forked from Valian/docker-nginx-auto-ssl
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathentrypoint.sh
executable file
·67 lines (53 loc) · 2.35 KB
/
entrypoint.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
#!/bin/bash
RESTY_CONF_DIR="/usr/local/openresty/nginx/conf"
NGINX_CONF_DIR="/etc/nginx/conf.d"
# openresty will change it later on his own, right now we're just giving it access
chmod 777 /etc/resty-auto-ssl
# we want to keep dhparam.pem in volume, to generate just one time
if [ ! -f "/etc/resty-auto-ssl/dhparam.pem" ]; then
if [ -n "$DIFFIE_HELLMAN" ]; then
openssl dhparam -out /etc/resty-auto-ssl/dhparam.pem 2048
else
cp ${RESTY_CONF_DIR}/dhparam.pem /etc/resty-auto-ssl/dhparam.pem
fi
fi
# if $SITES is defined, we should prepare configuration files
# example usage:
#
# -e SITES="db.example.com=localhost:5432;app.example.com=http://localhost:8080"
#
# it will create 2 files:
#
# 1. /etc/nginx/conf.d/db.example.com.conf using $SERVER_ENDPOINT=localhost:5432 and $SERVER_NAME=db.example.com
# 2. /etc/nginx/conf.d/app.example.com.conf using $SERVER_ENDPOINT=localhost:8080 and $SERVER_NAME=app.example.com
if [ -n "$SITES" ]; then
# lets read all backends, separated by ';'
IFS=\; read -a SITES_SEPARATED <<<"$SITES"
# for each backend (in form of server_name=endpoint:port) we create proper file
for NAME_EQ_ENDPOINT in "${SITES_SEPARATED[@]}"; do
RAW_SERVER_ENDPOINT=${NAME_EQ_ENDPOINT#*=}
export SERVER_NAME=${NAME_EQ_ENDPOINT%=*}
export SERVER_ENDPOINT=${RAW_SERVER_ENDPOINT#*//} # it clears url scheme, like http:// or https://
envsubst '$SERVER_NAME $SERVER_ENDPOINT' \
< ${RESTY_CONF_DIR}/server-proxy.conf \
> ${NGINX_CONF_DIR}/${SERVER_NAME}.conf
done
unset SERVER_NAME SERVER_ENDPOINT
# if $SITES isn't defined, let's check if $NGINX_CONF_DIR is empty
elif [ ! "$(ls -A ${NGINX_CONF_DIR})" ]; then
# if yes, just copy default server (similar to default from docker-openresty, but using https)
cp ${RESTY_CONF_DIR}/server-default.conf ${NGINX_CONF_DIR}/default.conf
fi
if [ "$FORCE_HTTPS" == "true" ]; then
# only do this, if it's first run
if ! grep -q "force-https.conf" ${RESTY_CONF_DIR}/resty-server-http.conf
then
echo "include force-https.conf;" >> ${RESTY_CONF_DIR}/resty-server-http.conf
fi
fi
# let's substitute $ALLOWED_DOMAINS and $LETSENCRYPT_URL into OpenResty configuration
envsubst '$ALLOWED_DOMAINS,$LETSENCRYPT_URL' \
< ${RESTY_CONF_DIR}/resty-http.conf \
> ${RESTY_CONF_DIR}/resty-http.conf.copy \
&& mv ${RESTY_CONF_DIR}/resty-http.conf.copy ${RESTY_CONF_DIR}/resty-http.conf
exec "$@"