Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

froxlor:validate-acme-webroot should be called/exposed outside upgrades as well #1231

Open
realrellek opened this issue Jan 26, 2024 · 3 comments

Comments

@realrellek
Copy link

Is your feature request related to a problem? Please describe.
Just for clarification: I am not sure if that is a feature request or a bug report. I am leaning towards feature request tho because it kind of is my fault that we are where we are. In a way. Kind of sort of. You know.

I have a really old installation of froxlor that started out as syscp. Now over New Year's, I did some server stuff with upgrades and everything. And most of these servers were fresh installs, so I can compare what the defaults in Froxlor are "these days", and I set them to my old install as well.

Then I did the migration thing. For the lack of knowing a better method, I dumped some of MySQL's tables (used a text editor to cut out system users and databases and find-replaced the IPs, froxlor's database (also find-replace IPs), and all that, and when done, I told froxlor to re-create all config files, and have it configure all active (and configured) services. So that seemed easy enough (although a migration tool would be appreciated).

With that out of the way: Now I got a mail from the acme cronjob which fails to access .known_good for some domain that needs renewing. Turns out the problem is that Froxlor moved from /var/www/froxlor to /var/www/html/froxlor. But in the .conf files for the domains, there still was the old Le_Webroot=.
(I copied over the old files from the old server because apparently, Froxlor also does not re-create them)

So I asked my friend Midnight Commander to look in the files where Le_Webroot is set or better yet, updated. And it turns out, I have no idea, lol. But I found Froxlor/Cli/ValidateAcmeWebroot.php which apparently fixes those files. However, it seems to be only called on froxlor update to v2.0.

Describe the solution you'd like
I'd like to see that froxlor does re-create acme config files when I click "Rebuild config files". Or on the configuration screen where no acme or SSL is present. But I feel "Rebuild config files" is where it should be as these folders for domains look more like say vhost config files, so it's more or less config files.

Describe alternatives you've considered
I've done this manually now but it is a bit tedious if you have like a non-trivial amount of domains.

Additional context
Add any other context or screenshots about the feature request here.

@d00p
Copy link
Member

d00p commented Jan 26, 2024

(although a migration tool would be appreciated).

In regards of changing server ip-addresses, see https://docs.froxlor.org/latest/admin-guide/cli-scripts/#switch-server-ip

(I copied over the old files from the old server because apparently, Froxlor also does not re-create them)

You mean the acme.sh files in /root/.acme.sh/? It can't if you migrate the froxlor database with you where still valid certificates are in, you've created a inconsistency

However, it seems to be only called on froxlor update to v2.0.

Because that's where we've made the directory change...anything after 2.0 should already be converted /var/www/html/froxlor. if you put/re-add older files from another server to /root/.acme.sh/ you again create a kind of inconsistency

I'd like to see that froxlor does re-create acme config files when I click "Rebuild config files".

The cli script does not re-create the acme-config files, it just corrects the Le_Webroot path

I've done this manually now but it is a bit tedious if you have like a non-trivial amount of domains.

Manually like open each config and fix the path? Or using https://docs.froxlor.org/latest/admin-guide/cli-scripts/#validate-acme-webroot ?
If the latter is the case, why bother the amount of domains? It's done automatically...

@realrellek
Copy link
Author

In regards of changing server ip-addresses, see https://docs.froxlor.org/latest/admin-guide/cli-scripts/#switch-server-ip

I... kind of didn't want to "install" froxlor with traces of the old IPs, so I did it in the DB. Which is roughly what the command does as well. (Yes I know it does it more focussed whereas I used the shotgun method)

You mean the acme.sh files in /root/.acme.sh/? It can't if you migrate the froxlor database with you where still valid certificates are in, you've created a inconsistency

Yes this folder. Because I noticed Froxlor did not create them (guess because there are valid certs in its own database?), so I was thinking maybe it is missing so I put them in there because they were there (on the old server).

The cli script does not re-create the acme-config files, it just corrects the Le_Webroot path

Fair enough.

Manually like open each config and fix the path?

Manually like a real dingus would do ;-) I didn't know about the valide-acme-webroot until now that I debugged it, I must have missed it when reading the docs (which I actually did!)

Because that's where we've made the directory change...anything after 2.0 should already be converted /var/www/html/froxlor. if you put/re-add older files from another server to /root/.acme.sh/ you again create a kind of inconsistency

But that only happens if you are using apt, no? Because I am using the tarball and it did not move (or made me move) on update, and thus also never changed Le_Webroot either. Old and new server were both on 2.1.4 because I've tried to get as close as possible to the future configuration so the pain (and labour) for actually moving is as little as possible.

What would be the right approach to such an endeavour? Like moving servers (maybe also with a newer distro on the target than on the source)? Would it not be at least handy to have a doc page for that? I can help, and I'd be willing to help writing one, but one'd have to point me to the right direction on where to start.

@d00p
Copy link
Member

d00p commented Jan 26, 2024

Yes the directory-move is only done when using apt, as you can extract the tarball to wherever you want (and it works, it's not forced to be in /var/www/html/froxlor)

And I agree, a docs-page for "Server migration" might be useful. You can contribute here: https://github.com/Froxlor/Documentation

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants