Mercurial Hosting > luan

changeset 2104:9ba91823980e ssltesting

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
minor
author Violet7
date Tue, 16 Dec 2025 17:18:37 -0800
parents 8c30779427ae
children 3dc3fc1aa563
files src/luan/host/Https.luan
diffstat 1 files changed, 81 insertions(+), 79 deletions(-) [+]
line wrap: on
line diff
--- a/src/luan/host/Https.luan	Tue Dec 16 17:14:55 2025 -0800
+++ b/src/luan/host/Https.luan	Tue Dec 16 17:18:37 2025 -0800
@@ -79,6 +79,87 @@
 		files.nginx_file.write(nginx)
 	end
 end
+function Https.set_https(is_https)
+	if Http.did_init() then
+		logger.error(new_error("set_https called outside of init.luan"))
+		return
+	end
+	local domain = Http.domain
+	local site_dir = uri("site:").parent()
+	local luanhost_dir = uri("file:.")
+
+	-- use for testing, so as to not hit rate limits
+	-- on the real letsencrypt servers
+	local dry_run = false
+
+	if not try_synchronized( function()
+		do_set_https(is_https,domain,site_dir,luanhost_dir,dry_run)
+	end, domain..".lock", 0 )() then
+		logger.info("set_https already running for "..domain..", skipping")
+	end
+end
+
+function Issue_cert(domain, site_dir, luanhost_dir, dry_run, files)
+	local luanhost_dir_str = luanhost_dir.canonical().to_string()
+	local csr_file_str = files.csr_file_str.canonical().to_string()
+
+	-- Finally, get our cert from letsencrypt.
+	local cmd = luanhost_dir_str..[[/acme_tiny \
+		--account-key ]]..luanhost_dir_str..[[/local/tiny_account.key \
+		--csr ]]..csr_file_str..[[ \
+		--acme-dir ]]..files.acme_challenges.canonical().to_string()..[[ \
+	]]
+
+	-- Problems here are probably from letsencrypt
+	-- leaving this comment here in case its not
+	if dry_run then
+		local dry_run_dir_url = "https://acme-staging-v02.api.letsencrypt.org/directory"
+		cmd = cmd.." --directory-url "..dry_run_dir_url
+	end
+
+	local tmp_out_str = files.tmp_cert_out.canonical().to_string()
+	cmd = cmd.." > "..tmp_out_str
+	logger.info("acme-tiny commandline:\n"..cmd)
+
+	local s = uri("bash:"..cmd).read_text()
+	logger.info("get cert signed by letsencrypt\n"..s)
+
+	-- Empty stdout from acme-tiny is a failure.
+	if files.tmp_cert_out.length() == 0 then
+		-- TODO: this should fail non-gracefully,
+		-- all failures here are almost certainly bugs.
+		logger.error("FAILED getting cert from letsencrypt.\nSee previous output.\nNot writing to fullchain.cer")
+	else
+		-- Success! Move the temp output to the real fullchain.
+		local local_cer_file_str = files.local_cer_file.canonical().to_string()
+		if files.local_cer_file_str.exists() then
+			local cmd = "mv "..local_cer_file_str.." "..local_cer_file_str..".old"
+			local s = uri("bash:"..cmd).read_text()
+			logger.info("moving old fullchain to fullchain.cer.old\n"..s)
+		end
+
+		local cmd = "mv "..tmp_out_str.." "..local_cer_file_str
+		local s = uri("bash:"..cmd).read_text()
+		logger.info("move temp output to fullchain.cer\n"..s)
+	end
+
+	local cmd = `%>
+sudo $(which nginx) -t -c "<%=luanhost_dir_str%>/local/nginx.conf" && \
+sudo $(which nginx) -s reload -c "<%=luanhost_dir_str%>/local/nginx.conf";
+<%`
+	local s = uri("bash:"..cmd).read_text()
+	logger.info("reload_nginx "..s)
+end
+
+
+function Https.renew_ssl(renewal_period,domain,site_dir,luanhost_dir,dry_run)
+	files.csr_file.exists() or error "no CSR file, assuming local https cert"
+	if time_now() - files.csr_file.last_modified() < renewal_period then
+		Issue_cert(domain, site_dir, luanhost_dir, dry_run, files)
+		return
+	end
+end
+
 
 local function do_set_https(is_https,domain,site_dir,luanhost_dir,dry_run)
 	local files = get_files(domain,site_dir)
@@ -178,84 +259,5 @@
 end
 Https.do_set_https = do_set_https	-- for testing
 
-function Https.set_https(is_https)
-	if Http.did_init() then
-		logger.error(new_error("set_https called outside of init.luan"))
-		return
-	end
-	local domain = Http.domain
-	local site_dir = uri("site:").parent()
-	local luanhost_dir = uri("file:.")
-
-	-- use for testing, so as to not hit rate limits
-	-- on the real letsencrypt servers
-	local dry_run = false
-
-	if not try_synchronized( function()
-		do_set_https(is_https,domain,site_dir,luanhost_dir,dry_run)
-	end, domain..".lock", 0 )() then
-		logger.info("set_https already running for "..domain..", skipping")
-	end
-end
-
-function Https.renew_ssl(renewal_period,domain,site_dir,luanhost_dir,dry_run)
-	files.csr_file.exists() or error "no CSR file, assuming local https cert"
-	if time_now() - files.csr_file.last_modified() < renewal_period then
-		Issue_cert(domain, site_dir, luanhost_dir, dry_run, files)
-		return
-	end
-end
-
-function Issue_cert(domain, site_dir, luanhost_dir, dry_run, files)
-	local luanhost_dir_str = luanhost_dir.canonical().to_string()
-	local csr_file_str = files.csr_file_str.canonical().to_string()
-
-	-- Finally, get our cert from letsencrypt.
-	local cmd = luanhost_dir_str..[[/acme_tiny \
-		--account-key ]]..luanhost_dir_str..[[/local/tiny_account.key \
-		--csr ]]..csr_file_str..[[ \
-		--acme-dir ]]..files.acme_challenges.canonical().to_string()..[[ \
-	]]
-
-	-- Problems here are probably from letsencrypt
-	-- leaving this comment here in case its not
-	if dry_run then
-		local dry_run_dir_url = "https://acme-staging-v02.api.letsencrypt.org/directory"
-		cmd = cmd.." --directory-url "..dry_run_dir_url
-	end
-
-	local tmp_out_str = files.tmp_cert_out.canonical().to_string()
-	cmd = cmd.." > "..tmp_out_str
-	logger.info("acme-tiny commandline:\n"..cmd)
-
-	local s = uri("bash:"..cmd).read_text()
-	logger.info("get cert signed by letsencrypt\n"..s)
-
-	-- Empty stdout from acme-tiny is a failure.
-	if files.tmp_cert_out.length() == 0 then
-		-- TODO: this should fail non-gracefully,
-		-- all failures here are almost certainly bugs.
-		logger.error("FAILED getting cert from letsencrypt.\nSee previous output.\nNot writing to fullchain.cer")
-	else
-		-- Success! Move the temp output to the real fullchain.
-		local local_cer_file_str = files.local_cer_file.canonical().to_string()
-		if files.local_cer_file_str.exists() then
-			local cmd = "mv "..local_cer_file_str.." "..local_cer_file_str..".old"
-			local s = uri("bash:"..cmd).read_text()
-			logger.info("moving old fullchain to fullchain.cer.old\n"..s)
-		end
-
-		local cmd = "mv "..tmp_out_str.." "..local_cer_file_str
-		local s = uri("bash:"..cmd).read_text()
-		logger.info("move temp output to fullchain.cer\n"..s)
-	end
-
-	local cmd = `%>
-sudo $(which nginx) -t -c "<%=luanhost_dir_str%>/local/nginx.conf" && \
-sudo $(which nginx) -s reload -c "<%=luanhost_dir_str%>/local/nginx.conf";
-<%`
-	local s = uri("bash:"..cmd).read_text()
-	logger.info("reload_nginx "..s)
-end
 
 return Https