#!/bin/sh # # entrypoint script for livereload-tls-npm container # # functions certificateCheckEnabled() { if [ "$httpsEnabled" != "TRUE" ]; then printf "\nSSL/TLS not enabled. Please set LR_HTTPS=TRUE if you want to enable SSL/TLS.\n" exit 1 fi } certificateCheckExist() { if [ -n "$(find /certs/ -type d -empty -print)" ]; then printf "noexist" elif ! [ -r "/certs/fullchain.pem" ]; then printf "noread_certificate" elif ! [ -r "/certs/privkey.pem" ]; then printf "noread_key" else printf "ok" fi } certificateGenerateNew() { # generate self-signed certificate and export as PFX printf "\nGenerating new self-signed certificate:\n" # shellcheck disable=SC3028 if [ -z "$CERT_HOSTNAME" ]; then export CERT_HOSTNAME="$HOSTNAME"; fi if ! openssl req -new -x509 -days 365 -nodes -out /certs/fullchain.pem -keyout /certs/privkey.pem -config /etc/selfsigned.cnf; then printf "\nUnable to generate certificate. Is your 'certs' directory writable by this container?\n\n" exit 55 fi # print message to user printf "\n\nA self-signed certificate has been generated and saved in the location mounted to '/certs' in this container.\n" printf "The certificate and private key are PEM formatted with names 'fullchain.pem' and 'privkey.pem', respectively.\n" printf "Remember to import 'fullchain.pem' to the trusted store on any client machines or you will get warnings.\n\n" } certificateShow() { certificateCheckEnabled printf "\nCurrently loaded certificate:\n" exit 0 } convertCaseUpper() { printf "%s" "$1" | tr "[:lower:]" "[:upper:]" } # default variable values doCertNew=0 doCertShow=0 doServer=0 doShell=0 httpsEnabled="$(convertCaseUpper "$LR_HTTPS")" # process action parameter case "$1" in listen | server | run | start) doServer=1 ;; shell) doShell=1 ;; new-cert) doCertNew=1 ;; show-cert) doCertShow=1 ;; *) # invalid or unknown option printf "\nUnknown action requested: %s\n" "$1" printf "Valid actions: [listen | server | run | start] | shell | new-cert | show-cert\n\n" exit 1 ;; esac # action: run server if [ "$doServer" -eq 1 ]; then printf "Starting LiveReload server:\n" # https pre-flight check if [ "$httpsEnabled" = "TRUE" ]; then printf "[SSL/TLS mode enabled]\n" certStatus="$(certificateCheckExist)" case "$certStatus" in noexist) printf "[Generating certificate]\n" certificateGenerateNew ;; noread_certificate) printf "[Checking mounted certificate]" printf "\nERROR: SSL/TLS mode selected but unable to read certificate!\n\n" exit 51 ;; noread_key) printf "[Checking mounted certificate]" printf "\nERROR: SSL/TLS mode selected but unable to read private key!\n\n" exit 52 ;; ok) printf "[Certificate OK]\n" ;; esac fi exec node livereload.js exit "$?" fi # action: drop to shell if [ "$doShell" -eq 1 ]; then if [ -z "$2" ]; then printf "\nExecuting interactive shell:\n" exec /bin/sh else shift printf "\nExecuting shell: '%s'\n" "$*" exec /bin/sh -c "$*" fi exit "$?" fi # action: generate new self-signed certificate if [ "$doCertNew" -eq 1 ]; then certificateGenerateNew exit 0 fi # action: show loaded certificate if [ "$doCertShow" -eq 1 ]; then certificateShow; fi # failsafe exit - terminate with code 99: this code should never be executed! exit 99 # exit codes: # 0: normal exit, no errors # 1: invalid or invalid parameter passed to script # 2: interactive shell required # 50: certificate errors # 51: unable to read certificate/chain # 52: unable to read private key # 55: unable to generate new certificate # 99: code error #EOF