Add ability to mark a node as being over a proxy

Author: DaneEveritt

CHANGELOG.md

@@ -11,6 +11,7 @@ This project follows [Semantic Versioning](http://semver.org) guidelines.
 * Added new scripts for service options that allows installation of software in a privileged Docker container on the node prior to marking a server as installed.
 * Added ability to reinstall a server using the currently assigned service and option.
 * Added ability to change a server's service and service option, as well as change pack assignments and other management services in that regard.
+* Added support for using a proxy such as Cloudflare with a node connection. Previously there was no way to tell the panel to connect over SSL without marking the Daemon as also using SSL.
 
 ### Changed
 * Environment setting commands now attempt to auto-quote strings with spaces in them, as well as comment lines that are edited to avoid manual changes being overwritten.

app/Http/Controllers/Admin/NodesController.php

@@ -88,7 +88,7 @@ public function store(Request $request)
                 ]),
                 $request->intersect([
                     'name', 'location_id', 'fqdn',
-                    'scheme', 'memory', 'disk',
+                    'scheme', 'memory', 'disk', 'behind_proxy',
                     'daemonBase', 'daemonSFTP', 'daemonListen',
                 ])
             ));
@@ -218,7 +218,7 @@ public function updateSettings(Request $request, $id)
                     'public', 'disk_overallocate', 'memory_overallocate',
                 ]),
                 $request->intersect([
-                    'name', 'location_id', 'fqdn',
+                    'name', 'location_id', 'fqdn', 'behind_proxy',
                     'scheme', 'memory', 'disk', 'upload_size',
                     'reset_secret', 'daemonSFTP', 'daemonListen',
                 ])

app/Models/Node.php

@@ -59,6 +59,7 @@ class Node extends Model
          'disk' => 'integer',
          'daemonListen' => 'integer',
          'daemonSFTP' => 'integer',
+         'behind_proxy' => 'boolean',
      ];
 
     /**
@@ -68,8 +69,8 @@ class Node extends Model
      */
     protected $fillable = [
         'public', 'name', 'location_id',
-        'fqdn', 'scheme', 'memory',
-        'memory_overallocate', 'disk',
+        'fqdn', 'scheme', 'behind_proxy',
+        'memory', 'memory_overallocate', 'disk',
         'disk_overallocate', 'upload_size',
         'daemonSecret', 'daemonBase',
         'daemonSFTP', 'daemonListen',
@@ -121,7 +122,7 @@ public function getConfigurationAsJson($pretty = false)
                 'host' => '0.0.0.0',
                 'listen' => $this->daemonListen,
                 'ssl' => [
-                    'enabled' => $this->scheme === 'https',
+                    'enabled' => (! $this->behind_proxy && $this->scheme === 'https'),
                     'certificate' => '/etc/letsencrypt/live/' . $this->fqdn . '/fullchain.pem',
                     'key' => '/etc/letsencrypt/live/' . $this->fqdn . '/privkey.pem',
                 ],
@@ -143,7 +144,7 @@ public function getConfigurationAsJson($pretty = false)
                 'count' => 3,
             ],
             'remote' => [
-                'base' => config('app.url'),
+                'base' => route('index'),
                 'download' => route('remote.download'),
                 'installed' => route('remote.install'),
             ],

app/Repositories/NodeRepository.php

@@ -52,6 +52,7 @@ public function create(array $data)
             'public' => 'required|numeric|between:0,1',
             'fqdn' => 'required|string|unique:nodes,fqdn',
             'scheme' => 'required|regex:/^(http(s)?)$/',
+            'behind_proxy' => 'required|boolean',
             'memory' => 'required|numeric|min:1',
             'memory_overallocate' => 'required|numeric|min:-1',
             'disk' => 'required|numeric|min:1',
@@ -109,6 +110,7 @@ public function update($id, array $data)
             'public' => 'numeric|between:0,1',
             'fqdn' => 'string|unique:nodes,fqdn,' . $id,
             'scheme' => 'regex:/^(http(s)?)$/',
+            'behind_proxy' => 'boolean',
             'memory' => 'numeric|min:1',
             'memory_overallocate' => 'numeric|min:-1',
             'disk' => 'numeric|min:1',
@@ -166,7 +168,7 @@ public function update($id, array $data)
                     'web' => [
                         'listen' => $node->daemonListen,
                         'ssl' => [
-                            'enabled' => ($node->scheme === 'https'),
+                            'enabled' => (! $node->behind_proxy && $node->scheme === 'https'),
                         ],
                     ],
                     'sftp' => [

database/migrations/2017_04_27_223629_AddAbilityToDefineConnectionOverSSLWithDaemonBehindProxy.php

@@ -0,0 +1,32 @@
+<?php
+
+use Illuminate\Support\Facades\Schema;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Database\Migrations\Migration;
+
+class AddAbilityToDefineConnectionOverSSLWithDaemonBehindProxy extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::table('nodes', function (Blueprint $table) {
+            $table->boolean('behind_proxy')->after('scheme')->default(false);
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('nodes', function (Blueprint $table) {
+            $table->dropColumn('behind_proxy');
+        });
+    }
+}

resources/themes/pterodactyl/admin/nodes/new.blade.php

@@ -78,19 +78,28 @@
                         <div>
                             <div class="radio radio-success radio-inline">
                                 <input type="radio" id="pSSLTrue" value="https" name="scheme" checked>
-                                <label for="pSSLTrue"> Enable SSL </label>
+                                <label for="pSSLTrue"> Use SSL Connection</label>
                             </div>
                             <div class="radio radio-danger radio-inline">
                                 <input type="radio" id="pSSLFalse" value="http" name="scheme">
-                                <label for="pSSLFalse"> Disable SSL </label>
+                                <label for="pSSLFalse"> Use HTTP Connection</label>
                             </div>
                         </div>
-                        <p class="text-muted small">SSL should only be disabled if this node is assigned an IP address as the FQDN and not an actual FQDN. Disabling SSL could allow a malicious user to intercept traffic between the panel and the daemon potentially exposing sensitive information.</p>
+                        <p class="text-muted small">In most cases you should select to use a SSL connection. If using an IP Address or you do not wish to use SSL at all, select a HTTP connection.</p>
                     </div>
                     <div class="form-group">
-                        <label for="pDaemonBase" class="form-label">Daemon Server File Directory</label>
-                        <input type="text" name="daemonBase" id="pDaemonBase" class="form-control" value="/srv/daemon-data" />
-                        <p class="text-muted small">Enter the directory where server files should be stored. <strong>If you use OVH you should check your partition scheme. You may need to use <code>/home/daemon-data</code> to have enough space.</strong></p>
+                        <label class="form-label">Behind Proxy</label>
+                        <div>
+                            <div class="radio radio-success radio-inline">
+                                <input type="radio" id="pProxyFalse" value="0" name="behind_proxy" checked>
+                                <label for="pProxyFalse"> Not Behind Proxy </label>
+                            </div>
+                            <div class="radio radio-info radio-inline">
+                                <input type="radio" id="pProxyTrue" value="1" name="behind_proxy">
+                                <label for="pProxyTrue"> Behind Proxy </label>
+                            </div>
+                        </div>
+                        <p class="text-muted small">If you are running the daemon behind a proxy such as Cloudflare, select this to have the daemon skip looking for certificates on boot.</p>
                     </div>
                 </div>
             </div>
@@ -102,6 +111,11 @@
                 </div>
                 <div class="box-body">
                     <div class="row">
+                        <div class="form-group col-xs-12">
+                            <label for="pDaemonBase" class="form-label">Daemon Server File Directory</label>
+                            <input type="text" name="daemonBase" id="pDaemonBase" class="form-control" value="/srv/daemon-data" />
+                            <p class="text-muted small">Enter the directory where server files should be stored. <strong>If you use OVH you should check your partition scheme. You may need to use <code>/home/daemon-data</code> to have enough space.</strong></p>
+                        </div>
                         <div class="form-group col-md-6">
                             <label for="pMemory" class="form-label">Total Memory</label>
                             <div class="input-group">

resources/themes/pterodactyl/admin/nodes/view/settings.blade.php

@@ -89,18 +89,33 @@
                         </small></p>
                     </div>
                     <div class="form-group col-xs-12">
-                        <label for="scheme" class="control-label"><span class="label label-warning"><i class="fa fa-power-off"></i></span> Secure Socket Layer</label>
-                        <div class="row" style="padding: 7px 0;">
-                            <div class="col-xs-6">
-                                <input type="radio" name="scheme" value="https" id="scheme_ssl" {{ (old('scheme', $node->scheme) === 'https') ? 'checked' : '' }}/> <label for="scheme_ssl" style="padding-left: 5px;">Enable HTTPS/SSL</label>
+                        <label class="form-label"><span class="label label-warning"><i class="fa fa-power-off"></i></span> Communicate Over SSL</label>
+                        <div>
+                            <div class="radio radio-success radio-inline">
+                                <input type="radio" id="pSSLTrue" value="https" name="scheme" {{ (old('scheme', $node->scheme) === 'https') ? 'checked' : '' }}>
+                                <label for="pSSLTrue"> Use SSL Connection</label>
                             </div>
-                            <div class="col-xs-6">
-                                <input type="radio" name="scheme" value="http" id="scheme_nossl" {{ (old('scheme', $node->scheme) === 'http') ? 'checked' : '' }}/> <label for="scheme_nossl" style="padding-left: 5px;">Disable HTTPS/SSL</label>
+                            <div class="radio radio-danger radio-inline">
+                                <input type="radio" id="pSSLFalse" value="http" name="scheme" {{ (old('scheme', $node->scheme) !== 'https') ? 'checked' : '' }}>
+                                <label for="pSSLFalse"> Use HTTP Connection</label>
                             </div>
                         </div>
-                        <p class="text-muted"><small>You should always leave SSL enabled for nodes. Disabling SSL could allow a malicious user to intercept traffic between the panel and the daemon potentially exposing sensitive information.</small></p>
+                        <p class="text-muted small">In most cases you should select to use a SSL connection. If using an IP Address or you do not wish to use SSL at all, select a HTTP connection.</p>
+                    </div>
+                    <div class="form-group col-xs-12">
+                        <label class="form-label"><span class="label label-warning"><i class="fa fa-power-off"></i></span> Behind Proxy</label>
+                        <div>
+                            <div class="radio radio-success radio-inline">
+                                <input type="radio" id="pProxyFalse" value="0" name="behind_proxy" {{ (old('behind_proxy', $node->behind_proxy) == false) ? 'checked' : '' }}>
+                                <label for="pProxyFalse"> Not Behind Proxy </label>
+                            </div>
+                            <div class="radio radio-info radio-inline">
+                                <input type="radio" id="pProxyTrue" value="1" name="behind_proxy" {{ (old('behind_proxy', $node->behind_proxy) == true) ? 'checked' : '' }}>
+                                <label for="pProxyTrue"> Behind Proxy </label>
+                            </div>
+                        </div>
+                        <p class="text-muted small">If you are running the daemon behind a proxy such as Cloudflare, select this to have the daemon skip looking for certificates on boot.</p>
                     </div>
-
                 </div>
             </div>
         </div>