improve
This commit is contained in:
6543
parent
1c5561231b
commit
aa21b81586
|
|
@ -85,11 +85,11 @@ func migrateCerts(ctx *cli.Context) error {
|
|||
}
|
||||
|
||||
func listCerts(ctx *cli.Context) error {
|
||||
certDB, close, err := openCertDB(ctx)
|
||||
certDB, closeFn, err := openCertDB(ctx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer close()
|
||||
defer closeFn()
|
||||
|
||||
items, err := certDB.Items(0, 0)
|
||||
if err != nil {
|
||||
|
|
@ -115,11 +115,11 @@ func removeCert(ctx *cli.Context) error {
|
|||
|
||||
domains := ctx.Args().Slice()
|
||||
|
||||
certDB, close, err := openCertDB(ctx)
|
||||
certDB, closeFn, err := openCertDB(ctx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer close()
|
||||
defer closeFn()
|
||||
|
||||
for _, domain := range domains {
|
||||
fmt.Printf("Removing domain %s from the database...\n", domain)
|
||||
|
|
|
|||
|
|
@ -74,11 +74,11 @@ func Serve(ctx *cli.Context) error {
|
|||
}
|
||||
|
||||
// Init ssl cert database
|
||||
certDB, close, err := openCertDB(ctx)
|
||||
certDB, closeFn, err := openCertDB(ctx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer close()
|
||||
defer closeFn()
|
||||
|
||||
keyCache := cache.NewKeyValueCache()
|
||||
challengeCache := cache.NewKeyValueCache()
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ import (
|
|||
"codeberg.org/codeberg/pages/server/database"
|
||||
)
|
||||
|
||||
func openCertDB(ctx *cli.Context) (certDB database.CertDB, close func(), err error) {
|
||||
func openCertDB(ctx *cli.Context) (certDB database.CertDB, closeFn func(), err error) {
|
||||
if ctx.String("db-type") != "" {
|
||||
log.Trace().Msg("use xorm mode")
|
||||
certDB, err = database.NewXormDB(ctx.String("db-type"), ctx.String("db-conn"))
|
||||
|
|
@ -35,11 +35,11 @@ The simplest way is, to use './pages certs migrate' and set environment var DB_T
|
|||
}
|
||||
}
|
||||
|
||||
close = func() {
|
||||
closeFn = func() {
|
||||
if err := certDB.Close(); err != nil {
|
||||
log.Error().Err(err)
|
||||
}
|
||||
}
|
||||
|
||||
return certDB, close, nil
|
||||
return certDB, closeFn, nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -208,7 +208,7 @@ func retrieveCertFromDB(sni, mainDomainSuffix, dnsProvider string, acmeUseRateLi
|
|||
|
||||
tlsCertificate, err := tls.X509KeyPair(res.Certificate, res.PrivateKey)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
log.Error().Err(err).Msgf("could not create tlsCert from key pair: %v", res)
|
||||
}
|
||||
|
||||
// TODO: document & put into own function
|
||||
|
|
@ -423,7 +423,7 @@ func SetupCertificates(mainDomainSuffix, dnsProvider string, acmeConfig *lego.Co
|
|||
// getting main cert before ACME account so that we can fail here without hitting rate limits
|
||||
mainCertBytes, err := certDB.Get(mainDomainSuffix)
|
||||
if err != nil {
|
||||
return fmt.Errorf("cert database is not working")
|
||||
return fmt.Errorf("cert database is not working: %w", err)
|
||||
}
|
||||
|
||||
acmeClient, err = lego.NewClient(acmeConfig)
|
||||
|
|
@ -477,7 +477,7 @@ func SetupCertificates(mainDomainSuffix, dnsProvider string, acmeConfig *lego.Co
|
|||
func MaintainCertDB(ctx context.Context, interval time.Duration, mainDomainSuffix, dnsProvider string, acmeUseRateLimits bool, certDB database.CertDB) {
|
||||
for {
|
||||
// delete expired certs that will be invalid until next clean up
|
||||
threshold := time.Now().Add(-interval)
|
||||
threshold := time.Now().Add(interval)
|
||||
expiredCertCount := 0
|
||||
|
||||
certs, err := certDB.Items(0, 0)
|
||||
|
|
@ -515,15 +515,18 @@ func MaintainCertDB(ctx context.Context, interval time.Duration, mainDomainSuffi
|
|||
log.Error().Msgf("Couldn't renew certificate for main domain %q expected main domain cert to exist, but it's missing - seems like the database is corrupted", mainDomainSuffix)
|
||||
} else {
|
||||
tlsCertificates, err := certcrypto.ParsePEMBundle(res.Certificate)
|
||||
|
||||
// renew main certificate 30 days before it expires
|
||||
if tlsCertificates[0].NotAfter.Before(time.Now().Add(30 * 24 * time.Hour)) {
|
||||
go (func() {
|
||||
_, err = obtainCert(mainDomainAcmeClient, []string{"*" + mainDomainSuffix, mainDomainSuffix[1:]}, res, "", dnsProvider, mainDomainSuffix, acmeUseRateLimits, certDB)
|
||||
if err != nil {
|
||||
log.Error().Err(err).Msg("Couldn't renew certificate for main domain")
|
||||
}
|
||||
})()
|
||||
if err != nil {
|
||||
log.Error().Err(fmt.Errorf("could not parse cert for mainDomainSuffix: %w", err))
|
||||
} else {
|
||||
// renew main certificate 30 days before it expires
|
||||
if tlsCertificates[0].NotAfter.Before(time.Now().Add(30 * 24 * time.Hour)) {
|
||||
go (func() {
|
||||
_, err = obtainCert(mainDomainAcmeClient, []string{"*" + mainDomainSuffix, mainDomainSuffix[1:]}, res, "", dnsProvider, mainDomainSuffix, acmeUseRateLimits, certDB)
|
||||
if err != nil {
|
||||
log.Error().Err(err).Msg("Couldn't renew certificate for main domain")
|
||||
}
|
||||
})()
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -67,10 +67,9 @@ func (x xDB) Get(domain string) (*certificate.Resource, error) {
|
|||
|
||||
cert := new(Cert)
|
||||
log.Trace().Str("domain", domain).Msg("get cert from db")
|
||||
if _, err := x.engine.ID(domain).Get(&cert); err != nil {
|
||||
if found, err := x.engine.ID(domain).Get(cert); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if cert == nil {
|
||||
} else if !found {
|
||||
return nil, fmt.Errorf("%w: name='%s'", ErrNotFound, domain)
|
||||
}
|
||||
return cert.Raw(), nil
|
||||
|
|
|
|||
Loading…
Reference in New Issue