thib8956/nginx-proxy
1
0
Fork 0
mirror of https://github.com/thib8956/nginx-proxy synced 2025-02-24 01:38:15 +00:00
Code Issues Releases Wiki Activity

fix: wildcard certificates should only work one level deep

Browse Source
This commit is contained in:
Nicolas Duchon 2024-12-07 19:33:53 +01:00
parent b6c8851794
commit 271e31dec4
1 changed files with 18 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
nginx.tmpl
View File

@ -688,13 +688,25 @@ proxy_set_header Proxy "";
{{ $vhost_containers = concat $vhost_containers $vpath_containers }} {{ $vhost_containers = concat $vhost_containers $vpath_containers }}
{{- end }} {{- end }}
{{- $certName := groupByKeys $vhost_containers "Env.CERT_NAME" | first }} {{- $userIdentifiedCert := groupByKeys $vhost_containers "Env.CERT_NAME" | first }}
{{- $vhostCert := closest (dir "/etc/nginx/certs") (printf "%s.crt" $hostname) }}
{{- $vhostCert = trimSuffix ".crt" $vhostCert }} {{- $vhostCert := "" }}
{{- $vhostCert = trimSuffix ".key" $vhostCert }} {{- if exists (printf "/etc/nginx/certs/%s.crt" $hostname) }}
{{- $vhostCert = $hostname }}
{{- end }}
{{- $parentVhostCert := "" }}
{{- if gt ($hostname | sprigSplit "." | len) 2 }}
{{- $parentHostname := ($hostname | sprigSplitn "." 2)._1 }}
{{- if exists (printf "/etc/nginx/certs/%s.crt" $parentHostname) }}
{{- $parentVhostCert = $parentHostname }}
{{- end }}
{{- end }}
{{- $trust_default_cert := groupByLabel $vhost_containers "com.github.nginx-proxy.nginx-proxy.trust-default-cert" | keys | first | default $globals.config.trust_default_cert | parseBool }} {{- $trust_default_cert := groupByLabel $vhost_containers "com.github.nginx-proxy.nginx-proxy.trust-default-cert" | keys | first | default $globals.config.trust_default_cert | parseBool }}
{{- $cert := and $trust_default_cert $globals.config.default_cert_ok | ternary "default" "" }} {{- $defaultCert := and $trust_default_cert $globals.config.default_cert_ok | ternary "default" "" }}
{{- $cert = or $certName $vhostCert $cert }}
{{- $cert := or $userIdentifiedCert $vhostCert $parentVhostCert $defaultCert }}
{{- $cert_ok := and (ne $cert "") (exists (printf "/etc/nginx/certs/%s.crt" $cert)) (exists (printf "/etc/nginx/certs/%s.key" $cert)) }} {{- $cert_ok := and (ne $cert "") (exists (printf "/etc/nginx/certs/%s.crt" $cert)) (exists (printf "/etc/nginx/certs/%s.key" $cert)) }}
{{- $enable_debug_endpoint := groupByLabel $vhost_containers "com.github.nginx-proxy.nginx-proxy.debug-endpoint" | keys | first | default $globals.config.enable_debug_endpoint | parseBool }} {{- $enable_debug_endpoint := groupByLabel $vhost_containers "com.github.nginx-proxy.nginx-proxy.debug-endpoint" | keys | first | default $globals.config.enable_debug_endpoint | parseBool }}