procsd 0.5.3 → 0.5.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cdf2c20fbe8f6aada5790a37464fa13eceb7db3ec671a821c32a8ea6471e579d
-  data.tar.gz: 4bdca0fd4c9b095a678988cde054031363ed80d5f48332ecc445803e16f402b0
+  metadata.gz: '09e6c1faceca84dc0337311001b11397aa338b25bc285960175e4537d3a38f71'
+  data.tar.gz: e1fc39db9a119b15d2042558b093ec222aed03baa67d75f824c3da8b99464e72
 SHA512:
-  metadata.gz: ef4ac450a0847a268685a5c15f22772896d41de580b359d4a212432c31daed795b47d5e5d774e3307a20a3686f10372293ccc8047954b9b905321555de92ba79
-  data.tar.gz: 1392ebe266e97c45a77fd72a0f55d0aa261720bdb0950369838403c4412e005eb16b3fefa33ff20211bc46e8435baf4a27ecf048407d89db1b0c9f0b9f549a7d
+  metadata.gz: d321a3cb39f9a5c442a6c088682b020fafa6fc59e6f03b892bd438df4a10b0fcc3490e5651e20eb060e920de22b7364425da07368f73305b089d63a791f4246c
+  data.tar.gz: ce218eae99a2bd36cbc771e3ba199e0ac9b68cb8736202f0ec171c74f36cef22bca84d89f7704d356c2ee29fb9cb2d7ac935e98cf76079500bd8ed6799067033

data/CHANGELOG.md

@@ -1,4 +1,8 @@
 # CHANGELOG
+## 0.5.4
+* Add: information how to use SSL integration with Cloudflare CDN enabled
+* Add: procsd config certbot_command command
+
 ## 0.5.3
 * Fix: procsd config sudoers command
 * Add: procsd config services command

data/README.md

@@ -8,7 +8,7 @@ Can we have something similar on the cheap Ubuntu VPS from DigitalOcean? Yes we
 
 ## Getting started
 
-> **Note:** latest version of Procsd is `0.5.2`. Since version `0.4.0` there are some breaking changes. Check the [CHANGELOG.md](CHANGELOG.md). To update to the latest version, run `$ gem update procsd` or `$ bundle update procsd` (if you have already installed procsd).
+> **Note:** latest version of Procsd is `0.5.3`. Since version `0.4.0` there are some breaking changes. Check the [CHANGELOG.md](CHANGELOG.md). To update to the latest version, run `$ gem update procsd` or `$ bundle update procsd` (if you have already installed procsd).
 
 > **Note:** Procsd works best with Capistrano integration: [vifreefly/capistrano-procsd](https://github.com/vifreefly/capistrano-procsd)
 
@@ -195,17 +195,19 @@ Currently, procsd can not run all processes in development like `foreman start`
 deploy@server:~/sample_app$ procsd exec web
 
 => Booting Puma
-=> Rails 5.2.1 application starting in development
+=> Rails 5.2.1 application starting in production
 => Run `rails server -h` for more startup options
 Puma starting in single mode...
 * Version 3.12.0 (ruby 2.3.0-p0), codename: Llamas in Pajamas
 * Min threads: 5, max threads: 5
-* Environment: development
-* Listening on tcp://localhost:3000
+* Environment: production
+* Listening on tcp://localhost:2501
 Use Ctrl-C to stop
 ```
 
-`procsd exec` requres all the environment variables defined in `environment` section of `procsd.yml` config file. Sometimes in development mode you need different environment configuration. For that you can add additional environment section `dev_environment` and require it as well using `--dev` flag, example:
+`procsd exec` requres all the environment variables defined in `environment` section of `procsd.yml` config file.
+
+Sometimes in development mode you need different environment configuration. For that you can add additional environment section `dev_environment` and require it as well using `--dev` flag, example:
 
 ```yaml
 app: sample_app
@@ -215,14 +217,16 @@ environment:
   RAILS_LOG_TO_STDOUT: true
 dev_environment:
   RAILS_ENV: development
-  SOME_OTHER_DEV_ENV_VARIABLE=value
+  SOME_OTHER_DEV_ENV_VARIABLE: value
 ```
 
 ```
-deploy@server:~/sample_app$ PORT=3000 procsd exec web --dev
+# Run web process with all environment & dev_environment variables included:
+
+deploy@server:~/sample_app$ procsd exec web --dev
 ```
 
-> The web process runs with all environment & dev_environment variables required.
+> In case if `dev_environment` has env variable with the same name like in `environment`, this variable will be rewritten with value from `dev_environment`.
 
 
 ### Nginx integration (with automatic HTTPS)
@@ -318,11 +322,11 @@ Everything is done. Start app services (`procsd start`) and go to `http://my-dom
 
 To generate Nginx config with free SSL certificate (from [Let’s Encrypt](https://letsencrypt.org/)) included, you need to install [Certbot](https://certbot.eff.org/) on the remote server first:
 
-```
-sudo apt install software-properties-common
-sudo add-apt-repository ppa:certbot/certbot
-sudo apt update
-sudo apt-get install python-certbot-nginx
+```bash
+$ sudo apt install software-properties-common
+$ sudo add-apt-repository ppa:certbot/certbot
+$ sudo apt update
+$ sudo apt install certbot python-certbot-nginx
 ```
 
