Fixed #256

- Added startup paramter to change the early renew days of certificates - Changed the default early renew days of certificates from 14 days to 30 days - Fixed vdir update not updating uptime monitor bug
2025-06-23 16:03:04 +02:00 · 2024-07-21 15:11:13 +08:00 · 2024-07-21 15:11:13 +08:00 · f4a5c905e7
commit f4a5c905e7
parent 955a2232df
7 changed files with 25 additions and 12 deletions
--- a/src/main.go
+++ b/src/main.go
@ -50,6 +50,7 @@ var ztAuthToken = flag.String("ztauth", "", "ZeroTier authtoken for the local no
 var ztAPIPort = flag.Int("ztport", 9993, "ZeroTier controller API port")
 var runningInDocker = flag.Bool("docker", false, "Run Zoraxy in docker compatibility mode")
 var acmeAutoRenewInterval = flag.Int("autorenew", 86400, "ACME auto TLS/SSL certificate renew check interval (seconds)")
+var acmeCertAutoRenewDays = flag.Int("earlyrenew", 30, "Number of days to early renew a soon expiring certificate (days)")
 var enableHighSpeedGeoIPLookup = flag.Bool("fastgeoip", false, "Enable high speed geoip lookup, require 1GB extra memory (Not recommend for low end devices)")
 var staticWebServerRoot = flag.String("webroot", "./www", "Static web server root folder. Only allow chnage in start paramters")
 var allowWebFileManager = flag.Bool("webfm", true, "Enable web file manager for static web server root folder")
--- a/src/mod/acme/autorenew.go
+++ b/src/mod/acme/autorenew.go
@ -34,6 +34,7 @@ type AutoRenewer struct {
 	AcmeHandler       *ACMEHandler
 	RenewerConfig     *AutoRenewConfig
 	RenewTickInterval int64
+	EarlyRenewDays    int //How many days before cert expire to renew certificate
 	TickerstopChan    chan bool
 }

@ -44,11 +45,15 @@ type ExpiredCerts struct {

 // Create an auto renew agent, require config filepath and auto scan & renew interval (seconds)
 // Set renew check interval to 0 for auto (1 day)
-func NewAutoRenewer(config string, certFolder string, renewCheckInterval int64, AcmeHandler *ACMEHandler) (*AutoRenewer, error) {
+func NewAutoRenewer(config string, certFolder string, renewCheckInterval int64, earlyRenewDays int, AcmeHandler *ACMEHandler) (*AutoRenewer, error) {
 	if renewCheckInterval == 0 {
 		renewCheckInterval = 86400 //1 day
 	}

+	if earlyRenewDays == 0 {
+		earlyRenewDays = 30
+	}
+
 	//Load the config file. If not found, create one
 	if !utils.FileExists(config) {
 		//Create one
@ -277,7 +282,7 @@ func (a *AutoRenewer) CheckAndRenewCertificates() ([]string, error) {
 				if err != nil {
 					continue
 				}
-				if CertExpireSoon(certBytes) || CertIsExpired(certBytes) {
+				if CertExpireSoon(certBytes, a.EarlyRenewDays) || CertIsExpired(certBytes) {
 					//This cert is expired

 					DNSName, err := ExtractDomains(certBytes)
@ -305,7 +310,7 @@ func (a *AutoRenewer) CheckAndRenewCertificates() ([]string, error) {
 				if err != nil {
 					continue
 				}
-				if CertExpireSoon(certBytes) || CertIsExpired(certBytes) {
+				if CertExpireSoon(certBytes, a.EarlyRenewDays) || CertIsExpired(certBytes) {
 					//This cert is expired

 					DNSName, err := ExtractDomains(certBytes)
--- a/src/mod/acme/utils.go
+++ b/src/mod/acme/utils.go
@ -81,13 +81,14 @@ func CertIsExpired(certBytes []byte) bool {
 	return false
 }

-func CertExpireSoon(certBytes []byte) bool {
+// CertExpireSoon check if the given cert bytes will expires within the given number of days from now
+func CertExpireSoon(certBytes []byte, numberOfDays int) bool {
 	block, _ := pem.Decode(certBytes)
 	if block != nil {
 		cert, err := x509.ParseCertificate(block.Bytes)
 		if err == nil {
 			expirationDate := cert.NotAfter
-			threshold := 14 * 24 * time.Hour // 14 days
+			threshold := time.Duration(numberOfDays) * 24 * time.Hour

 			timeRemaining := time.Until(expirationDate)
 			if timeRemaining <= threshold {
--- a/src/reverseproxy.go
+++ b/src/reverseproxy.go
@ -509,6 +509,9 @@ func ReverseProxyHandleEditEndpoint(w http.ResponseWriter, r *http.Request) {
 	//Save it to file
 	SaveReverseProxyConfig(newProxyEndpoint)

+	//Update uptime monitor targets
+	UpdateUptimeMonitorTargets()
+
 	utils.SendOK(w)
 }

@ -589,12 +592,6 @@ func DeleteProxyEndpoint(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	//Update utm if exists
-	if uptimeMonitor != nil {
-		uptimeMonitor.Config.Targets = GetUptimeTargetsFromReverseProxyRules(dynamicProxyRouter)
-		uptimeMonitor.CleanRecords()
-	}
-
 	//Update uptime monitor
 	UpdateUptimeMonitorTargets()

--- a/src/start.go
+++ b/src/start.go
@ -279,7 +279,13 @@ func startupSequence() {
 	//Create a table just to store acme related preferences
 	sysdb.NewTable("acmepref")
 	acmeHandler = initACME()
-	acmeAutoRenewer, err = acme.NewAutoRenewer("./conf/acme_conf.json", "./conf/certs/", int64(*acmeAutoRenewInterval), acmeHandler)
+	acmeAutoRenewer, err = acme.NewAutoRenewer(
+		"./conf/acme_conf.json",
+		"./conf/certs/",
+		int64(*acmeAutoRenewInterval),
+		*acmeCertAutoRenewDays,
+		acmeHandler,
+	)
 	if err != nil {
 		log.Fatal(err)
 	}
--- a/src/vdir.go
+++ b/src/vdir.go
@ -197,6 +197,8 @@ func ReverseProxyDeleteVdir(w http.ResponseWriter, r *http.Request) {
 		return
 	}

+	UpdateUptimeMonitorTargets()
+
 	utils.SendOK(w)
 }

--- a/src/wrappers.go
+++ b/src/wrappers.go
@ -111,6 +111,7 @@ func HandleCountryDistrSummary(w http.ResponseWriter, r *http.Request) {
 func UpdateUptimeMonitorTargets() {
 	if uptimeMonitor != nil {
 		uptimeMonitor.Config.Targets = GetUptimeTargetsFromReverseProxyRules(dynamicProxyRouter)
+		uptimeMonitor.CleanRecords()
 		go func() {
 			uptimeMonitor.ExecuteUptimeCheck()
 		}()