Merge pull request #286 from lorenzomigliorero/fix/server-traefik-config

fix: server traefik config https middleware
2025-06-26 18:27:59 +00:00 · 2024-07-31 20:57:36 -06:00 · 2024-07-31 20:57:36 -06:00 · 1d91131d9a
commit 1d91131d9a
parent 2291e8d9f5 5aaa1e55f9
6 changed files with 6731 additions and 11822 deletions
--- a/.gitignore
+++ b/.gitignore
@ -33,6 +33,9 @@ npm-debug.log*
 yarn-debug.log*
 yarn-error.log*

+# Editor
+.vscode
+
 # Misc
 .DS_Store
 *.pem
--- a/apps/dokploy/test/traefik/server/update-server-config.test.ts
+++ b/apps/dokploy/test/traefik/server/update-server-config.test.ts
@ -0,0 +1,97 @@
+import { fs, vol } from "memfs";
+
+vi.mock("node:fs", () => ({
+	...fs,
+	default: fs,
+}));
+
+import type { Admin } from "@/server/api/services/admin";
+import { createDefaultServerTraefikConfig } from "@/server/setup/traefik-setup";
+import { loadOrCreateConfig } from "@/server/utils/traefik/application";
+import type { FileConfig } from "@/server/utils/traefik/file-types";
+import { updateServerTraefik } from "@/server/utils/traefik/web-server";
+import { beforeEach, expect, test, vi } from "vitest";
+
+const baseAdmin: Admin = {
+	createdAt: "",
+	authId: "",
+	adminId: "string",
+	githubAppId: null,
+	githubAppName: null,
+	serverIp: null,
+	certificateType: "none",
+	host: null,
+	githubClientId: null,
+	githubClientSecret: null,
+	githubInstallationId: null,
+	githubPrivateKey: null,
+	githubWebhookSecret: null,
+	letsEncryptEmail: null,
+	sshPrivateKey: null,
+	enableDockerCleanup: false,
+};
+
+beforeEach(() => {
+	vol.reset();
+	createDefaultServerTraefikConfig();
+});
+
+test("Should read the configuration file", () => {
+	const config: FileConfig = loadOrCreateConfig("dokploy");
+
+	expect(config.http?.routers?.["dokploy-router-app"]?.service).toBe(
+		"dokploy-service-app",
+	);
+});
+
+test("Should apply redirect-to-https", () => {
+	updateServerTraefik(
+		{
+			...baseAdmin,
+			certificateType: "letsencrypt",
+		},
+		"example.com",
+	);
+
+	const config: FileConfig = loadOrCreateConfig("dokploy");
+
+	expect(config.http?.routers?.["dokploy-router-app"]?.middlewares).toContain(
+		"redirect-to-https",
+	);
+});
+
+test("Should change only host when no certificate", () => {
+	updateServerTraefik(baseAdmin, "example.com");
+
+	const config: FileConfig = loadOrCreateConfig("dokploy");
+
+	expect(config.http?.routers?.["dokploy-router-app-secure"]).toBeUndefined();
+});
+
+test("Should not touch config without host", () => {
+	const originalConfig: FileConfig = loadOrCreateConfig("dokploy");
+
+	updateServerTraefik(baseAdmin, null);
+
+	const config: FileConfig = loadOrCreateConfig("dokploy");
+
+	expect(originalConfig).toEqual(config);
+});
+
+test("Should remove web-secure if https rollback to http", () => {
+	const originalConfig: FileConfig = loadOrCreateConfig("dokploy");
+
+	updateServerTraefik(
+		{ ...baseAdmin, certificateType: "letsencrypt" },
+		"example.com",
+	);
+
+	updateServerTraefik({ ...baseAdmin, certificateType: "none" }, "example.com");
+
+	const config: FileConfig = loadOrCreateConfig("dokploy");
+
+	expect(config.http?.routers?.["dokploy-router-app-secure"]).toBeUndefined();
+	expect(
+		config.http?.routers?.["dokploy-router-app"]?.middlewares,
+	).not.toContain("redirect-to-https");
+});
--- a/apps/dokploy/package.json
+++ b/apps/dokploy/package.json
@ -129,7 +129,6 @@
 		"zod-form-data": "^2.0.2"
 	},
 	"devDependencies": {
-		"tsconfig-paths": "4.2.0",
 		"@biomejs/biome": "1.8.3",
 		"@commitlint/cli": "^19.3.0",
 		"@commitlint/config-conventional": "^19.2.2",
@ -154,10 +153,12 @@
 		"husky": "^9.0.11",
 		"lint-staged": "^15.2.7",
 		"localtunnel": "2.0.2",
+		"memfs": "^4.11.0",
 		"postcss": "^8.4.31",
 		"prettier": "^3.2.4",
 		"prettier-plugin-tailwindcss": "^0.5.11",
 		"tailwindcss": "^3.4.1",
+		"tsconfig-paths": "4.2.0",
 		"tsx": "^4.7.0",
 		"typescript": "^5.4.2",
 		"vite-tsconfig-paths": "4.3.2",
--- a/apps/dokploy/server/setup/traefik-setup.ts
+++ b/apps/dokploy/server/setup/traefik-setup.ts
@ -104,8 +104,7 @@ export const createDefaultServerTraefikConfig = () => {
 				[`${appName}-router-app`]: {
 					rule: `Host(\`${appName}.docker.localhost\`) && PathPrefix(\`/\`)`,
 					service: `${appName}-service-app`,
-					entryPoints: ["web", "websecure"],
-					tls: {},
+					entryPoints: ["web"],
 				},
 			},
 			services: {
--- a/apps/dokploy/server/utils/traefik/web-server.ts
+++ b/apps/dokploy/server/utils/traefik/web-server.ts
@ -19,14 +19,20 @@ export const updateServerTraefik = (

 	const currentRouterConfig = config.http.routers[`${appName}-router-app`];

-	if (currentRouterConfig) {
-		if (newHost) {
+	if (currentRouterConfig && newHost) {
 		currentRouterConfig.rule = `Host(\`${newHost}\`)`;
-		}
+
 		if (admin?.certificateType === "letsencrypt") {
-			currentRouterConfig.tls = { certResolver: "letsencrypt" };
-		} else if (admin?.certificateType === "none") {
-			currentRouterConfig.tls = undefined;
+			config.http.routers[`${appName}-router-app-secure`] = {
+				...currentRouterConfig,
+				entryPoints: ["web-secure"],
+				tls: { certResolver: "letsencrypt" },
+			};
+
+			currentRouterConfig.middlewares = ["redirect-to-https"];
+		} else {
+			delete config.http.routers[`${appName}-router-app-secure`];
+			currentRouterConfig.middlewares = [];
 		}
 	}

--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml