capistrano-lets-encrypt 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: f473171fd16aa1dce17e6fe5b6278a59b5170cba
+  data.tar.gz: af32bc3f5619c618c6ce81592aca906281d7cf82
+SHA512:
+  metadata.gz: e303e3709d463323c185860a08c3507c14aeb99411674e3c860fa80706b945b1314cab424348278bcf8447ff619da8505fa1f743339459aa7534146f48e3b0f9
+  data.tar.gz: 61e95f90349114548fb6d73a9bb3ba35fc5a912809ec4f7fcd8cd5cbaafbebfb0cce2c2a44eb7f6268e1579a48be2d536c7cd3106c1523fac44e778ae92285a6

data/.gitignore

@@ -0,0 +1 @@
+pkg/

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+gemspec
+
+gem 'pry'

data/LICENSE.txt

@@ -0,0 +1,21 @@
+Copyright (c) 2015 Platanus
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,101 @@
+# Capistrano::LetsEncrypt [![Gem Version](https://badge.fury.io/rb/capistrano-lets-encrypt.png)](http://badge.fury.io/rb/capistrano-lets-encrypt)
+
+Let's encrypt support for Capistrano 3.x
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'capistrano-lets-encrypt', '~> 1.0'
+    gem 'capistrano'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install capistrano-lets-encrypt
+
+## Usage
+
+Require in `Capfile` to use the default task:
+
+```ruby
+require 'capistrano/lets-encrypt'
+```
+
+You will get the following tasks
+
+```ruby
+cap delayed_job:start                    # Start delayed_job service
+cap delayed_job:stop                     # Stop delayed_job service
+cap delayed_job:restart                  # Restart delayed_job service
+```
+
+Configurable options (copy into deploy.rb), shown here with examples:
+
+```ruby
+# Number of delayed_job workers
+# default value: 1
+set :delayed_job_workers, 2
+
+# String to be prefixed to worker process names
+# This feature allows a prefix name to be placed in front of the process.
+# For example:  reports/delayed_job.0  instead of just delayed_job.0
+set :delayed_job_prefix, :reports               
+
+# Delayed_job queue or queues
+# Set the --queue or --queues option to work from a particular queue.
+# default value: nil
+set :delayed_job_queues, ['mailer','tracking']
+
+# Specify different pools
+# You can use this option multiple times to start different numbers of workers for different queues.
+# default value: nil
+set :delayed_job_pools, {
+    :mailer => 2,
+    :tracking => 1,
+    :* => 2
+}
+
+# Set the roles where the delayed_job process should be started
+# default value: :app
+set :delayed_job_roles, [:app, :background]
+
+# Set the location of the delayed_job executable
+# Can be relative to the release_path or absolute
+# default value 'bin'
+set :delayed_job_bin_path, 'script' # for rails 3.x
+
+### Set the location of the delayed_job logfile
+set :delayed_log_dir, 'path_to_logfile'
+```
+
+It also adds the following hook
+
+```ruby
+after 'deploy:published', 'restart' do
+    invoke 'delayed_job:restart'
+end
+```
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request
+
+## Credits
+
+Thank you [contributors](https://github.com/platanus/guides/graphs/contributors)!
+
+<img src="http://platan.us/gravatar_with_text.png" alt="Platanus" width="250"/>
+
+capistrano-lets-encrypt is maintained by [platanus](http://platan.us).
+
+## License
+
+Guides is © 2014 platanus, spa. It is free software and may be redistributed under the terms specified in the LICENSE file.

data/Rakefile

@@ -0,0 +1,2 @@
+require "bundler/gem_tasks"
+

data/capistrano-lets-encrypt.gemspec

@@ -0,0 +1,24 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+
+Gem::Specification.new do |spec|
+  spec.name          = "capistrano-lets-encrypt"
+  spec.version       = "0.1.0"
+  spec.authors       = ["Juan Ignacio Donoso"]
+  spec.email         = ["juan.ignacio@platan.us"]
+  spec.summary       = %q{Adds support for let's encrypt to Capistrano 3.x}
+  spec.description   = %q{Adds support for let's encrypt to Capistrano 3.x}
+  spec.homepage      = ""
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency 'capistrano', '>= 3.0.0'
+  spec.add_dependency 'letsencrypt-cli', '>= 0.1.4'
+
+  spec.add_development_dependency "rake", "~> 10.0"
+end

data/lib/capistrano/lets-encrypt.rb

@@ -0,0 +1 @@
+load File.expand_path('../tasks/lets-encrypt.rake', __FILE__)

data/lib/capistrano/tasks/lets-encrypt.rake

@@ -0,0 +1,190 @@
+require 'openssl'
+require 'letsencrypt/cli/acme_wrapper'
+
+namespace :lets_encrypt do
+
+  desc 'Register Let\' Encrypt account with email'
+  task :register do
+    email = fetch(:lets_encrypt_email)
+    if email.nil? || email == ""
+      wrapper.log "no E-Mail specified!", :fatal
+      exit 1
+    end
+    if !email[/.*@.*/]
+      wrapper.log "not an email", :fatal
+      exit 1
+    end
+    registration = client.register(contact: "mailto:" + email)
+    registration.agree_terms
+    wrapper.log "Account created, Terms accepted"
+  end
+
+  desc 'Check if the certificate are valid'
+  task :check_certificate do
+    on roles(fetch(:lets_encrypt_roles)) do
+      check_certificate
+    end
+  end
+
+  desc 'Authorize the domain using the ACME challenge'
+  task :authorize do
+    on roles(fetch(:lets_encrypt_roles), select: :primary) do
+      unless check_certificate
+        domains.each do |domain|
+          authorize(domain)
+        end
+      end
+    end
+  end
+
+  desc "create certificate and private key pair for domains. The first domain is the main CN domain"
+  task :cert do
+    cert(domains)
+    on roles(fetch(:lets_encrypt_roles)) do
+      domains.each do |domain|
+        upload_certs domain
+      end
+    end
+  end
+
+  # On server methods
+
+  def check_certificate
+    if test("[ -f #{certificate_path} ]")
+      temp_path = "/tmp/#{primary_domain}.cert.pem"
+      download! certificate_path, temp_path
+      wrapper.check_certificate(temp_path)
+    else
+      wrapper.log "No certificate found"
+      false
+    end
+  end
+
+  def authorize(domain)
+    wrapper.log "Authorizing #{domain.blue}."
+    authorization = client.authorize(domain: domain)
+
+    challenge = authorization.http01
+    challenge_public_path = fetch(:lets_encrypt_challenge_public_path)
+    challenge_path = File.join(challenge_public_path, File.dirname(challenge.filename))
+    challenge_file_path = File.join(challenge_public_path, challenge.filename)
+    execute :mkdir, '-pv', challenge_path
+
+    wrapper.log "Writing challenge to #{challenge_file_path}", :debug
+
+    execute :echo, "\"#{challenge.file_content}\" > #{challenge_file_path}"
+
+    challenge.request_verification
+
+    5.times do
+      wrapper.log "Checking verification...", :debug
+      sleep 1
+      break if challenge.verify_status != 'pending'
+    end
+    if challenge.verify_status == 'valid'
+      wrapper.log "Authorization successful for #{domain.green}"
+      execute :rm, '-f', challenge_file_path
+      true
+    else
+      wrapper.log "Authorization error for #{domain.red}", :error
+      wrapper.log challenge.error['detail']
+      false
+    end
+  end
+
+  def cert(domains)
+    domains.each do |domain|
+      FileUtils.mkdir_p(local_out_path(domain))
+    end
+    wrapper.cert(domains)
+  end
+
+  def upload_certs(domain)
