Merge 89d50b35ef into 785c337fb3

2025-04-01 23:57:05 +00:00 · 2024-03-10 04:50:43 -07:00 · 2024-03-10 04:50:43 -07:00 · 5cf3379507
commit 5cf3379507
parent 785c337fb3 89d50b35ef
3 changed files with 55 additions and 20 deletions
--- a/management/status_checks.py
+++ b/management/status_checks.py
@ -333,6 +333,18 @@ def run_domain_checks(rounded_time, env, output, pool, domains_to_check=None):
 	# Get the list of domains we serve HTTPS for.
 	web_domains = set(get_web_domains(env))

+	output.add_heading("nginx configuration files")
+
+	# Check nginx configuration.
+	sites_enabled = shell("check_output", ["ls", "/etc/nginx/sites-enabled"])
+	output.print_ok("Checking domain configuration files: %s" % sites_enabled)
+	for domain in web_domains:
+		prefixed_domain = "miab_%s" % domain
+		if prefixed_domain in sites_enabled:
+			output.print_ok("Domain checked. (%s)" % domain)
+		else:
+			output.print_error("A domain configuration file is not enabled in nginx (%s)" % domain)
+
 	if domains_to_check is None:
 		domains_to_check = mail_domains | dns_domains | web_domains

--- a/management/web_update.py
+++ b/management/web_update.py
@ -82,7 +82,7 @@ def do_web_update(env):
 			return f.read()

 	# Build an nginx configuration file.
-	nginx_conf = read_conf("nginx-top.conf")
+	nginx_conf = [("nginx-top", read_conf("nginx-top.conf")), ]

 	# Load the templates.
 	template0 = read_conf("nginx.conf")
@ -91,7 +91,7 @@ def do_web_update(env):
 	template3 = "\trewrite ^(.*) https://$REDIRECT_DOMAIN$1 permanent;\n"

 	# Add the PRIMARY_HOST configuration first so it becomes nginx's default server.
-	nginx_conf += make_domain_config(env['PRIMARY_HOSTNAME'], [template0, template1, template2], ssl_certificates, env)
+	nginx_conf.append((env['PRIMARY_HOSTNAME'], make_domain_config(env['PRIMARY_HOSTNAME'], [template0, template1, template2], ssl_certificates, env)))

 	# Add configuration all other web domains.
 	has_root_proxy_or_redirect = get_web_domains_with_root_overrides(env)
@ -103,31 +103,44 @@ def do_web_update(env):
 		if domain in web_domains_not_redirect:
 			# This is a regular domain.
 			if domain not in has_root_proxy_or_redirect:
-				nginx_conf += make_domain_config(domain, [template0, template1], ssl_certificates, env)
+				nginx_conf.append((domain, make_domain_config(domain, [template0, template1], ssl_certificates, env)))
 			else:
-				nginx_conf += make_domain_config(domain, [template0], ssl_certificates, env)
+				nginx_conf.append((domain, make_domain_config(domain, [template0], ssl_certificates, env)))
 		else:
 			# Add default 'www.' redirect.
-			nginx_conf += make_domain_config(domain, [template0, template3], ssl_certificates, env)
+			nginx_conf.append((domain, make_domain_config(domain, [template0, template3], ssl_certificates, env)))

-	# Did the file change? If not, don't bother writing & restarting nginx.
-	nginx_conf_fn = "/etc/nginx/conf.d/local.conf"
-	if os.path.exists(nginx_conf_fn):
-		with open(nginx_conf_fn) as f:
-			if f.read() == nginx_conf:
-				return ""
+	# Load the currently enabled sites for nginx.
+	sites_enabled = shell('check_output', ["ls", "/etc/nginx/sites-enabled"])
+	warnings = []
+	
+	# Did the files change? If not, don't bother writing & restarting nginx.
+	kick = False
+	for domain, conf in nginx_conf:
+		if "miab_%s" % domain not in sites_enabled:
+			warnings.append("Missing miab_%s in /etc/nginx/sites-enabled/\nCheck your configuration!" % domain)

-	# Save the file.
-	with open(nginx_conf_fn, "w") as f:
-		f.write(nginx_conf)
+		nginx_conf_fn = "/etc/nginx/sites-available/miab_%s" % domain
+		if os.path.exists(nginx_conf_fn):
+			with open(nginx_conf_fn) as f:
+				if f.read() == conf:
+					continue

-	# Kick nginx. Since this might be called from the web admin
-	# don't do a 'restart'. That would kill the connection before
-	# the API returns its response. A 'reload' should be good
-	# enough and doesn't break any open connections.
-	shell('check_call', ["/usr/sbin/service", "nginx", "reload"])
+		# Save the file.
+		with open(nginx_conf_fn, "w+") as f:
+			f.write(conf)
+		
+		kick = True
+	if kick:
+		# Kick nginx. Since this might be called from the web admin
+		# don't do a 'restart'. That would kill the connection before
+		# the API returns its response. A 'reload' should be good
+		# enough and doesn't break any open connections.
+		shell('check_call', ["/usr/sbin/service", "nginx", "reload"])

-	return "web updated\n"
+		return "web updated\n" + "\n".join(warnings)
+	
+	return "No changes.\n%s" % "\n".join(warnings)

 def make_domain_config(domain, templates, ssl_certificates, env):
 	# GET SOME VARIABLES
--- a/tools/web_update
+++ b/tools/web_update
@ -1,2 +1,12 @@
 #!/bin/bash
+rm -f /etc/nginx/conf.d/local.conf
+curl -s -d POSTDATA --user $(</var/lib/mailinabox/api.key): http://127.0.0.1:10222/web/update
+cd /etc/nginx/sites-available
+for f in miab_*
+do
+ if ! [ -f "/etc/nginx/sites-enabled/$f" ]; then
+  echo "Processing $f"
+  ln -s "/etc/nginx/sites-available/$f" "/etc/nginx/sites-enabled/$f"
+ fi
+done
 curl -s -d POSTDATA --user $(</var/lib/mailinabox/api.key): http://127.0.0.1:10222/web/update