ab-nginx/build/entrypoint.sh

#!/bin/sh

#
### ab-nginx entrypoint script
#

convertCase () {
    lc=$( echo "$1" | tr "[:lower:]" "[:upper:]")
    return "$lc"
}

# convert environment variables to UPPERCASE for proper string comparison
export ACCESS_LOG=$(convertCase "$ACCESS_LOG")
export HSTS=$(convertCase "$HSTS")
export TLS13_ONLY=$(convertCase "$TLS13_ONLY")

### update configuration files with environment variables
# update server name list
printf "\nUpdating server name list... "
sed -i -e "s%<SERVER_NAMES>%${SERVER_NAMES}%" /etc/nginx/server_names.conf
printf "done\n"

# update access log global preference
if [ "$ACCESS_LOG" = 'OFF' ]; then
    printf "Turning access log OFF... "
    sed -i -e "s%<ACCESS_LOG_SETTING>%OFF%" /etc/nginx/nginx.conf
    printf "done\n"
elif [ "$ACCESS_LOG" = 'ON' ]; then
    printf "Turning access log ON... "
    sed -i -e "s%<ACCESS_LOG_SETTING>%/var/log/nginx/access.log combined%" /etc/nginx/nginx.conf
    printf "done\n"
fi

# update HTTPS redirect port if SSL server test block exists
if [ -f "/etc/nginx/sites/note" ]; then
    printf "Updating port redirects... "
    sed -i -e "s%<HTTPS_PORT>%${HTTPS_PORT}%" /etc/nginx/sites/05-test_secured.conf.disabled
    printf "done\n"
fi

# activate HSTS
if [ "$HSTS" = 'TRUE' ]; then
    printf "Activating HSTS configuration... "
    sed -i -e "s/^#add_header/add_header/" \
        /etc/nginx/ssl-config/mozIntermediate_ssl.conf.disabled
    sed -i -e "s/^#add_header/add_header/" \
        /etc/nginx/ssl-config/mozModern_ssl.conf.disabled
    printf "done\n"
fi

# activate SSL configuration as appropriate and only if certs exist
if [ "$TLS13_ONLY" = 'FALSE' ]; then
    if [ -f "/certs/fullchain.pem" ] && \
        [ -f "/certs/privkey.pem" ] && \
        [ -f "/certs/chain.pem" ] && \
        [ -f "/certs/dhparam.pem" ]; then
            printf "Certificates found. Securing deployment using TLS 1.2\n"

            # activate shared SSL configuration file
            mv /etc/nginx/ssl-config/mozIntermediate_ssl.conf.disabled \
                /etc/nginx/ssl-config/mozIntermediate_ssl.conf
            
            if [ -f "/etc/nginx/sites/note" ]; then
                # activate SSL test server block & deactivate normal one
                mv /etc/nginx/sites/05-test_secured.conf.disabled \
                    /etc/nginx/sites/05-test_secured.conf
                mv /etc/nginx/sites/05-test_nonsecured.conf \
                    /etc/nginx/sites/05-test_nonsecured.conf.disabled
            fi
    fi
elif [ "$TLS13_ONLY" = 'TRUE' ]; then
    if [ -f "/certs/fullchain.pem" ] && \
        [ -f "/certs/privkey.pem" ] && \
        [ -f "/certs/chain.pem" ]; then
            printf "Certificates found. Securing deployment using TLS 1.3\n"

            # activate shared SSL configuration file
            mv /etc/nginx/ssl-config/mozModern_ssl.conf.disabled \
                /etc/nginx/ssl-config/mozModern_ssl.conf
            
            if [ -f "/etc/nginx/sites/note" ]; then
                # activate SSL test server block & deactivate normal one
                mv /etc/nginx/sites/05-test_secured.conf.disabled \
                    /etc/nginx/sites/05-test_secured.conf
                mv /etc/nginx/sites/05-test_nonsecured.conf \
                    /etc/nginx/sites/05-test_nonsecured.conf.disabled
            fi
    fi
fi

# execute commands passed to this container
printf "\nSetup complete...Container ready...\n"
exec "$@"

#EOF
initial commit - skeleton setup 2019-10-16 23:44:47 -06:00			`#!/bin/sh`

			`#`
			`### ab-nginx entrypoint script`
			`#`

env vars to ucase, params file case insensitive 2019-11-16 16:33:57 -07:00			`convertCase () {`
			`lc=$( echo "$1" \| tr "[:lower:]" "[:upper:]")`
			`return "$lc"`
			`}`

			`# convert environment variables to UPPERCASE for proper string comparison`
export case consistent env vars 2019-11-16 17:33:25 -07:00			`export ACCESS_LOG=$(convertCase "$ACCESS_LOG")`
			`export HSTS=$(convertCase "$HSTS")`
			`export TLS13_ONLY=$(convertCase "$TLS13_ONLY")`
env vars to ucase, params file case insensitive 2019-11-16 16:33:57 -07:00
update configuration files with env vars 2019-10-17 00:37:01 -06:00			`### update configuration files with environment variables`
			`# update server name list`
			`printf "\nUpdating server name list... "`
			`sed -i -e "s%<SERVER_NAMES>%${SERVER_NAMES}%" /etc/nginx/server_names.conf`
			`printf "done\n"`

add option to turn on access log 2019-10-18 01:53:20 -06:00			`# update access log global preference`
env vars to ucase, params file case insensitive 2019-11-16 16:33:57 -07:00			`if [ "$ACCESS_LOG" = 'OFF' ]; then`
more console output cleanup 2019-10-18 02:01:47 -06:00			`printf "Turning access log OFF... "`
add option to turn on access log 2019-10-18 01:53:20 -06:00			`sed -i -e "s%<ACCESS_LOG_SETTING>%OFF%" /etc/nginx/nginx.conf`
			`printf "done\n"`
env vars to ucase, params file case insensitive 2019-11-16 16:33:57 -07:00			`elif [ "$ACCESS_LOG" = 'ON' ]; then`
more console output cleanup 2019-10-18 02:01:47 -06:00			`printf "Turning access log ON... "`
add option to turn on access log 2019-10-18 01:53:20 -06:00			`sed -i -e "s%<ACCESS_LOG_SETTING>%/var/log/nginx/access.log combined%" /etc/nginx/nginx.conf`
			`printf "done\n"`
			`fi`

allow custom ports from params file 2019-10-17 21:43:28 -06:00			`# update HTTPS redirect port if SSL server test block exists`
			`if [ -f "/etc/nginx/sites/note" ]; then`
more console output cleanup 2019-10-18 02:01:47 -06:00			`printf "Updating port redirects... "`
allow custom ports from params file 2019-10-17 21:43:28 -06:00			`sed -i -e "s%<HTTPS_PORT>%${HTTPS_PORT}%" /etc/nginx/sites/05-test_secured.conf.disabled`
cleanup console output 2019-10-18 01:55:50 -06:00			`printf "done\n"`
allow custom ports from params file 2019-10-17 21:43:28 -06:00			`fi`

update configuration files with env vars 2019-10-17 00:37:01 -06:00			`# activate HSTS`
env vars to ucase, params file case insensitive 2019-11-16 16:33:57 -07:00			`if [ "$HSTS" = 'TRUE' ]; then`
update configuration files with env vars 2019-10-17 00:37:01 -06:00			`printf "Activating HSTS configuration... "`
			`sed -i -e "s/^#add_header/add_header/" \`
isolate SSL config from user configs 2019-10-17 16:30:35 -06:00			`/etc/nginx/ssl-config/mozIntermediate_ssl.conf.disabled`
update configuration files with env vars 2019-10-17 00:37:01 -06:00			`sed -i -e "s/^#add_header/add_header/" \`
isolate SSL config from user configs 2019-10-17 16:30:35 -06:00			`/etc/nginx/ssl-config/mozModern_ssl.conf.disabled`
update configuration files with env vars 2019-10-17 00:37:01 -06:00			`printf "done\n"`
			`fi`

fix comment typo 2019-10-17 01:31:52 -06:00			`# activate SSL configuration as appropriate and only if certs exist`
env vars to ucase, params file case insensitive 2019-11-16 16:33:57 -07:00			`if [ "$TLS13_ONLY" = 'FALSE' ]; then`
update configuration files with env vars 2019-10-17 00:37:01 -06:00			`if [ -f "/certs/fullchain.pem" ] && \`
			`[ -f "/certs/privkey.pem" ] && \`
			`[ -f "/certs/chain.pem" ] && \`
			`[ -f "/certs/dhparam.pem" ]; then`
			`printf "Certificates found. Securing deployment using TLS 1.2\n"`

			`# activate shared SSL configuration file`
isolate SSL config from user configs 2019-10-17 16:30:35 -06:00			`mv /etc/nginx/ssl-config/mozIntermediate_ssl.conf.disabled \`
			`/etc/nginx/ssl-config/mozIntermediate_ssl.conf`
update configuration files with env vars 2019-10-17 00:37:01 -06:00
fix multiple errors switching test server blocks 2019-10-17 16:27:59 -06:00			`if [ -f "/etc/nginx/sites/note" ]; then`
			`# activate SSL test server block & deactivate normal one`
fix filename typo 2019-10-17 16:12:19 -06:00			`mv /etc/nginx/sites/05-test_secured.conf.disabled \`
			`/etc/nginx/sites/05-test_secured.conf`
deactivate standard test page when SSL active 2019-10-17 16:17:16 -06:00			`mv /etc/nginx/sites/05-test_nonsecured.conf \`
			`/etc/nginx/sites/05-test_nonsecured.conf.disabled`
			`fi`
update configuration files with env vars 2019-10-17 00:37:01 -06:00			`fi`
env vars to ucase, params file case insensitive 2019-11-16 16:33:57 -07:00			`elif [ "$TLS13_ONLY" = 'TRUE' ]; then`
update configuration files with env vars 2019-10-17 00:37:01 -06:00			`if [ -f "/certs/fullchain.pem" ] && \`
			`[ -f "/certs/privkey.pem" ] && \`
			`[ -f "/certs/chain.pem" ]; then`
			`printf "Certificates found. Securing deployment using TLS 1.3\n"`

			`# activate shared SSL configuration file`
isolate SSL config from user configs 2019-10-17 16:30:35 -06:00			`mv /etc/nginx/ssl-config/mozModern_ssl.conf.disabled \`
			`/etc/nginx/ssl-config/mozModern_ssl.conf`
update configuration files with env vars 2019-10-17 00:37:01 -06:00
fix multiple errors switching test server blocks 2019-10-17 16:27:59 -06:00			`if [ -f "/etc/nginx/sites/note" ]; then`
			`# activate SSL test server block & deactivate normal one`
fix filename typo 2019-10-17 16:12:19 -06:00			`mv /etc/nginx/sites/05-test_secured.conf.disabled \`
			`/etc/nginx/sites/05-test_secured.conf`
deactivate standard test page when SSL active 2019-10-17 16:17:16 -06:00			`mv /etc/nginx/sites/05-test_nonsecured.conf \`
			`/etc/nginx/sites/05-test_nonsecured.conf.disabled`
			`fi`
update configuration files with env vars 2019-10-17 00:37:01 -06:00			`fi`
			`fi`
initial commit - skeleton setup 2019-10-16 23:44:47 -06:00
			`# execute commands passed to this container`
cleanup console output 2019-10-18 01:55:50 -06:00			`printf "\nSetup complete...Container ready...\n"`
initial commit - skeleton setup 2019-10-16 23:44:47 -06:00			`exec "$@"`

			`#EOF`