From ddc3dc0a9705a6cc90026fe767a827de96ec38fc Mon Sep 17 00:00:00 2001 From: mguschin Date: Wed, 13 May 2026 14:08:11 +0300 Subject: [PATCH] refactor: nginx.conf is source of truth, drop generate script and template MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit nginx/nginx.conf is symlinked directly into system nginx config. No need for a per-domain generate script or template — edit the file, run nginx -t && systemctl reload nginx. Co-Authored-By: Claude Sonnet 4.6 --- nginx/nginx.conf | 4 --- nginx/nginx.conf.template | 36 ----------------------- scripts/generate-nginx-conf.sh | 52 ---------------------------------- 3 files changed, 92 deletions(-) delete mode 100644 nginx/nginx.conf.template delete mode 100755 scripts/generate-nginx-conf.sh diff --git a/nginx/nginx.conf b/nginx/nginx.conf index 1675f39..3791f19 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -1,7 +1,3 @@ -# Generated from nginx.conf.template — do not edit directly. -# Regenerate per domain: sudo ./scripts/generate-nginx-conf.sh -# This file is kept as a reference only; production uses sites-available/*.conf - upstream web { server 127.0.0.1:8080; } diff --git a/nginx/nginx.conf.template b/nginx/nginx.conf.template deleted file mode 100644 index fcb9985..0000000 --- a/nginx/nginx.conf.template +++ /dev/null @@ -1,36 +0,0 @@ -upstream web { - server 127.0.0.1:8080; -} - -server { - listen 80; - server_name ${DOMAIN} www.${DOMAIN}; - - location /.well-known/acme-challenge/ { - root /var/www/certbot; - } - - location / { - return 301 https://$host$request_uri; - } -} - -server { - listen 443 ssl; - server_name ${DOMAIN} www.${DOMAIN}; - - ssl_certificate /etc/letsencrypt/live/${DOMAIN}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/${DOMAIN}/privkey.pem; - - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers HIGH:!aNULL:!MD5; - ssl_prefer_server_ciphers on; - - location / { - proxy_pass http://web; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } -} diff --git a/scripts/generate-nginx-conf.sh b/scripts/generate-nginx-conf.sh deleted file mode 100755 index c02f188..0000000 --- a/scripts/generate-nginx-conf.sh +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/bash -# Generate an nginx site config for one domain from the template. -# -# Usage: -# sudo ./scripts/generate-nginx-conf.sh my-products.ru -# sudo ./scripts/generate-nginx-conf.sh xn----8sbfwtmcso8g.xn--p1ai -# -# For IDN/Cyrillic domains, pass the punycode form. -# Writes to /etc/nginx/sites-available/.conf and symlinks to sites-enabled. -# If no argument is given, DOMAIN is read from .env. - -set -euo pipefail - -SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" -REPO_DIR="$(dirname "$SCRIPT_DIR")" -TEMPLATE="$REPO_DIR/nginx/nginx.conf.template" - -# ── resolve domain ──────────────────────────────────────────────────────────── -if [ -n "${1:-}" ]; then - DOMAIN="$1" -else - if [ -f "$REPO_DIR/.env" ]; then - DOMAIN_FROM_ENV=$(grep -E '^DOMAIN=' "$REPO_DIR/.env" | cut -d= -f2- | tr -d '"'"'" | head -1) - DOMAIN="${DOMAIN:-${DOMAIN_FROM_ENV:-}}" - fi -fi - -if [ -z "${DOMAIN:-}" ]; then - echo "ERROR: no domain specified." >&2 - echo "Usage: $0 or set DOMAIN= in .env" >&2 - exit 1 -fi - -CONF_FILE="/etc/nginx/sites-available/${DOMAIN}.conf" -ENABLED_LINK="/etc/nginx/sites-enabled/${DOMAIN}.conf" - -echo "==> Generating nginx config for: $DOMAIN" -DOMAIN="$DOMAIN" envsubst '$DOMAIN' < "$TEMPLATE" | sudo tee "$CONF_FILE" > /dev/null - -if [ ! -L "$ENABLED_LINK" ]; then - sudo ln -s "$CONF_FILE" "$ENABLED_LINK" - echo "==> Symlinked to sites-enabled" -else - echo "==> Symlink already exists in sites-enabled" -fi - -echo "==> Testing nginx config..." -sudo nginx -t - -echo "" -echo "==> Config written to: $CONF_FILE" -echo " Reload nginx to apply: sudo systemctl reload nginx"