Example Nginx config from Guix manual does not work

Example Nginx config from Guix manual does not work

[Adam Kandur]

[-- Attachment #1: Type: text/plain, Size: 1408 bytes --]

Hi guix!(service nginx-service-type                            (nginx-configuration                             (server-blocks                              (list (nginx-server-configuration                                     (server-name '("www.example.com"))                                     (root "/srv/http/www.example.com")))))) produce this nginx configuser nginx nginx;pid /var/run/nginx/pid;error_log /var/log/nginx/error.log info;events { }http {    client_body_temp_path /var/run/nginx/client_body_temp;    proxy_temp_path /var/run/nginx/proxy_temp;    fastcgi_temp_path /var/run/nginx/fastcgi_temp;    uwsgi_temp_path /var/run/nginx/uwsgi_temp;    scgi_temp_path /var/run/nginx/scgi_temp;    access_log /var/log/nginx/access.log;    include /gnu/store/dngffa0df8zsxlbi630656688zhly6p5-nginx-1.23.2/share/nginx/conf/mime.types;    server {      listen 80;      listen 443 ssl;      server_name www.example.com ;      root /srv/http/www.example.com;      index index.html ;      server_tokens off;    }}Which will not work because it asks to listen on 443 with ssl, which is not possible because no certificates are provided. Removing the line "listen 443 ssl;" solves this problem.

[-- Attachment #2.1: Type: text/html, Size: 3078 bytes --]

Re: Example Nginx config from Guix manual does not work

[Felix Lechner via Development of GNU Guix and the GNU System distribution.]

Hi Adam,

On Sat, Dec 24, 2022 at 2:29 AM Adam Kandur <manualbot@icloud.com> wrote:
>
> Which will not work because it asks to listen on 443 with ssl, which is not possible because no certificates are provided.

I use this configuration [1] but also face a chicken-and-egg problem
for new sites. I normally take nginx offline with

   sudo herd stop nginx

and then configure any newly needed certificates from Let's Encrypt with

   sudo certbot certificates --standalone

Then I start Nginx again.

At my convenience (but within ninety days) I then reconfigure the
equipment while including both the new website in Nginx and the new
Certbot definition in config.scm.

Hope that helps!

Kind regards
Felix Lechner

[1] https://codeberg.org/lechner/system-config/src/commit/2b6e49e466cb8bd4a3715111b4a4690192941ac8/host/wallace-server/operating-system.scm#L581-L743

Re: Example Nginx config from Guix manual does not work

[Kefir .]

Hi Felix!
Thank you for this solution. But my point was in starting nginx server without encryption. Probably it should be a separate argument or something.
In my case I used (local-file ) to set needed settings but your suggestion looks nice.

> On Dec 25, 2022, at 7:44 AM, Felix Lechner <felix.lechner@lease-up.com> wrote:
> 
> Hi Adam,
> 
>> On Sat, Dec 24, 2022 at 2:29 AM Adam Kandur <manualbot@icloud.com> wrote:
>> 
>> Which will not work because it asks to listen on 443 with ssl, which is not possible because no certificates are provided.
> 
> I use this configuration [1] but also face a chicken-and-egg problem
> for new sites. I normally take nginx offline with
> 
>   sudo herd stop nginx
> 
> and then configure any newly needed certificates from Let's Encrypt with
> 
>   sudo certbot certificates --standalone
> 
> Then I start Nginx again.
> 
> At my convenience (but within ninety days) I then reconfigure the
> equipment while including both the new website in Nginx and the new
> Certbot definition in config.scm.
> 
> Hope that helps!
> 
> Kind regards
> Felix Lechner
> 
> [1] https://codeberg.org/lechner/system-config/src/commit/2b6e49e466cb8bd4a3715111b4a4690192941ac8/host/wallace-server/operating-system.scm#L581-L743