2
0
mirror of https://github.com/frappe/bench.git synced 2025-01-10 17:24:41 +00:00

fix: replace certbot-auto with certbot (#1303)

* fix: replace certbot-auto references with certbot and add in prerequesites ansile tasks

* fix: config file flag fix

* fix: certbot path using find_executable instead of hardcoded

* fix: remove easy install entry for certbot

* fix: replace find_executable with which

* fix: no need to check and raise.

* fix: provide user with cerbot install instructions"

* fix: return certbot path

* fix: Use get_certbot_path instead of harcoded path

Co-authored-by: Abhishek Balam <abhishekbalam96@gmail.com>
Co-authored-by: gavin <gavin18d@gmail.com>
This commit is contained in:
Devin Slauenwhite 2022-05-23 03:14:25 -04:00 committed by GitHub
parent 6790f6beaa
commit a88932592e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 10 additions and 20 deletions

View File

@ -10,11 +10,10 @@ from bench.config.nginx import make_nginx_conf
from bench.config.production_setup import service from bench.config.production_setup import service
from bench.config.site_config import get_domains, remove_domain, update_site_config from bench.config.site_config import get_domains, remove_domain, update_site_config
from bench.bench import Bench from bench.bench import Bench
from bench.utils import exec_cmd from bench.utils import exec_cmd, which
from bench.utils.bench import update_common_site_config from bench.utils.bench import update_common_site_config
from bench.exceptions import CommandFailedError from bench.exceptions import CommandFailedError
def setup_letsencrypt(site, custom_domain, bench_path, interactive): def setup_letsencrypt(site, custom_domain, bench_path, interactive):
site_path = os.path.join(bench_path, "sites", site, "site_config.json") site_path = os.path.join(bench_path, "sites", site, "site_config.json")
@ -58,7 +57,6 @@ def create_config(site, custom_domain):
def run_certbot_and_setup_ssl(site, custom_domain, bench_path, interactive=True): def run_certbot_and_setup_ssl(site, custom_domain, bench_path, interactive=True):
service('nginx', 'stop') service('nginx', 'stop')
get_certbot()
try: try:
interactive = '' if interactive else '-n' interactive = '' if interactive else '-n'
@ -88,7 +86,7 @@ def run_certbot_and_setup_ssl(site, custom_domain, bench_path, interactive=True)
def setup_crontab(): def setup_crontab():
from crontab import CronTab from crontab import CronTab
job_command = '/opt/certbot-auto renew -a nginx --post-hook "systemctl reload nginx"' job_command = f'{get_certbot_path()} renew -a nginx --post-hook "systemctl reload nginx"'
job_comment = 'Renew lets-encrypt every month' job_comment = 'Renew lets-encrypt every month'
print(f"Setting Up cron job to {job_comment}") print(f"Setting Up cron job to {job_comment}")
@ -107,20 +105,11 @@ def create_dir_if_missing(path):
os.makedirs(os.path.dirname(path)) os.makedirs(os.path.dirname(path))
def get_certbot():
from urllib.request import urlretrieve
certbot_path = get_certbot_path()
create_dir_if_missing(certbot_path)
if not os.path.isfile(certbot_path):
urlretrieve("https://dl.eff.org/certbot-auto", certbot_path)
os.chmod(certbot_path, 0o744)
def get_certbot_path(): def get_certbot_path():
return "/opt/certbot-auto" try:
return which("certbot", raise_err=True)
except FileNotFoundError:
raise CommandFailedError("Certbot is not installed on your system. Please visit https://certbot.eff.org/instructions for installation instructions, then try again.")
def renew_certs(): def renew_certs():
# Needs to be run with sudo # Needs to be run with sudo
@ -156,7 +145,6 @@ def setup_wildcard_ssl(domain, email, bench_path, exclude_base_domain):
print("You cannot setup SSL without DNS Multitenancy") print("You cannot setup SSL without DNS Multitenancy")
return return
get_certbot()
domain_list = _get_domains(domain.strip()) domain_list = _get_domains(domain.strip())
email_param = '' email_param = ''

View File

@ -15,6 +15,5 @@
{{ user }} ALL = (root) NOPASSWD: {{ nginx }} {{ user }} ALL = (root) NOPASSWD: {{ nginx }}
{% endif %} {% endif %}
{{ user }} ALL = (root) NOPASSWD: /opt/certbot-auto {{ user }} ALL = (root) NOPASSWD: {{ certbot }}
Defaults:{{ user }} !requiretty Defaults:{{ user }} !requiretty

View File

@ -108,6 +108,8 @@ def init(
def setup_sudoers(user): def setup_sudoers(user):
from bench.config.lets_encrypt import get_certbot_path
if not os.path.exists("/etc/sudoers.d"): if not os.path.exists("/etc/sudoers.d"):
os.makedirs("/etc/sudoers.d") os.makedirs("/etc/sudoers.d")
@ -128,6 +130,7 @@ def setup_sudoers(user):
"service": which("service"), "service": which("service"),
"systemctl": which("systemctl"), "systemctl": which("systemctl"),
"nginx": which("nginx"), "nginx": which("nginx"),
"certbot": get_certbot_path(),
} }
) )