feat: Dual certificates

desing: Lots of design/css updates
version++

src/lib/components/Explainer.svelte

@@ -1,6 +1,6 @@
 <script>
 	export let text;
-	export let maxWidthClass = 'max-w-[24rem]';
+	export let customClass = 'max-w-[24rem]';
 </script>
 
-<div class="py-1 text-xs text-stone-400 {maxWidthClass}">{@html text}</div>
+<div class="py-1 text-xs text-stone-400 {customClass}">{@html text}</div>

src/lib/components/Setting.svelte

@@ -4,15 +4,17 @@
 	export let setting;
 	export let title;
 	export let description;
-	export let isPadding = true;
+	export let isCenter = true;
 	export let disabled = false;
 </script>
 
-<li class="flex items-center py-4">
-	<div class="flex w-96 flex-col" class:px-4={isPadding} class:pr-32={!isPadding}>
-		<p class="text-xs font-bold text-stone-100 md:text-base">{title}</p>
+<div class="flex items-center py-4 pr-8">
+	<div class="flex w-96 flex-col">
+		<div class="text-xs font-bold text-stone-100 md:text-base">{title}</div>
 		<Explainer text={description} />
 	</div>
+</div>
+<div class:text-center={isCenter}>
 	<div
 		type="button"
 		on:click
@@ -58,5 +60,4 @@
 			</span>
 		</span>
 	</div>
-	<!-- {/if} -->
-</li>
+</div>

src/lib/database/applications.ts

@@ -209,10 +209,10 @@ export async function configureApplication({
 	});
 }
 
-export async function setApplicationSettings({ id, debug, previews }) {
+export async function setApplicationSettings({ id, debug, previews, dualCerts }) {
 	return await prisma.application.update({
 		where: { id },
-		data: { settings: { update: { debug, previews } } },
+		data: { settings: { update: { debug, previews, dualCerts } } },
 		include: { destinationDocker: true }
 	});
 }

src/lib/database/services.ts

@@ -107,13 +107,20 @@ export async function configureServiceType({ id, type }) {
 		});
 	}
 }
-export async function setService({ id, version }) {
+export async function setServiceVersion({ id, version }) {
 	return await prisma.service.update({
 		where: { id },
 		data: { version }
 	});
 }
 
+export async function setServiceSettings({ id, dualCerts }) {
+	return await prisma.service.update({
+		where: { id },
+		data: { dualCerts }
+	});
+}
+
 export async function updatePlausibleAnalyticsService({ id, fqdn, email, username, name }) {
 	await prisma.plausibleAnalytics.update({ where: { serviceId: id }, data: { email, username } });
 	await prisma.service.update({ where: { id }, data: { name, fqdn } });

src/lib/haproxy/index.ts

@@ -2,7 +2,6 @@ import { dev } from '$app/env';
 import { asyncExecShell, getDomain, getEngine } from '$lib/common';
 import got from 'got';
 import * as db from '$lib/database';
-import { letsEncrypt } from '$lib/letsencrypt';
 
 const url = dev ? 'http://localhost:5555' : 'http://coolify-haproxy:5555';
 

src/lib/letsencrypt.ts

@@ -3,49 +3,70 @@ import { forceSSLOnApplication } from '$lib/haproxy';
 import { asyncExecShell, getEngine } from './common';
 import * as db from '$lib/database';
 import cuid from 'cuid';
+import getPort from 'get-port';
 
