mirror of
https://github.com/plausible/analytics.git
synced 2024-12-23 09:33:19 +03:00
Use SSH in Elixir for custom domains
This commit is contained in:
parent
2a7e77ab10
commit
34d7d12229
12
.env
Normal file
12
.env
Normal file
@ -0,0 +1,12 @@
|
||||
ENVIRONMENT=staging
|
||||
HOST=staging.plausible.io
|
||||
DATABASE_URL=postgres://avnadmin:mg8fc8zmagdetbre@plausible-db-uku-a43f.aivencloud.com:15995/defaultdb
|
||||
DATABASE_TLS_ENABLED=true
|
||||
POOL_SIZE=5
|
||||
CLICKHOUSE_DATABASE_HOST=64.227.126.223
|
||||
CLICKHOUSE_DATABASE_USER=default
|
||||
CLICKHOUSE_DATABASE_NAME=plausible_prod
|
||||
CLICKHOUSE_DATABASE_PASSWORD=oywjsXUbwaBxAa6hGMxtvQc9pZWKg4qh83dpMW4otq734ZBNNrQsaysDJD2PTpfA
|
||||
SENTRY_DSN=https://0350a42aa6234a2eaf1230866788598e@o227668.ingest.sentry.io/1382353
|
||||
CUSTOM_DOMAIN_SERVER_IP=3.8.192.84
|
||||
CUSTOM_DOMAIN_SERVER_USER=ubuntu
|
@ -151,6 +151,10 @@ config :plausible, :twitter,
|
||||
token: System.get_env("TWITTER_ACCESS_TOKEN"),
|
||||
token_secret: System.get_env("TWITTER_ACCESS_TOKEN_SECRET")
|
||||
|
||||
config :plausible, :custom_domain_server,
|
||||
user: System.get_env("CUSTOM_DOMAIN_SERVER_USER"),
|
||||
ip: System.get_env("CUSTOM_DOMAIN_SERVER_IP")
|
||||
|
||||
# Import environment specific config. This must remain at the bottom
|
||||
# of this file so it overrides the configuration defined above.
|
||||
import_config "#{Mix.env()}.exs"
|
||||
|
@ -47,6 +47,8 @@ twitter_token = System.get_env("TWITTER_ACCESS_TOKEN")
|
||||
twitter_token_secret = System.get_env("TWITTER_ACCESS_TOKEN_SECRET")
|
||||
postmark_api_key = System.get_env("POSTMARK_API_KEY")
|
||||
cron_enabled = String.to_existing_atom(System.get_env("CRON_ENABLED", "false"))
|
||||
custom_domain_server_ip = System.get_env("CUSTOM_DOMAIN_SERVER_IP")
|
||||
custom_domain_server_user = System.get_env("CUSTOM_DOMAIN_SERVER_USER")
|
||||
|
||||
config :plausible,
|
||||
admin_user: admin_user,
|
||||
@ -127,6 +129,10 @@ config :plausible, :twitter,
|
||||
token: twitter_token,
|
||||
token_secret: twitter_token_secret
|
||||
|
||||
config :plausible, :custom_domain_server,
|
||||
user: custom_domain_server_user,
|
||||
ip: custom_domain_server_ip
|
||||
|
||||
crontab = [
|
||||
{"0 * * * *", Plausible.Workers.SendSiteSetupEmails}, # hourly
|
||||
{"0 * * * *", Plausible.Workers.SendEmailReports}, # hourly
|
||||
|
@ -1,9 +1,12 @@
|
||||
defmodule Plausible.Workers.ProvisionSslCertificates do
|
||||
use Plausible.Repo
|
||||
use Oban.Worker, queue: :provision_ssl_certificates
|
||||
@custom_domain_server Application.get_env(:plausible, :custom_domain_server)
|
||||
|
||||
@impl Oban.Worker
|
||||
def perform(_args, _job, system \\ System) do
|
||||
