def renew_certs(): click.confirm('Running this will stop the nginx service temporarily causing your sites to go offline\n' 'Do you want to continue?', abort=True) service('nginx', 'stop') exec_cmd("{path} renew".format(path=get_certbot_path())) service('nginx', 'start')
def update_supervisord_config(user=None, yes=False): """From bench v5.x, we're moving to supervisor running as user""" from bench.config.production_setup import service if not user: user = getpass.getuser() supervisord_conf = get_supervisord_conf() section = "unix_http_server" updated_values = { "chmod": "0760", "chown": "{user}:{user}".format(user=user) } supervisord_conf_changes = "" if not supervisord_conf: logger.log("supervisord.conf not found") return config = configparser.ConfigParser() config.read(supervisord_conf) if section not in config.sections(): config.add_section(section) action = "Section {0} Added".format(section) logger.log(action) supervisord_conf_changes += '\n' + action for key, value in updated_values.items(): try: current_value = config.get(section, key) except configparser.NoOptionError: current_value = "" if current_value.strip() != value: config.set(section, key, value) action = "Updated supervisord.conf: '{0}' changed from '{1}' to '{2}'".format(key, current_value, value) logger.log(action) supervisord_conf_changes += '\n' + action if not supervisord_conf_changes: logger.log("supervisord.conf not updated") return if not yes: click.confirm("{0} will be updated with the following values:\n{1}\nDo you want to continue?".format(supervisord_conf, supervisord_conf_changes), abort=True) try: with open(supervisord_conf, "w") as f: config.write(f) logger.log("Updated supervisord.conf at '{0}'".format(supervisord_conf)) except Exception as e: logger.log("Updating supervisord.conf failed due to '{0}'".format(e)) # Reread supervisor configuration, reload supervisord and supervisorctl, restart services that were started service('supervisor', 'reload')
def setup_wildcard_ssl(domain, email, bench_path, exclude_base_domain): def _get_domains(domain): domain_list = [domain] if not domain.startswith('*.'): # add wildcard caracter to domain if missing domain_list.append('*.{0}'.format(domain)) else: # include base domain based on flag domain_list.append(domain.replace('*.', '')) if exclude_base_domain: domain_list.remove(domain.replace('*.', '')) return domain_list if not get_config(bench_path).get("dns_multitenant"): print("You cannot setup SSL without DNS Multitenancy") return get_certbot() domain_list = _get_domains(domain.strip()) email_param = '' if email: email_param = '--email {0}'.format(email) try: exec_cmd( "{path} certonly --manual --preferred-challenges=dns {email_param} \ --server https://acme-v02.api.letsencrypt.org/directory \ --agree-tos -d {domain}".format(path=get_certbot_path(), domain=' -d '.join(domain_list), email_param=email_param)) except CommandFailedError: print("There was a problem trying to setup SSL") return ssl_path = "/etc/letsencrypt/live/{domain}/".format(domain=domain) ssl_config = { "wildcard": { "domain": domain, "ssl_certificate": os.path.join(ssl_path, "fullchain.pem"), "ssl_certificate_key": os.path.join(ssl_path, "privkey.pem") } } update_common_site_config(ssl_config) setup_crontab() make_nginx_conf(bench_path) print("Restrting Nginx service") service('nginx', 'restart')
def setup_wildcard_ssl(domain, email, bench_path, exclude_base_domain): def _get_domains(domain): domain_list = [domain] if not domain.startswith('*.'): # add wildcard caracter to domain if missing domain_list.append('*.{0}'.format(domain)) else: # include base domain based on flag domain_list.append(domain.replace('*.', '')) if exclude_base_domain: domain_list.remove(domain.replace('*.', '')) return domain_list if not get_config(bench_path).get("dns_multitenant"): print("You cannot setup SSL without DNS Multitenancy") return get_certbot() domain_list = _get_domains(domain.strip()) email_param = '' if email: email_param = '--email {0}'.format(email) try: exec_cmd("{path} certonly --manual --preferred-challenges=dns {email_param} \ --server https://acme-v02.api.letsencrypt.org/directory \ --agree-tos -d {domain}".format(path=get_certbot_path(), domain=' -d '.join(domain_list), email_param=email_param)) except CommandFailedError: print("There was a problem trying to setup SSL") return ssl_path = "/etc/letsencrypt/live/{domain}/".format(domain=domain) ssl_config = { "wildcard": { "domain": domain, "ssl_certificate": os.path.join(ssl_path, "fullchain.pem"), "ssl_certificate_key": os.path.join(ssl_path, "privkey.pem") } } update_common_site_config(ssl_config) setup_crontab() make_nginx_conf(bench_path) print("Restrting Nginx service") service('nginx', 'restart')
def execute(bench_path): """This patch checks if bench sudoers is set and regenerate supervisor and sudoers files""" user = get_config('.').get("frappe_user") or getpass.getuser() if is_sudoers_set(): if is_production_set(bench_path): exec_cmd("sudo bench setup supervisor --yes --user {user}".format( user=user)) service("supervisord", "restart") exec_cmd("sudo bench setup sudoers {user}".format(user=user))
def run_certbot_and_setup_ssl(site, custom_domain, bench_path): service('nginx', 'stop') get_certbot() try: exec_cmd( "{path} --config /etc/letsencrypt/configs/{site}.cfg certonly". format(path=get_certbot_path(), site=custom_domain or site)) except CommandFailedError: service('nginx', 'start') print "There was a problem trying to setup SSL for your site" return ssl_path = "/etc/letsencrypt/live/{site}/".format( site=custom_domain or site) ssl_config = { "ssl_certificate": os.path.join(ssl_path, "fullchain.pem"), "ssl_certificate_key": os.path.join(ssl_path, "privkey.pem") } if custom_domain: remove_domain(site, custom_domain, bench_path) domains = get_domains(site, bench_path) ssl_config['domain'] = custom_domain domains.append(ssl_config) update_site_config(site, {"domains": domains}, bench_path=bench_path) else: update_site_config(site, ssl_config, bench_path=bench_path) make_nginx_conf(bench_path) service('nginx', 'start')
def run_certbot_and_setup_ssl(site, custom_domain, bench_path): service('nginx', 'stop') get_certbot() try: exec_cmd("{path} --config /etc/letsencrypt/configs/{site}.cfg certonly".format(path=get_certbot_path(), site=custom_domain or site)) except CommandFailedError: service('nginx', 'start') print "There was a problem trying to setup SSL for your site" return ssl_path = "/etc/letsencrypt/live/{site}/".format(site=custom_domain or site) ssl_config = { "ssl_certificate": os.path.join(ssl_path, "fullchain.pem"), "ssl_certificate_key": os.path.join(ssl_path, "privkey.pem") } if custom_domain: remove_domain(site, custom_domain, bench_path) domains = get_domains(site, bench_path) ssl_config['domain'] = custom_domain domains.append(ssl_config) update_site_config(site, { "domains": domains }, bench_path=bench_path) else: update_site_config(site, ssl_config, bench_path=bench_path) make_nginx_conf(bench_path) service('nginx', 'start')