jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Fix bug where nginx was not reloaded on cert renewal

Browse Source 
Looks like it worked so far because nginx got reloaded in situations
like apptask or server reboot.
This commit is contained in:
Girish Ramakrishnan
2019-10-01 11:25:17 -07:00
parent 52156c9a35
commit c7ee684f25
2 changed files with 18 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/reverseproxy.js
View File

@@ -354,8 +354,8 @@ function ensureCertificate(vhost, domain, auditSource, callback) {
if (currentBundle) {
debug(`ensureCertificate: ${vhost} certificate already exists at ${currentBundle.keyFilePath}`);
if (currentBundle.certFilePath.endsWith('.user.cert')) return callback(null, currentBundle); // user certs cannot be renewed
if (!isExpiringSync(currentBundle.certFilePath, 24 * 30) && providerMatchesSync(domainObject, currentBundle.certFilePath, apiOptions)) return callback(null, currentBundle);
if (currentBundle.certFilePath.endsWith('.user.cert')) return callback(null, currentBundle, { renewed: false }); // user certs cannot be renewed
if (!isExpiringSync(currentBundle.certFilePath, 24 * 30) && providerMatchesSync(domainObject, currentBundle.certFilePath, apiOptions)) return callback(null, currentBundle, { renewed: false });
debug(`ensureCertificate: ${vhost} cert require renewal`);
} else {
debug(`ensureCertificate: ${vhost} cert does not exist`);
@@ -372,7 +372,7 @@ function ensureCertificate(vhost, domain, auditSource, callback) {
// if no cert was returned use fallback. the fallback/caas provider will not provide any for example
if (!certFilePath || !keyFilePath) return getFallbackCertificate(domain, callback);
callback(null, { certFilePath, keyFilePath });
callback(null, { certFilePath, keyFilePath }, { renewed: true });
});
});
});
@@ -584,14 +584,17 @@ function renewCerts(options, auditSource, progressCallback, callback) {
if (options.domain) appDomains = appDomains.filter(function (appDomain) { return appDomain.domain === options.domain; });
let progress = 1;
let progress = 1, renewed = [];
async.eachSeries(appDomains, function (appDomain, iteratorCallback) {
progressCallback({ percent: progress, message: `Renewing certs of ${appDomain.fqdn}` });
progress += Math.round(100/appDomains.length);
ensureCertificate(appDomain.fqdn, appDomain.domain, auditSource, function (error, bundle) {
ensureCertificate(appDomain.fqdn, appDomain.domain, auditSource, function (error, bundle, state) {
if (error) return iteratorCallback(error); // this can happen if cloudron is not setup yet
if (state.renewed) renewed.push(appDomain.fqdn);
// hack to check if the app's cert changed or not. this doesn't handle prod/staging le change since they use same file name
let currentNginxConfig = safe.fs.readFileSync(appDomain.nginxConfigFilename, 'utf8') || '';
if (currentNginxConfig.includes(bundle.certFilePath)) return iteratorCallback();
@@ -607,7 +610,15 @@ function renewCerts(options, auditSource, progressCallback, callback) {
configureFunc(iteratorCallback);
});
}, callback);
}, function (error) {
if (error) return callback(error);
debug(`renewCerts: Renewed certs of ${JSON.stringify(renewed)}`);
if (renewed.length === 0) return callback(null);
// reload nginx if any certs were updated but the config was not rewritten
reload(callback);
});
});
}