From 600287c2463c7debf892ad4a7560cc8324a83493 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=80=97=E5=AD=90?= <haozi@loli.email>
Date: Thu, 17 Apr 2025 01:26:13 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20=E4=BC=98=E5=8C=96http=E6=8C=91?=
 =?UTF-8?q?=E6=88=98=E7=9A=84=E6=B5=81=E7=A8=8B=EF=BC=8C=E6=94=AF=E6=8C=81?=
 =?UTF-8?q?=E5=90=8C=E6=97=B6=E7=AD=BE=E5=A4=9A=E4=B8=AA=E5=9F=9F=E5=90=8D?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 pkg/acme/solvers.go | 39 ++++++++++++++++++++++++++++++++++-----
 1 file changed, 34 insertions(+), 5 deletions(-)

diff --git a/pkg/acme/solvers.go b/pkg/acme/solvers.go
index 35471fc7..7c05071e 100644
--- a/pkg/acme/solvers.go
+++ b/pkg/acme/solvers.go
@@ -41,10 +41,20 @@ func (s httpSolver) Present(_ context.Context, challenge acme.Challenge) error {
     return 200 %q;
 }
 `, challenge.HTTP01ResourcePath(), challenge.KeyAuthorization)
-	if err := os.WriteFile(s.conf, []byte(conf), 0644); err != nil {
-		return fmt.Errorf("failed to write nginx config %q: %w", s.conf, err)
+
+	file, err := os.OpenFile(s.conf, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
+	if err != nil {
+		return fmt.Errorf("failed to open nginx config %q: %w", s.conf, err)
 	}
-	if err := systemctl.Reload("nginx"); err != nil {
+	defer func(file *os.File) {
+		_ = file.Close()
+	}(file)
+
+	if _, err = file.Write([]byte(conf)); err != nil {
+		return fmt.Errorf("failed to write to nginx config %q: %w", s.conf, err)
+	}
+
+	if err = systemctl.Reload("nginx"); err != nil {
 		_, err = shell.Execf("nginx -t")
 		return fmt.Errorf("failed to reload nginx: %w", err)
 	}
@@ -54,8 +64,27 @@ func (s httpSolver) Present(_ context.Context, challenge acme.Challenge) error {
 
 // CleanUp cleans up the HTTP server if it is the last one to finish.
 func (s httpSolver) CleanUp(_ context.Context, challenge acme.Challenge) error {
-	_ = os.WriteFile(s.conf, []byte{}, 0644)
-	_ = systemctl.Reload("nginx")
+	conf, err := os.ReadFile(s.conf)
+	if err != nil {
+		return fmt.Errorf("failed to read nginx config %q: %w", s.conf, err)
+	}
+
+	target := fmt.Sprintf(`location = %s {
+    default_type text/plain;
+    return 200 %q;
+}
+`, challenge.HTTP01ResourcePath(), challenge.KeyAuthorization)
+
+	newConf := strings.ReplaceAll(string(conf), target, "")
+	if err = os.WriteFile(s.conf, []byte(newConf), 0644); err != nil {
+		return fmt.Errorf("failed to write to nginx config %q: %w", s.conf, err)
+	}
+
+	if err = systemctl.Reload("nginx"); err != nil {
+		_, err = shell.Execf("nginx -t")
+		return fmt.Errorf("failed to reload nginx: %w", err)
+	}
+
 	return nil
 }