public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/acme: Make sure nginx is running before certs are requested

Browse Source 
This fixes https://github.com/NixOS/nixpkgs/issues/81842

We should probably also fix this for Apache, which recently also learned
to use ACME.
This commit is contained in:
Arian van Putten 2020-04-14 14:55:05 +02:00
parent 60247e8560
commit 681cc105ce
2 changed files with 4 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
nixos/modules/services/web-servers/nginx/default.nix
View File

@ -693,6 +693,10 @@ in
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
wants = concatLists (map (vhostConfig: ["acme-${vhostConfig.serverName}.service" "acme-selfsigned-${vhostConfig.serverName}.service"]) acmeEnabledVhosts); wants = concatLists (map (vhostConfig: ["acme-${vhostConfig.serverName}.service" "acme-selfsigned-${vhostConfig.serverName}.service"]) acmeEnabledVhosts);
after = [ "network.target" ] ++ map (vhostConfig: "acme-selfsigned-${vhostConfig.serverName}.service") acmeEnabledVhosts; after = [ "network.target" ] ++ map (vhostConfig: "acme-selfsigned-${vhostConfig.serverName}.service") acmeEnabledVhosts;
# Nginx needs to be started in order to be able to request certificates
# (it's hosting the acme challenge after all)
# This fixes https://github.com/NixOS/nixpkgs/issues/81842
before = map (vhostConfig: "acme-${vhostConfig.serverName}.service") acmeEnabledVhosts;
stopIfChanged = false; stopIfChanged = false;
preStart = '' preStart = ''
${cfg.preStart} ${cfg.preStart}

6
nixos/tests/acme.nix
View File

@ -71,9 +71,6 @@ in import ./make-test-python.nix ({ lib, ... }: {
after = [ "acme-a.example.test.service" ]; after = [ "acme-a.example.test.service" ];
wantedBy = [ "acme-a.example.test.service" ]; wantedBy = [ "acme-a.example.test.service" ];
}; };
systemd.services."acme-a.example.test" = {
after = [ "nginx.service" ];
};
services.nginx.enable = true; services.nginx.enable = true;
@ -93,9 +90,6 @@ in import ./make-test-python.nix ({ lib, ... }: {
after = [ "acme-b.example.test.service" ]; after = [ "acme-b.example.test.service" ];
wantedBy = [ "acme-b.example.test.service" ]; wantedBy = [ "acme-b.example.test.service" ];
}; };
systemd.services."acme-b.example.test" = {
after = [ "nginx.service" ];
};
services.nginx.virtualHosts."b.example.test" = { services.nginx.virtualHosts."b.example.test" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;