178 lines
5.1 KiB
Bash
178 lines
5.1 KiB
Bash
#!/bin/sh
|
|
|
|
#
|
|
# entrypoint script for ab-livereload container
|
|
#
|
|
|
|
# functions
|
|
certificateCheckExist() {
|
|
if [ -n "$(find /certs/ -type d -empty -print)" ]; then
|
|
printf "noexist"
|
|
elif ! [ -r "/certs/fullchain.pem" ]; then
|
|
printf "noread_certificate"
|
|
elif ! [ -r "/certs/privkey.pem" ]; then
|
|
printf "noread_key"
|
|
else
|
|
printf "ok"
|
|
fi
|
|
}
|
|
|
|
certificateGenerateNew() {
|
|
# generate self-signed certificate and export as PFX
|
|
printf "\nGenerating new self-signed certificate:\n"
|
|
# shellcheck disable=SC3028
|
|
if [ -z "$CERT_HOSTNAME" ]; then export CERT_HOSTNAME="$HOSTNAME"; fi
|
|
# create placeholder files to set permissions
|
|
touch /certs/fullchain.pem && chmod 644 /certs/fullchain.pem
|
|
touch /certs/privkey.pem && chmod 640 /certs/privkey.pem
|
|
# generate certificate
|
|
if ! openssl req -new -x509 -days 365 -nodes -out /certs/fullchain.pem -keyout /certs/privkey.pem -config /etc/selfsigned.cnf; then
|
|
printf "\nUnable to generate certificate. Is your 'certs' directory writable by this container?\n\n"
|
|
exit 55
|
|
fi
|
|
cp /certs/fullchain.pem /certs/chain.pem
|
|
# generate dh-params for TLS1.2
|
|
if ! openssl dhparam -dsaparam -out /certs/dhparam.pem 4096; then
|
|
printf "\nUnable to generate dh-params. Is you 'certs' directory writable by this container?\n\n"
|
|
exit 56
|
|
fi
|
|
|
|
# print message to user
|
|
printf "\n\nA self-signed certificate has been generated and saved in the location mounted to '/certs' in this container.\n"
|
|
printf "The certificate and private key are PEM formatted with names 'fullchain.pem' and 'privkey.pem', respectively.\n"
|
|
printf "Remember to import 'fullchain.pem' to the trusted store on any client machines or you will get warnings.\n\n"
|
|
}
|
|
|
|
certificateShow() {
|
|
printf "\nCurrently loaded certificate:\n"
|
|
certStatus="$(certificateCheckExist)"
|
|
case "$certStatus" in
|
|
noexist)
|
|
printf "[ERROR]: No certificate is loaded (certificate directory empty).\n\n"
|
|
exit 51
|
|
;;
|
|
noread_certificate)
|
|
printf "[ERROR]: Cannot read loaded certificate.\n\n"
|
|
exit 52
|
|
;;
|
|
noread_key)
|
|
printf "\n[WARNING]: Cannot find private key associated with certificate!\n\n"
|
|
;;
|
|
esac
|
|
if ! openssl x509 -noout -text -nameopt align,multiline -certopt no_pubkey,no_sigdump -in /certs/fullchain.pem; then
|
|
printf "\n[ERROR]: Unable to display loaded certificate.\n\n"
|
|
exit 52
|
|
fi
|
|
}
|
|
|
|
convertCaseLower() {
|
|
printf "%s" "$1" | tr "[:upper:]" "[:lower:]"
|
|
}
|
|
|
|
# default variable values
|
|
doCertNew=0
|
|
doCertShow=0
|
|
doServer=0
|
|
doShell=0
|
|
|
|
# clean-up boolean environment variables for this script and JavaScript
|
|
enableHTTPS="$(convertCaseLower "$LR_HTTPS")"
|
|
enableDebug="$(convertCaseLower "$LR_DEBUG")"
|
|
export LR_HTTPS="$enableHTTPS"
|
|
export LR_DEBUG="$enableDebug"
|
|
|
|
# process action parameter
|
|
case "$1" in
|
|
listen | server | run | start)
|
|
doServer=1
|
|
;;
|
|
shell)
|
|
doShell=1
|
|
;;
|
|
new-cert)
|
|
doCertNew=1
|
|
;;
|
|
show-cert)
|
|
doCertShow=1
|
|
;;
|
|
*)
|
|
# invalid or unknown option
|
|
printf "\nUnknown action requested: %s\n" "$1"
|
|
printf "Valid actions: [listen | server | run | start] | shell | new-cert | show-cert\n\n"
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
# action: run server
|
|
if [ "$doServer" -eq 1 ]; then
|
|
printf "Starting ab-livereload server:\n"
|
|
|
|
# https pre-flight check
|
|
if [ "$enableHTTPS" = "true" ]; then
|
|
certStatus="$(certificateCheckExist)"
|
|
case "$certStatus" in
|
|
noexist)
|
|
printf "[Generating certificate]\n"
|
|
certificateGenerateNew
|
|
;;
|
|
noread_certificate)
|
|
printf "[Checking mounted certificate]"
|
|
printf "\nERROR: SSL/TLS mode selected but unable to read certificate!\n\n"
|
|
exit 52
|
|
;;
|
|
noread_key)
|
|
printf "[Checking mounted certificate]"
|
|
printf "\nERROR: SSL/TLS mode selected but unable to read private key!\n\n"
|
|
exit 53
|
|
;;
|
|
ok)
|
|
printf "[Certificate OK]\n"
|
|
;;
|
|
esac
|
|
fi
|
|
exec node ab-livereload.js
|
|
exit "$?"
|
|
fi
|
|
|
|
# action: drop to shell
|
|
if [ "$doShell" -eq 1 ]; then
|
|
if [ -z "$2" ]; then
|
|
printf "\nExecuting interactive shell:\n"
|
|
exec /bin/sh
|
|
else
|
|
shift
|
|
printf "\nExecuting shell: '%s'\n" "$*"
|
|
exec /bin/sh -c "$*"
|
|
fi
|
|
exit "$?"
|
|
fi
|
|
|
|
# action: generate new self-signed certificate
|
|
if [ "$doCertNew" -eq 1 ]; then
|
|
certificateGenerateNew
|
|
exit 0
|
|
fi
|
|
|
|
# action: show loaded certificate
|
|
if [ "$doCertShow" -eq 1 ]; then
|
|
certificateShow
|
|
exit 0
|
|
fi
|
|
|
|
# failsafe exit - terminate with code 99: this code should never be executed!
|
|
exit 99
|
|
|
|
# exit codes:
|
|
# 0: normal exit, no errors
|
|
# 1: invalid or invalid parameter passed to script
|
|
# 2: interactive shell required
|
|
# 50: certificate errors
|
|
# 51: certificate directory empty
|
|
# 52: unable to read certificate/chain
|
|
# 53: unable to read private key
|
|
# 55: unable to generate new certificate
|
|
# 56: unable to generate dh-params
|
|
# 99: code error
|
|
|
|
#EOF
|