Merge branch 'master' into kris/add_support_for_restore_ui

# Conflicts: # bubble-server/src/main/java/bubble/server/BubbleConfiguration.java # bubble-web
4 年之前 · 32927ed289
--- a/bin/godaddy/gd_list_records.sh
+++ b/bin/godaddy/gd_list_records.sh
@@ -0,0 +1,8 @@
 #!/bin/bash

 DOMAIN=${1:?no domain provided}

 THISDIR=$(cd $(dirname ${0}) && pwd)
 GDCURL=${THISDIR}/gdcurl

 ${GDCURL} ${DOMAIN}/records
--- a/bin/godaddy/gd_update_records.sh
+++ b/bin/godaddy/gd_update_records.sh
@@ -0,0 +1,8 @@
 #!/bin/bash
 DOMAIN=${1:?no domain provided}
 RECORDS_JSON="${2:?no JSON DNS records file provided}"

 THISDIR=$(cd $(dirname ${0}) && pwd)
 GDCURL=${THISDIR}/gdcurl

 ${GDCURL} ${DOMAIN}/records "${RECORDS_JSON}" PUT
--- a/bin/godaddy/gdcurl
+++ b/bin/godaddy/gdcurl
@@ -0,0 +1,26 @@
 #!/bin/bash

 if [[ -z "${GODADDY_API_KEY}" ]] ; then
  echo "GODADDY_API_KEY not defined in environment"
  exit 1
 fi
 if [[ -z "${GODADDY_API_SECRET}" ]] ; then
  echo "GODADDY_API_SECRET not defined in environment"
  exit 1
 fi

 URI="${1:?no uri}"
 POST_FILE="${2}"
 HTTP_METHOD=${3}

 API_BASE=https://api.godaddy.com/v1/domains/

 if [[ ! -z "${POST_FILE}" ]] ; then
  if [[ -z "${HTTP_METHOD}" ]] ; then
    curl -d @${POST_FILE} -s -H 'Content-Type: application/json' -H "Authorization: sso-key ${GODADDY_API_KEY}:${GODADDY_API_SECRET}" ${API_BASE}${URI}
  else
    curl -d @${POST_FILE} -X ${HTTP_METHOD} -s -H 'Content-Type: application/json' -H "Authorization: sso-key ${GODADDY_API_KEY}:${GODADDY_API_SECRET}" ${API_BASE}${URI}
  fi
 else
  curl -s -H "Authorization: sso-key ${GODADDY_API_KEY}:${GODADDY_API_SECRET}" ${API_BASE}${URI}
 fi
--- a/bubble-server/src/main/java/bubble/cloud/dns/DnsDriverBase.java
+++ b/bubble-server/src/main/java/bubble/cloud/dns/DnsDriverBase.java
@@ -132,6 +132,10 @@ public abstract class DnsDriverBase<T> extends CloudServiceDriverBase<T> impleme
                .setType(DnsType.CNAME)
                .setFqdn(network.getNetworkDomain())
                .setValue(node.getFqdn()));
        records.add((DnsRecord) new DnsRecord()
                .setType(DnsType.CNAME)
                .setFqdn(network.getCertCNAME())
                .setValue(network.getNetworkDomain()));
        return records;
    }

--- a/bubble-server/src/main/java/bubble/model/cloud/BubbleNetwork.java
+++ b/bubble-server/src/main/java/bubble/model/cloud/BubbleNetwork.java
@@ -34,8 +34,7 @@ import java.util.Arrays;
 import java.util.Collection;
 import java.util.List;

 import static bubble.ApiConstants.EP_NETWORKS;
 import static bubble.ApiConstants.ROOT_NETWORK_UUID;
 import static bubble.ApiConstants.*;
 import static bubble.model.cloud.BubbleDomain.DOMAIN_NAME_MAXLEN;
 import static bubble.model.cloud.BubbleNetworkState.created;
 import static bubble.server.BubbleConfiguration.getDEFAULT_LOCALE;
@@ -69,6 +68,8 @@ public class BubbleNetwork extends IdentifiableBase implements HasNetwork, HasBu
    public static final String TAG_ALLOW_REGISTRATION = "allowRegistration";
    public static final String TAG_PARENT_ACCOUNT = "parentAccountUuid";

    public static final String CERT_CNAME_PREFIX = "bubble-";

    private static final List<String> TAG_NAMES = Arrays.asList(TAG_ALLOW_REGISTRATION, TAG_PARENT_ACCOUNT);
    @Override public Collection<String> validTags() { return TAG_NAMES; }

