feat: generate self signed ssl cert on app start

.env.example

@@ -13,7 +13,7 @@ ROOT_FOLDER_HOST=/Users/nicolas/Projects/runtipi
 NGINX_PORT=3000
 NGINX_PORT_SSL=443
 POSTGRES_PASSWORD=postgres
-DOMAIN=tipi.localhost
+DOMAIN=example.com
 STORAGE_PATH=/Users/nicolas/Projects/runtipi
 REDIS_HOST=tipi-redis
 

.gitignore

@@ -54,6 +54,7 @@ node_modules/
 /repos/
 /apps/
 traefik/shared
+traefik/tls
 
 # media folder
 media

scripts/common.sh

@@ -98,6 +98,27 @@ function kill_watcher() {
     # pkill -f "watcher.sh"
 }
 
+function generateTLSCert() {
+    local domain="$1"
+
+    # If the certificate already exists for this domain, don't generate it again
+    if [[ -f "traefik/tls/$domain.txt" ]] && [[ -f "traefik/tls/cert.pem" ]] && [[ -f "traefik/tls/key.pem" ]]; then
+        return
+    fi
+
+    rm -rf "traefik/tls/$domain.txt"
+    rm -rf "traefik/tls/cert.pem"
+    rm -rf "traefik/tls/key.pem"
+
+    echo "Generating TLS certificate..."
+
+    if ! openssl req -x509 -newkey rsa:4096 -keyout traefik/tls/key.pem -out traefik/tls/cert.pem -days 365 -subj "/O=runtipi.io/OU=IT/CN=*.${domain}/emailAddress=webmaster@${domain}" -addext "subjectAltName = DNS:*.${domain},DNS:${domain}" -nodes; then
+        echo "Failed to generate TLS certificate"
+    fi
+    # Create a file to indicate that the certificate has been generated for this domain
+    touch "traefik/tls/$domain.txt"
+}
+
 
 function generate_env_file() {
   echo "Generating .env file..."
@@ -142,6 +163,7 @@ function generate_env_file() {
   local redis_host=$(get_json_field "$json_file" redis_host)
   local demo_mode=$(get_json_field "$json_file" demo_mode)
   local docker_tag=$(get_json_field "$json_file" docker_tag)
+  local local_domain=$(get_json_field "$json_file" local_domain)
   local root_folder=$(get_json_field "$json_file" root_folder | sed 's/\//\\\//g')
   local apps_repository=$(get_json_field "$json_file" apps_repository | sed 's/\//\\\//g')
   local storage_path=$(get_json_field "$json_file" storage_path | sed 's/\//\\\//g')
@@ -195,10 +217,15 @@ function generate_env_file() {
       storage_path_temp="${storage_path_settings}"
       storage_path="$(echo "${storage_path_temp}" | sed 's/\//\\\//g')"
     fi
+
+    if [[ "$(get_json_field "${STATE_FOLDER}/settings.json" localDomain)" != "null" ]]; then
+      local_domain=$(get_json_field "${STATE_FOLDER}/settings.json" localDomain)
+    fi
   fi
 
-  # If port is not 80 and domain is not tipi.localhost, we exit
-  if [[ "${nginx_port}" != "80" ]] && [[ "${domain}" != "tipi.localhost" ]]; then
+  echo "Using domain ${domain} and port ${nginx_port}"
+  # If port is not 80 and domain is not example.com or tipi.localhost, we exit
+  if [[ "${nginx_port}" != "80" ]] && [[ "${domain}" != "example.com" ]] && [[ "${domain}" != "tipi.localhost" ]]; then
     echo "Using a custom domain with a custom port is not supported"
     exit 1
   fi
@@ -236,8 +263,11 @@ function generate_env_file() {
       sed "${sed_args[@]}" "s/<redis_host>/${redis_host}/g" "${template}"
       sed "${sed_args[@]}" "s/<demo_mode>/${demo_mode}/g" "${template}"
       sed "${sed_args[@]}" "s/<docker_tag>/${docker_tag}/g" "${template}"
+      sed "${sed_args[@]}" "s/<local_domain>/${local_domain}/g" "${template}"
   done
 
+  generateTLSCert "$local_domain"
+
   mv -f "$env_file" "$ROOT_FOLDER/.env"
   chmod a+rwx "$ROOT_FOLDER/.env"
 }

scripts/start-dev.sh

@@ -24,7 +24,7 @@ apps_repository="https://github.com/meienberger/runtipi-appstore"
 env_variables_json=$(cat <<EOF
 {
   "dns_ip": "9.9.9.9",
-  "domain": "tipi.localhost",
+  "domain": "example.com",
   "root_folder": "${ROOT_FOLDER}",
   "nginx_port": 3000,
   "nginx_port_ssl": 443,
@@ -38,6 +38,7 @@ env_variables_json=$(cat <<EOF
   "tipi_version": "$(get_json_field "${ROOT_FOLDER}/package.json" version)",
   "internal_ip": "localhost",
   "demo_mode": false,
+  "local_domain": "tipi.lan",
   "apps_repository": "${apps_repository}",
   "storage_path": "${ROOT_FOLDER}",
   "repo_id": "$("${ROOT_FOLDER}"/scripts/git.sh get_hash ${apps_repository})"

scripts/start-e2e.sh

@@ -46,7 +46,7 @@ apps_repository="https://github.com/meienberger/runtipi-appstore"
 env_variables_json=$(cat <<EOF
 {
   "dns_ip": "9.9.9.9",
-  "domain": "tipi.localhost",
+  "domain": "example.com",
   "root_folder": "${ROOT_FOLDER}",
   "nginx_port": 80,
   "nginx_port_ssl": 443,
@@ -57,6 +57,7 @@ env_variables_json=$(cat <<EOF
   "postgres_port": 5432,
   "postgres_host": "tipi-db",
   "redis_host": "tipi-redis",
+  "local_domain": "tipi.lan",
   "tipi_version": "$(get_json_field "${ROOT_FOLDER}/package.json" version)",
   "internal_ip": "localhost",
   "demo_mode": false,

scripts/start.sh

@@ -100,9 +100,10 @@ env_variables_json=$(cat <<EOF
   "postgres_port": 5432,
   "postgres_host": "tipi-db",
   "redis_host": "tipi-redis",
+  "local_domain": "tipi.lan",
   "repo_id": "$("${ROOT_FOLDER}"/scripts/git.sh get_hash "${apps_repository}")",
   "apps_repository": "${apps_repository}",
-  "domain": "tipi.localhost",
+  "domain": "tipi.lan",
   "storage_path": "${ROOT_FOLDER}",
   "demo_mode": false,
 }

templates/env-sample

@@ -21,4 +21,5 @@ POSTGRES_PASSWORD=<postgres_password>
 POSTGRES_PORT=<postgres_port>
 REDIS_HOST=<redis_host>
 DEMO_MODE=<demo_mode>
+LOCAL_DOMAIN=<local_domain>
 DOCKER_TAG=<docker_tag>

traefik/dynamic/dynamic.yml

@@ -1,4 +1,14 @@
 http:
   serversTransports:
     insecuretransport:
-      insecureSkipVerify: true
+      insecureSkipVerify: true
+
+tls:
+  stores:
+    default:
+      defaultCertificate:
+        certFile: /root/.config/tls/cert.pem
+        keyFile: /root/.config/tls/key.pem
+  certificates:
+    - certFile: /root/.config/tls/cert.pem
+      keyFile: /root/.config/tls/key.pem