Systemd-service to reload reverse proxy (nginx) after LE cert update

thunoldolsen

This is a possible tips or a way to go for reloading nginx reverse proxy after cert update in mailcow. Maybe it can be a part of the installation documention if its good enough. Please give feedback. I did not find this guide in mailcow-community.

I searched the web for a systemd-service to monitor the cert-folder and to reload nginx if files in the folder is updated. This config is not tested since I have not yet got a certificate update from LE after I created it.

I created the following files under /etc/systemd/system: nginx-watcher.service and nginx-watcher.path
nginx-watcher.service:
`[Unit]
Description=Nginx reload when Mailcow cert changes
After=network.target

[Service]
Type=oneshot
ExecStart=/usr/bin/systemctl reload nginx.service

[Install]
WantedBy=multi-user.target`

and nginx-watcher.path:
`[Path]
Unit=nginx-watcher.service
PathModified=/opt/mailcow-dockerized/data/assets/ssl/mail.example.com

[Install]
WantedBy=multi-user.target`

I did a systemctl daemon-reload and enabled and started the services.

The expected result will be that the certificates for nginx will be updated when new certificates is deployed by mailcow-acme.

esackbauer

I do it the other way around, seemed easier for me.
My reverse proxy gets the certificates for mailcow, then with ansible I copy them to mailcow and restart the 3 services, as written here:
https://docs.mailcow.email/post_installation/firststeps-ssl/#how-to-use-your-own-certificate