class Generate:
nginxPath = "/etc/nginx/sites-enabled/"
nginxCerts = "/opt/woodCDN/certs/"
reload = False
def __init__(self):
self.cli = CLI()
self.cert = Cert()
self.templator = Templator()
def run(self):
while True:
self.certs()
self.nginx()
time.sleep(60)
def certs(self):
print("Updating certs")
data = self.cli.query(['SELECT * FROM certs'])
files, current = os.listdir(self.nginxCerts), []
if 'values' in data['results'][0]:
for entry in data['results'][0]['values']:
if entry[2] == "@": domain = entry[1]
if entry[2] != "@": domain = entry[2] + "." + entry[1]
current.append(domain + "-fullchain.pem")
current.append(domain + "-privkey.pem")
if domain + "-fullchain.pem" not in files or entry[
5] > os.path.getmtime(self.nginxCerts + domain +
"-fullchain.pem"):
print("Writing", domain + "-fullchain.pem")
with open(self.nginxCerts + domain + "-fullchain.pem",
'w') as out:
out.write(entry[3])
self.reload = True
else:
print(domain + "-fullchain.pem", "skipping")
if domain + "-privkey.pem" not in files or entry[
5] > os.path.getmtime(self.nginxCerts + domain +
"-privkey.pem"):
print("Writing", domain + "-privkey.pem")
with open(self.nginxCerts + domain + "-privkey.pem",
'w') as out:
out.write(entry[4])
self.reload = True
else:
print(domain + "-privkey.pem", "skipping")
self.cert.syncCerts(current, files, self.nginxCerts)
def nginx(self):
print("Updating nginx")
data = self.cli.query(['SELECT * FROM vhosts WHERE type = "proxy"'])
files, current = os.listdir(self.nginxPath), []
if 'values' in data['results'][0]:
for entry in data['results'][0]['values']:
if entry[2] == "@": domain = entry[1]
if entry[2] != "@": domain = entry[2] + "." + entry[1]
current.append("cdn-" + domain)
#If the vhost does not exists or the database timestamp is newer than the file timestamp
if "cdn-" + domain not in files or entry[5] > os.path.getmtime(
self.nginxPath + "cdn-" + domain):
print("Writing HTTP config for", domain)
http = self.templator.nginxHTTP(domain, entry[4])
vhost = self.templator.nginxWrap(domain, http)
with open(self.nginxPath + "cdn-" + domain, 'w') as out:
out.write(vhost)
self.reload = True
#If the vhost exist lets do some modifications
if os.path.isfile(self.nginxPath + "cdn-" + domain):
with open(self.nginxPath + "cdn-" + domain, 'r') as f:
file = f.read()
if "443" not in file and os.path.isfile(
self.nginxCerts + domain +
"-fullchain.pem") and os.path.isfile(
self.nginxCerts + domain + "-privkey.pem"):
print("Writing HTTPS config for", domain)
http = self.templator.nginxHTTP(domain, entry[4])
https = self.templator.nginxHTTPS(domain, entry[4])
vhost = self.templator.nginxWrap(domain, http + https)
with open(self.nginxPath + "cdn-" + domain,
'w') as out:
out.write(vhost)
self.reload = True
elif "443" not in file:
print("Cert missing for", domain, "skipping")
else:
print("cdn-" + domain, "skipping")
#vhosts removed from database
for file in files:
if file not in current and "cdn-" in file:
os.remove(path + file)
self.reload = True
if self.reload:
#Gracefull reloading, won't impact incomming or ongoing connections
print("Reloading nginx")
subprocess.run(
["/usr/bin/sudo", "/usr/sbin/service", "nginx", "reload"])
sys.path.append("..") # Adds higher directory to python modules path.
from Class.cli import CLI
from Class.cert import Cert
cli = CLI()
cert = Cert()
status = cli.status()
if status is False: print("rqlite gone")
state = status['store']['raft']['state']
if state == "Leader":
print("Getting doamins")
domains = cli.query([
'SELECT * FROM vhosts as v JOIN domains as d ON v.domain=d.domain LEFT JOIN certs as c ON v.domain=c.domain AND v.subdomain=c.subdomain WHERE v.type = "proxy"'
])
if domains is False:
print("rqlite gone")
sys.exit()
if 'values' not in domains['results'][0]:
print("no vhosts added")
sys.exit()
for row in domains['results'][0]['values']:
target = row[1]
if row[2] is not "@": target = row[2] + "." + row[1]
if row[9] == None:
print("Missing cert for", target)