diff --git a/backup.nginx.conf b/backup.nginx.conf new file mode 100644 index 00000000..ac65e57e --- /dev/null +++ b/backup.nginx.conf @@ -0,0 +1,60 @@ +server { + listen 80 default_server; + listen [::]:80 default_server; + + server_name dashboard.stage.netmaker.org; # The external URL + client_max_body_size 0; + + location / { + + # if you use a custom resolver to find your app, needed with swag proxy + # resolver 127.0.0.11 valid=30s; + set $upstream_app dashboard; # The internal URL + set $upstream_port 3000; # The internal Port + set $upstream_proto http; # the protocol that is being used + proxy_pass $upstream_proto://$upstream_app:$upstream_port; # combine the set variables from above + } + } + +server { + listen 80 default_server; + listen [::]:80 default_server; + + server_name api.stage.netmaker.org; # The external URL + client_max_body_size 0; + underscores_in_headers on; + + location / { + # if you use a custom resolver to find your app, needed with swag proxy + # resolver 127.0.0.11 valid=30s; + + set $upstream_app netmaker; # The internal URL + set $upstream_port 8081; # The internal Port + set $upstream_proto http; # the protocol that is being used + proxy_pass $upstream_proto://$upstream_app:$upstream_port; # combine the set variables from above + + # Forces the header to be the one that is visible from the outside + proxy_set_header Host api.stage.netmaker.org; # Please cange to your URL + + # Pass all headers through to the backend + proxy_pass_request_headers on; + } + } + + server { + listen 80 http2; + server_name grpc.stage.netmaker.org + client_max_body_size 0; + underscores_in_headers on; + + + # Forces the header to be the one that is visible from the outside + proxy_set_header Host api.stage.netmaker.org; # Please change to your URL + + # Pass all headers through to the backend + proxy_pass_request_headers on; + + location / { + grpc_pass grpc://localhost:50051; + } + } diff --git a/backup2.nginx.conf b/backup2.nginx.conf new file mode 100644 index 00000000..12119074 --- /dev/null +++ b/backup2.nginx.conf @@ -0,0 +1,70 @@ +server { + listen 443; + listen [::]:443; + + server_name dashboard.stage.netmaker.org; # The external URL + client_max_body_size 0; + ssl_certificate /etc/letsencrypt/live/stage.netmaker.org/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/stage.netmaker.org/privkey.pem; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; + location / { + + # if you use a custom resolver to find your app, needed with swag proxy + # resolver 127.0.0.11 valid=30s; + set $upstream_app dashboard; # The internal URL + set $upstream_port 3000; # The internal Port + set $upstream_proto http2; # the protocol that is being used + proxy_pass $upstream_proto://$upstream_app:$upstream_port; # combine the set variables from above + } + } + +server { + listen 443; + listen [::]:443; + + server_name api.stage.netmaker.org; # The external URL + client_max_body_size 0; + underscores_in_headers on; + ssl_certificate /etc/letsencrypt/live/stage.netmaker.org/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/stage.netmaker.org/privkey.pem; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; + location / { + # if you use a custom resolver to find your app, needed with swag proxy + # resolver 127.0.0.11 valid=30s; + + set $upstream_app netmaker; # The internal URL + set $upstream_port 8081; # The internal Port + set $upstream_proto http2; # the protocol that is being used + proxy_pass $upstream_proto://$upstream_app:$upstream_port; # combine the set variables from above + + # Forces the header to be the one that is visible from the outside + proxy_set_header Host api.stage.netmaker.org; # Please cange to your URL + + # Pass all headers through to the backend + proxy_pass_request_headers on; + } + } + + server { + listen 80 http2; + server_name grpc.stage.netmaker.org + client_max_body_size 0; + underscores_in_headers on; + + ssl_certificate /etc/letsencrypt/live/stage.netmaker.org/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/stage.netmaker.org/privkey.pem; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; + + # Forces the header to be the one that is visible from the outside + proxy_set_header Host api.stage.netmaker.org; # Please change to your URL + + # Pass all headers through to the backend + proxy_pass_request_headers on; + + location / { + grpc_pass grpc://localhost:50051; + } + } diff --git a/compose/docker-compose.coredns.yml b/compose/docker-compose.coredns.yml new file mode 100644 index 00000000..e461caa2 --- /dev/null +++ b/compose/docker-compose.coredns.yml @@ -0,0 +1,12 @@ +version: "3.4" + +services: + coredns: + image: coredns/coredns + command: -conf /root/dnsconfig/Corefile + container_name: coredns + restart: always + ports: + - "53:53/udp" + volumes: + - /root/netmaker/config/dnsconfig:/root/dnsconfig diff --git a/config/dnsconfig/Corefile b/config/dnsconfig/Corefile index a9e4e580..26260078 100644 --- a/config/dnsconfig/Corefile +++ b/config/dnsconfig/Corefile @@ -1,4 +1,4 @@ -comms my-net one-more other-net { +pissant comms { reload 15s hosts /root/dnsconfig/netmaker.hosts { fallthrough diff --git a/config/dnsconfig/netmaker.hosts b/config/dnsconfig/netmaker.hosts index 5560dc89..ff8c81ef 100644 --- a/config/dnsconfig/netmaker.hosts +++ b/config/dnsconfig/netmaker.hosts @@ -1 +1,5 @@ -10.10.0.12 node-nokdw.my-net +11.22.44.1 netmaker.pissant +11.22.44.3 node-mtxy5.pissant +11.22.44.5 node-vnqlu.pissant +11.22.44.4 ubuntu-do.pissant ubuntu.pissant +11.22.44.2 alex-laptop.pissant porngood.pissant diff --git a/controllers/dnsHttpController.go b/controllers/dnsHttpController.go index eb0fdd40..49193f7f 100644 --- a/controllers/dnsHttpController.go +++ b/controllers/dnsHttpController.go @@ -4,7 +4,7 @@ import ( "encoding/json" "fmt" "net/http" - + "log" "github.com/go-playground/validator/v10" "github.com/gorilla/mux" "github.com/gravitl/netmaker/database" @@ -125,8 +125,7 @@ func GetCustomDNS(network string) ([]models.DNSEntry, error) { } for _, value := range collection { // filter for entries based on network var entry models.DNSEntry - - if err := json.Unmarshal([]byte(value), entry); err != nil { + if err := json.Unmarshal([]byte(value), &entry); err != nil { continue } @@ -245,6 +244,11 @@ func createDNS(w http.ResponseWriter, r *http.Request) { returnErrorResponse(w, r, formatError(err, "internal")) return } + err = SetDNS() + if err != nil { + returnErrorResponse(w, r, formatError(err, "internal")) + return + } w.WriteHeader(http.StatusOK) json.NewEncoder(w).Encode(entry) } @@ -295,7 +299,11 @@ func updateDNS(w http.ResponseWriter, r *http.Request) { returnErrorResponse(w, r, formatError(err, "badrequest")) return } - + err = SetDNS() + if err != nil { + returnErrorResponse(w, r, formatError(err, "internal")) + return + } json.NewEncoder(w).Encode(entry) } @@ -314,6 +322,11 @@ func deleteDNS(w http.ResponseWriter, r *http.Request) { } entrytext := params["domain"] + "." + params["network"] functions.PrintUserLog("netmaker", "deleted dns entry: "+entrytext, 1) + err = SetDNS() + if err != nil { + returnErrorResponse(w, r, formatError(err, "internal")) + return + } json.NewEncoder(w).Encode(entrytext + " deleted.") } @@ -390,15 +403,13 @@ func pushDNS(w http.ResponseWriter, r *http.Request) { returnErrorResponse(w, r, formatError(err, "internal")) return } + log.Println("pushed DNS updates to nameserver") json.NewEncoder(w).Encode("DNS Pushed to CoreDNS") } func ValidateDNSCreate(entry models.DNSEntry) error { v := validator.New() - fmt.Println("Validating DNS: " + entry.Name) - fmt.Println(" Address: " + entry.Address) - fmt.Println(" Network: " + entry.Network) _ = v.RegisterValidation("name_unique", func(fl validator.FieldLevel) bool { num, err := GetDNSEntryNum(entry.Name, entry.Network) diff --git a/controllers/nodeHttpController.go b/controllers/nodeHttpController.go index 4d3d0823..6d934b72 100644 --- a/controllers/nodeHttpController.go +++ b/controllers/nodeHttpController.go @@ -559,8 +559,6 @@ func CreateEgressGateway(gateway models.EgressGatewayRequest) (models.Node, erro if err != nil { return models.Node{}, err } - log.Println("GATEWAY:",gateway) - log.Println("NODE:",node) err = ValidateEgressGateway(gateway) if err != nil { return models.Node{}, err @@ -699,16 +697,17 @@ func CreateIngressGateway(netid string, macaddress string) (models.Node, error) postDownCmd := "iptables -D FORWARD -i " + node.Interface + " -j ACCEPT; iptables -t nat -D POSTROUTING -o " + node.Interface + " -j MASQUERADE" if node.PostUp != "" { if !strings.Contains(node.PostUp, postUpCmd) { - node.PostUp = node.PostUp + "; " + postUpCmd + postUpCmd = node.PostUp + "; " + postUpCmd } } if node.PostDown != "" { if !strings.Contains(node.PostDown, postDownCmd) { - node.PostDown = node.PostDown + "; " + postDownCmd + postDownCmd = node.PostDown + "; " + postDownCmd } } node.SetLastModified() - + node.PostUp = postUpCmd + node.PostDown = postDownCmd key, err := functions.GetRecordKey(node.MacAddress, node.Network) if err != nil { return models.Node{}, err diff --git a/models/dnsEntry.go b/models/dnsEntry.go index ccc7d8e0..25ee02dd 100644 --- a/models/dnsEntry.go +++ b/models/dnsEntry.go @@ -3,6 +3,6 @@ package models type DNSEntry struct { Address string `json:"address" bson:"address" validate:"required,ip"` - Name string `json:"name" bson:"name" validate:"required,alphanum,name_unique,max=120"` + Name string `json:"name" bson:"name" validate:"required,name_unique,min=1,max=192"` Network string `json:"network" bson:"network" validate:"network_exists"` } diff --git a/models/network.go b/models/network.go index d7764a32..7668ddf4 100644 --- a/models/network.go +++ b/models/network.go @@ -296,3 +296,32 @@ func (currentNetwork *Network) Update(newNetwork *Network) (bool, bool, error) { // copy values return false, false, errors.New("failed to update network " + newNetwork.NetID + ", cannot change netid.") } + +func (network *Network) SetNetworkNodesLastModified() error { + + timestamp := time.Now().Unix() + + network.NodesLastModified = timestamp + data, err := json.Marshal(&network) + if err != nil { + return err + } + err = database.Insert(network.NetID, string(data), database.NETWORKS_TABLE_NAME) + if err != nil { + return err + } + return nil +} + +func GetNetwork(networkname string) (Network, error) { + + var network Network + networkData, err := database.FetchRecord(database.NETWORKS_TABLE_NAME, networkname) + if err != nil { + return network, err + } + if err = json.Unmarshal([]byte(networkData), &network); err != nil { + return Network{}, err + } + return network, nil +} diff --git a/models/node.go b/models/node.go index b636d433..f638356e 100644 --- a/models/node.go +++ b/models/node.go @@ -274,11 +274,14 @@ func (currentNode *Node) Update(newNode *Node) error { return err } else { newNode.SetLastModified() - err = database.Insert(newNode.ID, string(data), database.NODES_TABLE_NAME) + if err = database.Insert(newNode.ID, string(data), database.NODES_TABLE_NAME); err == nil { + if network, err := GetNetwork(newNode.Network); err == nil { + err = network.SetNetworkNodesLastModified() + } + } return err } } - // copy values return errors.New("failed to update node " + newNode.MacAddress + ", cannot change macaddress.") } diff --git a/netclient/local/.dns.go.swp b/netclient/local/.dns.go.swp new file mode 100644 index 00000000..0a35ff78 Binary files /dev/null and b/netclient/local/.dns.go.swp differ diff --git a/netclient/local/dns.go b/netclient/local/dns.go index ec555fd9..4acd5274 100644 --- a/netclient/local/dns.go +++ b/netclient/local/dns.go @@ -40,12 +40,12 @@ func UpdateDNS(ifacename string, network string, nameserver string) error { _, err = exec.Command("resolvectl", "domain", ifacename, "~"+network).Output() if err != nil { log.Println(err) - log.Println("WARNING: Error encountered setting dns. Aborted setting dns.") + log.Println("WARNING: Error encountered setting domain on dns. Aborted setting dns.") } else { _, err = exec.Command("resolvectl", "default-route", ifacename, "false").Output() if err != nil { log.Println(err) - log.Println("WARNING: Error encountered setting dns. Aborted setting dns.") + log.Println("WARNING: Error encountered setting default-route on dns. Aborted setting dns.") } else { _, err = exec.Command("resolvectl", "dns", ifacename, nameserver).Output() if err!= nil { diff --git a/netclient/wireguard/kernel.go b/netclient/wireguard/kernel.go index aca5a2f8..650f0b13 100644 --- a/netclient/wireguard/kernel.go +++ b/netclient/wireguard/kernel.go @@ -267,6 +267,7 @@ func InitWireguard(node *nodepb.Node, privkey string, peers []wgtypes.PeerConfig } } //=========DNS Setup==========\\ + log.Println("NODECFG.DNS:",nodecfg.DNS) if nodecfg.DNS == "on" { _ = local.UpdateDNS(ifacename, network, nameserver) }