import os import subprocess from dockersible.files import copy, template def get_ssl_context(environ): domain = environ['domain'] nginx_info = { 'domain': domain, 'dhparam': False, 'ssl_trusted_certificate': False } dhparam = os.path.join('/certificates', domain + '.dhparam.pem') if os.path.exists(dhparam): nginx_info['dhparam'] = True copy(source=dhparam, destination='/etc/ssl/certs', basename='dhparam.pem', mode='0644') trusted_certificates = os.path.join('/certificates', domain + '.ca.crt') if os.path.exists(trusted_certificates): nginx_info['ssl_trusted_certificate'] = True copy(source=trusted_certificates, destination='/etc/ssl/certs', basename='ca.crt', mode='0644') return nginx_info def get_certificates(domain): private_key = os.path.join('/certificates', domain + '.key') certificate = os.path.join('/certificates', domain + '.crt') if not os.path.exists(private_key) or not os.path.exists(certificate): cmd = """openssl req \ -new \ -newkey rsa:4096 \ -days 365 \ -nodes \ -x509 \ -subj "/C=US/ST=State/L=City/O=Company/CN={}" \ -keyout {} \ -out {}""".format(domain, private_key, certificate) subprocess.call(cmd, shell=True) return private_key, certificate if __name__ == "__main__": pk, crt = get_certificates(os.environ['domain']) copy(source=pk, destination='/etc/ssl/private', basename='private.key', mode='0600') copy(source=crt, destination='/etc/ssl/certs', basename='certificate.crt', mode='0644') template('/backend.conf.j2', get_ssl_context(os.environ), '/etc/nginx/conf.d/backend.conf')