2019-10-17 17:13:57 -06:00
#!/bin/sh
#
2019-10-17 17:17:04 -06:00
### start ab-nginx container using params file variables
2019-10-17 17:13:57 -06:00
#
# text formatting presets
cyan = $( tput setaf 6)
err = $( tput bold) $( tput setaf 1)
magenta = $( tput setaf 5)
norm = $( tput sgr0)
yellow = $( tput setaf 3)
### parameter defaults
shell = false
2019-11-16 15:36:13 -07:00
container_name = "ab-nginx"
NETWORK = 'nginx_network'
SUBNET = '172.31.254.0/24'
2019-10-17 21:43:28 -06:00
HTTP_PORT = 80
HTTPS_PORT = 443
2019-10-17 18:23:07 -06:00
unset CONFIG_DIR
2019-10-18 00:16:12 -06:00
unset SERVERS_DIR
2019-10-17 18:23:07 -06:00
unset WEBROOT_DIR
2019-10-17 18:53:22 -06:00
unset vmount
2019-11-16 17:17:44 -07:00
if [ " $TLS13_ONLY " ] ; then
TLS13_ONLY = $( echo " $TLS13_ONLY " | tr "[:lower:]" "[:upper:]" )
fi
2019-10-17 17:13:57 -06:00
2019-11-16 16:10:55 -07:00
### functions
checkExist ( ) {
2019-11-16 17:12:24 -07:00
if [ " $1 " = 'file' ] ; then
2019-11-16 16:10:55 -07:00
if [ ! -f " $2 " ] ; then
printf " ${ err } \nCannot find file: ' $2 '. Exiting.\n ${ norm } "
exit 3
fi
2019-11-16 17:12:24 -07:00
elif [ " $1 " = 'dir' ] ; then
2019-11-16 16:10:55 -07:00
if [ ! -d " $2 " ] ; then
printf " ${ err } \nCannot find directory: ' $2 '. Exiting.\n ${ norm } "
exit 3
fi
fi
return 0
}
2019-10-17 17:13:57 -06:00
scriptHelp ( ) {
printf " \n ${ magenta } %80s\n " | tr " " "-"
printf " ${ norm } This is a simple helper script so you can avoid lengthy typing when working\n "
printf "with the nginx container. The script reads the contents of 'ab-nginx.params'\n"
printf "and constructs various 'docker run' commands based on that file. The biggest\n"
printf "timesaver is working with certificates. If they are specified in params file,\n"
printf "the script will automatically bind-mount them so nginx serves content via SSL\n"
printf "by default.\n\n"
printf "If you run the script with no parameters, it will execute the container\n"
printf "'normally': Run in detached mode with nginx automatically launched and\n"
printf "logging to stdout. If you specified certificates, nginx will serve over SSL\n"
printf "by default.\n"
2019-10-19 22:22:00 -06:00
printf "Note: Containers (except shell) are always set to restart 'unless-stopped'. You\n"
printf "must remove them manually if desired.\n\n"
2019-10-17 17:13:57 -06:00
printf " ${ magenta } The script has the following parameters:\n "
printf " ${ cyan } (parameter in cyan) ${ yellow } (default in yellow) ${ norm } \n\n "
printf " ${ cyan } -n|--name ${ norm } \n "
printf "Change the name of the container. This is cosmetic and does not affect\n"
printf "operation in any way.\n"
printf " ${ yellow } (ab-nginx) ${ norm } \n\n "
printf " ${ cyan } -s|--shell ${ norm } \n "
printf "Enter the container using an interactive POSIX shell. This happens after\n"
printf "startup operations but *before* nginx is actually started. This is a great way\n"
printf "to see configuration changes possibly stopping nginx from starting normally.\n"
printf " ${ yellow } (off: run in detached mode) ${ norm } \n\n "
printf " ${ yellow } More information can be found at:\n "
printf "https://git.asifbacchus.app/ab-docker/ab-nginx/wiki\n"
printf " ${ magenta } %80s\n\n " | tr " " "-"
exit 0
}
2019-11-16 16:10:55 -07:00
2019-10-17 17:13:57 -06:00
### pre-requisite checks
# is user root or in the docker group?
if [ ! " $( id -u ) " -eq 0 ] ; then
if ! id -Gn | grep docker > /dev/null; then
printf " ${ err } \nYou must either be root or in the 'docker' group to run this script since you must be able to actually start the container! Exiting.\n ${ norm } "
