Malin/WPIQ
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

updating letsencrypt stack

Browse Source
This commit is contained in:
VirtuBox
2019-03-08 00:31:23 +01:00
parent cec1185ac8
commit 56e0f6b61d
2 changed files with 271 additions and 197 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
wo/cli/plugins/site.py
View File

@@ -335,6 +335,8 @@ class WOSiteCreateController(CementBaseController):
dict(help="create HHVM site", action='store_true')), dict(help="create HHVM site", action='store_true')),
(['-le', '--letsencrypt'], (['-le', '--letsencrypt'],
dict(help="configure letsencrypt ssl for the site", action='store_true')), dict(help="configure letsencrypt ssl for the site", action='store_true')),
(['--subdomain'],
dict(help="specify the site is a subdomain for letsencrypt", action='store_true')),
(['--user'], (['--user'],
dict(help="provide user for wordpress site")), dict(help="provide user for wordpress site")),
(['--email'], (['--email'],
@@ -711,34 +713,16 @@ class WOSiteCreateController(CementBaseController):
Log.error(self, "Check the log for details: " Log.error(self, "Check the log for details: "
"`tail /var/log/wo/wordops.log` and please try again") "`tail /var/log/wo/wordops.log` and please try again")
if self.app.pargs.letsencrypt: if self.app.pargs.letsencrypt and (not self.app.pargs.subdomain):
if (self.app.pargs.experimental):
if stype in ['wpsubdomain']: if stype in ['wpsubdomain']:
Log.warn( Log.warn(
self, "Wildcard domains are not supported in Lets Encrypt.\nWP SUBDOMAIN site will get SSL for primary site only.") self, "Wildcard domains are not supported in Lets Encrypt.\nWP SUBDOMAIN site will get SSL for primary site only.")
Log.info(self, "Letsencrypt is currently in beta phase."
" \nDo you wish"
" to enable SSl now for {0}?".format(wo_domain))
# Check prompt
check_prompt = input("Type \"y\" to continue [n]:")
if check_prompt != "Y" and check_prompt != "y":
data['letsencrypt'] = False
letsencrypt = False
else:
data['letsencrypt'] = True
letsencrypt = True
else:
data['letsencrypt'] = True data['letsencrypt'] = True
letsencrypt = True letsencrypt = True
if data['letsencrypt'] is True: if data['letsencrypt'] is True:
setupLetsEncrypt(self, wo_domain) setupLetsEncrypt(self, wo_domain)
httpsRedirect(self, wo_domain) httpsRedirect(self, wo_domain)
Log.info(self, "Creating Cron Job for cert auto-renewal")
WOCron.setcron_weekly(self, 'wo site update --le=renew --all 2> /dev/null'.format(wo_domain), 'Renew all'
' letsencrypt SSL cert. Set by WordOps')
if not WOService.reload_service(self, 'nginx'): if not WOService.reload_service(self, 'nginx'):
Log.error(self, "service nginx reload failed. " Log.error(self, "service nginx reload failed. "
@@ -747,12 +731,30 @@ class WOSiteCreateController(CementBaseController):
Log.info(self, "Congratulations! Successfully Configured SSl for Site " Log.info(self, "Congratulations! Successfully Configured SSl for Site "
" https://{0}".format(wo_domain)) " https://{0}".format(wo_domain))
if (SSL.getExpirationDays(self, wo_domain) > 0): # Add nginx conf folder into GIT
Log.info(self, "Your cert will expire within " + WOGit.add(self, ["{0}/conf/nginx".format(wo_site_webroot)],
str(SSL.getExpirationDays(self, wo_domain)) + " days.") msg="Adding letsencrypts config of site: {0}"
else: .format(wo_domain))
Log.warn( updateSiteInfo(self, wo_domain, ssl=letsencrypt)
self, "Your cert already EXPIRED ! .PLEASE renew soon . ")
elif data['letsencrypt'] is False:
Log.info(self, "Not using Let\'s encrypt for Site "
" http://{0}".format(wo_domain))
if self.app.pargs.letsencrypt and self.app.pargs.subdomain:
data['letsencrypt'] = True
letsencrypt = True
if data['letsencrypt'] is True:
setupLetsEncryptSubdomain(self, wo_domain)
httpsRedirect(self, wo_domain)
if not WOService.reload_service(self, 'nginx'):
Log.error(self, "service nginx reload failed. "
"check issues with `nginx -t` command")
Log.info(self, "Congratulations! Successfully Configured SSl for Site "
" https://{0}".format(wo_domain))
