jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

consolidate acme paths in the reverseproxy code

Browse Source
This commit is contained in:
Girish Ramakrishnan
2021-05-07 22:43:30 -07:00
parent dea31109e2
commit 302ea60b8d
2 changed files with 69 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
src/reverseproxy.js
View File

@@ -278,7 +278,7 @@ function getAcmeCertificatePathSync(vhost, domainObject) {
assert.strictEqual(typeof vhost, 'string'); // this can contain wildcard domain (for alias domains)
assert.strictEqual(typeof domainObject, 'object');
let certName, certFilePath, keyFilePath, csrFilePath;
let certName, certFilePath, keyFilePath, csrFilePath, acmeChallengesDir = paths.ACME_CHALLENGES_DIR;
if (vhost !== domainObject.domain && domainObject.tlsConfig.wildcard) { // bare domain is not part of wildcard SAN
certName = domains.makeWildcard(vhost).replace('*.', '_.');
@@ -292,7 +292,7 @@ function getAcmeCertificatePathSync(vhost, domainObject) {
csrFilePath = path.join(paths.NGINX_CERT_DIR, `${vhost}.csr`);
}
return { certName, certFilePath, keyFilePath, csrFilePath };
return { certName, certFilePath, keyFilePath, csrFilePath, acmeChallengesDir };
}
function setAppCertificate(location, domainObject, certificate, callback) {
@@ -344,7 +344,7 @@ async function checkAppCertificate(vhost, domainObject) {
assert.strictEqual(typeof domainObject, 'object');
const subdomain = vhost.substr(0, vhost.length - domainObject.domain.length - 1);
const certificate = await apps.getCertificate(subdomain, domainObject);
const certificate = await apps.getCertificate(subdomain, domainObject.domain);
if (!certificate) return null;
const { certFilePath, keyFilePath } = getAppCertificatePathSync(vhost);
@@ -375,6 +375,26 @@ async function checkAcmeCertificate(vhost, domainObject) {
return { certFilePath, keyFilePath };
}
async function updateCertBlobs(vhost, domainObject) {
assert.strictEqual(typeof vhost, 'string'); // this can contain wildcard domain (for alias domains)
assert.strictEqual(typeof domainObject, 'object');
const { certName, certFilePath, keyFilePath, csrFilePath } = getAcmeCertificatePathSync(vhost, domainObject);
const privateKey = safe.fs.readFileSync(keyFilePath);
if (!privateKey) throw new BoxError(BoxError.FS_ERROR, `Failed to read private key: ${safe.error.message}`);
const cert = safe.fs.readFileSync(certFilePath);
if (!cert) throw new BoxError(BoxError.FS_ERROR, `Failed to read cert: ${safe.error.message}`);
const csr = safe.fs.readFileSync(csrFilePath);
if (!csr) throw new BoxError(BoxError.FS_ERROR, `Failed to read csr: ${safe.error.message}`);
await blobs.set(`${blobs.CERT_PREFIX}-${certName}.key`, privateKey);
await blobs.set(`${blobs.CERT_PREFIX}-${certName}.cert`, cert);
await blobs.set(`${blobs.CERT_PREFIX}-${certName}.csr`, csr);
}
function ensureCertificate(vhost, domain, auditSource, callback) {
assert.strictEqual(typeof vhost, 'string');
assert.strictEqual(typeof domain, 'string');
@@ -410,8 +430,9 @@ function ensureCertificate(vhost, domain, auditSource, callback) {
debug('ensureCertificate: getting certificate for %s with options %j', vhost, _.omit(apiOptions, 'accountKeyPem'));
acmeApi.getCertificate(vhost, domain, apiOptions, function (error, certFilePath, keyFilePath) {
debug(`ensureCertificate: error: ${error ? error.message : 'null'} cert: ${certFilePath || 'null'}`);
const acmePaths = getAcmeCertificatePathSync(vhost, domainObject);
acmeApi.getCertificate(vhost, domain, acmePaths, apiOptions, async function (error) {
debug(`ensureCertificate: error: ${error ? error.message : 'null'} cert: ${acmePaths.certFilePath || 'null'}`);
eventlog.add(currentBundle ? eventlog.ACTION_CERTIFICATE_RENEWAL : eventlog.ACTION_CERTIFICATE_NEW, auditSource, { domain: vhost, errorMessage: error ? error.message : '' });
@@ -420,7 +441,10 @@ function ensureCertificate(vhost, domain, auditSource, callback) {
return callback(null, currentBundle, { renewed: false });
}
if (certFilePath && keyFilePath) return callback(null, { certFilePath, keyFilePath }, { renewed: true });
if (!error) {
[error] = await safe(updateCertBlobs(vhost, domainObject));
if (!error) return callback(null, { certFilePath: acmePaths.certFilePath, keyFilePath: acmePaths.keyFilePath }, { renewed: true });
}
debug(`ensureCertificate: renewal of ${vhost} failed. using fallback certificates for ${domain}`);