2
0
mirror of https://github.com/frappe/bench.git synced 2024-11-14 09:14:04 +00:00

Include base domain while generating ssl certificate if not excluded explicitly

This commit is contained in:
Saurabh 2018-06-30 10:38:59 +05:30
parent 51f38c0289
commit 8f39df5c34
2 changed files with 20 additions and 8 deletions

View File

@ -131,7 +131,8 @@ def setup_letsencrypt(site, custom_domain, non_interactive):
@click.command('wildcard-ssl') @click.command('wildcard-ssl')
@click.argument('domain') @click.argument('domain')
@click.option('--email') @click.option('--email')
def setup_wildcard_ssl(domain, email): @click.option('--exclude-base-domain', default=False, is_flag=True, help="SSL Certificate not applicable for base domain")
def setup_wildcard_ssl(domain, email, exclude_base_domain):
''' Setup wildcard ssl certificate ''' ''' Setup wildcard ssl certificate '''
from bench.config.lets_encrypt import setup_wildcard_ssl from bench.config.lets_encrypt import setup_wildcard_ssl
setup_wildcard_ssl(domain, email, bench_path='.') setup_wildcard_ssl(domain, email, bench_path='.')

View File

@ -118,19 +118,27 @@ def renew_certs():
service('nginx', 'start') service('nginx', 'start')
def setup_wildcard_ssl(domain, email, bench_path): def setup_wildcard_ssl(domain, email, bench_path, exclude_base_domain):
def _get_domain_name(domain): def _get_domains(domain):
if domain.split('.')[0] != '*': domain_list = [domain]
domain = '*.{0}'.format(domain)
return domain if not domain.startswith('*.'):
# add wildcard caracter to domain if missing
domain_list.append('*.{0}'.format(domain))
else:
# include base domain based on flag
if not exclude_base_domain:
domain_list.append(domain.replace('*.', ''))
return domain_list
if not get_config(bench_path).get("dns_multitenant"): if not get_config(bench_path).get("dns_multitenant"):
print("You cannot setup SSL without DNS Multitenancy") print("You cannot setup SSL without DNS Multitenancy")
return return
get_certbot() get_certbot()
domain = _get_domain_name(domain) domain_list = _get_domains(domain.strip())
email_param = '' email_param = ''
if email: if email:
@ -139,7 +147,7 @@ def setup_wildcard_ssl(domain, email, bench_path):
try: try:
exec_cmd("{path} certonly --manual --preferred-challenges=dns {email_param} \ exec_cmd("{path} certonly --manual --preferred-challenges=dns {email_param} \
--server https://acme-v02.api.letsencrypt.org/directory \ --server https://acme-v02.api.letsencrypt.org/directory \
--agree-tos -d {domain}".format(path=get_certbot_path(), domain=domain, --agree-tos -d {domain}".format(path=get_certbot_path(), domain=' -d '.join(domain_list),
email_param=email_param)) email_param=email_param))
except CommandFailedError: except CommandFailedError:
@ -156,5 +164,8 @@ def setup_wildcard_ssl(domain, email, bench_path):
} }
update_common_site_config(ssl_config) update_common_site_config(ssl_config)
setup_crontab()
make_nginx_conf(bench_path) make_nginx_conf(bench_path)
service('nginx', 'restart') service('nginx', 'restart')