davide/purple-explorer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Auto update expired TLS/SSL certificates

Browse Source 
-Previously when manually linking TLS/SSL certificates from certbot, the certificates themselves would be automatically updated via certbot but the explorer was still referencing the old certificates in memory and would cause https connections to stop working once the certificates actually expired. The explorer now watches for changes to the certificate directory and will automatically refresh and use the new certificates without requiring any kind of restart.
This commit is contained in:
Joe Uhren
2023-08-20 14:30:20 -06:00
parent eec0efa25c
commit 550b961ab3
1 changed files with 30 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app.js
+30 -8
View File
@@ -877,18 +877,40 @@ app.use(function(err, req, res, next) {
// determine if tls features should be enabled
if (settings.webserver.tls.enabled == true) {
function readCertsSync() {
var tls_options = {};
try {
tls_options = {
key: db.fs.readFileSync(settings.webserver.tls.key_file),
cert: db.fs.readFileSync(settings.webserver.tls.cert_file),
ca: db.fs.readFileSync(settings.webserver.tls.chain_file)
};
} catch(e) {
console.warn('There was a problem reading tls certificates. Check that the certificate, chain and key paths are correct.');
}
return tls_options;
}
const https = require('https');
let httpd = https.createServer(readCertsSync(), app).listen(settings.webserver.tls.port);
try {
var tls_options = {
key: db.fs.readFileSync(settings.webserver.tls.key_file),
cert: db.fs.readFileSync(settings.webserver.tls.cert_file),
ca: db.fs.readFileSync(settings.webserver.tls.chain_file)
};
let waitForCertsToRefresh;
// watch for changes to the certificate directory
db.fs.watch(path.dirname(settings.webserver.tls.key_file), () => {
clearTimeout(waitForCertsToRefresh);
// refresh certificates as they are changed on disk
waitForCertsToRefresh = setTimeout(() => {
httpd.setSecureContext(readCertsSync());
}, 1000);
});
} catch(e) {
console.warn('There was a problem reading tls certificates. Check that the certificate, chain and key paths are correct.');
}
var https = require('https');
https.createServer(tls_options, app).listen(settings.webserver.tls.port);
}
// get the latest git commit id (if exists)