diff --git a/wo/cli/plugins/stack.py b/wo/cli/plugins/stack.py index d430ff8..537ffd5 100644 --- a/wo/cli/plugins/stack.py +++ b/wo/cli/plugins/stack.py @@ -493,13 +493,13 @@ class WOStackController(CementBaseController): WOAptGet.install(self, apt_packages) Log.valide(self, "Installing APT packages ") Log.wait(self, "Configuring APT packages ") - post_pref(self, apt_packages, empty_packages) + post_pref(self, apt_packages, []) Log.valide(self, "Configuring APT packages ") if (packages): Log.debug(self, "Downloading following: {0}".format(packages)) WODownload.download(self, packages) Log.debug(self, "Calling post_pref") - post_pref(self, empty_packages, packages) + post_pref(self, [], packages) if disp_msg: if (self.msg): diff --git a/wo/cli/plugins/stack_pref.py b/wo/cli/plugins/stack_pref.py index 2f9fed2..d921382 100644 --- a/wo/cli/plugins/stack_pref.py +++ b/wo/cli/plugins/stack_pref.py @@ -23,12 +23,13 @@ from wo.core.services import WOService from wo.core.shellexec import CommandExecutionError, WOShellExec from wo.core.template import WOTemplate from wo.core.variables import WOVariables +from wo.core.sslutils import SSL def pre_pref(self, apt_packages): """Pre settings to do before installation packages""" - if set(WOVariables.wo_mysql).issubset(set(apt_packages)): + if ("mariadb-server" in apt_packages or "mariadb-client" in apt_packages): # add mariadb repository excepted on raspbian and ubuntu 19.04 if (not WOVariables.wo_distro == 'raspbian'): Log.info(self, "Adding repository for MySQL, please wait...") @@ -43,7 +44,7 @@ def pre_pref(self, apt_packages): keyserver='keys.gnupg.net') WORepo.add_key(self, '0xF1656F24C74CD1D8', keyserver='hkp://keys.gnupg.net') - if ["mariadb-server"] in apt_packages: + if "mariadb-server" in apt_packages: # generate random 24 characters root password chars = ''.join(random.sample(string.ascii_letters, 24)) @@ -389,98 +390,61 @@ def post_pref(self, apt_packages, packages, upgrade=False): '/etc/nginx/' 'sites-enabled/' '22222']) - # Create log and cert folder and softlinks - if not os.path.exists('{0}22222/logs' - .format(ngxroot)): - Log.debug(self, "Creating directory " - "{0}22222/logs " - .format(ngxroot)) - os.makedirs('{0}22222/logs' - .format(ngxroot)) - - if not os.path.exists('{0}22222/cert' - .format(ngxroot)): - Log.debug(self, "Creating directory " - "{0}22222/cert" - .format(ngxroot)) - os.makedirs('{0}22222/cert' - .format(ngxroot)) - - if not os.path.isdir('{0}22222/conf/nginx' - .format(ngxroot)): - Log.debug(self, "Creating directory " - "{0}22222/conf/nginx" - .format(ngxroot)) - os.makedirs('{0}22222/conf/nginx' - .format(ngxroot)) - - WOFileUtils.create_symlink( - self, - ['/var/log/nginx/' - '22222.access.log', - '{0}22222/' - 'logs/access.log' - .format(ngxroot)] - ) - - WOFileUtils.create_symlink( - self, - ['/var/log/nginx/' - '22222.error.log', - '{0}22222/' - 'logs/error.log' - .format(ngxroot)] - ) - - try: - WOShellExec.cmd_exec( - self, "openssl genrsa -out " - "{0}22222/cert/22222.key 2048" - .format(ngxroot)) - WOShellExec.cmd_exec( - self, "openssl req -new -batch " - "-subj /commonName=localhost/ " - "-key {0}22222/cert/22222.key " - "-out {0}22222/cert/" - "22222.csr" + # Create log and cert folder and softlinks + if not os.path.exists('{0}22222/logs' + .format(ngxroot)): + Log.debug(self, "Creating directory " + "{0}22222/logs " + .format(ngxroot)) + os.makedirs('{0}22222/logs' .format(ngxroot)) - WOFileUtils.mvfile( - self, "{0}22222/cert/22222.key" - .format(ngxroot), - "{0}22222/cert/" - "22222.key.org" + if not os.path.exists('{0}22222/cert' + .format(ngxroot)): + Log.debug(self, "Creating directory " + "{0}22222/cert" + .format(ngxroot)) + os.makedirs('{0}22222/cert' .format(ngxroot)) - WOShellExec.cmd_exec( - self, "openssl rsa -in " - "{0}22222/cert/" - "22222.key.org -out " - "{0}22222/cert/22222.key" + if not os.path.isdir('{0}22222/conf/nginx' + .format(ngxroot)): + Log.debug(self, "Creating directory " + "{0}22222/conf/nginx" + .format(ngxroot)) + os.makedirs('{0}22222/conf/nginx' .format(ngxroot)) - WOShellExec.cmd_exec( - self, "openssl x509 -req -days " - "3652 -in {0}22222/cert/" - "22222.csr -signkey {0}" - "22222/cert/22222.key -out " - "{0}22222/cert/22222.crt" - .format(ngxroot)) + WOFileUtils.create_symlink( + self, + ['/var/log/nginx/' + '22222.access.log', + '{0}22222/' + 'logs/access.log' + .format(ngxroot)] + ) - except CommandExecutionError as e: - Log.debug(self, "{0}".format(e)) - Log.error( - self, "Failed to generate HTTPS " - "certificate for 22222", False) + WOFileUtils.create_symlink( + self, + ['/var/log/nginx/' + '22222.error.log', + '{0}22222/' + 'logs/error.log' + .format(ngxroot)] + ) + if (not os.path.isfile('{0}22222/cert/22222.key' + .format(ngxroot))): + SSL.selfsignedcert(self, 'localhost', + '', backend=True) - if not os.path.isfile('{0}22222/conf/nginx/ssl.conf' - .format(ngxroot)): - with open("/var/www/22222/conf/nginx/" - "ssl.conf", "w") as php_file: - php_file.write("ssl_certificate " - "/var/www/22222/cert/22222.crt;\n" - "ssl_certificate_key " - "/var/www/22222/cert/22222.key;\n") + if not os.path.isfile('{0}22222/conf/nginx/ssl.conf' + .format(ngxroot)): + with open("/var/www/22222/conf/nginx/" + "ssl.conf", "w") as php_file: + php_file.write("ssl_certificate " + "/var/www/22222/cert/22222.crt;\n" + "ssl_certificate_key " + "/var/www/22222/cert/22222.key;\n") server_ip = requests.get('http://v4.wordops.eu') diff --git a/wo/core/sslutils.py b/wo/core/sslutils.py index a54dfe2..e329e85 100644 --- a/wo/core/sslutils.py +++ b/wo/core/sslutils.py @@ -39,6 +39,9 @@ class SSL: def getexpirationdate(self, domain): # check if exist + if os.path.islink('/var/www/{0}/conf/nginx/ssl.conf'): + split_domain = domain.split('.') + domain = ('.').join(split_domain[1:]) if not os.path.isfile('/etc/letsencrypt/live/{0}/cert.pem' .format(domain)): Log.error(self, 'File Not Found: /etc/letsencrypt/' @@ -115,3 +118,86 @@ class SSL: certfile.close() return iswildcard + + def setupHsts(self, wo_domain_name): + Log.info( + self, "Adding /var/www/{0}/conf/nginx/hsts.conf" + .format(wo_domain_name)) + + hstsconf = open("/var/www/{0}/conf/nginx/hsts.conf" + .format(wo_domain_name), + encoding='utf-8', mode='w') + hstsconf.write("more_set_headers " + "\"Strict-Transport-Security: " + "max-age=31536000; " + "includeSubDomains; " + "preload\";") + hstsconf.close() + return 0 + + def selfsignedcert(self, wo_domain_name, + cert_path, backend=False): + """issue a self-signed certificate""" + + selfs_tmp = '/var/lib/wo/tmp/selfssl' + # create self-signed tmp directory + if not os.path.isdir(selfs_tmp): + WOFileUtils.mkdir(selfs_tmp) + if wo_domain_name == '': + wo_domain_name = 'localhost' + try: + WOShellExec.cmd_exec( + self, "openssl genrsa -out " + "{0}/ssl.key 2048" + .format(selfs_tmp)) + WOShellExec.cmd_exec( + self, "openssl req -new -batch " + "-subj /commonName={0}/ " + "-key {1}/ssl.key -out {1}/ssl.csr" + .format(wo_domain_name, selfs_tmp)) + + WOFileUtils.mvfile( + self, "{0}/ssl.key" + .format(selfs_tmp), + "{0}/ssl.key.org" + .format(selfs_tmp)) + + WOShellExec.cmd_exec( + self, "openssl rsa -in " + "{0}/ssl.key.org -out " + "{0}/ssl.key" + .format(selfs_tmp)) + + WOShellExec.cmd_exec( + self, "openssl x509 -req -days " + "3652 -in {0}/ssl.csr -signkey {0}" + "/ssl.key -out {0}/ssl.crt" + .format(selfs_tmp)) + + except Exception as e: + Log.debug(self, "{0}".format(e)) + Log.error( + self, "Failed to generate HTTPS " + "certificate for 22222", False) + if backend: + WOFileUtils.mvfile( + self, "{0}/ssl.key" + .format(selfs_tmp), + "/var/www/22222/cert/22222.key") + WOFileUtils.mvfile( + self, "{0}/ssl.cert" + .format(selfs_tmp), + "/var/www/22222/cert/22222.crt") + else: + if not os.path.isdir(cert_path): + WOFileUtils.mkdir(self, cert_path) + WOFileUtils.mvfile( + self, "{0}/ssl.key" + .format(selfs_tmp), + "{0}/key.pem".format(cert_path)) + WOFileUtils.mvfile( + self, "{0}/ssl.crt" + .format(selfs_tmp), + "{0}/cert.pem".format(cert_path)) + # remove self-signed tmp directory + WOFileUtils.rm(self, selfs_tmp)