Added 'proxy' option
This commit is contained in:
parent
8c2ea209c5
commit
ec30f759be
1 changed files with 59 additions and 7 deletions
66
OTcerts.py
66
OTcerts.py
|
|
@ -24,6 +24,14 @@ and vhosts.vhost_id = vhosts_features.vhost_id and hosts.host_id = hosts_urls.h
|
||||||
WHERE (hosts_urls.http = 'Y' and hosts.hostname = %(webserver)s)
|
WHERE (hosts_urls.http = 'Y' and hosts.hostname = %(webserver)s)
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
# Get list of defined urls for specific webserver
|
||||||
|
urls_list_stmt = """SELECT DISTINCT(urls.dns_name) AS urls
|
||||||
|
FROM hosts INNER JOIN (hosts_urls, urls, vhosts_features, vhosts)
|
||||||
|
ON (urls.url_id = hosts_urls.url_id and urls.url_id = vhosts.url_id
|
||||||
|
and vhosts.vhost_id = vhosts_features.vhost_id and hosts.host_id = hosts_urls.host_id)
|
||||||
|
WHERE (hosts_urls.http = 'Y' and hosts.hostname = %(webserver)s)
|
||||||
|
"""
|
||||||
|
|
||||||
# Get domain_id if defined in nameserver database
|
# Get domain_id if defined in nameserver database
|
||||||
domain_id_stmt="SELECT domains.id as domain_id FROM domains WHERE domains.name=%(domain)s"
|
domain_id_stmt="SELECT domains.id as domain_id FROM domains WHERE domains.name=%(domain)s"
|
||||||
|
|
||||||
|
|
@ -34,7 +42,7 @@ subdomains_list_stmt = "SELECT DISTINCT(urls.dns_name) AS domain_names "\
|
||||||
"urls.dns_name LIKE %(domain)s)"
|
"urls.dns_name LIKE %(domain)s)"
|
||||||
|
|
||||||
default_conf_file="./etc/ot_certs.ini"
|
default_conf_file="./etc/ot_certs.ini"
|
||||||
logging.basicConfig(level=logging.INFO)
|
logging.basicConfig(level=logging.DEBUG)
|
||||||
logger = logging.getLogger()
|
logger = logging.getLogger()
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -53,6 +61,8 @@ def init_prog(argv):
|
||||||
help="Invoca solamente il renew per i certificati gia' presenti")
|
help="Invoca solamente il renew per i certificati gia' presenti")
|
||||||
|
|
||||||
service_group = parser.add_mutually_exclusive_group(required=True)
|
service_group = parser.add_mutually_exclusive_group(required=True)
|
||||||
|
service_group.add_argument("--proxy", default=False, action='store_true', required=False,
|
||||||
|
help="Richiedi i certificati per i siti proxaty")
|
||||||
service_group.add_argument("--liste", default=False, action='store_true', required=False,
|
service_group.add_argument("--liste", default=False, action='store_true', required=False,
|
||||||
help="Richiedi i certificati per liste.indivia.net")
|
help="Richiedi i certificati per liste.indivia.net")
|
||||||
service_group.add_argument("--hosting", default=False, action='store_true', required=False,
|
service_group.add_argument("--hosting", default=False, action='store_true', required=False,
|
||||||
|
|
@ -150,6 +160,27 @@ def get_domain_list(config, ot_conn, dns_conn):
|
||||||
ot_cursor.close()
|
ot_cursor.close()
|
||||||
return result_dict
|
return result_dict
|
||||||
|
|
||||||
|
|
||||||
|
def get_url_list(config_section, server_name, ot_conn, dns_conn):
|
||||||
|
"""
|
||||||
|
Return a list
|
||||||
|
"""
|
||||||
|
|
||||||
|
urls_list = []
|
||||||
|
|
||||||
|
ot_cursor=ot_conn.cursor()
|
||||||
|
ot_cursor.execute(urls_list_stmt, {'webserver':server_name})
|
||||||
|
|
||||||
|
ot_res = ot_cursor.fetchall()
|
||||||
|
|
||||||
|
logger.debug(ot_res)
|
||||||
|
|
||||||
|
urls_list = [t[0] for t in ot_res]
|
||||||
|
|
||||||
|
ot_cursor.close()
|
||||||
|
return urls_list
|
||||||
|
|
||||||
|
|
||||||
def get_alias_list(config, dns_conn, query, aliases):
|
def get_alias_list(config, dns_conn, query, aliases):
|
||||||
"""
|
"""
|
||||||
Return a list of domains to get the certificate for
|
Return a list of domains to get the certificate for
|
||||||
|
|
@ -186,7 +217,7 @@ def acme_renew(config, pre_hook_cmd, post_hook_cmd, dryrun=False):
|
||||||
args +=' --post-hook "{}"'.format(post_hook_cmd)
|
args +=' --post-hook "{}"'.format(post_hook_cmd)
|
||||||
|
|
||||||
args += " renew"
|
args += " renew"
|
||||||
|
|
||||||
if dryrun:
|
if dryrun:
|
||||||
logging.info("{} {}".format(config['certbot']['bin'], args))
|
logging.info("{} {}".format(config['certbot']['bin'], args))
|
||||||
else:
|
else:
|
||||||
|
|
@ -268,10 +299,12 @@ if __name__ == '__main__':
|
||||||
logging.info('Renewing certificates ')
|
logging.info('Renewing certificates ')
|
||||||
if args.webmail or args.hosting or args.liste:
|
if args.webmail or args.hosting or args.liste:
|
||||||
post_hook_cmd = "systemctl reload apache2"
|
post_hook_cmd = "systemctl reload apache2"
|
||||||
elif args.smtp:
|
elif args.smtp:
|
||||||
post_hook_cmd = "systemctl reload postfix"
|
post_hook_cmd = "systemctl reload postfix"
|
||||||
elif args.mbox:
|
elif args.mbox:
|
||||||
post_hook_cmd = "systemctl restart dovecot"
|
post_hook_cmd = "systemctl restart dovecot"
|
||||||
|
elif args.proxy:
|
||||||
|
post_hook_cmd = "systemctl reload nginx"
|
||||||
|
|
||||||
logger.debug("post_hook_cmd: {}".format(post_hook_cmd))
|
logger.debug("post_hook_cmd: {}".format(post_hook_cmd))
|
||||||
|
|
||||||
|
|
@ -297,6 +330,25 @@ if __name__ == '__main__':
|
||||||
ret = os.system("systemctl reload apache2")
|
ret = os.system("systemctl reload apache2")
|
||||||
logger.info(ret)
|
logger.info(ret)
|
||||||
|
|
||||||
|
# Caso speciale per il proxy
|
||||||
|
if args.proxy:
|
||||||
|
logging.info('Asking certificates for proxy web domains')
|
||||||
|
try:
|
||||||
|
proxy_conf = config['nginx']
|
||||||
|
except KeyError as e:
|
||||||
|
logger.error("Error parsing configuration, KeyError {}".format(e))
|
||||||
|
exit(-1)
|
||||||
|
ot_conn=connect_db(dict(config['ot_db']))
|
||||||
|
dns_conn=connect_db(dict(config['dns_db']))
|
||||||
|
|
||||||
|
upstream_servers = [s.strip() for s in proxy_conf['upstream_servers'].split(',') if len(s.strip())>0]
|
||||||
|
for server_name in upstream_servers:
|
||||||
|
logger.debug("Upstream server {}".format(server_name))
|
||||||
|
url_list = get_url_list(proxy_conf, server_name,
|
||||||
|
ot_conn, dns_conn)
|
||||||
|
logger.debug(url_list)
|
||||||
|
|
||||||
|
|
||||||
# Caso speciale per l'hosting
|
# Caso speciale per l'hosting
|
||||||
if args.hosting:
|
if args.hosting:
|
||||||
logging.info('Asking certificates for hosted web domains')
|
logging.info('Asking certificates for hosted web domains')
|
||||||
|
|
@ -341,7 +393,7 @@ if __name__ == '__main__':
|
||||||
ret = os.system("systemctl reload apache2")
|
ret = os.system("systemctl reload apache2")
|
||||||
logger.info(ret)
|
logger.info(ret)
|
||||||
|
|
||||||
|
|
||||||
# Caso speciale per l'interfaccia di mailman
|
# Caso speciale per l'interfaccia di mailman
|
||||||
if args.liste:
|
if args.liste:
|
||||||
logging.info('Asking certificates for liste.indivia.net')
|
logging.info('Asking certificates for liste.indivia.net')
|
||||||
|
|
@ -351,14 +403,14 @@ if __name__ == '__main__':
|
||||||
link_cert(config, vhost_name, vhost_name, dryrun=dryrun)
|
link_cert(config, vhost_name, vhost_name, dryrun=dryrun)
|
||||||
else:
|
else:
|
||||||
logger.error('Error asking certificate for {}'.format(vhost_name))
|
logger.error('Error asking certificate for {}'.format(vhost_name))
|
||||||
|
|
||||||
# reload apache
|
# reload apache
|
||||||
logger.info("Reloading apache")
|
logger.info("Reloading apache")
|
||||||
# ret = subprocess.run("systemctl reload apache2")
|
# ret = subprocess.run("systemctl reload apache2")
|
||||||
ret = os.system("systemctl reload apache2")
|
ret = os.system("systemctl reload apache2")
|
||||||
logger.info(ret)
|
logger.info(ret)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# Caso speciale per il server POP/IMAP
|
# Caso speciale per il server POP/IMAP
|
||||||
if args.mbox:
|
if args.mbox:
|
||||||
dns_conn=connect_db(dict(config['dns_db']))
|
dns_conn=connect_db(dict(config['dns_db']))
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue