Use environment variables for cert paths/names in nginx certwatcher

Previously, nginx certwatcher would only react to the hardcoded paths. It should have honored the enviroment variables that are used by config.py too for this. closes #903
2025-01-12 02:28:20 +02:00 · 2020-03-07 17:13:44 +00:00 · 2020-03-07 17:13:44 +00:00 · 09024c8008
commit 09024c8008
parent b8b1699f9e
1 changed files with 22 additions and 8 deletions
--- a/core/nginx/certwatcher.py
+++ b/core/nginx/certwatcher.py
@ -5,8 +5,8 @@ happens to externally supplied certificates. Only executed by start.py in case
 of TLS_FLAVOR=[mail, cert]
 """

-from os.path import exists, split as path_split
-from os import system
+from os.path import exists, split as path_split, join as path_join
+from os import system, getenv
 import time
 from watchdog.observers.polling import PollingObserver
 from watchdog.events import FileSystemEventHandler, FileDeletedEvent, \
@ -14,6 +14,13 @@ from watchdog.events import FileSystemEventHandler, FileDeletedEvent, \

 class ChangeHandler(FileSystemEventHandler):
    "watchdog-handler listening on any event, executing the correct configuration/reload steps"
+
+    def __init__(self, cert_path, keypair_path):
+        "Initialize a new changehandler"""
+        super().__init__()
+        self.cert_path = cert_path
+        self.keypair_path = keypair_path
+
    @staticmethod
    def reload_nginx():
        "merely reload nginx without re-configuring everything"
@ -32,11 +39,11 @@ class ChangeHandler(FileSystemEventHandler):
        if event.is_directory:
            return

-        filename = path_split(event.src_path)[-1]
+        filename = event.src_path
        if isinstance(event, FileMovedEvent):
-            filename = path_split(event.dest_path)[-1]
+            filename = event.dest_path

-        if filename in ['cert.pem', 'key.pem']:
+        if filename in [self.cert_path, self.keypair_path]:
            # all cases except for FileModified need re-configure
            if isinstance(event, (FileCreatedEvent, FileMovedEvent, FileDeletedEvent)):
                ChangeHandler.reexec_config()
@ -44,14 +51,21 @@ class ChangeHandler(FileSystemEventHandler):
            elif isinstance(event, FileModifiedEvent):
                ChangeHandler.reload_nginx()
        # cert files have been moved away, re-configure
-        elif isinstance(event, FileMovedEvent) and path_split(event.src_path)[-1] in ['cert.pem', 'key.pem']:
+        elif isinstance(event, FileMovedEvent) and event.src_path in [self.cert_path, self.keypair_path]:
            ChangeHandler.reexec_config()


 if __name__ == '__main__':
+    cert_path = path_join("/certs/", getenv("TLS_CERT_FILENAME", default="cert.pem"))
+    cert_dir = path_split(cert_path)[0]
+    keypair_path = path_join("/certs/", getenv("TLS_KEYPAIR_FILENAME", default="key.pem"))
+    keypair_dir = path_split(keypair_path)[0]
+
    observer = PollingObserver()
-    handler = ChangeHandler()
-    observer.schedule(handler, "/certs", recursive=False)
+    handler = ChangeHandler(cert_path, keypair_path)
+    observer.schedule(handler, cert_dir, recursive=False)
+    if keypair_dir != cert_dir:
+       observer.schedule(handler, keypair_dir, recursive=False)
    observer.start()

    try: