refactor(helpers): remove dhparams check

- container now auto-generates this file if needed

.idea/.idea.ab-nginx.dir/.idea/vcs.xml

@@ -2,11 +2,18 @@
 <project version="4">
   <component name="CommitMessageInspectionProfile">
     <profile version="1.0">
-      <inspection_tool class="BodyLimit" enabled="true" level="ERROR" enabled_by_default="true" />
+      <inspection_tool class="BodyLimit" enabled="true" level="WEAK WARNING" enabled_by_default="true" />
       <inspection_tool class="SubjectBodySeparation" enabled="true" level="ERROR" enabled_by_default="true" />
-      <inspection_tool class="SubjectLimit" enabled="true" level="ERROR" enabled_by_default="true" />
+      <inspection_tool class="SubjectLimit" enabled="true" level="WARNING" enabled_by_default="true" />
     </profile>
   </component>
+  <component name="GitSharedSettings">
+    <option name="FORCE_PUSH_PROHIBITED_PATTERNS">
+      <list>
+        <option value="master main" />
+      </list>
+    </option>
+  </component>
   <component name="VcsDirectoryMappings">
     <mapping directory="$PROJECT_DIR$" vcs="Git" />
   </component>

helpers/ab-nginx.params.template

@@ -1,156 +0,0 @@
-###
-### Parameters for use by ab-nginx helper script
-###
-### If you are NOT using the 'ab-nginx.sh' script file to start the container,
-### then you don't have to do anything with this file.
-###
-
-
-#
-# Network options
-#
-
-# If you want to specify a network to which this container should bind or one
-# that should be created, then use this variable. If you don't know what this
-# means or if you just want to use the default, leave this variable commented.
-# REQUIRED: NO
-# DEFAULT: nginx_network
-# VALID OPTIONS: network names acceptable to the docker engine
-#NETWORK=nginx_network
-
-# If you want to specify a particular IP subnet for the network to be created
-# as per the above variable, specify it here.  Again, if you don't know what
-# this means, just leave this variable commented.
-# REQUIRED: NO
-# DEFAULT: '172.31.254.0/24'
-# VALID OPTIONS: subnet in CIDR format
-#SUBNET='172.31.254.0/24'
-
-
-#
-# Timezone
-#
-
-# This doesn't impact any functionality of the container, but it does make your
-# logs easier to understand if they report the correct local time, right? Valid
-# options can be found at
-#   https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
-# REQUIRED: NO
-# DEFAULT: Etc/UTC
-# VALID OPTIONS: IANA time zones in TZ format
-#TZ=Etc/UTC
-
-
-#
-# NGINX options
-#
-
-# Hostnames to which this instance of NGINX should answer:
-# By default, this is set to '_' meaning 'match anything'.  However, that won't
-# work if you're using SSL certificates! Multiple hostnames must be space
-# delimited and "enclosed in quotes".
-#
-# This is NOT required if you are supplying your own server blocks via
-# 'SERVERS_DIR'
-#
-# REQUIRED: YES, if using SSL and default server-blocks
-# DEFAULT: "_"
-#HOSTNAMES="domain.tld www.domain.tld server.domain.tld alt.domain.tld"
-
-# Ports to listen on:
-# If you need to use ports other than HTTP=80 and HTTPS=443, remember to set up
-# your server blocks accordingly!
-#
-# If you're using the default server-blocks, they will auto-adjust to whatever
-# you use here.
-# REQUIRED: NO
-# DEFAULTS: 80 and 443, respectively
-#HTTP_PORT=80
-#HTTPS_PORT=443
-
-# Access logging (global preference):
-# Unless overridden in a server/location block, access logging will be handled
-# according to this setting. Logs are printed to the container console.
-# REQUIRED: NO
-# DEFAULT: OFF
-# VALID OPTIONS: 'ON' or 'OFF'
-#ACCESS_LOG=OFF
-
-
-#
-# Content locations
-# Whatever you specify here will replace the default files in the container with
-# your content/configurations. You may comment any/all of the following lines to
-# disable them use the container defaults.
-#
-
-# Specify a directory containing your NGINX configurations (if any)
-# Remember that these will be all be applied in the HTTP configuration context.
-# Only files with a ".conf" extension will be loaded!  If you want to disable a
-# file, simply change its extension (i.e. '.conf.disabled').
-#
-# REMEMBER: Your configuration files must be readable by UID 8080!
-CONFIG_DIR=$(pwd)/config
-
-# Specify a directory containing your NGINX server-block configurations (if any)
-# If you are just serving static content from the 'webroot', you can use the
-# container default server-blocks and comment this variable.
-#
-# More likely, you will have your own server blocks.  Remember, files are
-# processed in order so consider starting file names with numbers
-#   (i.e. 00-first_server.conf, 05-second_server.conf)
-#
-# Only files with a ".conf" extension will be loaded!  If you want to disable a
-#   file, simply change its extension (i.e. '.conf.disabled').
-#
-# REMEMBER: Your server-block files must be readable by UID 8080!
-SERVERS_DIR=$(pwd)/sites
-
-# Specify a directory containing 'snippets' of NGINX code you want/need to
-# reference in other configuration files. Pointers to other SSL certificates for
-# hosted domains or commonly used headers are good examples.
-#
-# You can then "include /etc/nginx/snippets/yourSnippet.conf;" in your configs
-# instead of having to type the same thing many times.
-
-# This is totally optional! Comment this variable to disable it.
-# REMEMBER: Your snippets must be readable by UID 8080!
-SNIPPETS_DIR=$(pwd)/snippets
-
-# Specify a directory with the content you want to serve.
-# REMEMBER: This directory must be readable by UID 8080!
-WEBROOT_DIR=/var/www
-
-
-#
-# SSL options:
-#
-
-# Enable HSTS only AFTER you've tested SSL implementation!  Container sets the
-# header to require SSL for 6 months! Subdomains are NOT included.
-# REQUIRED: NO
-# DEFAULT: FALSE
-# VALID OPTIONS: 'TRUE', 'FALSE'
-#HSTS=FALSE
-
-# TLS 1.3 mode:
-#   If 'FALSE' (default), NGINX will accept both TLS 1.2 and 1.3 connections.
-#   If 'TRUE', only TLS 1.3 connections will be accepted.
-#TLS13_ONLY=FALSE
-
-
-#
-# Certificate files
-#
-# If you are mounting symlinks you MUST specify the full path of the symlink so
-# the target is resolved! DH (Diffie-Hellman Parameters file) is only required
-# if using TLS 1.2.
-#
-# REMEMBER: ALL files must be readble by UID 8080!
-#SSL_CERT=/path/to/your/ssl-certificate/fullchain.pem
-#SSL_KEY=/path/to/your/ssl-private-key/privkey.pem
-#SSL_CHAIN=/path/to/your/ssl-certificate-chain/chain.pem
-#DH=/path/to/your/diffie-hellman-parameters-file/dhparam.pem
-
-
-#EOF

