Skip to content

Commit

Permalink
PMM-12738-fix-certificate-conf (#2704)
Browse files Browse the repository at this point in the history 
* PMM-12738 don't fail if /srv/nginx isn't writable.

* PMM-12738 error message for each certificate file.

* PMM-12738 Print all errors together.

* PMM-12738 remove else.

* PMM-12738 a few improvements.

* PMM-12738 style improvements.
  • Loading branch information
@BupycHuk
BupycHuk authored Jan 18, 2024
1 parent 63c1e0f commit 52ce0d7
Showing 1 changed file with 36 additions and 2 deletions.
38 changes: 36 additions & 2 deletions update/ansible/playbook/tasks/roles/nginx/files/ssl/generate-ssl-certificate
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,40 @@ set -o errexit

mkdir -p /srv/nginx

# Check if /srv/nginx is writable
# if not, check if the user provided the certificate files and use them.
if [ ! -w "/srv/nginx" ]; then
echo "Directory /srv/nginx is not writable";
error=false
if [ ! -e /srv/nginx/certificate.key ]; then
echo "The file /srv/nginx/certificate.key does not exist." >&2
error=true
fi

if [ ! -e /srv/nginx/certificate.crt ]; then
echo "The file /srv/nginx/certificate.crt does not exist." >&2
error=true
fi

if [ ! -e /srv/nginx/ca-certs.pem ]; then
echo "The file /srv/nginx/ca-certs.pem does not exist." >&2
error=true
fi

if [ ! -e /srv/nginx/dhparam.pem ]; then
echo "The file /srv/nginx/dhparam.pem does not exist." >&2
error=true
fi

if [ "$error" = true ]; then
echo "Exiting due to missing file(s)." >&2
exit 1;
fi

echo "Using user provided certificate.";
exit 0;
fi

if [ ! -e /srv/nginx/dhparam.pem ]; then
cp /etc/nginx/ssl/dhparam.pem /srv/nginx/dhparam.pem
fi
Expand All @@ -17,8 +51,8 @@ if [ ! -e /srv/nginx/certificate.conf ]; then
cp /etc/nginx/ssl/certificate.conf /srv/nginx/certificate.conf
fi

if [ ! -e /srv/nginx/certificate.key -o ! -e /srv/nginx/certificate.crt ]; then
if [ ! -e /etc/nginx/ssl/certificate.key -o ! -e /etc/nginx/ssl/certificate.crt ]; then
if [ ! -e /srv/nginx/certificate.key ] || [ ! -e /srv/nginx/certificate.crt ]; then
if [ ! -e /etc/nginx/ssl/certificate.key ] || [ ! -e /etc/nginx/ssl/certificate.crt ]; then
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/nginx/ssl/certificate.key \
-out /etc/nginx/ssl/certificate.crt \
Expand Down

0 comments on commit 52ce0d7

Please sign in to comment.