From 28069ac34e8ba33ca488f514cb044a5e51376817 Mon Sep 17 00:00:00 2001 From: VirtuBox Date: Mon, 8 Apr 2019 09:14:23 +0200 Subject: [PATCH] change hsts flag --- wo/cli/plugins/site.py | 54 +++----------------------------- wo/cli/plugins/site_functions.py | 27 +++++++--------- wo/core/shellexec.py | 3 +- 3 files changed, 17 insertions(+), 67 deletions(-) diff --git a/wo/cli/plugins/site.py b/wo/cli/plugins/site.py index 8e29f6c..ffafd07 100644 --- a/wo/cli/plugins/site.py +++ b/wo/cli/plugins/site.py @@ -783,10 +783,8 @@ class WOSiteUpdateController(CementBaseController): choices=('on', 'off', 'renew', 'subdomain', 'wildcard'), const='on', nargs='?')), (['--hsts'], - dict(help="configure HSTS on site secured with letsencrypt", - action='store' or 'store_const', - choices=('on', 'off'), - const='on', nargs='?')), + dict(help="configure HSTS on site secured with letsencrypt", + action='store_true')), (['--proxy'], dict(help="update to proxy site", nargs='+')), (['--experimental'], @@ -1110,8 +1108,6 @@ class WOSiteUpdateController(CementBaseController): elif pargs.letsencrypt == 'off': data['letsencrypt'] = False letsencrypt = False - data['hsts'] = False - hsts = False if letsencrypt is check_ssl: if letsencrypt is False: @@ -1123,12 +1119,6 @@ class WOSiteUpdateController(CementBaseController): pargs.letsencrypt = False if pargs.hsts: - if pargs.hsts == 'on': - data['hsts'] = True - hsts = True - elif pargs.hsts == 'off': - data['hsts'] = False - hsts = False if data and (not pargs.php73): if old_php73 is True: @@ -1217,16 +1207,6 @@ class WOSiteUpdateController(CementBaseController): .format(wo_site_webroot)) httpsRedirect(self, wo_domain) - if data['hsts'] is True: - if not os.path.isfile(("{0}/conf/nginx/hsts.conf.disabled") - .format(wo_site_webroot)): - setupHsts(self, wo_domain) - else: - WOFileUtils.mvfile(self, "{0}/conf/nginx/" - "hsts.conf.disabled" - .format(wo_site_webroot), - '{0}/conf/nginx/hsts.conf' - .format(wo_site_webroot)) if not WOService.reload_service(self, 'nginx'): Log.error(self, "service nginx reload failed. " @@ -1283,16 +1263,6 @@ class WOSiteUpdateController(CementBaseController): .format(wo_site_webroot)) httpsRedirect(self, wo_domain) - if data['hsts'] is True: - if not os.path.isfile(("{0}/conf/nginx/hsts.conf.disabled") - .format(wo_site_webroot)): - setupHsts(self, wo_domain) - else: - WOFileUtils.mvfile(self, "{0}/conf/nginx/" - "hsts.conf.disabled" - .format(wo_site_webroot), - '{0}/conf/nginx/hsts.conf' - .format(wo_site_webroot)) if not WOService.reload_service(self, 'nginx'): Log.error(self, "service nginx reload failed. " @@ -1346,7 +1316,7 @@ class WOSiteUpdateController(CementBaseController): updateSiteInfo(self, wo_domain, ssl=letsencrypt) return 0 - if pargs.htsts == "on": + if pargs.hsts: if check_ssl: if not os.path.isfile(("{0}/conf/nginx/hsts.conf.disabled") .format(wo_site_webroot)): @@ -1360,23 +1330,7 @@ class WOSiteUpdateController(CementBaseController): else: Log.error(self, "HTTPS is not configured for given " "site") - return 0 - - if pargs.htsts == "off": - if os.path.isfile(("{0}/conf/nginx/hsts.conf") - .format(wo_site_webroot)): - WOFileUtils.mvfile(self, "{0}/conf/nginx/" - "hsts.conf" - .format(wo_site_webroot), - '{0}/conf/nginx/hsts.conf.disabled' - .format(wo_site_webroot)) - - if not WOService.reload_service(self, 'nginx'): - Log.error(self, "service nginx reload failed. " - "check issues with `nginx -t` command") - else: - Log.error(self, "HSTS is not configured for given " - "site") + return 0 if stype == oldsitetype and cache == oldcachetype: diff --git a/wo/cli/plugins/site_functions.py b/wo/cli/plugins/site_functions.py index 55c61db..56a904a 100644 --- a/wo/cli/plugins/site_functions.py +++ b/wo/cli/plugins/site_functions.py @@ -1410,22 +1410,19 @@ def renewLetsEncrypt(self, wo_domain_name): def setupHsts(self, wo_domain_name): - if os.path.isfile("/etc/letsencrypt/" - "renewal/{0}_ecc/" - "fullchain.cer".format(wo_domain_name)): - Log.info( - self, "Adding /var/www/{0}/conf/nginx/ssl.conf" - .format(wo_domain_name)) + Log.info( + self, "Adding /var/www/{0}/conf/nginx/ssl.conf" + .format(wo_domain_name)) - hstsconf = open("/var/www/{0}/conf/nginx/hsts.conf" - .format(wo_domain_name), - encoding='utf-8', mode='w') - hstsconf.write("more_set_headers " - "\"Strict-Transport-Security: " - "max-age=31536000; " - "'includeSubDomains; " - "preload\";") - hstsconf.close() + hstsconf = open("/var/www/{0}/conf/nginx/hsts.conf" + .format(wo_domain_name), + encoding='utf-8', mode='w') + hstsconf.write("more_set_headers " + "\"Strict-Transport-Security: " + "max-age=31536000; " + "'includeSubDomains; " + "preload\";") + hstsconf.close() def httpsRedirect(self, wo_domain_name, redirect=True): diff --git a/wo/core/shellexec.py b/wo/core/shellexec.py index c64d5bc..77b3dcf 100644 --- a/wo/core/shellexec.py +++ b/wo/core/shellexec.py @@ -53,7 +53,6 @@ class WOShellExec(): Log.debug(self, "{0}{1}".format(e.errno, e.strerror)) raise CommandExecutionError - def cmd_exec_stdout(self, command, errormsg='', log=True): """Run shell command from Python""" try: @@ -80,4 +79,4 @@ class WOShellExec(): raise CommandExecutionError except Exception as e: Log.debug(self, str(e)) - raise CommandExecutionError \ No newline at end of file + raise CommandExecutionError