helpers/ab-nginx.sh

@@ -4,25 +4,27 @@
 # start ab-nginx container using params file variables
 #
 
+# TODO: add stop & stop and remove commands
+
 # text formatting presets
 if command -v tput >/dev/null; then
-  cyan=$(tput bold)$(tput setaf 6)
+    cyan=$(tput bold)$(tput setaf 6)
-  err=$(tput bold)$(tput setaf 1)
+    err=$(tput bold)$(tput setaf 1)
-  magenta=$(tput sgr0)$(tput setaf 5)
+    magenta=$(tput sgr0)$(tput setaf 5)
-  norm=$(tput sgr0)
+    norm=$(tput sgr0)
-  yellow=$(tput sgr0)$(tput setaf 3)
+    yellow=$(tput sgr0)$(tput setaf 3)
-  width=$(tput cols)
+    width=$(tput cols)
 else
-  cyan=''
+    cyan=''
-  err=''
+    err=''
-  magenta=''
+    magenta=''
-  norm=''
+    norm=''
-  yellow=''
+    yellow=''
-  width=80
+    width=80
 fi
 
 ### parameter defaults
-shell=false
+doShell=false
 container_name="ab-nginx"
 NETWORK='nginx_network'
 SUBNET='172.31.254.0/24'
@@ -36,77 +38,80 @@ unset vmount
 ### functions
 
 checkExist() {
-  if [ "$1" = 'file' ]; then
+    if [ "$1" = 'file' ]; then
-    if [ ! -f "$2" ]; then
+        if [ ! -f "$2" ]; then
-      printf "%s\nCannot find file: '$2'. Exiting.\n%s" "$err" "$norm"
+            printf "%s\nCannot find file: '$2'. Exiting.\n%s" "$err" "$norm"
-      exit 3
+            exit 3
+        fi
+    elif [ "$1" = 'dir' ]; then
+        if [ ! -d "$2" ]; then
+            printf "%s\nCannot find directory: '$2'. Exiting.\n$%s" "$err" "$norm"
+            exit 3
+        fi
     fi
-  elif [ "$1" = 'dir' ]; then
+    return 0
-    if [ ! -d "$2" ]; then
-      printf "%s\nCannot find directory: '$2'. Exiting.\n$%s" "$err" "$norm"
-      exit 3
-    fi
-  fi
-  return 0
 }
 
 scriptHelp() {
-  printf "\n%s%1000s\n" "$magenta" | tr " " "-" | cut -c -$width
+    printf "\n%s" "$magenta"
-  printf "%s" "$norm"
+    printf '%.0s-' $(seq "$width")
-  textblock "This is a simple helper script so you can avoid typing lengthy commands when working with the ab-nginx container."
+    printf "\n%s" "$norm"
-  textblock "The script reads the contents of 'ab-nginx.params' and constructs various 'docker run' commands based on that file. The biggest time-saver is working with certificates. If they are specified in the params file, the script will automatically bind-mount them so nginx serves content via SSL by default."
+    textBlock "This is a simple helper script so you can avoid typing lengthy commands when working with the ab-nginx container."
-  newline
+    textBlock "The script reads the contents of 'ab-nginx.params' and constructs various 'docker run' commands based on that file. The biggest time-saver is working with certificates. If they are specified in the params file, the script will automatically bind-mount them so nginx serves content via SSL by default."
-  textblock "If you run the script with no parameters, it will execute the container 'normally': Run in detached mode with nginx automatically launched. If you specified certificates, nginx will serve over SSL by default."
+    newline
-  textblock "Note: Containers (except shell) are always set to restart 'unless-stopped'. You must remove them manually if desired."
+    textBlock "If you run the script with no parameters, it will execute the container 'normally': Run in detached mode with nginx automatically launched. If you specified certificates, nginx will serve over SSL by default."
-  printf "%s" "$magenta"
+    textBlock "Note: Containers (except shell) are always set to restart 'unless-stopped'. You must remove them manually if desired."
-  newline
+    printf "%s" "$magenta"
-  textblock "The script has the following (optional) parameters:"
+    newline
-  textblockParam 'parameter in cyan' 'default in yellow'
+    textBlock "The script has the following (optional) parameters:"
-  newline
+    textBlockParam 'parameter in cyan' 'default in yellow'
-  textblockParam '-n|--name' 'ab-nginx'
+    newline
-  textblock "Change the name of the container. This is cosmetic and does not affect operation in any way."
+    textBlockParam '-n|--name' 'ab-nginx'
-  newline
+    textBlock "Set the name of the container, otherwise the default will be used."
-  textblockParam '-s|--shell' 'off: run in detached mode'
+    newline
-  textblock "Enter the container using an interactive POSIX shell. This happens after startup operations but *before* nginx is actually started. This is a great way to see configuration changes possibly stopping nginx from starting normally."
+    textBlockParam'-s|--shell' 'off: run in detached mode'
-  printf "%s" "$yellow"
+    textBlock "Enter the container using an interactive ASH/BusyBox shell. This happens after startup operations but *before* nginx is actually started. This is a great way to see configuration changes possibly stopping nginx from starting normally."
-  newline
+    printf "%s" "$yellow"
-  textblock "More information can be found at: https://git.asifbacchus.app/ab-docker/ab-nginx/wiki"
+    newline
-  printf "%s%1000s\n" "$magenta" | tr " " "-" | cut -c -$width
+    textBlock"More information can be found at: https://git.asifbacchus.dev/ab-docker/ab-nginx/wiki"
-  exit 0
+    printf "\n%s" "$magenta"
+    printf '%.0s-' $(seq "$width")
+    printf "\n%s" "$norm"
+    exit 0
 }
 
 newline() {
-  printf "\n"
+    printf "\n"
 }
 
-textblock() {
+textBlock() {
-  printf "%s\n" "$1" | fold -w "$width" -s
+    printf "%s\n" "$1" | fold -w "$width" -s
 }
 
-textblockParam() {
+textBlockParam() {
-  if [ -z "$2" ]; then
+    if [ -z "$2" ]; then
-    # no default
+        # no default
-    printf "%s%s%s\n" "$cyan" "$1" "$norm"
+        printf "%s%s%s\n" "$cyan" "$1" "$norm"
-  else
+    else
-    # default param provided
+        # default param provided
-    printf "%s%s %s(%s)%s\n" "$cyan" "$1" "$yellow" "$2" "$norm"
+        printf "%s%s %s(%s)%s\n" "$cyan" "$1" "$yellow" "$2" "$norm"
-  fi
+    fi
 }
 
 ### pre-requisite checks
 
 # is docker installed?
-if ! command -v docker > /dev/null; then
+if ! command -v docker >/dev/null; then
-  printf "%s\nCannot find docker... is it installed?\n%s" "$err" "$norm"
+    printf "%s\nCannot find docker... is it installed?\n%s" "$err" "$norm"
-  exit 2
+    exit 2
 fi
 
 # is user root or in the docker group?
 if [ ! "$(id -u)" -eq 0 ]; then
-  if ! id -Gn | grep docker >/dev/null; then
+    if ! id -Gn | grep docker >/dev/null; then
-    printf "%s\nYou must either be root or in the 'docker' group to run this script since you must be able to actually start the container! Exiting.\n$%s" "$err" "$norm"
+        printf "%s\nYou must either be root or in the 'docker' group to run this script since you must be able to actually start the container! Exiting.\n$%s" "$err" "$norm"
-    exit 2
+        exit 2
-  fi
+    fi
 fi
 
 # does the params file exist?
@@ -117,7 +122,7 @@ checkExist 'file' './ab-nginx.params'
 
 # fix case of TLS13_ONLY var
 if [ "$TLS13_ONLY" ]; then
-  TLS13_ONLY=$(printf "%s" "$TLS13_ONLY" | tr "[:lower:]" "[:upper:]")
+    TLS13_ONLY=$(printf "%s" "$TLS13_ONLY" | tr "[:lower:]" "[:upper:]")
 fi
 
 # check for certs if using SSL
@@ -125,43 +130,33 @@ if [ "$SSL_CERT" ]; then checkExist 'file' "$SSL_CERT"; fi
 if [ "$SSL_KEY" ]; then checkExist 'file' "$SSL_KEY"; fi
 if [ "$SSL_CHAIN" ]; then checkExist 'file' "$SSL_CHAIN"; fi
 
-# check for DHparam if using TLS1.2
-if [ "$SSL_CERT" ] && [ "$TLS13_ONLY" = 'FALSE' ]; then
-  if [ -z "$DH" ]; then
-    printf "%s\nA DHparam file must be specified when using TLS 1.2. Exiting.%s\n" "$err" "$norm"
-    exit 5
-  else
-    checkExist 'file' "$DH"
-  fi
-fi
-
 # check if specified config directory exists
 if [ "$CONFIG_DIR" ]; then
-  checkExist 'dir' "$CONFIG_DIR"
+    checkExist 'dir' "$CONFIG_DIR"
 fi
 
 # check if specified server-block directory exists
 if [ "$SERVERS_DIR" ]; then
-  checkExist 'dir' "$SERVERS_DIR"
+    checkExist 'dir' "$SERVERS_DIR"
 fi
 
 # check if specified webroot directory exists
 if [ "$WEBROOT_DIR" ]; then
-  checkExist 'dir' "$WEBROOT_DIR"
+    checkExist 'dir' "$WEBROOT_DIR"
 fi
 
