diff options
| author | Mohammed Amar-Bensaber <renken@shione.net> | 2024-10-08 22:53:57 +0200 |
|---|---|---|
| committer | Mohammed Amar-Bensaber <renken@shione.net> | 2024-10-08 22:53:57 +0200 |
| commit | cd8f0e853f5c05b382ae49207907f89b359712bf (patch) | |
| tree | e8606a8599c6b82c6f44667e385f1efb4943307f /debian | |
| parent | 207bf43a8bd311262e17203edfff1d4a50149e75 (diff) | |
| download | shione-cd8f0e853f5c05b382ae49207907f89b359712bf.tar.gz shione-cd8f0e853f5c05b382ae49207907f89b359712bf.zip | |
nginx: generate certificates for test targets
Podman will be used to test the generated Debian packages to ensure that
they work properly. However, this means that it is NOT shione and
therefore cannot solve letsencrypt challenge among many other things
that can only be done by shione. The goal is to have a staging area that
can mock the latter.
Diffstat (limited to 'debian')
| -rw-r--r-- | debian/nginx-config.postinst | 32 |
1 files changed, 21 insertions, 11 deletions
diff --git a/debian/nginx-config.postinst b/debian/nginx-config.postinst index 92449c8..8045a6d 100644 --- a/debian/nginx-config.postinst +++ b/debian/nginx-config.postinst @@ -2,21 +2,31 @@ # # TODO: Handle "$1". -set -e +set -eu #DEBHELPER# # `certbot` *must* be installed by this package. -certbot \ - --nginx \ - --agree-tos \ - --redirect \ - --hsts \ - --staple-ocsp \ - --email renken+letsencrypt@shione.net \ - -d shione.net \ - -d www.shione.net \ - -d git.shione.net +if [ "$(hostname)" = shione ]; then + certbot \ + --agree-tos \ + --email renken+letsencrypt@shione.net \ + -d shione.net \ + -d www.shione.net \ + -d git.shione.net +else + out=/etc/letsencrypt/live/shione.net + + mkdir -p -- "$out" + openssl genrsa \ + >"$out"/privkey.pem + openssl req \ + -new \ + -x509 \ + -key /etc/letsencrypt/live/shione.net/privkey.pem \ + -subj '/CN=shione.net/O=shione.net./C=FR' \ + >/etc/letsencrypt/live/shione.net/fullchain.pem +fi # Apply new nginx configuration. deb-systemd-invoke restart nginx |