Malin/WPIQ
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor acme.sh integration

Browse Source
This commit is contained in:
VirtuBox
2019-09-22 19:30:39 +02:00
parent c6b081868f
commit e817a4086c
4 changed files with 258 additions and 217 deletions
Download Patch File Download Diff File Expand all files Collapse all files

186
wo/cli/plugins/site.py
View File

@@ -1,9 +1,7 @@
# """WordOps site controller."""
import glob
import json
import os
import subprocess
from subprocess import Popen
from cement.core import handler, hook
from cement.core.controller import CementBaseController, expose
@@ -11,6 +9,7 @@ from cement.core.controller import CementBaseController, expose
from wo.cli.plugins.site_functions import *
from wo.cli.plugins.sitedb import (addNewSite, deleteSiteInfo, getAllsites,
getSiteInfo, updateSiteInfo)
from wo.core.acme import WOAcme
from wo.core.domainvalidate import WODomain
from wo.core.fileutils import WOFileUtils
from wo.core.git import WOGit
@@ -58,7 +57,8 @@ class WOSiteController(CementBaseController):
pargs.site_name = pargs.site_name.strip()
# validate domain name
(wo_domain, wo_www_domain) = WODomain.validatedomain(self, pargs.site_name)
(wo_domain,
wo_www_domain) = WODomain.validatedomain(self, pargs.site_name)
# check if site exists
if not check_domain_exists(self, wo_domain):
@@ -136,8 +136,10 @@ class WOSiteController(CementBaseController):
Log.debug(self, str(e))
Log.error(self, 'could not input site name')
pargs.site_name = pargs.site_name.strip()
(wo_domain, wo_www_domain) = WODomain.validatedomain(self, pargs.site_name)
(wo_domain_type, wo_root_domain) = WODomain.getdomainlevel(self, wo_domain)
(wo_domain,
wo_www_domain) = WODomain.validatedomain(self, pargs.site_name)
(wo_domain_type,
wo_root_domain) = WODomain.getdomainlevel(self, wo_domain)
wo_db_name = ''
wo_db_user = ''
wo_db_pass = ''
@@ -188,7 +190,8 @@ class WOSiteController(CementBaseController):
def log(self):
pargs = self.app.pargs
pargs.site_name = pargs.site_name.strip()
(wo_domain, wo_www_domain) = WODomain.validatedomain(self, pargs.site_name)
(wo_domain,
wo_www_domain) = WODomain.validatedomain(self, pargs.site_name)
wo_site_webroot = getSiteInfo(self, wo_domain).site_path
if not check_domain_exists(self, wo_domain):
@@ -210,7 +213,8 @@ class WOSiteController(CementBaseController):
Log.error(self, 'could not input site name')
# TODO Write code for wo site edit command here
pargs.site_name = pargs.site_name.strip()
(wo_domain, wo_www_domain) = WODomain.validatedomain(self, pargs.site_name)
(wo_domain,
wo_www_domain) = WODomain.validatedomain(self, pargs.site_name)
if not check_domain_exists(self, wo_domain):
Log.error(self, "site {0} does not exist".format(wo_domain))
@@ -241,7 +245,8 @@ class WOSiteController(CementBaseController):
Log.error(self, 'Unable to read input, please try again')
pargs.site_name = pargs.site_name.strip()
(wo_domain, wo_www_domain) = WODomain.validatedomain(self, pargs.site_name)
(wo_domain,
wo_www_domain) = WODomain.validatedomain(self, pargs.site_name)
if not check_domain_exists(self, wo_domain):
Log.error(self, "site {0} does not exist".format(wo_domain))
@@ -281,7 +286,8 @@ class WOSiteEditController(CementBaseController):
Log.error(self, 'Unable to read input, Please try again')
pargs.site_name = pargs.site_name.strip()
(wo_domain, wo_www_domain) = WODomain.validatedomain(self, pargs.site_name)
(wo_domain,
wo_www_domain) = WODomain.validatedomain(self, pargs.site_name)
if not check_domain_exists(self, wo_domain):
Log.error(self, "site {0} does not exist".format(wo_domain))
@@ -422,7 +428,8 @@ class WOSiteCreateController(CementBaseController):
Log.error(self, "Unable to input site name, Please try again!")
pargs.site_name = pargs.site_name.strip()
(wo_domain, wo_www_domain) = WODomain.validatedomain(self, pargs.site_name)
(wo_domain,
wo_www_domain) = WODomain.validatedomain(self, pargs.site_name)
if not wo_domain.strip():
Log.error(self, "Invalid domain name, "
"Provide valid domain name")
@@ -715,31 +722,52 @@ class WOSiteCreateController(CementBaseController):
"`tail /var/log/wo/wordops.log` and please try again")
if pargs.letsencrypt:
(wo_domain_type, wo_root_domain) = WODomain.getdomainlevel(self,
wo_domain)
acme_domains = []
(wo_domain_type,
wo_root_domain) = WODomain.getdomainlevel(self,
wo_domain)
data['letsencrypt'] = True
letsencrypt = True
if data['letsencrypt'] is True:
Log.debug(self, "Going to issue Let's Encrypt certificate")
acmedata = dict(acme_domains, dns=False, acme_dns='dns_cf')
if pargs.dns:
wo_acme_dns = pargs.dns
wo_dns = True
else:
wo_acme_dns = ''
wo_dns = False
Log.debug(self, "DNS validation enabled")
acmedata['dns'] = True
if not pargs.dns == 'dns_cf':
Log.debug(self, "DNS API : {0}".format(pargs.dns))
acmedata['acme_dns'] = pargs.dns
# detect subdomain and set subdomain variable
if pargs.letsencrypt == "subdomain":
wo_subdomain = True
wo_wildcard = False
Log.warn(
self, 'Flag --letsencrypt=subdomain is '
'deprecated and not required anymore.')
acme_subdomain = True
acme_wildcard = False
elif pargs.letsencrypt == "wildcard":
wo_wildcard = True
wo_subdomain = False
acme_wildcard = True
acme_subdomain = False
acmedata['dns'] = True
else:
wo_wildcard = False
wo_subdomain = False
Log.debug(self, "Domain type = {0}"
.format(wo_domain_type))
if ((wo_domain_type == 'subdomain') and
(not pargs.letsencrypt == 'wildcard')):
wo_subdomain = True
if ((wo_domain_type == 'subdomain')):
Log.debug(self, "Domain type = {0}"
.format(wo_domain_type))
acme_subdomain = True
else:
acme_subdomain = False
acme_wildcard = False
if acme_subdomain is True:
acme_domains = acme_domains + ['{0}'.format(wo_domain)]
elif acme_wildcard is True:
acme_domains = acme_domains + ['{0}'.format(wo_domain),
'*.{0}'.format(wo_domain)]
else:
acme_domains = acme_domains + ['{0}'.format(wo_domain),
'www.{0}'.format(wo_domain)]
if acme_subdomain is True:
# check if a wildcard cert for the root domain exist
Log.debug(self, "checkWildcardExist on *.{0}"
.format(wo_root_domain))
@@ -757,12 +785,15 @@ class WOSiteCreateController(CementBaseController):
else:
Log.debug(self, "Setup Cert with acme.sh for {0}"
.format(wo_domain))
setupLetsEncrypt(self, wo_domain, wo_subdomain,
wo_wildcard, wo_dns, wo_acme_dns)
Log.info(self, "Certificate type: Subdomain")
if WOAcme.setupletsencrypt(
self, acme_domains, acmedata):
WOAcme.deploycert(self, wo_domain)
else:
setupLetsEncrypt(self, wo_domain, wo_subdomain,
wo_wildcard, wo_dns, wo_acme_dns)
httpsRedirect(self, wo_domain, True, wo_wildcard)
if WOAcme.setupletsencrypt(
self, acme_domains, acmedata):
WOAcme.deploycert(self, wo_domain)
httpsRedirect(self, wo_domain, True, acme_wildcard)
if pargs.hsts:
SSL.setuphsts(self, wo_domain)
@@ -928,7 +959,8 @@ class WOSiteUpdateController(CementBaseController):
Log.error(self, 'Unable to input site name, Please try again!')
