Merge pull request #257828 from mbey-mw/nginx-tmpfiles-rules

pyrox.dev / nixpkgs

fork atom

lol

fork atom

authored by

Ryan Lahfa and committed by

GitHub 2 years ago c22f1c1c 4ea79a8e

+66

3 changed files

expand all

nixos

modules

services

web-servers

nginx

default.nix

tests

all-tests.nix

nginx-tmpdir.nix

nixos/modules/services/web-servers/nginx/default.nix

··· 1340 1340 nginx.gid = config.ids.gids.nginx; 1341 1341 }; 1342 1342 1343 + # do not delete the default temp directories created upon nginx startup 1344 + systemd.tmpfiles.rules = [ 1345 + "X /tmp/systemd-private-%b-nginx.service-*/tmp/nginx_*" 1346 + ]; 1347 + 1343 1348 services.logrotate.settings.nginx = mapAttrs (_: mkDefault) { 1344 1349 files = "/var/log/nginx/*.log"; 1345 1350 frequency = "weekly";

nixos/tests/all-tests.nix

··· 555 555 nginx-sandbox = handleTestOn ["x86_64-linux"] ./nginx-sandbox.nix {}; 556 556 nginx-sso = handleTest ./nginx-sso.nix {}; 557 557 nginx-status-page = handleTest ./nginx-status-page.nix {}; 558 + nginx-tmpdir = handleTest ./nginx-tmpdir.nix {}; 558 559 nginx-variants = handleTest ./nginx-variants.nix {}; 559 560 nifi = handleTestOn ["x86_64-linux"] ./web-apps/nifi.nix {}; 560 561 nitter = handleTest ./nitter.nix {};

+60

nixos/tests/nginx-tmpdir.nix

··· 1 + let 2 + dst-dir = "/run/nginx-test-tmpdir-uploads"; 3 + in 4 + import ./make-test-python.nix { 5 + name = "nginx-tmpdir"; 6 + 7 + nodes.machine = { pkgs, ... }: { 8 + environment.etc."tmpfiles.d/nginx-uploads.conf".text = "d ${dst-dir} 0755 nginx nginx 1d"; 9 + 10 + # overwrite the tmp.conf with a short age, there will be a duplicate line info from systemd-tmpfiles in the log 11 + systemd.tmpfiles.rules = [ 12 + "q /tmp 1777 root root 1min" 13 + ]; 14 + 15 + services.nginx.enable = true; 16 + # simple upload service using the nginx client body temp path 17 + services.nginx.virtualHosts = { 18 + localhost = { 19 + locations."~ ^/upload/([0-9a-zA-Z-.]*)$" = { 20 + extraConfig = '' 21 + alias ${dst-dir}/$1; 22 + client_body_in_file_only clean; 23 + dav_methods PUT; 24 + create_full_put_path on; 25 + dav_access group:rw all:r; 26 + ''; 27 + }; 28 + }; 29 + }; 30 + }; 31 + 32 + testScript = '' 33 + machine.wait_for_unit("nginx") 34 + machine.wait_for_open_port(80) 35 + 36 + with subtest("Needed prerequisite --http-client-body-temp-path=/tmp/nginx_client_body and private temp"): 37 + machine.succeed("touch /tmp/systemd-private-*-nginx.service-*/tmp/nginx_client_body") 38 + 39 + with subtest("Working upload of test setup"): 40 + machine.succeed("curl -X PUT http://localhost/upload/test1 --fail --data-raw 'Raw data 1'") 41 + machine.succeed('test "$(cat ${dst-dir}/test1)" = "Raw data 1"') 42 + 43 + # let the tmpfiles clean service do its job 44 + machine.succeed("touch /tmp/touched") 45 + machine.wait_until_succeeds( 46 + "sleep 15 && systemctl start systemd-tmpfiles-clean.service && [ ! -f /tmp/touched ]", 47 + timeout=150 48 + ) 49 + 50 + with subtest("Working upload after cleaning"): 51 + machine.succeed("curl -X PUT http://localhost/upload/test2 --fail --data-raw 'Raw data 2'") 52 + machine.succeed('test "$(cat ${dst-dir}/test2)" = "Raw data 2"') 53 + 54 + # manually remove the nginx temp dir 55 + machine.succeed("rm -r --interactive=never /tmp/systemd-private-*-nginx.service-*/tmp/nginx_client_body") 56 + 57 + with subtest("Broken upload after manual temp dir removal"): 58 + machine.fail("curl -X PUT http://localhost/upload/test3 --fail --data-raw 'Raw data 3'") 59 + ''; 60 + }