add nginx scripts
This commit is contained in:
parent
e77e59eb3d
commit
410961d43e
89
ab-nginx-php.params.template
Normal file
89
ab-nginx-php.params.template
Normal file
@ -0,0 +1,89 @@
|
||||
#####
|
||||
# Parameters for use by ab-nginx-php convenience script
|
||||
#
|
||||
# NOTE: 'TRUE', 'FALSE', 'ON' and 'OFF' MUST be in all CAPITALS!
|
||||
#
|
||||
# If you are not using the 'ab-nginx-php.sh' script file to start the container,
|
||||
# then you don't have to do anything with this file.
|
||||
#####
|
||||
|
||||
|
||||
### Timezone
|
||||
# This doesn't impact any functionality of the container, but it does make your
|
||||
# logs easier to understand if they report the correct local time, right?
|
||||
# (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones)
|
||||
TZ=Area/Location
|
||||
|
||||
|
||||
### NGINX options
|
||||
# Hostnames to which this instance of NGINX should answer:
|
||||
# By default, this is set to '_' meaning 'match anything'. However, that won't
|
||||
# work if you're using SSL certificates! Multiple hostnames must be space
|
||||
# delimited.
|
||||
# This is NOT required if you are supplying your own server blocks via
|
||||
# 'SERVERS_DIR'
|
||||
SERVER_NAMES="domain.tld www.domain.tld server.domain.tld alt.domain.tld"
|
||||
|
||||
# Ports to expose on the HOST machine (container ALWAYS internally uses 80/443):
|
||||
# If you need to use ports other than HTTP=80 and HTTPS=443, remember to set up
|
||||
# your server blocks accordingly! See 'test_secured.conf.disabled' in the
|
||||
# container if you need help. If you're using the 'test blocks', they
|
||||
# automatically adjust for non-standard ports
|
||||
# If you want to use the defaults, either leave these lines as-is, comment them
|
||||
# out or just delete them.
|
||||
HTTP_PORT=80
|
||||
HTTPS_PORT=443
|
||||
|
||||
# Access logging (global preference):
|
||||
# Unless overridden in a server/location block, access logging will be handled
|
||||
# according to this setting. Default is OFF. Choices are 'ON' or 'OFF'. Logs
|
||||
# will be printed to the console so they are accessible via 'docker logs ...'
|
||||
ACCESS_LOG=OFF
|
||||
|
||||
### Content files
|
||||
# Whatever you specify here will replace the default files in the container
|
||||
# with your content/configurations.
|
||||
|
||||
# Specify a directory containing your NGINX configurations (if any)
|
||||
# Remember that these will be all be applied in the HTTP configuration
|
||||
# context.
|
||||
# Only files with a ".conf" extension will be loaded! If you want to disable a
|
||||
# file, simply change it's extension (i.e. '.conf.disabled').
|
||||
CONFIG_DIR=$(pwd)/config/
|
||||
|
||||
# Specify a directory containing your NGINX server-block configurations (if any)
|
||||
# If you are just serving static content from the 'webroot', you can use the
|
||||
# hard-coded 'test blocks' in the container and specify a webroot with your
|
||||
# files below.
|
||||
# More likely, you will have your own server blocks. Remember, files are
|
||||
# processed in order so consider starting file names with numbers
|
||||
# (i.e. 00-first_server.conf, 05-second_server.conf)
|
||||
# Only files with a ".conf" extension will be loaded! If you want to disable a
|
||||
# file, simply change it's extension (i.e. '.conf.disabled').
|
||||
SERVERS_DIR=/home/user/server_blocks/
|
||||
|
||||
# Specify a directory that contains files for your 'webroot'. This includes
|
||||
# things like HTML, CSS, etc.
|
||||
WEBROOT_DIR=/home/user/my_web_stuff/
|
||||
|
||||
|
||||
### SSL options:
|
||||
# Enable HSTS only AFTER you've tested SSL implementation! Container sets the
|
||||
# header to require SSL for 6 months! Subdomains are NOT included.
|
||||
HSTS=FALSE
|
||||
|
||||
# If 'FALSE' (default), NGINX will accept both TLS 1.2 and 1.3 connections.
|
||||
# If 'TRUE', only TLS 1.3 connections will be accepted.
|
||||
TLS13_ONLY=FALSE
|
||||
|
||||
### Certificate files to be bind-mounted
|
||||
# Remember, if you are mounting symlinks (like when using Let's Encrypt), you
|
||||
# MUST specify the full path of the symlink so the target is resolved!
|
||||
# DH (Diffie-Hellman Parameters file) is only required if using TLS 1.2
|
||||
SSL_CERT=/path/to/your/ssl-certificate/fullchain.pem
|
||||
SSL_KEY=/path/to/your/ssl-private-key/privkey.pem
|
||||
SSL_CHAIN=/path/to/your/ssl-certificate-chain/chain.pem
|
||||
DH=/path/to/your/diffie-hellman-parameters-file/dhparam.pem
|
||||
|
||||
|
||||
#EOF
|
249
ab-nginx-php.sh
Executable file
249
ab-nginx-php.sh
Executable file
@ -0,0 +1,249 @@
|
||||
#!/bin/sh
|
||||
|
||||
#
|
||||
### start ab-nginx-php container using params file variables
|
||||
#
|
||||
|
||||
# text formatting presets
|
||||
cyan=$(tput setaf 6)
|
||||
err=$(tput bold)$(tput setaf 1)
|
||||
magenta=$(tput setaf 5)
|
||||
norm=$(tput sgr0)
|
||||
yellow=$(tput setaf 3)
|
||||
|
||||
|
||||
### parameter defaults
|
||||
container_name="ab-nginx-php"
|
||||
shell=false
|
||||
HTTP_PORT=80
|
||||
HTTPS_PORT=443
|
||||
unset CONFIG_DIR
|
||||
unset SERVERS_DIR
|
||||
unset WEBROOT_DIR
|
||||
unset vmount
|
||||
|
||||
|
||||
scriptHelp () {
|
||||
printf "\n${magenta}%80s\n" | tr " " "-"
|
||||
printf "${norm}This is a simple helper script so you can avoid lengthy typing when working\n"
|
||||
printf "with the nginx container. The script reads the contents of 'ab-nginx-php.params'\n"
|
||||
printf "and constructs various 'docker run' commands based on that file. The biggest\n"
|
||||
printf "timesaver is working with certificates. If they are specified in params file,\n"
|
||||
printf "the script will automatically bind-mount them so nginx serves content via SSL\n"
|
||||
printf "by default.\n\n"
|
||||
printf "If you run the script with no parameters, it will execute the container\n"
|
||||
printf "'normally': Run in detached mode with nginx automatically launched and\n"
|
||||
printf "logging to stdout. If you specified certificates, nginx will serve over SSL\n"
|
||||
printf "by default.\n"
|
||||
printf "Note: This container removes itself upon exit.\n\n"
|
||||
printf "${magenta}The script has the following parameters:\n"
|
||||
printf "${cyan}(parameter in cyan) ${yellow}(default in yellow)${norm}\n\n"
|
||||
printf "${cyan}-n|--name${norm}\n"
|
||||
printf "Change the name of the container. This is cosmetic and does not affect\n"
|
||||
printf "operation in any way.\n"
|
||||
printf "${yellow}(ab-nginx-php)${norm}\n\n"
|
||||
printf "${cyan}-s|--shell${norm}\n"
|
||||
printf "Enter the container using an interactive POSIX shell. This happens after\n"
|
||||
printf "startup operations but *before* nginx is actually started. This is a great way\n"
|
||||
printf "to see configuration changes possibly stopping nginx from starting normally.\n"
|
||||
printf "${yellow}(off: run in detached mode)${norm}\n\n"
|
||||
printf "${yellow}More information can be found at:\n"
|
||||
printf "https://git.asifbacchus.app/ab-docker/ab-nginx-php/wiki\n"
|
||||
printf "${magenta}%80s\n\n" | tr " " "-"
|
||||
exit 0
|
||||
}
|
||||
|
||||
### pre-requisite checks
|
||||
|
||||
# is user root or in the docker group?
|
||||
if [ ! "$( id -u )" -eq 0 ]; then
|
||||
if ! id -Gn | grep docker > /dev/null; then
|
||||
printf "${err}\nYou must either be root or in the 'docker' group to run this script since you must be able to actually start the container! Exiting.\n${norm}"
|
||||
exit 2
|
||||
fi
|
||||
fi
|
||||
|
||||
# does the params file exist?
|
||||
if [ ! -f "./ab-nginx-php.params" ]; then
|
||||
printf "${err}\nCannot find 'ab-nginx-php.params' file in the same directory as this script. Exiting.\n${norm}"
|
||||
exit 3
|
||||
fi
|
||||
|
||||
# read .params file
|
||||
. ./ab-nginx-php.params
|
||||
|
||||
# check for certs if using SSL
|
||||
if [ "$SSL_CERT" ]; then
|
||||
if [ ! -f "$SSL_CERT" ]; then
|
||||
printf "${err}\nCannot find specified SSL certificate file. Exiting.${norm}\n"
|
||||
exit 5
|
||||
fi
|
||||
if [ ! -f "$SSL_KEY" ]; then
|
||||
printf "${err}\nCannot find specified SSL private key file. Exiting.${norm}\n"
|
||||
exit 5
|
||||
fi
|
||||
if [ ! -f "$SSL_CHAIN" ]; then
|
||||
printf "${err}\nCannot find specified SSL certificate chain file. Exiting.${norm}\n"
|
||||
exit 5
|
||||
fi
|
||||
fi
|
||||
|
||||
# check for DHparam if using TLS1.2
|
||||
if [ "$TLS13_ONLY" = FALSE ]; then
|
||||
if [ -z "$DH" ]; then
|
||||
printf "${err}\nA DHparam file must be specified when using TLS 1.2. Exiting.${norm}\n"
|
||||
exit 5
|
||||
elif [ ! -f "$DH" ]; then
|
||||
printf "${err}\nCannot find specified DHparam file. Exiting.${norm}\n"
|
||||
exit 5
|
||||
fi
|
||||
fi
|
||||
|
||||
# check if specified config directory exists
|
||||
if [ "$CONFIG_DIR" ] && [ ! -d "$CONFIG_DIR" ]; then
|
||||
printf "${err}\nCannot find specified configuration file directory. Exiting.${norm}\n"
|
||||
exit 4
|
||||
fi
|
||||
|
||||
# check if specified server-block directory exists
|
||||
if [ "$SERVERS_DIR" ] && [ ! -d "$SERVERS_DIR" ]; then
|
||||
printf "${err}\nCannot find specified server-block file directory. Exiting.${norm}\n"
|
||||
exit 4
|
||||
fi
|
||||
|
||||
# check if specified webroot directory exists
|
||||
if [ "$WEBROOT_DIR" ] && [ ! -d "$WEBROOT_DIR" ]; then
|
||||
printf "${err}\nCannot find specified webroot directory. Exiting.${norm}\n"
|
||||
exit 4
|
||||
fi
|
||||
|
||||
# set up volume mounts for config, servers, webroot
|
||||
if [ -z "$CONFIG_DIR" ] && [ -z "$WEBROOT_DIR" ] && [ -z "$SERVERS_DIR" ]; then
|
||||
vmount=""
|
||||
elif [ "$CONFIG_DIR" ] && [ "$WEBROOT_DIR" ] && [ "$SERVERS_DIR" ]; then
|
||||
vmount="-v $CONFIG_DIR:/etc/nginx/config/ -v $SERVERS_DIR:/etc/nginx/sites/ -v $WEBROOT_DIR:/usr/share/nginx/html/"
|
||||
elif [ "$CONFIG_DIR" ] && [ "$SERVERS_DIR" ]; then
|
||||
vmount="-v $CONFIG_DIR:/etc/nginx/config/ -v $SERVERS_DIR:/etc/nginx/sites/"
|
||||
elif [ "$CONFIG_DIR" ] && [ "$WEBROOT_DIR" ]; then
|
||||
vmount="-v $CONFIG_DIR:/etc/nginx/config/ -v $WEBROOT_DIR:/usr/share/nginx/html/"
|
||||
elif [ "$SERVERS_DIR" ] && [ "$WEBROOT_DIR" ]; then
|
||||
vmount="-v $SERVERS_DIR:/etc/nginx/sites/ -v $WEBROOT_DIR:/usr/share/nginx/html/"
|
||||
elif [ "$CONFIG_DIR" ]; then
|
||||
vmount="-v $CONFIG_DIR:/etc/nginx/config/"
|
||||
elif [ "$SERVERS_DIR" ]; then
|
||||
vmount="-v $SERVERS_DIR:/etc/nginx/sites/"
|
||||
elif [ "$WEBROOT_DIR" ]; then
|
||||
vmount="-v $WEBROOT_DIR:/usr/share/nginx/html/"
|
||||
fi
|
||||
|
||||
|
||||
# process startup parameters
|
||||
while [ $# -gt 0 ]; do
|
||||
case "$1" in
|
||||
-h|-\?|--help)
|
||||
# display help
|
||||
scriptHelp
|
||||
exit 0
|
||||
;;
|
||||
-s|--shell)
|
||||
# start shell instead of default CMD
|
||||
shell=true
|
||||
;;
|
||||
-n|--name)
|
||||
# container name
|
||||
if [ -z "$2" ]; then
|
||||
printf "${err}\nNo container name specified. Exiting.\n${norm}"
|
||||
exit 1
|
||||
fi
|
||||
container_name="$2"
|
||||
shift
|
||||
;;
|
||||
*)
|
||||
printf "${err}\nUnknown option: %s\n" "$1"
|
||||
printf "Use '--help' for valid options.\n\n${norm}"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
|
||||
|
||||
# run without TLS
|
||||
if [ -z "$SSL_CERT" ]; then
|
||||
if [ $shell = true ]; then
|
||||
# exec shell
|
||||
printf "${cyan}\nRunning SHELL on %s...${norm}\n" "$container_name"
|
||||
docker run --rm -it --name ${container_name} \
|
||||
--env-file ab-nginx-php.params \
|
||||
$vmount \
|
||||
-p ${HTTP_PORT}:80 \
|
||||
docker.asifbacchus.app/nginx/ab-nginx-php:latest /bin/sh
|
||||
else
|
||||
# exec normally
|
||||
printf "${cyan}\nRunning NGINX on %s...${norm}\n" "$container_name"
|
||||
docker run --rm -d --name ${container_name} \
|
||||
--env-file ab-nginx-php.params \
|
||||
$vmount \
|
||||
-p ${HTTP_PORT}:80 \
|
||||
--restart unless-stopped \
|
||||
docker.asifbacchus.app/nginx/ab-nginx-php:latest
|
||||
fi
|
||||
# run with TLS1.2
|
||||
elif [ "$SSL_CERT" ] && [ "$TLS13_ONLY" = FALSE ]; then
|
||||
if [ $shell = true ]; then
|
||||
# exec shell
|
||||
printf "${cyan}\nRunning SHELL on %s (TLS 1.2)...${norm}\n" "$container_name"
|
||||
docker run --rm -it --name ${container_name} \
|
||||
--env-file ab-nginx-php.params \
|
||||
$vmount \
|
||||
-v "$SSL_CERT":/certs/fullchain.pem:ro \
|
||||
-v "$SSL_KEY":/certs/privkey.pem:ro \
|
||||
-v "$SSL_CHAIN":/certs/chain.pem:ro \
|
||||
-v "$DH":/certs/dhparam.pem:ro \
|
||||
-p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \
|
||||
docker.asifbacchus.app/nginx/ab-nginx-php:latest /bin/sh
|
||||
else
|
||||
# exec normally
|
||||
printf "${cyan}\nRunning NGINX on %s (TLS 1.2)...${norm}\n" "$container_name"
|
||||
docker run --rm -d --name ${container_name} \
|
||||
--env-file ab-nginx-php.params \
|
||||
$vmount \
|
||||
-v "$SSL_CERT":/certs/fullchain.pem:ro \
|
||||
-v "$SSL_KEY":/certs/privkey.pem:ro \
|
||||
-v "$SSL_CHAIN":/certs/chain.pem:ro \
|
||||
-v "$DH":/certs/dhparam.pem:ro \
|
||||
-p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \
|
||||
--restart unless-stopped \
|
||||
docker.asifbacchus.app/nginx/ab-nginx-php:latest
|
||||
fi
|
||||
# run with TLS1.3
|
||||
elif [ "$SSL_CERT" ] && [ "$TLS13_ONLY" = TRUE ]; then
|
||||
if [ $shell = true ]; then
|
||||
# exec shell
|
||||
printf "${cyan}\nRunning SHELL on %s (TLS 1.3)...${norm}\n" "$container_name"
|
||||
docker run --rm -it --name ${container_name} \
|
||||
--env-file ab-nginx-php.params \
|
||||
$vmount \
|
||||
-v "$SSL_CERT":/certs/fullchain.pem:ro \
|
||||
-v "$SSL_KEY":/certs/privkey.pem:ro \
|
||||
-v "$SSL_CHAIN":/certs/chain.pem:ro \
|
||||
-p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \
|
||||
docker.asifbacchus.app/nginx/ab-nginx-php:latest /bin/sh
|
||||
else
|
||||
# exec normally
|
||||
printf "${cyan}\nRunning NGINX on %s (TLS 1.3)...${norm}\n" "$container_name"
|
||||
docker run --rm -d --name ${container_name} \
|
||||
--env-file ab-nginx-php.params \
|
||||
$vmount \
|
||||
-v "$SSL_CERT":/certs/fullchain.pem:ro \
|
||||
-v "$SSL_KEY":/certs/privkey.pem:ro \
|
||||
-v "$SSL_CHAIN":/certs/chain.pem:ro \
|
||||
-p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \
|
||||
--restart unless-stopped \
|
||||
docker.asifbacchus.app/nginx/ab-nginx-php:latest
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
### exit gracefully
|
||||
exit 0
|
89
ab-nginx.params.template
Normal file
89
ab-nginx.params.template
Normal file
@ -0,0 +1,89 @@
|
||||
#####
|
||||
# Parameters for use by ab-nginx convenience script
|
||||
#
|
||||
# NOTE: 'TRUE', 'FALSE', 'ON' and 'OFF' MUST be in all CAPITALS!
|
||||
#
|
||||
# If you are not using the 'ab-nginx.sh' script file to start the container,
|
||||
# then you don't have to do anything with this file.
|
||||
#####
|
||||
|
||||
|
||||
### Timezone
|
||||
# This doesn't impact any functionality of the container, but it does make your
|
||||
# logs easier to understand if they report the correct local time, right?
|
||||
# (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones)
|
||||
TZ=Area/Location
|
||||
|
||||
|
||||
### NGINX options
|
||||
# Hostnames to which this instance of NGINX should answer:
|
||||
# By default, this is set to '_' meaning 'match anything'. However, that won't
|
||||
# work if you're using SSL certificates! Multiple hostnames must be space
|
||||
# delimited.
|
||||
# This is NOT required if you are supplying your own server blocks via
|
||||
# 'SERVERS_DIR'
|
||||
SERVER_NAMES="domain.tld www.domain.tld server.domain.tld alt.domain.tld"
|
||||
|
||||
# Ports to expose on the HOST machine (container ALWAYS internally uses 80/443):
|
||||
# If you need to use ports other than HTTP=80 and HTTPS=443, remember to set up
|
||||
# your server blocks accordingly! See 'test_secured.conf.disabled' in the
|
||||
# container if you need help. If you're using the 'test blocks', they
|
||||
# automatically adjust for non-standard ports
|
||||
# If you want to use the defaults, either leave these lines as-is, comment them
|
||||
# out or just delete them.
|
||||
HTTP_PORT=80
|
||||
HTTPS_PORT=443
|
||||
|
||||
# Access logging (global preference):
|
||||
# Unless overridden in a server/location block, access logging will be handled
|
||||
# according to this setting. Default is OFF. Choices are 'ON' or 'OFF'. Logs
|
||||
# will be printed to the console so they are accessible via 'docker logs ...'
|
||||
ACCESS_LOG=OFF
|
||||
|
||||
### Content files
|
||||
# Whatever you specify here will replace the default files in the container
|
||||
# with your content/configurations.
|
||||
|
||||
# Specify a directory containing your NGINX configurations (if any)
|
||||
# Remember that these will be all be applied in the HTTP configuration
|
||||
# context.
|
||||
# Only files with a ".conf" extension will be loaded! If you want to disable a
|
||||
# file, simply change it's extension (i.e. '.conf.disabled').
|
||||
CONFIG_DIR=$(pwd)/config/
|
||||
|
||||
# Specify a directory containing your NGINX server-block configurations (if any)
|
||||
# If you are just serving static content from the 'webroot', you can use the
|
||||
# hard-coded 'test blocks' in the container and specify a webroot with your
|
||||
# files below.
|
||||
# More likely, you will have your own server blocks. Remember, files are
|
||||
# processed in order so consider starting file names with numbers
|
||||
# (i.e. 00-first_server.conf, 05-second_server.conf)
|
||||
# Only files with a ".conf" extension will be loaded! If you want to disable a
|
||||
# file, simply change it's extension (i.e. '.conf.disabled').
|
||||
SERVERS_DIR=/home/user/server_blocks/
|
||||
|
||||
# Specify a directory that contains files for your 'webroot'. This includes
|
||||
# things like HTML, CSS, etc.
|
||||
WEBROOT_DIR=/home/user/my_web_stuff/
|
||||
|
||||
|
||||
### SSL options:
|
||||
# Enable HSTS only AFTER you've tested SSL implementation! Container sets the
|
||||
# header to require SSL for 6 months! Subdomains are NOT included.
|
||||
HSTS=FALSE
|
||||
|
||||
# If 'FALSE' (default), NGINX will accept both TLS 1.2 and 1.3 connections.
|
||||
# If 'TRUE', only TLS 1.3 connections will be accepted.
|
||||
TLS13_ONLY=FALSE
|
||||
|
||||
### Certificate files to be bind-mounted
|
||||
# Remember, if you are mounting symlinks (like when using Let's Encrypt), you
|
||||
# MUST specify the full path of the symlink so the target is resolved!
|
||||
# DH (Diffie-Hellman Parameters file) is only required if using TLS 1.2
|
||||
SSL_CERT=/path/to/your/ssl-certificate/fullchain.pem
|
||||
SSL_KEY=/path/to/your/ssl-private-key/privkey.pem
|
||||
SSL_CHAIN=/path/to/your/ssl-certificate-chain/chain.pem
|
||||
DH=/path/to/your/diffie-hellman-parameters-file/dhparam.pem
|
||||
|
||||
|
||||
#EOF
|
249
ab-nginx.sh
Executable file
249
ab-nginx.sh
Executable file
@ -0,0 +1,249 @@
|
||||
#!/bin/sh
|
||||
|
||||
#
|
||||
### start ab-nginx container using params file variables
|
||||
#
|
||||
|
||||
# text formatting presets
|
||||
cyan=$(tput setaf 6)
|
||||
err=$(tput bold)$(tput setaf 1)
|
||||
magenta=$(tput setaf 5)
|
||||
norm=$(tput sgr0)
|
||||
yellow=$(tput setaf 3)
|
||||
|
||||
|
||||
### parameter defaults
|
||||
container_name="ab-nginx"
|
||||
shell=false
|
||||
HTTP_PORT=80
|
||||
HTTPS_PORT=443
|
||||
unset CONFIG_DIR
|
||||
unset SERVERS_DIR
|
||||
unset WEBROOT_DIR
|
||||
unset vmount
|
||||
|
||||
|
||||
scriptHelp () {
|
||||
printf "\n${magenta}%80s\n" | tr " " "-"
|
||||
printf "${norm}This is a simple helper script so you can avoid lengthy typing when working\n"
|
||||
printf "with the nginx container. The script reads the contents of 'ab-nginx.params'\n"
|
||||
printf "and constructs various 'docker run' commands based on that file. The biggest\n"
|
||||
printf "timesaver is working with certificates. If they are specified in params file,\n"
|
||||
printf "the script will automatically bind-mount them so nginx serves content via SSL\n"
|
||||
printf "by default.\n\n"
|
||||
printf "If you run the script with no parameters, it will execute the container\n"
|
||||
printf "'normally': Run in detached mode with nginx automatically launched and\n"
|
||||
printf "logging to stdout. If you specified certificates, nginx will serve over SSL\n"
|
||||
printf "by default.\n"
|
||||
printf "Note: This container removes itself upon exit.\n\n"
|
||||
printf "${magenta}The script has the following parameters:\n"
|
||||
printf "${cyan}(parameter in cyan) ${yellow}(default in yellow)${norm}\n\n"
|
||||
printf "${cyan}-n|--name${norm}\n"
|
||||
printf "Change the name of the container. This is cosmetic and does not affect\n"
|
||||
printf "operation in any way.\n"
|
||||
printf "${yellow}(ab-nginx)${norm}\n\n"
|
||||
printf "${cyan}-s|--shell${norm}\n"
|
||||
printf "Enter the container using an interactive POSIX shell. This happens after\n"
|
||||
printf "startup operations but *before* nginx is actually started. This is a great way\n"
|
||||
printf "to see configuration changes possibly stopping nginx from starting normally.\n"
|
||||
printf "${yellow}(off: run in detached mode)${norm}\n\n"
|
||||
printf "${yellow}More information can be found at:\n"
|
||||
printf "https://git.asifbacchus.app/ab-docker/ab-nginx/wiki\n"
|
||||
printf "${magenta}%80s\n\n" | tr " " "-"
|
||||
exit 0
|
||||
}
|
||||
|
||||
### pre-requisite checks
|
||||
|
||||
# is user root or in the docker group?
|
||||
if [ ! "$( id -u )" -eq 0 ]; then
|
||||
if ! id -Gn | grep docker > /dev/null; then
|
||||
printf "${err}\nYou must either be root or in the 'docker' group to run this script since you must be able to actually start the container! Exiting.\n${norm}"
|
||||
exit 2
|
||||
fi
|
||||
fi
|
||||
|
||||
# does the params file exist?
|
||||
if [ ! -f "./ab-nginx.params" ]; then
|
||||
printf "${err}\nCannot find 'ab-nginx.params' file in the same directory as this script. Exiting.\n${norm}"
|
||||
exit 3
|
||||
fi
|
||||
|
||||
# read .params file
|
||||
. ./ab-nginx.params
|
||||
|
||||
# check for certs if using SSL
|
||||
if [ "$SSL_CERT" ]; then
|
||||
if [ ! -f "$SSL_CERT" ]; then
|
||||
printf "${err}\nCannot find specified SSL certificate file. Exiting.${norm}\n"
|
||||
exit 5
|
||||
fi
|
||||
if [ ! -f "$SSL_KEY" ]; then
|
||||
printf "${err}\nCannot find specified SSL private key file. Exiting.${norm}\n"
|
||||
exit 5
|
||||
fi
|
||||
if [ ! -f "$SSL_CHAIN" ]; then
|
||||
printf "${err}\nCannot find specified SSL certificate chain file. Exiting.${norm}\n"
|
||||
exit 5
|
||||
fi
|
||||
fi
|
||||
|
||||
# check for DHparam if using TLS1.2
|
||||
if [ "$TLS13_ONLY" = FALSE ]; then
|
||||
if [ -z "$DH" ]; then
|
||||
printf "${err}\nA DHparam file must be specified when using TLS 1.2. Exiting.${norm}\n"
|
||||
exit 5
|
||||
elif [ ! -f "$DH" ]; then
|
||||
printf "${err}\nCannot find specified DHparam file. Exiting.${norm}\n"
|
||||
exit 5
|
||||
fi
|
||||
fi
|
||||
|
||||
# check if specified config directory exists
|
||||
if [ "$CONFIG_DIR" ] && [ ! -d "$CONFIG_DIR" ]; then
|
||||
printf "${err}\nCannot find specified configuration file directory. Exiting.${norm}\n"
|
||||
exit 4
|
||||
fi
|
||||
|
||||
# check if specified server-block directory exists
|
||||
if [ "$SERVERS_DIR" ] && [ ! -d "$SERVERS_DIR" ]; then
|
||||
printf "${err}\nCannot find specified server-block file directory. Exiting.${norm}\n"
|
||||
exit 4
|
||||
fi
|
||||
|
||||
# check if specified webroot directory exists
|
||||
if [ "$WEBROOT_DIR" ] && [ ! -d "$WEBROOT_DIR" ]; then
|
||||
printf "${err}\nCannot find specified webroot directory. Exiting.${norm}\n"
|
||||
exit 4
|
||||
fi
|
||||
|
||||
# set up volume mounts for config, servers, webroot
|
||||
if [ -z "$CONFIG_DIR" ] && [ -z "$WEBROOT_DIR" ] && [ -z "$SERVERS_DIR" ]; then
|
||||
vmount=""
|
||||
elif [ "$CONFIG_DIR" ] && [ "$WEBROOT_DIR" ] && [ "$SERVERS_DIR" ]; then
|
||||
vmount="-v $CONFIG_DIR:/etc/nginx/config/ -v $SERVERS_DIR:/etc/nginx/sites/ -v $WEBROOT_DIR:/usr/share/nginx/html/"
|
||||
elif [ "$CONFIG_DIR" ] && [ "$SERVERS_DIR" ]; then
|
||||
vmount="-v $CONFIG_DIR:/etc/nginx/config/ -v $SERVERS_DIR:/etc/nginx/sites/"
|
||||
elif [ "$CONFIG_DIR" ] && [ "$WEBROOT_DIR" ]; then
|
||||
vmount="-v $CONFIG_DIR:/etc/nginx/config/ -v $WEBROOT_DIR:/usr/share/nginx/html/"
|
||||
elif [ "$SERVERS_DIR" ] && [ "$WEBROOT_DIR" ]; then
|
||||
vmount="-v $SERVERS_DIR:/etc/nginx/sites/ -v $WEBROOT_DIR:/usr/share/nginx/html/"
|
||||
elif [ "$CONFIG_DIR" ]; then
|
||||
vmount="-v $CONFIG_DIR:/etc/nginx/config/"
|
||||
elif [ "$SERVERS_DIR" ]; then
|
||||
vmount="-v $SERVERS_DIR:/etc/nginx/sites/"
|
||||
elif [ "$WEBROOT_DIR" ]; then
|
||||
vmount="-v $WEBROOT_DIR:/usr/share/nginx/html/"
|
||||
fi
|
||||
|
||||
|
||||
# process startup parameters
|
||||
while [ $# -gt 0 ]; do
|
||||
case "$1" in
|
||||
-h|-\?|--help)
|
||||
# display help
|
||||
scriptHelp
|
||||
exit 0
|
||||
;;
|
||||
-s|--shell)
|
||||
# start shell instead of default CMD
|
||||
shell=true
|
||||
;;
|
||||
-n|--name)
|
||||
# container name
|
||||
if [ -z "$2" ]; then
|
||||
printf "${err}\nNo container name specified. Exiting.\n${norm}"
