refactor: remove IDN auto-conversion, pass punycode directly to TLS scripts

Simpler than auto-converting: just pass xn----8sbfwtmcso8g.xn--p1ai directly. Updated usage comments in both scripts to reflect this. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-13 14:07:29 +03:00
parent dbb1f48da7
commit ff32812b61
2 changed files with 12 additions and 41 deletions
--- a/scripts/generate-nginx-conf.sh
+++ b/scripts/generate-nginx-conf.sh
@@ -2,9 +2,10 @@
 # Generate an nginx site config for one domain from the template.
 #
 # Usage:
-#   sudo ./scripts/generate-nginx-conf.sh мои-товары.рф
 #   sudo ./scripts/generate-nginx-conf.sh my-products.ru
+#   sudo ./scripts/generate-nginx-conf.sh xn----8sbfwtmcso8g.xn--p1ai
 #
+# For IDN/Cyrillic domains, pass the punycode form.
 # Writes to /etc/nginx/sites-available/<domain>.conf and symlinks to sites-enabled.
 # If no argument is given, DOMAIN is read from .env.

@@ -30,26 +31,11 @@ if [ -z "${DOMAIN:-}" ]; then
  exit 1
 fi

-# Convert IDN/Cyrillic domain to punycode for cert paths and server_name
-PUNYCODE=$(python3 -c "
-import sys
-d = sys.argv[1]
-try:
-    parts = d.split('.')
-    print('.'.join(p.encode('idna').decode('ascii') for p in parts))
-except Exception:
-    print(d)
-" "$DOMAIN" 2>/dev/null || echo "$DOMAIN")
+CONF_FILE="/etc/nginx/sites-available/${DOMAIN}.conf"
+ENABLED_LINK="/etc/nginx/sites-enabled/${DOMAIN}.conf"

-if [ "$PUNYCODE" != "$DOMAIN" ]; then
-  echo "==> IDN domain detected: $DOMAIN → $PUNYCODE"
-fi
-
-CONF_FILE="/etc/nginx/sites-available/${PUNYCODE}.conf"
-ENABLED_LINK="/etc/nginx/sites-enabled/${PUNYCODE}.conf"
-
-echo "==> Generating nginx config for: $DOMAIN ($PUNYCODE)"
-DOMAIN="$PUNYCODE" envsubst '$DOMAIN' < "$TEMPLATE" | sudo tee "$CONF_FILE" > /dev/null
+echo "==> Generating nginx config for: $DOMAIN"
+DOMAIN="$DOMAIN" envsubst '$DOMAIN' < "$TEMPLATE" | sudo tee "$CONF_FILE" > /dev/null

 if [ ! -L "$ENABLED_LINK" ]; then
  sudo ln -s "$CONF_FILE" "$ENABLED_LINK"
@@ -63,5 +49,4 @@ sudo nginx -t

 echo ""
 echo "==> Config written to: $CONF_FILE"
-echo "    Cert path: /etc/letsencrypt/live/$PUNYCODE/"
 echo "    Reload nginx to apply: sudo systemctl reload nginx"