eugene-khyst/letsencrypt-docker-compose

Non persistence of manually added setting in nginx-conf/conf.d/xxxx.conf

Closed this issue · 12 comments

tka85 commented

I've added manually in a specific config file under nginx-conf/conf.d/foo.mydonain.com.conf an entry:

       client_max_body_size 1000M;

And it worked after restarting. But it seems I have now lost the setting. The only significant action is I ran a cli.sh config to upgrade from a test certification to a production one.

Is it normal that this setting got lost?

eugene-khyst commented

I will take a look. Sounds like not expected behaviour.

tka85 commented

Yes, it happened again and lost custom entries.

Is there a practical way to maintain manual changes upon regenerating config like in the case of shifting from test to production certs?

eugene-khyst commented

@tka85, I was not able to reproduce the issue.
But anyway the .gitignore file contains the following entries:

nginx-conf/
!nginx-conf/conf.d/upstreams.conf
!nginx-conf/conf.d/includes/

You will not be able to check custom .conf files into Git.

Option 1

The easiest option is to add it to the nginx.conf.hbs:

http {
  # ...
  
  client_max_body_size 1000M; # Add your setting
  
  include /etc/nginx/conf.d/*.conf;
}

Option 2

Alternatively, you can add a .conf file to the nginx-conf/conf.d/includes and add include /etc/nginx/conf.d/includes/my-config.conf; to the nginx.conf.hbs:

http {
  # ...
  
  include /etc/nginx/conf.d/*.conf;
  include /etc/nginx/conf.d/includes/my-config.conf; # Include the config with your settings
}
tka85 commented

I'm sorry. I am seeing this a bit late.

Here is how to reproduce the problem:

  1. Have an existing domain already added i.e. have an existing conf.d/foo.example.com.conf and add a custom entry in the server{} block like client_max_body_size 500M;
  2. run cli.sh config and choose:
? What do you want to do? Add new domains
? What's your domain name (e.g. example.com)? foo.example.com
? What's your email for registration and recovery contact? bla@example.com
? Want to have 'www' subdomain (e.g. www.example.com)? No
? Want to obtain a test certificate from a staging server? Yes
? What is the RSA key size in bits? 4096
? How do you want to configure Nginx? Reverse proxy
? Does the upstream server run as a Docker container on the same host? Yes
? What is the address of the proxied server (e.g. example-backend:8080)? foo-test:1234
? Enable WebSocket proxying? No
? Want to add another domain? No
? Are the entered data correct? Yes

This will rewrite the config.json, compile the templates ./templates/nginx.conf.hbs and ./templates/servers.conf.hbs and then, it goes and regenerates every single under ./nginx-conf/.

This is when the damage is done and the custom change of client_max_body... is lost.

Is there a reason all the existing .conf files should be regenerated?

eugene-khyst commented

This will rewrite the config.json,

True

compile the templates ./templates/nginx.conf.hbs and ./templates/servers.conf.hbs

True

and then, it goes and regenerates every single under ./nginx-conf/.

In fact, only nginx-conf/nginx.conf and nginx-conf/conf.d/{domain}.conf are re-generated from the templates.
Other files are not explicitly deleted. For example, there is nginx-conf/upstreams.conf file that is taken into account and not re-generated. So other nginx-conf/*.conf files should not be deleted also. But the will be ignored by Git (.gitignore), so you can't check them into Git without modifying the .gitignore.

Anyway, this answer is valid. Especially if you need to add a single line, adding it to the templates/nginx.conf.hbs is quite elegant solution.

tka85 commented

In fact, only nginx-conf/nginx.conf and nginx-conf/conf.d/{domain}.conf are re-generated from the templates.

Weird...
There is explicitly a message on the screen Writing ./nginx-conf/conf.d/foo.mydomain.com.conf and it repeats for every single one of the configured domains.

Are you sure they are also not being generated?

eugene-khyst commented

There is explicitly a message on the screen Writing ./nginx-conf/conf.d/foo.mydomain.com.conf and it repeats for every single one of the configured domains.

Yes. Because

only nginx-conf/nginx.conf and nginx-conf/conf.d/{domain}.conf are re-generated from the templates.

If you will create nginx-conf/conf.d/some-random-filename.conf, it will not be re-generated or deleted. But it will be ignored by Git (.gitignore).

To make changes persistent, add them to templates/nginx.conf.hbs or templates/servers.conf.hbs.

tka85 commented

The proposed solutions don't work because adding to the templates affects all generated domain configs. And I only wish to have for example client_max_body only for a specific domain's config.

What if I exclude a specific domain foo.example.com from config.json? Then the next time I run cli.sh and make changes and it regenerates all the domain configs, the nginx-conf/conf.d/foo.example.com.conf config will not be touched. Correct? Are there any other implications to consider?

tka85 commented

Would you consider an option in cli.sh to Freeze domain ?

If frozen, then in config.json this domain would have property frozen: true and subsequent cli.sh runs would not regenerate this domain's config for it.

eugene-khyst commented

@tka85, interesting idea. I will think about details.

eugene-khyst commented

The proposed solutions don't work because adding to the templates affects all generated domain configs. And I only wish to have for example client_max_body only for a specific domain's config.

There is a section in REAME about adding domain-specific configuration to the template:

letsencrypt-docker-compose/README.md

Line 462 in 769dfe6

To add domain-specific configuration to a template use the [`ifEquals` Handlebars helper](cli/src/handlebars-helpers.js).

eugene-khyst commented

@tka85, I've just merged an improvement. Now, if you haven't changed some domain, conf file will not be re-generated.