ab-docker/ab-nginx
1
0
Fork 0
Code Issues Pull Requests Releases 8 Wiki Activity

Compare commits

base: ab-docker:49fa74159bf0d4a2274ec96b1162bc7bcb9b2972
Branches Tags
ab-docker:main
ab-docker:nginx-1.27.3
ab-docker:1.27-alpine3.20
ab-docker:v5.2.1-1.27.3
ab-docker:v5.2-1.23.2
ab-docker:v5.2-1.22.1
ab-docker:5.2-1.21.6
ab-docker:5.2-1.21.3
ab-docker:5.1-1.21.1
ab-docker:5.0-1.21.1
ab-docker:v1.19.9
ab-docker:v2.0.0
..
compare: ab-docker:f1faf3fedfb73784d5459902ac906ed59bbbcdd0
Branches Tags
ab-docker:main
ab-docker:nginx-1.27.3
ab-docker:1.27-alpine3.20
ab-docker:v5.2.1-1.27.3
ab-docker:v5.2-1.23.2
ab-docker:v5.2-1.22.1
ab-docker:5.2-1.21.6
ab-docker:5.2-1.21.3
ab-docker:5.1-1.21.1
ab-docker:5.0-1.21.1
ab-docker:v1.19.9
ab-docker:v2.0.0

No commits in common. "49fa74159bf0d4a2274ec96b1162bc7bcb9b2972" and "f1faf3fedfb73784d5459902ac906ed59bbbcdd0" have entirely different histories.
49fa74159b ... f1faf3fedf

5 changed files with 362 additions and 190 deletions
Show Stats Expand all files Collapse all files

11
.idea/.idea.ab-nginx.dir/.idea/vcs.xml
View File

@ -2,18 +2,11 @@
<project version="4"> <project version="4">
<component name="CommitMessageInspectionProfile"> <component name="CommitMessageInspectionProfile">
<profile version="1.0"> <profile version="1.0">
<inspection_tool class="BodyLimit" enabled="true" level="WEAK WARNING" enabled_by_default="true" /> <inspection_tool class="BodyLimit" enabled="true" level="ERROR" enabled_by_default="true" />
<inspection_tool class="SubjectBodySeparation" enabled="true" level="ERROR" enabled_by_default="true" /> <inspection_tool class="SubjectBodySeparation" enabled="true" level="ERROR" enabled_by_default="true" />
<inspection_tool class="SubjectLimit" enabled="true" level="WARNING" enabled_by_default="true" /> <inspection_tool class="SubjectLimit" enabled="true" level="ERROR" enabled_by_default="true" />
</profile> </profile>
</component> </component>
<component name="GitSharedSettings">
<option name="FORCE_PUSH_PROHIBITED_PATTERNS">
<list>
<option value="master main" />
</list>
</option>
</component>
<component name="VcsDirectoryMappings"> <component name="VcsDirectoryMappings">
<mapping directory="$PROJECT_DIR$" vcs="Git" /> <mapping directory="$PROJECT_DIR$" vcs="Git" />
</component> </component>

