ric/uptime-kuma
1
0
Fork 0
mirror of https://github.com/louislam/uptime-kuma.git synced 2024-11-23 14:54:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

fix: allow TLS with remote docker when using public CA

Browse source 
This provides a small fix that allows you to define docker hosts that
you can connect with in three different ways:

1. Mutual TLS, docker host uses non-standard CA
2. Mutual TLS, docker host uses standard CA
3. No Authentication, docker host uses non-standard CA
4. No authentication, docker host uses standard CA

In the previous implementation only condition 1 and 4 were allowed. This
makes condition 2 and 3 possible. The logic is a little messy, but it
works.

DCO-1.1 Signed-off-by: Patrick Wagstrom <160672+pridkett@users.noreply.github.com>
This commit is contained in:
Patrick Wagstrom 2024-09-21 18:01:42 -04:00
parent dd75890364
commit 495bf51ac8
No known key found for this signature in database
GPG key ID: 96EB828DBB815796
1 changed files with 28 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
server/docker.js
View file

@ -156,15 +156,34 @@ class DockerHost {
let certPath = path.join(Database.dockerTLSDir, dirName, DockerHost.CertificateFileNameCert); let certPath = path.join(Database.dockerTLSDir, dirName, DockerHost.CertificateFileNameCert);
let keyPath = path.join(Database.dockerTLSDir, dirName, DockerHost.CertificateFileNameKey); let keyPath = path.join(Database.dockerTLSDir, dirName, DockerHost.CertificateFileNameKey);
if (dockerType === "tcp" && fs.existsSync(caPath) && fs.existsSync(certPath) && fs.existsSync(keyPath)) { if (dockerType === "tcp") {
let ca = fs.readFileSync(caPath); if (fs.existsSync(keyPath) && fs.existsSync(certPath)) {
let key = fs.readFileSync(keyPath); // Load the key and cert
let cert = fs.readFileSync(certPath); key = fs.readFileSync(keyPath);
cert = fs.readFileSync(certPath);
if (fs.existsSync(caPath)) {
// Condition 1: Mutual TLS with self-signed certificate
ca = fs.readFileSync(caPath);
certOptions = { certOptions = {
ca, ca,
key, key,
cert cert
}; };
} else {
// Condition 2: Mutual TLS with certificate in the standard trust store
certOptions = {
key,
cert
};
}
} else if (fs.existsSync(caPath)) {
// Condition 3: TLS using self-signed certificate (without mutual TLS)
ca = fs.readFileSync(caPath);
certOptions = {
ca
};
}
} }
return { return {