nginx: override domain to local rather than having the user do it.

getodk · Apr 22, 2020 · 9b972e7 · 9b972e7
1 parent 9d1a888
commit 9b972e7
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 4 deletions.
diff --git a/files/nginx/odk-setup.sh b/files/nginx/odk-setup.sh
@@ -18,12 +18,15 @@ then
 fi
 
 echo "writing a new nginx configuration file.."
-/bin/bash -c "envsubst '\$SSL_TYPE \$DOMAIN' < /usr/share/nginx/odk.conf.template > /etc/nginx/conf.d/odk.conf"
+CNAME=$([ "$SSL_TYPE" = "customssl" ] && echo "local" || echo "$DOMAIN") \
+/bin/bash -c "envsubst '\$SSL_TYPE \$CNAME' < /usr/share/nginx/odk.conf.template > /etc/nginx/conf.d/odk.conf"
 
 if [ "$SSL_TYPE" = "letsencrypt" ]
 then
+  echo "starting nginx with certbot.."
   /bin/bash /scripts/entrypoint.sh
 else
+  echo "starting nginx without certbot.."
   nginx -g "daemon off;"
 fi
 
diff --git a/files/nginx/odk.conf.template b/files/nginx/odk.conf.template
@@ -1,8 +1,8 @@
 server {
   listen 443 ssl;
-  ssl_certificate /etc/${SSL_TYPE}/live/${DOMAIN}/fullchain.pem;
-  ssl_certificate_key /etc/${SSL_TYPE}/live/${DOMAIN}/privkey.pem;
-  ssl_trusted_certificate /etc/${SSL_TYPE}/live/${DOMAIN}/fullchain.pem;
+  ssl_certificate /etc/${SSL_TYPE}/live/${CNAME}/fullchain.pem;
+  ssl_certificate_key /etc/${SSL_TYPE}/live/${CNAME}/privkey.pem;
+  ssl_trusted_certificate /etc/${SSL_TYPE}/live/${CNAME}/fullchain.pem;
 
   ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
   ssl_prefer_server_ciphers on;