joao.goncalves
/
NgixProxy_Pathfinder
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(ssl): chmod 644 keys to allow modsec access in shared volume

This commit is contained in:
João Pedro Toledo Goncalves 2026-01-27 09:43:57 -03:00
parent 6ddf679e9c
commit 5a73c9a116
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
scripts/renew_ssl.sh
View File

@ -49,12 +49,14 @@ for conf in /etc/nginx/conf.d/*.conf; do
if [ -f "$LE_CERT" ]; then if [ -f "$LE_CERT" ]; then
cp "$LE_CERT" "$CRT_FILE" cp "$LE_CERT" "$CRT_FILE"
chmod 644 "$CRT_FILE"
# Key file assumption: usually same name but .key/privkey.pem # Key file assumption: usually same name but .key/privkey.pem
KEY_FILE=$(grep -E "\s*ssl_certificate_key\s+" "$conf" | sed -r 's/.*ssl_certificate_key\s+(.*);/\1/' | head -n 1) KEY_FILE=$(grep -E "\s*ssl_certificate_key\s+" "$conf" | sed -r 's/.*ssl_certificate_key\s+(.*);/\1/' | head -n 1)
if [ -f "$KEY_FILE" ]; then if [ -f "$KEY_FILE" ]; then
# If key path is found, copy it # If key path is found, copy it
cp "$LE_KEY" "$KEY_FILE" cp "$LE_KEY" "$KEY_FILE"
chmod 644 "$KEY_FILE"
else else
# Fallback: try to derive key path from cert path if variable is empty # Fallback: try to derive key path from cert path if variable is empty
# (This handles edge cases where parsing failed but cert existed) # (This handles edge cases where parsing failed but cert existed)
@ -89,6 +91,8 @@ for conf in /etc/nginx/conf.d/*.conf; do
-out "$CRT_FILE" \ -out "$CRT_FILE" \
-subj "/C=BR/ST=SP/L=Bootstrap/O=ITGuys/CN=$DOMAIN" -subj "/C=BR/ST=SP/L=Bootstrap/O=ITGuys/CN=$DOMAIN"
chmod 644 "$KEY_FILE" "$CRT_FILE"
echo "[SSL-Renew] Bootstrap Cert created. Nginx should be able to start." echo "[SSL-Renew] Bootstrap Cert created. Nginx should be able to start."
fi fi
done done