Merge #3465

3465: Maybe fix #3402 r=mergify[bot] a=nextgens

## What type of PR?

bug-fix

## What does this PR do?

Fix a potential problem with SO_REUSEADDR that may prevent admin from starting up

### Related issue(s)
- close #3402 

## Prerequisites
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>

core/nginx/conf/nginx.conf

@@ -66,6 +66,9 @@ http {
       listen [::]:80{% if PROXY_PROTOCOL_80 %} proxy_protocol{% endif %};
 {% endif %}
       {% if TLS_FLAVOR in ['letsencrypt', 'mail-letsencrypt'] %}
+      location ^~ /.well-known/acme-challenge/testing {
+          return 204;
+      }
       location ^~ /.well-known/acme-challenge/ {
           proxy_pass http://127.0.0.1:8008;
       }
@@ -159,6 +162,9 @@ http {
       }
 
       {% if TLS_FLAVOR in ['letsencrypt', 'mail-letsencrypt'] %}
+      location ^~ /.well-known/acme-challenge/testing {
+          return 204;
+      }
       location ^~ /.well-known/acme-challenge/ {
           proxy_pass http://127.0.0.1:8008;
       }

core/nginx/letsencrypt.py

@@ -6,8 +6,6 @@ import requests
 import sys
 import subprocess
 import time
-from threading import Thread
-from http.server import HTTPServer, SimpleHTTPRequestHandler
 
 log.basicConfig(stream=sys.stderr, level="WARNING")
 hostnames = ','.join(set(host.strip() for host in os.environ['HOSTNAMES'].split(',')))
@@ -45,33 +43,21 @@ command2 = [
 # Wait for nginx to start
 time.sleep(5)
 
-class MyRequestHandler(SimpleHTTPRequestHandler):
-    def do_GET(self):
-        if self.path == '/.well-known/acme-challenge/testing':
-            self.send_response(204)
-        else:
-            self.send_response(404)
-        self.send_header('Content-Type', 'text/plain')
-        self.end_headers()
-
-def serve_one_request():
-    with HTTPServer(("127.0.0.1", 8008), MyRequestHandler) as server:
-        server.handle_request()
-
 # Run certbot every day
 while True:
     while True:
         hostname = os.environ['HOSTNAMES'].split(',')[0]
         target = f'http://{hostname}/.well-known/acme-challenge/testing'
-        thread = Thread(target=serve_one_request)
+        try:
-        thread.start()
+            r = requests.get(target)
-        r = requests.get(target)
+            if r.status_code != 204:
-        if r.status_code != 204:
+                log.critical(f"Can't reach {target}!, please ensure it's fixed or change the TLS_FLAVOR.")
-            log.critical(f"Can't reach {target}!, please ensure it's fixed or change the TLS_FLAVOR.")
+                time.sleep(5)
-            time.sleep(5)
+            else:
-        else:
+                break
-            break
+        except Exception as e:
-        thread.join()
+            log.error(f"Exception while fetching {target}!", exc_info = e)
+            time.sleep(15)
 
     subprocess.call(command)
     subprocess.call(command2)

towncrier/newsfragments/3402.bugfix

@@ -0,0 +1 @@
+Fix a potential problem with SO_REUSEADDR that may prevent admin from starting up