shared-infrastructure 2.0.0 → 2.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/shared_infrastructure/domain.rb +9 -4
- data/lib/shared_infrastructure/nginx/builder.rb +11 -4
- data/lib/shared_infrastructure/nginx/listen.rb +1 -1
- data/lib/shared_infrastructure/nginx/server_block.rb +2 -2
- data/lib/shared_infrastructure/runner/base.rb +3 -3
- data/lib/shared_infrastructure/runner/reverse_proxy.rb +1 -1
- data/lib/shared_infrastructure/version.rb +1 -1
- metadata +5 -20
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 94062507bafc880f79be53ca05072f205c1ec7a503087ef3e58b7fc0516706d1
|
|
4
|
+
data.tar.gz: f6eba55e524a66bbddcf9c75a3eea9703a2baf9d38960c984f72e2a01e90b985
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b06abbc64c3d03b55bee2250700279d1d63d22b15bb8b9bc2ca6389d6d6de06d1f8395dced7ac60bd09507a89b5bea2fbb8ea0beb0b60a1367c88aff5a781e22
|
|
7
|
+
data.tar.gz: eb9605f6117fb9dd47882893bd140974e8f817caaf7dde8642749bba16aacdb33c4cd0a517b9e1c399cc0c727d602853640b1eb93c78b424f258a85dde29bc5a
|
|
@@ -7,19 +7,24 @@ module SharedInfrastructure
|
|
|
7
7
|
end
|
|
8
8
|
|
|
9
9
|
def certbot_domain_names
|
|
10
|
-
"#{
|
|
10
|
+
domain_names.map { |domain| "#{domain} www.#{domain}" }.join(" ")
|
|
11
11
|
end
|
|
12
12
|
|
|
13
13
|
def certificate_directory
|
|
14
14
|
"/etc/letsencrypt/live/#{domain_name}"
|
|
15
15
|
end
|
|
16
16
|
|
|
17
|
+
def domain_name
|
|
18
|
+
domain_names.first
|
|
19
|
+
end
|
|
20
|
+
|
|
17
21
|
def enabled_site
|
|
18
22
|
"/etc/nginx/sites-enabled/#{domain_name}"
|
|
19
23
|
end
|
|
20
24
|
|
|
21
|
-
def initialize(
|
|
22
|
-
|
|
25
|
+
def initialize(domain_names)
|
|
26
|
+
domain_names = [domain_names] unless domain_names.respond_to?(:map)
|
|
27
|
+
@domain_names = domain_names
|
|
23
28
|
end
|
|
24
29
|
|
|
25
30
|
def rails_env_log(rails_env = "production")
|
|
@@ -39,6 +44,6 @@ module SharedInfrastructure
|
|
|
39
44
|
File.join(root, "html")
|
|
40
45
|
end
|
|
41
46
|
|
|
42
|
-
attr_reader :
|
|
47
|
+
attr_reader :domain_names
|
|
43
48
|
end
|
|
44
49
|
end
|
|
@@ -9,7 +9,8 @@ module Nginx
|
|
|
9
9
|
def save
|
|
10
10
|
pem_file = "#{Nginx.certificate_directory(certificate_domain)}/dhparam.pem"
|
|
11
11
|
FileUtils.mkdir_p File.dirname(pem_file)
|
|
12
|
-
|
|
12
|
+
puts "openssl dhparam -out #{pem_file} #{Nginx.dhparam}" if Runner.debug
|
|
13
|
+
`openssl dhparam -out #{pem_file} #{Nginx.dhparam}`
|
|
13
14
|
super
|
|
14
15
|
end
|
|
15
16
|
end
|
|
@@ -90,7 +91,7 @@ Finally, re-run this script to configure nginx for TLS.
|
|
|
90
91
|
listen: Nginx::ListenHttps.new(domain.domain_name, certificate_domain),
|
|
91
92
|
location: Nginx::ReverseProxyLocation.new(proxy_url)
|
|
92
93
|
),
|
|
93
|
-
Nginx::TlsRedirectServerBlock.new(domain.
|
|
94
|
+
Nginx::TlsRedirectServerBlock.new(domain.domain_names),
|
|
94
95
|
domain: domain
|
|
95
96
|
)
|
|
96
97
|
end
|
|
@@ -153,7 +154,7 @@ Finally, re-run this script to configure nginx for TLS.
|
|
|
153
154
|
listen: Nginx::ListenHttps.new(domain.domain_name, certificate_domain),
|
|
154
155
|
location: Nginx::Location.new
|
|
155
156
|
),
|
|
156
|
-
Nginx::TlsRedirectServerBlock.new(domain.
|
|
157
|
+
Nginx::TlsRedirectServerBlock.new(domain.domain_names),
|
|
157
158
|
domain: domain
|
|
158
159
|
)
|
|
159
160
|
end
|
|
@@ -207,6 +208,12 @@ Finally, re-run this script to configure nginx for TLS.
|
|
|
207
208
|
rails_env: rails_env
|
|
208
209
|
)
|
|
209
210
|
end
|
|
211
|
+
|
|
212
|
+
def save
|
|
213
|
+
result = super
|
|
214
|
+
https_reminder_message
|
|
215
|
+
result
|
|
216
|
+
end
|
|
210
217
|
end
|
|
211
218
|
|
|
212
219
|
class RailsHttps < Rails
|
|
@@ -228,7 +235,7 @@ Finally, re-run this script to configure nginx for TLS.
|
|
|
228
235
|
accel_location: accel_location,
|
|
229
236
|
domain: domain
|
|
230
237
|
),
|
|
231
|
-
Nginx::TlsRedirectServerBlock.new(domain.
|
|
238
|
+
Nginx::TlsRedirectServerBlock.new(domain.domain_names),
|
|
232
239
|
domain: domain,
|
|
233
240
|
rails_env: rails_env
|
|
234
241
|
)
|
|
@@ -43,7 +43,7 @@ module Nginx
|
|
|
43
43
|
"# Optimize TLS, from: https://www.bjornjohansen.no/optimizing-https-nginx, steps 1-3",
|
|
44
44
|
"ssl_session_cache shared:SSL:1m; # Enough for 4,000 sessions.",
|
|
45
45
|
"ssl_session_timeout 180m;",
|
|
46
|
-
"ssl_protocols TLSv1
|
|
46
|
+
"ssl_protocols TLSv1.3 TLSv1.2;",
|
|
47
47
|
"ssl_prefer_server_ciphers on;",
|
|
48
48
|
"ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;",
|
|
49
49
|
"# Step 4",
|
|
@@ -43,9 +43,9 @@ SERVER_BLOCK
|
|
|
43
43
|
end
|
|
44
44
|
|
|
45
45
|
class TlsRedirectServerBlock < ServerBlock
|
|
46
|
-
def initialize(
|
|
46
|
+
def initialize(*domain_names)
|
|
47
47
|
super(
|
|
48
|
-
server: Server.new(domain: SharedInfrastructure::Domain.new(
|
|
48
|
+
server: Server.new(domain: SharedInfrastructure::Domain.new(*domain_names)),
|
|
49
49
|
listen: ListenHttp.new,
|
|
50
50
|
location: RedirectLocation.new
|
|
51
51
|
)
|
|
@@ -28,8 +28,8 @@ module Runner
|
|
|
28
28
|
end
|
|
29
29
|
|
|
30
30
|
def process_args(opts = nil)
|
|
31
|
-
raise MissingArgument.new("domain required", opts)
|
|
32
|
-
{ domain_name: ARGV
|
|
31
|
+
raise MissingArgument.new("domain required", opts) if ARGV.size == 0
|
|
32
|
+
{ domain_name: ARGV }
|
|
33
33
|
end
|
|
34
34
|
|
|
35
35
|
def process_options(http_builder_class = Nginx::Builder::SiteHttp,
|
|
@@ -106,7 +106,7 @@ module Runner
|
|
|
106
106
|
options[:protocol]
|
|
107
107
|
else
|
|
108
108
|
certificate_directory = Nginx.certificate_directory(
|
|
109
|
-
options[:certificate_domain] || options[:domain_name]
|
|
109
|
+
options[:certificate_domain] || options[:domain_name].first # FIXME:
|
|
110
110
|
)
|
|
111
111
|
if File.exist?(File.join(certificate_directory, "privkey.pem")) &&
|
|
112
112
|
File.exist?(File.join(certificate_directory, "fullchain.pem")) &&
|
metadata
CHANGED
|
@@ -1,32 +1,18 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: shared-infrastructure
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Larry Reid
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
12
|
-
dependencies:
|
|
13
|
-
- !ruby/object:Gem::Dependency
|
|
14
|
-
name: chandler
|
|
15
|
-
requirement: !ruby/object:Gem::Requirement
|
|
16
|
-
requirements:
|
|
17
|
-
- - ">="
|
|
18
|
-
- !ruby/object:Gem::Version
|
|
19
|
-
version: '0'
|
|
20
|
-
type: :development
|
|
21
|
-
prerelease: false
|
|
22
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
23
|
-
requirements:
|
|
24
|
-
- - ">="
|
|
25
|
-
- !ruby/object:Gem::Version
|
|
26
|
-
version: '0'
|
|
11
|
+
date: 2021-11-15 00:00:00.000000000 Z
|
|
12
|
+
dependencies: []
|
|
27
13
|
description: 'For static sites, Rails apps, and reverse proxies.
|
|
28
14
|
|
|
29
|
-
'
|
|
15
|
+
'
|
|
30
16
|
email: lcreid@jadesystems.ca
|
|
31
17
|
executables:
|
|
32
18
|
- create-server-block
|
|
@@ -76,8 +62,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
76
62
|
- !ruby/object:Gem::Version
|
|
77
63
|
version: '0'
|
|
78
64
|
requirements: []
|
|
79
|
-
|
|
80
|
-
rubygems_version: 2.7.6
|
|
65
|
+
rubygems_version: 3.1.2
|
|
81
66
|
signing_key:
|
|
82
67
|
specification_version: 4
|
|
83
68
|
summary: Configure nginx, systemd, and/or Puma
|