Class: Puma::Acme::Plugin

Inherits:
Plugin
  • Object
show all
Defined in:
lib/puma/acme/plugin.rb

Overview

Puma plugin for SSL certificate provisioning via an ACME server.

Instance Method Summary collapse

Instance Method Details

#start(launcher) ⇒ Object 



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
 
# File 'lib/puma/acme/plugin.rb', line 9

def start(launcher)
  identifiers = launcher.options[:acme_server_names] || raise(Error, 'missing ACME server name(s)')
  algorithm   = launcher.options.fetch(:acme_algorithm, :ecdsa)

  contact    = launcher.options.fetch(:acme_contact, nil)
  directory  = launcher.options.fetch(:acme_directory, DEFAULT_DIRECTORY)
  tos_agreed = launcher.options.fetch(:acme_tos_agreed, false)

  if (eab_kid = launcher.options[:acme_eab_kid])
    eab = Eab.new(kid: eab_kid, hmac_key: launcher.options.fetch(:acme_eab_hmac_key))
  end

  store = launcher.options[:acme_cache] || disk_store(launcher.options)

  mode           = launcher.options.fetch(:acme_mode, :background)
  poll_interval  = launcher.options.fetch(:acme_poll_interval, 1)
  renew_at       = launcher.options.fetch(:acme_renew_at, nil)
  renew_interval = launcher.options.fetch(:acme_renew_interval, DEFAULT_RENEW_INTERVAL)

  @manager = Manager.new(
    store: store,
    contact: contact,
    directory: directory,
    tos_agreed: tos_agreed,
    eab: eab
  )

  @acme_binds, binds = launcher.options[:binds].partition { |bind| bind.start_with?('acme://') }
  launcher.options[:binds] = binds

  launcher.options[:app] = Middleware.new(
    launcher.options[:app],
    manager: @manager
  )

  @logger = launcher.respond_to?(:log_writer) ? launcher.log_writer : launcher.events

  cert = @manager.cert!(identifiers: identifiers, algorithm: algorithm)
  if cert.usable?
    @logger.debug 'Acme: cert already provisioned'

    bind_to(launcher, cert)

    if renew_at
      in_background do
        renew(cert, renew_at: renew_at, renew_interval: renew_interval, poll_interval: poll_interval)

        launcher.restart
      end
    end
  elsif mode == :background
    @logger.log 'Puma background provisioning cert via puma-acme plugin...'

    in_background do
      provision(cert, poll_interval: poll_interval)

      @logger.log 'Puma restarting after provisioning cert via puma-acme plugin...'

      launcher.restart
    end
  elsif mode == :foreground
    @logger.log 'Puma foreground provisioning cert via puma-acme plugin...'

    provision(cert, poll_interval: poll_interval)
    @logger.log "Cert provisioned for [#{cert.names.join(', ')}] via puma-acme plugin."

    bind_to(launcher, cert)

    if renew_at
      in_background do
        renew(cert, renew_at: renew_at, renew_interval: renew_interval, poll_interval: poll_interval)

        launcher.restart
      end
    end
  else
    raise UnknownMode, mode
  end
end