def renew_certs():
click.confirm('Running this will stop the nginx service temporarily causing your sites to go offline\n'
'Do you want to continue?',
abort=True)
service('nginx', 'stop')
exec_cmd("{path} renew".format(path=get_certbot_path()))
service('nginx', 'start')
def renew_certs():
click.confirm('Running this will stop the nginx service temporarily causing your sites to go offline\n'
'Do you want to continue?',
abort=True)
service('nginx', 'stop')
exec_cmd("{path} renew".format(path=get_certbot_path()))
service('nginx', 'start')
def update_supervisord_config(user=None, yes=False):
"""From bench v5.x, we're moving to supervisor running as user"""
from bench.config.production_setup import service
if not user:
user = getpass.getuser()
supervisord_conf = get_supervisord_conf()
section = "unix_http_server"
updated_values = {
"chmod": "0760",
"chown": "{user}:{user}".format(user=user)
}
supervisord_conf_changes = ""
if not supervisord_conf:
logger.log("supervisord.conf not found")
return
config = configparser.ConfigParser()
config.read(supervisord_conf)
if section not in config.sections():
config.add_section(section)
action = "Section {0} Added".format(section)
logger.log(action)
supervisord_conf_changes += '\n' + action
for key, value in updated_values.items():
try:
current_value = config.get(section, key)
except configparser.NoOptionError:
current_value = ""
if current_value.strip() != value:
config.set(section, key, value)
action = "Updated supervisord.conf: '{0}' changed from '{1}' to '{2}'".format(key, current_value, value)
logger.log(action)
supervisord_conf_changes += '\n' + action
if not supervisord_conf_changes:
logger.log("supervisord.conf not updated")
return
if not yes:
click.confirm("{0} will be updated with the following values:\n{1}\nDo you want to continue?".format(supervisord_conf, supervisord_conf_changes), abort=True)
try:
with open(supervisord_conf, "w") as f:
config.write(f)
logger.log("Updated supervisord.conf at '{0}'".format(supervisord_conf))
except Exception as e:
logger.log("Updating supervisord.conf failed due to '{0}'".format(e))
# Reread supervisor configuration, reload supervisord and supervisorctl, restart services that were started
service('supervisor', 'reload')
def setup_wildcard_ssl(domain, email, bench_path, exclude_base_domain):
def _get_domains(domain):
domain_list = [domain]
if not domain.startswith('*.'):
# add wildcard caracter to domain if missing
domain_list.append('*.{0}'.format(domain))
else:
# include base domain based on flag
domain_list.append(domain.replace('*.', ''))
if exclude_base_domain:
domain_list.remove(domain.replace('*.', ''))
return domain_list
if not get_config(bench_path).get("dns_multitenant"):
print("You cannot setup SSL without DNS Multitenancy")
return
get_certbot()
domain_list = _get_domains(domain.strip())
email_param = ''
if email:
email_param = '--email {0}'.format(email)
try:
exec_cmd(
"{path} certonly --manual --preferred-challenges=dns {email_param} \
--server https://acme-v02.api.letsencrypt.org/directory \
--agree-tos -d {domain}".format(path=get_certbot_path(),
domain=' -d '.join(domain_list),
email_param=email_param))
except CommandFailedError:
print("There was a problem trying to setup SSL")
return
ssl_path = "/etc/letsencrypt/live/{domain}/".format(domain=domain)
ssl_config = {
"wildcard": {
"domain": domain,
"ssl_certificate": os.path.join(ssl_path, "fullchain.pem"),
"ssl_certificate_key": os.path.join(ssl_path, "privkey.pem")
}
}
update_common_site_config(ssl_config)
setup_crontab()
make_nginx_conf(bench_path)
print("Restrting Nginx service")
service('nginx', 'restart')
def setup_wildcard_ssl(domain, email, bench_path, exclude_base_domain):
def _get_domains(domain):
domain_list = [domain]
if not domain.startswith('*.'):
# add wildcard caracter to domain if missing
domain_list.append('*.{0}'.format(domain))
else:
# include base domain based on flag
domain_list.append(domain.replace('*.', ''))
if exclude_base_domain:
domain_list.remove(domain.replace('*.', ''))
return domain_list
if not get_config(bench_path).get("dns_multitenant"):
print("You cannot setup SSL without DNS Multitenancy")
return
get_certbot()
domain_list = _get_domains(domain.strip())
email_param = ''
if email:
email_param = '--email {0}'.format(email)
try:
exec_cmd("{path} certonly --manual --preferred-challenges=dns {email_param} \
--server https://acme-v02.api.letsencrypt.org/directory \
--agree-tos -d {domain}".format(path=get_certbot_path(), domain=' -d '.join(domain_list),
email_param=email_param))
except CommandFailedError:
print("There was a problem trying to setup SSL")
return
ssl_path = "/etc/letsencrypt/live/{domain}/".format(domain=domain)
ssl_config = {
"wildcard": {
"domain": domain,
"ssl_certificate": os.path.join(ssl_path, "fullchain.pem"),
"ssl_certificate_key": os.path.join(ssl_path, "privkey.pem")
}
}
update_common_site_config(ssl_config)
setup_crontab()
make_nginx_conf(bench_path)
print("Restrting Nginx service")
service('nginx', 'restart')
def execute(bench_path):
"""This patch checks if bench sudoers is set and regenerate supervisor and sudoers files"""
user = get_config('.').get("frappe_user") or getpass.getuser()
if is_sudoers_set():
if is_production_set(bench_path):
exec_cmd("sudo bench setup supervisor --yes --user {user}".format(
user=user))
service("supervisord", "restart")
exec_cmd("sudo bench setup sudoers {user}".format(user=user))
def run_certbot_and_setup_ssl(site, custom_domain, bench_path):
service('nginx', 'stop')
get_certbot()
try:
exec_cmd(
"{path} --config /etc/letsencrypt/configs/{site}.cfg certonly".
format(path=get_certbot_path(), site=custom_domain or site))
except CommandFailedError:
service('nginx', 'start')
print "There was a problem trying to setup SSL for your site"
return
ssl_path = "/etc/letsencrypt/live/{site}/".format(
site=custom_domain or site)
ssl_config = {
"ssl_certificate": os.path.join(ssl_path, "fullchain.pem"),
"ssl_certificate_key": os.path.join(ssl_path, "privkey.pem")
}
if custom_domain:
remove_domain(site, custom_domain, bench_path)
domains = get_domains(site, bench_path)
ssl_config['domain'] = custom_domain
domains.append(ssl_config)
update_site_config(site, {"domains": domains}, bench_path=bench_path)
else:
update_site_config(site, ssl_config, bench_path=bench_path)
make_nginx_conf(bench_path)
service('nginx', 'start')
def run_certbot_and_setup_ssl(site, custom_domain, bench_path):
service('nginx', 'stop')
get_certbot()
try:
exec_cmd("{path} --config /etc/letsencrypt/configs/{site}.cfg certonly".format(path=get_certbot_path(), site=custom_domain or site))
except CommandFailedError:
service('nginx', 'start')
print "There was a problem trying to setup SSL for your site"
return
ssl_path = "/etc/letsencrypt/live/{site}/".format(site=custom_domain or site)
ssl_config = { "ssl_certificate": os.path.join(ssl_path, "fullchain.pem"),
"ssl_certificate_key": os.path.join(ssl_path, "privkey.pem") }
if custom_domain:
remove_domain(site, custom_domain, bench_path)
domains = get_domains(site, bench_path)
ssl_config['domain'] = custom_domain
domains.append(ssl_config)
update_site_config(site, { "domains": domains }, bench_path=bench_path)
else:
update_site_config(site, ssl_config, bench_path=bench_path)
make_nginx_conf(bench_path)
service('nginx', 'start')
