Compare commits
2 commits
5b8e3203a6
...
1173805f7d
Author | SHA1 | Date | |
---|---|---|---|
|
1173805f7d | ||
|
26b7b9651a |
9 changed files with 44 additions and 7 deletions
|
@ -21,6 +21,13 @@ config
|
|||
Custom NGINX logic, templated within a standard `server` section with
|
||||
`server_name` and TLS parameters set. Defaults to simple static hosting.
|
||||
|
||||
altdomains
|
||||
Alternative domain names for this vhost and related TLS certificate.
|
||||
|
||||
uacme-hookscript
|
||||
Custom hook passed to the __uacme_obtain type: useful to integrate the
|
||||
dns-01 challenge with third-party DNS providers.
|
||||
|
||||
AUTHORS
|
||||
-------
|
||||
Timothée Floure <timothee.floure@posteo.net>
|
||||
|
|
|
@ -23,9 +23,22 @@ else
|
|||
domain="${__object_id:?}"
|
||||
fi
|
||||
|
||||
altdomains=
|
||||
if [ -f "${__object:?}/parameter/altdomains" ];
|
||||
then
|
||||
altdomains="$(cat "${__object:?}/parameter/altdomains")"
|
||||
fi
|
||||
|
||||
set_custom_uacme_hookscript=
|
||||
if [ -f "${__object:?}/parameter/uacme-hookscript" ];
|
||||
then
|
||||
uacme_hookscript="$(cat "${__object:?}/parameter/uacme-hookscript")"
|
||||
set_custom_uacme_hookscript="--hookscript $uacme_hookscript"
|
||||
fi
|
||||
|
||||
# Deploy simple HTTP vhost, allowing to serve ACME challenges.
|
||||
__recycledcloud_nginx_vhost "301-to-https-$domain" \
|
||||
--domain "$domain" --to-https
|
||||
--domain "$domain" --altdomains "$altdomains" --to-https
|
||||
|
||||
# Obtaining TLS cert.
|
||||
cert_ownership=$nginx_user
|
||||
|
@ -34,8 +47,12 @@ if [ -f "${__object:?}/parameter/force-cert-ownership-to" ]; then
|
|||
fi
|
||||
|
||||
__uacme_account
|
||||
# shellcheck disable=SC2086
|
||||
require="__recycledcloud_nginx_vhost/301-to-https-$domain __uacme_account" \
|
||||
__uacme_obtain "$domain" --owner $cert_ownership \
|
||||
__uacme_obtain "$domain" \
|
||||
--altdomains "$altdomains" \
|
||||
$set_custom_uacme_hookscript \
|
||||
--owner "$cert_ownership" \
|
||||
--install-key-to "$nginx_certdir/$domain/privkey.pem" \
|
||||
--install-cert-to "/$nginx_certdir/$domain/fullchain.pem" \
|
||||
--renew-hook "service nginx reload"
|
||||
|
@ -52,7 +69,8 @@ if [ -f "${__object:?}/parameter/config" ]; then
|
|||
cat "$nginx_logic" > "${__object:?}/files/config"
|
||||
|
||||
require="__uacme_obtain/$domain" __recycledcloud_nginx_vhost "$domain" \
|
||||
--config "${__object:?}/files/config"
|
||||
--altdomains "$altdomains" --config "${__object:?}/files/config"
|
||||
else
|
||||
require="__uacme_obtain/$domain" __recycledcloud_nginx_vhost "$domain"
|
||||
require="__uacme_obtain/$domain" __recycledcloud_nginx_vhost "$domain" \
|
||||
--altdomains "$altdomains"
|
||||
fi
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
config
|
||||
domain
|
||||
altdomains
|
||||
uacme-hookscript
|
||||
force-cert-ownership-to
|
||||
|
|
|
@ -10,7 +10,7 @@ cat <<- EOF
|
|||
EOF
|
||||
|
||||
# Name
|
||||
echo "server_name ${DOMAIN:?};"
|
||||
echo "server_name ${DOMAIN:?} $ALTDOMAINS;"
|
||||
|
||||
# ACME challenges.
|
||||
cat << EOF
|
||||
|
|
|
@ -10,7 +10,7 @@ cat <<- EOF
|
|||
EOF
|
||||
|
||||
# Name
|
||||
echo "server_name ${DOMAIN:?};"
|
||||
echo "server_name ${DOMAIN:?} $ALTDOMAINS;"
|
||||
|
||||
# ACME challenges.
|
||||
cat << EOF
|
||||
|
|
|
@ -52,6 +52,9 @@ lport
|
|||
The port to which we listen. If this is omitted, the defaults of `80` for
|
||||
HTTP and `443` for HTTPS are used.
|
||||
|
||||
altdomains
|
||||
Alternative domain names for this vhost.
|
||||
|
||||
BOOLEAN PARAMETERS
|
||||
------------------
|
||||
|
||||
|
|
|
@ -63,6 +63,13 @@ else
|
|||
fi
|
||||
export DOMAIN
|
||||
|
||||
ALTDOMAINS=
|
||||
if [ -f "${__object:?}/parameter/altdomains" ];
|
||||
then
|
||||
ALTDOMAINS="$(cat "${__object:?}/parameter/altdomains")"
|
||||
fi
|
||||
export ALTDOMAINS
|
||||
|
||||
# Use TLS ?
|
||||
if [ -f "${__object:?}/parameter/no-tls" ];
|
||||
then
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
domain
|
||||
lport
|
||||
config
|
||||
altdomains
|
||||
|
|
Reference in a new issue