[bug#29467] [PATCH] web: Don't error about missing ssl related files.

guix-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#29467] [PATCH] web: Don't error about missing ssl related files.

From:	julien lepiller
Subject:	[bug#29467] [PATCH] web: Don't error about missing ssl related files.
Date:	Mon, 27 Nov 2017 10:22:48 +0100
User-agent:	Roundcube Webmail/1.3.3

Le 2017-11-27 09:26, Christopher Baines a écrit :

Erroring here prevents doing things like building a system using nginxon a

different machine from where it's intended to be deployed, or creating
containers and VMs that use the ssl-certificate parts of the nginx
configuration, without also getting these files to exist.

* gnu/services/web.scm (emit-nginx-server-config): Don't error onmissing ssl

  related files.
---
 gnu/services/web.scm | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index 9d713003c..1af32278c 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -191,16 +191,6 @@ of index files."
             (syntax-parameterize ((<> (identifier-syntax x*)))
               (list tail ...))
             '())))
-    (for-each
-     (match-lambda
-      ((record-key . file)
-       (if (and file (not (file-exists? file)))
-           (error
-            (simple-format
-             #f
-             "~A in the nginx configuration for the server with name
\"~A\" does not exist" record-key server-name)))))
-     `(("ssl-certificate"     . ,ssl-certificate)
-       ("ssl-certificate-key" . ,ssl-certificate-key)))
     (list
      "    server {\n"
      (and/l http-port  "      listen " (number->string <>) ";\n")

Hi, when configuring nginx for the first time, users will probablyforget toconfigure ssl properly. The default is to enable ssl and findcertificates in/etc/nginx. When these files don't exist, nginx will fail to start andat leastone user complained it was hard to debug. This code was introduced toprevent

such a mistake.

Maybe we should set the default to #f (but then users would have toconfiguremore fields to enable https). Maybe we should add a configuration optionlikewarn-only? (default to #f) to only warn about missing files. Or maybethere's

a way to show nginx that another service is providing that file?

I agree there is an issue, but your patch feels like a regression to mefor the

documented use-cases. WDYT?

[Prev in Thread]

Current Thread

[Next in Thread]

[bug#29467] [PATCH] web: Don't error about missing ssl related files., Christopher Baines, 2017/11/27
- [bug#29467] [PATCH] web: Don't error about missing ssl related files., julien lepiller <=

Prev by Date: [bug#29301] [PATCH] substitute* hard-coded paths with paths from "out"
Next by Date: [bug#29469] [PATCH 1/2] gnu: monero: Update to 0.11.1.0.
Previous by thread: [bug#29467] [PATCH] web: Don't error about missing ssl related files.
Next by thread: [bug#29468] [PATCH 0/2] Fix some functionality in gnome-disks.
Index(es):
- Date
- Thread