robin.thoni
/
sitegen
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 7 Wiki Activity
Browse Source

added per host commands

tags/v2.1.0
Robin Thoni 7 years ago
parent
975b3e2a41
commit
8f70099a38
7 changed files with 84 additions and 34 deletions
Split View Show Diff Stats
  1. 0
    10
      .idea/misc.xml
  2. 8
    0
      apache/sitegen.conf
  3. 3
    1
      install
  4. 15
    7
      sitegen.py
  5. 34
    11
      sitegen/sitegen.json
  6. 2
    2
      tests/fake-letsencrypt.sh
  7. 22
    3
      tests/sitegen.json

+ 0
- 10
.idea/misc.xml View File 

@@ -1,14 +1,4 @@
1 1 
 <?xml version="1.0" encoding="UTF-8"?>
2 2 
 <project version="4">
3 
-  <component name="ProjectLevelVcsManager" settingsEditedManually="false">
4 
-    <OptionsSetting value="true" id="Add" />
5 
-    <OptionsSetting value="true" id="Remove" />
6 
-    <OptionsSetting value="true" id="Checkout" />
7 
-    <OptionsSetting value="true" id="Update" />
8 
-    <OptionsSetting value="true" id="Status" />
9 
-    <OptionsSetting value="true" id="Edit" />
10 
-    <ConfirmationsSetting value="0" id="Add" />
11 
-    <ConfirmationsSetting value="0" id="Remove" />
12 
-  </component>
13 3 
   <component name="ProjectRootManager" version="2" project-jdk-name="Python 3.4.3 (/usr/bin/python3.4)" project-jdk-type="Python SDK" />
14 4 
 </project>

+ 8
- 0
apache/sitegen.conf View File 

@@ -1,4 +1,7 @@
1 1 
 Alias "/.well-known/acme-challenge/" "/tmp/acme-challenge/.well-known/acme-challenge/"
2 
+<IfModule mod_proxy.c>
3 
+  ProxyPass /.well-known/acme-challenge !
4 
+</IfModule>
2 5 
 <Directory /tmp/acme-challenge>
3 6 
   Options -Indexes -FollowSymLinks
4 7 
   AllowOverride All
 
@@ -6,3 +9,8 @@ Alias "/.well-known/acme-challenge/" "/tmp/acme-challenge/.well-known/acme-chall
6 9 
   Satisfy Any
7 10 
   Allow from all
8 11 
 </Directory>
12 
+<Location /.well-known/acme-challenge>
13 
+  Require all granted
14 
+  Satisfy Any
15 
+  Allow from all
16 
+</Location>

+ 3
- 1
install View File 

@@ -10,6 +10,7 @@ then
10 10 
   cp -r "${dir}/sitegen" /etc/sitegen
11 11 
 fi &&
12 12
13 
+rm -f /usr/local/bin/sitegen &&
13 14 
 cp "${dir}/sitegen.py" /usr/local/bin/sitegen &&
14 15
15 16 
 for typedir in "${dir}"/sitegen/hooks-available/*
 
@@ -22,9 +23,10 @@ do
22 23 
     done
23 24 
 done &&
24 25
26 
+rm -f /etc/bash_completion.d/sitegen &&
25 27 
 cp "${dir}/bash/sitegen.completion" /etc/bash_completion.d/sitegen &&
26 28
27 
-a2disconf letsencrypt &&
29 
+(a2disconf letsencrypt && rm -f /etc/apache2/conf-available/letsencrypt.conf || exit 0) &&
28 30 
 rm -f /etc/apache2/conf-available/sitegen.conf &&
29 31 
 cp "${dir}/apache/sitegen.conf" /etc/apache2/conf-available/sitegen.conf &&
30 32 
 a2enconf sitegen &&

+ 15
- 7
sitegen.py View File 

@@ -1,5 +1,5 @@
1 1 
 #! /usr/bin/env python3
2 
-
2 
+import fnmatch
3 3 
 import json
4 4 
 import argparse
5 5 
 import os
 
@@ -26,8 +26,7 @@ class SiteGen:
26 26 
     hooksAvailableDir = ""
27 27 
     templatesDir = ""
28 28 
     certRenewTime = ""
29 
-    letsencryptCommand = ""
30 
-    letsencryptArgs = []
29 
+    letsencryptCommands = ""
31 30 
     letsencryptDir = ""
32 31 
     certDir = ""
33 32 
 
@@ -39,8 +38,7 @@ class SiteGen:
39 38 
         self.hooksAvailableDir = path.join(self.confDir, "hooks-available")
40 39 
         self.templatesDir = path.join(self.confDir, "templates")
41 40 
         self.certRenewTime = config["certRenewTime"]
42 
-        self.letsencryptCommand = config["letsencryptCommand"]
43 
-        self.letsencryptArgs = config["letsencryptArgs"]
41 
+        self.letsencryptCommands = config["letsencryptCommands"]
44 42 
         self.letsencryptDir = config["letsencryptDir"]
45 43 
         self.certDir = config["certDir"]
46 44 
 
@@ -74,6 +72,14 @@ class SiteGen:
74 72 
     def get_letsencrypt_dir(self, domain):
75 73 
         return path.join(self.letsencryptDir, domain)
76 74
75 
+    def get_letsencrypt_command(self, domain):
76 
+        for d in self.letsencryptCommands:
77 
+            patterns = d['patterns'] if isinstance(d['patterns'], list) else [d['patterns']]
78 
+            for pattern in patterns:
79 
+                if fnmatch.fnmatch(domain, pattern):
80 
+                    return d['command']
81 
+        return None
82 
+
77 83 
     def symlink_letsencrypt_file(self, domain, file, outfile):
78 84 
         letsencrypt_cert_file = path.abspath(self.get_letsencrypt_dir(domain))
79 85 
         my_cert_file = path.join(self.certDir, outfile)
 
@@ -193,11 +199,13 @@ class SiteGen:
193 199 
         cert_files.insert(0, domain)
194 200 
         self.execute_hooks("cert", "pre", cert_files)
195 201
196 
-        args = self.letsencryptArgs.copy()
202 
+        command = self.get_letsencrypt_command(domain)
203 
+
204 
+        args = command['letsencryptArgs'].copy()
197 205 
         args.append("-d")
198 206 
         args.append(domain)
199 207
200 
-        res, out = self.execute(self.letsencryptCommand, args, False)
208 
+        res, out = self.execute(command['letsencryptCommand'], args, False)
201 209 
         if res != 0:
202 210 
             raise SiteGenException("Certificate request failed with code %i" % res, res)
203 211

+ 34
- 11
sitegen/sitegen.json View File 

@@ -3,17 +3,40 @@
3 3 
   "siteDir": "/var/",
4 4 
   "confDir": "/etc/sitegen/",
5 5 
   "certRenewTime": 5356800,
6 
-  "letsencryptCommand": "letsencrypt",
7 
-  "letsencryptArgs": [
8 
-    "--agree-tos",
9 
-    "--text",
10 
-    "--renew-by-default",
11 
-    "--webroot",
12 
-    "--webroot-path",
13 
-    "/tmp/acme-challenge/",
14 
-    "--server",
15 
-    "https://acme-v01.api.letsencrypt.org/directory",
16 
-    "certonly"
6 
+  "letsencryptCommands": [
7 
+    {
8 
+      "patterns": "*",
9 
+      "command": {
10 
+        "letsencryptCommand": "letsencrypt",
11 
+        "letsencryptArgs": [
12 
+          "--agree-tos",
13 
+          "--text",
14 
+          "--renew-by-default",
15 
+          "--webroot",
16 
+          "--webroot-path",
17 
+          "/tmp/acme-challenge/",
18 
+          "--server",
19 
+          "https://acme-v01.api.letsencrypt.org/directory",
20 
+          "certonly"
21 
+        ]
22 
+      }
23 
+    },
24 
+    {
25 
+      "patterns": "*",
26 
+      "command": {
27 
+        "letsencryptCommand": "letsencrypt",
28 
+        "letsencryptArgs": [
29 
+          "--agree-tos",
30 
+          "--text",
31 
+          "--renew-by-default",
32 
+          "--authenticator",
33 
+          "certbot-dns:auth",
34 
+          "--server",
35 
+          "https://acme-v01.api.letsencrypt.org/directory",
36 
+          "certonly"
37 
+        ]
38 
+      }
39 
+    }
17 40 
   ],
18 41 
   "letsencryptDir": "/etc/letsencrypt/live/",
19 42 
   "certDir": "/etc/ssl/private/"

+ 2
- 2
tests/fake-letsencrypt.sh View File 

@@ -5,9 +5,9 @@ arg="${1}"
5 5 
 d="${2}"
6 6 
 host="${3}"
7 7
8 
-if [ "${host}" = "error.com" ] || [ "${arg}" != "Test." ] || [ "${d}" != "-d" ]
8 
+if [ "${arg}" != "Test." ] || [ "${d}" != "-d" ]
9 9 
 then
10 
-    echo "Failed to get certificate" >&2
10 
+    echo "Failed to get certificate: ${arg}" >&2
11 11 
     exit 1
12 12 
 fi &&
13 13

+ 22
- 3
tests/sitegen.json View File 

@@ -3,9 +3,28 @@
3 3 
   "siteDir": "./tests/var/",
4 4 
   "confDir": "./sitegen/",
5 5 
   "certRenewTime": 5356800,
6 
-  "letsencryptCommand": "./tests/fake-letsencrypt.sh",
7 
-  "letsencryptArgs": [
8 
-    "Test."
6 
+  "letsencryptCommands": [
7 
+    {
8 
+      "patterns": [
9 
+        "error.com",
10 
+        "*.error.com"
11 
+      ],
12 
+      "command": {
13 
+        "letsencryptCommand": "./tests/fake-letsencrypt.sh",
14 
+        "letsencryptArgs": [
15 
+          "error"
16 
+        ]
17 
+      }
18 
+    },
19 
+    {
20 
+      "patterns": "*",
21 
+      "command": {
22 
+        "letsencryptCommand": "./tests/fake-letsencrypt.sh",
23 
+        "letsencryptArgs": [
24 
+          "Test."
25 
+        ]
26 
+      }
27 
+    }
9 28 
   ],
10 29 
   "letsencryptDir": "./tests/etc/letsencrypt/live/",
11 30 
   "certDir": "./tests/etc/ssl/private/"

Write Preview
Loading…
Cancel
Save