2019-10-16 23:44:47 -06:00
|
|
|
#!/bin/sh
|
|
|
|
|
|
|
|
#
|
|
|
|
### ab-nginx entrypoint script
|
|
|
|
#
|
|
|
|
|
2019-11-16 16:33:57 -07:00
|
|
|
convertCase () {
|
2019-11-18 05:00:39 -07:00
|
|
|
printf "%s" "$1" | tr "[:lower:]" "[:upper:]"
|
2019-11-16 16:33:57 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
# convert environment variables to UPPERCASE for proper string comparison
|
2019-11-18 00:56:28 -07:00
|
|
|
ACCESS_LOG=$(convertCase "$ACCESS_LOG")
|
|
|
|
HSTS=$(convertCase "$HSTS")
|
|
|
|
TLS13_ONLY=$(convertCase "$TLS13_ONLY")
|
|
|
|
|
|
|
|
# export new environment variables
|
|
|
|
export ACCESS_LOG=$ACCESS_LOG
|
|
|
|
export HSTS=$HSTS
|
|
|
|
export TLS13_ONLY=$TLS13_ONLY
|
2019-11-16 16:33:57 -07:00
|
|
|
|
2019-10-17 00:37:01 -06:00
|
|
|
### update configuration files with environment variables
|
|
|
|
# update server name list
|
|
|
|
printf "\nUpdating server name list... "
|
|
|
|
sed -i -e "s%<SERVER_NAMES>%${SERVER_NAMES}%" /etc/nginx/server_names.conf
|
|
|
|
printf "done\n"
|
|
|
|
|
2019-10-18 01:53:20 -06:00
|
|
|
# update access log global preference
|
2019-11-16 16:33:57 -07:00
|
|
|
if [ "$ACCESS_LOG" = 'OFF' ]; then
|
2019-10-18 02:01:47 -06:00
|
|
|
printf "Turning access log OFF... "
|
2019-11-17 23:55:54 -07:00
|
|
|
sed -i -e "s%<ACCESS_LOG_SETTING>%off%" /etc/nginx/nginx.conf
|
2019-10-18 01:53:20 -06:00
|
|
|
printf "done\n"
|
2019-11-16 16:33:57 -07:00
|
|
|
elif [ "$ACCESS_LOG" = 'ON' ]; then
|
2019-10-18 02:01:47 -06:00
|
|
|
printf "Turning access log ON... "
|
2019-10-18 01:53:20 -06:00
|
|
|
sed -i -e "s%<ACCESS_LOG_SETTING>%/var/log/nginx/access.log combined%" /etc/nginx/nginx.conf
|
|
|
|
printf "done\n"
|
|
|
|
fi
|
|
|
|
|
2019-10-17 21:43:28 -06:00
|
|
|
# update HTTPS redirect port if SSL server test block exists
|
|
|
|
if [ -f "/etc/nginx/sites/note" ]; then
|
2019-10-18 02:01:47 -06:00
|
|
|
printf "Updating port redirects... "
|
2019-10-17 21:43:28 -06:00
|
|
|
sed -i -e "s%<HTTPS_PORT>%${HTTPS_PORT}%" /etc/nginx/sites/05-test_secured.conf.disabled
|
2019-10-18 01:55:50 -06:00
|
|
|
printf "done\n"
|
2019-10-17 21:43:28 -06:00
|
|
|
fi
|
|
|
|
|
2019-10-17 00:37:01 -06:00
|
|
|
# activate HSTS
|
2019-11-16 16:33:57 -07:00
|
|
|
if [ "$HSTS" = 'TRUE' ]; then
|
2019-10-17 00:37:01 -06:00
|
|
|
printf "Activating HSTS configuration... "
|
|
|
|
sed -i -e "s/^#add_header/add_header/" \
|
2019-10-17 16:30:35 -06:00
|
|
|
/etc/nginx/ssl-config/mozIntermediate_ssl.conf.disabled
|
2019-10-17 00:37:01 -06:00
|
|
|
sed -i -e "s/^#add_header/add_header/" \
|
2019-10-17 16:30:35 -06:00
|
|
|
/etc/nginx/ssl-config/mozModern_ssl.conf.disabled
|
2019-10-17 00:37:01 -06:00
|
|
|
printf "done\n"
|
|
|
|
fi
|
|
|
|
|
2019-10-17 01:31:52 -06:00
|
|
|
# activate SSL configuration as appropriate and only if certs exist
|
2019-11-16 16:33:57 -07:00
|
|
|
if [ "$TLS13_ONLY" = 'FALSE' ]; then
|
2019-10-17 00:37:01 -06:00
|
|
|
if [ -f "/certs/fullchain.pem" ] && \
|
|
|
|
[ -f "/certs/privkey.pem" ] && \
|
|
|
|
[ -f "/certs/chain.pem" ] && \
|
|
|
|
[ -f "/certs/dhparam.pem" ]; then
|
|
|
|
printf "Certificates found. Securing deployment using TLS 1.2\n"
|
|
|
|
|
|
|
|
# activate shared SSL configuration file
|
2019-10-17 16:30:35 -06:00
|
|
|
mv /etc/nginx/ssl-config/mozIntermediate_ssl.conf.disabled \
|
|
|
|
/etc/nginx/ssl-config/mozIntermediate_ssl.conf
|
2019-10-17 00:37:01 -06:00
|
|
|
|
2019-10-17 16:27:59 -06:00
|
|
|
if [ -f "/etc/nginx/sites/note" ]; then
|
|
|
|
# activate SSL test server block & deactivate normal one
|
2019-10-17 16:12:19 -06:00
|
|
|
mv /etc/nginx/sites/05-test_secured.conf.disabled \
|
|
|
|
/etc/nginx/sites/05-test_secured.conf
|
2019-10-17 16:17:16 -06:00
|
|
|
mv /etc/nginx/sites/05-test_nonsecured.conf \
|
|
|
|
/etc/nginx/sites/05-test_nonsecured.conf.disabled
|
|
|
|
fi
|
2019-10-17 00:37:01 -06:00
|
|
|
fi
|
2019-11-16 16:33:57 -07:00
|
|
|
elif [ "$TLS13_ONLY" = 'TRUE' ]; then
|
2019-10-17 00:37:01 -06:00
|
|
|
if [ -f "/certs/fullchain.pem" ] && \
|
|
|
|
[ -f "/certs/privkey.pem" ] && \
|
|
|
|
[ -f "/certs/chain.pem" ]; then
|
|
|
|
printf "Certificates found. Securing deployment using TLS 1.3\n"
|
|
|
|
|
|
|
|
# activate shared SSL configuration file
|
2019-10-17 16:30:35 -06:00
|
|
|
mv /etc/nginx/ssl-config/mozModern_ssl.conf.disabled \
|
|
|
|
/etc/nginx/ssl-config/mozModern_ssl.conf
|
2019-10-17 00:37:01 -06:00
|
|
|
|
2019-10-17 16:27:59 -06:00
|
|
|
if [ -f "/etc/nginx/sites/note" ]; then
|
|
|
|
# activate SSL test server block & deactivate normal one
|
2019-10-17 16:12:19 -06:00
|
|
|
mv /etc/nginx/sites/05-test_secured.conf.disabled \
|
|
|
|
/etc/nginx/sites/05-test_secured.conf
|
2019-10-17 16:17:16 -06:00
|
|
|
mv /etc/nginx/sites/05-test_nonsecured.conf \
|
|
|
|
/etc/nginx/sites/05-test_nonsecured.conf.disabled
|
|
|
|
fi
|
2019-10-17 00:37:01 -06:00
|
|
|
fi
|
|
|
|
fi
|
2019-10-16 23:44:47 -06:00
|
|
|
|
|
|
|
# execute commands passed to this container
|
2019-10-18 01:55:50 -06:00
|
|
|
printf "\nSetup complete...Container ready...\n"
|
2019-10-16 23:44:47 -06:00
|
|
|
exec "$@"
|
|
|
|
|
|
|
|
#EOF
|