Add certbot feature to install cert.
This commit is contained in:
parent
f44dbfa1a2
commit
dbfd2e0677
|
@ -39,7 +39,7 @@ class Admin::SitePanelController < OrbitAdminController
|
||||||
domain_name_search_text = ""
|
domain_name_search_text = ""
|
||||||
end
|
end
|
||||||
@site_certs = SiteCert.all.where(:is_valid=>true,:domain_names=>/\A#{domain_name_search_text}/)
|
@site_certs = SiteCert.all.where(:is_valid=>true,:domain_names=>/\A#{domain_name_search_text}/)
|
||||||
@site_certs = SiteCert.all
|
# @site_certs = SiteCert.all
|
||||||
if site_construct
|
if site_construct
|
||||||
@enable_cert_id = site_construct.site_cert_id
|
@enable_cert_id = site_construct.site_cert_id
|
||||||
end
|
end
|
||||||
|
@ -129,11 +129,21 @@ class Admin::SitePanelController < OrbitAdminController
|
||||||
render :json => thread.status
|
render :json => thread.status
|
||||||
end
|
end
|
||||||
elsif params[:type] == 'get_server_names'
|
elsif params[:type] == 'get_server_names'
|
||||||
render :json => (SiteServer.all.map{|s| s.server_name rescue ""}.select{|n| !n.blank?} rescue [])
|
render :json => (SiteServer.all.where(:active=>true).map{|s| s.server_name rescue ""}.select{|n| !n.blank?} rescue [])
|
||||||
else
|
else
|
||||||
@site_server = SiteServer.find(params[:id])
|
@site_server = SiteServer.find(params[:id])
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
def install_certbot
|
||||||
|
extra_text = ""
|
||||||
|
if params[:server_name].present?
|
||||||
|
extra_text = "[#{params[:server_name].gsub(/[\(\)\[\]]/){|ff| "\\"+ff }}]"
|
||||||
|
end
|
||||||
|
Thread.new do
|
||||||
|
system("bundle exec rake create_site:install_certbot#{extra_text}")
|
||||||
|
end
|
||||||
|
render :json => {"success"=>true}
|
||||||
|
end
|
||||||
def create
|
def create
|
||||||
server_ability = ServerAbility.first
|
server_ability = ServerAbility.first
|
||||||
if server_ability.available
|
if server_ability.available
|
||||||
|
@ -227,9 +237,13 @@ class Admin::SitePanelController < OrbitAdminController
|
||||||
elsif params[:type] == 'select_cert'
|
elsif params[:type] == 'select_cert'
|
||||||
@site_construct = SiteConstruct.find(params[:id])
|
@site_construct = SiteConstruct.find(params[:id])
|
||||||
@site_construct.update(:redirect_to_https=>params[:redirect_to_https])
|
@site_construct.update(:redirect_to_https=>params[:redirect_to_https])
|
||||||
|
is_certbot = true
|
||||||
|
if params[:site_cert_id] != "certbot"
|
||||||
|
is_certbot = false
|
||||||
@site_construct.update(:site_cert_id=>BSON::ObjectId(params[:site_cert_id]))
|
@site_construct.update(:site_cert_id=>BSON::ObjectId(params[:site_cert_id]))
|
||||||
|
end
|
||||||
Thread.new do
|
Thread.new do
|
||||||
system("bundle exec rake create_site:change_site_cert[#{params[:id]}]")
|
system("bundle exec rake create_site:change_site_cert[#{params[:id]},#{is_certbot}]")
|
||||||
end
|
end
|
||||||
else
|
else
|
||||||
Thread.new do
|
Thread.new do
|
||||||
|
|
|
@ -4,6 +4,7 @@ class SiteCert
|
||||||
mount_uploader :cert_file, AssetUploader #Public key
|
mount_uploader :cert_file, AssetUploader #Public key
|
||||||
mount_uploader :ca_bundle, AssetUploader
|
mount_uploader :ca_bundle, AssetUploader
|
||||||
mount_uploader :private_key, AssetUploader
|
mount_uploader :private_key, AssetUploader
|
||||||
|
field :is_certbot, type: Boolean ,default: false
|
||||||
field :is_valid , type: Boolean ,default: false
|
field :is_valid , type: Boolean ,default: false
|
||||||
field :domain_names , type: Array ,default: []
|
field :domain_names , type: Array ,default: []
|
||||||
field :source_paths , type: Array ,default: []
|
field :source_paths , type: Array ,default: []
|
||||||
|
|
|
@ -11,6 +11,7 @@ class SiteServer
|
||||||
field :account , type: String ,default: ''
|
field :account , type: String ,default: ''
|
||||||
field :password , type: String ,default: ''
|
field :password , type: String ,default: ''
|
||||||
field :active , type: Boolean ,default: true
|
field :active , type: Boolean ,default: true
|
||||||
|
field :has_certbot, type: Boolean , default: false
|
||||||
def domain_names
|
def domain_names
|
||||||
if self.domain_name != ''
|
if self.domain_name != ''
|
||||||
[self.domain_name]
|
[self.domain_name]
|
||||||
|
|
|
@ -1,9 +1,25 @@
|
||||||
|
<style>
|
||||||
|
.inactive-serv{
|
||||||
|
font-weight: bold;
|
||||||
|
color: red;
|
||||||
|
font-size: 1.5em;
|
||||||
|
vertical-align: middle;
|
||||||
|
padding-left: 0.2em;
|
||||||
|
}
|
||||||
|
.green_text{
|
||||||
|
color: green;
|
||||||
|
}
|
||||||
|
.red_text{
|
||||||
|
color: red;
|
||||||
|
}
|
||||||
|
</style>
|
||||||
<table class="table main-list default footable-loaded">
|
<table class="table main-list default footable-loaded">
|
||||||
<thead>
|
<thead>
|
||||||
<tr>
|
<tr>
|
||||||
<th>Sites amount</th>
|
<th>Sites amount</th>
|
||||||
<th>Server name</th>
|
<th>Server name</th>
|
||||||
<th>IP</th>
|
<th>IP</th>
|
||||||
|
<th>Certbot</th>
|
||||||
<th>Action</th>
|
<th>Action</th>
|
||||||
</tr>
|
</tr>
|
||||||
</thead>
|
</thead>
|
||||||
|
@ -19,8 +35,18 @@
|
||||||
Development: <%=SiteConstruct.where(:hidden.ne=> true,:server_type => site_server.server_name,:rails_env.in=>["development",nil],:status=>"finish").count %><br>
|
Development: <%=SiteConstruct.where(:hidden.ne=> true,:server_type => site_server.server_name,:rails_env.in=>["development",nil],:status=>"finish").count %><br>
|
||||||
</p>
|
</p>
|
||||||
</td>
|
</td>
|
||||||
<td><%=site_server.server_name%></td>
|
<td><%=site_server.server_name%><%= '<span class="inactive-serv" title="inactive">X</span>'.html_safe if !(site_server.active) %></td>
|
||||||
<td><%=site_server.ip%></td>
|
<td><%=site_server.ip%></td>
|
||||||
|
<td>
|
||||||
|
<% if site_server.has_certbot%>
|
||||||
|
<span class="green_text"><%= t("client_management.alreay_install") %></span>
|
||||||
|
<% else %>
|
||||||
|
<span class="red_text"><%= t("client_management.not_install") %></span>
|
||||||
|
<% if site_server.active %>
|
||||||
|
<span><a class="btn btn-success install_certbot" title="Install certbot" data-name="<%=site_server.server_name%>">Install certbot</a></span>
|
||||||
|
<% end %>
|
||||||
|
<% end %>
|
||||||
|
</td>
|
||||||
<td>
|
<td>
|
||||||
<a class="btn btn-primary" href = "<%= admin_site_panel_edit_server_info_path+"?id=#{site_server.id.to_s}" %>"><%=t(:edit)%></a>
|
<a class="btn btn-primary" href = "<%= admin_site_panel_edit_server_info_path+"?id=#{site_server.id.to_s}" %>"><%=t(:edit)%></a>
|
||||||
<a class="btn btn-primary" href = "#" onclick="if(window.confirm('Do you really want to delete <%=site_server.server_name%>?')) { window.location.href = '<%= admin_site_panel_edit_server_info_path+"?id=#{site_server.id.to_s}&type=delete" %>';}"><%=t(:remove)%></a>
|
<a class="btn btn-primary" href = "#" onclick="if(window.confirm('Do you really want to delete <%=site_server.server_name%>?')) { window.location.href = '<%= admin_site_panel_edit_server_info_path+"?id=#{site_server.id.to_s}&type=delete" %>';}"><%=t(:remove)%></a>
|
||||||
|
@ -95,6 +121,9 @@
|
||||||
var status_text = "not yet create";
|
var status_text = "not yet create";
|
||||||
else
|
else
|
||||||
var status_text = status_relation[status];
|
var status_text = status_relation[status];
|
||||||
|
if(!status_text){
|
||||||
|
status_text = "<span style=\"color: skyblue;\">"+status+"</span>";
|
||||||
|
}
|
||||||
$("#info_texts").html(status_text+"<div style='clear:both;'></div>"+infos.join("<br>"));
|
$("#info_texts").html(status_text+"<div style='clear:both;'></div>"+infos.join("<br>"));
|
||||||
msg_end.scrollIntoView();
|
msg_end.scrollIntoView();
|
||||||
timeout_id = window.setTimeout(see_infos(key),1000);
|
timeout_id = window.setTimeout(see_infos(key),1000);
|
||||||
|
@ -156,5 +185,13 @@
|
||||||
show_infos_dialog(key);
|
show_infos_dialog(key);
|
||||||
})
|
})
|
||||||
});
|
});
|
||||||
|
$(".install_certbot").off("click").on("click",function(){
|
||||||
|
var server_name = $(this).data("name");
|
||||||
|
if( server_name == undefined)
|
||||||
|
server_name = "";
|
||||||
|
$.post("<%=admin_site_panel_install_certbot_path%>",{"server_name":server_name}).done(function(){
|
||||||
|
show_infos_dialog("install_certbot");
|
||||||
|
})
|
||||||
|
})
|
||||||
})
|
})
|
||||||
</script>
|
</script>
|
|
@ -49,6 +49,14 @@
|
||||||
<label class="control-label muted"><%= t(:tags) %></label>
|
<label class="control-label muted"><%= t(:tags) %></label>
|
||||||
<%= select_tags(f, @module_app) %>
|
<%= select_tags(f, @module_app) %>
|
||||||
</div>
|
</div>
|
||||||
|
<% unless @site_server.new_record? %>
|
||||||
|
<div class="control-group">
|
||||||
|
<label class="control-label muted"><%= t("client_management.active") %></label>
|
||||||
|
<div class="controls">
|
||||||
|
<%= f.check_box :active %>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<% end %>
|
||||||
<div class="control-group">
|
<div class="control-group">
|
||||||
<label class="control-label muted" for="server_name">Server name:</label>
|
<label class="control-label muted" for="server_name">Server name:</label>
|
||||||
<div class="controls">
|
<div class="controls">
|
||||||
|
|
|
@ -1,4 +1,32 @@
|
||||||
<% if @site_certs.count == 0 %>
|
<% if @site_certs.count == 0 %>
|
||||||
|
<% site_server = @site_construct.site_server %>
|
||||||
|
<% if (site_server.has_certbot rescue false)%>
|
||||||
|
<div class="control-group">
|
||||||
|
<label style=" font-size: 1.2em; font-weight: bold; ">
|
||||||
|
<%= check_box_tag("redirect_to_https",1,(@site_construct.redirect_to_https rescue false)) %>
|
||||||
|
<%=t("client_management.redirect_to_https")%>
|
||||||
|
</label>
|
||||||
|
</div>
|
||||||
|
<table class="table table-bordered main-list default">
|
||||||
|
<thead>
|
||||||
|
<th></th>
|
||||||
|
<th><%=t('client_management.upload_date')%></th>
|
||||||
|
<th><%=t('client_management.start_date')%>/<%=t('client_management.end_date')%></th>
|
||||||
|
<th><%=t('client_management.domain_name')%></th>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
|
<tr>
|
||||||
|
<td><%=radio_button_tag("site_cert","certbot",false)%></td>
|
||||||
|
<td>Certbot</td>
|
||||||
|
<td></td>
|
||||||
|
<td></td>
|
||||||
|
</tr>
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
<% else %>
|
||||||
|
<a href="<%=admin_site_panel_server_manager_path%>">Please install certbot first!</a>
|
||||||
|
<div style="clear: both;"></div>
|
||||||
|
<% end %>
|
||||||
<%= link_to t('client_management.upload_cert'),upload_cert_admin_site_panel_index_path, :target=>"_blank" %>
|
<%= link_to t('client_management.upload_cert'),upload_cert_admin_site_panel_index_path, :target=>"_blank" %>
|
||||||
<% else %>
|
<% else %>
|
||||||
<div class="control-group">
|
<div class="control-group">
|
||||||
|
|
|
@ -7,6 +7,9 @@ en:
|
||||||
upload_cert: Upload Cert
|
upload_cert: Upload Cert
|
||||||
cert_management: Cert Management
|
cert_management: Cert Management
|
||||||
client_management:
|
client_management:
|
||||||
|
alreay_install: Alreay install
|
||||||
|
not_install: Not install
|
||||||
|
active: Active
|
||||||
over_the_limit: Please Contact us (RulingCare) to add the limit of Site number.
|
over_the_limit: Please Contact us (RulingCare) to add the limit of Site number.
|
||||||
redirect_to_https: Redirect to https
|
redirect_to_https: Redirect to https
|
||||||
start_date: Start Date
|
start_date: Start Date
|
||||||
|
|
|
@ -7,6 +7,9 @@ zh_tw:
|
||||||
upload_cert: 上傳憑證
|
upload_cert: 上傳憑證
|
||||||
cert_management: 憑證管理
|
cert_management: 憑證管理
|
||||||
client_management:
|
client_management:
|
||||||
|
alreay_install: 已安裝
|
||||||
|
not_install: 未安裝
|
||||||
|
active: 啟用
|
||||||
over_the_limit: 請您聯絡客服以增加可以新增的網站數量上限。
|
over_the_limit: 請您聯絡客服以增加可以新增的網站數量上限。
|
||||||
redirect_to_https: 跳轉到https
|
redirect_to_https: 跳轉到https
|
||||||
start_date: 開始日期
|
start_date: 開始日期
|
||||||
|
|
|
@ -48,6 +48,9 @@ Rails.application.routes.draw do
|
||||||
get "site_panel/server_manager" => "site_panel#server_manager"
|
get "site_panel/server_manager" => "site_panel#server_manager"
|
||||||
get "site_panel/edit_server_info" => "site_panel#edit_server_info"
|
get "site_panel/edit_server_info" => "site_panel#edit_server_info"
|
||||||
post "site_panel/edit_server_info" => "site_panel#edit_server_info"
|
post "site_panel/edit_server_info" => "site_panel#edit_server_info"
|
||||||
|
get "site_panel/install_certbot" => "site_panel#install_certbot"
|
||||||
|
post "site_panel/install_certbot" => "site_panel#install_certbot"
|
||||||
|
|
||||||
post "site_panel/update_cert_setting" => "site_panel#update_cert_setting"
|
post "site_panel/update_cert_setting" => "site_panel#update_cert_setting"
|
||||||
resources :site_panel do
|
resources :site_panel do
|
||||||
delete 'destroy_cert'
|
delete 'destroy_cert'
|
||||||
|
|
|
@ -3,15 +3,69 @@ require 'pathname'
|
||||||
require 'json'
|
require 'json'
|
||||||
namespace :create_site do
|
namespace :create_site do
|
||||||
desc "Change Site Cert"
|
desc "Change Site Cert"
|
||||||
task :change_site_cert,[:id] => :environment do |task,args|
|
task :change_site_cert,[:id,:is_certbot] => :environment do |task,args|
|
||||||
begin
|
begin
|
||||||
@site_construct = SiteConstruct.find(args.id)
|
@site_construct = SiteConstruct.find(args.id)
|
||||||
@site_cert = @site_construct.site_cert
|
@site_cert = @site_construct.site_cert
|
||||||
site_server = @site_construct.site_server
|
site_server = @site_construct.site_server
|
||||||
@site_construct.update(:infos=>[],:status=>"changing")
|
@site_construct.update(:infos=>[],:status=>"changing")
|
||||||
if !site_server.nil? && !@site_cert.nil?
|
is_certbot = (args.is_certbot == "true") || (@site_cert.is_certbot rescue false)
|
||||||
|
if !site_server.nil? && (!@site_cert.nil? || is_certbot)
|
||||||
@password = site_server.password
|
@password = site_server.password
|
||||||
Net::SSH.start(site_server.ip , site_server.account , password: site_server.password) do |ssh|
|
Net::SSH.start(site_server.ip , site_server.account , password: site_server.password) do |ssh|
|
||||||
|
if is_certbot
|
||||||
|
domain_name = @site_construct.domain_name
|
||||||
|
if domain_name.present?
|
||||||
|
certbot_path = exec_ssh_command_by_sudo_and_see_output(ssh,"bash -l -c 'which certbot'",false,true).strip
|
||||||
|
if certbot_path.present?
|
||||||
|
if @site_cert
|
||||||
|
update_infos("Using certbot to change cert setting...")
|
||||||
|
else
|
||||||
|
update_infos("Using certbot to generate cert for #{domain_name}...")
|
||||||
|
end
|
||||||
|
redirect_to_https = @site_construct.redirect_to_https
|
||||||
|
exec_ssh_command_by_sudo_and_see_output(ssh,"sudo -p 'sudo password:' #{certbot_path} --nginx -d #{domain_name} -n --#{redirect_to_https ? 'redirect' : 'no-redirect'}",true,false)
|
||||||
|
nginx_file = @site_construct.nginx_file
|
||||||
|
nginx_file_content = exec_ssh_command_by_sudo_and_see_output(ssh,"cat #{nginx_file}",false,true)
|
||||||
|
crt_file_path = nginx_file_content.match(/ssl_certificate\s+(.*)/)[1].split(';').first rescue ''
|
||||||
|
private_key_path = nginx_file_content.match(/ssl_certificate_key\s+(.*)/)[1].split(';').first rescue ''
|
||||||
|
site_cert = @site_construct.site_cert
|
||||||
|
if crt_file_path.present? && private_key_path.present?
|
||||||
|
if site_cert.nil?
|
||||||
|
site_cert = SiteCert.where(:source_paths=>[crt_file_path,private_key_path]).first
|
||||||
|
site_cert = SiteCert.new if site_cert.nil?
|
||||||
|
end
|
||||||
|
if true #site_cert.source_paths.count == 0
|
||||||
|
site_cert["cert_file"] = File.basename(crt_file_path)
|
||||||
|
cert_file_store_path = site_cert.cert_file.file.file
|
||||||
|
crt_file_content = exec_ssh_command_by_sudo_and_see_output(ssh,"cat #{crt_file_path}",false).select{|s| s.present?}.join("\n").strip.split(/(\r\n|\n)/).select{|s| s.present?}.join("\n")
|
||||||
|
FileUtils.mkdir_p(File.dirname(cert_file_store_path)) unless Dir.exist?(File.dirname(cert_file_store_path))
|
||||||
|
File.open(site_cert.cert_file.file.file,'w+'){|f| f.write(crt_file_content)}
|
||||||
|
site_cert["private_key"] = File.basename(private_key_path)
|
||||||
|
private_key_store_path = site_cert.private_key.file.file
|
||||||
|
private_key_content = exec_ssh_command_by_sudo_and_see_output(ssh,"cat #{private_key_path}",false).select{|s| s.present?}.join("\n").strip.split(/(\r\n|\n)/).select{|s| s.present?}.join("\n")
|
||||||
|
FileUtils.mkdir_p(File.dirname(private_key_store_path)) unless Dir.exist?(File.dirname(private_key_path))
|
||||||
|
File.open(site_cert.private_key.file.file,'w+'){|f| f.write(private_key_content)}
|
||||||
|
site_cert.source_paths = [crt_file_path,private_key_path]
|
||||||
|
site_cert.is_certbot = private_key_path.include?("letsencrypt")
|
||||||
|
site_cert.save
|
||||||
|
@site_construct.update(:site_cert=>site_cert)
|
||||||
|
end
|
||||||
|
all_ports = (@site_construct.port + ["443"]).uniq
|
||||||
|
@site_construct.update(:port=> all_ports )
|
||||||
|
update_infos("Finish installing cert with certbot!")
