ab-docker/ab-nginx
1
0
Fork 0
Code Issues Pull Requests Releases 7 Wiki Activity

refactor(SCRIPT): rework ssl implementation

Browse Source 
- restart: prevent unnecessary error messages from already renamed files
This commit is contained in:
Asif Bacchus 2021-01-06 02:31:18 -07:00
parent 1a1df53175
commit 942a855ffa
1 changed files with 61 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
build/entrypoint.sh
View File

@ -46,52 +46,79 @@ fi
if [ "$HSTS" = 'TRUE' ]; then if [ "$HSTS" = 'TRUE' ]; then
printf "Activating HSTS configuration... " printf "Activating HSTS configuration... "
sed -i -e "s/^#add_header/add_header/" \ sed -i -e "s/^#add_header/add_header/" \
/etc/nginx/ssl-config/mozIntermediate_ssl.conf.disabled /etc/nginx/ssl-config/moz*
sed -i -e "s/^#add_header/add_header/" \
/etc/nginx/ssl-config/mozModern_ssl.conf.disabled
printf "done\n" printf "done\n"
fi fi
# activate SSL configuration as appropriate and only if certs exist # check whether TLS should be activated
if [ "$TLS13_ONLY" = 'FALSE' ]; then if [ -f "/certs/fullchain.pem" ]; then
if [ -f "/certs/fullchain.pem" ] && \ # activate SSL configuration as appropriate and only if certs exist
[ -f "/certs/privkey.pem" ] && \ if [ "$TLS13_ONLY" = 'FALSE' ]; then
[ -f "/certs/chain.pem" ] && \ if [ -f "/certs/fullchain.pem" ] && [ -f "/certs/privkey.pem" ] && [ -f "/certs/chain.pem" ] && [ -f "/certs/dhparam.pem" ]; then
[ -f "/certs/dhparam.pem" ]; then
printf "Certificates found. Securing deployment using TLS 1.2\n" printf "Certificates found. Securing deployment using TLS 1.2\n"
# activate shared SSL configuration file # activate shared SSL configuration file
mv /etc/nginx/ssl-config/mozIntermediate_ssl.conf.disabled \ if [ -f "/etc/nginx/ssl-config/mozIntermediate_ssl.conf.disabled" ]; then
/etc/nginx/ssl-config/mozIntermediate_ssl.conf mv /etc/nginx/ssl-config/mozIntermediate_ssl.conf.disabled \
/etc/nginx/ssl-config/mozIntermediate_ssl.conf
if [ -f "/etc/nginx/sites/note" ]; then
# activate SSL test server block & deactivate normal one
mv /etc/nginx/sites/05-test_secured.conf.disabled \
/etc/nginx/sites/05-test_secured.conf
mv /etc/nginx/sites/05-test_nonsecured.conf \
/etc/nginx/sites/05-test_nonsecured.conf.disabled
fi fi
fi if [ -f "/etc/nginx/ssl-config/mozModern_ssl.conf" ]; then
elif [ "$TLS13_ONLY" = 'TRUE' ]; then mv /etc/nginx/ssl-config/mozModern_ssl.conf \
if [ -f "/certs/fullchain.pem" ] && \ /etc/nginx/ssl-config/mozModern_ssl.conf.disabled
[ -f "/certs/privkey.pem" ] && \ fi
[ -f "/certs/chain.pem" ]; then
# if using default setup, activate secured server block
if [ -f "/etc/nginx/sites/note" ]; then
if [ -f "/etc/nginx/sites/05-test_secured.conf.disabled" ]; then
mv /etc/nginx/sites/05-test_secured.conf.disabled \
/etc/nginx/sites/05-test_secured.conf
fi
if [ -f "/etc/nginx/sites/05-test_nonsecured.conf" ]; then
mv /etc/nginx/sites/05-test_nonsecured.conf \
/etc/nginx/sites/05-test_nonsecured.conf.disabled
fi
fi
fi
elif [ "$TLS13_ONLY" = 'TRUE' ]; then
if [ -f "/certs/fullchain.pem" ] && [ -f "/certs/privkey.pem" ] && [ -f "/certs/chain.pem" ]; then
printf "Certificates found. Securing deployment using TLS 1.3\n" printf "Certificates found. Securing deployment using TLS 1.3\n"
# activate shared SSL configuration file # activate shared SSL configuration file
mv /etc/nginx/ssl-config/mozModern_ssl.conf.disabled \ if [ -f "/etc/nginx/ssl-config/mozModern_ssl.conf.disabled" ]; then
/etc/nginx/ssl-config/mozModern_ssl.conf mv /etc/nginx/ssl-config/mozModern_ssl.conf.disabled \
/etc/nginx/ssl-config/mozModern_ssl.conf
if [ -f "/etc/nginx/sites/note" ]; then
# activate SSL test server block & deactivate normal one
mv /etc/nginx/sites/05-test_secured.conf.disabled \
/etc/nginx/sites/05-test_secured.conf
mv /etc/nginx/sites/05-test_nonsecured.conf \
/etc/nginx/sites/05-test_nonsecured.conf.disabled
fi fi
if [ -f "/etc/nginx/ssl-config/mozIntermediate_ssl.conf" ]; then
mv /etc/nginx/ssl-config/mozIntermediate_ssl.conf \
/etc/nginx/ssl-config/mozIntermediate_ssl.conf.disabled
fi
# if using default setup, activate secure server block
if [ -f "/etc/nginx/sites/note" ]; then
if [ -f "/etc/nginx/sites/05-test_secured.conf.disabled" ]; then
mv /etc/nginx/sites/05-test_secured.conf.disabled \
/etc/nginx/sites/05-test_secured.conf
fi
if [ -f "/etc/nginx/sites/05-test_nonsecured.conf" ]; then
mv /etc/nginx/sites/05-test_nonsecured.conf \
/etc/nginx/sites/05-test_nonsecured.conf.disabled
fi
fi
fi
fi
else
# ensure SSL configurations are disabled
mv /etc/nginx/ssl-config/*.conf /etc/nginx/ssl-config/*.conf.disabled
# if using default setup, ensure secure server block disabled
if [ -f "/etc/nginx/sites/note" ]; then
if [ -f "/etc/nginx/sites/05-test_secured.conf" ]; then
mv /etc/nginx/sites/05-test_secured.conf /etc/nginx/sites/05-test_secured.conf.disabled
fi
if [ -f "/etc/nginx/sites/05-test_nonsecured.conf.disabled" ]; then
mv /etc/nginx/sites/05-test_nonsecured.conf.disabled /etc/nginx/sites/05-test_nonsecured.conf
fi
fi fi
fi fi
# execute commands passed to this container # execute commands passed to this container
printf "\nSetup complete...Container ready...\n" printf "\nSetup complete...Container ready...\n"
exec "$@" exec "$@"