From 9e9cc0c96eeeabf47de8ceaabfe54161d1ad77b5 Mon Sep 17 00:00:00 2001 From: alexanderbeletsky Date: Mon, 5 Aug 2013 18:13:04 +0300 Subject: [PATCH 1/2] issue #138: added wildcard support --- plugins/nginx-vhosts/post-deploy | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/plugins/nginx-vhosts/post-deploy b/plugins/nginx-vhosts/post-deploy index 62106c4c2..9defef21b 100755 --- a/plugins/nginx-vhosts/post-deploy +++ b/plugins/nginx-vhosts/post-deploy @@ -1,6 +1,7 @@ #!/bin/bash set -e APP="$1"; PORT="$2" +WILDCARD_SSL="$HOME/ssl" SSL="$HOME/$APP/ssl" if [[ -f "$HOME/VHOST" ]]; then @@ -12,8 +13,14 @@ if [[ -f "$HOME/VHOST" ]]; then hostname="${APP/\//-}.$VHOST" fi - # ssl based nginx.conf if [[ -f "$SSL/server.crt" ]] && [[ -f "$SSL/server.key" ]]; then + SSL_INUSE="$SSL" + elif [[ -f "$WILDCARD_SSL/server.crt" ]] && [[ -f "$WILDCARD_SSL/server.key" ]]; then + SSL_INUSE="$WILDCARD_SSL" + fi + + # ssl based nginx.conf + if [[ -n "$SSL_INUSE" ]]; then cat< $HOME/$APP/nginx.conf upstream $APP { server 127.0.0.1:$PORT; } server { @@ -27,8 +34,8 @@ server { server_name $hostname; ssl on; - ssl_certificate $SSL/server.crt; - ssl_certificate_key $SSL/server.key; + ssl_certificate $SSL_INUSE/server.crt; + ssl_certificate_key $SSL_INUSE/server.key; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!CAMELLIA; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_prefer_server_ciphers on; From 5ef7b00243eb991f2dd9ced1b3d510d86b9be645 Mon Sep 17 00:00:00 2001 From: alexanderbeletsky Date: Thu, 8 Aug 2013 10:17:39 +0300 Subject: [PATCH 2/2] review comment by @rhy-jot --- plugins/nginx-vhosts/post-deploy | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/nginx-vhosts/post-deploy b/plugins/nginx-vhosts/post-deploy index 9defef21b..8a9d39eac 100755 --- a/plugins/nginx-vhosts/post-deploy +++ b/plugins/nginx-vhosts/post-deploy @@ -15,7 +15,7 @@ if [[ -f "$HOME/VHOST" ]]; then if [[ -f "$SSL/server.crt" ]] && [[ -f "$SSL/server.key" ]]; then SSL_INUSE="$SSL" - elif [[ -f "$WILDCARD_SSL/server.crt" ]] && [[ -f "$WILDCARD_SSL/server.key" ]]; then + elif [[ -f "$WILDCARD_SSL/server.crt" ]] && [[ -f "$WILDCARD_SSL/server.key" ]] && [[ $hostname = `openssl x509 -in $WILDCARD_SSL/server.crt -noout -subject | tr '/' '\n' | grep CN= | cut -c4-` ]]; then SSL_INUSE="$WILDCARD_SSL" fi