fixing ispending problem

2025-10-25 05:27:23 +08:00 · 2021-08-09 19:09:32 -04:00 · 2021-08-09 19:09:32 -04:00 · b3309d829f
commit b3309d829f
parent b38a3688a8
4 changed files with 33 additions and 123 deletions
--- a/docs/quick-start.rst
+++ b/docs/quick-start.rst
@ -130,17 +130,15 @@ Prepare Nginx

 Nginx will serve the SSL certificate with your chosen domain and forward traffic to netmaker.

-Add the nginx configuration files:
+Get the nginx configuration file:

 ``wget https://raw.githubusercontent.com/gravitl/netmaker/develop/nginx/netmaker-nginx-template.conf``

-``wget https://raw.githubusercontent.com/gravitl/netmaker/develop/nginx/netmaker-nginx-dns.conf``
-
 Insert your domain in the configuration file and add to nginx:

-``sed -i 's/NETMAKER_BASE_DOMAIN/<your base domain>/g' netmaker-nginx-template.conf ``
+``sed -i 's/NETMAKER_BASE_DOMAIN/<your base domain>/g' netmaker-nginx-template.conf``

-``sudo cp netmaker-nginx-template.conf /etc/nginx/conf.d/<your base domain>.conf && sudo cp netmaker-nginx-dns.conf /etc/nginx/nginx.conf``
+``sudo cp netmaker-nginx-template.conf /etc/nginx/conf.d/<your base domain>.conf``

 ``nginx -t && nginx -s reload``

@ -153,23 +151,29 @@ Install Netmaker
 Prepare Templates
 ------------------

-``wget https://raw.githubusercontent.com/gravitl/netmaker/develop/compose/docker-compose.quickstart.yml``
+``wget https://raw.githubusercontent.com/gravitl/netmaker/develop/compose/docker-compose.quickstart.yml`` 

-``sed -i 's/NETMAKER_BASE_DOMAIN/<your base domain>/g' docker-compose.quickstart.yml``
+``sed -i 's/NETMAKER_BASE_DOMAIN/<your base domain>/g' docker-compose.quickstart.yml`` 

-``sed -i 's/SERVER_PUBLIC_IP/<your server ip>/g' docker-compose.quickstart.yml``
+``sed -i 's/SERVER_PUBLIC_IP/<your server ip>/g' docker-compose.quickstart.yml`` 

 Generate a unique master key and insert it:

-``tr -dc A-Za-z0-9 </dev/urandom | head -c 30 ; echo ''``
+``tr -dc A-Za-z0-9 </dev/urandom | head -c 30 ; echo ''`` 

-``sed -i 's/REPLACE_MASTER_KEY/<your generated key>/g' docker-compose.quickstart.yml``
+``sed -i 's/REPLACE_MASTER_KEY/<your generated key>/g' docker-compose.quickstart.yml`` 

 Start Netmaker
 ----------------

 ``sudo docker-compose -f docker-compose.quickstart.yml up -d``

+navigate to dashboard.<your base domain> to see your nginx instance!
+
+To troubleshoot any issues, try:
+
+``docker logs netmaker``
+
 ===========
 Quick Start
 ===========
@ -211,12 +215,8 @@ You will use this command to install the netclient on your nodes. There are thre

 * The **Access Key** value is the secret string that will allow your node to authenticate with the Netmaker network. This can be used with existing netclient installations where additional configurations (such as setting the server IP manually) may be required. This is not typical. E.g. ``netclient -c install -k <access key> -s 1.2.3.4 -p 50052``
 * The **Access Token** value is a base64 encoded string that contains the server IP and grpc port, as well as the access key. This is decoded by the netclient and can be used with existing netclient installations like this: ``netclient -c install -t <access token>``. You should use this method for adding a network to a node that is already on a network. For instance, Node A is in the **mynet** network and now you are adding it to **default**.
-<<<<<<< HEAD
-
-=======
 * The **install command** value is a curl command that can be run on Linux systems. It is a simple script that downloads the netclient binary and runs the install command all in one. However, this script is tailored for Secure GRPC Mode and contains an additional (unnecessary) command: **netclient register -k keyvalue**. This command will not work without secure GRPC enabled and will return a 500 error.
  
->>>>>>> c360eb1878a4fe89538235ab240da6f6890934a1
 Networks can also be enabled to allow nodes to sign up without keys at all. In this scenario, nodes enter a "pending state" and are not permitted to join the network until an admin approves them.

 Deploy Nodes
--- a/netclient/functions/checkin.go
+++ b/netclient/functions/checkin.go
@ -258,19 +258,19 @@ func Push(network string) error {
 		log.Println("Failed to authenticate:", err)
 		return err
 	}
-
-	privateKey, err := wireguard.RetrievePrivKey(network)
-	if err != nil {
-		return err
+	if postnode.IsPending != "yes" {
+		privateKey, err := wireguard.RetrievePrivKey(network)
+		if err != nil {
+			return err
+		}
+		privateKeyWG, err := wgtypes.ParseKey(privateKey)
+		if err != nil {
+			return err
+		}
+		if postnode.PublicKey != privateKeyWG.PublicKey().String() {
+			postnode.PublicKey = privateKeyWG.PublicKey().String()
+		}
 	}
-	privateKeyWG, err := wgtypes.ParseKey(privateKey)
-	if err != nil {
-		return err
-	}
-	if postnode.PublicKey != privateKeyWG.PublicKey().String() {
-		postnode.PublicKey = privateKeyWG.PublicKey().String()
-	}
-
 	postnode.SetLastCheckIn()
 	nodeData, err := json.Marshal(&postnode)
 	if err != nil {
--- a/nginx/netmaker-nginx-dns.conf
+++ b/nginx/netmaker-nginx-dns.conf
@ -1,96 +0,0 @@
-user www-data;
-worker_processes auto;
-pid /run/nginx.pid;
-include /etc/nginx/modules-enabled/*.conf;
-
-events {
-	worker_connections 768;
-	# multi_accept on;
-}
-
-http {
-
-	##
-	# Basic Settings
-	##
-
-	sendfile on;
-	tcp_nopush on;
-	tcp_nodelay on;
-	keepalive_timeout 65;
-	types_hash_max_size 2048;
-	# server_tokens off;
-
-	# server_names_hash_bucket_size 64;
-	# server_name_in_redirect off;
-
-	include /etc/nginx/mime.types;
-	default_type application/octet-stream;
-
-	##
-	# SSL Settings
-	##
-
-	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
-	ssl_prefer_server_ciphers on;
-
-	##
-	# Logging Settings
-	##
-
-	access_log /var/log/nginx/access.log;
-	error_log /var/log/nginx/error.log;
-
-	##
-	# Gzip Settings
-	##
-
-	gzip on;
-
-	# gzip_vary on;
-	# gzip_proxied any;
-	# gzip_comp_level 6;
-	# gzip_buffers 16 8k;
-	# gzip_http_version 1.1;
-	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
-
-	##
-	# Virtual Host Configs
-	##
-
-	include /etc/nginx/conf.d/*.conf;
-	include /etc/nginx/sites-enabled/*;
-}
-
-
-#mail {
-#	# See sample authentication script at:
-#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
-# 
-#	# auth_http localhost/auth.php;
-#	# pop3_capabilities "TOP" "USER";
-#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
-# 
-#	server {
-#		listen     localhost:110;
-#		protocol   pop3;
-#		proxy      on;
-#	}
-# 
-#	server {
-#		listen     localhost:143;
-#		protocol   imap;
-#		proxy      on;
-#	}
-#}
-stream {
-	upstream dns_servers {
-                server 127.0.0.1:5353;
-	}
-        server {
-                listen 53 udp;
-                listen 53;
-                proxy_pass dns_servers;
-        	error_log  /var/log/nginx/dns.log info;
-        }
-}
--- a/nginx/netmaker-nginx-template.conf
+++ b/nginx/netmaker-nginx-template.conf
@ -1,3 +1,9 @@
+server {
+    listen 80;
+    server_name *.NETMAKER_BASE_DOMAIN;
+    return 301 https://$host$request_uri;
+}
+
 server {
    listen 443 ssl;
    listen [::]:443 ssl;
@ -27,7 +33,7 @@ server {
 }
 server {
    listen 1443 ssl http2;
-    server_name grpc.NETMAKER_BASE_DOMAIN
+    server_name grpc.NETMAKER_BASE_DOMAIN;
    ssl_certificate /etc/letsencrypt/live/NETMAKER_BASE_DOMAIN/fullchain.pem; 
    ssl_certificate_key /etc/letsencrypt/live/NETMAKER_BASE_DOMAIN/privkey.pem; 
    #include /etc/letsencrypt/options-ssl-nginx.conf;