diff --git a/install/install.py b/install/install.py index e8e74e87d..e60ed1786 100644 --- a/install/install.py +++ b/install/install.py @@ -2505,7 +2505,6 @@ class preFlightsChecks: if count == 3: logging.InstallLog.writeToFile( "Failed to install tldextract! [installTLDExtract]") - preFlightsChecks.stdOut("Installation failed, consult: /var/log/installLogs.txt") else: logging.InstallLog.writeToFile("tldextract successfully installed! [pip]") preFlightsChecks.stdOut("tldextract successfully installed! [pip]") @@ -2604,6 +2603,29 @@ milter_default_action = accept return 1 + def installdnsPython(self): + try: + count = 0 + while (1): + command = "pip install dnspython" + + res = subprocess.call(shlex.split(command)) + + if res == 1: + count = count + 1 + preFlightsChecks.stdOut( + "Trying to install dnspython, trying again, try number: " + str(count)) + if count == 3: + logging.InstallLog.writeToFile( + "Failed to install dnspython! [installdnsPython]") + else: + logging.InstallLog.writeToFile("dnspython successfully installed! [pip]") + preFlightsChecks.stdOut("dnspython successfully installed! [pip]") + break + except OSError, msg: + logging.InstallLog.writeToFile(str(msg) + " [installdnsPython]") + return 0 + def main(): @@ -2678,6 +2700,7 @@ def main(): checks.download_install_CyberPanel(installCyberPanel.InstallCyberPanel.mysqlPassword) checks.setup_cron() checks.installTLDExtract() + #checks.installdnsPython() ## Install and Configure OpenDKIM. diff --git a/plogical/sslUtilities.py b/plogical/sslUtilities.py index 2220b0532..dc1920981 100644 --- a/plogical/sslUtilities.py +++ b/plogical/sslUtilities.py @@ -1,12 +1,9 @@ import CyberCPLogFileWriter as logging import shutil -import pexpect import os -import sys import shlex import subprocess import socket -import requests class sslUtilities: @@ -111,7 +108,6 @@ class sslUtilities: return 0 - @staticmethod def checkSSLListener(): try: @@ -125,232 +121,124 @@ class sslUtilities: return str(msg) return 0 + @staticmethod + def getDNSRecords(virtualHostName): + try: + + withoutWWW = socket.gethostbyname(virtualHostName) + withWWW = socket.gethostbyname('www.' + virtualHostName) + + return [1, withWWW, withoutWWW] + + except BaseException, msg: + return [0, "347 " + str(msg) + " [issueSSLForDomain]"] + @staticmethod def obtainSSLForADomain(virtualHostName,adminEmail,sslpath): try: - #if virtualHostName.count(".")==1: - # command = "sudo certbot certonly -n --agree-tos --email " + adminEmail + " --webroot -w " + sslpath + " -d " + virtualHostName + " -d www." + virtualHostName - #else: - # command = "sudo certbot certonly -n --agree-tos --email " + adminEmail + " --webroot -w " + sslpath + " -d " + virtualHostName - try: - ipFile = "/etc/cyberpanel/machineIP" - f = open(ipFile) - ipData = f.read() - serverIPAddress = ipData.split('\n', 1)[0] + ## Obtaining Server IP - domainIP = socket.gethostbyname("www."+virtualHostName) - if serverIPAddress == domainIP: - command = "certbot certonly -n --agree-tos --email " + adminEmail + " --webroot -w " + sslpath + " -d " + virtualHostName + " -d www." + virtualHostName + ipFile = "/etc/cyberpanel/machineIP" + f = open(ipFile) + ipData = f.read() + serverIPAddress = ipData.split('\n', 1)[0] + + ## Obtaining Domain IPs + + ipRecords = sslUtilities.getDNSRecords(virtualHostName) + + + if ipRecords[0] == 1: + + if serverIPAddress == ipRecords[1] and serverIPAddress == ipRecords[2]: + command = "certbot certonly -n --expand --agree-tos --email " + adminEmail + " --webroot -w " + sslpath + " -d " + virtualHostName + " -d www." + virtualHostName + logging.CyberCPLogFileWriter.writeToFile( + "SSL successfully issued for domain : " + virtualHostName + " and www." + virtualHostName) else: - command = "certbot certonly -n --agree-tos --email " + adminEmail + " --webroot -w " + sslpath + " -d " + virtualHostName - logging.CyberCPLogFileWriter.writeToFile( - "SSL is issued without 'www' due to DNS error! for domain : " + virtualHostName) - - except: - command = "certbot certonly -n --agree-tos --email " + adminEmail + " --webroot -w " + sslpath + " -d " + virtualHostName - logging.CyberCPLogFileWriter.writeToFile("SSL is issued without 'www' due to DNS error! for domain : " + virtualHostName) - - - expectation = [] - - expectation.append("not exist or is not a directory") #0 - expectation.append("Congratulations!") #1 - expectation.append("no action taken.") #2 - expectation.append("you should also verify") #3 - expectation.append("that you are serving files from the webroot path") #4 - expectation.append("Enter email address") #5 - expectation.append("There were too many requests") # 6 - expectation.append("--expand flag") #7 - - - try: - - obtainSSL = pexpect.spawn(command) - - index = obtainSSL.expect(expectation) - - obtainSSL.logfile = sys.stdout - - if index==0: - obtainSSL.kill(0) - return "Directory Error 1" - elif index==1: - logging.CyberCPLogFileWriter.writeToFile(virtualHostName + " SSL OK") - elif index==2: - logging.CyberCPLogFileWriter.writeToFile(virtualHostName + " SSL OK") - elif index==3: - - pathToStoreSSL = sslUtilities.Server_root + "/conf/vhosts/" + "SSL-" + virtualHostName - - try: - os.mkdir(pathToStoreSSL) - except BaseException, msg: + if serverIPAddress == ipRecords[2]: + command = "certbot certonly -n --agree-tos --email " + adminEmail + " --webroot -w " + sslpath + " -d " + virtualHostName logging.CyberCPLogFileWriter.writeToFile( - str(msg) + " [Can not create directory to store SSL [obtainSSLForADomain]]") - - pathToStoreSSLPrivKey = pathToStoreSSL + "/privkey.pem" - pathToStoreSSLFullChain = pathToStoreSSL + "/fullchain.pem" - - - command = 'sudo openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com" -keyout ' + pathToStoreSSLPrivKey + ' -out ' + pathToStoreSSLFullChain - - cmd = shlex.split(command) - - res = subprocess.call(cmd) - - return 1 - elif index == 4: - - pathToStoreSSL = sslUtilities.Server_root + "/conf/vhosts/" + "SSL-" + virtualHostName - - try: - os.mkdir(pathToStoreSSL) - except BaseException, msg: + "SSL is issued without 'www' due to DNS error for domain : " + virtualHostName) + else: logging.CyberCPLogFileWriter.writeToFile( - str(msg) + " [Can not create directory to stroe SSL [obtainSSLForADomain]]") - - pathToStoreSSLPrivKey = pathToStoreSSL + "/privkey.pem" - pathToStoreSSLFullChain = pathToStoreSSL + "/fullchain.pem" - - command = 'openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com" -keyout ' + pathToStoreSSLPrivKey + ' -out ' + pathToStoreSSLFullChain - - cmd = shlex.split(command) - - res = subprocess.call(cmd) - - return 1 - elif index ==5 : - obtainSSL.sendline(adminEmail) - - expectation = "(A)gree/(C)ancel:" - obtainSSL.expect(expectation) - obtainSSL.sendline("A") - - expectation = "(Y)es/(N)o:" - obtainSSL.expect(expectation) - obtainSSL.sendline("Y") - - expectation = "(Y)es/(N)o:" - obtainSSL.expect(expectation) - obtainSSL.sendline("Y") - - expectation = [] - - expectation.append("not exist or is not a directory") # 0 - expectation.append("Congratulations!") # 1 - expectation.append("no action taken.") # 2 - - index = obtainSSL.expect(expectation) - - if index==0: - obtainSSL.kill(0) - return "Directory Error 2" - elif index==1: - logging.CyberCPLogFileWriter.writeToFile(virtualHostName + " SSL OK") - elif index==2: - logging.CyberCPLogFileWriter.writeToFile(virtualHostName + " SSL OK") - - elif index==6: - return "Too many SSL requests for this domain, please try to get SSL at later time." - elif index==7: - command = "certbot certonly -n --agree-tos --email " + adminEmail + " --expand --webroot -w " + sslpath + " -d " + virtualHostName + " -d www." + virtualHostName - subprocess.call(shlex.split(command)) - logging.CyberCPLogFileWriter.writeToFile(virtualHostName + " SSL OK by expanding!") + "DNS Records for " + virtualHostName + " does not point to this server, issuing self signed certificate.") + return 0 + else: + logging.CyberCPLogFileWriter.writeToFile( + "Failed to obtain DNS records for " + virtualHostName + ", issuing self signed certificate.") + return 0 - - except pexpect.EOF,msg: - logging.CyberCPLogFileWriter.writeToFile("#######################################") - logging.CyberCPLogFileWriter.writeToFile(str(obtainSSL.before)) - logging.CyberCPLogFileWriter.writeToFile("#######################################") - logging.CyberCPLogFileWriter.writeToFile(str(obtainSSL.after)) - logging.CyberCPLogFileWriter.writeToFile("#######################################") - - pathToStoreSSL = sslUtilities.Server_root + "/conf/vhosts/" + "SSL-" + virtualHostName - - try: - os.mkdir(pathToStoreSSL) - except BaseException, msg: - logging.CyberCPLogFileWriter.writeToFile( - str(msg) + " [Can not create directory to stroe SSL [obtainSSLForADomain]]") - - pathToStoreSSLPrivKey = pathToStoreSSL + "/privkey.pem" - pathToStoreSSLFullChain = pathToStoreSSL + "/fullchain.pem" - - command = 'sudo openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com" -keyout ' + pathToStoreSSLPrivKey + ' -out ' + pathToStoreSSLFullChain - - cmd = shlex.split(command) - - res = subprocess.call(cmd) + ## SSL Paths - return 1 + pathToStoreSSL = sslUtilities.Server_root + "/conf/vhosts/" + "SSL-" + virtualHostName - except pexpect.TIMEOUT, msg: - logging.CyberCPLogFileWriter.writeToFile("#######################################") - logging.CyberCPLogFileWriter.writeToFile(str(obtainSSL.before)) - logging.CyberCPLogFileWriter.writeToFile("#######################################") - logging.CyberCPLogFileWriter.writeToFile(str(obtainSSL.after)) - logging.CyberCPLogFileWriter.writeToFile("#######################################") - - pathToStoreSSL = sslUtilities.Server_root + "/conf/vhosts/" + "SSL-" + virtualHostName - - try: - os.mkdir(pathToStoreSSL) - except BaseException, msg: - logging.CyberCPLogFileWriter.writeToFile( - str(msg) + " [Can not create directory to stroe SSL [obtainSSLForADomain]]") - - pathToStoreSSLPrivKey = pathToStoreSSL + "/privkey.pem" - pathToStoreSSLFullChain = pathToStoreSSL + "/fullchain.pem" - - command = 'sudo openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com" -keyout ' + pathToStoreSSLPrivKey + ' -out ' + pathToStoreSSLFullChain - - cmd = shlex.split(command) - - res = subprocess.call(cmd) - - return 1 - - - ###### Copy SSL To config location ###### - - - pathToStoreSSL = sslUtilities.Server_root+"/conf/vhosts/" +"SSL-"+virtualHostName - - - try: + if not os.path.exists(pathToStoreSSL): os.mkdir(pathToStoreSSL) - except BaseException,msg: - logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [Directory for SSL already exists.. Continuing [obtainSSLForADomain]]") - - - srcPrivKey = "/etc/letsencrypt/live/" + virtualHostName + "/privkey.pem" - srcFullChain = "/etc/letsencrypt/live/" + virtualHostName + "/fullchain.pem" pathToStoreSSLPrivKey = pathToStoreSSL + "/privkey.pem" pathToStoreSSLFullChain = pathToStoreSSL + "/fullchain.pem" - shutil.copy(srcPrivKey, pathToStoreSSLPrivKey) - shutil.copy(srcFullChain, pathToStoreSSLFullChain) + srcPrivKey = "/etc/letsencrypt/live/" + virtualHostName + "/privkey.pem" + srcFullChain = "/etc/letsencrypt/live/" + virtualHostName + "/fullchain.pem" + + ## + + output = subprocess.check_output(shlex.split(command)) + + + if output.find('Congratulations!') > -1 or output.find('no action taken.') > -1: + + ###### Copy SSL To config location ###### + + shutil.copy(srcPrivKey, pathToStoreSSLPrivKey) + shutil.copy(srcFullChain, pathToStoreSSLFullChain) + + return 1 + + elif output.find('Failed authorization procedure') > -1: + logging.CyberCPLogFileWriter.writeToFile('Failed authorization procedure for ' + virtualHostName + " while issuing Let's Encrypt SSL.") + return 0 + elif output.find('Too many SSL requests for this domain, please try to get SSL at later time.') > -1: + logging.CyberCPLogFileWriter.writeToFile( + 'Too many SSL requests for ' + virtualHostName + " please try to get SSL at later time.") + return 0 - return 1 except BaseException,msg: - logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [IO Error with main config file [obtainSSLForADomain]]") + logging.CyberCPLogFileWriter.writeToFile(str(msg) + " [Failed