capistrano-lets-encrypt 0.2.0 → 0.3.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +25 -9
  3. data/capistrano-lets-encrypt.gemspec +1 -1
  4. data/lib/capistrano/tasks/lets-encrypt.rake +50 -29
  5. metadata +12 -13
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 90da1a49714e482b35e657c3224aec74936e259a
4
- data.tar.gz: 328392b3bec296ed09b6a37444d04c378dbf760a
3
+ metadata.gz: de66e730ca0dcec1a728877a7f32043b749d5791
4
+ data.tar.gz: be723601fc953f0aa0598b01b323949f1519f59f
5
5
  SHA512:
6
- metadata.gz: 9814cac7056f473ec0f840277ad14b8387a9156743a1ad8b87c26df2dad5cd691f8318666ac40fcf6278631887f15a337c95b6f768563e911f8a6484acd0e183
7
- data.tar.gz: 2c9c2fdcba8fc3a44c0406841d3d95b220111e47f422cb69e18fd3856d6662366f42278d84a1a4bb2d2debad438dc3cc77455f60525e8bebabb05aa3a4a3e3f8
6
+ metadata.gz: bb1a2c4e7fb237c2d1bcabff6baa9946ce75f66dbfdae6262567c2bddf862b342e016e9923ccca18944ee72800e939cec0e36f820c16bd3fa480a598419fcf2d
7
+ data.tar.gz: ef87c42ba5ef686a4d86e7fd4eaaf61a3a45d38d41f642ad12eb0feefbc5f70da43d8de1a1730431871cc086c54b1795024b7f84d41ed9f9a0358eb76443333c
data/README.md CHANGED
@@ -4,7 +4,7 @@ Let's encrypt support for Capistrano 3.x
4
4
 
5
5
  Thanks to @unixcharles and @zealot128 for their libraries,
6
6
  [acme-client](https://github.com/unixcharles/acme-client/) and
7
- [letsencrypt-cli](https://github.com/zealot128/ruby-letsencrypt-cli) to manage
7
+ [letsencrypt-cli](https://github.com/zealot128/ruby-letsencrypt-cli) for managing
8
8
  part of the workflow to work with Let's encrypt. This library use both to create
9
9
  a series of capistrano tasks that should help you create certs on your projects
10
10
  deployed with capistrano
@@ -13,7 +13,7 @@ deployed with capistrano
13
13
 
14
14
  Add this line to your application's Gemfile:
15
15
 
16
- gem 'capistrano-lets-encrypt', '~> 1.0'
16
+ gem 'capistrano-lets-encrypt'
17
17
  gem 'capistrano'
18
18
 
19
19
  And then execute:
@@ -44,32 +44,48 @@ cap lets_encrypt:cert # Create certificates and private keys
44
44
  Configurable options (copy into deploy.rb), shown here with examples:
45
45
 
46
46
  ```ruby
47
+ # Set the roles where the let's encrypt process should be started
48
+ # Be sure at least one server has primary: true
47
49
  # default value: :web
48
50
  set :lets_encrypt_roles, :lets_encrypt
49
51
 
52
+ # Optionally set the user to use when installing on the remote system
53
+ # default value: nil
54
+ set :lets_encrypt_user, nil
55
+
56
+ # Set it to true to use let's encrypt staging servers
50
57
  # default value: false
51
58
  set :lets_encrypt_test, true
52
59
 
60
+ # Set your let's encrypt account email (required)
61
+ # The account will be created if no private key match
53
62
  # default value: nil
54
63
  set :lets_encrypt_email, nil
55
64
 
65
+ # Set the path to your let's encrypt account private key
66
+ # default value: "#{fetch(:lets_encrypt_email)}.account_key.pem"
67
+ set :lets_encrypt_account_key, "#{fetch(:lets_encrypt_email)}.account_key.pem"
68
+
69
+ # Set the domains you want to register (required)
70
+ # This must be a string of one or more domains separated a space - e.g. "example.com example2.com"
56
71
  # default value: nil
57
72
  set :lets_encrypt_domains, nil
58
73
 
74
+ # Set the path from where you are serving your static assets
59
75
  # default value: "#{release_path}/public"
60
76
  set :lets_encrypt_challenge_public_path, "#{release_path}/public"
61
77
 
78
+ # Set the path where the new certs are going to be saved
62
79
  # default value: "#{shared_path}/ssl/certs"
63
80
  set :lets_encrypt_output_path, "#{shared_path}/ssl/certs"
64
81
 
65
- # default value: "#{fetch(:lets_encrypt_email)}.account_key.pem"
66
- set :lets_encrypt_account_key, "#{fetch(:lets_encrypt_email)}.account_key.pem"
67
-
68
- # default value: 30
69
- set :lets_encrypt_days_valid, 30
70
-
82
+ # Set the local path where the certs will be saved
71
83
  # default value: "~/certs"
72
84
  set :lets_encrypt_local_output_path, "~/certs"
85
+
86
+ # Set the minimum time that the cert should be valid
87
+ # default value: 30
88
+ set :lets_encrypt_days_valid, 15
73
89
  ```
74
90
 
