#!/bin/sh


if [ -f "/etc/nginx/luci_nginx_ssl.conf" ] && [ -f "/etc/nginx/nginx.conf" ]; then
	if [ ! "$(cat '/etc/nginx/nginx.conf' | grep 'return 301 https://$host$request_uri;')" ]; then
		if [ -f "/etc/nginx/nginx.conf_old" ]; then
			rm /etc/nginx/nginx.conf
		else
			mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf_old
		fi
		mv /etc/nginx/luci_nginx_ssl.conf /etc/nginx/nginx.conf
		core_number=$(grep -c ^processor /proc/cpuinfo)
		sed -i "3s/.*/worker_processes  "$core_number";/" /etc/nginx/nginx.conf
		if [ -n "$(pgrep nginx)" ]; then
			/etc/init.d/nginx restart
		else
			/etc/init.d/nginx start
		fi
	else
		rm /etc/nginx/luci_nginx_ssl.conf
	fi
fi


if [ ! -f "/etc/nginx/nginx.key" ]; then
	
	NGINX_KEY=/etc/nginx/nginx.key
	NGINX_CER=/etc/nginx/nginx.cer
	OPENSSL_BIN=/usr/bin/openssl
	PX5G_BIN=/usr/sbin/px5g
	
	# Prefer px5g for certificate generation (existence evaluated last)
	GENKEY_CMD=""
	UNIQUEID=$(dd if=/dev/urandom bs=1 count=4 | hexdump -e '1/1 "%02x"')
	[ -x "$OPENSSL_BIN" ] && GENKEY_CMD="$OPENSSL_BIN req -x509 -nodes"
	[ -x "$PX5G_BIN" ] && GENKEY_CMD="$PX5G_BIN selfsigned"
	[ -n "$GENKEY_CMD" ] && {
		$GENKEY_CMD \
			-days 730 -newkey rsa:2048 -keyout "${NGINX_KEY}.new" -out "${NGINX_CER}.new" \
			-subj /C="ZZ"/ST="Somewhere"/L="Unknown"/O="OpenWrt""$UNIQUEID"/CN="OpenWrt"
		sync
		mv "${NGINX_KEY}.new" "${NGINX_KEY}"
		mv "${NGINX_CER}.new" "${NGINX_CER}"
	}
fi


exit 0