Malin/WPIQ
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Deploy ssl.conf from mustache template

Browse Source
This commit is contained in:
VirtuBox
2023-08-13 10:24:29 +02:00
parent 32db43a34d
commit 88e1bb1974
2 changed files with 19 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
wo/cli/templates/ssl.mustache Normal file
View File

@@ -0,0 +1,6 @@
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate {{ssl_live_path}}/{{domain}}/fullchain.pem;
ssl_certificate_key {{ssl_live_path}}/{{domain}}/key.pem;
ssl_trusted_certificate {{ssl_live_path}}/{{domain}}/ca.pem;
ssl_stapling_verify on;

34
wo/core/acme.py
View File

@@ -8,6 +8,7 @@ from wo.core.git import WOGit
from wo.core.logging import Log from wo.core.logging import Log
from wo.core.shellexec import WOShellExec, CommandExecutionError from wo.core.shellexec import WOShellExec, CommandExecutionError
from wo.core.variables import WOVar from wo.core.variables import WOVar
from wo.core.template import WOTemplate
class WOAcme: class WOAcme:
@@ -140,30 +141,21 @@ class WOAcme:
if os.path.isdir('/var/www/{0}/conf/nginx' if os.path.isdir('/var/www/{0}/conf/nginx'
.format(wo_domain_name)): .format(wo_domain_name)):
sslconf = open("/var/www/{0}/conf/nginx/ssl.conf" data = dict(ssl_live_path=WOVar.wo_ssl_live,
.format(wo_domain_name), domain=wo_domain_name)
encoding='utf-8', mode='w') WOTemplate.deploy(self,
sslconf.write( '/var/www/{0}/conf/nginx/ssl.conf'
"listen 443 ssl http2;\n" .format(wo_domain_name),
"listen [::]:443 ssl http2;\n" 'ssl.mustache', data, overwrite=False)
"ssl_certificate {0}/{1}/fullchain.pem;\n"
"ssl_certificate_key {0}/{1}/key.pem;\n"
"ssl_trusted_certificate {0}/{1}/ca.pem;\n"
"ssl_stapling_verify on;\n"
.format(WOVar.wo_ssl_live, wo_domain_name))
sslconf.close()
if not WOFileUtils.grep(self, '/var/www/22222/conf/nginx/ssl.conf', if not WOFileUtils.grep(self, '/var/www/22222/conf/nginx/ssl.conf',
'/etc/letsencrypt'): '/etc/letsencrypt'):
Log.info(self, "Securing WordOps backend with current cert") Log.info(self, "Securing WordOps backend with current cert")
sslconf = open("/var/www/22222/conf/nginx/ssl.conf", data = dict(ssl_live_path=WOVar.wo_ssl_live,
encoding='utf-8', mode='w') domain=wo_domain_name)
sslconf.write("ssl_certificate {0}/{1}/fullchain.pem;\n" WOTemplate.deploy(self,
"ssl_certificate_key {0}/{1}/key.pem;\n" '/var/www/22222/conf/nginx/ssl.conf',
"ssl_trusted_certificate {0}/{1}/ca.pem;\n" 'ssl.mustache', data, overwrite=False)
"ssl_stapling_verify on;\n"
.format(WOVar.wo_ssl_live, wo_domain_name))
sslconf.close()
WOGit.add(self, ["/etc/letsencrypt"], WOGit.add(self, ["/etc/letsencrypt"],
msg="Adding letsencrypt folder") msg="Adding letsencrypt folder")
@@ -193,7 +185,7 @@ class WOAcme:
for domain in acme_domains: for domain in acme_domains:
domain_ip = requests.get('http://v4.wordops.eu/dns/{0}/' domain_ip = requests.get('http://v4.wordops.eu/dns/{0}/'
.format(domain)).text .format(domain)).text
if(not domain_ip == server_ip): if (not domain_ip == server_ip):
Log.warn( Log.warn(
self, "{0}".format(domain) + self, "{0}".format(domain) +
" point to the IP {0}".format(domain_ip) + " point to the IP {0}".format(domain_ip) +