Use environment variables for cert paths/names in nginx certwatcher

Previously, nginx certwatcher would only react to the hardcoded paths. It should have
honored the enviroment variables that are used by config.py too for this.

closes #903
master
Dario Ernst 5 years ago
parent b8b1699f9e
commit 09024c8008

@ -5,8 +5,8 @@ happens to externally supplied certificates. Only executed by start.py in case
of TLS_FLAVOR=[mail, cert] of TLS_FLAVOR=[mail, cert]
""" """
from os.path import exists, split as path_split from os.path import exists, split as path_split, join as path_join
from os import system from os import system, getenv
import time import time
from watchdog.observers.polling import PollingObserver from watchdog.observers.polling import PollingObserver
from watchdog.events import FileSystemEventHandler, FileDeletedEvent, \ from watchdog.events import FileSystemEventHandler, FileDeletedEvent, \
@ -14,6 +14,13 @@ from watchdog.events import FileSystemEventHandler, FileDeletedEvent, \
class ChangeHandler(FileSystemEventHandler): class ChangeHandler(FileSystemEventHandler):
"watchdog-handler listening on any event, executing the correct configuration/reload steps" "watchdog-handler listening on any event, executing the correct configuration/reload steps"
def __init__(self, cert_path, keypair_path):
"Initialize a new changehandler"""
super().__init__()
self.cert_path = cert_path
self.keypair_path = keypair_path
@staticmethod @staticmethod
def reload_nginx(): def reload_nginx():
"merely reload nginx without re-configuring everything" "merely reload nginx without re-configuring everything"
@ -32,11 +39,11 @@ class ChangeHandler(FileSystemEventHandler):
if event.is_directory: if event.is_directory:
return return
filename = path_split(event.src_path)[-1] filename = event.src_path
if isinstance(event, FileMovedEvent): if isinstance(event, FileMovedEvent):
filename = path_split(event.dest_path)[-1] filename = event.dest_path
if filename in ['cert.pem', 'key.pem']: if filename in [self.cert_path, self.keypair_path]:
# all cases except for FileModified need re-configure # all cases except for FileModified need re-configure
if isinstance(event, (FileCreatedEvent, FileMovedEvent, FileDeletedEvent)): if isinstance(event, (FileCreatedEvent, FileMovedEvent, FileDeletedEvent)):
ChangeHandler.reexec_config() ChangeHandler.reexec_config()
@ -44,14 +51,21 @@ class ChangeHandler(FileSystemEventHandler):
elif isinstance(event, FileModifiedEvent): elif isinstance(event, FileModifiedEvent):
ChangeHandler.reload_nginx() ChangeHandler.reload_nginx()
# cert files have been moved away, re-configure # cert files have been moved away, re-configure
elif isinstance(event, FileMovedEvent) and path_split(event.src_path)[-1] in ['cert.pem', 'key.pem']: elif isinstance(event, FileMovedEvent) and event.src_path in [self.cert_path, self.keypair_path]:
ChangeHandler.reexec_config() ChangeHandler.reexec_config()
if __name__ == '__main__': if __name__ == '__main__':
cert_path = path_join("/certs/", getenv("TLS_CERT_FILENAME", default="cert.pem"))
cert_dir = path_split(cert_path)[0]
keypair_path = path_join("/certs/", getenv("TLS_KEYPAIR_FILENAME", default="key.pem"))
keypair_dir = path_split(keypair_path)[0]
observer = PollingObserver() observer = PollingObserver()
handler = ChangeHandler() handler = ChangeHandler(cert_path, keypair_path)
observer.schedule(handler, "/certs", recursive=False) observer.schedule(handler, cert_dir, recursive=False)
if keypair_dir != cert_dir:
observer.schedule(handler, keypair_dir, recursive=False)
observer.start() observer.start()
try: try:

Loading…
Cancel
Save