Probably some stuff still missing, definately b0rken.
This commit is contained in:
parent
e55b4e9da7
commit
b85b14cf20
|
@ -39,3 +39,4 @@ Scripts
|
||||||
|
|
||||||
# LE HAProxy dev stuff
|
# LE HAProxy dev stuff
|
||||||
working
|
working
|
||||||
|
.vagrant
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
include LICENSE.txt
|
||||||
|
include README.rst
|
||||||
|
recursive-include docs *
|
19
README.rst
19
README.rst
|
@ -1,15 +1,12 @@
|
||||||
HAProxy plugin for Certbot
|
HAProxy plugin for Certbot
|
||||||
==========================
|
==========================
|
||||||
|
|
||||||
|
Getting started (development)
|
||||||
|
-----------------------------
|
||||||
|
|
||||||
|
In order to run tests against the Let's Encrypt API we will run a Boulder
|
||||||
Contributing
|
server, which is the exact same server Let's Encrypt is running. The server is
|
||||||
------------
|
started in Virtual Box using Vagrant. To prevent the installation of any
|
||||||
|
components and dependencies from cluttering up your computer there is also a
|
||||||
You need to create a virtual environment and start it, then install this plugin
|
client Virtual Box instance. Both of these machines can be setup and started by
|
||||||
as a editable package using Python setuptools. I abstracted this in the
|
running the `dev_start.sh` script.
|
||||||
`dev_vars` script, which you should source:
|
|
||||||
|
|
||||||
```
|
|
||||||
source dev_vars
|
|
||||||
```
|
|
||||||
|
|
|
@ -0,0 +1,62 @@
|
||||||
|
# -*- mode: ruby -*-
|
||||||
|
# vi: set ft=ruby :
|
||||||
|
VAGRANTFILE_API_VERSION=2
|
||||||
|
PROJECT_NAME = "lehaproxy"
|
||||||
|
CLIENT_MEMORY=1024
|
||||||
|
CLIENT_CPU_COUNT = 2
|
||||||
|
CLIENT_IOAPIC = "on"
|
||||||
|
CLIENT_NAT_DNS_HOSTRESOLVER="on"
|
||||||
|
SERVER_MEMORY=2048
|
||||||
|
SERVER_CPU_COUNT = 2
|
||||||
|
SERVER_IOAPIC = "on"
|
||||||
|
SERVER_NAT_DNS_HOSTRESOLVER="on"
|
||||||
|
ENVS = {
|
||||||
|
'PROJECT_NAME' => PROJECT_NAME,
|
||||||
|
'PROJECT_TZ' => "Europe/Amsterdam",
|
||||||
|
'PROJECT_CLIENT_HOSTNAME' => PROJECT_NAME + ".local",
|
||||||
|
'PROJECT_SERVER_HOSTNAME' => "boulder.local",
|
||||||
|
'PROJECT_SERVER_IP' => "192.168.33.111",
|
||||||
|
'PROJECT_CLIENT_IP' => "192.168.33.222"
|
||||||
|
}
|
||||||
|
|
||||||
|
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
|
||||||
|
|
||||||
|
config.hostmanager.enabled = true
|
||||||
|
config.hostmanager.manage_host = true
|
||||||
|
config.vbguest.auto_update = true
|
||||||
|
config.vbguest.no_remote = false
|
||||||
|
config.vm.synced_folder ".", "/vagrant/", disabled: true
|
||||||
|
config.vm.synced_folder ".", "/" + PROJECT_NAME + "/", type: "virtualbox"
|
||||||
|
|
||||||
|
config.vm.define "boulder", autostart: true do |server|
|
||||||
|
server.vm.box = "debian/jessie64"
|
||||||
|
server.vm.hostname = "boulder.local"
|
||||||
|
server.vm.network :private_network, ip: ENVS['PROJECT_SERVER_IP']
|
||||||
|
server.vm.provision "shell" do |s|
|
||||||
|
s.path = './provisioning_server.sh'
|
||||||
|
s.env = ENVS
|
||||||
|
end
|
||||||
|
server.vm.provider :virtualbox do |vb|
|
||||||
|
vb.customize ["modifyvm", :id, "--memory", SERVER_MEMORY]
|
||||||
|
vb.customize ["modifyvm", :id, "--cpus", SERVER_CPU_COUNT]
|
||||||
|
vb.customize ["modifyvm", :id, "--ioapic", SERVER_IOAPIC]
|
||||||
|
vb.customize ["modifyvm", :id, "--natdnshostresolver1", SERVER_NAT_DNS_HOSTRESOLVER]
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
config.vm.define "lehaproxy", autostart: true do |client|
|
||||||
|
client.vm.box = "debian/jessie64"
|
||||||
|
client.vm.hostname = PROJECT_NAME + ".local"
|
||||||
|
client.vm.network :private_network, ip: ENVS['PROJECT_CLIENT_IP']
|
||||||
|
client.vm.provision "shell" do |s|
|
||||||
|
s.path = './provisioning_client.sh'
|
||||||
|
s.env = ENVS
|
||||||
|
end
|
||||||
|
client.vm.provider :virtualbox do |vb|
|
||||||
|
vb.customize ["modifyvm", :id, "--memory", CLIENT_MEMORY]
|
||||||
|
vb.customize ["modifyvm", :id, "--cpus", CLIENT_CPU_COUNT]
|
||||||
|
vb.customize ["modifyvm", :id, "--ioapic", CLIENT_IOAPIC]
|
||||||
|
vb.customize ["modifyvm", :id, "--natdnshostresolver1", CLIENT_NAT_DNS_HOSTRESOLVER]
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
|
@ -0,0 +1 @@
|
||||||
|
"""Certbot HAProxy plugin."""
|
|
@ -0,0 +1,301 @@
|
||||||
|
"""HAProxy Configuration."""
|
||||||
|
import logging
|
||||||
|
|
||||||
|
import zope.component
|
||||||
|
import zope.interface
|
||||||
|
|
||||||
|
from acme import challenges
|
||||||
|
|
||||||
|
from certbot import errors
|
||||||
|
from certbot import interfaces
|
||||||
|
from certbot import util
|
||||||
|
from certbot import reverter
|
||||||
|
|
||||||
|
from certbot.plugins import common
|
||||||
|
# from certbot.plugins.util import path_surgery
|
||||||
|
|
||||||
|
from certbot_haproxy import constants
|
||||||
|
|
||||||
|
logger = logging.getLogger(__name__) # pylint:disable=invalid-name
|
||||||
|
|
||||||
|
|
||||||
|
@zope.interface.implementer(interfaces.IAuthenticator, interfaces.IInstaller)
|
||||||
|
@zope.interface.provider(interfaces.IPluginFactory)
|
||||||
|
class HAProxyConfigurator(common.Plugin):
|
||||||
|
"""
|
||||||
|
HAProxy configurator.
|
||||||
|
"""
|
||||||
|
|
||||||
|
description = "HaProxy - Alpha"
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def add_parser_arguments(cls, add):
|
||||||
|
# TODO: This is how we add arguments, do we need any?
|
||||||
|
#add("enmod", default=constants.os_constant("enmod"),
|
||||||
|
# help="Path to the Apache 'a2enmod' binary.")
|
||||||
|
pass
|
||||||
|
|
||||||
|
def __init__(self, *args, **kwargs):
|
||||||
|
"""Initialize an Apache Configurator.
|
||||||
|
|
||||||
|
:param tup version: version of Apache as a tuple (2, 4, 7)
|
||||||
|
(used mostly for unittesting)
|
||||||
|
|
||||||
|
"""
|
||||||
|
version = kwargs.pop("version", None)
|
||||||
|
super(HAProxyConfigurator, self).__init__(*args, **kwargs)
|
||||||
|
|
||||||
|
# Add name_server association dict
|
||||||
|
self.assoc = dict()
|
||||||
|
# Outstanding challenges
|
||||||
|
self._chall_out = set()
|
||||||
|
|
||||||
|
# No additional capabilities
|
||||||
|
self._enhance_func = {}
|
||||||
|
|
||||||
|
def prepare(self):
|
||||||
|
"""Prepare the authenticator/installer.
|
||||||
|
"""
|
||||||
|
|
||||||
|
# Verify Apache is installed
|
||||||
|
restart_cmd = constants.os_constant("restart_cmd")[0]
|
||||||
|
if not util.exe_exists(restart_cmd):
|
||||||
|
if not path_surgery(restart_cmd):
|
||||||
|
raise errors.NoInstallationError(
|
||||||
|
'Cannot find HAProxy control command {0}'.format(
|
||||||
|
restart_cmd
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
|
def deploy_cert(self, domain, cert_path, key_path,
|
||||||
|
chain_path=None, fullchain_path=None):
|
||||||
|
"""
|
||||||
|
Deploys certificate to HAProxy certificate store.
