diff options
| author | Vladimir Shushlin <v.shushlin@gmail.com> | 2019-06-14 14:38:57 +0300 |
|---|---|---|
| committer | Vladimir Shushlin <v.shushlin@gmail.com> | 2019-06-25 11:52:37 +0200 |
| commit | dcbed0b3709e47a861e0595144e16209011fa2a3 (patch) | |
| tree | a0154cc9799cc87f6bc4c3fa54e7e4dd9bd6319a | |
| parent | e3fa9d122b0a593b0c6441a35cbad8ab6c8e70b9 (diff) | |
| download | gitlab-ce-pages-ssl-fast-obtain.tar.gz | |
Speed up obtaining Let's Encrypt certificatespages-ssl-fast-obtain
3 files changed, 21 insertions, 3 deletions
diff --git a/app/services/pages_domains/obtain_lets_encrypt_certificate_service.rb b/app/services/pages_domains/obtain_lets_encrypt_certificate_service.rb index 3413a9e4612..58f795e639e 100644 --- a/app/services/pages_domains/obtain_lets_encrypt_certificate_service.rb +++ b/app/services/pages_domains/obtain_lets_encrypt_certificate_service.rb @@ -2,6 +2,14 @@ module PagesDomains class ObtainLetsEncryptCertificateService + # time for processing validation requests for acme challenges + # 5-15 seconds is usually enough + CHALLENGE_PROCESSING_DELAY = 1.minute.freeze + + # time LetsEncrypt ACME server needs to generate the certificate + # no particular SLA, usually takes 10-15 seconds + CERTIFICATE_PROCESSING_DELAY = 1.minute.freeze + attr_reader :pages_domain def initialize(pages_domain) @@ -14,6 +22,7 @@ module PagesDomains unless acme_order ::PagesDomains::CreateAcmeOrderService.new(pages_domain).execute + PagesDomainSslRenewalWorker.perform_in(CHALLENGE_PROCESSING_DELAY, pages_domain.id) return end @@ -23,6 +32,7 @@ module PagesDomains case api_order.status when 'ready' api_order.request_certificate(private_key: acme_order.private_key, domain: pages_domain.domain) + PagesDomainSslRenewalWorker.perform_in(CERTIFICATE_PROCESSING_DELAY, pages_domain.id) when 'valid' save_certificate(acme_order.private_key, api_order) acme_order.destroy! diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb index 4b0bb86e42a..9e74a67b73f 100644 --- a/config/initializers/1_settings.rb +++ b/config/initializers/1_settings.rb @@ -368,7 +368,7 @@ Settings.cron_jobs['pages_domain_removal_cron_worker']['cron'] ||= '47 0 * * *' Settings.cron_jobs['pages_domain_removal_cron_worker']['job_class'] = 'PagesDomainRemovalCronWorker' Settings.cron_jobs['pages_domain_ssl_renewal_cron_worker'] ||= Settingslogic.new({}) -Settings.cron_jobs['pages_domain_ssl_renewal_cron_worker']['cron'] ||= '*/5 * * * *' +Settings.cron_jobs['pages_domain_ssl_renewal_cron_worker']['cron'] ||= '*/10 * * * *' Settings.cron_jobs['pages_domain_ssl_renewal_cron_worker']['job_class'] = 'PagesDomainSslRenewalCronWorker' Settings.cron_jobs['issue_due_scheduler_worker'] ||= Settingslogic.new({}) diff --git a/spec/services/pages_domains/obtain_lets_encrypt_certificate_service_spec.rb b/spec/services/pages_domains/obtain_lets_encrypt_certificate_service_spec.rb index d5f77f3354b..8d43ce4f662 100644 --- a/spec/services/pages_domains/obtain_lets_encrypt_certificate_service_spec.rb +++ b/spec/services/pages_domains/obtain_lets_encrypt_certificate_service_spec.rb @@ -34,8 +34,12 @@ describe PagesDomains::ObtainLetsEncryptCertificateService do end context 'when there is no acme order' do - it 'creates acme order' do + it 'creates acme order and schedules next step' do expect_to_create_acme_challenge + expect(PagesDomainSslRenewalWorker).to( + receive(:perform_in).with(described_class::CHALLENGE_PROCESSING_DELAY, pages_domain.id) + .and_return(nil).once + ) service.execute end @@ -82,8 +86,12 @@ describe PagesDomains::ObtainLetsEncryptCertificateService do stub_lets_encrypt_order(existing_order.url, 'ready') end - it 'request certificate' do + it 'request certificate and schedules next step' do expect(api_order).to receive(:request_certificate).and_call_original + expect(PagesDomainSslRenewalWorker).to( + receive(:perform_in).with(described_class::CERTIFICATE_PROCESSING_DELAY, pages_domain.id) + .and_return(nil).once + ) service.execute end |