diff options
| author | Wojtek Kosior <koszko@koszko.org> | 2023-05-03 15:58:57 +0200 |
|---|---|---|
| committer | Wojtek Kosior <koszko@koszko.org> | 2023-05-03 21:30:50 +0200 |
| commit | 73cc7aac7d7bd5ee01cad2b9ed34af31345bde3d (patch) | |
| tree | 503dd0300a1b821748cd4d4dd556bd95a095f744 | |
| parent | df169417f73b2f7fcde8295fb289c923ff279c84 (diff) | |
| download | koszko-org-server-73cc7aac7d7bd5ee01cad2b9ed34af31345bde3d.tar.gz koszko-org-server-73cc7aac7d7bd5ee01cad2b9ed34af31345bde3d.zip | |
make certbot functional
| -rw-r--r-- | container.scm | 15 |
1 files changed, 6 insertions, 9 deletions
diff --git a/container.scm b/container.scm index 480a747..5eead94 100644 --- a/container.scm +++ b/container.scm @@ -102,8 +102,7 @@ (httpd-directive 'Redirect 'permanent "/" (format #f "https://~a/" name))) ,(httpd-directive - 'Alias "/.well-known/acme-challenge" - (string-append "/srv/http/acme-challenge/" name)) + 'Alias "/.well-known/acme-challenge" "/srv/http/acme-challenge/") ,@body))))) (define (make-virtualhosts koszko-site-conf-record) @@ -243,6 +242,7 @@ 'ProxyPassReverse "/projects/haketilo" "http://10.207.87.1:21011/projects/hachette") + ,(httpd-directive 'ProxyPass "/.well-known/acme-challenge/" "!") ,(httpd-directive 'ProxyPass "/" "http://10.207.87.1:21011/") ,(httpd-directive 'ProxyPassReverse "/" "http://10.207.87.1:21011/"))))) @@ -372,8 +372,7 @@ (kill pid SIGHUP)))) (define %certbot-token-filename-gexp - #~(format "/srv/http/acme-challenge/~a/~a" - (getenv "CERTBOT_DOMAIN") (getenv "CERTBOT_TOKEN"))) + #~(format #f "/srv/http/acme-challenge/~a" (getenv "CERTBOT_TOKEN"))) (define %koszko-certbot-auth-hook (program-file @@ -383,16 +382,13 @@ (use-modules (guix build utils)) (let ((filename #$%certbot-token-filename-gexp)) (mkdir-p (dirname filename)) - (call-with-output-file filename + (with-output-to-file filename (lambda () (display (getenv "CERTBOT_VALIDATION"))))))))) (define %koszko-certbot-cleanup-hook (program-file "cert-cleanup-hook" - (with-imported-modules '((guix build utils)) - #~(begin - (use-modules (guix build utils)) - (delete-file-recursively (dirname #$%certbot-token-filename-gexp)))))) + #~(delete-file #$%certbot-token-filename-gexp))) (define %koszko-certbot-service (service @@ -414,6 +410,7 @@ (let ((www-aliases (map (cut string-append "www." <>) (if auto-www-aliases name-and-aliases '())))) (certificate-configuration + (challenge "http") (domains (append name-and-aliases www-aliases)) (authentication-hook %koszko-certbot-auth-hook) (cleanup-hook %koszko-certbot-cleanup-hook) |