Skip to content

fix(ssl): deploy nginx-proxy certs atomically with checked copies#491

Open
mrrobot47 wants to merge 1 commit into
EasyEngine:developfrom
mrrobot47:fix/atomic-cert-deploy
Open

fix(ssl): deploy nginx-proxy certs atomically with checked copies#491
mrrobot47 wants to merge 1 commit into
EasyEngine:developfrom
mrrobot47:fix/atomic-cert-deploy

Conversation

@mrrobot47

Copy link
Copy Markdown
Member

Problem

moveCertsToNginxProxy() deployed the freshly-issued cert with three sequential bare copy() calls (key, crt, chain) into services/nginx-proxy/certs/, ignoring every return value and with no temp-file + rename. A failure between copies (disk full, permissions, crash) left nginx-proxy pointing at a mismatched key/cert pair. This runs on both first issuance and renewal (the unattended cron path).

Fix

Copy each source to a temp file in the destination directory (checking copy()), then rename() each into place (checking rename()). rename() is atomic on the same filesystem, so a failed copy can no longer leave a half-written live key/cert. On any failure the temp files are cleaned up and an exception is thrown, rather than silently leaving a partial deploy.

Notes

  • The three renames are each atomic per-file but not collectively atomic; the code does not roll back an already-renamed file (a same-filesystem rename failing after a prior success is near-impossible). The comment states this precisely.
  • The method stays void and throws on failure: executeRenewal() already wraps the call in try/catch (surfaces as a renewal warning); on first issuance the exception propagates as a loud failure — preferable to the previous silent broken-cert outcome.

Testing

Manual (needs the EE + Docker harness): issue/renew a cert and confirm .key/.crt/.chain.pem deploy together with no .tmp leftovers; make the certs dir unwritable to force a failure and confirm it errors without leaving a mismatched pair.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants