From unknown Tue Sep 09 06:47:17 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#26716 <26716@debbugs.gnu.org> To: bug#26716 <26716@debbugs.gnu.org> Subject: Status: Test nginx configuration Reply-To: bug#26716 <26716@debbugs.gnu.org> Date: Tue, 09 Sep 2025 13:47:17 +0000 retitle 26716 Test nginx configuration reassign 26716 guix-patches submitter 26716 Julien Lepiller severity 26716 normal thanks From debbugs-submit-bounces@debbugs.gnu.org Sun Apr 30 06:05:26 2017 Received: (at submit) by debbugs.gnu.org; 30 Apr 2017 10:05:26 +0000 Received: from localhost ([127.0.0.1]:46936 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1d4ljG-0007hp-Ri for submit@debbugs.gnu.org; Sun, 30 Apr 2017 06:05:26 -0400 Received: from eggs.gnu.org ([208.118.235.92]:52517) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1d4ljE-0007ha-Cy for submit@debbugs.gnu.org; Sun, 30 Apr 2017 06:05:21 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1d4lj8-00052l-1t for submit@debbugs.gnu.org; Sun, 30 Apr 2017 06:05:15 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_40,T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:58964) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1d4lj7-00052h-UO for submit@debbugs.gnu.org; Sun, 30 Apr 2017 06:05:13 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:43479) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d4lj6-0005sV-Hg for guix-patches@gnu.org; Sun, 30 Apr 2017 06:05:13 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1d4lj3-00051L-B2 for guix-patches@gnu.org; Sun, 30 Apr 2017 06:05:12 -0400 Received: from dau94-h03-89-91-205-84.dsl.sta.abo.bbox.fr ([89.91.205.84]:47183 helo=skaro.lepiller.eu) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1d4lj2-0004xm-QZ for guix-patches@gnu.org; Sun, 30 Apr 2017 06:05:09 -0400 Received: from localhost (localhost [127.0.0.1]) by skaro.lepiller.eu (Postfix) with ESMTP id 76CD980BC2 for ; Sun, 30 Apr 2017 12:05:05 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lepiller.eu; s=default; t=1493546705; bh=kivYuryWYS/s/sN8pfBvcx/T80BwFLk5PtKzq4z5wBM=; h=Date:From:To:Subject:From; b=JHBMn+4ek9qQHNQu/++REmmL8uupMrq+Qiq0sk54qZVUAqMp/6Up0T+I5MAxt8ko4 PecAskCOK4rJWWoTApDzjRnog/c2Y1RY9eVSrUCqXaskHEV+67f17CLV0m2Hz926bV ddHMzUt/sUlPkKLyGvGEL5esZKMWL8+dnFIAIUVmX6mF/Tb0j9/AF5a6qv8BghDFhm Ci9sGAB4sU1GQNZLnIOl+H9sqVsrdNFZ8U8aYki3GRMNgrYgoqMzH8B5C29mf6c2rV 8GJAAp4WJisOHx8LQRQBoQCuTP9SJLrnpRy1byt5RbQqfBSy/3ooH88mW9D62vqFIB L6ojPToW197A7Vkhh/c8XMq9uUZ82qjTtnvq7d8Xu5MWL/+6coRpTsu5lecyrR5TKt 4GeQBG57E6pbx/Y6jFswQpz0B95cYtnLpmXk2sqkFaq+9CYBqojYIvbaQmL5Ky60m3 Y0W8kYHPspd8IS+z+f5VJ6B8kvbNM902UAIB5tY8xL0kcTxLDNgDp90pkBXuplMsDN lz3eTVgJpmnvbnTeWtuVlIr9DPRDaLvN/7JDzm4cL6NaOQQtMW0qLu2mG7ihaUBl7/ NRLjcuX2tpTfeF273KgysUzRESs0FcsgOoaDz9laYV1DRuQSeUfhh5ncBAqRK5C0vh WyTc0/06y9iTygiNhwR3POBc= X-Virus-Scanned: Debian amavisd-new at lepiller.eu Received: from skaro.lepiller.eu ([127.0.0.1]) by localhost (lepiller.eu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rC-N8ZtBEchn for ; Sun, 30 Apr 2017 12:05:00 +0200 (CEST) Received: from localhost (89-93-157-164.hfc.dyn.abo.bbox.fr [89.93.157.164]) by skaro.lepiller.eu (Postfix) with ESMTPSA id DF4ED80B15 for ; Sun, 30 Apr 2017 12:04:59 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lepiller.eu; s=default; t=1493546700; bh=kivYuryWYS/s/sN8pfBvcx/T80BwFLk5PtKzq4z5wBM=; h=Date:From:To:Subject:From; b=ScN/7Uj2yrW26mZhUa57ZNEix0gCNT2nIlXJjNDy1VdwDiR3b7Mla6JeWVwtJHG6m UzqrEQGNVRSoFFcJP7bXQj4zxB5lb3w+ect4rbPjeBxPPu0YzedH1x+oAQO61vv86g Wh+JZQY/jFqqVotlGSIU8+E1ccoHvIXLz6JaApoenDazDWV0OBL1Uk3DlbbYjpbHGA nsZsOk/xMpHoHvHnGEVeEF92SPI8BYlXUIdGGBr8BeKOXOVzC3eLutxYDfnZkcNy3r DMNeCFqgVtQODblIAGkMvMowI28kKAYumcDFU5CWNBbPghbnCDMm67gPjAKh82Nxw8 X2MdKjAT3Ro6tkNvTNtNxu2xgDWgduPUesZKWwZd0H8zfRcBu70XCq6cCSkEcRiU74 UsAXzzbQOIzgJ/61278kP1dhdkevSlZj/aC2X6QXThpE5Cl+oG1nuk6nOBc0ECdYRV lwgND7y06pv6uVJ87apbeU39dXctb9WDAMl4E8qhOhWFoE735V3fI1BA2iew2HU5Mt 0QOfPNTXuOcxK0fK4q5rqBhKCkisK+64X1YCyzkkXWGoe4BLZ06c0cYs40gWIuj8X1 KaCXdWqAYa8Jg5r+ZpXU61m1mnrNI5+KztNNsejv5E61IAyB1JnuBLjVNy6ucZs1Zm 3ygqNCbruEYENJaGoXYeqcHs= Date: Sun, 30 Apr 2017 12:04:53 +0200 From: Julien Lepiller To: guix-patches@gnu.org Subject: Test nginx configuration Message-ID: <20170430120453.35cf17f1@lepiller.eu> X-Mailer: Claws Mail 3.15.0-dirty (GTK+ 2.24.31; x86_64-unknown-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="MP_/QbC_C=EviRYaPVTHNPmrvt1" X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.0 (----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.0 (----) --MP_/QbC_C=EviRYaPVTHNPmrvt1 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Disposition: inline Hi, here are two patches to react to Christopher's experience. I added two simple tests that check the presence of the certificate and the key passed to nginx configuration. If the error log file cannot be created at startup, error messages about the configuration file are logged only on stderr. The second patch makes sure the log file can be created. --MP_/QbC_C=EviRYaPVTHNPmrvt1 Content-Type: text/x-patch Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename=0001-gnu-services-nginx-Test-certificate-presence.patch =46rom 53f98d79c5888f402ae8698ce61433e67f9b6015 Mon Sep 17 00:00:00 2001 From: Julien Lepiller Date: Sun, 30 Apr 2017 11:17:02 +0200 Subject: [PATCH 1/2] gnu: services: nginx: Test certificate presence. * gnu/services/web.scm (default-nginx-server-config): Test certificate presence when https is requested at configure time. --- gnu/services/web.scm | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/gnu/services/web.scm b/gnu/services/web.scm index b7b2f67f1..a13534c84 100644 --- a/gnu/services/web.scm +++ b/gnu/services/web.scm @@ -2,7 +2,7 @@ ;;; Copyright =C2=A9 2015 David Thompson ;;; Copyright =C2=A9 2015, 2016, 2017 Ludovic Court=C3=A8s ;;; Copyright =C2=A9 2016 ng0 -;;; Copyright =C2=A9 2016 Julien Lepiller +;;; Copyright =C2=A9 2016, 2017 Julien Lepiller ;;; Copyright =C2=A9 2017 Christopher Baines ;;; ;;; This file is part of GNU Guix. @@ -154,12 +154,14 @@ of index files." (nginx-server-configuration-server-name server)) ";\n" (if (nginx-server-configuration-ssl-certificate server) - (string-append " ssl_certificate " - (nginx-server-configuration-ssl-certificate server) = ";\n") + (let ((certificate (nginx-server-configuration-ssl-certificate serv= er))) + (lstat certificate) + (string-append " ssl_certificate " certificate ";\n")) "") (if (nginx-server-configuration-ssl-certificate-key server) - (string-append " ssl_certificate_key " - (nginx-server-configuration-ssl-certificate-key serv= er) ";\n") + (let ((key (nginx-server-configuration-ssl-certificate-key server))) + (lstat certificate) + (string-append " ssl_certificate_key " key ";\n")) "") " root " (nginx-server-configuration-root server) ";\n" " index " (config-index-strings (nginx-server-configuration-index = server)) ";\n" --=20 2.12.2 --MP_/QbC_C=EviRYaPVTHNPmrvt1 Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0002-gnu-services-Create-logs-directory.patch >From 85de5d18aec10900accd146746ea72902a6147dc Mon Sep 17 00:00:00 2001 From: Julien Lepiller Date: Sun, 30 Apr 2017 11:51:12 +0200 Subject: [PATCH 2/2] gnu: services: Create logs directory. * gnu/services/web.scm (nginx-activation): Create logs directory so nginx can log its startup messages before it loads its configuration. --- doc/guix.texi | 9 +++++++++ gnu/services/web.scm | 3 +++ 2 files changed, 12 insertions(+) diff --git a/doc/guix.texi b/doc/guix.texi index 0d334e302..957ce2bab 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -13316,6 +13316,15 @@ used to specify the list of @dfn{server blocks} required on the host and blocks} to configure. For this to work, use the default value for @var{config-file}. +At startup, @command{nginx} has not yet read its configuration file, so it +uses a default file to log error messages. If it fails to load its +configuration file, that is where error messages are logged. After the +configuration file is loaded, the default error log file changes as per +configuration. In our case, startup error messages can be found in +@file{/var/run/nginx/logs/error.log}, and after configuration in +@file{/var/log/nginx/error.log}. The second location can be changed with the +@var{log-directory} configuration option. + @end deffn @deffn {Scheme Variable} nginx-service-type diff --git a/gnu/services/web.scm b/gnu/services/web.scm index a13534c84..0c9d31043 100644 --- a/gnu/services/web.scm +++ b/gnu/services/web.scm @@ -235,6 +235,9 @@ of index files." (mkdir-p (string-append #$run-directory "/fastcgi_temp")) (mkdir-p (string-append #$run-directory "/uwsgi_temp")) (mkdir-p (string-append #$run-directory "/scgi_temp")) + ;; Start-up logs. Once configuration is loaded, nginx switches to + ;; log-directory. + (mkdir-p (string-append #$run-directory "/logs")) ;; Check configuration file syntax. (system* (string-append #$nginx "/sbin/nginx") "-c" #$(or config-file -- 2.12.2 --MP_/QbC_C=EviRYaPVTHNPmrvt1-- From debbugs-submit-bounces@debbugs.gnu.org Sun Apr 30 11:30:07 2017 Received: (at 26716) by debbugs.gnu.org; 30 Apr 2017 15:30:07 +0000 Received: from localhost ([127.0.0.1]:47918 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1d4qnX-0001wP-CG for submit@debbugs.gnu.org; Sun, 30 Apr 2017 11:30:07 -0400 Received: from dustycloud.org ([50.116.34.160]:53562) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1d4qnV-0001vR-O5 for 26716@debbugs.gnu.org; Sun, 30 Apr 2017 11:30:06 -0400 Received: from oolong (localhost [127.0.0.1]) by dustycloud.org (Postfix) with ESMTPS id 0BC322668B; Sun, 30 Apr 2017 11:30:00 -0400 (EDT) References: <20170430120453.35cf17f1@lepiller.eu> User-agent: mu4e 0.9.18; emacs 25.2.1 From: Christopher Allan Webber To: Julien Lepiller Subject: Re: bug#26716: Test nginx configuration In-reply-to: <20170430120453.35cf17f1@lepiller.eu> Date: Sun, 30 Apr 2017 10:29:59 -0500 Message-ID: <87o9vddibs.fsf@dustycloud.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 26716 Cc: 26716@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) Julien Lepiller writes: > Hi, here are two patches to react to Christopher's experience. I added > two simple tests that check the presence of the certificate and the key > passed to nginx configuration. > > If the error log file cannot be created at startup, error messages > about the configuration file are logged only on stderr. The second > patch makes sure the log file can be created. Cool! > From 53f98d79c5888f402ae8698ce61433e67f9b6015 Mon Sep 17 00:00:00 2001 > From: Julien Lepiller > Date: Sun, 30 Apr 2017 11:17:02 +0200 > Subject: [PATCH 1/2] gnu: services: nginx: Test certificate presence. > > * gnu/services/web.scm (default-nginx-server-config): Test certificate > presence when https is requested at configure time. > --- > gnu/services/web.scm | 12 +++++++----- > 1 file changed, 7 insertions(+), 5 deletions(-) > > diff --git a/gnu/services/web.scm b/gnu/services/web.scm > index b7b2f67f1..a13534c84 100644 > --- a/gnu/services/web.scm > +++ b/gnu/services/web.scm > @@ -2,7 +2,7 @@ > ;;; Copyright © 2015 David Thompson > ;;; Copyright © 2015, 2016, 2017 Ludovic Courtès > ;;; Copyright © 2016 ng0 > -;;; Copyright © 2016 Julien Lepiller > +;;; Copyright © 2016, 2017 Julien Lepiller > ;;; Copyright © 2017 Christopher Baines > ;;; > ;;; This file is part of GNU Guix. > @@ -154,12 +154,14 @@ of index files." > (nginx-server-configuration-server-name server)) > ";\n" > (if (nginx-server-configuration-ssl-certificate server) > - (string-append " ssl_certificate " > - (nginx-server-configuration-ssl-certificate server) ";\n") > + (let ((certificate (nginx-server-configuration-ssl-certificate server))) > + (lstat certificate) > + (string-append " ssl_certificate " certificate ";\n")) > "") So is the goal here that it will raise an exception if it doesn't exist, like so? ERROR: In procedure lstat: No such file or directory: "/tmp/no-such-file" That does seem like useful information to spit out. Maybe add a comment before the lstat explaining the call? If I didn't know that's why lstat was being used here I would have been confused. > (if (nginx-server-configuration-ssl-certificate-key server) > - (string-append " ssl_certificate_key " > - (nginx-server-configuration-ssl-certificate-key server) ";\n") > + (let ((key (nginx-server-configuration-ssl-certificate-key server))) > + (lstat certificate) > + (string-append " ssl_certificate_key " key ";\n")) > "") > " root " (nginx-server-configuration-root server) ";\n" > " index " (config-index-strings (nginx-server-configuration-index server)) ";\n" > -- > 2.12.2 > >>>From 85de5d18aec10900accd146746ea72902a6147dc Mon Sep 17 00:00:00 2001 > From: Julien Lepiller > Date: Sun, 30 Apr 2017 11:51:12 +0200 > Subject: [PATCH 2/2] gnu: services: Create logs directory. > > * gnu/services/web.scm (nginx-activation): Create logs directory so nginx can > log its startup messages before it loads its configuration. > --- > doc/guix.texi | 9 +++++++++ > gnu/services/web.scm | 3 +++ > 2 files changed, 12 insertions(+) > > diff --git a/doc/guix.texi b/doc/guix.texi > index 0d334e302..957ce2bab 100644 > --- a/doc/guix.texi > +++ b/doc/guix.texi > @@ -13316,6 +13316,15 @@ used to specify the list of @dfn{server blocks} required on the host and > blocks} to configure. For this to work, use the default value for > @var{config-file}. > > +At startup, @command{nginx} has not yet read its configuration file, so it > +uses a default file to log error messages. If it fails to load its > +configuration file, that is where error messages are logged. After the > +configuration file is loaded, the default error log file changes as per > +configuration. In our case, startup error messages can be found in > +@file{/var/run/nginx/logs/error.log}, and after configuration in > +@file{/var/log/nginx/error.log}. The second location can be changed with the > +@var{log-directory} configuration option. > + > @end deffn > > @deffn {Scheme Variable} nginx-service-type > diff --git a/gnu/services/web.scm b/gnu/services/web.scm > index a13534c84..0c9d31043 100644 > --- a/gnu/services/web.scm > +++ b/gnu/services/web.scm > @@ -235,6 +235,9 @@ of index files." > (mkdir-p (string-append #$run-directory "/fastcgi_temp")) > (mkdir-p (string-append #$run-directory "/uwsgi_temp")) > (mkdir-p (string-append #$run-directory "/scgi_temp")) > + ;; Start-up logs. Once configuration is loaded, nginx switches to > + ;; log-directory. > + (mkdir-p (string-append #$run-directory "/logs")) > ;; Check configuration file syntax. > (system* (string-append #$nginx "/sbin/nginx") > "-c" #$(or config-file Oh, that's interesting. So in my experience earlier, it was proably *trying* to log some information, and failing I guess. It would be even nicer if they wrote to the same file by default, but I guess this probably isn't easy to do without actually patching nginx itself, which isn't likely worth it... is that right? With the comment issue resolved, and assuming there's no clean way to get nginx to write to the same error file we normally use by default, it seems good to me! - Chris From debbugs-submit-bounces@debbugs.gnu.org Sun Apr 30 13:35:46 2017 Received: (at 26716) by debbugs.gnu.org; 30 Apr 2017 17:35:47 +0000 Received: from localhost ([127.0.0.1]:47987 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1d4sl8-0004qC-C4 for submit@debbugs.gnu.org; Sun, 30 Apr 2017 13:35:46 -0400 Received: from dau94-h03-89-91-205-84.dsl.sta.abo.bbox.fr ([89.91.205.84]:43218 helo=skaro.lepiller.eu) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1d4sl5-0004px-J2 for 26716@debbugs.gnu.org; Sun, 30 Apr 2017 13:35:44 -0400 Received: from localhost (localhost [127.0.0.1]) by skaro.lepiller.eu (Postfix) with ESMTP id BBA3E80B1B for <26716@debbugs.gnu.org>; Sun, 30 Apr 2017 19:35:36 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lepiller.eu; s=default; t=1493573736; bh=VxQZH6042TZqs/L5pQg1QwcP1CUblsyCJplaThRJMiU=; h=Date:From:To:Subject:In-Reply-To:References:From; b=Ll8awZ46zJNcNfBlnik+VvVAptlP2xkmLjfc+yzz7FnovZ8g3OOMJ4AwSjQ41Sowv YlYmrQB+7g0OTo608XFA+S6wtqW6lfCi75vNSuivm8dw+2+cfDeRkHsOs5Amr/k0lt LOCbND/KcnMZQ8sdi+L0DX6zPl2W30CaXVou1h4xS9tZbQu8/qHRkWH5Um69v8g9Bu RklC0Tl3k+Hwpq6e7FoFoqkoIjklkX3as9emZCOHh6yvb5li6Fdh6DO7TlLKclge9S QtTbpeZ8pxiinw8zVTeQEAmwZzRgRPr3ClvxfKSNcQPEylipD2ZPjEwAwDt6nBZRWs RhkiAXdr7oK/7Y1b81IjI8+ZZiUsaPtDbS42/PZz+mx0HVqxFsPHKlmo3ZkYC+Mt6x YfWicjb9ly1tF8kwO1ANV16AL6oLm4JuRHcD9jm8vbPElSI/V4UkgzTY3hodTxlZH9 Dmba1M28IAf/V5qRRFhIfSv86eyl5QFNdLXAwOmgUMYb6nAK9ti9di6ciEnFQrOWW1 mjo/HIIZXwiVphmYrUMcz1TCg83xQYqiZHpBubBbSjPTMbHarWsAJQ5njIvgVlvwwA 99enOLLLw/qz2M3skXXHQJ04e2zelirm5Va6dw34aWkxaFwb37JV/dwc7rJ0tTujMl mcxPYxbNIL84U79lBjINdIyc= X-Virus-Scanned: Debian amavisd-new at lepiller.eu Received: from skaro.lepiller.eu ([127.0.0.1]) by localhost (lepiller.eu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QsJTVVIMNNXt for <26716@debbugs.gnu.org>; Sun, 30 Apr 2017 19:35:29 +0200 (CEST) Received: from localhost (89-93-157-164.hfc.dyn.abo.bbox.fr [89.93.157.164]) by skaro.lepiller.eu (Postfix) with ESMTPSA id 6BD5D7FC00 for <26716@debbugs.gnu.org>; Sun, 30 Apr 2017 19:35:28 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lepiller.eu; s=default; t=1493573728; bh=VxQZH6042TZqs/L5pQg1QwcP1CUblsyCJplaThRJMiU=; h=Date:From:To:Subject:In-Reply-To:References:From; b=JdaNC0FE/NI8eXYdLCD3BHhzBExQ+HgEfWKy4g6NkvFyqGn4dIlKzkde12lrWrbq1 /wj6fz9Afh2sc95yhnNRMMu8ijM/RNLU+TDIpLt7pZysSD2eWq4aqYMfduCmZoVzXp r4b3/ZmUCQUD5oHlhQoyKVZlwSOR9p29EQzvwiX10ol45gz5dtzU2ZC40Ps9lZ8Wlp ov4CThRmV+kJYsT03S82v/+farlZolEXCaTO4Q8c4DkfrdFSosYsAEYHxgh35JMMdN 