capistrano-atlas 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: e28563de84ce8e0dd512f5afd7ef184a900062a0
4
- data.tar.gz: ae9cb829cc6e4a17cb2e05197bebea1910965001
3
+ metadata.gz: 4a8d4c7cbad489d8b3652d33acc3ee4e713b0ca0
4
+ data.tar.gz: 757d22dd39d29c691f90c798124f913a4b542afa
5
5
  SHA512:
6
- metadata.gz: b6238a118354c485e09aa165299c8ab8c7d2a89d0c1d05d36da2489439c1443ca7b10cc5aaad8c879e7568c1a4c8cc92900b9114e55a7b6e422f067a2c634b47
7
- data.tar.gz: db015623266443404f0bbc959695723851fc4b30a2055242a10bd06c9dfcb2aab7f781054cab3e25ed36cb25b1e6d97fc9bfd2a6deb0fe08a244b60903b6eec5
6
+ metadata.gz: 300aefc371c5ec8b5c336d5cac94a17aee52cdf1fc63bc63e52e6f60aefeab464060eb627ffb2e0933c8b553275107517ee0ca9cb78ae569305693247bf9926d
7
+ data.tar.gz: 6aab8ddf0b302b4dab3e57dfc4efdf9100bf584a3c5a8134fdb2c578a4b8d29c299d7b71c2613d1fb52b33abe74829e1c49a325d5b63604b4d259aaf37a993fd
data/README.md CHANGED
@@ -193,9 +193,7 @@ Check out my [rails-template][] project, which generates Rails applications with
193
193
 
194
194
  ## History
195
195
 
196
- This gem used to be called capistrano-fiftyfive, because it was initially built by [55 Minutes](http://55minutes.com) to automate its Rails deployments. I have since taken over ownership of the gem and renamed it to capistrano-atlas to avoid any confusion.
197
-
198
- If you are upgrading from `capistrano-fiftyfive`, refer to the [CHANGELOG entry for v0.22.0](CHANGELOG.md#0220-2015-06-22) for migration instructions.
196
+ This gem was forked from `capistrano-mb`.
199
197
 
200
198
  ## Contributing
201
199
 
@@ -1,5 +1,5 @@
1
1
  module Capistrano
2
2
  module Atlas
3
- VERSION = "0.1.0".freeze
3
+ VERSION = "0.1.1".freeze
4
4
  end
5
5
  end
@@ -54,6 +54,8 @@ namespace :load do
54
54
  set :atlas_nginx_force_https, false
55
55
  set :atlas_nginx_redirect_hosts, {}
56
56
 
57
+ ask :atlas_lets_encrypt_domain_name, "www.example.com"
58
+
57
59
  set :atlas_puma_threads, "0, 8"
58
60
  set :atlas_puma_workers, 2
59
61
  set :atlas_puma_timeout, 30
@@ -92,12 +94,6 @@ namespace :load do
92
94
  set :atlas_sidekiq_concurrency, 25
93
95
  set :atlas_sidekiq_role, :sidekiq
94
96
 
95
- ask :atlas_ssl_csr_country, "US"
96
- ask :atlas_ssl_csr_state, "California"
97
- ask :atlas_ssl_csr_city, "San Francisco"
98
- ask :atlas_ssl_csr_org, "Example Company"
99
- ask :atlas_ssl_csr_name, "www.example.com"
100
-
101
97
  # WARNING: misconfiguring firewall rules could lock you out of the server!
102
98
  set :atlas_ufw_rules,
103
99
  "allow ssh" => :all,
@@ -120,7 +116,6 @@ namespace :load do
120
116
  tmp/sockets
121
117
  public/.well-known
122
118
  public/system
123
- node_modules
124
119
  )
125
120
  }
126
121
  set :linked_files, -> {
@@ -1,57 +1,32 @@
1
1
  atlas_recipe :ssl do
2
2
  during :provision, "generate_dh"
3
- during :provision, "generate_self_signed_crt"
3
+ during :provision, "configure_lets_encrypt"
4
4
  end
5
5
 
6
6
  namespace :atlas do
7
7
  namespace :ssl do
8
- desc "Generate an SSL key and CSR for Ngnix HTTPS"
9
- task :generate_csr do
10
- _run_ssl_script
11
- _copy_to_all_web_servers(%w(.key .csr))
12
- end
13
-
14
- desc "Generate an SSL key, CSR, and self-signed cert for Ngnix HTTPS"
15
- task :generate_self_signed_crt do
16
- _run_ssl_script("--self")
17
- _copy_to_all_web_servers(%w(.key .csr .crt))
8
+ desc "Setup Let's Encrypt and get a free certificate"
9
+ task :configure_lets_encrypt do
10
+ privileged_on roles(:web) do
11
+ unless test("sudo [ -f /etc/ssl/#{application_basename}.crt ]")
12
+ execute :sudo, "mkdir -p /opt/certbot"
13
+ execute :sudo, "cd /opt/certbot/; wget https://dl.eff.org/certbot-auto; chmod a+x certbot-auto; "
14
+ execute :sudo, "/opt/certbot/certbot-auto certonly --agree-tos "\
15
+ "--email #{letsencrypt_email} --webroot "\
16
+ "-w #{current_path}/public "\
17
+ "-d #{fetch(:atlas_lets_encrypt_domain_name)}"
18
+ end
19
+ end
18
20
  end
19
21
 
20
22
  desc "Generate unique DH group"
21
23
  task :generate_dh do
22
24
  privileged_on roles(:web) do
23
25
  unless test("sudo [ -f /etc/ssl/dhparams.pem ]")
24
- execute :sudo, "openssl dhparam -out /etc/ssl/dhparams.pem 2048"
26
+ execute :sudo, "openssl dhparam -out /etc/ssl/dhparams.pem 2048 > /dev/null 2>&1"
25
27
  execute :sudo, "chmod 600 /etc/ssl/dhparams.pem"
26
28
  end
27
29
  end
28
30
  end
29
-
30
- def _run_ssl_script(opt="")
31
- privileged_on primary(:web) do
32
- files_exist = %w(.key .csr .crt).any? do |ext|
33
- test("sudo [ -f /etc/ssl/#{application_basename}#{ext} ]")
34
- end
35
-
36
- if files_exist
37
- info("Files exist; skipping SSL key generation.")
38
- else
39
- config = "/tmp/csr_config"
40
- ssl_script = "/tmp/ssl_script"
41
-
42
- template("csr_config.erb", config, :sudo => true)
43
- template("ssl_setup", ssl_script, :mode => "+x", :sudo => true)
44
-
45
- within "/etc/ssl" do
46
- execute :sudo, ssl_script, opt, application_basename, config
47
- execute :sudo, "rm", ssl_script, config
48
- end
49
- end
50
- end
51
- end
52
-
53
- def _copy_to_all_web_servers(extensions)
54
- # TODO
55
- end
56
31
  end
57
32
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: capistrano-atlas
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - John McDowall
@@ -100,7 +100,6 @@ files:
100
100
  - lib/capistrano/atlas/dsl.rb
101
101
  - lib/capistrano/atlas/recipe.rb
102
102
  - lib/capistrano/atlas/templates/crontab.erb
103
- - lib/capistrano/atlas/templates/csr_config.erb
104
103
  - lib/capistrano/atlas/templates/logrotate.erb
105
104
  - lib/capistrano/atlas/templates/maintenance.html.erb
106
105
  - lib/capistrano/atlas/templates/nginx.erb
@@ -111,7 +110,6 @@ files:
111
110
  - lib/capistrano/atlas/templates/puma_init.erb
112
111
  - lib/capistrano/atlas/templates/rbenv_bashrc
113
112
  - lib/capistrano/atlas/templates/sidekiq_init.erb
114
- - lib/capistrano/atlas/templates/ssl_setup
115
113
  - lib/capistrano/atlas/templates/version.rb.erb
116
114
  - lib/capistrano/atlas/version.rb
117
115
  - lib/capistrano/tasks/aptitude.rake
@@ -1,10 +0,0 @@
1
- [ req ]
2
- distinguished_name="req_distinguished_name"
3
- prompt="no"
4
-
5
- [ req_distinguished_name ]
6
- C="<%= fetch(:atlas_ssl_csr_country) %>"
7
- ST="<%= fetch(:atlas_ssl_csr_state) %>"
8
- L="<%= fetch(:atlas_ssl_csr_city) %>"
9
- O="<%= fetch(:atlas_ssl_csr_org) %>"
10
- CN="<%= fetch(:atlas_ssl_csr_name) %>"
@@ -1,43 +0,0 @@
1
- #!/bin/bash
2
-
3
- # Usage:
4
- #
5
- # ssl_setup [--self] <name> <csr_config>
6
- #
7
- # This script is used to generate key and CSR for use HTTPS in Nginx.
8
- #
9
- # --self Generate self-signed certificate in addition to key and CSR.
10
- # name Output files will be named as <name>.key and <name>.csr.
11
- # csr_config Path to file that specifies CSR information. See below.
12
- #
13
- # CSR configuration format:
14
- #
15
- # [ req ]
16
- # distinguished_name="req_distinguished_name"
17
- # prompt="no"
18
- #
19
- # [ req_distinguished_name ]
20
- # C="US"
21
- # ST="California"
22
- # L="San Francisco"
23
- # O="Example Company"
24
- # CN="www.example.com"
25
-
26
- if [[ $1 == --self ]]; then
27
- SELF_SIGN=1
28
- shift
29
- fi
30
-
31
- KEY_NAME=$1
32
- CSR_CONFIG=$2
33
-
34
- openssl req -config $CSR_CONFIG -new -newkey rsa:2048 -nodes -keyout ${KEY_NAME}.key -out ${KEY_NAME}.csr
35
- chmod 600 ${KEY_NAME}.key ${KEY_NAME}.csr
36
- echo "Created ${KEY_NAME}.key"
37
- echo "Created ${KEY_NAME}.csr"
38
-
39
- if [[ -n $SELF_SIGN ]]; then
40
- openssl x509 -req -days 365 -in ${KEY_NAME}.csr -signkey ${KEY_NAME}.key -out ${KEY_NAME}.crt
41
- chmod 600 ${KEY_NAME}.crt
42
- echo "Created ${KEY_NAME}.crt (self-signed)"
43
- fi