magic_recipes_two 0.0.59 → 0.0.60

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +8 -8
  2. data/lib/capistrano/magic_recipes/version.rb +1 -1
  3. data/lib/capistrano/tasks/lets_encrypt.rake +36 -8
  4. data/lib/generators/capistrano/magic_recipes/templates/nginx.conf.erb +1 -1
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,15 +1,15 @@
1
1
  ---
2
2
  !binary "U0hBMQ==":
3
3
  metadata.gz: !binary |-
4
- ZWNmYWQ5NTk0NGIxZDJlMGI0YmM4Y2QzNTFkM2M5NGIxNzJiZDkxOQ==
4
+ ZWU1ZTk5ODlhNmNkZWE2NmU2ODg0NDg0MmE3YjA1YTVkNjI4ZWFmNg==
5
5
  data.tar.gz: !binary |-
6
- ZGNkNTdiODYwNzI3ZTQxYzlmYWJkMzdiNTZlOGM2ZmJjNzUwMzExYQ==
6
+ MDA3ZjJiMmZmNDBhMzNjMTVmYjZiM2Y1MDg5NzQ1ODIwZTJkMmI5MQ==
7
7
  SHA512:
8
8
  metadata.gz: !binary |-
9
- OWVkMTMzNDNmYzQ4ZmYwOWQ2ZGUyMmM5ZGYxZWU3OTJhZjllNDFkZDcwOTY4
10
- M2VlMzlhMjJkYjYzZGVkZWZhMzBkOTQ0MDdjY2FmMjcwZWJlMzEzMmZjNzFk
11
- OWVmMGUzYjI4ZDQwZThhNDA0YjI3NWMwMDllNTU1MmNlZjkzNDg=
9
+ MmU2NjQ5MmNkNWViYjY1MjhjZjRhNmY2MzYyYzBiNjM5OWNiYThlNDFkM2Vm
10
+ YWNmOGEwNzIyYTZmNzhkNjQzOTQwMTIwMzMzMmY5ZTRkNjM1ZTJmMTAyYTZj
11
+ N2ViZGVmZDU1Nzg1ZWI5ZDMyOTlmYmMwMjJlZGIyZmI3N2U1NjE=
12
12
  data.tar.gz: !binary |-
13
- MmY3Nzc2MzEyYTI1MTdlM2VhNjk5MTBmM2E4MTA2MmE0MTA4ZGY1ZDlmYjgy
14
- ZmExYzM0YzM4YWZkM2U1NjBkMzAzY2QzYjIyNDY0NjI0MWY4MjA4ZmY0M2E0
15
- NDRmMjgyZjg2NzgzZjI2NDBjMGEyMzhlMjQ1NmYzNWExMjFmOGE=
13
+ NGU5YTgxODc5NGJkYjE0ZDRlM2ZlNTk1Y2RkNzUwOTcxYzZjMzE0NTUzOTI0
14
+ YjNmMWE3OTIyMjAzMzJmZGRmZjBiMjg4ZmMzODNhODI3MDNjMDY2N2I3ZTI4
15
+ NWM1MGJkOTJmMjViYjNmOTBkYzUzOTE3ZGY3MjljYzk2NGM0YWY=
data/lib/capistrano/magic_recipes/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Capistrano
2
2
  module MagicRecipes
3
- VERSION = "0.0.59"
3
+ VERSION = "0.0.60"
4
4
  end
5
5
  end
data/lib/capistrano/tasks/lets_encrypt.rake CHANGED
@@ -3,8 +3,12 @@
3
3
 
4
4
  namespace :load do
5
5
  task :defaults do
6
- set :lets_encrypt_roles, -> { :web }
7
- set :lets_encrypt_path, -> { "~" }
6
+ set :lets_encrypt_roles, -> { :web }
7
+ set :lets_encrypt_path, -> { "~" }
8
+ set :lets_encrypt_renew_minute, -> { "23" }
9
+ set :lets_encrypt_renew_hour1, -> { "0" }
10
+ set :lets_encrypt_renew_hour2, -> { "12" }
11
+ set :lets_encrypt_cron_log, -> { "#{shared_path}/log/lets_encrypt_cron.log" }
8
12
  end
9
13
  end
10
14
 
@@ -13,8 +17,10 @@ namespace :lets_encrypt do
13
17
  desc "Install certbot LetsEncrypt"
14
18
  task :install do
15
19
  on release_roles fetch(:lets_encrypt_roles) do
16
- execute "cd #{ fetch(:lets_encrypt_path) } ; wget https://dl.eff.org/certbot-auto"
17
- execute "cd #{ fetch(:lets_encrypt_path) } ; chmod a+x certbot-auto"
20
+ within fetch(:lets_encrypt_path) do
21
+ execute "wget https://dl.eff.org/certbot-auto"
22
+ execute "chmod a+x certbot-auto"
23
+ end
18
24
  end
19
25
  end
20
26
 
@@ -32,15 +38,25 @@ namespace :lets_encrypt do
32
38
  ## http://serverfault.com/a/825032
33
39
  task :auto_renew do
34
40
  on release_roles fetch(:lets_encrypt_roles) do
35
- execute :sudo, "echo '42 0,12 * * * root #{ fetch(:lets_encrypt_path) }/certbot-auto renew --quiet' | cat > /etc/cron.d/lets_encrypt"
41
+ # execute :sudo, "echo '42 0,12 * * * root (#{ fetch(:lets_encrypt_path) }/certbot-auto renew --quiet) >> #{shared_path}/lets_encrypt_cron.log 2>&1' | cat > #{ fetch(:lets_encrypt_path) }/lets_encrypt_cronjob"
42
+ execute :sudo, "echo '#{ fetch(:lets_encrypt_renew_minute) } #{ fetch(:lets_encrypt_renew_hour1) },#{ fetch(:lets_encrypt_renew_hour2) } * * * root #{ fetch(:lets_encrypt_path) }/certbot-auto renew --no-self-upgrade --post-hook \"#{fetch(:nginx_service_path)} restart\" >> #{ fetch(:lets_encrypt_cron_log) } 2>&1' | cat > #{ fetch(:lets_encrypt_path) }/lets_encrypt_cronjob"
43
+ execute :sudo, "mv -f #{ fetch(:lets_encrypt_path) }/lets_encrypt_cronjob /etc/cron.d/lets_encrypt"
44
+ execute :sudo, "chown -f root:root /etc/cron.d/lets_encrypt"
45
+ execute :sudo, "chmod -f 0644 /etc/cron.d/lets_encrypt"
36
46
  end
37
47
  end
38
48
 
39
49
 
40
- desc "Install certbot LetsEncrypt"
41
- task :test_renew do
50
+ desc "Dry-Run Renew LetsEncrypt"
51
+ task :dry_renew do
42
52
  on release_roles fetch(:lets_encrypt_roles) do
43
- execute :sudo, "#{ fetch(:lets_encrypt_path) }/certbot-auto renew --dry-run"
53
+ # execute :sudo, "#{ fetch(:lets_encrypt_path) }/certbot-auto renew --dry-run"
54
+ output = capture(:sudo, "#{ fetch(:lets_encrypt_path) }/certbot-auto renew --dry-run")
55
+ puts "#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#"
56
+ output.each_line do |line|
57
+ puts line
58
+ end
59
+ puts "#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#"
44
60
  end
45
61
  end
46
62
 
@@ -52,6 +68,18 @@ namespace :lets_encrypt do
52
68
  end
53
69
  end
54
70
 
71
+ desc "Check CRON logs in syslog"
72
+ task :check_cron_logs do
73
+ on release_roles fetch(:lets_encrypt_roles) do
74
+ # execute "grep CRON /var/log/syslog"
75
+ output = capture("grep CRON /var/log/syslog")
76
+ puts "#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#"
77
+ output.each_line do |line|
78
+ puts line
79
+ end
80
+ puts "#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#"
81
+ end
82
+ end
55
83
 
56
84
  end
57
85
 
data/lib/generators/capistrano/magic_recipes/templates/nginx.conf.erb CHANGED
@@ -166,8 +166,8 @@ server {
166
166
  # from https://cipherli.st/
167
167
  # and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
168
168
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
169
+ ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
169
170
  ssl_prefer_server_ciphers on;
170
- ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
171
171
  ssl_ecdh_curve secp384r1;
172
172
  ssl_session_cache shared:SSL:10m;
173
173
  ssl_session_tickets off;
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: magic_recipes_two
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.59
4
+ version: 0.0.60
5
5
  platform: ruby
6
6
  authors:
7
7
  - Torsten Wetzel
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-03-23 00:00:00.000000000 Z
11
+ date: 2017-03-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails