update
This commit is contained in:
@ -135,7 +135,7 @@ export class SmartProxy extends plugins.EventEmitter {
|
||||
skipConfiguredCerts: false,
|
||||
httpsRedirectPort: 443,
|
||||
renewCheckIntervalHours: 24,
|
||||
domainForwards: []
|
||||
routeForwards: []
|
||||
};
|
||||
}
|
||||
|
||||
@ -220,49 +220,8 @@ export class SmartProxy extends plugins.EventEmitter {
|
||||
if (this.port80Handler) {
|
||||
const acme = this.settings.acme!;
|
||||
|
||||
// Setup domain forwards
|
||||
const domainForwards = acme.domainForwards?.map(f => {
|
||||
// Check if a matching route exists
|
||||
const matchingRoute = this.settings.routes.find(
|
||||
route => Array.isArray(route.match.domains)
|
||||
? route.match.domains.some(d => d === f.domain)
|
||||
: route.match.domains === f.domain
|
||||
);
|
||||
|
||||
if (matchingRoute) {
|
||||
return {
|
||||
domain: f.domain,
|
||||
forwardConfig: f.forwardConfig,
|
||||
acmeForwardConfig: f.acmeForwardConfig,
|
||||
sslRedirect: f.sslRedirect || false
|
||||
};
|
||||
} else {
|
||||
// In route mode, look for matching route
|
||||
const route = this.routeManager.findMatchingRoute({
|
||||
port: 443,
|
||||
domain: f.domain,
|
||||
clientIp: '127.0.0.1' // Dummy IP for finding routes
|
||||
})?.route;
|
||||
|
||||
if (route && route.action.type === 'forward' && route.action.tls) {
|
||||
// If we found a matching route with TLS settings
|
||||
return {
|
||||
domain: f.domain,
|
||||
forwardConfig: f.forwardConfig,
|
||||
acmeForwardConfig: f.acmeForwardConfig,
|
||||
sslRedirect: f.sslRedirect || false
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
// Otherwise use the existing configuration
|
||||
return {
|
||||
domain: f.domain,
|
||||
forwardConfig: f.forwardConfig,
|
||||
acmeForwardConfig: f.acmeForwardConfig,
|
||||
sslRedirect: f.sslRedirect || false
|
||||
};
|
||||
}) || [];
|
||||
// Setup route forwards
|
||||
const routeForwards = acme.routeForwards?.map(f => f) || [];
|
||||
|
||||
// Create CertProvisioner with appropriate parameters
|
||||
// No longer need to support multiple configuration types
|
||||
@ -275,7 +234,7 @@ export class SmartProxy extends plugins.EventEmitter {
|
||||
acme.renewThresholdDays!,
|
||||
acme.renewCheckIntervalHours!,
|
||||
acme.autoRenew!,
|
||||
domainForwards
|
||||
routeForwards
|
||||
);
|
||||
|
||||
// Register certificate event handler
|
||||
@ -527,65 +486,53 @@ export class SmartProxy extends plugins.EventEmitter {
|
||||
|
||||
// If Port80Handler is running, provision certificates based on routes
|
||||
if (this.port80Handler && this.settings.acme?.enabled) {
|
||||
for (const route of newRoutes) {
|
||||
// Skip routes without domains
|
||||
if (!route.match.domains) continue;
|
||||
// Register all eligible domains from routes
|
||||
this.port80Handler.addDomainsFromRoutes(newRoutes);
|
||||
|
||||
// Skip non-forward routes
|
||||
if (route.action.type !== 'forward') continue;
|
||||
// Handle static certificates from certProvisionFunction if available
|
||||
if (this.settings.certProvisionFunction) {
|
||||
for (const route of newRoutes) {
|
||||
// Skip routes without domains
|
||||
if (!route.match.domains) continue;
|
||||
|
||||
// Skip routes without TLS termination
|
||||
if (!route.action.tls ||
|
||||
route.action.tls.mode === 'passthrough' ||
|
||||
!route.action.target) continue;
|
||||
// Skip non-forward routes
|
||||
if (route.action.type !== 'forward') continue;
|
||||
|
||||
// Skip certificate provisioning if certificate is not auto
|
||||
if (route.action.tls.certificate !== 'auto') continue;
|
||||
// Skip routes without TLS termination
|
||||
if (!route.action.tls ||
|
||||
route.action.tls.mode === 'passthrough' ||
|
||||
!route.action.target) continue;
|
||||
|
||||
const domains = Array.isArray(route.match.domains)
|
||||
? route.match.domains
|
||||
: [route.match.domains];
|
||||
// Skip certificate provisioning if certificate is not auto
|
||||
if (route.action.tls.certificate !== 'auto') continue;
|
||||
|
||||
for (const domain of domains) {
|
