Enhance Let's Encrypt certificate management and error handling (#157)

NethServer/dev#7669

Author: stephdl

build-images.sh

@@ -181,6 +181,7 @@ buildah add "${container}" ui/dist /ui
 # Setup the entrypoint, ask to reserve one TCP port with the label and set a rootless container
 buildah config --entrypoint=/ \
     --label="org.nethserver.authorizations=traefik@node:routeadm mail@any:mailadm cluster:accountconsumer nethvoice@any:pbookreader" \
+    --label="org.nethserver.min-core=3.12.4-0" \
     --label="org.nethserver.tcp-ports-demand=1" \
     --label="org.nethserver.rootfull=0" \
     --label="org.nethserver.min-from=1.4.4" \

imageroot/actions/configure-module/14configure-traefik

@@ -0,0 +1,29 @@
+#!/usr/bin/env python3
+
+#
+# Copyright (C) 2025 Nethesis S.r.l.
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+
+import json
+import sys
+import os
+import agent
+
+# Try to parse the stdin as JSON.
+# If parsing fails, output everything to stderr
+data = json.load(sys.stdin)
+
+## Configure set-route
+set_route_data = {
+    'instance': os.environ['MODULE_ID'],
+    'url':  'http://127.0.0.1:' + os.environ["TCP_PORT"],
+    'http2https': True,
+    'host': data["hostname"],
+    'lets_encrypt_check': True,
+    'lets_encrypt_cleanup': True,
+}
+if 'request_https_certificate' in data:
+    set_route_data['lets_encrypt'] = data['request_https_certificate']
+
+agent.set_route(set_route_data)

imageroot/actions/configure-module/20config

@@ -22,28 +22,6 @@ if not agent_id:
 # Connect to redis
 rdb = agent.redis_connect()
 
-webtop_request_https_certificate = os.environ["WEBTOP_REQUEST_HTTPS_CERTIFICATE"].lower() in ('true', '1', 't')
-if data.get("request_https_certificate") is not None:
-    if data.get("request_https_certificate") != webtop_request_https_certificate:
-        webtop_request_https_certificate = data["request_https_certificate"]
-        agent.set_env("WEBTOP_REQUEST_HTTPS_CERTIFICATE", data["request_https_certificate"])
-
-# Configure Traefik to route WebTop's host requests to the webtop module
-response = agent.tasks.run(
-    agent_id=agent.resolve_agent_id('traefik@node'),
-    action='set-route',
-    data={
-        'instance': os.environ['MODULE_ID'],
-        'url':  'http://127.0.0.1:' + os.environ["TCP_PORT"],
-        'http2https': True,
-        'lets_encrypt': webtop_request_https_certificate,
-        'host': data["hostname"],
-    }
-)
-# Check if traefik configuration has been successfull
-agent.assert_exp(response['exit_code'] == 0)
-
-
 public_url = 'https://' + data["hostname"] + '/webtop'
 dav_url = 'https://' + data["hostname"] + '/webtop-dav/server.php'
 

imageroot/actions/create-module/10env

@@ -9,7 +9,6 @@ import agent
 
 agent.set_env('WEBTOP_TIMEZONE', '-')
 agent.set_env('WEBTOP_LOCALE', 'en_US')
-agent.set_env('WEBTOP_REQUEST_HTTPS_CERTIFICATE', 'False')
 agent.set_env('WEBDAV_DEBUG', 'False')
 agent.set_env('WEBDAV_LOG_LEVEL', 'ERROR')
 agent.set_env('Z_PUSH_LOG_LEVEL', 'ERROR')

imageroot/actions/destroy-module/20destroy

@@ -1,32 +1 @@
-#!/usr/bin/env python3
-
-#
-# Copyright (C) 2022 Nethesis S.r.l.
-# SPDX-License-Identifier: GPL-3.0-or-later
-#
-
-# Remove traefik route
-
-import os
-import sys
-import json
-import agent
-import agent.tasks
-
-# Try to parse the stdin as JSON.
-# If parsing fails, output everything to stderr
-data = json.load(sys.stdin)
-
-# Find default traefik instance for current node
-default_traefik_id = agent.resolve_agent_id('traefik@node')
-if default_traefik_id is None:
-    sys.exit(2)
-
-# Remove traefik route
-response = agent.tasks.run(
-    agent_id=default_traefik_id,
-    action='delete-route',
-    data={
-        'instance': os.environ['MODULE_ID']
-    },
-)
+# Placeholder, see bug NethServer/dev#7058

imageroot/actions/get-configuration/20readconfig

@@ -8,10 +8,11 @@
 import json
 import os
 import sys
+import agent
 
 config={
         "hostname": os.getenv("WEBTOP_HOSTNAME", ""),
-        "request_https_certificate": os.environ["WEBTOP_REQUEST_HTTPS_CERTIFICATE"].lower() in ('true', '1', 't'),
+        "request_https_certificate": agent.get_route(os.environ['MODULE_ID']).get('lets_encrypt', False),
         "locale": os.environ["WEBTOP_LOCALE"],
         "timezone": os.environ["WEBTOP_TIMEZONE"],
         "mail_module": os.getenv("MAIL_MODULE", ""),

ui/public/i18n/en/translation.json

@@ -86,6 +86,7 @@
     "action": {
         "get-status": "Get status",
         "get-configuration": "Get configuration",
+        "get-defaults": "Get defaults",
         "configure-module": "Configure module",
         "get-module-info": "Get module info",
         "get-name": "Get name",