Skip to content

Commit

Permalink
Merge pull request #2118 from myrevery/fix/nginx-reload-after-update-ssl
Browse files Browse the repository at this point in the history 
Improve Nginx reload after update SSL
  • Loading branch information
@ScIT-Raphael
ScIT-Raphael committed Sep 9, 2021
2 parents b962e03 + 0d10a55 commit 0e0f312
Show file tree
Hide file tree
Showing 11 changed files with 61 additions and 43 deletions.
4 changes: 2 additions & 2 deletions bin/v-add-letsencrypt-domain
View file
Expand Up @@ -505,12 +505,12 @@ if [ -z "$mail" ]; then
ssl_enabled="$(get_object_value 'web' 'DOMAIN' "$domain" '$SSL')"
ssl_force="$(get_object_value 'web' 'DOMAIN' "$domain" '$SSL_FORCE')"
[[ "$ssl_enabled" = "yes" ]] && $BIN/v-delete-web-domain-ssl $user $domain > /dev/null 2>&1
$BIN/v-add-web-domain-ssl $user $domain $ssl_dir $ssl_home
$BIN/v-add-web-domain-ssl $user $domain $ssl_dir $ssl_home updatessl
[[ "$ssl_force" = "yes" ]] && $BIN/v-add-web-domain-ssl-force $user $domain > /dev/null 2>&1
else
ssl_enabled="$(get_object_value 'mail' 'DOMAIN' "$root_domain" '$SSL')"
[[ "$ssl_enabled" = "yes" ]] && $BIN/v-delete-mail-domain-ssl $user $root_domain > /dev/null 2>&1
$BIN/v-add-mail-domain-ssl $user $root_domain $ssl_dir
$BIN/v-add-mail-domain-ssl $user $root_domain $ssl_dir updatessl
fi

if [ "$?" -ne '0' ]; then
Expand Down
2 changes: 1 addition & 1 deletion bin/v-add-mail-domain-ssl
View file
Expand Up @@ -16,7 +16,7 @@
user=$1
domain=$2
ssl_dir=$3
restart="$3"
restart="$4"

# Additional argument formatting
if [[ "$domain" =~ [[:upper:]] ]]; then
Expand Down
8 changes: 4 additions & 4 deletions bin/v-restart-cron
View file
Expand Up @@ -36,6 +36,10 @@ send_email_report() {
#----------------------------------------------------------#

# Exit
if [ -z "$CRON_SYSTEM" ] || [ "$CRON_SYSTEM" = 'remote' ]; then
exit
fi

if [ "$1" = "no" ]; then
exit
fi
Expand All @@ -47,10 +51,6 @@ if [ "$1" = 'scheduled' ] || [ -z "$1" -a "$SCHEDULED_RESTART" = 'yes' ]; then
exit
fi

if [ -z "$CRON_SYSTEM" ] || [ "$CRON_SYSTEM" = 'remote' ]; then
exit
fi

# Restart system
$BIN/v-restart-service $CRON_SYSTEM >/dev/null 2>&1
if [ $? -ne 0 ]; then
Expand Down
8 changes: 4 additions & 4 deletions bin/v-restart-dns
View file
Expand Up @@ -41,6 +41,10 @@ send_email_report() {
#----------------------------------------------------------#

# Exit
if [ -z "$DNS_SYSTEM" ] || [ "$DNS_SYSTEM" = 'remote' ] ; then
exit
fi

if [ "$1" = "no" ]; then
exit
fi
Expand All @@ -52,10 +56,6 @@ if [ "$1" = 'scheduled' ] || [ -z "$1" -a "$SCHEDULED_RESTART" = 'yes' ]; then
exit
fi

if [ -z "$DNS_SYSTEM" ] || [ "$DNS_SYSTEM" = 'remote' ] ; then
exit
fi

# Restart system
$BIN/v-restart-service $DNS_SYSTEM > /dev/null 2>&1
if [ $? -ne 0 ]; then
Expand Down
8 changes: 4 additions & 4 deletions bin/v-restart-ftp
View file
Expand Up @@ -36,6 +36,10 @@ send_email_report() {
#----------------------------------------------------------#

