diff --git a/conf/nginx/server.tpl.conf b/conf/nginx/server.tpl.conf index ecb9b7fb9..40f85b328 100644 --- a/conf/nginx/server.tpl.conf +++ b/conf/nginx/server.tpl.conf @@ -6,7 +6,7 @@ map $http_upgrade $connection_upgrade { server { listen 80; listen [::]:80; - server_name {{ domain }}{% if xmpp_enabled != "True" %} xmpp-upload.{{ domain }}{% endif %}; + server_name {{ domain }}{% if xmpp_enabled != "True" %} xmpp-upload.{{ domain }} muc.{{ domain }}{% endif %}; access_by_lua_file /usr/share/ssowat/access.lua; diff --git a/locales/en.json b/locales/en.json index 26cd3dd75..df444e898 100644 --- a/locales/en.json +++ b/locales/en.json @@ -311,6 +311,7 @@ "disk_space_not_sufficient_install": "There is not enough disk space left to install this application", "disk_space_not_sufficient_update": "There is not enough disk space left to update this application", "domain_cannot_add_xmpp_upload": "You cannot add domains starting with 'xmpp-upload.'. This kind of name is reserved for the XMPP upload feature integrated into YunoHost.", + "domain_cannot_add_muc_upload": "You cannot add domains starting with 'muc.'. This kind of name is reserved for the XMPP multi-users chat feature integrated into YunoHost.", "domain_cannot_remove_main": "You cannot remove '{domain}' since it's the main domain, you first need to set another domain as the main domain using 'yunohost domain main-domain -n '; here is the list of candidate domains: {other_domains}", "domain_cannot_remove_main_add_new_one": "You cannot remove '{domain}' since it's the main domain and your only domain, you need to first add another domain using 'yunohost domain add ', then set is as the main domain using 'yunohost domain main-domain -n ' and then you can remove the domain '{domain}' using 'yunohost domain remove {domain}'.'", "domain_cert_gen_failed": "Could not generate certificate", diff --git a/src/certificate.py b/src/certificate.py index 04a33dbfd..852cdf6a7 100644 --- a/src/certificate.py +++ b/src/certificate.py @@ -568,9 +568,10 @@ def _prepare_certificate_signing_request(domain, key_file, output_folder): # Set the domain csr.get_subject().CN = domain - from yunohost.domain import domain_list, domain_config_get + from yunohost.domain import domain_config_get - # If XMPP is enabled for this domain, add xmpp-upload domain + # If XMPP is enabled for this domain, add xmpp-upload and muc subdomains + # in subject alternate names if domain_config_get(domain, key="feature.xmpp.xmpp") == 1: subdomain = "xmpp-upload." + domain xmpp_records = ( @@ -579,24 +580,30 @@ def _prepare_certificate_signing_request(domain, key_file, output_folder): ).get("data") or {} ) - if xmpp_records.get("CNAME:xmpp-upload") == "OK": + sanlist = [] + for sub in ('xmpp-upload', 'muc'): + subdomain = sub + "." + domain + if xmpp_records.get("CNAME:" + sub) == "OK": + sanlist.append(("DNS:" + subdomain)) + else: + logger.warning( + m18n.n( + "certmanager_warning_subdomain_dns_record", + subdomain=subdomain, + domain=domain, + ) + ) + + if sanlist: csr.add_extensions( [ crypto.X509Extension( b"subjectAltName", False, - ("DNS:" + subdomain).encode("utf8"), + (", ".join(sanlist)).encode("utf-8"), ) ] ) - else: - logger.warning( - m18n.n( - "certmanager_warning_subdomain_dns_record", - subdomain=subdomain, - domain=domain, - ) - ) # Set the key with open(key_file, "rt") as f: diff --git a/src/domain.py b/src/domain.py index 489e48e16..45abf1006 100644 --- a/src/domain.py +++ b/src/domain.py @@ -229,6 +229,9 @@ def domain_add(operation_logger, domain, dyndns=False): if domain.startswith("xmpp-upload."): raise YunohostValidationError("domain_cannot_add_xmpp_upload") + if domain.startswith("muc."): + raise YunohostError("domain_cannot_add_muc_upload") + ldap = _get_ldap_interface() try: