mirror of
https://github.com/frappe/bench.git
synced 2025-01-25 07:58:24 +00:00
fix: replace certbot-auto with certbot (#1303)
* fix: replace certbot-auto references with certbot and add in prerequesites ansile tasks * fix: config file flag fix * fix: certbot path using find_executable instead of hardcoded * fix: remove easy install entry for certbot * fix: replace find_executable with which * fix: no need to check and raise. * fix: provide user with cerbot install instructions" * fix: return certbot path * fix: Use get_certbot_path instead of harcoded path Co-authored-by: Abhishek Balam <abhishekbalam96@gmail.com> Co-authored-by: gavin <gavin18d@gmail.com>
This commit is contained in:
parent
6790f6beaa
commit
a88932592e
@ -10,11 +10,10 @@ from bench.config.nginx import make_nginx_conf
|
|||||||
from bench.config.production_setup import service
|
from bench.config.production_setup import service
|
||||||
from bench.config.site_config import get_domains, remove_domain, update_site_config
|
from bench.config.site_config import get_domains, remove_domain, update_site_config
|
||||||
from bench.bench import Bench
|
from bench.bench import Bench
|
||||||
from bench.utils import exec_cmd
|
from bench.utils import exec_cmd, which
|
||||||
from bench.utils.bench import update_common_site_config
|
from bench.utils.bench import update_common_site_config
|
||||||
from bench.exceptions import CommandFailedError
|
from bench.exceptions import CommandFailedError
|
||||||
|
|
||||||
|
|
||||||
def setup_letsencrypt(site, custom_domain, bench_path, interactive):
|
def setup_letsencrypt(site, custom_domain, bench_path, interactive):
|
||||||
|
|
||||||
site_path = os.path.join(bench_path, "sites", site, "site_config.json")
|
site_path = os.path.join(bench_path, "sites", site, "site_config.json")
|
||||||
@ -58,7 +57,6 @@ def create_config(site, custom_domain):
|
|||||||
|
|
||||||
def run_certbot_and_setup_ssl(site, custom_domain, bench_path, interactive=True):
|
def run_certbot_and_setup_ssl(site, custom_domain, bench_path, interactive=True):
|
||||||
service('nginx', 'stop')
|
service('nginx', 'stop')
|
||||||
get_certbot()
|
|
||||||
|
|
||||||
try:
|
try:
|
||||||
interactive = '' if interactive else '-n'
|
interactive = '' if interactive else '-n'
|
||||||
@ -88,7 +86,7 @@ def run_certbot_and_setup_ssl(site, custom_domain, bench_path, interactive=True)
|
|||||||
def setup_crontab():
|
def setup_crontab():
|
||||||
from crontab import CronTab
|
from crontab import CronTab
|
||||||
|
|
||||||
job_command = '/opt/certbot-auto renew -a nginx --post-hook "systemctl reload nginx"'
|
job_command = f'{get_certbot_path()} renew -a nginx --post-hook "systemctl reload nginx"'
|
||||||
job_comment = 'Renew lets-encrypt every month'
|
job_comment = 'Renew lets-encrypt every month'
|
||||||
print(f"Setting Up cron job to {job_comment}")
|
print(f"Setting Up cron job to {job_comment}")
|
||||||
|
|
||||||
@ -107,20 +105,11 @@ def create_dir_if_missing(path):
|
|||||||
os.makedirs(os.path.dirname(path))
|
os.makedirs(os.path.dirname(path))
|
||||||
|
|
||||||
|
|
||||||
def get_certbot():
|
|
||||||
from urllib.request import urlretrieve
|
|
||||||
|
|
||||||
certbot_path = get_certbot_path()
|
|
||||||
create_dir_if_missing(certbot_path)
|
|
||||||
|
|
||||||
if not os.path.isfile(certbot_path):
|
|
||||||
urlretrieve("https://dl.eff.org/certbot-auto", certbot_path)
|
|
||||||
os.chmod(certbot_path, 0o744)
|
|
||||||
|
|
||||||
|
|
||||||
def get_certbot_path():
|
def get_certbot_path():
|
||||||
return "/opt/certbot-auto"
|
try:
|
||||||
|
return which("certbot", raise_err=True)
|
||||||
|
except FileNotFoundError:
|
||||||
|
raise CommandFailedError("Certbot is not installed on your system. Please visit https://certbot.eff.org/instructions for installation instructions, then try again.")
|
||||||
|
|
||||||
def renew_certs():
|
def renew_certs():
|
||||||
# Needs to be run with sudo
|
# Needs to be run with sudo
|
||||||
@ -156,7 +145,6 @@ def setup_wildcard_ssl(domain, email, bench_path, exclude_base_domain):
|
|||||||
print("You cannot setup SSL without DNS Multitenancy")
|
print("You cannot setup SSL without DNS Multitenancy")
|
||||||
return
|
return
|
||||||
|
|
||||||
get_certbot()
|
|
||||||
domain_list = _get_domains(domain.strip())
|
domain_list = _get_domains(domain.strip())
|
||||||
|
|
||||||
email_param = ''
|
email_param = ''
|
||||||
|
@ -15,6 +15,5 @@
|
|||||||
{{ user }} ALL = (root) NOPASSWD: {{ nginx }}
|
{{ user }} ALL = (root) NOPASSWD: {{ nginx }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{{ user }} ALL = (root) NOPASSWD: /opt/certbot-auto
|
{{ user }} ALL = (root) NOPASSWD: {{ certbot }}
|
||||||
Defaults:{{ user }} !requiretty
|
Defaults:{{ user }} !requiretty
|
||||||
|
|
||||||
|
@ -108,6 +108,8 @@ def init(
|
|||||||
|
|
||||||
|
|
||||||
def setup_sudoers(user):
|
def setup_sudoers(user):
|
||||||
|
from bench.config.lets_encrypt import get_certbot_path
|
||||||
|
|
||||||
if not os.path.exists("/etc/sudoers.d"):
|
if not os.path.exists("/etc/sudoers.d"):
|
||||||
os.makedirs("/etc/sudoers.d")
|
os.makedirs("/etc/sudoers.d")
|
||||||
|
|
||||||
@ -128,6 +130,7 @@ def setup_sudoers(user):
|
|||||||
"service": which("service"),
|
"service": which("service"),
|
||||||
"systemctl": which("systemctl"),
|
"systemctl": which("systemctl"),
|
||||||
"nginx": which("nginx"),
|
"nginx": which("nginx"),
|
||||||
|
"certbot": get_certbot_path(),
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user