Projects
home:rottame:vhosts-ng
rubygem-nginx-controller
Log In
Username
Password
We truncated the diff of some files because they were too big. If you want to see the full diff for every file,
click here
.
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 16
View file
rubygem-nginx-controller.changes
Changed
@@ -1,4 +1,11 @@ ------------------------------------------------------------------- +Thu May 21 06:48:23 UTC 2026 - Angelo Grossini <rottame@intercom.it> + +- update to version 2.2.0 +- port to ruby 3.5 +- bugfixes + +------------------------------------------------------------------- Fri Oct 31 19:31:14 UTC 2025 - Angelo Grossini <angelo@intercom.it> - remove trailing / from upstream
View file
rubygem-nginx-controller.spec
Changed
@@ -1,7 +1,7 @@ %define mod_name nginx-controller %define mod_full_name %{mod_name}-%{version} Name: rubygem-nginx-controller -Version: 2.1.3 +Version: 2.2.0 Release: 0 Summary: vhng nginx controller License: Apache-2.0
View file
nginx-controller-2.1.3.gem/checksums.yaml.gz -> nginx-controller-2.2.0.gem/checksums.yaml.gz
Changed
@@ -1,7 +1,7 @@ --- SHA256: - metadata.gz: bb964939f612ba79e65eb286dceca230d4c39318c0c34f4a91b1d2538206e7e4 - data.tar.gz: cb728c6e4c1dd52eae4d86bf0dd1378c545724368e87043f9975c9d1d2d9d1ab + metadata.gz: 7b51b801721e41fcfb74db36826449e4cc9d1376c5443a1c89f73842616901cc + data.tar.gz: 6a43f76a5c42767138044260da74c626a174bb79aed4fe2adb542fd2e03d965b SHA512: - metadata.gz: bad6f73638679be729b3b00b5af4aa73007a85e7a3a1e3679684992c531ff3c10bd81b5139a95dfd3383e8599f7d33745744844201c61d7493c7a16a85f254d5 - data.tar.gz: 13bd494c8ffca236552e3d383f6a56459a60a39950cf95ff9f60c3076703abbfd3d0131b16a4b1c7e333ede91d89192e4cae558320f77eb35c3e7bea23eec238 + metadata.gz: 36bbb1686f5f1a3982528ef52ef768c927c0eeda3ba0ac58228e7480f20d3bd49a791c6eef095e3f390a64b27474ca0d9b808743f4730072e46479646cb94c68 + data.tar.gz: 7d7569aee9c633fba6e3701e733149b4a4e781982b9e185c3649147bc7c34f647dee41de0bd7d1bb272670fb54ee8d938ede704014d29c0f1e067e3f0ab50b20
View file
nginx-controller-2.1.3.gem/data/lib/nginx_controller.rb -> nginx-controller-2.2.0.gem/data/lib/nginx_controller.rb
Changed
@@ -4,6 +4,7 @@ require 'nginx_controller/docker/query' require 'nginx_controller/docker/service' require 'nginx_controller/master_service' +require 'nginx_controller/logging' require 'yaml' @@ -48,7 +49,7 @@ process_letsencrypt_queue end - every_day_at_midnight do + every_four_hours do check_letsencrypt_status end } @@ -74,9 +75,17 @@ def check_letsencrypt_status services_ps do | services | - puts '-> Check expiring certificates' + NginxController.logger.info '-> Check expiring certificates' + # check expiring certificates with a delay between 10 and 30 seconds per service + delay = 3600 / services.count, 1.max + delay = 30, delay.min + delay = 10, delay.max + services.each do | svc | - le_queue_add(svc) if svc.letsencrypt_expiring? + EventMachine::Timer.new(delay) do + le_queue_add(svc) if svc.letsencrypt_expiring? + end + delay += delay STDOUT.flush end STDOUT.flush @@ -88,7 +97,7 @@ if @watchlist.blank? id, svc = @le_queue.first if svc - puts "-> Update letsencrypt for #{svc.name}" + NginxController.logger.info "-> Update letsencrypt for #{svc.name}" le_queue_remove(svc) result = svc.letsencrypt_request! reload_service(svc) if result @@ -107,12 +116,12 @@ errors = removed.each do | svc | - puts "Deleted service #{svc.name}" + NginxController.logger.info "Deleted service #{svc.name}" begin svc.deconfigure! rescue - puts "Cannot deactivate service #{svc.name}: #{$!}" - puts "\t" + $!.backtrace0..10.join("\n\t") + NginxController.logger.warn "Cannot deactivate service #{svc.name}: #{$!}" + NginxController.logger.warn "\t" + $!.backtrace0..10.join("\n\t") errors << $! ensure watchlist_remove(svc) @@ -120,20 +129,20 @@ end added.each do | svc | - puts "New service #{svc.name}" + NginxController.logger.info "New service #{svc.name}" begin svc.configure! watchlist_add(svc) unless svc.settled? le_queue_add(svc) if svc.letsencrypt_invalid? rescue - puts "Cannot activate service #{svc.name}: #{$!}" - puts "\t" + $!.backtrace0..10.join("\n\t") + NginxController.logger.error "Cannot activate service #{svc.name}: #{$!}" + NginxController.logger.error "\t" + $!.backtrace0..10.join("\n\t") errors << $! end end changed.each do | pair | - puts "Updated service #{pair1.name}" + NginxController.logger.info "Updated service #{pair1.name}" print_diff(pair0.diff(pair1)) begin pair1.reconfigure! @@ -144,8 +153,8 @@ end rescue watchlist_remove(pair1) - puts "Cannot activate service #{pair1.name}: #{$!}" - puts "\t" + $!.backtrace0..10.join("\n\t") + NginxController.logger.error "Cannot activate service #{pair1.name}: #{$!}" + NginxController.logger.error "\t" + $!.backtrace0..10.join("\n\t") errors << $! end end @@ -153,9 +162,9 @@ cleanup = cleanup_config_files(services) if added.any? || changed.any? || removed.any? || cleanup.any? - puts "Reloading nginx..." + NginxController.logger.debug "Reloading nginx..." out = `nginx -s reload 2>&1` - puts out + NginxController.logger.debug out end end @@ -174,7 +183,7 @@ memot'ServiceID' ||= memot'ServiceID' << t else - puts "WARN: unexpected task #{t.inspect}" + NginxController.logger.warn "unexpected task #{t.inspect}" end memo end @@ -230,7 +239,7 @@ leftovers = Dir'/etc/nginx/vhosts.d/*.conf'.inject() do | memo, cfg | unless cfg.in?(configs) memo << cfg - puts "Cleanup old config file #{cfg}" + NginxController.logger.debug "Cleanup old config file #{cfg}" FileUtils.rm_f(cfg) end memo @@ -259,7 +268,7 @@ def le_queue_add(svc) unless @le_queuesvc.id - puts "Service #{svc.name} should update letsencrypt" + NginxController.logger.debug "Service #{svc.name} should update letsencrypt" @le_queuesvc.id = svc end end @@ -283,14 +292,14 @@ " #{k}: #{d0 || 'nil' } => #{d1}" end end - puts str.flatten.join("\n") + NginxController.logger.debug str.flatten.join("\n") end - def every_day_at_midnight(&block) - run_at = (1.days.from_now.at_midnight - Time.new).to_i + 5 - EventMachine::Timer.new(run_at) do + def every_four_hours(&block) + run_at = Time.now.at_midnight + (Time.now.hour / 4 * 4 + 4).hours + EventMachine::Timer.new(run_at.to_i) do block.call - every_day_at_midnight(&block) + every_four_hours(&block) end end
View file
nginx-controller-2.1.3.gem/data/lib/nginx_controller/acme/base.rb -> nginx-controller-2.2.0.gem/data/lib/nginx_controller/acme/base.rb
Changed
@@ -1,5 +1,6 @@ gem 'activesupport' require 'active_support/all' +require 'nginx_controller/logging' module NginxController module Acme @@ -15,13 +16,24 @@ ENV'LE_SSL_ROOT'.presence || File.join(NginxController.ssl_root, 'letsencrypt') end + def self.preferred_profile + ENV'ACME_PROFILE'.presence || 'classic' + end + def self.get(options) Ruby.new(options) - end + end class Base attr_reader :options + # Creates an ACME certificate provider for a single vhost service. + # + # @param options Hash provider configuration + # @option options Array<String> :names hostnames to request on the certificate + # and to authorize with the ACME CA (passed to {NginxController::Acme::Ruby::Order}) + # @option options String :service_name unique service identifier; certificates + # are stored under +File.join(NginxController::Acme.le_root, service_name)+ def initialize(options) @options = options end @@ -34,13 +46,17 @@ raise 'unimplemented' end + def renew_window + raise 'unimplemented' + end + def privkey_path live_privkey_path end - + def cert_path live_fullchain_path - end + end def names raise 'unimplemented'
View file
nginx-controller-2.1.3.gem/data/lib/nginx_controller/acme/certbot.rb -> nginx-controller-2.2.0.gem/data/lib/nginx_controller/acme/certbot.rb
Changed
@@ -9,16 +9,16 @@ end def prepare! - unless File::exists?(@service.le_cert_dir) + unless File::exist?(@service.le_cert_dir) FileUtils.mkdir_p @service.le_cert_dir end shared_accntdir = File::join(File::dirname(@service.le_cert_dir), '__accounts') - unless File::exists?(shared_accntdir) + unless File::exist?(shared_accntdir) FileUtils::mkdir_p(shared_accntdir) end accntdir = File::join(@service.le_cert_dir, 'accounts') unless File::symlink?(accntdir) - if File::exists?(accntdir) + if File::exist?(accntdir) bckaccntdir = File::join(@service.le_cert_dir, 'accounts.orig') File::rename(accntdir, bckaccntdir) end @@ -62,19 +62,19 @@ cmd = "#{Proxy::Provision.config.certbot_path} #{options.join(' ')}" - puts " - Build certificate for #{@service.server_name, @service.aliases.flatten.compact.join(', ')}" + NginxController.logger.info " - Build certificate for #{@service.server_name, @service.aliases.flatten.compact.join(', ')}" begin stdout, stderr, status = Open3.capture3(cmd) - puts " " + stdout.lines.map(&:strip).join("\n ") + NginxController.logger.info " " + stdout.lines.map(&:strip).join("\n ") rescue stderr = $!.to_s status = false end unless status && status.success? - puts " ! Cannot generate SSL cert" - puts " ! " + stderr.lines.map(&:strip).join("\n ! ") + NginxController.logger.info " ! Cannot generate SSL cert" + NginxController.logger.info " ! " + stderr.lines.map(&:strip).join("\n ! ") end status
View file
nginx-controller-2.1.3.gem/data/lib/nginx_controller/acme/ruby.rb -> nginx-controller-2.2.0.gem/data/lib/nginx_controller/acme/ruby.rb
Changed
@@ -15,8 +15,8 @@ @server_pkey ||= begin pkey = nil pkey_file = File.join(NginxController::Acme.le_root, "server_private_key.rsa") - unless File.exists?(pkey_file) - puts " - Generating server private key #{pkey_file}" + unless File.exist?(pkey_file) + NginxController.logger.debug " - Generating server private key #{pkey_file}" FileUtils.mkdir_p(NginxController::Acme.le_root) pkey = OpenSSL::PKey::RSA.new(4096) File.open(pkey_file, 'w+') do | f | @@ -24,7 +24,7 @@ end end pkey || begin - puts " - Reading server private key #{pkey_file}" + NginxController.logger.debug " - Reading server private key #{pkey_file}" OpenSSL::PKey::RSA.new File.read(pkey_file) end end @@ -35,7 +35,23 @@ end def expiring? - live_privkey? && live_cert? && expires_at.to_date < 30.days.from_now.to_date + if live_privkey? && live_cert? + if renew_window.present? + renew_window:start < Time.now + else + not_before = live_cert.not_before + not_after = live_cert.not_after + if not_after - not_before > 50.days # classic profile + not_after < 30.days.from_now + elsif not_after - not_before > 10.days # tlsserver profile + not_after < 15.days.from_now + else # shortlived profile + not_after < 3.days.from_now + end + end + else + false + end end def has_names? @@ -43,16 +59,20 @@ end def expires_at - live_cert.try(:not_after) || Time.at(0) + if live_cert? && live_cert.try(:not_after) + live_cert.not_after + else + Time.at(0) + end end def privkey_path live_privkey_path end - + def cert_path live_fullchain_path - end + end def names names = @@ -75,12 +95,16 @@ File::join(root_path, 'current') end + def backup_cert_dir + File::join(root_path, 'backup') + end + def live_privkey_path File::join(live_cert_dir, 'key.pem') end def live_privkey? - File.exists?(live_privkey_path) + File.exist?(live_privkey_path) end def live_privkey @@ -92,7 +116,7 @@ end def live_cert? - File.exists?(live_cert_path) + File.exist?(live_cert_path) end def live_cert @@ -111,9 +135,9 @@ begin do_prepare rescue NginxController::Acme::Ruby::Order::PartialAuthFailure => ex - puts "-- PartialAuthFailure ----------------" - puts ex.message - puts "--------------------------------------" + ex.message.lines.each do | line | + NginxController.logger.warn line.chomp + end do_prepare(@order.autorized_names) raise ex end @@ -127,7 +151,7 @@ @certs = nil if @authorized && !@cert_requested - puts " - Build certificate for #{@order.autorized_names}" + NginxController.logger.info " - Build certificate for #{@order.autorized_names}" csr = ::Acme::Client::CertificateRequest.new( names: @order.autorized_names, private_key: self.private_key @@ -153,7 +177,7 @@ # @certs2 = cert.chain_to_pem # @certs3 = cert.fullchain_to_pem rescue - puts " ! Cannot generate SSL cert: #{$!}" + NginxController.logger.error " ! Cannot generate SSL cert: #{$!}" @certs = end @cert_requested = true @@ -161,6 +185,25 @@ @certs end + def renew_window + if live_cert? + cached_renewal_info do + @renewal_info ||= begin + client.renewal_info(certificate: live_cert) + rescue + NginxController.logger.warn " ! Cannot get renewal info: #{$!}" + nil + end + if @renewal_info&.suggested_window_start.present? && @renewal_info&.suggested_window_end.present? + { + start: Time.parse(@renewal_info.suggested_window_start), + end: Time.parse(@renewal_info.suggested_window_end), + } + end + end + end + end + protected def client @@ -170,7 +213,7 @@ dir = NginxController::Acme.acme_endpoint.strip kid = begin - if File::exists?(reg_file) + if File::exist?(reg_file) File.read(reg_file).strip end end @@ -183,11 +226,11 @@ client_options:kid = kid unless kid.blank? - client = ::Acme::Client.new(client_options) + client = ::Acme::Client.new(**client_options) if kid.blank? begin - puts " - Register contact #{NginxController::Acme.acme_contact}" + NginxController.logger.debug " - Register contact #{NginxController::Acme.acme_contact}" registration = client.new_account(contact: "mailto:#{NginxController::Acme.acme_contact}", terms_of_service_agreed: true) FileUtils.touch(reg_file) File.open(reg_file, 'w+') do | f | @@ -208,12 +251,12 @@ def private_key @pkey ||= begin begin - pkey = live_privkey + pkey = live_privkey if File.exist?(live_privkey_path) rescue - puts "Cannot load private key #{live_privkey_path}: #{$!}" + NginxController.logger.warn "Cannot load private key #{live_privkey_path}: #{$!}" end if !pkey - puts " - Generating private key" + NginxController.logger.debug " - Generating private key" pkey = OpenSSL::PKey::RSA.new(4096) end pkey @@ -223,15 +266,15 @@ def do_prepare(names = @options:names) unless @prepared @authorized ||= begin - puts " - Prepare Let's Encrypt" + NginxController.logger.debug " - Prepare Let's Encrypt" #@domains = @service.servername, @service.aliases.flatten.compact.map do | dom | # dom = Domain.new(dom, client, @service)
View file
nginx-controller-2.1.3.gem/data/lib/nginx_controller/acme/ruby/order.rb -> nginx-controller-2.2.0.gem/data/lib/nginx_controller/acme/ruby/order.rb
Changed
@@ -1,6 +1,7 @@ #gem 'net-dns', '~> 0.8' require 'open3' #require 'inifile' +require 'nginx_controller/logging' module NginxController module Acme @@ -34,7 +35,15 @@ end end - LE_WELL_KNOWN_DIR = "/srv/validation/well-known" + DEFAULT_LE_WELL_KNOWN_DIR = "/srv/validation/well-known" + + def self.le_well_known_dir + @le_well_known_dir ||= DEFAULT_LE_WELL_KNOWN_DIR + end + + def self.le_well_known_dir=(dir) + @le_well_known_dir = dir + end attr_reader :domains, :order def initialize(domains, acme_client) @@ -69,7 +78,7 @@ valid = false end else - puts " --- unhandle acme challenge #{acme_challenge}" + NginxController.logger.error " --- unhandled acme challenge #{acme_challenge}" false end end @@ -78,7 +87,7 @@ if valid #if service.use_dns01? - # puts " - Wait for DNS propagation..." + # NginxController.logger.info " - Wait for DNS propagation..." # STDOUT.flush # sleep 60 #end @@ -93,7 +102,7 @@ todo = @challenges timeout = Time.new + 2.minutes - puts " - Waiting for all challenges..." + NginxController.logger.debug " - Waiting for all challenges..." STDOUT.flush while (todo.length > 0) && (timeout > Time.new) todo = todo.reject do | challenge | @@ -106,9 +115,9 @@ dom = challenge0.domain dom = "*.#{dom}" if challenge0.wildcard if challenge1.status != 'valid' - puts " - Challenge for #{dom} failed: #{challenge1.status} #{challenge1.error'detail'}" + NginxController.logger.warn " - Challenge for #{dom} failed: #{challenge1.status} #{challenge1.error'detail'}" else - puts " - Challenge for #{dom}: success" + NginxController.logger.debug " - Challenge for #{dom}: success" end STDOUT.flush true @@ -136,7 +145,7 @@ STDOUT.flush raise AuthFailure.new(@challenges) if @challenges.count{|ch| ch1.status != 'valid'} == @challenges.count - + @authorized = true raise PartialAuthFailure.new(@challenges) unless @challenges.count{|ch| ch1.status == 'valid'} == @challenges.count end @@ -157,7 +166,7 @@ def create_order! @order ||= begin - puts " - Create order for #{@domains}" + NginxController.logger.info " - Create order for #{@domains}" @client.new_order(identifiers: @domains) end end @@ -165,7 +174,7 @@ def prepare_http_challenge!(authorization, challenge) challenge_filename = http_challenge_filename_for(challenge) dom = authorization.domain - puts " - Witing HTTP01 challenge for #{dom} to #{challenge_filename}" + NginxController.logger.debug " - Witing HTTP01 challenge for #{dom} to #{challenge_filename}" FileUtils::mkdir_p(File::dirname(challenge_filename)) #FileUtils::chown(Proxy::Provision.config.username, Proxy::Provision.config.group, File::dirname(challenge_filename)) File::open(challenge_filename, 'w+') do | f | @@ -177,9 +186,9 @@ def cleanup_http_challenge!(authorization, challenge) fname = http_challenge_filename_for(challenge) - if File::exists?(fname) + if File::exist?(fname) dom = authorization.domain - puts " - Cleanup HTTP01 challenge for #{dom}" + NginxController.logger.debug " - Cleanup HTTP01 challenge for #{dom}" File::unlink(fname) end end @@ -188,14 +197,14 @@ fname = challenge.filename fname = fname.split('/') fname.shift - File::join(*LE_WELL_KNOWN_DIR, fname.flatten) + File::join(*self.class.le_well_known_dir, fname.flatten) end #def prepare_dns_challenge!(authorization, challenge) # status = false # dom = authorization.domain # dom = "*.#{dom}" if authorization.wildcard - # puts " - Prepare DNS01 challenge for #{dom}" + # NginxController.logger.info " - Prepare DNS01 challenge for #{dom}" # # commands = <<-EOC # server #{dnssec_key:server} @@ -214,18 +223,18 @@ # end # # unless status && status.success? - # puts " --- DNS update failed!" - # puts " --- #{stderr}" + # NginxController.logger.info " --- DNS update failed!" + # NginxController.logger.info " --- #{stderr}" # end # # status #end - + #def cleanup_dns_challenge!(authorization, challenge) # status = false # dom = authorization.domain # dom = "*.#{dom}" if authorization.wildcard - # puts " - Cleanup DNS01 challenge for #{dom}" + # NginxController.logger.info " - Cleanup DNS01 challenge for #{dom}" # # commands = <<-EOC # server #{dnssec_key:server} @@ -244,13 +253,13 @@ # end # # unless status && status.success? - # puts " --- DNS delete failed!" - # puts " --- #{stderr}" + # NginxController.logger.info " --- DNS delete failed!" + # NginxController.logger.info " --- #{stderr}" # end # # status #end - + #def dnssec_key # @dnssec_key ||= begin # begin @@ -262,8 +271,8 @@ # secret: ini'global''dns_rfc2136_secret', # } # rescue - # puts " --- cannot load dnssec key #{service.dnssec_key}" - # puts " --- #{$!.inspect}" + # NginxController.logger.info " --- cannot load dnssec key #{service.dnssec_key}" + # NginxController.logger.info " --- #{$!.inspect}" # {} # end # end
View file
nginx-controller-2.1.3.gem/data/lib/nginx_controller/base_service.rb -> nginx-controller-2.2.0.gem/data/lib/nginx_controller/base_service.rb
Changed
@@ -2,6 +2,7 @@ gem 'activesupport' require 'active_support/all' require 'mail' +require 'nginx_controller/logging' module NginxController class BaseService @@ -56,7 +57,7 @@ end def deconfigure! - if File.exists?(config_filename) + if File.exist?(config_filename) FileUtils.rm(config_filename) end end @@ -99,9 +100,9 @@ end protected - + def test_config!(config) - if File.exists?(config_filename) + if File.exist?(config_filename) FileUtils.mv(config_filename, "#{config_filename}.test-bck") end File.open(config_filename, 'wb+') {|f| f.write(config)} @@ -112,7 +113,7 @@ FileUtils.mv(config_filename, "#{config_filename}.err") raise $! ensure - if File.exists?("#{config_filename}.test-bck") + if File.exist?("#{config_filename}.test-bck") FileUtils.mv("#{config_filename}.test-bck", config_filename) end end @@ -140,7 +141,7 @@ end msg = msg.join("\n") - puts msg + NginxController.logger.error msg notify_failure_via_mail(msg) end @@ -171,8 +172,8 @@ mail.deliver end rescue - puts "### Email notification not sent: #{$!}" + NginxController.logger.info "### Email notification not sent: #{$!}" end end end -end \ No newline at end of file +end
View file
nginx-controller-2.1.3.gem/data/lib/nginx_controller/docker/query.rb -> nginx-controller-2.2.0.gem/data/lib/nginx_controller/docker/query.rb
Changed
@@ -55,7 +55,7 @@ req << "User-Agent: nginx controller" req << "" req << "" - #puts req.join("\r\n") + #NginxController.logger.info req.join("\r\n") send_data req.join("\r\n") end @@ -64,4 +64,4 @@ end end end -end \ No newline at end of file +end
View file
nginx-controller-2.1.3.gem/data/lib/nginx_controller/docker/service.rb -> nginx-controller-2.2.0.gem/data/lib/nginx_controller/docker/service.rb
Changed
@@ -119,17 +119,11 @@ def deconfigure! delete_passwd! super - if File.exists?(logrotate_config_filename) + if File.exist?(logrotate_config_filename) FileUtils.rm_f(logrotate_config_filename) end end - def request_letsencrypt? - if letsencrypt? - !acme.valid? || acme.expiring? || !acme.has_names?(server_names) - end - end - # accessors def service_name @@ -226,10 +220,11 @@ rulesridx:auth ||= rulesridx:auth << v else - puts "unknown access rule key \"#{i}\"" + NginxController.logger.warn "unknown access rule key \"#{k}\"" end }.compact - Hashrules.values.map{|r| r:location, r} + rules = rules.values.reject{|r| r:location.blank? || (:rule, :allow, :deny, :auth & r.keys).empty? } + Hashrules.map{|r| r:location, r} end end @@ -305,8 +300,8 @@ def render(template = 'nginx', locals = nil) @locals = locals tpl = File.join(File.dirname(File.dirname(__FILE__)), 'templates', "#{template}.erb") - raise StandardError.new "Template #{template} not found" unless File::exists?(tpl) - erb = ERB.new(File.read(tpl), nil, '-') + raise StandardError.new "Template #{template} not found" unless File::exist?(tpl) + erb = ERB.new(File.read(tpl), trim_mode: '-') erb.result self.get_binding end @@ -352,7 +347,7 @@ id = File::basename(id) # LAZY but works names = d.split(',').map(&:strip).compact - if names.any? && File::exists?(File.join(NginxController.certs_path, service_name, "#{id}.pem")) + if names.any? && File::exist?(File.join(NginxController.certs_path, service_name, "#{id}.pem")) list << OpenStruct.new({ names: names, cert: File.join(NginxController.certs_path, service_name, "#{id}.pem"),
View file
nginx-controller-2.2.0.gem/data/lib/nginx_controller/logging.rb
Added
@@ -0,0 +1,30 @@ +module NginxController + def self.logger + @logger ||= begin + log_file = ENV'LOG_FILE'.presence + if log_file.present? && log_file != '/dev/null' + FileUtils.mkdir_p(File.dirname(log_file)) + FileUtils.touch(log_file) + FileUtils.chmod(0644, log_file) + end + Logger.new(log_file || STDOUT).tap do | logger | + logger.level = log_level + end + end + end + + def self.log_level + case ENV'LOG_LEVEL'.presence + when 'debug' + Logger::DEBUG + when 'info' + Logger::INFO + when 'warn' + Logger::WARN + when 'error' + Logger::ERROR + else + Logger::INFO + end + end +end
View file
nginx-controller-2.1.3.gem/data/lib/nginx_controller/master_service.rb -> nginx-controller-2.2.0.gem/data/lib/nginx_controller/master_service.rb
Changed
@@ -14,7 +14,7 @@ def name '000default' end - + def managed? true end @@ -55,11 +55,11 @@ end def deconfigure! - if File.exists?(config_filename) + if File.exist?(config_filename) FileUtils.rm(config_filename) end end - + def ssl_certificate if acme.valid? acme.cert_path @@ -84,10 +84,6 @@ ENV'VALIDATION_HOST' end - def request_letsencrypt? - !acme.valid? || acme.expiring? - end - def letsencrypt? true end @@ -99,7 +95,7 @@ FileUtils.mkdir_p(dir) end end - + def self_signed_cert setup_self_signed_cert unless @self_signed_cert @self_signed_cert @@ -123,7 +119,7 @@ def render(template = 'default', locals = nil) @locals = locals tpl = File.join(File.dirname(__FILE__), 'templates', "#{template}.erb") - raise StandardError.new "Template #{template} not found" unless File::exists?(tpl) + raise StandardError.new "Template #{template} not found" unless File::exist?(tpl) erb = ERB.new(File.read(tpl), nil, '-') erb.result self.get_binding end @@ -132,4 +128,4 @@ binding end end -end \ No newline at end of file +end
View file
nginx-controller-2.1.3.gem/data/lib/nginx_controller/self_signed_cert.rb -> nginx-controller-2.2.0.gem/data/lib/nginx_controller/self_signed_cert.rb
Changed
@@ -20,7 +20,8 @@ end def valid? - !!pkey && !!cert && + load if pkey.nil? || cert.nil? + !!pkey && !!cert && names.sort == options:names.sort && expires_at > Time.now end @@ -44,7 +45,7 @@ ef.subject_certificate = @cert @cert.add_extension(ef.create_extension("subjectAltName","DNS:#{options:names.join(',DNS:')}",false)) @cert.sign(@pkey, OpenSSL::Digest::SHA256.new) - + FileUtils.mkdir_p(File.dirname(privkey_path)) FileUtils.mkdir_p(File.dirname(cert_path)) File.open(privkey_path, 'wb+') {|f| f.write @pkey.to_pem } @@ -67,10 +68,10 @@ protected def load - if File.exists?(privkey_path) && File.exists?(cert_path) + if File.exist?(privkey_path) && File.exist?(cert_path) @pkey = OpenSSL::PKey.read(File.read(privkey_path)) @cert = OpenSSL::X509::Certificate.new(File.read(cert_path)) end end end -end \ No newline at end of file +end
View file
nginx-controller-2.1.3.gem/data/lib/nginx_controller/templates/default.erb -> nginx-controller-2.2.0.gem/data/lib/nginx_controller/templates/default.erb
Changed
@@ -1,5 +1,6 @@ server { listen 80 default_server; + server_tokens off; server_name _; @@ -20,15 +21,17 @@ } server { - listen 443 ssl http2 default_server; + listen 443 ssl default_server; + http2 on; + server_tokens off; server_name _; ssl_certificate <%= ssl_certificate %>; ssl_certificate_key <%= ssl_certificate_key %>; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; access_log /storage/logs/default/access.log main; error_log /storage/logs/default/error.log; @@ -44,6 +47,7 @@ server { listen 80; + server_tokens off; server_name <%= validation_host %>;
View file
nginx-controller-2.1.3.gem/data/lib/nginx_controller/templates/nginx-proxy-block.erb -> nginx-controller-2.2.0.gem/data/lib/nginx_controller/templates/nginx-proxy-block.erb
Changed
@@ -19,4 +19,4 @@ proxy_read_timeout 180s; proxy_connect_timeout 10s; - proxy_send_timeout 30s; + proxy_send_timeout 30s; \ No newline at end of file
View file
nginx-controller-2.1.3.gem/data/lib/nginx_controller/templates/nginx.erb -> nginx-controller-2.2.0.gem/data/lib/nginx_controller/templates/nginx.erb
Changed
@@ -1,5 +1,6 @@ server { listen 80; + server_tokens off; server_name <%= servername, aliases.flatten.uniq.join(' ') %>; @@ -24,7 +25,9 @@ <% if ssl? && ssl_certs.any? -%> <% ssl_certs.each do | cert | -%> server { - listen 443 ssl http2; + listen 443 ssl; + http2 on; + server_tokens off; server_name <%= cert.names.join(' ') %>; @@ -34,8 +37,8 @@ ssl_certificate <%= cert.cert %>; ssl_certificate_key <%= cert.key %>; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; <%= render 'nginx-common' %> } @@ -45,6 +48,7 @@ <% if auto_route -%> server { listen 80; + server_tokens off; server_name <%= auto_route %>; @@ -72,7 +76,9 @@ <% if ssl? -%> server { - listen 443 ssl http2; + listen 443 ssl; + http2 on; + server_tokens off; server_name <%= auto_route %>; @@ -82,8 +88,8 @@ ssl_certificate <%= auto_route_ssl_cert %>; ssl_certificate_key <%= auto_route_ssl_key %>; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; location = /robots.txt { root /srv/www/htdocs/;
View file
nginx-controller-2.1.3.gem/metadata.gz -> nginx-controller-2.2.0.gem/metadata.gz
Changed
@@ -1,14 +1,14 @@ --- !ruby/object:Gem::Specification name: nginx-controller version: !ruby/object:Gem::Version - version: 2.1.3 + version: 2.2.0 platform: ruby authors: - Angelo Grossini autorequire: bindir: bin cert_chain: -date: 2025-10-31 00:00:00.000000000 Z +date: 2026-05-21 00:00:00.000000000 Z dependencies: - !ruby/object:Gem::Dependency name: rspec @@ -25,6 +25,46 @@ - !ruby/object:Gem::Version version: '3.12' - !ruby/object:Gem::Dependency + name: byebug + requirement: !ruby/object:Gem::Requirement + requirements: + - - "~>" + - !ruby/object:Gem::Version + version: '0' + - - ">=" + - !ruby/object:Gem::Version + version: '13' + type: :development + prerelease: false + version_requirements: !ruby/object:Gem::Requirement + requirements: + - - "~>" + - !ruby/object:Gem::Version + version: '0' + - - ">=" + - !ruby/object:Gem::Version + version: '13' +- !ruby/object:Gem::Dependency + name: webmock + requirement: !ruby/object:Gem::Requirement + requirements: + - - "~>" + - !ruby/object:Gem::Version + version: '3.0' + - - ">=" + - !ruby/object:Gem::Version + version: 3.26.2 + type: :development + prerelease: false + version_requirements: !ruby/object:Gem::Requirement + requirements: + - - "~>" + - !ruby/object:Gem::Version + version: '3.0' + - - ">=" + - !ruby/object:Gem::Version + version: 3.26.2 +- !ruby/object:Gem::Dependency name: eventmachine requirement: !ruby/object:Gem::Requirement requirements: @@ -58,14 +98,14 @@ requirements: - - "~>" - !ruby/object:Gem::Version - version: '5.0' + version: '8.0' type: :runtime prerelease: false version_requirements: !ruby/object:Gem::Requirement requirements: - - "~>" - !ruby/object:Gem::Version - version: '5.0' + version: '8.0' - !ruby/object:Gem::Dependency name: acme-client requirement: !ruby/object:Gem::Requirement @@ -113,6 +153,7 @@ - lib/nginx_controller/docker/listener.rb - lib/nginx_controller/docker/query.rb - lib/nginx_controller/docker/service.rb +- lib/nginx_controller/logging.rb - lib/nginx_controller/master_service.rb - lib/nginx_controller/self_signed_cert.rb - lib/nginx_controller/templates/default.erb @@ -140,7 +181,7 @@ - !ruby/object:Gem::Version version: '0' requirements: -rubygems_version: 3.5.22 +rubygems_version: 3.4.20 signing_key: specification_version: 4 summary: Nginx controller for vhosts-ng
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.