From 14194ec57345c4d7b2593c4b03434369445247b3 Mon Sep 17 00:00:00 2001
From: Nils Rokita <0rokita@informatik.uni-hamburg.de>
Date: Fri, 27 Jan 2017 14:40:30 +0100
Subject: [PATCH] Add config variable for the cert directory.

This config variable will make it possible to have the certs stored
in an directory not inside of the nginx config. Defaults to the
privious behaviour.
---
 hpkpinx.sh | 5 +++--
 readme.md  | 5 +++++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/hpkpinx.sh b/hpkpinx.sh
index 969e933..4706751 100644
--- a/hpkpinx.sh
+++ b/hpkpinx.sh
@@ -4,6 +4,7 @@ set -e
 
 NGINX_ROOT='/etc/nginx'
 HPKPINX_ROOT='/opt/hpkpinx'
+CERT_ROOT="${NGINX_ROOT}/certs"
 
 . ${HPKPINX_ROOT}/config.sh
 
@@ -58,7 +59,7 @@ then
         echo -n "add_header Public-Key-Pins-Report-Only '" > ${NGINX_ROOT}/hpkp.conf
     fi
     echo -n "pin-sha256=\"${STATIC_PIN}\"; " >> ${NGINX_ROOT}/hpkp.conf
-    generate_pin "${NGINX_ROOT}/certs/${2}/privkey.pem" >> ${NGINX_ROOT}/hpkp.conf
-    generate_pin "${NGINX_ROOT}/certs/${2}/privkey.roll.pem" >> ${NGINX_ROOT}/hpkp.conf
+    generate_pin "${CERT_ROOT}/${2}/privkey.pem" >> ${NGINX_ROOT}/hpkp.conf
+    generate_pin "${CERT_ROOT}/${2}/privkey.roll.pem" >> ${NGINX_ROOT}/hpkp.conf
     echo "max-age=${HPKP_AGE}';" >> ${NGINX_ROOT}/hpkp.conf
 fi
diff --git a/readme.md b/readme.md
index 252bab0..1fb31c3 100644
--- a/readme.md
+++ b/readme.md
@@ -55,6 +55,11 @@ include hpkp.conf;
 
 The config file is located at `/opt/hpkpinx/config.sh`. You have the following options:
 
+### CERT_ROOT
+
+The path to the folder where dehydrated is putting the Certs (eg. $CERTDIR from the dehydrated config).
+This is Optional, defaults to certs in the nginx folder.
+
 ### HPKP_AGE
 
 The time, in seconds, that the browser should remember that this site is only to be accessed using one of the defined keys.