From 18e4f3d5ce652a992f778e8698aaa3af743eeb1a Mon Sep 17 00:00:00 2001 From: Usman Nasir Date: Wed, 22 Jun 2022 14:58:13 +0500 Subject: [PATCH] prevent acme command if dns not pointed to avoid rate limit --- plogical/IncScheduler.py | 3 ++ plogical/sslUtilities.py | 77 +++++++++++++++++++++++++++++++++------- 2 files changed, 67 insertions(+), 13 deletions(-) diff --git a/plogical/IncScheduler.py b/plogical/IncScheduler.py index 901b57f09..8d1ef8da4 100644 --- a/plogical/IncScheduler.py +++ b/plogical/IncScheduler.py @@ -979,6 +979,7 @@ def main(): ib = IncScheduler('startBackup', {'freq': args.function}) ib.start() + ### IncScheduler.startBackup(args.function) @@ -988,6 +989,8 @@ def main(): IncScheduler.startNormalBackups(args.function) IncScheduler.runAWSBackups(args.function) + ib.join() + if __name__ == "__main__": main() \ No newline at end of file diff --git a/plogical/sslUtilities.py b/plogical/sslUtilities.py index 84668c015..d94fad5f3 100755 --- a/plogical/sslUtilities.py +++ b/plogical/sslUtilities.py @@ -1,3 +1,5 @@ +import requests + from plogical import CyberCPLogFileWriter as logging import os import shlex @@ -276,6 +278,45 @@ class sslUtilities: def obtainSSLForADomain(virtualHostName, adminEmail, sslpath, aliasDomain=None): sender_email = 'root@%s' % (socket.gethostname()) + if not os.path.exists('/usr/local/lsws/Example/html/.well-known/acme-challenge'): + command = f'mkdir -p /usr/local/lsws/Example/html/.well-known/acme-challenge' + ProcessUtilities.normalExecutioner(command) + + CustomVerificationFile = f'/usr/local/lsws/Example/html/.well-known/acme-challenge/{virtualHostName}' + command = f'touch {CustomVerificationFile}' + ProcessUtilities.normalExecutioner(command) + + WWWStatus = 0 + NONWWWStatus = 0 + + URLFetchPathWWW = f'http://www.{virtualHostName}/.well-known/acme-challenge/{virtualHostName}' + URLFetchPathNONWWW = f'http://{virtualHostName}/.well-known/acme-challenge/{virtualHostName}' + + try: + resp = requests.get(URLFetchPathWWW, timeout=5) + + if resp.status_code == 200: + logging.CyberCPLogFileWriter.writeToFile(f'Status Code: 200 for: {URLFetchPathWWW}') + WWWStatus = 1 + else: + logging.CyberCPLogFileWriter.writeToFile( + f'Status Code: {str(resp.status_code)} for: {URLFetchPathWWW}. Error: {resp.text}') + except BaseException as msg: + logging.CyberCPLogFileWriter.writeToFile( + f'Status Code: Unkown for: {URLFetchPathWWW}. Error: {str(msg)}') + + try: + resp = requests.get(URLFetchPathNONWWW, timeout=5) + if resp.status_code == 200: + logging.CyberCPLogFileWriter.writeToFile(f'Status Code: 200 for: {URLFetchPathNONWWW}') + NONWWWStatus = 1 + else: + logging.CyberCPLogFileWriter.writeToFile(f'Status Code: {str(resp.status_code)} for: {URLFetchPathNONWWW}. Error: {resp.text}') + except BaseException as msg: + logging.CyberCPLogFileWriter.writeToFile( + f'Status Code: Unkown for: {URLFetchPathNONWWW}. Error: {str(msg)}') + + try: acmePath = '/root/.acme.sh/acme.sh' @@ -295,18 +336,22 @@ class sslUtilities: subprocess.call(shlex.split(command)) try: - logging.CyberCPLogFileWriter.writeToFile("Trying to obtain SSL for: " + virtualHostName + " and: www." + virtualHostName, 0) - command = acmePath + " --issue -d " + virtualHostName + " -d www." + virtualHostName \ + ' --cert-file ' + existingCertPath + '/cert.pem' + ' --key-file ' + existingCertPath + '/privkey.pem' \ + ' --fullchain-file ' + existingCertPath + '/fullchain.pem' + ' -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt' - logging.CyberCPLogFileWriter.writeToFile(command, 0) + if WWWStatus and NONWWWStatus: + logging.CyberCPLogFileWriter.writeToFile("Trying to obtain SSL for: " + virtualHostName + " and: www." + virtualHostName, 0) - output = subprocess.check_output(shlex.split(command)).decode("utf-8") - logging.CyberCPLogFileWriter.writeToFile("Successfully obtained SSL for: " + virtualHostName + " and: www." + virtualHostName, 0) + logging.CyberCPLogFileWriter.writeToFile(command, 0) - logging.CyberCPLogFileWriter.SendEmail(sender_email, adminEmail, output, 'SSL Notification for %s.' % (virtualHostName)) + output = subprocess.check_output(shlex.split(command)).decode("utf-8") + logging.CyberCPLogFileWriter.writeToFile("Successfully obtained SSL for: " + virtualHostName + " and: www." + virtualHostName, 0) + + logging.CyberCPLogFileWriter.SendEmail(sender_email, adminEmail, output, 'SSL Notification for %s.' % (virtualHostName)) + else: + logging.CyberCPLogFileWriter.writeToFile(command, 0) + raise subprocess.CalledProcessError(0, '', '') except subprocess.CalledProcessError: logging.CyberCPLogFileWriter.writeToFile( @@ -315,16 +360,22 @@ class sslUtilities: finalText = "Failed to obtain SSL for: " + virtualHostName + " and: www." + virtualHostName try: - finalText = '%s\nTrying to obtain SSL for: %s' % (finalText, virtualHostName) - logging.CyberCPLogFileWriter.writeToFile("Trying to obtain SSL for: " + virtualHostName, 0) command = acmePath + " --issue -d " + virtualHostName + ' --cert-file ' + existingCertPath \ + '/cert.pem' + ' --key-file ' + existingCertPath + '/privkey.pem' \ + ' --fullchain-file ' + existingCertPath + '/fullchain.pem' + ' -w /usr/local/lsws/Example/html -k ec-256 --force --server letsencrypt' - output = subprocess.check_output(shlex.split(command)).decode("utf-8") - logging.CyberCPLogFileWriter.writeToFile("Successfully obtained SSL for: " + virtualHostName, 0) - finalText = '%s\nSuccessfully obtained SSL for: %s.' % (finalText, virtualHostName) - logging.CyberCPLogFileWriter.SendEmail(sender_email, adminEmail, finalText, - 'SSL Notification for %s.' % (virtualHostName)) + + if NONWWWStatus: + finalText = '%s\nTrying to obtain SSL for: %s' % (finalText, virtualHostName) + logging.CyberCPLogFileWriter.writeToFile("Trying to obtain SSL for: " + virtualHostName, 0) + output = subprocess.check_output(shlex.split(command)).decode("utf-8") + logging.CyberCPLogFileWriter.writeToFile("Successfully obtained SSL for: " + virtualHostName, 0) + finalText = '%s\nSuccessfully obtained SSL for: %s.' % (finalText, virtualHostName) + logging.CyberCPLogFileWriter.SendEmail(sender_email, adminEmail, finalText, + 'SSL Notification for %s.' % (virtualHostName)) + else: + logging.CyberCPLogFileWriter.writeToFile(command, 0) + raise subprocess.CalledProcessError(0, '', '') + except subprocess.CalledProcessError: logging.CyberCPLogFileWriter.writeToFile('Failed to obtain SSL, issuing self-signed SSL for: ' + virtualHostName, 0) logging.CyberCPLogFileWriter.SendEmail(sender_email, adminEmail, 'Failed to obtain SSL, issuing self-signed SSL for: ' + virtualHostName,