Skip to content

Commit

Permalink
add self-sign, use ssl combined, add deploy hooks
Browse files Browse the repository at this point in the history
  • Loading branch information
@willnode
willnode committed Nov 21, 2023
1 parent 0ff3f12 commit d4b17ad
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 5 deletions.
24 changes: 24 additions & 0 deletions .github/workflows/domcloud.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,3 +32,27 @@ jobs:
webhook_auth: ${{ secrets.WEBHOOK_AUTH_FRA }}
data: >-
{"commands":["git pull","sudo systemctl restart bridge"]}
- name: Invoke OSA deployment hook
uses: distributhor/workflow-webhook@v2
env:
webhook_url: https://my.domcloud.co/api/githubdeploy
webhook_secret: ${{ secrets.WEBHOOK_SECRET_OSA }}
webhook_auth: ${{ secrets.WEBHOOK_AUTH_OSA }}
data: >-
{"commands":["git pull","sudo systemctl restart bridge"]}
- name: Invoke BLR deployment hook
uses: distributhor/workflow-webhook@v2
env:
webhook_url: https://my.domcloud.co/api/githubdeploy
webhook_secret: ${{ secrets.WEBHOOK_SECRET_BLR }}
webhook_auth: ${{ secrets.WEBHOOK_AUTH_BLR }}
data: >-
{"commands":["git pull","sudo systemctl restart bridge"]}
- name: Invoke SAO deployment hook
uses: distributhor/workflow-webhook@v2
env:
webhook_url: https://my.domcloud.co/api/githubdeploy
webhook_secret: ${{ secrets.WEBHOOK_SECRET_SAO }}
webhook_auth: ${{ secrets.WEBHOOK_AUTH_SAO }}
data: >-
{"commands":["git pull","sudo systemctl restart bridge"]}
2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "domcloud-bridge",
"version": "0.32.1",
"version": "0.32.2",
"description": "Deployment runner for DOM Cloud",
"main": "app.js",
"engines": {
Expand Down
11 changes: 7 additions & 4 deletions src/executor/runner.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -667,17 +667,20 @@ export async function runConfigSubdomain(config, domaindata, subdomain, sshExec,
break;
}
let regenerateSsl = false;
let selfSignSsl = false;
let expectedSslMode = null;
if (['off', 'always', 'on'].includes(value)) {
expectedSslMode = value;
} else if (value == 'letsencrypt') {
} else if (value == 'letsencrypt' || value == 'lets-encrypt') {
regenerateSsl = true;
} else if (value == 'selfsign' || value == 'self-sign') {
selfSignSsl = true;
}
var nginxNodes = await nginxExec.get(subdomain);
var nginxInfos = nginxExec.extractInfo(nginxNodes, subdomain);
var sharedSSL = regenerateSsl ? null : detectCanShareSSL(subdomain);
var changed = false;
var expectCert = sharedSSL ? path.join(sharedSSL, 'ssl.cert') : domaindata['SSL cert file'];
var expectCert = sharedSSL ? path.join(sharedSSL, 'ssl.combined') : domaindata['SSL cert and CA file'];
var expectKey = sharedSSL ? path.join(sharedSSL, 'ssl.key') : domaindata['SSL key file'];
if (!expectCert || !expectKey) {
expectedSslMode = 'off';
Expand All @@ -702,15 +705,15 @@ export async function runConfigSubdomain(config, domaindata, subdomain, sshExec,
await writeLog("$> Applying nginx ssl config on " + subdomain);
await writeLog(await nginxExec.setDirect(subdomain, nginxInfos));
}
if (regenerateSsl || (!expectedSslMode && !sharedSSL)) {
if (regenerateSsl || (!expectedSslMode && !sharedSSL && !selfSignSsl)) {
await writeLog("$> Generating ssl cert with let's encrypt");
await spawnSudoUtil('OPENSSL_CLEAN');
await virtExec("generate-letsencrypt-cert", {
domain: subdomain,
'renew': 2,
'web': true,
});
} else if (sharedSSL && domaindata['Lets Encrypt renewal'] == 'Enabled') {
} else if ((selfSignSsl || sharedSSL) && domaindata['Lets Encrypt renewal'] == 'Enabled') {
await writeLog("$> Generating self signed cert and turning off let's encrypt renewal");
await virtExec("generate-cert", {
domain: subdomain,
Expand Down

0 comments on commit d4b17ad

Please sign in to comment.