|
||||||
|
|
||||||
|
:raises errors.PluginError: When unable to deploy certificate due to
|
||||||
|
a lack of directives
|
||||||
|
|
||||||
|
"""
|
||||||
|
vhost = self.choose_vhost(domain)
|
||||||
|
self._clean_vhost(vhost)
|
||||||
|
|
||||||
|
# This is done first so that ssl module is enabled and cert_path,
|
||||||
|
# cert_key... can all be parsed appropriately
|
||||||
|
self.prepare_server_https("443")
|
||||||
|
|
||||||
|
path = {"cert_path": self.parser.find_dir("SSLCertificateFile",
|
||||||
|
None, vhost.path),
|
||||||
|
"cert_key": self.parser.find_dir("SSLCertificateKeyFile",
|
||||||
|
None, vhost.path)}
|
||||||
|
|
||||||
|
# Only include if a certificate chain is specified
|
||||||
|
if chain_path is not None:
|
||||||
|
path["chain_path"] = self.parser.find_dir(
|
||||||
|
"SSLCertificateChainFile", None, vhost.path)
|
||||||
|
|
||||||
|
if not path["cert_path"] or not path["cert_key"]:
|
||||||
|
# Throw some can't find all of the directives error"
|
||||||
|
logger.warn(
|
||||||
|
"Cannot find a cert or key directive in %s. "
|
||||||
|
"VirtualHost was not modified", vhost.path)
|
||||||
|
# Presumably break here so that the virtualhost is not modified
|
||||||
|
raise errors.PluginError(
|
||||||
|
"Unable to find cert and/or key directives")
|
||||||
|
|
||||||
|
logger.info("Deploying Certificate to VirtualHost %s", vhost.filep)
|
||||||
|
logger.debug("Apache version is %s",
|
||||||
|
".".join(str(i) for i in self.version))
|
||||||
|
|
||||||
|
if self.version < (2, 4, 8) or (chain_path and not fullchain_path):
|
||||||
|
# install SSLCertificateFile, SSLCertificateKeyFile,
|
||||||
|
# and SSLCertificateChainFile directives
|
||||||
|
set_cert_path = cert_path
|
||||||
|
self.aug.set(path["cert_path"][-1], cert_path)
|
||||||
|
self.aug.set(path["cert_key"][-1], key_path)
|
||||||
|
if chain_path is not None:
|
||||||
|
self.parser.add_dir(vhost.path,
|
||||||
|
"SSLCertificateChainFile", chain_path)
|
||||||
|
else:
|
||||||
|
raise errors.PluginError("--chain-path is required for your "
|
||||||
|
"version of Apache")
|
||||||
|
else:
|
||||||
|
if not fullchain_path:
|
||||||
|
raise errors.PluginError("Please provide the --fullchain-path "
|
||||||
|
"option pointing to your full chain f"
|
||||||
|
"ile")
|
||||||
|
set_cert_path = fullchain_path
|
||||||
|
self.aug.set(path["cert_path"][-1], fullchain_path)
|
||||||
|
self.aug.set(path["cert_key"][-1], key_path)
|
||||||
|
|
||||||
|
# Save notes about the transaction that took place
|
||||||
|
self.save_notes += ("Changed vhost at %s with addresses of %s\n"
|
||||||
|
"\tSSLCertificateFile %s\n"
|
||||||
|
"\tSSLCertificateKeyFile %s\n" %
|
||||||
|
(vhost.filep,
|
||||||
|
", ".join(str(addr) for addr in vhost.addrs),
|
||||||
|
set_cert_path, key_path))
|
||||||
|
if chain_path is not None:
|
||||||
|
self.save_notes += "\tSSLCertificateChainFile %s\n" % chain_path
|
||||||
|
|
||||||
|
# Make sure vhost is enabled if distro with enabled / available
|
||||||
|
if self.conf("handle-sites"):
|
||||||
|
if not vhost.enabled:
|
||||||
|
self.enable_site(vhost)
|
||||||
|
|
||||||
|
######################################################################
|
||||||
|
# Enhancements
|
||||||
|
######################################################################
|
||||||
|
def supported_enhancements(self): # pylint: disable=no-self-use
|
||||||
|
"""Returns currently supported enhancements."""
|
||||||
|
return []
|
||||||
|
|
||||||
|
def enhance(self, domain, enhancement, options=None):
|
||||||
|
"""Enhance configuration.
|
||||||
|
|
||||||
|
:param str domain: domain to enhance
|
||||||
|
:param str enhancement: enhancement type defined in
|
||||||
|
:const:`~certbot.constants.ENHANCEMENTS`
|
||||||
|
:param options: options for the enhancement
|
||||||
|
See :const:`~certbot.constants.ENHANCEMENTS`
|
||||||
|
documentation for appropriate parameter.
|
||||||
|
|
||||||
|
:raises .errors.PluginError: If Enhancement is not supported, or if
|
||||||
|
there is any other problem with the enhancement.
|
||||||
|
|
||||||
|
"""
|
||||||
|
try:
|
||||||
|
func = self._enhance_func[enhancement]
|
||||||
|
except KeyError:
|
||||||
|
raise errors.PluginError(
|
||||||
|
"Unsupported enhancement: {0}".format(enhancement))
|
||||||
|
try:
|
||||||
|
func(self.choose_vhost(domain), options)
|
||||||
|
except errors.PluginError:
|
||||||
|
logger.warn("Failed %s for %s", enhancement, domain)
|
||||||
|
raise
|
||||||
|
|
||||||
|
def restart(self):
|
||||||
|
"""Runs a config test and reloads the Apache server.
|
||||||
|
|
||||||
|
:raises .errors.MisconfigurationError: If either the config test
|
||||||
|
or reload fails.
|
||||||
|
|
||||||
|
"""
|
||||||
|
self.config_test()
|
||||||
|
try:
|
||||||
|
util.run_script(constants.os_constant("restart_cmd"))
|
||||||
|
except errors.SubprocessError as err:
|
||||||
|
raise errors.MisconfigurationError(str(err))
|
||||||
|
|
||||||
|
def config_test(self): # pylint: disable=no-self-use
|
||||||
|
"""Check the configuration of HaProxy for errors.
|
||||||
|
|
||||||
|
:raises .errors.MisconfigurationError: If config_test fails
|
||||||
|
|
||||||
|
"""
|
||||||
|
try:
|
||||||
|
util.run_script(constants.os_constant("conftest_cmd"))
|
||||||
|
except errors.SubprocessError as err:
|
||||||
|
raise errors.MisconfigurationError(str(err))
|
||||||
|
|
||||||
|
def get_version(self):
|
||||||
|
"""Return version of Apache Server.
|
||||||
|
|
||||||
|
Version is returned as tuple. (ie. 2.4.7 = (2, 4, 7))
|
||||||
|
|
||||||
|
:returns: version
|
||||||
|
:rtype: tuple
|
||||||
|
|
||||||
|
:raises .PluginError: if unable to find Apache version
|
||||||
|
|
||||||
|
"""
|
||||||
|
try:
|
||||||
|
stdout, _ = util.run_script(constants.os_constant("version_cmd"))
|
||||||
|
except errors.SubprocessError:
|
||||||
|
raise errors.PluginError(
|
||||||
|
"Unable to run %s -v" %
|
||||||
|
constants.os_constant("version_cmd"))
|
||||||
|
|
||||||
|
regex = re.compile(r"Apache/([0-9\.]*)", re.IGNORECASE)
|
||||||
|
matches = regex.findall(stdout)
|
||||||
|
|
||||||
|
if len(matches) != 1:
|
||||||
|
raise errors.PluginError("Unable to find Apache version")
|
||||||
|
|
||||||
|
return tuple([int(i) for i in matches[0].split(".")])
|
||||||
|
|
||||||
|
def more_info(self):
|
||||||
|
"""Human-readable string to help understand the module"""
|
||||||
|
return (
|
||||||
|
"Configures Apache to authenticate and install HTTPS.{0}"
|
||||||
|
"Server root: {root}{0}"
|
||||||
|
"Version: {version}".format(
|
||||||
|
os.linesep, root=self.parser.loc["root"],
|
||||||
|
version=".".join(str(i) for i in self.version))
|
||||||
|
)
|
||||||
|
|
||||||
|
###########################################################################
|
||||||
|
# Challenges Section
|
||||||
|
###########################################################################
|
||||||
|
def get_chall_pref(self, unused_domain): # pylint: disable=no-self-use
|
||||||
|
"""Return list of challenge preferences."""
|
||||||
|
return [challenges.TLSSNI01]
|
||||||
|
|
||||||
|
def perform(self, achalls):
|
||||||
|
"""Perform the configuration related challenge.
|
||||||
|
|
||||||
|
This function currently assumes all challenges will be fulfilled.
|
||||||
|
If this turns out not to be the case in the future. Cleanup and
|
||||||
|
outstanding challenges will have to be designed better.
|
||||||
|
|
||||||
|
"""
|
||||||
|
self._chall_out.update(achalls)
|
||||||
|
responses = [None] * len(achalls)
|
||||||
|
chall_doer = tls_sni_01.ApacheTlsSni01(self)
|
||||||
|
|
||||||
|
for i, achall in enumerate(achalls):
|
||||||
|
# Currently also have chall_doer hold associated index of the
|
||||||
|
# challenge. This helps to put all of the responses back together
|
||||||
|
# when they are all complete.
|
||||||
|
chall_doer.add_chall(achall, i)
|
||||||
|
|
||||||
|
sni_response = chall_doer.perform()
|
||||||
|
if sni_response:
|
||||||
|
# Must reload in order to activate the challenges.
|
||||||
|
# Handled here because we may be able to load up other challenge
|
||||||
|
# types
|
||||||
|
self.restart()
|
||||||
|
|
||||||
|
# TODO: Remove this dirty hack. We need to determine a reliable way
|
||||||
|
# of identifying when the new configuration is being used.
|
||||||
|
time.sleep(3)
|
||||||
|
|
||||||
|
# Go through all of the challenges and assign them to the proper
|
||||||
|
# place in the responses return value. All responses must be in the
|
||||||
|
# same order as the original challenges.
|
||||||
|
for i, resp in enumerate(sni_response):
|
||||||
|
responses[chall_doer.indices[i]] = resp
|
||||||
|
|
||||||
|
return responses
|
||||||
|
|
||||||
|
def cleanup(self, achalls):
|
||||||
|
"""Revert all challenges."""
|
||||||
|
self._chall_out.difference_update(achalls)
|
||||||
|
|
||||||
|
# If all of the challenges have been finished, clean up everything
|
||||||
|
if not self._chall_out:
|
||||||
|
self.revert_challenge_config()
|
||||||
|
self.restart()
|
||||||
|
self.parser.init_modules()
|
||||||
|
|
||||||
|
def revert_challenge_config(self):
|
||||||
|
"""Used to cleanup challenge configurations.
|
||||||
|
|
||||||
|
:raises .errors.PluginError: If unable to revert the challenge config.
|
||||||
|
|
||||||
|
"""
|
||||||
|
try:
|
||||||
|
self.reverter.revert_temporary_config()
|
||||||
|
except errors.ReverterError as err:
|
||||||
|
raise errors.PluginError(str(err))
|
||||||
|
self.parser.load()
|
|
@ -0,0 +1,36 @@
|
||||||
|
"""HAProxy plugin constants."""
