Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nixos/acme: disable rate limiting to fix the test #374984

Merged
merged 1 commit into from
Jan 19, 2025
Merged

nixos/acme: disable rate limiting to fix the test #374984

merged 1 commit into from
Jan 19, 2025

Conversation

K900
Copy link
Contributor

@K900 K900 commented Jan 19, 2025
edited
Loading

Sometimes the nginx reload service fires too fast so systemd kills it.

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 25.05 Release Notes (or backporting 24.11 and 25.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@K900
nixos/acme: disable rate limiting to fix the test
17f38bc 
Sometimes the nginx reload service fires too fast so systemd kills it.
@github-actions github-actions bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` labels Jan 19, 2025
@nix-owners nix-owners bot requested a review from RaitoBezarius January 19, 2025 09:21
@vcunat
Copy link
Member

vcunat commented Jan 19, 2025

/cc #374792

@github-actions github-actions bot added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 1-10 labels Jan 19, 2025
m1cr0man
m1cr0man approved these changes Jan 19, 2025
View reviewed changes
Copy link
Contributor

@m1cr0man m1cr0man left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, approved.

@K900 K900 merged commit f995e96 into NixOS:master Jan 19, 2025
34 of 36 checks passed
amarshall
amarshall reviewed Jan 19, 2025
View reviewed changes
nixos/modules/services/web-servers/nginx/default.nix
# if a lot of certificates are renewed in quick succession. The reload itself is cheap,
# so even doing a lot of them in a short burst is fine.
# FIXME: there's probably a better way to do this.
StartLimitIntervalSec = 0;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FWIW, DefaultStartLimitIntervalSec=10, DefaultStartLimitBurst=5, so by default restarting more than once every 2 seconds would cause the rate limit to be hit.

Might make sense to also set RestartSteps and RestartMaxDelaySec so it backs-off with successive attempts, as RestartSec is only 100ms by default (or RestartSec could be increased, 100ms might just be unnecessarily fast.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not failing restarts, it's just triggering the start a lot.

dustypomerleau pushed a commit to dustypomerleau/nixpkgs that referenced this pull request Jan 20, 2025
@K900 @dustypomerleau
nixos/acme: disable rate limiting to fix the test (NixOS#374984)
840ce45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@amarshall amarshall amarshall left review comments

@m1cr0man m1cr0man m1cr0man approved these changes

@RaitoBezarius RaitoBezarius Awaiting requested review from RaitoBezarius

Assignees
No one assigned
Labels
6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@K900 @vcunat @amarshall @m1cr0man