Optimized ACME logic

- Added automatic port 80 listener enable for those who don't read our wiki - Reduced default interval for polling and propagation timeout
2025-06-03 06:07:20 +02:00 · 2024-10-28 21:40:58 +08:00 · 2024-10-28 21:40:58 +08:00 · c5ca68868b
commit c5ca68868b
parent f927bb539a
5 changed files with 37 additions and 16 deletions
--- a/src/acme.go
+++ b/src/acme.go
@ -85,9 +85,20 @@ func acmeRegisterSpecialRoutingRule() {
 // This function check if the renew setup is satisfied. If not, toggle them automatically
 func AcmeCheckAndHandleRenewCertificate(w http.ResponseWriter, r *http.Request) {
 	isForceHttpsRedirectEnabledOriginally := false
 	requireRestorePort80 := false
 	dnsPara, _ := utils.PostBool(r, "dns")
 	if !dnsPara {
 		if dynamicProxyRouter.Option.Port == 443 {
 			//Check if port 80 is enabled
 			if !dynamicProxyRouter.Option.ListenOnPort80 {
 				//Enable port 80 temporarily
 				SystemWideLogger.PrintAndLog("ACME", "Temporarily enabling port 80 listener to handle ACME request ", nil)
 				dynamicProxyRouter.UpdatePort80ListenerState(true)
 				requireRestorePort80 = true
 				time.Sleep(2 * time.Second)
 			}
 			//Enable port 80 to 443 redirect
 			if !dynamicProxyRouter.Option.ForceHttpsRedirect {
 				SystemWideLogger.Println("Temporary enabling HTTP to HTTPS redirect for ACME certificate renew requests")
@ -107,8 +118,8 @@ func AcmeCheckAndHandleRenewCertificate(w http.ResponseWriter, r *http.Request)
 		}
 	}
-	//Add a 3 second delay to make sure everything is settle down
+	//Add a 2 second delay to make sure everything is settle down
-	time.Sleep(3 * time.Second)
+	time.Sleep(2 * time.Second)
 	// Pass over to the acmeHandler to deal with the communication
 	acmeHandler.HandleRenewCertificate(w, r)
@ -117,13 +128,17 @@ func AcmeCheckAndHandleRenewCertificate(w http.ResponseWriter, r *http.Request)
 	tlsCertManager.UpdateLoadedCertList()
 	//Restore original settings
-	if dynamicProxyRouter.Option.Port == 443 && !dnsPara {
+	if requireRestorePort80 {
-		if !isForceHttpsRedirectEnabledOriginally {
+		//Restore port 80 listener
-			//Default is off. Turn the redirection off
+		SystemWideLogger.PrintAndLog("ACME", "Restoring previous port 80 listener settings", nil)
-			SystemWideLogger.PrintAndLog("ACME", "Restoring HTTP to HTTPS redirect settings", nil)
+		dynamicProxyRouter.UpdatePort80ListenerState(false)
 			dynamicProxyRouter.UpdateHttpToHttpsRedirectSetting(false)
 		}
 	}
 	if !isForceHttpsRedirectEnabledOriginally {
 		//Default is off. Turn the redirection off
 		SystemWideLogger.PrintAndLog("ACME", "Restoring HTTP to HTTPS redirect settings", nil)
 		dynamicProxyRouter.UpdateHttpToHttpsRedirectSetting(false)
 	}
 }
 // HandleACMEPreferredCA return the user preferred / default CA for new subdomain auto creation
--- a/src/main.go
+++ b/src/main.go
@ -62,7 +62,7 @@ var (
 	name        = "Zoraxy"
 	version     = "3.1.2"
 	nodeUUID    = "generic" //System uuid, in uuidv4 format
-	development = true      //Set this to false to use embedded web fs
+	development = false     //Set this to false to use embedded web fs
 	bootTime    = time.Now().Unix()
 	/*
--- a/src/mod/acme/acme_dns.go
+++ b/src/mod/acme/acme_dns.go
@ -18,7 +18,7 @@ func GetDnsChallengeProviderByName(dnsProvider string, dnsCredentials string, pp
 	}
 	//Clear the PollingInterval and PropagationTimeout field and conert to int
-	userDefinedPollingInterval := 30
+	userDefinedPollingInterval := 2
 	if dnsCredentialsMap["PollingInterval"] != nil {
 		userDefinedPollingIntervalRaw := dnsCredentialsMap["PollingInterval"].(string)
 		delete(dnsCredentialsMap, "PollingInterval")
--- a/src/mod/acme/autorenew.go
+++ b/src/mod/acme/autorenew.go
@ -384,6 +384,12 @@ func (a *AutoRenewer) renewExpiredDomains(certs []*ExpiredCerts) ([]string, erro
 			}
 		}
 		//For upgrading config from older version of Zoraxy which don't have timeout
 		if certInfo.PropTimeout == 0 {
 			//Set default timeout
 			certInfo.PropTimeout = 300
 		}
 		_, err = a.AcmeHandler.ObtainCert(expiredCert.Domains, certName, a.RenewerConfig.Email, certInfo.AcmeName, certInfo.AcmeUrl, certInfo.SkipTLS, certInfo.UseDNS, certInfo.PropTimeout)
 		if err != nil {
 			a.Logf("Renew "+fileName+"("+strings.Join(expiredCert.Domains, ",")+") failed", err)
--- a/src/web/snippet/acme.html
+++ b/src/web/snippet/acme.html
@ -449,14 +449,14 @@
              <label>${key}</label>
            </div>`);
          }else if (datatype == "time.Duration"){
-            let defaultIntValue = 300;
+            let defaultIntValue = 120;
-            let defaultMinValue = 60;
+            let defaultMinValue = 30;
            if (key == "PollingInterval"){
-              defaultIntValue = 30;
+              defaultIntValue = 2;
-              defaultMinValue = 10;
+              defaultMinValue = 1;
            }else if (key == "PropagationTimeout"){
-              defaultIntValue = 300;
+              defaultIntValue = 120;
-              defaultMinValue = 60;
+              defaultMinValue = 30;
            }
            optionalFieldsHTML += (`<div class="ui fluid labeled dnsConfigField small input" key="${key}" style="margin-top: 0.2em;">
              <div class="ui basic blue label" style="font-weight: 300;">