don't fail vhost renewals
This commit is contained in:
parent
ae43b0859b
commit
0fa68eef1e
|
@ -2,6 +2,10 @@
|
||||||
(function () {
|
(function () {
|
||||||
'use strict';
|
'use strict';
|
||||||
|
|
||||||
|
var fs = require('fs');
|
||||||
|
var path = require('path');
|
||||||
|
var os = require('os');
|
||||||
|
|
||||||
var pkg = require('../package.json');
|
var pkg = require('../package.json');
|
||||||
|
|
||||||
var argv = process.argv.slice(2);
|
var argv = process.argv.slice(2);
|
||||||
|
@ -67,54 +71,59 @@ function applyConfig(config) {
|
||||||
state.config.greenlock.configDir = require('os').homedir() + require('path').sep + 'acme';
|
state.config.greenlock.configDir = require('os').homedir() + require('path').sep + 'acme';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// The domains being approved for the first time are listed in opts.domains
|
||||||
|
// Certs being renewed are listed in certs.altnames
|
||||||
function approveDomains(opts, certs, cb) {
|
function approveDomains(opts, certs, cb) {
|
||||||
if (state.debug) { console.log('[debug] approveDomains', opts.domains); }
|
if (state.debug) { console.log('[debug] approveDomains', opts.domains); }
|
||||||
// This is where you check your database and associated
|
|
||||||
// email addresses with domains and agreements and such
|
|
||||||
|
|
||||||
// The domains being approved for the first time are listed in opts.domains
|
function allow() {
|
||||||
// Certs being renewed are listed in certs.altnames
|
|
||||||
if (certs) {
|
|
||||||
opts.domains = certs.altnames;
|
|
||||||
cb(null, { options: opts, certs: certs });
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!state.validHosts) { state.validHosts = {}; }
|
|
||||||
if (!state.validHosts[opts.domains[0]] && state.config.vhost) {
|
|
||||||
if (state.debug) { console.log('[sni] vhost checking is turned on'); }
|
|
||||||
var vhost = state.config.vhost.replace(/:hostname/, opts.domains[0]);
|
|
||||||
require('fs').readdir(vhost, function (err, nodes) {
|
|
||||||
if (state.debug) { console.log('[sni] checking fs vhost', opts.domains[0], !err); }
|
|
||||||
if (err) { check(); return; }
|
|
||||||
if (nodes) { approve(); }
|
|
||||||
});
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
function approve() {
|
|
||||||
state.validHosts[opts.domains[0]] = true;
|
state.validHosts[opts.domains[0]] = true;
|
||||||
opts.email = state.config.email;
|
opts.email = state.config.email;
|
||||||
opts.agreeTos = state.config.agreeTos;
|
opts.agreeTos = state.config.agreeTos;
|
||||||
opts.communityMember = state.config.communityMember || state.config.greenlock.communityMember;
|
opts.communityMember = state.config.communityMember || state.config.greenlock.communityMember;
|
||||||
opts.challenges = {
|
opts.challenges = {
|
||||||
// TODO dns-01
|
// TODO dns-01
|
||||||
'http-01': require('le-challenge-fs').create({ webrootPath: '/tmp/acme-challenges' })
|
'http-01': require('le-challenge-fs').create({ webrootPath: path.join(os.tmpdir(), 'acme-challenges') })
|
||||||
};
|
};
|
||||||
opts.communityMember = state.config.communityMember;
|
opts.communityMember = state.config.communityMember;
|
||||||
cb(null, { options: opts, certs: certs });
|
cb(null, { options: opts, certs: certs });
|
||||||
}
|
}
|
||||||
|
|
||||||
function check() {
|
function deny() {
|
||||||
if (state.debug) { console.log('[sni] checking servername'); }
|
cb(new Error("[bin/telebit-relay.js] failed the approval chain '" + opts.domains[0] + "'"));
|
||||||
if (-1 !== state.servernames.indexOf(opts.domain) || -1 !== (state._servernames||[]).indexOf(opts.domain)) {
|
return;
|
||||||
approve();
|
|
||||||
} else {
|
|
||||||
cb(new Error("failed the approval chain '" + opts.domains[0] + "'"));
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
check();
|
// 1) If the host was already allowed => allow
|
||||||
|
if (!state.validHosts) { state.validHosts = {}; }
|
||||||
|
if (state.validHosts[opts.domains[0]]) {
|
||||||
|
allow();
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
// 2) If the host is in the config => allow
|
||||||
|
if (state.debug) { console.log('[sni] checking servername'); }
|
||||||
|
if (-1 !== state.servernames.indexOf(opts.domain)
|
||||||
|
|| -1 !== (state._servernames||[]).indexOf(opts.domain)) {
|
||||||
|
allow();
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
// 3) If dynamic vhosting is allowed
|
||||||
|
// & a vhost folder exist for this domain => allow
|
||||||
|
if (state.config.vhost) {
|
||||||
|
if (state.debug) { console.log('[sni] vhost checking is turned on'); }
|
||||||
|
var vhost = state.config.vhost.replace(/:hostname/, opts.domains[0]);
|
||||||
|
require('fs').readdir(vhost, function (err, nodes) {
|
||||||
|
if (state.debug) { console.log('[sni] checking fs vhost', opts.domains[0], !err); }
|
||||||
|
if (err) { deny(); return; }
|
||||||
|
if (nodes) { allow(); }
|
||||||
|
});
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
// 4) fallback => fail
|
||||||
|
deny();
|
||||||
}
|
}
|
||||||
|
|
||||||
state.greenlock = Greenlock.create({
|
state.greenlock = Greenlock.create({
|
||||||
|
@ -196,7 +205,7 @@ function applyConfig(config) {
|
||||||
//});
|
//});
|
||||||
}
|
}
|
||||||
|
|
||||||
require('fs').readFile(confpath, 'utf8', function (err, text) {
|
fs.readFile(confpath, 'utf8', function (err, text) {
|
||||||
var config;
|
var config;
|
||||||
|
|
||||||
var recase = require('recase').create({});
|
var recase = require('recase').create({});
|
||||||
|
|
Loading…
Reference in New Issue