diff --git a/config/.env.sample b/config/.env.sample index 155dbe8..8a49770 100644 --- a/config/.env.sample +++ b/config/.env.sample @@ -1,16 +1,18 @@ # Leave this empty if you use SSH keys SSH_PASSWD= -# domain, set this up using an A record in your domain registrar's control panel -DOMAIN_DIRECT= +# domain/subdomain +# Set up an A record pointing to your server's IP address and +# write the full domain here +DOMAIN_DIRECT=maps.example.com -# Let's Encrypt account email +# Your email address to be used for the Let's Encrypt certificates LETSENCRYPT_EMAIL= # Skip the full planet download, useful for testing (true/false) SKIP_PLANET=false -# Skip the certificate management part. +# Use self-signed certs / skip the certificate management part. # If you are using a custom solution like VPN, Traefik, # or Cloudflare managed certificates, set this to true. # In this case, you'll have self-signed certificates after the script completes. @@ -21,7 +23,7 @@ SELF_SIGNED_CERTS=false ### --- Advanced setup below this line --- ### ### --- 99.9% you don't need any of this! --- ### -# ROUNDROBIN is a very special feature for getting certificates on one server, +# DOMAIN_ROUNDROBIN is a very special feature for getting certificates on one server, # uploading them to a bucket, and then downloading them to multiple http-host servers. # For a single host, you don't need it! DOMAIN_ROUNDROBIN= @@ -30,3 +32,4 @@ DOMAIN_ROUNDROBIN= HTTP_HOST_LIST= TELEGRAM_TOKEN= TELEGRAM_CHAT_ID= + diff --git a/modules/http_host/http_host_lib/nginx.py b/modules/http_host/http_host_lib/nginx.py index 88b3291..d7f3611 100644 --- a/modules/http_host/http_host_lib/nginx.py +++ b/modules/http_host/http_host_lib/nginx.py @@ -43,12 +43,12 @@ def write_nginx_config(): # processing Let's Encrypt config if domain_direct: - le_cert = config.certs_dir / 'ofm_direct.cert' - le_key = config.certs_dir / 'ofm_direct.key' + direct_cert = config.certs_dir / 'ofm_direct.cert' + direct_key = config.certs_dir / 'ofm_direct.key' - if not le_cert.is_file() or not le_key.is_file(): - shutil.copyfile(Path('/etc/nginx/ssl/dummy.crt'), le_cert) - shutil.copyfile(Path('/etc/nginx/ssl/dummy.key'), le_key) + if not direct_cert.is_file() or not direct_key.is_file(): + shutil.copyfile(Path('/etc/nginx/ssl/dummy.crt'), direct_cert) + shutil.copyfile(Path('/etc/nginx/ssl/dummy.key'), direct_key) curl_text_mix += create_nginx_conf( template_path=config.nginx_confs / 'le.conf', @@ -81,15 +81,15 @@ def write_nginx_config(): ) # link certs to nginx dir - le_cert.unlink() - le_key.unlink() + direct_cert.unlink() + direct_key.unlink() etc_cert = Path('/etc/letsencrypt/live/ofm_direct/fullchain.pem') etc_key = Path('/etc/letsencrypt/live/ofm_direct/privkey.pem') assert etc_cert.is_file() assert etc_key.is_file() - le_cert.symlink_to(etc_cert) - le_key.symlink_to(etc_key) + direct_cert.symlink_to(etc_cert) + direct_key.symlink_to(etc_key) subprocess.run(['nginx', '-t'], check=True) subprocess.run(['systemctl', 'reload', 'nginx'], check=True)