serve.zone/onebox
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e6f7d70d51fcfe6e1fabe29e891349762c764966
onebox/readme.hints.md
Juergen Kunz e6f7d70d51 update
2025-11-26 09:36:40 +00:00

66 lines
2.8 KiB
Markdown
Raw Blame History

# Onebox Project Hints
## SSL Certificate Storage (November 2025)
SSL certificates are now stored directly in the SQLite database as PEM content instead of file paths:
- `ISslCertificate` and `ICertificate` interfaces use `certPem`, `keyPem`, `fullchainPem` properties
- Database migration 8 converted the `certificates` table schema
- No filesystem storage for certificates - everything in DB
- `reverseproxy.ts` reads certificate PEM content from database
- `certmanager.ts` stores SmartACME certificates directly to database
## Architecture Notes
### Database Layer (November 2025 Refactoring)
The database layer has been refactored into a repository pattern:
**Directory Structure:**
```
ts/database/
├── index.ts # Main OneboxDatabase class (composes repositories, handles migrations)
├── types.ts # Shared types (TBindValue, TQueryFunction)
├── base.repository.ts # Base repository class
└── repositories/
├── index.ts # Repository exports
├── service.repository.ts # Services CRUD
├── registry.repository.ts # Registries + Registry Tokens
├── certificate.repository.ts # Domains, Certificates, Cert Requirements, SSL Certificates (legacy)
├── auth.repository.ts # Users, Settings
├── metrics.repository.ts # Metrics, Logs
└── platform.repository.ts # Platform Services, Platform Resources
```
**Import paths:**
- Main: `import { OneboxDatabase } from './database/index.ts'`
- Legacy (deprecated): `import { OneboxDatabase } from './classes/database.ts'` (re-exports from new location)
**API Compatibility:**
- The `OneboxDatabase` class maintains the same public API
- All methods delegate to the appropriate repository
- No breaking changes for existing code
## Current Migration Version: 8
Migration 8 converted certificate storage from file paths to PEM content.
## Reverse Proxy SNI Support (November 2025)
The HTTPS reverse proxy now uses Node.js `https.createServer()` with SNI support:
- Uses Deno's Node.js compatibility layer for `node:https` module
- Implements `server.addContext(hostname, {cert, key})` for per-domain certificates
- Dynamic certificate addition via `addCertificate()` without server restart
- HTTP-to-HTTPS redirect when certificate exists for domain
- Wildcard pattern support (e.g., `*.bleu.de` covers `sub.bleu.de`)
**Key files:**
- `ts/classes/reverseproxy.ts` - SNI-enabled HTTPS server
- `ts/classes/services.ts` - Dynamic route updates on service start/stop
**Certificate workflow:**
1. `CertRequirementManager` creates requirements for domains
2. Daemon processes requirements via `certmanager.ts`
3. Certificates stored in database (PEM content)
4. `reverseProxy.addCertificate()` dynamically adds SNI context
5. HTTP requests redirect to HTTPS when cert exists
Reference in New Issue View Git Blame Copy Permalink