Compare commits
14 Commits
cbb8595380
..
v2.0.0
| Author | SHA1 | Date | |
|---|---|---|---|
| 6206ed49ff | |||
| 478af79158 | |||
| 6f9d0ae7df | |||
| db4be32b54 | |||
| 9d5c7960c9 | |||
| f53e673c3f | |||
| 16df6570bc | |||
| 38d6967f68 | |||
| 0a99c75a91 | |||
| cb794e755f | |||
| d29bff3324 | |||
| cbaadc40c4 | |||
| 7e96583455 | |||
| 19a8f3a082 |
+5
-1
@@ -73,8 +73,12 @@
|
|||||||
|
|
||||||
#
|
#
|
||||||
# Exclude files from exporting
|
# Exclude files from exporting
|
||||||
|
# only export helper scripts
|
||||||
#
|
#
|
||||||
|
|
||||||
.gitattributes export-ignore
|
.gitattributes export-ignore
|
||||||
.gitignore export-ignore
|
.gitignore export-ignore
|
||||||
.vscode/* export-ignore
|
.vscode export-ignore
|
||||||
|
.idea export-ignore
|
||||||
|
build export-ignore
|
||||||
|
README.md export-ignore
|
||||||
|
|||||||
@@ -4,23 +4,23 @@ Containerized fully-functional implementation of NGINX running on Alpine **as a
|
|||||||
|
|
||||||
## Contents
|
## Contents
|
||||||
|
|
||||||
[Alternate repository](#alternate-repository)
|
[Alternate repository](#alternate-repository)<br>
|
||||||
[Documentation and scripts](#documentation-and-scripts)
|
[Documentation and scripts](#documentation-and-scripts)<br>
|
||||||
[Permissions](#permissions)
|
[Permissions](#permissions)<br>
|
||||||
[Container layout](#container-layout)
|
[Container layout](#container-layout)<br>
|
||||||
[Content directory](#content-directory)
|
[Content directory](#content-directory)<br>
|
||||||
[Configuration directory](#configuration-directory)
|
[Configuration directory](#configuration-directory)<br>
|
||||||
[Quick-start](#quick-start)
|
[Quick-start](#quick-start)<br>
|
||||||
[Mounting content](#mounting-content)
|
[Mounting content](#mounting-content)<br>
|
||||||
[Mounting configurations](#mounting-configurations)
|
[Mounting configurations](#mounting-configurations)<br>
|
||||||
[Mounting server-blocks](#mounting-server-blocks)
|
[Mounting server-blocks](#mounting-server-blocks)<br>
|
||||||
[TLS](#tls)
|
[TLS](#tls)<br>
|
||||||
[Environment variables](#environment-variables)
|
[Environment variables](#environment-variables)<br>
|
||||||
[Shell mode](#shell-mode)
|
[Shell mode](#shell-mode)<br>
|
||||||
[Drop to shell before NGINX loads](#drop-to-shell-before-nginx-loads)
|
[Drop to shell before NGINX loads](#drop-to-shell-before-nginx-loads)<br>
|
||||||
[Enter a running container](#enter-a-running-container)
|
[Enter a running container](#enter-a-running-container)<br>
|
||||||
[Logs](#logs)
|
[Logs](#logs)<br>
|
||||||
[Final thoughts](#final-thoughts)#final-thoughts)
|
[Final thoughts](#final-thoughts)
|
||||||
|
|
||||||
## Alternate repository
|
## Alternate repository
|
||||||
|
|
||||||
@@ -34,9 +34,13 @@ Check out the [repo wiki](https://git.asifbacchus.app/ab-docker/ab-nginx/wiki) f
|
|||||||
|
|
||||||
The container does **NOT** run under the root account. It runs under a user named *www-docker* with a UID of 8080. **This means any files you mount into the container need to be readable (and/or writable depending on your use-case) by UID 8080**. This does not mean just content files, it also includes configurations, server-blocks and *certificates*! Before mounting your files, ensure this is the case. There are more detailed instructions in the [wiki](https://git.asifbacchus.app/ab-docker/ab-nginx/wiki) if you need help setting file permissions.
|
The container does **NOT** run under the root account. It runs under a user named *www-docker* with a UID of 8080. **This means any files you mount into the container need to be readable (and/or writable depending on your use-case) by UID 8080**. This does not mean just content files, it also includes configurations, server-blocks and *certificates*! Before mounting your files, ensure this is the case. There are more detailed instructions in the [wiki](https://git.asifbacchus.app/ab-docker/ab-nginx/wiki) if you need help setting file permissions.
|
||||||
|
|
||||||
This is a significant change versus most other NGINX implementations/containers where the main process is run as root and the *worker processes* run as a limited user. In those cases, permissions don’t matter since NGINX can always use the root account to read any files (and especially certificates!) it needs. Please understand this difference.
|
This is a significant change versus most other NGINX implementations/containers where the main process is run as root
|
||||||
|
and the *worker processes* run as a limited user. In those cases, permissions don’t matter since NGINX can always use
|
||||||
|
the root account to read any files (and especially certificates!) it needs. Please understand this difference.
|
||||||
|
|
||||||
If you need to change the UID, then you’ll need to rebuild the container using the [Dockerfile in the git repo](#https://git.asifbacchus.app/ab-docker/ab-nginx). The process would be something like this:
|
If you need to change the UID, then you’ll need to rebuild the container using
|
||||||
|
the [Dockerfile in the git repo](https://git.asifbacchus.app/ab-docker/ab-nginx). The process would be something like
|
||||||
|
this:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# clone the repo
|
# clone the repo
|
||||||
@@ -249,4 +253,3 @@ I think that's everything to get you going if you are already familiar with dock
|
|||||||
If I've forgotten anything, you find any bugs or you have suggestions, please file an issue either on my private [git server ](https://git.asifbachus.app/ab-docker/ab-nginx) or on [github](https://github.com/asifbacchus/ab-nginx). Also, I am *not* affiliated with NGINX in any way, so please **do not** bother them with any issues you find with this container. Bother me instead, I actually enjoy it!
|
If I've forgotten anything, you find any bugs or you have suggestions, please file an issue either on my private [git server ](https://git.asifbachus.app/ab-docker/ab-nginx) or on [github](https://github.com/asifbacchus/ab-nginx). Also, I am *not* affiliated with NGINX in any way, so please **do not** bother them with any issues you find with this container. Bother me instead, I actually enjoy it!
|
||||||
|
|
||||||
**All the best and have fun!**
|
**All the best and have fun!**
|
||||||
|
|
||||||
|
|||||||
+86
-20
@@ -1,7 +1,7 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
### update script for ab-nginx container and utility scripts
|
### update script for ab-nginx container and utility scripts
|
||||||
# version 1.0.0
|
# version 2.0.0
|
||||||
# script by Asif Bacchus
|
# script by Asif Bacchus
|
||||||
###
|
###
|
||||||
|
|
||||||
@@ -23,40 +23,63 @@ okNotify() {
|
|||||||
printf "%s[OK]%s\n" "$ok" "$norm"
|
printf "%s[OK]%s\n" "$ok" "$norm"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
scriptHelp() {
|
||||||
|
textNewline
|
||||||
|
textblock "Update ${containerName} container and helper script files"
|
||||||
|
textblock "${bold}Usage: ${localScriptName} [parameters]${norm}"
|
||||||
|
textNewline
|
||||||
|
textblock "If run with no parameters, the script will update both the container and the helper script files, including this update script."
|
||||||
|
textblockHeader " parameters "
|
||||||
|
textblockParam "-h|-?|--help" "Display this help screen."
|
||||||
|
textblockParam "-c|--container|--container-only" "Update the docker container only."
|
||||||
|
textblockParam "-s|--scripts|--scripts-only" "Update the helper scripts (including this update script) only."
|
||||||
|
textNewline
|
||||||
|
exit 0
|
||||||
|
}
|
||||||
|
|
||||||
|
textblock() {
|
||||||
|
printf "%s\n" "$1" | fold -w "$width" -s
|
||||||
|
}
|
||||||
|
|
||||||
|
textblockHeader() {
|
||||||
|
printf "\n%s***%s***%s\n" "$header" "$1" "$norm"
|
||||||
|
}
|
||||||
|
|
||||||
|
textblockParam() {
|
||||||
|
printf "%s%-35s%s%s\n" "$info" "$1" "$2" "$norm"
|
||||||
|
}
|
||||||
|
|
||||||
|
textNewline() {
|
||||||
|
printf "\n"
|
||||||
|
}
|
||||||
|
|
||||||
### text formatting presets
|
### text formatting presets
|
||||||
if command -v tput >/dev/null 2>&1; then
|
if command -v tput >/dev/null 2>&1; then
|
||||||
|
bold=$(tput bold)
|
||||||
err=$(tput bold)$(tput setaf 1)
|
err=$(tput bold)$(tput setaf 1)
|
||||||
info=$(tput bold)$(tput setaf 6)
|
info=$(tput bold)$(tput setaf 6)
|
||||||
|
header=$(tput bold)$(tput setaf 5)
|
||||||
norm=$(tput sgr0)
|
norm=$(tput sgr0)
|
||||||
ok=$(tput sgr0)$(tput setaf 2)
|
ok=$(tput sgr0)$(tput setaf 2)
|
||||||
warn=$(tput bold)$(tput setaf 3)
|
warn=$(tput bold)$(tput setaf 3)
|
||||||
|
width=$(tput cols)
|
||||||
else
|
else
|
||||||
|
bold=''
|
||||||
err=''
|
err=''
|
||||||
info=''
|
info=''
|
||||||
|
header=''
|
||||||
norm=''
|
norm=''
|
||||||
ok=''
|
ok=''
|
||||||
warn=''
|
warn=''
|
||||||
|
width=80
|
||||||
fi
|
fi
|
||||||
|
|
||||||
### pre-requisites
|
### pre-requisites
|
||||||
|
|
||||||
# check if wget is installed
|
# check if wget is installed
|
||||||
if ! command -v wget >/dev/null 2>&1; then
|
if ! command -v wget >/dev/null 2>&1; then
|
||||||
errMsg "Sorry, this script requires that 'wget' is installed in order to download updates. Exiting."
|
errMsg "Sorry, this script requires that 'wget' is installed in order to download updates. Exiting."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# check if docker is installed
|
|
||||||
if ! command -v docker >/dev/null 2>&1; then
|
|
||||||
errMsg "Sorry, it appears that docker is not installed on this machine! Exiting."
|
|
||||||
fi
|
|
||||||
|
|
||||||
# is user root or in the docker group?
|
|
||||||
if [ ! "$(id -u)" -eq 0 ]; then
|
|
||||||
if ! id -Gn | grep docker >/dev/null; then
|
|
||||||
errMsg "You must either be root or in the 'docker' group to pull container updates."
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# zero counters
|
# zero counters
|
||||||
updatesAvailable=0
|
updatesAvailable=0
|
||||||
downloadFailed=0
|
downloadFailed=0
|
||||||
@@ -71,22 +94,63 @@ containerUpdatePath="docker.asifbacchus.app/$dockerNamespace/$containerName:late
|
|||||||
server="https://asifbacchus.app/updates/docker/$dockerNamespace/$containerName/"
|
server="https://asifbacchus.app/updates/docker/$dockerNamespace/$containerName/"
|
||||||
checksumFilename='checksums.sha256'
|
checksumFilename='checksums.sha256'
|
||||||
|
|
||||||
|
# operation triggers
|
||||||
|
doDockerUpdate=1
|
||||||
|
doScriptUpdate=1
|
||||||
|
|
||||||
# files to update
|
# files to update
|
||||||
localScriptName="$(basename "$0")"
|
localScriptName="$(basename "$0")"
|
||||||
repoScriptName='update.sh'
|
repoScriptName='update.sh'
|
||||||
|
|
||||||
### update container
|
### process startup parameters
|
||||||
printf "%s\n*** Updating %s container and service scripts ***\n\n%s" "$info" "$containerName" "$norm"
|
while [ $# -gt 0 ]; do
|
||||||
|
case "$1" in
|
||||||
|
-h | -\? | --help)
|
||||||
|
# display inline help
|
||||||
|
scriptHelp
|
||||||
|
;;
|
||||||
|
-s | --scripts | --scripts-only)
|
||||||
|
# update scripts only, skip docker container update
|
||||||
|
doDockerUpdate=0
|
||||||
|
;;
|
||||||
|
-c | --container | --container-only)
|
||||||
|
# update docker container only, skip script update
|
||||||
|
doScriptUpdate=0
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
printf "%s\nUnknown option: %s\n" "$err" "$1"
|
||||||
|
printf "%sUse '--help' for valid options%s\n\n" "$info" "$norm"
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
shift
|
||||||
|
done
|
||||||
|
|
||||||
printf "Updating container:\n"
|
### update container
|
||||||
|
if [ "$doDockerUpdate" -eq 1 ]; then
|
||||||
|
# check if docker is installed
|
||||||
|
if ! command -v docker >/dev/null 2>&1; then
|
||||||
|
errMsg "Sorry, it appears that docker is not installed on this machine! Exiting."
|
||||||
|
fi
|
||||||
|
|
||||||
|
# is user root or in the docker group?
|
||||||
|
if [ ! "$(id -u)" -eq 0 ]; then
|
||||||
|
if ! id -Gn | grep docker >/dev/null; then
|
||||||
|
errMsg "You must either be root or in the 'docker' group to pull container updates."
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
printf "%s\n*** Updating %s container ***\n\n%s" "$info" "$containerName" "$norm"
|
||||||
if ! docker pull "$containerUpdatePath"; then
|
if ! docker pull "$containerUpdatePath"; then
|
||||||
errMsg "There was an error updating the container. Try again later."
|
errMsg "There was an error updating the container. Try again later."
|
||||||
else
|
else
|
||||||
okMsg "Container updated!"
|
okMsg "Container updated!"
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
### update scripts
|
### update scripts
|
||||||
printf "%sUpdating %s service scripts%s\n" "$info" "$containerName" "$norm"
|
if [ "$doScriptUpdate" -eq 1 ]; then
|
||||||
|
printf "%s*** Updating %s service scripts ***%s\n" "$info" "$containerName" "$norm"
|
||||||
|
|
||||||
## download latest checksums
|
## download latest checksums
|
||||||
printf "Getting latest checksums... "
|
printf "Getting latest checksums... "
|
||||||
@@ -173,12 +237,14 @@ while IFS=' ' read -r field1 field2; do
|
|||||||
printf "[NONE]\n"
|
printf "[NONE]\n"
|
||||||
fi
|
fi
|
||||||
done <"$checksumFilename"
|
done <"$checksumFilename"
|
||||||
|
fi
|
||||||
|
|
||||||
### display results
|
### display results
|
||||||
printf "\n%sResults:%s\n" "$info" "$norm"
|
if [ "$doScriptUpdate" -eq 1 ]; then
|
||||||
|
printf "\n%s*** Results ***%s\n" "$info" "$norm"
|
||||||
printf "\tUpdates: %s available\n" "$updatesAvailable"
|
printf "\tUpdates: %s available\n" "$updatesAvailable"
|
||||||
printf "\tDownloads: %s%s successful%s, %s%s failed%s\n" "$ok" "$downloadSuccess" "$norm" "$err" "$downloadFailed" "$norm"
|
printf "\tDownloads: %s%s successful%s, %s%s failed%s\n" "$ok" "$downloadSuccess" "$norm" "$err" "$downloadFailed" "$norm"
|
||||||
printf "\tUpdates: %s%s applied%s, %s%s failed%s\n" "$ok" "$updateSuccess" "$norm" "$err" "$updateFailed" "$norm"
|
printf "\tUpdates: %s%s applied%s, %s%s failed%s\n" "$ok" "$updateSuccess" "$norm" "$err" "$updateFailed" "$norm"
|
||||||
|
fi
|
||||||
|
|
||||||
exit 0
|
exit 0
|
||||||
Reference in New Issue
Block a user