write nginx conf that uses ssl information, add main ui config to Ngi… (#591)

* write nginx conf that uses ssl information, add main ui config to Nginx init method * fix nginx config for main service * add ssl to ipv6 config
2026-03-26 10:21:52 +00:00 · 2021-10-06 14:41:56 -06:00
parent 016fb0d3f1
commit f9e0fe8fc8
2 changed files with 29 additions and 4 deletions
--- a/appmgr/src/net/nginx.rs
+++ b/appmgr/src/net/nginx.rs
@@ -9,6 +9,7 @@ use tokio::sync::Mutex;

 use super::interface::{InterfaceId, LanPortConfig};
 use super::ssl::SslManager;
+use crate::hostname::get_hostname;
 use crate::s9pk::manifest::PackageId;
 use crate::util::{Invoke, Port};
 use crate::{Error, ErrorKind, ResultExt};
@@ -40,11 +41,27 @@ pub struct NginxControllerInner {
 }
 impl NginxControllerInner {
    async fn init(nginx_root: PathBuf, db: SqlitePool) -> Result<Self, Error> {
-        Ok(NginxControllerInner {
+        let inner = NginxControllerInner {
            nginx_root,
            interfaces: BTreeMap::new(),
            ssl_manager: SslManager::init(db).await?,
-        })
+        };
+        let (key, cert) = inner
+            .ssl_manager
+            .certificate_for(&get_hostname().await?)
+            .await?;
+        let ssl_path_key = inner.nginx_root.join(format!("ssl/embassy_main.key.pem"));
+        let ssl_path_cert = inner.nginx_root.join(format!("ssl/embassy_main.cert.pem"));
+        futures::try_join!(
+            tokio::fs::write(&ssl_path_key, key.private_key_to_pem_pkcs8()?),
+            tokio::fs::write(
+                &ssl_path_cert,
+                cert.into_iter()
+                    .flat_map(|c| c.to_pem().unwrap())
+                    .collect::<Vec<u8>>()
+            )
+        )?;
+        Ok(inner)
    }
    async fn add<I: IntoIterator<Item = (InterfaceId, InterfaceMetadata)>>(
        &mut self,
--- a/appmgr/src/nginx/main-ui.conf
+++ b/appmgr/src/nginx/main-ui.conf
@@ -1,6 +1,8 @@
 server {
-        listen 80 default_server;
-        listen [::]:80 default_server;
+        listen 443 ssl default_server;
+        listen [::]:443 ssl default_server;
+        ssl_certificate /etc/nginx/ssl/embassy_main.cert.pem;
+        ssl_certificate_key /etc/nginx/ssl/embassy_main.key.pem;

        root /var/www/html/main;

@@ -31,4 +33,10 @@ server {
        location / {
                try_files $uri $uri/ =404;
        }
+}
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+    server_name _;
+    return 301 https://$host$request_uri;
 }