add nginx scripts

This commit is contained in:
Asif Bacchus 2019-10-19 17:44:52 -06:00
parent e77e59eb3d
commit 410961d43e
4 changed files with 676 additions and 0 deletions

View File

@ -0,0 +1,89 @@
#####
# Parameters for use by ab-nginx-php convenience script
#
# NOTE: 'TRUE', 'FALSE', 'ON' and 'OFF' MUST be in all CAPITALS!
#
# If you are not using the 'ab-nginx-php.sh' script file to start the container,
# then you don't have to do anything with this file.
#####
### Timezone
# This doesn't impact any functionality of the container, but it does make your
# logs easier to understand if they report the correct local time, right?
# (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones)
TZ=Area/Location
### NGINX options
# Hostnames to which this instance of NGINX should answer:
# By default, this is set to '_' meaning 'match anything'. However, that won't
# work if you're using SSL certificates! Multiple hostnames must be space
# delimited.
# This is NOT required if you are supplying your own server blocks via
# 'SERVERS_DIR'
SERVER_NAMES="domain.tld www.domain.tld server.domain.tld alt.domain.tld"
# Ports to expose on the HOST machine (container ALWAYS internally uses 80/443):
# If you need to use ports other than HTTP=80 and HTTPS=443, remember to set up
# your server blocks accordingly! See 'test_secured.conf.disabled' in the
# container if you need help. If you're using the 'test blocks', they
# automatically adjust for non-standard ports
# If you want to use the defaults, either leave these lines as-is, comment them
# out or just delete them.
HTTP_PORT=80
HTTPS_PORT=443
# Access logging (global preference):
# Unless overridden in a server/location block, access logging will be handled
# according to this setting. Default is OFF. Choices are 'ON' or 'OFF'. Logs
# will be printed to the console so they are accessible via 'docker logs ...'
ACCESS_LOG=OFF
### Content files
# Whatever you specify here will replace the default files in the container
# with your content/configurations.
# Specify a directory containing your NGINX configurations (if any)
# Remember that these will be all be applied in the HTTP configuration
# context.
# Only files with a ".conf" extension will be loaded! If you want to disable a
# file, simply change it's extension (i.e. '.conf.disabled').
CONFIG_DIR=$(pwd)/config/
# Specify a directory containing your NGINX server-block configurations (if any)
# If you are just serving static content from the 'webroot', you can use the
# hard-coded 'test blocks' in the container and specify a webroot with your
# files below.
# More likely, you will have your own server blocks. Remember, files are
# processed in order so consider starting file names with numbers
# (i.e. 00-first_server.conf, 05-second_server.conf)
# Only files with a ".conf" extension will be loaded! If you want to disable a
# file, simply change it's extension (i.e. '.conf.disabled').
SERVERS_DIR=/home/user/server_blocks/
# Specify a directory that contains files for your 'webroot'. This includes
# things like HTML, CSS, etc.
WEBROOT_DIR=/home/user/my_web_stuff/
### SSL options:
# Enable HSTS only AFTER you've tested SSL implementation! Container sets the
# header to require SSL for 6 months! Subdomains are NOT included.
HSTS=FALSE
# If 'FALSE' (default), NGINX will accept both TLS 1.2 and 1.3 connections.
# If 'TRUE', only TLS 1.3 connections will be accepted.
TLS13_ONLY=FALSE
### Certificate files to be bind-mounted
# Remember, if you are mounting symlinks (like when using Let's Encrypt), you
# MUST specify the full path of the symlink so the target is resolved!
# DH (Diffie-Hellman Parameters file) is only required if using TLS 1.2
SSL_CERT=/path/to/your/ssl-certificate/fullchain.pem
SSL_KEY=/path/to/your/ssl-private-key/privkey.pem
SSL_CHAIN=/path/to/your/ssl-certificate-chain/chain.pem
DH=/path/to/your/diffie-hellman-parameters-file/dhparam.pem
#EOF

249
ab-nginx-php.sh Executable file
View File

@ -0,0 +1,249 @@
#!/bin/sh
#
### start ab-nginx-php container using params file variables
#
# text formatting presets
cyan=$(tput setaf 6)
err=$(tput bold)$(tput setaf 1)
magenta=$(tput setaf 5)
norm=$(tput sgr0)
yellow=$(tput setaf 3)
### parameter defaults
container_name="ab-nginx-php"
shell=false
HTTP_PORT=80
HTTPS_PORT=443
unset CONFIG_DIR
unset SERVERS_DIR
unset WEBROOT_DIR
unset vmount
scriptHelp () {
printf "\n${magenta}%80s\n" | tr " " "-"
printf "${norm}This is a simple helper script so you can avoid lengthy typing when working\n"
printf "with the nginx container. The script reads the contents of 'ab-nginx-php.params'\n"
printf "and constructs various 'docker run' commands based on that file. The biggest\n"
printf "timesaver is working with certificates. If they are specified in params file,\n"
printf "the script will automatically bind-mount them so nginx serves content via SSL\n"
printf "by default.\n\n"
printf "If you run the script with no parameters, it will execute the container\n"
printf "'normally': Run in detached mode with nginx automatically launched and\n"
printf "logging to stdout. If you specified certificates, nginx will serve over SSL\n"
printf "by default.\n"
printf "Note: This container removes itself upon exit.\n\n"
printf "${magenta}The script has the following parameters:\n"
printf "${cyan}(parameter in cyan) ${yellow}(default in yellow)${norm}\n\n"
printf "${cyan}-n|--name${norm}\n"
printf "Change the name of the container. This is cosmetic and does not affect\n"
printf "operation in any way.\n"
printf "${yellow}(ab-nginx-php)${norm}\n\n"
printf "${cyan}-s|--shell${norm}\n"
printf "Enter the container using an interactive POSIX shell. This happens after\n"
printf "startup operations but *before* nginx is actually started. This is a great way\n"
printf "to see configuration changes possibly stopping nginx from starting normally.\n"
printf "${yellow}(off: run in detached mode)${norm}\n\n"
printf "${yellow}More information can be found at:\n"
printf "https://git.asifbacchus.app/ab-docker/ab-nginx-php/wiki\n"
printf "${magenta}%80s\n\n" | tr " " "-"
exit 0
}
### pre-requisite checks
# is user root or in the docker group?
if [ ! "$( id -u )" -eq 0 ]; then
if ! id -Gn | grep docker > /dev/null; then
printf "${err}\nYou must either be root or in the 'docker' group to run this script since you must be able to actually start the container! Exiting.\n${norm}"
exit 2
fi
fi
# does the params file exist?
if [ ! -f "./ab-nginx-php.params" ]; then
printf "${err}\nCannot find 'ab-nginx-php.params' file in the same directory as this script. Exiting.\n${norm}"
exit 3
fi
# read .params file
. ./ab-nginx-php.params
# check for certs if using SSL
if [ "$SSL_CERT" ]; then
if [ ! -f "$SSL_CERT" ]; then
printf "${err}\nCannot find specified SSL certificate file. Exiting.${norm}\n"
exit 5
fi
if [ ! -f "$SSL_KEY" ]; then
printf "${err}\nCannot find specified SSL private key file. Exiting.${norm}\n"
exit 5
fi
if [ ! -f "$SSL_CHAIN" ]; then
printf "${err}\nCannot find specified SSL certificate chain file. Exiting.${norm}\n"
exit 5
fi
fi
# check for DHparam if using TLS1.2
if [ "$TLS13_ONLY" = FALSE ]; then
if [ -z "$DH" ]; then
printf "${err}\nA DHparam file must be specified when using TLS 1.2. Exiting.${norm}\n"
exit 5
elif [ ! -f "$DH" ]; then
printf "${err}\nCannot find specified DHparam file. Exiting.${norm}\n"
exit 5
fi
fi
# check if specified config directory exists
if [ "$CONFIG_DIR" ] && [ ! -d "$CONFIG_DIR" ]; then
