diff --git a/ab-nginx.sh b/ab-nginx.sh index 14269c5..08e9272 100755 --- a/ab-nginx.sh +++ b/ab-nginx.sh @@ -15,6 +15,8 @@ yellow=$(tput setaf 3) ### parameter defaults container_name="ab-nginx" shell=false +HTTP_PORT=80 +HTTPS_PORT=443 unset CONFIG_DIR unset WEBROOT_DIR unset vmount @@ -159,7 +161,7 @@ if [ -z "$SSL_CERT" ]; then docker run --rm -it --name ${container_name} \ --env-file ab-nginx.params \ $vmount \ - -p 80:80 \ + -p ${HTTP_PORT}:80 \ ab-nginx:testing /bin/sh else # exec normally @@ -167,7 +169,7 @@ if [ -z "$SSL_CERT" ]; then docker run --rm -d --name ${container_name} \ --env-file ab-nginx.params \ $vmount \ - -p 80:80 \ + -p ${HTTP_PORT}:80 \ ab-nginx:testing fi # run with TLS1.2 @@ -182,7 +184,7 @@ elif [ "$SSL_CERT" ] && [ "$TLS13_ONLY" = FALSE ]; then -v "$SSL_KEY":/certs/privkey.pem:ro \ -v "$SSL_CHAIN":/certs/chain.pem:ro \ -v "$DH":/certs/dhparam.pem:ro \ - -p 80:80 -p 443:443 \ + -p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \ ab-nginx:testing /bin/sh else # exec normally @@ -194,7 +196,7 @@ elif [ "$SSL_CERT" ] && [ "$TLS13_ONLY" = FALSE ]; then -v "$SSL_KEY":/certs/privkey.pem:ro \ -v "$SSL_CHAIN":/certs/chain.pem:ro \ -v "$DH":/certs/dhparam.pem:ro \ - -p 80:80 -p 443:443 \ + -p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \ ab-nginx:testing fi # run with TLS1.3 @@ -208,7 +210,7 @@ elif [ "$SSL_CERT" ] && [ "$TLS13_ONLY" = TRUE ]; then -v "$SSL_CERT":/certs/fullchain.pem:ro \ -v "$SSL_KEY":/certs/privkey.pem:ro \ -v "$SSL_CHAIN":/certs/chain.pem:ro \ - -p 80:80 -p 443:443 \ + -p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \ ab-nginx:testing /bin/sh else # exec normally @@ -219,7 +221,7 @@ elif [ "$SSL_CERT" ] && [ "$TLS13_ONLY" = TRUE ]; then -v "$SSL_CERT":/certs/fullchain.pem:ro \ -v "$SSL_KEY":/certs/privkey.pem:ro \ -v "$SSL_CHAIN":/certs/chain.pem:ro \ - -p 80:80 -p 443:443 \ + -p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \ ab-nginx:testing fi fi diff --git a/build/entrypoint.sh b/build/entrypoint.sh index cc3ab26..b097dea 100755 --- a/build/entrypoint.sh +++ b/build/entrypoint.sh @@ -10,6 +10,12 @@ printf "\nUpdating server name list... " sed -i -e "s%%${SERVER_NAMES}%" /etc/nginx/server_names.conf printf "done\n" +# update HTTPS redirect port if SSL server test block exists +if [ -f "/etc/nginx/sites/note" ]; then + printf "\nUpdating port redirects...\n" + sed -i -e "s%%${HTTPS_PORT}%" /etc/nginx/sites/05-test_secured.conf.disabled +fi + # activate HSTS if [ "$HSTS" = TRUE ]; then printf "Activating HSTS configuration... " diff --git a/build/sites/05-test_secured.conf.disabled b/build/sites/05-test_secured.conf.disabled index a66cf1a..24a4665 100644 --- a/build/sites/05-test_secured.conf.disabled +++ b/build/sites/05-test_secured.conf.disabled @@ -6,7 +6,7 @@ server { # default redirect to properly formed HTTPS location location / { - return 301 https://$host$request_uri; + return 301 https://$host:$request_uri; } # process Let's Encrypt challenges