Page MenuHomePhabricator

D15709.diff
No OneTemporary

D15709.diff

diff --git a/conf/aphlict/aphlict.default.json b/conf/aphlict/aphlict.default.json
--- a/conf/aphlict/aphlict.default.json
+++ b/conf/aphlict/aphlict.default.json
@@ -5,14 +5,16 @@
"port": 22280,
"listen": "0.0.0.0",
"ssl.key": null,
- "ssl.cert": null
+ "ssl.cert": null,
+ "ssl.chain": null
},
{
"type": "admin",
"port": 22281,
"listen": "127.0.0.1",
"ssl.key": null,
- "ssl.cert": null
+ "ssl.cert": null,
+ "ssl.chain": null
}
],
"logs": [
diff --git a/src/applications/aphlict/management/PhabricatorAphlictManagementWorkflow.php b/src/applications/aphlict/management/PhabricatorAphlictManagementWorkflow.php
--- a/src/applications/aphlict/management/PhabricatorAphlictManagementWorkflow.php
+++ b/src/applications/aphlict/management/PhabricatorAphlictManagementWorkflow.php
@@ -99,6 +99,7 @@
'listen' => 'optional string|null',
'ssl.key' => 'optional string|null',
'ssl.cert' => 'optional string|null',
+ 'ssl.chain' => 'optional string|null',
));
$port = $server['port'];
@@ -145,6 +146,21 @@
'ssl.key',
'ssl.cert'));
}
+
+ $ssl_chain = idx($server, 'ssl.chain');
+ if ($ssl_chain && (!$ssl_key && !$ssl_cert)) {
+ throw new PhutilArgumentUsageException(
+ pht(
+ 'A specified server (at index "%s", on port "%s") specifies '.
+ 'a value for "%s", but no value for "%s" or "%s". Servers '.
+ 'should only provide an SSL chain if they also provide an SSL '.
+ 'key and SSL certificate.',
+ $index,
+ $port,
+ 'ssl.chain',
+ 'ssl.key',
+ 'ssl.cert'));
+ }
}
if (!$servers) {
diff --git a/src/docs/user/configuration/notifications.diviner b/src/docs/user/configuration/notifications.diviner
--- a/src/docs/user/configuration/notifications.diviner
+++ b/src/docs/user/configuration/notifications.diviner
@@ -85,13 +85,15 @@
`admin` or `client`. Normally, you should run one of each.
- `port`: //Required int.// The port this server should listen on.
- `listen`: //Optional string.// Which interface to bind to. By default,
- the `admin` server is bound to localhost (so only other services on the
+ the `admin` server is bound to `127.0.0.1` (so only other services on the
local machine can connect to it), while the `client` server is bound
- to `0.0.0.0` (so any client can connect.
+ to `0.0.0.0` (so any client can connect).
- `ssl.key`: //Optional string.// If you want to use SSL on this port,
the path to an SSL key.
- `ssl.cert`: //Optional string.// If you want to use SSL on this port,
the path to an SSL certificate.
+ - `ssl.chain`: //Optional string.// If you have configured SSL on this
+ port, an optional path to a certificate chain file.
Each log in the `logs` list should be an object with these keys:
diff --git a/support/aphlict/server/aphlict_server.js b/support/aphlict/server/aphlict_server.js
--- a/support/aphlict/server/aphlict_server.js
+++ b/support/aphlict/server/aphlict_server.js
@@ -104,6 +104,10 @@
spec['ssl.cert'] = fs.readFileSync(spec['ssl.cert']);
}
+ if (spec['ssl.chain']){
+ spec['ssl.chain'] = fs.readFileSync(spec['ssl.chain']);
+ }
+
servers.push(spec);
}
@@ -132,9 +136,13 @@
if (server['ssl.key']) {
var https_config = {
key: server['ssl.key'],
- cert: server['ssl.cert']
+ cert: server['ssl.cert'],
};
+ if (server['ssl.chain']) {
+ https_config.ca = server['ssl.chain'];
+ }
+
http_server = https.createServer(https_config);
} else {
http_server = http.createServer();

File Metadata

Mime Type
text/plain
Expires
Thu, Oct 24, 5:20 AM (3 w, 3 d ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
6735064
Default Alt Text
D15709.diff (3 KB)

Event Timeline