postgres://{$this->postgres_user}:{$this->postgres_password}@{$this->uuid}:5432/{$this->postgres_db}"; + $encodedUser = rawurlencode($this->postgres_user); + $encodedPass = rawurlencode($this->postgres_password); + $url = "postgres://{$encodedUser}:{$encodedPass}@{$this->uuid}:5432/{$this->postgres_db}"; if ($this->enable_ssl) { $url .= "?sslmode={$this->ssl_mode}"; if (in_array($this->ssl_mode, ['verify-ca', 'verify-full'])) { @@ -238,7 +240,9 @@ class StandalonePostgresql extends BaseModel return new Attribute( get: function () { if ($this->is_public && $this->public_port) { - $url = "postgres://{$this->postgres_user}:{$this->postgres_password}@{$this->destination->server->getIp}:{$this->public_port}/{$this->postgres_db}"; + $encodedUser = rawurlencode($this->postgres_user); + $encodedPass = rawurlencode($this->postgres_password); + $url = "postgres://{$encodedUser}:{$encodedPass}@{$this->destination->server->getIp}:{$this->public_port}/{$this->postgres_db}"; if ($this->enable_ssl) { $url .= "?sslmode={$this->ssl_mode}"; if (in_array($this->ssl_mode, ['verify-ca', 'verify-full'])) { diff --git a/app/Models/StandaloneRedis.php b/app/Models/StandaloneRedis.php index 2b565aa4f..b40d8bb9d 100644 --- a/app/Models/StandaloneRedis.php +++ b/app/Models/StandaloneRedis.php @@ -221,10 +221,11 @@ class StandaloneRedis extends BaseModel return new Attribute( get: function () { $redis_version = $this->getRedisVersion(); - $username_part = version_compare($redis_version, '6.0', '>=') ? "{$this->redis_username}:" : ''; + $username_part = version_compare($redis_version, '6.0', '>=') ? rawurlencode($this->redis_username).':' : ''; + $encodedPass = rawurlencode($this->redis_password); $scheme = $this->enable_ssl ? 'rediss' : 'redis'; $port = $this->enable_ssl ? 6380 : 6379; - $url = "{$scheme}://{$username_part}{$this->redis_password}@{$this->uuid}:{$port}/0"; + $url = "{$scheme}://{$username_part}{$encodedPass}@{$this->uuid}:{$port}/0"; if ($this->enable_ssl && $this->ssl_mode === 'verify-ca') { $url .= '?cacert=/etc/ssl/certs/coolify-ca.crt'; @@ -241,9 +242,10 @@ class StandaloneRedis extends BaseModel get: function () { if ($this->is_public && $this->public_port) { $redis_version = $this->getRedisVersion(); - $username_part = version_compare($redis_version, '6.0', '>=') ? "{$this->redis_username}:" : ''; + $username_part = version_compare($redis_version, '6.0', '>=') ? rawurlencode($this->redis_username).':' : ''; + $encodedPass = rawurlencode($this->redis_password); $scheme = $this->enable_ssl ? 'rediss' : 'redis'; - $url = "{$scheme}://{$username_part}{$this->redis_password}@{$this->destination->server->getIp}:{$this->public_port}/0"; + $url = "{$scheme}://{$username_part}{$encodedPass}@{$this->destination->server->getIp}:{$this->public_port}/0"; if ($this->enable_ssl && $this->ssl_mode === 'verify-ca') { $url .= '?cacert=/etc/ssl/certs/coolify-ca.crt'; diff --git a/database/migrations/2025_01_30_125223_encrypt_local_file_volumes_fields.php b/database/migrations/2025_01_30_125223_encrypt_local_file_volumes_fields.php index f29cdaa23..c6b4f8514 100644 --- a/database/migrations/2025_01_30_125223_encrypt_local_file_volumes_fields.php +++ b/database/migrations/2025_01_30_125223_encrypt_local_file_volumes_fields.php @@ -19,18 +19,21 @@ return new class extends Migration }); if (DB::table('local_file_volumes')->exists()) { - $volumes = DB::table('local_file_volumes')->get(); - foreach ($volumes as $volume) { - try { - DB::table('local_file_volumes')->where('id', $volume->id)->update([ - 'fs_path' => $volume->fs_path ? Crypt::encryptString($volume->fs_path) : null, - 'mount_path' => $volume->mount_path ? Crypt::encryptString($volume->mount_path) : null, - 'content' => $volume->content ? Crypt::encryptString($volume->content) : null, - ]); - } catch (\Exception $e) { - Log::error('Error encrypting local file volume fields: '.$e->getMessage()); - } - } + DB::table('local_file_volumes') + ->orderBy('id') + ->chunk(100, function ($volumes) { + foreach ($volumes as $volume) { + try { + DB::table('local_file_volumes')->where('id', $volume->id)->update([ + 'fs_path' => $volume->fs_path ? Crypt::encryptString($volume->fs_path) : null, + 'mount_path' => $volume->mount_path ? Crypt::encryptString($volume->mount_path) : null, + 'content' => $volume->content ? Crypt::encryptString($volume->content) : null, + ]); + } catch (\Exception $e) { + Log::error('Error encrypting local file volume fields: '.$e->getMessage()); + } + } + }); } } @@ -46,18 +49,21 @@ return new class extends Migration }); if (DB::table('local_file_volumes')->exists()) { - $volumes = DB::table('local_file_volumes')->get(); - foreach ($volumes as $volume) { - try { - DB::table('local_file_volumes')->where('id', $volume->id)->update([ - 'fs_path' => $volume->fs_path ? Crypt::decryptString($volume->fs_path) : null, - 'mount_path' => $volume->mount_path ? Crypt::decryptString($volume->mount_path) : null, - 'content' => $volume->content ? Crypt::decryptString($volume->content) : null, - ]); - } catch (\Exception $e) { - Log::error('Error decrypting local file volume fields: '.$e->getMessage()); - } - } + DB::table('local_file_volumes') + ->orderBy('id') + ->chunk(100, function ($volumes) { + foreach ($volumes as $volume) { + try { + DB::table('local_file_volumes')->where('id', $volume->id)->update([ + 'fs_path' => $volume->fs_path ? Crypt::decryptString($volume->fs_path) : null, + 'mount_path' => $volume->mount_path ? Crypt::decryptString($volume->mount_path) : null, + 'content' => $volume->content ? Crypt::decryptString($volume->content) : null, + ]); + } catch (\Exception $e) { + Log::error('Error decrypting local file volume fields: '.$e->getMessage()); + } + } + }); } } }; diff --git a/database/seeders/CaSslCertSeeder.php b/database/seeders/CaSslCertSeeder.php index b869ff96a..09f6cc984 100644 --- a/database/seeders/CaSslCertSeeder.php +++ b/database/seeders/CaSslCertSeeder.php @@ -20,7 +20,7 @@ class CaSslCertSeeder extends Seeder commonName: 'Coolify CA Certificate', serverId: $server->id, isCaCertificate: true, - validityDays: 15 * 365 + validityDays: 10 * 365 ); } else { $caCert = $existingCaCert;