Own custom-setup.sh as a solution for SSL problems when updating indi-allsky

Posted on : Posted in : Software (EN)

The official setup.sh from indi-allsky is functionally comprehensive and installs the entire runtime environment including the web server configuration. This behavior is useful for typical installations, but leads to problems if custom Apache settings are used – especially with Let’s-Encrypt certificates, user-defined VirtualHosts or specific redirect rules.

Practical operation showed that setup.sh regenerates the /etc/apache2/sites-available/indi-allsky.conf file each time it is run. As a result:

  • a self-signed SSL certificate is created,
  • individual SSL path and server name settings are lost,
  • Listener conflicts arise (ports 80/443 are used multiple times),
  • the Apache restart fails at the end of the setup process.

*** This post was updated with a new routine on Dezember 12th, 2025.  ***

One solution initially considered was to write-protect the file using chattr +i. Although this prevents overwriting, it causes the setup script to abort with error messages as the file cannot be replaced. This made it clear that this method is not suitable in practice.

The solution: a separate, stable setup routine

In order to make the update process reliable and conflict-free, a custom wrapper routine was developed: custom-setup.sh. This script continues to call the official setup routine in full, but specifically prevents the Apache configuration block of setup.sh from being executed.

This works via two variables that are already provided in the original script:

INDIALLSKY_WEBSERVER="apache" forces processing in the Apache branch of the setup.

WEBSERVER_CONFIG="false" ensures that the entire block for regenerating the Apache configuration is skipped – regardless of what the user selects in the whiptail dialog.

This means that all individual adjustments to the Apache configuration (certificates, VirtualHosts, redirects, etc.) are completely retained, while all other components of indi-allsky are updated regularly.

create custom-setup.sh


#!/bin/bash
set -e

###############################################################################
# custom-setup.sh
#
# Safe wrapper for the official indi-allsky setup.sh
#
# Goals:
# - DO NOT overwrite Apache configuration
# - Avoid SQLite "database is locked" errors
# - Stop and restart services in a controlled way
# - Handle systemd user socket units defensively
# - Be idempotent and safe to run multiple times
# - Replace xxx with your directory path
###############################################################################


### Configuration #############################################################

INDI_DIR="/home/xxx/indi-allsky"
APACHE_VHOST="/etc/apache2/sites-available/indi-allsky.conf"

###############################################################################


echo ">>> custom-setup.sh: starting"


# --------------------------------------------------
# 1. Sanity checks
# --------------------------------------------------

if [ ! -d "$INDI_DIR" ]; then
    echo "ERROR: indi-allsky directory not found: $INDI_DIR"
    exit 1
fi

if [ ! -f "$INDI_DIR/setup.sh" ]; then
    echo "ERROR: setup.sh not found in $INDI_DIR"
    exit 1
fi

if [ ! -f "$APACHE_VHOST" ]; then
    echo "WARNING: Apache vhost not found: $APACHE_VHOST"
    echo "         Apache configuration will not be managed."
fi


# --------------------------------------------------
# 2. Stop running services (prevent SQLite locks)
# --------------------------------------------------

echo ">>> Stopping running services..."

# User-level services
systemctl --user stop indi-allsky.service 2>/dev/null || true
systemctl --user stop gunicorn-indi-allsky.service 2>/dev/null || true
systemctl --user stop gunicorn-indi-allsky.socket 2>/dev/null || true

# System-level services (safe even if not present)
sudo systemctl stop indi-allsky.service 2>/dev/null || true
sudo systemctl stop gunicorn-indi-allsky.service 2>/dev/null || true
sudo systemctl stop gunicorn-indi-allsky.socket 2>/dev/null || true

sleep 3


# --------------------------------------------------
# 3. Force Apache mode, skip Apache config changes
# --------------------------------------------------

echo ">>> Forcing Apache mode without config changes"

export INDIALLSKY_WEBSERVER="apache"
export WEBSERVER_CONFIG="false"

# Optional hardening (commented by default)
# export INDI_ALLSKY_OS_PACKAGE_UPGRADE="false"


# --------------------------------------------------
# 4. Run the official setup.sh
# --------------------------------------------------

echo ">>> Running official setup.sh"

cd "$INDI_DIR"
./setup.sh

echo ">>> setup.sh finished successfully"


# --------------------------------------------------
# 5. Apache sanity checks
# --------------------------------------------------

if command -v apachectl >/dev/null 2>&1; then
    echo ">>> Validating Apache configuration"
    sudo apachectl configtest

    echo ">>> Restarting Apache"
    sudo systemctl restart apache2

    echo ">>> Active Apache virtual hosts:"
    sudo apachectl -S
else
    echo "NOTE: apachectl not found – skipping Apache checks"
fi


# --------------------------------------------------
# 6. systemd user units: defensive handling
# --------------------------------------------------

echo ">>> Reloading systemd user daemon"
systemctl --user daemon-reload

if systemctl --user list-unit-files | grep -q gunicorn-indi-allsky.socket; then
    echo ">>> gunicorn-indi-allsky.socket found – starting"
    systemctl --user start gunicorn-indi-allsky.socket
else
    echo "WARNING: gunicorn-indi-allsky.socket not found"
    echo "         setup.sh may not have created systemd user units"
fi


# --------------------------------------------------
# 7. Restart indi-allsky service (user-level)
# --------------------------------------------------

if systemctl --user list-unit-files | grep -q indi-allsky.service; then
    echo ">>> Restarting indi-allsky service"
    systemctl --user restart indi-allsky.service
else
    echo "WARNING: indi-allsky.service not found in user systemd"
fi


echo ">>> custom-setup.sh completed successfully"
echo ">>> indi-allsky updated without overwriting Apache config"

Installation of the custom setup routine

The custom-setup.sh file is created directly in the main directory of the indi-allsky installation, for example under /home/xxx/indi-allsky/. After the content shown above has been inserted, the file is made executable:

 chmod +x custom-setup.sh

From this point on, every update is carried out exclusively via the new script:

./custom-setup.sh

The original setup.sh remains functional, but should no longer be executed directly, as it can overwrite the existing web server configuration and damage certificates or listener settings. With the custom-setup.sh, the Apache configuration remains unchanged, while the application itself continues to be updated correctly.

Enjoyed this post?

You can support allsky-rodgau.de with a small coffee on BuyMeACoffee.

Buy me a coffee!