Start9/registry
2
0
Fork 0
mirror of https://github.com/Start9Labs/registry.git synced 2026-03-30 19:54:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

testing complete

Browse Source
This commit is contained in:
Keagan McClelland
2020-08-04 17:01:51 -06:00
parent 5df3523f87
commit f9bba3b65b
2 changed files with 9 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/Application.hs
View File

@@ -182,15 +182,12 @@ startApp foundation = do
putStrLn @Text "SSL Setup Complete" putStrLn @Text "SSL Setup Complete"
-- certbot renew loop -- certbot renew loop
void . forkIO $ forever $ do void . forkIO $ forever $ flip runReaderT foundation $ do
putStrLn $ "DOMAIN: " <> registryHostname (appSettings foundation) shouldRenew <- doesSslNeedRenew
putStrLn $ "CERT: " <> sslCertLocation (appSettings foundation)
runReaderT renewSslCerts foundation
shouldRenew <- doesSslNeedRenew (sslCertLocation $ appSettings foundation)
when shouldRenew $ do when shouldRenew $ do
putStrLn @Text "Renewing SSL Certs." putStrLn @Text "Renewing SSL Certs."
runReaderT renewSslCerts foundation renewSslCerts
sleep 86_400 liftIO $ sleep 86_400
startWeb foundation startWeb foundation

9
src/Lib/Ssl.hs
View File

@@ -41,15 +41,16 @@ setupSsl AppSettings {..} = do
"openssl" "openssl"
["x509", "-req", "-in", sslCsrLocation, "-signkey", sslKeyLocation, "-out", sslCertLocation] ["x509", "-req", "-in", sslCsrLocation, "-signkey", sslKeyLocation, "-out", sslCertLocation]
doesSslNeedRenew :: FilePath -> IO Bool doesSslNeedRenew :: ReaderT RegistryCtx IO Bool
doesSslNeedRenew cert = do doesSslNeedRenew = do
ec <- liftIO $ system [i|openssl x509 -checkend 2592000 -noout -in #{cert}|] cert <- asks $ sslCertLocation . appSettings
ec <- liftIO $ system [i|openssl x509 -checkend 2592000 -noout -in #{cert}|]
pure $ ec /= ExitSuccess pure $ ec /= ExitSuccess
renewSslCerts :: ReaderT RegistryCtx IO () renewSslCerts :: ReaderT RegistryCtx IO ()
renewSslCerts = do renewSslCerts = do
domain <- asks $ registryHostname . appSettings domain <- asks $ registryHostname . appSettings
(cert, key) <- asks $ (sslCertLocation &&& sslKeyLocation) . appSettings (cert, key) <- asks $ (sslCertLocation &&& sslKeyLocation) . appSettings
void . liftIO $ system [i|certbot renew --dry-run|] void . liftIO $ system [i|certbot renew|]
void . liftIO $ system [i|cp /etc/letsencrypt/live/#{domain}/fullchain.pem #{cert}|] void . liftIO $ system [i|cp /etc/letsencrypt/live/#{domain}/fullchain.pem #{cert}|]
void . liftIO $ system [i|cp /etc/letsencrypt/live/#{domain}/privkey.pem #{key}|] void . liftIO $ system [i|cp /etc/letsencrypt/live/#{domain}/privkey.pem #{key}|]