Malin/WPIQ
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

updating letsencrypt stack

Browse Source
This commit is contained in:
VirtuBox
2019-03-08 00:31:23 +01:00
parent cec1185ac8
commit 56e0f6b61d
2 changed files with 271 additions and 197 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
wo/cli/plugins/site.py
View File

@@ -335,6 +335,8 @@ class WOSiteCreateController(CementBaseController):
dict(help="create HHVM site", action='store_true')),
(['-le', '--letsencrypt'],
dict(help="configure letsencrypt ssl for the site", action='store_true')),
(['--subdomain'],
dict(help="specify the site is a subdomain for letsencrypt", action='store_true')),
(['--user'],
dict(help="provide user for wordpress site")),
(['--email'],
@@ -711,34 +713,16 @@ class WOSiteCreateController(CementBaseController):
Log.error(self, "Check the log for details: "
"`tail /var/log/wo/wordops.log` and please try again")
if self.app.pargs.letsencrypt:
if (self.app.pargs.experimental):
if self.app.pargs.letsencrypt and (not self.app.pargs.subdomain):
if stype in ['wpsubdomain']:
Log.warn(
self, "Wildcard domains are not supported in Lets Encrypt.\nWP SUBDOMAIN site will get SSL for primary site only.")
Log.info(self, "Letsencrypt is currently in beta phase."
" \nDo you wish"
" to enable SSl now for {0}?".format(wo_domain))
# Check prompt
check_prompt = input("Type \"y\" to continue [n]:")
if check_prompt != "Y" and check_prompt != "y":
data['letsencrypt'] = False
letsencrypt = False
else:
data['letsencrypt'] = True
letsencrypt = True
else:
data['letsencrypt'] = True
letsencrypt = True
if data['letsencrypt'] is True:
setupLetsEncrypt(self, wo_domain)
httpsRedirect(self, wo_domain)
Log.info(self, "Creating Cron Job for cert auto-renewal")
WOCron.setcron_weekly(self, 'wo site update --le=renew --all 2> /dev/null'.format(wo_domain), 'Renew all'
' letsencrypt SSL cert. Set by WordOps')
if not WOService.reload_service(self, 'nginx'):
Log.error(self, "service nginx reload failed. "
@@ -747,12 +731,30 @@ class WOSiteCreateController(CementBaseController):
Log.info(self, "Congratulations! Successfully Configured SSl for Site "
" https://{0}".format(wo_domain))
if (SSL.getExpirationDays(self, wo_domain) > 0):
Log.info(self, "Your cert will expire within " +
str(SSL.getExpirationDays(self, wo_domain)) + " days.")
else:
Log.warn(
self, "Your cert already EXPIRED ! .PLEASE renew soon . ")
# Add nginx conf folder into GIT
WOGit.add(self, ["{0}/conf/nginx".format(wo_site_webroot)],
msg="Adding letsencrypts config of site: {0}"
.format(wo_domain))
updateSiteInfo(self, wo_domain, ssl=letsencrypt)
elif data['letsencrypt'] is False:
Log.info(self, "Not using Let\'s encrypt for Site "
" http://{0}".format(wo_domain))
if self.app.pargs.letsencrypt and self.app.pargs.subdomain:
data['letsencrypt'] = True
letsencrypt = True
if data['letsencrypt'] is True:
setupLetsEncryptSubdomain(self, wo_domain)
httpsRedirect(self, wo_domain)
if not WOService.reload_service(self, 'nginx'):
Log.error(self, "service nginx reload failed. "
"check issues with `nginx -t` command")
Log.info(self, "Congratulations! Successfully Configured SSl for Site "
" https://{0}".format(wo_domain))
# Add nginx conf folder into GIT
WOGit.add(self, ["{0}/conf/nginx".format(wo_site_webroot)],

114
wo/cli/plugins/site_functions.py
View File

@@ -24,6 +24,7 @@ import platform
class SiteError(Exception):
"""Custom Exception Occured when setting up site"""
def __init__(self, message):
self.message = message
@@ -263,7 +264,8 @@ def setupwordpress(self, data):
" download"):
pass
else:
Log.info(self, "[" + Log.ENDC + Log.FAIL + "Fail" + Log.OKBLUE + "]")
Log.info(self, "[" + Log.ENDC + Log.FAIL +
"Fail" + Log.OKBLUE + "]")
raise SiteError("download WordPress core failed")
except CommandExecutionError as e:
Log.info(self, "[" + Log.ENDC + Log.FAIL + "Fail" + Log.OKBLUE + "]")
@@ -373,8 +375,10 @@ def setupwordpress(self, data):
try:
import shutil
Log.debug(self, "Moving file from {0} to {1}".format(os.getcwd()+'/wp-config.php', os.path.abspath(os.path.join(os.getcwd(), os.pardir))))
shutil.move(os.getcwd()+'/wp-config.php', os.path.abspath(os.path.join(os.getcwd(), os.pardir)))
Log.debug(self, "Moving file from {0} to {1}".format(os.getcwd(
)+'/wp-config.php', os.path.abspath(os.path.join(os.getcwd(), os.pardir))))
shutil.move(os.getcwd()+'/wp-config.php',
os.path.abspath(os.path.join(os.getcwd(), os.pardir)))
except Exception as e:
Log.error(self, 'Unable to move file from {0} to {1}'
.format(os.getcwd()+'/wp-config.php', os.path.abspath(os.path.join(os.getcwd(), os.pardir))), False)
@@ -435,7 +439,8 @@ def setupwordpress(self, data):
log=False):
pass
else:
raise SiteError("setup WordPress tables failed for single site")
raise SiteError(
"setup WordPress tables failed for single site")
except CommandExecutionError as e:
raise SiteError("setup WordPress tables failed for single site")
else:
@@ -466,7 +471,8 @@ def setupwordpress(self, data):
log=False):
pass
else:
raise SiteError("setup WordPress tables failed for wp multi site")
raise SiteError(
"setup WordPress tables failed for wp multi site")
except CommandExecutionError as e:
raise SiteError("setup WordPress tables failed for wp multi site")
@@ -483,10 +489,12 @@ def setupwordpress(self, data):
installwp_plugin(self, 'nginx-helper', data)
if data['wpfc']:
plugin_data = '{"log_level":"INFO","log_filesize":5,"enable_purge":1,"enable_map":0,"enable_log":0,"enable_stamp":0,"purge_homepage_on_new":1,"purge_homepage_on_edit":1,"purge_homepage_on_del":1,"purge_archive_on_new":1,"purge_archive_on_edit":0,"purge_archive_on_del":0,"purge_archive_on_new_comment":0,"purge_archive_on_deleted_comment":0,"purge_page_on_mod":1,"purge_page_on_new_comment":1,"purge_page_on_deleted_comment":1,"cache_method":"enable_fastcgi","purge_method":"get_request","redis_hostname":"127.0.0.1","redis_port":"6379","redis_prefix":"nginx-cache:"}'
setupwp_plugin(self, 'nginx-helper', 'rt_wp_nginx_helper_options', plugin_data, data)
setupwp_plugin(self, 'nginx-helper',
'rt_wp_nginx_helper_options', plugin_data, data)
elif data['wpredis']:
plugin_data = '{"log_level":"INFO","log_filesize":5,"enable_purge":1,"enable_map":0,"enable_log":0,"enable_stamp":0,"purge_homepage_on_new":1,"purge_homepage_on_edit":1,"purge_homepage_on_del":1,"purge_archive_on_new":1,"purge_archive_on_edit":0,"purge_archive_on_del":0,"purge_archive_on_new_comment":0,"purge_archive_on_deleted_comment":0,"purge_page_on_mod":1,"purge_page_on_new_comment":1,"purge_page_on_deleted_comment":1,"cache_method":"enable_redis","purge_method":"get_request","redis_hostname":"127.0.0.1","redis_port":"6379","redis_prefix":"nginx-cache:"}'
setupwp_plugin(self, 'nginx-helper', 'rt_wp_nginx_helper_options', plugin_data, data)
setupwp_plugin(self, 'nginx-helper',
'rt_wp_nginx_helper_options', plugin_data, data)
"""Install Wp Super Cache"""
if data['wpsc']:
@@ -514,7 +522,8 @@ def setupwordpressnetwork(self, data):
if not data['wpsubdir'] else '')):
pass
else:
Log.info(self, "[" + Log.ENDC + Log.FAIL + "Fail" + Log.OKBLUE + "]")
Log.info(self, "[" + Log.ENDC + Log.FAIL +
"Fail" + Log.OKBLUE + "]")
raise SiteError("setup WordPress network failed")
except CommandExecutionError as e:
@@ -620,7 +629,8 @@ def sitebackup(self, data):
if data['currsitetype'] in ['html', 'php', 'proxy', 'mysql']:
if data['php73'] is True and not data['wp']:
Log.info(self, "Backing up Webroot \t\t", end='')
WOFileUtils.copyfiles(self, wo_site_webroot + '/htdocs', backup_path + '/htdocs')
WOFileUtils.copyfiles(self, wo_site_webroot +
'/htdocs', backup_path + '/htdocs')
Log.info(self, "[" + Log.ENDC + "Done" + Log.OKBLUE + "]")
else:
Log.info(self, "Backing up Webroot \t\t", end='')
@@ -704,7 +714,8 @@ def site_package_check(self, stype):
'\t$request_filename;\n')
if self.app.pargs.php and self.app.pargs.php73:
Log.error(self, "Error: two different PHP versions cannot be combined within the same WordOps site")
Log.error(
self, "Error: two different PHP versions cannot be combined within the same WordOps site")
if not self.app.pargs.php73 and stype in ['php', 'mysql', 'wp', 'wpsubdir', 'wpsubdomain']:
if (WOVariables.wo_platform_codename == 'trusty' or WOVariables.wo_platform_codename == 'xenial' or WOVariables.wo_platform_codename == 'bionic'):
@@ -720,7 +731,7 @@ def site_package_check(self, stype):
if (WOVariables.wo_platform_codename == 'trusty' or WOVariables.wo_platform_codename == 'xenial' or WOVariables.wo_platform_codename == 'bionic'):
Log.debug(self, "Setting apt_packages variable for PHP 7.3")
if not WOAptGet.is_installed(self, 'php7.3-fpm'):
apt_packages = apt_packages + WOVariables.wo_php73 + WOVariables.wo_php_extra
apt_packages = apt_packages + WOVariables.wo_php73
else:
Log.debug(self, "Setting apt_packages variable for PHP 7.3")
if not WOAptGet.is_installed(self, 'php7.3-fpm'):
@@ -835,7 +846,7 @@ def site_package_check(self, stype):
if (WOVariables.wo_platform_codename == 'trusty' or WOVariables.wo_platform_codename == 'xenial' or WOVariables.wo_platform_codename == 'bionic'):
Log.debug(self, "Setting apt_packages variable for PHP 7.3")
if not WOAptGet.is_installed(self, 'php7.3-fpm'):
apt_packages = apt_packages + WOVariables.wo_php73 + WOVariables.wo_php_extra
apt_packages = apt_packages + WOVariables.wo_php73
else:
Log.debug(self, "Setting apt_packages variable for PHP 7.3")
if not WOAptGet.is_installed(self, 'php7.3-fpm'):
@@ -999,6 +1010,7 @@ def display_cache_settings(self, data):
"page=redis-cache".format(data['site_name']))
Log.info(self, "Object Cache:\t\tEnable")
def logwatch(self, logfiles):
import zlib
import base64
@@ -1042,7 +1054,8 @@ def detSitePar(opts):
if len(typelist) > 1 or len(cachelist) > 1:
if len(cachelist) > 1:
raise RuntimeError("Could not determine cache type.Multiple cache parameter entered")
raise RuntimeError(
"Could not determine cache type.Multiple cache parameter entered")
elif False not in [x in ('php', 'mysql', 'html') for x in typelist]:
sitetype = 'mysql'
if not cachelist:
@@ -1229,16 +1242,17 @@ def doCleanupAction(self, domain='', webroot='', dbname='', dbuser='',
raise SiteError("dbhost not provided")
deleteDB(self, dbname, dbuser, dbhost)
def setupLetsEncrypt(self, wo_domain_name):
wo_wp_email = WOVariables.wo_email
if os.path.isfile("/etc/letsencrypt/renewal/{0}.conf".format(wo_domain_name)):
if os.path.isfile("/root/.acme.sh/{0}_ecc/{0}.conf".format(wo_domain_name)):
Log.debug(self, "Let's Encrypt certificate found for the domain: {0}"
.format(wo_domain_name))
ssl = archivedCertificateHandle(self, wo_domain_name, wo_wp_email)
else:
Log.warn(self, "Please wait while we fetch the new HTTPS certificate for your site.\nIt may take a few minutes depending on the network.")