|
||||||
|
else
|
||||||
|
update_infos("Certbot generate cert failed!")
|
||||||
|
update_infos("Please check your domain dns setting(A record)!")
|
||||||
|
@site_construct.update(:status=>"error")
|
||||||
|
end
|
||||||
|
else
|
||||||
|
update_infos("Please install certbot first!")
|
||||||
|
end
|
||||||
|
else
|
||||||
|
update_infos("Please set domain name first!")
|
||||||
|
end
|
||||||
|
else
|
||||||
update_infos("Copying Cert to #{@site_construct.server_type}...")
|
update_infos("Copying Cert to #{@site_construct.server_type}...")
|
||||||
cert_file_content = [(@site_cert.cert_file.file.read.strip rescue ""),(@site_cert.ca_bundle.file.read.strip rescue "")].join("\n").strip
|
cert_file_content = [(@site_cert.cert_file.file.read.strip rescue ""),(@site_cert.ca_bundle.file.read.strip rescue "")].join("\n").strip
|
||||||
private_key_content = @site_cert.private_key.file.read
|
private_key_content = @site_cert.private_key.file.read
|
||||||
|
@ -29,7 +83,7 @@ namespace :create_site do
|
||||||
nginx_file_content = @site_construct.generate_nginx_text(nginx_file_content)
|
nginx_file_content = @site_construct.generate_nginx_text(nginx_file_content)
|
||||||
cmd = "x='#{nginx_file_content}'; echo '#{@password}' | sudo -S sh -c \"echo '$x' > #{@site_construct.nginx_file}\""
|
cmd = "x='#{nginx_file_content}'; echo '#{@password}' | sudo -S sh -c \"echo '$x' > #{@site_construct.nginx_file}\""
|
||||||
exec_command_by_user(ssh,cmd)
|
exec_command_by_user(ssh,cmd)
|
||||||
puts nginx_file_content
|
end
|
||||||
exec_ssh_command_by_sudo(ssh,"service nginx restart")
|
exec_ssh_command_by_sudo(ssh,"service nginx restart")
|
||||||
update_infos("Finish!")
|
update_infos("Finish!")
|
||||||
@site_construct.update(:status=>"finish")
|
@site_construct.update(:status=>"finish")
|
||||||
|
|
|
@ -8,11 +8,12 @@ namespace :create_site do
|
||||||
Multithread.where(:key=>'detect_sites').each{|thread| thread.destroy if (thread.status["status"] == "error" || thread.status["status"] == "finish")}
|
Multithread.where(:key=>'detect_sites').each{|thread| thread.destroy if (thread.status["status"] == "error" || thread.status["status"] == "finish")}
|
||||||
Multithread.where(:key=>'detect_sites').destroy
|
Multithread.where(:key=>'detect_sites').destroy
|
||||||
@thread = Multithread.where(:key=>'detect_sites').first
|
@thread = Multithread.where(:key=>'detect_sites').first
|
||||||
|
@type = "exec_all"
|
||||||
if @thread.nil?
|
if @thread.nil?
|
||||||
begin
|
begin
|
||||||
@thread = Multithread.create(:key=>'detect_sites',:status=>{"infos"=>[],"status"=>"detecting"})
|
@thread = Multithread.create(:key=>'detect_sites',:status=>{"infos"=>[],"status"=>"detecting"})
|
||||||
if( args.detect_name.nil? rescue true)
|
if( args.detect_name.nil? rescue true)
|
||||||
site_servers = SiteServer.all.to_a
|
site_servers = SiteServer.all.where(:active=>true).to_a
|
||||||
else
|
else
|
||||||
site_servers = SiteServer.where(:server_name=>args.detect_name).to_a
|
site_servers = SiteServer.where(:server_name=>args.detect_name).to_a
|
||||||
end
|
end
|
||||||
|
@ -33,6 +34,20 @@ namespace :create_site do
|
||||||
next
|
next
|
||||||
end
|
end
|
||||||
Net::SSH.start(@site_server.ip , @site_server.account , password: @site_server.password) do |ssh|
|
Net::SSH.start(@site_server.ip , @site_server.account , password: @site_server.password) do |ssh|
|
||||||
|
certbot_path = exec_ssh_command_by_sudo_and_see_output(ssh,"bash -l -c 'which certbot'",false,true).strip
|
||||||
|
@site_server.has_certbot = certbot_path.present?
|
||||||
|
@site_server.save
|
||||||
|
if @site_server.has_certbot
|
||||||
|
update_thread_infos("Checking certbot renew cronjob...")
|
||||||
|
crontab_lines = exec_ssh_command_by_sudo_and_see_output(ssh,"sudo -p 'sudo password:' crontab -l",false,false)
|
||||||
|
certbot_renew_command = crontab_lines.select{|l| l.include?("certbot") && l.include?("renew")}[0]
|
||||||
|
unless certbot_renew_command
|
||||||
|
update_thread_infos("Add certbot renew cronjob!")