to obtain SSL. [obtainSSLForADomain]]") return 0 def issueSSLForDomain(domain,adminEmail,sslpath): try: - ssl_responce = sslUtilities.obtainSSLForADomain(domain, adminEmail, sslpath) - if ssl_responce == 1: + + if sslUtilities.obtainSSLForADomain(domain, adminEmail, sslpath) == 1: + if sslUtilities.installSSLForDomain(domain) == 1: return [1, "None"] else: - return [0, "352 Failed to install SSL for domain. [issueSSLForDomain]"] + return [0, "210 Failed to install SSL for domain. [issueSSLForDomain]"] else: - return [0,"347 Failed to obtain SSL [issueSSLForDomain]"] + pathToStoreSSL = sslUtilities.Server_root + "/conf/vhosts/" + "SSL-" + domain + + if not os.path.exists(pathToStoreSSL): + os.mkdir(pathToStoreSSL) + + pathToStoreSSLPrivKey = pathToStoreSSL + "/privkey.pem" + pathToStoreSSLFullChain = pathToStoreSSL + "/fullchain.pem" + + command = 'openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com" -keyout ' + pathToStoreSSLPrivKey + ' -out ' + pathToStoreSSLFullChain + cmd = shlex.split(command) + subprocess.call(cmd) + + if sslUtilities.installSSLForDomain(domain) == 1: + logging.CyberCPLogFileWriter.writeToFile("Self signed SSL issued for " + domain + ".") + return [1, "None"] + else: + return [0, "220 Failed to install SSL for domain. [issueSSLForDomain]"] + except BaseException,msg: return [0, "347 "+ str(msg)+ " [issueSSLForDomain]"] diff --git a/plogical/upgrade.py b/plogical/upgrade.py index 4ce235a46..4d0e7f9f7 100644 --- a/plogical/upgrade.py +++ b/plogical/upgrade.py @@ -73,6 +73,11 @@ class Upgrade: command = "pip install tldextract" subprocess.call(shlex.split(command)) + ## Install dnspython + + #command = "pip install dnspython" + #subprocess.call(shlex.split(command)) + ## Change File manager permissions command = "chmod -R 777 /usr/local/lsws/Example/html/FileManager" diff --git a/plogical/virtualHostUtilities.py b/plogical/virtualHostUtilities.py index a88611a57..317f1d5e5 100644 --- a/plogical/virtualHostUtilities.py +++ b/plogical/virtualHostUtilities.py @@ -1048,50 +1048,24 @@ def issueSSL(virtualHost,path,adminEmail): if os.path.exists(pathToStoreSSLFullChain): os.remove(pathToStoreSSLFullChain) - if not (os.path.exists(srcPrivKey) and os.path.exists(srcFullChain)): + retValues = sslUtilities.issueSSLForDomain(virtualHost, adminEmail, path) - retValues = sslUtilities.issueSSLForDomain(virtualHost, adminEmail, path) - - - if retValues[0] == 0: - print "0," + str(retValues[1]) - return - - installUtilities.installUtilities.reStartLiteSpeed() - - vhostPath = virtualHostUtilities.Server_root + "/conf/vhosts" - command = "chown -R " + "lsadm" + ":" + "lsadm" + " " + vhostPath - cmd = shlex.split(command) - subprocess.call(cmd, stdout=FNULL, stderr=subprocess.STDOUT) - - - print "1,None" + if retValues[0] == 0: + print "0," + str(retValues[1]) return - else: - ###### Copy SSL To config location ###### - try: - os.mkdir(pathToStoreSSL) - except BaseException, msg: - logging.CyberCPLogFileWriter.writeToFile( - str(msg) + " [Directory for SSL already exists.. Continuing [issueSSL]]") + installUtilities.installUtilities.reStartLiteSpeed() - srcPrivKey = "/etc/letsencrypt/live/" + virtualHost + "/privkey.pem" - srcFullChain = "/etc/letsencrypt/live/" + virtualHost + "/fullchain.pem" + vhostPath = virtualHostUtilities.Server_root + "/conf/vhosts" + command = "chown -R " + "lsadm" + ":" + "lsadm" + " " + vhostPath + cmd = shlex.split(command) + subprocess.call(cmd, stdout=FNULL, stderr=subprocess.STDOUT) - shutil.copy(srcPrivKey, pathToStoreSSLPrivKey) - shutil.copy(srcFullChain, pathToStoreSSLFullChain) + print "1,None" + return - sslUtilities.sslUtilities.installSSLForDomain(virtualHost) - installUtilities.installUtilities.reStartLiteSpeed() - vhostPath = virtualHostUtilities.Server_root + "/conf/vhosts" - command = "chown -R " + "lsadm" + ":" + "lsadm" + " " + vhostPath - cmd = shlex.split(command) - subprocess.call(cmd, stdout=FNULL, stderr=subprocess.STDOUT) - print "1,None" - return except BaseException,msg: