2019-10-16 23:44:47 -06:00
|
|
|
#!/bin/sh
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
### ab-nginx entrypoint script
|
|
|
|
|
#
|
|
|
|
|
|
2019-10-17 00:37:01 -06:00
|
|
|
### update configuration files with environment variables
|
|
|
|
|
# update server name list
|
|
|
|
|
printf "\nUpdating server name list... "
|
|
|
|
|
sed -i -e "s%<SERVER_NAMES>%${SERVER_NAMES}%" /etc/nginx/server_names.conf
|
|
|
|
|
printf "done\n"
|
|
|
|
|
|
2019-10-17 21:43:28 -06:00
|
|
|
# update HTTPS redirect port if SSL server test block exists
|
|
|
|
|
if [ -f "/etc/nginx/sites/note" ]; then
|
|
|
|
|
printf "\nUpdating port redirects...\n"
|
|
|
|
|
sed -i -e "s%<HTTPS_PORT>%${HTTPS_PORT}%" /etc/nginx/sites/05-test_secured.conf.disabled
|
|
|
|
|
fi
|
|
|
|
|
|
2019-10-17 00:37:01 -06:00
|
|
|
# activate HSTS
|
2019-10-17 00:41:15 -06:00
|
|
|
if [ "$HSTS" = TRUE ]; then
|
2019-10-17 00:37:01 -06:00
|
|
|
printf "Activating HSTS configuration... "
|
|
|
|
|
sed -i -e "s/^#add_header/add_header/" \
|
2019-10-17 16:30:35 -06:00
|
|
|
/etc/nginx/ssl-config/mozIntermediate_ssl.conf.disabled
|
2019-10-17 00:37:01 -06:00
|
|
|
sed -i -e "s/^#add_header/add_header/" \
|
2019-10-17 16:30:35 -06:00
|
|
|
/etc/nginx/ssl-config/mozModern_ssl.conf.disabled
|
2019-10-17 00:37:01 -06:00
|
|
|
printf "done\n"
|
|
|
|
|
fi
|
|
|
|
|
|
2019-10-17 01:31:52 -06:00
|
|
|
# activate SSL configuration as appropriate and only if certs exist
|
2019-10-17 00:37:01 -06:00
|
|
|
if [ "$TLS13_ONLY" = FALSE ]; then
|
|
|
|
|
if [ -f "/certs/fullchain.pem" ] && \
|
|
|
|
|
[ -f "/certs/privkey.pem" ] && \
|
|
|
|
|
[ -f "/certs/chain.pem" ] && \
|
|
|
|
|
[ -f "/certs/dhparam.pem" ]; then
|
|
|
|
|
printf "Certificates found. Securing deployment using TLS 1.2\n"
|
|
|
|
|
|
|
|
|
|
# activate shared SSL configuration file
|
2019-10-17 16:30:35 -06:00
|
|
|
mv /etc/nginx/ssl-config/mozIntermediate_ssl.conf.disabled \
|
|
|
|
|
/etc/nginx/ssl-config/mozIntermediate_ssl.conf
|
2019-10-17 00:37:01 -06:00
|
|
|
|
2019-10-17 16:27:59 -06:00
|
|
|
if [ -f "/etc/nginx/sites/note" ]; then
|
|
|
|
|
# activate SSL test server block & deactivate normal one
|
2019-10-17 16:12:19 -06:00
|
|
|
mv /etc/nginx/sites/05-test_secured.conf.disabled \
|
|
|
|
|
/etc/nginx/sites/05-test_secured.conf
|
2019-10-17 16:17:16 -06:00
|
|
|
mv /etc/nginx/sites/05-test_nonsecured.conf \
|
|
|
|
|
/etc/nginx/sites/05-test_nonsecured.conf.disabled
|
|
|
|
|
fi
|
2019-10-17 00:37:01 -06:00
|
|
|
fi
|
|
|
|
|
elif [ "$TLS13_ONLY" = TRUE ]; then
|
|
|
|
|
if [ -f "/certs/fullchain.pem" ] && \
|
|
|
|
|
[ -f "/certs/privkey.pem" ] && \
|
|
|
|
|
[ -f "/certs/chain.pem" ]; then
|
|
|
|
|
printf "Certificates found. Securing deployment using TLS 1.3\n"
|
|
|
|
|
|
|
|
|
|
# activate shared SSL configuration file
|
2019-10-17 16:30:35 -06:00
|
|
|
mv /etc/nginx/ssl-config/mozModern_ssl.conf.disabled \
|
|
|
|
|
/etc/nginx/ssl-config/mozModern_ssl.conf
|
2019-10-17 00:37:01 -06:00
|
|
|
|
2019-10-17 16:27:59 -06:00
|
|
|
if [ -f "/etc/nginx/sites/note" ]; then
|
|
|
|
|
# activate SSL test server block & deactivate normal one
|
2019-10-17 16:12:19 -06:00
|
|
|
mv /etc/nginx/sites/05-test_secured.conf.disabled \
|
|
|
|
|
/etc/nginx/sites/05-test_secured.conf
|
2019-10-17 16:17:16 -06:00
|
|
|
mv /etc/nginx/sites/05-test_nonsecured.conf \
|
|
|
|
|
/etc/nginx/sites/05-test_nonsecured.conf.disabled
|
|
|
|
|
fi
|
2019-10-17 00:37:01 -06:00
|
|
|
fi
|
|
|
|
|
fi
|
2019-10-16 23:44:47 -06:00
|
|
|
|
|
|
|
|
# execute commands passed to this container
|
|
|
|
|
exec "$@"
|
|
|
|
|
|
|
|
|
|
#EOF
|
