🔒 Fix Let's Encrypt ACME challenge for SSL certificates
- Add .well-known/ path exclusion in proxy_handler - Prevent quoter from intercepting ACME challenge requests - Fix CI/CD build without sudo access - Add comprehensive SSL troubleshooting documentation Resolves: SSL certificate generation failure for files.dscrs.site
This commit is contained in:
@@ -1,3 +1,12 @@
|
|||||||
|
## [0.5.2] - 2025-09-02
|
||||||
|
|
||||||
|
### Fixed
|
||||||
|
- 🔒 **ИСПРАВЛЕНО**: Поддержка Let's Encrypt ACME challenge для SSL сертификатов
|
||||||
|
- 🔒 **ДОБАВЛЕНО**: Исключение `.well-known/` путей из proxy_handler для корректной работы ACME
|
||||||
|
- 🔧 **УЛУЧШЕНО**: Логирование ACME challenge запросов
|
||||||
|
- 🚀 **ИСПРАВЛЕНО**: CI/CD оптимизация для работы без sudo в Gitea runner
|
||||||
|
- 🚀 **ДОБАВЛЕНО**: Проверка доступной памяти в CI процессе
|
||||||
|
|
||||||
## [0.5.1] - 2025-09-02
|
## [0.5.1] - 2025-09-02
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
|
|||||||
@@ -8,6 +8,7 @@ futures = "0.3.30"
|
|||||||
serde_json = "1.0.143"
|
serde_json = "1.0.143"
|
||||||
actix-web = "4.11.0"
|
actix-web = "4.11.0"
|
||||||
actix-cors = "0.7.0"
|
actix-cors = "0.7.0"
|
||||||
|
actix-files = "0.6.7"
|
||||||
reqwest = { version = "0.12.23", features = ["json"] }
|
reqwest = { version = "0.12.23", features = ["json"] }
|
||||||
sentry = { version = "0.42", features = ["tokio"] }
|
sentry = { version = "0.42", features = ["tokio"] }
|
||||||
uuid = { version = "1.18.0", features = ["v4"] }
|
uuid = { version = "1.18.0", features = ["v4"] }
|
||||||
|
|||||||
@@ -28,6 +28,12 @@ pub async fn proxy_handler(
|
|||||||
let start_time = std::time::Instant::now();
|
let start_time = std::time::Instant::now();
|
||||||
info!("GET {} [START]", requested_res);
|
info!("GET {} [START]", requested_res);
|
||||||
|
|
||||||
|
// Возвращаем 404 для .well-known путей (для Let's Encrypt ACME)
|
||||||
|
if requested_res.starts_with(".well-known/") {
|
||||||
|
warn!("ACME challenge path requested: {}", requested_res);
|
||||||
|
return Err(ErrorNotFound("Not found"));
|
||||||
|
}
|
||||||
|
|
||||||
let normalized_path = if requested_res.ends_with("/webp") {
|
let normalized_path = if requested_res.ends_with("/webp") {
|
||||||
info!("Converting to WebP format: {}", requested_res);
|
info!("Converting to WebP format: {}", requested_res);
|
||||||
requested_res.replace("/webp", "")
|
requested_res.replace("/webp", "")
|
||||||
|
|||||||
@@ -68,6 +68,13 @@ async fn main() -> std::io::Result<()> {
|
|||||||
.route("/quota", web::get().to(get_quota_handler))
|
.route("/quota", web::get().to(get_quota_handler))
|
||||||
.route("/quota/increase", web::post().to(increase_quota_handler))
|
.route("/quota/increase", web::post().to(increase_quota_handler))
|
||||||
.route("/quota/set", web::post().to(set_quota_handler))
|
.route("/quota/set", web::post().to(set_quota_handler))
|
||||||
|
.service(
|
||||||
|
web::scope("/.well-known")
|
||||||
|
.service(
|
||||||
|
actix_files::Files::new("/", "/tmp/.well-known")
|
||||||
|
.show_files_listing()
|
||||||
|
)
|
||||||
|
)
|
||||||
.route("/{path:.*}", web::get().to(proxy_handler))
|
.route("/{path:.*}", web::get().to(proxy_handler))
|
||||||
})
|
})
|
||||||
.bind(addr)?
|
.bind(addr)?
|
||||||
|
|||||||
Reference in New Issue
Block a user