From 54412ebfeb51de88eecde28ac69ace46b2d9e420 Mon Sep 17 00:00:00 2001
From: Julien Lepiller <julien@lepiller.eu>
Date: Mon, 17 Apr 2017 23:06:04 +0200
Subject: services: nginx: Use mime.types.

* gnu/service/web.scm (default-nginx-config): Add 'nginx' parameter
and honor it.  Adjust callers.
---
 gnu/services/web.scm | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'gnu/services/web.scm')

diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index 11408d7b0e..b7b2f67f13 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -180,7 +180,7 @@ of index files."
          (nginx-upstream-configuration-servers upstream)))
    "    }\n"))
 
-(define (default-nginx-config log-directory run-directory server-list upstream-list)
+(define (default-nginx-config nginx log-directory run-directory server-list upstream-list)
   (mixed-text-file "nginx.conf"
                "user nginx nginx;\n"
                "pid " run-directory "/pid;\n"
@@ -192,6 +192,7 @@ of index files."
                "    uwsgi_temp_path " run-directory "/uwsgi_temp;\n"
                "    scgi_temp_path " run-directory "/scgi_temp;\n"
                "    access_log " log-directory "/access.log;\n"
+               "    include " nginx "/share/nginx/conf/mime.types;\n"
                "\n"
                (string-join
                 (filter (lambda (section) (not (null? section)))
@@ -235,7 +236,7 @@ of index files."
          ;; Check configuration file syntax.
          (system* (string-append #$nginx "/sbin/nginx")
                   "-c" #$(or config-file
-                             (default-nginx-config log-directory
+                             (default-nginx-config nginx log-directory
                                run-directory server-blocks upstream-blocks))
                   "-t")))))
 
@@ -250,7 +251,7 @@ of index files."
                    (zero?
                     (system* #$nginx-binary "-c"
                              #$(or config-file
-                                   (default-nginx-config log-directory
+                                   (default-nginx-config nginx log-directory
                                      run-directory server-blocks upstream-blocks))
                              #$@args))))))
 
-- 
cgit v1.2.3


From 0f4740f4fadc83227de6ec73997ecf42ba7323e9 Mon Sep 17 00:00:00 2001
From: Julien Lepiller <julien@lepiller.eu>
Date: Sun, 30 Apr 2017 11:17:02 +0200
Subject: gnu: services: nginx: Test certificate presence.

* gnu/services/web.scm (default-nginx-server-config): Test certificate
presence when https is requested at configure time.
---
 gnu/services/web.scm | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

(limited to 'gnu/services/web.scm')

diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index b7b2f67f13..47036f42f3 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -2,7 +2,7 @@
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
 ;;; Copyright © 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
-;;; Copyright © 2016 Julien Lepiller <julien@lepiller.eu>
+;;; Copyright © 2016, 2017 Julien Lepiller <julien@lepiller.eu>
 ;;; Copyright © 2017 Christopher Baines <mail@cbaines.net>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -154,12 +154,16 @@ of index files."
                          (nginx-server-configuration-server-name server))
                         ";\n"
    (if (nginx-server-configuration-ssl-certificate server)
-       (string-append "      ssl_certificate "
-                      (nginx-server-configuration-ssl-certificate server) ";\n")
+       (let ((certificate (nginx-server-configuration-ssl-certificate server)))
+         ;; lstat fails when the certificate file does not exist: it aborts
+         ;; and lets the user fix their configuration.
+         (lstat certificate)
+         (string-append "      ssl_certificate " certificate ";\n"))
        "")
    (if (nginx-server-configuration-ssl-certificate-key server)
-       (string-append "      ssl_certificate_key "
-                      (nginx-server-configuration-ssl-certificate-key server) ";\n")
+       (let ((key (nginx-server-configuration-ssl-certificate-key server)))
+         (lstat certificate)
+         (string-append "      ssl_certificate_key " key ";\n"))
        "")
    "      root " (nginx-server-configuration-root server) ";\n"
    "      index " (config-index-strings (nginx-server-configuration-index server)) ";\n"
-- 
cgit v1.2.3


From 5a10cd4736342160d93d2e1d5797b6cc6baebd0a Mon Sep 17 00:00:00 2001
From: Julien Lepiller <julien@lepiller.eu>
Date: Sun, 30 Apr 2017 11:51:12 +0200
Subject: gnu: services: Create logs directory.

* gnu/services/web.scm (nginx-activation): Create logs directory so nginx can
log its startup messages before it loads its configuration.
---
 doc/guix.texi        | 9 +++++++++
 gnu/services/web.scm | 3 +++
 2 files changed, 12 insertions(+)

(limited to 'gnu/services/web.scm')

diff --git a/doc/guix.texi b/doc/guix.texi
index 0d334e302f..957ce2bab3 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -13316,6 +13316,15 @@ used to specify the list of @dfn{server blocks} required on the host and
 blocks} to configure.  For this to work, use the default value for
 @var{config-file}.
 
+At startup, @command{nginx} has not yet read its configuration file, so it
+uses a default file to log error messages.  If it fails to load its
+configuration file, that is where error messages are logged.  After the
+configuration file is loaded, the default error log file changes as per
+configuration.  In our case, startup error messages can be found in
+@file{/var/run/nginx/logs/error.log}, and after configuration in
+@file{/var/log/nginx/error.log}.  The second location can be changed with the
+@var{log-directory} configuration option.
+
 @end deffn
 
 @deffn {Scheme Variable} nginx-service-type
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index 47036f42f3..9f789707ef 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -237,6 +237,9 @@ of index files."
          (mkdir-p (string-append #$run-directory "/fastcgi_temp"))
          (mkdir-p (string-append #$run-directory "/uwsgi_temp"))
          (mkdir-p (string-append #$run-directory "/scgi_temp"))
+         ;; Start-up logs. Once configuration is loaded, nginx switches to
+         ;; log-directory.
+         (mkdir-p (string-append #$run-directory "/logs"))
          ;; Check configuration file syntax.
          (system* (string-append #$nginx "/sbin/nginx")
                   "-c" #$(or config-file
-- 
cgit v1.2.3


From fa936915cef6cea7b4ac9f65d0d6e408cbdb78f2 Mon Sep 17 00:00:00 2001
From: Julien Lepiller <julien@lepiller.eu>
Date: Mon, 1 May 2017 10:11:13 +0200
Subject: gnu: services: nginx: Fix key verification.

* gnu/services/web.scm (default-nginx-server-config): Fix wrong variable name.
---
 gnu/services/web.scm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'gnu/services/web.scm')

diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index 9f789707ef..f85b412159 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -162,7 +162,7 @@ of index files."
        "")
    (if (nginx-server-configuration-ssl-certificate-key server)
        (let ((key (nginx-server-configuration-ssl-certificate-key server)))
-         (lstat certificate)
+         (lstat key)
          (string-append "      ssl_certificate_key " key ";\n"))
        "")
    "      root " (nginx-server-configuration-root server) ";\n"
-- 
cgit v1.2.3