Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
L
letsencrypt-haproxy
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Commits
Open sidebar
open
letsencrypt-haproxy
Commits
cba5f41e
Commit
cba5f41e
authored
Jul 05, 2016
by
Mart van Santen
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Latest uncommitted changes to the source code.
parent
9c184f00
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
64 additions
and
22 deletions
+64
-22
authenticator.py
letsencrypt_haproxy/authenticator.py
+48
-16
installer.py
letsencrypt_haproxy/installer.py
+16
-6
No files found.
letsencrypt_haproxy/authenticator.py
View file @
cba5f41e
"""Haproxy Let's Encrypt authenticator plugin."""
import
os
import
logging
import
re
...
...
@@ -8,9 +7,12 @@ import subprocess
import
zope.component
import
zope.interface
import
boto3
import
threading
import
time
from
acme
import
challenges
from
letsencrypt
import
errors
...
...
@@ -19,14 +21,14 @@ from letsencrypt.plugins import common
from
BaseHTTPServer
import
BaseHTTPRequestHandler
,
HTTPServer
# This is the port where HAproxy should forward requests to
PORT_NUMBER
=
8080
logger
=
logging
.
getLogger
(
__name__
)
class
HaProxyHandler
(
BaseHTTPRequestHandler
):
# def __init__(self, key):
# self.key = key
validation
=
''
def
do_GET
(
self
):
...
...
@@ -49,8 +51,10 @@ class Authenticator(common.Plugin):
# @classmethod
# def add_parser_arguments(cls, add):
# add("port", default=os.getenv('PORT'),
# help="Haproxy redirect port")
# add("s3-bucket", default=os.getenv('S3_BUCKET'),
# help="Bucket referenced by CloudFront distribution")
# add("s3-region", default="us-east-1",
# help="Bucket region name")
def
__init__
(
self
,
*
args
,
**
kwargs
):
super
(
Authenticator
,
self
)
.
__init__
(
*
args
,
**
kwargs
)
...
...
@@ -73,39 +77,67 @@ class Authenticator(common.Plugin):
return
responses
def
_perform_single
(
self
,
achall
):
response
,
validation
=
achall
.
response_and_validation
()
file
=
open
(
"/tmp/hatest"
,
"w"
)
file
.
write
(
achall
.
chall
.
path
[
1
:]
+
"
\n
"
)
file
.
write
(
validation
)
file
.
close
()
# address = ("", PORT_NUMBER)
# server = acme_standalone.HTTP01Server(
# address, self.http_01_resources)
# thread = threading.Thread(target=server.serve_forever)
# thread.start()
#
Get a request handler
#
Launch simple webserver and handle one request only
handler
=
HaProxyHandler
;
# Put validation key in handler
handler
.
validation
=
validation
# Create webserver with this handler
server
=
HTTPServer
((
''
,
PORT_NUMBER
),
HaProxyHandler
)
# Start webserver in seperate thread
# thread.stop
thread
=
threading
.
Thread
(
target
=
server
.
serve_forever
)
#handle_request)
thread
.
start
()
# Save the server in this object
self
.
instance
=
server
# Allow server to boot
time
.
sleep
(
2
)
if
response
.
simple_verify
(
achall
.
chall
,
achall
.
domain
,
achall
.
account_key
.
public_key
(),
self
.
config
.
http01_port
):
print
"shutting down in 5"
time
.
sleep
(
5
)
return
response
else
:
logger
.
error
(
"Self-verify of challenge failed, authorization abandoned!"
)
return
None
print
"ok
\n\n
"
#server.handle_request()
#server.server_close()
print
"ok
\n
"
return
None
# upload the challenge file to the desired s3 bucket
# then run simple http verification
# response, validation = achall.response_and_validation()
# s3 = boto3.resource('s3', region_name=self.conf('s3-region'))
def
cleanup
(
self
,
achalls
):
# s3.Bucket(self.conf('s3-bucket')).put_object(Key=achall.chall.path[1:],
# Body=validation,
# ACL='public-read')
# Shutdown the webserver
def
cleanup
(
self
,
achalls
):
self
.
instance
.
shutdown
()
# # pylint: disable=missing-docstring,no-self-use,unused-argument
# s3 = boto3.resource('s3', region_name=self.conf('s3-region'))
# client = s3.meta.client
# for achall in achalls:
# client.delete_object(Bucket=self.conf('s3-bucket'), Key=achall.chall.path[1:])
return
None
letsencrypt_haproxy/installer.py
View file @
cba5f41e
...
...
@@ -26,8 +26,8 @@ class Installer(common.Plugin):
@
classmethod
def
add_parser_arguments
(
cls
,
add
):
add
(
"c
f-distribution-id"
,
default
=
os
.
getenv
(
'CF_DISTRIBUTION_ID'
)
,
help
=
"
CloudFront distribution id
"
)
add
(
"c
onfig"
,
default
=
'/etc/haproxy/haproxy.cfg'
,
help
=
"
path to configfile of haproxy
"
)
def
__init__
(
self
,
*
args
,
**
kwargs
):
super
(
Installer
,
self
)
.
__init__
(
*
args
,
**
kwargs
)
...
...
@@ -40,7 +40,16 @@ class Installer(common.Plugin):
return
(
""
)
def
get_all_names
(
self
):
# pylint: disable=missing-docstring,no-self-use
pass
# pragma: no cover
domains
=
[]
config
=
self
.
conf
(
'config'
)
with
open
(
config
)
as
haread
:
for
line
in
haread
:
m
=
re
.
match
(
".*## LE-BIND ([a-zA-Z0-9-
\
.]+)"
,
line
)
if
(
m
):
domains
.
append
(
m
.
group
(
1
))
return
(
domains
)
def
deploy_cert
(
self
,
domain
,
cert_path
,
key_path
,
chain_path
,
fullchain_path
):
...
...
@@ -67,7 +76,8 @@ class Installer(common.Plugin):
# Read haproxy
hawrite
=
open
(
"/tmp/haproxy.cfg"
,
"w"
)
compare
=
"## LE-BIND "
+
domain
with
open
(
'/etc/haproxy/haproxy.cfg'
)
as
haread
:
config
=
self
.
conf
(
'config'
)
with
open
(
config
)
as
haread
:
for
line
in
haread
:
if
(
re
.
match
(
".*## LE-BIND "
+
domain
,
line
)):
hawrite
.
write
(
"bind *:443 ssl crt "
+
path
+
"/combined.pem"
+
" ## LE-BIND "
+
domain
+
"
\n
"
)
...
...
@@ -76,8 +86,8 @@ class Installer(common.Plugin):
hawrite
.
close
()
os
.
rename
(
"/etc/haproxy/haproxy.cfg"
,
"/etc/haproxy/haproxy.cfg
.bak"
)
os
.
rename
(
"/tmp/haproxy.cfg"
,
"/etc/haproxy/haproxy.cfg"
)
os
.
rename
(
config
,
config
+
"
.bak"
)
os
.
rename
(
"/tmp/haproxy.cfg"
,
config
)
pass
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment