apartment_acme_client 0.0.1

data/lib/apartment_acme_client/nginx_configuration/proxy.rb

@@ -0,0 +1,13 @@
+module ApartmentAcmeClient
+  module NginxConfiguration
+    class Proxy
+      def self.singleton
+        base_class.new
+      end
+
+      def self.base_class
+        ApartmentAcmeClient.nginx_configuration_class || NginxConfiguration::Real
+      end
+    end
+  end
+end

data/lib/apartment_acme_client/nginx_configuration/real.rb

@@ -0,0 +1,128 @@
+require "erb"
+
+module ApartmentAcmeClient
+  module NginxConfiguration
+    class Real
+      # do we have a certificate on this server?
+      # We cannot start nginx when it is pointing at a non-existing certificate,
+      # so we need to check
+      def self.update_nginx(cert_exists:, base_domain:)
+        template = new(include_ssl: cert_exists, base_domain: base_domain).filled_template
+
+        tempfile = Tempfile.new('nginx_config')
+        raise "Path Error" unless template
+
+        begin
+          tempfile.write(template)
+          tempfile.flush
+
+          ApartmentAcmeClient::FileManipulation::Proxy.singleton.copy_file(tempfile.path.to_s, ApartmentAcmeClient.nginx_config_path)
+          ApartmentAcmeClient::FileManipulation::Proxy.singleton.restart_service("nginx")
+        ensure
+          tempfile.close
+          tempfile.unlink
+        end
+      end
+
+      def initialize(options = {})
+        @options = default_options.merge(options)
+      end
+
+      def filled_template
+        return nil unless check_configuration
+        fill_template(read_template, @options)
+      end
+
+
+      def default_options
+        result = {}
+        result[:public_folder] = ApartmentAcmeClient.public_folder
+        result[:socket_path] = ApartmentAcmeClient.socket_path
+        result[:include_ssl] = false
+        result[:cert_prefix] = ApartmentAcmeClient::CertificateStorage::TEST_PREFIX if ApartmentAcmeClient.lets_encrypt_test_server_enabled
+        result[:certificate_storage_folder] = ApartmentAcmeClient.certificate_storage_folder
+        result
+      end
+
+      def check_configuration
+        unless File.exist?(@options[:public_folder])
+          puts "Webroot path #{@options[:public_folder]} Not found"
+          return false
+        end
+
+        true
+      end
+
+      def read_template
+        default_template
+      end
+
+      def default_template
+        <<~THE_END
+        #
+        # A virtual host using mix of IP-, name-, and port-based configuration
+        #
+
+        upstream app {
+            # Path to Unicorn SOCK file, as defined previously
+            server unix:<%= options[:socket_path] %> fail_timeout=0;
+        }
+
+        server {
+
+            # FOR HTTP
+            listen 80;
+
+            gzip on;
+
+            # Application root, as defined previously
+            root <%= options[:public_folder] %>;
+            server_name  <%= options[:base_domain] %> *.<%= options[:base_domain] %>;
+
+            try_files $uri/index.html $uri @app;
+
+            location @app {
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                proxy_set_header Host $http_host;
+                proxy_redirect off;
+                proxy_pass http://app;
+            }
+
+            error_page 500 502 503 504 /500.html;
+            client_max_body_size 4G;
+            keepalive_timeout 10;
+
+            # BELOW THIS LINE FOR HTTPS
+            <% if options[:include_ssl] %>
+            listen 443 default_server ssl;
+
+            # The following should be enabled once everything is SSL
+            # ssl on;
+
+            ssl_certificate <%= options[:certificate_storage_folder] %>/<%= options[:cert_prefix] %>cert.pem;
+            ssl_certificate_key <%= options[:certificate_storage_folder] %>/<%= options[:cert_prefix] %>privkey.pem;
+
+            ssl_stapling on;
+            ssl_stapling_verify on;
+            ssl_trusted_certificate <%= options[:certificate_storage_folder] %>/<%= options[:cert_prefix] %>fullchain.pem;
+
+            ssl_session_timeout 5m;
+            <% end %>
+        }
+        THE_END
+      end
+
+      def fill_template(template, options)
+
+        # scope defined for use in binding to ERB
+        def opts(options)
+          options
+          binding
+        end
+        # binds to current class
+        # uses 'options' in the template
+        ERB.new(template).result(opts(options))
+      end
+    end
+  end
+end

data/lib/apartment_acme_client/railtie.rb

@@ -0,0 +1,8 @@
+module ApartmentAcmeClient
+  class Railtie < Rails::Railtie
+    # rake_tasks do
+    #   spec = Gem::Specification.find_by_name 'apartment_acme_client'
+    #   load "#{spec.gem_dir}/lib/tasks/encryption.rake"
+    # end
+  end
+end

data/lib/apartment_acme_client/renewal_service.rb

@@ -0,0 +1,22 @@
+module ApartmentAcmeClient
+  class RenewalService
+    def self.run!
+
+      good_domains, rejected_domains = ApartmentAcmeClient::DomainChecker.new.accessible_domains
+      puts "All domains to be requested: #{good_domains}, invalid domains: #{rejected_domains}"
+
+      domains = ApartmentAcmeClient::Encryption.new.authorize_domains(good_domains)
+      puts "authorized-domains list: #{domains}"
+
+      common_name = ApartmentAcmeClient.common_name ? ApartmentAcmeClient.common_name : good_domains.first
+      certificate = ApartmentAcmeClient::Encryption.new.request_certificate(common_name: common_name, domains: domains)
+
+      ApartmentAcmeClient::CertificateStorage::Proxy.singleton.store_certificate(certificate)
+
+      puts "Restarting nginx with new certificate"
+      ApartmentAcmeClient::FileManipulation::Proxy.singleton.restart_service("nginx")
+
+      puts "done."
+    end
+  end
+end

data/lib/apartment_acme_client/version.rb

@@ -0,0 +1,3 @@
+module ApartmentAcmeClient
+  VERSION = '0.0.1'
+end

data/lib/tasks/encryption.rake

@@ -0,0 +1,21 @@
+namespace :encryption do
+  desc "Register a LetsEncrypt Client, create an open SSL key on S3 bucket"
+  task :create_crypto_client, [:email] => :environment do |_t, args|
+    ApartmentAcmeClient::Encryption.new.register_new(args[:email])
+    puts "done."
+  end
+
+  desc "Authorize all domains and request new certificate"
+  task renew_and_update_certificate: :environment do
+    ApartmentAcmeClient::RenewalService.run!
+  end
+
+  desc "Update the nginx_configuration"
+  task update_nginx_config: :environment do
+    puts "updating nginx configuration"
+    ssl_enabled = ApartmentAcmeClient::CertificateStorage::Proxy.singleton.cert_exists?
+    base_domain = ApartmentAcmeClient.common_name
+    ApartmentAcmeClient::NginxConfiguration::Proxy.base_class.update_nginx(cert_exists: ssl_enabled, base_domain: base_domain)
+    puts "done."
+  end
+end

metadata

@@ -0,0 +1,208 @@
+--- !ruby/object:Gem::Specification
+name: apartment_acme_client
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Robin Dunlop
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2017-11-12 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.1.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.1.0
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '5.2'
+- !ruby/object:Gem::Dependency
+  name: acme-client
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.3.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.3.1
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-s3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.15'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.15'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Manage/renew Let's Encrypt SSL Certificates for sites which respond to
+  many different domains
+email:
+- robin@dunlopweb.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- app/assets/config/apartment_acme_client_manifest.js
+- app/assets/javascripts/apartment_acme_client/application.js
+- app/assets/stylesheets/apartment_acme_client/application.css
+- app/controllers/apartment_acme_client/application_controller.rb
+- app/controllers/apartment_acme_client/verifications_controller.rb
+- app/helpers/apartment_acme_client/application_helper.rb
+- app/jobs/apartment_acme_client/application_job.rb
+- app/mailers/apartment_acme_client/application_mailer.rb
+- app/models/apartment_acme_client/application_record.rb
+- app/models/apartment_acme_client/verifier.rb
+- app/views/layouts/apartment_acme_client/application.html.erb
+- config/routes.rb
+- lib/apartment_acme_client.rb
+- lib/apartment_acme_client/acme_client/proxy.rb
+- lib/apartment_acme_client/acme_client/real_client.rb
+- lib/apartment_acme_client/certificate_storage/proxy.rb
+- lib/apartment_acme_client/certificate_storage/s3.rb
+- lib/apartment_acme_client/domain_checker.rb
+- lib/apartment_acme_client/encryption.rb
+- lib/apartment_acme_client/engine.rb
+- lib/apartment_acme_client/file_manipulation/proxy.rb
+- lib/apartment_acme_client/file_manipulation/real.rb
+- lib/apartment_acme_client/nginx_configuration/proxy.rb
+- lib/apartment_acme_client/nginx_configuration/real.rb
+- lib/apartment_acme_client/railtie.rb
+- lib/apartment_acme_client/renewal_service.rb
+- lib/apartment_acme_client/version.rb
+- lib/tasks/encryption.rake
+homepage: https://github.com/rdunlop/apartment_acme_client
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.13
+signing_key: 
+specification_version: 4
+summary: Let's Encrypt interface for Multi-tenancy applications (like Apartment)
+test_files: []