156
helpers/ab-nginx.params.template Normal file
View File

@ -0,0 +1,156 @@
###
### Parameters for use by ab-nginx helper script
###
### If you are NOT using the 'ab-nginx.sh' script file to start the container,
### then you don't have to do anything with this file.
###
#
# Network options
#
# If you want to specify a network to which this container should bind or one
# that should be created, then use this variable. If you don't know what this
# means or if you just want to use the default, leave this variable commented.
# REQUIRED: NO
# DEFAULT: nginx_network
# VALID OPTIONS: network names acceptable to the docker engine
#NETWORK=nginx_network
# If you want to specify a particular IP subnet for the network to be created
# as per the above variable, specify it here. Again, if you don't know what
# this means, just leave this variable commented.
# REQUIRED: NO
# DEFAULT: '172.31.254.0/24'
# VALID OPTIONS: subnet in CIDR format
#SUBNET='172.31.254.0/24'
#
# Timezone
#
# This doesn't impact any functionality of the container, but it does make your
# logs easier to understand if they report the correct local time, right? Valid
# options can be found at
# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
# REQUIRED: NO
# DEFAULT: Etc/UTC
# VALID OPTIONS: IANA time zones in TZ format
#TZ=Etc/UTC
#
# NGINX options
#
# Hostnames to which this instance of NGINX should answer:
# By default, this is set to '_' meaning 'match anything'. However, that won't
# work if you're using SSL certificates! Multiple hostnames must be space
# delimited and "enclosed in quotes".
#
# This is NOT required if you are supplying your own server blocks via
# 'SERVERS_DIR'
#
# REQUIRED: YES, if using SSL and default server-blocks
# DEFAULT: "_"
#HOSTNAMES="domain.tld www.domain.tld server.domain.tld alt.domain.tld"
# Ports to listen on:
# If you need to use ports other than HTTP=80 and HTTPS=443, remember to set up
# your server blocks accordingly!
#
# If you're using the default server-blocks, they will auto-adjust to whatever
# you use here.
# REQUIRED: NO
# DEFAULTS: 80 and 443, respectively
#HTTP_PORT=80
#HTTPS_PORT=443
# Access logging (global preference):
# Unless overridden in a server/location block, access logging will be handled
# according to this setting. Logs are printed to the container console.
# REQUIRED: NO
# DEFAULT: OFF
# VALID OPTIONS: 'ON' or 'OFF'
#ACCESS_LOG=OFF
#
# Content locations
# Whatever you specify here will replace the default files in the container with
# your content/configurations. You may comment any/all of the following lines to
# disable them use the container defaults.
#
# Specify a directory containing your NGINX configurations (if any)
# Remember that these will be all be applied in the HTTP configuration context.
# Only files with a ".conf" extension will be loaded! If you want to disable a
# file, simply change its extension (i.e. '.conf.disabled').
#
# REMEMBER: Your configuration files must be readable by UID 8080!
CONFIG_DIR=$(pwd)/config
# Specify a directory containing your NGINX server-block configurations (if any)
# If you are just serving static content from the 'webroot', you can use the
# container default server-blocks and comment this variable.
#
# More likely, you will have your own server blocks. Remember, files are
# processed in order so consider starting file names with numbers
# (i.e. 00-first_server.conf, 05-second_server.conf)
#
# Only files with a ".conf" extension will be loaded! If you want to disable a
# file, simply change its extension (i.e. '.conf.disabled').
#
# REMEMBER: Your server-block files must be readable by UID 8080!
SERVERS_DIR=$(pwd)/sites
# Specify a directory containing 'snippets' of NGINX code you want/need to
# reference in other configuration files. Pointers to other SSL certificates for
# hosted domains or commonly used headers are good examples.
#
# You can then "include /etc/nginx/snippets/yourSnippet.conf;" in your configs
# instead of having to type the same thing many times.
# This is totally optional! Comment this variable to disable it.
# REMEMBER: Your snippets must be readable by UID 8080!
SNIPPETS_DIR=$(pwd)/snippets
# Specify a directory with the content you want to serve.
# REMEMBER: This directory must be readable by UID 8080!
WEBROOT_DIR=/var/www
#
# SSL options:
#
# Enable HSTS only AFTER you've tested SSL implementation! Container sets the
# header to require SSL for 6 months! Subdomains are NOT included.
# REQUIRED: NO
# DEFAULT: FALSE
# VALID OPTIONS: 'TRUE', 'FALSE'
#HSTS=FALSE
# TLS 1.3 mode:
# If 'FALSE' (default), NGINX will accept both TLS 1.2 and 1.3 connections.
# If 'TRUE', only TLS 1.3 connections will be accepted.
#TLS13_ONLY=FALSE
#
# Certificate files
#
# If you are mounting symlinks you MUST specify the full path of the symlink so
# the target is resolved! DH (Diffie-Hellman Parameters file) is only required
# if using TLS 1.2.
#
# REMEMBER: ALL files must be readble by UID 8080!
#SSL_CERT=/path/to/your/ssl-certificate/fullchain.pem
#SSL_KEY=/path/to/your/ssl-private-key/privkey.pem
#SSL_CHAIN=/path/to/your/ssl-certificate-chain/chain.pem
#DH=/path/to/your/diffie-hellman-parameters-file/dhparam.pem
#EOF

371
helpers/ab-nginx.sh
View File

@ -4,27 +4,25 @@
# start ab-nginx container using params file variables # start ab-nginx container using params file variables
# #
# TODO: add stop & stop and remove commands
# text formatting presets # text formatting presets
if command -v tput >/dev/null; then if command -v tput >/dev/null; then
cyan=$(tput bold)$(tput setaf 6) cyan=$(tput bold)$(tput setaf 6)
err=$(tput bold)$(tput setaf 1) err=$(tput bold)$(tput setaf 1)
magenta=$(tput sgr0)$(tput setaf 5) magenta=$(tput sgr0)$(tput setaf 5)
norm=$(tput sgr0) norm=$(tput sgr0)
yellow=$(tput sgr0)$(tput setaf 3) yellow=$(tput sgr0)$(tput setaf 3)
width=$(tput cols) width=$(tput cols)
else else
cyan='' cyan=''
err='' err=''
magenta='' magenta=''
norm='' norm=''
yellow='' yellow=''
width=80 width=80
fi fi
### parameter defaults ### parameter defaults
doShell=false shell=false
container_name="ab-nginx" container_name="ab-nginx"
NETWORK='nginx_network' NETWORK='nginx_network'
SUBNET='172.31.254.0/24' SUBNET='172.31.254.0/24'
@ -38,80 +36,77 @@ unset vmount
### functions ### functions
checkExist() { checkExist() {
if [ "$1" = 'file' ]; then if [ "$1" = 'file' ]; then
if [ ! -f "$2" ]; then if [ ! -f "$2" ]; then
printf "%s\nCannot find file: '$2'. Exiting.\n%s" "$err" "$norm" printf "%s\nCannot find file: '$2'. Exiting.\n%s" "$err" "$norm"
exit 3 exit 3
fi
elif [ "$1" = 'dir' ]; then
if [ ! -d "$2" ]; then
printf "%s\nCannot find directory: '$2'. Exiting.\n$%s" "$err" "$norm"
exit 3
fi
fi fi
return 0 elif [ "$1" = 'dir' ]; then
if [ ! -d "$2" ]; then
printf "%s\nCannot find directory: '$2'. Exiting.\n$%s" "$err" "$norm"
exit 3
fi
fi
return 0
} }
scriptHelp() { scriptHelp() {
printf "\n%s" "$magenta" printf "\n%s%1000s\n" "$magenta" | tr " " "-" | cut -c -$width
printf '%.0s-' $(seq "$width") printf "%s" "$norm"
printf "\n%s" "$norm" textblock "This is a simple helper script so you can avoid typing lengthy commands when working with the ab-nginx container."
textBlock "This is a simple helper script so you can avoid typing lengthy commands when working with the ab-nginx container." textblock "The script reads the contents of 'ab-nginx.params' and constructs various 'docker run' commands based on that file. The biggest time-saver is working with certificates. If they are specified in the params file, the script will automatically bind-mount them so nginx serves content via SSL by default."
textBlock "The script reads the contents of 'ab-nginx.params' and constructs various 'docker run' commands based on that file. The biggest time-saver is working with certificates. If they are specified in the params file, the script will automatically bind-mount them so nginx serves content via SSL by default." newline
newline textblock "If you run the script with no parameters, it will execute the container 'normally': Run in detached mode with nginx automatically launched. If you specified certificates, nginx will serve over SSL by default."
textBlock "If you run the script with no parameters, it will execute the container 'normally': Run in detached mode with nginx automatically launched. If you specified certificates, nginx will serve over SSL by default." textblock "Note: Containers (except shell) are always set to restart 'unless-stopped'. You must remove them manually if desired."
textBlock "Note: Containers (except shell) are always set to restart 'unless-stopped'. You must remove them manually if desired." printf "%s" "$magenta"
printf "%s" "$magenta" newline
newline textblock "The script has the following (optional) parameters:"
textBlock "The script has the following (optional) parameters:" textblockParam 'parameter in cyan' 'default in yellow'
textBlockParam 'parameter in cyan' 'default in yellow' newline
newline textblockParam '-n|--name' 'ab-nginx'
textBlockParam '-n|--name' 'ab-nginx' textblock "Change the name of the container. This is cosmetic and does not affect operation in any way."
