rework / refactoring / documentation

* rename letencrypt.conf to letsencrypt.conf
* Move more options to letsencrypt configurations file
* Done lot of rework / refactoring / documentation

Dockerfile

@@ -13,7 +13,7 @@ RUN pip3 install docker-py
 
 ADD haproxy_ssl.conf /haproxy_ssl.conf
 ADD haproxy.conf /haproxy.conf
-ADD letencrypt.conf /letencrypt.conf
+ADD letsencrypt.conf /letsencrypt.conf
 
 ADD start.py /start.py
 ADD list_domains.py /list_domains.py

letsencrypt.conf

@@ -6,3 +6,7 @@ work-dir=/data/work
 config-dir=/data/config
 email=letsencrypt@lusiardi.de
 agree-tos=TRUE
+expand=TRUE
+force-renewal=TRUE
+duplicate=TRUE
+allow-subset-of-names=TRUE

start.py

@@ -13,12 +13,13 @@ import list_domains
 from docker import Client
 
 cert_path = '/data/haproxy'
-cert_file = '/data/haproxy/cert.pem'
+cert_file = cert_path + '/cert.pem'
 pid_file = '/haproxy.pid'
 delay = 10
 
+
 def hash_cert_file():
-    """Creates the sha256 hash of the certificate file for haproxy. If the file
+    """Creates the sha256 hash of the certificate file for HAProxy. If the file
     does not exist, an empty string is returned.
     """
     if not os.path.isfile(cert_file):
@@ -44,8 +45,8 @@ def get_pid():
 
 
 def kill_haproxy():
-    """Stops the currently running instance of haproxy by issueing a kill signal to its pid."""
-    logging.info('killing haproxy')
+    """Stops the currently running instance of HAProxy by issuing a kill signal to its pid."""
+    logging.info('killing HAProxy')
     try:
         os.kill(get_pid(), signal.SIGKILL)
     except OSError:
@@ -53,18 +54,23 @@ def kill_haproxy():
 
 
 def start_haproxy_ssl():
-    logging.info('starting haproxy SSL')
+    """Start HAProxy with SSL activated. Returns True, if HAProxy is running, False otherwise."""
+    kill_haproxy()
+    logging.info('starting HAProxy with SSL')
     os.system('/usr/sbin/haproxy -f /haproxy_ssl.conf -p ' + pid_file)
     return is_haproxy_running()
 
 
 def start_haproxy():
-    logging.info('starting haproxy NON SSL')
+    """Start HAProxy without SSL activated. Returns True, if HAProxy is running, False otherwise."""
+    kill_haproxy()
+    logging.info('starting HAProxy without SSL')
     os.system('/usr/sbin/haproxy -f /haproxy.conf -p ' + pid_file)
-    return False
+    return is_haproxy_running()
 
 
 def is_haproxy_running():
+    """Check if HAProxy is running by sending a signal to its pid."""
     try:
         os.kill(get_pid(), 0)
         return True
@@ -74,27 +80,58 @@ def is_haproxy_running():
 
 def ssl_possible():
     """Check if a certificate is available."""
-
     if not os.path.isfile(cert_file):
         return False
     else:
         return True
 
 
+def read_file(filename):
+        file=open(filename, 'r')
+        read_data = file.read()
+        file.close()
+        return read_data
+
+
+def write_file(filename, content):
+        file=open(filename, 'w')
+        file.write(content)
+        file.close()
+
+
 def create_haproxy_cert():
     """Combines the freshly created fullchain.pem and privkey.pem into /data/haproxy/cert.pem"""
     logging.info('updating %s', cert_file)
+
+    # make sure the path exists...
     if not os.path.exists(cert_path):
         logging.info('creating cert_path path: %s', cert_path)
         os.mkdir(cert_path)
-    os.system(
-        'DIR=`ls -td /data/config/live/*/ | head -1`; echo ${DIR}; cat ${DIR}/fullchain.pem ${DIR}/privkey.pem > ' + cert_file)
+
+    # find the youngest directory
+    youngest_modify_time = 0
+    youngest_directory = ''
+    for root, directories, files in os.walk('/data/config/live'):
+        for directory in directories:
+            modify_time = os.stat(directory).st_mtime
+            if modify_time > youngest_modify_time:
+                youngest_modify_time = modify_time
+                youngest_directory = directory
+
+    logging.info('using %s as base dir', youngest_directory)
+
+    # read fullchain.pem and privkey.pem
+    fullchain = read_file(youngest_directory + '/fullchain.pem')
+    privkey = read_file(youngest_directory + '/privkey.pem')
+    write_file(cert_file, fullchain + privkey)
 
 
 def create_cert_data_standalone(domains):
     domains = " -d ".join(domains)
+
+    # we should use tls-sni-01 if ssl is already running!
     os.system(
-        '/letsencrypt/letsencrypt-auto --config letencrypt.conf certonly --expand --force-renewal --duplicate --allow-subset-of-names --standalone-supported-challenges http-01 --http-01-port 54321 -d ' + domains)
+        '/letsencrypt/letsencrypt-auto --config letsencrypt.conf certonly --standalone-supported-challenges http-01 --http-01-port 54321 -d ' + domains)
 
 
 def cert_watcher():