misc fixes

fredrikekre · fredrikekre · commit d4868302c06c · 2025-05-22T13:14:07.000+02:00
diff --git a/src/scripts/run_certbot.sh b/src/scripts/run_certbot.sh
@@ -8,16 +8,15 @@ info "Starting certificate renewal process"
 
 # If we have a config file we parse it and let definitions within take
 # precedence over any environment variables.
-config_file="${NGINX_CERTBOT_CONFIG_FILE:-/etc/nginx-certbot/config.yml}"
-if [ -f "${config_file}" ]; then
-    certbot_authenticator="$(shyaml get-value certbot.authenticator '' < "${config_file}")"
-    certbot_elliptic_curve="$(shyaml get-value certbot.elliptic-curve '' < "${config_file}")"
-    certbot_email="$(shyaml get-value certbot.email '' < "${config_file}")"
-    certbot_key_type="$(shyaml get-value certbot.key-type '' < "${config_file}")"
-    certbot_rsa_key_size="$(shyaml get-value certbot.rsa-key-size '' < "${config_file}")"
-    certbot_staging="$(shyaml get-value certbot.staging '' < "${config_file}")"
-    certbot_production_url="$(shyaml get-value certbot.production_url '' < "${config_file}")"
-    certbot_staging_url="$(shyaml get-value certbot.staging_url '' < "${config_file}")"
+if [ -f "${CONFIG_FILE}" ]; then
+    certbot_authenticator="$(shyaml get-value certbot.authenticator '' < "${CONFIG_FILE}")"
+    certbot_elliptic_curve="$(shyaml get-value certbot.elliptic-curve '' < "${CONFIG_FILE}")"
+    certbot_email="$(shyaml get-value certbot.email '' < "${CONFIG_FILE}")"
+    certbot_key_type="$(shyaml get-value certbot.key-type '' < "${CONFIG_FILE}")"
+    certbot_rsa_key_size="$(shyaml get-value certbot.rsa-key-size '' < "${CONFIG_FILE}")"
+    certbot_staging="$(shyaml get-value certbot.staging '' < "${CONFIG_FILE}")"
+    certbot_production_url="$(shyaml get-value certbot.production_url '' < "${CONFIG_FILE}")"
+    certbot_staging_url="$(shyaml get-value certbot.staging_url '' < "${CONFIG_FILE}")"
 fi
 
 # Environment variable fallbacks
@@ -135,19 +134,19 @@ get_certificate() {
 # If we have a config file we request certificates based on the specifications
 # within that file otherwise we parse the nginx config files to automatically
 # discover certificate names, key types, authenticators, and domains.
-if [ -f "${config_file}" ]; then
-    debug "Using config file '${config_file}' for certificate specifications"
+if [ -f "${CONFIG_FILE}" ]; then
+    debug "Using config file '${CONFIG_FILE}' for certificate specifications"
     # Loop over the certificates array and request the certificates
     while read -r -d '' cert; do
         debug "Parsing certificate specification"
 
-        # cert-name (required)
-        cert_name="$(shyaml get-value cert-name '' <<<"${cert}")"
+        # name (required)
+        cert_name="$(shyaml get-value name '' <<<"${cert}")"
         if [ -z "${cert_name}" ]; then
-            error "'cert-name' is missing; ignoring this certificate specification"
+            error "'name' is missing; ignoring this certificate specification"
             continue
         fi
-        debug "Certificate cert-name is: ${cert_name}"
+        debug "Certificate name is: ${cert_name}"
 
         # domains (required)
         domains=()
@@ -190,7 +189,7 @@ if [ -f "${config_file}" ]; then
         if ! get_certificate "${cert_name}" "${domain_request}" "${key_type}" "${authenticator}" "${rsa_key_size}" "${elliptic_curve}" "${credentials}"; then
             error "Certbot failed for '${cert_name}'. Check the logs for details."
         fi
-    done < <(shyaml -y get-values-0 certificates '' < ${config_file})
+    done < <(shyaml -y get-values-0 certificates '' < "${CONFIG_FILE}")
 else
     debug "Using automatic discovery of nginx conf file for certificate specifications"
     # This will return an associative array that looks something like this:
diff --git a/src/scripts/start_nginx_certbot.sh b/src/scripts/start_nginx_certbot.sh
@@ -21,6 +21,39 @@ trap "clean_exit" EXIT
 # Source "util.sh" so we can have our nice tools.
 . "$(cd "$(dirname "$0")"; pwd)/util.sh"
 
+# Configuration file
+if [ -n "${NGINX_CERTBOT_CONFIG_FILE}" ] && [ ! -f "${NGINX_CERTBOT_CONFIG_FILE}" ]; then
+    # If the variable is set but the file doesn't exist we error out since this
+    # is most likely a user error.
+    error "NGINX_CERTBOT_CONFIG_FILE is configured but '${NGINX_CERTBOT_CONFIG_FILE}' does not exist, exiting"
+    exit 1
+fi
+export CONFIG_FILE="${NGINX_CERTBOT_CONFIG_FILE:-/etc/nginx-certbot/config.yml}"
+
+# If the config file exist we extract configuration from it and override any corresponding environment variables:
+#   - nginx-certbot.debug overrides DEBUG
+#   - nginx-certbot.dhparam-size overrides DHPARAM_SIZE
+#   - nginx-certbot.renewal-interval overrides RENEWAL_INTERVAL
+if [ -f "${CONFIG_FILE}" ]; then
+    debug "Configuration file '${CONFIG_FILE}' exist."
+    YAML_DEBUG=$(shyaml get-value nginx-certbot.debug '' < "${CONFIG_FILE}")
+    if [ "${YAML_DEBUG}" == "True" ] || [ "${YAML_DEBUG}" == "1" ]; then
+        export DEBUG=1
+    elif [ "${YAML_DEBUG}" == "False" ] || [ "${YAML_DEBUG}" == "0" ]; then
+        export DEBUG=0
+    fi
+    YAML_DHPARAM_SIZE=$(shyaml get-value nginx-certbot.dhparam-size '' < "${CONFIG_FILE}")
+    if [ -n "${YAML_DHPARAM_SIZE}" ]; then
+        export DHPARAM_SIZE=${YAML_DHPARAM_SIZE}
+    fi
+    YAML_RENEWAL_INTERVAL=$(shyaml get-value nginx-certbot.renewal-interval '' < "${CONFIG_FILE}")
+    if [ -n "${YAML_RENEWAL_INTERVAL}" ]; then
+        export RENEWAL_INTERVAL=${YAML_RENEWAL_INTERVAL}
+    fi
+else
+    debug "Configuration file '${CONFIG_FILE}' doesn't exist. Falling back to environment variables and default values."
+fi
+
 # If the environment variable `DEBUG=1` is set, then this message is printed.
 debug "Debug messages are enabled"
 
