Enable LETSENCRYPT_HOST w/o VIRTUAL_HOST

This way standalone certificates can be requested from their container's environment without using /app/letsencrypt_user_data.
pini-gh · Dec 15, 2024 · 1cec9ad · 1cec9ad
1 parent f80e1b1
commit 1cec9ad
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 21 deletions.
diff --git a/app/functions.sh b/app/functions.sh
@@ -50,12 +50,8 @@ fi
 
 function add_standalone_configuration {
     local domain="${1:?}"
-    if grep -q "server_name ${domain};" /etc/nginx/conf.d/*.conf; then
-        # If the domain is already present in nginx's conf, use the location configuration.
-        add_location_configuration "$domain"
-    else
-        # Else use the standalone configuration.
-        cat > "/etc/nginx/conf.d/standalone-cert-$domain.conf" << EOF
+    [[ "$DEBUG" == 1 ]] && echo "Debug: creating standalone configuration file /etc/nginx/conf.d/standalone-cert-$domain.conf"
+    cat > "/etc/nginx/conf.d/standalone-cert-$domain.conf" << EOF
 server {
     server_name $domain;
     listen 80;
@@ -70,7 +66,6 @@ server {
     }
 }
 EOF
-    fi
 }
 
 function remove_all_standalone_configurations {

diff --git a/app/letsencrypt_service b/app/letsencrypt_service
@@ -515,28 +515,34 @@ function update_certs {
         echo "Warning: /app/letsencrypt_service_data not found, skipping data from containers."
     fi
 
-    # Load settings for standalone certs
+    # Load settings for standalone certs defined into /app/letsencrypt_user_data
     if [[ -f /app/letsencrypt_user_data ]]; then
         if source /app/letsencrypt_user_data; then
-            for cid in "${LETSENCRYPT_STANDALONE_CERTS[@]}"; do
-                local -n hosts_array="LETSENCRYPT_${cid}_HOST"
-
-                local -n acme_challenge="ACME_${cid}_CHALLENGE"
-                acme_challenge="${acme_challenge:-HTTP-01}"
-
-                if [[ "$acme_challenge" == "HTTP-01" ]]; then
-                    for domain in "${hosts_array[@]}"; do
-                        add_standalone_configuration "$domain"
-                    done
-                fi
-            done
-            reload_nginx
             LETSENCRYPT_CONTAINERS+=( "${LETSENCRYPT_STANDALONE_CERTS[@]}" )
         else
             echo "Warning: could not source /app/letsencrypt_user_data, skipping user data"
         fi
     fi
 
+    # Configure http-01 challenge for standalone certs
+    if ! [[ -d /etc/nginx/conf.d ]]; then
+        echo "Warning: /etc/nginx/conf.d not mounted; skipping standalone configuration"
+    else
+        should_reload_nginx='false'
+        for cid in "${LETSENCRYPT_CONTAINERS[@]}"; do
+            local -n hosts_array="LETSENCRYPT_${cid}_HOST"
+            for domain in "${hosts_array[@]}"; do
+                # Add the standalone configuration if and only if the domain is
+                # not already present in nginx's conf. If it is present, the location
+                # configuration is expected to be there.
+                if ! grep -q "server_name ${domain};" /etc/nginx/conf.d/*.conf; then
+                    add_standalone_configuration "$domain" && should_reload_nginx=true
+                fi
+            done
+        done
+        [[ "$should_reload_nginx" == 'true' ]] && reload_nginx
+    fi
+
     should_reload_nginx='false'
     for cid in "${LETSENCRYPT_CONTAINERS[@]}"; do
         # Pass the eventual --force-renew arg to update_cert() as second arg