diff --git a/nginx/nginx.conf b/nginx/nginx.conf index 8cfb24c..1675f39 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -10,7 +10,7 @@ upstream web { server { listen 80; - server_name xn--e1afmapc4af.xn--p1af www.xn--e1afmapc4af.xn--p1af; + server_name xn----8sbfwtmcso8g.xn--p1ai www.xn----8sbfwtmcso8g.xn--p1ai; location /.well-known/acme-challenge/ { root /var/www/certbot; @@ -23,10 +23,10 @@ server { server { listen 443 ssl; - server_name xn--e1afmapc4af.xn--p1af www.xn--e1afmapc4af.xn--p1af; + server_name xn----8sbfwtmcso8g.xn--p1ai www.xn----8sbfwtmcso8g.xn--p1ai; - ssl_certificate /etc/letsencrypt/live/xn--e1afmapc4af.xn--p1af/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/xn--e1afmapc4af.xn--p1af/privkey.pem; + ssl_certificate /etc/letsencrypt/live/xn----8sbfwtmcso8g.xn--p1ai/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/xn----8sbfwtmcso8g.xn--p1ai/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; diff --git a/scripts/generate-nginx-conf.sh b/scripts/generate-nginx-conf.sh index a747693..3a31cd7 100755 --- a/scripts/generate-nginx-conf.sh +++ b/scripts/generate-nginx-conf.sh @@ -30,11 +30,26 @@ if [ -z "${DOMAIN:-}" ]; then exit 1 fi -CONF_FILE="/etc/nginx/sites-available/${DOMAIN}.conf" -ENABLED_LINK="/etc/nginx/sites-enabled/${DOMAIN}.conf" +# Convert IDN/Cyrillic domain to punycode for cert paths and server_name +PUNYCODE=$(python3 -c " +import sys +d = sys.argv[1] +try: + parts = d.split('.') + print('.'.join(p.encode('idna').decode('ascii') for p in parts)) +except Exception: + print(d) +" "$DOMAIN" 2>/dev/null || echo "$DOMAIN") -echo "==> Generating nginx config for: $DOMAIN" -DOMAIN="$DOMAIN" envsubst '$DOMAIN' < "$TEMPLATE" | sudo tee "$CONF_FILE" > /dev/null +if [ "$PUNYCODE" != "$DOMAIN" ]; then + echo "==> IDN domain detected: $DOMAIN → $PUNYCODE" +fi + +CONF_FILE="/etc/nginx/sites-available/${PUNYCODE}.conf" +ENABLED_LINK="/etc/nginx/sites-enabled/${PUNYCODE}.conf" + +echo "==> Generating nginx config for: $DOMAIN ($PUNYCODE)" +DOMAIN="$PUNYCODE" envsubst '$DOMAIN' < "$TEMPLATE" | sudo tee "$CONF_FILE" > /dev/null if [ ! -L "$ENABLED_LINK" ]; then sudo ln -s "$CONF_FILE" "$ENABLED_LINK" @@ -48,4 +63,5 @@ sudo nginx -t echo "" echo "==> Config written to: $CONF_FILE" +echo " Cert path: /etc/letsencrypt/live/$PUNYCODE/" echo " Reload nginx to apply: sudo systemctl reload nginx"