Skip to content

Commit

Permalink
Make sure NGINX fixed even if SSL fails
Browse files Browse the repository at this point in the history
  • Loading branch information
@willnode
willnode committed Oct 13, 2024
1 parent 63b20b7 commit 4a8324f
Showing 1 changed file with 45 additions and 39 deletions.
84 changes: 45 additions & 39 deletions src/executor/runnersub.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -277,48 +277,54 @@ export async function runConfigSubdomain(config, domaindata, subdomain, sshExec,
nginxInfos.config.ssl = expectedSslMode;
changed = true;
}
// if force LE or no explicit command AND not shared, check regeration
if (regenerateSsl || (!expectedSslMode && !sharedSSL && !selfSignSsl)) {
const remaining = subdomaindata['SSL cert expiry'] ? (Date.parse(subdomaindata['SSL cert expiry']) - Date.now()) / 86400000 : 0;
// if force LE or remaining > 30 days, get fresh one
if (!regenerateSsl && subdomaindata['Lets Encrypt domain'] == subdomain && subdomaindata['Lets Encrypt renewal'] == 'Enabled' && (remaining > 30)) {
await writeLog("$> SSL cert expiry is " + Math.trunc(remaining) + " days away so skipping renewal");
await writeLog("$> To enforce renewal please use 'ssl renew'");
} else {
await writeLog("$> Generating SSL cert with Let's Encrypt");
await spawnSudoUtil('OPENSSL_CLEAN');
await virtExec("generate-letsencrypt-cert", {
try {
// if force LE or no explicit command AND not shared, check regeration
if (regenerateSsl || (!expectedSslMode && !sharedSSL && !selfSignSsl)) {
const remaining = subdomaindata['SSL cert expiry'] ? (Date.parse(subdomaindata['SSL cert expiry']) - Date.now()) / 86400000 : 0;
// if force LE or remaining > 30 days, get fresh one
if (!regenerateSsl && subdomaindata['Lets Encrypt domain'] == subdomain && subdomaindata['Lets Encrypt renewal'] == 'Enabled' && (remaining > 30)) {
await writeLog("$> SSL cert expiry is " + Math.trunc(remaining) + " days away so skipping renewal");
await writeLog("$> To enforce renewal please use 'ssl renew'");
} else {
await writeLog("$> Generating SSL cert with Let's Encrypt");
await spawnSudoUtil('OPENSSL_CLEAN');

await virtExec("generate-letsencrypt-cert", {
domain: subdomain,
'renew': 2,
'web': true,
});
subdomaindata['SSL cert expiry'] = new Date().toISOString()
}
// if LE ON AND force self-sign / shared on, must turn off
// if it was shared or ssl path don't match, just assume that's also LE ON
} else if ((selfSignSsl || sharedSSL) && ((subdomaindata['SSL shared with'] && changed && !expectedSslMode) || subdomaindata['Lets Encrypt renewal'] == 'Enabled')) {
await writeLog("$> Generating self signed cert and turning off let's encrypt renewal");
await virtExec("generate-cert", {
domain: subdomain,
'renew': 2,
'web': true,
'self': true,
});
subdomaindata['SSL cert expiry'] = new Date().toISOString()
delete subdomaindata['Lets Encrypt renewal'];
delete subdomaindata['SSL shared with'];
} else if (!changed) {
await writeLog("$> SSL config seems OK, nothing changed");
break;
}
} catch (error) {
throw error;
} finally {
await writeLog("$> Applying nginx ssl config on " + subdomain);
await writeLog(await nginxExec.setDirect(subdomain, nginxInfos));
if (sharedSSL && sharedSSL.match(/\/(\d{10,})\//)) {
await writeLog("$> Applying SSL links with global domain");
let id = sharedSSL.match(/\/(\d{10,})\//)[1];
await writeLog(await virtualminExec.pushVirtualServerConfig(subdomaindata['ID'], {
'ssl_same': id,
'ssl_key': path.join(sharedSSL, 'ssl.key'),
'ssl_cert': path.join(sharedSSL, 'ssl.cert'),
'ssl_chain': path.join(sharedSSL, 'ssl.ca'),
}));
}
// if LE ON AND force self-sign / shared on, must turn off
// if it was shared or ssl path don't match, just assume that's also LE ON
} else if ((selfSignSsl || sharedSSL) && ((subdomaindata['SSL shared with'] && changed && !expectedSslMode) || subdomaindata['Lets Encrypt renewal'] == 'Enabled')) {
await writeLog("$> Generating self signed cert and turning off let's encrypt renewal");
await virtExec("generate-cert", {
domain: subdomain,
'self': true,
});
delete subdomaindata['Lets Encrypt renewal'];
delete subdomaindata['SSL shared with'];
} else if (!changed) {
await writeLog("$> SSL config seems OK, nothing changed");
break;
}
await writeLog("$> Applying nginx ssl config on " + subdomain);
await writeLog(await nginxExec.setDirect(subdomain, nginxInfos));
if (sharedSSL && sharedSSL.match(/\/(\d{10,})\//)) {
await writeLog("$> Applying SSL links with global domain");
let id = sharedSSL.match(/\/(\d{10,})\//)[1];
await writeLog(await virtualminExec.pushVirtualServerConfig(subdomaindata['ID'], {
'ssl_same': id,
'ssl_key': path.join(sharedSSL, 'ssl.key'),
'ssl_cert': path.join(sharedSSL, 'ssl.cert'),
'ssl_chain': path.join(sharedSSL, 'ssl.ca'),
}));
}
break;
case 'root':
Expand Down

0 comments on commit 4a8324f

Please sign in to comment.