Mercurial Hosting > luan

annotate src/luan/host/https.luan @ 2042:731c4ec1ae86 acme-tiny

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fix string conversion
author Violet7
date Sun, 09 Nov 2025 02:15:44 -0800
parents cd51e7e31950
children 849ce7f4cfc7
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
1 local Luan = require "luan:Luan.luan"
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
2 local error = Luan.error
2005
fe45d2c967f1 set_https only in init.luan
Franklin Schmidt <fschmidt@gmail.com>
parents: 1798
diff changeset
3 local new_error = Luan.new_error or error()
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
4 local load_file = Luan.load_file or error()
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
5 local ipairs = Luan.ipairs or error()
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
6 local Boot = require "luan:Boot.luan"
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
7 local Io = require "luan:Io.luan"
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
8 local ip = Io.ip or error()
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
9 local uri = Io.uri or error()
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
10 local String = require "luan:String.luan"
1716
b82767112d8e add String.regex
Franklin Schmidt <fschmidt@gmail.com>
parents: 1640
diff changeset
11 local starts_with = String.starts_with or error()
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
12 local Http = require "luan:http/Http.luan"
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
13 local Hosted = require "luan:host/Hosted.luan"
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
14 local Logging = require "luan:logging/Logging.luan"
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
15 local logger = Logging.logger "https"
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
16
2015
61b0cc7db09c Manually specify letsencrypt server due to acme default server change (to zerossl)
Violet7
parents: 2009
diff changeset
17 logger.info("Hello test")
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
18
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
19 function Hosted.set_https(is_https)
2005
fe45d2c967f1 set_https only in init.luan
Franklin Schmidt <fschmidt@gmail.com>
parents: 1798
diff changeset
20 if Http.did_init() then
fe45d2c967f1 set_https only in init.luan
Franklin Schmidt <fschmidt@gmail.com>
parents: 1798
diff changeset
21 logger.error(new_error("set_https called outside of init.luan"))
fe45d2c967f1 set_https only in init.luan
Franklin Schmidt <fschmidt@gmail.com>
parents: 1798
diff changeset
22 return
fe45d2c967f1 set_https only in init.luan
Franklin Schmidt <fschmidt@gmail.com>
parents: 1798
diff changeset
23 end
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
24 local domain = Http.domain
2036
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
25 local site_dir = uri("site:").parent()
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
26 local nginx_file = site_dir.child("nginx.ssl.conf")
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
27 local key_file = site_dir.child(domain..".key")
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
28 local key_file_str = key_file.canonical().to_string()
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
29 local csr_file = site_dir.child(domain..".csr")
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
30 local csr_file_str = csr_file.canonical().to_string()
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
31 local local_cer_file = site_dir.child("fullchain.cer")
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
32 local local_cer_file_str = local_cer_file.canonical().to_string()
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
33 local local_ca_file = site_dir.child("ca.cer")
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
34 -- luan/host
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
35 local luanhost_dir = uri("file:.").canonical().to_string()
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
36 local changed = false
2036
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
37 -- use for testing, so as to not hit rate limits
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
38 -- on the real letsencrypt servers
2039
aa0910b07953 use real servers instead of staging
Violet7
parents: 2038
diff changeset
39 local dry_run = false
2036
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
40 local dry_run_dir_url = "https://acme-staging-v02.api.letsencrypt.org/directory"
2034
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
41
2040
Violet7
parents: 2039
diff changeset
42 if is_https then -- https
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
43 if not key_file.exists() then
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
44 local is_local = ip(domain) == "127.0.0.1"
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
45 logger.info("is_local "..is_local)
2034
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
46
2036
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
47 -- Use openssl directly to make a self-signed cert,
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
48 -- no external cert authority involved
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
49 if is_local then
2036
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
50 local cmd = [[
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
51 ./local_https.sh "]]..domain..[["
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
52 ]]
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
53 local s = uri("bash:"..cmd).read_text()
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
54 logger.info("issue local certificate")
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
55 else
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
56 -- set up a temporary barebones nginx conf
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
57 -- to serve acme challenges on the domain
2041
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
58 try
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
59 local temp_dir_string = "/tmp/acme_setup/"..domain
2034
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
60
2041
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
61 -- recursion guard, must have this to prevent
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
62 -- the http request from invoking this code
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
63 -- and causing an infinite recursion.
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
64 local cmd = "mkdir -p /tmp/acme_setup_locks/"
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
65 local s = uri("bash:"..cmd).read_text()
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
66 local guard_file = "/tmp/acme_setup_locks/"..domain..".lock"
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
67 local guard_uri = uri("file:"..guard_file)
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
68 if guard_uri.exists() then
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
69 logger.info("set_https already running for "..domain..", skipping")
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
70 return
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
71 end
2034
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
72
2041
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
73 -- Clean out old temp files
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
74 local cmd = "rm -rf "..temp_dir_string
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
75 local s = uri("bash:"..cmd).read_text()
2034
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
76
2041
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
77 -- create all needed dirs at once by using
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
78 -- mkdir -p on the deepest nested dir (acme-challenge)
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
79 local webroot = temp_dir_string.."/webroot"
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
80 local acme_challenges = webroot.."/.well-known/acme-challenge"
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
81 local cmd = "mkdir -p "..acme_challenges
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
82 local s = uri("bash:"..cmd).read_text()
2034
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
83
2041
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
84 guard_uri.write("this is a recursion guard, see https.luan")
2034
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
85
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
86
2041
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
87 -- Create the nginx config from the template
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
88 local temp_dir = uri("file:"..temp_dir_string)
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
89 -- The *output* file, where the generated config is stored
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
90 local acme_nginx_file = temp_dir.child("nginx.acme_setup.conf")
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
91 local conf = load_file "file:startup/nginx/nginx.acme_setup.conf.luan"
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
92 local acme_nginx = ` conf(webroot,domain) `
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
93 acme_nginx_file.write(acme_nginx)
2034
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
94
2041
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
95 -- Create an index.html to search for in the logs
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
96 -- to verify everything is working
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
97 local index_file = webroot.."/index.html"
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
98 local cmd = "echo 'hi, testing' > "..index_file
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
99 local s = uri("bash:"..cmd).read_text()
2034
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
100
2041
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
101 -- The config in ./local/nginx.conf has a directive to
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
102 -- glob include confs in /tmp/acme_setup/*/nginx.acme_setup.conf
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
103 -- so we just need to reload it so it can find the one we just made
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
104 local cmd = [[
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
105 sudo $(which nginx) -t -c "]]..luanhost_dir..[[/local/nginx.conf" && sudo $(which nginx) -s reload;
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
106 ]]
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
107 local s = uri("bash:"..cmd).read_text()
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
108 logger.info("reload_nginx "..s)
2034
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
109
2041
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
110 -- We've set up nginx to serve from our temp root, now we need to
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
111 -- create a *domain key*, which we then use to sign our cert.
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
112 local cmd = "openssl genrsa 4096 > "..key_file_str
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
113 local s = uri("bash:"..cmd).read_text()
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
114 logger.info("create domain key\n"..s)
2034
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
115
2041
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
116 -- create the cert, signed with the key we just made
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
117 local cmd = 'openssl req -new -sha256 -key '..key_file_str..' -subj "/CN='..domain..'" > '..csr_file_str
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
118 local s = uri("bash:"..cmd).read_text()
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
119 logger.info("create cert\n"..s)
2034
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
120
2041
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
121 -- Finally, get our cert signed by letsencrypt.
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
122 local cmd = [[
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
123 python3 acme_tiny.py --account-key ./local/tiny_account.key \
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
124 --csr ]]..csr_file_str..[[ \
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
125 --acme-dir ]]..acme_challenges..[[ \
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
126 ]]
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
127 if dry_run == true then
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
128 cmd = cmd.." --directory-url "..dry_run_dir_url
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
129 end
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
130 cmd = cmd.."> "..local_cer_file_str
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
131
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
132 local s = uri("bash:"..cmd).read_text()
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
133 logger.info("get cert signed by letsencrypt\n"..s)
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
134
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
135 -- The above http requests made by acme_tiny are the only thing
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
136 -- that could cause a recursion so it is safe to delete the guard here.
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
137
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
138 catch e
2042
731c4ec1ae86 fix string conversion
Violet7
parents: 2041
diff changeset
139 logger.error("Error setting up ACME: "..e.to_string())
2041
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
140 finally
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
141 if guard_uri and guard_uri.exists() then
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
142 guard_uri.delete()
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
143 end
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
144 local cmd = "rm -rf "..temp_dir_string
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
145 local s = uri("bash:"..cmd).read_text()
2036
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
146 end
2038
b4b3017ac28d cleanup setup dir
Violet7
parents: 2037
diff changeset
147
2036
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
148 -- We now have our certificate!
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
149 -- Now we just need to generate the nginx config
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
150 -- that uses it, place it in luan/host/sites/*/nginx.ssl.conf
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
151 -- and tell luan-host to reload nginx.
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
152
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
153 logger.info("issue certificate "..s)
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
154 end
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
155 if key_file.exists() and local_cer_file.exists() then
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
156 changed = true
2036
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
157 -- the nginx config only requires 2 files:
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
158 -- fullchain.cer and DOMAIN.key
1632
0344a535b1db add doc
fffilimonov
parents: 1630
diff changeset
159 local conf = load_file "file:startup/nginx/nginx.ssl.conf.luan"
2036
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
160 local nginx = ` conf(luanhost_dir,domain) `
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
161 nginx_file.write(nginx)
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
162 end
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
163 end
2040
Violet7
parents: 2039
diff changeset
164 else -- http
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
165 if key_file.exists() or nginx_file.exists() then
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
166 changed = true
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
167 nginx_file.delete()
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
168 local_cer_file.delete()
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
169 local_ca_file.delete()
1716
b82767112d8e add String.regex
Franklin Schmidt <fschmidt@gmail.com>
parents: 1640
diff changeset
170 local ptn = domain.."."
2036
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
171 for _, file in ipairs(site_dir.children()) do
1716
b82767112d8e add String.regex
Franklin Schmidt <fschmidt@gmail.com>
parents: 1640
diff changeset
172 if starts_with(file.name(),ptn) then
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
173 file.delete()
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
174 end
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
175 end
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
176 end
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
177 end
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
178 if changed then
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
179 local cmd = [[
2036
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
180 sudo $(which nginx) -t -c "]]..luanhost_dir..[[/local/nginx.conf" && sudo $(which nginx) -s reload;
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
181 ]]
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
182 local s = uri("bash:"..cmd).read_text()
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
183 logger.info("reload_nginx "..s)
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
184 end
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
185 --logger.info "done"
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
186 end
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
187 Hosted.set_https = Boot.no_security(Hosted.set_https)