Malin/WPIQ
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

change hsts flag

Browse Source
This commit is contained in:
VirtuBox
2019-04-08 09:14:23 +02:00
parent 4a5a86798f
commit 28069ac34e
3 changed files with 17 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
wo/cli/plugins/site.py
View File

@@ -783,10 +783,8 @@ class WOSiteUpdateController(CementBaseController):
choices=('on', 'off', 'renew', 'subdomain', 'wildcard'), choices=('on', 'off', 'renew', 'subdomain', 'wildcard'),
const='on', nargs='?')), const='on', nargs='?')),
(['--hsts'], (['--hsts'],
dict(help="configure HSTS on site secured with letsencrypt", dict(help="configure HSTS on site secured with letsencrypt",
action='store' or 'store_const', action='store_true')),
choices=('on', 'off'),
const='on', nargs='?')),
(['--proxy'], (['--proxy'],
dict(help="update to proxy site", nargs='+')), dict(help="update to proxy site", nargs='+')),
(['--experimental'], (['--experimental'],
@@ -1110,8 +1108,6 @@ class WOSiteUpdateController(CementBaseController):
elif pargs.letsencrypt == 'off': elif pargs.letsencrypt == 'off':
data['letsencrypt'] = False data['letsencrypt'] = False
letsencrypt = False letsencrypt = False
data['hsts'] = False
hsts = False
if letsencrypt is check_ssl: if letsencrypt is check_ssl:
if letsencrypt is False: if letsencrypt is False:
@@ -1123,12 +1119,6 @@ class WOSiteUpdateController(CementBaseController):
pargs.letsencrypt = False pargs.letsencrypt = False
if pargs.hsts: if pargs.hsts:
if pargs.hsts == 'on':
data['hsts'] = True
hsts = True
elif pargs.hsts == 'off':
data['hsts'] = False
hsts = False
if data and (not pargs.php73): if data and (not pargs.php73):
if old_php73 is True: if old_php73 is True:
@@ -1217,16 +1207,6 @@ class WOSiteUpdateController(CementBaseController):
.format(wo_site_webroot)) .format(wo_site_webroot))
httpsRedirect(self, wo_domain) httpsRedirect(self, wo_domain)
if data['hsts'] is True:
if not os.path.isfile(("{0}/conf/nginx/hsts.conf.disabled")
.format(wo_site_webroot)):
setupHsts(self, wo_domain)
else:
WOFileUtils.mvfile(self, "{0}/conf/nginx/"
"hsts.conf.disabled"
.format(wo_site_webroot),
'{0}/conf/nginx/hsts.conf'
.format(wo_site_webroot))
if not WOService.reload_service(self, 'nginx'): if not WOService.reload_service(self, 'nginx'):
Log.error(self, "service nginx reload failed. " Log.error(self, "service nginx reload failed. "
@@ -1283,16 +1263,6 @@ class WOSiteUpdateController(CementBaseController):
.format(wo_site_webroot)) .format(wo_site_webroot))
httpsRedirect(self, wo_domain) httpsRedirect(self, wo_domain)
if data['hsts'] is True:
if not os.path.isfile(("{0}/conf/nginx/hsts.conf.disabled")
.format(wo_site_webroot)):
setupHsts(self, wo_domain)
else:
WOFileUtils.mvfile(self, "{0}/conf/nginx/"
"hsts.conf.disabled"
.format(wo_site_webroot),
'{0}/conf/nginx/hsts.conf'
.format(wo_site_webroot))
if not WOService.reload_service(self, 'nginx'): if not WOService.reload_service(self, 'nginx'):
Log.error(self, "service nginx reload failed. " Log.error(self, "service nginx reload failed. "
@@ -1346,7 +1316,7 @@ class WOSiteUpdateController(CementBaseController):
updateSiteInfo(self, wo_domain, ssl=letsencrypt) updateSiteInfo(self, wo_domain, ssl=letsencrypt)
return 0 return 0
if pargs.htsts == "on": if pargs.hsts:
if check_ssl: if check_ssl:
if not os.path.isfile(("{0}/conf/nginx/hsts.conf.disabled") if not os.path.isfile(("{0}/conf/nginx/hsts.conf.disabled")
.format(wo_site_webroot)): .format(wo_site_webroot)):
@@ -1360,23 +1330,7 @@ class WOSiteUpdateController(CementBaseController):
else: else:
Log.error(self, "HTTPS is not configured for given " Log.error(self, "HTTPS is not configured for given "
"site") "site")
return 0 return 0
if pargs.htsts == "off":
if os.path.isfile(("{0}/conf/nginx/hsts.conf")
.format(wo_site_webroot)):
WOFileUtils.mvfile(self, "{0}/conf/nginx/"
"hsts.conf"
.format(wo_site_webroot),
'{0}/conf/nginx/hsts.conf.disabled'
.format(wo_site_webroot))
if not WOService.reload_service(self, 'nginx'):
Log.error(self, "service nginx reload failed. "
"check issues with `nginx -t` command")
else:
Log.error(self, "HSTS is not configured for given "
"site")
if stype == oldsitetype and cache == oldcachetype: if stype == oldsitetype and cache == oldcachetype:

27
wo/cli/plugins/site_functions.py
View File

@@ -1410,22 +1410,19 @@ def renewLetsEncrypt(self, wo_domain_name):
def setupHsts(self, wo_domain_name): def setupHsts(self, wo_domain_name):
if os.path.isfile("/etc/letsencrypt/" Log.info(
"renewal/{0}_ecc/" self, "Adding /var/www/{0}/conf/nginx/ssl.conf"
"fullchain.cer".format(wo_domain_name)): .format(wo_domain_name))
Log.info(
self, "Adding /var/www/{0}/conf/nginx/ssl.conf"
.format(wo_domain_name))
hstsconf = open("/var/www/{0}/conf/nginx/hsts.conf" hstsconf = open("/var/www/{0}/conf/nginx/hsts.conf"
.format(wo_domain_name), .format(wo_domain_name),
encoding='utf-8', mode='w') encoding='utf-8', mode='w')
hstsconf.write("more_set_headers " hstsconf.write("more_set_headers "
"\"Strict-Transport-Security: " "\"Strict-Transport-Security: "
"max-age=31536000; " "max-age=31536000; "
"'includeSubDomains; " "'includeSubDomains; "
"preload\";") "preload\";")
hstsconf.close() hstsconf.close()
def httpsRedirect(self, wo_domain_name, redirect=True): def httpsRedirect(self, wo_domain_name, redirect=True):

3
wo/core/shellexec.py
View File

@@ -53,7 +53,6 @@ class WOShellExec():
Log.debug(self, "{0}{1}".format(e.errno, e.strerror)) Log.debug(self, "{0}{1}".format(e.errno, e.strerror))
raise CommandExecutionError raise CommandExecutionError
def cmd_exec_stdout(self, command, errormsg='', log=True): def cmd_exec_stdout(self, command, errormsg='', log=True):
"""Run shell command from Python""" """Run shell command from Python"""
try: try:
@@ -80,4 +79,4 @@ class WOShellExec():
raise CommandExecutionError raise CommandExecutionError
except Exception as e: except Exception as e:
Log.debug(self, str(e)) Log.debug(self, str(e))
raise CommandExecutionError raise CommandExecutionError