feat: multi-domain nginx configs and TLS scripts for мои-товары.рф / my-products.ru

- nginx/nginx.conf: pre-generated config for both domains (IDN punycode for .рф)
- scripts/generate-nginx-conf.sh: generates sites-available config from template per domain
- scripts/init-letsencrypt.sh: accepts domain as arg (falls back to .env)
- README.md: updated deploy section, removed stale VK_WEIGHT_PRICE_MULTIPLIER, added sync/logs routes

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

scripts/generate-nginx-conf.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+# Generate an nginx site config for one domain from the template.
+#
+# Usage:
+#   sudo ./scripts/generate-nginx-conf.sh мои-товары.рф
+#   sudo ./scripts/generate-nginx-conf.sh my-products.ru
+#
+# Writes to /etc/nginx/sites-available/<domain>.conf and symlinks to sites-enabled.
+# If no argument is given, DOMAIN is read from .env.
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+REPO_DIR="$(dirname "$SCRIPT_DIR")"
+TEMPLATE="$REPO_DIR/nginx/nginx.conf.template"
+
+# ── resolve domain ────────────────────────────────────────────────────────────
+if [ -n "${1:-}" ]; then
+  DOMAIN="$1"
+else
+  if [ -f "$REPO_DIR/.env" ]; then
+    DOMAIN_FROM_ENV=$(grep -E '^DOMAIN=' "$REPO_DIR/.env" | cut -d= -f2- | tr -d '"'"'" | head -1)
+    DOMAIN="${DOMAIN:-${DOMAIN_FROM_ENV:-}}"
+  fi
+fi
+
+if [ -z "${DOMAIN:-}" ]; then
+  echo "ERROR: no domain specified." >&2
+  echo "Usage: $0 <domain>  or set DOMAIN= in .env" >&2
+  exit 1
+fi
+
+CONF_FILE="/etc/nginx/sites-available/${DOMAIN}.conf"
+ENABLED_LINK="/etc/nginx/sites-enabled/${DOMAIN}.conf"
+
+echo "==> Generating nginx config for: $DOMAIN"
+DOMAIN="$DOMAIN" envsubst '$DOMAIN' < "$TEMPLATE" | sudo tee "$CONF_FILE" > /dev/null
+
+if [ ! -L "$ENABLED_LINK" ]; then
+  sudo ln -s "$CONF_FILE" "$ENABLED_LINK"
+  echo "==> Symlinked to sites-enabled"
+else
+  echo "==> Symlink already exists in sites-enabled"
+fi
+
+echo "==> Testing nginx config..."
+sudo nginx -t
+
+echo ""
+echo "==> Config written to: $CONF_FILE"
+echo "    Reload nginx to apply: sudo systemctl reload nginx"

scripts/init-letsencrypt.sh

@@ -1,32 +1,38 @@
 #!/bin/bash
-# Obtain TLS certificates from Let's Encrypt.
-# Run once on first deploy: sudo ./scripts/init-letsencrypt.sh
-# Requires nginx running on the host with acme-challenge location configured.
-# Set DOMAIN in .env or export it before running:
-#   DOMAIN=example.com sudo -E ./scripts/init-letsencrypt.sh
+# Obtain a TLS certificate from Let's Encrypt for one domain.
+#
+# Usage:
+#   sudo ./scripts/init-letsencrypt.sh мои-товары.рф
+#   sudo ./scripts/init-letsencrypt.sh my-products.ru
+#
+# If no argument is given, DOMAIN is read from .env.
+# Run once per domain on first deploy.
 
 set -euo pipefail
 
-# Load DOMAIN from .env if not already set in environment
-if [ -f .env ]; then
-  # Extract DOMAIN line, strip quotes and export
-  DOMAIN_FROM_ENV=$(grep -E '^DOMAIN=' .env | cut -d= -f2- | tr -d '"'"'" | head -1)
-  DOMAIN="${DOMAIN:-$DOMAIN_FROM_ENV}"
+# ── resolve domain ────────────────────────────────────────────────────────────
+if [ -n "${1:-}" ]; then
+  DOMAIN="$1"
+else
+  if [ -f .env ]; then
+    DOMAIN_FROM_ENV=$(grep -E '^DOMAIN=' .env | cut -d= -f2- | tr -d '"'"'" | head -1)
+    DOMAIN="${DOMAIN:-${DOMAIN_FROM_ENV:-}}"
+  fi
 fi
 
 if [ -z "${DOMAIN:-}" ]; then
-  echo "ERROR: DOMAIN is not set. Add DOMAIN=yourdomain.com to .env or export it." >&2
+  echo "ERROR: no domain specified." >&2
+  echo "Usage: $0 <domain>  or set DOMAIN= in .env" >&2
   exit 1
 fi
 
 EMAIL="${LETSENCRYPT_EMAIL:-admin@$DOMAIN}"
-CERTBOT_DIR="./certbot"
 ACME_DIR="/var/www/certbot"
 
-echo "==> Creating certbot directories..."
-mkdir -p "$CERTBOT_DIR/conf" "$CERTBOT_DIR/www"
+echo "==> Obtaining certificate for: $DOMAIN (www.$DOMAIN)"
+echo "    Email: $EMAIL"
 
-echo "==> Ensuring acme-challenge directory exists on host..."
+echo "==> Ensuring acme-challenge directory exists..."
 sudo mkdir -p "$ACME_DIR"
 sudo chmod 755 "$ACME_DIR"
 
@@ -40,23 +46,14 @@ sudo certbot certonly \
     -d "$DOMAIN" \
     -d "www.$DOMAIN"
 
-echo "==> Copying certificates to project directory..."
-sudo cp "/etc/letsencrypt/live/$DOMAIN/fullchain.pem" "$CERTBOT_DIR/conf/fullchain.pem"
-sudo cp "/etc/letsencrypt/live/$DOMAIN/privkey.pem" "$CERTBOT_DIR/conf/privkey.pem"
-sudo chown "$(whoami):$(whoami)" "$CERTBOT_DIR/conf"/*.pem
-
-echo "==> Done! TLS certificate installed for $DOMAIN"
 echo ""
-echo "Regenerate nginx config from template:"
-echo "  DOMAIN=$DOMAIN envsubst '\$DOMAIN' < nginx/nginx.conf.template > nginx/nginx.conf"
+echo "==> Certificate obtained for $DOMAIN"
+echo "    /etc/letsencrypt/live/$DOMAIN/fullchain.pem"
+echo "    /etc/letsencrypt/live/$DOMAIN/privkey.pem"
 echo ""
-echo "Certificate files:"
-echo "  - $CERTBOT_DIR/conf/fullchain.pem"
-echo "  - $CERTBOT_DIR/conf/privkey.pem"
+echo "==> Generate nginx config and reload:"
+echo "    sudo ./scripts/generate-nginx-conf.sh $DOMAIN"
+echo "    sudo nginx -t && sudo systemctl reload nginx"
 echo ""
-echo "Configure nginx:"
-echo "  ssl_certificate $CERTBOT_DIR/conf/fullchain.pem;"
-echo "  ssl_certificate_key $CERTBOT_DIR/conf/privkey.pem;"
-echo ""
-echo "Set up auto-renewal with: sudo crontab -e"
-echo "Add: 0 3 * * * certbot renew --quiet && systemctl reload nginx"
+echo "==> Auto-renewal (add to /etc/cron.d/certbot if not already present):"
+echo "    0 3 * * * root certbot renew --quiet && systemctl reload nginx"