dummy.cert

hyperknot · hyperknot · commit f0f7841bb1b8 · 2025-02-28T14:10:09.000+01:00
diff --git a/init-server.py b/init-server.py
@@ -83,6 +83,8 @@ def http_host_autoupdate(hostname, user, port, noninteractive):
     prepare_shared(c)
     prepare_http_host(c)
 
+    run_http_host_sync(c)  # disable for first install if you don't want to wait
+
     put(c, MODULES_DIR / 'http_host' / 'cron.d' / 'ofm_http_host', '/etc/cron.d/')
 
 
diff --git a/modules/http_host/http_host_lib/nginx.py b/modules/http_host/http_host_lib/nginx.py
@@ -47,7 +47,7 @@ def write_nginx_config():
         direct_key = config.certs_dir / 'ofm_direct.key'
 
         if not direct_cert.is_file() or not direct_key.is_file():
-            shutil.copyfile(Path('/etc/nginx/ssl/dummy.crt'), direct_cert)
+            shutil.copyfile(Path('/etc/nginx/ssl/dummy.cert'), direct_cert)
             shutil.copyfile(Path('/etc/nginx/ssl/dummy.key'), direct_key)
 
         curl_text_mix += create_nginx_conf(
diff --git a/ssh_lib/assets/nginx/default_disable.conf b/ssh_lib/assets/nginx/default_disable.conf
@@ -13,7 +13,7 @@ server {
     server_name _;
 
     ssl_ciphers aNULL;
-    ssl_certificate /etc/nginx/ssl/dummy.crt;
+    ssl_certificate /etc/nginx/ssl/dummy.cert;
     ssl_certificate_key /etc/nginx/ssl/dummy.key;
 
     return 444;
diff --git a/ssh_lib/nginx.py b/ssh_lib/nginx.py
@@ -39,14 +39,7 @@ def nginx(c):
     c.sudo('mkdir -p /data/nginx/acme-challenges')
     c.sudo('mkdir -p /data/nginx/certs')
 
-    if not exists(c, '/etc/nginx/ssl/dummy.crt'):
-        c.sudo('mkdir -p /etc/nginx/ssl')
-        c.sudo(
-            'openssl req -x509 -nodes -days 365 -newkey rsa:2048 '
-            '-keyout /etc/nginx/ssl/dummy.key -out /etc/nginx/ssl/dummy.crt '
-            '-subj "/C=US/ST=Dummy/L=Dummy/O=Dummy/CN=example.com"',
-            hide=True,
-        )
+    generate_self_signed_cert(c)
 
     put(c, f'{ASSETS_DIR}/nginx/nginx.conf', '/etc/nginx/')
     put(c, f'{ASSETS_DIR}/nginx/mime.types', '/etc/nginx/')
@@ -88,3 +81,14 @@ def lego(c):
     c.sudo('chmod +x /tmp/lego/lego')
     c.sudo('mv /tmp/lego/lego /usr/local/bin')
     c.sudo('rm -rf /tmp/lego*')
+
+
+def generate_self_signed_cert(c):
+    if not exists(c, '/etc/nginx/ssl/dummy.cert'):
+        c.sudo('mkdir -p /etc/nginx/ssl')
+        c.sudo(
+            'openssl req -x509 -nodes -days 365 -newkey rsa:2048 '
+            '-keyout /etc/nginx/ssl/dummy.key -out /etc/nginx/ssl/dummy.cert '
+            '-subj "/C=US/ST=Dummy/L=Dummy/O=Dummy/CN=example.com"',
+            hide=True,
+        )
