Skip to content

Commit

Permalink
Fix cache behavior with sharing
Browse files Browse the repository at this point in the history
  • Loading branch information
@willnode
willnode committed Nov 14, 2024
1 parent 0465721 commit 279f49b
Showing 1 changed file with 12 additions and 6 deletions.
18 changes: 12 additions & 6 deletions src/executor/runnersub.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -245,7 +245,7 @@ export async function runConfigSubdomain(config, domaindata, subdomain, sshExec,
expectedSslMode = 'off';
}
// if (force regenerate or no explicit command or ssl not match) AND it's shared ssl differ, then must break.
if (regenerateSsl || (!expectedSslMode && !sharedSSL && !selfSignSsl) || (expectCert != nginxInfos.ssl_certificate)) {
if (regenerateSsl || (!expectedSslMode && !selfSignSsl) || (expectCert != nginxInfos.ssl_certificate)) {
if (subdomaindata['SSL shared with'] && (!sharedSSL || subdomaindata['SSL shared with'] != sharedSSL.domain)) {
await writeLog("$> Breaking ssl cert sharing");
await virtExec("modify-web", {
Expand All @@ -257,8 +257,10 @@ export async function runConfigSubdomain(config, domaindata, subdomain, sshExec,
subdomaindata = await virtualminExec.getDomainInfo(subdomain);
nginxNodes = await nginxExec.get(subdomain);
nginxInfos = nginxExec.extractInfo(nginxNodes, subdomain);
expectCert = sharedSSL ? path.join(sharedSSL.path, 'ssl.combined') : (subdomaindata['SSL cert and CA file'] || subdomaindata['SSL cert file']);
expectKey = sharedSSL ? path.join(sharedSSL.path, 'ssl.key') : subdomaindata['SSL key file'];
if (!sharedSSL) {
expectCert = subdomaindata['SSL cert and CA file'] || subdomaindata['SSL cert file'];
expectKey = subdomaindata['SSL key file'];
}
}
}
if (expectCert != nginxInfos.ssl_certificate) {
Expand All @@ -277,9 +279,12 @@ export async function runConfigSubdomain(config, domaindata, subdomain, sshExec,
nginxInfos.config.ssl = expectedSslMode;
changed = true;
}
if (sharedSSL && sharedSSL.domain != subdomaindata['SSL shared with']) {
changed = true;
}
try {
// if force LE or no explicit command AND not shared, check regeration
if (regenerateSsl || (!expectedSslMode && !sharedSSL && !selfSignSsl)) {
// if NOT shared AND force LE or no explicit command, check regeration
if (!sharedSSL && (regenerateSsl || (!expectedSslMode && !selfSignSsl))) {
const remaining = subdomaindata['SSL cert expiry'] ? (Date.parse(subdomaindata['SSL cert expiry']) - Date.now()) / 86400000 : 0;
// if force LE or remaining > 30 days, get fresh one
if (!regenerateSsl && subdomaindata['SSL candidate hostnames'] == subdomain && subdomaindata['Lets Encrypt renewal'] == 'Enabled' && (remaining > 30)) {
Expand Down Expand Up @@ -315,14 +320,15 @@ export async function runConfigSubdomain(config, domaindata, subdomain, sshExec,
} finally {
await writeLog("$> Applying nginx ssl config on " + subdomain);
await writeLog(await nginxExec.setDirect(subdomain, nginxInfos));
if (sharedSSL) {
if (sharedSSL && changed) {
await writeLog("$> Applying SSL links with global domain");
await writeLog(await virtualminExec.pushVirtualServerConfig(subdomaindata['ID'], {
'ssl_same': sharedSSL.id,
'ssl_key': path.join(sharedSSL.path, 'ssl.key'),
'ssl_cert': path.join(sharedSSL.path, 'ssl.cert'),
'ssl_chain': path.join(sharedSSL.path, 'ssl.ca'),
'ssl_combined': path.join(sharedSSL.path, 'ssl.combined'),
'ssl_everything': path.join(sharedSSL.path, 'ssl.everything'),
}));
}
}
Expand Down

0 comments on commit 279f49b

Please sign in to comment.