push.rocks/smartproxy
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(acme): Improve certificate management by adding global ACME configuration support and allowing route-level overrides. Enhanced error messages help identify missing ACME email and misconfigurations (e.g. wildcard domains). Documentation has been updated and new tests added to verify SmartCertManager behavior, ensuring a clearer migration path from legacy implementations.

Browse Source
This commit is contained in:
Philipp Kunz
2025-05-18 18:29:59 +00:00
parent ac4645dff7
commit 68738137a0
14 changed files with 706 additions and 1472 deletions
Download Patch File Download Diff File Expand all files Collapse all files

144
test/test.acme-configuration.node.ts Normal file
View File

@ -0,0 +1,144 @@
import { expect, tap } from '@push.rocks/tapbundle';
import { SmartProxy } from '../ts/proxies/smart-proxy/index.js';
let smartProxy: SmartProxy;
tap.test('should create SmartProxy with top-level ACME configuration', async () => {
smartProxy = new SmartProxy({
// Top-level ACME configuration
acme: {
email: 'test@example.com',
useProduction: false,
port: 80,
renewThresholdDays: 30
},
routes: [{
name: 'example.com',
match: { domains: 'example.com', ports: 443 },
action: {
type: 'forward',
target: { host: 'localhost', port: 8080 },
tls: {
mode: 'terminate',
certificate: 'auto' // Uses top-level ACME config
}
}
}]
});
expect(smartProxy).toBeInstanceOf(SmartProxy);
expect(smartProxy.settings.acme?.email).toEqual('test@example.com');
expect(smartProxy.settings.acme?.useProduction).toEqual(false);
});
tap.test('should support route-level ACME configuration', async () => {
const proxy = new SmartProxy({
routes: [{
name: 'custom.com',
match: { domains: 'custom.com', ports: 443 },
action: {
type: 'forward',
target: { host: 'localhost', port: 8080 },
tls: {
mode: 'terminate',
certificate: 'auto',
acme: { // Route-specific ACME config
email: 'custom@example.com',
useProduction: true
}
}
}
}]
});
expect(proxy).toBeInstanceOf(SmartProxy);
});
tap.test('should use top-level ACME as defaults and allow route overrides', async () => {
const proxy = new SmartProxy({
acme: {
email: 'default@example.com',
useProduction: false
},
routes: [{
name: 'default-route',
match: { domains: 'default.com', ports: 443 },
action: {
type: 'forward',
target: { host: 'localhost', port: 8080 },
tls: {
mode: 'terminate',
certificate: 'auto' // Uses top-level defaults
}
}
}, {
name: 'custom-route',
match: { domains: 'custom.com', ports: 443 },
action: {
type: 'forward',
target: { host: 'localhost', port: 8081 },
tls: {
mode: 'terminate',
certificate: 'auto',
acme: { // Override for this route
email: 'special@example.com',
useProduction: true
}
}
}
}]
});
expect(proxy.settings.acme?.email).toEqual('default@example.com');
});
tap.test('should validate ACME configuration warnings', async () => {
// Test missing email
let errorThrown = false;
try {
const proxy = new SmartProxy({
routes: [{
name: 'no-email',
match: { domains: 'test.com', ports: 443 },
action: {
type: 'forward',
target: { host: 'localhost', port: 8080 },
tls: {
mode: 'terminate',
certificate: 'auto' // No ACME email configured
}
}
}]
});
await proxy.start();
} catch (error) {
errorThrown = true;
expect(error.message).toInclude('ACME email is required');
}
expect(errorThrown).toBeTrue();
});
tap.test('should support accountEmail alias', async () => {
const proxy = new SmartProxy({
acme: {
accountEmail: 'account@example.com', // Using alias
useProduction: false
},
routes: [{
name: 'alias-test',
match: { domains: 'alias.com', ports: 443 },
action: {
type: 'forward',
target: { host: 'localhost', port: 8080 },
tls: {
mode: 'terminate',
certificate: 'auto'
}
}
}]
});
expect(proxy.settings.acme?.email).toEqual('account@example.com');
});
tap.start();