add option, fix nginx

diff --git a/web-conf b/web-conf
index 977c8cfb38166ec6099e56999502594eb159c50d..38dce524cf0153ff47c5592b6d5246802a86b69b 100755 (executable)
--- a/web-conf
+++ b/web-conf
@@ -43,6 +43,7 @@ distro-setup, and log-quiet.
 EXTRA_SETTINGS_FILE can be - for stdin
 -a IPv4_ADDR      IP address to listen on. Default all addresses.
                   ipv6 address support could be added to this script.
+-c CERT_FOLDER    No letsencrypt. use fullchain.pem and privkey.pem in this folder.
 -e EMAIL          Contact address for let's encrypt. Default is
                   root@\$(hostname --fqdn')
                   which is root@$(hostname --fqdn) on this host.
@@ -64,7 +65,7 @@ symlinkarg=-
 ssl=true
 extra_settings=
 port=443
-temp=$(getopt -l help a:e:if:p:r:sh "$@") || usage 1
+temp=$(getopt -l help a:c:e:if:p:r:sh "$@") || usage 1
 vhostip='*'
 eval set -- "$temp"
 while true; do
@@ -73,6 +74,7 @@ while true; do
       listenip="$2:"
       vhostip="$2"
       shift 2 ;;
+    -c) oob_cert_dir="$2"; shift 2 ;;
     -e) email="$2"; shift 2 ;;
     -f) proxy="$2"; shift 2 ;;
     -i) ssl=false; shift ;;
@@ -118,7 +120,11 @@ fi
 ##### end command line parsing ########
 
 se=/etc/$t/sites-enabled
-cert_dir=/etc/letsencrypt/live/$h
+if [[ $oob_cert_dir ]]; then
+  cert_dir="$oob_cert_dir"
+else
+  cert_dir=/etc/letsencrypt/live/$h
+fi
 
 mkdir -p $root
 case $port in
@@ -138,7 +144,7 @@ if [[ $port == 80 ]]; then
 fi
 
 
-if $ssl; then
+if [[ ! $oob_cert_dir ]] && $ssl; then
 
   $this_dir/certbot-setup $t
 
@@ -415,7 +421,7 @@ server {
   server_name $h www.$h;
   listen 80 $http2_arg;
   listen [::]:80 $http2_arg;
-  return 301 https://$server_name$request_uri;
+  return 301 https://\$server_name\$request_uri;
 }
 EOF
     fi