v1.4.1 (#19)

Minor updates
* Quoting variable outputs

Author: bfren

overlay/etc/templates/getssl-global.conf.esh

@@ -19,9 +19,9 @@ CA="https://acme-staging-v02.api.letsencrypt.org"
 #AGREEMENT=""
 
 # Set an email address associated with your account - generally set at account level rather than domain.
-ACCOUNT_EMAIL=<%= ${LETS_ENCRYPT_EMAIL} %>
+ACCOUNT_EMAIL=<%= "${LETS_ENCRYPT_EMAIL}" %>
 ACCOUNT_KEY_LENGTH=4096
-ACCOUNT_KEY="<%= ${SSL_CERTS} %>account.key"
+ACCOUNT_KEY="<%= "${SSL_CERTS}account.key" %>"
 
 # Account key and private key types - can be rsa, prime256v1, secp384r1 or secp521r1
 #ACCOUNT_KEY_TYPE="rsa"
@@ -49,4 +49,4 @@ CHECK_REMOTE="true"
 #DNS_ADD_COMMAND=
 #DNS_DEL_COMMAND=
 
-SKIP_HTTP_TOKEN_CHECK=<%= ${GETSSL_SKIP_HTTP_TOKEN_CHECK} %>
+SKIP_HTTP_TOKEN_CHECK=<%= "${GETSSL_SKIP_HTTP_TOKEN_CHECK}" %>

overlay/etc/templates/nginx-acme-challenge.part.esh

@@ -1,4 +1,4 @@
-location ^~ /<%= ${ACME_CHALLENGE} %> {
+    location ^~ /<%= "${ACME_CHALLENGE}" %> {
         allow                           all;
-        root                            <%= ${WWW} %>;
+        root                            <%= "${WWW}" %>;
     }

overlay/etc/templates/nginx-default.conf.esh

@@ -11,13 +11,13 @@ server {
     listen                              80 default_server;
     listen                              [::]:80 default_server;
 
-    <%+ ./nginx-acme-challenge.part.esh %>
+<%+ ./nginx-acme-challenge.part.esh %>
 
     location / {
 <% if [ "${SSL_REDIRECT_INSECURE}" = "1" ] ; then -%>
-        return                          301 https://<%= ${DOMAIN_NAME} %>$request_uri;
+        return                          301 <%= "https://${DOMAIN_NAME}" %>$request_uri;
 <% else -%>
-        root                            <%= ${WWW} %>;
+        root                            <%= "${WWW}" %>;
 <% fi -%>
     }
 }
@@ -29,10 +29,10 @@ server {
     add_header                          X-Clacks-Overhead "GNU Terry Pratchett";
 
     location / {
-        root                            <%= ${WWW} %>;
+        root                            <%= "${WWW}" %>;
         include                         helpers/proxy-secure-headers.conf;
-        include                         <%= ${CUSTOM_CONF}/*.conf %>;
+        include                         <%= "${CUSTOM_CONF}/*.conf" %>;
     }
 
-    <%+ ./nginx-ssl-certs.part.esh %>
+<%+ ./nginx-ssl-certs.part.esh %>
 }

overlay/etc/templates/nginx-site.conf.esh

@@ -6,28 +6,28 @@
 # To add server names or aliases please use /ssl/conf.sh.
 #
 # If you need a fully custom configuration then add the following to /ssl/conf.sh:
-#   NGXCONF["<%= ${DOMAIN_NAME} %>"]="custom"
+#   NGXCONF["<%= "${DOMAIN_NAME}" %>"]="custom"
 # This will stop this file being generated next time the container is started.
 #
 # Copyright (c) 2021 Ben Green <https://bcgdesign.com>
 #======================================================================================================================
 <% fi %>
 server {
-    server_name                         <%= ${SERVER_NAMES} %>;
+    server_name                         <%= "${SERVER_NAMES}" %>;
     listen                              80;
     listen                              [::]:80;
 
-    <%+ ./nginx-acme-challenge.part.esh %>
+<%+ ./nginx-acme-challenge.part.esh %>
 
     location / {
 <% if [ "${SSL_REDIRECT_INSECURE}" = "1" ] ; then -%>
 <% if [ "${SSL_REDIRECT_TO_CANONICAL}" = "1" ] ; then -%>
-        return                          301 <%= https://${DOMAIN_NAME} %>$request_uri;
+        return                          301 <%= "https://${DOMAIN_NAME}" %>$request_uri;
 <% else -%>
 <% SERVER_NAMES_ARRAY=(${SERVER_NAMES}) -%>
 <% for DN in "${SERVER_NAMES_ARRAY[@]}" ; do -%>
 <% [[ -z "${DN}" ]] && continue -%>
-        if ($host = <%= ${DN} %>) {
+        if ($host = <%= "${DN}" %>) {
             return                      301 https://$host$request_uri;
         }
 <% done -%>
@@ -37,26 +37,26 @@ server {
 }
 
 server {
-    server_name                         <%= ${SERVER_NAMES} %>;
+    server_name                         <%= "${SERVER_NAMES}" %>;
     listen                              443 ssl http2;
     listen                              [::]:443 ssl http2;
 
     add_header                          X-Clacks-Overhead "GNU Terry Pratchett";
 <% if [ "${SSL_REDIRECT_TO_CANONICAL}" = "1" ] ; then %>
-    if ($host != <%= ${DOMAIN_NAME} %>) {
-        return                          301 <%= https://${DOMAIN_NAME} %>$request_uri;
+    if ($host != <%= "${DOMAIN_NAME}" %>) {
+        return                          301 <%= "https://${DOMAIN_NAME}" %>$request_uri;
     }
 <% fi -%>
 
     location / {
-        proxy_pass                      <%= ${UPSTREAM} %>;
+        proxy_pass                      <%= "${UPSTREAM}" %>;
         include                         helpers/proxy-params.conf;
         include                         helpers/proxy-secure-headers.conf;
         error_page                      502 503 504 /maintenance.html;
-        include                         <%= ${CUSTOM_CONF}/*.conf %>;
+        include                         <%= "${CUSTOM_CONF}/*.conf" %>;
     }
 
     include                             helpers/proxy-maintenance.conf;
 
-    <%+ ./nginx-ssl-certs.part.esh %>
+<%+ ./nginx-ssl-certs.part.esh %>
 }

overlay/etc/templates/nginx-ssl-certs.part.esh

@@ -1,4 +1,4 @@
-ssl_certificate                     <%= ${SSL_CERTS}/${DOMAIN_NAME}/fullchain.crt %>;
-    ssl_certificate_key                 <%= ${SSL_CERTS}/${DOMAIN_NAME}.key %>;
-    ssl_trusted_certificate             <%= ${SSL_CERTS}/${DOMAIN_NAME}/chain.crt %>;
-    ssl_dhparam                         <%= ${SSL_DHPARAM} %>;
+    ssl_certificate                     <%= "${SSL_CERTS}/${DOMAIN_NAME}/fullchain.crt" %>;
+    ssl_certificate_key                 <%= "${SSL_CERTS}/${DOMAIN_NAME}.key" %>;
+    ssl_trusted_certificate             <%= "${SSL_CERTS}/${DOMAIN_NAME}/chain.crt" %>;
+    ssl_dhparam                         <%= "${SSL_DHPARAM}" %>;