refactor(helpers): condense TLS section of helper script

Take advantage of container generating DHParams and remove redundant
docker run blocks
This commit is contained in:
Asif Bacchus 2021-07-26 00:49:51 -06:00
parent 1ee8b8bf03
commit b2582b9bad

View File

@ -209,9 +209,10 @@ docker network inspect ${NETWORK} >/dev/null 2>&1 ||
# run without TLS # run without TLS
if [ -z "$SSL_CERT" ]; then if [ -z "$SSL_CERT" ]; then
if [ $shell = 'true' ]; then if [ "$shell" = 'true' ]; then
# exec shell # exec shell
printf "%s\nRunning SHELL on %s...%s\n" "$cyan" "$container_name" "$norm" printf "%s\nRunning SHELL on %s...%s\n" "$cyan" "$container_name" "$norm"
# shellcheck disable=SC2086
docker run --rm -it --name "${container_name}" \ docker run --rm -it --name "${container_name}" \
--env-file ab-nginx.params \ --env-file ab-nginx.params \
-e SERVER_NAMES="$HOSTNAMES" \ -e SERVER_NAMES="$HOSTNAMES" \
@ -222,6 +223,7 @@ if [ -z "$SSL_CERT" ]; then
else else
# exec normally # exec normally
printf "%s\nRunning NGINX on %s...%s\n" "$cyan" "$container_name" "$norm" printf "%s\nRunning NGINX on %s...%s\n" "$cyan" "$container_name" "$norm"
# shellcheck disable=SC2086
docker run -d --name "${container_name}" \ docker run -d --name "${container_name}" \
--env-file ab-nginx.params \ --env-file ab-nginx.params \
-e SERVER_NAMES="$HOSTNAMES" \ -e SERVER_NAMES="$HOSTNAMES" \
@ -231,43 +233,15 @@ if [ -z "$SSL_CERT" ]; then
--restart unless-stopped \ --restart unless-stopped \
docker.asifbacchus.dev/nginx/ab-nginx:latest docker.asifbacchus.dev/nginx/ab-nginx:latest
fi fi
# run with TLS1.2 # run with TLS
elif [ "$SSL_CERT" ] && [ "$TLS13_ONLY" = 'FALSE' ]; then else
if [ $shell = 'true' ]; then if [ "$shell" = 'true' ]; then
# exec shell if [ "$TLS13_ONLY" = 'FALSE' ]; then
printf "%s\nRunning SHELL on %s (TLS 1.2)...%s\n" "$cyan" "$container_name" "$norm" printf "%s\nRunning SHELL on %s (TLS 1.2)...%s\n" "$cyan" "$container_name" "$norm"
docker run --rm -it --name "${container_name}" \
--env-file ab-nginx.params \
-e SERVER_NAMES="$HOSTNAMES" \
$vmount \
--network=${NETWORK} \
-v "$SSL_CERT":/certs/fullchain.pem:ro \
-v "$SSL_KEY":/certs/privkey.pem:ro \
-v "$SSL_CHAIN":/certs/chain.pem:ro \
-v "$DH":/certs/dhparam.pem:ro \
-p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \
docker.asifbacchus.dev/nginx/ab-nginx:latest /bin/sh
else else
# exec normally
printf "%s\nRunning NGINX on %s (TLS 1.2)...%s\n" "$cyan" "$container_name" "$norm"
docker run -d --name "${container_name}" \
--env-file ab-nginx.params \
-e SERVER_NAMES="$HOSTNAMES" \
$vmount \
--network=${NETWORK} \
-v "$SSL_CERT":/certs/fullchain.pem:ro \
-v "$SSL_KEY":/certs/privkey.pem:ro \
-v "$SSL_CHAIN":/certs/chain.pem:ro \
-v "$DH":/certs/dhparam.pem:ro \
-p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \
--restart unless-stopped \
docker.asifbacchus.dev/nginx/ab-nginx:latest
fi
# run with TLS1.3
elif [ "$SSL_CERT" ] && [ "$TLS13_ONLY" = 'TRUE' ]; then
if [ $shell = 'true' ]; then
# exec shell
printf "%s\nRunning SHELL on %s (TLS 1.3)...%s\n" "$cyan" "$container_name" "$norm" printf "%s\nRunning SHELL on %s (TLS 1.3)...%s\n" "$cyan" "$container_name" "$norm"
fi
# shellcheck disable=SC2086
docker run --rm -it --name "${container_name}" \ docker run --rm -it --name "${container_name}" \
--env-file ab-nginx.params \ --env-file ab-nginx.params \
-e SERVER_NAMES="$HOSTNAMES" \ -e SERVER_NAMES="$HOSTNAMES" \
@ -279,8 +253,12 @@ elif [ "$SSL_CERT" ] && [ "$TLS13_ONLY" = 'TRUE' ]; then
-p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \ -p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \
docker.asifbacchus.dev/nginx/ab-nginx:latest /bin/sh docker.asifbacchus.dev/nginx/ab-nginx:latest /bin/sh
else else
# exec normally if [ "$TLS13_ONLY" = 'FALSE' ]; then
printf "%s\nRunning NGINX on %s (TLS 1.2)...%s\n" "$cyan" "$container_name" "$norm"
else
printf "%s\nRunning NGINX on %s (TLS 1.3)...%s\n" "$cyan" "$container_name" "$norm" printf "%s\nRunning NGINX on %s (TLS 1.3)...%s\n" "$cyan" "$container_name" "$norm"
fi
# shellcheck disable=SC2086
docker run -d --name "${container_name}" \ docker run -d --name "${container_name}" \
--env-file ab-nginx.params \ --env-file ab-nginx.params \
-e SERVER_NAMES="$HOSTNAMES" \ -e SERVER_NAMES="$HOSTNAMES" \