|
||||||
|
from certbot import util
|
||||||
|
|
||||||
|
CLI_DEFAULTS_DEBIAN_JESSIE = dict(
|
||||||
|
server_root="/etc/haproxy",
|
||||||
|
version_cmd=['haproxy', '-v'],
|
||||||
|
restart_cmd=['systemctl', 'restart', 'haproxy'],
|
||||||
|
conftest_cmd=['haproxy' '-c' '-f'], # Need the config file as an argument.
|
||||||
|
)
|
||||||
|
|
||||||
|
CLI_DEFAULTS_DEBIAN_WHEEZY = dict(
|
||||||
|
server_root="/etc/haproxy",
|
||||||
|
version_cmd=['haproxy', '-v'],
|
||||||
|
restart_cmd=['service', 'haproxy', 'restart'],
|
||||||
|
conftest_cmd=['haproxy' '-c' '-f'], # Need the config file as an argument.
|
||||||
|
)
|
||||||
|
|
||||||
|
CLI_DEFAULTS = {
|
||||||
|
"debian": CLI_DEFAULTS_DEBIAN_JESSIE,
|
||||||
|
"debian:jessie": CLI_DEFAULTS_DEBIAN_JESSIE,
|
||||||
|
"debian:wheezy": CLI_DEFAULTS_DEBIAN_WHEEZY,
|
||||||
|
"ubuntu": CLI_DEFAULTS_DEBIAN_WHEEZY
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
def os_constant(key):
|
||||||
|
"""Get a constant value for operating system
|
||||||
|
:param key: name of cli constant
|
||||||
|
:return: value of constant for active os
|
||||||
|
"""
|
||||||
|
os_info = util.get_os_info()
|
||||||
|
try:
|
||||||
|
constants = CLI_DEFAULTS[os_info[0].lower()]
|
||||||
|
except KeyError:
|
||||||
|
constants = CLI_DEFAULTS["debian"]
|
||||||
|
return constants[key]
|
|
@ -0,0 +1 @@
|
||||||
|
"""Certbot HAProxy Tests"""
|
|
@ -0,0 +1,96 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
CMDS="vagrant"
|
||||||
|
DEPS="vagrant"
|
||||||
|
|
||||||
|
VERBOSE=0
|
||||||
|
for arg in "$@"; do
|
||||||
|
if [ "${arg}" = "-v" -o "${arg}" = "--verbose" ]; then
|
||||||
|
VERBOSE=1
|
||||||
|
echo "Verbose mode enabled"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
commands_exist () {
|
||||||
|
DEPS_MISSING=0
|
||||||
|
for cmd in $1; do
|
||||||
|
if ! type "${cmd}" &> /dev/null; then
|
||||||
|
DEPS_MISSING=1
|
||||||
|
echo "Dependency '${cmd}' is not installed."
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
return $DEPS_MISSING
|
||||||
|
}
|
||||||
|
|
||||||
|
function_defined() {
|
||||||
|
type "$1" &> /dev/null;
|
||||||
|
}
|
||||||
|
|
||||||
|
please_install () {
|
||||||
|
if [ -f /etc/redhat-release ] ; then
|
||||||
|
PKMGR=$(which yum)
|
||||||
|
elif [ -f /etc/debian_version ] ; then
|
||||||
|
PKMGR=$(which apt-get)
|
||||||
|
fi
|
||||||
|
echo
|
||||||
|
echo "Before running this script, please run:"
|
||||||
|
echo "${PKMGR} install $1"
|
||||||
|
}
|
||||||
|
|
||||||
|
log () {
|
||||||
|
if [ $VERBOSE -eq 1 ]; then
|
||||||
|
echo "$1"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
SUDO=0
|
||||||
|
do_sudo () {
|
||||||
|
if [ $SUDO -eq 0 ]; then
|
||||||
|
echo "Your hosts file does not contain the required entries, will need"
|
||||||
|
echo "root privileges to set them.."
|
||||||
|
sudo ls &> /dev/null
|
||||||
|
SUDO=1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
if ! commands_exist "${CMDS}"; then
|
||||||
|
log "Missing one or more dependencies."
|
||||||
|
please_install "${DEPS}"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
#log "Checking for vagrant plugins.."
|
||||||
|
#vagrant plugin install vagrant-hostmanager
|
||||||
|
#vagrant plugin install vagrant-vbguest
|
||||||
|
|
||||||
|
log "Checking hosts file for required entries.."
|
||||||
|
for hostname in "le.wtf le1.wtf le2.wtf le3.wtf nginx.wtf"; do
|
||||||
|
if ! grep "${hostname}" /etc/hosts &> /dev/null; then
|
||||||
|
do_sudo
|
||||||
|
sudo cat <<EOF >> /etc/hosts
|
||||||
|
127.0.0.1 ${hostname}
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
if ! grep "lehaproxy.local" /etc/hosts &> /dev/null; then
|
||||||
|
do_sudo
|
||||||
|
sudo cat <<EOF >> /etc/hosts
|
||||||
|
127.0.0.1 lehaproxy.lan
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
|
if ! grep "boulder.local" /etc/hosts &> /dev/null; then
|
||||||
|
do_sudo
|
||||||
|
sudo cat <<EOF >> /etc/hosts
|
||||||
|
127.0.0.1 boulder.lan
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
|
log "Starting LE HAProxy client and server instance.."
|
||||||
|
vagrant up
|
||||||
|
|
||||||
|
echo "You can now connect to the Vagrant instance:"
|
||||||
|
echo "vagrant ssh lehaproxy"
|
||||||
|
echo "After connecting please run:"
|
||||||
|
echo "sudo -s; cd /lehaproxy/; source /lehaproxy_venv/"
|
||||||
|
|
||||||
|
|
71
dev_vars
71
dev_vars
|
@ -1,71 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
|
|
||||||
echo "ERROR: You need to source this script, not run it."
|
|
||||||
echo "Please run like this: \`source $0\`"
|
|
||||||
exit 255
|
|
||||||
fi
|
|
||||||
|
|
||||||
VERBOSE=0
|
|
||||||
for arg in "$@"; do
|
|
||||||
if [ "${arg}" = "-v" -o "${arg}" = "--verbose" ]; then
|
|
||||||
VERBOSE=1
|
|
||||||
echo "Verbose mode enabled"
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
commands_exist () {
|
|
||||||
DEPS_MISSING=0
|
|
||||||
for cmd in $1; do
|
|
||||||
if ! type "${cmd}" &> /dev/null; then
|
|
||||||
DEPS_MISSING=1
|
|
||||||
echo "Dependency '${cmd}' is not installed."
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
return $DEPS_MISSING
|
|
||||||
}
|
|
||||||
|
|
||||||
function_defined() {
|
|
||||||
type "$1" &> /dev/null;
|
|
||||||
}
|
|
||||||
|
|
||||||
please_install () {
|
|
||||||
if [ -f /etc/redhat-release ] ; then
|
|
||||||
PKMGR=$(which yum)
|
|
||||||
elif [ -f /etc/debian_version ] ; then
|
|
||||||
PKMGR=$(which apt-get)
|
|
||||||
fi
|
|
||||||
echo
|
|
||||||
echo "Before running this script, please run:"
|
|
||||||
echo "${PKMGR} install $1"
|
|
||||||
}
|
|
||||||
|
|
||||||
log () {
|
|
||||||
if [ $VERBOSE -eq 1 ]; then
|
|
||||||
echo "$1"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
CMDS="virtualenv python2.7 pip"
|
|
||||||
DEPS="virtualenv python2.7 python-setuptools"
|
|
||||||
|
|
||||||
if [ ! -d "${PWD}/venv/" ]; then
|
|
||||||
log "Virtual environment is not present."
|
|
||||||
log "Checking for dependencies."
|
|
||||||
if ! commands_exist "${CMDS}"; then
|
|
||||||
log "Missing one or more dependencies."
|
|
||||||
please_install "${DEPS}"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
log "Creating virtual environment."
|
|
||||||
virtualenv "${PWD}/venv"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if function_defined deactivate; then
|
|
||||||
log "Deactivating activated virtual environment."
|
|
||||||
deactivate
|
|
||||||
fi
|
|
||||||
|
|
||||||
log "Checking for dependencies."
|
|
||||||
source "$PWD/venv/bin/activate"
|
|
||||||
|
|
||||||
pip install -e .
|
|
|
@ -0,0 +1 @@
|
||||||
|
/_build/
|
|
@ -0,0 +1,192 @@
|
||||||
|
# Makefile for Sphinx documentation
|
||||||
|
#
|
||||||
|
|
||||||
|
# You can set these variables from the command line.
|
||||||
|
SPHINXOPTS =
|
||||||
|
SPHINXBUILD = sphinx-build
|
||||||
|
PAPER =
|
||||||
|
BUILDDIR = _build
|
||||||
|
|
||||||
|
# User-friendly check for sphinx-build
|
||||||
|
ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1)
|
||||||
|
$(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don't have Sphinx installed, grab it from http://sphinx-doc.org/)
|
||||||
|
endif
|
||||||
|
|
||||||
|
# Internal variables.
|
||||||
|
PAPEROPT_a4 = -D latex_paper_size=a4
|
||||||
|
PAPEROPT_letter = -D latex_paper_size=letter
|
||||||
|
ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) .
|
||||||
|
# the i18n builder cannot share the environment and doctrees with the others
|
||||||
|
I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) .
|
||||||
|
|
||||||
|
.PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest coverage gettext
|
||||||
|
|
||||||
|
help:
|
||||||
|
@echo "Please use \`make <target>' where <target> is one of"
|
||||||
|
@echo " html to make standalone HTML files"
|
||||||
|
@echo " dirhtml to make HTML files named index.html in directories"
|
||||||
|
@echo " singlehtml to make a single large HTML file"
|
||||||
|
@echo " pickle to make pickle files"
|
||||||
|
@echo " json to make JSON files"
|
||||||
|
@echo " htmlhelp to make HTML files and a HTML help project"
|
||||||
|
@echo " qthelp to make HTML files and a qthelp project"
|
||||||
|
@echo " applehelp to make an Apple Help Book"
|
||||||
|
@echo " devhelp to make HTML files and a Devhelp project"
|
||||||
|
@echo " epub to make an epub"
|
||||||
|
@echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter"
|
||||||
|
@echo " latexpdf to make LaTeX files and run them through pdflatex"
|
||||||
|
@echo " latexpdfja to make LaTeX files and run them through platex/dvipdfmx"
|
||||||
|
@echo " text to make text files"
|
||||||
|
@echo " man to make manual pages"
|
||||||
|
@echo " texinfo to make Texinfo files"
|
||||||
|
@echo " info to make Texinfo files and run them through makeinfo"
|
||||||
|
@echo " gettext to make PO message catalogs"
|
||||||
|
@echo " changes to make an overview of all changed/added/deprecated items"
|
||||||
|
@echo " xml to make Docutils-native XML files"
|
||||||
|
@echo " pseudoxml to make pseudoxml-XML files for display purposes"
|
||||||
|
@echo " linkcheck to check all external links for integrity"
|
||||||
|
@echo " doctest to run all doctests embedded in the documentation (if enabled)"
|
||||||
|
@echo " coverage to run coverage check of the documentation (if enabled)"
|
||||||
|
|
||||||
|
clean:
|
||||||
|
rm -rf $(BUILDDIR)/*
|
||||||
|
|
||||||
|
html:
|
||||||
|
$(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html
|
||||||
|
@echo
|
||||||
|
@echo "Build finished. The HTML pages are in $(BUILDDIR)/html."
|
||||||
|
|
||||||
|
dirhtml:
|
||||||
|
$(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml
|
||||||
|
@echo
|
||||||
|
@echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml."
|
||||||
|
|
||||||
|
singlehtml:
|
||||||
|
$(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml
|
||||||
|
@echo
|
||||||
|
@echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml."
|
||||||
|
|
||||||
|
pickle:
|
||||||
|
$(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle
|
||||||
|
@echo
|
||||||
|
@echo "Build finished; now you can process the pickle files."
|
||||||
|
|
||||||
|
json:
|
||||||
|
$(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json
|
||||||
|
@echo
|
||||||
|
@echo "Build finished; now you can process the JSON files."
|
||||||
|
|
||||||
|
htmlhelp:
|
||||||
|
$(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp
|
||||||
|
@echo
|
||||||
|
@echo "Build finished; now you can run HTML Help Workshop with the" \
|
||||||
|
".hhp project file in $(BUILDDIR)/htmlhelp."
|
||||||
|
|
||||||
|
qthelp:
|
||||||
|
$(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp
|
||||||
|
@echo
|
||||||
|
@echo "Build finished; now you can run "qcollectiongenerator" with the" \
|
||||||
|
".qhcp project file in $(BUILDDIR)/qthelp, like this:"
|
||||||
|
@echo "# qcollectiongenerator $(BUILDDIR)/qthelp/certbot-haproxy.qhcp"
|
||||||
|
@echo "To view the help file:"
|
||||||
|
@echo "# assistant -collectionFile $(BUILDDIR)/qthelp/certbot-haproxy.qhc"
|
||||||
|
|
||||||
|
applehelp:
|
||||||
|
$(SPHINXBUILD) -b applehelp $(ALLSPHINXOPTS) $(BUILDDIR)/applehelp
|
||||||
|
@echo
|
||||||
|
@echo "Build finished. The help book is in $(BUILDDIR)/applehelp."
|
||||||
|
@echo "N.B. You won't be able to view it unless you put it in" \
|
||||||
|
"~/Library/Documentation/Help or install it in your application" \
|
||||||
|
"bundle."
|
||||||
|
|
||||||
|
devhelp:
|
||||||
|
$(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp
|
||||||
|
@echo
|
||||||
|
@echo "Build finished."
|
||||||
|
@echo "To view the help file:"
|
||||||
|
@echo "# mkdir -p $$HOME/.local/share/devhelp/certbot-haproxy"
|
||||||
|
@echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/certbot-haproxy"
|
||||||
|
@echo "# devhelp"
|
||||||
|
|
||||||
|
epub:
|
||||||
|
$(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub
|
||||||
|
@echo
|
||||||
|
@echo "Build finished. The epub file is in $(BUILDDIR)/epub."
|
||||||
|
|
||||||
|
latex:
|
||||||
|
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
|
||||||
|
@echo
|
||||||
|
@echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex."
|
||||||
|
@echo "Run \`make' in that directory to run these through (pdf)latex" \
|
||||||
|
"(use \`make latexpdf' here to do that automatically)."
|
||||||
|
|
||||||
|
latexpdf:
|
||||||
|
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
|
||||||
|
@echo "Running LaTeX files through pdflatex..."
|
||||||
|
$(MAKE) -C $(BUILDDIR)/latex all-pdf
|
||||||
|
@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
|
||||||
|
|
||||||
|
latexpdfja:
|
||||||
|
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
|
||||||
|
@echo "Running LaTeX files through platex and dvipdfmx..."
|
||||||
|
$(MAKE) -C $(BUILDDIR)/latex all-pdf-ja
|
||||||
|
@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
|
||||||
|
|
||||||
|
text:
|
||||||
|
$(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text
|
||||||
|
@echo
|
||||||
|
@echo "Build finished. The text files are in $(BUILDDIR)/text."
|
||||||
|
|
||||||
|
man:
|
||||||
|
$(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man
|
||||||
|
@echo
|
||||||
|
@echo "Build finished. The manual pages are in $(BUILDDIR)/man."
|
||||||
|
|
||||||
|
texinfo:
|
||||||
|
$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
|
||||||
|
@echo
|
||||||
|
@echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo."
|
||||||
|
@echo "Run \`make' in that directory to run these through makeinfo" \
|
||||||
|
"(use \`make info' here to do that automatically)."
|
||||||
|
|
||||||
|
info:
|
||||||
|
$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
|
||||||
|
@echo "Running Texinfo files through makeinfo..."
|
||||||
|
make -C $(BUILDDIR)/texinfo info
|
||||||
|
@echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo."
|
||||||
|
|
||||||
|
gettext:
|
||||||
|
$(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale
|
||||||
|
@echo
|
||||||
|
@echo "Build finished. The message catalogs are in $(BUILDDIR)/locale."
|
||||||
|
|
||||||
|
changes:
|
||||||
|
$(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes
|
||||||
|
@echo
|
||||||
|
@echo "The overview file is in $(BUILDDIR)/changes."
|
||||||
|
|
||||||
|
linkcheck:
|
||||||
|
$(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck
|
||||||
|
@echo
|
||||||
|
@echo "Link check complete; look for any errors in the above output " \
|
||||||
|
"or in $(BUILDDIR)/linkcheck/output.txt."
|
||||||
|
|
||||||
|
doctest:
|
||||||
|
$(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest
|
||||||
|
@echo "Testing of doctests in the sources finished, look at the " \
|
||||||
|
"results in $(BUILDDIR)/doctest/output.txt."
|
||||||
|
|
||||||
|
coverage:
|
||||||
|
$(SPHINXBUILD) -b coverage $(ALLSPHINXOPTS) $(BUILDDIR)/coverage
|
||||||
|
@echo "Testing of coverage in the sources finished, look at the " \
|
||||||
|
"results in $(BUILDDIR)/coverage/python.txt."
|
||||||
|
|
||||||
|
xml:
|
||||||
|
$(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml
|
||||||
|
@echo
|
||||||
|
@echo "Build finished. The XML files are in $(BUILDDIR)/xml."
|
||||||
|
|
||||||
|
pseudoxml:
|
||||||
|
$(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml
|
||||||
|
@echo
|
||||||
|
@echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml."
|
|
@ -0,0 +1,8 @@
|
||||||
|
=================
|
||||||
|
API Documentation
|
||||||
|
=================
|
||||||
|
|
||||||
|
.. toctree::
|
||||||
|
:glob:
|
||||||
|
|
||||||
|
api/**
|
|
@ -0,0 +1,5 @@
|
||||||
|
:mod:`certbot_haproxy.configurator`
|
||||||
|
--------------------------------------
|
||||||
|
|
||||||
|
.. automodule:: certbot_haproxy.configurator
|
||||||
|
:members:
|
|
@ -0,0 +1,313 @@
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
#
|
||||||
|
# certbot-haproxy documentation build configuration file, created by
|
||||||
|
# sphinx-quickstart on Sun Oct 18 13:39:26 2015.
|
||||||
|
#
|
||||||
|
# This file is execfile()d with the current directory set to its
|
||||||
|
# containing dir.
|
||||||
|
#
|
||||||
|
# Note that not all possible configuration values are present in this
|
||||||
|
# autogenerated file.
|
||||||
|
#
|
||||||
|
# All configuration values have a default; values that are commented out
|
||||||
|
# serve to show the default.
|
||||||
|
|
||||||
|
import sys
|
||||||
|
import os
|
||||||
|
import shlex
|
||||||
|
|
||||||
|
import mock
|
||||||
|
|
||||||
|
|
||||||
|
here = os.path.abspath(os.path.dirname(__file__))
|
||||||
|
|
||||||
|
# If extensions (or modules to document with autodoc) are in another directory,
|
||||||
|
# add these directories to sys.path here. If the directory is relative to the
|
||||||
|
# documentation root, use os.path.abspath to make it absolute, like shown here.
|
||||||
|
sys.path.insert(0, os.path.abspath(os.path.join(here, '..')))