|
||||
exit 1
|
||||
fi
|
||||
container_name="$2"
|
||||
shift
|
||||
;;
|
||||
*)
|
||||
printf "${err}\nUnknown option: %s\n" "$1"
|
||||
printf "Use '--help' for valid options.\n\n${norm}"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
|
||||
|
||||
# run without TLS
|
||||
if [ -z "$SSL_CERT" ]; then
|
||||
if [ $shell = true ]; then
|
||||
# exec shell
|
||||
printf "${cyan}\nRunning SHELL on %s...${norm}\n" "$container_name"
|
||||
docker run --rm -it --name ${container_name} \
|
||||
--env-file ab-nginx.params \
|
||||
$vmount \
|
||||
-p ${HTTP_PORT}:80 \
|
||||
docker.asifbacchus.app/nginx/ab-nginx:latest /bin/sh
|
||||
else
|
||||
# exec normally
|
||||
printf "${cyan}\nRunning NGINX on %s...${norm}\n" "$container_name"
|
||||
docker run --rm -d --name ${container_name} \
|
||||
--env-file ab-nginx.params \
|
||||
$vmount \
|
||||
-p ${HTTP_PORT}:80 \
|
||||
--restart unless-stopped \
|
||||
docker.asifbacchus.app/nginx/ab-nginx:latest
|
||||
fi
|
||||
# run with TLS1.2
|
||||
elif [ "$SSL_CERT" ] && [ "$TLS13_ONLY" = FALSE ]; then
|
||||
if [ $shell = true ]; then
|
||||
# exec shell
|
||||
printf "${cyan}\nRunning SHELL on %s (TLS 1.2)...${norm}\n" "$container_name"
|
||||
docker run --rm -it --name ${container_name} \
|
||||
--env-file ab-nginx.params \
|
||||
$vmount \
|
||||
-v "$SSL_CERT":/certs/fullchain.pem:ro \
|
||||
-v "$SSL_KEY":/certs/privkey.pem:ro \
|
||||
-v "$SSL_CHAIN":/certs/chain.pem:ro \
|
||||
-v "$DH":/certs/dhparam.pem:ro \
|
||||
-p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \
|
||||
docker.asifbacchus.app/nginx/ab-nginx:latest /bin/sh
|
||||
else
|
||||
# exec normally
|
||||
printf "${cyan}\nRunning NGINX on %s (TLS 1.2)...${norm}\n" "$container_name"
|
||||
docker run --rm -d --name ${container_name} \
|
||||
--env-file ab-nginx.params \
|
||||
$vmount \
|
||||
-v "$SSL_CERT":/certs/fullchain.pem:ro \
|
||||
-v "$SSL_KEY":/certs/privkey.pem:ro \
|
||||
-v "$SSL_CHAIN":/certs/chain.pem:ro \
|
||||
-v "$DH":/certs/dhparam.pem:ro \
|
||||
-p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \
|
||||
--restart unless-stopped \
|
||||
docker.asifbacchus.app/nginx/ab-nginx:latest
|
||||
fi
|
||||
# run with TLS1.3
|
||||
elif [ "$SSL_CERT" ] && [ "$TLS13_ONLY" = TRUE ]; then
|
||||
if [ $shell = true ]; then
|
||||
# exec shell
|
||||
printf "${cyan}\nRunning SHELL on %s (TLS 1.3)...${norm}\n" "$container_name"
|
||||
docker run --rm -it --name ${container_name} \
|
||||
--env-file ab-nginx.params \
|
||||
$vmount \
|
||||
-v "$SSL_CERT":/certs/fullchain.pem:ro \
|
||||
-v "$SSL_KEY":/certs/privkey.pem:ro \
|
||||
-v "$SSL_CHAIN":/certs/chain.pem:ro \
|
||||
-p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \
|
||||
docker.asifbacchus.app/nginx/ab-nginx:latest /bin/sh
|
||||
else
|
||||
# exec normally
|
||||
printf "${cyan}\nRunning NGINX on %s (TLS 1.3)...${norm}\n" "$container_name"
|
||||
docker run --rm -d --name ${container_name} \
|
||||
--env-file ab-nginx.params \
|
||||
$vmount \
|
||||
-v "$SSL_CERT":/certs/fullchain.pem:ro \
|
||||
-v "$SSL_KEY":/certs/privkey.pem:ro \
|
||||
-v "$SSL_CHAIN":/certs/chain.pem:ro \
|
||||
-p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \
|
||||
--restart unless-stopped \
|
||||
docker.asifbacchus.app/nginx/ab-nginx:latest
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
### exit gracefully
|
||||
exit 0
|
Loading…
Reference in New Issue
Block a user