magic_recipes_two 0.0.59 → 0.0.60

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +8 -8
  2. data/lib/capistrano/magic_recipes/version.rb +1 -1
  3. data/lib/capistrano/tasks/lets_encrypt.rake +36 -8
  4. data/lib/generators/capistrano/magic_recipes/templates/nginx.conf.erb +1 -1
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,15 +1,15 @@
1
1
  ---
2
2
  !binary "U0hBMQ==":
3
3
  metadata.gz: !binary |-
4
- ZWNmYWQ5NTk0NGIxZDJlMGI0YmM4Y2QzNTFkM2M5NGIxNzJiZDkxOQ==
4
+ ZWU1ZTk5ODlhNmNkZWE2NmU2ODg0NDg0MmE3YjA1YTVkNjI4ZWFmNg==
5
5
  data.tar.gz: !binary |-
6
- ZGNkNTdiODYwNzI3ZTQxYzlmYWJkMzdiNTZlOGM2ZmJjNzUwMzExYQ==
6
+ MDA3ZjJiMmZmNDBhMzNjMTVmYjZiM2Y1MDg5NzQ1ODIwZTJkMmI5MQ==
7
7
  SHA512:
8
8
  metadata.gz: !binary |-
9
- OWVkMTMzNDNmYzQ4ZmYwOWQ2ZGUyMmM5ZGYxZWU3OTJhZjllNDFkZDcwOTY4
10
- M2VlMzlhMjJkYjYzZGVkZWZhMzBkOTQ0MDdjY2FmMjcwZWJlMzEzMmZjNzFk
11
- OWVmMGUzYjI4ZDQwZThhNDA0YjI3NWMwMDllNTU1MmNlZjkzNDg=
9
+ MmU2NjQ5MmNkNWViYjY1MjhjZjRhNmY2MzYyYzBiNjM5OWNiYThlNDFkM2Vm
10
+ YWNmOGEwNzIyYTZmNzhkNjQzOTQwMTIwMzMzMmY5ZTRkNjM1ZTJmMTAyYTZj
11
+ N2ViZGVmZDU1Nzg1ZWI5ZDMyOTlmYmMwMjJlZGIyZmI3N2U1NjE=
12
12
  data.tar.gz: !binary |-
13
- MmY3Nzc2MzEyYTI1MTdlM2VhNjk5MTBmM2E4MTA2MmE0MTA4ZGY1ZDlmYjgy
14
- ZmExYzM0YzM4YWZkM2U1NjBkMzAzY2QzYjIyNDY0NjI0MWY4MjA4ZmY0M2E0
15
- NDRmMjgyZjg2NzgzZjI2NDBjMGEyMzhlMjQ1NmYzNWExMjFmOGE=
13
+ NGU5YTgxODc5NGJkYjE0ZDRlM2ZlNTk1Y2RkNzUwOTcxYzZjMzE0NTUzOTI0
14
+ YjNmMWE3OTIyMjAzMzJmZGRmZjBiMjg4ZmMzODNhODI3MDNjMDY2N2I3ZTI4
15
+ NWM1MGJkOTJmMjViYjNmOTBkYzUzOTE3ZGY3MjljYzk2NGM0YWY=
data/lib/capistrano/magic_recipes/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Capistrano
2
2
  module MagicRecipes
3
- VERSION = "0.0.59"
3
+ VERSION = "0.0.60"
4
4
  end
5
5
  end
data/lib/capistrano/tasks/lets_encrypt.rake CHANGED
@@ -3,8 +3,12 @@
3
3
 
4
4
  namespace :load do
5
5
  task :defaults do
6
- set :lets_encrypt_roles, -> { :web }
7
- set :lets_encrypt_path, -> { "~" }
6
+ set :lets_encrypt_roles, -> { :web }
7
+ set :lets_encrypt_path, -> { "~" }
8
+ set :lets_encrypt_renew_minute, -> { "23" }
9
+ set :lets_encrypt_renew_hour1, -> { "0" }
10
+ set :lets_encrypt_renew_hour2, -> { "12" }
11
+ set :lets_encrypt_cron_log, -> { "#{shared_path}/log/lets_encrypt_cron.log" }
8
12
  end
9
13
  end
10
14
 
@@ -13,8 +17,10 @@ namespace :lets_encrypt do
13
17
  desc "Install certbot LetsEncrypt"
14
18
  task :install do
15
19
  on release_roles fetch(:lets_encrypt_roles) do
16
- execute "cd #{ fetch(:lets_encrypt_path) } ; wget https://dl.eff.org/certbot-auto"
17
- execute "cd #{ fetch(:lets_encrypt_path) } ; chmod a+x certbot-auto"
20
+ within fetch(:lets_encrypt_path) do
21
+ execute "wget https://dl.eff.org/certbot-auto"
22
+ execute "chmod a+x certbot-auto"
23
+ end
18
24
  end
19
25
  end
20
26
 
@@ -32,15 +38,25 @@ namespace :lets_encrypt do
32
38
  ## http://serverfault.com/a/825032
33
39
  task :auto_renew do
34
40
  on release_roles fetch(:lets_encrypt_roles) do
35
- execute :sudo, "echo '42 0,12 * * * root #{ fetch(:lets_encrypt_path) }/certbot-auto renew --quiet' | cat > /etc/cron.d/lets_encrypt"
41
+ # execute :sudo, "echo '42 0,12 * * * root (#{ fetch(:lets_encrypt_path) }/certbot-auto renew --quiet) >> #{shared_path}/lets_encrypt_cron.log 2>&1' | cat > #{ fetch(:lets_encrypt_path) }/lets_encrypt_cronjob"
42
+ execute :sudo, "echo '#{ fetch(:lets_encrypt_renew_minute) } #{ fetch(:lets_encrypt_renew_hour1) },#{ fetch(:lets_encrypt_renew_hour2) } * * * root #{ fetch(:lets_encrypt_path) }/certbot-auto renew --no-self-upgrade --post-hook \"#{fetch(:nginx_service_path)} restart\" >> #{ fetch(:lets_encrypt_cron_log) } 2>&1' | cat > #{ fetch(:lets_encrypt_path) }/lets_encrypt_cronjob"
43
+ execute :sudo, "mv -f #{ fetch(:lets_encrypt_path) }/lets_encrypt_cronjob /etc/cron.d/lets_encrypt"
44
+ execute :sudo, "chown -f root:root /etc/cron.d/lets_encrypt"
45
+ execute :sudo, "chmod -f 0644 /etc/cron.d/lets_encrypt"
36
46
  end
37
47
  end
38
48
 
39
49
 
40
- desc "Install certbot LetsEncrypt"
41
- task :test_renew do
50
+ desc "Dry-Run Renew LetsEncrypt"
51
+ task :dry_renew do
42
52
  on release_roles fetch(:lets_encrypt_roles) do
43
- execute :sudo, "#{ fetch(:lets_encrypt_path) }/certbot-auto renew --dry-run"
53
+ # execute :sudo, "#{ fetch(:lets_encrypt_path) }/certbot-auto renew --dry-run"
54
+ output = capture(:sudo, "#{ fetch(:lets_encrypt_path) }/certbot-auto renew --dry-run")
55
+ puts "#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#"
56
+ output.each_line do |line|
57
+ puts line
58
+ end
59
+ puts "#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#"
44
60
  end
45
61
  end
46
62
 
@@ -52,6 +68,18 @@ namespace :lets_encrypt do
52
68
  end
53
69
  end
54
70
 
71
+ desc "Check CRON logs in syslog"
72
+ task :check_cron_logs do
73
+ on release_roles fetch(:lets_encrypt_roles) do
74
+ # execute "grep CRON /var/log/syslog"
75
+ output = capture("grep CRON /var/log/syslog")
76
+ puts "#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#"
77
+ output.each_line do |line|
78
+ puts line
79
+ end
80
+ puts "#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#"
81
+ end
82
+ end
55
83
 
56
84
  end
57
85
 
data/lib/generators/capistrano/magic_recipes/templates/nginx.conf.erb CHANGED
@@ -166,8 +166,8 @@ server {
166
166
  # from https://cipherli.st/
167
167
  # and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
168
168
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
169
+ ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
169
170
  ssl_prefer_server_ciphers on;
170
- ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
171
171
  ssl_ecdh_curve secp384r1;
172
172
  ssl_session_cache shared:SSL:10m;
173
173
  ssl_session_tickets off;
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: magic_recipes_two
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.59
4
+ version: 0.0.60
5
5
  platform: ruby
6
6
  authors:
7
7
  - Torsten Wetzel
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-03-23 00:00:00.000000000 Z
11
+ date: 2017-03-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails