Mirrored_Repos/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/jc21/nginx-proxy-manager.git synced 2024-08-30 18:22:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3392 from stevecrozz/auto-renew-uses-bulitin-renew

Browse Source 
Make auto-renew use built-in renew function
This commit is contained in:
jc21 2024-01-12 12:15:37 +10:00 committed by GitHub
commit 1be87f48c1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 45 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
backend/internal/certificate.js
View File

@ -8,6 +8,7 @@ const config = require('../lib/config');
const error = require('../lib/error'); const error = require('../lib/error');
const utils = require('../lib/utils'); const utils = require('../lib/utils');
const certificateModel = require('../models/certificate'); const certificateModel = require('../models/certificate');
const tokenModel = require('../models/token');
const dnsPlugins = require('../global/certbot-dns-plugins'); const dnsPlugins = require('../global/certbot-dns-plugins');
const internalAuditLog = require('./audit-log'); const internalAuditLog = require('./audit-log');
const internalNginx = require('./nginx'); const internalNginx = require('./nginx');
@ -30,6 +31,7 @@ const internalCertificate = {
intervalTimeout: 1000 * 60 * 60, // 1 hour intervalTimeout: 1000 * 60 * 60, // 1 hour
interval: null, interval: null,
intervalProcessing: false, intervalProcessing: false,
renewBeforeExpirationBy: [30, 'days'],
initTimer: () => { initTimer: () => {
logger.info('Let\'s Encrypt Renewal Timer initialized'); logger.info('Let\'s Encrypt Renewal Timer initialized');
@ -44,62 +46,51 @@ const internalCertificate = {
processExpiringHosts: () => { processExpiringHosts: () => {
if (!internalCertificate.intervalProcessing) { if (!internalCertificate.intervalProcessing) {
internalCertificate.intervalProcessing = true; internalCertificate.intervalProcessing = true;
logger.info('Renewing SSL certs close to expiry...'); logger.info('Renewing SSL certs expiring within ' + internalCertificate.renewBeforeExpirationBy[0] + ' ' + internalCertificate.renewBeforeExpirationBy[1] + ' ...');
const cmd = certbotCommand + ' renew --non-interactive --quiet ' + const expirationThreshold = moment().add(internalCertificate.renewBeforeExpirationBy[0], internalCertificate.renewBeforeExpirationBy[1]).format('YYYY-MM-DD HH:mm:ss');
'--config "' + letsencryptConfig + '" ' +
'--work-dir "/tmp/letsencrypt-lib" ' +
'--logs-dir "/tmp/letsencrypt-log" ' +
'--preferred-challenges "dns,http" ' +
'--disable-hook-validation ' +
(letsencryptStaging ? '--staging' : '');
return utils.exec(cmd) // Fetch all the letsencrypt certs from the db that will expire within the configured threshold
.then((result) => { certificateModel
if (result) {
logger.info('Renew Result: ' + result);
}
return internalNginx.reload()
.then(() => {
logger.info('Renew Complete');
return result;
});
})
.then(() => {
// Now go and fetch all the letsencrypt certs from the db and query the files and update expiry times
return certificateModel
.query() .query()
.where('is_deleted', 0) .where('is_deleted', 0)
.andWhere('provider', 'letsencrypt') .andWhere('provider', 'letsencrypt')
.andWhere('expires_on', '<', expirationThreshold)
.then((certificates) => { .then((certificates) => {
if (certificates && certificates.length) { if (!certificates || !certificates.length) {
let promises = []; return null;
}
certificates.map(function (certificate) { /**
promises.push( * Renews must be run sequentially or we'll get an error 'Another
internalCertificate.getCertificateInfoFromFile('/etc/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem') * instance of Certbot is already running.'
.then((cert_info) => { */
return certificateModel let sequence = Promise.resolve();
.query()
.where('id', certificate.id) certificates.forEach(function (certificate) {
.andWhere('provider', 'letsencrypt') sequence = sequence.then(() =>
.patch({ internalCertificate
expires_on: moment(cert_info.dates.to, 'X').format('YYYY-MM-DD HH:mm:ss') .renew(
}); {
}) can: () =>
Promise.resolve({
permission_visibility: 'all',
}),
token: new tokenModel(),
},
{ id: certificate.id },
)
.catch((err) => { .catch((err) => {
// Don't want to stop the train here, just log the error // Don't want to stop the train here, just log the error
logger.error(err.message); logger.error(err.message);
}) }),
); );
}); });
return Promise.all(promises); return sequence;
}
});
}) })
.then(() => { .then(() => {
logger.info('Completed SSL cert renew process');
internalCertificate.intervalProcessing = false; internalCertificate.intervalProcessing = false;
}) })
.catch((err) => { .catch((err) => {