Mercurial Hosting > luan

annotate src/luan/host/https.luan @ 2045:265dc9af6a49 acme-tiny

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fix guard_uri initiation
author Violet7
date Sun, 09 Nov 2025 02:31:57 -0800
parents d8550e64d613
children e0896f65c847
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
1 local Luan = require "luan:Luan.luan"
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
2 local error = Luan.error
2005
fe45d2c967f1 set_https only in init.luan
Franklin Schmidt <fschmidt@gmail.com>
parents: 1798
diff changeset
3 local new_error = Luan.new_error or error()
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
4 local load_file = Luan.load_file or error()
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
5 local ipairs = Luan.ipairs or error()
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
6 local Boot = require "luan:Boot.luan"
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
7 local Io = require "luan:Io.luan"
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
8 local ip = Io.ip or error()
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
9 local uri = Io.uri or error()
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
10 local String = require "luan:String.luan"
1716
b82767112d8e add String.regex
Franklin Schmidt <fschmidt@gmail.com>
parents: 1640
diff changeset
11 local starts_with = String.starts_with or error()
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
12 local Http = require "luan:http/Http.luan"
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
13 local Hosted = require "luan:host/Hosted.luan"
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
14 local Logging = require "luan:logging/Logging.luan"
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
15 local logger = Logging.logger "https"
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
16
2015
61b0cc7db09c Manually specify letsencrypt server due to acme default server change (to zerossl)
Violet7
parents: 2009
diff changeset
17 logger.info("Hello test")
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
18
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
19 function Hosted.set_https(is_https)
2005
fe45d2c967f1 set_https only in init.luan
Franklin Schmidt <fschmidt@gmail.com>
parents: 1798
diff changeset
20 if Http.did_init() then
fe45d2c967f1 set_https only in init.luan
Franklin Schmidt <fschmidt@gmail.com>
parents: 1798
diff changeset
21 logger.error(new_error("set_https called outside of init.luan"))
fe45d2c967f1 set_https only in init.luan
Franklin Schmidt <fschmidt@gmail.com>
parents: 1798
diff changeset
22 return
fe45d2c967f1 set_https only in init.luan
Franklin Schmidt <fschmidt@gmail.com>
parents: 1798
diff changeset
23 end
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
24 local domain = Http.domain
2036
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
25 local site_dir = uri("site:").parent()
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
26 local nginx_file = site_dir.child("nginx.ssl.conf")
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
27 local key_file = site_dir.child(domain..".key")
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
28 local key_file_str = key_file.canonical().to_string()
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
29 local csr_file = site_dir.child(domain..".csr")
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
30 local csr_file_str = csr_file.canonical().to_string()
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
31 local local_cer_file = site_dir.child("fullchain.cer")
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
32 local local_cer_file_str = local_cer_file.canonical().to_string()
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
33 local local_ca_file = site_dir.child("ca.cer")
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
34 -- luan/host
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
35 local luanhost_dir = uri("file:.").canonical().to_string()
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
36 local changed = false
2036
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
37 -- use for testing, so as to not hit rate limits
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
38 -- on the real letsencrypt servers
2039
aa0910b07953 use real servers instead of staging
Violet7
parents: 2038
diff changeset
39 local dry_run = false
2036
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
40 local dry_run_dir_url = "https://acme-staging-v02.api.letsencrypt.org/directory"
2034
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
41
2043
849ce7f4cfc7 fix variable visibility
Violet7
parents: 2042
diff changeset
42 -- declare these so they are visible in the catch and finally blocks
2045
265dc9af6a49 fix guard_uri initiation
Violet7
parents: 2044
diff changeset
43 local guard_file = "/tmp/acme_setup_locks/"..domain..".lock"
265dc9af6a49 fix guard_uri initiation
Violet7
parents: 2044
diff changeset
44 local guard_uri = uri("file:"..guard_file)
2043
849ce7f4cfc7 fix variable visibility
Violet7
parents: 2042
diff changeset
45
2040
Violet7
parents: 2039
diff changeset
46 if is_https then -- https
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
47 if not key_file.exists() then
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
48 local is_local = ip(domain) == "127.0.0.1"
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
49 logger.info("is_local "..is_local)
2034
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
50
2036
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
51 -- Use openssl directly to make a self-signed cert,
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
52 -- no external cert authority involved
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
53 if is_local then
2036
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
54 local cmd = [[
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
55 ./local_https.sh "]]..domain..[["
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
56 ]]
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
57 local s = uri("bash:"..cmd).read_text()
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
58 logger.info("issue local certificate")
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
59 else
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
60 -- set up a temporary barebones nginx conf
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
61 -- to serve acme challenges on the domain
2041
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
62 try
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
63 local temp_dir_string = "/tmp/acme_setup/"..domain
2034
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
64
2041
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
65 -- recursion guard, must have this to prevent
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
66 -- the http request from invoking this code
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
67 -- and causing an infinite recursion.
