Different ssl cert location.

config/nginx.newsblur.conf

@@ -13,13 +13,8 @@ server {
     listen   443 default_server ssl;
 
     # ssl                     on;
-    ssl_certificate         /srv/newsblur/config/certificates/newsblur.com.pem;
+    ssl_certificate         /srv/newsblur/config/certificates/newsblur.com.crt;
     ssl_certificate_key     /srv/newsblur/config/certificates/newsblur.com.key;
-    ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA";
-    ssl_prefer_server_ciphers on;
-    ssl_session_cache shared:SSL:10m;
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-
     ssl_dhparam     /srv/newsblur/config/certificates/dhparams.pem;
     client_max_body_size 4M;
     server_name www.newsblur.com newsblur.com dev.newsblur.com push.newsblur.com *.newsblur.com circularapp.com *.circularapp.com;

fabfile.py

@@ -800,18 +800,29 @@ def copy_certificates():
     run('mkdir -p %s' % cert_path)
     put(os.path.join(env.SECRETS_PATH, 'certificates/newsblur.com.crt'), cert_path)
     put(os.path.join(env.SECRETS_PATH, 'certificates/newsblur.com.key'), cert_path)
-    put(os.path.join(env.SECRETS_PATH, 'certificates/comodo/newsblur.com.pem'), cert_path)
+    # put(os.path.join(env.SECRETS_PATH, 'certificates/comodo/newsblur.com.pem'), cert_path)
-    put(os.path.join(env.SECRETS_PATH, 'certificates/comodo/dhparams.pem'), cert_path)
+    # put(os.path.join(env.SECRETS_PATH, 'certificates/comodo/dhparams.pem'), cert_path)
     put(os.path.join(env.SECRETS_PATH, 'certificates/ios/aps_development.pem'), cert_path)
     # openssl x509 -in aps.cer -inform DER -outform PEM -out aps.pem
     put(os.path.join(env.SECRETS_PATH, 'certificates/ios/aps.pem'), cert_path)
     # Export aps.p12 from aps.cer using Keychain Assistant
     # openssl pkcs12 -in aps.p12 -out aps.p12.pem -nodes
     put(os.path.join(env.SECRETS_PATH, 'certificates/ios/aps.p12.pem'), cert_path)
-    run('cat %s/newsblur.com.pem > %s/newsblur.pem' % (cert_path, cert_path))
+    run('cat %s/newsblur.com.crt > %s/newsblur.pem' % (cert_path, cert_path))
     run('echo "\n" >> %s/newsblur.pem' % (cert_path))
     run('cat %s/newsblur.com.key >> %s/newsblur.pem' % (cert_path, cert_path))
 
+def setup_certbot():
+    sudo('add-apt-repository -y universe')
+    sudo('add-apt-repository -y ppa:certbot/certbot')
+    sudo('apt-get update')
+    sudo('apt-get install -y certbot')
+    sudo('apt-get install -y python3-certbot-dns-dnsimple')
+    run('echo "dns_dnsimple_token = %s" > dnsimple.ini')
+    run('chmod 0400 dnsimple.ini')
+    sudo('certbot certonly -n --agree-tos --email samuel@newsblur.com --domains "*.newsblur.com" --dns-dnsimple --dns-dnsimple-credentials %s' % (settings.DNSIMPLE_TOKEN))
+    run('rm dnsimple.ini')
+    
 @parallel
 def maintenance_on():
     role = role_for_host()

settings.py

@@ -51,6 +51,10 @@ NEWSBLUR_URL = 'http://www.newsblur.com'
 IMAGES_URL   = 'https://imageproxy.newsblur.com'
 SECRET_KEY            = 'YOUR_SECRET_KEY'
 IMAGES_SECRET_KEY = "YOUR_SECRET_IMAGE_KEY"
+DNSIMPLE_TOKEN = "YOUR_DNSIMPLE_TOKEN"
+RECAPTCHA_SECRET_KEY = "YOUR_RECAPTCHA_KEY"
+YOUTUBE_API_KEY = "YOUR_YOUTUBE_API_KEY"
+IMAGES_SECRET_KEY = "YOUR_IMAGES_SECRET_KEY"
 
 # ===================
 # = Global Settings =

utils/monitor_disk_usage.py

@@ -20,7 +20,7 @@ def main():
         requests.post(
                 "https://api.mailgun.net/v2/%s/messages" % settings.MAILGUN_SERVER_NAME,
                 auth=("api", settings.MAILGUN_ACCESS_KEY),
-                data={"from": "NewsBlur Monitor: %s <%s>" % (hostname, hostname, admin_email),
+                data={"from": "NewsBlur Monitor: %s <%s>" % (hostname, admin_email),
                       "to": [admin_email],
                       "subject": "%s hit %s%% disk usage!" % (hostname, percent),
                       "text": "Usage on %s: %s" % (hostname, output)})