From eb058afbd7364fbb3c2e127677ba873ce4dd94b1 Mon Sep 17 00:00:00 2001 From: Jonathan Cobb Date: Thu, 2 Jul 2020 01:33:02 -0400 Subject: [PATCH 1/4] separate message for single-user bubble --- .../post_auth/ResourceMessages.properties | 17 ++++++++--------- bubble-web | 2 +- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/bubble-server/src/main/resources/message_templates/en_US/server/post_auth/ResourceMessages.properties b/bubble-server/src/main/resources/message_templates/en_US/server/post_auth/ResourceMessages.properties index 9980cbae..eb553c0a 100644 --- a/bubble-server/src/main/resources/message_templates/en_US/server/post_auth/ResourceMessages.properties +++ b/bubble-server/src/main/resources/message_templates/en_US/server/post_auth/ResourceMessages.properties @@ -197,7 +197,8 @@ field_description_network_fork_host=The current Sage Launcher will be forked ont field_label_network_domain=Domain field_label_plan=Plan field_label_choose_plan=Choose Your Plan -message_plan_max_accounts=You can create up to {{max}} user accounts on this Bubble +message_plan_max_accounts_one=This is a single-user Bubble +message_plan_max_accounts_multiple=You can create up to {{max}} user accounts on this Bubble message_plan_no_max_accounts=This plan supports an unlimited number of user accounts field_label_show_advanced_plan_options=Customize Launch Options field_label_region=Location @@ -312,14 +313,12 @@ label_account_promotion_used=Used On label_account_payment_method_used_format={{MMM}} {{d}}, {{YYYY}} # Bubble Plans -plan_name_bubble=Bubble Standard -plan_description_bubble=Try this one first. Most users probably don't need anything more -plan_name_bubble_plus=Bubble Plus -plan_description_bubble_plus=Enhanced for faster performance -plan_name_bubble_pro=Bubble Pro -plan_description_bubble_pro=Two bubble nodes operate in concert to improve overall reliability -plan_name_bubble_super=Bubble Super -plan_description_bubble_super=A truly powerful bubble node +plan_name_bubble=Personal Bubble +plan_description_bubble=Enjoy your very own personal Bubble +plan_name_bubble_plus=Family Bubble +plan_description_bubble_plus=A bigger Bubble, enhanced for multi-user performance +plan_name_bubble_super=Mega Bubble +plan_description_bubble_super=Our most powerful Bubble, optimized for small businesses # Footprints footprint_name_US=United States diff --git a/bubble-web b/bubble-web index 9f90be6e..49c50674 160000 --- a/bubble-web +++ b/bubble-web @@ -1 +1 @@ -Subproject commit 9f90be6ef8fa65fdf87d86848ede63b1e2fafdaf +Subproject commit 49c5067411cf858630e75ee88bf42403f06292f3 From efb8993688f4e2ce418b08014d98751c1b3affcb Mon Sep 17 00:00:00 2001 From: Jonathan Cobb Date: Thu, 2 Jul 2020 03:02:25 -0400 Subject: [PATCH 2/4] use email address on forgot password page --- bubble-web | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bubble-web b/bubble-web index 49c50674..9db44f03 160000 --- a/bubble-web +++ b/bubble-web @@ -1 +1 @@ -Subproject commit 49c5067411cf858630e75ee88bf42403f06292f3 +Subproject commit 9db44f03af37d9e13d4fc1f820fa52096b20d3af From 24466fc11ae873b0ca4e3ad1aa2f0df074cf2f7a Mon Sep 17 00:00:00 2001 From: Jonathan Cobb Date: Thu, 2 Jul 2020 03:04:37 -0400 Subject: [PATCH 3/4] add copyright headers --- bin/aws/aws_delete_image.sh | 4 +++- bin/aws/aws_delete_images.sh | 4 +++- bin/do/do_delete_image.sh | 4 +++- bin/do/do_delete_instance.sh | 4 +++- bin/do/do_list_images.sh | 4 +++- bin/do/do_list_instances.sh | 4 +++- bin/do/docurl | 4 +++- bin/godaddy/gd_list_records.sh | 4 +++- bin/godaddy/gd_update_records.sh | 3 +++ bin/godaddy/gdcurl | 4 +++- bin/rdelkeys | 3 +++ bin/rkeys | 3 +++ bin/vultr/vcurl | 4 +++- bin/vultr/vultr_delete_instance.sh | 4 +++- bin/vultr/vultr_delete_snapshot.sh | 4 +++- bin/vultr/vultr_delete_snapshots.sh | 4 +++- bin/vultr/vultr_list_instances.sh | 4 +++- bin/vultr/vultr_list_snapshots.sh | 4 +++- .../main/java/bubble/model/device/DeviceSecurityLevel.java | 4 ++++ bubble-server/src/main/java/bubble/server/AppLinks.java | 4 ++++ bubble-server/src/main/java/bubble/server/BasicAppLinks.java | 4 ++++ .../src/main/java/bubble/service/cloud/DeviceIdService.java | 4 ++++ .../src/main/java/bubble/service/stream/AppPrimerService.java | 4 ++++ .../java/bubble/service/stream/ConnectionCheckResponse.java | 4 ++++ .../java/bubble/service/stream/StandardAppPrimerService.java | 4 ++++ .../bubble/service_dbfilter/DbFilterAppPrimerService.java | 4 ++++ .../java/bubble/service_dbfilter/DbFilterDeviceIdService.java | 4 ++++ 27 files changed, 90 insertions(+), 15 deletions(-) diff --git a/bin/aws/aws_delete_image.sh b/bin/aws/aws_delete_image.sh index 57c9593a..36a94c52 100755 --- a/bin/aws/aws_delete_image.sh +++ b/bin/aws/aws_delete_image.sh @@ -1,5 +1,7 @@ #!/bin/bash - +# +# Copyright (c) 2020 Bubble, Inc. All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/ +# function die { echo 1>&2 "${1}" exit 1 diff --git a/bin/aws/aws_delete_images.sh b/bin/aws/aws_delete_images.sh index 68bc04ee..66ff8f65 100755 --- a/bin/aws/aws_delete_images.sh +++ b/bin/aws/aws_delete_images.sh @@ -1,5 +1,7 @@ #!/bin/bash - +# +# Copyright (c) 2020 Bubble, Inc. All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/ +# function die { echo 1>&2 "${1}" exit 1 diff --git a/bin/do/do_delete_image.sh b/bin/do/do_delete_image.sh index a3f451da..ae9c3528 100755 --- a/bin/do/do_delete_image.sh +++ b/bin/do/do_delete_image.sh @@ -1,5 +1,7 @@ #!/bin/bash - +# +# Copyright (c) 2020 Bubble, Inc. All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/ +# IMAGEID=${1:?no IMAGEID provided} THISDIR=$(cd $(dirname ${0}) && pwd) DOCURL=${THISDIR}/docurl diff --git a/bin/do/do_delete_instance.sh b/bin/do/do_delete_instance.sh index 6036efab..f5fe5f7a 100755 --- a/bin/do/do_delete_instance.sh +++ b/bin/do/do_delete_instance.sh @@ -1,5 +1,7 @@ #!/bin/bash - +# +# Copyright (c) 2020 Bubble, Inc. All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/ +# DROPLETID=${1:?no DROPLETID provided} THISDIR=$(cd $(dirname ${0}) && pwd) DOCURL=${THISDIR}/docurl diff --git a/bin/do/do_list_images.sh b/bin/do/do_list_images.sh index 44033e18..1d166c26 100755 --- a/bin/do/do_list_images.sh +++ b/bin/do/do_list_images.sh @@ -1,5 +1,7 @@ #!/bin/bash - +# +# Copyright (c) 2020 Bubble, Inc. All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/ +# THISDIR=$(cd $(dirname ${0}) && pwd) DOCURL=${THISDIR}/docurl diff --git a/bin/do/do_list_instances.sh b/bin/do/do_list_instances.sh index 52071f3f..12f6ef98 100755 --- a/bin/do/do_list_instances.sh +++ b/bin/do/do_list_instances.sh @@ -1,5 +1,7 @@ #!/bin/bash - +# +# Copyright (c) 2020 Bubble, Inc. All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/ +# THISDIR=$(cd $(dirname ${0}) && pwd) DOCURL=${THISDIR}/docurl diff --git a/bin/do/docurl b/bin/do/docurl index b3667304..29e2a7ed 100755 --- a/bin/do/docurl +++ b/bin/do/docurl @@ -1,5 +1,7 @@ #!/bin/bash - +# +# Copyright (c) 2020 Bubble, Inc. All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/ +# if [[ -z "${DIGITALOCEAN_API_KEY}" ]] ; then echo "DIGITALOCEAN_API_KEY not defined in environment" exit 1 diff --git a/bin/godaddy/gd_list_records.sh b/bin/godaddy/gd_list_records.sh index f491c8ae..9d222ad3 100755 --- a/bin/godaddy/gd_list_records.sh +++ b/bin/godaddy/gd_list_records.sh @@ -1,5 +1,7 @@ #!/bin/bash - +# +# Copyright (c) 2020 Bubble, Inc. All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/ +# DOMAIN=${1:?no domain provided} THISDIR=$(cd $(dirname ${0}) && pwd) diff --git a/bin/godaddy/gd_update_records.sh b/bin/godaddy/gd_update_records.sh index cf168a56..c9a9463a 100755 --- a/bin/godaddy/gd_update_records.sh +++ b/bin/godaddy/gd_update_records.sh @@ -1,4 +1,7 @@ #!/bin/bash +# +# Copyright (c) 2020 Bubble, Inc. All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/ +# DOMAIN=${1:?no domain provided} RECORDS_JSON="${2:?no JSON DNS records file provided}" diff --git a/bin/godaddy/gdcurl b/bin/godaddy/gdcurl index da6e6d49..0be1abff 100755 --- a/bin/godaddy/gdcurl +++ b/bin/godaddy/gdcurl @@ -1,5 +1,7 @@ #!/bin/bash - +# +# Copyright (c) 2020 Bubble, Inc. All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/ +# if [[ -z "${GODADDY_API_KEY}" ]] ; then echo "GODADDY_API_KEY not defined in environment" exit 1 diff --git a/bin/rdelkeys b/bin/rdelkeys index 3e4e2f33..ce16cff0 100755 --- a/bin/rdelkeys +++ b/bin/rdelkeys @@ -1,4 +1,7 @@ #!/bin/bash +# +# Copyright (c) 2020 Bubble, Inc. All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/ +# KEY_MATCH="${1:?no key match}" for k in $(echo 'keys *'"""${KEY_MATCH}"""'*' | redis-cli ) ; do echo "del ${k} => $(echo "del ${k}" | redis-cli)" diff --git a/bin/rkeys b/bin/rkeys index d9a1158b..c2bc51df 100755 --- a/bin/rkeys +++ b/bin/rkeys @@ -1,4 +1,7 @@ #!/bin/bash +# +# Copyright (c) 2020 Bubble, Inc. All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/ +# KEY_MATCH="${1}" for k in $(echo 'keys *'"""${KEY_MATCH}"""'*' | redis-cli ) ; do echo "$k => $(echo "get $k" | redis-cli)" diff --git a/bin/vultr/vcurl b/bin/vultr/vcurl index fe8538ca..44e7b5ab 100755 --- a/bin/vultr/vcurl +++ b/bin/vultr/vcurl @@ -1,5 +1,7 @@ #!/bin/bash - +# +# Copyright (c) 2020 Bubble, Inc. All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/ +# if [[ -z "${VULTR_API_KEY}" ]] ; then echo "VULTR_API_KEY not defined in environment" exit 1 diff --git a/bin/vultr/vultr_delete_instance.sh b/bin/vultr/vultr_delete_instance.sh index af8f6c83..6069cdef 100755 --- a/bin/vultr/vultr_delete_instance.sh +++ b/bin/vultr/vultr_delete_instance.sh @@ -1,5 +1,7 @@ #!/bin/bash - +# +# Copyright (c) 2020 Bubble, Inc. All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/ +# SUBID=${1:?no SUBID provided} THISDIR=$(cd $(dirname ${0}) && pwd) VCURL=${THISDIR}/vcurl diff --git a/bin/vultr/vultr_delete_snapshot.sh b/bin/vultr/vultr_delete_snapshot.sh index 4cb70e5b..2083b6ab 100755 --- a/bin/vultr/vultr_delete_snapshot.sh +++ b/bin/vultr/vultr_delete_snapshot.sh @@ -1,5 +1,7 @@ #!/bin/bash - +# +# Copyright (c) 2020 Bubble, Inc. All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/ +# SNAPSHOTID=${1:?no snapshot provided} THISDIR=$(cd $(dirname ${0}) && pwd) VCURL=${THISDIR}/vcurl diff --git a/bin/vultr/vultr_delete_snapshots.sh b/bin/vultr/vultr_delete_snapshots.sh index 26ecdaaa..adba262b 100755 --- a/bin/vultr/vultr_delete_snapshots.sh +++ b/bin/vultr/vultr_delete_snapshots.sh @@ -1,5 +1,7 @@ #!/bin/bash - +# +# Copyright (c) 2020 Bubble, Inc. All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/ +# THISDIR=$(cd $(dirname ${0}) && pwd) VCURL=${THISDIR}/vcurl diff --git a/bin/vultr/vultr_list_instances.sh b/bin/vultr/vultr_list_instances.sh index edaba92b..752875ce 100755 --- a/bin/vultr/vultr_list_instances.sh +++ b/bin/vultr/vultr_list_instances.sh @@ -1,5 +1,7 @@ #!/bin/bash - +# +# Copyright (c) 2020 Bubble, Inc. All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/ +# THISDIR=$(cd $(dirname ${0}) && pwd) VCURL=${THISDIR}/vcurl diff --git a/bin/vultr/vultr_list_snapshots.sh b/bin/vultr/vultr_list_snapshots.sh index d7b7bd22..c93594b3 100755 --- a/bin/vultr/vultr_list_snapshots.sh +++ b/bin/vultr/vultr_list_snapshots.sh @@ -1,5 +1,7 @@ #!/bin/bash - +# +# Copyright (c) 2020 Bubble, Inc. All rights reserved. For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/ +# THISDIR=$(cd $(dirname ${0}) && pwd) VCURL=${THISDIR}/vcurl diff --git a/bubble-server/src/main/java/bubble/model/device/DeviceSecurityLevel.java b/bubble-server/src/main/java/bubble/model/device/DeviceSecurityLevel.java index 1a74dae4..54c249eb 100644 --- a/bubble-server/src/main/java/bubble/model/device/DeviceSecurityLevel.java +++ b/bubble-server/src/main/java/bubble/model/device/DeviceSecurityLevel.java @@ -1,3 +1,7 @@ +/** + * Copyright (c) 2020 Bubble, Inc. All rights reserved. + * For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/ + */ package bubble.model.device; import com.fasterxml.jackson.annotation.JsonCreator; diff --git a/bubble-server/src/main/java/bubble/server/AppLinks.java b/bubble-server/src/main/java/bubble/server/AppLinks.java index 27de6e7f..2d7b5cae 100644 --- a/bubble-server/src/main/java/bubble/server/AppLinks.java +++ b/bubble-server/src/main/java/bubble/server/AppLinks.java @@ -1,3 +1,7 @@ +/** + * Copyright (c) 2020 Bubble, Inc. All rights reserved. + * For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/ + */ package bubble.server; import com.fasterxml.jackson.annotation.JsonIgnore; diff --git a/bubble-server/src/main/java/bubble/server/BasicAppLinks.java b/bubble-server/src/main/java/bubble/server/BasicAppLinks.java index 8016471b..dba95cf3 100644 --- a/bubble-server/src/main/java/bubble/server/BasicAppLinks.java +++ b/bubble-server/src/main/java/bubble/server/BasicAppLinks.java @@ -1,3 +1,7 @@ +/** + * Copyright (c) 2020 Bubble, Inc. All rights reserved. + * For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/ + */ package bubble.server; import lombok.Getter; diff --git a/bubble-server/src/main/java/bubble/service/cloud/DeviceIdService.java b/bubble-server/src/main/java/bubble/service/cloud/DeviceIdService.java index 626bff6b..88d3e009 100644 --- a/bubble-server/src/main/java/bubble/service/cloud/DeviceIdService.java +++ b/bubble-server/src/main/java/bubble/service/cloud/DeviceIdService.java @@ -1,3 +1,7 @@ +/** + * Copyright (c) 2020 Bubble, Inc. All rights reserved. + * For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/ + */ package bubble.service.cloud; import bubble.model.device.Device; diff --git a/bubble-server/src/main/java/bubble/service/stream/AppPrimerService.java b/bubble-server/src/main/java/bubble/service/stream/AppPrimerService.java index 59c25e25..1fe5659d 100644 --- a/bubble-server/src/main/java/bubble/service/stream/AppPrimerService.java +++ b/bubble-server/src/main/java/bubble/service/stream/AppPrimerService.java @@ -1,3 +1,7 @@ +/** + * Copyright (c) 2020 Bubble, Inc. All rights reserved. + * For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/ + */ package bubble.service.stream; import bubble.model.account.Account; diff --git a/bubble-server/src/main/java/bubble/service/stream/ConnectionCheckResponse.java b/bubble-server/src/main/java/bubble/service/stream/ConnectionCheckResponse.java index 9c663898..e1bf50cf 100644 --- a/bubble-server/src/main/java/bubble/service/stream/ConnectionCheckResponse.java +++ b/bubble-server/src/main/java/bubble/service/stream/ConnectionCheckResponse.java @@ -1,3 +1,7 @@ +/** + * Copyright (c) 2020 Bubble, Inc. All rights reserved. + * For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/ + */ package bubble.service.stream; import com.fasterxml.jackson.annotation.JsonCreator; diff --git a/bubble-server/src/main/java/bubble/service/stream/StandardAppPrimerService.java b/bubble-server/src/main/java/bubble/service/stream/StandardAppPrimerService.java index c0653406..61974e7b 100644 --- a/bubble-server/src/main/java/bubble/service/stream/StandardAppPrimerService.java +++ b/bubble-server/src/main/java/bubble/service/stream/StandardAppPrimerService.java @@ -1,3 +1,7 @@ +/** + * Copyright (c) 2020 Bubble, Inc. All rights reserved. + * For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/ + */ package bubble.service.stream; import bubble.dao.account.AccountDAO; diff --git a/bubble-server/src/main/java/bubble/service_dbfilter/DbFilterAppPrimerService.java b/bubble-server/src/main/java/bubble/service_dbfilter/DbFilterAppPrimerService.java index 20c3eaf2..195d8355 100644 --- a/bubble-server/src/main/java/bubble/service_dbfilter/DbFilterAppPrimerService.java +++ b/bubble-server/src/main/java/bubble/service_dbfilter/DbFilterAppPrimerService.java @@ -1,3 +1,7 @@ +/** + * Copyright (c) 2020 Bubble, Inc. All rights reserved. + * For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/ + */ package bubble.service_dbfilter; import bubble.model.account.Account; diff --git a/bubble-server/src/main/java/bubble/service_dbfilter/DbFilterDeviceIdService.java b/bubble-server/src/main/java/bubble/service_dbfilter/DbFilterDeviceIdService.java index 76a9ebcd..44e0672e 100644 --- a/bubble-server/src/main/java/bubble/service_dbfilter/DbFilterDeviceIdService.java +++ b/bubble-server/src/main/java/bubble/service_dbfilter/DbFilterDeviceIdService.java @@ -1,3 +1,7 @@ +/** + * Copyright (c) 2020 Bubble, Inc. All rights reserved. + * For personal (non-commercial) use, see license: https://getbubblenow.com/bubble-license/ + */ package bubble.service_dbfilter; import bubble.model.device.Device; From 7d8e88643258f03ec92b53258b71ae8343e45c10 Mon Sep 17 00:00:00 2001 From: Jonathan Cobb Date: Thu, 2 Jul 2020 05:30:56 -0400 Subject: [PATCH 4/4] re-add cert validation host --- .../src/main/java/bubble/server/BubbleConfiguration.java | 1 + .../resources/ansible/roles/bubble/files/bubble_role.json | 4 +++- .../resources/ansible/roles/bubble/templates/bubble.env.j2 | 2 ++ .../ansible/roles/mitmproxy/files/bubble_role.json | 3 ++- .../ansible/roles/mitmproxy/templates/bubble_config.py.j2 | 1 + bubble-server/src/main/resources/bubble-config.yml | 2 ++ .../packer/roles/mitmproxy/files/bubble_conn_check.py | 6 +++++- 7 files changed, 16 insertions(+), 3 deletions(-) diff --git a/bubble-server/src/main/java/bubble/server/BubbleConfiguration.java b/bubble-server/src/main/java/bubble/server/BubbleConfiguration.java index 312bb612..075822ae 100644 --- a/bubble-server/src/main/java/bubble/server/BubbleConfiguration.java +++ b/bubble-server/src/main/java/bubble/server/BubbleConfiguration.java @@ -215,6 +215,7 @@ public class BubbleConfiguration extends PgRestServerConfiguration @Getter @Setter private LegalInfo legal = new LegalInfo(); @Getter @Setter private AppLinks appLinks = new AppLinks(); + @Getter @Setter private String certificateValidationHost; @Override @JsonIgnore public Handlebars getHandlebars() { return BubbleHandlebars.instance.getHandlebars(); } diff --git a/bubble-server/src/main/resources/ansible/roles/bubble/files/bubble_role.json b/bubble-server/src/main/resources/ansible/roles/bubble/files/bubble_role.json index 98928312..71298cdf 100644 --- a/bubble-server/src/main/resources/ansible/roles/bubble/files/bubble_role.json +++ b/bubble-server/src/main/resources/ansible/roles/bubble/files/bubble_role.json @@ -37,7 +37,9 @@ {"name": "app_link_android", "value": "[[appLinks.android]]"}, {"name": "app_link_windows", "value": "[[appLinks.windows]]"}, {"name": "app_link_macosx", "value": "[[appLinks.macosx]]"}, - {"name": "app_link_linux", "value": "[[appLinks.linux]]"} + {"name": "app_link_linux", "value": "[[appLinks.linux]]"}, + + {"name": "cert_validation_host", "value": "[[configuration.certificateValidationHost]]"} ], "optionalConfigNames": ["restore_key", "restore_timeout", "error_url", "error_key", "error_env"] } \ No newline at end of file diff --git a/bubble-server/src/main/resources/ansible/roles/bubble/templates/bubble.env.j2 b/bubble-server/src/main/resources/ansible/roles/bubble/templates/bubble.env.j2 index c20748ca..f4a263b7 100644 --- a/bubble-server/src/main/resources/ansible/roles/bubble/templates/bubble.env.j2 +++ b/bubble-server/src/main/resources/ansible/roles/bubble/templates/bubble.env.j2 @@ -20,3 +20,5 @@ export APP_LINK_ANDROID={{ app_link_android }} export APP_LINK_WINDOWS={{ app_link_windows }} export APP_LINK_MACOSX={{ app_link_macosx }} export APP_LINK_LINUX={{ app_link_linux }} + +export CERT_VALIDATION_HOST={{ cert_validation_host }} diff --git a/bubble-server/src/main/resources/ansible/roles/mitmproxy/files/bubble_role.json b/bubble-server/src/main/resources/ansible/roles/mitmproxy/files/bubble_role.json index ef957b04..4c8f21c8 100644 --- a/bubble-server/src/main/resources/ansible/roles/mitmproxy/files/bubble_role.json +++ b/bubble-server/src/main/resources/ansible/roles/mitmproxy/files/bubble_role.json @@ -11,6 +11,7 @@ {"name": "sage_ip6", "value": "[[sageNode.ip6]]"}, {"name": "cert_name", "value": "bubble-[[network.shortId]]"}, {"name": "cert_org", "value": "Bubble [[network.shortId]]"}, - {"name": "cert_cn", "value": "[[network.certCNAME]]"} + {"name": "cert_cn", "value": "[[network.certCNAME]]"}, + {"name": "cert_validation_host", "value": "[[configuration.certificateValidationHost]]"} ] } \ No newline at end of file diff --git a/bubble-server/src/main/resources/ansible/roles/mitmproxy/templates/bubble_config.py.j2 b/bubble-server/src/main/resources/ansible/roles/mitmproxy/templates/bubble_config.py.j2 index 9c6bb04f..0651a0d4 100644 --- a/bubble-server/src/main/resources/ansible/roles/mitmproxy/templates/bubble_config.py.j2 +++ b/bubble-server/src/main/resources/ansible/roles/mitmproxy/templates/bubble_config.py.j2 @@ -6,3 +6,4 @@ bubble_ssl_port = '{{ ssl_port }}' bubble_sage_host = '{{ sage_host }}' bubble_sage_ip4 = '{{ sage_ip4 }}' bubble_sage_ip6 = '{{ sage_ip6 }}' +cert_validation_host = '{{ cert_validation_host }}' \ No newline at end of file diff --git a/bubble-server/src/main/resources/bubble-config.yml b/bubble-server/src/main/resources/bubble-config.yml index 4f35fdcb..5c35b0d7 100644 --- a/bubble-server/src/main/resources/bubble-config.yml +++ b/bubble-server/src/main/resources/bubble-config.yml @@ -109,3 +109,5 @@ appLinks: windows: {{APP_LINK_WINDOWS}} macosx: {{APP_LINK_MACOSX}} linux: {{APP_LINK_LINUX}} + +certificateValidationHost: {{CERT_VALIDATION_HOST}} diff --git a/bubble-server/src/main/resources/packer/roles/mitmproxy/files/bubble_conn_check.py b/bubble-server/src/main/resources/packer/roles/mitmproxy/files/bubble_conn_check.py index d65b90fa..e6341b4b 100644 --- a/bubble-server/src/main/resources/packer/roles/mitmproxy/files/bubble_conn_check.py +++ b/bubble-server/src/main/resources/packer/roles/mitmproxy/files/bubble_conn_check.py @@ -28,7 +28,7 @@ from mitmproxy.exceptions import TlsProtocolException from mitmproxy.net import tls as net_tls from bubble_api import bubble_log, bubble_conn_check, bubble_activity_log, redis_set -from bubble_config import bubble_sage_host, bubble_sage_ip4, bubble_sage_ip6 +from bubble_config import bubble_sage_host, bubble_sage_ip4, bubble_sage_ip6, cert_validation_host import redis import json import subprocess @@ -210,6 +210,10 @@ def next_layer(next_layer): bubble_log('next_layer: enabling passthru for server='+server_addr+' because security_level='+security_level+' for client='+client_addr) check = FORCE_PASSTHRU + elif fqdns is not None and len(fqdns) == 1 and cert_validation_host == fqdns[0]: + bubble_log('next_layer: NOT enabling passthru for server='+server_addr+' because fqdn is cert_validation_host ('+cert_validation_host+') for client='+client_addr) + return + elif security_level == SEC_STD and no_fqdns: bubble_log('next_layer: enabling passthru for server='+server_addr+' because no FQDN found and security_level='+security_level+' for client='+client_addr) check = FORCE_PASSTHRU