@@ -109,6 +110,7 @@ public class BubbleNetwork extends IdentifiableBase implements HasNetwork, HasBu
    public BubbleNetwork setDomainName (String dn) { this.domainName = dn == null ? null : dn.toLowerCase(); return this; }

    @Transient @JsonIgnore public String getNetworkDomain () { return name + "." + domainName; }
    @Transient @JsonIgnore public String getCertCNAME () { return CERT_CNAME_PREFIX+getShortId()+"."+getNetworkDomain(); }

    @ECSearchable(filter=true) @ECField(index=50)
    @ECIndex @Column(nullable=false, length=NAME_MAXLEN)
--- a/bubble-server/src/main/java/bubble/model/cloud/BubbleNode.java
+++ b/bubble-server/src/main/java/bubble/model/cloud/BubbleNode.java
@@ -20,7 +20,6 @@ import lombok.NoArgsConstructor;
 import lombok.Setter;
 import lombok.experimental.Accessors;
 import org.apache.commons.lang3.RandomUtils;
 import org.cobbzilla.wizard.client.ApiClientBase;
 import org.cobbzilla.wizard.model.Identifiable;
 import org.cobbzilla.wizard.model.IdentifiableBase;
 import org.cobbzilla.wizard.model.entityconfig.EntityFieldType;
@@ -235,15 +234,15 @@ public class BubbleNode extends IdentifiableBase implements HasNetwork, HasBubbl
    @Transient @Getter @Setter private transient Boolean wasRestored;
    public boolean wasRestored() { return bool(wasRestored); }

    public ApiClientBase getApiClient(BubbleConfiguration configuration) {
    public BubbleNodeClient getApiClient(BubbleConfiguration configuration) {
        return new BubbleNodeClient(this, configuration);
    }

    public ApiClientBase getDownloadClient(BubbleConfiguration configuration) {
    public BubbleNodeClient getDownloadClient(BubbleConfiguration configuration) {
        return new BubbleNodeDownloadClient(this, configuration);
    }

    public ApiClientBase getApiQuickClient(BubbleConfiguration configuration) {
    public BubbleNodeClient getApiQuickClient(BubbleConfiguration configuration) {
        return new BubbleNodeQuickClient(this, configuration);
    }

--- a/bubble-server/src/main/java/bubble/resources/account/AuthResource.java
+++ b/bubble-server/src/main/java/bubble/resources/account/AuthResource.java
@@ -4,6 +4,7 @@
 */
 package bubble.resources.account;

 import bubble.client.BubbleNodeClient;
 import bubble.dao.SessionDAO;
 import bubble.dao.account.AccountDAO;
 import bubble.dao.account.AccountPolicyDAO;
@@ -18,10 +19,7 @@ import bubble.model.account.message.*;
 import bubble.model.bill.AccountPaymentMethod;
 import bubble.model.bill.BubblePlan;
 import bubble.model.boot.ActivationRequest;
 import bubble.model.cloud.BubbleNetwork;
 import bubble.model.cloud.BubbleNode;
 import bubble.model.cloud.BubbleNodeKey;
 import bubble.model.cloud.NetworkKeys;
 import bubble.model.cloud.*;
 import bubble.model.cloud.notify.NotificationReceipt;
 import bubble.model.device.BubbleDeviceType;
 import bubble.model.device.Device;
@@ -368,12 +366,45 @@ public class AuthResource {
    public Response appLogin(@Context Request req,
                             @Context ContainerRequest ctx,
                             @PathParam("session") String sessionId) {
        final Account sessionAccount = sessionDAO.find(sessionId);
        if (sessionAccount == null) return notFound(sessionId);
        Account sessionAccount = sessionDAO.find(sessionId);
        if (sessionAccount == null) {
            final BubbleNetwork thisNetwork = configuration.getThisNetwork();
            if (thisNetwork != null
                    && thisNetwork.syncPassword()
                    && thisNetwork.getInstallType() == AnsibleInstallType.node
                    && configuration.hasSageNode()) {
                // check if session is valid on sage
                final BubbleNodeClient sageClient = configuration.getSageNode().getApiQuickClient(configuration);
                try {
                    final Account sageAccount = sageClient.post(AUTH_ENDPOINT+EP_APP_LOGIN+"/"+sessionId, null, Account.class);
                    if (sageAccount == null || empty(sageAccount.getApiToken())) {
                        // should never happen
                        log.warn("appLogin: sageLogin succeeded, but returned null account or account without api token");
                        return notFound(sessionId);