+    execute :mkdir, '-pv', "#{fetch(:lets_encrypt_output_path)}/#{domain}"
+    upload! local_private_key_path, private_key_path
+    upload! local_fullchain_path, fullchain_path
+    upload! local_certificate_path, certificate_path
+    upload! local_chain_path, chain_path
+  end
+
+  # Helpers
+  def certificate_path(domain = primary_domain)
+    File.join(fetch(:lets_encrypt_output_path), domain, "cert.pem")
+  end
+
+  def chain_path(domain = primary_domain)
+    File.join(fetch(:lets_encrypt_output_path), domain, "chain.pem")
+  end
+
+  def fullchain_path(domain = primary_domain)
+    File.join(fetch(:lets_encrypt_output_path), domain, "fullchain.pem")
+  end
+
+  def private_key_path(domain = primary_domain)
+    File.join(fetch(:lets_encrypt_output_path), domain, "key.pem")
+  end
+
+  def local_certificate_path(domain = primary_domain)
+    File.join(local_out_path(domain), "cert.pem")
+  end
+
+  def local_chain_path(domain = primary_domain)
+    File.join(local_out_path(domain), "chain.pem")
+  end
+
+  def local_fullchain_path(domain = primary_domain)
+    File.join(local_out_path(domain), "fullchain.pem")
+  end
+
+  def local_private_key_path(domain = primary_domain)
+    File.join(local_out_path(domain), "key.pem")
+  end
+
+  def local_out_path(domain = primary_domain)
+    File.join(File.expand_path(fetch(:lets_encrypt_local_output_path)), domain)
+  end
+
+  def domains
+    fetch(:lets_encrypt_domains).split(" ")
+  end
+
+  def primary_domain
+    domains.first
+  end
+
+  def wrapper
+    @wrapper ||= AcmeWrapper.new(options)
+  end
+
+  def options
+    @options ||= {
+      account_key: fetch(:lets_encrypt_account_key),
+      test: fetch(:lets_encrypt_test),
+      log_level: "info",
+      color: true,
+      days_valid: fetch(:lets_encrypt_days_valid),
+      private_key_path: local_private_key_path,
+      fullchain_path: local_fullchain_path,
+      certificate_path: local_certificate_path,
+      chain_path: local_chain_path,
+    }
+  end
+
+  def client
+    @client ||= wrapper.client
+  end
+end
+
+namespace :load do
+  task :defaults do
+    set :lets_encrypt_roles,                 -> { :web }
+    set :lets_encrypt_test,                  -> { false }
+    set :lets_encrypt_email,                 -> { nil }
+    set :lets_encrypt_domains,               -> { nil }
+    set :lets_encrypt_challenge_public_path, -> { "#{release_path}/public" }
+    set :lets_encrypt_output_path,           -> { "#{shared_path}/ssl/certs" }
+    set :lets_encrypt_account_key,           -> { "#{fetch(:lets_encrypt_email)}.account_key.pem" }
+    set :lets_encrypt_days_valid,            -> { 30 }
+    set :lets_encrypt_local_output_path,     -> { "~/certs" }
+  end
+end

metadata

@@ -0,0 +1,96 @@
+--- !ruby/object:Gem::Specification
+name: capistrano-lets-encrypt
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Juan Ignacio Donoso
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-12-24 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: capistrano
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+- !ruby/object:Gem::Dependency
+  name: letsencrypt-cli
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 0.1.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 0.1.4
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '10.0'
+description: Adds support for let's encrypt to Capistrano 3.x
+email:
+- juan.ignacio@platan.us
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- capistrano-lets-encrypt.gemspec
+- lib/capistrano-lets-encrypt.rb
+- lib/capistrano/lets-encrypt.rb
+- lib/capistrano/tasks/lets-encrypt.rake
+homepage: ''
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.8
+signing_key: 
+specification_version: 4
+summary: Adds support for let's encrypt to Capistrano 3.x
+test_files: []
+has_rdoc: