letsencrypt::Client method updateConfiguration (protected)
<instance of letsencrypt::Client> updateConfiguration
Defined in /usr/local/ns/tcl/letsencrypt/letsencrypt-procs.tcl
Update the NaviServer config file by reading its content and update it in memory before writing it back to disk (if changed).
- Testcases:
- No testcase defined.
Source code: :log "Checking the NaviServer config file: " set C [:readFile [ns_info config]] set origConfig $C # # Check, if nsssl module is already loaded # set nssslLoaded 0 foreach d [ns_driver info] { if {[dict get $d protocol] eq "https"} { set nssslLoaded 1 break } } if {$nssslLoaded} { :log "The nsssl driver module is apparently already loaded.<br>" } else { :log "The nsssl driver module is apparently already not loaded, try to fix this.<br>" if {[regexp {\#\s+ns_param\s+nsssl.*nsssl} $C]} { # # The nsssl driver is apparently commented out, activate it # regsub {\#(\s+ns_param\s+nsssl.*nsssl)} $C \1 C :log {...removing comment from driver module nsssl.so line in config file.<br>} } else { # # There is no nsssl driver in the config file, add it # to the end. # append C { # # In order to install nsssl globally to your # server, uncomment the following lines # ns_section "ns/modules" ns_param nssock nssock ns_section ns/server/${server}/modules ns_param nsssl nsssl.so } :log { ... add the driver module "nsssl.so" in your config file either to the global or per-server "modules" section .<br>} } } if {![regexp {ns_param\s+certificate\s+} $C]} { :log [subst {Your config file [ns_info config] does not seem to contain a nsssl definition section.<br> Adding a default section to the end. Please check, if you want to modify the section according to your needs. }] append C [subst { ns_section ns/server/\${server}/module/nsssl ns_param certificate ${:certPemFile} ns_param address 0.0.0.0 ns_param port 443 ns_param ciphers "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!RC4" ns_param protocols "!SSLv2:!SSLv3" ns_param verify 0 ns_param extraheaders { Strict-Transport-Security "max-age=31536000; includeSubDomains" X-Frame-Options SAMEORIGIN X-Content-Type-Options nosniff } }] } elseif {![regexp "ns_param\\s+certificate\\s+${:certPemFile}" $C]} { :log "... updating the certificate entry (need 'ns_param certificate ${:certPemFile}')<br>" regsub -all {ns_param\s+certificate\s+[^\n]+} $C "ns_param certificate ${:certPemFile}" C } # # Rewrite config file only, when the content has changed # if {$origConfig ne $C} { if {![file writable [ns_info config]]} { :log "<p><strong>Warning:</strong> cannot update [ns_info config]" "since it is not writable<p>" } elseif {${:API} eq "staging"} { :log "<p><strong>Warning:</strong> no automated updates on [ns_info config]" "when using the 'staging' environment<p>" } else { # # Make first a backup of old config file ... # :backup -mode copy [ns_info config] # # Rewrite config file # :writeFile [ns_info config] $C :log [ns_trim -delimiter | [subst { |Updating NaviServer config file<br> |Please check updated config file: <strong>[ns_info config]</strong> |<br>and update it (if necessary)<p> }]] } } else { # # Nothing has changed. # :log {No need to update the NaviServer configuration file.<br>} }XQL Not present: Generic, PostgreSQL, Oracle