exit 2
fi
fi
# does the params file exist?
2019-11-16 16:10:55 -07:00
checkExist 'file' './ab-nginx.params'
2019-10-17 17:13:57 -06:00
2019-10-17 17:57:03 -06:00
# read .params file
. ./ab-nginx.params
2019-11-16 17:22:16 -07:00
# fix case of TLS13_ONLY var
if [ " $TLS13_ONLY " ] ; then
TLS13_ONLY = $( echo " $TLS13_ONLY " | tr "[:lower:]" "[:upper:]" )
fi
2019-10-17 17:13:57 -06:00
# check for certs if using SSL
2019-11-16 16:10:55 -07:00
checkExist 'file' " $SSL_CERT "
checkExist 'file' " $SSL_KEY "
checkExist 'file' " $SSL_CHAIN "
2019-10-17 17:13:57 -06:00
# check for DHparam if using TLS1.2
2019-11-16 17:12:24 -07:00
if [ " $TLS13_ONLY " = 'FALSE' ] ; then
2019-10-17 17:13:57 -06:00
if [ -z " $DH " ] ; then
printf " ${ err } \nA DHparam file must be specified when using TLS 1.2. Exiting. ${ norm } \n "
exit 5
2019-11-16 16:10:55 -07:00
else
checkExist 'file' " $DH "
2019-10-17 17:13:57 -06:00
fi
fi
2019-10-17 18:23:07 -06:00
# check if specified config directory exists
2019-11-16 16:10:55 -07:00
if [ " $CONFIG_DIR " ] ; then
checkExist 'dir' " $CONFIG_DIR "
2019-10-17 18:23:07 -06:00
fi
2019-10-18 00:16:12 -06:00
# check if specified server-block directory exists
2019-11-16 16:10:55 -07:00
if [ " $SERVERS_DIR " ] ; then
checkExist 'dir' " $SERVERS_DIR "
2019-10-18 00:16:12 -06:00
fi
2019-10-17 18:23:07 -06:00
# check if specified webroot directory exists
2019-11-16 16:10:55 -07:00
if [ " $WEBROOT_DIR " ] ; then
checkExist 'dir' " $WEBROOT_DIR "
2019-10-17 18:23:07 -06:00
fi
2019-10-17 17:13:57 -06:00
2019-11-16 16:52:44 -07:00
# set up volume mounts
if [ " $CONFIG_DIR " ] ; then
vmount = " $vmount -v $CONFIG_DIR :/etc/nginx/config "
fi
if [ " $SERVERS_DIR " ] ; then
vmount = " $vmount -v $SERVERS_DIR :/etc/nginx/sites "
fi
2019-11-16 17:18:24 -07:00
if [ " $SNIPPETS_DIR " ] ; then
vmount = " $vmount -v $SNIPPETS_DIR :/etc/nginx/snippets "
fi
2019-11-16 16:52:44 -07:00
if [ " $WEBROOT_DIR " ] ; then
vmount = " $vmount -v $WEBROOT_DIR :/usr/share/nginx/html "
2019-10-17 18:53:22 -06:00
fi
2019-11-16 16:52:44 -07:00
# trim leading whitespace
vmount = ${ vmount ##[[ : space : ]] }
echo " $vmount "
2019-10-17 18:53:22 -06:00
2019-10-17 18:23:39 -06:00
2019-10-17 17:13:57 -06:00
# process startup parameters
while [ $# -gt 0 ] ; do
case " $1 " in
-h| -\? | --help)
# display help
scriptHelp
exit 0
; ;
-s| --shell)
# start shell instead of default CMD
shell = true
; ;
-n| --name)
# container name
if [ -z " $2 " ] ; then
printf " ${ err } \nNo container name specified. Exiting.\n ${ norm } "
exit 1
fi
container_name = " $2 "
shift
; ;
*)
printf " ${ err } \nUnknown option: %s\n " " $1 "
printf " Use '--help' for valid options.\n\n ${ norm } "
exit 1
; ;
esac
shift
done
2019-11-16 15:36:13 -07:00
# create network if it doesn't already exist
docker network inspect ${ NETWORK } > /dev/null 2>& 1 || \
docker network create \
--attachable \
--driver= bridge \
--subnet= ${ SUBNET } \
${ NETWORK }
2019-10-17 17:13:57 -06:00
# run without TLS
if [ -z " $SSL_CERT " ] ; then
2019-11-16 17:11:07 -07:00
if [ $shell = 'true' ] ; then
2019-10-17 17:13:57 -06:00
# exec shell
printf " ${ cyan } \nRunning SHELL on %s... ${ norm } \n " " $container_name "
2019-10-17 18:53:22 -06:00
docker run --rm -it --name ${ container_name } \
--env-file ab-nginx.params \
2019-11-13 08:48:17 -07:00
-e SERVER_NAMES = " $HOSTNAMES " \
2019-10-17 18:53:22 -06:00
$vmount \
2019-11-16 15:36:13 -07:00
--network= ${ NETWORK } \
2019-10-17 21:43:28 -06:00
-p ${ HTTP_PORT } :80 \
2019-10-18 00:27:01 -06:00
docker.asifbacchus.app/nginx/ab-nginx:latest /bin/sh
2019-10-17 17:13:57 -06:00
else
# exec normally
printf " ${ cyan } \nRunning NGINX on %s... ${ norm } \n " " $container_name "
2019-10-19 22:22:00 -06:00
docker run -d --name ${ container_name } \
2019-10-17 18:53:22 -06:00
--env-file ab-nginx.params \
2019-11-13 08:48:17 -07:00
-e SERVER_NAMES = " $HOSTNAMES " \
2019-10-17 18:53:22 -06:00
$vmount \
2019-11-16 15:36:13 -07:00
--network= ${ NETWORK } \
2019-10-17 21:43:28 -06:00
-p ${ HTTP_PORT } :80 \
2019-10-19 17:41:22 -06:00
--restart unless-stopped \
2019-10-18 00:27:01 -06:00
docker.asifbacchus.app/nginx/ab-nginx:latest
2019-10-17 17:13:57 -06:00
fi
# run with TLS1.2
2019-11-16 17:11:07 -07:00
elif [ " $SSL_CERT " ] && [ " $TLS13_ONLY " = 'FALSE' ] ; then
if [ $shell = 'true' ] ; then
2019-10-17 17:13:57 -06:00
# exec shell
printf " ${ cyan } \nRunning SHELL on %s (TLS 1.2)... ${ norm } \n " " $container_name "
docker run --rm -it --name ${ container_name } \
--env-file ab-nginx.params \
2019-11-13 08:48:17 -07:00
-e SERVER_NAMES = " $HOSTNAMES " \
2019-10-17 18:53:22 -06:00
$vmount \
2019-11-16 15:36:13 -07:00
--network= ${ NETWORK } \
2019-10-17 17:13:57 -06:00
-v " $SSL_CERT " :/certs/fullchain.pem:ro \
-v " $SSL_KEY " :/certs/privkey.pem:ro \
-v " $SSL_CHAIN " :/certs/chain.pem:ro \
-v " $DH " :/certs/dhparam.pem:ro \
2019-10-17 21:43:28 -06:00
-p ${ HTTP_PORT } :80 -p ${ HTTPS_PORT } :443 \
2019-10-18 00:27:01 -06:00
docker.asifbacchus.app/nginx/ab-nginx:latest /bin/sh
2019-10-17 17:13:57 -06:00
else
# exec normally
2019-10-17 17:17:04 -06:00
printf " ${ cyan } \nRunning NGINX on %s (TLS 1.2)... ${ norm } \n " " $container_name "
2019-10-19 22:22:00 -06:00
docker run -d --name ${ container_name } \
2019-10-17 17:13:57 -06:00
--env-file ab-nginx.params \
2019-11-13 08:48:17 -07:00
-e SERVER_NAMES = " $HOSTNAMES " \
2019-10-17 18:53:22 -06:00
$vmount \
2019-11-16 15:36:13 -07:00
--network= ${ NETWORK } \
2019-10-17 17:13:57 -06:00
-v " $SSL_CERT " :/certs/fullchain.pem:ro \
-v " $SSL_KEY " :/certs/privkey.pem:ro \
-v " $SSL_CHAIN " :/certs/chain.pem:ro \
-v " $DH " :/certs/dhparam.pem:ro \
2019-10-17 21:43:28 -06:00
-p ${ HTTP_PORT } :80 -p ${ HTTPS_PORT } :443 \
2019-10-19 17:41:22 -06:00
--restart unless-stopped \
2019-10-18 00:27:01 -06:00
docker.asifbacchus.app/nginx/ab-nginx:latest
2019-10-17 17:13:57 -06:00
fi
# run with TLS1.3
2019-11-16 17:11:07 -07:00
elif [ " $SSL_CERT " ] && [ " $TLS13_ONLY " = 'TRUE' ] ; then
if [ $shell = 'true' ] ; then
2019-10-17 17:13:57 -06:00
# exec shell
printf " ${ cyan } \nRunning SHELL on %s (TLS 1.3)... ${ norm } \n " " $container_name "
docker run --rm -it --name ${ container_name } \
--env-file ab-nginx.params \
2019-11-13 08:48:17 -07:00
-e SERVER_NAMES = " $HOSTNAMES " \
2019-10-17 18:53:22 -06:00
$vmount \
2019-11-16 15:36:13 -07:00
--network= ${ NETWORK } \
2019-10-17 17:13:57 -06:00
-v " $SSL_CERT " :/certs/fullchain.pem:ro \
-v " $SSL_KEY " :/certs/privkey.pem:ro \
-v " $SSL_CHAIN " :/certs/chain.pem:ro \
2019-10-17 21:43:28 -06:00
-p ${ HTTP_PORT } :80 -p ${ HTTPS_PORT } :443 \
2019-10-18 00:27:01 -06:00
docker.asifbacchus.app/nginx/ab-nginx:latest /bin/sh
2019-10-17 17:13:57 -06:00
else
# exec normally
2019-10-17 17:17:04 -06:00
printf " ${ cyan } \nRunning NGINX on %s (TLS 1.3)... ${ norm } \n " " $container_name "
2019-10-19 22:22:00 -06:00
docker run -d --name ${ container_name } \
2019-10-17 17:13:57 -06:00
--env-file ab-nginx.params \
2019-11-13 08:48:17 -07:00
-e SERVER_NAMES = " $HOSTNAMES " \
2019-10-17 18:53:22 -06:00
$vmount \
2019-11-16 15:36:13 -07:00
--network= ${ NETWORK } \
2019-10-17 17:13:57 -06:00
-v " $SSL_CERT " :/certs/fullchain.pem:ro \
-v " $SSL_KEY " :/certs/privkey.pem:ro \
-v " $SSL_CHAIN " :/certs/chain.pem:ro \
2019-10-17 21:43:28 -06:00
-p ${ HTTP_PORT } :80 -p ${ HTTPS_PORT } :443 \
2019-10-19 17:41:22 -06:00
--restart unless-stopped \
2019-10-18 00:27:01 -06:00
docker.asifbacchus.app/nginx/ab-nginx:latest
2019-10-17 17:13:57 -06:00
fi
fi
### exit gracefully
2019-10-19 22:22:00 -06:00
exit 0