Malin/WPIQ
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #560 from WordOps/updating-configuration

Browse Source 
Deploy ssl.conf from mustache template
This commit is contained in:
VirtuBox
2023-08-13 10:56:03 +02:00
committed by GitHub
parent ae20b5250c 88e1bb1974
commit 50b3f6d21f
2 changed files with 19 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
wo/cli/templates/ssl.mustache Normal file
View File

@@ -0,0 +1,6 @@
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate {{ssl_live_path}}/{{domain}}/fullchain.pem;
ssl_certificate_key {{ssl_live_path}}/{{domain}}/key.pem;
ssl_trusted_certificate {{ssl_live_path}}/{{domain}}/ca.pem;
ssl_stapling_verify on;

34
wo/core/acme.py
View File

@@ -8,6 +8,7 @@ from wo.core.git import WOGit
from wo.core.logging import Log from wo.core.logging import Log
from wo.core.shellexec import WOShellExec, CommandExecutionError from wo.core.shellexec import WOShellExec, CommandExecutionError
from wo.core.variables import WOVar from wo.core.variables import WOVar
from wo.core.template import WOTemplate
class WOAcme: class WOAcme:
@@ -140,30 +141,21 @@ class WOAcme:
if os.path.isdir('/var/www/{0}/conf/nginx' if os.path.isdir('/var/www/{0}/conf/nginx'
.format(wo_domain_name)): .format(wo_domain_name)):
sslconf = open("/var/www/{0}/conf/nginx/ssl.conf" data = dict(ssl_live_path=WOVar.wo_ssl_live,
.format(wo_domain_name), domain=wo_domain_name)
encoding='utf-8', mode='w') WOTemplate.deploy(self,
sslconf.write( '/var/www/{0}/conf/nginx/ssl.conf'
"listen 443 ssl http2;\n" .format(wo_domain_name),
"listen [::]:443 ssl http2;\n" 'ssl.mustache', data, overwrite=False)
"ssl_certificate {0}/{1}/fullchain.pem;\n"
"ssl_certificate_key {0}/{1}/key.pem;\n"
"ssl_trusted_certificate {0}/{1}/ca.pem;\n"
"ssl_stapling_verify on;\n"
.format(WOVar.wo_ssl_live, wo_domain_name))
sslconf.close()
if not WOFileUtils.grep(self, '/var/www/22222/conf/nginx/ssl.conf', if not WOFileUtils.grep(self, '/var/www/22222/conf/nginx/ssl.conf',
'/etc/letsencrypt'): '/etc/letsencrypt'):
Log.info(self, "Securing WordOps backend with current cert") Log.info(self, "Securing WordOps backend with current cert")
sslconf = open("/var/www/22222/conf/nginx/ssl.conf", data = dict(ssl_live_path=WOVar.wo_ssl_live,
encoding='utf-8', mode='w') domain=wo_domain_name)
sslconf.write("ssl_certificate {0}/{1}/fullchain.pem;\n" WOTemplate.deploy(self,
"ssl_certificate_key {0}/{1}/key.pem;\n" '/var/www/22222/conf/nginx/ssl.conf',
"ssl_trusted_certificate {0}/{1}/ca.pem;\n" 'ssl.mustache', data, overwrite=False)
"ssl_stapling_verify on;\n"
.format(WOVar.wo_ssl_live, wo_domain_name))
sslconf.close()
WOGit.add(self, ["/etc/letsencrypt"], WOGit.add(self, ["/etc/letsencrypt"],
msg="Adding letsencrypt folder") msg="Adding letsencrypt folder")
@@ -193,7 +185,7 @@ class WOAcme:
for domain in acme_domains: for domain in acme_domains:
domain_ip = requests.get('http://v4.wordops.eu/dns/{0}/' domain_ip = requests.get('http://v4.wordops.eu/dns/{0}/'
.format(domain)).text .format(domain)).text
if(not domain_ip == server_ip): if (not domain_ip == server_ip):
Log.warn( Log.warn(
self, "{0}".format(domain) + self, "{0}".format(domain) +
" point to the IP {0}".format(domain_ip) + " point to the IP {0}".format(domain_ip) +