Fix custom-cert core plugin
This commit is contained in:
parent
953128be6e
commit
334be43462
|
@ -1,8 +1,6 @@
|
|||
{% set os_path = import("os.path") %}
|
||||
{% set cert_file_path = "/data/cache/customcert/{}".format(CUSTOM_SSL_CERT.replace("/", "_")) %}
|
||||
{% set key_file_path = "/data/cache/customcert/{}".format(CUSTOM_SSL_KEY.replace("/", "_")) %}
|
||||
|
||||
{% if USE_CUSTOM_SSL == "yes" and os_path.isfile(cert_file_path) and os_path.isfile(key_file_path) +%}
|
||||
{% if USE_CUSTOM_SSL == "yes" and os_path.isfile("/var/cache/bunkerweb/customcert/cert.pem") and os_path.isfile("/var/cache/bunkerweb/customcert/cert.key") +%}
|
||||
|
||||
# listen on HTTPS PORT
|
||||
listen 0.0.0.0:{{ HTTPS_PORT }} ssl {% if HTTP2 == "yes" %}http2{% endif %} {% if USE_PROXY_PROTOCOL == "yes" %}proxy_protocol{% endif %};
|
||||
|
@ -11,8 +9,8 @@ listen [::]:{{ HTTPS_PORT }} ssl {% if HTTP2 == "yes" %}http2{% endif %} {% if U
|
|||
{% endif %}
|
||||
|
||||
# TLS config
|
||||
ssl_certificate {{ cert_file_path }};
|
||||
ssl_certificate_key {{ key_file_path }};
|
||||
ssl_certificate /var/cache/bunkerweb/customcert/cert.pem;
|
||||
ssl_certificate_key /var/cache/bunkerweb/customcert/cert.key;
|
||||
ssl_protocols {{ SSL_PROTOCOLS }};
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_tickets off;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{% set os_path = import("os.path") %}
|
||||
|
||||
{% if USE_CUSTOM_SSL == "yes" and os_path.isfile("/data/cache/customcert/cert.pem") and os_path.isfile("/data/cache/customcert/key.pem") +%}
|
||||
{% if USE_CUSTOM_SSL == "yes" and os_path.isfile("/var/cache/bunkerweb/customcert/cert.pem") and os_path.isfile("/var/cache/bunkerweb/customcert/cert.key") +%}
|
||||
|
||||
# listen
|
||||
listen 0.0.0.0:{{ LISTEN_STREAM_PORT_SSL }} ssl {% if USE_UDP == "yes" %} udp {% endif %}{% if USE_PROXY_PROTOCOL == "yes" %} proxy_protocol {% endif %};
|
||||
|
@ -9,8 +9,8 @@ listen [::]:{{ LISTEN_STREAM_PORT_SSL }} ssl {% if USE_UDP == "yes" %} udp {% en
|
|||
{% endif %}
|
||||
|
||||
# TLS config
|
||||
ssl_certificate /data/cache/customcert/cert.pem;
|
||||
ssl_certificate_key /data/cache/customcert/key.pem;
|
||||
ssl_certificate /var/cache/bunkerweb/customcert/cert.pem;
|
||||
ssl_certificate_key /var/cache/bunkerweb/customcert/cert.key;
|
||||
ssl_protocols {{ SSL_PROTOCOLS }};
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_tickets off;
|
||||
|
|
|
@ -59,7 +59,9 @@ def check_cert(
|
|||
if old_hash == cert_hash:
|
||||
return False
|
||||
|
||||
cached, err = cache_file(cert_path, cert_cache_path, cert_hash, db)
|
||||
cached, err = cache_file(
|
||||
cert_path, cert_cache_path, cert_hash, db, delete_file=False
|
||||
)
|
||||
if not cached:
|
||||
logger.error(f"Error while caching custom-cert cert.pem file : {err}")
|
||||
|
||||
|
@ -70,7 +72,9 @@ def check_cert(
|
|||
key_hash = file_hash(key_path)
|
||||
old_hash = cache_hash(key_cache_path, db)
|
||||
if old_hash != key_hash:
|
||||
cached, err = cache_file(key_path, key_cache_path, key_hash, db)
|
||||
cached, err = cache_file(
|
||||
key_path, key_cache_path, key_hash, db, delete_file=False
|
||||
)
|
||||
if not cached:
|
||||
logger.error(f"Error while caching custom-cert cert.key file : {err}")
|
||||
|
||||
|
|
|
@ -162,6 +162,7 @@ def cache_file(
|
|||
_hash: Optional[str],
|
||||
db=None,
|
||||
*,
|
||||
delete_file: bool = True,
|
||||
service_id: Optional[str] = None,
|
||||
) -> Tuple[bool, str]:
|
||||
ret, err = True, "success"
|
||||
|
@ -173,7 +174,9 @@ def cache_file(
|
|||
|
||||
content = file.read_bytes()
|
||||
cache.write_bytes(content)
|
||||
file.unlink()
|
||||
|
||||
if delete_file:
|
||||
file.unlink()
|
||||
|
||||
if not _hash:
|
||||
_hash = file_hash(str(cache))
|
||||
|
|
Loading…
Reference in New Issue