http-upload only available on maindomain (for the moment).

2024-09-03 20:06:10 +02:00 · 2020-03-25 12:09:24 +01:00 · 2020-03-25 12:09:24 +01:00 · ada95f8fca
commit ada95f8fca
parent 1f09abfa51
2 changed files with 16 additions and 12 deletions
--- a/data/hooks/conf_regen/12-metronome
+++ b/data/hooks/conf_regen/12-metronome
@ -42,16 +42,18 @@ do_post_regen() {
  regen_conf_files=$1

  # retrieve variables
+  main_domain=$(cat /etc/yunohost/current_host)
  domain_list=$(yunohost domain list --output-as plain --quiet)

  # create metronome directories for domains
  for domain in $domain_list; do
    mkdir -p "/var/lib/metronome/${domain//./%2e}/pep"
-    # http_upload directory must be writable by metronome and readable by nginx
-    mkdir -p  "/var/xmpp-upload/${domain}/upload"
-    chmod g+s "/var/xmpp-upload/${domain}/upload"
-    chown -R metronome:www-data "/var/xmpp-upload/${domain}"
  done
+  # http_upload directory must be writable by metronome and readable by nginx
+  mkdir -p  "/var/xmpp-upload/${main_domain}/upload"
+  chmod g+s "/var/xmpp-upload/${main_domain}/upload"
+  chown -R metronome:www-data "/var/xmpp-upload/${main_domain}"
+

  # fix some permissions
  chown -R metronome: /var/lib/metronome/
--- a/src/yunohost/certificate.py
+++ b/src/yunohost/certificate.py
@ -43,6 +43,7 @@ from yunohost.utils.network import get_public_ip

 from moulinette import m18n
 from yunohost.app import app_ssowatconf
+from yunohost.domain import _get_maindomain
 from yunohost.service import _run_service_command
 from yunohost.regenconf import regen_conf
 from yunohost.log import OperationLogger
@ -639,14 +640,15 @@ def _prepare_certificate_signing_request(domain, key_file, output_folder):
    # Set the domain
    csr.get_subject().CN = domain

-    # Include xmpp-upload subdomain in subject alternate names
-    subdomain="xmpp-upload." + domain
-    try:
-        _check_domain_is_ready_for_ACME(subdomain)
-        logger.info("Subdmain {} is ready for ACME and will be included in the certificate.".format(subdomain))
-        csr.add_extensions([crypto.X509Extension("subjectAltName", False, "DNS:" + subdomain)])
-    except YunohostError:
-        logger.warning(m18n.n('certmanager_warning_subdomain_dns_record', subdomain=subdomain, domain=domain))
+    if domain == _get_maindomain():
+        # Include xmpp-upload subdomain in subject alternate names
+        subdomain="xmpp-upload." + domain
+        try:
+            _check_domain_is_ready_for_ACME(subdomain)
+            logger.info("Subdmain {} is ready for ACME and will be included in the certificate.".format(subdomain))
+            csr.add_extensions([crypto.X509Extension("subjectAltName", False, "DNS:" + subdomain)])
+        except YunohostError:
+            logger.warning(m18n.n('certmanager_warning_subdomain_dns_record', subdomain=subdomain, domain=domain))

    # Set the key
    with open(key_file, 'rt') as f: