2
0
mirror of https://github.com/frappe/bench.git synced 2025-01-24 23:48:24 +00:00

Merge pull request #83 from frappe/nginx-https

Nginx https
This commit is contained in:
Pratik Vyas 2014-11-26 11:48:46 +05:30
commit 9c72d0a552
5 changed files with 84 additions and 19 deletions

View File

@ -13,7 +13,7 @@ from .utils import set_default_site as _set_default_site
from .utils import (build_assets, patch_sites, exec_cmd, update_bench, get_frappe, setup_logging, from .utils import (build_assets, patch_sites, exec_cmd, update_bench, get_frappe, setup_logging,
get_config, update_config, restart_supervisor_processes, put_config, default_config, update_requirements, get_config, update_config, restart_supervisor_processes, put_config, default_config, update_requirements,
backup_all_sites, backup_site, get_sites, prime_wheel_cache, is_root, set_mariadb_host, drop_privileges, backup_all_sites, backup_site, get_sites, prime_wheel_cache, is_root, set_mariadb_host, drop_privileges,
fix_file_perms) fix_file_perms, set_ssl_certificate, set_ssl_certificate_key)
from .app import get_app as _get_app from .app import get_app as _get_app
from .app import new_app as _new_app from .app import new_app as _new_app
from .app import pull_all_apps from .app import pull_all_apps
@ -213,6 +213,20 @@ def set_nginx_port(site, port):
"Set nginx port for site" "Set nginx port for site"
_set_nginx_port(site, port) _set_nginx_port(site, port)
@click.command('set-ssl-certificate')
@click.argument('site')
@click.argument('ssl-certificate-path')
def _set_ssl_certificate(site, ssl_certificate_path):
"Set ssl certificate path for site"
set_ssl_certificate(site, ssl_certificate_path)
@click.command('set-ssl-key')
@click.argument('site')
@click.argument('ssl-certificate-key-path')
def _set_ssl_certificate_key(site, ssl_certificate_key_path):
"Set ssl certificate private key path for site"
set_ssl_certificate_key(site, ssl_certificate_key_path)
@click.command('set-url-root') @click.command('set-url-root')
@click.argument('site') @click.argument('site')
@click.argument('url-root') @click.argument('url-root')
@ -422,6 +436,8 @@ bench.add_command(restart)
bench.add_command(config) bench.add_command(config)
bench.add_command(start) bench.add_command(start)
bench.add_command(set_nginx_port) bench.add_command(set_nginx_port)
bench.add_command(_set_ssl_certificate)
bench.add_command(_set_ssl_certificate_key)
bench.add_command(_set_mariadb_host) bench.add_command(_set_mariadb_host)
bench.add_command(set_default_site) bench.add_command(set_default_site)
bench.add_command(migrate_3to4) bench.add_command(migrate_3to4)

View File

@ -31,10 +31,16 @@ def get_site_config(site, bench='.'):
def get_sites_with_config(bench='.'): def get_sites_with_config(bench='.'):
sites = get_sites() sites = get_sites()
return [{ ret = []
for site in sites:
site_config = get_site_config(site, bench=bench)
ret.append({
"name": site, "name": site,
"port": get_site_config(site, bench=bench).get('nginx_port') "port": site_config.get('nginx_port'),
} for site in sites] "ssl_certificate": site_config.get('ssl_certificate'),
"ssl_certificate_key": site_config.get('ssl_certificate_key')
})
return ret
def generate_nginx_config(bench='.'): def generate_nginx_config(bench='.'):
template = env.get_template('nginx.conf') template = env.get_template('nginx.conf')

