From a4a20ad471ad361377276debf2983e532c073297 Mon Sep 17 00:00:00 2001
From: Asif Bacchus <asif@linuxprogramming.test.bacchus.network>
Date: Thu, 17 Oct 2019 00:37:01 -0600
Subject: [PATCH] update configuration files with env vars

---
 build/entrypoint.sh | 51 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)

diff --git a/build/entrypoint.sh b/build/entrypoint.sh
index 7056733..afbd4e2 100644
--- a/build/entrypoint.sh
+++ b/build/entrypoint.sh
@@ -4,6 +4,57 @@
 ### ab-nginx entrypoint script
 #
 
+### update configuration files with environment variables
+# update server name list
+printf "\nUpdating server name list... "
+sed -i -e "s%<SERVER_NAMES>%${SERVER_NAMES}%" /etc/nginx/server_names.conf
+printf "done\n"
+
+# activate HSTS
+if [ "$HSTS" -eq TRUE ]; then
+    printf "Activating HSTS configuration... "
+    sed -i -e "s/^#add_header/add_header/" \
+        /etc/nginx/config/mozIntermediate_ssl.conf.disabled
+    sed -i -e "s/^#add_header/add_header/" \
+        /etc/nginx/config/mozModern_ssl.conf.disabled
+    printf "done\n"
+fi
+
+# activate SSL configuration as appropraite and only if certs exist
+if [ "$TLS13_ONLY" = FALSE ]; then
+    if [ -f "/certs/fullchain.pem" ] && \
+        [ -f "/certs/privkey.pem" ] && \
+        [ -f "/certs/chain.pem" ] && \
+        [ -f "/certs/dhparam.pem" ]; then
+            printf "Certificates found. Securing deployment using TLS 1.2\n"
+
+            # activate shared SSL configuration file
+            mv /etc/nginx/config/mozIntermediate_ssl.conf.disabled \
+                /etc/nginx/config/mozIntermediate_ssl.conf
+            
+            # activate SSL test server block if it exists
+            if [ -f "/etc/nginx/sites/05-test-secured.conf" ]; then
+                mv /etc/nginx/sites/05-test-secured.conf.disabled \
+                    /etc/nginx/sites/05-test-secured.conf
+            fi
+    fi
+elif [ "$TLS13_ONLY" = TRUE ]; then
+    if [ -f "/certs/fullchain.pem" ] && \
+        [ -f "/certs/privkey.pem" ] && \
+        [ -f "/certs/chain.pem" ]; then
+            printf "Certificates found. Securing deployment using TLS 1.3\n"
+
+            # activate shared SSL configuration file
+            mv /etc/nginx/config/mozModern_ssl.conf.disabled \
+                /etc/nginx/config/mozModern_ssl.conf
+            
+            # activate SSL test server block if it exists
+            if [ -f "/etc/nginx/sites/05-test-secured.conf" ]; then
+                mv /etc/nginx/sites/05-test-secured.conf.disabled \
+                    /etc/nginx/sites/05-test-secured.conf
+            fi
+    fi
+fi
 
 # execute commands passed to this container
 exec "$@"