less panic
This commit is contained in:
6543
parent
5aae7c882f
commit
196482da07
1
go.mod
1
go.mod
|
|
@ -8,6 +8,7 @@ require (
|
||||||
github.com/go-acme/lego/v4 v4.5.3
|
github.com/go-acme/lego/v4 v4.5.3
|
||||||
github.com/reugn/equalizer v0.0.0-20210216135016-a959c509d7ad
|
github.com/reugn/equalizer v0.0.0-20210216135016-a959c509d7ad
|
||||||
github.com/rs/zerolog v1.26.0
|
github.com/rs/zerolog v1.26.0
|
||||||
|
github.com/stretchr/testify v1.7.0
|
||||||
github.com/urfave/cli/v2 v2.3.0
|
github.com/urfave/cli/v2 v2.3.0
|
||||||
github.com/valyala/fasthttp v1.31.0
|
github.com/valyala/fasthttp v1.31.0
|
||||||
github.com/valyala/fastjson v1.6.3
|
github.com/valyala/fastjson v1.6.3
|
||||||
|
|
|
||||||
|
|
@ -11,6 +11,7 @@ import (
|
||||||
"encoding/gob"
|
"encoding/gob"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"errors"
|
"errors"
|
||||||
|
"fmt"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"os"
|
"os"
|
||||||
"strconv"
|
"strconv"
|
||||||
|
|
@ -107,9 +108,8 @@ func TLSConfig(mainDomainSuffix []byte,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
err = keyCache.Set(sni, &tlsCertificate, 15*time.Minute)
|
if err := keyCache.Set(sni, &tlsCertificate, 15*time.Minute); err != nil {
|
||||||
if err != nil {
|
return nil, err
|
||||||
panic(err)
|
|
||||||
}
|
}
|
||||||
return &tlsCertificate, nil
|
return &tlsCertificate, nil
|
||||||
},
|
},
|
||||||
|
|
@ -323,13 +323,12 @@ func SetupAcmeConfig(acmeAPI, acmeMail, acmeEabHmac, acmeEabKID string, acmeAcce
|
||||||
var myAcmeConfig *lego.Config
|
var myAcmeConfig *lego.Config
|
||||||
|
|
||||||
if account, err := ioutil.ReadFile(configFile); err == nil {
|
if account, err := ioutil.ReadFile(configFile); err == nil {
|
||||||
err = json.Unmarshal(account, &myAcmeAccount)
|
if err := json.Unmarshal(account, &myAcmeAccount); err != nil {
|
||||||
if err != nil {
|
return nil, err
|
||||||
panic(err)
|
|
||||||
}
|
}
|
||||||
myAcmeAccount.Key, err = certcrypto.ParsePEMPrivateKey([]byte(myAcmeAccount.KeyPEM))
|
myAcmeAccount.Key, err = certcrypto.ParsePEMPrivateKey([]byte(myAcmeAccount.KeyPEM))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
return nil, err
|
||||||
}
|
}
|
||||||
myAcmeConfig = lego.NewConfig(&myAcmeAccount)
|
myAcmeConfig = lego.NewConfig(&myAcmeAccount)
|
||||||
myAcmeConfig.CADirURL = acmeAPI
|
myAcmeConfig.CADirURL = acmeAPI
|
||||||
|
|
@ -348,7 +347,7 @@ func SetupAcmeConfig(acmeAPI, acmeMail, acmeEabHmac, acmeEabKID string, acmeAcce
|
||||||
|
|
||||||
privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
return nil, err
|
||||||
}
|
}
|
||||||
myAcmeAccount = AcmeAccount{
|
myAcmeAccount = AcmeAccount{
|
||||||
Email: acmeMail,
|
Email: acmeMail,
|
||||||
|
|
@ -384,12 +383,12 @@ func SetupAcmeConfig(acmeAPI, acmeMail, acmeEabHmac, acmeEabKID string, acmeAcce
|
||||||
}
|
}
|
||||||
|
|
||||||
if myAcmeAccount.Registration != nil {
|
if myAcmeAccount.Registration != nil {
|
||||||
acmeAccountJson, err := json.Marshal(myAcmeAccount)
|
acmeAccountJSON, err := json.Marshal(myAcmeAccount)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("[FAIL] Error during json.Marshal(myAcmeAccount), waiting for manual restart to avoid rate limits: %s", err)
|
log.Printf("[FAIL] Error during json.Marshal(myAcmeAccount), waiting for manual restart to avoid rate limits: %s", err)
|
||||||
select {}
|
select {}
|
||||||
}
|
}
|
||||||
err = ioutil.WriteFile(configFile, acmeAccountJson, 0600)
|
err = ioutil.WriteFile(configFile, acmeAccountJSON, 0600)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("[FAIL] Error during ioutil.WriteFile(\"acme-account.json\"), waiting for manual restart to avoid rate limits: %s", err)
|
log.Printf("[FAIL] Error during ioutil.WriteFile(\"acme-account.json\"), waiting for manual restart to avoid rate limits: %s", err)
|
||||||
select {}
|
select {}
|
||||||
|
|
@ -400,12 +399,11 @@ func SetupAcmeConfig(acmeAPI, acmeMail, acmeEabHmac, acmeEabKID string, acmeAcce
|
||||||
return myAcmeConfig, nil
|
return myAcmeConfig, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func SetupCertificates(mainDomainSuffix []byte, dnsProvider string, acmeConfig *lego.Config, acmeUseRateLimits, enableHTTPServer bool, challengeCache cache.SetGetKey, certDB database.CertDB) {
|
func SetupCertificates(mainDomainSuffix []byte, dnsProvider string, acmeConfig *lego.Config, acmeUseRateLimits, enableHTTPServer bool, challengeCache cache.SetGetKey, certDB database.CertDB) error {
|
||||||
// getting main cert before ACME account so that we can panic here on database failure without hitting rate limits
|
// getting main cert before ACME account so that we can fail here without hitting rate limits
|
||||||
mainCertBytes, err := certDB.Get(mainDomainSuffix)
|
mainCertBytes, err := certDB.Get(mainDomainSuffix)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
// key database is not working
|
return fmt.Errorf("cert database is not working")
|
||||||
panic(err)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
acmeClient, err = lego.NewClient(acmeConfig)
|
acmeClient, err = lego.NewClient(acmeConfig)
|
||||||
|
|
@ -452,6 +450,8 @@ func SetupCertificates(mainDomainSuffix []byte, dnsProvider string, acmeConfig *
|
||||||
log.Printf("[ERROR] Couldn't renew main domain certificate, continuing with mock certs only: %s", err)
|
log.Printf("[ERROR] Couldn't renew main domain certificate, continuing with mock certs only: %s", err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func MaintainCertDB(ctx context.Context, interval time.Duration, mainDomainSuffix []byte, dnsProvider string, acmeUseRateLimits bool, certDB database.CertDB) {
|
func MaintainCertDB(ctx context.Context, interval time.Duration, mainDomainSuffix []byte, dnsProvider string, acmeUseRateLimits bool, certDB database.CertDB) {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue