Home Explore Help
Register Sign In
iNDivia.net
/
otcerts
7
0
Fork 0
Files Issues 1 Pull Requests 0 Wiki
Browse Source

Added 'proxy' option

jigen 3 years ago
parent
8c2ea209c5
commit
ec30f759be
1 changed files with 59 additions and 7 deletions
Split View Show Diff Stats
  1. 59 7
      OTcerts.py

+ 59 - 7
OTcerts.py
View File 

@@ -24,6 +24,14 @@ and vhosts.vhost_id = vhosts_features.vhost_id  and hosts.host_id = hosts_urls.h
 
 WHERE (hosts_urls.http = 'Y' and hosts.hostname =  %(webserver)s)
 
 """
 
 
+# Get list of defined urls for specific webserver
 
+urls_list_stmt = """SELECT DISTINCT(urls.dns_name) AS urls
 
+FROM hosts INNER JOIN (hosts_urls, urls, vhosts_features, vhosts)
 
+ON (urls.url_id = hosts_urls.url_id and urls.url_id = vhosts.url_id 
+and vhosts.vhost_id = vhosts_features.vhost_id  and hosts.host_id = hosts_urls.host_id) 
+WHERE (hosts_urls.http = 'Y' and hosts.hostname =  %(webserver)s)
 
+"""
 
+
 
 # Get domain_id if defined in nameserver database
 
 domain_id_stmt="SELECT domains.id as domain_id FROM domains WHERE domains.name=%(domain)s"
 
 
@@ -34,7 +42,7 @@ subdomains_list_stmt = "SELECT DISTINCT(urls.dns_name) AS domain_names "\
 
                        "urls.dns_name LIKE %(domain)s)"
 
 
 default_conf_file="./etc/ot_certs.ini"
 
-logging.basicConfig(level=logging.INFO)
 
+logging.basicConfig(level=logging.DEBUG)
 
 logger = logging.getLogger()
 
 
 
@@ -53,6 +61,8 @@ def init_prog(argv):
 
                         help="Invoca solamente il renew per i certificati gia' presenti")
 
     
     service_group = parser.add_mutually_exclusive_group(required=True)
 
+    service_group.add_argument("--proxy", default=False, action='store_true', required=False,
 
+                        help="Richiedi i certificati per i siti proxaty")
 
     service_group.add_argument("--liste", default=False, action='store_true', required=False,
 
                         help="Richiedi i certificati per liste.indivia.net")
 
     service_group.add_argument("--hosting", default=False, action='store_true', required=False,
 
@@ -150,6 +160,27 @@ def get_domain_list(config,  ot_conn, dns_conn):
 
     ot_cursor.close()
 
     return result_dict
 
 
+
 
+def get_url_list(config_section, server_name, ot_conn, dns_conn):
 
+    """
 
+    Return a list
 
+    """
 
+
 
+    urls_list = []
 
+
 
+    ot_cursor=ot_conn.cursor()
 
+    ot_cursor.execute(urls_list_stmt, {'webserver':server_name})
 
+
 
+    ot_res = ot_cursor.fetchall()
 
+
 
+    logger.debug(ot_res)
 
+
 
+    urls_list = [t[0] for t in ot_res]
 
+
 
+    ot_cursor.close()
 
+    return urls_list
 
+
 
+
 
 def  get_alias_list(config, dns_conn, query, aliases):
 
     """
 
     Return a list of domains to get the certificate for
 
@@ -186,7 +217,7 @@ def acme_renew(config, pre_hook_cmd, post_hook_cmd, dryrun=False):
 
         args +=' --post-hook "{}"'.format(post_hook_cmd)
 
 
     args += " renew"
 
-    
+
 
     if dryrun:
 
         logging.info("{} {}".format(config['certbot']['bin'], args))
 
     else:
 
@@ -268,10 +299,12 @@ if __name__ == '__main__':
 
         logging.info('Renewing certificates ')
 
         if args.webmail or args.hosting or args.liste:
 
             post_hook_cmd = "systemctl reload apache2"
 
-        elif args.smtp: 
+        elif args.smtp:
 
             post_hook_cmd = "systemctl reload postfix"
 
         elif args.mbox:
 
             post_hook_cmd = "systemctl restart dovecot"
 
+        elif args.proxy:
 
+            post_hook_cmd = "systemctl reload nginx"
 
 
         logger.debug("post_hook_cmd: {}".format(post_hook_cmd))
 
 
@@ -297,6 +330,25 @@ if __name__ == '__main__':
 
             ret = os.system("systemctl reload apache2")
 
             logger.info(ret)
 
 
+        # Caso speciale per il proxy
 
+        if args.proxy:
 
+            logging.info('Asking certificates for proxy web domains')
 
+            try:
 
+                proxy_conf = config['nginx']
 
+            except KeyError as e:
 
+                logger.error("Error parsing configuration, KeyError {}".format(e))
 
+                exit(-1)
 
+            ot_conn=connect_db(dict(config['ot_db']))
 
+            dns_conn=connect_db(dict(config['dns_db']))
 
+
 
+            upstream_servers = [s.strip() for s in proxy_conf['upstream_servers'].split(',') if len(s.strip())>0]
 
+            for server_name in upstream_servers:
 
+                logger.debug("Upstream server {}".format(server_name))
 
+                url_list = get_url_list(proxy_conf, server_name,
 
+                                    ot_conn, dns_conn)
 
+                logger.debug(url_list)
 
+
 
+
 
         # Caso speciale per l'hosting
 
         if args.hosting:
 
             logging.info('Asking certificates for hosted web domains')
 
@@ -341,7 +393,7 @@ if __name__ == '__main__':
 
             ret = os.system("systemctl reload apache2")
 
             logger.info(ret)
 
 
-            
+
 
         # Caso speciale per l'interfaccia di mailman
 
         if args.liste:
 
             logging.info('Asking certificates for liste.indivia.net')
 
@@ -351,14 +403,14 @@ if __name__ == '__main__':
 
                 link_cert(config, vhost_name, vhost_name, dryrun=dryrun)
 
             else:
 
                 logger.error('Error asking certificate for {}'.format(vhost_name))
 
-                
+
 
             # reload apache
 
             logger.info("Reloading apache")
 
             # ret = subprocess.run("systemctl reload apache2")
 
             ret = os.system("systemctl reload apache2")
 
-            logger.info(ret)    
+            logger.info(ret)
 
+
 
 
-        
         # Caso speciale per il server POP/IMAP
 
         if args.mbox:
 
             dns_conn=connect_db(dict(config['dns_db']))