def perform(_args, _job, ssh \\ SSHEx) do
|
||||
{:ok, conn} = ssh.connect(ip: to_charlist(@custom_domain_server[:ip]), user: to_charlist(@custom_domain_server[:user]))
|
||||
|
||||
recent_custom_domains = Repo.all(
|
||||
from cd in Plausible.Site.CustomDomain,
|
||||
where: cd.updated_at > fragment("now() - '3 days'::interval"),
|
||||
@ -11,8 +14,8 @@ defmodule Plausible.Workers.ProvisionSslCertificates do
|
||||
)
|
||||
|
||||
for domain <- recent_custom_domains do
|
||||
system.cmd("ssh", ["-t", "ubuntu@custom.plausible.io", "sudo certbot certonly --nginx -n -d #{domain.domain}"])
|
||||
|> report_result(domain)
|
||||
{:ok, res, code} = ssh.run(conn, 'sudo certbot certonly --nginx -n -d #{domain.domain}')
|
||||
report_result({res, code}, domain)
|
||||
end
|
||||
end
|
||||
|
||||
|
1
mix.exs
1
mix.exs
@ -88,6 +88,7 @@ defmodule Plausible.MixProject do
|
||||
{:nanoid, "~> 2.0.2"},
|
||||
{:siphash, "~> 3.2"},
|
||||
{:oban, "~> 1.2"},
|
||||
{:sshex, "2.2.1"},
|
||||
{:clickhousex, [git: "https://github.com/atlas-forks/clickhousex.git"]}
|
||||
]
|
||||
end
|
||||
|
1
mix.lock
1
mix.lock
@ -56,6 +56,7 @@
|
||||
"ref_inspector": {:hex, :ref_inspector, "1.3.1", "bb0489a4c4299dcd633f2b7a60c41a01f5590789d0b28225a60be484e1fbe777", [:mix], [{:hackney, "~> 1.0", [hex: :hackney, repo: "hexpm", optional: false]}, {:yamerl, "~> 0.7", [hex: :yamerl, repo: "hexpm", optional: false]}], "hexpm", "3172eb1b08e5c69966f796e3fe0e691257546fa143a5eb0ecc18a6e39b233854"},
|
||||
"sentry": {:hex, :sentry, "7.2.4", "b5bc90b594d40c2e653581e797a5fd2fdf994f2568f6bd66b7fa4971598be8d5", [:mix], [{:hackney, "~> 1.8 or 1.6.5", [hex: :hackney, repo: "hexpm", optional: false]}, {:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: true]}, {:phoenix, "~> 1.3", [hex: :phoenix, repo: "hexpm", optional: true]}, {:plug, "~> 1.6", [hex: :plug, repo: "hexpm", optional: true]}, {:plug_cowboy, "~> 1.0 or ~> 2.0", [hex: :plug_cowboy, repo: "hexpm", optional: true]}], "hexpm", "4ee4d368b5013076afcc8b73ed028bdc8ee9db84ea987e3591101e194c1fc24b"},
|
||||
"siphash": {:hex, :siphash, "3.2.0", "ec03fd4066259218c85e2a4b8eec4bb9663bc02b127ea8a0836db376ba73f2ed", [:make, :mix], [], "hexpm", "ba3810701c6e95637a745e186e8a4899087c3b079ba88fb8f33df054c3b0b7c3"},
|
||||
"sshex": {:hex, :sshex, "2.2.1", "e1270b8345ea2a66a11c2bb7aed22c93e3bc7bc813486f4ffd0a980e4a898160", [:mix], [], "hexpm", "45b2caa5011dc850e70a2d77e3b62678a3e8bcb903eab6f3e7afb2ea897b13db"},
|
||||
"ssl_verify_fun": {:hex, :ssl_verify_fun, "1.1.5", "6eaf7ad16cb568bb01753dbbd7a95ff8b91c7979482b95f38443fe2c8852a79b", [:make, :mix, :rebar3], [], "hexpm", "13104d7897e38ed7f044c4de953a6c28597d1c952075eb2e328bc6d6f2bfc496"},
|
||||
