From f4a5c905e7a5419f4768e9dae4c8687cca63af8b Mon Sep 17 00:00:00 2001 From: Toby Chui Date: Sun, 21 Jul 2024 15:11:13 +0800 Subject: [PATCH] Fixed #256 - Added startup paramter to change the early renew days of certificates - Changed the default early renew days of certificates from 14 days to 30 days - Fixed vdir update not updating uptime monitor bug --- src/main.go | 1 + src/mod/acme/autorenew.go | 11 ++++++++--- src/mod/acme/utils.go | 5 +++-- src/reverseproxy.go | 9 +++------ src/start.go | 8 +++++++- src/vdir.go | 2 ++ src/wrappers.go | 1 + 7 files changed, 25 insertions(+), 12 deletions(-) diff --git a/src/main.go b/src/main.go index 5216a85..fc933a5 100644 --- a/src/main.go +++ b/src/main.go @@ -50,6 +50,7 @@ var ztAuthToken = flag.String("ztauth", "", "ZeroTier authtoken for the local no var ztAPIPort = flag.Int("ztport", 9993, "ZeroTier controller API port") var runningInDocker = flag.Bool("docker", false, "Run Zoraxy in docker compatibility mode") var acmeAutoRenewInterval = flag.Int("autorenew", 86400, "ACME auto TLS/SSL certificate renew check interval (seconds)") +var acmeCertAutoRenewDays = flag.Int("earlyrenew", 30, "Number of days to early renew a soon expiring certificate (days)") var enableHighSpeedGeoIPLookup = flag.Bool("fastgeoip", false, "Enable high speed geoip lookup, require 1GB extra memory (Not recommend for low end devices)") var staticWebServerRoot = flag.String("webroot", "./www", "Static web server root folder. Only allow chnage in start paramters") var allowWebFileManager = flag.Bool("webfm", true, "Enable web file manager for static web server root folder") diff --git a/src/mod/acme/autorenew.go b/src/mod/acme/autorenew.go index c043dc4..a4134fc 100644 --- a/src/mod/acme/autorenew.go +++ b/src/mod/acme/autorenew.go @@ -34,6 +34,7 @@ type AutoRenewer struct { AcmeHandler *ACMEHandler RenewerConfig *AutoRenewConfig RenewTickInterval int64 + EarlyRenewDays int //How many days before cert expire to renew certificate TickerstopChan chan bool } @@ -44,11 +45,15 @@ type ExpiredCerts struct { // Create an auto renew agent, require config filepath and auto scan & renew interval (seconds) // Set renew check interval to 0 for auto (1 day) -func NewAutoRenewer(config string, certFolder string, renewCheckInterval int64, AcmeHandler *ACMEHandler) (*AutoRenewer, error) { +func NewAutoRenewer(config string, certFolder string, renewCheckInterval int64, earlyRenewDays int, AcmeHandler *ACMEHandler) (*AutoRenewer, error) { if renewCheckInterval == 0 { renewCheckInterval = 86400 //1 day } + if earlyRenewDays == 0 { + earlyRenewDays = 30 + } + //Load the config file. If not found, create one if !utils.FileExists(config) { //Create one @@ -277,7 +282,7 @@ func (a *AutoRenewer) CheckAndRenewCertificates() ([]string, error) { if err != nil { continue } - if CertExpireSoon(certBytes) || CertIsExpired(certBytes) { + if CertExpireSoon(certBytes, a.EarlyRenewDays) || CertIsExpired(certBytes) { //This cert is expired DNSName, err := ExtractDomains(certBytes) @@ -305,7 +310,7 @@ func (a *AutoRenewer) CheckAndRenewCertificates() ([]string, error) { if err != nil { continue } - if CertExpireSoon(certBytes) || CertIsExpired(certBytes) { + if CertExpireSoon(certBytes, a.EarlyRenewDays) || CertIsExpired(certBytes) { //This cert is expired DNSName, err := ExtractDomains(certBytes) diff --git a/src/mod/acme/utils.go b/src/mod/acme/utils.go index 1638044..e0af40f 100644 --- a/src/mod/acme/utils.go +++ b/src/mod/acme/utils.go @@ -81,13 +81,14 @@ func CertIsExpired(certBytes []byte) bool { return false } -func CertExpireSoon(certBytes []byte) bool { +// CertExpireSoon check if the given cert bytes will expires within the given number of days from now +func CertExpireSoon(certBytes []byte, numberOfDays int) bool { block, _ := pem.Decode(certBytes) if block != nil { cert, err := x509.ParseCertificate(block.Bytes) if err == nil { expirationDate := cert.NotAfter - threshold := 14 * 24 * time.Hour // 14 days + threshold := time.Duration(numberOfDays) * 24 * time.Hour timeRemaining := time.Until(expirationDate) if timeRemaining <= threshold { diff --git a/src/reverseproxy.go b/src/reverseproxy.go index 2e5c1d7..90a9f77 100644 --- a/src/reverseproxy.go +++ b/src/reverseproxy.go @@ -509,6 +509,9 @@ func ReverseProxyHandleEditEndpoint(w http.ResponseWriter, r *http.Request) { //Save it to file SaveReverseProxyConfig(newProxyEndpoint) + //Update uptime monitor targets + UpdateUptimeMonitorTargets() + utils.SendOK(w) } @@ -589,12 +592,6 @@ func DeleteProxyEndpoint(w http.ResponseWriter, r *http.Request) { return } - //Update utm if exists - if uptimeMonitor != nil { - uptimeMonitor.Config.Targets = GetUptimeTargetsFromReverseProxyRules(dynamicProxyRouter) - uptimeMonitor.CleanRecords() - } - //Update uptime monitor UpdateUptimeMonitorTargets() diff --git a/src/start.go b/src/start.go index 8884e29..44a971e 100644 --- a/src/start.go +++ b/src/start.go @@ -279,7 +279,13 @@ func startupSequence() { //Create a table just to store acme related preferences sysdb.NewTable("acmepref") acmeHandler = initACME() - acmeAutoRenewer, err = acme.NewAutoRenewer("./conf/acme_conf.json", "./conf/certs/", int64(*acmeAutoRenewInterval), acmeHandler) + acmeAutoRenewer, err = acme.NewAutoRenewer( + "./conf/acme_conf.json", + "./conf/certs/", + int64(*acmeAutoRenewInterval), + *acmeCertAutoRenewDays, + acmeHandler, + ) if err != nil { log.Fatal(err) } diff --git a/src/vdir.go b/src/vdir.go index e5405bc..9bcced4 100644 --- a/src/vdir.go +++ b/src/vdir.go @@ -197,6 +197,8 @@ func ReverseProxyDeleteVdir(w http.ResponseWriter, r *http.Request) { return } + UpdateUptimeMonitorTargets() + utils.SendOK(w) } diff --git a/src/wrappers.go b/src/wrappers.go index bef6070..66098df 100644 --- a/src/wrappers.go +++ b/src/wrappers.go @@ -111,6 +111,7 @@ func HandleCountryDistrSummary(w http.ResponseWriter, r *http.Request) { func UpdateUptimeMonitorTargets() { if uptimeMonitor != nil { uptimeMonitor.Config.Targets = GetUptimeTargetsFromReverseProxyRules(dynamicProxyRouter) + uptimeMonitor.CleanRecords() go func() { uptimeMonitor.ExecuteUptimeCheck() }()