diff --git a/type/__recycledcloud_nginx/man.rst b/type/__recycledcloud_nginx/man.rst index 3aecdb9..b1de718 100644 --- a/type/__recycledcloud_nginx/man.rst +++ b/type/__recycledcloud_nginx/man.rst @@ -21,6 +21,13 @@ config Custom NGINX logic, templated within a standard `server` section with `server_name` and TLS parameters set. Defaults to simple static hosting. +altdomains + Alternative domain names for this vhost and related TLS certificate. + +uacme-hookscript + Custom hook passed to the __uacme_obtain type: useful to integrate the + dns-01 challenge with third-party DNS providers. + AUTHORS ------- Timothée Floure diff --git a/type/__recycledcloud_nginx/manifest b/type/__recycledcloud_nginx/manifest index 233dc91..75db7cd 100644 --- a/type/__recycledcloud_nginx/manifest +++ b/type/__recycledcloud_nginx/manifest @@ -23,9 +23,22 @@ else domain="${__object_id:?}" fi +altdomains= +if [ -f "${__object:?}/parameter/altdomains" ]; +then + altdomains="$(cat "${__object:?}/parameter/altdomains")" +fi + +set_custom_uacme_hookscript= +if [ -f "${__object:?}/parameter/uacme-hookscript" ]; +then + uacme_hookscript="$(cat "${__object:?}/parameter/uacme-hookscript")" + set_custom_uacme_hookscript="--hookscript $uacme_hookscript" +fi + # Deploy simple HTTP vhost, allowing to serve ACME challenges. __recycledcloud_nginx_vhost "301-to-https-$domain" \ - --domain "$domain" --to-https + --domain "$domain" --altdomains "$altdomains" --to-https # Obtaining TLS cert. cert_ownership=$nginx_user @@ -34,8 +47,12 @@ if [ -f "${__object:?}/parameter/force-cert-ownership-to" ]; then fi __uacme_account +# shellcheck disable=SC2086 require="__recycledcloud_nginx_vhost/301-to-https-$domain __uacme_account" \ - __uacme_obtain "$domain" --owner $cert_ownership \ + __uacme_obtain "$domain" \ + --altdomains "$altdomains" \ + $set_custom_uacme_hookscript \ + --owner "$cert_ownership" \ --install-key-to "$nginx_certdir/$domain/privkey.pem" \ --install-cert-to "/$nginx_certdir/$domain/fullchain.pem" \ --renew-hook "service nginx reload" @@ -52,7 +69,8 @@ if [ -f "${__object:?}/parameter/config" ]; then cat "$nginx_logic" > "${__object:?}/files/config" require="__uacme_obtain/$domain" __recycledcloud_nginx_vhost "$domain" \ - --config "${__object:?}/files/config" + --altdomains "$altdomains" --config "${__object:?}/files/config" else - require="__uacme_obtain/$domain" __recycledcloud_nginx_vhost "$domain" + require="__uacme_obtain/$domain" __recycledcloud_nginx_vhost "$domain" \ + --altdomains "$altdomains" fi diff --git a/type/__recycledcloud_nginx/parameter/optional b/type/__recycledcloud_nginx/parameter/optional index 979afef..1a5fb95 100644 --- a/type/__recycledcloud_nginx/parameter/optional +++ b/type/__recycledcloud_nginx/parameter/optional @@ -1,3 +1,5 @@ config domain +altdomains +uacme-hookscript force-cert-ownership-to diff --git a/type/__recycledcloud_nginx_vhost/files/generic.conf.sh b/type/__recycledcloud_nginx_vhost/files/generic.conf.sh index d83768f..13e36aa 100755 --- a/type/__recycledcloud_nginx_vhost/files/generic.conf.sh +++ b/type/__recycledcloud_nginx_vhost/files/generic.conf.sh @@ -10,7 +10,7 @@ cat <<- EOF EOF # Name -echo "server_name ${DOMAIN:?};" +echo "server_name ${DOMAIN:?} $ALTDOMAINS;" # ACME challenges. cat << EOF diff --git a/type/__recycledcloud_nginx_vhost/files/to-https.conf.sh b/type/__recycledcloud_nginx_vhost/files/to-https.conf.sh index 9ee46ef..77dd45b 100755 --- a/type/__recycledcloud_nginx_vhost/files/to-https.conf.sh +++ b/type/__recycledcloud_nginx_vhost/files/to-https.conf.sh @@ -10,7 +10,7 @@ cat <<- EOF EOF # Name -echo "server_name ${DOMAIN:?};" +echo "server_name ${DOMAIN:?} $ALTDOMAINS;" # ACME challenges. cat << EOF diff --git a/type/__recycledcloud_nginx_vhost/man.rst b/type/__recycledcloud_nginx_vhost/man.rst index 1fc99fd..28767d7 100644 --- a/type/__recycledcloud_nginx_vhost/man.rst +++ b/type/__recycledcloud_nginx_vhost/man.rst @@ -52,6 +52,9 @@ lport The port to which we listen. If this is omitted, the defaults of `80` for HTTP and `443` for HTTPS are used. +altdomains + Alternative domain names for this vhost. + BOOLEAN PARAMETERS ------------------ diff --git a/type/__recycledcloud_nginx_vhost/manifest b/type/__recycledcloud_nginx_vhost/manifest index 53688b4..3e7b913 100644 --- a/type/__recycledcloud_nginx_vhost/manifest +++ b/type/__recycledcloud_nginx_vhost/manifest @@ -63,6 +63,13 @@ else fi export DOMAIN +ALTDOMAINS= +if [ -f "${__object:?}/parameter/altdomains" ]; +then + ALTDOMAINS="$(cat "${__object:?}/parameter/altdomains")" +fi +export ALTDOMAINS + # Use TLS ? if [ -f "${__object:?}/parameter/no-tls" ]; then diff --git a/type/__recycledcloud_nginx_vhost/parameter/optional b/type/__recycledcloud_nginx_vhost/parameter/optional index 6a59b12..0561d23 100644 --- a/type/__recycledcloud_nginx_vhost/parameter/optional +++ b/type/__recycledcloud_nginx_vhost/parameter/optional @@ -1,3 +1,3 @@ domain -lport config +altdomains