Skip to content

fix(nginx): harden error handling in bash and PowerShell installers#82

Merged
Stensel8 merged 2 commits into
mainfrom
claude/trusting-cray-dSTdQ
May 26, 2026
Merged

fix(nginx): harden error handling in bash and PowerShell installers#82
Stensel8 merged 2 commits into
mainfrom
claude/trusting-cray-dSTdQ

Conversation

@Stensel8

@Stensel8 Stensel8 commented May 26, 2026

Copy link
Copy Markdown
Owner

Summary

Zeven bugs gevonden via vergelijking van nginx_installer.sh / .ps1 (Stensel8/Scripts) met de Toolbox patch-1 branch, en door code-analyse.

Fixes

nginx_installer.sh

  • ACME staging copy (Build-Nginx): || true vervangen door || Stop-Script "..." — een mislukte copy wordt nu direct zichtbaar in plaats van stil door te gaan, waarna nginx niet start omdat het .so-bestand ontbreekt
  • cd in Install-Nginx: ontbrekende foutafhandeling toegevoegd (|| Stop-Script) zodat een mislukking een leesbare foutmelding geeft in plaats van een stille set -e exit
  • nginx -t && systemctl start: vervangen door if ! nginx -t; then Stop-Script ...; fi + aparte systemctl start ... || Stop-Script — geeft een expliciete logentry bij config-fouten
  • lsof in Test-RunningWebServers: availability-check toegevoegd met ss-fallback — op minimale containers/images zonder lsof werd de port-check stil overgeslagen

nginx_installer.ps1

  • ACME staging copy (Build-Nginx): ErrorAction SilentlyContinueErrorAction Stop in een try/catch met Stop-Script
  • pacman in Update-SystemPackages: Stop-ScriptWrite-Log 'WARN' zodat het gedrag gelijk is aan de bash-variant (pacman upgrade-fouten zijn niet fataal)
  • finally-blok: Stop-Transcript toegevoegd zodat de log altijd correct afgesloten wordt, ook bij een geforceerde onderbreking

Test plan

  • Bash syntax check: bash -n nginx/nginx_installer.sh
  • Handmatig testen op een Debian/Ubuntu container (apt-pad)
  • Handmatig testen op een Fedora/RHEL container (dnf-pad)
  • Verifieer dat een opzettelijk verkeerde cargo-output de ACME-fout nu zichtbaar maakt
  • Verifieer Test-RunningWebServers op een systeem zonder lsof

https://claude.ai/code/session_01QuVvMsLEmrc5iLdMM5R3up


Generated by Claude Code

- Replace || true on ACME .so staging copy with explicit Stop-Script so
  a missing libnginx_acme.so fails loudly instead of silently
- Add error handling to cd in Install-Nginx (bash) to give a clear
  message instead of relying on set -e
- Replace nginx -t && systemctl start nginx with explicit if/Stop-Script
  so config failures produce a readable log entry
- Add lsof availability check with ss fallback in Test-RunningWebServers
  (both .sh and .ps1) — avoids silent skip on minimal containers
- Fix ACME staging copy in PS1 to use ErrorAction Stop + catch instead
  of SilentlyContinue
- Align pacman update failure in PS1 Update-SystemPackages to Write-Log
  WARN (matching bash behavior) instead of Stop-Script
- Add Stop-Transcript to finally block in PS1 to ensure log is flushed

https://claude.ai/code/session_01QuVvMsLEmrc5iLdMM5R3up
Copilot AI review requested due to automatic review settings May 26, 2026 10:36

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR hardens the Linux nginx installer scripts by making previously-silent failures explicit (especially around ACME module staging and service start), and by improving preflight port-conflict detection for minimal environments.

Changes:

  • Bash: fail fast on ACME module staging issues; add explicit error handling for cd, nginx -t, and systemctl start.
  • Bash/PowerShell: add lsof availability check with an ss-based fallback for detecting listeners on ports 80/443.
  • PowerShell: make ACME staging copy errors fatal via try/catch; make pacman upgrade failures non-fatal; ensure transcript is stopped in finally.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.

File Description
nginx/nginx_installer.sh Tightens failure handling during build/install and adds ss fallback for port detection.
nginx/nginx_installer.ps1 Aligns error handling with bash for ACME staging and port detection; improves cleanup/logging and pacman behavior.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread nginx/nginx_installer.sh Outdated
Comment thread nginx/nginx_installer.sh Outdated
Comment thread nginx/nginx_installer.sh
Comment thread nginx/nginx_installer.ps1 Outdated
Comment thread nginx/nginx_installer.ps1 Outdated
@Stensel8 Stensel8 enabled auto-merge May 26, 2026 10:41
@Stensel8 Stensel8 self-assigned this May 26, 2026
…olute nginx path, portable awk

- Split ACME staging into an explicit existence check ([[ -f ]]/Test-Path)
  with a "not built" message, followed by a cp error that preserves the
  actual failure reason ($_.Exception.Message in PS1; generic disk/perms
  hint in bash) instead of always saying "not found"
- Replace bare `nginx` calls with `/usr/sbin/nginx` throughout
  (Install-Nginx and Test-NginxInstallation in both scripts) so PATH
  stripping in non-interactive/root contexts cannot mask a missing binary
- Rewrite ss PID extraction to use POSIX 2-arg match() + RSTART/RLENGTH
  instead of gawk-only 3-arg match(), making it compatible with mawk and
  busybox awk
- Add pre-loop availability check for lsof/ss; emit a WARN and skip the
  port conflict check rather than silently producing an empty result when
  neither tool is present

https://claude.ai/code/session_01QuVvMsLEmrc5iLdMM5R3up
@Stensel8 Stensel8 disabled auto-merge May 26, 2026 10:50
@Stensel8 Stensel8 merged commit 35b6c13 into main May 26, 2026
@Stensel8 Stensel8 deleted the claude/trusting-cray-dSTdQ branch May 26, 2026 10:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants