14 Commits

Author SHA1 Message Date
Asif Bacchus 6206ed49ff build(GIT): only include helper scripts in export archives 2021-01-15 06:28:43 -07:00
Asif Bacchus 478af79158 fix(README): fix incorrect link 2021-01-15 06:28:11 -07:00
Asif Bacchus 6f9d0ae7df style(README): force line breaks on contents items 2021-01-15 06:21:34 -07:00
Asif Bacchus db4be32b54 style(HELPERSCRIPTS): reformat code 2021-01-15 06:11:24 -07:00
Asif Bacchus 9d5c7960c9 fix(HELPERSCRIPTS): do not display file results in container-only mode 2021-01-15 06:10:04 -07:00
Asif Bacchus f53e673c3f feature(HELPERSCRIPTS): add inline help 2021-01-15 06:06:07 -07:00
Asif Bacchus 16df6570bc feature(HELPERSCRIPTS): tabular parameter help output 2021-01-15 06:05:01 -07:00
Asif Bacchus 38d6967f68 feature(HELPERSCRIPTS): add newline function, bold formatting preset 2021-01-15 05:50:01 -07:00
Asif Bacchus 0a99c75a91 feature(HELPERSCRIPTS): add text formatting functions 2021-01-15 05:47:00 -07:00
Asif Bacchus cb794e755f refactor(HELPERSCRIPTS): remove restart option
- cannot account for all possible custom configurations
- restart should be manual
2021-01-15 05:40:42 -07:00
Asif Bacchus d29bff3324 style(HELPERSCRIPTS): change results banner format to match others 2021-01-15 05:19:52 -07:00
Asif Bacchus cbaadc40c4 feature(HELPERSCRIPTS): add conditionality to script update 2021-01-15 05:18:55 -07:00
Asif Bacchus 7e96583455 feature(HELPERSCRIPTS): conditionally update docker container
- move previous prerequisite checks related to docker
2021-01-15 05:15:38 -07:00
Asif Bacchus 19a8f3a082 feature(HELPERSCRIPTS): add parameter processing skeleton 2021-01-15 05:08:03 -07:00
4 changed files with 192 additions and 119 deletions
+5 -1
View File
@@ -73,8 +73,12 @@
# #
# Exclude files from exporting # Exclude files from exporting
# only export helper scripts
# #
.gitattributes export-ignore .gitattributes export-ignore
.gitignore export-ignore .gitignore export-ignore
.vscode/* export-ignore .vscode export-ignore
.idea export-ignore
build export-ignore
README.md export-ignore
+23 -20
View File
@@ -4,23 +4,23 @@ Containerized fully-functional implementation of NGINX running on Alpine **as a
## Contents ## Contents
[Alternate repository](#alternate-repository) [Alternate repository](#alternate-repository)<br>
[Documentation and scripts](#documentation-and-scripts) [Documentation and scripts](#documentation-and-scripts)<br>
[Permissions](#permissions) [Permissions](#permissions)<br>
[Container layout](#container-layout) [Container layout](#container-layout)<br>
[Content directory](#content-directory) [Content directory](#content-directory)<br>
[Configuration directory](#configuration-directory) [Configuration directory](#configuration-directory)<br>
[Quick-start](#quick-start) [Quick-start](#quick-start)<br>
[Mounting content](#mounting-content) [Mounting content](#mounting-content)<br>
[Mounting configurations](#mounting-configurations) [Mounting configurations](#mounting-configurations)<br>
[Mounting server-blocks](#mounting-server-blocks) [Mounting server-blocks](#mounting-server-blocks)<br>
[TLS](#tls) [TLS](#tls)<br>
[Environment variables](#environment-variables) [Environment variables](#environment-variables)<br>
[Shell mode](#shell-mode) [Shell mode](#shell-mode)<br>
[Drop to shell before NGINX loads](#drop-to-shell-before-nginx-loads) [Drop to shell before NGINX loads](#drop-to-shell-before-nginx-loads)<br>
[Enter a running container](#enter-a-running-container) [Enter a running container](#enter-a-running-container)<br>
[Logs](#logs) [Logs](#logs)<br>
[Final thoughts](#final-thoughts)#final-thoughts) [Final thoughts](#final-thoughts)
## Alternate repository ## Alternate repository
@@ -34,9 +34,13 @@ Check out the [repo wiki](https://git.asifbacchus.app/ab-docker/ab-nginx/wiki) f
The container does **NOT** run under the root account. It runs under a user named *www-docker* with a UID of 8080. **This means any files you mount into the container need to be readable (and/or writable depending on your use-case) by UID 8080**. This does not mean just content files, it also includes configurations, server-blocks and *certificates*! Before mounting your files, ensure this is the case. There are more detailed instructions in the [wiki](https://git.asifbacchus.app/ab-docker/ab-nginx/wiki) if you need help setting file permissions. The container does **NOT** run under the root account. It runs under a user named *www-docker* with a UID of 8080. **This means any files you mount into the container need to be readable (and/or writable depending on your use-case) by UID 8080**. This does not mean just content files, it also includes configurations, server-blocks and *certificates*! Before mounting your files, ensure this is the case. There are more detailed instructions in the [wiki](https://git.asifbacchus.app/ab-docker/ab-nginx/wiki) if you need help setting file permissions.
This is a significant change versus most other NGINX implementations/containers where the main process is run as root and the *worker processes* run as a limited user. In those cases, permissions dont matter since NGINX can always use the root account to read any files (and especially certificates!) it needs. Please understand this difference. This is a significant change versus most other NGINX implementations/containers where the main process is run as root
and the *worker processes* run as a limited user. In those cases, permissions dont matter since NGINX can always use
the root account to read any files (and especially certificates!) it needs. Please understand this difference.
If you need to change the UID, then youll need to rebuild the container using the [Dockerfile in the git repo](#https://git.asifbacchus.app/ab-docker/ab-nginx). The process would be something like this: If you need to change the UID, then youll need to rebuild the container using
the [Dockerfile in the git repo](https://git.asifbacchus.app/ab-docker/ab-nginx). The process would be something like
this:
```bash ```bash
# clone the repo # clone the repo
@@ -249,4 +253,3 @@ I think that's everything to get you going if you are already familiar with dock
If I've forgotten anything, you find any bugs or you have suggestions, please file an issue either on my private [git server ](https://git.asifbachus.app/ab-docker/ab-nginx) or on [github](https://github.com/asifbacchus/ab-nginx). Also, I am *not* affiliated with NGINX in any way, so please **do not** bother them with any issues you find with this container. Bother me instead, I actually enjoy it! If I've forgotten anything, you find any bugs or you have suggestions, please file an issue either on my private [git server ](https://git.asifbachus.app/ab-docker/ab-nginx) or on [github](https://github.com/asifbacchus/ab-nginx). Also, I am *not* affiliated with NGINX in any way, so please **do not** bother them with any issues you find with this container. Bother me instead, I actually enjoy it!
**All the best and have fun!** **All the best and have fun!**
+163 -97
View File
@@ -1,7 +1,7 @@
#!/bin/sh #!/bin/sh
### update script for ab-nginx container and utility scripts ### update script for ab-nginx container and utility scripts
# version 1.0.0 # version 2.0.0
# script by Asif Bacchus # script by Asif Bacchus
### ###
@@ -23,40 +23,63 @@ okNotify() {
printf "%s[OK]%s\n" "$ok" "$norm" printf "%s[OK]%s\n" "$ok" "$norm"
} }
scriptHelp() {
textNewline
textblock "Update ${containerName} container and helper script files"
textblock "${bold}Usage: ${localScriptName} [parameters]${norm}"
textNewline
textblock "If run with no parameters, the script will update both the container and the helper script files, including this update script."
textblockHeader " parameters "
textblockParam "-h|-?|--help" "Display this help screen."
textblockParam "-c|--container|--container-only" "Update the docker container only."
textblockParam "-s|--scripts|--scripts-only" "Update the helper scripts (including this update script) only."
textNewline
exit 0
}
textblock() {
printf "%s\n" "$1" | fold -w "$width" -s
}
textblockHeader() {
printf "\n%s***%s***%s\n" "$header" "$1" "$norm"
}
textblockParam() {
printf "%s%-35s%s%s\n" "$info" "$1" "$2" "$norm"
}
textNewline() {
printf "\n"
}
### text formatting presets ### text formatting presets
if command -v tput >/dev/null 2>&1; then if command -v tput >/dev/null 2>&1; then
bold=$(tput bold)
err=$(tput bold)$(tput setaf 1) err=$(tput bold)$(tput setaf 1)
info=$(tput bold)$(tput setaf 6) info=$(tput bold)$(tput setaf 6)
header=$(tput bold)$(tput setaf 5)
norm=$(tput sgr0) norm=$(tput sgr0)
ok=$(tput sgr0)$(tput setaf 2) ok=$(tput sgr0)$(tput setaf 2)
warn=$(tput bold)$(tput setaf 3) warn=$(tput bold)$(tput setaf 3)
width=$(tput cols)
else else
bold=''
err='' err=''
info='' info=''
header=''
norm='' norm=''
ok='' ok=''
warn='' warn=''
width=80
fi fi
### pre-requisites ### pre-requisites
# check if wget is installed # check if wget is installed
if ! command -v wget >/dev/null 2>&1; then if ! command -v wget >/dev/null 2>&1; then
errMsg "Sorry, this script requires that 'wget' is installed in order to download updates. Exiting." errMsg "Sorry, this script requires that 'wget' is installed in order to download updates. Exiting."
fi fi
# check if docker is installed
if ! command -v docker >/dev/null 2>&1; then
errMsg "Sorry, it appears that docker is not installed on this machine! Exiting."
fi
# is user root or in the docker group?
if [ ! "$(id -u)" -eq 0 ]; then
if ! id -Gn | grep docker >/dev/null; then
errMsg "You must either be root or in the 'docker' group to pull container updates."
fi
fi
# zero counters # zero counters
updatesAvailable=0 updatesAvailable=0
downloadFailed=0 downloadFailed=0
@@ -71,114 +94,157 @@ containerUpdatePath="docker.asifbacchus.app/$dockerNamespace/$containerName:late
server="https://asifbacchus.app/updates/docker/$dockerNamespace/$containerName/" server="https://asifbacchus.app/updates/docker/$dockerNamespace/$containerName/"
checksumFilename='checksums.sha256' checksumFilename='checksums.sha256'
# operation triggers
doDockerUpdate=1
doScriptUpdate=1
# files to update # files to update
localScriptName="$(basename "$0")" localScriptName="$(basename "$0")"
repoScriptName='update.sh' repoScriptName='update.sh'
### update container ### process startup parameters
printf "%s\n*** Updating %s container and service scripts ***\n\n%s" "$info" "$containerName" "$norm" while [ $# -gt 0 ]; do
case "$1" in
-h | -\? | --help)
# display inline help
scriptHelp
;;
-s | --scripts | --scripts-only)
# update scripts only, skip docker container update
doDockerUpdate=0
;;
-c | --container | --container-only)
# update docker container only, skip script update
doScriptUpdate=0
;;
*)
printf "%s\nUnknown option: %s\n" "$err" "$1"
printf "%sUse '--help' for valid options%s\n\n" "$info" "$norm"
exit 1
;;
esac
shift
done
printf "Updating container:\n" ### update container
if ! docker pull "$containerUpdatePath"; then if [ "$doDockerUpdate" -eq 1 ]; then
errMsg "There was an error updating the container. Try again later." # check if docker is installed
else if ! command -v docker >/dev/null 2>&1; then
okMsg "Container updated!" errMsg "Sorry, it appears that docker is not installed on this machine! Exiting."
fi
# is user root or in the docker group?
if [ ! "$(id -u)" -eq 0 ]; then
if ! id -Gn | grep docker >/dev/null; then
errMsg "You must either be root or in the 'docker' group to pull container updates."
fi
fi
printf "%s\n*** Updating %s container ***\n\n%s" "$info" "$containerName" "$norm"
if ! docker pull "$containerUpdatePath"; then
errMsg "There was an error updating the container. Try again later."
else
okMsg "Container updated!"
fi
fi fi
### update scripts ### update scripts
printf "%sUpdating %s service scripts%s\n" "$info" "$containerName" "$norm" if [ "$doScriptUpdate" -eq 1 ]; then
printf "%s*** Updating %s service scripts ***%s\n" "$info" "$containerName" "$norm"
## download latest checksums ## download latest checksums
printf "Getting latest checksums... " printf "Getting latest checksums... "
if ! wget --quiet --tries=3 --timeout=10 -N "${server}${checksumFilename}"; then if ! wget --quiet --tries=3 --timeout=10 -N "${server}${checksumFilename}"; then
errNotify
errMsg "Unable to download checksums. Try again later."
else
okNotify
fi
## check for updates to this script
printf "Checking for updates to this script... "
repoScriptChecksum=$(grep "$repoScriptName" "$checksumFilename" | grep -o '^\S*')
localScriptChecksum=$(sha256sum "$localScriptName" | grep -o '^\S*')
if [ "$localScriptChecksum" = "$repoScriptChecksum" ]; then
printf "[NONE]\n"
else
printf "[AVAILABLE]\n"
printf "Getting updated script... "
# download updated script
if ! wget --quiet --tries=3 --timeout=10 -O "update.sh.tmp" "${server}${repoScriptName}"; then
errNotify errNotify
# delete failed download as necessary errMsg "Unable to download checksums. Try again later."
rm -f ./update.sh.tmp 2>/dev/null
errMsg "Unable to download script update. Try again later."
else else
# verify download okNotify
dlScriptChecksum=$(sha256sum "update.sh.tmp" | grep -o '^\S*') fi
if ! [ "$dlScriptChecksum" = "$repoScriptChecksum" ]; then
printf "[ERROR]\n" ## check for updates to this script
# delete corrupt download as necessary printf "Checking for updates to this script... "
repoScriptChecksum=$(grep "$repoScriptName" "$checksumFilename" | grep -o '^\S*')
localScriptChecksum=$(sha256sum "$localScriptName" | grep -o '^\S*')
if [ "$localScriptChecksum" = "$repoScriptChecksum" ]; then
printf "[NONE]\n"
else
printf "[AVAILABLE]\n"
printf "Getting updated script... "
# download updated script
if ! wget --quiet --tries=3 --timeout=10 -O "update.sh.tmp" "${server}${repoScriptName}"; then
errNotify
# delete failed download as necessary
rm -f ./update.sh.tmp 2>/dev/null rm -f ./update.sh.tmp 2>/dev/null
errMsg "Checksum mismatch! Try again later." errMsg "Unable to download script update. Try again later."
else else
okNotify # verify download
printf "\n%s*** This script has been updated. Please re-run it to load the updated version of this file. ***%s\n\n" "$warn" "$norm" dlScriptChecksum=$(sha256sum "update.sh.tmp" | grep -o '^\S*')
# overwrite this script with updated script if ! [ "$dlScriptChecksum" = "$repoScriptChecksum" ]; then
mv -f ./update.sh.tmp "$localScriptName" printf "[ERROR]\n"
# delete corrupt download as necessary
rm -f ./update.sh.tmp 2>/dev/null
errMsg "Checksum mismatch! Try again later."
else
okNotify
printf "\n%s*** This script has been updated. Please re-run it to load the updated version of this file. ***%s\n\n" "$warn" "$norm"
# overwrite this script with updated script
mv -f ./update.sh.tmp "$localScriptName"
fi
fi fi
fi fi
fi
## update files ## update files
while IFS=' ' read -r field1 field2; do while IFS=' ' read -r field1 field2; do
printf "\nChecking '%s' for updates... " "$field2" printf "\nChecking '%s' for updates... " "$field2"
updateFilename="$field2" updateFilename="$field2"
repoFileChecksum="$field1" repoFileChecksum="$field1"
if [ -f "$updateFilename" ]; then if [ -f "$updateFilename" ]; then
localFileChecksum=$(sha256sum "$updateFilename" | grep -o '^\S*') localFileChecksum=$(sha256sum "$updateFilename" | grep -o '^\S*')
else
localFileChecksum=0
fi
# update file if necessary
if ! [ "$localFileChecksum" = "$repoFileChecksum" ]; then
printf "[AVAILABLE]\n"
updatesAvailable=$((updatesAvailable + 1))
# download update
printf "Downloading updated '%s'... " "$updateFilename"
if ! wget --quiet --tries=3 --timeout=10 -O "$updateFilename.tmp" "${server}${updateFilename}"; then
errNotify
downloadFailed=$((downloadFailed + 1))
# delete failed download file as necessary
rm -f "$updateFilename.tmp" 2>&1
else else
okNotify localFileChecksum=0
downloadSuccess=$((downloadSuccess + 1)) fi
# verify download
printf "Verifying '%s'... " "$updateFilename" # update file if necessary
localFileChecksum=$(sha256sum "$updateFilename.tmp" | grep -o '^\S*') if ! [ "$localFileChecksum" = "$repoFileChecksum" ]; then
if ! [ "$localFileChecksum" = "$repoFileChecksum" ]; then printf "[AVAILABLE]\n"
updatesAvailable=$((updatesAvailable + 1))
# download update
printf "Downloading updated '%s'... " "$updateFilename"
if ! wget --quiet --tries=3 --timeout=10 -O "$updateFilename.tmp" "${server}${updateFilename}"; then
errNotify errNotify
updateFailed=$((updateFailed + 1)) downloadFailed=$((downloadFailed + 1))
# delete corrupted download file as necessary # delete failed download file as necessary
rm -f "$updateFilename.tmp" 2>&1 rm -f "$updateFilename.tmp" 2>&1
else else
okNotify okNotify
updateSuccess=$((updateSuccess + 1)) downloadSuccess=$((downloadSuccess + 1))
# overwrite old version of file # verify download
mv -f "$updateFilename.tmp" "$updateFilename" printf "Verifying '%s'... " "$updateFilename"
localFileChecksum=$(sha256sum "$updateFilename.tmp" | grep -o '^\S*')
if ! [ "$localFileChecksum" = "$repoFileChecksum" ]; then
errNotify
updateFailed=$((updateFailed + 1))
# delete corrupted download file as necessary
rm -f "$updateFilename.tmp" 2>&1
else
okNotify
updateSuccess=$((updateSuccess + 1))
# overwrite old version of file
mv -f "$updateFilename.tmp" "$updateFilename"
fi
fi fi
else
printf "[NONE]\n"
fi fi
else done <"$checksumFilename"
printf "[NONE]\n" fi
fi
done <"$checksumFilename"
### display results ### display results
printf "\n%sResults:%s\n" "$info" "$norm" if [ "$doScriptUpdate" -eq 1 ]; then
printf "\tUpdates: %s available\n" "$updatesAvailable" printf "\n%s*** Results ***%s\n" "$info" "$norm"
printf "\tDownloads: %s%s successful%s, %s%s failed%s\n" "$ok" "$downloadSuccess" "$norm" "$err" "$downloadFailed" "$norm" printf "\tUpdates: %s available\n" "$updatesAvailable"
printf "\tUpdates: %s%s applied%s, %s%s failed%s\n" "$ok" "$updateSuccess" "$norm" "$err" "$updateFailed" "$norm" printf "\tDownloads: %s%s successful%s, %s%s failed%s\n" "$ok" "$downloadSuccess" "$norm" "$err" "$downloadFailed" "$norm"
printf "\tUpdates: %s%s applied%s, %s%s failed%s\n" "$ok" "$updateSuccess" "$norm" "$err" "$updateFailed" "$norm"
fi
exit 0 exit 0