bastion/nginx-proxy-manager
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove spammy ssl renewal process and replace with the system checker and run it every 6 hours

Browse Source
This commit is contained in:
Jamie Curnow 2018-03-15 15:29:36 +10:00
parent f10d8e4aa9
commit f60ffd85da
10 changed files with 13 additions and 171 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
manager/src/backend/internal/host.js
View File

@ -152,11 +152,6 @@ const internalHost = {
// SSL was turned off or hostname for ssl has changed so we should remove certs for the original
return internalSsl.deleteCerts(data.original)
.then(() => {
db.hosts.update({_id: data.updated._id}, {ssl_expires: 0}, {
multi: false,
upsert: false
});
data.updated.ssl_expires = 0;
return data;
});
}

59
manager/src/backend/internal/ssl.js
View File

@ -1,13 +1,10 @@
'use strict';
const _ = require('lodash');
const fs = require('fs');
const ejs = require('ejs');
const timestamp = require('unix-timestamp');
const batchflow = require('batchflow');
const internalNginx = require('./nginx');
const logger = require('../logger');
const db = require('../db');
const utils = require('../lib/utils');
const error = require('../lib/error');
@ -15,7 +12,7 @@ timestamp.round = true;
const internalSsl = {
interval_timeout: 60 * 1000,
interval_timeout: 1000 * 60 * 60 * 6, // 6 hours
interval: null,
interval_processing: false,
@ -28,42 +25,17 @@ const internalSsl = {
*/
processExpiringHosts: () => {
if (!internalSsl.interval_processing) {
let hosts = db.hosts.find();
if (hosts && hosts.length) {
internalSsl.interval_processing = true;
batchflow(hosts).sequential()
.each((i, host, next) => {
if ((typeof host.is_deleted === 'undefined' || !host.is_deleted) && host.ssl && typeof host.ssl_expires !== 'undefined' && !internalSsl.hasValidSslCerts(host)) {
// This host is due to expire in 1 day, time to renew
logger.info('Host ' + host.hostname + ' is due for SSL renewal');
internalSsl.renewSsl(host)
.then(() => {
// Certificate was requested ok, update the timestamp on the host
db.hosts.update({_id: host._id}, {ssl_expires: timestamp.now('+90d')}, {
multi: false,
upsert: false
});
})
.then(next)
.catch(err => {
logger.error(err);
next(err);
});
} else {
next();
}
})
.error(err => {
logger.error(err);
internalSsl.interval_processing = false;
})
.end((/*results*/) => {
internalSsl.interval_processing = false;
});
}
logger.info('Renewing SSL certs close to expiry...');
return utils.exec('/usr/bin/letsencrypt renew')
.then(result => {
logger.info(result);
internalSsl.interval_processing = false;
return result;
})
.catch(err => {
logger.error(err);
internalSsl.interval_processing = false;
});
}
},
@ -73,8 +45,7 @@ const internalSsl = {
*/
hasValidSslCerts: host => {
return fs.existsSync('/etc/letsencrypt/live/' + host.hostname + '/fullchain.pem') &&
fs.existsSync('/etc/letsencrypt/live/' + host.hostname + '/privkey.pem') &&
host.ssl_expires > timestamp.now('+1d');
fs.existsSync('/etc/letsencrypt/live/' + host.hostname + '/privkey.pem');
},
/**
@ -157,10 +128,6 @@ const internalSsl = {
.then(() => {
return internalSsl.requestSsl(data);
});
})
.then(() => {
// Certificate was requested ok, update the timestamp on the host
db.hosts.update({_id: host._id}, {ssl_expires: timestamp.now('+90d')}, {multi: false, upsert: false});
});
}
};

34
manager/src/backend/routes/api/hosts.js
View File

@ -152,38 +152,4 @@ router
.catch(next);
});
/**
* Renew Host Action
*
* /api/hosts/123/renew
*/
router
.route('/:host_id/renew')
.options((req, res) => {
res.sendStatus(204);
})
/**
* POST /api/hosts/123/renew
*/
.post((req, res, next) => {
validator({
required: ['host_id'],
additionalProperties: false,
properties: {
host_id: {
$ref: 'definitions#/definitions/_id'
}
}
}, req.params)
.then(data => {
return internalHost.renew(data.host_id);
})
.then(result => {
res.status(200)
.send(result);
})
.catch(next);
});
module.exports = router;