||||
const isWildcard = domain.includes('*');
|
||||
let provision: string | plugins.tsclass.network.ICert = 'http01';
|
||||
const domains = Array.isArray(route.match.domains)
|
||||
? route.match.domains
|
||||
: [route.match.domains];
|
||||
|
||||
if (this.settings.certProvisionFunction) {
|
||||
for (const domain of domains) {
|
||||
try {
|
||||
provision = await this.settings.certProvisionFunction(domain);
|
||||
const provision = await this.settings.certProvisionFunction(domain);
|
||||
|
||||
// Skip http01 as those are handled by Port80Handler
|
||||
if (provision !== 'http01') {
|
||||
// Handle static certificate (e.g., DNS-01 provisioned)
|
||||
const certObj = provision as plugins.tsclass.network.ICert;
|
||||
const certData: ICertificateData = {
|
||||
domain: certObj.domainName,
|
||||
certificate: certObj.publicKey,
|
||||
privateKey: certObj.privateKey,
|
||||
expiryDate: new Date(certObj.validUntil),
|
||||
routeReference: {
|
||||
routeName: route.name
|
||||
}
|
||||
};
|
||||
this.networkProxyBridge.applyExternalCertificate(certData);
|
||||
console.log(`Applied static certificate for ${domain} from certProvider`);
|
||||
}
|
||||
} catch (err) {
|
||||
console.log(`certProvider error for ${domain}: ${err}`);
|
||||
}
|
||||
} else if (isWildcard) {
|
||||
console.warn(`Skipping wildcard domain without certProvisionFunction: ${domain}`);
|
||||
continue;
|
||||
}
|
||||
|
||||
if (provision === 'http01') {
|
||||
if (isWildcard) {
|
||||
console.warn(`Skipping HTTP-01 for wildcard domain: ${domain}`);
|
||||
continue;
|
||||
}
|
||||
|
||||
// Register domain with Port80Handler
|
||||
this.port80Handler.addDomain({
|
||||
domainName: domain,
|
||||
sslRedirect: true,
|
||||
acmeMaintenance: true
|
||||
});
|
||||
|
||||
console.log(`Registered domain ${domain} with Port80Handler for HTTP-01`);
|
||||
} else {
|
||||
// Handle static certificate (e.g., DNS-01 provisioned)
|
||||
const certObj = provision as plugins.tsclass.network.ICert;
|
||||
const certData: ICertificateData = {
|
||||
domain: certObj.domainName,
|
||||
certificate: certObj.publicKey,
|
||||
privateKey: certObj.privateKey,
|
||||
expiryDate: new Date(certObj.validUntil)
|
||||
};
|
||||
this.networkProxyBridge.applyExternalCertificate(certData);
|
||||
console.log(`Applied static certificate for ${domain} from certProvider`);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -596,14 +543,17 @@ export class SmartProxy extends plugins.EventEmitter {
|
||||
|
||||
/**
|
||||
* Request a certificate for a specific domain
|
||||
*
|
||||
* @param domain The domain to request a certificate for
|
||||
* @param routeName Optional route name to associate with the certificate
|
||||
*/
|
||||
public async requestCertificate(domain: string): Promise<boolean> {
|
||||
public async requestCertificate(domain: string, routeName?: string): Promise<boolean> {
|
||||
// Validate domain format
|
||||
if (!this.isValidDomain(domain)) {
|
||||
console.log(`Invalid domain format: ${domain}`);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
// Use Port80Handler if available
|
||||
if (this.port80Handler) {
|
||||
try {
|
||||
@ -613,15 +563,16 @@ export class SmartProxy extends plugins.EventEmitter {
|
||||
console.log(`Certificate already exists for ${domain}, valid until ${cert.expiryDate.toISOString()}`);
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
// Register domain for certificate issuance
|
||||
this.port80Handler.addDomain({
|
||||
domainName: domain,
|
||||
domain,
|
||||
sslRedirect: true,
|
||||
acmeMaintenance: true
|
||||
acmeMaintenance: true,
|
||||
routeReference: routeName ? { routeName } : undefined
|
||||
});
|
||||
|
||||
console.log(`Domain ${domain} registered for certificate issuance`);
|
||||
|
||||
console.log(`Domain ${domain} registered for certificate issuance` + (routeName ? ` for route '${routeName}'` : ''));
|
||||
return true;
|
||||
} catch (err) {
|
||||
console.log(`Error registering domain with Port80Handler: ${err}`);
|
||||
|
||||
Reference in New Issue
Block a user