YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch '' of /home/max/PycharmProjects/yunohost with conflicts.

Browse source
This commit is contained in:
mbugeia 2015-11-04 19:07:53 +01:00
parent acd1d051c2
commit 8787f66777
4 changed files with 131 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
data/actionsmap/yunohost.yml
View file

@ -277,6 +277,10 @@ domain:
full: --dyndns full: --dyndns
help: Subscribe to the DynDNS service help: Subscribe to the DynDNS service
action: store_true action: store_true
-l:
full: --noletsencrypt
help: Subscribe to the DynDNS service
action: store_true
### domain_remove() ### domain_remove()
remove: remove:
@ -291,6 +295,30 @@ domain:
extra: extra:
pattern: *pattern_domain pattern: *pattern_domain
### domain_letsencrypt()
letsencrypt:
action_help: Manage let's encrypt certificate for a domain
api: POST /letsencrypt
configuration:
authenticate: all
arguments:
domain:
help: Domain to manage
extra:
pattern: *pattern_domain
-c:
full: --create
help: Create a Let's encrypt certificate
action: store_true
-r:
full: --renew
help: Force renewal of a Let's encrypt certificate
action: store_true
-d:
full: --revoke
help: Revoke a Let's encrypt certificate
action: store_true
### domain_info() ### domain_info()
# info: # info:
# action_help: Get domain informations # action_help: Get domain informations

8
data/templates/nginx/server.conf.sed
View file

@ -11,6 +11,14 @@ server {
rewrite ^ https://$http_host$request_uri? permanent; rewrite ^ https://$http_host$request_uri? permanent;
} }
root /etc/letsencrypt/webrootauth;
location /.well-known/acme-challenge {
alias /etc/letsencrypt/webrootauth/.well-known/acme-challenge;
location ~ /.well-known/acme-challenge/(.*) {
add_header Content-Type application/jose+json;
}
}
access_log /var/log/nginx/{{ domain }}-access.log; access_log /var/log/nginx/{{ domain }}-access.log;
error_log /var/log/nginx/{{ domain }}-error.log; error_log /var/log/nginx/{{ domain }}-error.log;
} }

2
src/yunohost/app.py
View file

@ -1007,7 +1007,7 @@ def app_ssowatconf(auth):
redirected_regex.update(app_settings['redirected_regex']) redirected_regex.update(app_settings['redirected_regex'])
for domain in domains: for domain in domains:
skipped_urls.extend([domain + '/yunohost/admin', domain + '/yunohost/api']) skipped_urls.extend([domain + '/yunohost/admin', domain + '/yunohost/api', domain + '/.well-known/acme-challenge'])
conf_dict = { conf_dict = {
'portal_domain': main_domain, 'portal_domain': main_domain,

115
src/yunohost/domain.py
View file

@ -69,8 +69,7 @@ def domain_list(auth, raw=False, filter=None, limit=None, offset=None):
else: else:
return { 'domains': result_list } return { 'domains': result_list }
def domain_add(auth, domain, dyndns=False, noletsencrypt=False):
def domain_add(auth, domain, dyndns=False):
""" """
Create a custom domain Create a custom domain
@ -125,24 +124,29 @@ def domain_add(auth, domain, dyndns=False):
try: os.listdir(ssl_domain_path) try: os.listdir(ssl_domain_path)
except OSError: os.makedirs(ssl_domain_path) except OSError: os.makedirs(ssl_domain_path)
command_list = [ if noletsencrypt:
'cp %s/openssl.cnf %s' % (ssl_dir, ssl_domain_path), command_list = [
'sed -i "s/yunohost.org/%s/g" %s/openssl.cnf' % (domain, ssl_domain_path), 'cp %s/openssl.cnf %s' % (ssl_dir, ssl_domain_path),
'openssl req -new -config %s/openssl.cnf -days 3650 -out %s/certs/yunohost_csr.pem -keyout %s/certs/yunohost_key.pem -nodes -batch' 'sed -i "s/yunohost.org/%s/g" %s/openssl.cnf' % (domain, ssl_domain_path),
% (ssl_domain_path, ssl_dir, ssl_dir), 'openssl req -new -config %s/openssl.cnf -days 3650 -out %s/certs/yunohost_csr.pem -keyout %s/certs/yunohost_key.pem -nodes -batch'
'openssl ca -config %s/openssl.cnf -days 3650 -in %s/certs/yunohost_csr.pem -out %s/certs/yunohost_crt.pem -batch' % (ssl_domain_path, ssl_dir, ssl_dir),
% (ssl_domain_path, ssl_dir, ssl_dir), 'openssl ca -config %s/openssl.cnf -days 3650 -in %s/certs/yunohost_csr.pem -out %s/certs/yunohost_crt.pem -batch'
'ln -s /etc/ssl/certs/ca-yunohost_crt.pem %s/ca.pem' % ssl_domain_path, % (ssl_domain_path, ssl_dir, ssl_dir),
'cp %s/certs/yunohost_key.pem %s/key.pem' % (ssl_dir, ssl_domain_path), 'ln -s /etc/ssl/certs/ca-yunohost_crt.pem %s/ca.pem' % ssl_domain_path,
'cp %s/newcerts/%s.pem %s/crt.pem' % (ssl_dir, serial, ssl_domain_path), 'cp %s/certs/yunohost_key.pem %s/key.pem' % (ssl_dir, ssl_domain_path),
'chmod 755 %s' % ssl_domain_path, 'cp %s/newcerts/%s.pem %s/crt.pem' % (ssl_dir, serial, ssl_domain_path),
'chmod 640 %s/key.pem' % ssl_domain_path, 'chmod 755 %s' % ssl_domain_path,
'chmod 640 %s/crt.pem' % ssl_domain_path, 'chmod 640 %s/key.pem' % ssl_domain_path,
'chmod 600 %s/openssl.cnf' % ssl_domain_path, 'chmod 640 %s/crt.pem' % ssl_domain_path,
'chown root:metronome %s/key.pem' % ssl_domain_path, 'chmod 600 %s/openssl.cnf' % ssl_domain_path,
'chown root:metronome %s/crt.pem' % ssl_domain_path, 'chown root:metronome %s/key.pem' % ssl_domain_path,
'cat %s/ca.pem >> %s/crt.pem' % (ssl_domain_path, ssl_domain_path) 'chown root:metronome %s/crt.pem' % ssl_domain_path,
] 'cat %s/ca.pem >> %s/crt.pem' % (ssl_domain_path, ssl_domain_path)
]
else:
command_list = [
'yunohost domain letsencrypt -c %s' % domain
]
for command in command_list: for command in command_list:
if os.system(command) != 0: if os.system(command) != 0:
@ -206,7 +210,22 @@ def domain_remove(auth, domain, force=False):
m18n.n('domain_uninstall_app_first')) m18n.n('domain_uninstall_app_first'))
if auth.remove('virtualdomain=' + domain + ',ou=domains') or force: if auth.remove('virtualdomain=' + domain + ',ou=domains') or force:
os.system('rm -rf /etc/yunohost/certs/%s' % domain) command_list = [
'rm -rf /etc/yunohost/certs/%s' % domain,
]
if os.path.exists('/etc/letsencrypt/live/%s' % domain):
command_list.extend([
'yunohost domain letsencrypt revoke %s' % domain,
'rm -rf /etc/letsencrypt/archive/%s /etc/letsencrypt/live/%s' % domain,
'rm -f /etc/letsencrypt/renewal/%s.conf' % domain,
'rm -f /etc/cron.d/letsencrypt-{domain}' % domain
])
for command in command_list:
if os.system(command) != 0:
msignals.display(m18n.n('path_removal_failed', command[7:]),
'warning')
else: else:
raise MoulinetteError(errno.EIO, m18n.n('domain_deletion_failed')) raise MoulinetteError(errno.EIO, m18n.n('domain_deletion_failed'))
@ -218,3 +237,57 @@ def domain_remove(auth, domain, force=False):
hook_callback('post_domain_remove', args=[domain]) hook_callback('post_domain_remove', args=[domain])
msignals.display(m18n.n('domain_deleted'), 'success') msignals.display(m18n.n('domain_deleted'), 'success')
def domain_letsencrypt(auth, domain, create=False, renew=False, revoke=False):
"""
Manage let's encrypt certificate for a domain
Keyword argument:
domain -- Domain to delete
create -- Create a Let's encrypt certificate
renew -- Force renewal of a Let's encrypt certificate
revoke -- Revoke a Let's encrypt certificate
"""
if domain not in domain_list(auth)['domains']:
raise MoulinetteError(errno.EINVAL, m18n.n('domain_unknown'))
if create and not renew and not revoke:
# backup self signed certificate if exist
if os.path.exists('/etc/yunohost/certs/%s/cert.pem' % domain):
os.system('mkdir -p /etc/yunohost/certs/%s/yunohost_self_signed' % domain)
os.system('mv /etc/yunohost/certs/%s/*.pem /etc/yunohost/certs/%s/*.cnf /etc/yunohost/certs/%s/yunohost_self_signed/' % domain)
os.system('rm -f /etc/yunohost/certs/%s/*.pem /etc/yunohost/certs/%s/*.cnf' % domain)
# create certificate
try:
os.system('/root/letsencrypt/letsencrypt-auto -a webroot --renew-by-default --agree-dev-preview --agree-tos --webroot-path /etc/letsencrypt/webrootauth -m root@%s -d %s auth' % domain)
# restore right for metronome
os.system('chown root:metronome /etc/letsencrypt/archive/%s/*' % domain)
# create cron
os.system('echo "@monthly root yunohost domain letsencrypt -r %s" > /etc/cron.d/letsencrypt-%s' % domain)
# symbolic link for cert and key
os.system('ln -s /etc/letsencrypt/live/%s/privkey.pem /etc/yunohost/certs/%s/key.pem' % domain)
os.system('ln -s /etc/letsencrypt/live/%s/fullchain.pem /etc/yunohost/certs/%s/crt.pem' % domain)
msignals.display(m18n.n('domain_letsencrypt_created'), 'success')
except:
raise MoulinetteError(errno.EIO, m18n.n('domain_letsencrypt_create_failed'))
elif renew and not create and not revoke:
try:
os.system('/root/letsencrypt/letsencrypt-auto -a webroot --renew-by-default --agree-dev-preview --agree-tos --webroot-path /etc/letsencrypt/webrootauth -m root@%s -d %s auth' % domain)
# restore right for metronome
os.system('chown root:metronome /etc/letsencrypt/archive/%s/*' % domain)
msignals.display(m18n.n('domain_letsencrypt_renewed'), 'success')
except:
raise MoulinetteError(errno.EIO, m18n.n('domain_letsencrypt_renew_failed'))
elif revoke and not create and not renew:
try:
os.system('/root/letsencrypt/letsencrypt-auto -a webroot --renew-by-default --agree-dev-preview --agree-tos --webroot-path /etc/letsencrypt/webrootauth -m root@%s -d %s auth' % domain)
msignals.display(m18n.n('domain_letsencrypt_revoked'), 'success')
except:
raise MoulinetteError(errno.EIO, m18n.n('domain_letsencrypt_revoke_failed'))
else:
raise MoulinetteError(errno.EIO, m18n.n('domain_letsencrypt_revoke_unknown'))