update nginx insecure install

This commit is contained in:
Daniel Tsvetkov 2020-06-21 21:18:50 +02:00
parent ed841fd033
commit 6552aad62a
2 changed files with 10 additions and 8 deletions

View File

@ -48,6 +48,7 @@ init_venv() {
install_reqs() { install_reqs() {
source venv/bin/activate source venv/bin/activate
pip3 install --upgrade pip --trusted-host pypi.org --trusted-host files.pythonhosted.org
pip install -r requirements.txt pip install -r requirements.txt
} }
@ -119,8 +120,8 @@ run_in_prod() {
} }
prod_install() { prod_install() {
set -e
shift shift
sudo apt install nginx dnsutils
source venv/bin/activate source venv/bin/activate
PROJECT_NAME=$(basename `pwd`) PROJECT_NAME=$(basename `pwd`)
echo "1/6 Generating service and config files..." echo "1/6 Generating service and config files..."
@ -150,22 +151,21 @@ prod_install() {
echo "3/6 Installing '$DOMAIN' domain..." echo "3/6 Installing '$DOMAIN' domain..."
python "${OSHIPKA_PATH}/provision/auto_dns/set_domain_ipv4.py" "$DOMAIN" python "${OSHIPKA_PATH}/provision/auto_dns/set_domain_ipv4.py" "$DOMAIN"
sudo apt install nginx
sudo systemctl start nginx sudo systemctl start nginx
echo "Enabling firewall rule for 192.168.1.1 -> 80/tcp..." echo "Enabling firewall rule for 192.168.1.1 -> 80/tcp..."
sudo ufw allow proto tcp from 192.168.1.1 to any port 80 sudo ufw allow proto tcp from 192.168.1.1 to any port 80
echo "4/6 Installing '$PROJECT_NAME' insecure nginx config..." echo "4/6 Installing '$PROJECT_NAME' insecure nginx config..."
if [ -f "/etc/nginx/sites-available/${DOMAIN}_insecure.conf" ]; then if [ -f "/etc/nginx/sites-available/${DOMAIN}.insecure" ]; then
echo "Insecure Nginx config for ${PROJECT_NAME} available." echo "Insecure Nginx config for ${PROJECT_NAME} available."
if [ -f "/etc/nginx/sites-enabled/${DOMAIN}_insecure.conf" ]; then if [ -f "/etc/nginx/sites-enabled/${DOMAIN}_insecure" ]; then
echo "Nginx config for ${PROJECT_NAME} enabled." echo "Nginx config for ${PROJECT_NAME} enabled."
else else
echo "Nginx config for ${PROJECT_NAME} NOT enabled." echo "Nginx config for ${PROJECT_NAME} NOT enabled."
fi fi
else else
echo "Installing insecure nginx config for ${PROJECT_NAME} -> enabling + available." echo "Installing insecure nginx config for ${PROJECT_NAME} -> enabling + available."
sudo cp "${OSHIPKA_PATH}/provision/tmp/${DOMAIN}_insecure.conf" /etc/nginx/sites-available/ sudo cp "${OSHIPKA_PATH}/provision/tmp/${DOMAIN}.insecure" /etc/nginx/sites-available/
sudo ln -s "/etc/nginx/sites-available/${DOMAIN}_insecure.conf" "/etc/nginx/sites-enabled/${DOMAIN}_insecure.conf" sudo ln -s "/etc/nginx/sites-available/${DOMAIN}.insecure" "/etc/nginx/sites-enabled/${DOMAIN}.insecure"
sudo systemctl reload nginx sudo systemctl reload nginx
fi fi
@ -176,7 +176,7 @@ prod_install() {
echo "Enabling firewall rule for 192.168.1.1 -> 443/tcp..." echo "Enabling firewall rule for 192.168.1.1 -> 443/tcp..."
sudo ufw allow proto tcp from 192.168.1.1 to any port 443 sudo ufw allow proto tcp from 192.168.1.1 to any port 443
echo "Removing '$PROJECT_NAME' insecure nginx config..." echo "Removing '$PROJECT_NAME' insecure nginx config..."
sudo rm "/etc/nginx/sites-available/${DOMAIN}_insecure.conf" "/etc/nginx/sites-enabled/${DOMAIN}_insecure.conf" sudo rm "/etc/nginx/sites-available/${DOMAIN}_insecure.conf" "/etc/nginx/sites-enabled/${DOMAIN}.insecure"
if [ -f "/etc/nginx/sites-available/${NGINX_CONFIG_FILE}" ]; then if [ -f "/etc/nginx/sites-available/${NGINX_CONFIG_FILE}" ]; then
echo "Nginx config for ${PROJECT_NAME} available." echo "Nginx config for ${PROJECT_NAME} available."
if [ -f "/etc/nginx/sites-enabled/${NGINX_CONFIG_FILE}" ]; then if [ -f "/etc/nginx/sites-enabled/${NGINX_CONFIG_FILE}" ]; then

View File

@ -1,4 +1,5 @@
import os import os
import shutil
from jinja2 import FileSystemLoader, Environment from jinja2 import FileSystemLoader, Environment
@ -13,6 +14,7 @@ MAX_UPLOAD_SIZE = "10m"
oshipka_path = os.environ.get('OSHIPKA_PATH') oshipka_path = os.environ.get('OSHIPKA_PATH')
TEMPLATES_PATH = os.path.join(oshipka_path, "provision", "templates") TEMPLATES_PATH = os.path.join(oshipka_path, "provision", "templates")
TMP_PATH = os.path.join(oshipka_path, "provision", "tmp") TMP_PATH = os.path.join(oshipka_path, "provision", "tmp")
shutil.rmtree(TMP_PATH)
os.makedirs(TMP_PATH, exist_ok=True) os.makedirs(TMP_PATH, exist_ok=True)
env = Environment( env = Environment(
loader=FileSystemLoader(searchpath=TEMPLATES_PATH), loader=FileSystemLoader(searchpath=TEMPLATES_PATH),
@ -41,7 +43,7 @@ def prod_install():
tmpl_fname = [ tmpl_fname = [
('gunicorn.service', "{}.service".format(project_name)), ('gunicorn.service', "{}.service".format(project_name)),
('worker.service', "{}_worker.service".format(project_name)), ('worker.service', "{}_worker.service".format(project_name)),
('nginx_insecure.conf', "{}_insecure.conf".format(project_domain)), ('nginx_insecure.conf', "{}.insecure".format(project_domain)),
('nginx.conf', "{}.conf".format(project_domain)), ('nginx.conf', "{}.conf".format(project_domain)),
] ]