# Exit
if [ -z "$FTP_SYSTEM" ] || [ "$FTP_SYSTEM" = 'remote' ]; then
exit
fi

if [ "$1" = "no" ]; then
exit
fi
Expand All @@ -47,10 +51,6 @@ if [ "$1" = 'scheduled' ] || [ -z "$1" -a "$SCHEDULED_RESTART" = 'yes' ]; then
exit
fi

if [ -z "$FTP_SYSTEM" ] || [ "$FTP_SYSTEM" = 'remote' ]; then
exit
fi

# Restart system
$BIN/v-restart-service $FTP_SYSTEM > /dev/null 2>&1
if [ $? -ne 0 ]; then
Expand Down
8 changes: 4 additions & 4 deletions bin/v-restart-mail
View file
Expand Up @@ -35,6 +35,10 @@ send_email_report() {
#----------------------------------------------------------#

# Exit
if [ -z "$MAIL_SYSTEM" ] || [ "$MAIL_SYSTEM" = 'remote' ]; then
exit
fi

if [ "$1" = "no" ]; then
exit
fi
Expand All @@ -46,10 +50,6 @@ if [ "$1" = 'scheduled' ] || [ -z "$1" -a "$SCHEDULED_RESTART" = 'yes' ]; then
exit
fi

if [ -z "$MAIL_SYSTEM" ] || [ "$MAIL_SYSTEM" = 'remote' ]; then
exit
fi

tmpfile=$(mktemp)
# Restart IMAP system if present
if [ ! -z "$IMAP_SYSTEM" ]; then
Expand Down
18 changes: 14 additions & 4 deletions bin/v-restart-proxy
View file
Expand Up @@ -36,6 +36,10 @@ send_email_report() {
#----------------------------------------------------------#

# Exit
if [ -z "$PROXY_SYSTEM" ] || [ "$PROXY_SYSTEM" = 'remote' ]; then
exit
fi

if [ "$1" = "no" ]; then
exit
fi
Expand All @@ -47,7 +51,9 @@ if [ "$1" = 'scheduled' ] || [ -z "$1" -a "$SCHEDULED_RESTART" = 'yes' ]; then
exit
fi

if [ -z "$PROXY_SYSTEM" ] || [ "$PROXY_SYSTEM" = 'remote' ]; then
if [ "$1" = "updatessl" ]; then
sed -i "/\/$SCRIPT ssl/d" $HESTIA/data/queue/restart.pipe
echo "$BIN/$SCRIPT ssl" >> $HESTIA/data/queue/restart.pipe
exit
fi

Expand All @@ -72,18 +78,22 @@ if [ -f "$HESTIA/web/inc/nginx_proxy" ]; then
# Default behaviour

# Preform an check if Nginx is valid as reload doesn't throw an error / exit
service $PROXY_SYSTEM configtest >> /dev/null 2>&1
service $PROXY_SYSTEM configtest > /dev/null 2>&1
if [ $? -ne 0 ]; then
send_email_report
check_result $E_RESTART "$PROXY_SYSTEM restart failed"
fi

# Restart system
$BIN/v-restart-service $PROXY_SYSTEM > /dev/null 2>&1
if [ "$1" = "ssl" ]; then
restart="ssl"
fi
$BIN/v-restart-service $PROXY_SYSTEM $restart > /dev/null 2>&1

# Update restart queue
if [ -e "$HESTIA/data/queue/restart.pipe" ]; then
sed -i "/\/$SCRIPT now/d" $HESTIA/data/queue/restart.pipe
sed -i "/\/$SCRIPT ssl/d" $HESTIA/data/queue/restart.pipe
fi
fi

Expand Down
2 changes: 2 additions & 0 deletions bin/v-restart-service
View file
Expand Up @@ -52,6 +52,8 @@ for service in $service_list; do
# Run the restart rules for iptables firewall
$BIN/v-stop-firewall
$BIN/v-update-firewall
elif [ "$restart" = "ssl" ] && [ "$service" = "nginx" ]; then
service $service upgrade > /dev/null 2>&1
elif [ -z "$restart" -o "$restart" = "no" ] && [ \
"$service" = "nginx" -o \
"$service" = "apache2" -o \
Expand Down
25 changes: 18 additions & 7 deletions bin/v-restart-web
View file
Expand Up @@ -40,6 +40,10 @@ send_email_report() {
#----------------------------------------------------------#

# Exit
if [ -z "$WEB_SYSTEM" ] || [ "$WEB_SYSTEM" = 'remote' ]; then
exit
fi

if [ "$1" = "no" ]; then
exit
fi
Expand All @@ -51,33 +55,40 @@ if [ "$1" = 'scheduled' ] || [ -z "$1" -a "$SCHEDULED_RESTART" = 'yes' ]; then
exit
fi

if [ -z "$WEB_SYSTEM" ] || [ "$WEB_SYSTEM" = 'remote' ]; then
if [ "$1" = "updatessl" ]; then
sed -i "/\/$SCRIPT ssl/d" $HESTIA/data/queue/restart.pipe
echo "$BIN/$SCRIPT ssl" >> $HESTIA/data/queue/restart.pipe
exit
fi
if [ $WEB_SYSTEM = 'nginx' ]; then
service $WEB_SYSTEM configtest >> /dev/null 2>&1

if [ $WEB_SYSTEM = 'nginx' ]; then
if [ "$1" = "ssl" ]; then
restart="ssl"
fi
service $WEB_SYSTEM configtest > /dev/null 2>&1
if [ $? -ne 0 ]; then
send_email_report
check_result $E_RESTART "$WEB_SYSTEM restart failed"
fi
elif [ $WEB_SYSTEM = 'apache2' ]; then
apache2ctl configtest >> /dev/null 2>&1
elif [ $WEB_SYSTEM = 'apache2' ]; then
apache2ctl configtest > /dev/null 2>&1
if [ $? -ne 0 ]; then
send_email_report
check_result $E_RESTART "$WEB_SYSTEM restart failed"
fi
fi

$BIN/v-restart-service $WEB_SYSTEM > /dev/null 2>&1
$BIN/v-restart-service $WEB_SYSTEM $restart > /dev/null 2>&1

if [ $? -ne 0 ]; then
send_email_report
check_result $E_RESTART "$WEB_SYSTEM restart failed"
fi
fi

# Update restart queue
if [ -e "$HESTIA/data/queue/restart.pipe" ]; then
sed -i "/\/$SCRIPT now/d" $HESTIA/data/queue/restart.pipe
sed -i "/\/$SCRIPT ssl/d" $HESTIA/data/queue/restart.pipe
fi

#----------------------------------------------------------#
Expand Down
8 changes: 4 additions & 4 deletions bin/v-restart-web-backend
View file
Expand Up @@ -33,6 +33,10 @@ send_email_report() {
#----------------------------------------------------------#

# Exit
if [ -z "$WEB_BACKEND" ] || [ "$WEB_BACKEND" = 'remote' ]; then
exit
fi

if [ "$1" = "no" ]; then
exit
fi
Expand All @@ -44,10 +48,6 @@ if [ "$1" = 'scheduled' ] || [ -z "$1" -a "$SCHEDULED_RESTART" = 'yes' ]; then
exit
fi

if [ -z "$WEB_BACKEND" ] || [ "$WEB_BACKEND" = 'remote' ]; then
exit
fi

tmpfile=$(mktemp)
for php_folder in /etc/php/*; do
[ ! -d "${php_folder}/fpm/pool.d/" ] && continue
Expand Down
13 changes: 4 additions & 9 deletions bin/v-update-host-certificate
View file
Expand Up @@ -84,15 +84,10 @@ if [ -z "$UPDATE_HOSTNAME_SSL" ]; then
fi

# Restart services
$BIN/v-restart-web
$BIN/v-restart-proxy
if [ ! -z "$MAIL_SYSTEM" ]; then
# Restart exim (and dovecot if applicable)
$BIN/v-restart-mail
fi
if [ "$FTP_SYSTEM" = "vsftpd" ]; then
$BIN/v-restart-ftp
fi
$BIN/v-restart-web updatessl
$BIN/v-restart-proxy updatessl
$BIN/v-restart-mail
$BIN/v-restart-ftp
$BIN/v-restart-service hestia

#----------------------------------------------------------#
Expand Down

0 comments on commit 0e0f312

Please sign in to comment.