Mercurial Hosting > luan
changeset 2114:3d9c0061baf7 ssltesting tip
Https cleanup untested
| author | Franklin Schmidt <fschmidt@gmail.com> |
|---|---|
| date | Fri, 19 Dec 2025 15:12:31 -0700 |
| parents | c67076ddcd4b |
| children | |
| files | host/test/test_renew_ssl.luan src/luan/host/Https.luan |
| diffstat | 2 files changed, 38 insertions(+), 31 deletions(-) [+] |
line wrap: on
line diff
--- a/host/test/test_renew_ssl.luan Fri Dec 19 11:35:25 2025 -0700 +++ b/host/test/test_renew_ssl.luan Fri Dec 19 15:12:31 2025 -0700 @@ -17,4 +17,4 @@ site_dir.exists() or error() -Https.renew_ssl(files, 0,domain,site_dir,luanhost_dir,dry_run) +Https.renew_ssl(files, 0,luanhost_dir,dry_run)
--- a/src/luan/host/Https.luan Fri Dec 19 11:35:25 2025 -0700 +++ b/src/luan/host/Https.luan Fri Dec 19 15:12:31 2025 -0700 @@ -75,7 +75,16 @@ <% end -local function Issue_cert(domain, site_dir, luanhost_dir, dry_run, files) +local function reload_nginx(luanhost_dir_str) + local cmd = `%> +sudo $(which nginx) -t -c "<%=luanhost_dir_str%>/local/nginx.conf" && \ +sudo $(which nginx) -s reload -c "<%=luanhost_dir_str%>/local/nginx.conf"; +<%` + local s = uri("bash:"..cmd).read_text() + logger.info("reload_nginx "..s) +end + +local function issue_cert(files, luanhost_dir, dry_run) local luanhost_dir_str = luanhost_dir.canonical().to_string() local csr_file_str = files.csr_file.canonical().to_string() @@ -119,15 +128,20 @@ logger.info("move temp output to fullchain.cer\n"..s) end - local cmd = `%> -sudo $(which nginx) -t -c "<%=luanhost_dir_str%>/local/nginx.conf" && \ -sudo $(which nginx) -s reload -c "<%=luanhost_dir_str%>/local/nginx.conf"; -<%` - local s = uri("bash:"..cmd).read_text() - logger.info("reload_nginx "..s) + reload_nginx(luanhost_dir_str) end +local function renew_ssl(files,renewal_period,luanhost_dir,dry_run) + files.csr_file.exists() or error "no CSR file, assuming local https cert" + if time_now() - files.local_cer_file.last_modified() > renewal_period then + issue_cert(files, luanhost_dir, dry_run) + return + end +end +Https.renew_ssl = renew_ssl + +local ssl_renewal_period = Time.period{days=30} function Https.update(domain,site_dir,luanhost_dir) local files = get_files(domain,site_dir) @@ -144,15 +158,14 @@ -- luan/host local luanhost_file = "file:"..luanhost_dir.to_string().."/" local luanhost_dir_str = luanhost_dir.canonical().to_string() - local changed = false if is_https then -- https + local domain_ip = ip(domain) + local is_local = domain_ip == "127.0.0.1" if not files.key_file.exists() \ or not files.local_cer_file.exists() or files.local_cer_file.length()==0 \ or not files.nginx_file.exists() \ then - local domain_ip = ip(domain) - local is_local = domain_ip == "127.0.0.1" logger.info("is_local "..is_local) -- Use openssl directly to make a self-signed cert, @@ -194,7 +207,7 @@ local s = uri("bash:"..cmd).read_text() logger.info("create csr\n"..s) - Issue_cert(domain, site_dir, luanhost_dir, dry_run, files) + issue_cert(files, luanhost_dir, dry_run) catch e @@ -208,32 +221,35 @@ -- and tell luan-host to reload nginx. if files.key_file.exists() and files.local_cer_file.exists() and files.local_cer_file.length() > 0 then - changed = true -- the nginx config only requires 2 files: -- fullchain.cer and DOMAIN.key logger.info("writing nginx conf to "..files.nginx_file.canonical().to_string()) local nginx = ` nginx_ssl_conf(domain,files,luanhost_dir) ` files.nginx_file.write(nginx) + reload_nginx(luanhost_dir_str) end + else + if not is_local then + renew_ssl(files,ssl_renewal_period,luanhost_dir,dry_run) + end + end + if not is_local then + local function fn() + renew_ssl(files,ssl_renewal_period,luanhost_dir,dry_run) + end + Thread.schedule(fn,{repeating_delay=ssl_renewal_period}) end else -- http if files.key_file.exists() or files.nginx_file.exists() then - changed = true for _, file in pairs(files) do file.delete() end + reload_nginx(luanhost_dir_str) end end - if changed then - local cmd = `%> -sudo $(which nginx) -t -c "<%=luanhost_dir_str%>/local/nginx.conf" && \ -sudo $(which nginx) -s reload -c "<%=luanhost_dir_str%>/local/nginx.conf"; -<%` - local s = uri("bash:"..cmd).read_text() - logger.info("reload_nginx "..s) - end --logger.info "done" end +Https.do_set_https = do_set_https -- for testing function Https.set_https(is_https) if Http.did_init() then @@ -255,13 +271,4 @@ end end -function Https.renew_ssl(files,renewal_period,domain,site_dir,luanhost_dir,dry_run) - files.csr_file.exists() or error "no CSR file, assuming local https cert" - if time_now() - files.local_cer_file.last_modified() > renewal_period then - Issue_cert(domain, site_dir, luanhost_dir, dry_run, files) - return - end -end - -Https.do_set_https = do_set_https -- for testing return Https