textBlock "Set the name of the container, otherwise the default will be used." newline
newline textblockParam '-s|--shell' 'off: run in detached mode'
textBlockParam'-s|--shell' 'off: run in detached mode' textblock "Enter the container using an interactive POSIX shell. This happens after startup operations but *before* nginx is actually started. This is a great way to see configuration changes possibly stopping nginx from starting normally."
textBlock "Enter the container using an interactive ASH/BusyBox shell. This happens after startup operations but *before* nginx is actually started. This is a great way to see configuration changes possibly stopping nginx from starting normally." printf "%s" "$yellow"
printf "%s" "$yellow" newline
newline textblock "More information can be found at: https://git.asifbacchus.app/ab-docker/ab-nginx/wiki"
textBlock"More information can be found at: https://git.asifbacchus.dev/ab-docker/ab-nginx/wiki" printf "%s%1000s\n" "$magenta" | tr " " "-" | cut -c -$width
printf "\n%s" "$magenta" exit 0
printf '%.0s-' $(seq "$width")
printf "\n%s" "$norm"
exit 0
} }
newline() { newline() {
printf "\n" printf "\n"
} }
textBlock() { textblock() {
printf "%s\n" "$1" | fold -w "$width" -s printf "%s\n" "$1" | fold -w "$width" -s
} }
textBlockParam() { textblockParam() {
if [ -z "$2" ]; then if [ -z "$2" ]; then
# no default # no default
printf "%s%s%s\n" "$cyan" "$1" "$norm" printf "%s%s%s\n" "$cyan" "$1" "$norm"
else else
# default param provided # default param provided
printf "%s%s %s(%s)%s\n" "$cyan" "$1" "$yellow" "$2" "$norm" printf "%s%s %s(%s)%s\n" "$cyan" "$1" "$yellow" "$2" "$norm"
fi fi
} }
### pre-requisite checks ### pre-requisite checks
# is docker installed? # is docker installed?
if ! command -v docker >/dev/null; then if ! command -v docker > /dev/null; then
printf "%s\nCannot find docker... is it installed?\n%s" "$err" "$norm" printf "%s\nCannot find docker... is it installed?\n%s" "$err" "$norm"
exit 2 exit 2
fi fi
# is user root or in the docker group? # is user root or in the docker group?
if [ ! "$(id -u)" -eq 0 ]; then if [ ! "$(id -u)" -eq 0 ]; then
if ! id -Gn | grep docker >/dev/null; then if ! id -Gn | grep docker >/dev/null; then
printf "%s\nYou must either be root or in the 'docker' group to run this script since you must be able to actually start the container! Exiting.\n$%s" "$err" "$norm" printf "%s\nYou must either be root or in the 'docker' group to run this script since you must be able to actually start the container! Exiting.\n$%s" "$err" "$norm"
exit 2 exit 2
fi fi
fi fi
# does the params file exist? # does the params file exist?
@ -122,7 +117,7 @@ checkExist 'file' './ab-nginx.params'
# fix case of TLS13_ONLY var # fix case of TLS13_ONLY var
if [ "$TLS13_ONLY" ]; then if [ "$TLS13_ONLY" ]; then
TLS13_ONLY=$(printf "%s" "$TLS13_ONLY" | tr "[:lower:]" "[:upper:]") TLS13_ONLY=$(printf "%s" "$TLS13_ONLY" | tr "[:lower:]" "[:upper:]")
fi fi
# check for certs if using SSL # check for certs if using SSL
@ -130,33 +125,43 @@ if [ "$SSL_CERT" ]; then checkExist 'file' "$SSL_CERT"; fi
if [ "$SSL_KEY" ]; then checkExist 'file' "$SSL_KEY"; fi if [ "$SSL_KEY" ]; then checkExist 'file' "$SSL_KEY"; fi
if [ "$SSL_CHAIN" ]; then checkExist 'file' "$SSL_CHAIN"; fi if [ "$SSL_CHAIN" ]; then checkExist 'file' "$SSL_CHAIN"; fi
# check for DHparam if using TLS1.2
if [ "$SSL_CERT" ] && [ "$TLS13_ONLY" = 'FALSE' ]; then
if [ -z "$DH" ]; then
printf "%s\nA DHparam file must be specified when using TLS 1.2. Exiting.%s\n" "$err" "$norm"
exit 5
else
checkExist 'file' "$DH"
fi
fi
# check if specified config directory exists # check if specified config directory exists
if [ "$CONFIG_DIR" ]; then if [ "$CONFIG_DIR" ]; then
checkExist 'dir' "$CONFIG_DIR" checkExist 'dir' "$CONFIG_DIR"
fi fi
# check if specified server-block directory exists # check if specified server-block directory exists
if [ "$SERVERS_DIR" ]; then if [ "$SERVERS_DIR" ]; then