0PmfEwftVzooVF3a6PXzHW7HZJmUIRMcq6gncB7D24lJduocNk62EthJ8+onpgKtNg qd5ZLkyli3sbXVovSjgfX+UpPthQjFckeaHlJHFL2aeFXCjX5u+2WeoOtJAZnITSkx latzcvuEcbRNP0zR9IJ+6YXWHe38g2rbTWyDMj8eIVnfKQEqBfsjPGQGGtokw0xJDK SpEIVgJIIy89Gjb55Or7vXh1d/tZfeZACUtyS9PL46rdCGt5R0F1XGzocR+i35DHQZ rx0eGNEoFMGCR93GLGOqzJ1Xc5HOu6yw6nK1h5ijCC+2YLJ8My6Edgq/kSaU2OAN/o rOM1OsXH1Tfv42eAZvCyKWMdteAHlpluGlfXn1BclYDnGrKP3KlwFJdaudNY7is0o8 YM8PWWEpPGPb9IY/DHj6qTbE= Date: Sun, 30 Apr 2017 19:35:20 +0200 From: Julien Lepiller To: 26716@debbugs.gnu.org Subject: Re: bug#26716: Test nginx configuration Message-ID: <20170430193520.4a4129b3@lepiller.eu> In-Reply-To: <87o9vddibs.fsf@dustycloud.org> References: <20170430120453.35cf17f1@lepiller.eu> <87o9vddibs.fsf@dustycloud.org> X-Mailer: Claws Mail 3.15.0-dirty (GTK+ 2.24.31; x86_64-unknown-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="MP_/U35fY5uC6rDvDdmdnOwI2SW" X-Spam-Score: 0.4 (/) X-Debbugs-Envelope-To: 26716 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.4 (/) --MP_/U35fY5uC6rDvDdmdnOwI2SW Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Le Sun, 30 Apr 2017 10:29:59 -0500, Christopher Allan Webber a =C3=A9crit : > Julien Lepiller writes: >=20 > > Hi, here are two patches to react to Christopher's experience. I > > added two simple tests that check the presence of the certificate > > and the key passed to nginx configuration. > > > > If the error log file cannot be created at startup, error messages > > about the configuration file are logged only on stderr. The second > > patch makes sure the log file can be created. =20 >=20 > Cool! >=20 > > From 53f98d79c5888f402ae8698ce61433e67f9b6015 Mon Sep 17 00:00:00 > > 2001 From: Julien Lepiller > > Date: Sun, 30 Apr 2017 11:17:02 +0200 > > Subject: [PATCH 1/2] gnu: services: nginx: Test certificate > > presence. > > > > * gnu/services/web.scm (default-nginx-server-config): Test > > certificate presence when https is requested at configure time. > > --- > > gnu/services/web.scm | 12 +++++++----- > > 1 file changed, 7 insertions(+), 5 deletions(-) > > > > diff --git a/gnu/services/web.scm b/gnu/services/web.scm > > index b7b2f67f1..a13534c84 100644 > > --- a/gnu/services/web.scm > > +++ b/gnu/services/web.scm > > @@ -2,7 +2,7 @@ > > ;;; Copyright =C2=A9 2015 David Thompson > > ;;; Copyright =C2=A9 2015, 2016, 2017 Ludovic Court=C3=A8s > > ;;; Copyright =C2=A9 2016 ng0 > > -;;; Copyright =C2=A9 2016 Julien Lepiller > > +;;; Copyright =C2=A9 2016, 2017 Julien Lepiller > > ;;; Copyright =C2=A9 2017 Christopher Baines > > ;;; > > ;;; This file is part of GNU Guix. > > @@ -154,12 +154,14 @@ of index files." > > (nginx-server-configuration-server-name > > server)) ";\n" > > (if (nginx-server-configuration-ssl-certificate server) > > - (string-append " ssl_certificate " > > - (nginx-server-configuration-ssl-certificate > > server) ";\n") > > + (let ((certificate > > (nginx-server-configuration-ssl-certificate server))) > > + (lstat certificate) > > + (string-append " ssl_certificate " certificate > > ";\n")) "") =20 >=20 > So is the goal here that it will raise an exception if it doesn't > exist, like so? >=20 > ERROR: In procedure lstat: No such file or directory: > "/tmp/no-such-file" >=20 > That does seem like useful information to spit out. >=20 > Maybe add a comment before the lstat explaining the call? If I didn't > know that's why lstat was being used here I would have been confused. exactly, I added a comment. >=20 > > (if (nginx-server-configuration-ssl-certificate-key server) > > - (string-append " ssl_certificate_key " > > - > > (nginx-server-configuration-ssl-certificate-key server) ";\n") > > + (let ((key (nginx-server-configuration-ssl-certificate-key > > server))) > > + (lstat certificate) > > + (string-append " ssl_certificate_key " key ";\n")) > > "") > > " root " (nginx-server-configuration-root server) ";\n" > > " index " (config-index-strings > > (nginx-server-configuration-index server)) ";\n" -- > > 2.12.2 > > =20 > >>From 85de5d18aec10900accd146746ea72902a6147dc Mon Sep 17 00:00:00 > >>2001 =20 > > From: Julien Lepiller > > Date: Sun, 30 Apr 2017 11:51:12 +0200 > > Subject: [PATCH 2/2] gnu: services: Create logs directory. > > > > * gnu/services/web.scm (nginx-activation): Create logs directory so > > nginx can log its startup messages before it loads its > > configuration. --- > > doc/guix.texi | 9 +++++++++ > > gnu/services/web.scm | 3 +++ > > 2 files changed, 12 insertions(+) > > > > diff --git a/doc/guix.texi b/doc/guix.texi > > index 0d334e302..957ce2bab 100644 > > --- a/doc/guix.texi > > +++ b/doc/guix.texi > > @@ -13316,6 +13316,15 @@ used to specify the list of @dfn{server > > blocks} required on the host and blocks} to configure. For this to > > work, use the default value for @var{config-file}. > > > > +At startup, @command{nginx} has not yet read its configuration > > file, so it +uses a default file to log error messages. If it > > fails to load its +configuration file, that is where error messages > > are logged. After the +configuration file is loaded, the default > > error log file changes as per +configuration. In our case, startup > > error messages can be found in > > +@file{/var/run/nginx/logs/error.log}, and after configuration in > > +@file{/var/log/nginx/error.log}. The second location can be > > changed with the +@var{log-directory} configuration option. + > > @end deffn > > > > @deffn {Scheme Variable} nginx-service-type > > diff --git a/gnu/services/web.scm b/gnu/services/web.scm > > index a13534c84..0c9d31043 100644 > > --- a/gnu/services/web.scm > > +++ b/gnu/services/web.scm > > @@ -235,6 +235,9 @@ of index files." > > (mkdir-p (string-append #$run-directory "/fastcgi_temp")) > > (mkdir-p (string-append #$run-directory "/uwsgi_temp")) > > (mkdir-p (string-append #$run-directory "/scgi_temp")) > > + ;; Start-up logs. Once configuration is loaded, nginx > > switches to > > + ;; log-directory. > > + (mkdir-p (string-append #$run-directory "/logs")) > > ;; Check configuration file syntax. > > (system* (string-append #$nginx "/sbin/nginx") > > "-c" #$(or config-file =20 >=20 > Oh, that's interesting. So in my experience earlier, it was proably > *trying* to log some information, and failing I guess. >=20 > It would be even nicer if they wrote to the same file by default, but > I guess this probably isn't easy to do without actually patching nginx > itself, which isn't likely worth it... is that right? I tried using the -g option to give it some configuration options (including error_log), but it doesn't seem to change that behaviour, so I think we'll have to fix nginx to use the same configuration file. Of course it would be better to fail at reconfigure when the generated configuration is not correct. That's what I'm trying to do with the first patch, but that's only one possible mistake. >=20 > With the comment issue resolved, and assuming there's no clean way to > get nginx to write to the same error file we normally use by default, > it seems good to me! >=20 > - Chris --MP_/U35fY5uC6rDvDdmdnOwI2SW Content-Type: text/x-patch Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename=0001-gnu-services-nginx-Test-certificate-presence.patch =46rom 562bb322253161b5f3b64aa46613cef8fac77292 Mon Sep 17 00:00:00 2001 From: Julien Lepiller Date: Sun, 30 Apr 2017 11:17:02 +0200 Subject: [PATCH 1/2] gnu: services: nginx: Test certificate presence. * gnu/services/web.scm (default-nginx-server-config): Test certificate presence when https is requested at configure time. --- gnu/services/web.scm | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/gnu/services/web.scm b/gnu/services/web.scm index b7b2f67f1..47036f42f 100644 --- a/gnu/services/web.scm +++ b/gnu/services/web.scm @@ -2,7 +2,7 @@ ;;; Copyright =C2=A9 2015 David Thompson ;;; Copyright =C2=A9 2015, 2016, 2017 Ludovic Court=C3=A8s ;;; Copyright =C2=A9 2016 ng0 -;;; Copyright =C2=A9 2016 Julien Lepiller +;;; Copyright =C2=A9 2016, 2017 Julien Lepiller ;;; Copyright =C2=A9 2017 Christopher Baines ;;; ;;; This file is part of GNU Guix. @@ -154,12 +154,16 @@ of index files." (nginx-server-configuration-server-name server)) ";\n" (if (nginx-server-configuration-ssl-certificate server) - (string-append " ssl_certificate " - (nginx-server-configuration-ssl-certificate server) = ";\n") + (let ((certificate (nginx-server-configuration-ssl-certificate serv= er))) + ;; lstat fails when the certificate file does not exist: it aborts + ;; and lets the user fix their configuration. + (lstat certificate) + (string-append " ssl_certificate " certificate ";\n")) "") (if (nginx-server-configuration-ssl-certificate-key server) - (string-append " ssl_certificate_key " - (nginx-server-configuration-ssl-certificate-key serv= er) ";\n") + (let ((key (nginx-server-configuration-ssl-certificate-key server))) + (lstat certificate) + (string-append " ssl_certificate_key " key ";\n")) "") " root " (nginx-server-configuration-root server) ";\n" " index " (config-index-strings (nginx-server-configuration-index = server)) ";\n" --=20 2.12.2 --MP_/U35fY5uC6rDvDdmdnOwI2SW Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=0002-gnu-services-Create-logs-directory.patch >From a3973400ef1d89eebf42a8f839f7152aa43c5539 Mon Sep 17 00:00:00 2001 From: Julien Lepiller Date: Sun, 30 Apr 2017 11:51:12 +0200 Subject: [PATCH 2/2] gnu: services: Create logs directory. * gnu/services/web.scm (nginx-activation): Create logs directory so nginx can log its startup messages before it loads its configuration. --- doc/guix.texi | 9 +++++++++ gnu/services/web.scm | 3 +++ 2 files changed, 12 insertions(+) diff --git a/doc/guix.texi b/doc/guix.texi index 0d334e302..957ce2bab 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -13316,6 +13316,15 @@ used to specify the list of @dfn{server blocks} required on the host and blocks} to configure. For this to work, use the default value for @var{config-file}. +At startup, @command{nginx} has not yet read its configuration file, so it +uses a default file to log error messages. If it fails to load its +configuration file, that is where error messages are logged. After the +configuration file is loaded, the default error log file changes as per +configuration. In our case, startup error messages can be found in +@file{/var/run/nginx/logs/error.log}, and after configuration in +@file{/var/log/nginx/error.log}. The second location can be changed with the +@var{log-directory} configuration option. + @end deffn @deffn {Scheme Variable} nginx-service-type diff --git a/gnu/services/web.scm b/gnu/services/web.scm index 47036f42f..9f789707e 100644 --- a/gnu/services/web.scm +++ b/gnu/services/web.scm @@ -237,6 +237,9 @@ of index files." (mkdir-p (string-append #$run-directory "/fastcgi_temp")) (mkdir-p (string-append #$run-directory "/uwsgi_temp")) (mkdir-p (string-append #$run-directory "/scgi_temp")) + ;; Start-up logs. Once configuration is loaded, nginx switches to + ;; log-directory. + (mkdir-p (string-append #$run-directory "/logs")) ;; Check configuration file syntax. (system* (string-append #$nginx "/sbin/nginx") "-c" #$(or config-file -- 2.12.2 --MP_/U35fY5uC6rDvDdmdnOwI2SW-- From debbugs-submit-bounces@debbugs.gnu.org Sun Apr 30 15:56:54 2017 Received: (at 26716) by debbugs.gnu.org; 30 Apr 2017 19:56:54 +0000 Received: from localhost ([127.0.0.1]:48095 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1d4uxi-0001V5-Iy for submit@debbugs.gnu.org; Sun, 30 Apr 2017 15:56:54 -0400 Received: from dustycloud.org ([50.116.34.160]:54058) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1d4uxh-0001Uy-Gb for 26716@debbugs.gnu.org; Sun, 30 Apr 2017 15:56:53 -0400 Received: from oolong (localhost [127.0.0.1]) by dustycloud.org (Postfix) with ESMTPS id 1C762265D4; Sun, 30 Apr 2017 15:56:51 -0400 (EDT) References: <20170430120453.35cf17f1@lepiller.eu> <87o9vddibs.fsf@dustycloud.org> <20170430193520.4a4129b3@lepiller.eu> User-agent: mu4e 0.9.18; emacs 25.2.1 From: Christopher Allan Webber To: Julien Lepiller Subject: Re: bug#26716: Test nginx configuration In-reply-to: <20170430193520.4a4129b3@lepiller.eu> Date: Sun, 30 Apr 2017 14:56:38 -0500 Message-ID: <87lgqhd5zd.fsf@dustycloud.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 26716 Cc: 26716@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Julien Lepiller writes: >> So is the goal here that it will raise an exception if it doesn't >> exist, like so? >>=20 >> ERROR: In procedure lstat: No such file or directory: >> "/tmp/no-such-file" >>=20 >> That does seem like useful information to spit out. >>=20 >> Maybe add a comment before the lstat explaining the call? If I didn't >> know that's why lstat was being used here I would have been confused. > exactly, I added a comment. Great! >> Oh, that's interesting. So in my experience earlier, it was proably >> *trying* to log some information, and failing I guess. >>=20 >> It would be even nicer if they wrote to the same file by default, but >> I guess this probably isn't easy to do without actually patching nginx >> itself, which isn't likely worth it... is that right? > I tried using the -g option to give it some configuration options > (including error_log), but it doesn't seem to change that behaviour, so > I think we'll have to fix nginx to use the same configuration file. > > Of course it would be better to fail at reconfigure when the generated > configuration is not correct. That's what I'm trying to do with the > first patch, but that's only one possible mistake. Cool... yes I agree it's only one possible mistake. :) Looks good. I assume you've tried testing building with it? Assuming all builds and things also error out right now in the new and expected ways when the configuration needs updating, I say push it! --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEUQqGKOKndniPjHCcS8Alkl/49NMFAlkGQXYACgkQS8Alkl/4 9NMcLQ/+KB45uxlV06cVbdxMbGFLmmBAvs/yD4VRUVX//adrxpBUsrHmpis2rO6G 8IrBHQzxhNtv2ZxxgiHyyusQucRsYs5L+8lnzE6lyXzye9/tvZnDRq8asMhMruQz CiIjiYMUiTPyAac5vV2b3Sj8JUxhAuaJdOzMXLpznyqgayeNC4f1mPgZiFigU7aU VKWCTlndUktXw2hREQn8hcS9+Pnd0uV2w4hTxXSPlzY4ofPzSxTn94kAq6nf0wmN Wxw9s0H98JD+4DEa3+Ez8uPTSdGSRfWg3cKv8YfLX49qdcLQRN/jrAFLg4Rc2LhD 7E/sokv8rWDJ3PVGq828ZljHFKbLwiIIQzWJmaz6JvO0yTYLnzLc30sTKO06RlYP 9ewsRdZUqjmijnw3F9DjNSbRdUrkN7QiSllXW+Y4TLYWubUSt+4D0G8dGHdAA1UY +PVQURjo/RDnjL2gLJanNKhdJbDEd3q0bo2P3AkO/FjHzdgw/ql+WAseoLbTbkJ7 5LSLQ/29giBYMFx5QNzXnLaVDwT8I5BVGG1jRSn52KbxWR/OYX+vk6L7OmHmmeKB TVNwhlasP7pilTSC7UbCeKVvY/YLylD/vskwLI88W7W1W3POi78u9P7SO5Pg2qpI +H3oRWBRE09ricbfrGrJxq+bdK5xyx9xK2ntWNO5LzHFGifYnHU= =JZ87 -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Thu May 11 11:53:52 2017 Received: (at 26716-done) by debbugs.gnu.org; 11 May 2017 15:53:52 +0000 Received: from localhost ([127.0.0.1]:38950 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1d8qPY-0004M1-5L for submit@debbugs.gnu.org; Thu, 11 May 2017 11:53:52 -0400 Received: from mail.lassieur.org ([83.152.10.219]:58690) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1d8qPV-0004Ls-Es for 26716-done@debbugs.gnu.org; Thu, 11 May 2017 11:53:50 -0400 Received: from newt (46.218.109.88 [46.218.109.88]) by mail.lassieur.org (OpenSMTPD) with ESMTPSA id 0b6aa4d7 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Thu, 11 May 2017 15:53:47 +0000 (UTC) References: <20170430120453.35cf17f1@lepiller.eu> <87o9vddibs.fsf@dustycloud.org> <20170430193520.4a4129b3@lepiller.eu> <87lgqhd5zd.fsf@dustycloud.org> User-agent: mu4e 0.9.18; emacs 25.2.1 From: =?utf-8?Q?Cl=C3=A9ment?= Lassieur To: Christopher Allan Webber Subject: Re: bug#26716: Test nginx configuration In-reply-to: <87lgqhd5zd.fsf@dustycloud.org> Date: Thu, 11 May 2017 17:53:46 +0200 Message-ID: <87tw4rs839.fsf@lassieur.org> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 26716-done Cc: Julien Lepiller , 26716-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) Christopher Allan Webber writes: > Julien Lepiller writes: > >>> So is the goal here that it will raise an exception if it doesn't >>> exist, like so? >>> >>> ERROR: In procedure lstat: No such file or directory: >>> "/tmp/no-such-file" >>> >>> That does seem like useful information to spit out. >>> >>> Maybe add a comment before the lstat explaining the call? If I didn't >>> know that's why lstat was being used here I would have been confused. >> exactly, I added a comment. > > Great! > >>> Oh, that's interesting. So in my experience earlier, it was proably >>> *trying* to log some information, and failing I guess. >>> >>> It would be even nicer if they wrote to the same file by default, but >>> I guess this probably isn't easy to do without actually patching nginx >>> itself, which isn't likely worth it... is that right? >> I tried using the -g option to give it some configuration options >> (including error_log), but it doesn't seem to change that behaviour, so >> I think we'll have to fix nginx to use the same configuration file. >> >> Of course it would be better to fail at reconfigure when the generated >> configuration is not correct. That's what I'm trying to do with the >> first patch, but that's only one possible mistake. > > Cool... yes I agree it's only one possible mistake. :) > > Looks good. I assume you've tried testing building with it? Assuming > all builds and things also error out right now in the new and expected > ways when the configuration needs updating, I say push it! Closing it as it has been pushed. Thanks! From unknown Tue Sep 09 06:47:17 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Fri, 09 Jun 2017 11:24:04 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator