librewolf
/
bunkerized-nginx
mirror of https://github.com/bunkerity/bunkerized-nginx
4
0
Fork 1
Code Issues Projects Releases Wiki Activity

Fix custom-cert core plugin

This commit is contained in:
Théophile Diot 2023-05-26 14:47:40 -04:00
parent 953128be6e
commit 334be43462
No known key found for this signature in database
GPG Key ID: E752C80DB72BB014
4 changed files with 16 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/common/core/customcert/confs/server-http/custom-cert.conf
View File

@ -1,8 +1,6 @@
{% set os_path = import("os.path") %}
{% set cert_file_path = "/data/cache/customcert/{}".format(CUSTOM_SSL_CERT.replace("/", "_")) %}
{% set key_file_path = "/data/cache/customcert/{}".format(CUSTOM_SSL_KEY.replace("/", "_")) %}
{% if USE_CUSTOM_SSL == "yes" and os_path.isfile(cert_file_path) and os_path.isfile(key_file_path) +%}
{% if USE_CUSTOM_SSL == "yes" and os_path.isfile("/var/cache/bunkerweb/customcert/cert.pem") and os_path.isfile("/var/cache/bunkerweb/customcert/cert.key") +%}
# listen on HTTPS PORT
listen 0.0.0.0:{{ HTTPS_PORT }} ssl {% if HTTP2 == "yes" %}http2{% endif %} {% if USE_PROXY_PROTOCOL == "yes" %}proxy_protocol{% endif %};
@ -11,8 +9,8 @@ listen [::]:{{ HTTPS_PORT }} ssl {% if HTTP2 == "yes" %}http2{% endif %} {% if U
{% endif %}
# TLS config
ssl_certificate {{ cert_file_path }};
ssl_certificate_key {{ key_file_path }};
ssl_certificate /var/cache/bunkerweb/customcert/cert.pem;
ssl_certificate_key /var/cache/bunkerweb/customcert/cert.key;
ssl_protocols {{ SSL_PROTOCOLS }};
ssl_prefer_server_ciphers on;
ssl_session_tickets off;

6
src/common/core/customcert/confs/server-stream/custom-cert.conf
View File

@ -1,6 +1,6 @@
{% set os_path = import("os.path") %}
{% if USE_CUSTOM_SSL == "yes" and os_path.isfile("/data/cache/customcert/cert.pem") and os_path.isfile("/data/cache/customcert/key.pem") +%}
{% if USE_CUSTOM_SSL == "yes" and os_path.isfile("/var/cache/bunkerweb/customcert/cert.pem") and os_path.isfile("/var/cache/bunkerweb/customcert/cert.key") +%}
# listen
listen 0.0.0.0:{{ LISTEN_STREAM_PORT_SSL }} ssl {% if USE_UDP == "yes" %} udp {% endif %}{% if USE_PROXY_PROTOCOL == "yes" %} proxy_protocol {% endif %};
@ -9,8 +9,8 @@ listen [::]:{{ LISTEN_STREAM_PORT_SSL }} ssl {% if USE_UDP == "yes" %} udp {% en
{% endif %}
# TLS config
ssl_certificate /data/cache/customcert/cert.pem;
ssl_certificate_key /data/cache/customcert/key.pem;
ssl_certificate /var/cache/bunkerweb/customcert/cert.pem;
ssl_certificate_key /var/cache/bunkerweb/customcert/cert.key;
ssl_protocols {{ SSL_PROTOCOLS }};
ssl_prefer_server_ciphers on;
ssl_session_tickets off;

8
src/common/core/customcert/jobs/custom-cert.py
View File

@ -59,7 +59,9 @@ def check_cert(
if old_hash == cert_hash:
return False
cached, err = cache_file(cert_path, cert_cache_path, cert_hash, db)
cached, err = cache_file(
cert_path, cert_cache_path, cert_hash, db, delete_file=False
)
if not cached:
logger.error(f"Error while caching custom-cert cert.pem file : {err}")
@ -70,7 +72,9 @@ def check_cert(
key_hash = file_hash(key_path)
old_hash = cache_hash(key_cache_path, db)
if old_hash != key_hash:
cached, err = cache_file(key_path, key_cache_path, key_hash, db)
cached, err = cache_file(
key_path, key_cache_path, key_hash, db, delete_file=False
)
if not cached:
logger.error(f"Error while caching custom-cert cert.key file : {err}")

5
src/common/utils/jobs.py
View File

@ -162,6 +162,7 @@ def cache_file(
_hash: Optional[str],
db=None,
*,
delete_file: bool = True,
service_id: Optional[str] = None,
) -> Tuple[bool, str]:
ret, err = True, "success"
@ -173,7 +174,9 @@ def cache_file(
content = file.read_bytes()
cache.write_bytes(content)
file.unlink()
if delete_file:
file.unlink()
if not _hash:
_hash = file_hash(str(cache))