checkExist 'dir' "$SERVERS_DIR" checkExist 'dir' "$SERVERS_DIR"
fi fi
# check if specified webroot directory exists # check if specified webroot directory exists
if [ "$WEBROOT_DIR" ]; then if [ "$WEBROOT_DIR" ]; then
checkExist 'dir' "$WEBROOT_DIR" checkExist 'dir' "$WEBROOT_DIR"
fi fi
# set up volume mounts # set up volume mounts
if [ "$CONFIG_DIR" ]; then if [ "$CONFIG_DIR" ]; then
vmount="$vmount -v $CONFIG_DIR:/etc/nginx/config" vmount="$vmount -v $CONFIG_DIR:/etc/nginx/config"
fi fi
if [ "$SERVERS_DIR" ]; then if [ "$SERVERS_DIR" ]; then
vmount="$vmount -v $SERVERS_DIR:/etc/nginx/sites" vmount="$vmount -v $SERVERS_DIR:/etc/nginx/sites"
fi fi
if [ "$SNIPPETS_DIR" ]; then if [ "$SNIPPETS_DIR" ]; then
vmount="$vmount -v $SNIPPETS_DIR:/etc/nginx/snippets" vmount="$vmount -v $SNIPPETS_DIR:/etc/nginx/snippets"
fi fi
if [ "$WEBROOT_DIR" ]; then if [ "$WEBROOT_DIR" ]; then
vmount="$vmount -v $WEBROOT_DIR:/usr/share/nginx/html" vmount="$vmount -v $WEBROOT_DIR:/usr/share/nginx/html"
fi fi
# trim leading whitespace # trim leading whitespace
vmount=${vmount##[[:space:]]} vmount=${vmount##[[:space:]]}
@ -166,111 +171,129 @@ if [ -z "$HOSTNAMES" ]; then HOSTNAMES="_"; fi
# process startup parameters # process startup parameters
while [ $# -gt 0 ]; do while [ $# -gt 0 ]; do
case "$1" in case "$1" in
-h | -\? | --help) -h | -\? | --help)
# display help # display help
scriptHelp scriptHelp
exit 0 exit 0
;; ;;
-s | --shell) -s | --shell)
# start shell instead of default CMD # start shell instead of default CMD
doShell=true shell=true
;; ;;
-n | --name) -n | --name)
# container name # container name
if [ -z "$2" ]; then if [ -z "$2" ]; then
printf "%s\nNo container name specified. Exiting.\n%s" "$err" "$norm" printf "%s\nNo container name specified. Exiting.\n%s" "$err" "$norm"
exit 1 exit 1
fi fi
container_name="$2" container_name="$2"
shift
;;
*)
printf "%s\nUnknown option: %s\n" "$err" "$1"
printf "Use '--help' for valid options.\n\n%s" "$norm"
exit 1
;;
esac
shift shift
;;
*)
printf "%s\nUnknown option: %s\n" "$err" "$1"
printf "Use '--help' for valid options.\n\n%s" "$norm"
exit 1
;;
esac
shift
done done
# create network if it doesn't already exist # create network if it doesn't already exist
docker network inspect ${NETWORK} >/dev/null 2>&1 || docker network inspect ${NETWORK} >/dev/null 2>&1 ||
docker network create \ docker network create \
--attachable \ --attachable \
--driver=bridge \ --driver=bridge \
--subnet=${SUBNET} \ --subnet=${SUBNET} \
${NETWORK} ${NETWORK}
# run without TLS # run without TLS
if [ -z "$SSL_CERT" ]; then if [ -z "$SSL_CERT" ]; then
if [ "$doShell" = 'true' ]; then if [ $shell = 'true' ]; then
# exec shell # exec shell
printf "%s\nRunning SHELL on %s...%s\n" "$cyan" "$container_name" "$norm" printf "%s\nRunning SHELL on %s...%s\n" "$cyan" "$container_name" "$norm"
# shellcheck disable=SC2086 docker run --rm -it --name "${container_name}" \
docker run --rm -it --name "${container_name}" \ --env-file ab-nginx.params \
--env-file ab-nginx.params \ -e SERVER_NAMES="$HOSTNAMES" \
--user="${NGINX_UID:-8080}:${NGINX_GID:-8080}" \ $vmount \
-e SERVER_NAMES="$HOSTNAMES" \ --network=${NETWORK} \
$vmount \ -p ${HTTP_PORT}:80 \
--network=${NETWORK} \ docker.asifbacchus.app/nginx/ab-nginx:latest /bin/sh
-p ${HTTP_PORT}:80 \ else
docker.asifbacchus.dev/nginx/ab-nginx:latest /bin/sh # exec normally
else printf "%s\nRunning NGINX on %s...%s\n" "$cyan" "$container_name" "$norm"
# exec normally docker run -d --name "${container_name}" \
printf "%s\nRunning NGINX on %s...%s\n" "$cyan" "$container_name" "$norm" --env-file ab-nginx.params \
# shellcheck disable=SC2086 -e SERVER_NAMES="$HOSTNAMES" \
docker run -d --name "${container_name}" \ $vmount \
--env-file ab-nginx.params \ --network=${NETWORK} \
--user="${NGINX_UID:-8080}:${NGINX_GID:-8080}" \ -p ${HTTP_PORT}:80 \
