Browse Source

added per host commands

tags/v2.1.0
Robin Thoni 8 years ago
parent
commit
8f70099a38
7 changed files with 84 additions and 34 deletions
  1. 0
    10
      .idea/misc.xml
  2. 8
    0
      apache/sitegen.conf
  3. 3
    1
      install
  4. 15
    7
      sitegen.py
  5. 34
    11
      sitegen/sitegen.json
  6. 2
    2
      tests/fake-letsencrypt.sh
  7. 22
    3
      tests/sitegen.json

+ 0
- 10
.idea/misc.xml View File

1
 <?xml version="1.0" encoding="UTF-8"?>
1
 <?xml version="1.0" encoding="UTF-8"?>
2
 <project version="4">
2
 <project version="4">
3
-  <component name="ProjectLevelVcsManager" settingsEditedManually="false">
4
-    <OptionsSetting value="true" id="Add" />
5
-    <OptionsSetting value="true" id="Remove" />
6
-    <OptionsSetting value="true" id="Checkout" />
7
-    <OptionsSetting value="true" id="Update" />
8
-    <OptionsSetting value="true" id="Status" />
9
-    <OptionsSetting value="true" id="Edit" />
10
-    <ConfirmationsSetting value="0" id="Add" />
11
-    <ConfirmationsSetting value="0" id="Remove" />
12
-  </component>
13
   <component name="ProjectRootManager" version="2" project-jdk-name="Python 3.4.3 (/usr/bin/python3.4)" project-jdk-type="Python SDK" />
3
   <component name="ProjectRootManager" version="2" project-jdk-name="Python 3.4.3 (/usr/bin/python3.4)" project-jdk-type="Python SDK" />
14
 </project>
4
 </project>

+ 8
- 0
apache/sitegen.conf View File

1
 Alias "/.well-known/acme-challenge/" "/tmp/acme-challenge/.well-known/acme-challenge/"
1
 Alias "/.well-known/acme-challenge/" "/tmp/acme-challenge/.well-known/acme-challenge/"
2
+<IfModule mod_proxy.c>
3
+  ProxyPass /.well-known/acme-challenge !
4
+</IfModule>
2
 <Directory /tmp/acme-challenge>
5
 <Directory /tmp/acme-challenge>
3
   Options -Indexes -FollowSymLinks
6
   Options -Indexes -FollowSymLinks
4
   AllowOverride All
7
   AllowOverride All
6
   Satisfy Any
9
   Satisfy Any
7
   Allow from all
10
   Allow from all
8
 </Directory>
11
 </Directory>
12
+<Location /.well-known/acme-challenge>
13
+  Require all granted
14
+  Satisfy Any
15
+  Allow from all
16
+</Location>

+ 3
- 1
install View File

10
   cp -r "${dir}/sitegen" /etc/sitegen
10
   cp -r "${dir}/sitegen" /etc/sitegen
11
 fi &&
11
 fi &&
12
 
12
 
13
+rm -f /usr/local/bin/sitegen &&
13
 cp "${dir}/sitegen.py" /usr/local/bin/sitegen &&
14
 cp "${dir}/sitegen.py" /usr/local/bin/sitegen &&
14
 
15
 
15
 for typedir in "${dir}"/sitegen/hooks-available/*
16
 for typedir in "${dir}"/sitegen/hooks-available/*
22
     done
23
     done
23
 done &&
24
 done &&
24
 
25
 
26
+rm -f /etc/bash_completion.d/sitegen &&
25
 cp "${dir}/bash/sitegen.completion" /etc/bash_completion.d/sitegen &&
27
 cp "${dir}/bash/sitegen.completion" /etc/bash_completion.d/sitegen &&
26
 
28
 
27
-a2disconf letsencrypt &&
29
+(a2disconf letsencrypt && rm -f /etc/apache2/conf-available/letsencrypt.conf || exit 0) &&
28
 rm -f /etc/apache2/conf-available/sitegen.conf &&
30
 rm -f /etc/apache2/conf-available/sitegen.conf &&
29
 cp "${dir}/apache/sitegen.conf" /etc/apache2/conf-available/sitegen.conf &&
31
 cp "${dir}/apache/sitegen.conf" /etc/apache2/conf-available/sitegen.conf &&
30
 a2enconf sitegen &&
32
 a2enconf sitegen &&

+ 15
- 7
sitegen.py View File

1
 #! /usr/bin/env python3
1
 #! /usr/bin/env python3
2
-
2
+import fnmatch
3
 import json
3
 import json
4
 import argparse
4
 import argparse
5
 import os
5
 import os
26
     hooksAvailableDir = ""
26
     hooksAvailableDir = ""
27
     templatesDir = ""
27
     templatesDir = ""
28
     certRenewTime = ""
28
     certRenewTime = ""
29
-    letsencryptCommand = ""
30
-    letsencryptArgs = []
29
+    letsencryptCommands = ""
31
     letsencryptDir = ""
30
     letsencryptDir = ""
32
     certDir = ""
31
     certDir = ""
33
 
32
 
39
         self.hooksAvailableDir = path.join(self.confDir, "hooks-available")
38
         self.hooksAvailableDir = path.join(self.confDir, "hooks-available")
40
         self.templatesDir = path.join(self.confDir, "templates")
39
         self.templatesDir = path.join(self.confDir, "templates")
41
         self.certRenewTime = config["certRenewTime"]
40
         self.certRenewTime = config["certRenewTime"]
42
-        self.letsencryptCommand = config["letsencryptCommand"]
43
-        self.letsencryptArgs = config["letsencryptArgs"]
41
+        self.letsencryptCommands = config["letsencryptCommands"]
44
         self.letsencryptDir = config["letsencryptDir"]
42
         self.letsencryptDir = config["letsencryptDir"]
45
         self.certDir = config["certDir"]
43
         self.certDir = config["certDir"]
46
 
44
 
74
     def get_letsencrypt_dir(self, domain):
72
     def get_letsencrypt_dir(self, domain):
75
         return path.join(self.letsencryptDir, domain)
73
         return path.join(self.letsencryptDir, domain)
76
 
74
 
75
+    def get_letsencrypt_command(self, domain):
76
+        for d in self.letsencryptCommands:
77
+            patterns = d['patterns'] if isinstance(d['patterns'], list) else [d['patterns']]
78
+            for pattern in patterns:
79
+                if fnmatch.fnmatch(domain, pattern):
80
+                    return d['command']
81
+        return None
82
+
77
     def symlink_letsencrypt_file(self, domain, file, outfile):
83
     def symlink_letsencrypt_file(self, domain, file, outfile):
78
         letsencrypt_cert_file = path.abspath(self.get_letsencrypt_dir(domain))
84
         letsencrypt_cert_file = path.abspath(self.get_letsencrypt_dir(domain))
79
         my_cert_file = path.join(self.certDir, outfile)
85
         my_cert_file = path.join(self.certDir, outfile)
193
         cert_files.insert(0, domain)
199
         cert_files.insert(0, domain)
194
         self.execute_hooks("cert", "pre", cert_files)
200
         self.execute_hooks("cert", "pre", cert_files)
195
 
201
 
196
-        args = self.letsencryptArgs.copy()
202
+        command = self.get_letsencrypt_command(domain)
203
+
204
+        args = command['letsencryptArgs'].copy()
197
         args.append("-d")
205
         args.append("-d")
198
         args.append(domain)
206
         args.append(domain)
199
 
207
 
200
-        res, out = self.execute(self.letsencryptCommand, args, False)
208
+        res, out = self.execute(command['letsencryptCommand'], args, False)
201
         if res != 0:
209
         if res != 0:
202
             raise SiteGenException("Certificate request failed with code %i" % res, res)
210
             raise SiteGenException("Certificate request failed with code %i" % res, res)
203
 
211
 

+ 34
- 11
sitegen/sitegen.json View File

3
   "siteDir": "/var/",
3
   "siteDir": "/var/",
4
   "confDir": "/etc/sitegen/",
4
   "confDir": "/etc/sitegen/",
5
   "certRenewTime": 5356800,
5
   "certRenewTime": 5356800,
6
-  "letsencryptCommand": "letsencrypt",
7
-  "letsencryptArgs": [
8
-    "--agree-tos",
9
-    "--text",
10
-    "--renew-by-default",
11
-    "--webroot",
12
-    "--webroot-path",
13
-    "/tmp/acme-challenge/",
14
-    "--server",
15
-    "https://acme-v01.api.letsencrypt.org/directory",
16
-    "certonly"
6
+  "letsencryptCommands": [
7
+    {
8
+      "patterns": "*",
9
+      "command": {
10
+        "letsencryptCommand": "letsencrypt",
11
+        "letsencryptArgs": [
12
+          "--agree-tos",
13
+          "--text",
14
+          "--renew-by-default",
15
+          "--webroot",
16
+          "--webroot-path",
17
+          "/tmp/acme-challenge/",
18
+          "--server",
19
+          "https://acme-v01.api.letsencrypt.org/directory",
20
+          "certonly"
21
+        ]
22
+      }
23
+    },
24
+    {
25
+      "patterns": "*",
26
+      "command": {
27
+        "letsencryptCommand": "letsencrypt",
28
+        "letsencryptArgs": [
29
+          "--agree-tos",
30
+          "--text",
31
+          "--renew-by-default",
32
+          "--authenticator",
33
+          "certbot-dns:auth",
34
+          "--server",
35
+          "https://acme-v01.api.letsencrypt.org/directory",
36
+          "certonly"
37
+        ]
38
+      }
39
+    }
17
   ],
40
   ],
18
   "letsencryptDir": "/etc/letsencrypt/live/",
41
   "letsencryptDir": "/etc/letsencrypt/live/",
19
   "certDir": "/etc/ssl/private/"
42
   "certDir": "/etc/ssl/private/"

+ 2
- 2
tests/fake-letsencrypt.sh View File

5
 d="${2}"
5
 d="${2}"
6
 host="${3}"
6
 host="${3}"
7
 
7
 
8
-if [ "${host}" = "error.com" ] || [ "${arg}" != "Test." ] || [ "${d}" != "-d" ]
8
+if [ "${arg}" != "Test." ] || [ "${d}" != "-d" ]
9
 then
9
 then
10
-    echo "Failed to get certificate" >&2
10
+    echo "Failed to get certificate: ${arg}" >&2
11
     exit 1
11
     exit 1
12
 fi &&
12
 fi &&
13
 
13
 

+ 22
- 3
tests/sitegen.json View File

3
   "siteDir": "./tests/var/",
3
   "siteDir": "./tests/var/",
4
   "confDir": "./sitegen/",
4
   "confDir": "./sitegen/",
5
   "certRenewTime": 5356800,
5
   "certRenewTime": 5356800,
6
-  "letsencryptCommand": "./tests/fake-letsencrypt.sh",
7
-  "letsencryptArgs": [
8
-    "Test."
6
+  "letsencryptCommands": [
7
+    {
8
+      "patterns": [
9
+        "error.com",
10
+        "*.error.com"
11
+      ],
12
+      "command": {
13
+        "letsencryptCommand": "./tests/fake-letsencrypt.sh",
14
+        "letsencryptArgs": [
15
+          "error"
16
+        ]
17
+      }
18
+    },
19
+    {
20
+      "patterns": "*",
21
+      "command": {
22
+        "letsencryptCommand": "./tests/fake-letsencrypt.sh",
23
+        "letsencryptArgs": [
24
+          "Test."
25
+        ]
26
+      }
27
+    }
9
   ],
28
   ],
10
   "letsencryptDir": "./tests/etc/letsencrypt/live/",
29
   "letsencryptDir": "./tests/etc/letsencrypt/live/",
11
   "certDir": "./tests/etc/ssl/private/"
30
   "certDir": "./tests/etc/ssl/private/"

Loading…
Cancel
Save