# Add nginx conf folder into GIT # Add nginx conf folder into GIT
WOGit.add(self, ["{0}/conf/nginx".format(wo_site_webroot)], WOGit.add(self, ["{0}/conf/nginx".format(wo_site_webroot)],

180
wo/cli/plugins/site_functions.py
View File

@@ -24,6 +24,7 @@ import platform
class SiteError(Exception): class SiteError(Exception):
"""Custom Exception Occured when setting up site""" """Custom Exception Occured when setting up site"""
def __init__(self, message): def __init__(self, message):
self.message = message self.message = message
@@ -263,7 +264,8 @@ def setupwordpress(self, data):
" download"): " download"):
pass pass
else: else:
Log.info(self, "[" + Log.ENDC + Log.FAIL + "Fail" + Log.OKBLUE + "]") Log.info(self, "[" + Log.ENDC + Log.FAIL +
"Fail" + Log.OKBLUE + "]")
raise SiteError("download WordPress core failed") raise SiteError("download WordPress core failed")
except CommandExecutionError as e: except CommandExecutionError as e:
Log.info(self, "[" + Log.ENDC + Log.FAIL + "Fail" + Log.OKBLUE + "]") Log.info(self, "[" + Log.ENDC + Log.FAIL + "Fail" + Log.OKBLUE + "]")
@@ -373,8 +375,10 @@ def setupwordpress(self, data):
try: try:
import shutil import shutil
Log.debug(self, "Moving file from {0} to {1}".format(os.getcwd()+'/wp-config.php', os.path.abspath(os.path.join(os.getcwd(), os.pardir)))) Log.debug(self, "Moving file from {0} to {1}".format(os.getcwd(
shutil.move(os.getcwd()+'/wp-config.php', os.path.abspath(os.path.join(os.getcwd(), os.pardir))) )+'/wp-config.php', os.path.abspath(os.path.join(os.getcwd(), os.pardir))))
shutil.move(os.getcwd()+'/wp-config.php',
os.path.abspath(os.path.join(os.getcwd(), os.pardir)))
except Exception as e: except Exception as e:
Log.error(self, 'Unable to move file from {0} to {1}' Log.error(self, 'Unable to move file from {0} to {1}'
.format(os.getcwd()+'/wp-config.php', os.path.abspath(os.path.join(os.getcwd(), os.pardir))), False) .format(os.getcwd()+'/wp-config.php', os.path.abspath(os.path.join(os.getcwd(), os.pardir))), False)
@@ -435,7 +439,8 @@ def setupwordpress(self, data):
log=False): log=False):
pass pass
else: else:
raise SiteError("setup WordPress tables failed for single site") raise SiteError(
"setup WordPress tables failed for single site")
except CommandExecutionError as e: except CommandExecutionError as e:
raise SiteError("setup WordPress tables failed for single site") raise SiteError("setup WordPress tables failed for single site")
else: else:
@@ -466,7 +471,8 @@ def setupwordpress(self, data):
log=False): log=False):
pass pass
else: else:
raise SiteError("setup WordPress tables failed for wp multi site") raise SiteError(
"setup WordPress tables failed for wp multi site")
except CommandExecutionError as e: except CommandExecutionError as e:
raise SiteError("setup WordPress tables failed for wp multi site") raise SiteError("setup WordPress tables failed for wp multi site")
@@ -483,10 +489,12 @@ def setupwordpress(self, data):
installwp_plugin(self, 'nginx-helper', data) installwp_plugin(self, 'nginx-helper', data)
if data['wpfc']: if data['wpfc']:
plugin_data = '{"log_level":"INFO","log_filesize":5,"enable_purge":1,"enable_map":0,"enable_log":0,"enable_stamp":0,"purge_homepage_on_new":1,"purge_homepage_on_edit":1,"purge_homepage_on_del":1,"purge_archive_on_new":1,"purge_archive_on_edit":0,"purge_archive_on_del":0,"purge_archive_on_new_comment":0,"purge_archive_on_deleted_comment":0,"purge_page_on_mod":1,"purge_page_on_new_comment":1,"purge_page_on_deleted_comment":1,"cache_method":"enable_fastcgi","purge_method":"get_request","redis_hostname":"127.0.0.1","redis_port":"6379","redis_prefix":"nginx-cache:"}' plugin_data = '{"log_level":"INFO","log_filesize":5,"enable_purge":1,"enable_map":0,"enable_log":0,"enable_stamp":0,"purge_homepage_on_new":1,"purge_homepage_on_edit":1,"purge_homepage_on_del":1,"purge_archive_on_new":1,"purge_archive_on_edit":0,"purge_archive_on_del":0,"purge_archive_on_new_comment":0,"purge_archive_on_deleted_comment":0,"purge_page_on_mod":1,"purge_page_on_new_comment":1,"purge_page_on_deleted_comment":1,"cache_method":"enable_fastcgi","purge_method":"get_request","redis_hostname":"127.0.0.1","redis_port":"6379","redis_prefix":"nginx-cache:"}'
