diff --git a/Makefile b/Makefile index a3c02ca9..276c785d 100644 --- a/Makefile +++ b/Makefile @@ -1,8 +1,11 @@ all: build push -build: - docker build -t fossorial/pangolin:latest . +build-arm: + docker buildx build --platform linux/arm64 -t fossorial/pangolin:latest . + +build-x86: + docker buildx build --platform linux/amd64 -t fossorial/pangolin:latest . push: docker push fossorial/pangolin:latest diff --git a/server/config.ts b/server/config.ts index 228072fb..d7c0c694 100644 --- a/server/config.ts +++ b/server/config.ts @@ -29,7 +29,6 @@ const environmentSchema = z.object({ http_entrypoint: z.string(), https_entrypoint: z.string().optional(), cert_resolver: z.string().optional(), - prefer_wildcard_cert: z.boolean().optional(), }), gerbil: z.object({ start_port: portSchema, diff --git a/server/routers/traefik/getTraefikConfig.ts b/server/routers/traefik/getTraefikConfig.ts index 3eec2b19..81e1a9ba 100644 --- a/server/routers/traefik/getTraefikConfig.ts +++ b/server/routers/traefik/getTraefikConfig.ts @@ -1,7 +1,6 @@ import { Request, Response } from "express"; import db from "@server/db"; import * as schema from "@server/db/schema"; -import { DynamicTraefikConfig } from "./configSchema"; import { and, eq, isNotNull } from "drizzle-orm"; import logger from "@server/logger"; import HttpCode from "@server/types/HttpCode"; @@ -27,32 +26,25 @@ export async function traefikConfigProvider( ); if (!all.length) { - return { http: {} } as DynamicTraefikConfig; + return res.status(HttpCode.OK).json({}); } - const middlewareName = "badger"; + const badgerMiddlewareName = "badger"; + const redirectMiddlewareName = "redirect-to-https"; - const baseDomain = new URL(config.app.base_url).hostname; + // const baseDomain = new URL(config.app.base_url).hostname; const tls = { certResolver: config.traefik.cert_resolver, - ...(config.traefik.prefer_wildcard_cert - ? { - domains: { - main: baseDomain, - sans: [`*.${baseDomain}`], - }, - } - : {}), }; const http: any = { routers: {}, services: {}, middlewares: { - [middlewareName]: { + [badgerMiddlewareName]: { plugin: { - [middlewareName]: { + [badgerMiddlewareName]: { apiBaseUrl: new URL( "/api/v1", `http://${config.server.internal_hostname}:${config.server.internal_port}` @@ -61,6 +53,12 @@ export async function traefikConfigProvider( }, }, }, + [redirectMiddlewareName]: { + redirectScheme: { + scheme: "https", + permanent: true, + }, + }, }, }; for (const item of all) { @@ -76,12 +74,22 @@ export async function traefikConfigProvider( ? config.traefik.https_entrypoint : config.traefik.http_entrypoint, ], - middlewares: [middlewareName], + middlewares: target.ssl ? [badgerMiddlewareName] : [], service: serviceName, rule: `Host(\`${resource.fullDomain}\`)`, ...(target.ssl ? { tls } : {}), }; + if (target.ssl) { + // this is a redirect router; all it does is redirect to the https version if tls is enabled + http.routers![routerName + "-redirect"] = { + entryPoints: [config.traefik.http_entrypoint], + middlewares: [redirectMiddlewareName], + service: serviceName, + rule: `Host(\`${resource.fullDomain}\`)`, + }; + } + http.services![serviceName] = { loadBalancer: { servers: [ diff --git a/src/app/page.tsx b/src/app/page.tsx index f20dfefe..6b6553a9 100644 --- a/src/app/page.tsx +++ b/src/app/page.tsx @@ -28,11 +28,10 @@ export default async function Page(props: { if (res && res.data.data.orgs) { orgs = res.data.data.orgs; } - } catch (e) { console.error(e); } - + if (!orgs.length) { redirect("/setup"); }