Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: dot not remove symlinked default certificate / private key #1074

Merged
merged 2 commits into from
Dec 15, 2023
Merged

fix: dot not remove symlinked default certificate / private key #1074

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
9f78d10
test: assert that default certificate symlink isn't removed
buchdag Dec 15, 2023
945c7f3
fix: do not remove default cert symlink
buchdag Dec 15, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions app/letsencrypt_service
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,12 +56,13 @@ function cleanup_links {
local -a SYMLINKED_DOMAINS
local -a DISABLED_DOMAINS

# Create an array containing domains for which a
# symlinked private key exists in /etc/nginx/certs.
# Create an array containing domains for which a symlinked certificate
# exists in /etc/nginx/certs (excluding default cert).
for symlinked_domain in /etc/nginx/certs/*.crt; do
[[ -L "$symlinked_domain" ]] || continue
symlinked_domain="${symlinked_domain##*/}"
symlinked_domain="${symlinked_domain%*.crt}"
[[ "$symlinked_domain" != "default" ]] || continue
SYMLINKED_DOMAINS+=("$symlinked_domain")
done
[[ "$DEBUG" == 1 ]] && echo "Symlinked domains: ${SYMLINKED_DOMAINS[*]}"
Expand Down
9 changes: 9 additions & 0 deletions test/tests/symlinks/run.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,11 @@ docker exec "$le_container_name" cp /etc/nginx/certs/le1.wtf/key.pem /etc/nginx/
docker exec "$le_container_name" bash -c 'cd /etc/nginx/certs; ln -s ./le4.wtf/fullchain.pem ./le4.wtf.crt'
docker exec "$le_container_name" bash -c 'cd /etc/nginx/certs; ln -s ./le4.wtf/key.pem ./le4.wtf.key'

# symlink default certificate to le1.wtf certificate
docker exec "$le_container_name" rm -f /etc/nginx/certs/default.crt /etc/nginx/certs/default.key
docker exec "$le_container_name" bash -c 'cd /etc/nginx/certs; ln -s ./le1.wtf/fullchain.pem ./default.crt'
docker exec "$le_container_name" bash -c 'cd /etc/nginx/certs; ln -s ./le1.wtf/key.pem ./default.key'

# Stop the nginx containers for ${domains[0]} and ${domains[1]} silently,
# then check if the corresponding symlinks are removed.
docker stop "symlink-le1-le2" > /dev/null
Expand Down Expand Up @@ -108,3 +113,7 @@ docker stop "symlink-lim-le2" > /dev/null
# Check if the custom certificate is still there
docker exec "$le_container_name" [ -f /etc/nginx/certs/le4.wtf.crt ] \
|| echo "Custom certificate for le4.wtf was removed."

# Check if the default certificate is still there
docker exec "$le_container_name" [ -f /etc/nginx/certs/default.crt ] \
|| echo "Default certificate was removed."