|
||||||
|
certbot_renew_command = "30 2 * * 1 #{certbot_path} renew --no-self-upgrade --post-hook 'sudo service nginx restart' > /var/log/le-renew.log"
|
||||||
|
update_thread_infos(certbot_renew_command)
|
||||||
|
exec_ssh_command_by_sudo_and_see_output(ssh,"CRON=\"#{certbot_renew_command}\" && (sudo -p 'sudo password:' crontab -l; echo \"\$CRON\" ) | sudo -p 'sudo password:' crontab -",false)
|
||||||
|
end
|
||||||
|
end
|
||||||
nginx_include_dir = exec_command_by_user(ssh,'grep include /etc/nginx/nginx.conf | grep -v "\#\|include /etc/nginx/mime.types\|include /etc/nginx/conf.d/\*.conf\|/etc/nginx/sites-enabled/\*"')
|
nginx_include_dir = exec_command_by_user(ssh,'grep include /etc/nginx/nginx.conf | grep -v "\#\|include /etc/nginx/mime.types\|include /etc/nginx/conf.d/\*.conf\|/etc/nginx/sites-enabled/\*"')
|
||||||
nginx_include_dir = nginx_include_dir.gsub(/include|;|\n/,'').strip
|
nginx_include_dir = nginx_include_dir.gsub(/include|;|\n/,'').strip
|
||||||
domain_name = @site_server.domain_name#'serv.rulingcom.com'
|
domain_name = @site_server.domain_name#'serv.rulingcom.com'
|
||||||
|
@ -49,8 +64,7 @@ namespace :create_site do
|
||||||
server_name_list << server_name_for_site
|
server_name_list << server_name_for_site
|
||||||
end
|
end
|
||||||
server_name = server_name_list.join(' ')
|
server_name = server_name_list.join(' ')
|
||||||
nginx_file_content = exec_ssh_command_by_sudo_and_see_output(ssh,"cat #{nginx_file}",false)
|
nginx_file_content = exec_ssh_command_by_sudo_and_see_output(ssh,"cat #{nginx_file}",false,true)
|
||||||
nginx_file_content = nginx_file_content.join('\n') if nginx_file_content.class == Array
|
|
||||||
site_path = Pathname.new(exec_ssh_command_by_sudo(ssh,"echo `grep root #{nginx_file} | grep -v -e '#.*root'`").to_s.split("\n").first.to_s.strip.split("root").last.to_s.gsub(";","").strip).dirname.to_s
|
site_path = Pathname.new(exec_ssh_command_by_sudo(ssh,"echo `grep root #{nginx_file} | grep -v -e '#.*root'`").to_s.split("\n").first.to_s.strip.split("root").last.to_s.gsub(";","").strip).dirname.to_s
|
||||||
if site_path.present? && exec_ssh_command_by_sudo(ssh,"ls #{site_path}").split.length != 0 && exec_ssh_command_by_sudo(ssh,"ls #{site_path}/Gemfile").include?("No such file or directory")
|
if site_path.present? && exec_ssh_command_by_sudo(ssh,"ls #{site_path}").split.length != 0 && exec_ssh_command_by_sudo(ssh,"ls #{site_path}/Gemfile").include?("No such file or directory")
|
||||||
SiteConstruct.where(:server_type => @site_server.server_name , :domain_name=>server_name).destroy
|
SiteConstruct.where(:server_type => @site_server.server_name , :domain_name=>server_name).destroy
|
||||||
|
@ -128,6 +142,7 @@ namespace :create_site do
|
||||||
FileUtils.mkdir_p(File.dirname(private_key_store_path)) unless Dir.exist?(File.dirname(private_key_path))
|
FileUtils.mkdir_p(File.dirname(private_key_store_path)) unless Dir.exist?(File.dirname(private_key_path))
|
||||||
File.open(site_cert.private_key.file.file,'w+'){|f| f.write(private_key_content)}
|
File.open(site_cert.private_key.file.file,'w+'){|f| f.write(private_key_content)}
|
||||||
site_cert.source_paths = [crt_file_path,private_key_path]
|
site_cert.source_paths = [crt_file_path,private_key_path]
|
||||||
|
site_cert.is_certbot = private_key_path.include?("letsencrypt")
|
||||||
site_cert.save
|
site_cert.save
|
||||||
site_construct.update(:site_cert=>site_cert)
|
site_construct.update(:site_cert=>site_cert)
|
||||||
end
|
end
|
||||||
|
|
|
@ -120,6 +120,7 @@ namespace :exec_commands do
|
||||||
return output
|
return output
|
||||||
end
|
end
|
||||||
def update_infos_for_exec(info,update_last=false)
|
def update_infos_for_exec(info,update_last=false)
|
||||||
|
return if @site_construct.nil?
|
||||||
if update_last && !@site_construct.infos.empty?
|
if update_last && !@site_construct.infos.empty?
|
||||||
@site_construct.infos[-1] += info.to_s
|
@site_construct.infos[-1] += info.to_s
|
||||||
else
|
else
|
||||||
|
@ -137,12 +138,16 @@ namespace :exec_commands do
|
||||||
@thread.save!
|
@thread.save!
|
||||||
return @thread.status["infos"]
|
return @thread.status["infos"]
|
||||||
end
|
end
|
||||||
def exec_ssh_command_and_see_output(session,command,update=true)
|
def exec_ssh_command_and_see_output(session,command,update=true,output_string=false)
|
||||||
outputs = []
|
outputs = []
|
||||||
@flag = (@type == "exec_all")
|
@flag = (@type == "exec_all")
|
||||||
if update
|
if update
|
||||||
|
if @site_construct
|
||||||
update_thread_infos_for_exec("execing #{command} on on <a href='#{((@site_construct.get_port == "443") ? "https" : "http")}://#{@site_construct.domain_name}#{((@site_construct.get_port=="80" || @site_construct.get_port=="443" || @site_construct.get_port.blank?) ? "" : (':'+@site_construct.get_port))}'>#{@site_construct.domain_name}</a>") if @flag
|
update_thread_infos_for_exec("execing #{command} on on <a href='#{((@site_construct.get_port == "443") ? "https" : "http")}://#{@site_construct.domain_name}#{((@site_construct.get_port=="80" || @site_construct.get_port=="443" || @site_construct.get_port.blank?) ? "" : (':'+@site_construct.get_port))}'>#{@site_construct.domain_name}</a>") if @flag
|
||||||
update_infos_for_exec("execing #{command}")
|
update_infos_for_exec("execing #{command}")
|
||||||
|
elsif @thread
|
||||||
|
update_thread_infos_for_exec("execing #{command}...")
|
||||||
|
end
|
||||||
end
|
end
|
||||||
session.open_channel do |channel|
|
session.open_channel do |channel|
|
||||||
channel.request_pty do |channel, success|
|
channel.request_pty do |channel, success|
|
||||||
|
@ -173,21 +178,33 @@ namespace :exec_commands do
|
||||||
end
|
end
|
||||||
channel.on_close do |ch|
|
channel.on_close do |ch|
|
||||||
if update
|
if update
|
||||||
|
if @site_construct
|
||||||
update_thread_infos_for_exec("finish execing #{command} on <a href='#{((@site_construct.get_port == "443") ? "https" : "http")}://#{@site_construct.domain_name}#{((@site_construct.get_port=="80" || @site_construct.get_port=="443" || @site_construct.get_port.blank?) ? "" : (':'+@site_construct.get_port))}'>#{@site_construct.domain_name}</a>") if @flag
|
update_thread_infos_for_exec("finish execing #{command} on <a href='#{((@site_construct.get_port == "443") ? "https" : "http")}://#{@site_construct.domain_name}#{((@site_construct.get_port=="80" || @site_construct.get_port=="443" || @site_construct.get_port.blank?) ? "" : (':'+@site_construct.get_port))}'>#{@site_construct.domain_name}</a>") if @flag
|
||||||
update_infos_for_exec("finish execing #{command}")
|
update_infos_for_exec("finish execing #{command}")
|
||||||
|
elsif @thread
|
||||||
|
update_thread_infos_for_exec("finish execing #{command}")
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
session.loop
|
session.loop
|
||||||
|
if output_string
|
||||||
|
return outputs.join("\n")
|
||||||
|
else
|
||||||
return outputs
|
return outputs
|
||||||
end
|
end
|
||||||
def exec_ssh_command_by_sudo_and_see_output(session,command,update=true)
|
end
|
||||||
|
def exec_ssh_command_by_sudo_and_see_output(session,command,update=true,output_string=false)
|
||||||
outputs = exec_ssh_command_and_see_output(session,command,update)
|
outputs = exec_ssh_command_and_see_output(session,command,update)
|
||||||
if outputs.join("\n").include?("Permission denied") || outputs.join("\n").include?("Operation not permitted")
|
if outputs.join("\n").include?("Permission denied") || outputs.join("\n").include?("Operation not permitted")
|
||||||
outputs = exec_ssh_command_and_see_output(session,"sudo -p 'sudo password:' #{command}",update)
|
outputs = exec_ssh_command_and_see_output(session,"sudo -p 'sudo password:' #{command}",update)
|
||||||
end
|
end
|
||||||
|
if output_string
|
||||||
|
return outputs.join("\n")
|
||||||
|
else
|
||||||
return outputs
|
return outputs
|
||||||
end
|
end
|
||||||
|
end
|
||||||
end
|
end
|
|
@ -0,0 +1,83 @@
|
||||||
|
require 'net/ssh'
|
||||||
|
require 'pathname'
|
||||||
|
require 'fileutils'
|
||||||
|
namespace :create_site do
|
||||||
|
desc "Install certbot"
|
||||||
|
task :install_certbot,[:server_name] => :environment do |task,args|
|
||||||
|
#Multithread.where(:key=>'detect_sites').destroy
|
||||||
|
Multithread.where(:key=>'install_certbot').each{|thread| thread.destroy if (thread.status["status"] == "error" || thread.status["status"] == "finish")}
|
||||||
|
Multithread.where(:key=>'install_certbot').destroy
|
||||||
|
@thread = Multithread.where(:key=>'install_certbot').first
|
||||||
|
@type = "exec_all"
|
||||||
|
if @thread.nil?
|
||||||
|
begin
|
||||||
|
@thread = Multithread.create(:key=>'install_certbot',:status=>{"infos"=>[],"status"=>"running"})
|
||||||
|
if( args.server_name.nil? rescue true)
|
||||||
|
site_servers = SiteServer.all.where(:active=>true).to_a
|
||||||
|
else
|
||||||
|
site_servers = SiteServer.where(:server_name=>args.server_name).to_a
|
||||||
|
end
|
||||||
|
site_servers.each do |site_server|
|
||||||
|
@site_server = site_server
|
||||||
|
update_thread_infos("<span style='color: skyblue;'>"+@site_server.server_name+"</span>")
|
||||||
|
@password = @site_server.password
|
||||||
|
begin
|
||||||
|
begin
|
||||||
|
Net::SSH.start(@site_server.ip , @site_server.account , password: @site_server.password) do |ssh|
|
||||||
|
end
|
||||||
|
rescue Net::SSH::HostKeyMismatch
|
||||||
|
system("ssh-keygen -f \"$HOME/.ssh/known_hosts\" -R #{@site_server.ip}")
|
||||||
|
rescue Errno::ENOTTY
|
||||||
|
system("ssh-add \"$HOME/.ssh/id_rsa\"")
|
||||||
|
rescue => e
|
||||||
|
update_thread_infos(e.to_s)
|
||||||
|
next
|
||||||
|
end
|
||||||
|
Net::SSH.start(@site_server.ip , @site_server.account , password: @site_server.password) do |ssh|
|
||||||
|
certbot_path = exec_ssh_command_by_sudo_and_see_output(ssh,"bash -l -c 'which certbot'",false,true).strip
|
||||||
|
snap_path = exec_ssh_command_by_sudo_and_see_output(ssh,"bash -l -c 'which snap'",false,true).strip
|
||||||
|
if certbot_path.blank?
|
||||||
|
if snap_path.blank?
|
||||||
|
update_thread_infos("Installing snap...")
|
||||||
|
exec_ssh_command_by_sudo_and_see_output(ssh,"sudo -p 'sudo password:' apt update",true,false)
|
||||||
|
exec_ssh_command_by_sudo_and_see_output(ssh,"sudo -p 'sudo password:' apt install snapd -y",true,false)
|
||||||
|
snap_path = exec_ssh_command_by_sudo_and_see_output(ssh,"bash -l -c 'which snap'",false,true).strip
|
||||||
|
end
|
||||||
|
if snap_path.present?
|
||||||
|
update_thread_infos("Installing snap core...")
|
||||||
|
exec_ssh_command_by_sudo_and_see_output(ssh,"sudo -p 'sudo password:' bash -l -c 'snap install core && snap refresh core'",true,false)
|
||||||
|
update_thread_infos("Installing certbot with snap...")
|
||||||
|
exec_ssh_command_by_sudo_and_see_output(ssh,"sudo -p 'sudo password:' snap install --classic certbot",true,false)
|
||||||
|
exec_ssh_command_by_sudo_and_see_output(ssh,"sudo -p 'sudo password:' ln -s /snap/bin/certbot /usr/bin/certbot",false,false)
|
||||||
|
exec_ssh_command_by_sudo_and_see_output(ssh,"sudo -p 'sudo password:' certbot register --email bohung@rulingcom.com --agree-tos -n",false,false)
|
||||||
|
update_thread_infos("Finish install certbot!")
|
||||||
|
certbot_path = "/usr/bin/certbot"
|
||||||
|
else
|
||||||
|
update_thread_infos("There was some error when installing snap!")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
if certbot_path.present?
|
||||||
|
@site_server.has_certbot = true
|
||||||
|
@site_server.save
|
||||||
|
update_thread_infos("Setting certbot renew to cronjob...")
|
||||||
|
crontab_lines = exec_ssh_command_by_sudo_and_see_output(ssh,"sudo -p 'sudo password:' crontab -l",false,false)
|
||||||
|
certbot_renew_command = crontab_lines.select{|l| l.include?("certbot") && l.include?("renew")}[0]
|
||||||
|
unless certbot_renew_command
|
||||||
|
update_thread_infos("Add certbot renew cronjob!")
|
||||||
|
certbot_renew_command = "30 2 * * 1 #{certbot_path} renew --no-self-upgrade --post-hook 'sudo service nginx restart' > /var/log/le-renew.log"
|
||||||
|
update_thread_infos(certbot_renew_command)
|
||||||
|
exec_ssh_command_by_sudo_and_see_output(ssh,"CRON=\"#{certbot_renew_command}\" && (sudo -p 'sudo password:' crontab -l; echo \"\$CRON\" ) | sudo -p 'sudo password:' crontab -",false)
|
||||||
|
end
|
||||||
|
update_thread_infos("Finish setting renew cronjob!")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
@thread.update(:status=>@thread.status.merge({"status"=>"finish"}))
|
||||||
|
rescue => e
|
||||||
|
puts [e,e.backtrace]
|
||||||
|
@thread.update(:status=>{"infos"=>@thread.status["infos"].push(e.to_s),"status"=>"error"})
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
Loading…
Reference in New Issue