fix: Renew certificates

2022-05-03 11:40:02 +02:00 · 2022-05-03 11:40:02 +02:00 · 8b813fb07a
commit 8b813fb07a
parent 40da3ff9fe
5 changed files with 80 additions and 7 deletions
--- a/src/lib/letsencrypt/index.ts
+++ b/src/lib/letsencrypt/index.ts
@ -290,3 +290,28 @@ export async function generateSSLCerts(): Promise<void> {
 		}
 	}
 }
+
+export async function renewSSLCerts(): Promise<void> {
+	const host = 'unix:///var/run/docker.sock';
+	await asyncExecShell(`docker pull alpine:latest`);
+	const certbotImage =
+		process.arch === 'x64' ? 'certbot/certbot' : 'certbot/certbot:arm64v8-latest';
+
+	const { stdout: certificates } = await asyncExecShell(
+		`DOCKER_HOST=${host} docker run --rm -v "coolify-letsencrypt:/etc/letsencrypt" -v "coolify-ssl-certs:/app/ssl" alpine:latest sh -c "ls -1 /etc/letsencrypt/live/ | grep -v README"`
+	);
+
+	for (const certificate of certificates.trim().split('\n')) {
+		try {
+			await asyncExecShell(
+				`DOCKER_HOST=${host} docker run --rm --name certbot-renewal -p 9080:9080 -v "coolify-letsencrypt:/etc/letsencrypt" ${certbotImage} --cert-name ${certificate} --logs-dir /etc/letsencrypt/logs renew --standalone --preferred-challenges http --http-01-address 0.0.0.0 --http-01-port 9080`
+			);
+			await asyncExecShell(
+				`DOCKER_HOST=${host} docker run --rm -v "coolify-letsencrypt:/etc/letsencrypt" -v "coolify-ssl-certs:/app/ssl" alpine:latest sh -c "test -d /etc/letsencrypt/live/${certificate}/ && cat /etc/letsencrypt/live/${certificate}/fullchain.pem /etc/letsencrypt/live/${certificate}/privkey.pem > /app/ssl/${certificate}.pem"`
+			);
+		} catch (error) {
+			console.log(error);
+		}
+	}
+	await reloadHaproxy('unix:///var/run/docker.sock');
+}
--- a/src/lib/queues/index.ts
+++ b/src/lib/queues/index.ts
@ -116,7 +116,7 @@ const cron = async (): Promise<void> => {
 	await queue.proxyTcpHttp.add('proxyTcpHttp', {}, { repeat: { every: 10000 } });
 	await queue.ssl.add('ssl', {}, { repeat: { every: dev ? 10000 : 60000 } });
 	if (!dev) await queue.cleanup.add('cleanup', {}, { repeat: { every: 300000 } });
-	await queue.sslRenew.add('sslRenew', {}, { repeat: { every: 1800000 } });
+	if (!dev) await queue.sslRenew.add('sslRenew', {}, { repeat: { every: 1800000 } });
 	await queue.autoUpdater.add('autoUpdater', {}, { repeat: { every: 60000 } });
 };
 cron().catch((error) => {
--- a/src/lib/queues/sslrenewal.ts
+++ b/src/lib/queues/sslrenewal.ts
@ -1,9 +1,10 @@
-import { asyncExecShell } from '$lib/common';
-import { reloadHaproxy } from '$lib/haproxy';
+import { renewSSLCerts } from '$lib/letsencrypt';

 export default async function (): Promise<void> {
-	await asyncExecShell(
-		`docker run --rm --name certbot-renewal -v "coolify-letsencrypt:/etc/letsencrypt" certbot/certbot --logs-dir /etc/letsencrypt/logs renew`
-	);
-	await reloadHaproxy('unix:///var/run/docker.sock');
+	try {
+		return await renewSSLCerts();
+	} catch (error) {
+		console.log(error);
+		throw error;
+	}
 }
--- a/src/routes/settings/index.svelte
+++ b/src/routes/settings/index.svelte
@ -111,6 +111,14 @@
 			loading.save = false;
 		}
 	}
+	async function renewCerts() {
+		try {
+			toast.push('Renewing certificates...');
+			return await post(`/settings/renew.json`, {});
+		} catch ({ error }) {
+			return errorNotification(error);
+		}
+	}
 </script>

 <div class="flex space-x-1 p-6 font-bold">
@ -219,6 +227,19 @@
 							on:click={() => changeSettings('isAutoUpdateEnabled')}
 						/>
 					</div>
+					<div class="grid grid-cols-2 items-center">
+						<div class="flex flex-col">
+							<div class="pt-2 text-base font-bold text-stone-100">
+								Renew SSL Certificates manually
+							</div>
+							<Explainer text="It will check and renew certificates manually" />
+						</div>
+						<div class="mx-auto ">
+							<button class="w-32 bg-coollabs hover:bg-coollabs-100" on:click={renewCerts}
+								>SSL renew manually</button
+							>
+						</div>
+					</div>
 				{/if}
 			</div>
 		</form>
--- a/src/routes/settings/renew.json.ts
+++ b/src/routes/settings/renew.json.ts
@ -0,0 +1,26 @@
+import { getUserDetails } from '$lib/common';
+import { ErrorHandler } from '$lib/database';
+import { renewSSLCerts } from '$lib/letsencrypt';
+import { t } from '$lib/translations';
+import type { RequestHandler } from '@sveltejs/kit';
+
+export const post: RequestHandler = async (event) => {
+	const { teamId, status, body } = await getUserDetails(event);
+	if (teamId !== '0')
+		return {
+			status: 401,
+			body: {
+				message: t.get('setting.permission_denied')
+			}
+		};
+	if (status === 401) return { status, body };
+
+	try {
+		renewSSLCerts();
+		return {
+			status: 201
+		};
+	} catch (error) {
+		return ErrorHandler(error);
+	}
+};