#!/bin/bash
# entrypoint.sh — per-domain HTTPS переключение
# Для каждого домена проверяет сертификат и активирует SSL или HTTP конфиг
set -euo pipefail

CONF_AVAILABLE="/etc/nginx/conf.available"
CONF_D="/etc/nginx/conf.d"
CERT_DIR="/etc/letsencrypt/live"

rm -f "$CONF_D"/*.conf

# базовый HTTP (ACME challenge, catch-all redirect)
if [ -f "$CONF_AVAILABLE/00-http.conf" ]; then
  ln -sf "$CONF_AVAILABLE/00-http.conf" "$CONF_D/00-http.conf"
fi

# per-domain конфиги
shopt -s nullglob
for ssl_conf in "$CONF_AVAILABLE"/*.ssl.conf; do
  base="$(basename "$ssl_conf" .ssl.conf)"
  http_conf="$CONF_AVAILABLE/$base.http.conf"

  # CERT_DOMAIN в первой строке: # CERT_DOMAIN=example.ru
  cert_domain="$(head -1 "$ssl_conf" | grep -oP '(?<=# CERT_DOMAIN=).+')" || true

  if [ -n "$cert_domain" ] && [ -f "$CERT_DIR/$cert_domain/fullchain.pem" ]; then
    ln -sf "$ssl_conf" "$CONF_D/$base.ssl.conf"
    echo "  ✓ $base → HTTPS ($cert_domain)"
  elif [ -f "$http_conf" ]; then
    ln -sf "$http_conf" "$CONF_D/$base.http.conf"
    echo "  ✓ $base → HTTP (no cert for $cert_domain)"
  fi
done

echo "---"
ls -la "$CONF_D/" | grep -v '^total'
nginx -t