 # set up volume mounts
 if [ "$CONFIG_DIR" ]; then
-  vmount="$vmount -v $CONFIG_DIR:/etc/nginx/config"
+    vmount="$vmount -v $CONFIG_DIR:/etc/nginx/config"
 fi
 if [ "$SERVERS_DIR" ]; then
-  vmount="$vmount -v $SERVERS_DIR:/etc/nginx/sites"
+    vmount="$vmount -v $SERVERS_DIR:/etc/nginx/sites"
 fi
 if [ "$SNIPPETS_DIR" ]; then
-  vmount="$vmount -v $SNIPPETS_DIR:/etc/nginx/snippets"
+    vmount="$vmount -v $SNIPPETS_DIR:/etc/nginx/snippets"
 fi
 if [ "$WEBROOT_DIR" ]; then
-  vmount="$vmount -v $WEBROOT_DIR:/usr/share/nginx/html"
+    vmount="$vmount -v $WEBROOT_DIR:/usr/share/nginx/html"
 fi
 # trim leading whitespace
 vmount=${vmount##[[:space:]]}
@@ -171,129 +166,111 @@ if [ -z "$HOSTNAMES" ]; then HOSTNAMES="_"; fi
 
 # process startup parameters
 while [ $# -gt 0 ]; do
-  case "$1" in
+    case "$1" in
-  -h | -\? | --help)
+    -h | -\? | --help)
-    # display help
+        # display help
-    scriptHelp
+        scriptHelp
-    exit 0
+        exit 0
-    ;;
+        ;;
-  -s | --shell)
+    -s | --shell)
-    # start shell instead of default CMD
+        # start shell instead of default CMD
-    shell=true
+        doShell=true
-    ;;
+        ;;
-  -n | --name)
+    -n | --name)
-    # container name
+        # container name
-    if [ -z "$2" ]; then
+        if [ -z "$2" ]; then
-      printf "%s\nNo container name specified. Exiting.\n%s" "$err" "$norm"
+            printf "%s\nNo container name specified. Exiting.\n%s" "$err" "$norm"
-      exit 1
+            exit 1
-    fi
+        fi
-    container_name="$2"
+        container_name="$2"
+        shift
+        ;;
+    *)
+        printf "%s\nUnknown option: %s\n" "$err" "$1"
+        printf "Use '--help' for valid options.\n\n%s" "$norm"
+        exit 1
+        ;;
+    esac
     shift
-    ;;
-  *)
-    printf "%s\nUnknown option: %s\n" "$err" "$1"
-    printf "Use '--help' for valid options.\n\n%s" "$norm"
-    exit 1
-    ;;
-  esac
-  shift
 done
 
 # create network if it doesn't already exist
 docker network inspect ${NETWORK} >/dev/null 2>&1 ||
-  docker network create \
+    docker network create \
-    --attachable \
+        --attachable \
-    --driver=bridge \
+        --driver=bridge \
-    --subnet=${SUBNET} \
+        --subnet=${SUBNET} \
-    ${NETWORK}
+        ${NETWORK}
 
 # run without TLS
 if [ -z "$SSL_CERT" ]; then
-  if [ $shell = 'true' ]; then
+    if [ "$doShell" = 'true' ]; then
-    # exec shell
+        # exec shell
-    printf "%s\nRunning SHELL on %s...%s\n" "$cyan" "$container_name" "$norm"
+        printf "%s\nRunning SHELL on %s...%s\n" "$cyan" "$container_name" "$norm"
-    docker run --rm -it --name "${container_name}" \
+        # shellcheck disable=SC2086
-      --env-file ab-nginx.params \
+        docker run --rm -it --name "${container_name}" \
-      -e SERVER_NAMES="$HOSTNAMES" \
+            --env-file ab-nginx.params \
-      $vmount \
+            --user="${NGINX_UID:-8080}:${NGINX_GID:-8080}" \
-      --network=${NETWORK} \
+            -e SERVER_NAMES="$HOSTNAMES" \
-      -p ${HTTP_PORT}:80 \
+            $vmount \
-      docker.asifbacchus.app/nginx/ab-nginx:latest /bin/sh
+            --network=${NETWORK} \
-  else
+            -p ${HTTP_PORT}:80 \
-    # exec normally
+            docker.asifbacchus.dev/nginx/ab-nginx:latest /bin/sh
-    printf "%s\nRunning NGINX on %s...%s\n" "$cyan" "$container_name" "$norm"
+    else
-    docker run -d --name "${container_name}" \
+        # exec normally
-      --env-file ab-nginx.params \
+        printf "%s\nRunning NGINX on %s...%s\n" "$cyan" "$container_name" "$norm"
-      -e SERVER_NAMES="$HOSTNAMES" \
+        # shellcheck disable=SC2086
-      $vmount \
+        docker run -d --name "${container_name}" \
-      --network=${NETWORK} \
+            --env-file ab-nginx.params \
-      -p ${HTTP_PORT}:80 \
+            --user="${NGINX_UID:-8080}:${NGINX_GID:-8080}" \
-      --restart unless-stopped \
+            -e SERVER_NAMES="$HOSTNAMES" \
-      docker.asifbacchus.app/nginx/ab-nginx:latest
+            $vmount \
-  fi
+            --network=${NETWORK} \
-# run with TLS1.2
+            -p ${HTTP_PORT}:80 \
-elif [ "$SSL_CERT" ] && [ "$TLS13_ONLY" = 'FALSE' ]; then
+            --restart unless-stopped \
-  if [ $shell = 'true' ]; then
+            docker.asifbacchus.dev/nginx/ab-nginx:${TAG:-latest}
-    # exec shell
+    fi
-    printf "%s\nRunning SHELL on %s (TLS 1.2)...%s\n" "$cyan" "$container_name" "$norm"
+# run with TLS
-    docker run --rm -it --name "${container_name}" \
+else
-      --env-file ab-nginx.params \
+    if [ "$doShell" = 'true' ]; then
-      -e SERVER_NAMES="$HOSTNAMES" \
+        if [ "$TLS13_ONLY" = 'FALSE' ]; then
-      $vmount \
+            printf "%s\nRunning SHELL on %s (TLS 1.2)...%s\n" "$cyan" "$container_name" "$norm"
-      --network=${NETWORK} \
+        else
-      -v "$SSL_CERT":/certs/fullchain.pem:ro \
+            printf "%s\nRunning SHELL on %s (TLS 1.3)...%s\n" "$cyan" "$container_name" "$norm"
-      -v "$SSL_KEY":/certs/privkey.pem:ro \
+        fi
-      -v "$SSL_CHAIN":/certs/chain.pem:ro \
+        # shellcheck disable=SC2086
-      -v "$DH":/certs/dhparam.pem:ro \
+        docker run --rm -it --name "${container_name}" \
-      -p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \
+            --env-file ab-nginx.params \
-      docker.asifbacchus.app/nginx/ab-nginx:latest /bin/sh
+            --user="${NGINX_UID:-8080}:${NGINX_GID:-8080}" \
-  else
+            -e SERVER_NAMES="$HOSTNAMES" \
-    # exec normally
+            $vmount \
-    printf "%s\nRunning NGINX on %s (TLS 1.2)...%s\n" "$cyan" "$container_name" "$norm"
+            --network=${NETWORK} \
-    docker run -d --name "${container_name}" \
+            -v "$SSL_CERT":/certs/fullchain.pem:ro \
-      --env-file ab-nginx.params \
+            -v "$SSL_KEY":/certs/privkey.pem:ro \
-      -e SERVER_NAMES="$HOSTNAMES" \
+            -v "$SSL_CHAIN":/certs/chain.pem:ro \
-      $vmount \
+            -p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \
-      --network=${NETWORK} \
+            docker.asifbacchus.dev/nginx/ab-nginx:${TAG:-latest} /bin/sh
-      -v "$SSL_CERT":/certs/fullchain.pem:ro \
+    else
-      -v "$SSL_KEY":/certs/privkey.pem:ro \
+        if [ "$TLS13_ONLY" = 'FALSE' ]; then
-      -v "$SSL_CHAIN":/certs/chain.pem:ro \
+            printf "%s\nRunning NGINX on %s (TLS 1.2)...%s\n" "$cyan" "$container_name" "$norm"
-      -v "$DH":/certs/dhparam.pem:ro \
+        else
-      -p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \
+            printf "%s\nRunning NGINX on %s (TLS 1.3)...%s\n" "$cyan" "$container_name" "$norm"
-      --restart unless-stopped \
+        fi
-      docker.asifbacchus.app/nginx/ab-nginx:latest
+        # shellcheck disable=SC2086
-  fi
+        docker run -d --name "${container_name}" \
-# run with TLS1.3
+            --env-file ab-nginx.params \
-elif [ "$SSL_CERT" ] && [ "$TLS13_ONLY" = 'TRUE' ]; then
+            --user="${NGINX_UID:-8080}:${NGINX_GID:-8080}" \
-  if [ $shell = 'true' ]; then
+            -e SERVER_NAMES="$HOSTNAMES" \
-    # exec shell
+            $vmount \
-    printf "%s\nRunning SHELL on %s (TLS 1.3)...%s\n" "$cyan" "$container_name" "$norm"
+            --network=${NETWORK} \
-    docker run --rm -it --name "${container_name}" \
+            -v "$SSL_CERT":/certs/fullchain.pem:ro \
-      --env-file ab-nginx.params \
+            -v "$SSL_KEY":/certs/privkey.pem:ro \
-      -e SERVER_NAMES="$HOSTNAMES" \
+            -v "$SSL_CHAIN":/certs/chain.pem:ro \
-      $vmount \
+            -p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \
-      --network=${NETWORK} \
+            --restart unless-stopped \
-      -v "$SSL_CERT":/certs/fullchain.pem:ro \
+            docker.asifbacchus.dev/nginx/ab-nginx:${TAG:-latest}
-      -v "$SSL_KEY":/certs/privkey.pem:ro \
+    fi
-      -v "$SSL_CHAIN":/certs/chain.pem:ro \
-      -p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \
-      docker.asifbacchus.app/nginx/ab-nginx:latest /bin/sh
-  else
-    # exec normally
-    printf "%s\nRunning NGINX on %s (TLS 1.3)...%s\n" "$cyan" "$container_name" "$norm"
-    docker run -d --name "${container_name}" \
-      --env-file ab-nginx.params \
-      -e SERVER_NAMES="$HOSTNAMES" \
-      $vmount \
-      --network=${NETWORK} \
-      -v "$SSL_CERT":/certs/fullchain.pem:ro \
-      -v "$SSL_KEY":/certs/privkey.pem:ro \
-      -v "$SSL_CHAIN":/certs/chain.pem:ro \
-      -p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \
-      --restart unless-stopped \
-      docker.asifbacchus.app/nginx/ab-nginx:latest
-  fi
 fi
 
 ### exit gracefully
-exit 0
+exit 0

helpers/sites/readme

@@ -1,11 +1,11 @@
 - Place all your server block configuration files in this directory
 - This path should be bind-mounted to the container at:
   '/etc/nginx/sites'
-    - this bind-mount will override the test pages included in the container by 
+    - this bind-mount will override the default server configurations
-        default.
+        included in the container by default.
 - All files should begin in the 'server' configuration context
 - ONLY files that end with '.conf' will be processed!
-    - if you want to keep a file for reference or disable it temporarily, 
+    - if you want to keep a file for reference or disable it temporarily,
         simply change the extension.  I like using '.conf.disabled'.
-- If you don't want to use this directory, you can bind-mount any other 
+- If you don't want to use this directory, you can bind-mount any other
   directory you want to '/etc/nginx/sites/'

helpers/update.sh

@@ -90,8 +90,8 @@ updateSuccess=0
 # reference constants
 dockerNamespace='nginx'
 containerName='ab-nginx'
-containerUpdatePath="docker.asifbacchus.app/$dockerNamespace/$containerName:latest"
+containerUpdatePath="docker.asifbacchus.dev/$dockerNamespace/$containerName:latest"
-server="https://asifbacchus.app/updates/docker/$dockerNamespace/$containerName/"
+server="https://asifbacchus.dev/public/docker/$dockerNamespace/$containerName/"
 checksumFilename='checksums.sha256'
 
 # operation triggers
@@ -247,4 +247,4 @@ if [ "$doScriptUpdate" -eq 1 ]; then
   printf "\tUpdates: %s%s applied%s, %s%s failed%s\n" "$ok" "$updateSuccess" "$norm" "$err" "$updateFailed" "$norm"
 fi
 
-exit 0
+exit 0