def add_name_vhost(self, addr): """Adds NameVirtualHost directive for given address. :param str addr: Address that will be added as NameVirtualHost directive """ path = self.parser.add_dir_to_ifmodssl( parser.get_aug_path(self.parser.loc["name"]), "NameVirtualHost", str(addr)) self.save_notes += "Setting %s to be NameBasedVirtualHost\n" % addr self.save_notes += "\tDirective added to %s\n" % path
def add_name_vhost(self, addr): """Adds NameVirtualHost directive for given address. :param str addr: Address that will be added as NameVirtualHost directive """ path = self.parser.add_dir_to_ifmodssl( parser.get_aug_path( self.parser.loc["name"]), "NameVirtualHost", str(addr)) self.save_notes += "Setting %s to be NameBasedVirtualHost\n" % addr self.save_notes += "\tDirective added to %s\n" % path
def _conf_include_check(self, main_config): """Adds DVSNI challenge conf file into configuration. Adds DVSNI challenge include file if it does not already exist within mainConfig :param str main_config: file path to main user apache config file """ if len(self.configurator.parser.find_dir( parser.case_i("Include"), self.challenge_conf)) == 0: # print "Including challenge virtual host(s)" self.configurator.parser.add_dir( parser.get_aug_path(main_config), "Include", self.challenge_conf)
def test_add_dir_to_ifmodssl(self): """test add_dir_to_ifmodssl. Path must be valid before attempting to add to augeas """ from letsencrypt.client.plugins.apache.parser import get_aug_path self.parser.add_dir_to_ifmodssl( get_aug_path(self.parser.loc["default"]), "FakeDirective", "123") matches = self.parser.find_dir("FakeDirective", "123") self.assertEqual(len(matches), 1) self.assertTrue("IfModule" in matches[0])
def _prepare_server_https(self): """Prepare the server for HTTPS. Make sure that the ssl_module is loaded and that the server is appropriately listening on port 443. """ if not mod_loaded("ssl_module", self.config.apache_ctl): logging.info("Loading mod_ssl into Apache Server") enable_mod("ssl", self.config.apache_init_script, self.config.apache_enmod) # Check for Listen 443 # Note: This could be made to also look for ip:443 combo # TODO: Need to search only open directives and IfMod mod_ssl.c if len(self.parser.find_dir(parser.case_i("Listen"), "443")) == 0: logging.debug("No Listen 443 directive found") logging.debug("Setting the Apache Server to Listen on port 443") path = self.parser.add_dir_to_ifmodssl( parser.get_aug_path(self.parser.loc["listen"]), "Listen", "443") self.save_notes += "Added Listen 443 directive to %s\n" % path
def _create_redirect_vhost(self, ssl_vhost): """Creates an http_vhost specifically to redirect for the ssl_vhost. :param ssl_vhost: ssl vhost :type ssl_vhost: :class:`~letsencrypt.client.plugins.apache.obj.VirtualHost` :returns: tuple of the form (`success`, :class:`~letsencrypt.client.plugins.apache.obj.VirtualHost`) :rtype: tuple """ # Consider changing this to a dictionary check # Make sure adding the vhost will be safe conflict, host_or_addrs = self._conflicting_host(ssl_vhost) if conflict: raise errors.LetsEncryptConfiguratorError( "Unable to create a redirection vhost " "- {}".format(host_or_addrs)) redirect_addrs = host_or_addrs # get servernames and serveraliases serveralias = "" servername = "" size_n = len(ssl_vhost.names) if size_n > 0: servername = "ServerName " + ssl_vhost.names[0] if size_n > 1: serveralias = " ".join(ssl_vhost.names[1:size_n]) serveralias = "ServerAlias " + serveralias redirect_file = ("<VirtualHost" + redirect_addrs + ">\n" "%s \n" "%s \n" "ServerSignature Off\n" "\n" "RewriteEngine On\n" "RewriteRule %s\n" "\n" "ErrorLog /var/log/apache2/redirect.error.log\n" "LogLevel warn\n" "</VirtualHost>\n" % (servername, serveralias, " ".join(constants.APACHE_REWRITE_HTTPS_ARGS))) # Write