rework / refactoring / documentation

* rename letencrypt.conf to letsencrypt.conf * Move more options to letsencrypt configurations file * Done lot of rework / refactoring / documentation
2016-04-12 07:05:24 +02:00 · 2016-04-12 07:05:24 +02:00 · 6d93f9094b
commit 6d93f9094b
parent b63cbb80cd
3 changed files with 53 additions and 12 deletions
--- a/2
+++ b/2
@ -13,7 +13,7 @@ RUN pip3 install docker-py

 ADD haproxy_ssl.conf /haproxy_ssl.conf
 ADD haproxy.conf /haproxy.conf
-ADD letencrypt.conf /letencrypt.conf
+ADD letsencrypt.conf /letsencrypt.conf

 ADD start.py /start.py
 ADD list_domains.py /list_domains.py
--- a/letsencrypt.conf
+++ b/letsencrypt.conf
@ -6,3 +6,7 @@ work-dir=/data/work
 config-dir=/data/config
 email=letsencrypt@lusiardi.de
 agree-tos=TRUE
+expand=TRUE
+force-renewal=TRUE
+duplicate=TRUE
+allow-subset-of-names=TRUE
--- a/start.py
+++ b/start.py
@ -13,12 +13,13 @@ import list_domains
 from docker import Client

 cert_path = '/data/haproxy'
-cert_file = '/data/haproxy/cert.pem'
+cert_file = cert_path + '/cert.pem'
 pid_file = '/haproxy.pid'
 delay = 10

+
 def hash_cert_file():
-    """Creates the sha256 hash of the certificate file for haproxy. If the file
+    """Creates the sha256 hash of the certificate file for HAProxy. If the file
    does not exist, an empty string is returned.
    """
    if not os.path.isfile(cert_file):
@ -44,8 +45,8 @@ def get_pid():


 def kill_haproxy():
-    """Stops the currently running instance of haproxy by issueing a kill signal to its pid."""
-    logging.info('killing haproxy')
+    """Stops the currently running instance of HAProxy by issuing a kill signal to its pid."""
+    logging.info('killing HAProxy')
    try:
        os.kill(get_pid(), signal.SIGKILL)
    except OSError:
@ -53,18 +54,23 @@ def kill_haproxy():


 def start_haproxy_ssl():
-    logging.info('starting haproxy SSL')
+    """Start HAProxy with SSL activated. Returns True, if HAProxy is running, False otherwise."""
+    kill_haproxy()
+    logging.info('starting HAProxy with SSL')
    os.system('/usr/sbin/haproxy -f /haproxy_ssl.conf -p ' + pid_file)
    return is_haproxy_running()


 def start_haproxy():
-    logging.info('starting haproxy NON SSL')
+    """Start HAProxy without SSL activated. Returns True, if HAProxy is running, False otherwise."""
+    kill_haproxy()
+    logging.info('starting HAProxy without SSL')
    os.system('/usr/sbin/haproxy -f /haproxy.conf -p ' + pid_file)
-    return False
+    return is_haproxy_running()


 def is_haproxy_running():
+    """Check if HAProxy is running by sending a signal to its pid."""
    try:
        os.kill(get_pid(), 0)
        return True
@ -74,27 +80,58 @@ def is_haproxy_running():

 def ssl_possible():
    """Check if a certificate is available."""
-
    if not os.path.isfile(cert_file):
        return False
    else:
        return True


+def read_file(filename):
+        file=open(filename, 'r')
+        read_data = file.read()
+        file.close()
+        return read_data
+
+
+def write_file(filename, content):
+        file=open(filename, 'w')
+        file.write(content)
+        file.close()
+
+
 def create_haproxy_cert():
    """Combines the freshly created fullchain.pem and privkey.pem into /data/haproxy/cert.pem"""
    logging.info('updating %s', cert_file)
+
+    # make sure the path exists...
    if not os.path.exists(cert_path):
        logging.info('creating cert_path path: %s', cert_path)
        os.mkdir(cert_path)
-    os.system(
-        'DIR=`ls -td /data/config/live/*/ | head -1`; echo ${DIR}; cat ${DIR}/fullchain.pem ${DIR}/privkey.pem > ' + cert_file)
+
+    # find the youngest directory
+    youngest_modify_time = 0
+    youngest_directory = ''
+    for root, directories, files in os.walk('/data/config/live'):
+        for directory in directories:
+            modify_time = os.stat(directory).st_mtime
+            if modify_time > youngest_modify_time:
+                youngest_modify_time = modify_time
+                youngest_directory = directory
+
+    logging.info('using %s as base dir', youngest_directory)
+
+    # read fullchain.pem and privkey.pem
+    fullchain = read_file(youngest_directory + '/fullchain.pem')
+    privkey = read_file(youngest_directory + '/privkey.pem')
+    write_file(cert_file, fullchain + privkey)


 def create_cert_data_standalone(domains):
    domains = " -d ".join(domains)
+
+    # we should use tls-sni-01 if ssl is already running!
    os.system(
-        '/letsencrypt/letsencrypt-auto --config letencrypt.conf certonly --expand --force-renewal --duplicate --allow-subset-of-names --standalone-supported-challenges http-01 --http-01-port 54321 -d ' + domains)
+        '/letsencrypt/letsencrypt-auto --config letsencrypt.conf certonly --standalone-supported-challenges http-01 --http-01-port 54321 -d ' + domains)


 def cert_watcher():