-e SERVER_NAMES="$HOSTNAMES" \ --restart unless-stopped \
$vmount \ docker.asifbacchus.app/nginx/ab-nginx:latest
--network=${NETWORK} \ fi
-p ${HTTP_PORT}:80 \ # run with TLS1.2
--restart unless-stopped \ elif [ "$SSL_CERT" ] && [ "$TLS13_ONLY" = 'FALSE' ]; then
docker.asifbacchus.dev/nginx/ab-nginx:${TAG:-latest} if [ $shell = 'true' ]; then
fi # exec shell
# run with TLS printf "%s\nRunning SHELL on %s (TLS 1.2)...%s\n" "$cyan" "$container_name" "$norm"
else docker run --rm -it --name "${container_name}" \
if [ "$doShell" = 'true' ]; then --env-file ab-nginx.params \
if [ "$TLS13_ONLY" = 'FALSE' ]; then -e SERVER_NAMES="$HOSTNAMES" \
printf "%s\nRunning SHELL on %s (TLS 1.2)...%s\n" "$cyan" "$container_name" "$norm" $vmount \
else --network=${NETWORK} \
printf "%s\nRunning SHELL on %s (TLS 1.3)...%s\n" "$cyan" "$container_name" "$norm" -v "$SSL_CERT":/certs/fullchain.pem:ro \
fi -v "$SSL_KEY":/certs/privkey.pem:ro \
# shellcheck disable=SC2086 -v "$SSL_CHAIN":/certs/chain.pem:ro \
docker run --rm -it --name "${container_name}" \ -v "$DH":/certs/dhparam.pem:ro \
--env-file ab-nginx.params \ -p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \
--user="${NGINX_UID:-8080}:${NGINX_GID:-8080}" \ docker.asifbacchus.app/nginx/ab-nginx:latest /bin/sh
-e SERVER_NAMES="$HOSTNAMES" \ else
$vmount \ # exec normally
--network=${NETWORK} \ printf "%s\nRunning NGINX on %s (TLS 1.2)...%s\n" "$cyan" "$container_name" "$norm"
-v "$SSL_CERT":/certs/fullchain.pem:ro \ docker run -d --name "${container_name}" \
-v "$SSL_KEY":/certs/privkey.pem:ro \ --env-file ab-nginx.params \
-v "$SSL_CHAIN":/certs/chain.pem:ro \ -e SERVER_NAMES="$HOSTNAMES" \
-p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \ $vmount \
docker.asifbacchus.dev/nginx/ab-nginx:${TAG:-latest} /bin/sh --network=${NETWORK} \
else -v "$SSL_CERT":/certs/fullchain.pem:ro \
if [ "$TLS13_ONLY" = 'FALSE' ]; then -v "$SSL_KEY":/certs/privkey.pem:ro \
printf "%s\nRunning NGINX on %s (TLS 1.2)...%s\n" "$cyan" "$container_name" "$norm" -v "$SSL_CHAIN":/certs/chain.pem:ro \
else -v "$DH":/certs/dhparam.pem:ro \
printf "%s\nRunning NGINX on %s (TLS 1.3)...%s\n" "$cyan" "$container_name" "$norm" -p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \
fi --restart unless-stopped \
# shellcheck disable=SC2086 docker.asifbacchus.app/nginx/ab-nginx:latest
docker run -d --name "${container_name}" \ fi
--env-file ab-nginx.params \ # run with TLS1.3
--user="${NGINX_UID:-8080}:${NGINX_GID:-8080}" \ elif [ "$SSL_CERT" ] && [ "$TLS13_ONLY" = 'TRUE' ]; then
-e SERVER_NAMES="$HOSTNAMES" \ if [ $shell = 'true' ]; then
$vmount \ # exec shell
--network=${NETWORK} \ printf "%s\nRunning SHELL on %s (TLS 1.3)...%s\n" "$cyan" "$container_name" "$norm"
-v "$SSL_CERT":/certs/fullchain.pem:ro \ docker run --rm -it --name "${container_name}" \
-v "$SSL_KEY":/certs/privkey.pem:ro \ --env-file ab-nginx.params \
-v "$SSL_CHAIN":/certs/chain.pem:ro \ -e SERVER_NAMES="$HOSTNAMES" \
-p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \ $vmount \
--restart unless-stopped \ --network=${NETWORK} \
docker.asifbacchus.dev/nginx/ab-nginx:${TAG:-latest} -v "$SSL_CERT":/certs/fullchain.pem:ro \
fi -v "$SSL_KEY":/certs/privkey.pem:ro \
-v "$SSL_CHAIN":/certs/chain.pem:ro \
-p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \
docker.asifbacchus.app/nginx/ab-nginx:latest /bin/sh
else
# exec normally
printf "%s\nRunning NGINX on %s (TLS 1.3)...%s\n" "$cyan" "$container_name" "$norm"
docker run -d --name "${container_name}" \
--env-file ab-nginx.params \
-e SERVER_NAMES="$HOSTNAMES" \
$vmount \
--network=${NETWORK} \
-v "$SSL_CERT":/certs/fullchain.pem:ro \
-v "$SSL_KEY":/certs/privkey.pem:ro \
-v "$SSL_CHAIN":/certs/chain.pem:ro \
-p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \
--restart unless-stopped \
docker.asifbacchus.app/nginx/ab-nginx:latest
fi
fi fi
### exit gracefully ### exit gracefully
exit 0 exit 0

