mirror of
https://github.com/xiaoxinpro/nginx-proxy-manager-zh.git
synced 2025-03-15 10:08:16 -04:00
138 lines
4.1 KiB
JavaScript
138 lines
4.1 KiB
JavaScript
'use strict';
|
|
|
|
const fs = require('fs');
|
|
const ejs = require('ejs');
|
|
const timestamp = require('unix-timestamp');
|
|
const internalNginx = require('./nginx');
|
|
const logger = require('../logger');
|
|
const utils = require('../lib/utils');
|
|
const error = require('../lib/error');
|
|
|
|
timestamp.round = true;
|
|
|
|
const internalSsl = {
|
|
|
|
interval_timeout: 1000 * 60 * 60 * 6, // 6 hours
|
|
interval: null,
|
|
interval_processing: false,
|
|
|
|
initTimer: () => {
|
|
internalSsl.interval = setInterval(internalSsl.processExpiringHosts, internalSsl.interval_timeout);
|
|
},
|
|
|
|
/**
|
|
* Triggered by a timer, this will check for expiring hosts and renew their ssl certs if required
|
|
*/
|
|
processExpiringHosts: () => {
|
|
if (!internalSsl.interval_processing) {
|
|
logger.info('Renewing SSL certs close to expiry...');
|
|
return utils.exec('/usr/bin/certbot renew -q')
|
|
.then(result => {
|
|
logger.info(result);
|
|
internalSsl.interval_processing = false;
|
|
|
|
return internalNginx.reload()
|
|
.then(() => {
|
|
logger.info('Renew Complete');
|
|
return result;
|
|
});
|
|
})
|
|
.catch(err => {
|
|
logger.error(err);
|
|
internalSsl.interval_processing = false;
|
|
});
|
|
}
|
|
},
|
|
|
|
/**
|
|
* @param {Object} host
|
|
* @returns {Boolean}
|
|
*/
|
|
hasValidSslCerts: host => {
|
|
return fs.existsSync('/etc/letsencrypt/live/' + host.hostname + '/fullchain.pem') &&
|
|
fs.existsSync('/etc/letsencrypt/live/' + host.hostname + '/privkey.pem');
|
|
},
|
|
|
|
/**
|
|
* @param {Object} host
|
|
* @returns {Promise}
|
|
*/
|
|
requestSsl: host => {
|
|
logger.info('Requesting SSL certificates for ' + host.hostname);
|
|
|
|
return utils.exec('/usr/bin/letsencrypt certonly --agree-tos --email "' + host.letsencrypt_email + '" -n -a webroot -d "' + host.hostname + '"')
|
|
.then(result => {
|
|
logger.info(result);
|
|
return result;
|
|
});
|
|
},
|
|
|
|
/**
|
|
* @param {Object} host
|
|
* @returns {Promise}
|
|
*/
|
|
renewSsl: host => {
|
|
logger.info('Renewing SSL certificates for ' + host.hostname);
|
|
|
|
return utils.exec('/usr/bin/certbot renew --force-renewal --disable-hook-validation --cert-name "' + host.hostname + '"')
|
|
.then(result => {
|
|
logger.info(result);
|
|
return result;
|
|
});
|
|
},
|
|
|
|
/**
|
|
* @param {Object} host
|
|
* @returns {Promise}
|
|
*/
|
|
deleteCerts: host => {
|
|
logger.info('Deleting SSL certificates for ' + host.hostname);
|
|
|
|
return utils.exec('/usr/bin/certbot delete -n --cert-name "' + host.hostname + '"')
|
|
.then(result => {
|
|
logger.info(result);
|
|
})
|
|
.catch(err => {
|
|
logger.error(err);
|
|
});
|
|
},
|
|
|
|
/**
|
|
* @param {Object} host
|
|
* @returns {Promise}
|
|
*/
|
|
generateSslSetupConfig: host => {
|
|
let template = null;
|
|
let filename = internalNginx.getConfigName(host);
|
|
let template_data = host;
|
|
|
|
return new Promise((resolve, reject) => {
|
|
try {
|
|
template = fs.readFileSync(__dirname + '/../templates/letsencrypt.conf.ejs', {encoding: 'utf8'});
|
|
let config_text = ejs.render(template, template_data);
|
|
fs.writeFileSync(filename, config_text, {encoding: 'utf8'});
|
|
|
|
resolve(template_data);
|
|
} catch (err) {
|
|
reject(new error.ConfigurationError(err.message));
|
|
}
|
|
});
|
|
},
|
|
|
|
/**
|
|
* @param {Object} host
|
|
* @returns {Promise}
|
|
*/
|
|
configureSsl: host => {
|
|
return internalSsl.generateSslSetupConfig(host)
|
|
.then(data => {
|
|
return internalNginx.reload()
|
|
.then(() => {
|
|
return internalSsl.requestSsl(data);
|
|
});
|
|
});
|
|
}
|
|
};
|
|
|
|
module.exports = internalSsl;
|