setupwp_plugin(self, 'nginx-helper', 'rt_wp_nginx_helper_options', plugin_data, data) setupwp_plugin(self, 'nginx-helper',
'rt_wp_nginx_helper_options', plugin_data, data)
elif data['wpredis']: elif data['wpredis']:
plugin_data = '{"log_level":"INFO","log_filesize":5,"enable_purge":1,"enable_map":0,"enable_log":0,"enable_stamp":0,"purge_homepage_on_new":1,"purge_homepage_on_edit":1,"purge_homepage_on_del":1,"purge_archive_on_new":1,"purge_archive_on_edit":0,"purge_archive_on_del":0,"purge_archive_on_new_comment":0,"purge_archive_on_deleted_comment":0,"purge_page_on_mod":1,"purge_page_on_new_comment":1,"purge_page_on_deleted_comment":1,"cache_method":"enable_redis","purge_method":"get_request","redis_hostname":"127.0.0.1","redis_port":"6379","redis_prefix":"nginx-cache:"}' plugin_data = '{"log_level":"INFO","log_filesize":5,"enable_purge":1,"enable_map":0,"enable_log":0,"enable_stamp":0,"purge_homepage_on_new":1,"purge_homepage_on_edit":1,"purge_homepage_on_del":1,"purge_archive_on_new":1,"purge_archive_on_edit":0,"purge_archive_on_del":0,"purge_archive_on_new_comment":0,"purge_archive_on_deleted_comment":0,"purge_page_on_mod":1,"purge_page_on_new_comment":1,"purge_page_on_deleted_comment":1,"cache_method":"enable_redis","purge_method":"get_request","redis_hostname":"127.0.0.1","redis_port":"6379","redis_prefix":"nginx-cache:"}'
setupwp_plugin(self, 'nginx-helper', 'rt_wp_nginx_helper_options', plugin_data, data) setupwp_plugin(self, 'nginx-helper',
'rt_wp_nginx_helper_options', plugin_data, data)
"""Install Wp Super Cache""" """Install Wp Super Cache"""
if data['wpsc']: if data['wpsc']:
@@ -514,7 +522,8 @@ def setupwordpressnetwork(self, data):
if not data['wpsubdir'] else '')): if not data['wpsubdir'] else '')):
pass pass
else: else:
Log.info(self, "[" + Log.ENDC + Log.FAIL + "Fail" + Log.OKBLUE + "]") Log.info(self, "[" + Log.ENDC + Log.FAIL +
"Fail" + Log.OKBLUE + "]")
raise SiteError("setup WordPress network failed") raise SiteError("setup WordPress network failed")
except CommandExecutionError as e: except CommandExecutionError as e:
@@ -620,7 +629,8 @@ def sitebackup(self, data):
if data['currsitetype'] in ['html', 'php', 'proxy', 'mysql']: if data['currsitetype'] in ['html', 'php', 'proxy', 'mysql']:
if data['php73'] is True and not data['wp']: if data['php73'] is True and not data['wp']:
Log.info(self, "Backing up Webroot \t\t", end='') Log.info(self, "Backing up Webroot \t\t", end='')
WOFileUtils.copyfiles(self, wo_site_webroot + '/htdocs', backup_path + '/htdocs') WOFileUtils.copyfiles(self, wo_site_webroot +
'/htdocs', backup_path + '/htdocs')
Log.info(self, "[" + Log.ENDC + "Done" + Log.OKBLUE + "]") Log.info(self, "[" + Log.ENDC + "Done" + Log.OKBLUE + "]")
else: else:
Log.info(self, "Backing up Webroot \t\t", end='') Log.info(self, "Backing up Webroot \t\t", end='')
@@ -704,7 +714,8 @@ def site_package_check(self, stype):
'\t$request_filename;\n') '\t$request_filename;\n')
if self.app.pargs.php and self.app.pargs.php73: if self.app.pargs.php and self.app.pargs.php73:
Log.error(self, "Error: two different PHP versions cannot be combined within the same WordOps site") Log.error(
self, "Error: two different PHP versions cannot be combined within the same WordOps site")
if not self.app.pargs.php73 and stype in ['php', 'mysql', 'wp', 'wpsubdir', 'wpsubdomain']: if not self.app.pargs.php73 and stype in ['php', 'mysql', 'wp', 'wpsubdir', 'wpsubdomain']:
if (WOVariables.wo_platform_codename == 'trusty' or WOVariables.wo_platform_codename == 'xenial' or WOVariables.wo_platform_codename == 'bionic'): if (WOVariables.wo_platform_codename == 'trusty' or WOVariables.wo_platform_codename == 'xenial' or WOVariables.wo_platform_codename == 'bionic'):
@@ -720,7 +731,7 @@ def site_package_check(self, stype):
if (WOVariables.wo_platform_codename == 'trusty' or WOVariables.wo_platform_codename == 'xenial' or WOVariables.wo_platform_codename == 'bionic'): if (WOVariables.wo_platform_codename == 'trusty' or WOVariables.wo_platform_codename == 'xenial' or WOVariables.wo_platform_codename == 'bionic'):
Log.debug(self, "Setting apt_packages variable for PHP 7.3") Log.debug(self, "Setting apt_packages variable for PHP 7.3")
if not WOAptGet.is_installed(self, 'php7.3-fpm'): if not WOAptGet.is_installed(self, 'php7.3-fpm'):
apt_packages = apt_packages + WOVariables.wo_php73 + WOVariables.wo_php_extra apt_packages = apt_packages + WOVariables.wo_php73
else: else:
Log.debug(self, "Setting apt_packages variable for PHP 7.3") Log.debug(self, "Setting apt_packages variable for PHP 7.3")
if not WOAptGet.is_installed(self, 'php7.3-fpm'): if not WOAptGet.is_installed(self, 'php7.3-fpm'):
@@ -835,7 +846,7 @@ def site_package_check(self, stype):
if (WOVariables.wo_platform_codename == 'trusty' or WOVariables.wo_platform_codename == 'xenial' or WOVariables.wo_platform_codename == 'bionic'): if (WOVariables.wo_platform_codename == 'trusty' or WOVariables.wo_platform_codename == 'xenial' or WOVariables.wo_platform_codename == 'bionic'):
Log.debug(self, "Setting apt_packages variable for PHP 7.3") Log.debug(self, "Setting apt_packages variable for PHP 7.3")
if not WOAptGet.is_installed(self, 'php7.3-fpm'): if not WOAptGet.is_installed(self, 'php7.3-fpm'):
apt_packages = apt_packages + WOVariables.wo_php73 + WOVariables.wo_php_extra apt_packages = apt_packages + WOVariables.wo_php73
else: else:
Log.debug(self, "Setting apt_packages variable for PHP 7.3") Log.debug(self, "Setting apt_packages variable for PHP 7.3")
if not WOAptGet.is_installed(self, 'php7.3-fpm'): if not WOAptGet.is_installed(self, 'php7.3-fpm'):
@@ -999,6 +1010,7 @@ def display_cache_settings(self, data):
"page=redis-cache".format(data['site_name'])) "page=redis-cache".format(data['site_name']))
Log.info(self, "Object Cache:\t\tEnable") Log.info(self, "Object Cache:\t\tEnable")
def logwatch(self, logfiles): def logwatch(self, logfiles):
import zlib import zlib
import base64 import base64
@@ -1035,81 +1047,82 @@ def detSitePar(opts):
cachelist = list() cachelist = list()
for key, val in opts.items(): for key, val in opts.items():
if val and key in ['html', 'php', 'mysql', 'wp', if val and key in ['html', 'php', 'mysql', 'wp',
'wpsubdir', 'wpsubdomain','php73']: 'wpsubdir', 'wpsubdomain', 'php73']:
typelist.append(key) typelist.append(key)
elif val and key in ['wpfc', 'wpsc', 'wpredis']: elif val and key in ['wpfc', 'wpsc', 'wpredis']:
cachelist.append(key) cachelist.append(key)
if len(typelist) > 1 or len(cachelist) > 1: if len(typelist) > 1 or len(cachelist) > 1:
if len(cachelist) > 1: if len(cachelist) > 1:
raise RuntimeError("Could not determine cache type.Multiple cache parameter entered") raise RuntimeError(
elif False not in [x in ('php','mysql','html') for x in typelist]: "Could not determine cache type.Multiple cache parameter entered")
elif False not in [x in ('php', 'mysql', 'html') for x in typelist]:
sitetype = 'mysql' sitetype = 'mysql'
if not cachelist: if not cachelist:
cachetype = 'basic' cachetype = 'basic'
else: else:
cachetype = cachelist[0] cachetype = cachelist[0]
elif False not in [x in ('php73','mysql','html') for x in typelist]: elif False not in [x in ('php73', 'mysql', 'html') for x in typelist]:
sitetype = 'mysql' sitetype = 'mysql'
if not cachelist: if not cachelist:
cachetype = 'basic' cachetype = 'basic'
else: else:
cachetype = cachelist[0] cachetype = cachelist[0]
elif False not in [x in ('php','mysql') for x in typelist]: elif False not in [x in ('php', 'mysql') for x in typelist]:
sitetype = 'mysql' sitetype = 'mysql'
if not cachelist: if not cachelist:
cachetype = 'basic' cachetype = 'basic'
else: else:
cachetype = cachelist[0] cachetype = cachelist[0]
elif False not in [x in ('php73','mysql') for x in typelist]: elif False not in [x in ('php73', 'mysql') for x in typelist]:
sitetype = 'mysql' sitetype = 'mysql'
if not cachelist: if not cachelist:
cachetype = 'basic' cachetype = 'basic'
else: else:
cachetype = cachelist[0] cachetype = cachelist[0]
elif False not in [x in ('html','mysql') for x in typelist]: elif False not in [x in ('html', 'mysql') for x in typelist]:
sitetype = 'mysql' sitetype = 'mysql'
if not cachelist: if not cachelist:
cachetype = 'basic' cachetype = 'basic'
else: else:
cachetype = cachelist[0] cachetype = cachelist[0]
elif False not in [x in ('php','html') for x in typelist]: elif False not in [x in ('php', 'html') for x in typelist]:
sitetype = 'php' sitetype = 'php'
if not cachelist: if not cachelist:
cachetype = 'basic' cachetype = 'basic'
else: else:
cachetype = cachelist[0] cachetype = cachelist[0]
elif False not in [x in ('php73','html') for x in typelist]: elif False not in [x in ('php73', 'html') for x in typelist]:
sitetype = 'php73' sitetype = 'php73'
if not cachelist: if not cachelist:
cachetype = 'basic' cachetype = 'basic'
else: else:
cachetype = cachelist[0] cachetype = cachelist[0]
elif False not in [x in ('wp','wpsubdir') for x in typelist]: elif False not in [x in ('wp', 'wpsubdir') for x in typelist]:
sitetype = 'wpsubdir' sitetype = 'wpsubdir'
if not cachelist: if not cachelist:
cachetype = 'basic' cachetype = 'basic'
else: else:
cachetype = cachelist[0] cachetype = cachelist[0]
elif False not in [x in ('wp','wpsubdomain') for x in typelist]: elif False not in [x in ('wp', 'wpsubdomain') for x in typelist]:
sitetype = 'wpsubdomain' sitetype = 'wpsubdomain'
if not cachelist: if not cachelist:
cachetype = 'basic' cachetype = 'basic'
else: else:
cachetype = cachelist[0] cachetype = cachelist[0]
elif False not in [x in ('wp','php73') for x in typelist]: elif False not in [x in ('wp', 'php73') for x in typelist]:
sitetype = 'wp' sitetype = 'wp'
if not cachelist: if not cachelist:
cachetype = 'basic' cachetype = 'basic'
else: else:
cachetype = cachelist[0] cachetype = cachelist[0]
elif False not in [x in ('wpsubdir','php73') for x in typelist]: elif False not in [x in ('wpsubdir', 'php73') for x in typelist]:
sitetype = 'wpsubdir' sitetype = 'wpsubdir'
if not cachelist: if not cachelist:
cachetype = 'basic' cachetype = 'basic'
else: else:
cachetype = cachelist[0] cachetype = cachelist[0]
elif False not in [x in ('wpsubdomain','php73') for x in typelist]: elif False not in [x in ('wpsubdomain', 'php73') for x in typelist]:
sitetype = 'wpsubdomain' sitetype = 'wpsubdomain'
if not cachelist: if not cachelist:
cachetype = 'basic' cachetype = 'basic'
@@ -1229,16 +1242,17 @@ def doCleanupAction(self, domain='', webroot='', dbname='', dbuser='',
raise SiteError("dbhost not provided") raise SiteError("dbhost not provided")
deleteDB(self, dbname, dbuser, dbhost) deleteDB(self, dbname, dbuser, dbhost)
def setupLetsEncrypt(self, wo_domain_name): def setupLetsEncrypt(self, wo_domain_name):
wo_wp_email = WOVariables.wo_email wo_wp_email = WOVariables.wo_email
if os.path.isfile("/etc/letsencrypt/renewal/{0}.conf".format(wo_domain_name)): if os.path.isfile("/root/.acme.sh/{0}_ecc/{0}.conf".format(wo_domain_name)):
Log.debug(self, "Let's Encrypt certificate found for the domain: {0}" Log.debug(self, "Let's Encrypt certificate found for the domain: {0}"
.format(wo_domain_name)) .format(wo_domain_name))
ssl= archivedCertificateHandle(self,wo_domain_name,wo_wp_email) ssl = archivedCertificateHandle(self, wo_domain_name, wo_wp_email)
else: else:
Log.warn(self,"Please wait while we fetch the new HTTPS certificate for your site.\nIt may take a few minutes depending on the network.") Log.warn(self, "Please wait while we fetch the new HTTPS certificate for your site.\nIt may take a few minutes depending on the network.")
ssl = WOShellExec.cmd_exec(self, "/usr/local/bin/wo-acme -s {0} --standalone " ssl = WOShellExec.cmd_exec(self, "/usr/local/bin/wo-acme -d {0} -d www.{0} --standalone"
.format(wo_domain_name)) .format(wo_domain_name))
if ssl: if ssl:
Log.info(self, "The HTTPS setup for your website is successfully completed!") Log.info(self, "The HTTPS setup for your website is successfully completed!")
@@ -1247,12 +1261,14 @@ def setupLetsEncrypt(self, wo_domain_name):
Log.info(self, "Configuring nginx HTTPS configuration") Log.info(self, "Configuring nginx HTTPS configuration")
try: try:
Log.info(self, "Adding /var/www/{0}/conf/nginx/ssl.conf".format(wo_domain_name)) Log.info(
self, "Adding /var/www/{0}/conf/nginx/ssl.conf".format(wo_domain_name))
sslconf = open("/var/www/{0}/conf/nginx/ssl.conf" sslconf = open("/var/www/{0}/conf/nginx/ssl.conf"
.format(wo_domain_name), .format(wo_domain_name),
encoding='utf-8', mode='w') encoding='utf-8', mode='w')
sslconf.write("listen 443 ssl http2;\n" sslconf.write("listen 443 ssl http2;\n"
"listen [::]:443 ssl http2;\n"
"ssl on;\n" "ssl on;\n"
"ssl_certificate /etc/letsencrypt/live/{0}/fullchain.pem;\n" "ssl_certificate /etc/letsencrypt/live/{0}/fullchain.pem;\n"
"ssl_certificate_key /etc/letsencrypt/live/{0}/key.pem;\n" "ssl_certificate_key /etc/letsencrypt/live/{0}/key.pem;\n"
@@ -1273,6 +1289,53 @@ def setupLetsEncrypt(self, wo_domain_name):
"same server on which you are running Let\'s Encrypt Client " "same server on which you are running Let\'s Encrypt Client "
"\n to allow it to verify the site automatically.") "\n to allow it to verify the site automatically.")
def setupLetsEncryptSubdomain(self, wo_domain_name):
wo_wp_email = WOVariables.wo_email
if os.path.isfile("/root/.acme.sh/{0}_ecc/{0}.conf".format(wo_domain_name)):
Log.debug(self, "Let's Encrypt certificate found for the domain: {0}"
.format(wo_domain_name))
else:
Log.warn(self, "Please wait while we fetch the new HTTPS certificate for your site.\nIt may take a few minutes depending on the network.")
ssl = WOShellExec.cmd_exec(self, "/usr/local/bin/wo-acme -s {0} --standalone"
.format(wo_domain_name))
if ssl:
Log.info(self, "The HTTPS setup for your website is successfully completed!")
Log.info(self, "Your certificate and chain have been saved in "
"/etc/letsencrypt/live/{0}/fullchain.pem".format(wo_domain_name))
Log.info(self, "Configuring nginx HTTPS configuration")
try:
Log.info(
self, "Adding /var/www/{0}/conf/nginx/ssl.conf".format(wo_domain_name))
sslconf = open("/var/www/{0}/conf/nginx/ssl.conf"
.format(wo_domain_name),
encoding='utf-8', mode='w')
sslconf.write("listen 443 ssl http2;\n"
"listen [::]:443 ssl http2;\n"
"ssl on;\n"
"ssl_certificate /etc/letsencrypt/live/{0}/fullchain.pem;\n"
"ssl_certificate_key /etc/letsencrypt/live/{0}/key.pem;\n"
.format(wo_domain_name))
sslconf.close()
# updateSiteInfo(self, wo_domain_name, ssl=True)
WOGit.add(self, ["/etc/letsencrypt"],
msg="Adding letsencrypt folder")
except IOError as e:
Log.debug(self, str(e))
Log.debug(self, "Error occured while generating "
"ssl.conf")
else:
Log.error(self, "Unable to setup, Let\'s Encrypt", False)
Log.error(self, "Please make sure that your site is pointed to \n"
"same server on which you are running Let\'s Encrypt Client "
"\n to allow it to verify the site automatically.")
def renewLetsEncrypt(self, wo_domain_name): def renewLetsEncrypt(self, wo_domain_name):
wo_wp_email = WOVariables.wo_email wo_wp_email = WOVariables.wo_email
@@ -1285,21 +1348,23 @@ def renewLetsEncrypt(self, wo_domain_name):
Log.info(self, "Renewing SSl cert for https://{0}".format(wo_domain_name)) Log.info(self, "Renewing SSl cert for https://{0}".format(wo_domain_name))
ssl = WOShellExec.cmd_exec(self, "/usr/local/bin/wo-acme -s {0} --standalone".format(wo_domain_name)) ssl = WOShellExec.cmd_exec(
self, "/usr/local/bin/wo-acme -s {0} --standalone".format(wo_domain_name))
mail_list = '' mail_list = ''
if not ssl: if not ssl:
Log.error(self,"ERROR : Let's Encrypt certificate renewal FAILED!",False) Log.error(self, "ERROR : Let's Encrypt certificate renewal FAILED!", False)
if (SSL.getExpirationDays(self,wo_domain_name)>0): if (SSL.getExpirationDays(self, wo_domain_name) > 0):
Log.error(self, "Your current certificate will expire within " + str(SSL.getExpirationDays(self,wo_domain_name)) + " days.",False) Log.error(self, "Your current certificate will expire within " +
str(SSL.getExpirationDays(self, wo_domain_name)) + " days.", False)
else: else:
Log.error(self, "Your current certificate already expired!",False) Log.error(self, "Your current certificate already expired!", False)
WOSendMail("wordops@{0}".format(wo_domain_name), wo_wp_email, "[FAIL] HTTPS cert renewal {0}".format(wo_domain_name), WOSendMail("wordops@{0}".format(wo_domain_name), wo_wp_email, "[FAIL] HTTPS cert renewal {0}".format(wo_domain_name),
"Hi,\n\nHTTPS certificate renewal for https://{0} was unsuccessful.".format(wo_domain_name) + "Hi,\n\nHTTPS certificate renewal for https://{0} was unsuccessful.".format(wo_domain_name) +
"\nPlease check the WordOps log for reason. The current expiry date is : " + "\nPlease check the WordOps log for reason. The current expiry date is : " +
str(SSL.getExpirationDate(self,wo_domain_name)) + str(SSL.getExpirationDate(self, wo_domain_name)) +
"\n\nFor support visit https://wordops.org/support .\n\nBest regards,\nYour WordOps Worker",files=mail_list, "\n\nFor support visit https://wordops.org/support .\n\nBest regards,\nYour WordOps Worker", files=mail_list,
port=25, isTls=False) port=25, isTls=False)
Log.error(self, "Check the WO log for more details " Log.error(self, "Check the WO log for more details "
"`tail /var/log/wo/wordops.log`") "`tail /var/log/wo/wordops.log`")
@@ -1309,27 +1374,31 @@ def renewLetsEncrypt(self, wo_domain_name):
WOSendMail("wordops@{0}".format(wo_domain_name), wo_wp_email, "[SUCCESS] Let's Encrypt certificate renewal {0}".format(wo_domain_name), WOSendMail("wordops@{0}".format(wo_domain_name), wo_wp_email, "[SUCCESS] Let's Encrypt certificate renewal {0}".format(wo_domain_name),
"Hi,\n\nYour Let's Encrypt certificate has been renewed for https://{0} .".format(wo_domain_name) + "Hi,\n\nYour Let's Encrypt certificate has been renewed for https://{0} .".format(wo_domain_name) +
"\nYour new certificate will expire on : " + "\nYour new certificate will expire on : " +
str(SSL.getExpirationDate(self,wo_domain_name)) + str(SSL.getExpirationDate(self, wo_domain_name)) +
"\n\nBest regards,\nYour WordOps Worker",files=mail_list, "\n\nBest regards,\nYour WordOps Worker", files=mail_list,
port=25, isTls=False) port=25, isTls=False)
#redirect= False to disable https redirection # redirect= False to disable https redirection
def httpsRedirect(self,wo_domain_name,redirect=True):
def httpsRedirect(self, wo_domain_name, redirect=True):
if redirect: if redirect:
if os.path.isfile("/etc/nginx/conf.d/force-ssl-{0}.conf.disabled".format(wo_domain_name)): if os.path.isfile("/etc/nginx/conf.d/force-ssl-{0}.conf.disabled".format(wo_domain_name)):
WOFileUtils.mvfile(self, "/etc/nginx/conf.d/force-ssl-{0}.conf.disabled".format(wo_domain_name), WOFileUtils.mvfile(self, "/etc/nginx/conf.d/force-ssl-{0}.conf.disabled".format(wo_domain_name),
"/etc/nginx/conf.d/force-ssl-{0}.conf".format(wo_domain_name)) "/etc/nginx/conf.d/force-ssl-{0}.conf".format(wo_domain_name))
else: else:
try: try:
Log.info(self, "Adding /etc/nginx/conf.d/force-ssl-{0}.conf".format(wo_domain_name)) Log.info(
self, "Adding /etc/nginx/conf.d/force-ssl-{0}.conf".format(wo_domain_name))
sslconf = open("/etc/nginx/conf.d/force-ssl-{0}.conf" sslconf = open("/etc/nginx/conf.d/force-ssl-{0}.conf"
.format(wo_domain_name), .format(wo_domain_name),
encoding='utf-8', mode='w') encoding='utf-8', mode='w')
sslconf.write("server {\n" sslconf.write("server {\n"
"\tlisten 80;\n" + "\tlisten 80;\n" +
"\tlisten [::]:80;\n" +
"\tserver_name www.{0} {0};\n".format(wo_domain_name) + "\tserver_name www.{0} {0};\n".format(wo_domain_name) +
"\treturn 301 https://{0}".format(wo_domain_name)+"$request_uri;\n}" ) "\treturn 301 https://{0}".format(wo_domain_name)+"$request_uri;\n}")
sslconf.close() sslconf.close()
# Nginx Configation into GIT # Nginx Configation into GIT
except IOError as e: except IOError as e:
@@ -1348,38 +1417,41 @@ def httpsRedirect(self,wo_domain_name,redirect=True):
Log.info(self, "Disabled HTTPS Force Redirection for Site " Log.info(self, "Disabled HTTPS Force Redirection for Site "
" http://{0}".format(wo_domain_name)) " http://{0}".format(wo_domain_name))
def archivedCertificateHandle(self,domain,wo_wp_email):
Log.warn(self,"You already have an existing certificate for the domain requested.\n" def archivedCertificateHandle(self, domain, wo_wp_email):
Log.warn(self, "You already have an existing certificate for the domain requested.\n"
"(ref: /etc/letsencrypt/renewal/{0}.conf)".format(domain) + "(ref: /etc/letsencrypt/renewal/{0}.conf)".format(domain) +
"\nPlease select an option from below?" "\nPlease select an option from below?"
"\n\t1: Reinstall existing certificate" "\n\t1: Reinstall existing certificate"
"\n\t2: Keep the existing certificate for now" "\n\t2: Keep the existing certificate for now"
"\n\t3: Renew & replace the certificate (limit ~5 per 7 days)" "\n\t3: Renew & replace the certificate (limit ~5 per 7 days)"
"") "")
check_prompt = input("\nType the appropriate number [1-3] or any other key to cancel: ") check_prompt = input(
"\nType the appropriate number [1-3] or any other key to cancel: ")
if not os.path.isfile("/etc/letsencrypt/live/{0}/cert.pem".format(domain)): if not os.path.isfile("/etc/letsencrypt/live/{0}/cert.pem".format(domain)):
Log.error(self,"/etc/letsencrypt/live/{0}/cert.pem file is missing.".format(domain)) Log.error(
self, "/etc/letsencrypt/live/{0}/cert.pem file is missing.".format(domain))
if check_prompt == "1": if check_prompt == "1":
Log.info(self,"Please wait while we reinstall the Let's Encrypt certificate for your site.\nIt may take a few minutes depending on your network.") Log.info(self, "Please wait while we reinstall the Let's Encrypt certificate for your site.\nIt may take a few minutes depending on your network.")
ssl = WOShellExec.cmd_exec(self, "./letsencrypt-auto certonly --rsa-key-size 4096 --reinstall --webroot -w /var/www/{0}/htdocs/ -d {0} -d www.{0} " ssl = WOShellExec.cmd_exec(self, "./letsencrypt-auto certonly --rsa-key-size 4096 --reinstall --webroot -w /var/www/{0}/htdocs/ -d {0} -d www.{0} "
.format(domain) .format(domain)
+ "--email {0} --text --agree-tos".format(wo_wp_email)) + "--email {0} --text --agree-tos".format(wo_wp_email))
elif check_prompt == "2" : elif check_prompt == "2":
Log.info(self,"Using Existing Certificate files") Log.info(self, "Using Existing Certificate files")
if not (os.path.isfile("/etc/letsencrypt/live/{0}/fullchain.pem".format(domain)) or if not (os.path.isfile("/etc/letsencrypt/live/{0}/fullchain.pem".format(domain)) or
os.path.isfile("/etc/letsencrypt/live/{0}/key.pem".format(domain))): os.path.isfile("/etc/letsencrypt/live/{0}/key.pem".format(domain))):
Log.error(self,"Certificate files not found. Skipping.\n" Log.error(self, "Certificate files not found. Skipping.\n"
"Please check if following file exist\n\t/etc/letsencrypt/live/{0}/fullchain.pem\n\t" "Please check if following file exist\n\t/etc/letsencrypt/live/{0}/fullchain.pem\n\t"
"/etc/letsencrypt/live/{0}/key.pem".format(domain)) "/etc/letsencrypt/live/{0}/key.pem".format(domain))
ssl = True ssl = True
elif check_prompt == "3": elif check_prompt == "3":
Log.info(self,"Please wait while we renew the Let's Encrypt certificate for your site.\nIt may take a few minutes depending on your network.") Log.info(self, "Please wait while we renew the Let's Encrypt certificate for your site.\nIt may take a few minutes depending on your network.")
ssl = WOShellExec.cmd_exec(self, "./letsencrypt-auto --renew-by-default --rsa-key-size 4096 certonly --webroot -w /var/www/{0}/htdocs/ -d {0} -d www.{0} " ssl = WOShellExec.cmd_exec(self, "./letsencrypt-auto --renew-by-default --rsa-key-size 4096 certonly --webroot -w /var/www/{0}/htdocs/ -d {0} -d www.{0} "
.format(domain) .format(domain)
+ "--email {0} --text --agree-tos".format(wo_wp_email)) + "--email {0} --text --agree-tos".format(wo_wp_email))
else: else:
Log.error(self,"Operation cancelled by user.") Log.error(self, "Operation cancelled by user.")
if os.path.isfile("{0}/conf/nginx/ssl.conf" if os.path.isfile("{0}/conf/nginx/ssl.conf"
.format(domain)): .format(domain)):