Commit 808522d8 authored by Joshua Tauberer's avatar Joshua Tauberer

merge functions get_web_domains and get_default_www_redirects

parent be9efe02
...@@ -326,12 +326,12 @@ def ssl_get_csr(domain): ...@@ -326,12 +326,12 @@ def ssl_get_csr(domain):
@app.route('/ssl/install', methods=['POST']) @app.route('/ssl/install', methods=['POST'])
@authorized_personnel_only @authorized_personnel_only
def ssl_install_cert(): def ssl_install_cert():
from web_update import get_web_domains, get_default_www_redirects from web_update import get_web_domains
from ssl_certificates import install_cert from ssl_certificates import install_cert
domain = request.form.get('domain') domain = request.form.get('domain')
ssl_cert = request.form.get('cert') ssl_cert = request.form.get('cert')
ssl_chain = request.form.get('chain') ssl_chain = request.form.get('chain')
if domain not in get_web_domains(env) + get_default_www_redirects(env): if domain not in get_web_domains(env):
return "Invalid domain name." return "Invalid domain name."
return install_cert(domain, ssl_cert, ssl_chain, env) return install_cert(domain, ssl_cert, ssl_chain, env)
......
...@@ -57,8 +57,8 @@ def do_dns_update(env, force=False): ...@@ -57,8 +57,8 @@ def do_dns_update(env, force=False):
# Custom records to add to zones. # Custom records to add to zones.
additional_records = list(get_custom_dns_config(env)) additional_records = list(get_custom_dns_config(env))
from web_update import get_default_www_redirects from web_update import get_web_domains
www_redirect_domains = get_default_www_redirects(env) www_redirect_domains = set(get_web_domains(env)) - set(get_web_domains(env, include_www_redirects=False))
# Write zone files. # Write zone files.
os.makedirs('/etc/nsd/zones', exist_ok=True) os.makedirs('/etc/nsd/zones', exist_ok=True)
...@@ -907,8 +907,8 @@ def build_recommended_dns(env): ...@@ -907,8 +907,8 @@ def build_recommended_dns(env):
domains = get_dns_domains(env) domains = get_dns_domains(env)
zonefiles = get_dns_zones(env) zonefiles = get_dns_zones(env)
additional_records = list(get_custom_dns_config(env)) additional_records = list(get_custom_dns_config(env))
from web_update import get_default_www_redirects from web_update import get_web_domains
www_redirect_domains = get_default_www_redirects(env) www_redirect_domains = set(get_web_domains(env)) - set(get_web_domains(env, include_www_redirects=False))
for domain, zonefile in zonefiles: for domain, zonefile in zonefiles:
records = build_zone(domain, domains, additional_records, www_redirect_domains, env) records = build_zone(domain, domains, additional_records, www_redirect_domains, env)
......
...@@ -11,7 +11,7 @@ import dateutil.parser, dateutil.tz ...@@ -11,7 +11,7 @@ import dateutil.parser, dateutil.tz
import idna import idna
from dns_update import get_dns_zones, build_tlsa_record, get_custom_dns_config, get_secondary_dns, get_custom_dns_record from dns_update import get_dns_zones, build_tlsa_record, get_custom_dns_config, get_secondary_dns, get_custom_dns_record
from web_update import get_web_domains, get_default_www_redirects, get_domains_with_a_records from web_update import get_web_domains, get_domains_with_a_records
from ssl_certificates import get_ssl_certificates, get_domain_ssl_files, check_certificate from ssl_certificates import get_ssl_certificates, get_domain_ssl_files, check_certificate
from mailconfig import get_mail_domains, get_mail_aliases from mailconfig import get_mail_domains, get_mail_aliases
...@@ -240,7 +240,7 @@ def run_domain_checks(rounded_time, env, output, pool): ...@@ -240,7 +240,7 @@ def run_domain_checks(rounded_time, env, output, pool):
dns_domains = set(dns_zonefiles) dns_domains = set(dns_zonefiles)
# Get the list of domains we serve HTTPS for. # Get the list of domains we serve HTTPS for.
web_domains = set(get_web_domains(env) + get_default_www_redirects(env)) web_domains = set(get_web_domains(env))
domains_to_check = mail_domains | dns_domains | web_domains domains_to_check = mail_domains | dns_domains | web_domains
......
...@@ -254,10 +254,8 @@ def fix_boto(): ...@@ -254,10 +254,8 @@ def fix_boto():
if __name__ == "__main__": if __name__ == "__main__":
from dns_update import get_dns_domains from web_update import get_web_domains
from web_update import get_web_domains, get_default_www_redirects
env = load_environment() env = load_environment()
domains = get_dns_domains(env) | set(get_web_domains(env) + get_default_www_redirects(env)) domains = get_web_domains(env)
domains = sort_domains(domains, env)
for domain in domains: for domain in domains:
print(domain) print(domain)
...@@ -9,20 +9,29 @@ from dns_update import get_custom_dns_config, get_dns_zones ...@@ -9,20 +9,29 @@ from dns_update import get_custom_dns_config, get_dns_zones
from ssl_certificates import get_ssl_certificates, get_domain_ssl_files, check_certificate from ssl_certificates import get_ssl_certificates, get_domain_ssl_files, check_certificate
from utils import shell, safe_domain_name, sort_domains from utils import shell, safe_domain_name, sort_domains
def get_web_domains(env): def get_web_domains(env, include_www_redirects=True):
# What domains should we serve websites for? # What domains should we serve HTTP(S) for?
domains = set() domains = set()
# At the least it's the PRIMARY_HOSTNAME so we can serve webmail # Serve web for all mail domains so that we might at least
# as well as Z-Push for Exchange ActiveSync.
domains.add(env['PRIMARY_HOSTNAME'])
# Also serve web for all mail domains so that we might at least
# provide auto-discover of email settings, and also a static website # provide auto-discover of email settings, and also a static website
# if the user wants to make one. These will require an SSL cert. # if the user wants to make one.
domains |= get_mail_domains(env)
if include_www_redirects:
# Add 'www.' subdomains that we want to provide default redirects
# to the main domain for. We'll add 'www.' to any DNS zones, i.e.
# the topmost of each domain we serve.
domains |= set('www.' + zone for zone, zonefile in get_dns_zones(env))
# ...Unless the domain has an A/AAAA record that maps it to a different # ...Unless the domain has an A/AAAA record that maps it to a different
# IP address than this box. Remove those domains from our list. # IP address than this box. Remove those domains from our list.
domains |= (get_mail_domains(env) - get_domains_with_a_records(env)) domains -= get_domains_with_a_records(env)
# Ensure the PRIMARY_HOSTNAME is in the list so we can serve webmail
# as well as Z-Push for Exchange ActiveSync. This can't be removed
# by a custom A/AAAA record and is never a 'www.' redirect.
domains.add(env['PRIMARY_HOSTNAME'])
# Sort the list so the nginx conf gets written in a stable order. # Sort the list so the nginx conf gets written in a stable order.
domains = sort_domains(domains, env) domains = sort_domains(domains, env)
...@@ -51,15 +60,6 @@ def get_web_domains_with_root_overrides(env): ...@@ -51,15 +60,6 @@ def get_web_domains_with_root_overrides(env):
root_overrides[domain] = (type, value) root_overrides[domain] = (type, value)
return root_overrides return root_overrides
def get_default_www_redirects(env):
# Returns a list of www subdomains that we want to provide default redirects
# for, i.e. any www's that aren't domains the user has actually configured
# to serve for real. Which would be unusual.
web_domains = set(get_web_domains(env))
www_domains = set('www.' + zone for zone, zonefile in get_dns_zones(env))
return sort_domains(www_domains - web_domains - get_domains_with_a_records(env), env)
def do_web_update(env): def do_web_update(env):
# Pre-load what SSL certificates we will use for each domain. # Pre-load what SSL certificates we will use for each domain.
ssl_certificates = get_ssl_certificates(env) ssl_certificates = get_ssl_certificates(env)
...@@ -78,16 +78,20 @@ def do_web_update(env): ...@@ -78,16 +78,20 @@ def do_web_update(env):
# Add configuration all other web domains. # Add configuration all other web domains.
has_root_proxy_or_redirect = get_web_domains_with_root_overrides(env) has_root_proxy_or_redirect = get_web_domains_with_root_overrides(env)
web_domains_not_redirect = get_web_domains(env, include_www_redirects=False)
for domain in get_web_domains(env): for domain in get_web_domains(env):
if domain == env['PRIMARY_HOSTNAME']: continue # handled above if domain == env['PRIMARY_HOSTNAME']:
if domain not in has_root_proxy_or_redirect: # PRIMARY_HOSTNAME is handled above.
nginx_conf += make_domain_config(domain, [template0, template1], ssl_certificates, env) continue
if domain in web_domains_not_redirect:
# This is a regular domain.
if domain not in has_root_proxy_or_redirect:
nginx_conf += make_domain_config(domain, [template0, template1], ssl_certificates, env)
else:
nginx_conf += make_domain_config(domain, [template0], ssl_certificates, env)
else: else:
nginx_conf += make_domain_config(domain, [template0], ssl_certificates, env) # Add default 'www.' redirect.
nginx_conf += make_domain_config(domain, [template0, template3], ssl_certificates, env)
# Add default www redirects.
for domain in get_default_www_redirects(env):
nginx_conf += make_domain_config(domain, [template0, template3], ssl_certificates, env)
# Did the file change? If not, don't bother writing & restarting nginx. # Did the file change? If not, don't bother writing & restarting nginx.
nginx_conf_fn = "/etc/nginx/conf.d/local.conf" nginx_conf_fn = "/etc/nginx/conf.d/local.conf"
...@@ -187,7 +191,8 @@ def get_web_root(domain, env, test_exists=True): ...@@ -187,7 +191,8 @@ def get_web_root(domain, env, test_exists=True):
return root return root
def get_web_domains_info(env): def get_web_domains_info(env):
has_root_proxy_or_redirect = get_web_domains_with_root_overrides(env) www_redirects = set(get_web_domains(env)) - set(get_web_domains(env, include_www_redirects=False))
has_root_proxy_or_redirect = set(get_web_domains_with_root_overrides(env))
# for the SSL config panel, get cert status # for the SSL config panel, get cert status
def check_cert(domain): def check_cert(domain):
...@@ -213,15 +218,7 @@ def get_web_domains_info(env): ...@@ -213,15 +218,7 @@ def get_web_domains_info(env):
"root": get_web_root(domain, env), "root": get_web_root(domain, env),
"custom_root": get_web_root(domain, env, test_exists=False), "custom_root": get_web_root(domain, env, test_exists=False),
"ssl_certificate": check_cert(domain), "ssl_certificate": check_cert(domain),
"static_enabled": domain not in has_root_proxy_or_redirect, "static_enabled": domain not in (www_redirects | has_root_proxy_or_redirect),
} }
for domain in get_web_domains(env) for domain in get_web_domains(env)
] + \ ]
[ \ No newline at end of file
{
"domain": domain,
"ssl_certificate": check_cert(domain),
"static_enabled": False,
}
for domain in get_default_www_redirects(env)
]
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment