Welcome to Centmin Mod Community
Register Now

Beta Branch update Cloudflare Authenticated Origin Pull cert in 123.09beta01

Discussion in 'Centmin Mod Github Commits' started by eva2000, Dec 19, 2019.

  1. eva2000

    eva2000 Administrator Staff Member

    53,488
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,672
    Local Time:
    11:24 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    update Cloudflare Authenticated Origin Pull cert in 123.09beta01

    - add tools/cf-authenticated-origin-cert-update.sh to update all nginx vhosts' Cloudflare Authenticated Origin Pulls certificates located in /usr/local/nginx/conf/ssl/cloudflare
    - add tools/cf-authenticated-origin-cert-update.sh cronjob to do update check every week on Friday run cmupdate, then run centmin.sh once to automatically add cronjob
    - you can also manually run the update via command
    Code (Text):
    /usr/local/src/centminmod/tools/cf-authenticated-origin-cert-update.sh update
    which will also automatically add cronjob if it isn't detected
    - update cf auth origin cert link update in nginx vhost creation routines

    Continue reading...


    123.09beta01 branch
     
  2. eva2000

    eva2000 Administrator Staff Member

    53,488
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,672
    Local Time:
    11:24 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    related to @EckyBrazzz https://community.centminmod.com/threads/cloudflare-authenticated-origin-pulls-feature.18880/

    example
    Code (Text):
    /usr/local/src/centminmod/tools/cf-authenticated-origin-cert-update.sh update
    ------------------------------
    domain.com cloudflare authenticated origin cert expires in 23 days on 12 Jan 2020
    updating domain.com cloudflare authenticated origin cert
    at /usr/local/nginx/conf/ssl/cloudflare/domain.com/origin.crt
    succesfully updated /usr/local/nginx/conf/ssl/cloudflare/domain.com/origin.crt
    domain.com cloudflare authenticated origin cert now expires in 3604 days on 1 Nov 2029
    
     
  3. pamamolf

    pamamolf Premium Member Premium Member

    4,068
    427
    83
    May 31, 2014
    Ratings:
    +832
    Local Time:
    4:24 AM
    Nginx-1.25.x
    MariaDB 10.3.x
    Is that because the server may not use the Authenticated origin pull cert?

    Should just ignore it?

    What is this such folder?
     
  4. eva2000

    eva2000 Administrator Staff Member

    53,488
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,672
    Local Time:
    11:24 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    ah need to add a check for this LOL

    Code (Text):
    /usr/local/src/centminmod/tools/cf-authenticated-origin-cert-update.sh update
    no Cloudflare Authenticated Origin Pull Certs to update
    at /usr/local/nginx/conf/ssl/cloudflare
    
     
  5. pamamolf

    pamamolf Premium Member Premium Member

    4,068
    427
    83
    May 31, 2014
    Ratings:
    +832
    Local Time:
    4:24 AM
    Nginx-1.25.x
    MariaDB 10.3.x
    I got it also on a server with domains inside :(

    ?
     
  6. eva2000

    eva2000 Administrator Staff Member

    53,488
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,672
    Local Time:
    11:24 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    what's output for this command
    Code (Text):
    cf_auth_origin_cert_dir='/usr/local/nginx/conf/ssl/cloudflare'
    find ${cf_auth_origin_cert_dir} -type f -name 'origin.crt' -exec dirname {} \; 2>&1 | sed -e "s|${cf_auth_origin_cert_dir}/||g"
    
     
  7. pamamolf

    pamamolf Premium Member Premium Member

    4,068
    427
    83
    May 31, 2014
    Ratings:
    +832
    Local Time:
    4:24 AM
    Nginx-1.25.x
    MariaDB 10.3.x
    Output:
     
  8. eva2000

    eva2000 Administrator Staff Member

    53,488
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,672
    Local Time:
    11:24 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    ah found the bug fixed now so cmupdate to update your code :)
     
  9. pamamolf

    pamamolf Premium Member Premium Member

    4,068
    427
    83
    May 31, 2014
    Ratings:
    +832
    Local Time:
    4:24 AM
    Nginx-1.25.x
    MariaDB 10.3.x
    Yes it is ok now :)

    Thanks
     
  10. pamamolf

    pamamolf Premium Member Premium Member

    4,068
    427
    83
    May 31, 2014
    Ratings:
    +832
    Local Time:
    4:24 AM
    Nginx-1.25.x
    MariaDB 10.3.x
    Does Nginx needs a restart after that?
     
  11. eva2000

    eva2000 Administrator Staff Member

    53,488
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,672
    Local Time:
    11:24 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    the updater tool does a graceful nginx reload automatically :)

    it also only updates if the CF Authenticated Origin Pull certs are less than 180 days from expiry date. So you're definitely going to have an nginx restart within that 180 day period for whatever reason anyway :)
     
  12. negative

    negative Active Member

    415
    50
    28
    Apr 11, 2015
    Ratings:
    +98
    Local Time:
    4:24 AM
    1.9.10
    10.1.11
    I'm not using the SSL on server side but using cloudflare dedicated ssl certificate and flexible mod. So pages looks like from SSL and URL's are https.

    at this point, should i enable the "Authenticated Origin Pull" feature on cloudflare?

    Thanks
     
  13. eva2000

    eva2000 Administrator Staff Member

    53,488
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,672
    Local Time:
    11:24 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+