move approval work to worker

This commit is contained in:
AJ ONeal 2016-08-10 13:10:00 -04:00
parent c746008f0b
commit ff5fdbb3f8
2 changed files with 134 additions and 0 deletions

63
master.js Normal file
View File

@ -0,0 +1,63 @@
'use strict';
module.exports.create = function (opts) {
if (!opts.letsencrypt) { opts.letsencrypt = require('letsencrypt').create({ server: opts.server }); }
if ('function' === typeof opts.approve) {
throw new Error("You must provide opts.approve(options, certs, callback) to approve certificates");
}
function log(debug) {
if (!debug) {
return;
}
var args = Array.prototype.slice.call(arguments);
args.shift();
args.unshift("[le/lib/core.js]");
console.log.apply(console, args);
}
opts._pending = {};
opts._le = opts.letsencrypt;
opts.addWorker = function (worker) {
worker.on('online', function () {
log(opts.debug, 'worker is up');
});
worker.on('message', function (msg) {
log(opts.debug, 'Message from worker ' + worker.pid, msg, msg && msg.type);
if ('LE_REQUEST' !== (msg && msg.type)) {
return;
}
opts.approveDomains(msg.options, msg.certs, function (err, results) {
if (err) {
log(opts.debug, 'Approval got ERROR', err.stack || err);
worker.send({ type: 'LE_RESPONSE', error: err });
return;
}
var promise;
if (results.certs) {
promise = opts._le.renew(results.options, results.certs);
}
else {
promise = opts._le.register(results.options);
}
promise.then(function (certs) {
log(opts.debug, 'Approval got certs', certs);
// certs = { subject, domains, issuedAt, expiresAt, privkey, cert, chain };
worker.send({ type: 'LE_RESPONSE', certs: certs });
}, function (err) {
log(opts.debug, 'Approval got ERROR', err.stack || err);
worker.send({ type: 'LE_RESPONSE', error: err });
});
});
});
};
return opts;
};

71
serve.js Normal file
View File

@ -0,0 +1,71 @@
'use strict';
var cluster = require('cluster');
var master;
var numCores = 2; // // Math.max(2, require('os').cpus().length)
var i;
if (cluster.isMaster) {
master = require('./master').create({
debug: true
, server: 'staging'
, approveDomains: function (options, certs, cb) {
// Depending on your setup it may be more efficient
// for you to implement the approveDomains function
// in your master or in your workers.
//
// Since we implement it in the worker (below) in this example
// we'll give it an immediate approval here in the master
cb(null, { options: options, certs: certs });
}
});
for (i = 0; i < numCores; i += 1) {
master.addWorker(cluster.fork());
}
}
else {
require('./worker').create({
debug: true
// We want both to renew well before the expiration date
// and also to stagger the renewals, just a touch
// here we specify to renew between 10 and 15 days
, notBefore: 15 * 24 * 60 * 60 * 1000
, notAfter: 10 * 24 * 60 * 60 * 1000 // optional
, approveDomains: function (opts, certs, cb) {
// opts = { domains, email, agreeTos, tosUrl }
// certs = { subject, altnames, expiresAt, issuedAt }
// We might want to do a check to make sure that all of the domains
// specified in altnames are still approved to be renewed and have
// the correct dns entries, but generally speaking it's probably okay
// for renewals to be automatic
if (certs) {
// modify opts.domains to overwrite certs.altnames in renewal
cb(null, { options: opts, certs: certs });
return;
}
// This is where we would check our database to make sure that
// this user (specified by email address) has agreed to the terms
// and do some check that they have access to this domain
opts.agreeTos = true;
cb(null, { options: opts });
}
});
}