From 79da70010a8183d1ac34887491f869e0c2ae7594 Mon Sep 17 00:00:00 2001
From: Nils Rokita <0rokita@informatik.uni-hamburg.de>
Date: Fri, 27 Jan 2017 14:40:30 +0100
Subject: [PATCH] Add config variable for the cert directory.

This config variable will make it possible to have the certs stored
in an directory not inside of the nginx config. Defaults to the
privious behaviour.
---
 hpkpinx.sh | 5 +++--
 readme.md  | 5 +++++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/hpkpinx.sh b/hpkpinx.sh
index 101b2b2..b7925cc 100755
--- a/hpkpinx.sh
+++ b/hpkpinx.sh
@@ -4,6 +4,7 @@ set -e
 
 NGINX_ROOT='/etc/nginx'
 HPKPINX_ROOT='/opt/hpkpinx'
+CERT_ROOT="${NGINX_ROOT}/certs"
 
 . ${HPKPINX_ROOT}/config.sh
 
@@ -58,7 +59,7 @@ then
         echo -n "add_header Public-Key-Pins-Report-Only '" > ${NGINX_ROOT}/hpkp.conf
     fi
     echo -n "pin-sha256=\"${STATIC_PIN}\"; " >> ${NGINX_ROOT}/hpkp.conf
-    generate_pin "${NGINX_ROOT}/certs/${2}/privkey.pem" >> ${NGINX_ROOT}/hpkp.conf
-    generate_pin "${NGINX_ROOT}/certs/${2}/privkey.roll.pem" >> ${NGINX_ROOT}/hpkp.conf
+    generate_pin "${CERT_ROOT}/${2}/privkey.pem" >> ${NGINX_ROOT}/hpkp.conf
+    generate_pin "${CERT_ROOT}/${2}/privkey.roll.pem" >> ${NGINX_ROOT}/hpkp.conf
     echo "max-age=${HPKP_AGE}';" >> ${NGINX_ROOT}/hpkp.conf
 fi
diff --git a/readme.md b/readme.md
index 252bab0..1fb31c3 100644
--- a/readme.md
+++ b/readme.md
@@ -55,6 +55,11 @@ include hpkp.conf;
 
 The config file is located at `/opt/hpkpinx/config.sh`. You have the following options:
 
+### CERT_ROOT
+
+The path to the folder where dehydrated is putting the Certs (eg. $CERTDIR from the dehydrated config).
+This is Optional, defaults to certs in the nginx folder.
+
 ### HPKP_AGE
 
 The time, in seconds, that the browser should remember that this site is only to be accessed using one of the defined keys.