From d1212d852b1ff1d8efb2869fa7611c17ad2702ed Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sun, 8 Jun 2025 11:12:54 +0300 Subject: [PATCH 1/9] fix --- .deploy-nginx/deploy-dev.yaml | 5 +++++ .deploy-nginx/deploy-prod.yaml | 7 ++++++- nginx/nginx-dev/prepare.py | 5 ++++- nginx/nginx-prod/prepare.py | 5 ++++- 4 files changed, 19 insertions(+), 3 deletions(-) diff --git a/.deploy-nginx/deploy-dev.yaml b/.deploy-nginx/deploy-dev.yaml index d481934..522a943 100644 --- a/.deploy-nginx/deploy-dev.yaml +++ b/.deploy-nginx/deploy-dev.yaml @@ -6,6 +6,9 @@ services: image: mathwave/sprint-repo:sprint-infra-nginx-dev networks: - common-infra-nginx-development + - configurator + environment: + MINIO_SECRET_KEY: $MINIO_SECRET_KEY_DEV ports: - published: 80 target: 80 @@ -27,3 +30,5 @@ services: networks: common-infra-nginx-development: external: true + configurator: + external: true diff --git a/.deploy-nginx/deploy-prod.yaml b/.deploy-nginx/deploy-prod.yaml index 79c382b..d61bb01 100644 --- a/.deploy-nginx/deploy-prod.yaml +++ b/.deploy-nginx/deploy-prod.yaml @@ -6,6 +6,9 @@ services: image: mathwave/sprint-repo:sprint-infra-nginx-prod networks: - common-infra-nginx + - configurator + environment: + MINIO_SECRET_KEY: $MINIO_SECRET_KEY_PROD ports: - published: 80 target: 80 @@ -26,4 +29,6 @@ services: networks: common-infra-nginx: - external: true \ No newline at end of file + external: true + configurator: + external: true diff --git a/nginx/nginx-dev/prepare.py b/nginx/nginx-dev/prepare.py index 5a2b09a..2e056d1 100644 --- a/nginx/nginx-dev/prepare.py +++ b/nginx/nginx-dev/prepare.py @@ -39,7 +39,10 @@ for host, params in hosts.items(): '''.format(host=host, target_host=params['host'], port=params['port']) fullchain = minio_client.get_object("certupdater", f'certificates/{host}/fullchain.pem') privkey = minio_client.get_object("certupdater", f'certificates/{host}/privkey.pem') - os.mkdir(f'/etc/nginx/{host}') + try: + os.mkdir(f'/etc/nginx/{host}') + except FileExistsError: + ... with open(f"/etc/nginx/{host}/fullchain.pem", 'wb') as fp: fp.write(fullchain.data) with open(f"/etc/nginx/{host}/privkey.pem", 'wb') as fp: diff --git a/nginx/nginx-prod/prepare.py b/nginx/nginx-prod/prepare.py index a545148..dd8b902 100644 --- a/nginx/nginx-prod/prepare.py +++ b/nginx/nginx-prod/prepare.py @@ -39,7 +39,10 @@ for host, params in hosts.items(): '''.format(host=host, target_host=params['host'], port=params['port']) fullchain = minio_client.get_object("certupdater", f'certificates/{host}/fullchain.pem') privkey = minio_client.get_object("certupdater", f'certificates/{host}/privkey.pem') - os.mkdir(f'/etc/nginx/{host}') + try: + os.mkdir(f'/etc/nginx/{host}') + except FileExistsError: + ... with open(f"/etc/nginx/{host}/fullchain.pem", 'wb') as fp: fp.write(fullchain.data) with open(f"/etc/nginx/{host}/privkey.pem", 'wb') as fp: -- 2.45.2 From 3a8fde645fa66549d145d990aaba9f7beedc3ebf Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Sun, 8 Jun 2025 11:45:52 +0300 Subject: [PATCH 2/9] fix --- nginx/nginx-dev/refre.sh | 4 ++++ nginx/nginx-prod/refre.sh | 4 ++++ 2 files changed, 8 insertions(+) create mode 100644 nginx/nginx-dev/refre.sh create mode 100644 nginx/nginx-prod/refre.sh diff --git a/nginx/nginx-dev/refre.sh b/nginx/nginx-dev/refre.sh new file mode 100644 index 0000000..584b723 --- /dev/null +++ b/nginx/nginx-dev/refre.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +python3 prepare.py +nginx -s reload \ No newline at end of file diff --git a/nginx/nginx-prod/refre.sh b/nginx/nginx-prod/refre.sh new file mode 100644 index 0000000..584b723 --- /dev/null +++ b/nginx/nginx-prod/refre.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +python3 prepare.py +nginx -s reload \ No newline at end of file -- 2.45.2 From f7a1e39c984b5ecfc28e544557d4407ac3be4c74 Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Tue, 10 Jun 2025 00:10:23 +0300 Subject: [PATCH 3/9] fix --- nginx/nginx-dev/Dockerfile | 2 ++ nginx/nginx-prod/Dockerfile | 2 ++ 2 files changed, 4 insertions(+) diff --git a/nginx/nginx-dev/Dockerfile b/nginx/nginx-dev/Dockerfile index d5818df..4ca87b1 100644 --- a/nginx/nginx-dev/Dockerfile +++ b/nginx/nginx-dev/Dockerfile @@ -8,6 +8,8 @@ COPY ./fullchain.pem /etc/nginx/fullchain.pem COPY ./privkey.pem /etc/nginx/privkey.pem COPY prepare.py prepare.py COPY run.sh run.sh +COPY refre.sh refre.sh ENV PYTHONUNBUFFERED=1 RUN chmod 777 run.sh +RUN chmod 777 refre.sh ENTRYPOINT ["./run.sh"] \ No newline at end of file diff --git a/nginx/nginx-prod/Dockerfile b/nginx/nginx-prod/Dockerfile index d5818df..4ca87b1 100644 --- a/nginx/nginx-prod/Dockerfile +++ b/nginx/nginx-prod/Dockerfile @@ -8,6 +8,8 @@ COPY ./fullchain.pem /etc/nginx/fullchain.pem COPY ./privkey.pem /etc/nginx/privkey.pem COPY prepare.py prepare.py COPY run.sh run.sh +COPY refre.sh refre.sh ENV PYTHONUNBUFFERED=1 RUN chmod 777 run.sh +RUN chmod 777 refre.sh ENTRYPOINT ["./run.sh"] \ No newline at end of file -- 2.45.2 From 79b82405920f8ce594e78ebcc130300f4540ba9c Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Tue, 10 Jun 2025 00:41:27 +0300 Subject: [PATCH 4/9] fix --- nginx/nginx-dev/prepare.py | 87 ++++++++++++++++++++------------------ 1 file changed, 47 insertions(+), 40 deletions(-) diff --git a/nginx/nginx-dev/prepare.py b/nginx/nginx-dev/prepare.py index 2e056d1..21a95a3 100644 --- a/nginx/nginx-dev/prepare.py +++ b/nginx/nginx-dev/prepare.py @@ -3,50 +3,57 @@ import os from minio import Minio -minio_client = Minio( - "minio.develop.sprinthub.ru:9000", - access_key="serviceminioadmin", - secret_key=os.getenv("MINIO_SECRET_KEY", "minioadmin"), - secure=False -) +def main(): + minio_client = Minio( + "minio.develop.sprinthub.ru:9000", + access_key="serviceminioadmin", + secret_key=os.getenv("MINIO_SECRET_KEY", "minioadmin"), + secure=False + ) -hosts = get('http://configurator/api/v1/fetch?project=certupdater&stage=development').json()['configs']['hosts'] -hosts = {**hosts, 'platform.develop.sprinthub.ru': {'host': 'platform-nginx', 'port': 1238}} + hosts = get('http://configurator/api/v1/fetch?project=certupdater&stage=development').json()['configs']['hosts'] + hosts = {**hosts, 'platform.develop.sprinthub.ru': {'host': 'platform-nginx', 'port': 1238}} -config = '' -for host, params in hosts.items(): - config += ''' - server {{ - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name {host}; + config = '' + for host, params in hosts.items(): + config += ''' + server {{ + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name {host}; - ssl_certificate /etc/nginx/{host}/fullchain.pem; - ssl_certificate_key /etc/nginx/{host}/privkey.pem; + ssl_certificate /etc/nginx/{host}/fullchain.pem; + ssl_certificate_key /etc/nginx/{host}/privkey.pem; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-XSS-Protection "1; mode=block" always; - add_header X-Content-Type-Options "nosniff" always; - add_header Referrer-Policy "no-refferer-when-downgrade" always; - add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-XSS-Protection "1; mode=block" always; + add_header X-Content-Type-Options "nosniff" always; + add_header Referrer-Policy "no-refferer-when-downgrade" always; + add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always; - location / {{ - resolver 127.0.0.11; - proxy_pass http://{target_host}:{port}$request_uri; - }} - }}\n\n - '''.format(host=host, target_host=params['host'], port=params['port']) - fullchain = minio_client.get_object("certupdater", f'certificates/{host}/fullchain.pem') - privkey = minio_client.get_object("certupdater", f'certificates/{host}/privkey.pem') - try: - os.mkdir(f'/etc/nginx/{host}') - except FileExistsError: - ... - with open(f"/etc/nginx/{host}/fullchain.pem", 'wb') as fp: - fp.write(fullchain.data) - with open(f"/etc/nginx/{host}/privkey.pem", 'wb') as fp: - fp.write(privkey.data) + location / {{ + resolver 127.0.0.11; + proxy_pass http://{target_host}:{port}$request_uri; + }} + }}\n\n + '''.format(host=host, target_host=params['host'], port=params['port']) + fullchain = minio_client.get_object("certupdater", f'certificates/{host}/fullchain.pem') + privkey = minio_client.get_object("certupdater", f'certificates/{host}/privkey.pem') + try: + os.mkdir(f'/etc/nginx/{host}') + except FileExistsError: + ... + with open(f"/etc/nginx/{host}/fullchain.pem", 'wb') as fp: + fp.write(fullchain.data) + with open(f"/etc/nginx/{host}/privkey.pem", 'wb') as fp: + fp.write(privkey.data) -with open('/etc/nginx/hosts.conf', 'w') as fp: - fp.write(config) + with open('/etc/nginx/hosts.conf', 'w') as fp: + fp.write(config) + + +try: + main() +except Exception as e: + print(e) -- 2.45.2 From 90aaf361bbc8644cc5ae2b51459862002a38b4d5 Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Tue, 10 Jun 2025 01:11:20 +0300 Subject: [PATCH 5/9] fix --- nginx/nginx-dev/prepare.py | 86 +++++++++++++++++++++----------------- nginx/nginx-dev/refre.sh | 11 ++++- 2 files changed, 57 insertions(+), 40 deletions(-) diff --git a/nginx/nginx-dev/prepare.py b/nginx/nginx-dev/prepare.py index 21a95a3..5306f84 100644 --- a/nginx/nginx-dev/prepare.py +++ b/nginx/nginx-dev/prepare.py @@ -1,59 +1,69 @@ from requests import get import os +import sys from minio import Minio -def main(): - minio_client = Minio( - "minio.develop.sprinthub.ru:9000", - access_key="serviceminioadmin", - secret_key=os.getenv("MINIO_SECRET_KEY", "minioadmin"), - secure=False - ) +minio_client = Minio( + "minio.develop.sprinthub.ru:9000", + access_key="serviceminioadmin", + secret_key=os.getenv("MINIO_SECRET_KEY", "minioadmin"), + secure=False +) +try: + response = get('http://configurator/api/v1/fetch?project=certupdater&stage=development') + response.raise_for_status() # Raises an exception for HTTP errors + hosts = response.json()['configs']['hosts'] +except Exception as e: + print(f"Error fetching config: {e}", file=sys.stderr) + sys.exit(1) - hosts = get('http://configurator/api/v1/fetch?project=certupdater&stage=development').json()['configs']['hosts'] - hosts = {**hosts, 'platform.develop.sprinthub.ru': {'host': 'platform-nginx', 'port': 1238}} +hosts = {**hosts, 'platform.develop.sprinthub.ru': {'host': 'platform-nginx', 'port': 1238}} - config = '' - for host, params in hosts.items(): - config += ''' - server {{ - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name {host}; +config = '' +for host, params in hosts.items(): + config += ''' + server {{ + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name {host}; - ssl_certificate /etc/nginx/{host}/fullchain.pem; - ssl_certificate_key /etc/nginx/{host}/privkey.pem; + ssl_certificate /etc/nginx/{host}/fullchain.pem; + ssl_certificate_key /etc/nginx/{host}/privkey.pem; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-XSS-Protection "1; mode=block" always; - add_header X-Content-Type-Options "nosniff" always; - add_header Referrer-Policy "no-refferer-when-downgrade" always; - add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-XSS-Protection "1; mode=block" always; + add_header X-Content-Type-Options "nosniff" always; + add_header Referrer-Policy "no-refferer-when-downgrade" always; + add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always; - location / {{ - resolver 127.0.0.11; - proxy_pass http://{target_host}:{port}$request_uri; - }} - }}\n\n - '''.format(host=host, target_host=params['host'], port=params['port']) + location / {{ + resolver 127.0.0.11; + proxy_pass http://{target_host}:{port}$request_uri; + }} + }}\n\n + '''.format(host=host, target_host=params['host'], port=params['port']) + try: fullchain = minio_client.get_object("certupdater", f'certificates/{host}/fullchain.pem') privkey = minio_client.get_object("certupdater", f'certificates/{host}/privkey.pem') try: - os.mkdir(f'/etc/nginx/{host}') - except FileExistsError: - ... + os.makedirs(f'/etc/nginx/{host}', exist_ok=True) + except OSError as e: + print(f"Error creating directory: {e}", file=sys.stderr) + continue + with open(f"/etc/nginx/{host}/fullchain.pem", 'wb') as fp: fp.write(fullchain.data) with open(f"/etc/nginx/{host}/privkey.pem", 'wb') as fp: fp.write(privkey.data) - - with open('/etc/nginx/hosts.conf', 'w') as fp: - fp.write(config) - + except Exception as e: + print(f"Error processing host {host}: {e}", file=sys.stderr) + continue try: - main() + with open('/etc/nginx/hosts.conf', 'w') as fp: + fp.write(config) except Exception as e: - print(e) + print(f"Error writing config file: {e}", file=sys.stderr) + sys.exit(1) \ No newline at end of file diff --git a/nginx/nginx-dev/refre.sh b/nginx/nginx-dev/refre.sh index 584b723..8a566b8 100644 --- a/nginx/nginx-dev/refre.sh +++ b/nginx/nginx-dev/refre.sh @@ -1,4 +1,11 @@ #!/bin/bash -python3 prepare.py -nginx -s reload \ No newline at end of file +if ! python3 prepare.py; then + echo "Error running prepare.py" >&2 + exit 1 +fi + +if ! nginx -s reload; then + echo "Error reloading nginx" >&2 + exit 1 +fi \ No newline at end of file -- 2.45.2 From f4dfcea203a85f764b9e1c08c37f18c420a4cc42 Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Tue, 10 Jun 2025 01:26:06 +0300 Subject: [PATCH 6/9] fix --- nginx/nginx-dev/Dockerfile | 2 +- nginx/nginx-dev/prepare.py | 8 +++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/nginx/nginx-dev/Dockerfile b/nginx/nginx-dev/Dockerfile index 4ca87b1..9982f75 100644 --- a/nginx/nginx-dev/Dockerfile +++ b/nginx/nginx-dev/Dockerfile @@ -2,7 +2,7 @@ FROM nginx RUN apt-get update RUN apt-get install certbot --yes RUN apt-get install python3-certbot-nginx python3-pip --yes -RUN pip3 install --break-system-packages requests minio +RUN pip3 install --break-system-packages minio COPY ./config /etc/nginx COPY ./fullchain.pem /etc/nginx/fullchain.pem COPY ./privkey.pem /etc/nginx/privkey.pem diff --git a/nginx/nginx-dev/prepare.py b/nginx/nginx-dev/prepare.py index 5306f84..13db5f2 100644 --- a/nginx/nginx-dev/prepare.py +++ b/nginx/nginx-dev/prepare.py @@ -1,7 +1,8 @@ -from requests import get import os import sys from minio import Minio +from urllib.request import urlopen +from json import loads minio_client = Minio( @@ -11,6 +12,11 @@ minio_client = Minio( secure=False ) +def get(url): + with urlopen('https://example.com') as response: + data = response.read() + return loads(data) + try: response = get('http://configurator/api/v1/fetch?project=certupdater&stage=development') response.raise_for_status() # Raises an exception for HTTP errors -- 2.45.2 From f43b90c2a5664d15c4c0a9cf1eabc3beab81d751 Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Tue, 10 Jun 2025 01:27:01 +0300 Subject: [PATCH 7/9] fix --- nginx/nginx-dev/prepare.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/nginx/nginx-dev/prepare.py b/nginx/nginx-dev/prepare.py index 13db5f2..4966450 100644 --- a/nginx/nginx-dev/prepare.py +++ b/nginx/nginx-dev/prepare.py @@ -14,13 +14,12 @@ minio_client = Minio( def get(url): with urlopen('https://example.com') as response: - data = response.read() + data = response.read().decode('utf-8') return loads(data) try: response = get('http://configurator/api/v1/fetch?project=certupdater&stage=development') - response.raise_for_status() # Raises an exception for HTTP errors - hosts = response.json()['configs']['hosts'] + hosts = response['configs']['hosts'] except Exception as e: print(f"Error fetching config: {e}", file=sys.stderr) sys.exit(1) -- 2.45.2 From 7c65fb0d97e27e6194eed64c9565e184f1517c44 Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Tue, 10 Jun 2025 01:30:16 +0300 Subject: [PATCH 8/9] fix --- nginx/nginx-dev/prepare.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nginx/nginx-dev/prepare.py b/nginx/nginx-dev/prepare.py index 4966450..fd77ad5 100644 --- a/nginx/nginx-dev/prepare.py +++ b/nginx/nginx-dev/prepare.py @@ -13,7 +13,7 @@ minio_client = Minio( ) def get(url): - with urlopen('https://example.com') as response: + with urlopen(url) as response: data = response.read().decode('utf-8') return loads(data) -- 2.45.2 From f38bf04212e32c561b0b4b261ca75f2b635e06c3 Mon Sep 17 00:00:00 2001 From: Egor Matveev Date: Thu, 12 Jun 2025 01:02:26 +0300 Subject: [PATCH 9/9] fix --- nginx/nginx-dev/prepare.py | 42 ++++++++++++++++++++++--------------- nginx/nginx-prod/prepare.py | 29 ++++++++++++++----------- 2 files changed, 42 insertions(+), 29 deletions(-) diff --git a/nginx/nginx-dev/prepare.py b/nginx/nginx-dev/prepare.py index fd77ad5..1f4671b 100644 --- a/nginx/nginx-dev/prepare.py +++ b/nginx/nginx-dev/prepare.py @@ -9,26 +9,28 @@ minio_client = Minio( "minio.develop.sprinthub.ru:9000", access_key="serviceminioadmin", secret_key=os.getenv("MINIO_SECRET_KEY", "minioadmin"), - secure=False + secure=False, ) + def get(url): with urlopen(url) as response: - data = response.read().decode('utf-8') + data = response.read().decode("utf-8") return loads(data) + try: - response = get('http://configurator/api/v1/fetch?project=certupdater&stage=development') - hosts = response['configs']['hosts'] + response = get( + "http://configurator/api/v1/fetch?project=certupdater&stage=development" + ) + hosts = response["configs"]["hosts"] except Exception as e: print(f"Error fetching config: {e}", file=sys.stderr) sys.exit(1) -hosts = {**hosts, 'platform.develop.sprinthub.ru': {'host': 'platform-nginx', 'port': 1238}} - -config = '' +config = "" for host, params in hosts.items(): - config += ''' + config += """ server {{ listen 443 ssl http2; listen [::]:443 ssl http2; @@ -48,27 +50,33 @@ for host, params in hosts.items(): proxy_pass http://{target_host}:{port}$request_uri; }} }}\n\n - '''.format(host=host, target_host=params['host'], port=params['port']) + """.format( + host=host, target_host=params["host"], port=params["port"] + ) try: - fullchain = minio_client.get_object("certupdater", f'certificates/{host}/fullchain.pem') - privkey = minio_client.get_object("certupdater", f'certificates/{host}/privkey.pem') + fullchain = minio_client.get_object( + "certupdater", f"certificates/{host}/fullchain.pem" + ) + privkey = minio_client.get_object( + "certupdater", f"certificates/{host}/privkey.pem" + ) try: - os.makedirs(f'/etc/nginx/{host}', exist_ok=True) + os.makedirs(f"/etc/nginx/{host}", exist_ok=True) except OSError as e: print(f"Error creating directory: {e}", file=sys.stderr) continue - - with open(f"/etc/nginx/{host}/fullchain.pem", 'wb') as fp: + + with open(f"/etc/nginx/{host}/fullchain.pem", "wb") as fp: fp.write(fullchain.data) - with open(f"/etc/nginx/{host}/privkey.pem", 'wb') as fp: + with open(f"/etc/nginx/{host}/privkey.pem", "wb") as fp: fp.write(privkey.data) except Exception as e: print(f"Error processing host {host}: {e}", file=sys.stderr) continue try: - with open('/etc/nginx/hosts.conf', 'w') as fp: + with open("/etc/nginx/hosts.conf", "w") as fp: fp.write(config) except Exception as e: print(f"Error writing config file: {e}", file=sys.stderr) - sys.exit(1) \ No newline at end of file + sys.exit(1) diff --git a/nginx/nginx-prod/prepare.py b/nginx/nginx-prod/prepare.py index dd8b902..a1bfa61 100644 --- a/nginx/nginx-prod/prepare.py +++ b/nginx/nginx-prod/prepare.py @@ -7,16 +7,17 @@ minio_client = Minio( "minio.sprinthub.ru:9000", access_key="serviceminioadmin", secret_key=os.getenv("MINIO_SECRET_KEY", "minioadmin"), - secure=False + secure=False, ) -hosts = get('http://configurator/api/v1/fetch?project=certupdater&stage=production').json()['configs']['hosts'] -hosts = {**hosts, 'platform.sprinthub.ru': {'host': 'platform-nginx', 'port': 1238}} +hosts = get( + "http://configurator/api/v1/fetch?project=certupdater&stage=production" +).json()["configs"]["hosts"] -config = '' +config = "" for host, params in hosts.items(): - config += ''' + config += """ server {{ listen 443 ssl http2; listen [::]:443 ssl http2; @@ -36,17 +37,21 @@ for host, params in hosts.items(): proxy_pass http://{target_host}:{port}$request_uri; }} }}\n\n - '''.format(host=host, target_host=params['host'], port=params['port']) - fullchain = minio_client.get_object("certupdater", f'certificates/{host}/fullchain.pem') - privkey = minio_client.get_object("certupdater", f'certificates/{host}/privkey.pem') + """.format( + host=host, target_host=params["host"], port=params["port"] + ) + fullchain = minio_client.get_object( + "certupdater", f"certificates/{host}/fullchain.pem" + ) + privkey = minio_client.get_object("certupdater", f"certificates/{host}/privkey.pem") try: - os.mkdir(f'/etc/nginx/{host}') + os.mkdir(f"/etc/nginx/{host}") except FileExistsError: ... - with open(f"/etc/nginx/{host}/fullchain.pem", 'wb') as fp: + with open(f"/etc/nginx/{host}/fullchain.pem", "wb") as fp: fp.write(fullchain.data) - with open(f"/etc/nginx/{host}/privkey.pem", 'wb') as fp: + with open(f"/etc/nginx/{host}/privkey.pem", "wb") as fp: fp.write(privkey.data) -with open('/etc/nginx/hosts.conf', 'w') as fp: +with open("/etc/nginx/hosts.conf", "w") as fp: fp.write(config) -- 2.45.2