From b0251f7be8fb4844b19f28f7eefdd048156c5a25 Mon Sep 17 00:00:00 2001
From: Aidaho <aidaho@roxy-wi.org>
Date: Tue, 21 Jan 2025 11:11:34 +0300
Subject: [PATCH] v8.1.5: Update LetsEncrypt setup for proxy support and
 HAProxy integration

Removed unused local connection in Ansible roles and added support to pass proxy settings to the LetsEncrypt role. Also introduced HAProxy directory handling in the certificate generation logic to improve flexibility with server configurations.
---
 app/scripts/ansible/roles/letsencrypt.yml               | 3 +++
 app/scripts/ansible/roles/letsencrypt/tasks/install.yml | 2 +-
 app/scripts/ansible/roles/letsencrypt_standalone.yml    | 1 -
 app/views/service/lets_encrypt_views.py                 | 7 +++++--
 4 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/app/scripts/ansible/roles/letsencrypt.yml b/app/scripts/ansible/roles/letsencrypt.yml
index 64e6ef46..106feb70 100644
--- a/app/scripts/ansible/roles/letsencrypt.yml
+++ b/app/scripts/ansible/roles/letsencrypt.yml
@@ -7,3 +7,6 @@
   gather_facts: yes
   roles:
     - role: letsencrypt
+      environment:
+        http_proxy: "{{PROXY}}"
+        https_proxy: "{{PROXY}}"
diff --git a/app/scripts/ansible/roles/letsencrypt/tasks/install.yml b/app/scripts/ansible/roles/letsencrypt/tasks/install.yml
index 59c54a17..57f01d78 100644
--- a/app/scripts/ansible/roles/letsencrypt/tasks/install.yml
+++ b/app/scripts/ansible/roles/letsencrypt/tasks/install.yml
@@ -34,7 +34,7 @@
         https_proxy: "{{PROXY}}"
 
     - name: Get cert
-      command: certbot certonly --standalone "{{domains_command}}" --non-interactive --agree-tos --email "{{email}}" --http-01-port=8888
+      command: "certbot certonly --standalone {{domains_command}} --non-interactive --agree-tos --email {{email}} --http-01-port=8888"
 
     - name: Combine into pem file
       shell: "cat /etc/letsencrypt/live/{{main_domain}}/fullchain.pem /etc/letsencrypt/live/{{main_domain}}/privkey.pem > {{ssl_path}}/{{main_domain}}.pem"
diff --git a/app/scripts/ansible/roles/letsencrypt_standalone.yml b/app/scripts/ansible/roles/letsencrypt_standalone.yml
index 2799453d..61c622f4 100644
--- a/app/scripts/ansible/roles/letsencrypt_standalone.yml
+++ b/app/scripts/ansible/roles/letsencrypt_standalone.yml
@@ -1,7 +1,6 @@
 ---
 - name: Obtain Lets Encrypt certificate
   hosts: all
-  connection: local
   become: yes
   become_method: sudo
   gather_facts: yes
diff --git a/app/views/service/lets_encrypt_views.py b/app/views/service/lets_encrypt_views.py
index 235d0e04..1916caf2 100644
--- a/app/views/service/lets_encrypt_views.py
+++ b/app/views/service/lets_encrypt_views.py
@@ -263,6 +263,7 @@ class LetsEncryptView(MethodView):
         inv = {"server": {"hosts": {}}}
         masters = server_sql.is_master(server_ip)
         ssl_path = common.return_nice_path(sql.get_setting('cert_path'), is_service=0)
+        haproxy_dir = sql.get_setting('haproxy_dir')
 
         if data.type == 'standalone':
             server_ip = server_sql.get_server(data.server_id).ip
@@ -292,7 +293,8 @@ class LetsEncryptView(MethodView):
                     'main_domain': main_domain,
                     'servers': servers,
                     'action': action,
-                    'cert_type': data.type
+                    'cert_type': data.type,
+                    'haproxy_dir': haproxy_dir
                 }
                 server_ips.append(master[0])
 
@@ -305,7 +307,8 @@ class LetsEncryptView(MethodView):
             'main_domain': main_domain,
             'servers': servers,
             'action': action,
-            'cert_type': data.type
+            'cert_type': data.type,
+            'haproxy_dir': haproxy_dir
         }
 
         server_ips.append(server_ip)