75
91
  ## Requirements
@@ -86,7 +102,7 @@ This tool needs Ruby >= 2.1 (as the dependency acme-client needs that because of
86
102
 
87
103
  ## Credits
88
104
 
89
- Thank you [contributors](https://github.com/platanus/capistran-lets-encrypt/graphs/contributors)!
105
+ Thank you [contributors](https://github.com/platanus/capistrano-lets-encrypt/graphs/contributors)!
90
106
 
91
107
  <img src="http://platan.us/gravatar_with_text.png" alt="Platanus" width="250"/>
92
108
 
data/capistrano-lets-encrypt.gemspec CHANGED
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
4
 
5
5
  Gem::Specification.new do |spec|
6
6
  spec.name = "capistrano-lets-encrypt"
7
- spec.version = "0.2.0"
7
+ spec.version = "0.3.0"
8
8
  spec.authors = ["Juan Ignacio Donoso"]
9
9
  spec.email = ["juan.ignacio@platan.us"]
10
10
  spec.summary = %q{Adds support for let's encrypt to Capistrano 3.x}
data/lib/capistrano/tasks/lets-encrypt.rake CHANGED
@@ -1,5 +1,6 @@
1
1
  require 'openssl'
2
2
  require 'letsencrypt/cli/acme_wrapper'
3
+ require 'colorize'
3
4
 
4
5
  namespace :lets_encrypt do
5
6
 
@@ -61,34 +62,36 @@ namespace :lets_encrypt do
61
62
  end
62
63
 
63
64
  def authorize(domain)
64
- wrapper.log "Authorizing #{domain.blue}."
65
- authorization = client.authorize(domain: domain)
65
+ as_encrypt_user do
66
+ wrapper.log "Authorizing #{domain.blue}."
67
+ authorization = client.authorize(domain: domain)
66
68
 
67
- challenge = authorization.http01
68
- challenge_public_path = fetch(:lets_encrypt_challenge_public_path)
69
- challenge_path = File.join(challenge_public_path, File.dirname(challenge.filename))
70
- challenge_file_path = File.join(challenge_public_path, challenge.filename)
71
- execute :mkdir, '-pv', challenge_path
69
+ challenge = authorization.http01
70
+ challenge_public_path = fetch(:lets_encrypt_challenge_public_path)
71
+ challenge_path = File.join(challenge_public_path, File.dirname(challenge.filename))
72
+ challenge_file_path = File.join(challenge_public_path, challenge.filename)
73
+ execute :mkdir, '-pv', challenge_path
72
74
 
73
- wrapper.log "Writing challenge to #{challenge_file_path}", :debug
75
+ wrapper.log "Writing challenge to #{challenge_file_path}", :debug
74
76
 
75
- execute :echo, "\"#{challenge.file_content}\" > #{challenge_file_path}"
77
+ execute :echo, "\"#{challenge.file_content}\" > #{challenge_file_path}"
76
78
 
77
- challenge.request_verification
79
+ challenge.request_verification
78
80
 
79
- 5.times do
80
- wrapper.log "Checking verification...", :debug
81
- sleep 1
82
- break if challenge.verify_status != 'pending'
83
- end
84
- if challenge.verify_status == 'valid'
85
- wrapper.log "Authorization successful for #{domain.green}"
86
- execute :rm, '-f', challenge_file_path
87
- true
88
- else
89
- wrapper.log "Authorization error for #{domain.red}", :error
90
- wrapper.log challenge.error['detail']
91
- false
81
+ 5.times do
82
+ wrapper.log "Checking verification...", :debug
83
+ sleep 1
84
+ break if challenge.verify_status != 'pending'
85
+ end
86
+ if challenge.verify_status == 'valid'
87
+ wrapper.log "Authorization successful for #{domain.green}"
88
+ execute :rm, '-f', challenge_file_path
89
+ true
90
+ else
91
+ wrapper.log "Authorization error for #{domain.red}", :error
92
+ wrapper.log challenge.error['detail']
93
+ false
94
+ end
92
95
  end
93
96
  end
94
97
 
