zydronium/neocities
1
0
Fork 0
mirror of https://github.com/neocities/neocities.git synced 2025-04-25 01:32:36 +02:00
Code Issues Projects Releases Packages Wiki Activity

the subdomain also needs auth apparently

Browse source
This commit is contained in:
Kyle Drake 2016-06-18 18:40:17 -07:00
parent 1fc3120363
commit 96642dc27a
1 changed files with 25 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

49
workers/lets_encrypt_worker.rb
View file

@ -8,10 +8,15 @@ class LetsEncryptWorker
180 180
end end
def letsencrypt
Acme::Client.new(
private_key: OpenSSL::PKey::RSA.new(File.read($config['letsencrypt_key'])),
endpoint: $config['letsencrypt_endpoint']
)
end
def perform(site_id) def perform(site_id)
# Dispose of dupes # Dispose of dupes
queue = Sidekiq::Queue.new self.class.sidekiq_options_hash['queue'] queue = Sidekiq::Queue.new self.class.sidekiq_options_hash['queue']
queue.each do |job| queue.each do |job|
if job.args == [site_id] && job.jid != jid if job.args == [site_id] && job.jid != jid
@ -19,38 +24,34 @@ class LetsEncryptWorker
end end
end end
letsencrypt = Acme::Client.new(
private_key: OpenSSL::PKey::RSA.new(File.read($config['letsencrypt_key'])),
endpoint: $config['letsencrypt_endpoint']
)
site = Site[site_id] site = Site[site_id]
return if site.domain.blank? || site.is_deleted || site.is_banned return if site.domain.blank? || site.is_deleted || site.is_banned
auth = letsencrypt.authorize domain: site.domain domains = [site.domain, "www.#{site.domain}"]
challenge = auth.http01 domains.each_with_index do |domain, index|
auth = letsencrypt.authorize domain: site.domain
challenge = auth.http01
FileUtils.mkdir_p File.join(site.base_files_path, File.dirname(challenge.filename)) FileUtils.mkdir_p File.join(site.base_files_path, File.dirname(challenge.filename)) if index == 0
File.write File.join(site.base_files_path, challenge.filename), challenge.file_content File.write File.join(site.base_files_path, challenge.filename), challenge.file_content
challenge.request_verification challenge.request_verification
sleep 1 sleep 1
attempts = 0
attempts = 0 begin
raise VerificationTimeoutError if attempts == 30
begin raise NotAuthorizedYetError if challenge.verify_status != 'valid'
raise VerificationTimeoutError if attempts == 30 rescue NotAuthorizedYet
raise NotAuthorizedYetError if challenge.verify_status != 'valid' sleep 5
rescue NotAuthorizedYet attempts += 1
sleep 5 retry
attempts += 1 end
retry
end end
csr = Acme::Client::CertificateRequest.new names: [site.domain, "www.#{site.domain}"] csr = Acme::Client::CertificateRequest.new names: domains
certificate = letsencrypt.new_certificate csr certificate = letsencrypt.new_certificate csr
site.ssl_key = certificate.request.private_key.to_pem site.ssl_key = certificate.request.private_key.to_pem
site.ssl_cert = certificate.fullchain_to_pem site.ssl_cert = certificate.fullchain_to_pem