serve.zone/onebox
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e6f7d70d51fcfe6e1fabe29e891349762c764966
onebox/readme.hints.md
Juergen Kunz e6f7d70d51 update
2025-11-26 09:36:40 +00:00

2.8 KiB
Raw Blame History

Onebox Project Hints

SSL Certificate Storage (November 2025)

SSL certificates are now stored directly in the SQLite database as PEM content instead of file paths:

  • ISslCertificate and ICertificate interfaces use certPem, keyPem, fullchainPem properties
  • Database migration 8 converted the certificates table schema
  • No filesystem storage for certificates - everything in DB
  • reverseproxy.ts reads certificate PEM content from database
  • certmanager.ts stores SmartACME certificates directly to database

Architecture Notes

Database Layer (November 2025 Refactoring)

The database layer has been refactored into a repository pattern:

Directory Structure:

ts/database/
├── index.ts              # Main OneboxDatabase class (composes repositories, handles migrations)
├── types.ts              # Shared types (TBindValue, TQueryFunction)
├── base.repository.ts    # Base repository class
└── repositories/
    ├── index.ts          # Repository exports
    ├── service.repository.ts      # Services CRUD
    ├── registry.repository.ts     # Registries + Registry Tokens
    ├── certificate.repository.ts  # Domains, Certificates, Cert Requirements, SSL Certificates (legacy)
    ├── auth.repository.ts         # Users, Settings
    ├── metrics.repository.ts      # Metrics, Logs
    └── platform.repository.ts     # Platform Services, Platform Resources

Import paths:

  • Main: import { OneboxDatabase } from './database/index.ts'
  • Legacy (deprecated): import { OneboxDatabase } from './classes/database.ts' (re-exports from new location)

API Compatibility:

  • The OneboxDatabase class maintains the same public API
  • All methods delegate to the appropriate repository
  • No breaking changes for existing code

Current Migration Version: 8

Migration 8 converted certificate storage from file paths to PEM content.

Reverse Proxy SNI Support (November 2025)

The HTTPS reverse proxy now uses Node.js https.createServer() with SNI support:

  • Uses Deno's Node.js compatibility layer for node:https module
  • Implements server.addContext(hostname, {cert, key}) for per-domain certificates
  • Dynamic certificate addition via addCertificate() without server restart
  • HTTP-to-HTTPS redirect when certificate exists for domain
  • Wildcard pattern support (e.g., *.bleu.de covers sub.bleu.de)

Key files:

  • ts/classes/reverseproxy.ts - SNI-enabled HTTPS server
  • ts/classes/services.ts - Dynamic route updates on service start/stop

Certificate workflow:

  1. CertRequirementManager creates requirements for domains
  2. Daemon processes requirements via certmanager.ts
  3. Certificates stored in database (PEM content)
  4. reverseProxy.addCertificate() dynamically adds SNI context
  5. HTTP requests redirect to HTTPS when cert exists
Reference in New Issue View Git Blame Copy Permalink