From f60ffd85da2a0d74dcbc1c16c7c373a9d9a8a56e Mon Sep 17 00:00:00 2001 From: Jamie Curnow Date: Thu, 15 Mar 2018 15:29:36 +1000 Subject: [PATCH] Remove spammy ssl renewal process and replace with the system checker and run it every 6 hours --- manager/src/backend/internal/host.js | 5 -- manager/src/backend/internal/ssl.js | 59 ++++--------------- manager/src/backend/routes/api/hosts.js | 34 ----------- .../src/backend/schema/endpoints/hosts.json | 8 --- manager/src/frontend/js/app/api.js | 8 --- manager/src/frontend/js/app/controller.js | 11 ---- manager/src/frontend/js/app/dashboard/row.ejs | 3 - manager/src/frontend/js/app/dashboard/row.js | 6 -- manager/src/frontend/js/app/host/renew.ejs | 17 ------ manager/src/frontend/js/app/host/renew.js | 33 ----------- 10 files changed, 13 insertions(+), 171 deletions(-) delete mode 100644 manager/src/frontend/js/app/host/renew.ejs delete mode 100644 manager/src/frontend/js/app/host/renew.js diff --git a/manager/src/backend/internal/host.js b/manager/src/backend/internal/host.js index de3a24a8..72f55d28 100644 --- a/manager/src/backend/internal/host.js +++ b/manager/src/backend/internal/host.js @@ -152,11 +152,6 @@ const internalHost = { // SSL was turned off or hostname for ssl has changed so we should remove certs for the original return internalSsl.deleteCerts(data.original) .then(() => { - db.hosts.update({_id: data.updated._id}, {ssl_expires: 0}, { - multi: false, - upsert: false - }); - data.updated.ssl_expires = 0; return data; }); } diff --git a/manager/src/backend/internal/ssl.js b/manager/src/backend/internal/ssl.js index eb1a6602..9746c58e 100644 --- a/manager/src/backend/internal/ssl.js +++ b/manager/src/backend/internal/ssl.js @@ -1,13 +1,10 @@ 'use strict'; -const _ = require('lodash'); const fs = require('fs'); const ejs = require('ejs'); const timestamp = require('unix-timestamp'); -const batchflow = require('batchflow'); const internalNginx = require('./nginx'); const logger = require('../logger'); -const db = require('../db'); const utils = require('../lib/utils'); const error = require('../lib/error'); @@ -15,7 +12,7 @@ timestamp.round = true; const internalSsl = { - interval_timeout: 60 * 1000, + interval_timeout: 1000 * 60 * 60 * 6, // 6 hours interval: null, interval_processing: false, @@ -28,42 +25,17 @@ const internalSsl = { */ processExpiringHosts: () => { if (!internalSsl.interval_processing) { - let hosts = db.hosts.find(); - - if (hosts && hosts.length) { - internalSsl.interval_processing = true; - - batchflow(hosts).sequential() - .each((i, host, next) => { - if ((typeof host.is_deleted === 'undefined' || !host.is_deleted) && host.ssl && typeof host.ssl_expires !== 'undefined' && !internalSsl.hasValidSslCerts(host)) { - // This host is due to expire in 1 day, time to renew - logger.info('Host ' + host.hostname + ' is due for SSL renewal'); - - internalSsl.renewSsl(host) - .then(() => { - // Certificate was requested ok, update the timestamp on the host - db.hosts.update({_id: host._id}, {ssl_expires: timestamp.now('+90d')}, { - multi: false, - upsert: false - }); - }) - .then(next) - .catch(err => { - logger.error(err); - next(err); - }); - } else { - next(); - } - }) - .error(err => { - logger.error(err); - internalSsl.interval_processing = false; - }) - .end((/*results*/) => { - internalSsl.interval_processing = false; - }); - } + logger.info('Renewing SSL certs close to expiry...'); + return utils.exec('/usr/bin/letsencrypt renew') + .then(result => { + logger.info(result); + internalSsl.interval_processing = false; + return result; + }) + .catch(err => { + logger.error(err); + internalSsl.interval_processing = false; + }); } }, @@ -73,8 +45,7 @@ const internalSsl = { */ hasValidSslCerts: host => { return fs.existsSync('/etc/letsencrypt/live/' + host.hostname + '/fullchain.pem') && - fs.existsSync('/etc/letsencrypt/live/' + host.hostname + '/privkey.pem') && - host.ssl_expires > timestamp.now('+1d'); + fs.existsSync('/etc/letsencrypt/live/' + host.hostname + '/privkey.pem'); }, /** @@ -157,10 +128,6 @@ const internalSsl = { .then(() => { return internalSsl.requestSsl(data); }); - }) - .then(() => { - // Certificate was requested ok, update the timestamp on the host - db.hosts.update({_id: host._id}, {ssl_expires: timestamp.now('+90d')}, {multi: false, upsert: false}); }); } }; diff --git a/manager/src/backend/routes/api/hosts.js b/manager/src/backend/routes/api/hosts.js index 0bf085a2..0d300ed4 100644 --- a/manager/src/backend/routes/api/hosts.js +++ b/manager/src/backend/routes/api/hosts.js @@ -152,38 +152,4 @@ router .catch(next); }); -/** - * Renew Host Action - * - * /api/hosts/123/renew - */ -router - .route('/:host_id/renew') - .options((req, res) => { - res.sendStatus(204); - }) - - /** - * POST /api/hosts/123/renew - */ - .post((req, res, next) => { - validator({ - required: ['host_id'], - additionalProperties: false, - properties: { - host_id: { - $ref: 'definitions#/definitions/_id' - } - } - }, req.params) - .then(data => { - return internalHost.renew(data.host_id); - }) - .then(result => { - res.status(200) - .send(result); - }) - .catch(next); - }); - module.exports = router; diff --git a/manager/src/backend/schema/endpoints/hosts.json b/manager/src/backend/schema/endpoints/hosts.json index 1949e4f6..c56ed69a 100644 --- a/manager/src/backend/schema/endpoints/hosts.json +++ b/manager/src/backend/schema/endpoints/hosts.json @@ -38,11 +38,6 @@ "ssl": { "type": "boolean" }, - "ssl_expires": { - "type": "integer", - "minimum": 0, - "readonly": true - }, "letsencrypt_email": { "type": "string", "format": "email" @@ -252,9 +247,6 @@ "ssl": { "$ref": "#/definitions/ssl" }, - "ssl_expires": { - "$ref": "#/definitions/ssl_expires" - }, "letsencrypt_email": { "$ref": "#/definitions/letsencrypt_email" }, diff --git a/manager/src/frontend/js/app/api.js b/manager/src/frontend/js/app/api.js index e575ab14..3697a360 100644 --- a/manager/src/frontend/js/app/api.js +++ b/manager/src/frontend/js/app/api.js @@ -118,14 +118,6 @@ module.exports = { */ reconfigure: function (_id) { return fetch('post', 'hosts/' + _id + '/reconfigure'); - }, - - /** - * @param {String} _id - * @returns {Promise} - */ - renew: function (_id) { - return fetch('post', 'hosts/' + _id + '/renew'); } }, diff --git a/manager/src/frontend/js/app/controller.js b/manager/src/frontend/js/app/controller.js index 5893f5c9..2bf685b4 100644 --- a/manager/src/frontend/js/app/controller.js +++ b/manager/src/frontend/js/app/controller.js @@ -119,17 +119,6 @@ module.exports = { }); }, - /** - * Show Renew Host - * - * @param model - */ - showRenewHost: function (model) { - require(['./main', './host/renew'], function (App, View) { - App.UI.showModalDialog(new View({model: model})); - }); - }, - /** * Show Advanced Host * diff --git a/manager/src/frontend/js/app/dashboard/row.ejs b/manager/src/frontend/js/app/dashboard/row.ejs index 5741057e..19a3ba43 100644 --- a/manager/src/frontend/js/app/dashboard/row.ejs +++ b/manager/src/frontend/js/app/dashboard/row.ejs @@ -42,9 +42,6 @@ <% } %> - <% if (ssl) { %> - - <% } %> diff --git a/manager/src/frontend/js/app/dashboard/row.js b/manager/src/frontend/js/app/dashboard/row.js index 0c403f99..0cefc940 100644 --- a/manager/src/frontend/js/app/dashboard/row.js +++ b/manager/src/frontend/js/app/dashboard/row.js @@ -15,7 +15,6 @@ module.exports = Mn.View.extend({ delete: 'button.delete', access_list: 'a.access_list', reconfigure: 'button.reconfigure', - renew: 'button.renew', advanced: 'button.advanced' }, @@ -53,11 +52,6 @@ module.exports = Mn.View.extend({ Controller.showReconfigureHost(this.model); }, - 'click @ui.renew': function (e) { - e.preventDefault(); - Controller.showRenewHost(this.model); - }, - 'click @ui.advanced': function (e) { e.preventDefault(); Controller.showAdvancedHost(this.model); diff --git a/manager/src/frontend/js/app/host/renew.ejs b/manager/src/frontend/js/app/host/renew.ejs deleted file mode 100644 index aa0004e3..00000000 --- a/manager/src/frontend/js/app/host/renew.ejs +++ /dev/null @@ -1,17 +0,0 @@ -
-
-
-
-

Renew SSL Certificates

-
-
-

This will renew the SSL Certificates for the host. This normally happens automatically however if you notice - SSL working incorrectly, this may fix it.

-
-
- - -
-
-
-
diff --git a/manager/src/frontend/js/app/host/renew.js b/manager/src/frontend/js/app/host/renew.js deleted file mode 100644 index dee40e69..00000000 --- a/manager/src/frontend/js/app/host/renew.js +++ /dev/null @@ -1,33 +0,0 @@ -'use strict'; - -import Mn from 'backbone.marionette'; - -const template = require('./renew.ejs'); -const Api = require('../api'); -const App = require('../main'); - -module.exports = Mn.View.extend({ - template: template, - - ui: { - buttons: 'form button', - renew: 'button.renew' - }, - - events: { - 'click @ui.renew': function (e) { - e.preventDefault(); - - this.ui.buttons.prop('disabled', true).addClass('btn-disabled'); - - Api.Hosts.renew(this.model.get('_id')) - .then((/*result*/) => { - App.UI.closeModal(); - }) - .catch(err => { - alert(err.message); - this.ui.buttons.prop('disabled', false).removeClass('btn-disabled'); - }); - } - } -});