mirror of
https://github.com/frappe/bench.git
synced 2024-11-14 09:14:04 +00:00
Include base domain while generating ssl certificate if not excluded explicitly
This commit is contained in:
parent
51f38c0289
commit
8f39df5c34
@ -131,7 +131,8 @@ def setup_letsencrypt(site, custom_domain, non_interactive):
|
|||||||
@click.command('wildcard-ssl')
|
@click.command('wildcard-ssl')
|
||||||
@click.argument('domain')
|
@click.argument('domain')
|
||||||
@click.option('--email')
|
@click.option('--email')
|
||||||
def setup_wildcard_ssl(domain, email):
|
@click.option('--exclude-base-domain', default=False, is_flag=True, help="SSL Certificate not applicable for base domain")
|
||||||
|
def setup_wildcard_ssl(domain, email, exclude_base_domain):
|
||||||
''' Setup wildcard ssl certificate '''
|
''' Setup wildcard ssl certificate '''
|
||||||
from bench.config.lets_encrypt import setup_wildcard_ssl
|
from bench.config.lets_encrypt import setup_wildcard_ssl
|
||||||
setup_wildcard_ssl(domain, email, bench_path='.')
|
setup_wildcard_ssl(domain, email, bench_path='.')
|
||||||
|
@ -118,19 +118,27 @@ def renew_certs():
|
|||||||
service('nginx', 'start')
|
service('nginx', 'start')
|
||||||
|
|
||||||
|
|
||||||
def setup_wildcard_ssl(domain, email, bench_path):
|
def setup_wildcard_ssl(domain, email, bench_path, exclude_base_domain):
|
||||||
|
|
||||||
def _get_domain_name(domain):
|
def _get_domains(domain):
|
||||||
if domain.split('.')[0] != '*':
|
domain_list = [domain]
|
||||||
domain = '*.{0}'.format(domain)
|
|
||||||
return domain
|
if not domain.startswith('*.'):
|
||||||
|
# add wildcard caracter to domain if missing
|
||||||
|
domain_list.append('*.{0}'.format(domain))
|
||||||
|
else:
|
||||||
|
# include base domain based on flag
|
||||||
|
if not exclude_base_domain:
|
||||||
|
domain_list.append(domain.replace('*.', ''))
|
||||||
|
|
||||||
|
return domain_list
|
||||||
|
|
||||||
if not get_config(bench_path).get("dns_multitenant"):
|
if not get_config(bench_path).get("dns_multitenant"):
|
||||||
print("You cannot setup SSL without DNS Multitenancy")
|
print("You cannot setup SSL without DNS Multitenancy")
|
||||||
return
|
return
|
||||||
|
|
||||||
get_certbot()
|
get_certbot()
|
||||||
domain = _get_domain_name(domain)
|
domain_list = _get_domains(domain.strip())
|
||||||
|
|
||||||
email_param = ''
|
email_param = ''
|
||||||
if email:
|
if email:
|
||||||
@ -139,7 +147,7 @@ def setup_wildcard_ssl(domain, email, bench_path):
|
|||||||
try:
|
try:
|
||||||
exec_cmd("{path} certonly --manual --preferred-challenges=dns {email_param} \
|
exec_cmd("{path} certonly --manual --preferred-challenges=dns {email_param} \
|
||||||
--server https://acme-v02.api.letsencrypt.org/directory \
|
--server https://acme-v02.api.letsencrypt.org/directory \
|
||||||
--agree-tos -d {domain}".format(path=get_certbot_path(), domain=domain,
|
--agree-tos -d {domain}".format(path=get_certbot_path(), domain=' -d '.join(domain_list),
|
||||||
email_param=email_param))
|
email_param=email_param))
|
||||||
|
|
||||||
except CommandFailedError:
|
except CommandFailedError:
|
||||||
@ -156,5 +164,8 @@ def setup_wildcard_ssl(domain, email, bench_path):
|
|||||||
}
|
}
|
||||||
|
|
||||||
update_common_site_config(ssl_config)
|
update_common_site_config(ssl_config)
|
||||||
|
setup_crontab()
|
||||||
|
|
||||||
make_nginx_conf(bench_path)
|
make_nginx_conf(bench_path)
|
||||||
service('nginx', 'restart')
|
service('nginx', 'restart')
|
||||||
|
|
Loading…
Reference in New Issue
Block a user