EuAndreh writes: >> With the NGinx service currently, you need to restart it to change the >> NGinx binary or configuration file. > > It is true that you need to restart to change the NGINX binary, but this > is not true for changing the configuration file. > > NGINX's master process reloads the configuration file, which could have > an "include" line that points to ad-hoc files in /etc. So even though > the NGINX service is using the immutable file inside /gnu/store, > reloading it can have it change its runtime behaviour. > > The same behaviour is relied upon for certbot certificates: the current > certificate lives in /etc/letsencrypt/live, but it is a symlink that > points to /etc/letsencrypt/archive. When a certificate is renewed, a > SIGHUP ought to be sent to NGINX in order to reload the configuration > file, so that the certificates themselves can be reloaded, even though > neither the NGINX binary nor the configuration file changed, but only > what they point to did. That makes sense. I do think this still might cause confusion, since I think some will expect this to change NGinx to use the configuration defined in the system configuration. I'm not quite sure how to address that, but I think this can still be merged. Chris