scripts/generate-nginx-conf.sh

#!/bin/bash
# Generate an nginx site config for one domain from the template.
#
# Usage:
#   sudo ./scripts/generate-nginx-conf.sh мои-товары.рф
#   sudo ./scripts/generate-nginx-conf.sh my-products.ru
#
# Writes to /etc/nginx/sites-available/<domain>.conf and symlinks to sites-enabled.
# If no argument is given, DOMAIN is read from .env.

set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
REPO_DIR="$(dirname "$SCRIPT_DIR")"
TEMPLATE="$REPO_DIR/nginx/nginx.conf.template"

# ── resolve domain ────────────────────────────────────────────────────────────
if [ -n "${1:-}" ]; then
  DOMAIN="$1"
else
  if [ -f "$REPO_DIR/.env" ]; then
    DOMAIN_FROM_ENV=$(grep -E '^DOMAIN=' "$REPO_DIR/.env" | cut -d= -f2- | tr -d '"'"'" | head -1)
    DOMAIN="${DOMAIN:-${DOMAIN_FROM_ENV:-}}"
  fi
fi

if [ -z "${DOMAIN:-}" ]; then
  echo "ERROR: no domain specified." >&2
  echo "Usage: $0 <domain>  or set DOMAIN= in .env" >&2
  exit 1
fi

# Convert IDN/Cyrillic domain to punycode for cert paths and server_name
PUNYCODE=$(python3 -c "
import sys
d = sys.argv[1]
try:
    parts = d.split('.')
    print('.'.join(p.encode('idna').decode('ascii') for p in parts))
except Exception:
    print(d)
" "$DOMAIN" 2>/dev/null || echo "$DOMAIN")

if [ "$PUNYCODE" != "$DOMAIN" ]; then
  echo "==> IDN domain detected: $DOMAIN → $PUNYCODE"
fi

CONF_FILE="/etc/nginx/sites-available/${PUNYCODE}.conf"
ENABLED_LINK="/etc/nginx/sites-enabled/${PUNYCODE}.conf"

echo "==> Generating nginx config for: $DOMAIN ($PUNYCODE)"
DOMAIN="$PUNYCODE" envsubst '$DOMAIN' < "$TEMPLATE" | sudo tee "$CONF_FILE" > /dev/null

if [ ! -L "$ENABLED_LINK" ]; then
  sudo ln -s "$CONF_FILE" "$ENABLED_LINK"
  echo "==> Symlinked to sites-enabled"
else
  echo "==> Symlink already exists in sites-enabled"
fi

echo "==> Testing nginx config..."
sudo nginx -t

echo ""
echo "==> Config written to: $CONF_FILE"
echo "    Cert path: /etc/letsencrypt/live/$PUNYCODE/"
echo "    Reload nginx to apply: sudo systemctl reload nginx"
feat: multi-domain nginx configs and TLS scripts for мои-товары.рф / my-products.ru - nginx/nginx.conf: pre-generated config for both domains (IDN punycode for .рф) - scripts/generate-nginx-conf.sh: generates sites-available config from template per domain - scripts/init-letsencrypt.sh: accepts domain as arg (falls back to .env) - README.md: updated deploy section, removed stale VK_WEIGHT_PRICE_MULTIPLIER, added sync/logs routes Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-05-13 10:39:02 +03:00			`#!/bin/bash`
			`# Generate an nginx site config for one domain from the template.`
			`#`
			`# Usage:`
			`# sudo ./scripts/generate-nginx-conf.sh мои-товары.рф`
			`# sudo ./scripts/generate-nginx-conf.sh my-products.ru`
			`#`
			`# Writes to /etc/nginx/sites-available/<domain>.conf and symlinks to sites-enabled.`
			`# If no argument is given, DOMAIN is read from .env.`

			`set -euo pipefail`

			`SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"`
			`REPO_DIR="$(dirname "$SCRIPT_DIR")"`
			`TEMPLATE="$REPO_DIR/nginx/nginx.conf.template"`

			`# ── resolve domain ────────────────────────────────────────────────────────────`
			`if [ -n "${1:-}" ]; then`
			`DOMAIN="$1"`
			`else`
			`if [ -f "$REPO_DIR/.env" ]; then`
			`DOMAIN_FROM_ENV=$(grep -E '^DOMAIN=' "$REPO_DIR/.env" \| cut -d= -f2- \| tr -d '"'"'" \| head -1)`
			`DOMAIN="${DOMAIN:-${DOMAIN_FROM_ENV:-}}"`
			`fi`
			`fi`

			`if [ -z "${DOMAIN:-}" ]; then`
			`echo "ERROR: no domain specified." >&2`
			`echo "Usage: $0 <domain> or set DOMAIN= in .env" >&2`
			`exit 1`
			`fi`

fix: correct punycode for мои-товары.рф and add IDN support to generate-nginx-conf.sh xn--e1afmapc4af.xn--p1af was wrong; correct punycode is xn----8sbfwtmcso8g.xn--p1ai. generate-nginx-conf.sh now converts IDN domains to punycode before expanding the template, so cert paths and server_name directives are always ASCII-safe. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-05-13 14:06:54 +03:00			`# Convert IDN/Cyrillic domain to punycode for cert paths and server_name`
			`PUNYCODE=$(python3 -c "`
			`import sys`
			`d = sys.argv[1]`
			`try:`
			`parts = d.split('.')`
			`print('.'.join(p.encode('idna').decode('ascii') for p in parts))`
			`except Exception:`
			`print(d)`
			`" "$DOMAIN" 2>/dev/null \|\| echo "$DOMAIN")`
feat: multi-domain nginx configs and TLS scripts for мои-товары.рф / my-products.ru - nginx/nginx.conf: pre-generated config for both domains (IDN punycode for .рф) - scripts/generate-nginx-conf.sh: generates sites-available config from template per domain - scripts/init-letsencrypt.sh: accepts domain as arg (falls back to .env) - README.md: updated deploy section, removed stale VK_WEIGHT_PRICE_MULTIPLIER, added sync/logs routes Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-05-13 10:39:02 +03:00
fix: correct punycode for мои-товары.рф and add IDN support to generate-nginx-conf.sh xn--e1afmapc4af.xn--p1af was wrong; correct punycode is xn----8sbfwtmcso8g.xn--p1ai. generate-nginx-conf.sh now converts IDN domains to punycode before expanding the template, so cert paths and server_name directives are always ASCII-safe. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-05-13 14:06:54 +03:00			`if [ "$PUNYCODE" != "$DOMAIN" ]; then`
			`echo "==> IDN domain detected: $DOMAIN → $PUNYCODE"`
			`fi`

			`CONF_FILE="/etc/nginx/sites-available/${PUNYCODE}.conf"`
			`ENABLED_LINK="/etc/nginx/sites-enabled/${PUNYCODE}.conf"`

			`echo "==> Generating nginx config for: $DOMAIN ($PUNYCODE)"`
			`DOMAIN="$PUNYCODE" envsubst '$DOMAIN' < "$TEMPLATE" \| sudo tee "$CONF_FILE" > /dev/null`
feat: multi-domain nginx configs and TLS scripts for мои-товары.рф / my-products.ru - nginx/nginx.conf: pre-generated config for both domains (IDN punycode for .рф) - scripts/generate-nginx-conf.sh: generates sites-available config from template per domain - scripts/init-letsencrypt.sh: accepts domain as arg (falls back to .env) - README.md: updated deploy section, removed stale VK_WEIGHT_PRICE_MULTIPLIER, added sync/logs routes Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-05-13 10:39:02 +03:00
			`if [ ! -L "$ENABLED_LINK" ]; then`
			`sudo ln -s "$CONF_FILE" "$ENABLED_LINK"`
			`echo "==> Symlinked to sites-enabled"`
			`else`
			`echo "==> Symlink already exists in sites-enabled"`
			`fi`

			`echo "==> Testing nginx config..."`
			`sudo nginx -t`

			`echo ""`
			`echo "==> Config written to: $CONF_FILE"`
fix: correct punycode for мои-товары.рф and add IDN support to generate-nginx-conf.sh xn--e1afmapc4af.xn--p1af was wrong; correct punycode is xn----8sbfwtmcso8g.xn--p1ai. generate-nginx-conf.sh now converts IDN domains to punycode before expanding the template, so cert paths and server_name directives are always ASCII-safe. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-05-13 14:06:54 +03:00			`echo " Cert path: /etc/letsencrypt/live/$PUNYCODE/"`
feat: multi-domain nginx configs and TLS scripts for мои-товары.рф / my-products.ru - nginx/nginx.conf: pre-generated config for both domains (IDN punycode for .рф) - scripts/generate-nginx-conf.sh: generates sites-available config from template per domain - scripts/init-letsencrypt.sh: accepts domain as arg (falls back to .env) - README.md: updated deploy section, removed stale VK_WEIGHT_PRICE_MULTIPLIER, added sync/logs routes Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-05-13 10:39:02 +03:00			`echo " Reload nginx to apply: sudo systemctl reload nginx"`