Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
004c6481
Commit
004c6481
authored
Dec 12, 2019
by
Vladimir Shushlin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Make LetsEncrypt order expiration shorter
parent
4035dda6
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
33 additions
and
3 deletions
+33
-3
app/services/pages_domains/create_acme_order_service.rb
app/services/pages_domains/create_acme_order_service.rb
+4
-1
changelogs/unreleased/acme-order-short-expiration.yml
changelogs/unreleased/acme-order-short-expiration.yml
+5
-0
spec/services/pages_domains/create_acme_order_service_spec.rb
.../services/pages_domains/create_acme_order_service_spec.rb
+24
-2
No files found.
app/services/pages_domains/create_acme_order_service.rb
View file @
004c6481
...
@@ -3,6 +3,9 @@
...
@@ -3,6 +3,9 @@
module
PagesDomains
module
PagesDomains
class
CreateAcmeOrderService
class
CreateAcmeOrderService
attr_reader
:pages_domain
attr_reader
:pages_domain
# TODO: remove this hack after https://gitlab.com/gitlab-org/gitlab/issues/30146 is implemented
# This makes GitLab automatically retry the certificate obtaining process every 2 hours if process wasn't finished
SHORT_EXPIRATION_DELAY
=
2
.
hours
def
initialize
(
pages_domain
)
def
initialize
(
pages_domain
)
@pages_domain
=
pages_domain
@pages_domain
=
pages_domain
...
@@ -17,7 +20,7 @@ module PagesDomains
...
@@ -17,7 +20,7 @@ module PagesDomains
private_key
=
OpenSSL
::
PKey
::
RSA
.
new
(
4096
)
private_key
=
OpenSSL
::
PKey
::
RSA
.
new
(
4096
)
saved_order
=
pages_domain
.
acme_orders
.
create!
(
saved_order
=
pages_domain
.
acme_orders
.
create!
(
url:
order
.
url
,
url:
order
.
url
,
expires_at:
order
.
expires
,
expires_at:
[
order
.
expires
,
SHORT_EXPIRATION_DELAY
.
from_now
].
min
,
private_key:
private_key
.
to_pem
,
private_key:
private_key
.
to_pem
,
challenge_token:
challenge
.
token
,
challenge_token:
challenge
.
token
,
...
...
changelogs/unreleased/acme-order-short-expiration.yml
0 → 100644
View file @
004c6481
---
title
:
Retry obtaining Let's Encrypt certificates every 2 hours if it wasn't successful
merge_request
:
22336
author
:
type
:
fixed
spec/services/pages_domains/create_acme_order_service_spec.rb
View file @
004c6481
...
@@ -45,12 +45,34 @@ describe PagesDomains::CreateAcmeOrderService do
...
@@ -45,12 +45,34 @@ describe PagesDomains::CreateAcmeOrderService do
expect
{
OpenSSL
::
PKey
::
RSA
.
new
(
saved_order
.
private_key
)
}.
not_to
raise_error
expect
{
OpenSSL
::
PKey
::
RSA
.
new
(
saved_order
.
private_key
)
}.
not_to
raise_error
end
end
it
'properly saves order
attributes
'
do
it
'properly saves order
url
'
do
service
.
execute
service
.
execute
saved_order
=
PagesDomainAcmeOrder
.
last
saved_order
=
PagesDomainAcmeOrder
.
last
expect
(
saved_order
.
url
).
to
eq
(
order_double
.
url
)
expect
(
saved_order
.
url
).
to
eq
(
order_double
.
url
)
expect
(
saved_order
.
expires_at
).
to
be_like_time
(
order_double
.
expires
)
end
context
'when order expires in 2 days'
do
it
'sets expiration time in 2 hours'
do
Timecop
.
freeze
do
service
.
execute
saved_order
=
PagesDomainAcmeOrder
.
last
expect
(
saved_order
.
expires_at
).
to
be_like_time
(
2
.
hours
.
from_now
)
end
end
end
context
'when order expires in an hour'
do
it
'sets expiration time accordingly to order'
do
Timecop
.
freeze
do
allow
(
order_double
).
to
receive
(
:expires
).
and_return
(
1
.
hour
.
from_now
)
service
.
execute
saved_order
=
PagesDomainAcmeOrder
.
last
expect
(
saved_order
.
expires_at
).
to
be_like_time
(
1
.
hour
.
from_now
)
end
end
end
end
it
'properly saves challenge attributes'
do
it
'properly saves challenge attributes'
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment