search

j-c-m / ubnt-letsencrypt

Let's Encrypt setup instructions for Ubiquiti EdgeRouter
472 stars 68 forks source link

Adding basic systemctl support for edgerouter 2.x #28

Closed ozphb closed 4 years ago

ozphb commented 4 years ago

Thanks for your excellent work.

Your script fails to reliably start and stop Lighttpd on version 2.x.

Because 2.x uses systemd I think the script should use systemctl [start/stop] lighttpd.service.

I have made some very (very) basic edits which seem to work and allow the script to run properly on the 2.x firmware. I have no doubt they need improvement, but this may provide a small starter...

ozphb commented 4 years ago

er.. excuse my noob changes. I am not actually suggesting you pull the changes I have made to my forked copies of your readme and your install script. I didn't realise they would also come over- I was only trying to refer to you for review my changes to your acme.renew.sh script. Sorry.

I will try and figure out how to fix my error...

j-c-m commented 4 years ago

Can you post the log from the original script? It should be restarting the service fine on 2.0 - although I agree not quite properly - but backwards compatible with 1.0

I will look at something like this to integrate systemctl but also maintain 1.0 compat.


if [ -x /bin/systemctl ]; then
  systemctl .....
else
 kill_and_wait ....
fi
ozphb commented 4 years ago

everything I said in this post was wrong

ozphb commented 4 years ago

ok, so I have run your script again, and it does work, but afterward, lighttpd is no longer running as lighttpd.service.

script runs correctly:

sudo /config/scripts/renew.acme.sh -d subdomain.mydomain.com.au
[Thu Jan  9 20:23:17 AEST 2020] Stopping GUI service.
[Thu Jan  9 20:23:18 AEST 2020] Starting temporary ACME challenge service.
[Thu Jan  9 20:23:21 AEST 2020] Domains not changed.
[Thu Jan  9 20:23:21 AEST 2020] Skip, Next renewal time is: Sat Mar  7 12:26:29 UTC 2020
[Thu Jan  9 20:23:21 AEST 2020] Add '--force' to force to renew.
[Thu Jan  9 20:23:21 AEST 2020] Stopping temporary ACME challenge service.
[Thu Jan  9 20:23:22 AEST 2020] Starting GUI service.

systemctl now reports that lighttpd.service is dead, but it didn't see it die (script ran at 20:23, earlier stops and starts were done by me):

systemctl status lighttpd.service
* lighttpd.service - Lighttpd Daemon
   Loaded: loaded (/lib/systemd/system/lighttpd.service; static; vendor preset: enabled)
   Active: inactive (dead)

Jan 09 00:00:11 sgateway lighttpd[23254]: Listening on http://127.0.0.1:8080/
Jan 09 00:00:11 sgateway lighttpd[23254]: Hit Ctrl-C to quit.
Jan 09 13:31:46 sgateway systemd[1]: Stopping Lighttpd Daemon...
Jan 09 13:31:46 sgateway systemd[1]: Stopped Lighttpd Daemon.
Jan 09 13:31:50 sgateway systemd[1]: Starting Lighttpd Daemon...
Jan 09 13:31:50 sgateway lighttpd[30220]: Syntax OK
Jan 09 13:31:50 sgateway systemd[1]: Started Lighttpd Daemon.
Jan 09 13:31:53 sgateway lighttpd[30223]: Bottle v0.12.13 server starting up (using FlupFCGIServer(bindAddress=No
Jan 09 13:31:53 sgateway lighttpd[30223]: Listening on http://127.0.0.1:8080/
Jan 09 13:31:53 sgateway lighttpd[30223]: Hit Ctrl-C to quit.

` lighttpd is now running, but not via systemd:

sudo lsof -i -P -n | grep LISTEN
ubnt-infc   521        root    9u  IPv4    5207      0t0  TCP *:10001 (LISTEN)
ubnt-infc   521        root   10u  IPv6    5209      0t0  TCP *:10001 (LISTEN)
telnetd    4998        root    3u  IPv4   30450      0t0  TCP 127.0.0.101:55523 (LISTEN)
dnsmasq    5223     dnsmasq    7u  IPv4   31066      0t0  TCP *:53 (LISTEN)
dnsmasq    5223     dnsmasq    9u  IPv6   31068      0t0  TCP *:53 (LISTEN)
dhcp6c     5272        root    6u  IPv6   31193      0t0  TCP [::1]:5546 (LISTEN)
sshd       5339        root    3u  IPv4   33471      0t0  TCP *:22 (LISTEN)
sshd       5339        root    4u  IPv6   33473      0t0  TCP *:22 (LISTEN)
lighttpd  19174    www-data    4u  IPv4 1154007      0t0  TCP 192.168.150.250:80 (LISTEN)

lighttpd  19174    www-data    5u  IPv4 1154008      0t0  TCP 192.168.150.250:443 (LISTEN)
ozphb commented 4 years ago

So, looking at it now, I believe that most of the errors were mine, due to me not realising that lighttpd was running, but not via systemd. So, when I saw lighttpd.service was dead, I thought I had a problem and ran systemctl start lighttpd.service - thereby attempting to start a second instance of lighttpd, and getting errors.

I do think though, that I was right for the wrong reasons and the script would still benefit from using systemctl to stop and start the ubnt standard instance of lighttpd, so that lighttpd is running under systemd after the renew script is run. This (lighttpd running as a systemd service) is what is expected in a normally functioning edgerouter and if that's not the case people like me may go chasing down the rabbithole trying to 'fix the problem'...

What do you think?

j-c-m commented 4 years ago

Agree, should restart the service via systemctl if available for consistency. Merged some changes.

ffe36a076baf29b6b8f3d79fb50dc782cc0b24aa ca01ce6143732f2dc5bf7c7638bd76ea457eb010