- jsonnet — https://github.com/google/jsonnet or https://github.com/google/go-jsonnet
- crossplane — https://github.com/nginxinc/crossplane
Clone this to a directory and cd to that directory, then:
sudo ./fix
Last active
July 11, 2020 18:28
-
-
Save evoL/7a6049beb44e8d7c7b07c0d17f0517fb to your computer and use it in GitHub Desktop.
Fix Synology nginx configs for Let's Encrypt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e | |
| echo "1. Update nginx config" | |
| nginx="/etc/nginx/app.d/server.ReverseProxy.conf" | |
| output=$(./patch-nginx "${nginx}") | |
| cp "${output}" "${nginx}" | |
| echo "2. Reload nginx" | |
| synoservicecfg --reload nginx | |
| echo "3. Renew certificates" | |
| syno-letsencrypt renew-all |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e | |
| if [ $# -lt 1 ]; then | |
| echo "Usage: $0 PATH_TO_SERVER_CONFIG" >&2 | |
| exit 1 | |
| fi | |
| server_config="$1" | |
| if [ ! -f "${server_config}" ]; then | |
| echo "Config file doesn't exist" >&2 | |
| exit 1 | |
| fi | |
| mkdir -p work out | |
| cp "${server_config}" work/servers.conf | |
| cd work | |
| cat <<CONF > nginx.conf | |
| http { | |
| include servers.conf; | |
| } | |
| CONF | |
| crossplane parse -o nginx.libsonnet -i 2 nginx.conf | |
| jsonnet -o nginx_fixed.json ../patch.jsonnet | |
| crossplane build -d ../out -f --no-headers -i 4 nginx_fixed.json | |
| cd .. | |
| echo "out/servers.conf" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| local nginx = import 'work/nginx.libsonnet'; | |
| local isServerName(server, name) = std.member([ | |
| d.args[0] | |
| for d in server.block | |
| if d.directive == 'server_name' | |
| ], name); | |
| local addWebSocketDirectives(list) = [ | |
| if d.directive == 'location' && d.args == ['/'] then | |
| d { | |
| block+: [ | |
| { | |
| directive: 'proxy_set_header', | |
| args: ['Upgrade', '$http_upgrade'], | |
| }, | |
| { | |
| directive: 'proxy_set_header', | |
| args: ['Connection', '$connection_upgrade'], | |
| }, | |
| ], | |
| } | |
| else d | |
| for d in list | |
| ]; | |
| local processServer(server) = server { | |
| block: ( | |
| if isServerName(server, 'box.hirsz.co') then | |
| addWebSocketDirectives(server.block) | |
| else | |
| server.block | |
| ) + [ | |
| // Add the Let's Encrypt override to each server | |
| { | |
| directive: 'location', | |
| args: ['^~', '/.well-known/acme-challenge'], | |
| block: [ | |
| { | |
| directive: 'root', | |
| args: ['/var/lib/letsencrypt'], | |
| }, | |
| { | |
| directive: 'default_type', | |
| args: ['text/plain'], | |
| }, | |
| ], | |
| }, | |
| ], | |
| }; | |
| local processFile(file) = | |
| file + ( | |
| if file.file == 'nginx.conf' then {} else { | |
| parsed: [ | |
| // Add a map for WebSocket stuff | |
| { | |
| directive: 'map', | |
| args: ['$http_upgrade', '$connection_upgrade'], | |
| block: [ | |
| { | |
| directive: 'default', | |
| args: ['upgrade'], | |
| }, | |
| { | |
| directive: '', | |
| args: ['close'], | |
| }, | |
| ], | |
| }, | |
| ] + [ | |
| if d.directive == 'server' then processServer(d) else d | |
| for d in file.parsed | |
| ], | |
| } | |
| ); | |
| nginx { | |
| config: [processFile(file) for file in nginx.config], | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment