capistrano-atlas 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4a8d4c7cbad489d8b3652d33acc3ee4e713b0ca0
|
4
|
+
data.tar.gz: 757d22dd39d29c691f90c798124f913a4b542afa
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 300aefc371c5ec8b5c336d5cac94a17aee52cdf1fc63bc63e52e6f60aefeab464060eb627ffb2e0933c8b553275107517ee0ca9cb78ae569305693247bf9926d
|
7
|
+
data.tar.gz: 6aab8ddf0b302b4dab3e57dfc4efdf9100bf584a3c5a8134fdb2c578a4b8d29c299d7b71c2613d1fb52b33abe74829e1c49a325d5b63604b4d259aaf37a993fd
|
data/README.md
CHANGED
@@ -193,9 +193,7 @@ Check out my [rails-template][] project, which generates Rails applications with
|
|
193
193
|
|
194
194
|
## History
|
195
195
|
|
196
|
-
This gem
|
197
|
-
|
198
|
-
If you are upgrading from `capistrano-fiftyfive`, refer to the [CHANGELOG entry for v0.22.0](CHANGELOG.md#0220-2015-06-22) for migration instructions.
|
196
|
+
This gem was forked from `capistrano-mb`.
|
199
197
|
|
200
198
|
## Contributing
|
201
199
|
|
@@ -54,6 +54,8 @@ namespace :load do
|
|
54
54
|
set :atlas_nginx_force_https, false
|
55
55
|
set :atlas_nginx_redirect_hosts, {}
|
56
56
|
|
57
|
+
ask :atlas_lets_encrypt_domain_name, "www.example.com"
|
58
|
+
|
57
59
|
set :atlas_puma_threads, "0, 8"
|
58
60
|
set :atlas_puma_workers, 2
|
59
61
|
set :atlas_puma_timeout, 30
|
@@ -92,12 +94,6 @@ namespace :load do
|
|
92
94
|
set :atlas_sidekiq_concurrency, 25
|
93
95
|
set :atlas_sidekiq_role, :sidekiq
|
94
96
|
|
95
|
-
ask :atlas_ssl_csr_country, "US"
|
96
|
-
ask :atlas_ssl_csr_state, "California"
|
97
|
-
ask :atlas_ssl_csr_city, "San Francisco"
|
98
|
-
ask :atlas_ssl_csr_org, "Example Company"
|
99
|
-
ask :atlas_ssl_csr_name, "www.example.com"
|
100
|
-
|
101
97
|
# WARNING: misconfiguring firewall rules could lock you out of the server!
|
102
98
|
set :atlas_ufw_rules,
|
103
99
|
"allow ssh" => :all,
|
@@ -120,7 +116,6 @@ namespace :load do
|
|
120
116
|
tmp/sockets
|
121
117
|
public/.well-known
|
122
118
|
public/system
|
123
|
-
node_modules
|
124
119
|
)
|
125
120
|
}
|
126
121
|
set :linked_files, -> {
|
@@ -1,57 +1,32 @@
|
|
1
1
|
atlas_recipe :ssl do
|
2
2
|
during :provision, "generate_dh"
|
3
|
-
during :provision, "
|
3
|
+
during :provision, "configure_lets_encrypt"
|
4
4
|
end
|
5
5
|
|
6
6
|
namespace :atlas do
|
7
7
|
namespace :ssl do
|
8
|
-
desc "
|
9
|
-
task :
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
8
|
+
desc "Setup Let's Encrypt and get a free certificate"
|
9
|
+
task :configure_lets_encrypt do
|
10
|
+
privileged_on roles(:web) do
|
11
|
+
unless test("sudo [ -f /etc/ssl/#{application_basename}.crt ]")
|
12
|
+
execute :sudo, "mkdir -p /opt/certbot"
|
13
|
+
execute :sudo, "cd /opt/certbot/; wget https://dl.eff.org/certbot-auto; chmod a+x certbot-auto; "
|
14
|
+
execute :sudo, "/opt/certbot/certbot-auto certonly --agree-tos "\
|
15
|
+
"--email #{letsencrypt_email} --webroot "\
|
16
|
+
"-w #{current_path}/public "\
|
17
|
+
"-d #{fetch(:atlas_lets_encrypt_domain_name)}"
|
18
|
+
end
|
19
|
+
end
|
18
20
|
end
|
19
21
|
|
20
22
|
desc "Generate unique DH group"
|
21
23
|
task :generate_dh do
|
22
24
|
privileged_on roles(:web) do
|
23
25
|
unless test("sudo [ -f /etc/ssl/dhparams.pem ]")
|
24
|
-
execute :sudo, "openssl dhparam -out /etc/ssl/dhparams.pem 2048"
|
26
|
+
execute :sudo, "openssl dhparam -out /etc/ssl/dhparams.pem 2048 > /dev/null 2>&1"
|
25
27
|
execute :sudo, "chmod 600 /etc/ssl/dhparams.pem"
|
26
28
|
end
|
27
29
|
end
|
28
30
|
end
|
29
|
-
|
30
|
-
def _run_ssl_script(opt="")
|
31
|
-
privileged_on primary(:web) do
|
32
|
-
files_exist = %w(.key .csr .crt).any? do |ext|
|
33
|
-
test("sudo [ -f /etc/ssl/#{application_basename}#{ext} ]")
|
34
|
-
end
|
35
|
-
|
36
|
-
if files_exist
|
37
|
-
info("Files exist; skipping SSL key generation.")
|
38
|
-
else
|
39
|
-
config = "/tmp/csr_config"
|
40
|
-
ssl_script = "/tmp/ssl_script"
|
41
|
-
|
42
|
-
template("csr_config.erb", config, :sudo => true)
|
43
|
-
template("ssl_setup", ssl_script, :mode => "+x", :sudo => true)
|
44
|
-
|
45
|
-
within "/etc/ssl" do
|
46
|
-
execute :sudo, ssl_script, opt, application_basename, config
|
47
|
-
execute :sudo, "rm", ssl_script, config
|
48
|
-
end
|
49
|
-
end
|
50
|
-
end
|
51
|
-
end
|
52
|
-
|
53
|
-
def _copy_to_all_web_servers(extensions)
|
54
|
-
# TODO
|
55
|
-
end
|
56
31
|
end
|
57
32
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: capistrano-atlas
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- John McDowall
|
@@ -100,7 +100,6 @@ files:
|
|
100
100
|
- lib/capistrano/atlas/dsl.rb
|
101
101
|
- lib/capistrano/atlas/recipe.rb
|
102
102
|
- lib/capistrano/atlas/templates/crontab.erb
|
103
|
-
- lib/capistrano/atlas/templates/csr_config.erb
|
104
103
|
- lib/capistrano/atlas/templates/logrotate.erb
|
105
104
|
- lib/capistrano/atlas/templates/maintenance.html.erb
|
106
105
|
- lib/capistrano/atlas/templates/nginx.erb
|
@@ -111,7 +110,6 @@ files:
|
|
111
110
|
- lib/capistrano/atlas/templates/puma_init.erb
|
112
111
|
- lib/capistrano/atlas/templates/rbenv_bashrc
|
113
112
|
- lib/capistrano/atlas/templates/sidekiq_init.erb
|
114
|
-
- lib/capistrano/atlas/templates/ssl_setup
|
115
113
|
- lib/capistrano/atlas/templates/version.rb.erb
|
116
114
|
- lib/capistrano/atlas/version.rb
|
117
115
|
- lib/capistrano/tasks/aptitude.rake
|
@@ -1,10 +0,0 @@
|
|
1
|
-
[ req ]
|
2
|
-
distinguished_name="req_distinguished_name"
|
3
|
-
prompt="no"
|
4
|
-
|
5
|
-
[ req_distinguished_name ]
|
6
|
-
C="<%= fetch(:atlas_ssl_csr_country) %>"
|
7
|
-
ST="<%= fetch(:atlas_ssl_csr_state) %>"
|
8
|
-
L="<%= fetch(:atlas_ssl_csr_city) %>"
|
9
|
-
O="<%= fetch(:atlas_ssl_csr_org) %>"
|
10
|
-
CN="<%= fetch(:atlas_ssl_csr_name) %>"
|
@@ -1,43 +0,0 @@
|
|
1
|
-
#!/bin/bash
|
2
|
-
|
3
|
-
# Usage:
|
4
|
-
#
|
5
|
-
# ssl_setup [--self] <name> <csr_config>
|
6
|
-
#
|
7
|
-
# This script is used to generate key and CSR for use HTTPS in Nginx.
|
8
|
-
#
|
9
|
-
# --self Generate self-signed certificate in addition to key and CSR.
|
10
|
-
# name Output files will be named as <name>.key and <name>.csr.
|
11
|
-
# csr_config Path to file that specifies CSR information. See below.
|
12
|
-
#
|
13
|
-
# CSR configuration format:
|
14
|
-
#
|
15
|
-
# [ req ]
|
16
|
-
# distinguished_name="req_distinguished_name"
|
17
|
-
# prompt="no"
|
18
|
-
#
|
19
|
-
# [ req_distinguished_name ]
|
20
|
-
# C="US"
|
21
|
-
# ST="California"
|
22
|
-
# L="San Francisco"
|
23
|
-
# O="Example Company"
|
24
|
-
# CN="www.example.com"
|
25
|
-
|
26
|
-
if [[ $1 == --self ]]; then
|
27
|
-
SELF_SIGN=1
|
28
|
-
shift
|
29
|
-
fi
|
30
|
-
|
31
|
-
KEY_NAME=$1
|
32
|
-
CSR_CONFIG=$2
|
33
|
-
|
34
|
-
openssl req -config $CSR_CONFIG -new -newkey rsa:2048 -nodes -keyout ${KEY_NAME}.key -out ${KEY_NAME}.csr
|
35
|
-
chmod 600 ${KEY_NAME}.key ${KEY_NAME}.csr
|
36
|
-
echo "Created ${KEY_NAME}.key"
|
37
|
-
echo "Created ${KEY_NAME}.csr"
|
38
|
-
|
39
|
-
if [[ -n $SELF_SIGN ]]; then
|
40
|
-
openssl x509 -req -days 365 -in ${KEY_NAME}.csr -signkey ${KEY_NAME}.key -out ${KEY_NAME}.crt
|
41
|
-
chmod 600 ${KEY_NAME}.crt
|
42
|
-
echo "Created ${KEY_NAME}.crt (self-signed)"
|
43
|
-
fi
|