8
manager/src/backend/schema/endpoints/hosts.json
View File

@ -38,11 +38,6 @@
"ssl": {
"type": "boolean"
},
"ssl_expires": {
"type": "integer",
"minimum": 0,
"readonly": true
},
"letsencrypt_email": {
"type": "string",
"format": "email"
@ -252,9 +247,6 @@
"ssl": {
"$ref": "#/definitions/ssl"
},
"ssl_expires": {
"$ref": "#/definitions/ssl_expires"
},
"letsencrypt_email": {
"$ref": "#/definitions/letsencrypt_email"
},

8
manager/src/frontend/js/app/api.js
View File

@ -118,14 +118,6 @@ module.exports = {
*/
reconfigure: function (_id) {
return fetch('post', 'hosts/' + _id + '/reconfigure');
},
/**
* @param {String} _id
* @returns {Promise}
*/
renew: function (_id) {
return fetch('post', 'hosts/' + _id + '/renew');
}
},

11
manager/src/frontend/js/app/controller.js
View File

@ -119,17 +119,6 @@ module.exports = {
});
},
/**
* Show Renew Host
*
* @param model
*/
showRenewHost: function (model) {
require(['./main', './host/renew'], function (App, View) {
App.UI.showModalDialog(new View({model: model}));
});
},
/**
* Show Advanced Host
*

3
manager/src/frontend/js/app/dashboard/row.ejs
View File

@ -42,9 +42,6 @@
<% } %>
</td>
<td class="text-right">
<% if (ssl) { %>
<button type="button" class="btn btn-default btn-xs renew" title="Renew SSL"><i class="fa fa-shield" aria-hidden="true"></i></button>
<% } %>
<button type="button" class="btn btn-default btn-xs reconfigure" title="Reconfigure Nginx"><i class="fa fa-refresh" aria-hidden="true"></i></button>
<button type="button" class="btn btn-default btn-xs advanced" title="Advanced Configuration"<%- type === 'stream' ? ' disabled' : '' %>><i class="fa fa-code" aria-hidden="true"></i></button>
<button type="button" class="btn btn-warning btn-xs edit" title="Edit"><i class="fa fa-pencil" aria-hidden="true"></i></button>

6
manager/src/frontend/js/app/dashboard/row.js
View File

@ -15,7 +15,6 @@ module.exports = Mn.View.extend({
delete: 'button.delete',
access_list: 'a.access_list',
reconfigure: 'button.reconfigure',
renew: 'button.renew',
advanced: 'button.advanced'
},
@ -53,11 +52,6 @@ module.exports = Mn.View.extend({
Controller.showReconfigureHost(this.model);
},
'click @ui.renew': function (e) {
e.preventDefault();
Controller.showRenewHost(this.model);
},
'click @ui.advanced': function (e) {
e.preventDefault();
Controller.showAdvancedHost(this.model);

17
manager/src/frontend/js/app/host/renew.ejs
View File

@ -1,17 +0,0 @@
<div class="modal-dialog">
<div class="modal-content">
<form class="form-horizontal">
<div class="modal-header text-left">
<h4 class="modal-title">Renew SSL Certificates</h4>
</div>
<div class="modal-body">
<p>This will renew the SSL Certificates for the host. This normally happens automatically however if you notice
SSL working incorrectly, this may fix it.</p>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
<button type="submit" class="btn btn-success renew">Renew SSL</button>
</div>
</form>
</div>
</div>

33
manager/src/frontend/js/app/host/renew.js
View File

@ -1,33 +0,0 @@
'use strict';
import Mn from 'backbone.marionette';
const template = require('./renew.ejs');
const Api = require('../api');
const App = require('../main');
module.exports = Mn.View.extend({
template: template,
ui: {
buttons: 'form button',
renew: 'button.renew'
},
events: {
'click @ui.renew': function (e) {
e.preventDefault();
this.ui.buttons.prop('disabled', true).addClass('btn-disabled');
Api.Hosts.renew(this.model.get('_id'))
.then((/*result*/) => {
App.UI.closeModal();
})
.catch(err => {
alert(err.message);
this.ui.buttons.prop('disabled', false).removeClass('btn-disabled');
});
}
}
});