Introduction
I am using fabric to automate the installation
and configuration of my server.
I use Python for a lot of things, and the more I can do in one language the more
proficient you get in that language.
So when looking for a tool to allow scripting of software installation,
fabric and cuisine were a
natural fit for me.
I might blog on that in the future, but for now, I would like to start with
enabling SSL on a webpage that is served using Apache.
Why SSL?
Normal web traffic is unencrypted. This means that anyone between your machine
and a web server is able to look at the content you are requesting from the
server. And with the revelations of Snowden, we know that this actually happens
a lot.
So let's make the internet a better place by encrypting the connections from our
servers. For a blog it might not even make too much sense, but as you will notice
I host more services for myself and those I really want encrypted.
Previously, I used self signer certificates, but those are not recognised by the
browsers and other software might not always support self signed certificates.
Let's encrypt
Enter Let’s Encrypt.
Let’s Encrypt is a free, secure and automatic way to get SSL certificates that
are recognised by all modern browser and operating systems.
They provide open source tools to automatically retrieve and install the
certificates on your server.
In this post, I will show the Fabric script I have created and explain the
structure of the script.
I basically follow the guide lines mentioned
here.
The fabric script looks like this:
from fabric.api import *
from cuisine import *
def configure():
install_packages()
clone_git()
cleanup()
def install_packages():
package_ensure("git")
def clone_git():
run("mkdir /tmp/git")
with cd("/tmp/git"):
run("git clone https://github.com/letsencrypt/letsencrypt")
with cd("/tmp/git/letsencrypt"):
with mode_sudo():
run("./letsencrypt-auto")
def cleanup():
run("rm -rf /tmp/git")
Just call the configure function using:
fab -f letsencrypt.py configure.
Happy encrypting!