8
helpers/sites/readme
View File

@ -1,11 +1,11 @@
- Place all your server block configuration files in this directory - Place all your server block configuration files in this directory
- This path should be bind-mounted to the container at: - This path should be bind-mounted to the container at:
'/etc/nginx/sites' '/etc/nginx/sites'
- this bind-mount will override the default server configurations - this bind-mount will override the test pages included in the container by
included in the container by default. default.
- All files should begin in the 'server' configuration context - All files should begin in the 'server' configuration context
- ONLY files that end with '.conf' will be processed! - ONLY files that end with '.conf' will be processed!
- if you want to keep a file for reference or disable it temporarily, - if you want to keep a file for reference or disable it temporarily,
simply change the extension. I like using '.conf.disabled'. simply change the extension. I like using '.conf.disabled'.
- If you don't want to use this directory, you can bind-mount any other - If you don't want to use this directory, you can bind-mount any other
directory you want to '/etc/nginx/sites/' directory you want to '/etc/nginx/sites/'

6
helpers/update.sh
View File

@ -90,8 +90,8 @@ updateSuccess=0
# reference constants # reference constants
dockerNamespace='nginx' dockerNamespace='nginx'
containerName='ab-nginx' containerName='ab-nginx'
containerUpdatePath="docker.asifbacchus.dev/$dockerNamespace/$containerName:latest" containerUpdatePath="docker.asifbacchus.app/$dockerNamespace/$containerName:latest"
server="https://asifbacchus.dev/public/docker/$dockerNamespace/$containerName/" server="https://asifbacchus.app/updates/docker/$dockerNamespace/$containerName/"
checksumFilename='checksums.sha256' checksumFilename='checksums.sha256'
# operation triggers # operation triggers
@ -247,4 +247,4 @@ if [ "$doScriptUpdate" -eq 1 ]; then
printf "\tUpdates: %s%s applied%s, %s%s failed%s\n" "$ok" "$updateSuccess" "$norm" "$err" "$updateFailed" "$norm" printf "\tUpdates: %s%s applied%s, %s%s failed%s\n" "$ok" "$updateSuccess" "$norm" "$err" "$updateFailed" "$norm"
fi fi
exit 0 exit 0