From 97505d13672fb2bf90b03ae81ccb90d2033dab50 Mon Sep 17 00:00:00 2001 From: kaiyou Date: Sun, 24 Sep 2017 12:02:26 +0200 Subject: [PATCH] Remove TLS tasks from the admin container --- admin/mailu/__init__.py | 8 ----- admin/mailu/tlstasks.py | 68 ----------------------------------------- 2 files changed, 76 deletions(-) delete mode 100644 admin/mailu/tlstasks.py diff --git a/admin/mailu/__init__.py b/admin/mailu/__init__.py index 33c0d5e4..947a72f9 100644 --- a/admin/mailu/__init__.py +++ b/admin/mailu/__init__.py @@ -50,14 +50,6 @@ migrate = flask_migrate.Migrate(app, db) manager = flask_script.Manager(app) manager.add_command('db', flask_migrate.MigrateCommand) -# Task scheduling -scheduler = background.BackgroundScheduler({ - 'apscheduler.timezone': 'UTC' -}) -if not app.debug or os.environ.get('WERKZEUG_RUN_MAIN') == 'true': - scheduler.start() - from mailu import tlstasks - # Babel configuration babel = flask_babel.Babel(app) translations = list(map(str, babel.list_translations())) diff --git a/admin/mailu/tlstasks.py b/admin/mailu/tlstasks.py deleted file mode 100644 index 0a0c9f2a..00000000 --- a/admin/mailu/tlstasks.py +++ /dev/null @@ -1,68 +0,0 @@ -from mailu import app, scheduler, dockercli - -import urllib3 -import json -import os -import base64 -import subprocess - - -def install_certs(domain): - """ Extract certificates from the given domain and install them - to the certificate path. - """ - path = app.config["CERTS_PATH"] - acme_path = os.path.join(path, "acme.json") - key_path = os.path.join(path, "key.pem") - cert_path = os.path.join(path, "cert.pem") - if not os.path.exists(acme_path): - print("Could not find traefik acme configuration") - return - with open(acme_path, "r") as handler: - data = json.loads(handler.read()) - for item in data["DomainsCertificate"]["Certs"]: - if domain == item["Domains"]["Main"]: - cert = base64.b64decode(item["Certificate"]["Certificate"]) - key = base64.b64decode(item["Certificate"]["PrivateKey"]) - break - else: - print("Could not find the proper certificate from traefik") - return - if os.path.exists(cert_path): - with open(cert_path, "rb") as handler: - if handler.read() == cert: - return - print("Installing the new certificate from traefik") - with open(cert_path, "wb") as handler: - handler.write(cert) - with open(key_path, "wb") as handler: - handler.write(key) - - -def restart_services(): - print("Reloading services using TLS") - dockercli.reload("http", "smtp", "imap") - - -@scheduler.scheduled_job('date') -def create_dhparam(): - path = app.config["CERTS_PATH"] - dhparam_path = os.path.join(path, "dhparam.pem") - if not os.path.exists(dhparam_path): - print("Creating DH params") - subprocess.call(["openssl", "dhparam", "-out", dhparam_path, "2048"]) - restart_services() - - -@scheduler.scheduled_job('date') -@scheduler.scheduled_job('cron', day='*/4', hour=0, minute=0) -def refresh_certs(): - if not app.config["TLS_FLAVOR"] == "letsencrypt": - return - if not app.config["FRONTEND"] == "traefik": - print("Letsencrypt certificates are compatible with traefik only") - return - print("Requesting traefik to make sure the certificate is fresh") - hostname = app.config["HOSTNAME"] - urllib3.PoolManager().request("GET", "https://{}".format(hostname)) - install_certs(hostname)