out the file # This is the default name redirect_filename = "le-redirect.conf" # See if a more appropriate name can be applied if len(ssl_vhost.names) > 0: # Sanity check... # make sure servername doesn't exceed filename length restriction if ssl_vhost.names[0] < (255-23): redirect_filename = "le-redirect-%s.conf" % ssl_vhost.names[0] redirect_filepath = os.path.join( self.parser.root, "sites-available", redirect_filename) # Register the new file that will be created # Note: always register the creation before writing to ensure file will # be removed in case of unexpected program exit self.reverter.register_file_creation(False, redirect_filepath) # Write out file with open(redirect_filepath, "w") as redirect_fd: redirect_fd.write(redirect_file) logging.info("Created redirect file: %s", redirect_filename) self.aug.load() # Make a new vhost data structure and add it to the lists new_vhost = self._create_vhost(parser.get_aug_path(redirect_filepath)) self.vhosts.append(new_vhost) # Finally create documentation for the change self.save_notes += ("Created a port 80 vhost, %s, for redirection to " "ssl vhost %s\n" % (new_vhost.filep, ssl_vhost.filep))
def test_get_aug_path(self): from letsencrypt.client.plugins.apache.parser import get_aug_path self.assertEqual("/files/etc/apache", get_aug_path("/etc/apache"))
def _create_redirect_vhost(self, ssl_vhost): """Creates an http_vhost specifically to redirect for the ssl_vhost. :param ssl_vhost: ssl vhost :type ssl_vhost: :class:`~letsencrypt.client.plugins.apache.obj.VirtualHost` :returns: tuple of the form (`success`, :class:`~letsencrypt.client.plugins.apache.obj.VirtualHost`) :rtype: tuple """ # Consider changing this to a dictionary check # Make sure adding the vhost will be safe conflict, host_or_addrs = self._conflicting_host(ssl_vhost) if conflict: raise errors.LetsEncryptConfiguratorError( "Unable to create a redirection vhost " "- {}".format(host_or_addrs)) redirect_addrs = host_or_addrs # get servernames and serveraliases serveralias = "" servername = "" size_n = len(ssl_vhost.names) if size_n > 0: servername = "ServerName " + ssl_vhost.names[0] if size_n > 1: serveralias = " ".join(ssl_vhost.names[1:size_n]) serveralias = "ServerAlias " + serveralias redirect_file = ("<VirtualHost" + redirect_addrs + ">\n" "%s \n" "%s \n" "ServerSignature Off\n" "\n" "RewriteEngine On\n" "RewriteRule %s\n" "\n" "ErrorLog /var/log/apache2/redirect.error.log\n" "LogLevel warn\n" "</VirtualHost>\n" % (servername, serveralias, " ".join( constants.APACHE_REWRITE_HTTPS_ARGS))) # Write out the file # This is the default name redirect_filename = "le-redirect.conf" # See if a more appropriate name can be applied if len(ssl_vhost.names) > 0: # Sanity check... # make sure servername doesn't exceed filename length restriction if ssl_vhost.names[0] < (255 - 23): redirect_filename = "le-redirect-%s.conf" % ssl_vhost.names[0] redirect_filepath = os.path.join(self.parser.root, "sites-available", redirect_filename) # Register the new file that will be created # Note: always register the creation before writing to ensure file will # be removed in case of unexpected program exit self.reverter.register_file_creation(False, redirect_filepath) # Write out file with open(redirect_filepath, "w") as redirect_fd: redirect_fd.write(redirect_file) logging.info("Created redirect file: %s", redirect_filename) self.aug.load() # Make a new vhost data structure and add it to the lists new_vhost = self._create_vhost(parser.get_aug_path(redirect_filepath)) self.vhosts.append(new_vhost) # Finally create documentation for the change self.save_notes += ("Created a port 80 vhost, %s, for redirection to " "ssl vhost %s\n" % (new_vhost.filep, ssl_vhost.filep))