@@ -100,11 +103,29 @@ namespace :lets_encrypt do
100
103
  end
101
104
 
102
105
  def upload_certs(domain)
103
- execute :mkdir, '-pv', "#{fetch(:lets_encrypt_output_path)}/#{domain}"
104
- upload! local_private_key_path, private_key_path
105
- upload! local_fullchain_path, fullchain_path
106
- upload! local_certificate_path, certificate_path
107
- upload! local_chain_path, chain_path
106
+ as_encrypt_user do
107
+ execute :mkdir, '-pv', "#{fetch(:lets_encrypt_output_path)}/#{domain}"
108
+ safe_upload! local_private_key_path, private_key_path
109
+ safe_upload! local_fullchain_path, fullchain_path
110
+ safe_upload! local_certificate_path, certificate_path
111
+ safe_upload! local_chain_path, chain_path
112
+ end
113
+ end
114
+
115
+ def as_encrypt_user(&block)
116
+ if fetch(:lets_encrypt_user)
117
+ as fetch(:lets_encrypt_user) do
118
+ yield
119
+ end
120
+ else
121
+ yield
122
+ end
123
+ end
124
+
125
+ def safe_upload!(from, to)
126
+ tempname = "/tmp/#{Time.now.to_f}"
127
+ upload! from, tempname
128
+ sudo :mv, tempname, to
108
129
  end
109
130
 
110
131
  # Helpers
@@ -158,7 +179,7 @@ namespace :lets_encrypt do
158
179
 
159
180
  def options
160
181
  @options ||= {
161
- account_key: fetch(:lets_encrypt_account_key),
182
+ account_key: File.expand_path(fetch(:lets_encrypt_account_key)),
162
183
  test: fetch(:lets_encrypt_test),
163
184
  log_level: "info",
164
185
  color: true,
metadata CHANGED
@@ -1,55 +1,55 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: capistrano-lets-encrypt
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Juan Ignacio Donoso
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-12-28 00:00:00.000000000 Z
11
+ date: 2017-03-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: capistrano
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - '>='
17
+ - - ">="
18
18
  - !ruby/object:Gem::Version
19
19
  version: 3.0.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
- - - '>='
24
+ - - ">="
25
25
  - !ruby/object:Gem::Version
26
26
  version: 3.0.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: letsencrypt-cli
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
- - - '>='
31
+ - - ">="
32
32
  - !ruby/object:Gem::Version
33
33
  version: 0.1.4
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
- - - '>='
38
+ - - ">="
39
39
  - !ruby/object:Gem::Version
40
40
  version: 0.1.4
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: rake
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
- - - ~>
45
+ - - "~>"
46
46
  - !ruby/object:Gem::Version
47
47
  version: '10.0'
48
48
  type: :development
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
- - - ~>
52
+ - - "~>"
53
53
  - !ruby/object:Gem::Version
54
54
  version: '10.0'
55
55
  description: Adds support for let's encrypt to Capistrano 3.x
@@ -59,7 +59,7 @@ executables: []
59
59
  extensions: []
60
60
  extra_rdoc_files: []
61
61
  files:
62
- - .gitignore
62
+ - ".gitignore"
63
63
  - Gemfile
64
64
  - LICENSE.txt
65
65
  - README.md
@@ -78,19 +78,18 @@ require_paths:
78
78
  - lib
79
79
  required_ruby_version: !ruby/object:Gem::Requirement
80
80
  requirements:
81
- - - '>='
81
+ - - ">="
82
82
  - !ruby/object:Gem::Version
83
83
  version: '0'
84
84
  required_rubygems_version: !ruby/object:Gem::Requirement
85
85
  requirements:
86
- - - '>='
86
+ - - ">="
87
87
  - !ruby/object:Gem::Version
88
88
  version: '0'
89
89
  requirements: []
90
90
  rubyforge_project:
91
- rubygems_version: 2.4.8
91
+ rubygems_version: 2.5.2
92
92
  signing_key:
93
93
  specification_version: 4
94
94
  summary: Adds support for let's encrypt to Capistrano 3.x
95
95
  test_files: []
96
- has_rdoc: