first set of additional changes to prepare for 2204

2026-03-25 19:17:22 +01:00 · 2022-05-15 23:41:14 +02:00
parent 3998214e87
commit 5e4f1daf63
15 changed files with 74 additions and 55 deletions
--- a/management/backup.py
+++ b/management/backup.py
@@ -12,7 +12,7 @@ import dateutil.parser, dateutil.relativedelta, dateutil.tz
 import rtyaml
 from exclusiveprocess import Lock

-from utils import load_environment, shell, wait_for_service, fix_boto
+from utils import load_environment, shell, wait_for_service, fix_boto, get_php_version

 rsync_ssh_options = [
 	"--ssh-options= -i /root/.ssh/id_rsa_miab",
@@ -20,7 +20,7 @@ rsync_ssh_options = [
 ]

 def backup_status(env):
-	# If backups are dissbled, return no status.
+	# If backups are disabled, return no status.
 	config = get_backup_config(env)
 	if config["target"] == "off":
 		return { }
@@ -212,9 +212,10 @@ def get_target_type(config):

 def perform_backup(full_backup):
 	env = load_environment()
+	php_fpm = f"php{get_php_version()}-fpm"

 	# Create an global exclusive lock so that the backup script
-	# cannot be run more than one.
+	# cannot be run more than once.
 	Lock(die=True).forever()

 	config = get_backup_config(env)
@@ -247,7 +248,7 @@ def perform_backup(full_backup):
 			if quit:
 				sys.exit(code)

-	service_command("php8.0-fpm", "stop", quit=True)
+	service_command(php_fpm, "stop", quit=True)
 	service_command("postfix", "stop", quit=True)
 	service_command("dovecot", "stop", quit=True)

@@ -281,7 +282,7 @@ def perform_backup(full_backup):
 		# Start services again.
 		service_command("dovecot", "start", quit=False)
 		service_command("postfix", "start", quit=False)
-		service_command("php8.0-fpm", "start", quit=False)
+		service_command(php_fpm, "start", quit=False)

 	# Remove old backups. This deletes all backup data no longer needed
 	# from more than 3 days ago.
--- a/management/ssl_certificates.py
+++ b/management/ssl_certificates.py
@@ -346,6 +346,8 @@ def provision_certificates(env, limit_domains):
 						"certonly",
 						#"-v", # just enough to see ACME errors
 						"--non-interactive", # will fail if user hasn't registered during Mail-in-a-Box setup
+						"--agree-tos", # Automatically agrees to Let's Encrypt TOS
+						"--register-unsafely-without-email", # The daemon takes care of renewals

 						"-d", ",".join(domain_list), # first will be main domain

--- a/management/status_checks.py
+++ b/management/status_checks.py
@@ -135,13 +135,15 @@ def check_service(i, service, env):

 			# IPv4 ok but IPv6 failed. Try the PRIVATE_IPV6 address to see if the service is bound to the interface.
 			elif service["port"] != 53 and try_connect(env["PRIVATE_IPV6"]):
-				output.print_error("%s is running (and available over IPv4 and the local IPv6 address), but it is not publicly accessible at %s:%d." % (service['name'], env['PUBLIC_IP'], service['port']))
+				output.print_error("%s is running (and available over IPv4 and the local IPv6 address), but it is not publicly accessible at %s:%d." % (service['name'], env['PUBLIC_IPV6'], service['port']))
 			else:
 				output.print_error("%s is running and available over IPv4 but is not accessible over IPv6 at %s port %d." % (service['name'], env['PUBLIC_IPV6'], service['port']))

 		# IPv4 failed. Try the private IP to see if the service is running but not accessible (except DNS because a different service runs on the private IP).
 		elif service["port"] != 53 and try_connect("127.0.0.1"):
 			output.print_error("%s is running but is not publicly accessible at %s:%d." % (service['name'], env['PUBLIC_IP'], service['port']))
+		elif try_connect(env["PUBLIC_IPV6"]):
+			output.print_warning("%s is only running on ipv6 (port %d)." % (service['name'], service['port']))
 		else:
 			output.print_error("%s is not running (port %d)." % (service['name'], service['port']))

--- a/management/utils.py
+++ b/management/utils.py
@@ -182,6 +182,9 @@ def fix_boto():
 	import os
 	os.environ["BOTO_CONFIG"] = "/etc/boto3.cfg"

+def get_php_version():
+	# Gets the version of PHP installed in the system.
+	return shell("check_output", ["/usr/bin/php", "-v"])[4:7]

 if __name__ == "__main__":
 	from web_update import get_web_domains
--- a/management/web_update.py
+++ b/management/web_update.py
@@ -7,7 +7,7 @@ import os.path, re, rtyaml
 from mailconfig import get_mail_domains
 from dns_update import get_custom_dns_config, get_dns_zones
 from ssl_certificates import get_ssl_certificates, get_domain_ssl_files, check_certificate
-from utils import shell, safe_domain_name, sort_domains
+from utils import shell, safe_domain_name, sort_domains, get_php_version

 def get_web_domains(env, include_www_redirects=True, include_auto=True, exclude_dns_elsewhere=True):
 	# What domains should we serve HTTP(S) for?
@@ -77,6 +77,7 @@ def do_web_update(env):

 	# Build an nginx configuration file.
 	nginx_conf = open(os.path.join(os.path.dirname(__file__), "../conf/nginx-top.conf")).read()
+	nginx_conf = re.sub("{{phpver}}", get_php_version(), nginx_conf)

 	# Load the templates.
 	template0 = open(os.path.join(os.path.dirname(__file__), "../conf/nginx.conf")).read()