Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
bunkerweb/core/letsencrypt/jobs/certbot-deploy.py
bunkerity a9f886804a bunkerweb 1.4.0
2022-06-03 17:24:14 +02:00

75 lines
2.9 KiB
Python
Executable File
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/usr/bin/python3
import sys, os, traceback, tarfile
from io import BytesIO
sys.path.append("/opt/bunkerweb/deps/python")
sys.path.append("/opt/bunkerweb/utils")
sys.path.append("/opt/bunkerweb/api")
from logger import log
from API import API
status = 0
try :
# Get env vars
is_kubernetes_mode = os.getenv("KUBERNETES_MODE") == "yes"
is_swarm_mode = os.getenv("SWARM_MODE") == "yes"
token = os.getenv("CERTBOT_TOKEN")
# Cluster case
if is_kubernetes_mode or is_swarm_mode :
# Create tarball of /data/letsencrypt
tgz = BytesIO()
with tarfile.open(mode="w:gz", fileobj=tgz) as tf :
tf.add("/data/letsencrypt", arcname=".")
tgz.seek(0, 0)
files = {"archive.tar.gz": tgz}
for variable, value in os.environ.items() :
if not variable.startswith("CLUSTER_INSTANCE_") :
continue
endpoint = value.split(" ")[0]
host = value.split(" ")[1]
api = API(endpoint, host=host)
sent, err, status, resp = api.request("POST", "/lets-encrypt/certificates", files=files)
if not sent :
status = 1
log("LETS-ENCRYPT", "", "Can't send API request to " + api.get_endpoint() + "/lets-encrypt/certificates : " + err)
else :
if status != 200 :
status = 1
log("LETS-ENCRYPT", "", "Error while sending API request to " + api.get_endpoint() + "/lets-encrypt/certificates : status = " + resp["status"] + ", msg = " + resp["msg"])
else :
log("LETS-ENCRYPT", "", "Successfully sent API request to " + api.get_endpoint() + "/lets-encrypt/certificates")
sent, err, status, resp = api.request("POST", "/reload")
if not sent :
status = 1
log("LETS-ENCRYPT", "", "Can't send API request to " + api.get_endpoint() + "/reload : " + err)
else :
if status != 200 :
status = 1
log("LETS-ENCRYPT", "", "Error while sending API request to " + api.get_endpoint() + "/reload : status = " + resp["status"] + ", msg = " + resp["msg"])
else :
log("LETS-ENCRYPT", "", "Successfully sent API request to " + api.get_endpoint() + "/reload")
# Docker or Linux case
else :
cmd = "/usr/sbin/nginx -s reload"
proc = subprocess.run(cmd.split(" "), stdin=subprocess.DEVNULL, stderr=subprocess.STDOUT)
if proc.returncode != 0 :
status = 1
log("LETS-ENCRYPT", "", "Error while reloading nginx")
else :
log("LETS-ENCRYPT", "", "Successfully reloaded nginx")
except :
status = 1
log("LETS-ENCRYPT", "", "Exception while running certbot-deploy.py :")
print(traceback.format_exc())
sys.exit(status)
Reference in New Issue View Git Blame Copy Permalink