lub
/
mailu
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity

Use environment variables for cert paths/names in nginx certwatcher

Browse Source 
Previously, nginx certwatcher would only react to the hardcoded paths. It should have
honored the enviroment variables that are used by config.py too for this.

closes #903
master
Dario Ernst 5 years ago
parent b8b1699f9e
commit 09024c8008
1 changed files with 22 additions and 8 deletions
Show Stats Download Patch File Download Diff File

30
core/nginx/certwatcher.py
Unescape Escape View File

@ -5,8 +5,8 @@ happens to externally supplied certificates. Only executed by start.py in case
of TLS_FLAVOR=[mail, cert] of TLS_FLAVOR=[mail, cert]
""" """
from os.path import exists, split as path_split from os.path import exists, split as path_split, join as path_join
from os import system from os import system, getenv
import time import time
from watchdog.observers.polling import PollingObserver from watchdog.observers.polling import PollingObserver
from watchdog.events import FileSystemEventHandler, FileDeletedEvent, \ from watchdog.events import FileSystemEventHandler, FileDeletedEvent, \
@ -14,6 +14,13 @@ from watchdog.events import FileSystemEventHandler, FileDeletedEvent, \
class ChangeHandler(FileSystemEventHandler): class ChangeHandler(FileSystemEventHandler):
"watchdog-handler listening on any event, executing the correct configuration/reload steps" "watchdog-handler listening on any event, executing the correct configuration/reload steps"
def __init__(self, cert_path, keypair_path):
"Initialize a new changehandler"""
super().__init__()
self.cert_path = cert_path
self.keypair_path = keypair_path
@staticmethod @staticmethod
def reload_nginx(): def reload_nginx():
"merely reload nginx without re-configuring everything" "merely reload nginx without re-configuring everything"
@ -32,11 +39,11 @@ class ChangeHandler(FileSystemEventHandler):
if event.is_directory: if event.is_directory:
return return
filename = path_split(event.src_path)[-1] filename = event.src_path
if isinstance(event, FileMovedEvent): if isinstance(event, FileMovedEvent):
filename = path_split(event.dest_path)[-1] filename = event.dest_path
if filename in ['cert.pem', 'key.pem']: if filename in [self.cert_path, self.keypair_path]:
# all cases except for FileModified need re-configure # all cases except for FileModified need re-configure
if isinstance(event, (FileCreatedEvent, FileMovedEvent, FileDeletedEvent)): if isinstance(event, (FileCreatedEvent, FileMovedEvent, FileDeletedEvent)):
ChangeHandler.reexec_config() ChangeHandler.reexec_config()
@ -44,14 +51,21 @@ class ChangeHandler(FileSystemEventHandler):
elif isinstance(event, FileModifiedEvent): elif isinstance(event, FileModifiedEvent):
ChangeHandler.reload_nginx() ChangeHandler.reload_nginx()
# cert files have been moved away, re-configure # cert files have been moved away, re-configure
elif isinstance(event, FileMovedEvent) and path_split(event.src_path)[-1] in ['cert.pem', 'key.pem']: elif isinstance(event, FileMovedEvent) and event.src_path in [self.cert_path, self.keypair_path]:
ChangeHandler.reexec_config() ChangeHandler.reexec_config()
if __name__ == '__main__': if __name__ == '__main__':
cert_path = path_join("/certs/", getenv("TLS_CERT_FILENAME", default="cert.pem"))
cert_dir = path_split(cert_path)[0]
keypair_path = path_join("/certs/", getenv("TLS_KEYPAIR_FILENAME", default="key.pem"))
keypair_dir = path_split(keypair_path)[0]
observer = PollingObserver() observer = PollingObserver()
handler = ChangeHandler() handler = ChangeHandler(cert_path, keypair_path)
observer.schedule(handler, "/certs", recursive=False) observer.schedule(handler, cert_dir, recursive=False)
if keypair_dir != cert_dir:
observer.schedule(handler, keypair_dir, recursive=False)
observer.start() observer.start()
try: try:

Write Preview
Loading…
Cancel
Save