-
Notifications
You must be signed in to change notification settings - Fork 34
/
acme.go
118 lines (107 loc) · 2.53 KB
/
acme.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
package certutils
import (
"github.com/TeaWeb/code/teacluster"
"github.com/TeaWeb/code/teaconfigs"
"github.com/TeaWeb/code/teaproxy"
"github.com/iwind/TeaGo/Tea"
"github.com/iwind/TeaGo/logs"
timeutil "github.com/iwind/TeaGo/utils/time"
"time"
)
// 检查ACME证书更新
func RenewACMECerts() {
logs.Println("[acme]check acme certs requests")
// skip slave node
node := teaconfigs.SharedNodeConfig()
if node != nil && node.On && !node.IsMaster() {
return
}
nodeDirty := false
if node != nil && teacluster.SharedManager.IsActive() {
// 集群节点状态
nodeDirty = teacluster.SharedManager.IsChanged()
}
nodeIsChanged := false
certList := teaconfigs.SharedSSLCertList()
tasks := certList.Tasks
if len(tasks) == 0 {
return
}
taskIsChanged := false
for _, task := range tasks {
if !task.On {
continue
}
if task.Request == nil {
continue
}
date := task.Request.CertDate()
if len(date[1]) == 0 {
continue
}
if timeutil.Format("Y-m-d") >= date[1] {
client, err := task.Request.Client()
if err != nil {
task.RunAt = time.Now().Unix()
task.RunError = err.Error()
logs.Error(err)
taskIsChanged = true
continue
}
err = task.Request.Renew(client)
if err != nil {
task.RunAt = time.Now().Unix()
task.RunError = err.Error()
logs.Error(err)
taskIsChanged = true
continue
}
task.RunAt = time.Now().Unix()
task.RunError = ""
taskIsChanged = true
// 更新证书
for _, cert := range certList.Certs {
if cert.TaskId != task.Id {
continue
}
err := task.Request.WriteCertFile(Tea.ConfigFile(cert.CertFile))
if err != nil {
logs.Error(err)
}
err = task.Request.WriteKeyFile(Tea.ConfigFile(cert.KeyFile))
if err != nil {
logs.Error(err)
}
// 重新加载证书
servers := teaproxy.SharedManager.FindAllServers()
for _, server := range servers {
certs := server.FindCerts(cert.Id)
if len(certs) > 0 {
for _, c := range certs {
err := c.Validate()
if err != nil {
logs.Error(err)
}
}
}
}
}
}
}
// 保存修改
if taskIsChanged {
err := certList.Save()
if err != nil {
logs.Error(err)
}
nodeIsChanged = true
}
// 如果先前节点没有变更,则自动推送到集群
if !nodeDirty && nodeIsChanged {
node := teaconfigs.SharedNodeConfig()
if node != nil && node.On && node.IsMaster() && teacluster.SharedManager.IsActive() {
teacluster.SharedManager.PushItems()
teacluster.SharedManager.SetIsChanged(false)
}
}
}