16552: Merge branch 'main' into 16552-autocert

[arvados.git] / lib / boot / nginx.go

diff --git a/lib/boot/nginx.go b/lib/boot/nginx.go
index e67bc1d900b60fd74ad5260f19e5cab20687fccc..8a29823a12a411298aadc15009c7ae75b2ac08fe 100644 (file)
--- a/lib/boot/nginx.go
+++ b/lib/boot/nginx.go
@@ -14,6 +14,7 @@ import (
        "os/exec"
        "path/filepath"
        "regexp"
+       "strings"
 
        "git.arvados.org/arvados.git/sdk/go/arvados"
 )
@@ -32,7 +33,8 @@ func (runNginx) Run(ctx context.Context, fail func(error), super *Supervisor) er
                return err
        }
        vars := map[string]string{
-               "LISTENHOST":       super.ListenHost,
+               "LISTENHOST":       "0.0.0.0",
+               "UPSTREAMHOST":     super.ListenHost,
                "SSLCERT":          filepath.Join(super.tempdir, "server.crt"),
                "SSLKEY":           filepath.Join(super.tempdir, "server.key"),
                "ACCESSLOG":        filepath.Join(super.tempdir, "nginx_access.log"),
@@ -42,7 +44,10 @@ func (runNginx) Run(ctx context.Context, fail func(error), super *Supervisor) er
        }
        u := url.URL(super.cluster.Services.Controller.ExternalURL)
        ctrlHost := u.Hostname()
-       if f, err := os.Open("/var/lib/acme/live/" + ctrlHost + "/privkey"); err == nil {
+       if strings.HasPrefix(super.cluster.TLS.Certificate, "file:/") && strings.HasPrefix(super.cluster.TLS.Key, "file:/") {
+               vars["SSLCERT"] = filepath.Clean(super.cluster.TLS.Certificate[5:])
+               vars["SSLKEY"] = filepath.Clean(super.cluster.TLS.Key[5:])
+       } else if f, err := os.Open("/var/lib/acme/live/" + ctrlHost + "/privkey"); err == nil {
                f.Close()
                vars["SSLCERT"] = "/var/lib/acme/live/" + ctrlHost + "/cert"
                vars["SSLKEY"] = "/var/lib/acme/live/" + ctrlHost + "/privkey"