"telemetry": {:hex, :telemetry, "0.4.1", "ae2718484892448a24470e6aa341bc847c3277bfb8d4e9289f7474d752c09c7f", [:rebar3], [], "hexpm", "4738382e36a0a9a2b6e25d67c960e40e1a2c95560b9f936d8e29de8cd858480f"},
|
||||
"timex": {:hex, :timex, "3.6.2", "845cdeb6119e2fef10751c0b247b6c59d86d78554c83f78db612e3290f819bc2", [:mix], [{:combine, "~> 0.10", [hex: :combine, repo: "hexpm", optional: false]}, {:gettext, "~> 0.10", [hex: :gettext, repo: "hexpm", optional: false]}, {:tzdata, "~> 0.1.8 or ~> 0.5 or ~> 1.0.0", [hex: :tzdata, repo: "hexpm", optional: false]}], "hexpm", "26030b46199d02a590be61c2394b37ea25a3664c02fafbeca0b24c972025d47a"},
|
||||
|
@ -7,18 +7,20 @@ defmodule Plausible.Workers.SslCertificatesTest do
|
||||
site = insert(:site)
|
||||
insert(:custom_domain, site: site, domain: "custom-site.com")
|
||||
|
||||
system_stub = stub(System, :cmd, fn(_cmd, _args) -> {"", 0} end)
|
||||
ProvisionSslCertificates.perform(nil, nil, system_stub)
|
||||
ssh_stub = stub(SSHEx, :connect, fn(_cmd) -> {:ok, nil} end)
|
||||
|> stub(:run, fn(_conn, _cmd) -> {:ok, "", 0} end)
|
||||
ProvisionSslCertificates.perform(nil, nil, ssh_stub)
|
||||
|
||||
assert_receive({System, :cmd, ["ssh", ["-t", "ubuntu@custom.plausible.io", "sudo certbot certonly --nginx -n -d custom-site.com"]]})
|
||||
assert_receive({SSHEx, :run, [nil, 'sudo certbot certonly --nginx -n -d custom-site.com']})
|
||||
end
|
||||
|
||||
test "sets has_ssl_certficate=true if the ssh command is succesful" do
|
||||
site = insert(:site)
|
||||
insert(:custom_domain, site: site, domain: "custom-site.com")
|
||||
|
||||
system_stub = stub(System, :cmd, fn(_cmd, _args) -> {"", 0} end)
|
||||
ProvisionSslCertificates.perform(nil, nil, system_stub)
|
||||
ssh_stub = stub(SSHEx, :connect, fn(_cmd) -> {:ok, nil} end)
|
||||
|> stub(:run, fn(_conn, _cmd) -> {:ok, "", 0} end)
|
||||
ProvisionSslCertificates.perform(nil, nil, ssh_stub)
|
||||
|
||||
domain = Repo.get_by(Plausible.Site.CustomDomain, site_id: site.id)
|
||||
assert domain.has_ssl_certificate
|
||||
@ -28,8 +30,9 @@ defmodule Plausible.Workers.SslCertificatesTest do
|
||||
site = insert(:site)
|
||||
insert(:custom_domain, site: site, domain: "custom-site.com")
|
||||
|
||||
failing_system_stub = stub(System, :cmd, fn(_cmd, _args) -> {"", 1} end)
|
||||
ProvisionSslCertificates.perform(nil, nil, failing_system_stub)
|
||||
ssh_stub = stub(SSHEx, :connect, fn(_cmd) -> {:ok, nil} end)
|
||||
|> stub(:run, fn(_conn, _cmd) -> {:ok, "", 1} end)
|
||||
ProvisionSslCertificates.perform(nil, nil, ssh_stub)
|
||||
|
||||
domain = Repo.get_by(Plausible.Site.CustomDomain, site_id: site.id)
|
||||
refute domain.has_ssl_certificate
|
||||
|
Loading…
Reference in New Issue
Block a user