kopia lustrzana https://github.com/piku/piku
Use letsencrypt by default and allow to change root ca with environment variable
rodzic
547d3b3dae
commit
bfec7c2d94
4
piku.py
4
piku.py
|
@ -54,6 +54,7 @@ UWSGI_ROOT = abspath(join(PIKU_ROOT, "uwsgi"))
|
|||
UWSGI_LOG_MAXSIZE = '1048576'
|
||||
ACME_ROOT = environ.get('ACME_ROOT', join(environ['HOME'], '.acme.sh'))
|
||||
ACME_WWW = abspath(join(PIKU_ROOT, "acme"))
|
||||
ROOT_CA = environ.get('ROOT_CA', 'letsencrypt.org')
|
||||
|
||||
# === Make sure we can access piku user-installed binaries === #
|
||||
|
||||
|
@ -726,6 +727,7 @@ def spawn_app(app, deltas={}):
|
|||
if exists(join(ACME_ROOT, "acme.sh")):
|
||||
acme = ACME_ROOT
|
||||
www = ACME_WWW
|
||||
root_ca = ROOT_CA
|
||||
# if this is the first run there will be no nginx conf yet
|
||||
# create a basic conf stub just to serve the acme auth
|
||||
if not exists(nginx_conf):
|
||||
|
@ -736,7 +738,7 @@ def spawn_app(app, deltas={}):
|
|||
if not exists(key) or not exists(issuefile):
|
||||
echo("-----> getting letsencrypt certificate")
|
||||
certlist = " ".join(["-d {}".format(d) for d in domains])
|
||||
call('{acme:s}/acme.sh --issue {certlist:s} -w {www:s}'.format(**locals()), shell=True)
|
||||
call('{acme:s}/acme.sh --issue {certlist:s} -w {www:s} --server {root_ca:s}}'.format(**locals()), shell=True)
|
||||
call('{acme:s}/acme.sh --install-cert {certlist:s} --key-file {key:s} --fullchain-file {crt:s}'.format(
|
||||
**locals()), shell=True)
|
||||
if exists(join(ACME_ROOT, domain)) and not exists(join(ACME_WWW, app)):
|
||||
|
|
Ładowanie…
Reference in New Issue