fix: only turn port to 80 if SSL is enabled
This commit is contained in:
parent
1ab8b73170
commit
22e95544f6
@ -16,6 +16,7 @@ module Main (call, main) where
|
|||||||
import Control.Monad.State hiding (liftIO)
|
import Control.Monad.State hiding (liftIO)
|
||||||
import Control.Monad.Free
|
import Control.Monad.Free
|
||||||
import Data.List
|
import Data.List
|
||||||
|
import System.Posix (setOwnerAndGroup, getFileStatus, fileOwner)
|
||||||
|
|
||||||
main :: IO ()
|
main :: IO ()
|
||||||
main = return ()
|
main = return ()
|
||||||
@ -34,36 +35,38 @@ module Main (call, main) where
|
|||||||
call :: Service -> App ()
|
call :: Service -> App ()
|
||||||
call _ =
|
call _ =
|
||||||
do
|
do
|
||||||
(AppState { arguments }) <- get
|
AppState { arguments } <- get
|
||||||
let params@(ServerParams { ssl, domain, directory, serverType, email }) = toServerParams arguments
|
let params@ServerParams { ssl, domain, port, directory, serverType, email } = toServerParams arguments
|
||||||
|
|
||||||
done <- progressText "setting up nginx configuration"
|
done <- progressText "setting up nginx configuration"
|
||||||
|
|
||||||
verbose $ show params
|
verbose $ show params
|
||||||
|
|
||||||
-- Turn SSL off at first, because we have not yet received a certificate
|
-- Turn SSL off at first, because we have not yet received a certificate
|
||||||
let content = show (params { ssl = False, port = "80" })
|
let content = if ssl then show (params { ssl = False, port = "80" }) else show params
|
||||||
config = "/etc/nginx/"
|
config = "/etc/nginx/"
|
||||||
mainConfig = "/etc/nginx/nginx.conf"
|
mainConfig = "/etc/nginx/nginx.conf"
|
||||||
parent = config </> "serverman-configs"
|
parent = config </> "serverman-configs"
|
||||||
path = parent </> domain
|
path = parent </> domain
|
||||||
targetDir = directory
|
targetDir = directory
|
||||||
|
sampleFile = targetDir </> "serverman.txt"
|
||||||
|
|
||||||
createCert path cmd = do
|
createCert path cmd = do
|
||||||
verbose $ "creating certificate in " ++ path ++ " using command " ++ cmd
|
verbose $ "creating certificate in " ++ path ++ " using command " ++ cmd
|
||||||
result <- executeRoot cmd ["certonly", "--webroot", "--webroot-path", directory, "-d", domain, "--email", email, "--agree-tos", "-n"] "" False
|
result <- executeRoot cmd ["certonly", "--webroot", "--webroot-path", directory, "-d", domain, "--email", email, "--agree-tos", "-n"] "" False
|
||||||
case result of
|
case result of
|
||||||
Left _ -> if cmd == "letsencrypt" then createCert path "certbot" else return ()
|
Left _ -> when (cmd == "letsencrypt") $ createCert path "certbot"
|
||||||
Right stdout -> do
|
Right stdout -> do
|
||||||
write stdout
|
write stdout
|
||||||
|
|
||||||
when (not ("error" `isInfixOf` stdout)) $ do
|
unless ("error" `isInfixOf` stdout) $ do
|
||||||
verbose $ "writing params to " ++ path
|
verbose $ "writing params to " ++ path
|
||||||
liftIO $ writeFile path (show params)
|
liftIO $ writeFile path (show params)
|
||||||
restart
|
restart
|
||||||
return ()
|
return ()
|
||||||
|
|
||||||
verbose $ "creating directories " ++ targetDir ++ ", " ++ parent
|
verbose $ "creating directories " ++ targetDir ++ ", " ++ parent
|
||||||
|
|
||||||
liftIO $ do
|
liftIO $ do
|
||||||
createDirectoryIfMissing True targetDir
|
createDirectoryIfMissing True targetDir
|
||||||
createDirectoryIfMissing True parent
|
createDirectoryIfMissing True parent
|
||||||
@ -82,6 +85,9 @@ module Main (call, main) where
|
|||||||
done
|
done
|
||||||
liftIO $ writeFile path content
|
liftIO $ writeFile path content
|
||||||
info $ "wrote your configuration file to " ++ path
|
info $ "wrote your configuration file to " ++ path
|
||||||
|
|
||||||
|
liftIO $ writeFile sampleFile "Hello from serverman!"
|
||||||
|
info $ "wrote a sample file to " ++ sampleFile ++ ", you should be able to access it through " ++ domain ++ ":" ++ port ++ "/serverman.txt"
|
||||||
|
|
||||||
restart
|
restart
|
||||||
|
|
||||||
@ -90,8 +96,8 @@ module Main (call, main) where
|
|||||||
let dhparamPath = "/etc/ssl/certs/dhparam.pem"
|
let dhparamPath = "/etc/ssl/certs/dhparam.pem"
|
||||||
dhExists <- liftIO $ doesFileExist dhparamPath
|
dhExists <- liftIO $ doesFileExist dhparamPath
|
||||||
|
|
||||||
when (not dhExists) $ do
|
unless dhExists $ do
|
||||||
verbose $ "creating dhparam using openssl"
|
verbose "creating dhparam using openssl"
|
||||||
|
|
||||||
dhparam <- executeRoot "openssl" ["dhparam", "-out", dhparamPath, "2048"] "" True
|
dhparam <- executeRoot "openssl" ["dhparam", "-out", dhparamPath, "2048"] "" True
|
||||||
return ()
|
return ()
|
||||||
@ -103,12 +109,12 @@ module Main (call, main) where
|
|||||||
|
|
||||||
return ()
|
return ()
|
||||||
_ -> do
|
_ -> do
|
||||||
info $ "you should use letsencrypt to create a certificate for your domain"
|
info "you should use letsencrypt to create a certificate for your domain"
|
||||||
write $ "and put it in /etc/letsencrypt/live/" ++ domain ++ "/fullchain.pem"
|
write $ "and put it in /etc/letsencrypt/live/" ++ domain ++ "/fullchain.pem"
|
||||||
write $ "my suggestion is running this command:"
|
write "my suggestion is running this command:"
|
||||||
write $ "sudo letsencrypt certonly --webroot --webroot-path <YOUR_APPLICATION_DIRECTORY> -d " ++ domain
|
write $ "sudo letsencrypt certonly --webroot --webroot-path <YOUR_APPLICATION_DIRECTORY> -d " ++ domain
|
||||||
|
|
||||||
write $ "for more information, see: https://certbot.eff.org/"
|
write "for more information, see: https://certbot.eff.org/"
|
||||||
|
|
||||||
return ()
|
return ()
|
||||||
where
|
where
|
||||||
@ -116,15 +122,15 @@ module Main (call, main) where
|
|||||||
result <- restartService "nginx"
|
result <- restartService "nginx"
|
||||||
case result of
|
case result of
|
||||||
Left err -> return ()
|
Left err -> return ()
|
||||||
Right _ -> info $ "restarted nginx"
|
Right _ -> info "restarted nginx"
|
||||||
|
|
||||||
writeIncludeStatementIfMissing path target = do
|
writeIncludeStatementIfMissing path target = do
|
||||||
content <- readFile path
|
content <- readFile path
|
||||||
|
|
||||||
let statement = "include " ++ target ++ "/*;"
|
let statement = "include " ++ target ++ "/*;"
|
||||||
|
|
||||||
when (not (statement `isInfixOf` content)) $ do
|
unless (statement `isInfixOf` content) $ do
|
||||||
let newContent = appendAfter content "http {" (indent . indent $ statement)
|
let newContent = appendAfter content "http {" (indent statement)
|
||||||
|
|
||||||
writeFile path newContent
|
writeFile path newContent
|
||||||
|
|
||||||
|
@ -50,7 +50,7 @@ module Types ( ServerType (..)
|
|||||||
, ("server_name", domain)
|
, ("server_name", domain)
|
||||||
, ("rewrite", "^ https://$server_name$request_uri? permanent")
|
, ("rewrite", "^ https://$server_name$request_uri? permanent")
|
||||||
] " "
|
] " "
|
||||||
| otherwise = ""
|
| otherwise = []
|
||||||
https
|
https
|
||||||
| ssl = [ ("ssl_certificate", "/etc/letsencrypt/live/" ++ domain ++ "/fullchain.pem")
|
| ssl = [ ("ssl_certificate", "/etc/letsencrypt/live/" ++ domain ++ "/fullchain.pem")
|
||||||
, ("ssl_certificate_key", "/etc/letsencrypt/live/" ++ domain ++ "/privkey.pem")
|
, ("ssl_certificate_key", "/etc/letsencrypt/live/" ++ domain ++ "/privkey.pem")
|
||||||
@ -81,6 +81,6 @@ module Types ( ServerType (..)
|
|||||||
, ("proxy_set_header", "X-Forwarded-Server $host")
|
, ("proxy_set_header", "X-Forwarded-Server $host")
|
||||||
, ("proxy_set_header", "X-Forwarded-For $proxy_add_x_forwarded_for")
|
, ("proxy_set_header", "X-Forwarded-For $proxy_add_x_forwarded_for")
|
||||||
] " "
|
] " "
|
||||||
in block "server"
|
in block "server" $
|
||||||
(semicolon (keyvalue base " "))
|
semicolon (keyvalue base " ")
|
||||||
++ proxyBlock ++ "\n" ++ redirect
|
++ proxyBlock ++ "\n" ++ redirect
|
||||||
|
Loading…
Reference in New Issue
Block a user