From: julien lepiller <julien@lepiller.eu>
To: 29467@debbugs.gnu.org
Subject: [bug#29467] [PATCH] web: Don't error about missing ssl related files.
Date: Mon, 27 Nov 2017 10:22:48 +0100 [thread overview]
Message-ID: <873b92b926e5037c904e1d0599ca6b63@lepiller.eu> (raw)
In-Reply-To: <20171127082620.19237-1-mail@cbaines.net>
Le 2017-11-27 09:26, Christopher Baines a écrit :
> Erroring here prevents doing things like building a system using nginx
> on a
> different machine from where it's intended to be deployed, or creating
> containers and VMs that use the ssl-certificate parts of the nginx
> configuration, without also getting these files to exist.
>
> * gnu/services/web.scm (emit-nginx-server-config): Don't error on
> missing ssl
> related files.
> ---
> gnu/services/web.scm | 10 ----------
> 1 file changed, 10 deletions(-)
>
> diff --git a/gnu/services/web.scm b/gnu/services/web.scm
> index 9d713003c..1af32278c 100644
> --- a/gnu/services/web.scm
> +++ b/gnu/services/web.scm
> @@ -191,16 +191,6 @@ of index files."
> (syntax-parameterize ((<> (identifier-syntax x*)))
> (list tail ...))
> '())))
> - (for-each
> - (match-lambda
> - ((record-key . file)
> - (if (and file (not (file-exists? file)))
> - (error
> - (simple-format
> - #f
> - "~A in the nginx configuration for the server with name
> \"~A\" does not exist" record-key server-name)))))
> - `(("ssl-certificate" . ,ssl-certificate)
> - ("ssl-certificate-key" . ,ssl-certificate-key)))
> (list
> " server {\n"
> (and/l http-port " listen " (number->string <>) ";\n")
Hi, when configuring nginx for the first time, users will probably
forget to
configure ssl properly. The default is to enable ssl and find
certificates in
/etc/nginx. When these files don't exist, nginx will fail to start and
at least
one user complained it was hard to debug. This code was introduced to
prevent
such a mistake.
Maybe we should set the default to #f (but then users would have to
configure
more fields to enable https). Maybe we should add a configuration option
like
warn-only? (default to #f) to only warn about missing files. Or maybe
there's
a way to show nginx that another service is providing that file?
I agree there is an issue, but your patch feels like a regression to me
for the
documented use-cases. WDYT?
next prev parent reply other threads:[~2017-11-27 9:24 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-27 8:26 [bug#29467] [PATCH] web: Don't error about missing ssl related files Christopher Baines
2017-11-27 9:22 ` julien lepiller [this message]
2017-12-05 11:14 ` Ludovic Courtès
2017-12-05 11:23 ` julien lepiller
2017-12-08 9:41 ` Ludovic Courtès
2017-12-09 9:31 ` [bug#29467] [PATCH 1/2] " Christopher Baines
2017-12-09 9:31 ` [bug#29467] [PATCH 2/2] services: web: Remove default certificate and key files for nginx Christopher Baines
2017-12-11 13:26 ` Ludovic Courtès
2017-12-11 20:41 ` bug#29467: " Christopher Baines
2017-12-11 13:26 ` [bug#29467] [PATCH 1/2] web: Don't error about missing ssl related files Ludovic Courtès
2017-12-09 9:37 ` [bug#29467] [PATCH] " Christopher Baines
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=873b92b926e5037c904e1d0599ca6b63@lepiller.eu \
--to=julien@lepiller.eu \
--cc=29467@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).