mirror of
https://github.com/louislam/uptime-kuma.git
synced 2024-11-27 08:44:04 +00:00
fix: allow TLS with remote docker when using public CA
This provides a small fix that allows you to define docker hosts that you can connect with in three different ways: 1. Mutual TLS, docker host uses non-standard CA 2. Mutual TLS, docker host uses standard CA 3. No Authentication, docker host uses non-standard CA 4. No authentication, docker host uses standard CA In the previous implementation only condition 1 and 4 were allowed. This makes condition 2 and 3 possible. The logic is a little messy, but it works. DCO-1.1 Signed-off-by: Patrick Wagstrom <160672+pridkett@users.noreply.github.com>
This commit is contained in:
parent
dd75890364
commit
495bf51ac8
1 changed files with 28 additions and 9 deletions
|
@ -156,15 +156,34 @@ class DockerHost {
|
||||||
let certPath = path.join(Database.dockerTLSDir, dirName, DockerHost.CertificateFileNameCert);
|
let certPath = path.join(Database.dockerTLSDir, dirName, DockerHost.CertificateFileNameCert);
|
||||||
let keyPath = path.join(Database.dockerTLSDir, dirName, DockerHost.CertificateFileNameKey);
|
let keyPath = path.join(Database.dockerTLSDir, dirName, DockerHost.CertificateFileNameKey);
|
||||||
|
|
||||||
if (dockerType === "tcp" && fs.existsSync(caPath) && fs.existsSync(certPath) && fs.existsSync(keyPath)) {
|
if (dockerType === "tcp") {
|
||||||
let ca = fs.readFileSync(caPath);
|
if (fs.existsSync(keyPath) && fs.existsSync(certPath)) {
|
||||||
let key = fs.readFileSync(keyPath);
|
// Load the key and cert
|
||||||
let cert = fs.readFileSync(certPath);
|
key = fs.readFileSync(keyPath);
|
||||||
certOptions = {
|
cert = fs.readFileSync(certPath);
|
||||||
ca,
|
|
||||||
key,
|
if (fs.existsSync(caPath)) {
|
||||||
cert
|
// Condition 1: Mutual TLS with self-signed certificate
|
||||||
};
|
ca = fs.readFileSync(caPath);
|
||||||
|
certOptions = {
|
||||||
|
ca,
|
||||||
|
key,
|
||||||
|
cert
|
||||||
|
};
|
||||||
|
} else {
|
||||||
|
// Condition 2: Mutual TLS with certificate in the standard trust store
|
||||||
|
certOptions = {
|
||||||
|
key,
|
||||||
|
cert
|
||||||
|
};
|
||||||
|
}
|
||||||
|
} else if (fs.existsSync(caPath)) {
|
||||||
|
// Condition 3: TLS using self-signed certificate (without mutual TLS)
|
||||||
|
ca = fs.readFileSync(caPath);
|
||||||
|
certOptions = {
|
||||||
|
ca
|
||||||
|
};
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return {
|
return {
|
||||||
|
|
Loading…
Reference in a new issue