valitovgaziz
38 lines
1.2 KiB
Bash
Executable File
38 lines
1.2 KiB
Bash
Executable File
#!/bin/bash
|
|
# entrypoint.sh — per-domain HTTPS переключение
|
|
# Для каждого домена проверяет сертификат и активирует SSL или HTTP конфиг
|
|
set -euo pipefail
|
|
|
|
CONF_AVAILABLE="/etc/nginx/conf.available"
|
|
CONF_D="/etc/nginx/conf.d"
|
|
CERT_DIR="/etc/letsencrypt/live"
|
|
|
|
rm -f "$CONF_D"/*.conf
|
|
|
|
# базовый HTTP (ACME challenge, catch-all redirect)
|
|
if [ -f "$CONF_AVAILABLE/00-http.conf" ]; then
|
|
ln -sf "$CONF_AVAILABLE/00-http.conf" "$CONF_D/00-http.conf"
|
|
fi
|
|
|
|
# per-domain конфиги
|
|
shopt -s nullglob
|
|
for ssl_conf in "$CONF_AVAILABLE"/*.ssl.conf; do
|
|
base="$(basename "$ssl_conf" .ssl.conf)"
|
|
http_conf="$CONF_AVAILABLE/$base.http.conf"
|
|
|
|
# CERT_DOMAIN в первой строке: # CERT_DOMAIN=example.ru
|
|
cert_domain="$(head -1 "$ssl_conf" | sed -n 's/.*# CERT_DOMAIN=\(.*\)/\1/p')" || true
|
|
|
|
if [ -n "$cert_domain" ] && [ -f "$CERT_DIR/$cert_domain/fullchain.pem" ]; then
|
|
ln -sf "$ssl_conf" "$CONF_D/$base.ssl.conf"
|
|
echo " ✓ $base → HTTPS ($cert_domain)"
|
|
elif [ -f "$http_conf" ]; then
|
|
ln -sf "$http_conf" "$CONF_D/$base.http.conf"
|
|
echo " ✓ $base → HTTP (no cert for $cert_domain)"
|
|
fi
|
|
done
|
|
|
|
echo "---"
|
|
ls -la "$CONF_D/" | grep -v '^total'
|
|
nginx -t
|