BREAKING CHANGE(smartproxy/configuration): Migrate SmartProxy to a fully unified route‐based configuration by removing legacy domain-based settings and conversion code. CertProvisioner, NetworkProxyBridge, and RouteManager now use IRouteConfig exclusively, and related legacy interfaces and files have been removed.

ts/certificate/providers/cert-provisioner.ts

@@ -1,5 +1,6 @@
 import * as plugins from '../../plugins.js';
 import type { IDomainConfig } from '../../forwarding/config/domain-config.js';
+import type { IRouteConfig } from '../../proxies/smart-proxy/models/route-types.js';
 import type { ICertificateData, IDomainForwardConfig, IDomainOptions } from '../models/certificate-types.js';
 import { Port80HandlerEvents, CertProvisionerEvents } from '../events/certificate-events.js';
 import { Port80Handler } from '../../http/port80/port80-handler.js';
@@ -28,6 +29,45 @@ export class CertProvisioner extends plugins.EventEmitter {
   private port80Handler: Port80Handler;
   private networkProxyBridge: INetworkProxyBridge;
   private certProvisionFunction?: (domain: string) => Promise<TCertProvisionObject>;
+
+  /**
+   * Extract domains from route configurations for certificate management
+   * @param routes Route configurations
+   */
+  private extractDomainsFromRoutes(routes: IRouteConfig[]): void {
+    // Process all HTTPS routes that need certificates
+    for (const route of routes) {
+      // Only process routes with TLS termination that need certificates
+      if (route.action.type === 'forward' &&
+          route.action.tls &&
+          (route.action.tls.mode === 'terminate' || route.action.tls.mode === 'terminate-and-reencrypt') &&
+          route.match.domains) {
+
+        // Extract domains from the route
+        const domains = Array.isArray(route.match.domains)
+          ? route.match.domains
+          : [route.match.domains];
+
+        // Skip wildcard domains that can't use ACME
+        const eligibleDomains = domains.filter(d => !d.includes('*'));
+
+        if (eligibleDomains.length > 0) {
+          // Create a domain config object for certificate provisioning
+          const domainConfig: IDomainConfig = {
+            domains: eligibleDomains,
+            forwarding: {
+              type: route.action.tls.mode === 'terminate' ? 'https-terminate-to-http' : 'https-terminate-to-https',
+              target: route.action.target || { host: 'localhost', port: 80 },
+              // Add any other required properties from the legacy format
+              security: route.action.security || {}
+            }
+          };
+
+          this.domainConfigs.push(domainConfig);
+        }
+      }
+    }
+  };
   private forwardConfigs: IDomainForwardConfig[];
   private renewThresholdDays: number;
   private renewCheckIntervalHours: number;
@@ -47,7 +87,7 @@ export class CertProvisioner extends plugins.EventEmitter {
    * @param forwardConfigs Domain forwarding configurations for ACME challenges
    */
   constructor(
-    domainConfigs: IDomainConfig[],
+    routeConfigs: IRouteConfig[],
     port80Handler: Port80Handler,
     networkProxyBridge: INetworkProxyBridge,
     certProvider?: (domain: string) => Promise<TCertProvisionObject>,
@@ -57,7 +97,8 @@ export class CertProvisioner extends plugins.EventEmitter {
     forwardConfigs: IDomainForwardConfig[] = []
   ) {
     super();
-    this.domainConfigs = domainConfigs;
+    this.domainConfigs = [];
+    this.extractDomainsFromRoutes(routeConfigs);
     this.port80Handler = port80Handler;
     this.networkProxyBridge = networkProxyBridge;
     this.certProvisionFunction = certProvider;