diff --git a/src/certificates.js b/src/certificates.js index dfdb572f3..66802742f 100644 --- a/src/certificates.js +++ b/src/certificates.js @@ -10,11 +10,13 @@ exports = module.exports = { ensureCertificate: ensureCertificate, setAdminCertificate: setAdminCertificate, - - getMailCertificate: getMailCertificate, + getAdminCertificate: getAdminCertificate, renewAll: renewAll, + events: new (require('events').EventEmitter)(), + CERT_CHANGED: 'cert_changed', + // exported for testing _getApi: getApi }; @@ -227,6 +229,8 @@ function renewAll(auditSource, callback) { configureFunc(function (ignoredError) { if (ignoredError) debug('fallbackExpiredCertificates: error reconfiguring app', ignoredError); + exports.events.emit(exports.CERT_CHANGED, domain); + iteratorCallback(); // move to next app }); }); @@ -291,6 +295,8 @@ function setFallbackCertificate(cert, key, callback) { if (!safe.fs.writeFileSync(path.join(paths.NGINX_CERT_DIR, 'host.cert'), cert)) return callback(new CertificatesError(CertificatesError.INTERNAL_ERROR, safe.error.message)); if (!safe.fs.writeFileSync(path.join(paths.NGINX_CERT_DIR, 'host.key'), key)) return callback(new CertificatesError(CertificatesError.INTERNAL_ERROR, safe.error.message)); + exports.events.emit(exports.CERT_CHANGED, '*.' + config.fqdn()); + nginx.reload(function (error) { if (error) return callback(new CertificatesError(CertificatesError.INTERNAL_ERROR, error)); @@ -305,7 +311,6 @@ function getFallbackCertificatePath(callback) { callback(null, path.join(paths.NGINX_CERT_DIR, 'host.cert'), path.join(paths.NGINX_CERT_DIR, 'host.key')); } -// FIXME: setting admin cert needs to restart the mail container because it uses admin cert function setAdminCertificate(cert, key, callback) { assert.strictEqual(typeof cert, 'string'); assert.strictEqual(typeof key, 'string'); @@ -322,6 +327,8 @@ function setAdminCertificate(cert, key, callback) { if (!safe.fs.writeFileSync(certFilePath, cert)) return callback(new CertificatesError(CertificatesError.INTERNAL_ERROR, safe.error.message)); if (!safe.fs.writeFileSync(keyFilePath, key)) return callback(new CertificatesError(CertificatesError.INTERNAL_ERROR, safe.error.message)); + exports.events.emit(exports.CERT_CHANGED, vhost); + nginx.configureAdmin(certFilePath, keyFilePath, constants.NGINX_ADMIN_CONFIG_FILE_NAME, config.adminFqdn(), callback); } @@ -342,7 +349,7 @@ function getAdminCertificatePath(callback) { getFallbackCertificatePath(callback); } -function getMailCertificate(callback) { +function getAdminCertificate(callback) { assert.strictEqual(typeof callback, 'function'); getAdminCertificatePath(function (error, certFilePath, keyFilePath) { diff --git a/src/platform.js b/src/platform.js index 0b149efc3..2baf16427 100644 --- a/src/platform.js +++ b/src/platform.js @@ -38,6 +38,10 @@ function initialize(callback) { settings.events.on(settings.MAIL_CONFIG_KEY, function () { startMail(NOOP_CALLBACK); }); + certificates.events.on(certificates.CERT_CHANGED, function (domain) { + if (domain === '*.' + config.fqdn() || domain === config.adminFqdn()) startMail(NOOP_CALLBACK); + }); + var existingInfra = { version: 'none' }; if (fs.existsSync(paths.INFRA_VERSION_FILE)) { existingInfra = safe.JSON.parse(fs.readFileSync(paths.INFRA_VERSION_FILE, 'utf8')); @@ -78,7 +82,7 @@ function initialize(callback) { function uninitialize(callback) { clearTimeout(gPlatformReadyTimer); gPlatformReadyTimer = null; - settings.events.removeListener(settings.MAIL_CONFIG_KEY, startMail); + // TODO: unregister event listeners callback(); } @@ -222,7 +226,8 @@ function startMail(callback) { const memoryLimit = Math.max((1 + Math.round(os.totalmem()/(1024*1024*1024)/4)) * 128, 256); const alertsFrom = 'no-reply@' + config.fqdn(); - certificates.getMailCertificate(function (error, cert, key) { + // admin and mail share the same certificate + certificates.getAdminCertificate(function (error, cert, key) { if (error) return callback(error); if (!safe.fs.writeFileSync(paths.DATA_DIR + '/addons/tls_cert.pem', cert)) return callback(new Error('Could not create cert file:' + safe.error.message));