refactor(helpers): condense TLS section of helper script

Take advantage of container generating DHParams and remove redundant
docker run blocks
This commit is contained in:
Asif Bacchus 2021-07-26 00:49:51 -06:00
parent 1ee8b8bf03
commit b2582b9bad

View File

@ -209,9 +209,10 @@ docker network inspect ${NETWORK} >/dev/null 2>&1 ||
# run without TLS # run without TLS
if [ -z "$SSL_CERT" ]; then if [ -z "$SSL_CERT" ]; then
if [ $shell = 'true' ]; then if [ "$shell" = 'true' ]; then
# exec shell # exec shell
printf "%s\nRunning SHELL on %s...%s\n" "$cyan" "$container_name" "$norm" printf "%s\nRunning SHELL on %s...%s\n" "$cyan" "$container_name" "$norm"
# shellcheck disable=SC2086
docker run --rm -it --name "${container_name}" \ docker run --rm -it --name "${container_name}" \
--env-file ab-nginx.params \ --env-file ab-nginx.params \
-e SERVER_NAMES="$HOSTNAMES" \ -e SERVER_NAMES="$HOSTNAMES" \
@ -222,6 +223,7 @@ if [ -z "$SSL_CERT" ]; then
else else
# exec normally # exec normally
printf "%s\nRunning NGINX on %s...%s\n" "$cyan" "$container_name" "$norm" printf "%s\nRunning NGINX on %s...%s\n" "$cyan" "$container_name" "$norm"
# shellcheck disable=SC2086
docker run -d --name "${container_name}" \ docker run -d --name "${container_name}" \
--env-file ab-nginx.params \ --env-file ab-nginx.params \
-e SERVER_NAMES="$HOSTNAMES" \ -e SERVER_NAMES="$HOSTNAMES" \
@ -231,68 +233,44 @@ if [ -z "$SSL_CERT" ]; then
--restart unless-stopped \ --restart unless-stopped \
docker.asifbacchus.dev/nginx/ab-nginx:latest docker.asifbacchus.dev/nginx/ab-nginx:latest
fi fi
# run with TLS1.2 # run with TLS
elif [ "$SSL_CERT" ] && [ "$TLS13_ONLY" = 'FALSE' ]; then else
if [ $shell = 'true' ]; then if [ "$shell" = 'true' ]; then
# exec shell if [ "$TLS13_ONLY" = 'FALSE' ]; then
printf "%s\nRunning SHELL on %s (TLS 1.2)...%s\n" "$cyan" "$container_name" "$norm" printf "%s\nRunning SHELL on %s (TLS 1.2)...%s\n" "$cyan" "$container_name" "$norm"
docker run --rm -it --name "${container_name}" \ else
--env-file ab-nginx.params \ printf "%s\nRunning SHELL on %s (TLS 1.3)...%s\n" "$cyan" "$container_name" "$norm"
-e SERVER_NAMES="$HOSTNAMES" \ fi
$vmount \ # shellcheck disable=SC2086
--network=${NETWORK} \ docker run --rm -it --name "${container_name}" \
-v "$SSL_CERT":/certs/fullchain.pem:ro \ --env-file ab-nginx.params \
-v "$SSL_KEY":/certs/privkey.pem:ro \ -e SERVER_NAMES="$HOSTNAMES" \
-v "$SSL_CHAIN":/certs/chain.pem:ro \ $vmount \
-v "$DH":/certs/dhparam.pem:ro \ --network=${NETWORK} \
-p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \ -v "$SSL_CERT":/certs/fullchain.pem:ro \
docker.asifbacchus.dev/nginx/ab-nginx:latest /bin/sh -v "$SSL_KEY":/certs/privkey.pem:ro \
else -v "$SSL_CHAIN":/certs/chain.pem:ro \
# exec normally -p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \
printf "%s\nRunning NGINX on %s (TLS 1.2)...%s\n" "$cyan" "$container_name" "$norm" docker.asifbacchus.dev/nginx/ab-nginx:latest /bin/sh
docker run -d --name "${container_name}" \ else
--env-file ab-nginx.params \ if [ "$TLS13_ONLY" = 'FALSE' ]; then
-e SERVER_NAMES="$HOSTNAMES" \ printf "%s\nRunning NGINX on %s (TLS 1.2)...%s\n" "$cyan" "$container_name" "$norm"
$vmount \ else
--network=${NETWORK} \ printf "%s\nRunning NGINX on %s (TLS 1.3)...%s\n" "$cyan" "$container_name" "$norm"
-v "$SSL_CERT":/certs/fullchain.pem:ro \ fi
-v "$SSL_KEY":/certs/privkey.pem:ro \ # shellcheck disable=SC2086
-v "$SSL_CHAIN":/certs/chain.pem:ro \ docker run -d --name "${container_name}" \
-v "$DH":/certs/dhparam.pem:ro \ --env-file ab-nginx.params \
-p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \ -e SERVER_NAMES="$HOSTNAMES" \
--restart unless-stopped \ $vmount \
docker.asifbacchus.dev/nginx/ab-nginx:latest --network=${NETWORK} \
fi -v "$SSL_CERT":/certs/fullchain.pem:ro \
# run with TLS1.3 -v "$SSL_KEY":/certs/privkey.pem:ro \
elif [ "$SSL_CERT" ] && [ "$TLS13_ONLY" = 'TRUE' ]; then -v "$SSL_CHAIN":/certs/chain.pem:ro \
if [ $shell = 'true' ]; then -p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \
# exec shell --restart unless-stopped \
printf "%s\nRunning SHELL on %s (TLS 1.3)...%s\n" "$cyan" "$container_name" "$norm" docker.asifbacchus.dev/nginx/ab-nginx:latest
docker run --rm -it --name "${container_name}" \ fi
--env-file ab-nginx.params \
-e SERVER_NAMES="$HOSTNAMES" \
$vmount \
--network=${NETWORK} \
-v "$SSL_CERT":/certs/fullchain.pem:ro \
-v "$SSL_KEY":/certs/privkey.pem:ro \
-v "$SSL_CHAIN":/certs/chain.pem:ro \
-p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \
docker.asifbacchus.dev/nginx/ab-nginx:latest /bin/sh
else
# exec normally
printf "%s\nRunning NGINX on %s (TLS 1.3)...%s\n" "$cyan" "$container_name" "$norm"
docker run -d --name "${container_name}" \
--env-file ab-nginx.params \
-e SERVER_NAMES="$HOSTNAMES" \
$vmount \
--network=${NETWORK} \
-v "$SSL_CERT":/certs/fullchain.pem:ro \
-v "$SSL_KEY":/certs/privkey.pem:ro \
-v "$SSL_CHAIN":/certs/chain.pem:ro \
-p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \
--restart unless-stopped \
docker.asifbacchus.dev/nginx/ab-nginx:latest
fi
fi fi
### exit gracefully ### exit gracefully