services: certbot: Fix nginx crash when certbot is used without domains.

* gnu/services/certbot.scm (certbot-nginx-server-configurations): Don't return a broken nginx-server-configuration with empty server_name when no certificate domains are configured. Instead add a separate server for every certificate, so 0 certificates adds 0 servers. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Reviewed-by: Bruno Victal <mirai@makinata.eu>
2023-04-04 23:43:46 +03:00 · 2023-04-04 23:43:46 +03:00 · a82130de50
parent c0921a394d
commit a82130de50
1 changed files with 18 additions and 14 deletions
--- a/gnu/services/certbot.scm
+++ b/gnu/services/certbot.scm
@ -173,20 +173,24 @@ (define certbot-nginx-server-configurations
  (match-lambda
    (($ <certbot-configuration> package webroot certificates email
                                server rsa-key-size default-location)
-     (list
-      (nginx-server-configuration
-       (listen '("80" "[::]:80"))
-       (ssl-certificate #f)
-       (ssl-certificate-key #f)
-       (server-name
-        (apply append (map certificate-configuration-domains certificates)))
-       (locations
-        (filter identity
-                (list
-                 (nginx-location-configuration
-                  (uri "/.well-known")
-                  (body (list (list "root " webroot ";"))))
-                 default-location))))))))
+     (define (certificate->nginx-server certificate-configuration)
+       (match-record certificate-configuration <certificate-configuration> 
+         (domains challenge)
+         (nginx-server-configuration
+          (listen '("80" "[::]:80"))
+          (ssl-certificate #f)
+          (ssl-certificate-key #f)
+          (server-name domains)
+          (locations
+           (filter identity
+                   (append
+                    (if challenge
+                      '()
+                      (list (nginx-location-configuration
+                             (uri "/.well-known")
+                             (body (list (list "root " webroot ";"))))))
+                    (list default-location)))))))
+     (map certificate->nginx-server certificates))))

 (define certbot-service-type
  (service-type (name 'certbot)