                    } else {
                        sessionAccount = accountDAO.findByUuid(sageAccount.getUuid());
                        if (sessionAccount == null) {
                            log.warn("appLogin: sageLogin succeeded, but account does not exist locally: "+sageAccount.getUuid());
                            return notFound(sessionId);
                        }
                    }
                } catch (Exception e) {
                    log.warn("appLogin: error checking session with sage ("+configuration.getSageNode().id()+"): "+shortError(e));
                    return notFound(sessionId);
                }
            } else {
                return notFound(sessionId);
            }
        }

        final Account existing = optionalUserPrincipal(ctx);
        if (existing != null) {
            sessionDAO.invalidate(existing.getApiToken());
            if (!existing.getUuid().equals(sessionAccount.getUuid())) {
                sessionDAO.invalidate(existing.getApiToken());
            } else {
                return ok(existing);
            }
        }
        return ok(sessionAccount.setApiToken(sessionDAO.create(sessionAccount)));
    }
--- a/bubble-server/src/main/java/bubble/server/BubbleConfiguration.java
+++ b/bubble-server/src/main/java/bubble/server/BubbleConfiguration.java
@@ -91,7 +91,6 @@ public class BubbleConfiguration extends PgRestServerConfiguration
    public static final String TAG_REQUIRE_SEND_METRICS = "requireSendMetrics";
    public static final String TAG_SUPPORT = "support";
    public static final String TAG_SECURITY_LEVELS = "securityLevels";
    public static final String TAG_CERT_VALIDATION_HOST = "certValidationHost"; // must match bubble_passthru.py
    public static final String TAG_RESTORE_MODE = "isInRestoringStatus";

    public static final String DEFAULT_LOCAL_STORAGE_DIR = HOME_DIR + "/.bubble_local_storage";
@@ -142,7 +141,6 @@ public class BubbleConfiguration extends PgRestServerConfiguration
    public boolean hasSageNode () { return getSageNode() != null; }

    @Getter @Setter private String letsencryptEmail;
    @Getter @Setter private String certValidationHost;

    @Setter private String localStorageDir = DEFAULT_LOCAL_STORAGE_DIR;
    public String getLocalStorageDir () { return empty(localStorageDir) ? DEFAULT_LOCAL_STORAGE_DIR : localStorageDir; }
@@ -285,6 +283,7 @@ public class BubbleConfiguration extends PgRestServerConfiguration
    public Map<String, Object> getPublicSystemConfigs () {
        synchronized (publicSystemConfigs) {
            if (publicSystemConfigs.get() == null) {
                final BubbleNode thisNode = getThisNode();
                final BubbleNetwork thisNetwork = getThisNetwork();
                final AccountDAO accountDAO = getBean(AccountDAO.class);
                final CloudServiceDAO cloudDAO = getBean(CloudServiceDAO.class);
@@ -307,8 +306,7 @@ public class BubbleConfiguration extends PgRestServerConfiguration
                                           : thisNetwork.getState().equals(BubbleNetworkState.restoring)},
                        {TAG_SSL_PORT, getDefaultSslPort()},
                        {TAG_SUPPORT, getSupport()},
                        {TAG_SECURITY_LEVELS, DeviceSecurityLevel.values()},
                        {TAG_CERT_VALIDATION_HOST, getCertValidationHost()}
                        {TAG_SECURITY_LEVELS, DeviceSecurityLevel.values()}
                }));
            }
            return publicSystemConfigs.get();
--- a/bubble-server/src/main/java/bubble/server/listener/NodeInitializerListener.java
+++ b/bubble-server/src/main/java/bubble/server/listener/NodeInitializerListener.java
@@ -17,14 +17,12 @@ import bubble.service.cloud.DeviceIdService;
 import bubble.service.cloud.NetworkMonitorService;
 import bubble.service.stream.AppPrimerService;
 import lombok.extern.slf4j.Slf4j;
 import org.cobbzilla.wizard.cache.redis.RedisService;
 import org.cobbzilla.wizard.server.RestServer;
 import org.cobbzilla.wizard.server.RestServerLifecycleListenerBase;

