From f9e0fe8fc81d7f264b6e69f1d8435a99d4110221 Mon Sep 17 00:00:00 2001
From: Keagan McClelland <keagan.mcclelland@gmail.com>
Date: Wed, 6 Oct 2021 14:41:56 -0600
Subject: [PATCH] =?UTF-8?q?write=20nginx=20conf=20that=20uses=20ssl=20info?=
 =?UTF-8?q?rmation,=20add=20main=20ui=20config=20to=20Ngi=E2=80=A6=20(#591?=
 =?UTF-8?q?)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* write nginx conf that uses ssl information, add main ui config to Nginx init method

* fix nginx config for main service

* add ssl to ipv6 config
---
 appmgr/src/net/nginx.rs       | 21 +++++++++++++++++++--
 appmgr/src/nginx/main-ui.conf | 12 ++++++++++--
 2 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/appmgr/src/net/nginx.rs b/appmgr/src/net/nginx.rs
index b0725ad74..609e36782 100644
--- a/appmgr/src/net/nginx.rs
+++ b/appmgr/src/net/nginx.rs
@@ -9,6 +9,7 @@ use tokio::sync::Mutex;
 
 use super::interface::{InterfaceId, LanPortConfig};
 use super::ssl::SslManager;
+use crate::hostname::get_hostname;
 use crate::s9pk::manifest::PackageId;
 use crate::util::{Invoke, Port};
 use crate::{Error, ErrorKind, ResultExt};
@@ -40,11 +41,27 @@ pub struct NginxControllerInner {
 }
 impl NginxControllerInner {
     async fn init(nginx_root: PathBuf, db: SqlitePool) -> Result<Self, Error> {
-        Ok(NginxControllerInner {
+        let inner = NginxControllerInner {
             nginx_root,
             interfaces: BTreeMap::new(),
             ssl_manager: SslManager::init(db).await?,
-        })
+        };
+        let (key, cert) = inner
+            .ssl_manager
+            .certificate_for(&get_hostname().await?)
+            .await?;
+        let ssl_path_key = inner.nginx_root.join(format!("ssl/embassy_main.key.pem"));
+        let ssl_path_cert = inner.nginx_root.join(format!("ssl/embassy_main.cert.pem"));
+        futures::try_join!(
+            tokio::fs::write(&ssl_path_key, key.private_key_to_pem_pkcs8()?),
+            tokio::fs::write(
+                &ssl_path_cert,
+                cert.into_iter()
+                    .flat_map(|c| c.to_pem().unwrap())
+                    .collect::<Vec<u8>>()
+            )
+        )?;
+        Ok(inner)
     }
     async fn add<I: IntoIterator<Item = (InterfaceId, InterfaceMetadata)>>(
         &mut self,
diff --git a/appmgr/src/nginx/main-ui.conf b/appmgr/src/nginx/main-ui.conf
index be1c1cda9..27c2e5ecd 100644
--- a/appmgr/src/nginx/main-ui.conf
+++ b/appmgr/src/nginx/main-ui.conf
@@ -1,6 +1,8 @@
 server {
-        listen 80 default_server;
-        listen [::]:80 default_server;
+        listen 443 ssl default_server;
+        listen [::]:443 ssl default_server;
+        ssl_certificate /etc/nginx/ssl/embassy_main.cert.pem;
+        ssl_certificate_key /etc/nginx/ssl/embassy_main.key.pem;
 
         root /var/www/html/main;
 
@@ -31,4 +33,10 @@ server {
         location / {
                 try_files $uri $uri/ =404;
         }
+}
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+    server_name _;
+    return 301 https://$host$request_uri;
 }
\ No newline at end of file