ssl = WOShellExec.cmd_exec(self, "/usr/local/bin/wo-acme -s {0} --standalone "
ssl = WOShellExec.cmd_exec(self, "/usr/local/bin/wo-acme -d {0} -d www.{0} --standalone"
.format(wo_domain_name))
if ssl:
Log.info(self, "The HTTPS setup for your website is successfully completed!")
@@ -1247,12 +1261,14 @@ def setupLetsEncrypt(self, wo_domain_name):
Log.info(self, "Configuring nginx HTTPS configuration")
try:
Log.info(self, "Adding /var/www/{0}/conf/nginx/ssl.conf".format(wo_domain_name))
Log.info(
self, "Adding /var/www/{0}/conf/nginx/ssl.conf".format(wo_domain_name))
sslconf = open("/var/www/{0}/conf/nginx/ssl.conf"
.format(wo_domain_name),
encoding='utf-8', mode='w')
sslconf.write("listen 443 ssl http2;\n"
"listen [::]:443 ssl http2;\n"
"ssl on;\n"
"ssl_certificate /etc/letsencrypt/live/{0}/fullchain.pem;\n"
"ssl_certificate_key /etc/letsencrypt/live/{0}/key.pem;\n"
@@ -1273,6 +1289,53 @@ def setupLetsEncrypt(self, wo_domain_name):
"same server on which you are running Let\'s Encrypt Client "
"\n to allow it to verify the site automatically.")
def setupLetsEncryptSubdomain(self, wo_domain_name):
wo_wp_email = WOVariables.wo_email
if os.path.isfile("/root/.acme.sh/{0}_ecc/{0}.conf".format(wo_domain_name)):
Log.debug(self, "Let's Encrypt certificate found for the domain: {0}"
.format(wo_domain_name))
else:
Log.warn(self, "Please wait while we fetch the new HTTPS certificate for your site.\nIt may take a few minutes depending on the network.")
ssl = WOShellExec.cmd_exec(self, "/usr/local/bin/wo-acme -s {0} --standalone"
.format(wo_domain_name))
if ssl:
Log.info(self, "The HTTPS setup for your website is successfully completed!")
Log.info(self, "Your certificate and chain have been saved in "
"/etc/letsencrypt/live/{0}/fullchain.pem".format(wo_domain_name))
Log.info(self, "Configuring nginx HTTPS configuration")
try:
Log.info(
self, "Adding /var/www/{0}/conf/nginx/ssl.conf".format(wo_domain_name))
sslconf = open("/var/www/{0}/conf/nginx/ssl.conf"
.format(wo_domain_name),
encoding='utf-8', mode='w')
sslconf.write("listen 443 ssl http2;\n"
"listen [::]:443 ssl http2;\n"
"ssl on;\n"
"ssl_certificate /etc/letsencrypt/live/{0}/fullchain.pem;\n"
"ssl_certificate_key /etc/letsencrypt/live/{0}/key.pem;\n"
.format(wo_domain_name))
sslconf.close()
# updateSiteInfo(self, wo_domain_name, ssl=True)
WOGit.add(self, ["/etc/letsencrypt"],
msg="Adding letsencrypt folder")
except IOError as e:
Log.debug(self, str(e))
Log.debug(self, "Error occured while generating "
"ssl.conf")
else:
Log.error(self, "Unable to setup, Let\'s Encrypt", False)
Log.error(self, "Please make sure that your site is pointed to \n"
"same server on which you are running Let\'s Encrypt Client "
"\n to allow it to verify the site automatically.")
def renewLetsEncrypt(self, wo_domain_name):
wo_wp_email = WOVariables.wo_email
@@ -1285,13 +1348,15 @@ def renewLetsEncrypt(self, wo_domain_name):
Log.info(self, "Renewing SSl cert for https://{0}".format(wo_domain_name))
ssl = WOShellExec.cmd_exec(self, "/usr/local/bin/wo-acme -s {0} --standalone".format(wo_domain_name))
ssl = WOShellExec.cmd_exec(
self, "/usr/local/bin/wo-acme -s {0} --standalone".format(wo_domain_name))
mail_list = ''
if not ssl:
Log.error(self, "ERROR : Let's Encrypt certificate renewal FAILED!", False)
if (SSL.getExpirationDays(self, wo_domain_name) > 0):
Log.error(self, "Your current certificate will expire within " + str(SSL.getExpirationDays(self,wo_domain_name)) + " days.",False)
Log.error(self, "Your current certificate will expire within " +
str(SSL.getExpirationDays(self, wo_domain_name)) + " days.", False)
else:
Log.error(self, "Your current certificate already expired!", False)
@@ -1314,6 +1379,8 @@ def renewLetsEncrypt(self, wo_domain_name):
port=25, isTls=False)
# redirect= False to disable https redirection
def httpsRedirect(self, wo_domain_name, redirect=True):
if redirect:
if os.path.isfile("/etc/nginx/conf.d/force-ssl-{0}.conf.disabled".format(wo_domain_name)):
@@ -1321,13 +1388,15 @@ def httpsRedirect(self,wo_domain_name,redirect=True):
"/etc/nginx/conf.d/force-ssl-{0}.conf".format(wo_domain_name))
else:
try:
Log.info(self, "Adding /etc/nginx/conf.d/force-ssl-{0}.conf".format(wo_domain_name))
Log.info(
self, "Adding /etc/nginx/conf.d/force-ssl-{0}.conf".format(wo_domain_name))
sslconf = open("/etc/nginx/conf.d/force-ssl-{0}.conf"
.format(wo_domain_name),
encoding='utf-8', mode='w')
sslconf.write("server {\n"
"\tlisten 80;\n" +
"\tlisten [::]:80;\n" +
"\tserver_name www.{0} {0};\n".format(wo_domain_name) +
"\treturn 301 https://{0}".format(wo_domain_name)+"$request_uri;\n}")
sslconf.close()
@@ -1348,6 +1417,7 @@ def httpsRedirect(self,wo_domain_name,redirect=True):
Log.info(self, "Disabled HTTPS Force Redirection for Site "
" http://{0}".format(wo_domain_name))
def archivedCertificateHandle(self, domain, wo_wp_email):
Log.warn(self, "You already have an existing certificate for the domain requested.\n"
"(ref: /etc/letsencrypt/renewal/{0}.conf)".format(domain) +
@@ -1356,9 +1426,11 @@ def archivedCertificateHandle(self,domain,wo_wp_email):
"\n\t2: Keep the existing certificate for now"
"\n\t3: Renew & replace the certificate (limit ~5 per 7 days)"
"")
check_prompt = input("\nType the appropriate number [1-3] or any other key to cancel: ")
check_prompt = input(
"\nType the appropriate number [1-3] or any other key to cancel: ")
if not os.path.isfile("/etc/letsencrypt/live/{0}/cert.pem".format(domain)):
Log.error(self,"/etc/letsencrypt/live/{0}/cert.pem file is missing.".format(domain))
Log.error(
self, "/etc/letsencrypt/live/{0}/cert.pem file is missing.".format(domain))
if check_prompt == "1":
Log.info(self, "Please wait while we reinstall the Let's Encrypt certificate for your site.\nIt may take a few minutes depending on your network.")
ssl = WOShellExec.cmd_exec(self, "./letsencrypt-auto certonly --rsa-key-size 4096 --reinstall --webroot -w /var/www/{0}/htdocs/ -d {0} -d www.{0} "