shared-infrastructure 2.0.0 → 2.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/shared_infrastructure/domain.rb +9 -4
- data/lib/shared_infrastructure/nginx/builder.rb +11 -4
- data/lib/shared_infrastructure/nginx/listen.rb +1 -1
- data/lib/shared_infrastructure/nginx/server_block.rb +2 -2
- data/lib/shared_infrastructure/runner/base.rb +3 -3
- data/lib/shared_infrastructure/runner/reverse_proxy.rb +1 -1
- data/lib/shared_infrastructure/version.rb +1 -1
- metadata +5 -20
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 94062507bafc880f79be53ca05072f205c1ec7a503087ef3e58b7fc0516706d1
|
4
|
+
data.tar.gz: f6eba55e524a66bbddcf9c75a3eea9703a2baf9d38960c984f72e2a01e90b985
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b06abbc64c3d03b55bee2250700279d1d63d22b15bb8b9bc2ca6389d6d6de06d1f8395dced7ac60bd09507a89b5bea2fbb8ea0beb0b60a1367c88aff5a781e22
|
7
|
+
data.tar.gz: eb9605f6117fb9dd47882893bd140974e8f817caaf7dde8642749bba16aacdb33c4cd0a517b9e1c399cc0c727d602853640b1eb93c78b424f258a85dde29bc5a
|
@@ -7,19 +7,24 @@ module SharedInfrastructure
|
|
7
7
|
end
|
8
8
|
|
9
9
|
def certbot_domain_names
|
10
|
-
"#{
|
10
|
+
domain_names.map { |domain| "#{domain} www.#{domain}" }.join(" ")
|
11
11
|
end
|
12
12
|
|
13
13
|
def certificate_directory
|
14
14
|
"/etc/letsencrypt/live/#{domain_name}"
|
15
15
|
end
|
16
16
|
|
17
|
+
def domain_name
|
18
|
+
domain_names.first
|
19
|
+
end
|
20
|
+
|
17
21
|
def enabled_site
|
18
22
|
"/etc/nginx/sites-enabled/#{domain_name}"
|
19
23
|
end
|
20
24
|
|
21
|
-
def initialize(
|
22
|
-
|
25
|
+
def initialize(domain_names)
|
26
|
+
domain_names = [domain_names] unless domain_names.respond_to?(:map)
|
27
|
+
@domain_names = domain_names
|
23
28
|
end
|
24
29
|
|
25
30
|
def rails_env_log(rails_env = "production")
|
@@ -39,6 +44,6 @@ module SharedInfrastructure
|
|
39
44
|
File.join(root, "html")
|
40
45
|
end
|
41
46
|
|
42
|
-
attr_reader :
|
47
|
+
attr_reader :domain_names
|
43
48
|
end
|
44
49
|
end
|
@@ -9,7 +9,8 @@ module Nginx
|
|
9
9
|
def save
|
10
10
|
pem_file = "#{Nginx.certificate_directory(certificate_domain)}/dhparam.pem"
|
11
11
|
FileUtils.mkdir_p File.dirname(pem_file)
|
12
|
-
|
12
|
+
puts "openssl dhparam -out #{pem_file} #{Nginx.dhparam}" if Runner.debug
|
13
|
+
`openssl dhparam -out #{pem_file} #{Nginx.dhparam}`
|
13
14
|
super
|
14
15
|
end
|
15
16
|
end
|
@@ -90,7 +91,7 @@ Finally, re-run this script to configure nginx for TLS.
|
|
90
91
|
listen: Nginx::ListenHttps.new(domain.domain_name, certificate_domain),
|
91
92
|
location: Nginx::ReverseProxyLocation.new(proxy_url)
|
92
93
|
),
|
93
|
-
Nginx::TlsRedirectServerBlock.new(domain.
|
94
|
+
Nginx::TlsRedirectServerBlock.new(domain.domain_names),
|
94
95
|
domain: domain
|
95
96
|
)
|
96
97
|
end
|
@@ -153,7 +154,7 @@ Finally, re-run this script to configure nginx for TLS.
|
|
153
154
|
listen: Nginx::ListenHttps.new(domain.domain_name, certificate_domain),
|
154
155
|
location: Nginx::Location.new
|
155
156
|
),
|
156
|
-
Nginx::TlsRedirectServerBlock.new(domain.
|
157
|
+
Nginx::TlsRedirectServerBlock.new(domain.domain_names),
|
157
158
|
domain: domain
|
158
159
|
)
|
159
160
|
end
|
@@ -207,6 +208,12 @@ Finally, re-run this script to configure nginx for TLS.
|
|
207
208
|
rails_env: rails_env
|
208
209
|
)
|
209
210
|
end
|
211
|
+
|
212
|
+
def save
|
213
|
+
result = super
|
214
|
+
https_reminder_message
|
215
|
+
result
|
216
|
+
end
|
210
217
|
end
|
211
218
|
|
212
219
|
class RailsHttps < Rails
|
@@ -228,7 +235,7 @@ Finally, re-run this script to configure nginx for TLS.
|
|
228
235
|
accel_location: accel_location,
|
229
236
|
domain: domain
|
230
237
|
),
|
231
|
-
Nginx::TlsRedirectServerBlock.new(domain.
|
238
|
+
Nginx::TlsRedirectServerBlock.new(domain.domain_names),
|
232
239
|
domain: domain,
|
233
240
|
rails_env: rails_env
|
234
241
|
)
|
@@ -43,7 +43,7 @@ module Nginx
|
|
43
43
|
"# Optimize TLS, from: https://www.bjornjohansen.no/optimizing-https-nginx, steps 1-3",
|
44
44
|
"ssl_session_cache shared:SSL:1m; # Enough for 4,000 sessions.",
|
45
45
|
"ssl_session_timeout 180m;",
|
46
|
-
"ssl_protocols TLSv1
|
46
|
+
"ssl_protocols TLSv1.3 TLSv1.2;",
|
47
47
|
"ssl_prefer_server_ciphers on;",
|
48
48
|
"ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;",
|
49
49
|
"# Step 4",
|
@@ -43,9 +43,9 @@ SERVER_BLOCK
|
|
43
43
|
end
|
44
44
|
|
45
45
|
class TlsRedirectServerBlock < ServerBlock
|
46
|
-
def initialize(
|
46
|
+
def initialize(*domain_names)
|
47
47
|
super(
|
48
|
-
server: Server.new(domain: SharedInfrastructure::Domain.new(
|
48
|
+
server: Server.new(domain: SharedInfrastructure::Domain.new(*domain_names)),
|
49
49
|
listen: ListenHttp.new,
|
50
50
|
location: RedirectLocation.new
|
51
51
|
)
|
@@ -28,8 +28,8 @@ module Runner
|
|
28
28
|
end
|
29
29
|
|
30
30
|
def process_args(opts = nil)
|
31
|
-
raise MissingArgument.new("domain required", opts)
|
32
|
-
{ domain_name: ARGV
|
31
|
+
raise MissingArgument.new("domain required", opts) if ARGV.size == 0
|
32
|
+
{ domain_name: ARGV }
|
33
33
|
end
|
34
34
|
|
35
35
|
def process_options(http_builder_class = Nginx::Builder::SiteHttp,
|
@@ -106,7 +106,7 @@ module Runner
|
|
106
106
|
options[:protocol]
|
107
107
|
else
|
108
108
|
certificate_directory = Nginx.certificate_directory(
|
109
|
-
options[:certificate_domain] || options[:domain_name]
|
109
|
+
options[:certificate_domain] || options[:domain_name].first # FIXME:
|
110
110
|
)
|
111
111
|
if File.exist?(File.join(certificate_directory, "privkey.pem")) &&
|
112
112
|
File.exist?(File.join(certificate_directory, "fullchain.pem")) &&
|
metadata
CHANGED
@@ -1,32 +1,18 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: shared-infrastructure
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Larry Reid
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
12
|
-
dependencies:
|
13
|
-
- !ruby/object:Gem::Dependency
|
14
|
-
name: chandler
|
15
|
-
requirement: !ruby/object:Gem::Requirement
|
16
|
-
requirements:
|
17
|
-
- - ">="
|
18
|
-
- !ruby/object:Gem::Version
|
19
|
-
version: '0'
|
20
|
-
type: :development
|
21
|
-
prerelease: false
|
22
|
-
version_requirements: !ruby/object:Gem::Requirement
|
23
|
-
requirements:
|
24
|
-
- - ">="
|
25
|
-
- !ruby/object:Gem::Version
|
26
|
-
version: '0'
|
11
|
+
date: 2021-11-15 00:00:00.000000000 Z
|
12
|
+
dependencies: []
|
27
13
|
description: 'For static sites, Rails apps, and reverse proxies.
|
28
14
|
|
29
|
-
'
|
15
|
+
'
|
30
16
|
email: lcreid@jadesystems.ca
|
31
17
|
executables:
|
32
18
|
- create-server-block
|
@@ -76,8 +62,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
76
62
|
- !ruby/object:Gem::Version
|
77
63
|
version: '0'
|
78
64
|
requirements: []
|
79
|
-
|
80
|
-
rubygems_version: 2.7.6
|
65
|
+
rubygems_version: 3.1.2
|
81
66
|
signing_key:
|
82
67
|
specification_version: 4
|
83
68
|
summary: Configure nginx, systemd, and/or Puma
|