From 708584523476ea4b767d5e9932867ee835a739c9 Mon Sep 17 00:00:00 2001 From: Hikari Date: Tue, 3 Mar 2026 16:16:18 -0800 Subject: [PATCH] feat: enforce alphabetical server block ordering Adds test 13 to test.sh to verify that server blocks within each sites-available file are sorted alphabetically by server_name (LC_ALL=C; regex and wildcard entries excluded). Fixes aria.conf and mommy.conf to conform: hyphenated names sort before the bare domain in C locale ('-' < '.'), so trans-bot now precedes trans, and mommy-slack now precedes mommy. --- nginx/nginx/sites-available/aria.conf | 22 +++++++++---------- nginx/nginx/sites-available/mommy.conf | 26 +++++++++++------------ test.sh | 29 ++++++++++++++++++++++++++ 3 files changed, 53 insertions(+), 24 deletions(-) diff --git a/nginx/nginx/sites-available/aria.conf b/nginx/nginx/sites-available/aria.conf index c074266..7639f70 100644 --- a/nginx/nginx/sites-available/aria.conf +++ b/nginx/nginx/sites-available/aria.conf @@ -34,6 +34,17 @@ server { } } +server { + listen 443 ssl; + server_name trans-bot.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/trans.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/trans.nhcarrigan.com/privkey.pem; + + location / { + return 301 https://aria.nhcarrigan.com; + } +} + server { listen 443 ssl; server_name trans.nhcarrigan.com; @@ -45,14 +56,3 @@ server { proxy_pass http://0.0.0.0:5000; } } - -server { - listen 443 ssl; - server_name trans-bot.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/trans.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/trans.nhcarrigan.com/privkey.pem; - - location / { - return 301 https://aria.nhcarrigan.com; - } -} diff --git a/nginx/nginx/sites-available/mommy.conf b/nginx/nginx/sites-available/mommy.conf index 88cd0ff..e05e5a1 100644 --- a/nginx/nginx/sites-available/mommy.conf +++ b/nginx/nginx/sites-available/mommy.conf @@ -11,19 +11,6 @@ server { } } -server { - listen 443 ssl; - server_name mommy.nhcarrigan.com; - ssl_certificate /etc/letsencrypt/live/mommy.nhcarrigan.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/mommy.nhcarrigan.com/privkey.pem; - - location / { - proxy_set_header Host $host; - proxy_pass http://127.0.0.1:8008; - proxy_redirect off; - } -} - server { listen 443 ssl; server_name mommy-slack.nhcarrigan.com; @@ -36,3 +23,16 @@ server { proxy_redirect off; } } + +server { + listen 443 ssl; + server_name mommy.nhcarrigan.com; + ssl_certificate /etc/letsencrypt/live/mommy.nhcarrigan.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/mommy.nhcarrigan.com/privkey.pem; + + location / { + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:8008; + proxy_redirect off; + } +} diff --git a/test.sh b/test.sh index 98f75e0..5bbbfbb 100755 --- a/test.sh +++ b/test.sh @@ -221,6 +221,35 @@ else fi echo "" +# ────────────────────────────────────────────────────────────────── +# 13. Server blocks within each sites-available file are sorted +# alphabetically by server_name (LC_ALL=C; regex/wildcard excluded) +# ────────────────────────────────────────────────────────────────── +echo "--- Alphabetical server_name order check ---" +sort_errors=0 +for conf in "$NGINX_DIR/sites-available/"*.conf; do + [ "$(basename "$conf")" = "default" ] && continue + + mapfile -t actual < <(grep -P '^\s*server_name\s' "$conf" \ + | grep -v '^\s*#' \ + | sed 's/.*server_name\s*//' \ + | sed 's/\s*;//' \ + | awk '{print $1}' \ + | grep -vP '^~|^\*\.|^_$') + + mapfile -t expected < <(printf '%s\n' "${actual[@]}" | LC_ALL=C sort) + + for ((i = 0; i < ${#actual[@]}; i++)); do + if [ "${actual[$i]}" != "${expected[$i]}" ]; then + fail "$(basename "$conf"): not sorted — found '${actual[$i]}', expected '${expected[$i]}'" + sort_errors=1 + break + fi + done +done +[ "$sort_errors" -eq 0 ] && pass "All sites-available files have alphabetically sorted server blocks" +echo "" + # ────────────────────────────────────────────────────────────────── # Summary # ──────────────────────────────────────────────────────────────────