Skip to content

Commit

Permalink
Update LetsEncrypt framework and support disabling LetsEncrypt
Browse files Browse the repository at this point in the history
+ Update to newer version of the library to obtain SSL certificates from LetsEncrypt.
+ Add option to disable LetsEncrypt via environment variable.
  • Loading branch information
Viir committed Mar 21, 2024
1 parent d40d7e0 commit 1b194d2
Show file tree
Hide file tree
Showing 6 changed files with 43 additions and 26 deletions.
2 changes: 2 additions & 0 deletions implement/elm-time/Platform/WebService/Configuration.cs
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@ public static class Configuration

public static string PublicWebHostUrlsSettingKey => "publicWebHostUrls";

public static string DisableLetsEncryptSettingKey => "disableLetsEncrypt";

public static string[] PublicWebHostUrlsDefault => ["http://*", "https://*"];

/// <summary>
Expand Down
31 changes: 20 additions & 11 deletions implement/elm-time/Platform/WebService/PublicAppState.cs
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
using FluffySpoon.AspNet.LetsEncrypt;
using FluffySpoon.AspNet.EncryptWeMust;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
Expand Down Expand Up @@ -88,7 +88,8 @@ public PublicAppState(
public WebApplication Build(
WebApplicationBuilder appBuilder,
IHostEnvironment env,
IReadOnlyList<string> publicWebHostUrls)
IReadOnlyList<string> publicWebHostUrls,
bool? disableLetsEncrypt)
{
appBuilder.Services.AddLogging(logging =>
{
Expand All @@ -115,7 +116,6 @@ public WebApplication Build(
{
kestrelOptions.ConfigureHttpsDefaults(httpsOptions =>
{
httpsOptions.ServerCertificateSelector = (_, _) => LetsEncryptRenewalService.Certificate;
});
})
.UseUrls([.. publicWebHostUrls])
Expand All @@ -129,8 +129,8 @@ public WebApplication Build(
app.UseDeveloperExceptionPage();
}

if (serverAndElmAppConfig.ServerConfig?.letsEncryptOptions != null)
app.UseFluffySpoonLetsEncryptChallengeApprovalMiddleware();
if (serverAndElmAppConfig.ServerConfig?.letsEncryptOptions is not null && !(disableLetsEncrypt ?? false))
app.UseFluffySpoonLetsEncrypt();

app.Lifetime.ApplicationStopping.Register(() =>
{
Expand Down Expand Up @@ -169,16 +169,24 @@ private void ConfigureServices(
{
var letsEncryptOptions = serverAndElmAppConfig.ServerConfig?.letsEncryptOptions;

if (letsEncryptOptions == null)
if (letsEncryptOptions is null)
{
logger.LogInformation("I did not find 'letsEncryptOptions' in the configuration. I continue without Let's Encrypt.");
}
else
{
logger.LogInformation("I found 'letsEncryptOptions' in the configuration.");
services.AddFluffySpoonLetsEncryptRenewalService(letsEncryptOptions);
services.AddFluffySpoonLetsEncryptFileCertificatePersistence();
services.AddFluffySpoonLetsEncryptMemoryChallengePersistence();
if (serverAndElmAppConfig.DisableLetsEncrypt ?? false)
{
logger.LogInformation(
"I found 'letsEncryptOptions' in the configuration, but 'disableLetsEncrypt' is set to true. I continue without Let's Encrypt.");
}
else
{
logger.LogInformation("I found 'letsEncryptOptions' in the configuration.");
services.AddFluffySpoonLetsEncrypt(letsEncryptOptions);
services.AddFluffySpoonLetsEncryptFileCertificatePersistence();
services.AddFluffySpoonLetsEncryptMemoryChallengePersistence();
}
}

Asp.ConfigureServices(services);
Expand Down Expand Up @@ -707,4 +715,5 @@ public record ServerAndElmAppConfig(
WebServiceConfigJson? ServerConfig,
Func<string, Result<string, StateShim.InterfaceToHost.FunctionApplicationResult>> ProcessEventInElmApp,
PineValue SourceComposition,
InterfaceToHost.BackendEventResponseStruct? InitOrMigrateCmds);
InterfaceToHost.BackendEventResponseStruct? InitOrMigrateCmds,
bool? DisableLetsEncrypt);
26 changes: 16 additions & 10 deletions implement/elm-time/Platform/WebService/StartupAdminInterface.cs
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,10 @@ public void Configure(

var adminPassword = configuration?.GetValue<string>(Configuration.AdminPasswordSettingKey);

var disableLetsEncrypt =
configuration?.GetValue<string>(Configuration.DisableLetsEncryptSettingKey)
?.Equals("true", StringComparison.InvariantCultureIgnoreCase);

object avoidConcurrencyLock = new();

var processStoreFileStore = processStoreForFileStore.fileStore;
Expand Down Expand Up @@ -252,8 +256,9 @@ IHost buildWebHost(
}
},
SourceComposition: processAppConfig.appConfigComponent,
InitOrMigrateCmds: restoreProcessOk.initOrMigrateCmds
);
InitOrMigrateCmds: restoreProcessOk.initOrMigrateCmds,
DisableLetsEncrypt: disableLetsEncrypt
);

var publicAppState = new PublicAppState(
serverAndElmAppConfig: serverAndElmAppConfig,
Expand All @@ -265,7 +270,8 @@ IHost buildWebHost(
publicAppState.Build(
appBuilder,
env,
publicWebHostUrls: publicWebHostUrls);
publicWebHostUrls: publicWebHostUrls,
disableLetsEncrypt: disableLetsEncrypt);

publicAppState.ProcessEventTimeHasArrived();

Expand Down Expand Up @@ -299,13 +305,13 @@ IHost buildWebHost(
app.Run(
AdminInterfaceRun(
logger: logger,
processStoreFileStore: processStoreFileStore,
processStoreWriter: processStoreWriter,
adminPassword: adminPassword,
getPublicAppHost: () => publicAppHost,
avoidConcurrencyLock: avoidConcurrencyLock,
startPublicApp: startPublicApp,
stopPublicApp: stopPublicApp));
processStoreFileStore: processStoreFileStore,
processStoreWriter: processStoreWriter,
adminPassword: adminPassword,
getPublicAppHost: () => publicAppHost,
avoidConcurrencyLock: avoidConcurrencyLock,
startPublicApp: startPublicApp,
stopPublicApp: stopPublicApp));
}

private static RequestDelegate AdminInterfaceRun(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ namespace ElmTime.Platform.WebService;
public record WebServiceConfigJson(
RateLimitWindow? singleRateLimitWindowPerClientIPv4Address = null,
int? httpRequestEventSizeLimit = null,
FluffySpoon.AspNet.LetsEncrypt.LetsEncryptOptions? letsEncryptOptions = null);
FluffySpoon.AspNet.EncryptWeMust.Certes.LetsEncryptOptions? letsEncryptOptions = null);

public record RateLimitWindow(
int windowSizeInMs,
Expand Down
2 changes: 1 addition & 1 deletion implement/elm-time/Program.cs
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ namespace ElmTime;

public class Program
{
public static string AppVersionId => "2024-03-20";
public static string AppVersionId => "2024-03-21";

private static int AdminInterfaceDefaultPort => 4000;

Expand Down
6 changes: 3 additions & 3 deletions implement/elm-time/elm-time.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@
<TargetFramework>net8.0</TargetFramework>
<RootNamespace>ElmTime</RootNamespace>
<AssemblyName>elm-time</AssemblyName>
<AssemblyVersion>2024.0320.0.0</AssemblyVersion>
<FileVersion>2024.0320.0.0</FileVersion>
<AssemblyVersion>2024.0321.0.0</AssemblyVersion>
<FileVersion>2024.0321.0.0</FileVersion>
<Nullable>enable</Nullable>
<GenerateEmbeddedFilesManifest>true</GenerateEmbeddedFilesManifest>
</PropertyGroup>
Expand Down Expand Up @@ -38,7 +38,7 @@
</ItemGroup>

<ItemGroup>
<PackageReference Include="FluffySpoon.AspNet.LetsEncrypt" Version="1.116.0" />
<PackageReference Include="FluffySpoon.AspNet.EncryptWeMust" Version="1.171.0" />
<PackageReference Include="JavaScriptEngineSwitcher.V8" Version="3.21.5" />
<PackageReference Include="Jint" Version="3.0.1" />
<PackageReference Include="LibGit2Sharp" Version="0.28.0" />
Expand Down

0 comments on commit 1b194d2

Please sign in to comment.