 > When you install certbot, it automatically setup a cron job (twice per day) to renew expiring certificates ([Automated Renewals](https://certbot.eff.org/docs/using.html#automated-renewals)), so you don't have to worry about renewing certificates manually.
@@ -336,7 +340,7 @@ nginx:
   ssl: true # added
 ```
 
-Configuration is done. **Make sure that all domains defined in procsd (nginx.server_name) are pointing to the server IP** where application is hosted. Then run `procsd create` as usual:
+Configuration is done. **Make sure that all domains defined in procsd (nginx.server_name) are pointing to the server IP** where application is hosted. Then run `procsd create` _(you will probably need first run `procsd destroy` if app services already exists)_ as usual:
 
 > By default Certbot obtaining certificate from _Let's Encrypt_ without a contact email. If you want to provide contact email, define env variable `CERTBOT_EMAIL` with your email in the `.env` file.
 
@@ -404,26 +408,82 @@ Successfully installed SSL cert using certbot
 That's it. Start app services (`procsd start`) and go to `https://my-domain.com` where you'll see your application proxying with Nginx and SSL enabled.
 
 
+<details/>
+  <summary>Note about using Cloudflare CDN</summary><br>
+
+If you use Cloudflare CDN, that means the process of obtaining Let's Encrypt SSL Certificate will fail. To fix it, install `python-certbot-dns-cloudflare` package:
+
+```bash
+$ sudo apt install certbot python-certbot-dns-cloudflare
+```
+
+Read instructions [here how to get Cloudflare API Token and obtain certificates](https://certbot-dns-cloudflare.readthedocs.io/en/stable/). In short,
+
+**1)** Go to https://dash.cloudflare.com/profile/api-tokens and [get your API Token](https://support.cloudflare.com/hc/en-us/articles/200167836-Where-do-I-find-my-Cloudflare-API-key-).
+
+**2)** Create on the server `~/.secrets/certbot/` directory with `cloudflare.ini` file inside:
+
+```bash
+$ mkdir -p ~/.secrets/certbot/
+$ chmod 0700 ~/.secrets/
+$ touch ~/.secrets/certbot/cloudflare.ini
+$ chmod 0400 ~/.secrets/certbot/cloudflare.ini
+```
+
+**3)** Put inside `cloudflare.ini` file your Cloudflare token:
+
+```bash
+$ sudo nano ~/.secrets/certbot/cloudflare.ini
+```
+
+```bash
+# ~/.secrets/certbot/cloudflare.ini
+
+# Cloudflare API token (example) used by Certbot:
+dns_cloudflare_api_token = 0123456789abcdef0123456789abcdef01234567
+```
+
+**4)** Obtain certificates for all your domains declared in `procsd.yml` using _certbot-dns-cloudflare_ plugin:
+
+```bash
+# Example command for my-domain.com domain:
+
+$ sudo certbot certonly --dns-cloudflare --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini -d my-domain.com
+```
+
+**5)** If all went fine, update Nginx application config with new certificates (using certbot command). To get required certbot command type `$ procsd config certbot_command`, then execute it:
+
+```bash
+# Example command for my-domain.com domain:
+
+$ sudo certbot --agree-tos --no-eff-email --redirect --non-interactive --nginx -d my-domain.com --register-unsafely-without-email
+```
+
+All is done!
+
+</details><br>
+
+
 ## All available commands
 
 ```
 $ procsd --help
 
 Commands:
-  procsd --version, -v   # Print the version
-  procsd config          # Print config files based on current settings. Available types: sudoers
   procsd create          # Create and enable app services
   procsd destroy         # Stop, disable and remove app services
-  procsd disable         # Disable app target
+  procsd start           # Start app services
+  procsd stop            # Stop app services
+  procsd restart         # Restart app services
   procsd enable          # Enable app target
-  procsd exec            # Run app process
-  procsd help [COMMAND]  # Describe available commands or one specific command
-  procsd list            # List all app services
+  procsd disable         # Disable app target
   procsd logs            # Show app services logs
-  procsd restart         # Restart app services
-  procsd start           # Start app services
   procsd status          # Show app services status
-  procsd stop            # Stop app services
+  procsd list            # List all app services
+  procsd exec            # Run single app process with environment
+  procsd config          # Print config files based on current settings. Available types: sudoers, services, certbot_command
+  procsd help [COMMAND]  # Describe available commands or one specific command
+  procsd --version, -v   # Print the version
 ```
 
 
@@ -443,6 +503,7 @@ Commands:
 ## Notes
 
 * If you want to set environment variables per process, [use format](https://github.com/ddollar/foreman/wiki/Per-Process-Environment-Variables) like Foreman recommends.
+
 * To print commands before execution, provide env variable `VERBOSE=true` before procsd command. Example:
 
