add option to set TLS Server Name

This commit is contained in:
Matthias Palmetshofer 2025-04-09 23:42:50 +02:00
parent 0450f62108
commit 674316aa46
No known key found for this signature in database
6 changed files with 84 additions and 11 deletions

View file

@ -77,7 +77,8 @@ export const resources = sqliteTable("resources", {
applyRules: integer("applyRules", { mode: "boolean" }) applyRules: integer("applyRules", { mode: "boolean" })
.notNull() .notNull()
.default(false), .default(false),
enabled: integer("enabled", { mode: "boolean" }).notNull().default(true) enabled: integer("enabled", { mode: "boolean" }).notNull().default(true),
tlsServerName: text("tlsServerName").notNull().default("")
}); });
export const targets = sqliteTable("targets", { export const targets = sqliteTable("targets", {

View file

@ -9,3 +9,10 @@ export const subdomainSchema = z
.min(1, "Subdomain must be at least 1 character long") .min(1, "Subdomain must be at least 1 character long")
.transform((val) => val.toLowerCase()); .transform((val) => val.toLowerCase());
export const tlsNameSchema = z
.string()
.regex(
/^(?!:\/\/)([a-zA-Z0-9-_]+\.)*[a-zA-Z0-9-_]+$|^$/,
"Invalid subdomain format"
)
.transform((val) => val.toLowerCase());

View file

@ -68,7 +68,8 @@ function queryResources(
http: resources.http, http: resources.http,
protocol: resources.protocol, protocol: resources.protocol,
proxyPort: resources.proxyPort, proxyPort: resources.proxyPort,
enabled: resources.enabled enabled: resources.enabled,
tlsServerName: resources.tlsServerName
}) })
.from(resources) .from(resources)
.leftJoin(sites, eq(resources.siteId, sites.siteId)) .leftJoin(sites, eq(resources.siteId, sites.siteId))
@ -102,7 +103,8 @@ function queryResources(
http: resources.http, http: resources.http,
protocol: resources.protocol, protocol: resources.protocol,
proxyPort: resources.proxyPort, proxyPort: resources.proxyPort,
enabled: resources.enabled enabled: resources.enabled,
tlsServerName: resources.tlsServerName
}) })
.from(resources) .from(resources)
.leftJoin(sites, eq(resources.siteId, sites.siteId)) .leftJoin(sites, eq(resources.siteId, sites.siteId))

View file

@ -16,7 +16,7 @@ import createHttpError from "http-errors";
import logger from "@server/logger"; import logger from "@server/logger";
import { fromError } from "zod-validation-error"; import { fromError } from "zod-validation-error";
import config from "@server/lib/config"; import config from "@server/lib/config";
import { subdomainSchema } from "@server/lib/schemas"; import { subdomainSchema, tlsNameSchema } from "@server/lib/schemas";
const updateResourceParamsSchema = z const updateResourceParamsSchema = z
.object({ .object({
@ -40,7 +40,8 @@ const updateHttpResourceBodySchema = z
isBaseDomain: z.boolean().optional(), isBaseDomain: z.boolean().optional(),
applyRules: z.boolean().optional(), applyRules: z.boolean().optional(),
domainId: z.string().optional(), domainId: z.string().optional(),
enabled: z.boolean().optional() enabled: z.boolean().optional(),
tlsServerName: z.string().optional()
}) })
.strict() .strict()
.refine((data) => Object.keys(data).length > 0, { .refine((data) => Object.keys(data).length > 0, {
@ -67,6 +68,15 @@ const updateHttpResourceBodySchema = z
{ {
message: "Base domain resources are not allowed" message: "Base domain resources are not allowed"
} }
)
.refine(
(data) => {
if (data.tlsServerName) {
return tlsNameSchema.safeParse(data.tlsServerName).success;
}
return true;
},
{ message: "Invalid TLS Server Name. Use domain name format, or save empty to remove the TLS Server Name." }
); );
export type UpdateResourceResponse = Resource; export type UpdateResourceResponse = Resource;

View file

@ -40,7 +40,8 @@ export async function traefikConfigProvider(
org: { org: {
orgId: orgs.orgId orgId: orgs.orgId
}, },
enabled: resources.enabled enabled: resources.enabled,
tlsServerName: resources.tlsServerName
}) })
.from(resources) .from(resources)
.innerJoin(sites, eq(sites.siteId, resources.siteId)) .innerJoin(sites, eq(sites.siteId, resources.siteId))
@ -139,6 +140,7 @@ export async function traefikConfigProvider(
const routerName = `${resource.resourceId}-router`; const routerName = `${resource.resourceId}-router`;
const serviceName = `${resource.resourceId}-service`; const serviceName = `${resource.resourceId}-service`;
const fullDomain = `${resource.fullDomain}`; const fullDomain = `${resource.fullDomain}`;
const transportName = `${resource.resourceId}-transport`;
if (!resource.enabled) { if (!resource.enabled) {
continue; continue;
@ -278,6 +280,21 @@ export async function traefikConfigProvider(
}) })
} }
}; };
// Add the serversTransport if TLS server name is provided
if (resource.tlsServerName) {
if (!config_output.http.serversTransports) {
config_output.http.serversTransports = {};
}
config_output.http.serversTransports![transportName] = {
serverName: resource.tlsServerName,
//unfortunately the following needs to be set. traefik doesn't merge the default serverTransport settings
// if defined in the static config and here. if not set, self-signed certs won't work
insecureSkipVerify: true
};
config_output.http.services![serviceName].loadBalancer.serversTransport = transportName;
}
} else { } else {
// Non-HTTP (TCP/UDP) configuration // Non-HTTP (TCP/UDP) configuration
const protocol = resource.protocol.toLowerCase(); const protocol = resource.protocol.toLowerCase();

View file

@ -48,7 +48,7 @@ import { useOrgContext } from "@app/hooks/useOrgContext";
import CustomDomainInput from "../CustomDomainInput"; import CustomDomainInput from "../CustomDomainInput";
import { createApiClient } from "@app/lib/api"; import { createApiClient } from "@app/lib/api";
import { useEnvContext } from "@app/hooks/useEnvContext"; import { useEnvContext } from "@app/hooks/useEnvContext";
import { subdomainSchema } from "@server/lib/schemas"; import { subdomainSchema, tlsNameSchema } from "@server/lib/schemas";
import { CaretSortIcon, CheckIcon } from "@radix-ui/react-icons"; import { CaretSortIcon, CheckIcon } from "@radix-ui/react-icons";
import { RadioGroup, RadioGroupItem } from "@app/components/ui/radio-group"; import { RadioGroup, RadioGroupItem } from "@app/components/ui/radio-group";
import { Label } from "@app/components/ui/label"; import { Label } from "@app/components/ui/label";
@ -73,7 +73,8 @@ const GeneralFormSchema = z
proxyPort: z.number().optional(), proxyPort: z.number().optional(),
http: z.boolean(), http: z.boolean(),
isBaseDomain: z.boolean().optional(), isBaseDomain: z.boolean().optional(),
domainId: z.string().optional() domainId: z.string().optional(),
tlsServerName: z.string().optional()
}) })
.refine( .refine(
(data) => { (data) => {
@ -103,6 +104,18 @@ const GeneralFormSchema = z
message: "Invalid subdomain", message: "Invalid subdomain",
path: ["subdomain"] path: ["subdomain"]
} }
)
.refine(
(data) => {
if (data.tlsServerName) {
return tlsNameSchema.safeParse(data.tlsServerName).success;
}
return true;
},
{
message: "Invalid TLS Server Name. Use domain name format, or save empty to remove the TLS Server Name.",
path: ["tlsServerName"]
}
); );
const TransferFormSchema = z.object({ const TransferFormSchema = z.object({
@ -146,7 +159,8 @@ export default function GeneralForm() {
proxyPort: resource.proxyPort ? resource.proxyPort : undefined, proxyPort: resource.proxyPort ? resource.proxyPort : undefined,
http: resource.http, http: resource.http,
isBaseDomain: resource.isBaseDomain ? true : false, isBaseDomain: resource.isBaseDomain ? true : false,
domainId: resource.domainId || undefined domainId: resource.domainId || undefined,
tlsServerName: resource.http ? resource.tlsServerName || "" : undefined
}, },
mode: "onChange" mode: "onChange"
}); });
@ -210,7 +224,8 @@ export default function GeneralForm() {
subdomain: data.http ? data.subdomain : undefined, subdomain: data.http ? data.subdomain : undefined,
proxyPort: data.proxyPort, proxyPort: data.proxyPort,
isBaseDomain: data.http ? data.isBaseDomain : undefined, isBaseDomain: data.http ? data.isBaseDomain : undefined,
domainId: data.http ? data.domainId : undefined domainId: data.http ? data.domainId : undefined,
tlsServerName: data.http ? data.tlsServerName : undefined
} }
) )
.catch((e) => { .catch((e) => {
@ -237,7 +252,8 @@ export default function GeneralForm() {
subdomain: data.subdomain, subdomain: data.subdomain,
proxyPort: data.proxyPort, proxyPort: data.proxyPort,
isBaseDomain: data.isBaseDomain, isBaseDomain: data.isBaseDomain,
fullDomain: resource.fullDomain fullDomain: resource.fullDomain,
tlsServerName: data.tlsServerName
}); });
router.refresh(); router.refresh();
@ -545,7 +561,27 @@ export default function GeneralForm() {
)} )}
/> />
)} )}
{/* New TLS Server Name Field */}
</div> </div>
<div className="w-fill space-y-2">
<FormLabel>
TLS Server Name
</FormLabel>
<FormField
control={form.control}
name="tlsServerName"
render={({ field }) => (
<FormItem>
<FormControl>
<Input
{...field}
/>
</FormControl>
<FormMessage />
</FormItem>
)}
/>
</div>
</> </>
)} )}