選択できるのは25トピックまでです。 トピックは、先頭が英数字で、英数字とダッシュ('-')を使用した35文字以内のものにしてください。
Robin Thoni e59931ca28 added newline 7年前
.idea added per host commands 8年前
extra added newline 7年前
sitegencli module init 7年前
tests moved files 7年前
.gitignore .gitignore 7年前
README.md README.md 7年前
TODO simplified templates files; updated completion and generation; added bash completion for tests; TODO 8年前
install added per host commands 8年前
requirements.txt site create; bash completion 8年前
setup.cfg setup.py 7年前
setup.py copy files to /etc and bash completion when installing 7年前

README.md

sitegen

CLI tool to build web site configuration and obtain SSL certificates from letsencrypt using certbot.

Also provide a simpler way to request SSL certificate over certbot.

Installation

#Install from pip
pip2 install sitegencli
#Install from sources
python2 setup.py install

Configuration

Configuration should have been copied from /usr/local/etc/sitegen to /etc/sitegen at install time.

sitegen.json looks like:

{
  "siteConfDir": "/etc/apache2/sites-available/",
  "siteDir": "/var/",
  "confDir": "/etc/sitegen/",
  "certRenewTime": 5356800,
  "letsencryptCommands": [
    {
      "patterns": [
        "example.com",
        "*.example.com"
      ],
      "command": {
        "letsencryptCommand": "certbot",
        "letsencryptArgs": [
          "--agree-tos",
          "--text",
          "--renew-by-default",
          "--webroot",
          "--webroot-path",
          "/tmp/acme-challenge/",
          "certonly"
        ]
      }
    },
    {
      "patterns": "*",
      "command": {
        "letsencryptCommand": "certbot",
        "letsencryptArgs": [
          "--agree-tos",
          "--text",
          "--renew-by-default",
          "--authenticator",
          "certbot-pdns:auth",
          "certonly"
        ]
      }
    }
  ],
  "letsencryptDir": "/etc/letsencrypt/live/",
  "certDir": "/etc/ssl/private/"
}

Configuration keys:

  • siteConfDir: Apache available sites folder.
  • siteDir: Where to put new site document root folder.
  • confDir: Sitegen configuration folder
  • certRenewTime: Number of seconds before SSL certificate expiration
  • letsencryptCommands: Commands to be used to generate SSL certificates
    • patterns: Fnmatch patterns to select command from domain name
    • command: The command to be executed to generate the certificate
      • letsencryptCommand: Command name
      • letsencryptArgs: Command arguments
  • letsencryptDir: The root directory used by letsencrypt (certbot)
  • certDir: Where to put symlink to certificate files

Hooks

There’s two types of hooks:

  • Certificate: Cert hooks are triggered when creating a site using the --site-create flag. Hooks are executed once per site, before and after creation.
  • Site: Site hooks are triggered when requesting/renewing a certificate using the flags --cert-request and --cert-renew. Hooks are executed once per certificate, before and after request/renew.

Hooks must be enabled/disabled using --hook-enable and --hook-disable arguments. By default, all hooks should be enabled.

Some hooks are provided:

  • Certificates
    • 000-print: Print request/renewal details, before request/renewal.
    • 100-mkwebroot: make directory for the letsencrypt challenge, to be used with extra/apache/sitegen.conf, before request/renewal.
    • 200-reload: Reload apache daemon, after request/renewal.
  • Sites
    • 000-print: Print site details, before site creation.
    • 100-sitegen-cert-request: Request a letsencrypt certificate if SSL is detected in site configuration files, after site creation.
    • 200-chown: Change owner of the document root to the user running the command, after site creation.
    • 300-a2ensite: Enable site in apache, after site creation.
    • 400-reload: Reload apache daemon, after site creation.

Templates

Templates are used to generate apache site configuration. They are split in two files:

  • Transport configuration (*.conf): These files setup the http and/or https configuration to be used.
  • Site configuration (*.include): These files setup the site configuration, as document root, server name, aliases, location, etc. They are included ine the .conf files using Include directive.

Default templates are default.include and https.conf. Templates can be specified when creating site by using the following syntax:

sitegen --site-create www.example.com:docker.rhttps

Where www.example.com is the site to create, docker is the docker.include template and rhttps is the rhttps.conf template.

Usage

Generate a site with SSL:

sitegen --site-create example.com:default.https

Request a SSL certificate:

sitegen --cert-request example.com

See sitegen --help for more.