Fix customcert plugin to accept multisite certs as well
This commit is contained in:
parent
87a9545d9a
commit
413b75b046
|
@ -1,6 +1,7 @@
|
|||
{% set os_path = import("os.path") %}
|
||||
|
||||
{% if USE_CUSTOM_SSL == "yes" and os_path.isfile("/var/cache/bunkerweb/customcert/cert.pem") and os_path.isfile("/var/cache/bunkerweb/customcert/cert.key") +%}
|
||||
{% if USE_CUSTOM_SSL == "yes" %}
|
||||
{% if os_path.isfile("/var/cache/bunkerweb/customcert/cert.pem") and os_path.isfile("/var/cache/bunkerweb/customcert/key.pem") or os_path.isfile("/var/cache/bunkerweb/customcert/" + SERVER_NAME + "/cert.pem") and os_path.isfile("/var/cache/bunkerweb/customcert/" + SERVER_NAME + "/key.pem") +%}
|
||||
|
||||
# listen on HTTPS PORT
|
||||
listen 0.0.0.0:{{ HTTPS_PORT }} ssl {% if HTTP2 == "yes" %}http2{% endif %} {% if USE_PROXY_PROTOCOL == "yes" %}proxy_protocol{% endif %};
|
||||
|
@ -9,8 +10,16 @@ listen [::]:{{ HTTPS_PORT }} ssl {% if HTTP2 == "yes" %}http2{% endif %} {% if U
|
|||
{% endif %}
|
||||
|
||||
# TLS config
|
||||
{% if os_path.isfile("/var/cache/bunkerweb/customcert/" + SERVER_NAME + "/cert.pem") %}
|
||||
ssl_certificate /var/cache/bunkerweb/customcert/{{ SERVER_NAME }}/cert.pem;
|
||||
{% else %}
|
||||
ssl_certificate /var/cache/bunkerweb/customcert/cert.pem;
|
||||
ssl_certificate_key /var/cache/bunkerweb/customcert/cert.key;
|
||||
{% endif %}
|
||||
{% if os_path.isfile("/var/cache/bunkerweb/customcert/" + SERVER_NAME + "/key.pem") %}
|
||||
ssl_certificate_key /var/cache/bunkerweb/customcert/{{ SERVER_NAME }}/key.pem;
|
||||
{% else %}
|
||||
ssl_certificate_key /var/cache/bunkerweb/customcert/key.pem;
|
||||
{% endif %}
|
||||
ssl_protocols {{ SSL_PROTOCOLS }};
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_tickets off;
|
||||
|
@ -21,4 +30,5 @@ ssl_dhparam /etc/nginx/dhparam;
|
|||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||
{% endif %}
|
||||
|
||||
{% endif %}
|
||||
{% endif %}
|
|
@ -1,6 +1,7 @@
|
|||
{% set os_path = import("os.path") %}
|
||||
|
||||
{% if USE_CUSTOM_SSL == "yes" and os_path.isfile("/var/cache/bunkerweb/customcert/cert.pem") and os_path.isfile("/var/cache/bunkerweb/customcert/cert.key") +%}
|
||||
{% if USE_CUSTOM_SSL == "yes" %}
|
||||
{% if os_path.isfile("/var/cache/bunkerweb/customcert/cert.pem") and os_path.isfile("/var/cache/bunkerweb/customcert/key.pem") or os_path.isfile("/var/cache/bunkerweb/customcert/" + SERVER_NAME + "/cert.pem") and os_path.isfile("/var/cache/bunkerweb/customcert/" + SERVER_NAME + "/key.pem") +%}
|
||||
|
||||
# listen
|
||||
listen 0.0.0.0:{{ LISTEN_STREAM_PORT_SSL }} ssl {% if USE_UDP == "yes" %} udp {% endif %}{% if USE_PROXY_PROTOCOL == "yes" %} proxy_protocol {% endif %};
|
||||
|
@ -9,8 +10,16 @@ listen [::]:{{ LISTEN_STREAM_PORT_SSL }} ssl {% if USE_UDP == "yes" %} udp {% en
|
|||
{% endif %}
|
||||
|
||||
# TLS config
|
||||
{% if os_path.isfile("/var/cache/bunkerweb/customcert/" + SERVER_NAME + "/cert.pem") %}
|
||||
ssl_certificate /var/cache/bunkerweb/customcert/{{ SERVER_NAME }}/cert.pem;
|
||||
{% else %}
|
||||
ssl_certificate /var/cache/bunkerweb/customcert/cert.pem;
|
||||
ssl_certificate_key /var/cache/bunkerweb/customcert/cert.key;
|
||||
{% endif %}
|
||||
{% if os_path.isfile("/var/cache/bunkerweb/customcert/" + SERVER_NAME + "/key.pem") %}
|
||||
ssl_certificate_key /var/cache/bunkerweb/customcert/{{ SERVER_NAME }}/key.pem;
|
||||
{% else %}
|
||||
ssl_certificate_key /var/cache/bunkerweb/customcert/key.pem;
|
||||
{% endif %}
|
||||
ssl_protocols {{ SSL_PROTOCOLS }};
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_tickets off;
|
||||
|
@ -21,4 +30,5 @@ ssl_dhparam /etc/nginx/dhparam;
|
|||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||
{% endif %}
|
||||
|
||||
{% endif %}
|
||||
{% endif %}
|
|
@ -51,8 +51,15 @@ def check_cert(
|
|||
return False
|
||||
|
||||
cert_cache_path = Path(
|
||||
sep, "var", "cache", "bunkerweb", "customcert", "cert.pem"
|
||||
sep,
|
||||
"var",
|
||||
"cache",
|
||||
"bunkerweb",
|
||||
"customcert",
|
||||
first_server or "",
|
||||
"cert.pem",
|
||||
)
|
||||
cert_cache_path.parent.mkdir(parents=True, exist_ok=True)
|
||||
|
||||
cert_hash = file_hash(cert_path)
|
||||
old_hash = cache_hash(cert_cache_path, db)
|
||||
|
@ -66,8 +73,15 @@ def check_cert(
|
|||
logger.error(f"Error while caching custom-cert cert.pem file : {err}")
|
||||
|
||||
key_cache_path = Path(
|
||||
sep, "var", "cache", "bunkerweb", "customcert", "cert.key"
|
||||
sep,
|
||||
"var",
|
||||
"cache",
|
||||
"bunkerweb",
|
||||
"customcert",
|
||||
first_server or "",
|
||||
"key.pem",
|
||||
)
|
||||
key_cache_path.parent.mkdir(parents=True, exist_ok=True)
|
||||
|
||||
key_hash = file_hash(key_path)
|
||||
old_hash = cache_hash(key_cache_path, db)
|
||||
|
@ -76,7 +90,7 @@ def check_cert(
|
|||
key_path, key_cache_path, key_hash, db, delete_file=False
|
||||
)
|
||||
if not cached:
|
||||
logger.error(f"Error while caching custom-cert cert.key file : {err}")
|
||||
logger.error(f"Error while caching custom-cert key.pem file : {err}")
|
||||
|
||||
return True
|
||||
except:
|
||||
|
@ -95,7 +109,7 @@ try:
|
|||
|
||||
# Multisite case
|
||||
if getenv("MULTISITE") == "yes":
|
||||
servers = getenv("SERVER_NAME", [])
|
||||
servers = getenv("SERVER_NAME") or []
|
||||
|
||||
if isinstance(servers, str):
|
||||
servers = servers.split(" ")
|
||||
|
|
Loading…
Reference in New Issue