jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

reverseproxy: notify services immediately

Browse Source 
there are 2 cases where certs change (in db):
* LE cert is new or renewed
* fallback cert changes with fallback provider

if something is off i.e we crashed midway of above, then user can click the
rebuild button.
This commit is contained in:
Girish Ramakrishnan
2022-11-29 18:27:08 +01:00
parent 77a5f01585
commit 7e1c56161d
1 changed files with 14 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/reverseproxy.js
View File

@@ -157,6 +157,16 @@ function validateCertificate(subdomain, domain, certificate) {
return null;
}
async function notifyCertChange() {
// let other parts of code know about any cert changes. apptask can trigger a renewal, provider can change, for example
await mail.handleCertChanged();
await shell.promises.sudo('notifyCertChange', [ RESTART_SERVICE_CMD, 'box' ], {}); // directory server
const allApps = (await apps.list()).filter(app => app.runState !== apps.RSTATE_STOPPED);
for (const app of allApps) {
if (app.manifest.addons?.tls) await setupTlsAddon(app);
}
}
async function reload() {
if (constants.TEST) return;
@@ -206,6 +216,7 @@ async function setFallbackCertificate(domain, certificate) {
if (!safe.fs.writeFileSync(path.join(paths.NGINX_CERT_DIR, `${domain}.host.key`), certificate.key)) throw new BoxError(BoxError.FS_ERROR, safe.error.message);
await reload();
await notifyCertChange();
}
async function restoreFallbackCertificates() {
@@ -391,6 +402,8 @@ async function ensureCertificate(location, auditSource) {
const [error] = await safe(acme2.getCertificate(fqdn, domainObject));
debug(`ensureCertificate: error: ${error ? error.message : 'null'}`);
if (!error) await notifyCertChange();
await safe(eventlog.add(eventlog.ACTION_CERTIFICATE_NEW, auditSource, { domain: fqdn, errorMessage: error?.message || '' }));
}
@@ -620,16 +633,10 @@ async function checkCerts(options, auditSource, progressCallback) {
await writeAppConfigs(app);
}
await writeDashboardConfig(settings.dashboardDomain());
await notifyCertChange(); // this allows user to "rebuild" using UI just in case we crashed and went out of sync
safe.fs.unlinkSync(paths.REVERSE_PROXY_REBUILD_FILE);
}
// let other parts of code know about any cert changes. apptask can trigger a renewal, provider can change, for example
await mail.handleCertChanged();
await shell.promises.sudo('rebuildConfigs', [ RESTART_SERVICE_CMD, 'box' ], {}); // directory server
for (const app of allApps) {
if (app.manifest.addons?.tls) await setupTlsAddon(app);
}
await cleanupCerts(locations, auditSource, progressCallback);
}