[prev in list] [next in list] [prev in thread] [next in thread]
List: nix-dev
Subject: Re: [Nix-dev] Why nginx config isn't placed into /etc/nginx/nginx.conf?
From: Luca Bruno <lethalman88 () gmail ! com>
Date: 2016-08-09 17:06:50
Message-ID: CAHXTfc997A+bm1xR5RqffA8jffvb-SeR3S+ESEPJcmimKA+CWw () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
So, there are few drawbacks with the read-only nginx config as it is. Of
course, you can at any time run the nginx with an /etc/nginx config that
you write imperatively, by creating a brand new systemd service and
disregarding the existing one. After all nginx is quite a simple service to
run.
Problems with the current approach:
1. Doesn't allow for nginx reload, because the file path changes hence
nginx needs to be restarted.
2. If you are auto-updating the nginx config and reloading it automatically
after e.g. Consul health checking you are in trouble.
With /etc/nginx you give up nix rollbacks, but you can do it manually with
git which is faster than a nixos-rebuild.
So if you are going to run production stuff and maximize availability, I'd
suggest to go for imperative /etc/nginx.
That applies to most of fully declarative services in nixos.
An alternative would be to still be kind of declarative by creating a
static /etc/nginx path which symlinks to the read-only config. It all
depends if nginx follows symlinks or not.
If it works, it's worth changing the nixos systemd definition of nginx for
all with this approach.
Still you will have troubles with 3rd orchestration software auto-updating
the nginx config file.
[Attachment #5 (text/html)]
<div dir="ltr"><div><div><div><div><div><div><div><div>So, there are few drawbacks \
with the read-only nginx config as it is. Of course, you can at any time run the \
nginx with an /etc/nginx config that you write imperatively, by creating a brand new \
systemd service and disregarding the existing one. After all nginx is quite a simple \
service to run.<br><br></div>Problems with the current approach:<br></div>1. \
Doesn't allow for nginx reload, because the file path changes hence nginx needs \
to be restarted.<br></div>2. If you are auto-updating the nginx config and reloading \
it automatically after e.g. Consul health checking you are in \
trouble.<br><br></div><div>With /etc/nginx you give up nix rollbacks, but you can do \
it manually with git which is faster than a nixos-rebuild.<br></div><div><br></div>So \
if you are going to run production stuff and maximize availability, I'd suggest \
to go for imperative /etc/nginx.<br><br></div>That applies to most of fully \
declarative services in nixos.<br><br></div>An alternative would be to still be kind \
of declarative by creating a static /etc/nginx path which symlinks to the read-only \
config. It all depends if nginx follows symlinks or not.<br></div>If it works, \
it's worth changing the nixos systemd definition of nginx for all with this \
approach.<br></div>Still you will have troubles with 3rd orchestration software \
auto-updating the nginx config file.<br><div><div><div><div><div \
class="gmail_extra"><br></div></div></div></div></div></div>
_______________________________________________
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic