diff --git a/scripts/generate-nginx-conf.sh b/scripts/generate-nginx-conf.sh index 3a31cd7..c02f188 100755 --- a/scripts/generate-nginx-conf.sh +++ b/scripts/generate-nginx-conf.sh @@ -2,9 +2,10 @@ # Generate an nginx site config for one domain from the template. # # Usage: -# sudo ./scripts/generate-nginx-conf.sh мои-товары.рф # sudo ./scripts/generate-nginx-conf.sh my-products.ru +# sudo ./scripts/generate-nginx-conf.sh xn----8sbfwtmcso8g.xn--p1ai # +# For IDN/Cyrillic domains, pass the punycode form. # Writes to /etc/nginx/sites-available/.conf and symlinks to sites-enabled. # If no argument is given, DOMAIN is read from .env. @@ -30,26 +31,11 @@ if [ -z "${DOMAIN:-}" ]; then exit 1 fi -# Convert IDN/Cyrillic domain to punycode for cert paths and server_name -PUNYCODE=$(python3 -c " -import sys -d = sys.argv[1] -try: - parts = d.split('.') - print('.'.join(p.encode('idna').decode('ascii') for p in parts)) -except Exception: - print(d) -" "$DOMAIN" 2>/dev/null || echo "$DOMAIN") +CONF_FILE="/etc/nginx/sites-available/${DOMAIN}.conf" +ENABLED_LINK="/etc/nginx/sites-enabled/${DOMAIN}.conf" -if [ "$PUNYCODE" != "$DOMAIN" ]; then - echo "==> IDN domain detected: $DOMAIN → $PUNYCODE" -fi - -CONF_FILE="/etc/nginx/sites-available/${PUNYCODE}.conf" -ENABLED_LINK="/etc/nginx/sites-enabled/${PUNYCODE}.conf" - -echo "==> Generating nginx config for: $DOMAIN ($PUNYCODE)" -DOMAIN="$PUNYCODE" envsubst '$DOMAIN' < "$TEMPLATE" | sudo tee "$CONF_FILE" > /dev/null +echo "==> Generating nginx config for: $DOMAIN" +DOMAIN="$DOMAIN" envsubst '$DOMAIN' < "$TEMPLATE" | sudo tee "$CONF_FILE" > /dev/null if [ ! -L "$ENABLED_LINK" ]; then sudo ln -s "$CONF_FILE" "$ENABLED_LINK" @@ -63,5 +49,4 @@ sudo nginx -t echo "" echo "==> Config written to: $CONF_FILE" -echo " Cert path: /etc/letsencrypt/live/$PUNYCODE/" echo " Reload nginx to apply: sudo systemctl reload nginx" diff --git a/scripts/init-letsencrypt.sh b/scripts/init-letsencrypt.sh index 5314dc4..d15b296 100755 --- a/scripts/init-letsencrypt.sh +++ b/scripts/init-letsencrypt.sh @@ -2,9 +2,10 @@ # Obtain a TLS certificate from Let's Encrypt for one domain. # # Usage: -# sudo ./scripts/init-letsencrypt.sh мои-товары.рф # sudo ./scripts/init-letsencrypt.sh my-products.ru +# sudo ./scripts/init-letsencrypt.sh xn----8sbfwtmcso8g.xn--p1ai # +# For IDN/Cyrillic domains, pass the punycode form (certbot requires ASCII). # If no argument is given, DOMAIN is read from .env. # Run once per domain on first deploy. @@ -29,21 +30,6 @@ fi EMAIL="${LETSENCRYPT_EMAIL:-admin@$DOMAIN}" ACME_DIR="/var/www/certbot" -# Convert IDN/Cyrillic domain to punycode (certbot requires ASCII) -PUNYCODE=$(python3 -c " -import sys -d = sys.argv[1] -try: - parts = d.split('.') - print('.'.join(p.encode('idna').decode('ascii') for p in parts)) -except Exception: - print(d) -" "$DOMAIN" 2>/dev/null || echo "$DOMAIN") - -if [ "$PUNYCODE" != "$DOMAIN" ]; then - echo "==> IDN domain detected: $DOMAIN → $PUNYCODE" -fi - echo "==> Obtaining certificate for: $DOMAIN (www.$DOMAIN)" echo " Email: $EMAIL" @@ -58,13 +44,13 @@ sudo certbot certonly \ --email "$EMAIL" \ --agree-tos \ --no-eff-email \ - -d "$PUNYCODE" \ - -d "www.$PUNYCODE" + -d "$DOMAIN" \ + -d "www.$DOMAIN" echo "" echo "==> Certificate obtained for $DOMAIN" -echo " /etc/letsencrypt/live/$PUNYCODE/fullchain.pem" -echo " /etc/letsencrypt/live/$PUNYCODE/privkey.pem" +echo " /etc/letsencrypt/live/$DOMAIN/fullchain.pem" +echo " /etc/letsencrypt/live/$DOMAIN/privkey.pem" echo "" echo "==> Generate nginx config and reload:" echo " sudo ./scripts/generate-nginx-conf.sh $DOMAIN"