unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed
* [bug#63877] [PATCH] gnu: services: web: Set SSL_CERT_DIR in php-fpm environment.
@ 2023-06-03 18:25 Timo Wilken
  2023-06-03 22:18 ` Bruno Victal
  2023-06-04 13:59 ` [bug#63877] [PATCH v2] gnu: services: web: Allow specifying extra php-fpm environment variables Timo Wilken
  0 siblings, 2 replies; 10+ messages in thread
From: Timo Wilken @ 2023-06-03 18:25 UTC (permalink / raw)
  To: 63877; +Cc: Timo Wilken

Some PHP programs, like Nextcloud, make HTTPS requests to other servers. For
this, they need to know where the system CA certificates are.

* gnu/services/web.scm (php-fpm-shepherd-service): Set SSL_CERT_DIR
  environment variable.
---

This solution adds a dependency from the resulting Shepherd service to the
nss-certs package, which weighs 0.3 MiB. An alternative solution might be to
set SSL_CERT_DIR=/etc/ssl/certs instead and rely on nss-certs being installed
system-wide.

 gnu/services/web.scm | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index 45897d7d6f..e46710a040 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -16,6 +16,7 @@
 ;;; Copyright © 2020, 2021 Alexandru-Sergiu Marton <brown121407@posteo.ro>
 ;;; Copyright © 2022 Simen Endsjø <simendsjo@gmail.com>
 ;;; Copyright © 2023 Bruno Victal <mirai@makinata.eu>
+;;; Copyright © 2023 Timo Wilken <guix@twilken.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -1096,6 +1097,12 @@ (define php-fpm-shepherd-service
                         #$@(if php-ini-file
                                `("-c" ,php-ini-file)
                                '()))
+                      #:environment-variables
+                      (cons*
+                       ;; Needed by e.g. Nextcloud to make HTTPS requests.
+                       (string-append
+                        "SSL_CERT_DIR=" #$(file-append nss-certs "/etc/ssl/certs"))
+                       (default-environment-variables))
                       #:pid-file #$pid-file))
             (stop #~(make-kill-destructor)))))))
 

base-commit: 66c9b82fed3c59ee07187898592c688c82fed273
-- 
2.40.1





^ permalink raw reply related	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2024-02-17 23:24 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-06-03 18:25 [bug#63877] [PATCH] gnu: services: web: Set SSL_CERT_DIR in php-fpm environment Timo Wilken
2023-06-03 22:18 ` Bruno Victal
2023-06-04 13:59 ` [bug#63877] [PATCH v2] gnu: services: web: Allow specifying extra php-fpm environment variables Timo Wilken
2023-06-05  3:44   ` Bruno Victal
2023-07-01 14:40     ` [bug#63877] [PATCH] gnu: services: web: Set SSL_CERT_DIR in php-fpm environment Ludovic Courtès
2023-10-15 20:54     ` [bug#63877] [PATCH v2] gnu: services: web: Allow specifying extra php-fpm environment variables Timo Wilken
2023-10-19 14:32       ` Bruno Victal
2024-02-17 23:21         ` [bug#63877] Reworked patch for setting " guix
2024-02-17 23:21           ` [bug#63877] [PATCH 1/2] gnu: services: web: Allow specifying extra " guix
2024-02-17 23:21           ` [bug#63877] [PATCH 2/2] tests: web: Test environment variables are set for php-fpm guix

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).