3caf77cee6
cert: add message for fallback cert
2022-11-13 16:59:22 +01:00
2515a0f18f
cert: do not autoclean default cert
2022-11-13 16:56:51 +01:00
9c8f78a059
reverseproxy: simplify certificate renewal
...
An issue was that mail container was not getting refreshed with the up to
date certs. The root cause is that it is refreshed only in the renewCerts()
cron job. If cert renewal was caused by an app task, then the cron job will
skip the restart (since cert is fresh).
The other issue is that we keep hitting 0 length certs when we run out of disk
space. The root cause is that when out of disk space, a cert renewal will
cause cert to be written but since it has no space it is 0 length. Then, when
the user tries to restart the server, the box code does not write the cert again.
This change fixes the above two including:
* To simplify, we use the fallback cert only if we failed to get a LE cert. Expired LE certs
will continue to be used. nginx is fine with this.
* restart directory as well on renewal
2022-11-13 11:55:12 +01:00
d20f8d5e75
Fix acme refactoring
2022-08-22 12:55:43 +02:00
116cde19f9
constants: location -> subdomain
2022-07-14 15:18:17 +05:30
14fc089f05
Fixup user and acme cert syncing
2022-07-14 15:04:45 +05:30
885d60f7cc
reverseproxy: add setUserCertificate
2022-07-14 13:25:41 +05:30
d33fd7b886
do not use bundle terminology
...
apparently, bundle is also like a cert chain
2022-07-14 12:39:41 +05:30
ba067a959c
reverseproxy: per location user certificates
2022-07-14 12:21:30 +05:30
a246cb7e73
return location certificates
2022-07-14 11:57:04 +05:30
2af29fd844
cleanupCerts: add progress
2022-07-13 11:22:47 +05:30
1549f6a4d0
fix various terminology in code
...
subdomain, domain - strings
location - { subdomain, domain }
bundle - { cert, key }
bundlePath - { certFilePath, keyFilePath }
vhost is really just for virtual hosting
fqdn for others
2022-07-13 10:15:09 +05:30
11d7dfa071
Accept upstreamUri as string for proxy app install
2022-06-09 14:35:05 +02:00
923a9f6560
Rename RELAY_APPSTORE_ID to PROXY_APP_APPSTORE_ID
2022-06-09 13:57:57 +02:00
f854d86986
Use upstreamUri in reverseproxy config
2022-06-09 10:48:54 +02:00
a955457ee7
Support proxy app
2022-06-09 10:48:54 +02:00
6839ff4cf6
reverseproxy: fix typo
...
this type was causing nginx configs of the primary domain being re-written
everytime we try to renew certs
2022-04-04 10:30:32 -07:00
a662a60332
eventlog: add event for certificate cleanup
2022-02-24 19:55:43 -08:00
eb3e87c340
add debug
2022-02-17 11:08:22 -08:00
012a3e2984
ensure certificate of secondary domains
2022-02-16 20:32:04 -08:00
46b497d87e
rename SUBDOMAIN_ to LOCATION_
...
location is { subdomain, domain } pair
2022-02-07 13:48:08 -08:00
964c1a5f5a
remove field from errors
...
we have standardized on indexOf in error.message by now
2022-02-07 13:44:29 -08:00
67fe17d20c
Fix crash with alias domains
2022-02-01 21:28:43 -08:00
19ddff058e
reverseproxy: fix crash because of missing app property
2022-01-29 16:53:26 -08:00
5382e3d832
remove nginx config of stopped apps
...
when the cert of a stopped app gets auto-cleaned up, nginx does not
start anymore since the config references the cert.
there are two possible fixes:
* do not cleanup cert of stopped apps
* remove the nginx config of stopped apps
this implements the second approach
2022-01-28 10:23:56 -08:00
f017e297f7
secondaryDomains are always required
...
they can still become empty after an update but install and change_location
requires them
part of #809
2022-01-21 10:03:30 -08:00
1e2f01cc69
reverseProxy: refactor filename logic
2022-01-16 12:22:29 -08:00
b34f66b115
add secondary domains
...
note that for updates to work, we keep the secondary domain optional,
even though they are really not.
part of #809
2022-01-16 12:10:48 -08:00
d18977ccad
reverseProxy: single writeAppNginxConfig()
...
this prepares for secondary domains
2022-01-16 11:29:21 -08:00
89c3847fb0
reverseProxy: refactor
2022-01-16 10:28:49 -08:00
aeeeaae62a
pass domain object to reduce one query
2022-01-16 10:16:14 -08:00
1e98a2affb
change argument order to match others
2022-01-16 09:45:59 -08:00
3da19d5fa6
Use constants
2022-01-14 22:57:44 -08:00
d7d46a5a81
rename alternateDomains to redirectDomains
2022-01-14 22:32:34 -08:00
2ab2255115
fix dhparam generation
...
it cannot be created in default config creation time since it is
already run pre-VM snapshot time
2021-11-17 11:48:06 -08:00
1c8e699a71
generate dhparams per server
...
this way we don't need to save/restore it from the database.
2021-11-16 23:03:16 -08:00
c4db0d746d
acme: if account key was revoked, generate new account key
...
the plan was to migrate only specific keys but this allows us the
flexibility to revoke keys after the release (since we have not
gotten response from DO about access to old 1-click images so far).
2021-11-16 22:57:40 -08:00
68db4524f1
remove unused httpPaths from manifest
2021-11-09 21:50:33 -08:00
b642bc98a5
ensure fallback certificates of all domains
...
https://forum.cloudron.io/topic/5683/data-argument-must-be-of-type-received-null-error-during-restore-process
2021-10-06 13:34:06 -07:00
4a9d074b50
Use for..of instead of forEach for clarity
2021-10-06 13:01:12 -07:00
05e8339555
Fix typos in cert renewal
2021-09-23 17:54:54 -07:00
3090307c1d
tasks: remove superfluous update code
2021-09-23 17:44:41 -07:00
dff2275a9b
add a flag to disable ocsp globally
...
fixes #796
2021-09-22 09:13:16 -07:00
e7f51d992f
acme: getCertificate can be async now
2021-09-07 09:34:23 -07:00
b1da86c97f
rename variable to avoid shadowing
2021-08-30 15:30:50 -07:00
1cc11fece8
Fix crash in renewCerts()
2021-08-25 15:52:05 -07:00
77f5cb183b
merge appdb.js into apps.js
2021-08-23 15:35:38 -07:00
5dd6f85025
reverseproxy: async'ify
2021-08-17 14:34:55 -07:00
5bcf1bc47b
merge domaindb.js into domains.js
2021-08-16 14:41:42 -07:00
f11cc7389d
owner may be null even without error
2021-07-29 17:08:01 +02:00
Girish Ramakrishnan