jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

delete certs that have long expired (6 months)

Browse Source 
fixes #783
This commit is contained in:
Girish Ramakrishnan
2021-05-18 13:28:48 -07:00
parent 76d0abae43
commit a5e34cf775
6 changed files with 46 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
src/reverseproxy.js
View File

@@ -11,7 +11,7 @@ exports = module.exports = {
getCertificatePath,
ensureCertificate,
renewCerts,
checkCerts,
// the 'configure' ensure a certificate and generate nginx config
configureApp,
@@ -102,7 +102,7 @@ function isExpiringSync(certFilePath, hours) {
if (!fs.existsSync(certFilePath)) return 2; // not found
var result = safe.child_process.spawnSync('/usr/bin/openssl', [ 'x509', '-checkend', String(60 * 60 * hours), '-in', certFilePath ]);
const result = safe.child_process.spawnSync('/usr/bin/openssl', [ 'x509', '-checkend', String(60 * 60 * hours), '-in', certFilePath ]);
if (!result) return 3; // some error
@@ -746,6 +746,39 @@ function renewCerts(options, auditSource, progressCallback, callback) {
});
}
async function cleanupCerts() {
const filenames = await fs.promises.readdir(paths.NGINX_CERT_DIR);
const certFilenames = filenames.filter(f => f.endsWith('.cert'));
for (const certFilename of certFilenames) {
const certFilePath = path.join(paths.NGINX_CERT_DIR, certFilename);
if (isExpiringSync(certFilePath, - 24 * 30 * 6)) { // expired 6 months ago
const fqdn = certFilename.replace(/\.cert$/, '');
debug(`cleanupCerts: deleting certs of ${fqdn}`);
safe.fs.unlinkSync(certFilePath);
safe.fs.unlinkSync(path.join(paths.NGINX_CERT_DIR, `${fqdn}.key`));
safe.fs.unlinkSync(path.join(paths.NGINX_CERT_DIR, `${fqdn}.csr`));
await blobs.del(`${blobs.CERT_PREFIX}-${fqdn}.key`);
await blobs.del(`${blobs.CERT_PREFIX}-${fqdn}.cert`);
await blobs.del(`${blobs.CERT_PREFIX}-${fqdn}.csr`);
}
}
}
function checkCerts(options, auditSource, progressCallback, callback) {
assert.strictEqual(typeof options, 'object');
assert.strictEqual(typeof auditSource, 'object');
assert.strictEqual(typeof progressCallback, 'function');
assert.strictEqual(typeof callback, 'function');
async.series([
renewCerts.bind(null, options, auditSource, progressCallback),
cleanupCerts
], callback);
}
function removeAppConfigs() {
for (let appConfigFile of fs.readdirSync(paths.NGINX_APPCONFIG_DIR)) {
if (appConfigFile !== constants.NGINX_DEFAULT_CONFIG_FILE_NAME && !appConfigFile.startsWith(constants.DASHBOARD_LOCATION)) {