nginx: fix cert location

- now in ${NGINX_SSL_CERTIFICATE}/ (build.local) to offer a central location
mariux64 · Mar 25, 2024 · 74eebd7 · 74eebd7
1 parent 05c45d4
commit 74eebd7
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/nginx.conf.build.sh b/nginx.conf.build.sh
@@ -1,6 +1,7 @@
 #!/bin/bash
 set -e
 set -x
+set -u
 
 . build.profile
 
@@ -30,16 +31,16 @@ http {
 
     server {
         server_name  ${PAPERLESS_BIND_ADDR};
-        access_log   ${PAPERLESS_LOGGING_DIR}/nginx-access.log;
+        access_log   ${LOGDIR}/nginx-access.log;
 
         listen       ${PAPERLESS_BIND_ADDR}:${PAPERLESS_PORT};
 _EOP_
 
 if [ -v PAPERLESS_HTTPS ]; then
 tee -a ${CONF} <<_EOP_
         listen       ${PAPERLESS_BIND_ADDR}:${PAPERLESS_HTTPS} ssl;
-        ssl_certificate     fullchain.pem;
-        ssl_certificate_key privkey.pem;
+        ssl_certificate     ${NGINX_SSL_CERTIFICATE};      # from build.local
+        ssl_certificate_key ${NGINX_SSL_CERTIFICATE_KEY};  # from build.local
         ssl_dhparam         dhparam.pem; # src/nginx.build.sh
         ssl_session_timeout 1d;
         ssl_session_cache   shared:MozSSL:10m;