Class: Puma::Plugin::AutoCert

Inherits:
Acme::Plugin
  • Object
show all
Defined in:
lib/puma/plugin/auto_cert.rb

Overview

This is a plugin for Puma that will automatically provision & renew certificates based on options loaded from a framework plugin or the environment. Only the foreground acme mode is supported.

Defined Under Namespace

Classes: ConfigLookup, Error, PortMissingError, ServerNameMissingError

Class Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Class Attribute Details

.start_hooksObject

Returns the value of attribute start_hooks.



21
22
23
# File 'lib/puma/plugin/auto_cert.rb', line 21

def start_hooks
  @start_hooks
end

Class Method Details

.add_start_hook(&block) ⇒ Object



24
25
26
# File 'lib/puma/plugin/auto_cert.rb', line 24

def self.add_start_hook(&block)
  (self.start_hooks ||= []) << block
end

Instance Method Details

#start(launcher, env: ENV) ⇒ Object



28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
# File 'lib/puma/plugin/auto_cert.rb', line 28

def start(launcher, env: ENV)
  # puma.rb > framework config > ENV
  config = ConfigLookup.new(puma: launcher.options, app: framework_config, env: env)

  enabled = config.first(:enabled)

  https_port = config.first(:port, puma: :auto_cert_port, env: 'HTTPS_PORT')
  if https_port.nil?
    if enabled
      raise PortMissingError, 'AutoCert was enabled, but no https port number provided'
    end

    launcher.log_writer.log 'AutoCert >> Not enabled, no HTTPS_PORT'
    return
  end

  server_names = [*config.all(:server_names, env: Anchor::ENV_VARS[:server_names])]
                 .map { |val| val.split(/[ ,]/) }.flatten.uniq

  if server_names.empty?
    if enabled
      raise ServerNameMissingError, 'AutoCert was enabled, but no server name(s) provided'
    end

    launcher.log_writer.log 'AutoCert >> Not enabled, no ACME_SERVER_NAME(S)'
    return
  end

  launcher.options[:acme_server_names] = server_names

  tcp_hosts(launcher.options[:binds]).each do |host|
    launcher.options[:binds] << "acme://#{host}:#{https_port}"
  end

  %i[algorithm cache_dir contact tos_agreed].each do |key|
    if (val = config.first(key))
      launcher.options[:"acme_#{key}"] ||= val
    end
  end

  launcher.options[:acme_directory] ||= config.first(:directory, env: Anchor::ENV_VARS[:directory])

  launcher.options[:acme_eab_kid]      ||= config.first(:eab_kid, env: Anchor::ENV_VARS[:eab_kid])
  launcher.options[:acme_eab_hmac_key] ||= config.first(:eab_hmac_key,
                                                        env: Anchor::ENV_VARS[:eab_hmac_key])

  launcher.options[:acme_mode] ||= config.first(:mode) || :foreground

  # TODO: unify with config, check/use :renew_interval
  launcher.options[:acme_renew_at] ||= renew_before

  super(launcher)
end