Mercurial Hosting > luan

annotate src/luan/host/https.luan @ 2043:849ce7f4cfc7 acme-tiny

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fix variable visibility
author Violet7
date Sun, 09 Nov 2025 02:24:10 -0800
parents 731c4ec1ae86
children d8550e64d613
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
1 local Luan = require "luan:Luan.luan"
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
2 local error = Luan.error
2005
fe45d2c967f1 set_https only in init.luan
Franklin Schmidt <fschmidt@gmail.com>
parents: 1798
diff changeset
3 local new_error = Luan.new_error or error()
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
4 local load_file = Luan.load_file or error()
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
5 local ipairs = Luan.ipairs or error()
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
6 local Boot = require "luan:Boot.luan"
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
7 local Io = require "luan:Io.luan"
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
8 local ip = Io.ip or error()
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
9 local uri = Io.uri or error()
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
10 local String = require "luan:String.luan"
1716
b82767112d8e add String.regex
Franklin Schmidt <fschmidt@gmail.com>
parents: 1640
diff changeset
11 local starts_with = String.starts_with or error()
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
12 local Http = require "luan:http/Http.luan"
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
13 local Hosted = require "luan:host/Hosted.luan"
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
14 local Logging = require "luan:logging/Logging.luan"
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
15 local logger = Logging.logger "https"
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
16
2015
61b0cc7db09c Manually specify letsencrypt server due to acme default server change (to zerossl)
Violet7
parents: 2009
diff changeset
17 logger.info("Hello test")
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
18
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
19 function Hosted.set_https(is_https)
2005
fe45d2c967f1 set_https only in init.luan
Franklin Schmidt <fschmidt@gmail.com>
parents: 1798
diff changeset
20 if Http.did_init() then
fe45d2c967f1 set_https only in init.luan
Franklin Schmidt <fschmidt@gmail.com>
parents: 1798
diff changeset
21 logger.error(new_error("set_https called outside of init.luan"))
fe45d2c967f1 set_https only in init.luan
Franklin Schmidt <fschmidt@gmail.com>
parents: 1798
diff changeset
22 return
fe45d2c967f1 set_https only in init.luan
Franklin Schmidt <fschmidt@gmail.com>
parents: 1798
diff changeset
23 end
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
24 local domain = Http.domain
2036
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
25 local site_dir = uri("site:").parent()
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
26 local nginx_file = site_dir.child("nginx.ssl.conf")
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
27 local key_file = site_dir.child(domain..".key")
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
28 local key_file_str = key_file.canonical().to_string()
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
29 local csr_file = site_dir.child(domain..".csr")
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
30 local csr_file_str = csr_file.canonical().to_string()
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
31 local local_cer_file = site_dir.child("fullchain.cer")
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
32 local local_cer_file_str = local_cer_file.canonical().to_string()
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
33 local local_ca_file = site_dir.child("ca.cer")
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
34 -- luan/host
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
35 local luanhost_dir = uri("file:.").canonical().to_string()
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
36 local changed = false
2036
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
37 -- use for testing, so as to not hit rate limits
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
38 -- on the real letsencrypt servers
2039
aa0910b07953 use real servers instead of staging
Violet7
parents: 2038
diff changeset
39 local dry_run = false
2036
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
40 local dry_run_dir_url = "https://acme-staging-v02.api.letsencrypt.org/directory"
2034
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
41
2043
849ce7f4cfc7 fix variable visibility
Violet7
parents: 2042
diff changeset
42 -- declare these so they are visible in the catch and finally blocks
849ce7f4cfc7 fix variable visibility
Violet7
parents: 2042
diff changeset
43 local guard_uri
849ce7f4cfc7 fix variable visibility
Violet7
parents: 2042
diff changeset
44 local temp_dir_string
849ce7f4cfc7 fix variable visibility
Violet7
parents: 2042
diff changeset
45
2040
Violet7
parents: 2039
diff changeset
46 if is_https then -- https
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
47 if not key_file.exists() then
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
48 local is_local = ip(domain) == "127.0.0.1"
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
49 logger.info("is_local "..is_local)
2034
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
50
2036
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
51 -- Use openssl directly to make a self-signed cert,
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
52 -- no external cert authority involved
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
53 if is_local then
2036
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
54 local cmd = [[
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
55 ./local_https.sh "]]..domain..[["
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
56 ]]
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
57 local s = uri("bash:"..cmd).read_text()
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
58 logger.info("issue local certificate")
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
59 else
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
60 -- set up a temporary barebones nginx conf
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
61 -- to serve acme challenges on the domain
2041
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
62 try
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
63 local temp_dir_string = "/tmp/acme_setup/"..domain
2034
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
64
2041
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
65 -- recursion guard, must have this to prevent
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
66 -- the http request from invoking this code
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
67 -- and causing an infinite recursion.
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
68 local cmd = "mkdir -p /tmp/acme_setup_locks/"
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
69 local s = uri("bash:"..cmd).read_text()
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
70 local guard_file = "/tmp/acme_setup_locks/"..domain..".lock"
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
71 local guard_uri = uri("file:"..guard_file)
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
72 if guard_uri.exists() then
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
73 logger.info("set_https already running for "..domain..", skipping")
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
74 return
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
75 end
2034
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
76
2041
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
77 -- Clean out old temp files
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
78 local cmd = "rm -rf "..temp_dir_string
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
79 local s = uri("bash:"..cmd).read_text()
2034
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
80
2041
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
81 -- create all needed dirs at once by using
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
82 -- mkdir -p on the deepest nested dir (acme-challenge)
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
83 local webroot = temp_dir_string.."/webroot"
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
84 local acme_challenges = webroot.."/.well-known/acme-challenge"
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
85 local cmd = "mkdir -p "..acme_challenges
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
86 local s = uri("bash:"..cmd).read_text()
2034
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
87
2041
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
88 guard_uri.write("this is a recursion guard, see https.luan")
2034
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
89
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
90
2041
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
91 -- Create the nginx config from the template
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
92 local temp_dir = uri("file:"..temp_dir_string)
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
93 -- The *output* file, where the generated config is stored
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
94 local acme_nginx_file = temp_dir.child("nginx.acme_setup.conf")
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
95 local conf = load_file "file:startup/nginx/nginx.acme_setup.conf.luan"
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
96 local acme_nginx = ` conf(webroot,domain) `
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
97 acme_nginx_file.write(acme_nginx)
2034
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
98
2041
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
99 -- Create an index.html to search for in the logs
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
100 -- to verify everything is working
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
101 local index_file = webroot.."/index.html"
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
102 local cmd = "echo 'hi, testing' > "..index_file
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
103 local s = uri("bash:"..cmd).read_text()
2034
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
104
2041
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
105 -- The config in ./local/nginx.conf has a directive to
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
106 -- glob include confs in /tmp/acme_setup/*/nginx.acme_setup.conf
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
107 -- so we just need to reload it so it can find the one we just made
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
108 local cmd = [[
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
109 sudo $(which nginx) -t -c "]]..luanhost_dir..[[/local/nginx.conf" && sudo $(which nginx) -s reload;
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
110 ]]
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
111 local s = uri("bash:"..cmd).read_text()
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
112 logger.info("reload_nginx "..s)
2034
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
113
2041
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
114 -- We've set up nginx to serve from our temp root, now we need to
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
115 -- create a *domain key*, which we then use to sign our cert.
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
116 local cmd = "openssl genrsa 4096 > "..key_file_str
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
117 local s = uri("bash:"..cmd).read_text()
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
118 logger.info("create domain key\n"..s)
2034
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
119
2041
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
120 -- create the cert, signed with the key we just made
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
121 local cmd = 'openssl req -new -sha256 -key '..key_file_str..' -subj "/CN='..domain..'" > '..csr_file_str
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
122 local s = uri("bash:"..cmd).read_text()
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
123 logger.info("create cert\n"..s)
2034
d718511fc69f Begin work on moving to tiny-acme.
Violet7
parents: 2015
diff changeset
124
2041
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
125 -- Finally, get our cert signed by letsencrypt.
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
126 local cmd = [[
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
127 python3 acme_tiny.py --account-key ./local/tiny_account.key \
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
128 --csr ]]..csr_file_str..[[ \
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
129 --acme-dir ]]..acme_challenges..[[ \
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
130 ]]
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
131 if dry_run == true then
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
132 cmd = cmd.." --directory-url "..dry_run_dir_url
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
133 end
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
134 cmd = cmd.."> "..local_cer_file_str
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
135
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
136 local s = uri("bash:"..cmd).read_text()
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
137 logger.info("get cert signed by letsencrypt\n"..s)
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
138
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
139 -- The above http requests made by acme_tiny are the only thing
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
140 -- that could cause a recursion so it is safe to delete the guard here.
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
141
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
142 catch e
2042
731c4ec1ae86 fix string conversion
Violet7
parents: 2041
diff changeset
143 logger.error("Error setting up ACME: "..e.to_string())
2041
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
144 finally
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
145 if guard_uri and guard_uri.exists() then
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
146 guard_uri.delete()
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
147 end
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
148 local cmd = "rm -rf "..temp_dir_string
cd51e7e31950 use try/catch/finally to clean up temp dir even on error
Violet7
parents: 2040
diff changeset
149 local s = uri("bash:"..cmd).read_text()
2036
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
150 end
2038
b4b3017ac28d cleanup setup dir
Violet7
parents: 2037
diff changeset
151
2036
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
152 -- We now have our certificate!
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
153 -- Now we just need to generate the nginx config
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
154 -- that uses it, place it in luan/host/sites/*/nginx.ssl.conf
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
155 -- and tell luan-host to reload nginx.
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
156
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
157 logger.info("issue certificate "..s)
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
158 end
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
159 if key_file.exists() and local_cer_file.exists() then
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
160 changed = true
2036
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
161 -- the nginx config only requires 2 files:
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
162 -- fullchain.cer and DOMAIN.key
1632
0344a535b1db add doc
fffilimonov
parents: 1630
diff changeset
163 local conf = load_file "file:startup/nginx/nginx.ssl.conf.luan"
2036
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
164 local nginx = ` conf(luanhost_dir,domain) `
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
165 nginx_file.write(nginx)
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
166 end
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
167 end
2040
Violet7
parents: 2039
diff changeset
168 else -- http
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
169 if key_file.exists() or nginx_file.exists() then
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
170 changed = true
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
171 nginx_file.delete()
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
172 local_cer_file.delete()
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
173 local_ca_file.delete()
1716
b82767112d8e add String.regex
Franklin Schmidt <fschmidt@gmail.com>
parents: 1640
diff changeset
174 local ptn = domain.."."
2036
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
175 for _, file in ipairs(site_dir.children()) do
1716
b82767112d8e add String.regex
Franklin Schmidt <fschmidt@gmail.com>
parents: 1640
diff changeset
176 if starts_with(file.name(),ptn) then
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
177 file.delete()
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
178 end
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
179 end
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
180 end
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
181 end
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
182 if changed then
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
183 local cmd = [[
2036
2740f8a9ba3a First test prototype (also convert spaces to tabs and remove *.orig files)
Violet7
parents: 2034
diff changeset
184 sudo $(which nginx) -t -c "]]..luanhost_dir..[[/local/nginx.conf" && sudo $(which nginx) -s reload;
1630
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
185 ]]
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
186 local s = uri("bash:"..cmd).read_text()
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
187 logger.info("reload_nginx "..s)
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
188 end
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
189 --logger.info "done"
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
190 end
b735ed134662 add nginx and ssl for host
fffilimonov
parents:
diff changeset
191 Hosted.set_https = Boot.no_security(Hosted.set_https)