enhance: rm acme-challenge if auto-renewal off #30

frontend/src/version.json

@@ -1 +1 @@
-{"version":"1.7.9","build_id":87,"total_build":157}
+{"version":"1.7.9","build_id":88,"total_build":158}

frontend/src/views/domain/DomainEdit.vue

@@ -4,7 +4,7 @@ import CodeEditor from '@/components/CodeEditor/CodeEditor.vue'
 
 import NgxConfigEditor from '@/views/domain/ngx_conf/NgxConfigEditor'
 import {useGettext} from 'vue3-gettext'
-import {computed, reactive, ref, watch} from 'vue'
+import {computed, provide, reactive, ref, watch} from 'vue'
 import {useRoute, useRouter} from 'vue-router'
 import domain from '@/api/domain'
 import ngx from '@/api/ngx'
@@ -124,7 +124,7 @@ const save = async () => {
         }
     }
 
-    domain.save(name.value, {
+    await domain.save(name.value, {
         name: filename.value || name.value,
         content: configText.value, overwrite: true
     }).then(r => {
@@ -134,7 +134,6 @@ const save = async () => {
     }).catch(handle_parse_error).finally(() => {
         saving.value = false
     })
-
 }
 
 function enable() {
@@ -165,6 +164,8 @@ function on_change_enabled(checked: boolean) {
 
 const editor_md = computed(() => history_chatgpt_record?.value?.length > 1 ? 16 : 24)
 const chat_md = computed(() => history_chatgpt_record?.value?.length > 1 ? 8 : 24)
+
+provide('save_site_config', save)
 </script>
 <template>
     <a-row :gutter="16">

frontend/src/views/domain/cert/Cert.vue

@@ -7,7 +7,8 @@ import ChangeCert from '@/views/domain/cert/ChangeCert.vue'
 
 const {$gettext} = useGettext()
 
-const props = defineProps(['config_name', 'directivesMap', 'current_server_directives', 'enabled', 'cert_info'])
+const props = defineProps(['config_name', 'directivesMap', 'current_server_directives',
+    'enabled', 'ngx_config', 'current_server_index', 'cert_info'])
 
 const emit = defineEmits(['callback', 'update:enabled'])
 
@@ -33,14 +34,15 @@ const enabled = computed({
 <template>
     <div>
         <h2 v-translate>Certificate Status</h2>
-        <cert-info ref="info" :cert="props.cert_info"/>
+        <cert-info ref="info" :cert="cert_info"/>
 
-        <change-cert :directives-map="props.directivesMap"/>
+        <change-cert :directives-map="directivesMap"/>
 
         <issue-cert
             :config_name="config_name"
             :current_server_directives="props.current_server_directives"
             :directives-map="props.directivesMap"
+            :ngx_config="ngx_config"
             v-model:enabled="enabled"
             @callback="callback"
         />

frontend/src/views/domain/cert/IssueCert.vue

@@ -1,17 +1,22 @@
 <script setup lang="ts">
 import {useGettext} from 'vue3-gettext'
-import {computed, nextTick, ref, watch} from 'vue'
+import {computed, inject, nextTick, ref, watch} from 'vue'
 import {message, Modal} from 'ant-design-vue'
 import domain from '@/api/domain'
 import websocket from '@/lib/websocket'
 import Template from '@/views/template/Template.vue'
+import template from '@/api/template'
+import _ from 'lodash'
 
 const {$gettext, interpolate} = useGettext()
 
-const props = defineProps(['config_name', 'directivesMap', 'current_server_directives', 'enabled'])
+const props = defineProps(['config_name', 'directivesMap', 'current_server_directives',
+    'enabled', 'ngx_config'])
 
 const emit = defineEmits(['changeEnabled', 'callback', 'update:enabled'])
 
+const save_site_config: Function = inject('save_site_config')!
+
 const issuing_cert = ref(false)
 const modalVisible = ref(false)
 
@@ -28,21 +33,40 @@ function confirm() {
     Modal.confirm({
         title: enabled.value ? $gettext('Do you want to disable auto-cert renewal?') :
             $gettext('Do you want to enable auto-cert renewal?'),
+        content: enabled.value ? $gettext('We need to add the HTTPChallenge configuration to ' +
+                'this file and reload the Nginx. Are you sure you want to continue?') :
+            $gettext('We will need to remove the HTTPChallenge configuration from this file and ' +
+                'reload the Nginx configuration file. Are you sure you want to continue?'),
         mask: false,
         centered: true,
         onOk() {
-            enabled.value = !enabled.value
+            if (enabled.value) {
+                onchange(false)
+            } else {
+                onchange(true)
+            }
         }
     })
 }
 
-watch(enabled, onchange)
-
-function onchange(r: boolean) {
+async function onchange(r: boolean) {
     emit('changeEnabled', r)
     change_auto_cert(r)
     if (r) {
+        await template.get_block('letsencrypt.conf').then(r => {
+            props.ngx_config.servers.forEach(async (v: any) => {
+                v.locations = v.locations.filter((l: any) => l.path !== '/.well-known/acme-challenge')
+
+                v.locations.push(...r.locations)
+            })
+        })
+        await save_site_config()
         job()
+    } else {
+        await props.ngx_config.servers.forEach((v: any) => {
+            v.locations = v.locations.filter((l: any) => l.path !== '/.well-known/acme-challenge')
+        })
+        save_site_config()
     }
 }
 
@@ -77,9 +101,10 @@ function job() {
     })
 }
 
-function callback(ssl_certificate: string, ssl_certificate_key: string) {
+async function callback(ssl_certificate: string, ssl_certificate_key: string) {
     props.directivesMap['ssl_certificate'][0]['params'] = ssl_certificate
     props.directivesMap['ssl_certificate_key'][0]['params'] = ssl_certificate_key
+    save_site_config()
 }
 
 function change_auto_cert(r: boolean) {

frontend/src/views/domain/ngx_conf/NgxConfigEditor.vue

@@ -177,9 +177,11 @@ function add_server() {
                         <cert
                             v-if="current_support_ssl"
                             :config_name="ngx_config.name"
-                            :cert_info="props.cert_info?.[k]"
+                            :cert_info="cert_info?.[k]"
                             :current_server_directives="current_server_directives"
                             :directives-map="directivesMap"
+                            :current_server_index="current_server_index"
+                            :ngx_config="ngx_config"
                             v-model:enabled="autoCertRef"
                             @callback="$emit('callback')"
                         />

frontend/version.json

@@ -1 +1 @@
-{"version":"1.7.9","build_id":87,"total_build":157}
+{"version":"1.7.9","build_id":88,"total_build":158}

resources/development/nginx/sites-available/homework.jackyu.cn

@@ -1,84 +1,78 @@
 server {
-	listen	80;
-	listen	[::]:80;
-
-	server_name	homework.jackyu.cn;
-  	# rewrite ^(.*)$  https://$host$1 permanent;
-  	return 307 https://$server_name$request_uri;
+    listen 80;
+    listen [::]:80;
+    server_name homework.jackyu.cn;
+    #                               rewrite ^(.*)$  https://$host$1 permanent;
+    return 307 https://$server_name$request_uri;
+    location /.well-known/acme-challenge {
+        proxy_set_header Host $host;
+        proxy_set_header X-Real_IP $remote_addr;
+        proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
+        proxy_pass http://127.0.0.1:5002;
+    }
 }
-
 server {
-	listen	443 ssl http2;
-	listen	[::]:443 ssl http2;
-
-	server_name	homework.jackyu.cn;
-
-	ssl_certificate	/etc/nginx/ssl/jackyu.cn/alpha/jackyu.cn_server_cert.pem;
-  	ssl_certificate_key	/etc/nginx/ssl/jackyu.cn/alpha/jackyu.cn_key.pem;
-
-	root	/var/www/homework/frontend;
-
-	# Add index.php to the list if you are using PHP
-	index	index.html;
-
-	location / {
-		# First attempt to serve request as file, then
-		# as directory, then fall back to displaying a 404.
-                index index.html;
-		try_files $uri $uri/ /index.html;
-	}
-
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name homework.jackyu.cn;
+    ssl_certificate /etc/nginx/ssl/homework.jackyu.cn/fullchain.cer;
+    ssl_certificate_key /etc/nginx/ssl/homework.jackyu.cn/private.key;
+    root /var/www/homework/frontend;
+    #                               Add index.php to the list if you are using PHP
+    index index.html;
+    location / {
+        # First attempt to serve request as file, then
+        # as directory, then fall back to displaying a 404.
+        index index.html;
+        try_files $uri $uri/ /index.html;
+    }
     location /student {
-      index manage.html;
-      try_files $uri $uri/ /student.html;
-	}
-
+        index manage.html;
+        try_files $uri $uri/ /student.html;
+    }
     location /teacher {
-      index manage.html;
-      try_files $uri $uri/ /teacher.html;
-	}
-
+        index manage.html;
+        try_files $uri $uri/ /teacher.html;
+    }
     location /admin {
-      index admin.html;
-      try_files $uri $uri/ /admin.html;
-	}
-
+        index admin.html;
+        try_files $uri $uri/ /admin.html;
+    }
     location ^~/upload/ {
-		alias /var/www/homework/api/upload/;
-	}
-	include			error_json;
-	location /api/	 {
-    	proxy_http_version 1.1;
+        alias /var/www/homework/api/upload/;
+    }
+    location /api/ {
+        proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection upgrade;
-
-		proxy_pass         http://127.0.0.1:9008/;
-		proxy_redirect     off;
-
-		proxy_set_header   Host                 $host;
-		proxy_set_header   X-Real-IP            $remote_addr;
-		proxy_set_header   X-Forwarded-For      $proxy_add_x_forwarded_for;
-		proxy_set_header   X-Forwarded-Proto    $scheme;
+        proxy_pass http://127.0.0.1:9008/;
+        proxy_redirect off;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
         client_max_body_size 1000m;
-	}
-
-    location /zigbee-pi	 {
-    	alias /var/www/zigbee-pi/frontend/;
-    	index index.html;
-	}
-
-    location /zigbee-pi/api/	 {
-    	proxy_http_version 1.1;
+    }
+    location /zigbee-pi {
+        alias /var/www/zigbee-pi/frontend/;
+        index index.html;
+    }
+    location /zigbee-pi/api/ {
+        proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection upgrade;
-
-		proxy_pass         http://127.0.0.1:9200/;
-		proxy_redirect     off;
-
-		proxy_set_header   Host                 $host;
-		proxy_set_header   X-Real-IP            $remote_addr;
-		proxy_set_header   X-Forwarded-For      $proxy_add_x_forwarded_for;
-		proxy_set_header   X-Forwarded-Proto    $scheme;
+        proxy_pass http://127.0.0.1:9200/;
+        proxy_redirect off;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
         client_max_body_size 1000m;
-	}
-}
+    }
+    location /.well-known/acme-challenge {
+        proxy_set_header Host $host;
+        proxy_set_header X-Real_IP $remote_addr;
+        proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
+        proxy_pass http://127.0.0.1:5002;
+    }
+}

resources/development/nginx/sites-available/ojbk.me

@@ -8,4 +8,17 @@ server {
         proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
         proxy_pass http://127.0.0.1:5002;
     }
+}
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name ojbk.me;
+    ssl_certificate /etc/nginx/ssl/ojbk.me/fullchain.cer;
+    ssl_certificate_key /etc/nginx/ssl/ojbk.me/private.key;
+    location /.well-known/acme-challenge {
+        proxy_set_header Host $host;
+        proxy_set_header X-Real_IP $remote_addr;
+        proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
+        proxy_pass http://127.0.0.1:5002;
+    }
 }

resources/development/nginx/sites-available/qi.jackyu.cn

@@ -1,26 +1,33 @@
 server {
-	listen	80;
-	listen	[::]:80;
-	server_name	qi.jackyu.cn;
-	rewrite ^(.*)$  https://$host$1 permanent;
-
+    listen 80;
+    listen [::]:80;
+    server_name qi.jackyu.cn amstourship.jackyu.cn;
+    rewrite ^(.*)$ https://$host$1 permanent;
+    location /.well-known/acme-challenge {
+        proxy_set_header Host $host;
+        proxy_set_header X-Real_IP $remote_addr;
+        proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
+        proxy_pass http://127.0.0.1:5002;
+    }
 }
-
 server {
-	server_name	qi.jackyu.cn;
-	ssl_certificate	/etc/nginx/ssl/jackyu.cn/alpha/jackyu.cn_server_cert.pem;
-	ssl_certificate_key	/etc/nginx/ssl/jackyu.cn/alpha/jackyu.cn_key.pem;
-	listen	443 ssl;
-	listen	[::]:443 ssl;
-
-	location / {
-		proxy_pass         http://127.0.0.1:5001/;
-		proxy_redirect     off;
-		proxy_set_header   Host                 $host;
-		proxy_set_header   X-Real-IP            $remote_addr;
-		proxy_set_header   X-Forwarded-For      $proxy_add_x_forwarded_for;
-		proxy_set_header   X-Forwarded-Proto    $scheme;
-	}
-
-}
-
+    server_name qi.jackyu.cn amstourship.jackyu.cn;
+    ssl_certificate /etc/nginx/ssl/qi.jackyu.cn_amstourship.jackyu.cn/fullchain.cer;
+    ssl_certificate_key /etc/nginx/ssl/qi.jackyu.cn_amstourship.jackyu.cn/private.key;
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    location / {
+        proxy_pass http://127.0.0.1:5001/;
+        proxy_redirect off;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+    location /.well-known/acme-challenge {
+        proxy_set_header Host $host;
+        proxy_set_header X-Real_IP $remote_addr;
+        proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
+        proxy_pass http://127.0.0.1:5002;
+    }
+}