-
-
Notifications
You must be signed in to change notification settings - Fork 964
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fixing/adopting nginx/certbot installation #826
Conversation
* using split nginx configuration * switching certbot to certonly mode to prevent it from corrupting prepared configuration
This seems like a more complicated solution than is necessary. I just recently migrated to a new Ubuntu 20.04 server and similarly had issues with the instructions. A simpler way to resolve it is to simply run certbot in
|
Can you please provide more details here? This sounds like a bug in the upstream library, rather then something Mastodon should have to deal with. I'm adverse to putting specific workarounds in our documentation for upstream library bugs, particularly workarounds that are persistent as this one (once we introduce the "split" nginx configs and people integrate it into their workflow, it will be very difficult to remove later) |
certbot messing nginx configuration isn't new - at least to me - and that's an issue with certbot for sure. But as of now, people have to deal with it. Your setup in nginx is anything but common (by means of having just two server sections, one on :80 redirecting everything to :443 and another one just exposing a folder via :443). I assume that those cases work well with upstream certbot code for adjusting nginx ... if I go to certbot here, they will tell me that it is impossible to cover each and every use case whatever ... and they are right as well. So, in the end the user of Mastodon has to deal with the dead lock and I don't think that's acceptable. In my case I wasn't able to use the nginx-mode of certbot for really breaking nginx configuration files. Maybe, there is a fix and that's fine. Maybe it isn't available. Maybe there will be another scenario like this one. After setting up lots of servers using nginx and letsencrypt all I've learned is to ignore the nginx support in certbot altogether. That results in a more reliable and future-proof approach to setting up things, but it also requires to set up nginx w/o ssl support first and have it enabled after first retrieval of letsencrypt-based certificate. That's all I'm suggesting here.
This looks just short-sighted to me for it won't work for long probably unless there is a manual adjustment of letsencrypt configuration file. The mode |
This pull request has merge conflicts that must be resolved before it can be merged. |
Closed as stale and rebase required. Please resubmit if necessary. |
When installing mastodon in Ubuntu 20.04 LTS recently I've encountered some issues with existing installation manual:
This merge request is addressing these three issues on behalf of the installation manual. However, it is relying on mastodon repo providing the existing nginx configuration split up in two parts: one for the SSL server definition and one for the rest of currently existing configuration.