View File

@ -5,15 +5,7 @@ upstream frappe {
server 127.0.0.1:8000 fail_timeout=0; server 127.0.0.1:8000 fail_timeout=0;
} }
{% macro server_block(site, port=80, default=False, server_name=None, sites=None, dns_multitenant=False) -%} {% macro location_block(site, port=80, default=False, server_name=None, sites=None, dns_multitenant=False) -%}
server {
listen {{ site.port if not default and site.port else port }} {% if default %} default {% endif %};
client_max_body_size 4G;
{% if dns_multitenant and sites %}
server_name {% for site in sites %} {{ site.name }} {% endfor %};
{% else %}
server_name {{ site.name if not server_name else server_name }};
{% endif %}
keepalive_timeout 5; keepalive_timeout 5;
sendfile on; sendfile on;
root {{ sites_dir }}; root {{ sites_dir }};
@ -43,21 +35,58 @@ upstream frappe {
proxy_redirect off; proxy_redirect off;
proxy_pass http://frappe; proxy_pass http://frappe;
} }
{%- endmacro %}
{% macro server_name_block(site, default=False, server_name=None, sites=None, dns_multitenant=False) -%}
client_max_body_size 4G;
{% if dns_multitenant and sites %}
server_name {% for site in sites %} {{ site.name }} {% endfor %};
{% else %}
server_name {{ site.name if not server_name else server_name }};
{% endif %}
{%- endmacro %}
{% macro server_block_http(site, port=80, default=False, server_name=None, sites=None, dns_multitenant=False) -%}
server {
listen {{ site.port if not default and site.port else port }} {% if default %} default {% endif %};
{{ server_name_block(site, default=default, server_name=server_name, sites=sites, dns_multitenant=dns_multitenant) }}
{{ location_block(site, port=port, default=default, server_name=server_name, sites=sites, dns_multitenant=dns_multitenant) }}
}
{%- endmacro %}
{% macro server_block_https(site, port=443, default=False, server_name=None, sites=None, dns_multitenant=False) -%}
server {
listen {{ site.ssl_port if not default and site.ssl_port else port }} {% if default %} default {% endif %};
{{ server_name_block(site, default=default, server_name=server_name, sites=sites, dns_multitenant=dns_multitenant) }}
ssl on;
ssl_certificate {{ site.ssl_certificate }};
ssl_certificate_key {{ site.ssl_certificate_key }};
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
ssl_prefer_server_ciphers on;
{{ location_block(site, port=port, default=default, server_name=server_name, sites=sites, dns_multitenant=dns_multitenant) }}
} }
{%- endmacro %} {%- endmacro %}
{% for site in sites %} {% for site in sites %}
{% if site.port %} {% if site.port %}
{{ server_block(site) }} {{ server_block_http(site) }}
{% endif %}
{% if site.ssl_certificate_key and site.ssl_certificate %}
{{ server_block_https(site) }}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% if default_site %} {% if default_site %}
{{ server_block(default_site, default=True, server_name="frappe_default_site") }} {{ server_block_http(default_site, default=True, server_name="frappe_default_site") }}
{% endif %} {% endif %}
{% if dns_multitenant and sites %} {% if dns_multitenant and sites %}
{{ server_block(None, default=False, sites=sites, dns_multitenant=True) }} {{ server_block_http(None, default=False, sites=sites, dns_multitenant=True) }}
{% endif %} {% endif %}

View File

@ -236,10 +236,22 @@ def update_site_config(site, new_config, bench='.'):
put_site_config(site, config, bench=bench) put_site_config(site, config, bench=bench)
def set_nginx_port(site, port, bench='.', gen_config=True): def set_nginx_port(site, port, bench='.', gen_config=True):
set_site_config_nginx_property(site, {"nginx_port": port}, bench=bench)
def set_ssl_certificate(site, ssl_certificate, bench='.', gen_config=True):
set_site_config_nginx_property(site, {"ssl_certificate": ssl_certificate}, bench=bench)
def set_ssl_certificate_key(site, ssl_certificate_key, bench='.', gen_config=True):
set_site_config_nginx_property(site, {"ssl_certificate_key": ssl_certificate_key}, bench=bench)
def set_nginx_port(site, port, bench='.', gen_config=True):
set_site_config_nginx_property(site, {"nginx_port": port}, bench=bench)
def set_site_config_nginx_property(site, config, bench='.', gen_config=True):
from .config import generate_nginx_config from .config import generate_nginx_config
if site not in get_sites(bench=bench): if site not in get_sites(bench=bench):
raise Exception("No such site") raise Exception("No such site")
update_site_config(site, {"nginx_port": port}, bench=bench) update_site_config(site, config, bench=bench)
if gen_config: if gen_config:
generate_nginx_config() generate_nginx_config()

View File

@ -25,6 +25,7 @@ set_opts () {
VERBOSE=false VERBOSE=false
HELP=false HELP=false
FRAPPE_USER=false FRAPPE_USER=false
BENCH_BRANCH="master"
FRAPPE_USER_PASS=`get_passwd` FRAPPE_USER_PASS=`get_passwd`
MSQ_PASS=`get_passwd` MSQ_PASS=`get_passwd`
ADMIN_PASS=`get_passwd` ADMIN_PASS=`get_passwd`
@ -37,6 +38,7 @@ set_opts () {
--mysql-root-password ) MSQ_PASS="$2"; shift; shift ;; --mysql-root-password ) MSQ_PASS="$2"; shift; shift ;;
--frappe-user ) FRAPPE_USER="$2"; shift; shift ;; --frappe-user ) FRAPPE_USER="$2"; shift; shift ;;
--setup-production ) SETUP_PROD=true; shift;; --setup-production ) SETUP_PROD=true; shift;;
--bench-branch ) BENCH_BRANCH="$2"; shift;;
-- ) shift; break ;; -- ) shift; break ;;
* ) break ;; * ) break ;;
esac esac
@ -298,7 +300,7 @@ setup_debconf() {
} }
install_bench() { install_bench() {
run_cmd sudo su $FRAPPE_USER -c "cd /home/$FRAPPE_USER && git clone https://github.com/frappe/bench bench-repo" run_cmd sudo su $FRAPPE_USER -c "cd /home/$FRAPPE_USER && git clone https://github.com/frappe/bench --branch $BENCH_BRANCH bench-repo"
if hash pip-2.7 &> /dev/null; then if hash pip-2.7 &> /dev/null; then
PIP="pip-2.7" PIP="pip-2.7"
elif hash pip2.7 &> /dev/null; then elif hash pip2.7 &> /dev/null; then