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
68 local cmd = "mkdir -p /tmp/acme_setup_locks/"
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
69 local s = uri("bash:"..cmd).read_text()
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
70 if guard_uri.exists() then
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
71 logger.info("set_https already running for "..domain..", skipping")
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
72 return
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
73 end
2034
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
74
2041
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
75 -- Clean out old temp files
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
76 local cmd = "rm -rf "..temp_dir_string
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
77 local s = uri("bash:"..cmd).read_text()
2034
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
78
2041
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
79 -- create all needed dirs at once by using
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
80 -- mkdir -p on the deepest nested dir (acme-challenge)
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
81 local webroot = temp_dir_string.."/webroot"
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
82 local acme_challenges = webroot.."/.well-known/acme-challenge"
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
83 local cmd = "mkdir -p "..acme_challenges
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
84 local s = uri("bash:"..cmd).read_text()
2034
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
85
2041
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
86 guard_uri.write("this is a recursion guard, see https.luan")
2034
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
87
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
88
2041
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
89 -- Create the nginx config from the template
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
90 local temp_dir = uri("file:"..temp_dir_string)
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
91 -- The *output* file, where the generated config is stored
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
92 local acme_nginx_file = temp_dir.child("nginx.acme_setup.conf")
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
93 local conf = load_file "file:startup/nginx/nginx.acme_setup.conf.luan"
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
94 local acme_nginx = ` conf(webroot,domain) `
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
95 acme_nginx_file.write(acme_nginx)
2034
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
96
2041
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
97 -- Create an index.html to search for in the logs
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
98 -- to verify everything is working
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
99 local index_file = webroot.."/index.html"
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
100 local cmd = "echo 'hi, testing' > "..index_file
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
101 local s = uri("bash:"..cmd).read_text()
2034
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
102
2041
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
103 -- The config in ./local/nginx.conf has a directive to
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
104 -- glob include confs in /tmp/acme_setup/*/nginx.acme_setup.conf
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
105 -- so we just need to reload it so it can find the one we just made
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
106 local cmd = [[
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
107 sudo $(which nginx) -t -c "]]..luanhost_dir..[[/local/nginx.conf" && sudo $(which nginx) -s reload;
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
108 ]]
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
109 local s = uri("bash:"..cmd).read_text()
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
110 logger.info("reload_nginx "..s)
2034
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
111
2041
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
112 -- We've set up nginx to serve from our temp root, now we need to
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
113 -- create a *domain key*, which we then use to sign our cert.
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
114 local cmd = "openssl genrsa 4096 > "..key_file_str
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
115 local s = uri("bash:"..cmd).read_text()
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
116 logger.info("create domain key\n"..s)
2034
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
117
2041
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
118 -- create the cert, signed with the key we just made
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
119 local cmd = 'openssl req -new -sha256 -key '..key_file_str..' -subj "/CN='..domain..'" > '..csr_file_str
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
120 local s = uri("bash:"..cmd).read_text()
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
121 logger.info("create cert\n"..s)
2034
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
122
2041
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
123 -- Finally, get our cert signed by letsencrypt.
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
124 local cmd = [[
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
125 python3 acme_tiny.py --account-key ./local/tiny_account.key \
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
126 --csr ]]..csr_file_str..[[ \
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
127 --acme-dir ]]..acme_challenges..[[ \
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
128 ]]
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
129 if dry_run == true then
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
130 cmd = cmd.." --directory-url "..dry_run_dir_url
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
131 end
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
132 cmd = cmd.."> "..local_cer_file_str
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
133
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
134 local s = uri("bash:"..cmd).read_text()
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
135 logger.info("get cert signed by letsencrypt\n"..s)
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
136
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
137 -- The above http requests made by acme_tiny are the only thing
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
138 -- that could cause a recursion so it is safe to delete the guard here.
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
139
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
140 catch e
2042
731c4ec1ae86 fix string conversion
Violet7
parents: 2041
diff changeset
141 logger.error("Error setting up ACME: "..e.to_string())
2041
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
142 finally
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
143 if guard_uri and guard_uri.exists() then
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
144 guard_uri.delete()
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
145 end
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
146 local cmd = "rm -rf "..temp_dir_string
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
147 local s = uri("bash:"..cmd).read_text()
2036
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
148 end
2038
b4b3017ac28d cleanup setup dir
Violet7
parents: 2037
diff changeset
149
2036
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
150 -- We now have our certificate!
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
151 -- Now we just need to generate the nginx config
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
152 -- that uses it, place it in luan/host/sites/*/nginx.ssl.conf
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
153 -- and tell luan-host to reload nginx.
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
154
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
155 end
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
156 if key_file.exists() and local_cer_file.exists() then
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
157 changed = true
2036
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
158 -- the nginx config only requires 2 files:
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
159 -- fullchain.cer and DOMAIN.key
1632
0344a535b1db add doc
fffilimonov
parents: 1630
diff changeset
160 local conf = load_file "file:startup/nginx/nginx.ssl.conf.luan"
2036
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
161 local nginx = ` conf(luanhost_dir,domain) `
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
162 nginx_file.write(nginx)
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
163 end
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
164 end
2040
Violet7
parents: 2039
diff changeset
165 else -- http
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
166 if key_file.exists() or nginx_file.exists() then
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
167 changed = true
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
168 nginx_file.delete()
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
169 local_cer_file.delete()
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
170 local_ca_file.delete()
1716
b82767112d8e add String.regex
Franklin Schmidt <fschmidt@gmail.com>
parents: 1640
diff changeset
171 local ptn = domain.."."
2036
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
172 for _, file in ipairs(site_dir.children()) do
1716
b82767112d8e add String.regex
Franklin Schmidt <fschmidt@gmail.com>
parents: 1640
diff changeset
173 if starts_with(file.name(),ptn) then
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
174 file.delete()
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
175 end
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
176 end
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
177 end
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
178 end
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
179 if changed then
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
180 local cmd = [[
2036
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
181 sudo $(which nginx) -t -c "]]..luanhost_dir..[[/local/nginx.conf" && sudo $(which nginx) -s reload;
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
182 ]]
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
183 local s = uri("bash:"..cmd).read_text()
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
184 logger.info("reload_nginx "..s)
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
185 end
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
186 --logger.info "done"
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
187 end
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
188 Hosted.set_https = Boot.no_security(Hosted.set_https)