Changed Nginx SSL setup (refs #20139).

ad07d0fa · Stéphane Diemer · 85d66cdb · ad07d0fa
Commit ad07d0fa authored 8 years ago by Stéphane Diemer
--- a/6.Nginx/0_setup.py
+++ b/6.Nginx/0_setup.py
@@ -88,17 +88,21 @@ def setup(interactive=True):
    if not os.path.exists(ssl_conf):
        utils.log('The SSL configuration file "%s" does not exist, SSL certificate not updated.' % ssl_conf)
    else:
-        ssl_cert = utils.get_conf('SSL_CERTIFICATE') or '/etc/ssl/certs/ssl-cert-snakeoil.pem'
+        default_cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
+        ssl_cert = utils.get_conf('SSL_CERTIFICATE') or default_cert
        ssl_key = utils.get_conf('SSL_CERTIFICATE_KEY') or '/etc/ssl/private/ssl-cert-snakeoil.key'
-        with open(ssl_conf, 'r') as fo:
+        if ssl_cert == default_cert:
-            content = fo.read()
+            utils.log('The configuration uses the default certificate, no modification will be made in "%s".' % ssl_conf)
-        new_content = content
-        new_content = re.sub(r'ssl_certificate\s+([\w/\-\_\.]+);', 'ssl_certificate %s;' % ssl_cert, new_content)
-        new_content = re.sub(r'ssl_certificate_key\s+([\w/\-\_\.]+);', 'ssl_certificate_key %s;' % ssl_key, new_content)
-        if new_content != content:
-            with open(ssl_conf, 'w') as fo:
-                fo.write(new_content)
-            utils.log('SSL configuration file %s updated.' % ssl_conf)
        else:
-            utils.log('SSL configuration file %s already up to date.' % ssl_conf)
+            with open(ssl_conf, 'r') as fo:
-    utils.run_commands(['service nginx restart'])
+                content = fo.read()
+            new_content = content
+            new_content = re.sub(r'ssl_certificate\s+([\w/\-\_\.]+);', 'ssl_certificate %s;' % ssl_cert, new_content)
+            new_content = re.sub(r'ssl_certificate_key\s+([\w/\-\_\.]+);', 'ssl_certificate_key %s;' % ssl_key, new_content)
+            if new_content != content:
+                with open(ssl_conf, 'w') as fo:
+                    fo.write(new_content)
+                utils.log('SSL configuration file %s updated.' % ssl_conf)
+            else:
+                utils.log('SSL configuration file %s already up to date.' % ssl_conf)
+    utils.run_commands(['nginx -t', 'service nginx restart'])