diff options
author | Vladimir Shushlin <vshushlin@gitlab.com> | 2019-06-24 20:35:12 +0000 |
---|---|---|
committer | Nick Thomas <nick@gitlab.com> | 2019-06-24 20:35:12 +0000 |
commit | a7764d0e845db524f2913b6c11c88dfd121ec522 (patch) | |
tree | 8e84742f692e05e56102b7cfd7d20462ba1c8305 /app | |
parent | bf8f5b8f446c504ca13ef2a8cf28cc3faeaf3253 (diff) | |
download | gitlab-ce-a7764d0e845db524f2913b6c11c88dfd121ec522.tar.gz |
Renew Let's Encrypt certificates
Add index for pages domain ssl auto renewal
Add PagesDomain.needs_ssl_renewal scope
Add cron worker for ssl renewal
Add worker for ssl renewal
Add pages ssl renewal worker queues settings
Diffstat (limited to 'app')
-rw-r--r-- | app/models/pages_domain.rb | 10 | ||||
-rw-r--r-- | app/workers/all_queues.yml | 2 | ||||
-rw-r--r-- | app/workers/pages_domain_ssl_renewal_cron_worker.rb | 14 | ||||
-rw-r--r-- | app/workers/pages_domain_ssl_renewal_worker.rb | 15 |
4 files changed, 41 insertions, 0 deletions
diff --git a/app/models/pages_domain.rb b/app/models/pages_domain.rb index 07195c0bfd3..d6d879c6d89 100644 --- a/app/models/pages_domain.rb +++ b/app/models/pages_domain.rb @@ -3,6 +3,7 @@ class PagesDomain < ApplicationRecord VERIFICATION_KEY = 'gitlab-pages-verification-code'.freeze VERIFICATION_THRESHOLD = 3.days.freeze + SSL_RENEWAL_THRESHOLD = 30.days.freeze enum certificate_source: { user_provided: 0, gitlab_provided: 1 }, _prefix: :certificate @@ -41,6 +42,15 @@ class PagesDomain < ApplicationRecord where(verified_at.eq(nil).or(enabled_until.eq(nil).or(enabled_until.lt(threshold)))) end + scope :need_auto_ssl_renewal, -> do + expiring = where(certificate_valid_not_after: nil).or( + where(arel_table[:certificate_valid_not_after].lt(SSL_RENEWAL_THRESHOLD.from_now))) + + user_provided_or_expiring = certificate_user_provided.or(expiring) + + where(auto_ssl_enabled: true).merge(user_provided_or_expiring) + end + scope :for_removal, -> { where("remove_at < ?", Time.now) } def verified? diff --git a/app/workers/all_queues.yml b/app/workers/all_queues.yml index fd0cc5fb24e..e55962b629e 100644 --- a/app/workers/all_queues.yml +++ b/app/workers/all_queues.yml @@ -9,6 +9,7 @@ - cronjob:import_export_project_cleanup - cronjob:pages_domain_verification_cron - cronjob:pages_domain_removal_cron +- cronjob:pages_domain_ssl_renewal_cron - cronjob:pipeline_schedule - cronjob:prune_old_events - cronjob:remove_expired_group_links @@ -133,6 +134,7 @@ - new_note - pages - pages_domain_verification +- pages_domain_ssl_renewal - plugin - post_receive - process_commit diff --git a/app/workers/pages_domain_ssl_renewal_cron_worker.rb b/app/workers/pages_domain_ssl_renewal_cron_worker.rb new file mode 100644 index 00000000000..4ca9db922b4 --- /dev/null +++ b/app/workers/pages_domain_ssl_renewal_cron_worker.rb @@ -0,0 +1,14 @@ +# frozen_string_literal: true + +class PagesDomainSslRenewalCronWorker + include ApplicationWorker + include CronjobQueue + + def perform + return unless ::Gitlab::LetsEncrypt::Client.new.enabled? + + PagesDomain.need_auto_ssl_renewal.find_each do |domain| + PagesDomainSslRenewalWorker.perform_async(domain.id) + end + end +end diff --git a/app/workers/pages_domain_ssl_renewal_worker.rb b/app/workers/pages_domain_ssl_renewal_worker.rb new file mode 100644 index 00000000000..00c9c4782d8 --- /dev/null +++ b/app/workers/pages_domain_ssl_renewal_worker.rb @@ -0,0 +1,15 @@ +# frozen_string_literal: true + +class PagesDomainSslRenewalWorker + include ApplicationWorker + + def perform(domain_id) + return unless ::Gitlab::LetsEncrypt::Client.new.enabled? + + domain = PagesDomain.find_by_id(domain_id) + + return unless domain + + ::PagesDomains::ObtainLetsEncryptCertificateService.new(domain).execute + end +end |