marcel/zoraxy
1
0
Fork 0
mirror of https://github.com/tobychui/zoraxy.git synced 2025-06-24 00:13:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixed #256

Browse Source 
- Added startup paramter to change the early renew days of certificates
- Changed the default early renew days of certificates from 14 days to 30 days
- Fixed vdir update not updating uptime monitor bug
This commit is contained in:
Toby Chui 2024-07-21 15:11:13 +08:00
parent 955a2232df
commit f4a5c905e7
7 changed files with 25 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/main.go
View File

@ -50,6 +50,7 @@ var ztAuthToken = flag.String("ztauth", "", "ZeroTier authtoken for the local no
var ztAPIPort = flag.Int("ztport", 9993, "ZeroTier controller API port") var ztAPIPort = flag.Int("ztport", 9993, "ZeroTier controller API port")
var runningInDocker = flag.Bool("docker", false, "Run Zoraxy in docker compatibility mode") var runningInDocker = flag.Bool("docker", false, "Run Zoraxy in docker compatibility mode")
var acmeAutoRenewInterval = flag.Int("autorenew", 86400, "ACME auto TLS/SSL certificate renew check interval (seconds)") var acmeAutoRenewInterval = flag.Int("autorenew", 86400, "ACME auto TLS/SSL certificate renew check interval (seconds)")
var acmeCertAutoRenewDays = flag.Int("earlyrenew", 30, "Number of days to early renew a soon expiring certificate (days)")
var enableHighSpeedGeoIPLookup = flag.Bool("fastgeoip", false, "Enable high speed geoip lookup, require 1GB extra memory (Not recommend for low end devices)") var enableHighSpeedGeoIPLookup = flag.Bool("fastgeoip", false, "Enable high speed geoip lookup, require 1GB extra memory (Not recommend for low end devices)")
var staticWebServerRoot = flag.String("webroot", "./www", "Static web server root folder. Only allow chnage in start paramters") var staticWebServerRoot = flag.String("webroot", "./www", "Static web server root folder. Only allow chnage in start paramters")
var allowWebFileManager = flag.Bool("webfm", true, "Enable web file manager for static web server root folder") var allowWebFileManager = flag.Bool("webfm", true, "Enable web file manager for static web server root folder")

11
src/mod/acme/autorenew.go
View File

@ -34,6 +34,7 @@ type AutoRenewer struct {
AcmeHandler *ACMEHandler AcmeHandler *ACMEHandler
RenewerConfig *AutoRenewConfig RenewerConfig *AutoRenewConfig
RenewTickInterval int64 RenewTickInterval int64
EarlyRenewDays int //How many days before cert expire to renew certificate
TickerstopChan chan bool TickerstopChan chan bool
} }
@ -44,11 +45,15 @@ type ExpiredCerts struct {
// Create an auto renew agent, require config filepath and auto scan & renew interval (seconds) // Create an auto renew agent, require config filepath and auto scan & renew interval (seconds)
// Set renew check interval to 0 for auto (1 day) // Set renew check interval to 0 for auto (1 day)
func NewAutoRenewer(config string, certFolder string, renewCheckInterval int64, AcmeHandler *ACMEHandler) (*AutoRenewer, error) { func NewAutoRenewer(config string, certFolder string, renewCheckInterval int64, earlyRenewDays int, AcmeHandler *ACMEHandler) (*AutoRenewer, error) {
if renewCheckInterval == 0 { if renewCheckInterval == 0 {
renewCheckInterval = 86400 //1 day renewCheckInterval = 86400 //1 day
} }
if earlyRenewDays == 0 {
earlyRenewDays = 30
}
//Load the config file. If not found, create one //Load the config file. If not found, create one
if !utils.FileExists(config) { if !utils.FileExists(config) {
//Create one //Create one
@ -277,7 +282,7 @@ func (a *AutoRenewer) CheckAndRenewCertificates() ([]string, error) {
if err != nil { if err != nil {
continue continue
} }
if CertExpireSoon(certBytes) || CertIsExpired(certBytes) { if CertExpireSoon(certBytes, a.EarlyRenewDays) || CertIsExpired(certBytes) {
//This cert is expired //This cert is expired
DNSName, err := ExtractDomains(certBytes) DNSName, err := ExtractDomains(certBytes)
@ -305,7 +310,7 @@ func (a *AutoRenewer) CheckAndRenewCertificates() ([]string, error) {
if err != nil { if err != nil {
continue continue
} }
if CertExpireSoon(certBytes) || CertIsExpired(certBytes) { if CertExpireSoon(certBytes, a.EarlyRenewDays) || CertIsExpired(certBytes) {
//This cert is expired //This cert is expired
DNSName, err := ExtractDomains(certBytes) DNSName, err := ExtractDomains(certBytes)

5
src/mod/acme/utils.go
View File

@ -81,13 +81,14 @@ func CertIsExpired(certBytes []byte) bool {
return false return false
} }
func CertExpireSoon(certBytes []byte) bool { // CertExpireSoon check if the given cert bytes will expires within the given number of days from now
func CertExpireSoon(certBytes []byte, numberOfDays int) bool {
block, _ := pem.Decode(certBytes) block, _ := pem.Decode(certBytes)
if block != nil { if block != nil {
cert, err := x509.ParseCertificate(block.Bytes) cert, err := x509.ParseCertificate(block.Bytes)
if err == nil { if err == nil {
expirationDate := cert.NotAfter expirationDate := cert.NotAfter
threshold := 14 * 24 * time.Hour // 14 days threshold := time.Duration(numberOfDays) * 24 * time.Hour
timeRemaining := time.Until(expirationDate) timeRemaining := time.Until(expirationDate)
if timeRemaining <= threshold { if timeRemaining <= threshold {

9
src/reverseproxy.go
View File

@ -509,6 +509,9 @@ func ReverseProxyHandleEditEndpoint(w http.ResponseWriter, r *http.Request) {
//Save it to file //Save it to file
SaveReverseProxyConfig(newProxyEndpoint) SaveReverseProxyConfig(newProxyEndpoint)
//Update uptime monitor targets
UpdateUptimeMonitorTargets()
utils.SendOK(w) utils.SendOK(w)
} }
@ -589,12 +592,6 @@ func DeleteProxyEndpoint(w http.ResponseWriter, r *http.Request) {
return return
} }
//Update utm if exists
if uptimeMonitor != nil {
uptimeMonitor.Config.Targets = GetUptimeTargetsFromReverseProxyRules(dynamicProxyRouter)
uptimeMonitor.CleanRecords()
}
//Update uptime monitor //Update uptime monitor
UpdateUptimeMonitorTargets() UpdateUptimeMonitorTargets()

8
src/start.go
View File

@ -279,7 +279,13 @@ func startupSequence() {
//Create a table just to store acme related preferences //Create a table just to store acme related preferences
sysdb.NewTable("acmepref") sysdb.NewTable("acmepref")
acmeHandler = initACME() acmeHandler = initACME()
acmeAutoRenewer, err = acme.NewAutoRenewer("./conf/acme_conf.json", "./conf/certs/", int64(*acmeAutoRenewInterval), acmeHandler) acmeAutoRenewer, err = acme.NewAutoRenewer(
"./conf/acme_conf.json",
"./conf/certs/",
int64(*acmeAutoRenewInterval),
*acmeCertAutoRenewDays,
acmeHandler,
)
if err != nil { if err != nil {
log.Fatal(err) log.Fatal(err)
} }

2
src/vdir.go
View File

@ -197,6 +197,8 @@ func ReverseProxyDeleteVdir(w http.ResponseWriter, r *http.Request) {
return return
} }
UpdateUptimeMonitorTargets()
utils.SendOK(w) utils.SendOK(w)
} }

1
src/wrappers.go
View File

@ -111,6 +111,7 @@ func HandleCountryDistrSummary(w http.ResponseWriter, r *http.Request) {
func UpdateUptimeMonitorTargets() { func UpdateUptimeMonitorTargets() {
if uptimeMonitor != nil { if uptimeMonitor != nil {
uptimeMonitor.Config.Targets = GetUptimeTargetsFromReverseProxyRules(dynamicProxyRouter) uptimeMonitor.Config.Targets = GetUptimeTargetsFromReverseProxyRules(dynamicProxyRouter)
uptimeMonitor.CleanRecords()
go func() { go func() {
uptimeMonitor.ExecuteUptimeCheck() uptimeMonitor.ExecuteUptimeCheck()
}() }()