[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#63877] [PATCH] gnu: services: web: Set SSL_CERT_DIR in php-fpm envi
|
From: |
Bruno Victal |
|
Subject: |
[bug#63877] [PATCH] gnu: services: web: Set SSL_CERT_DIR in php-fpm environment. |
|
Date: |
Sat, 3 Jun 2023 23:18:51 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.2 |
Hi Timo,
On 2023-06-03 19:25, Timo Wilken wrote:
> Some PHP programs, like Nextcloud, make HTTPS requests to other servers. For
> this, they need to know where the system CA certificates are.
>
> * gnu/services/web.scm (php-fpm-shepherd-service): Set SSL_CERT_DIR
> environment variable.
> ---
>
> This solution adds a dependency from the resulting Shepherd service to the
> nss-certs package, which weighs 0.3 MiB. An alternative solution might be to
> set SSL_CERT_DIR=/etc/ssl/certs instead and rely on nss-certs being installed
> system-wide.
How about exposing this as a new environment-variable record field à
la mpd-configuration (gnu services audio)?
Forcing the service to use a specific package seems overly rigid since
it would make it impossible to specify alternate/custom certificates or
nss-certs package variants.
--
Furthermore, I consider that nonfree software must be eradicated.
Cheers,
Bruno.