dave/coolify
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

feat(database): add CA certificate generation for database servers

Browse Source
This commit is contained in:
Andras Bacsai
2025-03-31 14:02:15 +02:00
parent c7591fde15
commit d6d1c9ad82
9 changed files with 129 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
app/Actions/Database/StartDragonfly.php
View File

@@ -57,6 +57,17 @@ class StartDragonfly
$server = $this->database->destination->server; $server = $this->database->destination->server;
$caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first(); $caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first();
if (! $caCert) {
$server->generateCaCertificate();
$caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first();
}
if (! $caCert) {
$this->dispatch('error', 'No CA certificate found for this database. Please generate a CA certificate for this server in the server/advanced page.');
return;
}
$this->ssl_certificate = $this->database->sslCertificates()->first(); $this->ssl_certificate = $this->database->sslCertificates()->first();
if (! $this->ssl_certificate) { if (! $this->ssl_certificate) {

11
app/Actions/Database/StartKeydb.php
View File

@@ -58,6 +58,17 @@ class StartKeydb
$server = $this->database->destination->server; $server = $this->database->destination->server;
$caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first(); $caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first();
if (! $caCert) {
$server->generateCaCertificate();
$caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first();
}
if (! $caCert) {
$this->dispatch('error', 'No CA certificate found for this database. Please generate a CA certificate for this server in the server/advanced page.');
return;
}
$this->ssl_certificate = $this->database->sslCertificates()->first(); $this->ssl_certificate = $this->database->sslCertificates()->first();
if (! $this->ssl_certificate) { if (! $this->ssl_certificate) {

11
app/Actions/Database/StartMariadb.php
View File

@@ -59,6 +59,17 @@ class StartMariadb
$server = $this->database->destination->server; $server = $this->database->destination->server;
$caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first(); $caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first();
if (! $caCert) {
$server->generateCaCertificate();
$caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first();
}
if (! $caCert) {
$this->dispatch('error', 'No CA certificate found for this database. Please generate a CA certificate for this server in the server/advanced page.');
return;
}
$this->ssl_certificate = $this->database->sslCertificates()->first(); $this->ssl_certificate = $this->database->sslCertificates()->first();
if (! $this->ssl_certificate) { if (! $this->ssl_certificate) {

10
app/Actions/Database/StartMongodb.php
View File

@@ -63,6 +63,16 @@ class StartMongodb
$server = $this->database->destination->server; $server = $this->database->destination->server;
$caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first(); $caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first();
if (! $caCert) {
$server->generateCaCertificate();
$caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first();
}
if (! $caCert) {
$this->dispatch('error', 'No CA certificate found for this database. Please generate a CA certificate for this server in the server/advanced page.');
return;
}
$this->ssl_certificate = $this->database->sslCertificates()->first(); $this->ssl_certificate = $this->database->sslCertificates()->first();
if (! $this->ssl_certificate) { if (! $this->ssl_certificate) {

11
app/Actions/Database/StartMysql.php
View File

@@ -59,6 +59,17 @@ class StartMysql
$server = $this->database->destination->server; $server = $this->database->destination->server;
$caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first(); $caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first();
if (! $caCert) {
$server->generateCaCertificate();
$caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first();
}
if (! $caCert) {
$this->dispatch('error', 'No CA certificate found for this database. Please generate a CA certificate for this server in the server/advanced page.');
return;
}
$this->ssl_certificate = $this->database->sslCertificates()->first(); $this->ssl_certificate = $this->database->sslCertificates()->first();
if (! $this->ssl_certificate) { if (! $this->ssl_certificate) {

11
app/Actions/Database/StartPostgresql.php
View File

@@ -64,6 +64,17 @@ class StartPostgresql
$server = $this->database->destination->server; $server = $this->database->destination->server;
$caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first(); $caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first();
if (! $caCert) {
$server->generateCaCertificate();
$caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first();
}
if (! $caCert) {
$this->dispatch('error', 'No CA certificate found for this database. Please generate a CA certificate for this server in the server/advanced page.');
return;
}
$this->ssl_certificate = $this->database->sslCertificates()->first(); $this->ssl_certificate = $this->database->sslCertificates()->first();
if (! $this->ssl_certificate) { if (! $this->ssl_certificate) {

11
app/Actions/Database/StartRedis.php
View File

@@ -58,6 +58,17 @@ class StartRedis
$server = $this->database->destination->server; $server = $this->database->destination->server;
$caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first(); $caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first();
if (! $caCert) {
$server->generateCaCertificate();
$caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first();
}
if (! $caCert) {
$this->dispatch('error', 'No CA certificate found for this database. Please generate a CA certificate for this server in the server/advanced page.');
return;
}
$this->ssl_certificate = $this->database->sslCertificates()->first(); $this->ssl_certificate = $this->database->sslCertificates()->first();
if (! $this->ssl_certificate) { if (! $this->ssl_certificate) {

15
app/Livewire/Project/Database/Dragonfly/General.php
View File

@@ -214,10 +214,23 @@ class General extends Component
return; return;
} }
$caCert = SslCertificate::where('server_id', $existingCert->server_id) $server = $this->database->destination->server;
$caCert = SslCertificate::where('server_id', $server->id)
->where('is_ca_certificate', true) ->where('is_ca_certificate', true)
->first(); ->first();
if (! $caCert) {
$server->generateCaCertificate();
$caCert = SslCertificate::where('server_id', $server->id)->where('is_ca_certificate', true)->first();
}
if (! $caCert) {
$this->dispatch('error', 'No CA certificate found for this database. Please generate a CA certificate for this server in the server/advanced page.');
return;
}
SslHelper::generateSslCertificate( SslHelper::generateSslCertificate(
commonName: $existingCert->commonName, commonName: $existingCert->commonName,
subjectAlternativeNames: $existingCert->subjectAlternativeNames ?? [], subjectAlternativeNames: $existingCert->subjectAlternativeNames ?? [],

39
app/Models/Server.php
View File

@@ -7,7 +7,9 @@ use App\Actions\Server\InstallDocker;
use App\Actions\Server\StartSentinel; use App\Actions\Server\StartSentinel;
use App\Enums\ProxyTypes; use App\Enums\ProxyTypes;
use App\Events\ServerReachabilityChanged; use App\Events\ServerReachabilityChanged;
use App\Helpers\SslHelper;
use App\Jobs\CheckAndStartSentinelJob; use App\Jobs\CheckAndStartSentinelJob;
use App\Jobs\RegenerateSslCertJob;
use App\Notifications\Server\Reachable; use App\Notifications\Server\Reachable;
use App\Notifications\Server\Unreachable; use App\Notifications\Server\Unreachable;
use App\Services\ConfigurationRepository; use App\Services\ConfigurationRepository;
@@ -1337,4 +1339,41 @@ $schema://$host {
$configRepository = app(ConfigurationRepository::class); $configRepository = app(ConfigurationRepository::class);
$configRepository->disableSshMux(); $configRepository->disableSshMux();
} }
public function generateCaCertificate()
{
try {
ray('Generating CA certificate for server', $this->id);
SslHelper::generateSslCertificate(
commonName: 'Coolify CA Certificate',
serverId: $this->id,
isCaCertificate: true,
validityDays: 10 * 365
);
$caCertificate = SslCertificate::where('server_id', $this->id)->where('is_ca_certificate', true)->first();
ray('CA certificate generated', $caCertificate);
if ($caCertificate) {
$certificateContent = $caCertificate->ssl_certificate;
$caCertPath = config('constants.coolify.base_config_path').'/ssl/';
$commands = collect([
"mkdir -p $caCertPath",
"chown -R 9999:root $caCertPath",
"chmod -R 700 $caCertPath",
"rm -rf $caCertPath/coolify-ca.crt",
"echo '{$certificateContent}' > $caCertPath/coolify-ca.crt",
"chmod 644 $caCertPath/coolify-ca.crt",
]);
instant_remote_process($commands, $this, false);
dispatch(new RegenerateSslCertJob(
server_id: $this->id,
force_regeneration: true
));
}
} catch (\Throwable $e) {
return handleError($e);
}
}
} }