|
||||||
|
|
||||||
|
# -- General configuration ------------------------------------------------
|
||||||
|
|
||||||
|
# If your documentation needs a minimal Sphinx version, state it here.
|
||||||
|
needs_sphinx = '1.0'
|
||||||
|
|
||||||
|
# Add any Sphinx extension module names here, as strings. They can be
|
||||||
|
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
|
||||||
|
# ones.
|
||||||
|
extensions = [
|
||||||
|
'sphinx.ext.autodoc',
|
||||||
|
'sphinx.ext.intersphinx',
|
||||||
|
'sphinx.ext.todo',
|
||||||
|
'sphinx.ext.coverage',
|
||||||
|
'sphinx.ext.viewcode',
|
||||||
|
]
|
||||||
|
|
||||||
|
autodoc_member_order = 'bysource'
|
||||||
|
autodoc_default_flags = ['show-inheritance', 'private-members']
|
||||||
|
|
||||||
|
# Add any paths that contain templates here, relative to this directory.
|
||||||
|
templates_path = ['_templates']
|
||||||
|
|
||||||
|
# The suffix(es) of source filenames.
|
||||||
|
# You can specify multiple suffix as a list of string:
|
||||||
|
# source_suffix = ['.rst', '.md']
|
||||||
|
source_suffix = '.rst'
|
||||||
|
|
||||||
|
# The encoding of source files.
|
||||||
|
#source_encoding = 'utf-8-sig'
|
||||||
|
|
||||||
|
# The master toctree document.
|
||||||
|
master_doc = 'index'
|
||||||
|
|
||||||
|
# General information about the project.
|
||||||
|
project = u'certbot-haproxy'
|
||||||
|
copyright = u'2014-2015, Let\'s Encrypt Project'
|
||||||
|
author = u'Certbot Project'
|
||||||
|
|
||||||
|
# The version info for the project you're documenting, acts as replacement for
|
||||||
|
# |version| and |release|, also used in various other places throughout the
|
||||||
|
# built documents.
|
||||||
|
#
|
||||||
|
# The short X.Y version.
|
||||||
|
version = '0'
|
||||||
|
# The full version, including alpha/beta/rc tags.
|
||||||
|
release = '0'
|
||||||
|
|
||||||
|
# The language for content autogenerated by Sphinx. Refer to documentation
|
||||||
|
# for a list of supported languages.
|
||||||
|
#
|
||||||
|
# This is also used if you do content translation via gettext catalogs.
|
||||||
|
# Usually you set "language" from the command line for these cases.
|
||||||
|
language = 'en'
|
||||||
|
|
||||||
|
# There are two options for replacing |today|: either, you set today to some
|
||||||
|
# non-false value, then it is used:
|
||||||
|
#today = ''
|
||||||
|
# Else, today_fmt is used as the format for a strftime call.
|
||||||
|
#today_fmt = '%B %d, %Y'
|
||||||
|
|
||||||
|
# List of patterns, relative to source directory, that match files and
|
||||||
|
# directories to ignore when looking for source files.
|
||||||
|
exclude_patterns = ['_build']
|
||||||
|
|
||||||
|
# The reST default role (used for this markup: `text`) to use for all
|
||||||
|
# documents.
|
||||||
|
default_role = 'py:obj'
|
||||||
|
|
||||||
|
# If true, '()' will be appended to :func: etc. cross-reference text.
|
||||||
|
#add_function_parentheses = True
|
||||||
|
|
||||||
|
# If true, the current module name will be prepended to all description
|
||||||
|
# unit titles (such as .. function::).
|
||||||
|
#add_module_names = True
|
||||||
|
|
||||||
|
# If true, sectionauthor and moduleauthor directives will be shown in the
|
||||||
|
# output. They are ignored by default.
|
||||||
|
#show_authors = False
|
||||||
|
|
||||||
|
# The name of the Pygments (syntax highlighting) style to use.
|
||||||
|
pygments_style = 'sphinx'
|
||||||
|
|
||||||
|
# A list of ignored prefixes for module index sorting.
|
||||||
|
#modindex_common_prefix = []
|
||||||
|
|
||||||
|
# If true, keep warnings as "system message" paragraphs in the built documents.
|
||||||
|
#keep_warnings = False
|
||||||
|
|
||||||
|
# If true, `todo` and `todoList` produce output, else they produce nothing.
|
||||||
|
todo_include_todos = True
|
||||||
|
|
||||||
|
|
||||||
|
# -- Options for HTML output ----------------------------------------------
|
||||||
|
|
||||||
|
# The theme to use for HTML and HTML Help pages. See the documentation for
|
||||||
|
# a list of builtin themes.
|
||||||
|
|
||||||
|
# http://docs.readthedocs.org/en/latest/theme.html#how-do-i-use-this-locally-and-on-read-the-docs
|
||||||
|
# on_rtd is whether we are on readthedocs.org
|
||||||
|
on_rtd = os.environ.get('READTHEDOCS', None) == 'True'
|
||||||
|
if not on_rtd: # only import and set the theme if we're building docs locally
|
||||||
|
import sphinx_rtd_theme
|
||||||
|
html_theme = 'sphinx_rtd_theme'
|
||||||
|
html_theme_path = [sphinx_rtd_theme.get_html_theme_path()]
|
||||||
|
# otherwise, readthedocs.org uses their theme by default, so no need to specify it
|
||||||
|
|
||||||
|
# Theme options are theme-specific and customize the look and feel of a theme
|
||||||
|
# further. For a list of options available for each theme, see the
|
||||||
|
# documentation.
|
||||||
|
#html_theme_options = {}
|
||||||
|
|
||||||
|
# Add any paths that contain custom themes here, relative to this directory.
|
||||||
|
#html_theme_path = []
|
||||||
|
|
||||||
|
# The name for this set of Sphinx documents. If None, it defaults to
|
||||||
|
# "<project> v<release> documentation".
|
||||||
|
#html_title = None
|
||||||
|
|
||||||
|
# A shorter title for the navigation bar. Default is the same as html_title.
|
||||||
|
#html_short_title = None
|
||||||
|
|
||||||
|
# The name of an image file (relative to this directory) to place at the top
|
||||||
|
# of the sidebar.
|
||||||
|
#html_logo = None
|
||||||
|
|
||||||
|
# The name of an image file (within the static path) to use as favicon of the
|
||||||
|
# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32
|
||||||
|
# pixels large.
|
||||||
|
#html_favicon = None
|
||||||
|
|
||||||
|
# Add any paths that contain custom static files (such as style sheets) here,
|
||||||
|
# relative to this directory. They are copied after the builtin static files,
|
||||||
|
# so a file named "default.css" will overwrite the builtin "default.css".
|
||||||
|
html_static_path = ['_static']
|
||||||
|
|
||||||
|
# Add any extra paths that contain custom files (such as robots.txt or
|
||||||
|
# .htaccess) here, relative to this directory. These files are copied
|
||||||
|
# directly to the root of the documentation.
|
||||||
|
#html_extra_path = []
|
||||||
|
|
||||||
|
# If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
|
||||||
|
# using the given strftime format.
|
||||||
|
#html_last_updated_fmt = '%b %d, %Y'
|
||||||
|
|
||||||
|
# If true, SmartyPants will be used to convert quotes and dashes to
|
||||||
|
# typographically correct entities.
|
||||||
|
#html_use_smartypants = True
|
||||||
|
|
||||||
|
# Custom sidebar templates, maps document names to template names.
|
||||||
|
#html_sidebars = {}
|
||||||
|
|
||||||
|
# Additional templates that should be rendered to pages, maps page names to
|
||||||
|
# template names.
|
||||||
|
#html_additional_pages = {}
|
||||||
|
|
||||||
|
# If false, no module index is generated.
|
||||||
|
#html_domain_indices = True
|
||||||
|
|
||||||
|
# If false, no index is generated.
|
||||||
|
#html_use_index = True
|
||||||
|
|
||||||
|
# If true, the index is split into individual pages for each letter.
|
||||||
|
#html_split_index = False
|
||||||
|
|
||||||
|
# If true, links to the reST sources are added to the pages.
|
||||||
|
#html_show_sourcelink = True
|
||||||
|
|
||||||
|
# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
|
||||||
|
#html_show_sphinx = True
|
||||||
|
|
||||||
|
# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
|
||||||
|
#html_show_copyright = True
|
||||||
|
|
||||||
|
# If true, an OpenSearch description file will be output, and all pages will
|
||||||
|
# contain a <link> tag referring to it. The value of this option must be the
|
||||||
|
# base URL from which the finished HTML is served.
|
||||||
|
#html_use_opensearch = ''
|
||||||
|
|
||||||
|
# This is the file name suffix for HTML files (e.g. ".xhtml").
|
||||||
|
#html_file_suffix = None
|
||||||
|
|
||||||
|
# Language to be used for generating the HTML full-text search index.
|
||||||
|
# Sphinx supports the following languages:
|
||||||
|
# 'da', 'de', 'en', 'es', 'fi', 'fr', 'hu', 'it', 'ja'
|
||||||
|
# 'nl', 'no', 'pt', 'ro', 'ru', 'sv', 'tr'
|
||||||
|
#html_search_language = 'en'
|
||||||
|
|
||||||
|
# A dictionary with options for the search language support, empty by default.
|
||||||
|
# Now only 'ja' uses this config value
|
||||||
|
#html_search_options = {'type': 'default'}
|
||||||
|
|
||||||
|
# The name of a javascript file (relative to the configuration directory) that
|
||||||
|
# implements a search results scorer. If empty, the default will be used.
|
||||||
|
#html_search_scorer = 'scorer.js'
|
||||||
|
|
||||||
|
# Output file base name for HTML help builder.
|
||||||
|
htmlhelp_basename = 'certbot-haproxydoc'
|
||||||
|
|
||||||
|
# -- Options for LaTeX output ---------------------------------------------
|
||||||
|
|
||||||
|
latex_elements = {
|
||||||
|
# The paper size ('letterpaper' or 'a4paper').
|
||||||
|
#'papersize': 'letterpaper',
|
||||||
|
|
||||||
|
# The font size ('10pt', '11pt' or '12pt').
|
||||||
|
#'pointsize': '10pt',
|
||||||
|
|
||||||
|
# Additional stuff for the LaTeX preamble.
|
||||||
|
#'preamble': '',
|
||||||
|
|
||||||
|
# Latex figure (float) alignment
|
||||||
|
#'figure_align': 'htbp',
|
||||||
|
}
|
||||||
|
|
||||||
|
# Grouping the document tree into LaTeX files. List of tuples
|
||||||
|
# (source start file, target name, title,
|
||||||
|
# author, documentclass [howto, manual, or own class]).
|
||||||
|
latex_documents = [
|
||||||
|
(master_doc, 'certbot-haproxy.tex', u'certbot-haproxy Documentation',
|
||||||
|
u'Certbot Project', 'manual'),
|
||||||
|
]
|
||||||
|
|
||||||
|
# The name of an image file (relative to this directory) to place at the top of
|
||||||
|
# the title page.
|
||||||
|
#latex_logo = None
|
||||||
|
|
||||||
|
# For "manual" documents, if this is true, then toplevel headings are parts,
|
||||||
|
# not chapters.
|
||||||
|
#latex_use_parts = False
|
||||||
|
|
||||||
|
# If true, show page references after internal links.
|
||||||
|
#latex_show_pagerefs = False
|
||||||
|
|
||||||
|
# If true, show URL addresses after external links.
|
||||||
|
#latex_show_urls = False
|
||||||
|
|
||||||
|
# Documents to append as an appendix to all manuals.
|
||||||
|
#latex_appendices = []
|
||||||
|
|
||||||
|
# If false, no module index is generated.
|
||||||
|
#latex_domain_indices = True
|
||||||
|
|
||||||
|
|
||||||
|
# -- Options for manual page output ---------------------------------------
|
||||||
|
|
||||||
|
# One entry per manual page. List of tuples
|
||||||
|
# (source start file, name, description, authors, manual section).
|
||||||
|
man_pages = [
|
||||||
|
(master_doc, 'certbot-haproxy', u'certbot-haproxy Documentation',
|
||||||
|
[author], 1)
|
||||||
|
]
|
||||||
|
|
||||||
|
# If true, show URL addresses after external links.
|
||||||
|
#man_show_urls = False
|
||||||
|
|
||||||
|
|
||||||
|
# -- Options for Texinfo output -------------------------------------------
|
||||||
|
|
||||||
|
# Grouping the document tree into Texinfo files. List of tuples
|
||||||
|
# (source start file, target name, title, author,
|
||||||
|
# dir menu entry, description, category)
|
||||||
|
texinfo_documents = [
|
||||||
|
(master_doc, 'certbot-haproxy', u'certbot-haproxy Documentation',
|
||||||
|
author, 'certbot-haproxy', 'One line description of project.',
|
||||||
|
'Miscellaneous'),
|
||||||
|
]
|
||||||
|
|
||||||
|
# Documents to append as an appendix to all manuals.
|
||||||
|
#texinfo_appendices = []
|
||||||
|
|
||||||
|
# If false, no module index is generated.
|
||||||
|
#texinfo_domain_indices = True
|
||||||
|
|
||||||
|
# How to display URL addresses: 'footnote', 'no', or 'inline'.
|
||||||
|
#texinfo_show_urls = 'footnote'
|
||||||
|
|
||||||
|
# If true, do not generate a @detailmenu in the "Top" node's menu.
|
||||||
|
#texinfo_no_detailmenu = False
|
||||||
|
|
||||||
|
|
||||||
|
intersphinx_mapping = {
|
||||||
|
'python': ('https://docs.python.org/', None),
|
||||||
|
'acme': ('https://acme-python.readthedocs.org/en/latest/', None),
|
||||||
|
'certbot': ('https://certbot.eff.org/docs/', None),
|
||||||
|
}
|
|
@ -0,0 +1,31 @@
|
||||||
|
.. certbot-haproxy documentation master file, created by
|
||||||
|
sphinx-quickstart on Sun Oct 18 13:39:26 2015.
|
||||||
|
You can adapt this file completely to your liking, but it should at least
|
||||||
|
contain the root `toctree` directive.
|
||||||
|
|
||||||
|
Welcome to certbot-haproxy's documentation!
|
||||||
|
==============================================
|
||||||
|
|
||||||
|
Contents:
|
||||||
|
|
||||||
|
.. toctree::
|
||||||
|
:maxdepth: 2
|
||||||
|
|
||||||
|
|
||||||
|
.. toctree::
|
||||||
|
:maxdepth: 1
|
||||||
|
|
||||||
|
api
|
||||||
|
|
||||||
|
|
||||||
|
.. automodule:: certbot_haproxy
|
||||||
|
:members:
|
||||||
|
|
||||||
|
|
||||||
|
Indices and tables
|
||||||
|
==================
|
||||||
|
|
||||||
|
* :ref:`genindex`
|
||||||
|
* :ref:`modindex`
|
||||||
|
* :ref:`search`
|
||||||
|
|
|
@ -0,0 +1,263 @@
|
||||||
|
@ECHO OFF
|
||||||
|
|
||||||
|
REM Command file for Sphinx documentation
|
||||||
|
|
||||||
|
if "%SPHINXBUILD%" == "" (
|
||||||
|
set SPHINXBUILD=sphinx-build
|
||||||
|
)
|
||||||
|
set BUILDDIR=_build
|
||||||
|
set ALLSPHINXOPTS=-d %BUILDDIR%/doctrees %SPHINXOPTS% .
|
||||||
|
set I18NSPHINXOPTS=%SPHINXOPTS% .
|
||||||
|
if NOT "%PAPER%" == "" (
|
||||||
|
set ALLSPHINXOPTS=-D latex_paper_size=%PAPER% %ALLSPHINXOPTS%
|
||||||
|
set I18NSPHINXOPTS=-D latex_paper_size=%PAPER% %I18NSPHINXOPTS%
|
||||||
|
)
|
||||||
|
|
||||||
|
if "%1" == "" goto help
|
||||||
|
|
||||||
|
if "%1" == "help" (
|
||||||
|
:help
|
||||||
|
echo.Please use `make ^<target^>` where ^<target^> is one of
|
||||||
|
echo. html to make standalone HTML files
|
||||||
|
echo. dirhtml to make HTML files named index.html in directories
|
||||||
|
echo. singlehtml to make a single large HTML file
|
||||||
|
echo. pickle to make pickle files
|
||||||
|
echo. json to make JSON files
|
||||||
|
echo. htmlhelp to make HTML files and a HTML help project
|
||||||
|
echo. qthelp to make HTML files and a qthelp project
|
||||||
|
echo. devhelp to make HTML files and a Devhelp project
|
||||||
|
echo. epub to make an epub
|
||||||
|
echo. latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter
|
||||||
|
echo. text to make text files
|
||||||
|
echo. man to make manual pages
|
||||||
|
echo. texinfo to make Texinfo files
|
||||||
|
echo. gettext to make PO message catalogs
|
||||||
|
echo. changes to make an overview over all changed/added/deprecated items
|
||||||
|
echo. xml to make Docutils-native XML files
|
||||||
|
echo. pseudoxml to make pseudoxml-XML files for display purposes
|
||||||
|
echo. linkcheck to check all external links for integrity
|
||||||
|
echo. doctest to run all doctests embedded in the documentation if enabled
|
||||||
|
echo. coverage to run coverage check of the documentation if enabled
|
||||||
|
goto end
|
||||||
|
)
|
||||||
|
|
||||||
|
if "%1" == "clean" (
|
||||||
|
for /d %%i in (%BUILDDIR%\*) do rmdir /q /s %%i
|
||||||
|
del /q /s %BUILDDIR%\*
|
||||||
|
goto end
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
REM Check if sphinx-build is available and fallback to Python version if any
|
||||||
|
%SPHINXBUILD% 2> nul
|
||||||
|
if errorlevel 9009 goto sphinx_python
|
||||||
|
goto sphinx_ok
|
||||||
|
|
||||||
|
:sphinx_python
|
||||||
|
|
||||||
|
set SPHINXBUILD=python -m sphinx.__init__
|
||||||
|
%SPHINXBUILD% 2> nul
|
||||||
|
if errorlevel 9009 (
|
||||||
|
echo.
|
||||||
|
echo.The 'sphinx-build' command was not found. Make sure you have Sphinx
|
||||||
|
echo.installed, then set the SPHINXBUILD environment variable to point
|
||||||
|
echo.to the full path of the 'sphinx-build' executable. Alternatively you
|
||||||
|
echo.may add the Sphinx directory to PATH.
|
||||||
|
echo.
|
||||||
|
echo.If you don't have Sphinx installed, grab it from
|
||||||
|
echo.http://sphinx-doc.org/
|
||||||
|
exit /b 1
|
||||||
|
)
|
||||||
|
|
||||||
|
:sphinx_ok
|
||||||
|
|
||||||
|
|
||||||
|
if "%1" == "html" (
|
||||||
|
%SPHINXBUILD% -b html %ALLSPHINXOPTS% %BUILDDIR%/html
|
||||||
|
if errorlevel 1 exit /b 1
|
||||||
|
echo.
|
||||||
|
echo.Build finished. The HTML pages are in %BUILDDIR%/html.
|
||||||
|
goto end
|
||||||
|
)
|
||||||
|
|
||||||
|
if "%1" == "dirhtml" (
|
||||||
|
%SPHINXBUILD% -b dirhtml %ALLSPHINXOPTS% %BUILDDIR%/dirhtml
|
||||||
|
if errorlevel 1 exit /b 1
|
||||||
|
echo.
|
||||||
|
echo.Build finished. The HTML pages are in %BUILDDIR%/dirhtml.
|
||||||
|
goto end
|
||||||
|
)
|
||||||
|
|
||||||
|
if "%1" == "singlehtml" (
|
||||||
|
%SPHINXBUILD% -b singlehtml %ALLSPHINXOPTS% %BUILDDIR%/singlehtml
|
||||||
|
if errorlevel 1 exit /b 1
|
||||||
|
echo.
|
||||||
|
echo.Build finished. The HTML pages are in %BUILDDIR%/singlehtml.
|
||||||
|
goto end
|
||||||
|
)
|
||||||
|
|
||||||
|
if "%1" == "pickle" (
|
||||||
|
%SPHINXBUILD% -b pickle %ALLSPHINXOPTS% %BUILDDIR%/pickle
|
||||||
|
if errorlevel 1 exit /b 1
|
||||||
|
echo.
|
||||||
|
echo.Build finished; now you can process the pickle files.
|
||||||
|
goto end
|
||||||
|
)
|
||||||
|
|
||||||
|
if "%1" == "json" (
|
||||||
|
%SPHINXBUILD% -b json %ALLSPHINXOPTS% %BUILDDIR%/json
|
||||||
|
if errorlevel 1 exit /b 1
|
||||||
|
echo.
|
||||||
|
echo.Build finished; now you can process the JSON files.
|
||||||
|
goto end
|
||||||
|
)
|
||||||
|
|
||||||
|
if "%1" == "htmlhelp" (
|
||||||
|
%SPHINXBUILD% -b htmlhelp %ALLSPHINXOPTS% %BUILDDIR%/htmlhelp
|
||||||
|
if errorlevel 1 exit /b 1
|
||||||
|
echo.