 import java.io.File;
 import java.util.Map;

 import static bubble.server.BubbleConfiguration.TAG_CERT_VALIDATION_HOST;
 import static bubble.service.boot.StandardSelfNodeService.SELF_NODE_JSON;
 import static bubble.service.boot.StandardSelfNodeService.THIS_NODE_FILE;
 import static org.cobbzilla.util.daemon.ZillaRuntime.*;
@@ -107,14 +105,10 @@ public class NodeInitializerListener extends RestServerLifecycleListenerBase<Bub
            }
        }

        // ensure default devices exist, cert_validation_host is set, apps are primed and device security levels are set
        // ensure default devices exist, apps are primed and device security levels are set
        if (thisNode != null) {
            final BubbleNetwork thisNetwork = c.getThisNetwork();
            if (thisNetwork != null && thisNetwork.getInstallType() == AnsibleInstallType.node) {
                final String certValidationHost = c.getCertValidationHost();
                if (!empty(certValidationHost)) {
                    c.getBean(RedisService.class).set(TAG_CERT_VALIDATION_HOST, certValidationHost);
                }
                c.getBean(AppPrimerService.class).primeApps();
                c.getBean(DeviceIdService.class).initDeviceSecurityLevels();
            }
--- a/bubble-server/src/main/java/bubble/service/cloud/AnsiblePrepService.java
+++ b/bubble-server/src/main/java/bubble/service/cloud/AnsiblePrepService.java
@@ -81,7 +81,6 @@ public class AnsiblePrepService {
        }
        ctx.put("sslPort", network.getSslPort());
        ctx.put("publicBaseUri", network.getPublicUri());
        ctx.put("cert_validation_host", configuration.getCertValidationHost());
        ctx.put("support", configuration.getSupport());
        ctx.put("appLinks", configuration.getAppLinks());

--- a/bubble-server/src/main/java/bubble/service/cloud/StandardNetworkService.java
+++ b/bubble-server/src/main/java/bubble/service/cloud/StandardNetworkService.java
@@ -234,8 +234,8 @@ public class StandardNetworkService implements NetworkService {
            final NodeStartJob startJob = new NodeStartJob(node, nodeDAO, computeDriver);
            jobFutures.add(backgroundJobs.submit(startJob));

            // Create DNS A and AAAA records for node
            final NodeDnsJob dnsJob = new NodeDnsJob(cloudDAO, domain, node, configuration);
            // Create DNS records for node
            final NodeDnsJob dnsJob = new NodeDnsJob(cloudDAO, domain, network, node, configuration);
            jobFutures.add(backgroundJobs.submit(dnsJob));

