From c0b85ba29cd985446d5ed1603d33fdc7fcb46b9e Mon Sep 17 00:00:00 2001 From: Paul Eggleton Date: Wed, 1 May 2019 13:47:32 +1200 Subject: [PATCH] dockersetup: update nginx-ssl.conf in update mode If the base SSL configuration has been updated, and we then run dockersetup.py -u then we want the configuration changes to be reflected in the web server configuration, however that was not happening because unlike how the other configuration files are handled, nginx-ssl.conf gets copied and then we modify the copy due to the nature of the edits made. To fix it, when in update mode, read in the old values from the modified configuration file and then copy and modify the base configuration using those values. Signed-off-by: Paul Eggleton --- dockersetup.py | 45 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 44 insertions(+), 1 deletion(-) diff --git a/dockersetup.py b/dockersetup.py index 25e878b..c5bbc57 100755 --- a/dockersetup.py +++ b/dockersetup.py @@ -252,6 +252,32 @@ def edit_dockercompose(hostname, dbpassword, dbapassword, secretkey, rmqpassword writefile("docker-compose.yml", ''.join(newlines)) +def read_nginx_ssl_conf(certdir): + hostname = None + https_port = None + certdir = None + certfile = None + keyfile = None + with open('docker/nginx-ssl-edited.conf', 'r') as f: + for line in f: + if 'ssl_certificate ' in line: + certdir, certfile = os.path.split(line.split('ssl_certificate', 1)[1].strip().rstrip(';')) + elif 'ssl_certificate_key ' in line: + keyfile = os.path.basename(line.split('ssl_certificate_key', 1)[1].strip().rstrip(';')) + elif 'server_name ' in line: + sname = line.split('server_name', 1)[1].strip().rstrip(';') + if sname != '_': + hostname = sname + elif 'return 301 https://' in line: + res = re.search(':([0-9]+)', line) + if res: + https_port = res.groups()[0] + ret = (hostname, https_port, certdir, certfile, keyfile) + if None in ret: + sys.stderr.write('Failed to read SSL configuration from nginx-ssl-edited.conf') + sys.exit(1) + return ret + def edit_nginx_ssl_conf(hostname, https_port, certdir, certfile, keyfile): filedata = readfile('docker/nginx-ssl.conf') newlines = [] @@ -298,6 +324,17 @@ def edit_settings_py(emailaddr): writefile("docker/settings.py", ''.join(newlines)) +def read_dockerfile_web(): + no_https = True + with open('Dockerfile.web', 'r') as f: + for line in f: + if line.startswith('COPY ') and line.rstrip().endswith('/etc/nginx/nginx.conf'): + if 'nginx-ssl' in line: + no_https = False + break + return no_https + + def edit_dockerfile_web(hostname, no_https): filedata = readfile('Dockerfile.web') newlines = [] @@ -522,7 +559,13 @@ if not updatemode: if reinstmode: return_code = subprocess.call(['docker-compose', 'down', '-v'], shell=False) -if not updatemode: +if updatemode: + no_https = read_dockerfile_web() + if not no_https: + container_cert_dir = '/opt/cert' + hostname, https_port, certdir, certfile, keyfile = read_nginx_ssl_conf(container_cert_dir) + edit_nginx_ssl_conf(hostname, https_port, certdir, certfile, keyfile) +else: if http_proxy: edit_gitproxy(proxymod, port) if http_proxy or https_proxy: