Change the documentation to suggest certbot nginx install method #747

New Issue

Closed

opened 2024-04-19 07:56:07 +00:00 by shadowjonathan · 4 comments

shadowjonathan commented 2024-04-19 07:56:07 +00:00

Copy Link

The idea

Alter the nginx + certbot install section in https://docs.akkoma.dev/stable/installation/debian_based_en/ to use the nginx certbot plugin instead of standalone.

The reasoning

Currently, the guide prescribes an odd (and confusing) mix of standalone and webroot certbot certificate retrieval methods. The akkoma nginx config file also has a commented-out section for the webroot install method.

The way the guide suggests installing, would mean that certbot would not properly refresh the certificate, since it does not know or understand it was installed via nginx. This means the certificate will expire, and any admin who does not have experience with this would have to figure out how to manually fix their instance, while it is down.

Instead, i suggest simply adding the nginx certbot plugin, as it automatically configures the right config for certificate retrieval, and properly installs it, in the background, and will gracefully handle nginx not being started or being down (i've seen the code).

Have you searched for this feature request?

• I have double-checked and have not found this feature request mentioned anywhere.
• This feature is related to the Akkoma backend specifically, and not pleroma-fe.

### The idea Alter the nginx + certbot install section in https://docs.akkoma.dev/stable/installation/debian_based_en/ to use the [nginx certbot plugin](github.com/certbot/certbot/tree/master/certbot-nginx) instead of standalone. ### The reasoning Currently, the guide prescribes an odd (and confusing) mix of standalone and webroot certbot certificate retrieval methods. The akkoma nginx config file also has a commented-out section for the webroot install method. The way the guide suggests installing, would mean that certbot would not properly refresh the certificate, since it does not know or understand it was installed via nginx. This means the certificate will expire, and any admin who does not have experience with this would have to figure out how to manually fix their instance, while it is down. Instead, i suggest simply adding the nginx certbot plugin, as it automatically configures the right config for certificate retrieval, and properly installs it, in the background, and will gracefully handle nginx not being started or being down (i've seen the code). ### Have you searched for this feature request? - [x] I have double-checked and have not found this feature request mentioned anywhere. - [x] This feature is related to the Akkoma backend specifically, and not pleroma-fe.

shadowjonathan added the

feature request

label 2024-04-19 07:56:07 +00:00

shadowjonathan commented 2024-04-19 08:13:08 +00:00

Author

Copy Link

Should also say that the way the install guide recommends things, will inevitably break, since it recommends installing nginx right before running the standalone certbot certonly command.

Nginx is started upon install, and so it will result in a confusing error like the following:

Should also say that the way the install guide recommends things, will inevitably break, since it recommends installing nginx right before running the standalone certbot certonly command. Nginx is started upon install, and so it will result in a confusing error like the following: 

image.png

10 KiB

Oneric commented 2024-04-19 15:11:12 +00:00

Member

Copy Link

Nginx is started upon install

i believe this depends on the distro, but mentioning to stop any possibly already running instances would be good indeed

> Nginx is started upon install i believe this depends on the distro, but mentioning to stop any possibly already running instances would be good indeed

norm referenced this issue 2024-04-21 04:15:43 +00:00

Update nginx config and install docs to use certbot's nginx plugin #752

norm commented 2024-04-21 04:31:20 +00:00

Contributor

Copy Link

i believe this depends on the distro, but mentioning to stop any possibly already running instances would be good indeed

I think only Debian and Ubuntu starts services on install, other distros like Fedora and Arch do not.

In any case, I think certbot will restart/reload nginx after installing the certs and modifying the nginx config.

> i believe this depends on the distro, but mentioning to stop any possibly already running instances would be good indeed I think only Debian and Ubuntu starts services on install, other distros like Fedora and Arch do not. In any case, I think certbot will restart/reload nginx after installing the certs and modifying the nginx config.

Oneric referenced this issue 2024-04-26 00:55:59 +00:00

meta: closeable issues #758

floatingghost commented 2024-04-27 14:52:18 +00:00

Owner

Copy Link

fixed via #752

fixed via #752

floatingghost closed this issue 2024-04-27 14:52:18 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

develop

stable

translations

backoff-http

bad-uploader-config-warning

docker

user-expiry-backfill

config-db-keys

ensure-scrubbers-loaded

otp26

code-shaking-does-not-go-brr

elixir1.15

circleci

backup-fixes

mod-task

policy

mrf-coolness

frontend-switcher-9000

contentMap

language-on-posts

rabbit

credo-on-pr

unify-http

normalise-markup-by-default

buildx

v3.13.1

v3.13.0

snac-3.12.1.2

v3.12.2

snac-3.12.1.1

v3.12.1

v3.12.0

v3.11.0

v2.6.2

v2.6.1

v2.6.0

v2.5.5

v3.10.4

v3.10.3

v3.10.2

v3.10.1

v3.10.0

v2.5.4

v2.5.3

v3.9.3

v3.9.2

v3.9.1

V3.9.0

2023.05

v3.8.0

v3.7.1

v3.7.0

v3.6.0

v3.5.0

v2.4.5

v3.4.0

v3.3.1

v2.4.4

v3.3.0

v3.2.3

v3.2.2

v3.2.1

stable-202209

v3.2.0

v3.1.0

stable-2022.07

v3.0.0

v0.0.1

v2.5.2-6

v2.5.2-5

v2.5.2-4

v2.5.2-3

v2.5.2-2

v2.5.2-1

v2.5.2

v2.5.1

v2.5.0-8

v2.5.0-7

v2.5.0-6

v2.5.0-5

v2.5.0-4

v2.5.0-3

v2.5.0-2

v2.5.0-1

v2.5.0

v2.4.3

pre-rebase

v2.4.2

v2.4.1

v2.4.0

soapbox-v1.1.1

soapbox-v1.1.0

soapbox-v1.0.0

v2.3.0

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.1

v2.1.0

v2.0.7

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v1.1.9

v1.1.8

v1.1.7

v1.1.6

v1.1.5

v1.1.4

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.91

v1.0.90

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.0.0

v0.9.0

Labels

Clear labels   

approved, awaiting change

  

bug

Something is not working

  

configuration

This requires config changes

  

documentation

This is about human-readable docs

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

extremely low priority

  

feature request

Something new?

  

Fix it yourself

Support has been attempted

  

help wanted

Need some help

  

invalid

Something is wrong

  

mastodon_api

  

needs docs

  

needs tests

  

not a bug

  

planned

  

pleroma_api

  

privacy

  

question

More information is needed

  

static_fe

  

triage

  

wontfix

This won't be fixed

No Label

approved, awaiting change

bug

configuration

documentation

duplicate

enhancement

extremely low priority

feature request

Fix it yourself

help wanted

invalid

mastodon_api

needs docs

needs tests

not a bug

planned

pleroma_api

privacy

question

static_fe

triage

wontfix

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

4 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: AkkomaGang/akkoma#747

No description provided.