release: alle hardcodierten IPs entfernt, Konfiguration via Env-Variablen und Auto-Discovery
This commit is contained in:
parent
c76868e806
commit
5fc46a8148
@ -145,7 +145,7 @@ func ensureTLS(certPath, keyPath string) error {
|
||||
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,
|
||||
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
|
||||
BasicConstraintsValid: true,
|
||||
IPAddresses: []net.IP{net.ParseIP("127.0.0.1"), net.ParseIP("192.168.85.13")},
|
||||
IPAddresses: localIPs(),
|
||||
DNSNames: []string{"localhost", "rmm-backend"},
|
||||
}
|
||||
|
||||
@ -176,3 +176,28 @@ func ensureTLS(certPath, keyPath string) error {
|
||||
log.Printf("TLS-Zertifikat generiert: %s, %s", certPath, keyPath)
|
||||
return nil
|
||||
}
|
||||
|
||||
// localIPs sammelt alle lokalen IP-Adressen des Hosts für das TLS-Zertifikat
|
||||
func localIPs() []net.IP {
|
||||
ips := []net.IP{net.ParseIP("127.0.0.1")}
|
||||
ifaces, err := net.Interfaces()
|
||||
if err != nil {
|
||||
return ips
|
||||
}
|
||||
for _, iface := range ifaces {
|
||||
addrs, _ := iface.Addrs()
|
||||
for _, addr := range addrs {
|
||||
var ip net.IP
|
||||
switch v := addr.(type) {
|
||||
case *net.IPNet:
|
||||
ip = v.IP
|
||||
case *net.IPAddr:
|
||||
ip = v.IP
|
||||
}
|
||||
if ip != nil && !ip.IsLoopback() && ip.To4() != nil {
|
||||
ips = append(ips, ip)
|
||||
}
|
||||
}
|
||||
}
|
||||
return ips
|
||||
}
|
||||
|
||||
@ -1,14 +1,24 @@
|
||||
#!/bin/bash
|
||||
# Frontend Build & Deploy
|
||||
# Umgebungsvariablen setzen:
|
||||
# REMOTE=root@<FRONTEND-SERVER>
|
||||
# VITE_BACKEND_HOST=<BACKEND-IP-ODER-HOSTNAME>
|
||||
# VITE_BACKEND_PORT=8443 (optional, default: 8443)
|
||||
# VITE_API_KEY=<API-KEY> (optional)
|
||||
|
||||
set -e
|
||||
FRONTEND_DIR="$(dirname "$0")/frontend"
|
||||
REMOTE="root@192.168.85.20"
|
||||
WEB_ROOT="/var/www/html"
|
||||
|
||||
echo "Building..."
|
||||
cd "$FRONTEND_DIR" && npm run build
|
||||
REMOTE="${REMOTE:-root@localhost}"
|
||||
WEBROOT="${WEBROOT:-/var/www/html}"
|
||||
|
||||
echo "Deploying..."
|
||||
ssh "$REMOTE" "rm -rf ${WEB_ROOT}/assets/*"
|
||||
scp -r dist/* "$REMOTE:${WEB_ROOT}/"
|
||||
ssh "$REMOTE" "chmod -R 755 ${WEB_ROOT}/assets && chmod 644 ${WEB_ROOT}/assets/* ${WEB_ROOT}/index.html ${WEB_ROOT}/vite.svg 2>/dev/null; nginx -s reload"
|
||||
echo "Done."
|
||||
echo "==> Baue Frontend..."
|
||||
VITE_BACKEND_HOST="${VITE_BACKEND_HOST}" \
|
||||
VITE_BACKEND_PORT="${VITE_BACKEND_PORT:-8443}" \
|
||||
VITE_API_KEY="${VITE_API_KEY}" \
|
||||
npm run build
|
||||
|
||||
echo "==> Deploye nach $REMOTE:$WEBROOT ..."
|
||||
ssh "$REMOTE" "rm -rf ${WEBROOT}/assets/*"
|
||||
scp -r dist/assets dist/index.html "$REMOTE:${WEBROOT}/"
|
||||
ssh "$REMOTE" "chown -R www-data:www-data ${WEBROOT}/ && chmod -R 755 ${WEBROOT}/"
|
||||
echo "==> Fertig"
|
||||
|
||||
@ -291,7 +291,7 @@ Siehe [FIRMWARE.md](FIRMWARE.md) fuer Details.
|
||||
# Peer anlegen
|
||||
curl -sk -H "X-API-Key: YOUR_API_KEY" -X POST \
|
||||
https://your-backend:8443/api/v1/agents/6beb8dfd38ecf03eab6c0f21b4ac7bee/wireguard/peers \
|
||||
-d '{"name":"VPN_MUELLER","allowed_ips":"0.0.0.0/0","dns":"10.172.100.210"}'
|
||||
-d '{"name":"VPN_MUELLER","allowed_ips":"0.0.0.0/0","dns":"<DNS-SERVER>"}'
|
||||
|
||||
# Peer mit eigenem Endpoint
|
||||
curl -sk -H "X-API-Key: YOUR_API_KEY" -X POST \
|
||||
|
||||
@ -620,7 +620,7 @@ Peer-Anlage: Keypair generiert auf Firewall, naechste freie IP automatisch, Endp
|
||||
# Peer anlegen
|
||||
curl -sk -H "X-API-Key: YOUR_API_KEY" -X POST \
|
||||
https://your-backend:8443/api/v1/agents/6beb8dfd38ecf03eab6c0f21b4ac7bee/wireguard/peers \
|
||||
-d '{"name":"VPN_MUELLER","allowed_ips":"0.0.0.0/0","dns":"10.172.100.210"}'
|
||||
-d '{"name":"VPN_MUELLER","allowed_ips":"0.0.0.0/0","dns":"<DNS-SERVER>"}'
|
||||
|
||||
# Alle Peers
|
||||
curl -sk -H "X-API-Key: YOUR_API_KEY" \
|
||||
|
||||
@ -51,7 +51,7 @@ Dann `config.js` anpassen:
|
||||
|
||||
```js
|
||||
// frontend/src/config.js
|
||||
export const BACKEND_HOST = '192.168.85.13' // IP des Backend-Servers (für direkte Links, z.B. Tunnel-Ports)
|
||||
export const BACKEND_HOST = '<BACKEND-IP>' // IP des Backend-Servers (für direkte Links, z.B. Tunnel-Ports)
|
||||
export const BACKEND_URL = `https://${BACKEND_HOST}:8443`
|
||||
export const API_KEY = 'DEIN_API_KEY' // aus backend/config.yaml → api_keys[0]
|
||||
```
|
||||
@ -66,7 +66,7 @@ Für die **lokale Entwicklung** (`npm run dev`) muss zusätzlich `vite.config.js
|
||||
// vite.config.js → server.proxy
|
||||
proxy: {
|
||||
'/api': {
|
||||
target: 'https://192.168.85.13:8443', // Backend-IP anpassen
|
||||
target: 'https://<BACKEND-IP>:8443', // Backend-IP anpassen
|
||||
changeOrigin: true,
|
||||
secure: false,
|
||||
ws: true, // WebSocket-Proxy aktivieren (Web Terminal, Agent-WS)
|
||||
@ -127,7 +127,7 @@ server {
|
||||
location /api/ {
|
||||
client_max_body_size 50m;
|
||||
|
||||
proxy_pass https://192.168.85.13:8443;
|
||||
proxy_pass https://<BACKEND-IP>:8443;
|
||||
proxy_ssl_verify off;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
@ -166,7 +166,7 @@ rm -f /etc/nginx/sites-enabled/default
|
||||
nginx -t && systemctl reload nginx
|
||||
```
|
||||
|
||||
> **Backend-IP anpassen:** `192.168.85.13:8443` durch die tatsächliche Backend-Adresse ersetzen.
|
||||
> **Backend-IP anpassen:** `<BACKEND-IP>:8443` durch die tatsächliche Backend-Adresse ersetzen.
|
||||
|
||||
---
|
||||
|
||||
@ -228,7 +228,7 @@ API-Calls werden per Proxy an das Backend weitergeleitet — `vite.config.js` an
|
||||
// vite.config.js
|
||||
proxy: {
|
||||
'/api': {
|
||||
target: 'https://192.168.85.13:8443', // Backend-IP anpassen
|
||||
target: 'https://<BACKEND-IP>:8443', // Backend-IP anpassen
|
||||
changeOrigin: true,
|
||||
secure: false,
|
||||
ws: true, // WebSocket-Proxy (Web Terminal, Agent-WS)
|
||||
|
||||
@ -265,7 +265,7 @@ DELETE /api/v1/agents/{id}/wireguard/peers/{uuid} Peer loeschen
|
||||
# Peer anlegen (Auto: Keypair, naechste freie IP, Endpoint)
|
||||
curl -sk -H "Authorization: Bearer <TOKEN>" -X POST \
|
||||
https://your-backend:8443/api/v1/agents/6beb8dfd.../wireguard/peers \
|
||||
-d '{"name":"VPN_MUELLER","allowed_ips":"0.0.0.0/0","dns":"10.172.100.210"}'
|
||||
-d '{"name":"VPN_MUELLER","allowed_ips":"0.0.0.0/0","dns":"<DNS-SERVER>"}'
|
||||
# → {peer_config: "[Interface]\nPrivateKey=...\n[Peer]\n...", ...}
|
||||
|
||||
# Alle Peers
|
||||
|
||||
@ -1166,7 +1166,7 @@ function WireGuardTab({ agentId, sys }) {
|
||||
const [peers, setPeers] = useState([])
|
||||
const [loading, setLoading] = useState(true)
|
||||
const [adding, setAdding] = useState(false)
|
||||
const [newPeer, setNewPeer] = useState({ name: '', dns: '10.172.100.210, 10.172.100.220' })
|
||||
const [newPeer, setNewPeer] = useState({ name: '', dns: '' })
|
||||
const [result, setResult] = useState(null)
|
||||
const [copied, setCopied] = useState(false)
|
||||
const [error, setError] = useState('')
|
||||
@ -1201,7 +1201,7 @@ function WireGuardTab({ agentId, sys }) {
|
||||
})
|
||||
setResult(resp?.data || resp)
|
||||
setAdding(false)
|
||||
setNewPeer({ name: '', dns: '10.172.100.210, 10.172.100.220' })
|
||||
setNewPeer({ name: '', dns: '' })
|
||||
loadPeers()
|
||||
} catch (e) {
|
||||
setError(e.message)
|
||||
|
||||
@ -415,7 +415,7 @@ function SystemSettingsSection() {
|
||||
type="text"
|
||||
value={form.backend_url_internal || ''}
|
||||
onChange={(e) => setForm({ ...form, backend_url_internal: e.target.value })}
|
||||
placeholder="https://192.168.85.13:8443"
|
||||
placeholder="https://<BACKEND-IP>:8443"
|
||||
className="w-full bg-gray-800 border border-gray-700 rounded px-3 py-2 text-white text-sm focus:outline-none focus:border-orange-500 mt-1"
|
||||
/>
|
||||
<div className="text-[10px] text-gray-600 mt-0.5">Fuer Tunnel-Zugriff und lokale Verbindungen</div>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user