 ```
@@ -455,6 +516,7 @@ Execute: journalctl --no-pager --no-hostname --all --output short-iso -n 3 --uni
 2018-11-04T19:11:59+0400 sample_app-worker.2[29907]: 2018-11-04T15:11:59.597Z 29907 TID-gne5aeyuz INFO: Booting Sidekiq 5.2.2 with redis options {:id=>"Sidekiq-server-PID-29907", :url=>nil}
 2018-11-04T19:11:59+0400 sample_app-worker.2[29907]: 2018-11-04T15:11:59.601Z 29907 TID-gne5aeyuz INFO: Starting processing, hit Ctrl-C to stop
 ```
+
 * You can use extended format of processes commands inside `procsd.yml` to provide additional restart/stop commands for each process:
 
 > All possible options: `ExecStart`, `ExecReload` and `ExecStop`
@@ -472,6 +534,9 @@ processes:
 
 Why? For example default Ruby on Rails application server [Puma](http://puma.io/) supports [Phased or Rolling restart](https://github.com/puma/puma/blob/master/docs/restart.md#normal-vs-hot-vs-phased-restart) feature. If you provide separate `ExecReload`command for a process, then this command will be called while executing `$ procsd restart` by systemd instead of just killing and starting process again.
 
+* If you use Nginx integration but default Nginx requests timeout (60s) is too small for you, [you can set a custom timeout](https://serverfault.com/a/777753) in the global Nginx config.
+
+
 ## Capistrano integration
 
 https://github.com/vifreefly/capistrano-procsd

data/lib/procsd/cli.rb

@@ -192,7 +192,7 @@ module Procsd
       execute command, type: :exec
     end
 
-    desc "config", "Print config files based on current settings. Available types: sudoers, services"
+    desc "config", "Print config files based on current settings. Available types: sudoers, services, certbot_command"
     def config(name)
       preload!
 
@@ -201,7 +201,7 @@ module Procsd
 
       case name
       when "sudoers"
-        say generator.generate_sudoers(options["user"], has_reload: has_reload?)
+        puts generator.generate_sudoers(options["user"], has_reload: has_reload?)
       when "services"
         return unless valid_create_options?(options)
 
@@ -212,13 +212,15 @@ module Procsd
           puts service_data[:content]
           puts "---\n\n"
         end
+      when "certbot_command"
+        puts get_certbot_command.join(' ')
       else
         raise ArgumentError, "Wrong type of argument: #{name}"
       end
     end
 
     map exec: :__exec
-    desc "exec", "Run app process"
+    desc "exec", "Run single app process with environment"
     option :dev, type: :boolean, banner: "Require dev_environment (in additional to base env) defined in procsd.yml"
     def __exec(process_name)
       preload!
@@ -297,19 +299,9 @@ module Procsd
         # Reference: https://certbot.eff.org/docs/using.html#certbot-command-line-options
         # How it works in Caddy https://caddyserver.com/docs/automatic-https
         if nginx["ssl"]
-          command = %w(sudo certbot --agree-tos --no-eff-email --redirect --non-interactive --nginx)
-          nginx["server_name"].split(" ").map(&:strip).each do |domain|
-            command.push("-d", domain)
-          end
-
-          if email = ENV["CERTBOT_EMAIL"]
-            command.push("--email", email)
-          else
-            command << "--register-unsafely-without-email"
-          end
-
+          certbot_command = get_certbot_command
           say "Trying to obtain SSL certificate for Nginx config using Certbot..."
-          if execute command
+          if execute certbot_command
             say("Successfully installed SSL cert using Certbot", :green)
           else
             msg = "Failed to install SSL cert using Certbot. Make sure that all provided domains are pointing to this server IP."
@@ -323,6 +315,20 @@ module Procsd
       end
     end
 
+    def get_certbot_command
+      command = %w(sudo certbot --agree-tos --no-eff-email --redirect --non-interactive --nginx)
+
+      @config[:nginx]["server_name"].split(" ").map(&:strip).each do |domain|
+        command.push("-d", domain)
+      end
+
+      if email = ENV["CERTBOT_EMAIL"]
+        command.push("--email", email)
+      else
+        command << "--register-unsafely-without-email"
+      end
+    end
+
     def in_path?(name)
       system("which", name, [:out, :err] => "/dev/null")
     end

data/lib/procsd/version.rb

@@ -1,3 +1,3 @@
 module Procsd
-  VERSION = "0.5.3"
+  VERSION = "0.5.4"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: procsd
 version: !ruby/object:Gem::Version
-  version: 0.5.3
+  version: 0.5.4
 platform: ruby
 authors:
 - Victor Afanasev
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-03-19 00:00:00.000000000 Z
+date: 2020-05-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -124,7 +124,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: Manage your application processes in production hassle-free like Heroku CLI