mirror of
https://github.com/tobychui/zoraxy.git
synced 2025-06-01 13:17:21 +02:00
Optimized ACME logic
- Added automatic port 80 listener enable for those who don't read our wiki - Reduced default interval for polling and propagation timeout
This commit is contained in:
parent
f927bb539a
commit
c5ca68868b
31
src/acme.go
31
src/acme.go
@ -85,9 +85,20 @@ func acmeRegisterSpecialRoutingRule() {
|
||||
// This function check if the renew setup is satisfied. If not, toggle them automatically
|
||||
func AcmeCheckAndHandleRenewCertificate(w http.ResponseWriter, r *http.Request) {
|
||||
isForceHttpsRedirectEnabledOriginally := false
|
||||
requireRestorePort80 := false
|
||||
dnsPara, _ := utils.PostBool(r, "dns")
|
||||
if !dnsPara {
|
||||
|
||||
if dynamicProxyRouter.Option.Port == 443 {
|
||||
//Check if port 80 is enabled
|
||||
if !dynamicProxyRouter.Option.ListenOnPort80 {
|
||||
//Enable port 80 temporarily
|
||||
SystemWideLogger.PrintAndLog("ACME", "Temporarily enabling port 80 listener to handle ACME request ", nil)
|
||||
dynamicProxyRouter.UpdatePort80ListenerState(true)
|
||||
requireRestorePort80 = true
|
||||
time.Sleep(2 * time.Second)
|
||||
}
|
||||
|
||||
//Enable port 80 to 443 redirect
|
||||
if !dynamicProxyRouter.Option.ForceHttpsRedirect {
|
||||
SystemWideLogger.Println("Temporary enabling HTTP to HTTPS redirect for ACME certificate renew requests")
|
||||
@ -107,8 +118,8 @@ func AcmeCheckAndHandleRenewCertificate(w http.ResponseWriter, r *http.Request)
|
||||
}
|
||||
}
|
||||
|
||||
//Add a 3 second delay to make sure everything is settle down
|
||||
time.Sleep(3 * time.Second)
|
||||
//Add a 2 second delay to make sure everything is settle down
|
||||
time.Sleep(2 * time.Second)
|
||||
|
||||
// Pass over to the acmeHandler to deal with the communication
|
||||
acmeHandler.HandleRenewCertificate(w, r)
|
||||
@ -117,13 +128,17 @@ func AcmeCheckAndHandleRenewCertificate(w http.ResponseWriter, r *http.Request)
|
||||
tlsCertManager.UpdateLoadedCertList()
|
||||
|
||||
//Restore original settings
|
||||
if dynamicProxyRouter.Option.Port == 443 && !dnsPara {
|
||||
if !isForceHttpsRedirectEnabledOriginally {
|
||||
//Default is off. Turn the redirection off
|
||||
SystemWideLogger.PrintAndLog("ACME", "Restoring HTTP to HTTPS redirect settings", nil)
|
||||
dynamicProxyRouter.UpdateHttpToHttpsRedirectSetting(false)
|
||||
}
|
||||
if requireRestorePort80 {
|
||||
//Restore port 80 listener
|
||||
SystemWideLogger.PrintAndLog("ACME", "Restoring previous port 80 listener settings", nil)
|
||||
dynamicProxyRouter.UpdatePort80ListenerState(false)
|
||||
}
|
||||
if !isForceHttpsRedirectEnabledOriginally {
|
||||
//Default is off. Turn the redirection off
|
||||
SystemWideLogger.PrintAndLog("ACME", "Restoring HTTP to HTTPS redirect settings", nil)
|
||||
dynamicProxyRouter.UpdateHttpToHttpsRedirectSetting(false)
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// HandleACMEPreferredCA return the user preferred / default CA for new subdomain auto creation
|
||||
|
@ -62,7 +62,7 @@ var (
|
||||
name = "Zoraxy"
|
||||
version = "3.1.2"
|
||||
nodeUUID = "generic" //System uuid, in uuidv4 format
|
||||
development = true //Set this to false to use embedded web fs
|
||||
development = false //Set this to false to use embedded web fs
|
||||
bootTime = time.Now().Unix()
|
||||
|
||||
/*
|
||||
|
@ -18,7 +18,7 @@ func GetDnsChallengeProviderByName(dnsProvider string, dnsCredentials string, pp
|
||||
}
|
||||
|
||||
//Clear the PollingInterval and PropagationTimeout field and conert to int
|
||||
userDefinedPollingInterval := 30
|
||||
userDefinedPollingInterval := 2
|
||||
if dnsCredentialsMap["PollingInterval"] != nil {
|
||||
userDefinedPollingIntervalRaw := dnsCredentialsMap["PollingInterval"].(string)
|
||||
delete(dnsCredentialsMap, "PollingInterval")
|
||||
|
@ -384,6 +384,12 @@ func (a *AutoRenewer) renewExpiredDomains(certs []*ExpiredCerts) ([]string, erro
|
||||
}
|
||||
}
|
||||
|
||||
//For upgrading config from older version of Zoraxy which don't have timeout
|
||||
if certInfo.PropTimeout == 0 {
|
||||
//Set default timeout
|
||||
certInfo.PropTimeout = 300
|
||||
}
|
||||
|
||||
_, err = a.AcmeHandler.ObtainCert(expiredCert.Domains, certName, a.RenewerConfig.Email, certInfo.AcmeName, certInfo.AcmeUrl, certInfo.SkipTLS, certInfo.UseDNS, certInfo.PropTimeout)
|
||||
if err != nil {
|
||||
a.Logf("Renew "+fileName+"("+strings.Join(expiredCert.Domains, ",")+") failed", err)
|
||||
|
@ -449,14 +449,14 @@
|
||||
<label>${key}</label>
|
||||
</div>`);
|
||||
}else if (datatype == "time.Duration"){
|
||||
let defaultIntValue = 300;
|
||||
let defaultMinValue = 60;
|
||||
let defaultIntValue = 120;
|
||||
let defaultMinValue = 30;
|
||||
if (key == "PollingInterval"){
|
||||
defaultIntValue = 30;
|
||||
defaultMinValue = 10;
|
||||
defaultIntValue = 2;
|
||||
defaultMinValue = 1;
|
||||
}else if (key == "PropagationTimeout"){
|
||||
defaultIntValue = 300;
|
||||
defaultMinValue = 60;
|
||||
defaultIntValue = 120;
|
||||
defaultMinValue = 30;
|
||||
}
|
||||
optionalFieldsHTML += (`<div class="ui fluid labeled dnsConfigField small input" key="${key}" style="margin-top: 0.2em;">
|
||||
<div class="ui basic blue label" style="font-weight: 300;">
|
||||
|
Loading…
x
Reference in New Issue
Block a user