reverseproxy: notify services immediately
there are 2 cases where certs change (in db): * LE cert is new or renewed * fallback cert changes with fallback provider if something is off i.e we crashed midway of above, then user can click the rebuild button.
This commit is contained in:
@@ -157,6 +157,16 @@ function validateCertificate(subdomain, domain, certificate) {
|
||||
return null;
|
||||
}
|
||||
|
||||
async function notifyCertChange() {
|
||||
// let other parts of code know about any cert changes. apptask can trigger a renewal, provider can change, for example
|
||||
await mail.handleCertChanged();
|
||||
await shell.promises.sudo('notifyCertChange', [ RESTART_SERVICE_CMD, 'box' ], {}); // directory server
|
||||
const allApps = (await apps.list()).filter(app => app.runState !== apps.RSTATE_STOPPED);
|
||||
for (const app of allApps) {
|
||||
if (app.manifest.addons?.tls) await setupTlsAddon(app);
|
||||
}
|
||||
}
|
||||
|
||||
async function reload() {
|
||||
if (constants.TEST) return;
|
||||
|
||||
@@ -206,6 +216,7 @@ async function setFallbackCertificate(domain, certificate) {
|
||||
if (!safe.fs.writeFileSync(path.join(paths.NGINX_CERT_DIR, `${domain}.host.key`), certificate.key)) throw new BoxError(BoxError.FS_ERROR, safe.error.message);
|
||||
|
||||
await reload();
|
||||
await notifyCertChange();
|
||||
}
|
||||
|
||||
async function restoreFallbackCertificates() {
|
||||
@@ -391,6 +402,8 @@ async function ensureCertificate(location, auditSource) {
|
||||
const [error] = await safe(acme2.getCertificate(fqdn, domainObject));
|
||||
debug(`ensureCertificate: error: ${error ? error.message : 'null'}`);
|
||||
|
||||
if (!error) await notifyCertChange();
|
||||
|
||||
await safe(eventlog.add(eventlog.ACTION_CERTIFICATE_NEW, auditSource, { domain: fqdn, errorMessage: error?.message || '' }));
|
||||
}
|
||||
|
||||
@@ -620,16 +633,10 @@ async function checkCerts(options, auditSource, progressCallback) {
|
||||
await writeAppConfigs(app);
|
||||
}
|
||||
await writeDashboardConfig(settings.dashboardDomain());
|
||||
await notifyCertChange(); // this allows user to "rebuild" using UI just in case we crashed and went out of sync
|
||||
safe.fs.unlinkSync(paths.REVERSE_PROXY_REBUILD_FILE);
|
||||
}
|
||||
|
||||
// let other parts of code know about any cert changes. apptask can trigger a renewal, provider can change, for example
|
||||
await mail.handleCertChanged();
|
||||
await shell.promises.sudo('rebuildConfigs', [ RESTART_SERVICE_CMD, 'box' ], {}); // directory server
|
||||
for (const app of allApps) {
|
||||
if (app.manifest.addons?.tls) await setupTlsAddon(app);
|
||||
}
|
||||
|
||||
await cleanupCerts(locations, auditSource, progressCallback);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user