feat(ssl): add a Coolify CA Certificate to all servers

2025-01-31 12:23:00 +01:00
parent e1245f49f1
commit 90a93ce7e0
1 changed files with 40 additions and 0 deletions
--- a/database/seeders/CaSslCertSeeder.php
+++ b/database/seeders/CaSslCertSeeder.php
@@ -0,0 +1,40 @@
+<?php
+
+namespace Database\Seeders;
+
+use App\Helpers\SslHelper;
+use App\Models\Server;
+use App\Models\SslCertificate;
+use Illuminate\Database\Seeder;
+
+class CaSslCertSeeder extends Seeder
+{
+    public function run()
+    {
+        Server::chunk(200, function ($servers) {
+            foreach ($servers as $server) {
+                $existingCert = SslCertificate::where('server_id', $server->id)->first();
+
+                if (! $existingCert) {
+                    $serverCert = SslHelper::generateSslCertificate(
+                        commonName: 'Coolify CA Certificate',
+                        serverId: $server->id,
+                        validityDays: 15 * 365
+                    );
+
+                    $serverCertPath = config('constants.coolify.base_config_path').'/ca/';
+
+                    $commands = collect([
+                        "mkdir -p $serverCertPath",
+                        "chown -R 9999:root $serverCertPath",
+                        "chmod -R 700 $serverCertPath",
+                        "echo '{$serverCert->ssl_certificate}' > $serverCertPath/ca.crt",
+                        "chmod 644 $serverCertPath/ca.crt",
+                    ]);
+
+                    remote_process($commands, $server);
+                }
+            }
+        });
+    }
+}