diff options
author | Saku Laesvuori <saku@laesvuori.fi> | 2023-04-04 23:43:46 +0300 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2023-06-18 23:12:10 +0200 |
commit | a82130de50d2c84d77492d9aa43e4b7f4b06b4b2 (patch) | |
tree | 1d86d579673c4240d06d6bb8b74d08ee607cfbcf | |
parent | c0921a394dc218c1852679df0cd4d548eb2bb640 (diff) |
services: certbot: Fix nginx crash when certbot is used without domains.
* gnu/services/certbot.scm (certbot-nginx-server-configurations):
Don't return a broken nginx-server-configuration with empty server_name
when no certificate domains are configured. Instead add a separate
server for every certificate, so 0 certificates adds 0 servers.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Reviewed-by: Bruno Victal <mirai@makinata.eu>
-rw-r--r-- | gnu/services/certbot.scm | 32 |
1 files changed, 18 insertions, 14 deletions
diff --git a/gnu/services/certbot.scm b/gnu/services/certbot.scm index 8e6784df2b..0c45471659 100644 --- a/gnu/services/certbot.scm +++ b/gnu/services/certbot.scm @@ -173,20 +173,24 @@ (match-lambda (($ <certbot-configuration> package webroot certificates email server rsa-key-size default-location) - (list - (nginx-server-configuration - (listen '("80" "[::]:80")) - (ssl-certificate #f) - (ssl-certificate-key #f) - (server-name - (apply append (map certificate-configuration-domains certificates))) - (locations - (filter identity - (list - (nginx-location-configuration - (uri "/.well-known") - (body (list (list "root " webroot ";")))) - default-location)))))))) + (define (certificate->nginx-server certificate-configuration) + (match-record certificate-configuration <certificate-configuration> + (domains challenge) + (nginx-server-configuration + (listen '("80" "[::]:80")) + (ssl-certificate #f) + (ssl-certificate-key #f) + (server-name domains) + (locations + (filter identity + (append + (if challenge + '() + (list (nginx-location-configuration + (uri "/.well-known") + (body (list (list "root " webroot ";")))))) + (list default-location))))))) + (map certificate->nginx-server certificates)))) (define certbot-service-type (service-type (name 'certbot) |