From 8371367d54e5975d1ed3bd28ef56a4e8837fb3a5 Mon Sep 17 00:00:00 2001 From: Jeremy Dormitzer Date: Tue, 8 Mar 2022 11:56:39 -0500 Subject: [PATCH] Ensure that nginx restarts after cert renewal --- prod/nginx/packer/Makefile | 2 ++ prod/nginx/packer/files/certbot-renew.timer | 2 +- prod/nginx/packer/files/nginx-restart.service | 7 +++++++ prod/nginx/packer/files/nginx-restart.timer | 10 ++++++++++ prod/nginx/packer/nginx.json | 10 ++++++++++ prod/nginx/packer/packer-manifest.json | 11 ++++++++++- prod/nginx/packer/scripts/nginx.sh | 4 ++++ 7 files changed, 44 insertions(+), 2 deletions(-) create mode 100644 prod/nginx/packer/files/nginx-restart.service create mode 100644 prod/nginx/packer/files/nginx-restart.timer diff --git a/prod/nginx/packer/Makefile b/prod/nginx/packer/Makefile index 3a23030..8a69548 100644 --- a/prod/nginx/packer/Makefile +++ b/prod/nginx/packer/Makefile @@ -5,6 +5,8 @@ packer-manifest.json: nginx.json \ tmp/do.ini \ files/certbot-renew.service \ files/certbot-renew.timer \ + files/nginx-restart.service \ + files/nginx-restart.timer \ scripts/dependencies.sh \ scripts/nginx.sh packer build nginx.json diff --git a/prod/nginx/packer/files/certbot-renew.timer b/prod/nginx/packer/files/certbot-renew.timer index cb7faaf..a74b0da 100644 --- a/prod/nginx/packer/files/certbot-renew.timer +++ b/prod/nginx/packer/files/certbot-renew.timer @@ -3,7 +3,7 @@ Description=Renew certbot certificates [Timer] OnBootSec=30s -OnCalendar=weekly +OnCalendar=Sat 20:00 Persistent=true [Install] diff --git a/prod/nginx/packer/files/nginx-restart.service b/prod/nginx/packer/files/nginx-restart.service new file mode 100644 index 0000000..e0a496b --- /dev/null +++ b/prod/nginx/packer/files/nginx-restart.service @@ -0,0 +1,7 @@ +[Unit] +Description=Restart nginx +Wants=restart-nginx.timer + +[Service] +Type=simple +ExecStart=/usr/bin/env systemctl restart nginx \ No newline at end of file diff --git a/prod/nginx/packer/files/nginx-restart.timer b/prod/nginx/packer/files/nginx-restart.timer new file mode 100644 index 0000000..1d96859 --- /dev/null +++ b/prod/nginx/packer/files/nginx-restart.timer @@ -0,0 +1,10 @@ +[Unit] +Description=Restart nginx + +[Timer] +OnBootSec=60s +OnCalendar=Sat 20:02 +Persistent=true + +[Install] +WantedBy=timers.target \ No newline at end of file diff --git a/prod/nginx/packer/nginx.json b/prod/nginx/packer/nginx.json index e4251ed..8007d4f 100644 --- a/prod/nginx/packer/nginx.json +++ b/prod/nginx/packer/nginx.json @@ -34,6 +34,16 @@ "source": "files/certbot-renew.service", "destination": "/tmp/certbot-renew.service" }, + { + "type": "file", + "source": "files/nginx-restart.timer", + "destination": "/tmp/nginx-restart.timer" + }, + { + "type": "file", + "source": "files/nginx-restart.service", + "destination": "/tmp/nginx-restart.service" + }, { "type": "file", "source": "files/sshd_config", diff --git a/prod/nginx/packer/packer-manifest.json b/prod/nginx/packer/packer-manifest.json index ed58f32..4d6112b 100644 --- a/prod/nginx/packer/packer-manifest.json +++ b/prod/nginx/packer/packer-manifest.json @@ -89,7 +89,16 @@ "artifact_id": "nyc1:93089106", "packer_run_uuid": "fbff41d7-ee1a-5bcf-6859-8655dc171dd9", "custom_data": null + }, + { + "name": "digitalocean", + "builder_type": "digitalocean", + "build_time": 1646758186, + "files": null, + "artifact_id": "nyc1:103546758", + "packer_run_uuid": "97c2bbc0-5cb7-ce64-ccb0-9c79813534a4", + "custom_data": null } ], - "last_run_uuid": "fbff41d7-ee1a-5bcf-6859-8655dc171dd9" + "last_run_uuid": "97c2bbc0-5cb7-ce64-ccb0-9c79813534a4" } \ No newline at end of file diff --git a/prod/nginx/packer/scripts/nginx.sh b/prod/nginx/packer/scripts/nginx.sh index 6e3a829..a222734 100644 --- a/prod/nginx/packer/scripts/nginx.sh +++ b/prod/nginx/packer/scripts/nginx.sh @@ -21,5 +21,9 @@ sudo mv /tmp/certbot-renew.timer /etc/systemd/system/ sudo mv /tmp/certbot-renew.service /etc/systemd/system/ sudo systemctl enable certbot-renew.timer +sudo mv /tmp/nginx-restart.timer /etc/systemd/system/ +sudo mv /tmp/nginx-restart.service /etc/systemd/system/ +sudo systemctl enable nginx-restart.timer + sudo mv /tmp/sshd_config /etc/ssh/sshd_config sudo systemctl restart sshd