From 550b961ab3f4e44e0c7ffc8beedab99ed0b0e5a7 Mon Sep 17 00:00:00 2001 From: Joe Uhren Date: Sun, 20 Aug 2023 14:30:20 -0600 Subject: [PATCH] Auto update expired TLS/SSL certificates -Previously when manually linking TLS/SSL certificates from certbot, the certificates themselves would be automatically updated via certbot but the explorer was still referencing the old certificates in memory and would cause https connections to stop working once the certificates actually expired. The explorer now watches for changes to the certificate directory and will automatically refresh and use the new certificates without requiring any kind of restart. --- app.js | 38 ++++++++++++++++++++++++++++++-------- 1 file changed, 30 insertions(+), 8 deletions(-) diff --git a/app.js b/app.js index 5503547..d66080b 100644 --- a/app.js +++ b/app.js @@ -877,18 +877,40 @@ app.use(function(err, req, res, next) { // determine if tls features should be enabled if (settings.webserver.tls.enabled == true) { + function readCertsSync() { + var tls_options = {}; + + try { + tls_options = { + key: db.fs.readFileSync(settings.webserver.tls.key_file), + cert: db.fs.readFileSync(settings.webserver.tls.cert_file), + ca: db.fs.readFileSync(settings.webserver.tls.chain_file) + }; + } catch(e) { + console.warn('There was a problem reading tls certificates. Check that the certificate, chain and key paths are correct.'); + } + + return tls_options; + } + + const https = require('https'); + let httpd = https.createServer(readCertsSync(), app).listen(settings.webserver.tls.port); + try { - var tls_options = { - key: db.fs.readFileSync(settings.webserver.tls.key_file), - cert: db.fs.readFileSync(settings.webserver.tls.cert_file), - ca: db.fs.readFileSync(settings.webserver.tls.chain_file) - }; + let waitForCertsToRefresh; + + // watch for changes to the certificate directory + db.fs.watch(path.dirname(settings.webserver.tls.key_file), () => { + clearTimeout(waitForCertsToRefresh); + + // refresh certificates as they are changed on disk + waitForCertsToRefresh = setTimeout(() => { + httpd.setSecureContext(readCertsSync()); + }, 1000); + }); } catch(e) { console.warn('There was a problem reading tls certificates. Check that the certificate, chain and key paths are correct.'); } - - var https = require('https'); - https.createServer(tls_options, app).listen(settings.webserver.tls.port); } // get the latest git commit id (if exists)