jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

reverseproxy: identify LE staging correctly

Browse Source
This commit is contained in:
Girish Ramakrishnan
2021-04-27 12:55:11 -07:00
parent 38425e75b5
commit cb573c0a37
1 changed files with 3 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/reverseproxy.js
View File

@@ -124,7 +124,7 @@ function providerMatchesSync(domainObject, certFilePath, apiOptions) {
const domain = subject.substr(subject.indexOf('=') + 1).trim(); // subject can be /CN=, CN=, CN = and other forms
const issuer = subjectAndIssuer.match(/^issuer=(.*)$/m)[1];
const isWildcardCert = domain.includes('*');
const isLetsEncryptProd = issuer.includes('Let\'s Encrypt');
const isLetsEncryptProd = issuer.includes('Let\'s Encrypt') && !issuer.includes('STAGING');
const issuerMismatch = (apiOptions.prod && !isLetsEncryptProd) || (!apiOptions.prod && isLetsEncryptProd);
// bare domain is not part of wildcard SAN
@@ -663,13 +663,8 @@ function renewCerts(options, auditSource, progressCallback, callback) {
debug(`renewCerts: creating new nginx config since ${appDomain.nginxConfigFilename} does not have ${bundle.certFilePath}`);
// reconfigure since the cert changed
if (appDomain.type === 'webadmin') {
if (appDomain.type === 'webadmin' || appDomain.type === 'webadmin+mail') {
return writeDashboardNginxConfig(bundle, `${settings.adminFqdn()}.conf`, settings.adminFqdn(), iteratorCallback);
} else if (appDomain.type === 'webadmin+mail') {
return async.series([
mail.handleCertChanged,
writeDashboardNginxConfig.bind(null, bundle, `${settings.adminFqdn()}.conf`, settings.adminFqdn())
], iteratorCallback);
} else if (appDomain.type === 'primary') {
return writeAppNginxConfig(appDomain.app, appDomain.fqdn, bundle, iteratorCallback);
} else if (appDomain.type === 'alternate') {
@@ -687,7 +682,7 @@ function renewCerts(options, auditSource, progressCallback, callback) {
if (renewed.length === 0) return callback(null);
async.series([
(next) => { return renewed.includes(settings.mailFqdn()) ? mail.handleCertChanged(next) : next(); },// mail cert renewed
(next) => { if (renewed.includes(settings.mailFqdn())) mail.handleCertChanged(next); else next(); }, // mail cert renewed
reload, // reload nginx if any certs were updated but the config was not rewritten
(next) => { // restart tls apps on cert change
const tlsApps = allApps.filter(app => app.manifest.addons && app.manifest.addons.tls && renewed.includes(app.fqdn));