|
||||||
|
echo.Build finished; now you can run HTML Help Workshop with the ^
|
||||||
|
.hhp project file in %BUILDDIR%/htmlhelp.
|
||||||
|
goto end
|
||||||
|
)
|
||||||
|
|
||||||
|
if "%1" == "qthelp" (
|
||||||
|
%SPHINXBUILD% -b qthelp %ALLSPHINXOPTS% %BUILDDIR%/qthelp
|
||||||
|
if errorlevel 1 exit /b 1
|
||||||
|
echo.
|
||||||
|
echo.Build finished; now you can run "qcollectiongenerator" with the ^
|
||||||
|
.qhcp project file in %BUILDDIR%/qthelp, like this:
|
||||||
|
echo.^> qcollectiongenerator %BUILDDIR%\qthelp\certbot-haproxy.qhcp
|
||||||
|
echo.To view the help file:
|
||||||
|
echo.^> assistant -collectionFile %BUILDDIR%\qthelp\certbot-haproxy.ghc
|
||||||
|
goto end
|
||||||
|
)
|
||||||
|
|
||||||
|
if "%1" == "devhelp" (
|
||||||
|
%SPHINXBUILD% -b devhelp %ALLSPHINXOPTS% %BUILDDIR%/devhelp
|
||||||
|
if errorlevel 1 exit /b 1
|
||||||
|
echo.
|
||||||
|
echo.Build finished.
|
||||||
|
goto end
|
||||||
|
)
|
||||||
|
|
||||||
|
if "%1" == "epub" (
|
||||||
|
%SPHINXBUILD% -b epub %ALLSPHINXOPTS% %BUILDDIR%/epub
|
||||||
|
if errorlevel 1 exit /b 1
|
||||||
|
echo.
|
||||||
|
echo.Build finished. The epub file is in %BUILDDIR%/epub.
|
||||||
|
goto end
|
||||||
|
)
|
||||||
|
|
||||||
|
if "%1" == "latex" (
|
||||||
|
%SPHINXBUILD% -b latex %ALLSPHINXOPTS% %BUILDDIR%/latex
|
||||||
|
if errorlevel 1 exit /b 1
|
||||||
|
echo.
|
||||||
|
echo.Build finished; the LaTeX files are in %BUILDDIR%/latex.
|
||||||
|
goto end
|
||||||
|
)
|
||||||
|
|
||||||
|
if "%1" == "latexpdf" (
|
||||||
|
%SPHINXBUILD% -b latex %ALLSPHINXOPTS% %BUILDDIR%/latex
|
||||||
|
cd %BUILDDIR%/latex
|
||||||
|
make all-pdf
|
||||||
|
cd %~dp0
|
||||||
|
echo.
|
||||||
|
echo.Build finished; the PDF files are in %BUILDDIR%/latex.
|
||||||
|
goto end
|
||||||
|
)
|
||||||
|
|
||||||
|
if "%1" == "latexpdfja" (
|
||||||
|
%SPHINXBUILD% -b latex %ALLSPHINXOPTS% %BUILDDIR%/latex
|
||||||
|
cd %BUILDDIR%/latex
|
||||||
|
make all-pdf-ja
|
||||||
|
cd %~dp0
|
||||||
|
echo.
|
||||||
|
echo.Build finished; the PDF files are in %BUILDDIR%/latex.
|
||||||
|
goto end
|
||||||
|
)
|
||||||
|
|
||||||
|
if "%1" == "text" (
|
||||||
|
%SPHINXBUILD% -b text %ALLSPHINXOPTS% %BUILDDIR%/text
|
||||||
|
if errorlevel 1 exit /b 1
|
||||||
|
echo.
|
||||||
|
echo.Build finished. The text files are in %BUILDDIR%/text.
|
||||||
|
goto end
|
||||||
|
)
|
||||||
|
|
||||||
|
if "%1" == "man" (
|
||||||
|
%SPHINXBUILD% -b man %ALLSPHINXOPTS% %BUILDDIR%/man
|
||||||
|
if errorlevel 1 exit /b 1
|
||||||
|
echo.
|
||||||
|
echo.Build finished. The manual pages are in %BUILDDIR%/man.
|
||||||
|
goto end
|
||||||
|
)
|
||||||
|
|
||||||
|
if "%1" == "texinfo" (
|
||||||
|
%SPHINXBUILD% -b texinfo %ALLSPHINXOPTS% %BUILDDIR%/texinfo
|
||||||
|
if errorlevel 1 exit /b 1
|
||||||
|
echo.
|
||||||
|
echo.Build finished. The Texinfo files are in %BUILDDIR%/texinfo.
|
||||||
|
goto end
|
||||||
|
)
|
||||||
|
|
||||||
|
if "%1" == "gettext" (
|
||||||
|
%SPHINXBUILD% -b gettext %I18NSPHINXOPTS% %BUILDDIR%/locale
|
||||||
|
if errorlevel 1 exit /b 1
|
||||||
|
echo.
|
||||||
|
echo.Build finished. The message catalogs are in %BUILDDIR%/locale.
|
||||||
|
goto end
|
||||||
|
)
|
||||||
|
|
||||||
|
if "%1" == "changes" (
|
||||||
|
%SPHINXBUILD% -b changes %ALLSPHINXOPTS% %BUILDDIR%/changes
|
||||||
|
if errorlevel 1 exit /b 1
|
||||||
|
echo.
|
||||||
|
echo.The overview file is in %BUILDDIR%/changes.
|
||||||
|
goto end
|
||||||
|
)
|
||||||
|
|
||||||
|
if "%1" == "linkcheck" (
|
||||||
|
%SPHINXBUILD% -b linkcheck %ALLSPHINXOPTS% %BUILDDIR%/linkcheck
|
||||||
|
if errorlevel 1 exit /b 1
|
||||||
|
echo.
|
||||||
|
echo.Link check complete; look for any errors in the above output ^
|
||||||
|
or in %BUILDDIR%/linkcheck/output.txt.
|
||||||
|
goto end
|
||||||
|
)
|
||||||
|
|
||||||
|
if "%1" == "doctest" (
|
||||||
|
%SPHINXBUILD% -b doctest %ALLSPHINXOPTS% %BUILDDIR%/doctest
|
||||||
|
if errorlevel 1 exit /b 1
|
||||||
|
echo.
|
||||||
|
echo.Testing of doctests in the sources finished, look at the ^
|
||||||
|
results in %BUILDDIR%/doctest/output.txt.
|
||||||
|
goto end
|
||||||
|
)
|
||||||
|
|
||||||
|
if "%1" == "coverage" (
|
||||||
|
%SPHINXBUILD% -b coverage %ALLSPHINXOPTS% %BUILDDIR%/coverage
|
||||||
|
if errorlevel 1 exit /b 1
|
||||||
|
echo.
|
||||||
|
echo.Testing of coverage in the sources finished, look at the ^
|
||||||
|
results in %BUILDDIR%/coverage/python.txt.
|
||||||
|
goto end
|
||||||
|
)
|
||||||
|
|
||||||
|
if "%1" == "xml" (
|
||||||
|
%SPHINXBUILD% -b xml %ALLSPHINXOPTS% %BUILDDIR%/xml
|
||||||
|
if errorlevel 1 exit /b 1
|
||||||
|
echo.
|
||||||
|
echo.Build finished. The XML files are in %BUILDDIR%/xml.
|
||||||
|
goto end
|
||||||
|
)
|
||||||
|
|
||||||
|
if "%1" == "pseudoxml" (
|
||||||
|
%SPHINXBUILD% -b pseudoxml %ALLSPHINXOPTS% %BUILDDIR%/pseudoxml
|
||||||
|
if errorlevel 1 exit /b 1
|
||||||
|
echo.
|
||||||
|
echo.Build finished. The pseudo-XML files are in %BUILDDIR%/pseudoxml.
|
||||||
|
goto end
|
||||||
|
)
|
||||||
|
|
||||||
|
:end
|
|
@ -0,0 +1,70 @@
|
||||||
|
#!/bin/bash -x
|
||||||
|
echo "$PROJECT_TZ" > /etc/timezone
|
||||||
|
dpkg-reconfigure -f noninteractive tzdata
|
||||||
|
export DEBIAN_FRONTEND="noninteractive"
|
||||||
|
echo "deb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/sources.list
|
||||||
|
apt-get update
|
||||||
|
apt-get upgrade -y
|
||||||
|
apt-get install -y \
|
||||||
|
sudo htop net-tools tcpdump ufw git haproxy \
|
||||||
|
openssl ca-certificates \
|
||||||
|
python python-setuptools python-dev libssl-dev
|
||||||
|
apt-get install -y -t jessie-backports certbot
|
||||||
|
|
||||||
|
easy_install pip
|
||||||
|
pip install virtualenv
|
||||||
|
|
||||||
|
ufw allow ssh
|
||||||
|
ufw allow http
|
||||||
|
ufw allow https
|
||||||
|
ufw default deny incoming
|
||||||
|
ufw --force enable
|
||||||
|
|
||||||
|
virtualenv "/${PROJECT_NAME}_venv" -p /usr/bin/python
|
||||||
|
source "/${PROJECT_NAME}_venv/bin/activate"
|
||||||
|
cd "/${PROJECT_NAME}"
|
||||||
|
pip install --editable .
|
||||||
|
|
||||||
|
echo "${PROJECT_CLIENT_HOSTNAME}" > /etc/hostname
|
||||||
|
hostname -F /etc/hostname
|
||||||
|
|
||||||
|
cat <<EOF >> /etc/letsencrypt/cli.ini
|
||||||
|
server http://le.wtf
|
||||||
|
EOF
|
||||||
|
|
||||||
|
cat <<EOF >> /etc/hosts
|
||||||
|
${PROJECT_SERVER_IP} le.wtf
|
||||||
|
${PROJECT_SERVER_IP} le1.wtf
|
||||||
|
${PROJECT_SERVER_IP} le2.wtf
|
||||||
|
${PROJECT_SERVER_IP} le3.wtf
|
||||||
|
${PROJECT_SERVER_IP} nginx.wtf
|
||||||
|
EOF
|
||||||
|
|
||||||
|
cat <<EOF > /etc/systemd/system/letsencrypt.timer
|
||||||
|
[Unit]
|
||||||
|
Description=Run Let's Encrypt every 12 hours
|
||||||
|
|
||||||
|
[Timer]
|
||||||
|
# Time to wait after booting before we run first time
|
||||||
|
OnBootSec=2min
|
||||||
|
# Time between running each consecutive time
|
||||||
|
OnUnitActiveSec=12h
|
||||||
|
Unit=letsencrypt.service
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=timers.target
|
||||||
|
EOF
|
||||||
|
|
||||||
|
cat <<EOF > /etc/systemd/system/letsencrypt.service
|
||||||
|
[Unit]
|
||||||
|
Description=Renew Let's Encrypt Certificates
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
ExecStart=/usr/bin/certbot renew -q
|
||||||
|
EOF
|
||||||
|
|
||||||
|
systemctl enable letsencrypt.timer
|
||||||
|
systemctl start letsencrypt.timer
|
||||||
|
|
||||||
|
echo "Provisioning completed."
|
|
@ -1,44 +0,0 @@
|
||||||
#!/bin/bash -x
|
|
||||||
echo "deb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/sources.list
|
|
||||||
apt-get update
|
|
||||||
apt-get upgrade -y
|
|
||||||
apt-get install -y \
|
|
||||||
sudo htop net-tools tcpdump ufw git haproxy\
|
|
||||||
openssl ca-certificates \
|
|
||||||
python python-setuptools virtualenv
|
|
||||||
apt-get install -y -t jessie-backports certbot
|
|
||||||
|
|
||||||
ufw allow ssh
|
|
||||||
ufw allow http
|
|
||||||
ufw allow https
|
|
||||||
ufw default deny incoming
|
|
||||||
|
|
||||||
# echo HOSTNAME > /etc/hostname
|
|
||||||
# hostname -F /etc/hostname
|
|
||||||
|
|
||||||
cat <<EOF > /etc/systemd/system/letsencrypt.timer
|
|
||||||
[Unit]
|
|
||||||
Description=Run Let's Encrypt every 12 hours
|
|
||||||
|
|
||||||
[Timer]
|
|
||||||
# Time to wait after booting before we run first time
|
|
||||||
OnBootSec=2min
|
|
||||||
# Time between running each consecutive time
|
|
||||||
OnUnitActiveSec=12h
|
|
||||||
Unit=letsencrypt.service
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=timers.target
|
|
||||||
EOF
|
|
||||||
|
|
||||||
cat <<EOF > /etc/systemd/system/letsencrypt.service
|
|
||||||
[Unit]
|
|
||||||
Description=Renew Let's Encrypt Certificate
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Type=simple
|
|
||||||
ExecStart=certbot renew q
|
|
||||||
EOF
|
|
||||||
|
|
||||||
systemctl start letsencrypt.timer
|
|
||||||
systemctl enable letsencrypt.timer
|
|
|
@ -0,0 +1,108 @@
|
||||||
|
#!/bin/bash -x
|
||||||
|
echo "$PROJECT_TZ" > /etc/timezone
|
||||||
|
dpkg-reconfigure -f noninteractive tzdata
|
||||||
|
export DEBIAN_FRONTEND="noninteractive"
|
||||||
|
echo "deb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/sources.list
|
||||||
|
apt-get update
|
||||||
|
apt-get upgrade -y
|
||||||
|
apt-get install -y \
|
||||||
|
sudo htop net-tools tcpdump ufw git curl \
|
||||||
|
openssl ca-certificates golang \
|
||||||
|
python2.7 python-setuptools python-virtualenv \
|
||||||
|
rabbitmq-server make libltdl-dev mariadb-server nginx-light
|
||||||
|
|
||||||
|
apt-get install -y -t jessie-backports \
|
||||||
|
protobuf-compiler golang-goprotobuf-dev libprotobuf-dev \
|
||||||
|
python-protobuf protobuf-c-compiler golang-protobuf-extensions-dev
|
||||||
|
|
||||||
|
echo boulder.local > /etc/hostname
|
||||||
|
hostname -F /etc/hostname
|
||||||
|
|
||||||
|
ufw allow ssh
|
||||||
|
ufw allow 4000
|
||||||
|
ufw allow 8000
|
||||||
|
ufw allow 8001
|
||||||
|
ufw allow 8002
|
||||||
|
ufw allow 8003
|
||||||
|
ufw allow 8004
|
||||||
|
ufw allow 8005
|
||||||
|
ufw default deny incoming
|
||||||
|
ufw --force enable
|
||||||
|
|
||||||
|
if ! grep -Fxq "export GOROOT=/usr/local/go" ~/.bashrc; then
|
||||||
|
echo "export GOROOT=/usr/local/go" >> ~/.bashrc
|
||||||
|
fi
|
||||||
|
if ! grep -Fxq "export GOPATH=/boulder" /root/.bashrc; then
|
||||||
|
echo "export GOPATH=/boulder" >> /root/.bashrc
|
||||||
|
fi
|
||||||
|
if ! grep -Fxq "export PATH=\$GOROOT/bin:\$PATH" ~/.bashrc; then
|
||||||
|
echo "export PATH=\$GOROOT/bin:\$PATH" >> ~/.bashrc
|
||||||
|
fi
|
||||||
|
if ! grep -Fxq "export PATH=\$PATH:\$GOPATH" /root/.bashrc; then
|
||||||
|
echo "export PATH=\$PATH:\$GOPATH" >> /root/.bashrc
|
||||||
|
fi
|
||||||
|
if ! grep -Fxq "127.0.0.1 boulder boulder-rabbitmq boulder-mysql" /etc/hosts; then
|
||||||
|
echo '127.0.0.1 boulder boulder-rabbitmq boulder-mysql' >> /etc/hosts
|
||||||
|
fi
|
||||||
|
|
||||||
|
source ~/.bashrc
|
||||||
|
|
||||||
|
# wget -q https://storage.googleapis.com/golang/go1.5.3.linux-amd64.tar.gz -P /tmp/
|
||||||
|
# sudo tar -C /usr/local -xzf /tmp/go1.5.3.linux-amd64.tar.gz
|
||||||
|
# if ! grep -Fxq "export GOROOT=/usr/local/go" ~/.profile ; then echo "export GOROOT=/usr/local/go" >> ~/.profile; fi
|
||||||
|
# if ! grep -Fxq "export PATH=\\$GOROOT/bin:\\$PATH" ~/.profile ; then echo "export PATH=\\$GOROOT/bin:\\$PATH" >> ~/.profile; fi
|
||||||
|
|
||||||
|
cd /vagrant
|
||||||
|
./letsencrypt-auto-source/letsencrypt-auto --os-packages-only
|
||||||
|
./tools/venv.sh
|
||||||
|
./tests/boulder-start.sh
|
||||||
|
|
||||||
|
virtualenv /boulder_venv -p /usr/bin/python2
|
||||||
|
source /boulder_venv/bin/activate
|
||||||
|
|
||||||
|
git clone https://github.com/letsencrypt/boulder.git /boulder
|
||||||
|
cd /boulder
|
||||||
|
mkdir /boulder/bin
|
||||||
|
mkdir /boulder/src
|
||||||
|
|
||||||
|
curl https://glide.sh/get | sh
|
||||||
|
|
||||||
|
glide create --non-interactive
|
||||||
|
glide install
|
||||||
|
|
||||||
|
#go get \
|
||||||
|
# bitbucket.org/liamstask/goose/cmd/goose \
|
||||||
|
# github.com/golang/lint/golint \
|
||||||
|
# github.com/golang/mock/mockgen \
|
||||||
|
# github.com/golang/protobuf/proto \
|
||||||
|
# github.com/golang/protobuf/protoc-gen-go \
|
||||||
|
# github.com/jsha/listenbuddy \
|
||||||
|
# github.com/kisielk/errcheck \
|
||||||
|
# github.com/mattn/goveralls \
|
||||||
|
# github.com/modocache/gover \
|
||||||
|
# github.com/tools/godep \
|
||||||
|
# golang.org/x/tools/cover \
|
||||||
|
# github.com/letsencrypt/boulder/cmd \
|
||||||
|
# github.com/streadway/amqp
|
||||||
|
|
||||||
|
./test/create_db.sh
|
||||||
|
go run cmd/rabbitmq-setup/main.go -server amqp://boulder-rabbitmq
|
||||||
|
|
||||||
|
cat > "/lib/systemd/system/boulder.service" <<EOF
|
||||||
|
[Unit]
|
||||||
|
Description=Boulder Server
|
||||||
|
After=network.target
|
||||||
|
Wants=mariadb.service,rabbitmq.service
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
KillMode=process
|
||||||
|
RemainAfterExit=no
|
||||||
|
Restart=always
|
||||||
|
ExecStart=/boulder_venv/bin/python /boulder/start.py"
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
EOF
|
||||||
|
|
||||||
|
systemctl enable boulder.service
|
||||||
|
systemctl start boulder.service
|
||||||
|
echo "Provisioning completed."
|
6
setup.py
6
setup.py
|
@ -4,12 +4,12 @@ from setuptools import setup
|
||||||
from setuptools import find_packages
|
from setuptools import find_packages
|
||||||
|
|
||||||
|
|
||||||
certbot_version = '0.9.0.dev0'
|
certbot_version = '0.8.1'
|
||||||
|
|
||||||
# Please update tox.ini when modifying dependency version requirements
|
# Please update tox.ini when modifying dependency version requirements
|
||||||
install_requires = [
|
install_requires = [
|
||||||
'acme~={0}'.format(certbot_version),
|
'acme>={0}'.format(certbot_version),
|
||||||
'certbot~={0}'.format(certbot_version),
|
'certbot>={0}'.format(certbot_version),
|
||||||
# For pkg_resources. >=1.0 so pip resolves it to a version cryptography
|
# For pkg_resources. >=1.0 so pip resolves it to a version cryptography
|
||||||
# will tolerate; see #2599:
|
# will tolerate; see #2599:
|
||||||
'setuptools>=1.0',
|
'setuptools>=1.0',
|
||||||
|
|
Reference in New Issue