            // Prepare ansible roles
--- a/bubble-server/src/main/java/bubble/service/cloud/job/NodeDnsJob.java
+++ b/bubble-server/src/main/java/bubble/service/cloud/job/NodeDnsJob.java
@@ -6,6 +6,7 @@ package bubble.service.cloud.job;

 import bubble.dao.cloud.CloudServiceDAO;
 import bubble.model.cloud.BubbleDomain;
 import bubble.model.cloud.BubbleNetwork;
 import bubble.model.cloud.BubbleNode;
 import bubble.model.cloud.CloudService;
 import bubble.server.BubbleConfiguration;
@@ -20,15 +21,18 @@ public class NodeDnsJob implements Runnable {

    private CloudServiceDAO cloudDAO;
    private BubbleDomain domain;
    private BubbleNetwork network;
    private BubbleNode node;
    private BubbleConfiguration configuration;

    public NodeDnsJob(CloudServiceDAO cloudDAO,
                      BubbleDomain domain,
                      BubbleNetwork network,
                      BubbleNode node,
                      BubbleConfiguration configuration) {
        this.cloudDAO = cloudDAO;
        this.domain = domain;
        this.network = network;
        this.node = node;
        this.configuration = configuration;
    }
--- a/bubble-server/src/main/resources/META-INF/bubble/bubble.properties
+++ b/bubble-server/src/main/resources/META-INF/bubble/bubble.properties
@@ -1 +1 @@
 bubble.version=0.12.2
 bubble.version=0.12.4
--- a/bubble-server/src/main/resources/ansible/roles/bubble/files/bubble_role.json
+++ b/bubble-server/src/main/resources/ansible/roles/bubble/files/bubble_role.json
@@ -30,8 +30,6 @@
    {"name": "error_key", "value": "[[error_key]]"},
    {"name": "error_env", "value": "[[error_env]]"},

    {"name": "cert_validation_host", "value": "[[cert_validation_host]]"},

    {"name": "support_email", "value": "[[support.email]]"},
    {"name": "support_site", "value": "[[support.site]]"},

--- a/bubble-server/src/main/resources/ansible/roles/bubble/templates/bubble.env.j2
+++ b/bubble-server/src/main/resources/ansible/roles/bubble/templates/bubble.env.j2
@@ -12,7 +12,6 @@ export ERRBIT_URL={{ error_url | default('') }}
 export ERRBIT_KEY={{ error_key | default('') }}
 export ERRBIT_ENV={{ error_env | default('') }}

 export CERT_VALIDATION_HOST={{ cert_validation_host }}
 export SUPPORT_EMAIL={{ support_email }}
 export SUPPORT_SITE={{ support_site }}

--- a/bubble-server/src/main/resources/ansible/roles/mitmproxy/files/bubble_role.json
+++ b/bubble-server/src/main/resources/ansible/roles/mitmproxy/files/bubble_role.json
@@ -9,6 +9,8 @@
    {"name": "sage_host", "value": "[[sageNode.fqdn]]"},
    {"name": "sage_ip4", "value": "[[sageNode.ip4]]"},
    {"name": "sage_ip6", "value": "[[sageNode.ip6]]"},
    {"name": "cert_name", "value": "bubble-[[network.shortId]]"}
    {"name": "cert_name", "value": "bubble-[[network.shortId]]"},
    {"name": "cert_org", "value": "Bubble [[network.shortId]]"},
    {"name": "cert_cn", "value": "[[network.certCNAME]]"}
  ]
 }
--- a/bubble-server/src/main/resources/ansible/roles/mitmproxy/tasks/main.yml
+++ b/bubble-server/src/main/resources/ansible/roles/mitmproxy/tasks/main.yml
@@ -2,7 +2,7 @@
 # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/
 #
 - name: Set the cert name
  shell: set_cert_name.sh /home/mitmproxy/mitmproxy {{ cert_name }}
  shell: set_cert_name.sh /home/mitmproxy/mitmproxy {{ cert_name }} "{{ cert_org }}" {{ cert_cn }}

 - name: Reuse bubble mitm certs if available
  shell: reuse_bubble_mitm_certs.sh
--- a/bubble-server/src/main/resources/bubble-config.yml
+++ b/bubble-server/src/main/resources/bubble-config.yml
@@ -88,8 +88,6 @@ rateLimits:
  - { limit: 50000, interval: 1h, block: 24h }
  - { limit: 100000, interval: 6h, block: 96h }

 certValidationHost: {{CERT_VALIDATION_HOST}}

 support:
  email: {{SUPPORT_EMAIL}}
  site: {{SUPPORT_SITE}}
--- a/bubble-server/src/main/resources/packer/roles/common/files/supervisor_ulimit.conf
+++ b/bubble-server/src/main/resources/packer/roles/common/files/supervisor_ulimit.conf
@@ -0,0 +1,2 @@
 [supervisord]
 minfds=20480
--- a/bubble-server/src/main/resources/packer/roles/common/tasks/main.yml
+++ b/bubble-server/src/main/resources/packer/roles/common/tasks/main.yml
@@ -35,6 +35,14 @@
    group: root
    mode: 0600

 - name: Install supervisor ulimit file
  copy:
    src: supervisor_ulimit.conf
    dest: /etc/supervisor/conf.d/ulimit.conf
    owner: root
    group: root
    mode: 0644

 - name: Start common services
  service:
    name: '{{ item }}'
--- a/bubble-server/src/main/resources/packer/roles/mitmproxy/files/bubble_modify.py
+++ b/bubble-server/src/main/resources/packer/roles/mitmproxy/files/bubble_modify.py
@@ -121,8 +121,9 @@ def responseheaders(flow):
        else:
            req_id = get_flow_ctx(flow, CTX_BUBBLE_REQUEST_ID)
            matchers = get_flow_ctx(flow, CTX_BUBBLE_MATCHERS)
            prefix = 'responseheaders(req_id='+str(req_id)+'): '
            if req_id is not None and matchers is not None:
                bubble_log('responseheaders: req_id='+req_id+' with matchers: '+repr(matchers))
                bubble_log(prefix+' matchers: '+repr(matchers))
                if HEADER_CONTENT_TYPE in flow.response.headers:
                    content_type = flow.response.headers[HEADER_CONTENT_TYPE]
                    if matchers:
@@ -134,10 +135,10 @@ def responseheaders(flow):
                                    typeRegex = '^text/html.*'
                                if re.match(typeRegex, content_type):
                                    any_content_type_matches = True
                                    bubble_log('responseheaders: req_id='+req_id+' found at least one matcher for content_type ('+content_type+'), filtering')
                                    bubble_log(prefix+': found at least one matcher for content_type ('+content_type+'), filtering')
                                    break
                        if not any_content_type_matches:
                            bubble_log('responseheaders: req_id='+req_id+' no matchers for content_type ('+content_type+'), passing thru')
                            bubble_log(prefix+': no matchers for content_type ('+content_type+'), passing thru')
                            return

                        if HEADER_CONTENT_ENCODING in flow.response.headers:
@@ -146,7 +147,7 @@ def responseheaders(flow):
                            content_encoding = None

                        content_length_value = flow.response.headers.pop(HEADER_CONTENT_LENGTH, None)
                        bubble_log('responseheaders: req_id='+req_id+' content_encoding='+repr(content_encoding) + ', content_type='+repr(content_type))
                        bubble_log(prefix+': content_encoding='+repr(content_encoding) + ', content_type='+repr(content_type))
                        flow.response.stream = bubble_modify(flow, req_id, content_encoding, content_type)
                        if content_length_value:
                            flow.response.headers['transfer-encoding'] = 'chunked'
@@ -157,10 +158,10 @@ def responseheaders(flow):
                                    if hasattr(ctx, 'ctx'):
                                        ctx = ctx.ctx
                                    else:
                                        bubble_log('responseheaders: error finding server_conn. last ctx has no further ctx. type='+str(type(ctx))+' vars='+str(vars(ctx)))
                                        bubble_log(prefix+'error finding server_conn. last ctx has no further ctx. type='+str(type(ctx))+' vars='+str(vars(ctx)))
                                        return
                                if not hasattr(ctx, 'server_conn'):
                                    bubble_log('responseheaders: error finding server_conn. ctx type='+str(type(ctx))+' vars='+str(vars(ctx)))
                                    bubble_log(prefix+'error finding server_conn. ctx type='+str(type(ctx))+' vars='+str(vars(ctx)))
                                    return
                                content_length = int(content_length_value)
                                ctx.server_conn.rfile.fake_chunks = content_length
@@ -168,11 +169,11 @@ def responseheaders(flow):
                                add_flow_ctx(flow, CTX_CONTENT_LENGTH_SENT, 0)

                    else:
                        bubble_log('responseheaders: no matchers, passing thru')
                        bubble_log(prefix+'no matchers, passing thru')
                        pass
                else:
                    bubble_log('responseheaders: no '+HEADER_CONTENT_TYPE +' header, passing thru')
                    bubble_log(prefix+'no '+HEADER_CONTENT_TYPE +' header, passing thru')
                    pass
            else:
                bubble_log('responseheaders: no '+CTX_BUBBLE_MATCHERS +' in ctx, passing thru')
                bubble_log(prefix+'no '+CTX_BUBBLE_MATCHERS +' in ctx, passing thru')
                pass
--- a/bubble-server/src/main/resources/packer/roles/mitmproxy/files/bubble_passthru.py
+++ b/bubble-server/src/main/resources/packer/roles/mitmproxy/files/bubble_passthru.py
@@ -41,7 +41,6 @@ REDIS = redis.Redis(host='127.0.0.1', port=6379, db=0)

 FORCE_PASSTHRU = {'passthru': True}

 cert_validation_host = None
 local_ips = None


--- a/bubble-server/src/main/resources/packer/roles/mitmproxy/files/set_cert_name.sh
+++ b/bubble-server/src/main/resources/packer/roles/mitmproxy/files/set_cert_name.sh
@@ -3,7 +3,9 @@
 # Copyright (c) 2020 Bubble, Inc.  All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/
 #
 MITM_DIR=${1:?no mitm dir specified}
 CERT_NAME=${2:?no cert name specified}
 CERT_NAME="${2:?no cert name specified}"
 CERT_ORGANIZATION="${3:-Bubble}"
 CERT_CN="${4:-$(hostname -d)}"

 if [[ ! -d "${MITM_DIR}" ]] ; then
  echo "mitm dir does not exist or is not a directory: ${MITM_DIR}"
@@ -18,6 +20,10 @@ fi

 if [[ $(cat "${OPTIONS_FILE}" | egrep '^CONF_BASENAME =' | grep "${CERT_NAME}" | wc -l | tr -d ' ') -eq 0 ]] ; then
  temp="$(mktemp /tmp/options.py.XXXXXXX)"
  cat "${OPTIONS_FILE}" | sed -e 's/^CONF_BASENAME\s*=.*/CONF_BASENAME = "'"${CERT_NAME}"'"/' > "${temp}"
  cat "${OPTIONS_FILE}" \
    | sed -e 's/^CONF_BASENAME\s*=.*/CONF_BASENAME = "'"${CERT_NAME}"'"/' \
    | sed -e 's/^CONF_CERT_ORGANIZATION\s*=.*/CONF_CERT_ORGANIZATION = "'"${CERT_ORGANIZATION}"'"/' \
    | sed -e 's/^CONF_CERT_CN\s*=.*/CONF_CERT_CN = "'"${CERT_CN}"'"/' \
    > "${temp}"
  mv "${temp}" "${OPTIONS_FILE}"
 fi
--- a/bubble-server/src/main/resources/packer/roles/mitmproxy/tasks/main.yml
+++ b/bubble-server/src/main/resources/packer/roles/mitmproxy/tasks/main.yml
@@ -40,7 +40,7 @@
  get_url:
    url: https://github.com/getbubblenow/bubble-dist/raw/master/mitmproxy/mitmproxy.zip
    dest: /tmp/mitmproxy.zip
    checksum: sha256:c578ca9da75777a30f7af065583e5e29e65336a2dc346d6453dfa9c002a8bcc2
    checksum: sha256:a8c4447197376eb1d59113a29419654ab7340d98437965592358ec947031b85b

 - name: Unzip mitmproxy.zip
  unarchive:
--- a/+ 1
+++ b/+ 1
@@ -1 +1 @@
 Subproject commit bf76343905390e7cb74b1ec18ff5b4d9534a217b
 Subproject commit 17110386e9e2f26e8d9a212c902229ce8348a619