mirror of
https://github.com/jc21/nginx-proxy-manager.git
synced 2024-08-30 18:22:48 +00:00
Merge pull request #3392 from stevecrozz/auto-renew-uses-bulitin-renew
Make auto-renew use built-in renew function
This commit is contained in:
jc21
GitHub
commit
1be87f48c1
@ -8,6 +8,7 @@ const config = require('../lib/config');
|
|||||||
const error = require('../lib/error');
|
const error = require('../lib/error');
|
||||||
const utils = require('../lib/utils');
|
const utils = require('../lib/utils');
|
||||||
const certificateModel = require('../models/certificate');
|
const certificateModel = require('../models/certificate');
|
||||||
|
const tokenModel = require('../models/token');
|
||||||
const dnsPlugins = require('../global/certbot-dns-plugins');
|
const dnsPlugins = require('../global/certbot-dns-plugins');
|
||||||
const internalAuditLog = require('./audit-log');
|
const internalAuditLog = require('./audit-log');
|
||||||
const internalNginx = require('./nginx');
|
const internalNginx = require('./nginx');
|
||||||
@ -26,10 +27,11 @@ function omissions() {
|
|||||||
|
|
||||||
const internalCertificate = {
|
const internalCertificate = {
|
||||||
|
|
||||||
allowedSslFiles: ['certificate', 'certificate_key', 'intermediate_certificate'],
|
allowedSslFiles: ['certificate', 'certificate_key', 'intermediate_certificate'],
|
||||||
intervalTimeout: 1000 * 60 * 60, // 1 hour
|
intervalTimeout: 1000 * 60 * 60, // 1 hour
|
||||||
interval: null,
|
interval: null,
|
||||||
intervalProcessing: false,
|
intervalProcessing: false,
|
||||||
|
renewBeforeExpirationBy: [30, 'days'],
|
||||||
|
|
||||||
initTimer: () => {
|
initTimer: () => {
|
||||||
logger.info('Let\'s Encrypt Renewal Timer initialized');
|
logger.info('Let\'s Encrypt Renewal Timer initialized');
|
||||||
@ -44,62 +46,51 @@ const internalCertificate = {
|
|||||||
processExpiringHosts: () => {
|
processExpiringHosts: () => {
|
||||||
if (!internalCertificate.intervalProcessing) {
|
if (!internalCertificate.intervalProcessing) {
|
||||||
internalCertificate.intervalProcessing = true;
|
internalCertificate.intervalProcessing = true;
|
||||||
logger.info('Renewing SSL certs close to expiry...');
|
logger.info('Renewing SSL certs expiring within ' + internalCertificate.renewBeforeExpirationBy[0] + ' ' + internalCertificate.renewBeforeExpirationBy[1] + ' ...');
|
||||||
|
|
||||||
const cmd = certbotCommand + ' renew --non-interactive --quiet ' +
|
const expirationThreshold = moment().add(internalCertificate.renewBeforeExpirationBy[0], internalCertificate.renewBeforeExpirationBy[1]).format('YYYY-MM-DD HH:mm:ss');
|
||||||
'--config "' + letsencryptConfig + '" ' +
|
|
||||||
'--work-dir "/tmp/letsencrypt-lib" ' +
|
|
||||||
'--logs-dir "/tmp/letsencrypt-log" ' +
|
|
||||||
'--preferred-challenges "dns,http" ' +
|
|
||||||
'--disable-hook-validation ' +
|
|
||||||
(letsencryptStaging ? '--staging' : '');
|
|
||||||
|
|
||||||
return utils.exec(cmd)
|
// Fetch all the letsencrypt certs from the db that will expire within the configured threshold
|
||||||
.then((result) => {
|
certificateModel
|
||||||
if (result) {
|
.query()
|
||||||
logger.info('Renew Result: ' + result);
|
.where('is_deleted', 0)
|
||||||
|
.andWhere('provider', 'letsencrypt')
|
||||||
|
.andWhere('expires_on', '<', expirationThreshold)
|
||||||
|
.then((certificates) => {
|
||||||
|
if (!certificates || !certificates.length) {
|
||||||
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
return internalNginx.reload()
|
/**
|
||||||
.then(() => {
|
* Renews must be run sequentially or we'll get an error 'Another
|
||||||
logger.info('Renew Complete');
|
* instance of Certbot is already running.'
|
||||||
return result;
|
*/
|
||||||
});
|
let sequence = Promise.resolve();
|
||||||
})
|
|
||||||
.then(() => {
|
certificates.forEach(function (certificate) {
|
||||||
// Now go and fetch all the letsencrypt certs from the db and query the files and update expiry times
|
sequence = sequence.then(() =>
|
||||||
return certificateModel
|
internalCertificate
|
||||||
.query()
|
.renew(
|
||||||
.where('is_deleted', 0)
|
{
|
||||||
.andWhere('provider', 'letsencrypt')
|
can: () =>
|
||||||
.then((certificates) => {
|
Promise.resolve({
|
||||||
if (certificates && certificates.length) {
|
permission_visibility: 'all',
|
||||||
let promises = [];
|
}),
|
||||||
|
token: new tokenModel(),
|
||||||
certificates.map(function (certificate) {
|
},
|
||||||
promises.push(
|
{ id: certificate.id },
|
||||||
internalCertificate.getCertificateInfoFromFile('/etc/letsencrypt/live/npm-' + certificate.id + '/fullchain.pem')
|
)
|
||||||
.then((cert_info) => {
|
.catch((err) => {
|
||||||
return certificateModel
|
// Don't want to stop the train here, just log the error
|
||||||
.query()
|
logger.error(err.message);
|
||||||
.where('id', certificate.id)
|
}),
|
||||||
.andWhere('provider', 'letsencrypt')
|
);
|
||||||
.patch({
|
});
|
||||||
expires_on: moment(cert_info.dates.to, 'X').format('YYYY-MM-DD HH:mm:ss')
|
|
||||||
});
|
return sequence;
|
||||||
})
|
|
||||||
.catch((err) => {
|
|
||||||
// Don't want to stop the train here, just log the error
|
|
||||||
logger.error(err.message);
|
|
||||||
})
|
|
||||||
);
|
|
||||||
});
|
|
||||||
|
|
||||||
return Promise.all(promises);
|
|
||||||
}
|
|
||||||
});
|
|
||||||
})
|
})
|
||||||
.then(() => {
|
.then(() => {
|
||||||
|
logger.info('Completed SSL cert renew process');
|
||||||
internalCertificate.intervalProcessing = false;
|
internalCertificate.intervalProcessing = false;
|
||||||
})
|
})
|
||||||
.catch((err) => {
|
.catch((err) => {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user