magic_recipes_two 0.0.59 → 0.0.60
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
---
|
2
2
|
!binary "U0hBMQ==":
|
3
3
|
metadata.gz: !binary |-
|
4
|
-
|
4
|
+
ZWU1ZTk5ODlhNmNkZWE2NmU2ODg0NDg0MmE3YjA1YTVkNjI4ZWFmNg==
|
5
5
|
data.tar.gz: !binary |-
|
6
|
-
|
6
|
+
MDA3ZjJiMmZmNDBhMzNjMTVmYjZiM2Y1MDg5NzQ1ODIwZTJkMmI5MQ==
|
7
7
|
SHA512:
|
8
8
|
metadata.gz: !binary |-
|
9
|
-
|
10
|
-
|
11
|
-
|
9
|
+
MmU2NjQ5MmNkNWViYjY1MjhjZjRhNmY2MzYyYzBiNjM5OWNiYThlNDFkM2Vm
|
10
|
+
YWNmOGEwNzIyYTZmNzhkNjQzOTQwMTIwMzMzMmY5ZTRkNjM1ZTJmMTAyYTZj
|
11
|
+
N2ViZGVmZDU1Nzg1ZWI5ZDMyOTlmYmMwMjJlZGIyZmI3N2U1NjE=
|
12
12
|
data.tar.gz: !binary |-
|
13
|
-
|
14
|
-
|
15
|
-
|
13
|
+
NGU5YTgxODc5NGJkYjE0ZDRlM2ZlNTk1Y2RkNzUwOTcxYzZjMzE0NTUzOTI0
|
14
|
+
YjNmMWE3OTIyMjAzMzJmZGRmZjBiMjg4ZmMzODNhODI3MDNjMDY2N2I3ZTI4
|
15
|
+
NWM1MGJkOTJmMjViYjNmOTBkYzUzOTE3ZGY3MjljYzk2NGM0YWY=
|
@@ -3,8 +3,12 @@
|
|
3
3
|
|
4
4
|
namespace :load do
|
5
5
|
task :defaults do
|
6
|
-
set :lets_encrypt_roles,
|
7
|
-
set :lets_encrypt_path,
|
6
|
+
set :lets_encrypt_roles, -> { :web }
|
7
|
+
set :lets_encrypt_path, -> { "~" }
|
8
|
+
set :lets_encrypt_renew_minute, -> { "23" }
|
9
|
+
set :lets_encrypt_renew_hour1, -> { "0" }
|
10
|
+
set :lets_encrypt_renew_hour2, -> { "12" }
|
11
|
+
set :lets_encrypt_cron_log, -> { "#{shared_path}/log/lets_encrypt_cron.log" }
|
8
12
|
end
|
9
13
|
end
|
10
14
|
|
@@ -13,8 +17,10 @@ namespace :lets_encrypt do
|
|
13
17
|
desc "Install certbot LetsEncrypt"
|
14
18
|
task :install do
|
15
19
|
on release_roles fetch(:lets_encrypt_roles) do
|
16
|
-
|
17
|
-
|
20
|
+
within fetch(:lets_encrypt_path) do
|
21
|
+
execute "wget https://dl.eff.org/certbot-auto"
|
22
|
+
execute "chmod a+x certbot-auto"
|
23
|
+
end
|
18
24
|
end
|
19
25
|
end
|
20
26
|
|
@@ -32,15 +38,25 @@ namespace :lets_encrypt do
|
|
32
38
|
## http://serverfault.com/a/825032
|
33
39
|
task :auto_renew do
|
34
40
|
on release_roles fetch(:lets_encrypt_roles) do
|
35
|
-
execute :sudo, "echo '42 0,12 * * * root #{ fetch(:lets_encrypt_path) }/certbot-auto renew --quiet' | cat > /
|
41
|
+
# execute :sudo, "echo '42 0,12 * * * root (#{ fetch(:lets_encrypt_path) }/certbot-auto renew --quiet) >> #{shared_path}/lets_encrypt_cron.log 2>&1' | cat > #{ fetch(:lets_encrypt_path) }/lets_encrypt_cronjob"
|
42
|
+
execute :sudo, "echo '#{ fetch(:lets_encrypt_renew_minute) } #{ fetch(:lets_encrypt_renew_hour1) },#{ fetch(:lets_encrypt_renew_hour2) } * * * root #{ fetch(:lets_encrypt_path) }/certbot-auto renew --no-self-upgrade --post-hook \"#{fetch(:nginx_service_path)} restart\" >> #{ fetch(:lets_encrypt_cron_log) } 2>&1' | cat > #{ fetch(:lets_encrypt_path) }/lets_encrypt_cronjob"
|
43
|
+
execute :sudo, "mv -f #{ fetch(:lets_encrypt_path) }/lets_encrypt_cronjob /etc/cron.d/lets_encrypt"
|
44
|
+
execute :sudo, "chown -f root:root /etc/cron.d/lets_encrypt"
|
45
|
+
execute :sudo, "chmod -f 0644 /etc/cron.d/lets_encrypt"
|
36
46
|
end
|
37
47
|
end
|
38
48
|
|
39
49
|
|
40
|
-
desc "
|
41
|
-
task :
|
50
|
+
desc "Dry-Run Renew LetsEncrypt"
|
51
|
+
task :dry_renew do
|
42
52
|
on release_roles fetch(:lets_encrypt_roles) do
|
43
|
-
execute :sudo, "#{ fetch(:lets_encrypt_path) }/certbot-auto renew --dry-run"
|
53
|
+
# execute :sudo, "#{ fetch(:lets_encrypt_path) }/certbot-auto renew --dry-run"
|
54
|
+
output = capture(:sudo, "#{ fetch(:lets_encrypt_path) }/certbot-auto renew --dry-run")
|
55
|
+
puts "#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#"
|
56
|
+
output.each_line do |line|
|
57
|
+
puts line
|
58
|
+
end
|
59
|
+
puts "#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#"
|
44
60
|
end
|
45
61
|
end
|
46
62
|
|
@@ -52,6 +68,18 @@ namespace :lets_encrypt do
|
|
52
68
|
end
|
53
69
|
end
|
54
70
|
|
71
|
+
desc "Check CRON logs in syslog"
|
72
|
+
task :check_cron_logs do
|
73
|
+
on release_roles fetch(:lets_encrypt_roles) do
|
74
|
+
# execute "grep CRON /var/log/syslog"
|
75
|
+
output = capture("grep CRON /var/log/syslog")
|
76
|
+
puts "#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#"
|
77
|
+
output.each_line do |line|
|
78
|
+
puts line
|
79
|
+
end
|
80
|
+
puts "#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#"
|
81
|
+
end
|
82
|
+
end
|
55
83
|
|
56
84
|
end
|
57
85
|
|
@@ -166,8 +166,8 @@ server {
|
|
166
166
|
# from https://cipherli.st/
|
167
167
|
# and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
|
168
168
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
169
|
+
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
|
169
170
|
ssl_prefer_server_ciphers on;
|
170
|
-
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
|
171
171
|
ssl_ecdh_curve secp384r1;
|
172
172
|
ssl_session_cache shared:SSL:10m;
|
173
173
|
ssl_session_tickets off;
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: magic_recipes_two
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.60
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Torsten Wetzel
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-03-
|
11
|
+
date: 2017-03-24 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rails
|