 export async function letsEncrypt({ domain, isCoolify = false, id = null }) {
 	try {
 		const nakedDomain = domain.replace('www.', '');
 		const wwwDomain = `www.${nakedDomain}`;
 		const randomCuid = cuid();
-		if (dev) {
-			return await forceSSLOnApplication({ domain });
+		const randomPort = getPort();
+
+		let host;
+		let dualCerts = false;
+		if (isCoolify) {
+			const data = await db.prisma.setting.findFirst();
+			dualCerts = data.dualCerts;
+			host = '/var/run/docker.sock';
 		} else {
-			if (isCoolify) {
-				await asyncExecShell(
-					`docker run --rm --name certbot-${randomCuid} -p 9080:9080 -v "coolify-letsencrypt:/etc/letsencrypt" certbot/certbot --logs-dir /etc/letsencrypt/logs certonly --standalone --preferred-challenges http --http-01-address 0.0.0.0 --http-01-port 9080 -d ${nakedDomain} -d ${wwwDomain} --expand --agree-tos --non-interactive --register-unsafely-without-email`
-				);
-
-				const { stderr: copyError } = await asyncExecShell(
-					`docker run --rm -v "coolify-letsencrypt:/etc/letsencrypt" -v "coolify-ssl-certs:/app/ssl" alpine:latest sh -c "test -d /etc/letsencrypt/live/${nakedDomain}/ && cat /etc/letsencrypt/live/${nakedDomain}/fullchain.pem /etc/letsencrypt/live/${nakedDomain}/privkey.pem > /app/ssl/${nakedDomain}.pem || cat /etc/letsencrypt/live/${wwwDomain}/fullchain.pem /etc/letsencrypt/live/${wwwDomain}/privkey.pem > /app/ssl/${wwwDomain}.pem"`
-				);
-
-				if (copyError) throw copyError;
-				return;
+			// Check Application
+			const applicationData = await db.prisma.application.findUnique({
+				where: { id },
+				include: { destinationDocker: true, settings: true }
+			});
+			if (applicationData) {
+				if (applicationData?.destinationDockerId && applicationData?.destinationDocker) {
+					host = getEngine(applicationData.destinationDocker.engine);
+				}
+				if (applicationData?.settings?.dualCerts) {
+					dualCerts = applicationData.settings.dualCerts;
+				}
 			}
-			let data: any = await db.prisma.application.findUnique({
+			// Check Service
+			const serviceData = await db.prisma.service.findUnique({
 				where: { id },
 				include: { destinationDocker: true }
 			});
-			if (!data) {
-				data = await db.prisma.service.findUnique({
-					where: { id },
-					include: { destinationDocker: true }
-				});
+			if (serviceData) {
+				if (serviceData?.destinationDockerId && serviceData?.destinationDocker) {
+					host = getEngine(serviceData.destinationDocker.engine);
+				}
+				if (serviceData?.dualCerts) {
+					dualCerts = serviceData.dualCerts;
+				}
 			}
-			// Set SSL with Let's encrypt
-			if (data.destinationDockerId && data.destinationDocker) {
-				const host = getEngine(data.destinationDocker.engine);
+		}
+		if (!dev) {
+			if (dualCerts) {
 				await asyncExecShell(
-					`DOCKER_HOST=${host} docker run --rm --name certbot-${randomCuid} -p 9080:9080 -v "coolify-letsencrypt:/etc/letsencrypt" certbot/certbot --logs-dir /etc/letsencrypt/logs certonly --standalone --preferred-challenges http --http-01-address 0.0.0.0 --http-01-port 9080 -d ${nakedDomain} -d ${wwwDomain} --expand --agree-tos --non-interactive --register-unsafely-without-email`
+					`DOCKER_HOST=${host} docker run --rm --name certbot-${randomCuid} -p ${randomPort}:${randomPort} -v "coolify-letsencrypt:/etc/letsencrypt" certbot/certbot --logs-dir /etc/letsencrypt/logs certonly --standalone --preferred-challenges http --http-01-address 0.0.0.0 --http-01-port ${randomPort} -d ${nakedDomain} -d ${wwwDomain} --expand --agree-tos --non-interactive --register-unsafely-without-email`
 				);
-				const { stderr: copyError } = await asyncExecShell(
+				await asyncExecShell(
 					`DOCKER_HOST=${host} docker run --rm -v "coolify-letsencrypt:/etc/letsencrypt" -v "coolify-ssl-certs:/app/ssl" alpine:latest sh -c "test -d /etc/letsencrypt/live/${nakedDomain}/ && cat /etc/letsencrypt/live/${nakedDomain}/fullchain.pem /etc/letsencrypt/live/${nakedDomain}/privkey.pem > /app/ssl/${nakedDomain}.pem || cat /etc/letsencrypt/live/${wwwDomain}/fullchain.pem /etc/letsencrypt/live/${wwwDomain}/privkey.pem > /app/ssl/${wwwDomain}.pem"`
 				);
-				if (copyError) throw copyError;
-				await forceSSLOnApplication({ domain });
+			} else {
+				await asyncExecShell(
+					`DOCKER_HOST=${host} docker run --rm --name certbot-${randomCuid} -p ${randomPort}:${randomPort} -v "coolify-letsencrypt:/etc/letsencrypt" certbot/certbot --logs-dir /etc/letsencrypt/logs certonly --standalone --preferred-challenges http --http-01-address 0.0.0.0 --http-01-port ${randomPort} -d ${domain}  --expand --agree-tos --non-interactive --register-unsafely-without-email`
+				);
+				await asyncExecShell(
+					`DOCKER_HOST=${host} docker run --rm -v "coolify-letsencrypt:/etc/letsencrypt" -v "coolify-ssl-certs:/app/ssl" alpine:latest sh -c "cat /etc/letsencrypt/live/${domain}/fullchain.pem /etc/letsencrypt/live/${domain}/privkey.pem > /app/ssl/${domain}.pem"`
+				);
 			}
+		} else {
+			console.log({ dualCerts, host, wwwDomain, nakedDomain, domain });
+		}
+		if (!isCoolify) {
+			await forceSSLOnApplication({ domain });
 		}
 	} catch (error) {
 		console.log(error);