ISSUE MIGRATED FROM https://gitlab.com/aegir/hosting_https/issues/20 (see #2934484: Move back issue management to D.o)

If we have any of these options enabled on the server, then sites can automatically enable/require encryption after they're created.

Comments

helmo created an issue.

bgm’s picture

bgm CreditAttribution: bgm commented

This might be a bit out of scope, or upstream, but when installing Aegir on a new server, I want hosting_https to be automatically configured with LetsEncrypt (and not have to do the dozen clicks in the UI).

So far, I have this:

-- Find the web server node (i.e. the one that's not a database server)
insert into hosting_https_server (nid, vid, https_port)
select s.nid, s.vid, 443
  from hosting_server s
  left join node n on (n.nid = s.nid)
  left join hosting_db_server db on (db.nid = s.nid)
  where db.nid is null;

-- Enable https_nginx on that server
update hosting_service set type = 'https_nginx' where service = 'http' and type = 'nginx';

-- Enable LetsEncrypt (I got lazy and hardcoded IDs for now)
insert into hosting_service (vid,nid,service,type,port,available) values (2,2,'Certificate','LetsEncrypt', 0, 1);

update hosting_https_site set https_enabled = 2 where nid = 10;

However, after running:

drush @server_master provision-verify
drush @hm provision-verify

It does not enable https on the hostmaster site. Any hints?

(we can later work on decoupling the SQL from the forms code, so we can have public functions that can be called from a provision module?)

bgm’s picture

bgm CreditAttribution: bgm commented

From IRC conversations, Colan confirmed that doing a node_save() helps run the correct sequence of tasks for the change to be effective.

I updated my code to reflect this. The code is still very patchy and still has hardcoded IDs (although they should always be the same IDs, it's still not a good assumption):

https://github.com/coopsymbiotic/provision_symbiotic/blob/master/provisi...