Mercurial Hosting > luan

changeset 2100:665d227f06f3 ssltesting

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Https cleanup
author Franklin Schmidt <fschmidt@gmail.com>
date Mon, 15 Dec 2025 22:45:11 -0700
parents 41b8b2cbbdf8
children ad0a9ef64827
files src/luan/host/Https.luan src/luan/host/sys_logging.luan
diffstat 2 files changed, 39 insertions(+), 36 deletions(-) [+]
line wrap: on
line diff
diff -r 41b8b2cbbdf8 -r 665d227f06f3 src/luan/host/Https.luan
--- a/src/luan/host/Https.luan	Mon Dec 15 20:06:31 2025 -0800
+++ b/src/luan/host/Https.luan	Mon Dec 15 22:45:11 2025 -0700
@@ -2,7 +2,7 @@
 local error = Luan.error
 local new_error = Luan.new_error or error()
 local load_file = Luan.load_file or error()
-local ipairs = Luan.ipairs or error()
+local pairs = Luan.pairs or error()
 local Io = require "luan:Io.luan"
 local ip = Io.ip or error()
 local uri = Io.uri or error()
@@ -21,26 +21,33 @@
 
 local my_ips = Io.my_ips()
 
-local function do_set_https(is_https,domain,site_dir,luanhost_dir,dry_run)
-	local nginx_file = site_dir.child("nginx.ssl.conf")
-
+local function get_files(domain,site_dir)
 	-- TODO: implement this later
 	local ssl_files_dir = site_dir--.child("ssl/")
 	-- ssl_files_dir.mkdir()
 
-	local key_file = ssl_files_dir.child(domain..".key")
-	local csr_file = ssl_files_dir.child(domain..".csr")
-	local tmp_cert_out = ssl_files_dir.child(domain..".crt.tmp")
-	local local_cer_file = ssl_files_dir.child("fullchain.cer")
+	return {
+		nginx_file = site_dir.child("nginx.ssl.conf")
+		key_file = ssl_files_dir.child(domain..".key")
+		local_cer_file = ssl_files_dir.child("fullchain.cer")
+		csr_file = ssl_files_dir.child(domain..".csr")
+		tmp_cert_out = ssl_files_dir.child(domain..".crt.tmp")
+		acme_challenges = site_dir.child("acme-challenge/")
+	}
+end
+
+local function do_set_https(is_https,domain,site_dir,luanhost_dir,dry_run)
+	local files = get_files(domain,site_dir)
+
 	-- luan/host
 	local luanhost_file = "file:"..luanhost_dir.to_string().."/"
 	local luanhost_dir_str = luanhost_dir.canonical().to_string()
 	local changed = false
 
 	if is_https then -- https
-		if not key_file.exists() \
-			or not local_cer_file.exists() or local_cer_file.length()==0 \
-			or not nginx_file.exists() \
+		if not files.key_file.exists() \
+			or not files.local_cer_file.exists() or files.local_cer_file.length()==0 \
+			or not files.nginx_file.exists() \
 		then
 			local domain_ip = ip(domain)
 			local is_local = domain_ip == "127.0.0.1"
@@ -49,15 +56,14 @@
 			-- Use openssl directly to make a self-signed cert,
 			-- no external cert authority involved
 			if is_local then
-				local ssl_files_dir_str = ssl_files_dir.canonical().to_string().."/";
 				local cmd = `%>
 					openssl req -x509 -newkey rsa:2048 -nodes \
-						-keyout <%=ssl_files_dir_str..domain%>.key \
-						-out <%=ssl_files_dir_str%>fullchain.cer -days 365 \
+						-keyout <%= files.key_file.to_string() %> \
+						-out <%= files.local_cer_file.to_string() %> -days 365 \
 						-subj "/CN=<%=domain%>" \
 						-addext "subjectAltName=DNS:<%=domain%>,IP:127.0.0.1"
 				<%`
-				logger.info("local ssl commandline:\n"..cmd)
+				sys_logger.info("local ssl commandline:\n"..cmd)
 				local s = uri("bash:"..cmd).read_text()
 				logger.info("issue local certificate")
 			else
@@ -72,17 +78,16 @@
 					-- make the challenge dir. note that this is
 					-- directly under sites/DOMAIN, and *not* under
 					-- sites/DOMAIN/site.
-					local acme_challenges = site_dir.child("acme-challenge/")
-					acme_challenges.mkdir()
+					files.acme_challenges.mkdir()
 
 					-- Create a domain key to sign the certificate signing request (csr).
-					local key_file_str = key_file.canonical().to_string()
+					local key_file_str = files.key_file.canonical().to_string()
 					local cmd = "openssl genrsa 4096 > "..key_file_str
 					local s = uri("bash:"..cmd).read_text()
 					logger.info("create domain key\n"..s)
 
 					-- Create the csr.
-					local csr_file_str = csr_file.canonical().to_string()
+					local csr_file_str = files.csr_file.canonical().to_string()
 					local cmd = 'openssl req -new -sha256 -key '..key_file_str..' -subj "/CN='..domain..'" > '..csr_file_str
 					local s = uri("bash:"..cmd).read_text()
 					logger.info("create csr\n"..s)
@@ -90,7 +95,7 @@
 					-- Finally, get our cert from letsencrypt.
 					local cmd = luanhost_dir_str..[[/acme_tiny --account-key ]]..luanhost_dir_str..[[/local/tiny_account.key \
 						--csr ]]..csr_file_str..[[ \
-						--acme-dir ]]..acme_challenges.canonical().to_string()..[[ \
+						--acme-dir ]]..files.acme_challenges.canonical().to_string()..[[ \
 					]]
 
 					-- TODO: this often doesn't work and I don't know if it's
@@ -100,21 +105,21 @@
 						local dry_run_dir_url = "https://acme-staging-v02.api.letsencrypt.org/directory"
 						cmd = cmd.." --directory-url "..dry_run_dir_url
 					end
-					cmd = cmd.." > "..tmp_cert_out.canonical().to_string()
+					local tmp_out_str = files.tmp_cert_out.canonical().to_string()
+					cmd = cmd.." > "..tmp_out_str
 					logger.info("acme-tiny commandline:\n"..cmd)
 
 					local s = uri("bash:"..cmd).read_text()
 					logger.info("get cert signed by letsencrypt\n"..s)
 
 					-- Empty stdout from acme-tiny is a failure.
-					if tmp_cert_out.length() == 0 then
+					if files.tmp_cert_out.length() == 0 then
 						-- TODO: this should fail non-gracefully,
 						-- all failures here are almost certainly bugs.
 						logger.error("FAILED getting cert from letsencrypt.\nSee previous output.\nNot writing to fullchain.cer")
 					else
 						-- Success! Move the temp output to the real fullchain.
-						local tmp_out_str = tmp_cert_out.canonical().to_string()
-						local local_cer_file_str = local_cer_file.canonical().to_string()
+						local local_cer_file_str = files.local_cer_file.canonical().to_string()
 
 						local cmd = "mv "..tmp_out_str.." "..local_cer_file_str
 						local s = uri("bash:"..cmd).read_text()
@@ -131,26 +136,21 @@
 				-- that uses it, place it in luan/host/sites/*/nginx.ssl.conf
 				-- and tell luan-host to reload nginx.
 
-			if key_file.exists() and local_cer_file.exists() and local_cer_file.length() > 0 then
+			if files.key_file.exists() and files.local_cer_file.exists() and files.local_cer_file.length() > 0 then
 				changed = true
 				-- the nginx config only requires 2 files:
 				-- fullchain.cer and DOMAIN.key
-				logger.info("writing nginx conf to "..nginx_file.canonical().to_string())
+				logger.info("writing nginx conf to "..files.nginx_file.canonical().to_string())
 				local conf = load_file(luanhost_file.."startup/nginx/nginx.ssl.conf.luan")
 				local nginx = ` conf(luanhost_dir_str,domain) `
-				nginx_file.write(nginx)
+				files.nginx_file.write(nginx)
 			end
 		end
 	else -- http
-		if key_file.exists() or nginx_file.exists() then
+		if files.key_file.exists() or files.nginx_file.exists() then
 			changed = true
-			nginx_file.delete()
-			local_cer_file.delete()
-			local ptn = domain.."."
-			for _, file in ipairs(site_dir.children()) do
-				if starts_with(file.name(),ptn) then
-					file.delete()
-				end
+			for _, file in pairs(files) do
+				file.delete()
 			end
 		end
 	end
diff -r 41b8b2cbbdf8 -r 665d227f06f3 src/luan/host/sys_logging.luan
--- a/src/luan/host/sys_logging.luan	Mon Dec 15 20:06:31 2025 -0800
+++ b/src/luan/host/sys_logging.luan	Mon Dec 15 22:45:11 2025 -0700
@@ -1,10 +1,13 @@
 local Logging = require "luan:logging/Logging.luan"
 require "java"
+local ThreadLocalAppender = require "java:goodjava.logger.ThreadLocalAppender"
 
 
 return function(name)
 	local logger = Logging.logger(name)
 	local jlogger = logger.java.logger
-	jlogger.appender = jlogger.appender.defaultAppender
+	if jlogger.appender.instanceof(ThreadLocalAppender) then
+		jlogger.appender = jlogger.appender.defaultAppender
+	end
 	return logger
 end