Added 'proxy' option
This commit is contained in:
parent
8c2ea209c5
commit
ec30f759be
1 changed files with 59 additions and 7 deletions
66
OTcerts.py
66
OTcerts.py
|
|
@ -24,6 +24,14 @@ and vhosts.vhost_id = vhosts_features.vhost_id and hosts.host_id = hosts_urls.h
|
|||
WHERE (hosts_urls.http = 'Y' and hosts.hostname = %(webserver)s)
|
||||
"""
|
||||
|
||||
# Get list of defined urls for specific webserver
|
||||
urls_list_stmt = """SELECT DISTINCT(urls.dns_name) AS urls
|
||||
FROM hosts INNER JOIN (hosts_urls, urls, vhosts_features, vhosts)
|
||||
ON (urls.url_id = hosts_urls.url_id and urls.url_id = vhosts.url_id
|
||||
and vhosts.vhost_id = vhosts_features.vhost_id and hosts.host_id = hosts_urls.host_id)
|
||||
WHERE (hosts_urls.http = 'Y' and hosts.hostname = %(webserver)s)
|
||||
"""
|
||||
|
||||
# Get domain_id if defined in nameserver database
|
||||
domain_id_stmt="SELECT domains.id as domain_id FROM domains WHERE domains.name=%(domain)s"
|
||||
|
||||
|
|
@ -34,7 +42,7 @@ subdomains_list_stmt = "SELECT DISTINCT(urls.dns_name) AS domain_names "\
|
|||
"urls.dns_name LIKE %(domain)s)"
|
||||
|
||||
default_conf_file="./etc/ot_certs.ini"
|
||||
logging.basicConfig(level=logging.INFO)
|
||||
logging.basicConfig(level=logging.DEBUG)
|
||||
logger = logging.getLogger()
|
||||
|
||||
|
||||
|
|
@ -53,6 +61,8 @@ def init_prog(argv):
|
|||
help="Invoca solamente il renew per i certificati gia' presenti")
|
||||
|
||||
service_group = parser.add_mutually_exclusive_group(required=True)
|
||||
service_group.add_argument("--proxy", default=False, action='store_true', required=False,
|
||||
help="Richiedi i certificati per i siti proxaty")
|
||||
service_group.add_argument("--liste", default=False, action='store_true', required=False,
|
||||
help="Richiedi i certificati per liste.indivia.net")
|
||||
service_group.add_argument("--hosting", default=False, action='store_true', required=False,
|
||||
|
|
@ -150,6 +160,27 @@ def get_domain_list(config, ot_conn, dns_conn):
|
|||
ot_cursor.close()
|
||||
return result_dict
|
||||
|
||||
|
||||
def get_url_list(config_section, server_name, ot_conn, dns_conn):
|
||||
"""
|
||||
Return a list
|
||||
"""
|
||||
|
||||
urls_list = []
|
||||
|
||||
ot_cursor=ot_conn.cursor()
|
||||
ot_cursor.execute(urls_list_stmt, {'webserver':server_name})
|
||||
|
||||
ot_res = ot_cursor.fetchall()
|
||||
|
||||
logger.debug(ot_res)
|
||||
|
||||
urls_list = [t[0] for t in ot_res]
|
||||
|
||||
ot_cursor.close()
|
||||
return urls_list
|
||||
|
||||
|
||||
def get_alias_list(config, dns_conn, query, aliases):
|
||||
"""
|
||||
Return a list of domains to get the certificate for
|
||||
|
|
@ -186,7 +217,7 @@ def acme_renew(config, pre_hook_cmd, post_hook_cmd, dryrun=False):
|
|||
args +=' --post-hook "{}"'.format(post_hook_cmd)
|
||||
|
||||
args += " renew"
|
||||
|
||||
|
||||
if dryrun:
|
||||
logging.info("{} {}".format(config['certbot']['bin'], args))
|
||||
else:
|
||||
|
|
@ -268,10 +299,12 @@ if __name__ == '__main__':
|
|||
logging.info('Renewing certificates ')
|
||||
if args.webmail or args.hosting or args.liste:
|
||||
post_hook_cmd = "systemctl reload apache2"
|
||||
elif args.smtp:
|
||||
elif args.smtp:
|
||||
post_hook_cmd = "systemctl reload postfix"
|
||||
elif args.mbox:
|
||||
post_hook_cmd = "systemctl restart dovecot"
|
||||
elif args.proxy:
|
||||
post_hook_cmd = "systemctl reload nginx"
|
||||
|
||||
logger.debug("post_hook_cmd: {}".format(post_hook_cmd))
|
||||
|
||||
|
|
@ -297,6 +330,25 @@ if __name__ == '__main__':
|
|||
ret = os.system("systemctl reload apache2")
|
||||
logger.info(ret)
|
||||
|
||||
# Caso speciale per il proxy
|
||||
if args.proxy:
|
||||
logging.info('Asking certificates for proxy web domains')
|
||||
try:
|
||||
proxy_conf = config['nginx']
|
||||
except KeyError as e:
|
||||
logger.error("Error parsing configuration, KeyError {}".format(e))
|
||||
exit(-1)
|
||||
ot_conn=connect_db(dict(config['ot_db']))
|
||||
dns_conn=connect_db(dict(config['dns_db']))
|
||||
|
||||
upstream_servers = [s.strip() for s in proxy_conf['upstream_servers'].split(',') if len(s.strip())>0]
|
||||
for server_name in upstream_servers:
|
||||
logger.debug("Upstream server {}".format(server_name))
|
||||
url_list = get_url_list(proxy_conf, server_name,
|
||||
ot_conn, dns_conn)
|
||||
logger.debug(url_list)
|
||||
|
||||
|
||||
# Caso speciale per l'hosting
|
||||
if args.hosting:
|
||||
logging.info('Asking certificates for hosted web domains')
|
||||
|
|
@ -341,7 +393,7 @@ if __name__ == '__main__':
|
|||
ret = os.system("systemctl reload apache2")
|
||||
logger.info(ret)
|
||||
|
||||
|
||||
|
||||
# Caso speciale per l'interfaccia di mailman
|
||||
if args.liste:
|
||||
logging.info('Asking certificates for liste.indivia.net')
|
||||
|
|
@ -351,14 +403,14 @@ if __name__ == '__main__':
|
|||
link_cert(config, vhost_name, vhost_name, dryrun=dryrun)
|
||||
else:
|
||||
logger.error('Error asking certificate for {}'.format(vhost_name))
|
||||
|
||||
|
||||
# reload apache
|
||||
logger.info("Reloading apache")
|
||||
# ret = subprocess.run("systemctl reload apache2")
|
||||
ret = os.system("systemctl reload apache2")
|
||||
logger.info(ret)
|
||||
logger.info(ret)
|
||||
|
||||
|
||||
|
||||
# Caso speciale per il server POP/IMAP
|
||||
if args.mbox:
|
||||
dns_conn=connect_db(dict(config['dns_db']))
|
||||
|
|
|
|||
Loading…
Reference in a new issue