refactor(helpers): condense TLS section of helper script
Take advantage of container generating DHParams and remove redundant docker run blocks
This commit is contained in:
parent
1ee8b8bf03
commit
b2582b9bad
@ -209,9 +209,10 @@ docker network inspect ${NETWORK} >/dev/null 2>&1 ||
|
|||||||
|
|
||||||
# run without TLS
|
# run without TLS
|
||||||
if [ -z "$SSL_CERT" ]; then
|
if [ -z "$SSL_CERT" ]; then
|
||||||
if [ $shell = 'true' ]; then
|
if [ "$shell" = 'true' ]; then
|
||||||
# exec shell
|
# exec shell
|
||||||
printf "%s\nRunning SHELL on %s...%s\n" "$cyan" "$container_name" "$norm"
|
printf "%s\nRunning SHELL on %s...%s\n" "$cyan" "$container_name" "$norm"
|
||||||
|
# shellcheck disable=SC2086
|
||||||
docker run --rm -it --name "${container_name}" \
|
docker run --rm -it --name "${container_name}" \
|
||||||
--env-file ab-nginx.params \
|
--env-file ab-nginx.params \
|
||||||
-e SERVER_NAMES="$HOSTNAMES" \
|
-e SERVER_NAMES="$HOSTNAMES" \
|
||||||
@ -222,6 +223,7 @@ if [ -z "$SSL_CERT" ]; then
|
|||||||
else
|
else
|
||||||
# exec normally
|
# exec normally
|
||||||
printf "%s\nRunning NGINX on %s...%s\n" "$cyan" "$container_name" "$norm"
|
printf "%s\nRunning NGINX on %s...%s\n" "$cyan" "$container_name" "$norm"
|
||||||
|
# shellcheck disable=SC2086
|
||||||
docker run -d --name "${container_name}" \
|
docker run -d --name "${container_name}" \
|
||||||
--env-file ab-nginx.params \
|
--env-file ab-nginx.params \
|
||||||
-e SERVER_NAMES="$HOSTNAMES" \
|
-e SERVER_NAMES="$HOSTNAMES" \
|
||||||
@ -231,43 +233,15 @@ if [ -z "$SSL_CERT" ]; then
|
|||||||
--restart unless-stopped \
|
--restart unless-stopped \
|
||||||
docker.asifbacchus.dev/nginx/ab-nginx:latest
|
docker.asifbacchus.dev/nginx/ab-nginx:latest
|
||||||
fi
|
fi
|
||||||
# run with TLS1.2
|
# run with TLS
|
||||||
elif [ "$SSL_CERT" ] && [ "$TLS13_ONLY" = 'FALSE' ]; then
|
else
|
||||||
if [ $shell = 'true' ]; then
|
if [ "$shell" = 'true' ]; then
|
||||||
# exec shell
|
if [ "$TLS13_ONLY" = 'FALSE' ]; then
|
||||||
printf "%s\nRunning SHELL on %s (TLS 1.2)...%s\n" "$cyan" "$container_name" "$norm"
|
printf "%s\nRunning SHELL on %s (TLS 1.2)...%s\n" "$cyan" "$container_name" "$norm"
|
||||||
docker run --rm -it --name "${container_name}" \
|
|
||||||
--env-file ab-nginx.params \
|
|
||||||
-e SERVER_NAMES="$HOSTNAMES" \
|
|
||||||
$vmount \
|
|
||||||
--network=${NETWORK} \
|
|
||||||
-v "$SSL_CERT":/certs/fullchain.pem:ro \
|
|
||||||
-v "$SSL_KEY":/certs/privkey.pem:ro \
|
|
||||||
-v "$SSL_CHAIN":/certs/chain.pem:ro \
|
|
||||||
-v "$DH":/certs/dhparam.pem:ro \
|
|
||||||
-p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \
|
|
||||||
docker.asifbacchus.dev/nginx/ab-nginx:latest /bin/sh
|
|
||||||
else
|
else
|
||||||
# exec normally
|
|
||||||
printf "%s\nRunning NGINX on %s (TLS 1.2)...%s\n" "$cyan" "$container_name" "$norm"
|
|
||||||
docker run -d --name "${container_name}" \
|
|
||||||
--env-file ab-nginx.params \
|
|
||||||
-e SERVER_NAMES="$HOSTNAMES" \
|
|
||||||
$vmount \
|
|
||||||
--network=${NETWORK} \
|
|
||||||
-v "$SSL_CERT":/certs/fullchain.pem:ro \
|
|
||||||
-v "$SSL_KEY":/certs/privkey.pem:ro \
|
|
||||||
-v "$SSL_CHAIN":/certs/chain.pem:ro \
|
|
||||||
-v "$DH":/certs/dhparam.pem:ro \
|
|
||||||
-p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \
|
|
||||||
--restart unless-stopped \
|
|
||||||
docker.asifbacchus.dev/nginx/ab-nginx:latest
|
|
||||||
fi
|
|
||||||
# run with TLS1.3
|
|
||||||
elif [ "$SSL_CERT" ] && [ "$TLS13_ONLY" = 'TRUE' ]; then
|
|
||||||
if [ $shell = 'true' ]; then
|
|
||||||
# exec shell
|
|
||||||
printf "%s\nRunning SHELL on %s (TLS 1.3)...%s\n" "$cyan" "$container_name" "$norm"
|
printf "%s\nRunning SHELL on %s (TLS 1.3)...%s\n" "$cyan" "$container_name" "$norm"
|
||||||
|
fi
|
||||||
|
# shellcheck disable=SC2086
|
||||||
docker run --rm -it --name "${container_name}" \
|
docker run --rm -it --name "${container_name}" \
|
||||||
--env-file ab-nginx.params \
|
--env-file ab-nginx.params \
|
||||||
-e SERVER_NAMES="$HOSTNAMES" \
|
-e SERVER_NAMES="$HOSTNAMES" \
|
||||||
@ -279,8 +253,12 @@ elif [ "$SSL_CERT" ] && [ "$TLS13_ONLY" = 'TRUE' ]; then
|
|||||||
-p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \
|
-p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \
|
||||||
docker.asifbacchus.dev/nginx/ab-nginx:latest /bin/sh
|
docker.asifbacchus.dev/nginx/ab-nginx:latest /bin/sh
|
||||||
else
|
else
|
||||||
# exec normally
|
if [ "$TLS13_ONLY" = 'FALSE' ]; then
|
||||||
|
printf "%s\nRunning NGINX on %s (TLS 1.2)...%s\n" "$cyan" "$container_name" "$norm"
|
||||||
|
else
|
||||||
printf "%s\nRunning NGINX on %s (TLS 1.3)...%s\n" "$cyan" "$container_name" "$norm"
|
printf "%s\nRunning NGINX on %s (TLS 1.3)...%s\n" "$cyan" "$container_name" "$norm"
|
||||||
|
fi
|
||||||
|
# shellcheck disable=SC2086
|
||||||
docker run -d --name "${container_name}" \
|
docker run -d --name "${container_name}" \
|
||||||
--env-file ab-nginx.params \
|
--env-file ab-nginx.params \
|
||||||
-e SERVER_NAMES="$HOSTNAMES" \
|
-e SERVER_NAMES="$HOSTNAMES" \
|
||||||
|
Loading…
Reference in New Issue
Block a user