pargs.site_name = pargs.site_name.strip()
(wo_domain, wo_www_domain) = WODomain.validatedomain(self, pargs.site_name)
(wo_domain,
wo_www_domain) = WODomain.validatedomain(self, pargs.site_name)
wo_site_webroot = WOVariables.wo_webroot + wo_domain
check_site = getSiteInfo(self, wo_domain)
@@ -1126,44 +1158,47 @@ class WOSiteUpdateController(CementBaseController):
pargs.php73 = False
if pargs.letsencrypt:
(wo_domain_type, wo_root_domain) = WODomain.getdomainlevel(self,
wo_domain)
acme_domains = []
acmedata = dict(acme_domains, dns=False, acme_dns='dns_cf')
(wo_domain_type,
wo_root_domain) = WODomain.getdomainlevel(self, wo_domain)
if pargs.letsencrypt == 'on':
data['letsencrypt'] = True
letsencrypt = True
if ((wo_domain_type == 'subdomain') and
(not pargs.letsencrypt == 'wildcard')):
wo_subdomain = True
if (wo_domain_type == 'subdomain'):
acme_subdomain = True
else:
wo_subdomain = False
wo_wildcard = False
acme_subdomain = False
acme_wildcard = False
elif pargs.letsencrypt == 'subdomain':
data['letsencrypt'] = True
letsencrypt = True
wo_subdomain = True
wo_wildcard = False
acme_subdomain = True
acme_wildcard = False
elif pargs.letsencrypt == 'wildcard':
data['letsencrypt'] = True
letsencrypt = True
wo_wildcard = True
wo_subdomain = False
acme_wildcard = True
acme_subdomain = False
acmedata['dns'] = True
elif pargs.letsencrypt == 'off':
data['letsencrypt'] = False
letsencrypt = False
wo_subdomain = False
wo_wildcard = False
acme_subdomain = False
acme_wildcard = False
elif pargs.letsencrypt == 'clean':
data['letsencrypt'] = False
letsencrypt = False
wo_subdomain = False
wo_wildcard = False
acme_subdomain = False
acme_wildcard = False
elif pargs.letsencrypt == 'purge':
data['letsencrypt'] = False
letsencrypt = False
wo_subdomain = False
wo_wildcard = False
acme_subdomain = False
acme_wildcard = False
if not wo_subdomain:
if not (acme_subdomain is True):
if letsencrypt is check_ssl:
if letsencrypt is False:
Log.error(self, "SSl is not configured for given "
@@ -1268,13 +1303,12 @@ class WOSiteUpdateController(CementBaseController):
data['php73'] = False
php73 = False
if pargs.letsencrypt == "on" or pargs.php73 == "on":
if pargs.php73 == "on":
data['php73'] = True
php73 = True
else:
data['php73'] = False
php73 = False
if pargs.php73 == "on":
data['php73'] = True
php73 = True
else:
data['php73'] = False
php73 = False
if pargs.wpredis and data['currcachetype'] != 'wpredis':
data['wpredis'] = True
@@ -1345,20 +1379,31 @@ class WOSiteUpdateController(CementBaseController):
if pargs.letsencrypt:
if data['letsencrypt'] is True:
# DNS API configuration
if pargs.dns:
wo_acme_dns = pargs.dns
wo_dns = True
Log.debug(self, "DNS validation enabled")
acmedata['dns'] = True
if not pargs.dns == 'dns_cf':
Log.debug(self, "DNS API : {0}".format(pargs.dns))
acmedata['acme_dns'] = pargs.dns
# Set list of domains to secure
if acme_subdomain is True:
acme_domains = acme_domains + ['{0}'.format(wo_domain)]
elif acme_wildcard is True:
acme_domains = acme_domains + ['{0}'.format(wo_domain),
'*.{0}'.format(wo_domain)]
else:
wo_acme_dns = ''
wo_dns = False
if wo_subdomain:
acme_domains = acme_domains + ['{0}'.format(wo_domain),
'www.{0}'.format(wo_domain)]
if acme_subdomain:
# check if a wildcard cert for the root domain exist
Log.debug(self, "checkWildcardExist on *.{0}"
.format(wo_root_domain))
iswildcard = SSL.checkwildcardexist(self, wo_root_domain)
Log.debug(self, "iswildcard = {0}".format(iswildcard))
if not os.path.isfile("{0}/conf/nginx/ssl.conf.disabled"):
if wo_subdomain:
if acme_subdomain:
if iswildcard:
Log.info(self, "Using existing Wildcard SSL "
"certificate from {0} to secure {1}"
@@ -1371,11 +1416,10 @@ class WOSiteUpdateController(CementBaseController):
else:
Log.debug(self, "Setup Cert with acme.sh for {0}"
.format(wo_domain))
setupLetsEncrypt(self, wo_domain, wo_subdomain,
wo_wildcard, wo_dns, wo_acme_dns)
WOAcme.setupletsencrypt(
self, acme_domains, acmedata)
else:
setupLetsEncrypt(self, wo_domain, wo_subdomain,
wo_wildcard, wo_dns, wo_acme_dns)
WOAcme.setupletsencrypt(self, acme_domains, acmedata)
else:
WOFileUtils.mvfile(self, "{0}/conf/nginx/ssl.conf.disabled"
.format(wo_site_webroot),
@@ -1387,7 +1431,7 @@ class WOSiteUpdateController(CementBaseController):
'/etc/nginx/conf.d/force-ssl-{0}.conf'
.format(wo_domain))
httpsRedirect(self, wo_domain, True, wo_wildcard)
httpsRedirect(self, wo_domain, True, acme_wildcard)
SSL.siteurlhttps(self, wo_domain)
if not WOService.reload_service(self, 'nginx'):
@@ -1396,7 +1440,7 @@ class WOSiteUpdateController(CementBaseController):
Log.info(self, "Congratulations! Successfully "
"Configured SSL for Site "
" https://{0}".format(wo_domain))
if wo_subdomain and iswildcard:
if acme_subdomain and iswildcard:
if (SSL.getexpirationdays(self, wo_root_domain) > 0):
Log.info(
self, "Your cert will expire within " +