fix: remote access lifecycle during boot & shutdown

[pujitm]

Summary by CodeRabbit

• New Features

  • Introduced a comprehensive Nginx control script for Unraid OS, enabling advanced server management, SSL certificate handling, and dynamic configuration based on system state. fix: remote access via connect config in rc.nginx webgui#2269
  • Added a utility function to safely execute code with error handling support.

• Improvements

  • Enhanced logging across remote access, WAN access, and settings services for improved traceability.
  • Added initialization and cleanup hooks to remote access and UPnP services for better lifecycle management.
  • Optimized configuration persistence by batching rapid changes for more efficient updates.
  • Refined URL resolution logic for improved configuration retrieval and error handling.
  • Broadened pattern matching for domain keys in Nginx state parsing.
  • Updated remote access settings to reload the network stack after changes.
  • Simplified remote access and WAN port configuration logic for clarity and accuracy.
  • Improved port mapping logic with explicit error handling in UPnP service.
  • Updated UI and form controls for remote access settings to reflect SSL requirements and access type restrictions.

• Configuration

  • Updated the default path for module configuration files.

---

• To see the specific tasks where the Asana app for GitHub is being used, see below:
  • https://app.asana.com/0/0/1210591997507894
  • https://app.asana.com/0/0/1210591997507888

[coderabbitai]

Walkthrough

This update introduces a new Nginx control script for Unraid OS, enhances logging and lifecycle management in several remote access and configuration services, and adjusts configuration persistence logic to use buffered event handling. Minor default path changes and log improvements are also included across various modules.

Changes

File(s)	Change Summary
api/src/environment.ts	Changed default fallback for PATHS_CONFIG_MODULES environment variable to a new directory.
packages/unraid-api-plugin-connect/src/service/dynamic-remote-access.service.ts	Implements OnApplicationBootstrap, adds initialization logic, stricter config typing, and verbose logging.
packages/unraid-api-plugin-connect/src/service/upnp.service.ts	Adds onModuleDestroy lifecycle hook to clean up UPnP mappings on module destruction; refactors port mapping logic.
packages/unraid-api-plugin-connect/src/event-handler/wan-access.handler.ts	Adds a logger and logs when WAN access is enabled or disabled; removes OnModuleDestroy implementation.
packages/unraid-api-plugin-connect/src/service/static-remote-access.service.ts	Updates log statement at start of beginRemoteAccess for clarity and removes redundant dynamic access type check.
packages/unraid-api-plugin-connect/src/service/upnp-remote-access.service.ts	Adds verbose log at start of begin() method; updates port retrieval logic and config saving after lease creation.
packages/unraid-api-plugin-connect/src/service/config.persistence.ts	Switches from debounceTime to bufferTime for config changes, updates constructor typing, error logging.
packages/unraid-api-plugin-connect/src/service/url-resolver.service.ts	Stricter config typing, refactors port retrieval and FQDN URL processing, adds consolidated error handling.
api/src/unraid-api/graph/resolvers/settings/settings.resolver.ts	Updates verbose logging after settings update, removes previous restart log.
api/src/store/state-parsers/nginx.ts	Broadens regex for nginx FQDN keys.
plugin/source/dynamix.unraid.net/etc/rc.d/rc.nginx	Adds comprehensive Nginx control script for Unraid OS with SSL, config generation, and process management.
packages/unraid-api-plugin-connect/src/service/connect-settings.service.ts	Injects NetworkService, updates WAN port setting logic, reloads network stack after remote access update, refines UI schema and control states.
packages/unraid-api-plugin-connect/src/test/url-resolver.service.test.ts	Updates test mock typing for stricter config service generic parameter.
packages/unraid-shared/src/util/processing.ts	Adds makeSafeRunner utility function for safe execution of functions with error handling.

Sequence Diagram(s)

sequenceDiagram
    participant Module as Module
    participant DynamicService as DynamicRemoteAccessService
    participant Config as ConfigService
    participant Logger as Logger

    Module->>DynamicService: onApplicationBootstrap()
    DynamicService->>Config: get('connect.wanAccessEnabled')
    Config-->>DynamicService: return wanAccessEnabled
    alt WAN Access Enabled
        DynamicService->>Config: get('connect.dynamicRemoteAccess.type')
        Config-->>DynamicService: return type
        DynamicService->>DynamicService: setType(type)
        DynamicService->>Logger: log("Set dynamic remote access type")
    end

Loading

sequenceDiagram
    participant UpnpService as UpnpService
    participant Module as Module

    Module->>UpnpService: onModuleDestroy()
    UpnpService->>UpnpService: disableUpnp()

Loading

sequenceDiagram
    participant ConfigService as ConfigService
    participant Persister as ConnectConfigPersister

    ConfigService-->>Persister: emits changes (buffered 25ms)
    Persister->>Persister: Check for 'connect.config' changes
    alt Any found
        Persister->>Persister: persist()
    end

Loading

Possibly related PRs

• fix: debounce is too long #1426: Modifies the same config persistence logic, changing the debounce timing and operator for configuration events.
• chore: cli commands for api plugin install & generation #1352: Also modifies PATHS_CONFIG_MODULES handling in api/src/environment.ts and related .env files, closely related to environment variable configuration.

Suggested reviewers

• elibosley

Poem

In Unraid’s halls a script appears,
Nginx commands for admins’ cheers.
Logs now verbose, with lifecycle flair,
Configs buffered with utmost care.
Remote access wakes on every start,
While UPnP cleans up its part.
Code refined—let’s raise a toast!
For plugins stable, safe, and robust.

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e527f49 and 981bf84.

📒 Files selected for processing (3)

• packages/unraid-api-plugin-connect/src/service/dynamic-remote-access.service.ts (6 hunks)
• packages/unraid-api-plugin-connect/src/service/static-remote-access.service.ts (1 hunks)
• packages/unraid-api-plugin-connect/src/service/upnp-remote-access.service.ts (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (3)

• packages/unraid-api-plugin-connect/src/service/static-remote-access.service.ts
• packages/unraid-api-plugin-connect/src/service/upnp-remote-access.service.ts
• packages/unraid-api-plugin-connect/src/service/dynamic-remote-access.service.ts

⏰ Context from checks skipped due to timeout of 90000ms (5)

• GitHub Check: Build API
• GitHub Check: Build Unraid UI Library (Webcomponent Version)
• GitHub Check: Build Web App
• GitHub Check: Test API
• GitHub Check: Analyze (javascript-typescript)

✨ Finishing Touches

• 📝 Generate Docstrings

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (3)

plugin/source/dynamix.unraid.net/etc/rc.d/rc.nginx (3)

19-19: Remove unused variable

The variable CALLER is defined but never used in the script.

-CALLER="nginx"

---

808-813: Improve error detection pattern

The grep pattern for detecting bind errors is too broad and could match unrelated log entries.

-      if  tail -10 $SYSLOG | grep -qm1 'Address already in use'; then
+      if  tail -10 $SYSLOG | grep -qm1 'nginx.*bind.*Address already in use'; then

---

827-833: Add process existence check before pkill

Using pkill unconditionally could have unintended effects if the process doesn't exist.

 nginx_renew(){
   # stop unconditionally
-  pkill --ns $$ -f $NGINX
+  if nginx_running; then
+    pkill --ns $$ -f $NGINX
+    nginx_waitfor_shutdown
+  fi
   # rebuild configuration
   build_ssl
   # start unconditionally
   $NGINX -c $CONF 2>/dev/null
 }

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 424c466 and 278332b.

📒 Files selected for processing (1)

• plugin/source/dynamix.unraid.net/etc/rc.d/rc.nginx (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (5)

• GitHub Check: Build Web App
• GitHub Check: Build Unraid UI Library (Webcomponent Version)
• GitHub Check: Build API
• GitHub Check: Test API
• GitHub Check: Analyze (javascript-typescript)

🔇 Additional comments (2)

plugin/source/dynamix.unraid.net/etc/rc.d/rc.nginx (2)

81-95: Well-structured remote access check

Good implementation with proper checks for file existence, command availability, and null values.

---

341-341: Fix nginx http2 directive syntax

The http2 directive cannot be specified inline with the listen directive in modern nginx versions.

-$(listen $PORTSSL ssl http2)
+$(listen $PORTSSL ssl)
+    http2 on;

Likely an incorrect or invalid review comment.

[coderabbitai]

Actionable comments posted: 5

♻️ Duplicate comments (2)

plugin/source/dynamix.unraid.net/etc/rc.d/rc.nginx (2)

38-40: NGINX_CUSTOMFA still lacks default value handling.

The variable NGINX_CUSTOMFA is used in Content-Security-Policy headers at lines 136, 148, 188, 204, 218, 264, 286, 309, and 343 but might be undefined if the defaults file doesn't exist or doesn't define it.

Add a default value after loading defaults:

 # Load defaults
 # Defines NGINX_CUSTOMFA for custom Content-Security-Policy frame-ancestors url
 [[ -r $DEFAULTS ]] && . $DEFAULTS
+# Ensure NGINX_CUSTOMFA has a default value
+[[ -z $NGINX_CUSTOMFA ]] && NGINX_CUSTOMFA=""

---

592-594: curl commands still lack timeout protection.

The curl commands for fetching WAN IPs lack timeouts, which could cause the script to hang if the remote servers are unresponsive.

-      WANIP=$(curl https://wanip4.unraid.net/ 2>/dev/null)
-      WANIP6=$(curl https://wanip6.unraid.net/ 2>/dev/null)
+      WANIP=$(curl --connect-timeout 5 --max-time 10 https://wanip4.unraid.net/ 2>/dev/null)
+      WANIP6=$(curl --connect-timeout 5 --max-time 10 https://wanip6.unraid.net/ 2>/dev/null)

🧹 Nitpick comments (2)

plugin/source/dynamix.unraid.net/etc/rc.d/rc.nginx (2)

758-758: pkill command may affect unintended processes.

The pkill --ns $$ -f $NGINX command could potentially kill other nginx processes outside the intended namespace if process isolation isn't perfect.

Add more specific targeting:

-    pkill --ns $$ -f $NGINX
+    # More targeted process termination
+    if [[ -s $PID ]]; then
+      local pid=$(cat $PID 2>/dev/null)
+      [[ -n $pid && $pid =~ ^[0-9]+$ ]] && kill -KILL $pid 2>/dev/null
+    fi
+    pkill --ns $$ -f "^$NGINX"

---

808-813: Hardcoded tail and grep pattern may miss edge cases.

The log parsing logic using tail -10 $SYSLOG | grep -qm1 'Address already in use' is fragile and may miss relevant error messages or catch false positives.

Consider more robust error detection:

-      if  tail -10 $SYSLOG | grep -qm1 'Address already in use'; then
+      # Check nginx-specific error logs for binding issues
+      if tail -20 $SYSLOG | grep -q "nginx.*Address already in use\|nginx.*bind.*failed"; then

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 767541b and 7b830a5.

📒 Files selected for processing (3)

• api/src/store/state-parsers/nginx.ts (2 hunks)
• packages/unraid-api-plugin-connect/src/service/dynamic-remote-access.service.ts (6 hunks)
• plugin/source/dynamix.unraid.net/etc/rc.d/rc.nginx (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• packages/unraid-api-plugin-connect/src/service/dynamic-remote-access.service.ts

🧰 Additional context used

📓 Path-based instructions (1)

`api/**/*`: Use pnpm ONLY for package management. Always run scripts from api/package.json unless requested. Test suite is VITEST, do not use jest. Run tests with: pnpm --filter ./...

api/**/*: Use pnpm ONLY for package management.
Always run scripts from api/package.json unless requested.
Test suite is VITEST, do not use jest.
Run tests with: pnpm --filter ./api test.

• api/src/store/state-parsers/nginx.ts

⏰ Context from checks skipped due to timeout of 90000ms (5)

• GitHub Check: Test API
• GitHub Check: Build Web App
• GitHub Check: Build API
• GitHub Check: Analyze (javascript-typescript)
• GitHub Check: Cloudflare Pages

🔇 Additional comments (1)

api/src/store/state-parsers/nginx.ts (1)

5-6: LGTM - Regex enhancement improves key matching flexibility.

The addition of optional separators [_-]? broadens the pattern to match variations like "nginx_fqdn" and "nginx-fqdn6", which aligns with the enhanced nginx configuration management described in the summary.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7b830a5 and 72bdae5.

📒 Files selected for processing (2)

• api/src/store/state-parsers/nginx.ts (1 hunks)
• packages/unraid-api-plugin-connect/src/service/url-resolver.service.ts (3 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• api/src/store/state-parsers/nginx.ts

⏰ Context from checks skipped due to timeout of 90000ms (3)

• GitHub Check: Build Web App
• GitHub Check: Analyze (javascript-typescript)
• GitHub Check: Cloudflare Pages

🔇 Additional comments (3)

packages/unraid-api-plugin-connect/src/service/url-resolver.service.ts (3)

118-118: LGTM! Stricter typing improves type safety.

The addition of the true generic parameter makes ConfigService more strict, which aligns with the broader pattern across the codebase.

---

262-262: LGTM! Cleaner configuration access pattern.

Direct use of configService.getOrThrow is more straightforward than destructuring nested store structures and follows the improved configuration access patterns seen across the PR.

---

369-369: LGTM! Enhanced error logging improves debugging.

Adding the warning log for error instances provides better visibility into FQDN processing failures, which complements the existing generic error logging.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

packages/unraid-api-plugin-connect/src/service/connect-settings.service.ts (1)

255-255: Good addition: Network stack reload ensures changes take effect.

Reloading the network stack after remote access configuration changes is a solid operational practice. The async call is properly awaited.

Consider adding error handling around the network service call if network failures shouldn't block the remote access update:

-        await this.networkService.reloadNetworkStack();
+        try {
+            await this.networkService.reloadNetworkStack();
+        } catch (error) {
+            this.logger.warn('Failed to reload network stack after remote access update', error);
+        }

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ee10c15 and 74ad1bc.

📒 Files selected for processing (4)

• packages/unraid-api-plugin-connect/src/service/connect-settings.service.ts (4 hunks)
• packages/unraid-api-plugin-connect/src/service/upnp-remote-access.service.ts (1 hunks)
• packages/unraid-api-plugin-connect/src/service/upnp.service.ts (2 hunks)
• packages/unraid-api-plugin-connect/src/service/url-resolver.service.ts (4 hunks)

🚧 Files skipped from review as they are similar to previous changes (3)

• packages/unraid-api-plugin-connect/src/service/upnp-remote-access.service.ts
• packages/unraid-api-plugin-connect/src/service/upnp.service.ts
• packages/unraid-api-plugin-connect/src/service/url-resolver.service.ts

⏰ Context from checks skipped due to timeout of 90000ms (5)

• GitHub Check: Build Web App
• GitHub Check: Test API
• GitHub Check: Build API
• GitHub Check: Analyze (javascript-typescript)
• GitHub Check: Cloudflare Pages

🔇 Additional comments (2)

packages/unraid-api-plugin-connect/src/service/connect-settings.service.ts (2)

29-29: LGTM: Clean service import addition.

The NetworkService import follows standard patterns and is properly placed with other service imports.

---

44-45: LGTM: Proper dependency injection.

The NetworkService dependency is correctly injected following NestJS patterns with proper typing and readonly modifier.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

packages/unraid-shared/src/util/processing.ts (1)

16-16: Fix documentation example context issue.

The example uses this.logger without a proper context, which could confuse developers.

-   } else {
-     this.logger.warn(error, 'Uncaught error in network resolver');
-   }
+   } else {
+     console.warn('Uncaught error:', error);
+   }

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1d2be77 and 1186525.

📒 Files selected for processing (2)

• packages/unraid-api-plugin-connect/src/service/url-resolver.service.ts (4 hunks)
• packages/unraid-shared/src/util/processing.ts (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• packages/unraid-api-plugin-connect/src/service/url-resolver.service.ts

⏰ Context from checks skipped due to timeout of 90000ms (6)

• GitHub Check: Analyze (javascript-typescript)
• GitHub Check: Build Web App
• GitHub Check: Build Unraid UI Library (Webcomponent Version)
• GitHub Check: Build API
• GitHub Check: Test API
• GitHub Check: Cloudflare Pages

🔇 Additional comments (1)

packages/unraid-shared/src/util/processing.ts (1)

1-33: Well-designed utility for centralized error handling.

The makeSafeRunner function provides a clean abstraction for safe function execution with centralized error handling. The implementation follows good TypeScript practices with proper use of generics and comprehensive documentation.

[coderabbitai]

Actionable comments posted: 3

♻️ Duplicate comments (6)

plugin/source/dynamix.unraid.net/etc/rc.d/rc.nginx (6)

39-39: NGINX_CUSTOMFA needs a default value.

The variable is loaded from defaults but used later without ensuring it has a value, which can cause issues in Content-Security-Policy headers.

Add a default value after loading defaults:

 # Load defaults
 # Defines NGINX_CUSTOMFA for custom Content-Security-Policy frame-ancestors url
 [[ -r $DEFAULTS ]] && . $DEFAULTS
+# Ensure NGINX_CUSTOMFA has a default value
+[[ -z $NGINX_CUSTOMFA ]] && NGINX_CUSTOMFA=""

---

56-59: Certificate deletion logic is overly broad and potentially unsafe.

The pattern *\.unraid\.net could match valid certificates unintentionally, creating security risks.

Consider more specific validation:

 if [[ -f $CERTPATH ]]; then
   TMPCERTNAME=$(openssl x509 -noout -subject -nameopt multiline -in $CERTPATH | sed -n 's/ *commonName *= //p')
-  [[ $TMPCERTNAME == *\.unraid\.net ]] && rm $CERTPATH
+  # Only delete legacy unraid.net certificates, not valid ones
+  if [[ $TMPCERTNAME == *\.unraid\.net ]]; then
+    # Additional validation could be added here
+    log "Removing legacy unraid.net certificate: $TMPCERTNAME"
+    rm $CERTPATH
+  fi
 fi

---

573-575: Hardcoded temporary file paths create security and concurrency risks.

Using fixed paths /tmp/key.pem and /tmp/cert.pem can cause race conditions and security issues with multiple instances.

Use secure temporary files:

-    openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -sha512 -keyout /tmp/key.pem -out /tmp/cert.pem -subj "$openssl_subject" -extensions SAN -config <(cat /etc/ssl/openssl.cnf; printf "[SAN]\nsubjectAltName=${openssl_altname}") &>/dev/null
-    cat /tmp/cert.pem /tmp/key.pem >$SELFCERTPATH
-    rm -f /tmp/cert.pem /tmp/key.pem
+    # Create secure temporary files
+    TMPKEY=$(mktemp)
+    TMPCERT=$(mktemp)
+    openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -sha512 -keyout "$TMPKEY" -out "$TMPCERT" -subj "$openssl_subject" -extensions SAN -config <(cat /etc/ssl/openssl.cnf; printf "[SAN]\nsubjectAltName=${openssl_altname}") &>/dev/null
+    cat "$TMPCERT" "$TMPKEY" >$SELFCERTPATH
+    rm -f "$TMPCERT" "$TMPKEY"

---

591-593: WAN IP fetching lacks timeout protection.

The curl commands could hang indefinitely if the remote servers are unresponsive.

Add timeouts:

-      WANIP=$(curl https://wanip4.unraid.net/ 2>/dev/null)
-      WANIP6=$(curl https://wanip6.unraid.net/ 2>/dev/null)
+      WANIP=$(curl --connect-timeout 5 --max-time 10 https://wanip4.unraid.net/ 2>/dev/null)
+      WANIP6=$(curl --connect-timeout 5 --max-time 10 https://wanip6.unraid.net/ 2>/dev/null)

---

700-703: nginx_running function has potential race condition.

The function doesn't validate PID file contents or handle cases where the process check fails.

Improve robustness:

 nginx_running(){
   sleep 0.1
-  [[ -s $PID && -n "$(cat $PID)" && -d "/proc/$(cat $PID)" ]] && return 0 || return 1
+  if [[ -s $PID ]]; then
+    local pid=$(cat $PID 2>/dev/null)
+    if [[ -n $pid && $pid =~ ^[0-9]+$ && -d "/proc/$pid" ]]; then
+      return 0
+    fi
+  fi
+  return 1
 }

---

868-908: Command-line interface lacks input validation.

The script doesn't validate that exactly one argument is provided, which could cause unexpected behavior.

Add input validation:

+# Validate command line arguments
+if [[ $# -ne 1 ]]; then
+  echo "Usage: $0 check|start|stop|term|restart|reload|renew|update|port|upgrade|rotate|status"
+  exit 1
+fi
+
 case "$1" in

🧹 Nitpick comments (1)

plugin/source/dynamix.unraid.net/etc/rc.d/rc.nginx (1)

541-691: Consider breaking down the build_ssl function.

This 150-line function handles multiple responsibilities and would benefit from decomposition for maintainability.

Consider extracting smaller functions like:

• generate_self_signed_cert()
• handle_ca_certificate()
• handle_tailscale_certificate()
• write_nginx_config()

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1186525 and e527f49.

📒 Files selected for processing (2)

• packages/unraid-api-plugin-connect/src/event-handler/wan-access.handler.ts (1 hunks)
• plugin/source/dynamix.unraid.net/etc/rc.d/rc.nginx (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• packages/unraid-api-plugin-connect/src/event-handler/wan-access.handler.ts

⏰ Context from checks skipped due to timeout of 90000ms (5)

• GitHub Check: Test API
• GitHub Check: Build Web App
• GitHub Check: Build API
• GitHub Check: Analyze (javascript-typescript)
• GitHub Check: Cloudflare Pages

[github-actions]

This plugin has been deployed to Cloudflare R2 and is available for testing.
Download it at this URL:

https://preview.dl.unraid.net/unraid-api/tag/PR1422/dynamix.unraid.net.plg