Girish Ramakrishnan
+34
-33
@@ -299,17 +299,6 @@ function getCertificate(fqdn, domain, callback) {
|
||||
});
|
||||
}
|
||||
|
||||
function notifyCertChanged(vhost, callback) {
|
||||
assert.strictEqual(typeof vhost, 'string');
|
||||
assert.strictEqual(typeof callback, 'function');
|
||||
|
||||
debug(`notifyCertChanged: vhost: ${vhost} mailFqdn: ${settings.mailFqdn()}`);
|
||||
|
||||
if (vhost !== settings.mailFqdn()) return callback();
|
||||
|
||||
mail.handleCertChanged(callback);
|
||||
}
|
||||
|
||||
function ensureCertificate(vhost, domain, auditSource, callback) {
|
||||
assert.strictEqual(typeof vhost, 'string');
|
||||
assert.strictEqual(typeof domain, 'string');
|
||||
@@ -363,18 +352,14 @@ function ensureCertificate(vhost, domain, auditSource, callback) {
|
||||
return callback(null, currentBundle, { renewed: false });
|
||||
}
|
||||
|
||||
notifyCertChanged(vhost, function (error) {
|
||||
if (certFilePath && keyFilePath) return callback(null, { certFilePath, keyFilePath }, { renewed: true });
|
||||
|
||||
debug(`ensureCertificate: renewal of ${vhost} failed. using fallback certificates for ${domain}`);
|
||||
|
||||
getFallbackCertificate(domain, function (error, bundle) {
|
||||
if (error) return callback(error);
|
||||
|
||||
if (certFilePath && keyFilePath) return callback(null, { certFilePath, keyFilePath }, { renewed: true });
|
||||
|
||||
debug(`ensureCertificate: renewal of ${vhost} failed. using fallback certificates for ${domain}`);
|
||||
|
||||
getFallbackCertificate(domain, function (error, bundle) {
|
||||
if (error) return callback(error);
|
||||
|
||||
callback(null, bundle, { renewed: false });
|
||||
});
|
||||
callback(null, bundle, { renewed: false });
|
||||
});
|
||||
});
|
||||
});
|
||||
@@ -584,8 +569,13 @@ function renewCerts(options, auditSource, progressCallback, callback) {
|
||||
|
||||
var appDomains = [];
|
||||
|
||||
// add webadmin domain
|
||||
appDomains.push({ domain: settings.adminDomain(), fqdn: settings.adminFqdn(), type: 'webadmin', nginxConfigFilename: path.join(paths.NGINX_APPCONFIG_DIR, `${settings.adminFqdn()}.conf`) });
|
||||
// add webadmin and mail domain
|
||||
if (settings.mailFqdn() === settings.adminFqdn()) {
|
||||
appDomains.push({ domain: settings.adminDomain(), fqdn: settings.adminFqdn(), type: 'webadmin+mail', nginxConfigFilename: path.join(paths.NGINX_APPCONFIG_DIR, `${settings.adminFqdn()}.conf`) });
|
||||
} else {
|
||||
appDomains.push({ domain: settings.adminDomain(), fqdn: settings.adminFqdn(), type: 'webadmin', nginxConfigFilename: path.join(paths.NGINX_APPCONFIG_DIR, `${settings.adminFqdn()}.conf`) });
|
||||
appDomains.push({ domain: settings.mailDomain(), fqdn: settings.mailFqdn(), type: 'mail' });
|
||||
}
|
||||
|
||||
// add app main
|
||||
allApps.forEach(function (app) {
|
||||
@@ -594,8 +584,8 @@ function renewCerts(options, auditSource, progressCallback, callback) {
|
||||
appDomains.push({ domain: app.domain, fqdn: app.fqdn, type: 'main', app: app, nginxConfigFilename: path.join(paths.NGINX_APPCONFIG_DIR, app.id + '.conf') });
|
||||
|
||||
app.alternateDomains.forEach(function (alternateDomain) {
|
||||
let nginxConfigFilename = path.join(paths.NGINX_APPCONFIG_DIR, `${app.id}-redirect-${alternateDomain.fqdn}.conf`);
|
||||
appDomains.push({ domain: alternateDomain.domain, fqdn: alternateDomain.fqdn, type: 'alternate', app: app, nginxConfigFilename: nginxConfigFilename });
|
||||
const nginxConfigFilename = path.join(paths.NGINX_APPCONFIG_DIR, `${app.id}-redirect-${alternateDomain.fqdn}.conf`);
|
||||
appDomains.push({ domain: alternateDomain.domain, fqdn: alternateDomain.fqdn, type: 'alternate', app: app, nginxConfigFilename });
|
||||
});
|
||||
});
|
||||
|
||||
@@ -612,6 +602,8 @@ function renewCerts(options, auditSource, progressCallback, callback) {
|
||||
|
||||
if (state.renewed) renewed.push(appDomain.fqdn);
|
||||
|
||||
if (appDomain.type === 'mail') return iteratorCallback(); // mail has no nginx config to check current cert
|
||||
|
||||
// hack to check if the app's cert changed or not. this doesn't handle prod/staging le change since they use same file name
|
||||
let currentNginxConfig = safe.fs.readFileSync(appDomain.nginxConfigFilename, 'utf8') || '';
|
||||
if (currentNginxConfig.includes(bundle.certFilePath)) return iteratorCallback();
|
||||
@@ -619,13 +611,20 @@ function renewCerts(options, auditSource, progressCallback, callback) {
|
||||
debug(`renewCerts: creating new nginx config since ${appDomain.nginxConfigFilename} does not have ${bundle.certFilePath}`);
|
||||
|
||||
// reconfigure since the cert changed
|
||||
var configureFunc;
|
||||
if (appDomain.type === 'webadmin') configureFunc = writeAdminNginxConfig.bind(null, bundle, `${settings.adminFqdn()}.conf`, settings.adminFqdn());
|
||||
else if (appDomain.type === 'main') configureFunc = writeAppNginxConfig.bind(null, appDomain.app, bundle);
|
||||
else if (appDomain.type === 'alternate') configureFunc = writeAppRedirectNginxConfig.bind(null, appDomain.app, appDomain.fqdn, bundle);
|
||||
else return iteratorCallback(new BoxError(BoxError.INTERNAL_ERROR, `Unknown domain type for ${appDomain.fqdn}. This should never happen`));
|
||||
if (appDomain.type === 'webadmin') {
|
||||
return writeAdminNginxConfig(bundle, `${settings.adminFqdn()}.conf`, settings.adminFqdn(), iteratorCallback);
|
||||
} else if (appDomain.type === 'webadmin+mail') {
|
||||
return async.series([
|
||||
mail.handleCertChanged,
|
||||
writeAdminNginxConfig.bind(null, bundle, `${settings.adminFqdn()}.conf`, settings.adminFqdn())
|
||||
], iteratorCallback);
|
||||
} else if (appDomain.type === 'main') {
|
||||
return writeAppNginxConfig(appDomain.app, bundle, iteratorCallback);
|
||||
} else if (appDomain.type === 'alternate') {
|
||||
return writeAppRedirectNginxConfig(appDomain.app, appDomain.fqdn, bundle, iteratorCallback);
|
||||
}
|
||||
|
||||
configureFunc(iteratorCallback);
|
||||
iteratorCallback(new BoxError(BoxError.INTERNAL_ERROR, `Unknown domain type for ${appDomain.fqdn}. This should never happen`));
|
||||
});
|
||||
}, function (error) {
|
||||
if (error) return callback(error);
|
||||
@@ -633,8 +632,10 @@ function renewCerts(options, auditSource, progressCallback, callback) {
|
||||
debug(`renewCerts: Renewed certs of ${JSON.stringify(renewed)}`);
|
||||
if (renewed.length === 0) return callback(null);
|
||||
|
||||
// reload nginx if any certs were updated but the config was not rewritten
|
||||
reload(callback);
|
||||
async.series([
|
||||
(next) => { return renewed.includes(settings.mailFqdn()) ? mail.handleCertChanged(next) : next(); },// mail cert renewed
|
||||
reload // reload nginx if any certs were updated but the config was not rewritten
|
||||
], callback);
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user