librewolf
/
bunkerized-nginx
mirror of https://github.com/bunkerity/bunkerized-nginx
4
0
Fork 1
Code Issues Projects Releases Wiki Activity

Fix customcert plugin

This commit is contained in:
Théophile Diot 2023-05-08 22:03:38 -04:00
parent 63f4e44c61
commit b8d89fe79a
No known key found for this signature in database
GPG Key ID: E752C80DB72BB014
3 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/common/core/customcert/confs/server-http/custom-cert.conf
View File

@ -1,12 +1,15 @@
{% set os_path = import("os.path") %}
{% if USE_CUSTOM_SSL == "yes" and os_path.isfile("/data/cache/customcert/{}".format(CUSTOM_SSL_CERT.replace("/", "_"))) and os_path.isfile("/data/cache/customcert/{}".format(CUSTOM_SSL_KEY.replace("/", "_"))) +%}
{% set cert_file_path = "/data/cache/customcert/{}".format(CUSTOM_SSL_CERT.replace("/", "_")) %}
{% set key_file_path = "/data/cache/customcert/{}".format(CUSTOM_SSL_KEY.replace("/", "_")) %}
{% if USE_CUSTOM_SSL == "yes" and os_path.isfile(cert_file_path) and os_path.isfile(key_file_path) +%}
# listen on HTTPS PORT
listen 0.0.0.0:{{ HTTPS_PORT }} ssl {% if HTTP2 == "yes" %}http2{% endif %} {% if USE_PROXY_PROTOCOL == "yes" %}proxy_protocol{% endif %};
# TLS config
ssl_certificate {{ CUSTOM_SSL_CERT }};
ssl_certificate_key {{ CUSTOM_SSL_KEY }};
ssl_certificate {{ cert_file_path }};
ssl_certificate_key {{ key_file_path }};
ssl_protocols {{ SSL_PROTOCOLS }};
ssl_prefer_server_ciphers on;
ssl_session_tickets off;

9
src/common/core/customcert/confs/server-stream/custom-cert.conf
View File

@ -1,12 +1,15 @@
{% set os_path = import("os.path") %}
{% if USE_CUSTOM_SSL == "yes" and os_path.isfile(CUSTOM_SSL_CERT) and os_path.isfile(CUSTOM_SSL_KEY) +%}
{% set cert_file_path = "/data/cache/customcert/{}".format(CUSTOM_SSL_CERT.replace("/", "_")) %}
{% set key_file_path = "/data/cache/customcert/{}".format(CUSTOM_SSL_KEY.replace("/", "_")) %}
{% if USE_CUSTOM_SSL == "yes" and os_path.isfile(cert_file_path) and os_path.isfile(key_file_path) +%}
# listen
listen 0.0.0.0:{{ LISTEN_STREAM_PORT_SSL }} ssl {% if USE_UDP == "yes" %} udp {% endif %}{% if USE_PROXY_PROTOCOL == "yes" %} proxy_protocol {% endif %};
# TLS config
ssl_certificate {{ CUSTOM_SSL_CERT }};
ssl_certificate_key {{ CUSTOM_SSL_KEY }};
ssl_certificate {{ cert_file_path }};
ssl_certificate_key {{ key_file_path }};
ssl_protocols {{ SSL_PROTOCOLS }};
ssl_prefer_server_ciphers on;
ssl_session_tickets off;

5
src/common/core/customcert/jobs/custom-cert.py
View File

@ -1,6 +1,7 @@
#!/usr/bin/python3
from os import getenv
from os.path import basename
from pathlib import Path
from shutil import copy
from sys import exit as sys_exit, path as sys_path
@ -85,7 +86,7 @@ def check_cert(cert_path, key_path, first_server: Optional[str] = None) -> bool:
err = db.update_job_cache(
"custom-cert",
first_server,
key_cache_path.replace(".hash", "").split("/")[-1],
basename(key_cache_path.replace(".hash", "")),
Path(key_path).read_bytes(),
checksum=key_hash,
)
@ -99,7 +100,7 @@ def check_cert(cert_path, key_path, first_server: Optional[str] = None) -> bool:
err = db.update_job_cache(
"custom-cert",
first_server,
cert_cache_path.replace(".hash", "").split("/")[-1],
basename(cert_cache_path.replace(".hash", "")),
Path(cert_path).read_bytes(),
checksum=cert_hash,
)