6
0
Fork 0

[__recycledcloud_nginx*] add support for alternative domains

This commit is contained in:
Timothée Floure 2021-02-19 09:30:01 +01:00
parent 26b7b9651a
commit 1173805f7d
Signed by: tfloure
GPG key ID: 4502C902C00A1E12
8 changed files with 44 additions and 7 deletions

View file

@ -21,6 +21,13 @@ config
Custom NGINX logic, templated within a standard `server` section with Custom NGINX logic, templated within a standard `server` section with
`server_name` and TLS parameters set. Defaults to simple static hosting. `server_name` and TLS parameters set. Defaults to simple static hosting.
altdomains
Alternative domain names for this vhost and related TLS certificate.
uacme-hookscript
Custom hook passed to the __uacme_obtain type: useful to integrate the
dns-01 challenge with third-party DNS providers.
AUTHORS AUTHORS
------- -------
Timothée Floure <timothee.floure@posteo.net> Timothée Floure <timothee.floure@posteo.net>

View file

@ -23,9 +23,22 @@ else
domain="${__object_id:?}" domain="${__object_id:?}"
fi fi
altdomains=
if [ -f "${__object:?}/parameter/altdomains" ];
then
altdomains="$(cat "${__object:?}/parameter/altdomains")"
fi
set_custom_uacme_hookscript=
if [ -f "${__object:?}/parameter/uacme-hookscript" ];
then
uacme_hookscript="$(cat "${__object:?}/parameter/uacme-hookscript")"
set_custom_uacme_hookscript="--hookscript $uacme_hookscript"
fi
# Deploy simple HTTP vhost, allowing to serve ACME challenges. # Deploy simple HTTP vhost, allowing to serve ACME challenges.
__recycledcloud_nginx_vhost "301-to-https-$domain" \ __recycledcloud_nginx_vhost "301-to-https-$domain" \
--domain "$domain" --to-https --domain "$domain" --altdomains "$altdomains" --to-https
# Obtaining TLS cert. # Obtaining TLS cert.
cert_ownership=$nginx_user cert_ownership=$nginx_user
@ -34,8 +47,12 @@ if [ -f "${__object:?}/parameter/force-cert-ownership-to" ]; then
fi fi
__uacme_account __uacme_account
# shellcheck disable=SC2086
require="__recycledcloud_nginx_vhost/301-to-https-$domain __uacme_account" \ require="__recycledcloud_nginx_vhost/301-to-https-$domain __uacme_account" \
__uacme_obtain "$domain" --owner $cert_ownership \ __uacme_obtain "$domain" \
--altdomains "$altdomains" \
$set_custom_uacme_hookscript \
--owner "$cert_ownership" \
--install-key-to "$nginx_certdir/$domain/privkey.pem" \ --install-key-to "$nginx_certdir/$domain/privkey.pem" \
--install-cert-to "/$nginx_certdir/$domain/fullchain.pem" \ --install-cert-to "/$nginx_certdir/$domain/fullchain.pem" \
--renew-hook "service nginx reload" --renew-hook "service nginx reload"
@ -52,7 +69,8 @@ if [ -f "${__object:?}/parameter/config" ]; then
cat "$nginx_logic" > "${__object:?}/files/config" cat "$nginx_logic" > "${__object:?}/files/config"
require="__uacme_obtain/$domain" __recycledcloud_nginx_vhost "$domain" \ require="__uacme_obtain/$domain" __recycledcloud_nginx_vhost "$domain" \
--config "${__object:?}/files/config" --altdomains "$altdomains" --config "${__object:?}/files/config"
else else
require="__uacme_obtain/$domain" __recycledcloud_nginx_vhost "$domain" require="__uacme_obtain/$domain" __recycledcloud_nginx_vhost "$domain" \
--altdomains "$altdomains"
fi fi

View file

@ -1,3 +1,5 @@
config config
domain domain
altdomains
uacme-hookscript
force-cert-ownership-to force-cert-ownership-to

View file

@ -10,7 +10,7 @@ cat <<- EOF
EOF EOF
# Name # Name
echo "server_name ${DOMAIN:?};" echo "server_name ${DOMAIN:?} $ALTDOMAINS;"
# ACME challenges. # ACME challenges.
cat << EOF cat << EOF

View file

@ -10,7 +10,7 @@ cat <<- EOF
EOF EOF
# Name # Name
echo "server_name ${DOMAIN:?};" echo "server_name ${DOMAIN:?} $ALTDOMAINS;"
# ACME challenges. # ACME challenges.
cat << EOF cat << EOF

View file

@ -52,6 +52,9 @@ lport
The port to which we listen. If this is omitted, the defaults of `80` for The port to which we listen. If this is omitted, the defaults of `80` for
HTTP and `443` for HTTPS are used. HTTP and `443` for HTTPS are used.
altdomains
Alternative domain names for this vhost.
BOOLEAN PARAMETERS BOOLEAN PARAMETERS
------------------ ------------------

View file

@ -63,6 +63,13 @@ else
fi fi
export DOMAIN export DOMAIN
ALTDOMAINS=
if [ -f "${__object:?}/parameter/altdomains" ];
then
ALTDOMAINS="$(cat "${__object:?}/parameter/altdomains")"
fi
export ALTDOMAINS
# Use TLS ? # Use TLS ?
if [ -f "${__object:?}/parameter/no-tls" ]; if [ -f "${__object:?}/parameter/no-tls" ];
then then

View file

@ -1,3 +1,3 @@
domain domain
lport
config config
altdomains