diff --git a/CHANGES b/CHANGES index 3254d9f05..74c2f21d3 100644 --- a/CHANGES +++ b/CHANGES @@ -2431,4 +2431,5 @@ [7.1.2] * Fix crash in cloudron-firewall when ports are whitelisted +* eventlog: add event for certificate cleanup diff --git a/src/eventlog.js b/src/eventlog.js index ae18b4867..3b79484d6 100644 --- a/src/eventlog.js +++ b/src/eventlog.js @@ -36,6 +36,7 @@ exports = module.exports = { ACTION_CERTIFICATE_NEW: 'certificate.new', ACTION_CERTIFICATE_RENEWAL: 'certificate.renew', + ACTION_CERTIFICATE_CLEANUP: 'certificate.cleanup', ACTION_DASHBOARD_DOMAIN_UPDATE: 'dashboard.domain.update', diff --git a/src/reverseproxy.js b/src/reverseproxy.js index 7567beade..333a91870 100644 --- a/src/reverseproxy.js +++ b/src/reverseproxy.js @@ -657,13 +657,17 @@ async function renewCerts(options, auditSource, progressCallback) { } } -async function cleanupCerts() { +async function cleanupCerts(auditSource) { + assert.strictEqual(typeof auditSource, 'object'); + const filenames = await fs.promises.readdir(paths.NGINX_CERT_DIR); const certFilenames = filenames.filter(f => f.endsWith('.cert')); const now = new Date(); debug('cleanupCerts: start'); + const fqdns = []; + for (const certFilename of certFilenames) { const certFilePath = path.join(paths.NGINX_CERT_DIR, certFilename); const notAfter = getExpiryDate(certFilePath); @@ -681,9 +685,13 @@ async function cleanupCerts() { await blobs.del(`${blobs.CERT_PREFIX}-${fqdn}.key`); await blobs.del(`${blobs.CERT_PREFIX}-${fqdn}.cert`); await blobs.del(`${blobs.CERT_PREFIX}-${fqdn}.csr`); + + fqdns.push(fqdn); } } + if (fqdns.length) await safe(eventlog.add(eventlog.ACTION_CERTIFICATE_CLEANUP, auditSource, { domains: fqdns })); + debug('cleanupCerts: done'); } @@ -693,7 +701,7 @@ async function checkCerts(options, auditSource, progressCallback) { assert.strictEqual(typeof progressCallback, 'function'); await renewCerts(options, auditSource, progressCallback); - await cleanupCerts(); + await cleanupCerts(auditSource); } function removeAppConfigs() {