fix: correct punycode for мои-товары.рф and add IDN support to generate-nginx-conf.sh

xn--e1afmapc4af.xn--p1af was wrong; correct punycode is xn----8sbfwtmcso8g.xn--p1ai. generate-nginx-conf.sh now converts IDN domains to punycode before expanding the template, so cert paths and server_name directives are always ASCII-safe. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-13 14:06:54 +03:00
parent 23e175d9a8
commit dbb1f48da7
2 changed files with 24 additions and 8 deletions
--- a/scripts/generate-nginx-conf.sh
+++ b/scripts/generate-nginx-conf.sh
@@ -30,11 +30,26 @@ if [ -z "${DOMAIN:-}" ]; then
  exit 1
 fi

-CONF_FILE="/etc/nginx/sites-available/${DOMAIN}.conf"
-ENABLED_LINK="/etc/nginx/sites-enabled/${DOMAIN}.conf"
+# Convert IDN/Cyrillic domain to punycode for cert paths and server_name
+PUNYCODE=$(python3 -c "
+import sys
+d = sys.argv[1]
+try:
+    parts = d.split('.')
+    print('.'.join(p.encode('idna').decode('ascii') for p in parts))
+except Exception:
+    print(d)
+" "$DOMAIN" 2>/dev/null || echo "$DOMAIN")

-echo "==> Generating nginx config for: $DOMAIN"
-DOMAIN="$DOMAIN" envsubst '$DOMAIN' < "$TEMPLATE" | sudo tee "$CONF_FILE" > /dev/null
+if [ "$PUNYCODE" != "$DOMAIN" ]; then
+  echo "==> IDN domain detected: $DOMAIN → $PUNYCODE"
+fi
+
+CONF_FILE="/etc/nginx/sites-available/${PUNYCODE}.conf"
+ENABLED_LINK="/etc/nginx/sites-enabled/${PUNYCODE}.conf"
+
+echo "==> Generating nginx config for: $DOMAIN ($PUNYCODE)"
+DOMAIN="$PUNYCODE" envsubst '$DOMAIN' < "$TEMPLATE" | sudo tee "$CONF_FILE" > /dev/null

 if [ ! -L "$ENABLED_LINK" ]; then
  sudo ln -s "$CONF_FILE" "$ENABLED_LINK"
@@ -48,4 +63,5 @@ sudo nginx -t

 echo ""
 echo "==> Config written to: $CONF_FILE"
+echo "    Cert path: /etc/letsencrypt/live/$PUNYCODE/"
 echo "    Reload nginx to apply: sudo systemctl reload nginx"