From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id sOcVAndoRmPq8QAAbAwnHQ (envelope-from ) for ; Wed, 12 Oct 2022 09:10:47 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id IGQaAndoRmMZMAAAauVa8A (envelope-from ) for ; Wed, 12 Oct 2022 09:10:47 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id AF8223D45C for ; Wed, 12 Oct 2022 09:10:46 +0200 (CEST) Received: from localhost ([::1]:59220 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oiVt7-0001Ix-JJ for larch@yhetil.org; Wed, 12 Oct 2022 03:10:45 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:38160) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oiVkg-0004IV-LT for guix-patches@gnu.org; Wed, 12 Oct 2022 03:02:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:56402) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oiVkg-0007Ig-As for guix-patches@gnu.org; Wed, 12 Oct 2022 03:02:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1oiVkf-0005sD-Vx for guix-patches@gnu.org; Wed, 12 Oct 2022 03:02:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#58405] [PATCH] services: nginx: Add reload action Resent-From: EuAndreh Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 12 Oct 2022 07:02:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 58405 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Christopher Baines Cc: 58405@debbugs.gnu.org Received: via spool by 58405-submit@debbugs.gnu.org id=B58405.166555807022517 (code B ref 58405); Wed, 12 Oct 2022 07:02:01 +0000 Received: (at 58405) by debbugs.gnu.org; 12 Oct 2022 07:01:10 +0000 Received: from localhost ([127.0.0.1]:55480 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oiVjq-0005r7-9R for submit@debbugs.gnu.org; Wed, 12 Oct 2022 03:01:10 -0400 Received: from box.euandre.org ([46.101.160.115]:41395) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oiVjk-0005qR-EK for 58405@debbugs.gnu.org; Wed, 12 Oct 2022 03:01:08 -0400 Received: from authenticated-user (box.euandre.org [46.101.160.115]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by box.euandre.org (Postfix) with ESMTPSA id AF871FC3D4; Wed, 12 Oct 2022 04:00:55 -0300 (-03) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=euandre.org; s=mail; t=1665558056; bh=ympI30cu8UJ0osGz+VooUn37iGDWeZ7pODTuOqbTlZ0=; h=In-Reply-To:References:Subject:From:Cc:To:Date:From; b=bssflA/IC/1o4RaRWPfJ8YR1U3HOakwP9O6CvmHPiJNQplzYOzQ08HwlOhKnKU2Lr 4sde2rrwJB0OVXXncHRRhxIbtNdtTRqXwyYaVapCk6CSpihftNcqb2JpexNYlxQvc0 Mv4NBdSHLpo5KsmrmHlkcx+ypxDnm+F2rjlrhRajMiw54Jcmr+Z50Hwi5Ge0WrxCfC IsXZI0EutPXoKU3ymxap9h6rOL15C2AwA1evZFKHByWRsK47+hYwRB54/H5JTctWqe 18XlOkZmi+/2aDg0fnoG2Ao9IIW48T9jzh3CYQKEo449VqlV5z85ApH08+tftmbUqN FDUYgAuri6cwQ== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable In-Reply-To: <87h70aaay0.fsf@cbaines.net> References: <20221010043932.28384-1-eu@euandre.org> <87h70aaay0.fsf@cbaines.net> Date: Wed, 12 Oct 2022 04:00:46 -0300 Message-ID: <166555804644.2805.1693234721157753050@localhost> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" Reply-to: EuAndreh X-ACL-Warn: , EuAndreh via Guix-patches From: EuAndreh via Guix-patches via X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1665558646; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=tWuBz4WtVpvRhltopbQaAT59PopAq/0zOtrhQNiDLvY=; b=ILnJZlw19Mn4FhcqjyYwyym8REtwuOgH3HuNtgXoT5VFBuM1+Go9GdyKLH/FuDiqFzr/wi YHqakrtBQ5vVxghEb+RRM2toq5J+ORTG2BscIa1z4sErrq2D4sukwNzXx5o+gpovxfqhO4 47r5wkRgl2ZDQyRlU+JHrGUIIZBOZKx0ihw7LAvJlYy0FR52kJfS6Q+NjzE6YRZ8Thsio9 esoBBYKTy95Z9Tg/en7lUbEHo0qtbEu7VWElMIRZ4cHmKMeAyw6hAuoOa2vd33ryB8Irap MumoGpq++sMLdPof/j2nGHstf4Z3ZdckMAeZDsCah77n/3L88bkNqdb9d0BpxA== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1665558646; a=rsa-sha256; cv=none; b=oRopoh6NoILOv/kS+/BNPeu+7gFtAY/hnPEDWwLeucj1dd3Fs8aHqPJYyGIA+/uFFAow+y YEpkA6/bIDHzSL6Fo2mF05ir/xJbCYAeYAsquPGGnJi2I01sp8mKPI3O3X5n2SsVJPdfjj LE3pA6bIBtC/ZK7fSGOtfw3f7kArskpg1UkCi40864RYGxQ3xZojEtimZ5bYOC9QhQdoE3 zaXVfNUGYa2PHS10LK8cC+V8YwIHeVZCLTRRBZz3rGoCD98cExx19qbb73XhvuXNLJaSic ROpgUMlTZVlsqHXG2FQPc2s/ZW0AYBAof+8rQ3A5EOGbIqXtmm48QpGK0kg8kw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=euandre.org header.s=mail header.b="bssflA/I"; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -2.90 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=euandre.org header.s=mail header.b="bssflA/I"; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: AF8223D45C X-Spam-Score: -2.90 X-Migadu-Scanner: scn1.migadu.com X-TUID: gPo1NdDLdLcR > With the NGinx service currently, you need to restart it to change the > NGinx binary or configuration file. It is true that you need to restart to change the NGINX binary, but this is not true for changing the configuration file. NGINX's master process reloads the configuration file, which could have an "include" line that points to ad-hoc files in /etc. So even though the NGINX service is using the immutable file inside /gnu/store, reloading it can have it change its runtime behaviour. The same behaviour is relied upon for certbot certificates: the current certificate lives in /etc/letsencrypt/live, but it is a symlink that points to /etc/letsencrypt/archive. When a certificate is renewed, a SIGHUP ought to be sent to NGINX in order to reload the configuration file, so that the certificates themselves can be reloaded, even though neither the NGINX binary nor the configuration file changed, but only what they point to did. > What's the purpose of the reload action here given that neither the > binary or configuration file being used will change? I'm doing blue/green deployments on a web service. I have the equivalent of /etc/my-service/{blue,green,active}.conf files, and an "include" line in the main NGINX configuration that includes the "active" one. Doing a deploy from blue to green is done by changing the `active.conf` symlink to point to `green.conf` instead, and sending a SIGHUP to NGINX.