printf "${err}\nCannot find specified configuration file directory. Exiting.${norm}\n"
exit 4
fi
# check if specified server-block directory exists
if [ "$SERVERS_DIR" ] && [ ! -d "$SERVERS_DIR" ]; then
printf "${err}\nCannot find specified server-block file directory. Exiting.${norm}\n"
exit 4
fi
# check if specified webroot directory exists
if [ "$WEBROOT_DIR" ] && [ ! -d "$WEBROOT_DIR" ]; then
printf "${err}\nCannot find specified webroot directory. Exiting.${norm}\n"
exit 4
fi
# set up volume mounts for config, servers, webroot
if [ -z "$CONFIG_DIR" ] && [ -z "$WEBROOT_DIR" ] && [ -z "$SERVERS_DIR" ]; then
vmount=""
elif [ "$CONFIG_DIR" ] && [ "$WEBROOT_DIR" ] && [ "$SERVERS_DIR" ]; then
vmount="-v $CONFIG_DIR:/etc/nginx/config/ -v $SERVERS_DIR:/etc/nginx/sites/ -v $WEBROOT_DIR:/usr/share/nginx/html/"
elif [ "$CONFIG_DIR" ] && [ "$SERVERS_DIR" ]; then
vmount="-v $CONFIG_DIR:/etc/nginx/config/ -v $SERVERS_DIR:/etc/nginx/sites/"
elif [ "$CONFIG_DIR" ] && [ "$WEBROOT_DIR" ]; then
vmount="-v $CONFIG_DIR:/etc/nginx/config/ -v $WEBROOT_DIR:/usr/share/nginx/html/"
elif [ "$SERVERS_DIR" ] && [ "$WEBROOT_DIR" ]; then
vmount="-v $SERVERS_DIR:/etc/nginx/sites/ -v $WEBROOT_DIR:/usr/share/nginx/html/"
elif [ "$CONFIG_DIR" ]; then
vmount="-v $CONFIG_DIR:/etc/nginx/config/"
elif [ "$SERVERS_DIR" ]; then
vmount="-v $SERVERS_DIR:/etc/nginx/sites/"
elif [ "$WEBROOT_DIR" ]; then
vmount="-v $WEBROOT_DIR:/usr/share/nginx/html/"
fi
# process startup parameters
while [ $# -gt 0 ]; do
case "$1" in
-h|-\?|--help)
# display help
scriptHelp
exit 0
;;
-s|--shell)
# start shell instead of default CMD
shell=true
;;
-n|--name)
# container name
if [ -z "$2" ]; then
printf "${err}\nNo container name specified. Exiting.\n${norm}"
exit 1
fi
container_name="$2"
shift
;;
*)
printf "${err}\nUnknown option: %s\n" "$1"
printf "Use '--help' for valid options.\n\n${norm}"
exit 1
;;
esac
shift
done
# run without TLS
if [ -z "$SSL_CERT" ]; then
if [ $shell = true ]; then
# exec shell
printf "${cyan}\nRunning SHELL on %s...${norm}\n" "$container_name"
docker run --rm -it --name ${container_name} \
--env-file ab-nginx-php.params \
$vmount \
-p ${HTTP_PORT}:80 \
docker.asifbacchus.app/nginx/ab-nginx-php:latest /bin/sh
else
# exec normally
printf "${cyan}\nRunning NGINX on %s...${norm}\n" "$container_name"
docker run --rm -d --name ${container_name} \
--env-file ab-nginx-php.params \
$vmount \
-p ${HTTP_PORT}:80 \
--restart unless-stopped \
docker.asifbacchus.app/nginx/ab-nginx-php:latest
fi
# run with TLS1.2
elif [ "$SSL_CERT" ] && [ "$TLS13_ONLY" = FALSE ]; then
if [ $shell = true ]; then
# exec shell
printf "${cyan}\nRunning SHELL on %s (TLS 1.2)...${norm}\n" "$container_name"
docker run --rm -it --name ${container_name} \
--env-file ab-nginx-php.params \
$vmount \
-v "$SSL_CERT":/certs/fullchain.pem:ro \
-v "$SSL_KEY":/certs/privkey.pem:ro \
-v "$SSL_CHAIN":/certs/chain.pem:ro \
-v "$DH":/certs/dhparam.pem:ro \
-p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \
docker.asifbacchus.app/nginx/ab-nginx-php:latest /bin/sh
else
# exec normally
printf "${cyan}\nRunning NGINX on %s (TLS 1.2)...${norm}\n" "$container_name"
docker run --rm -d --name ${container_name} \
--env-file ab-nginx-php.params \
$vmount \
-v "$SSL_CERT":/certs/fullchain.pem:ro \
-v "$SSL_KEY":/certs/privkey.pem:ro \
-v "$SSL_CHAIN":/certs/chain.pem:ro \
-v "$DH":/certs/dhparam.pem:ro \
-p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \
--restart unless-stopped \
docker.asifbacchus.app/nginx/ab-nginx-php:latest
fi
# run with TLS1.3
elif [ "$SSL_CERT" ] && [ "$TLS13_ONLY" = TRUE ]; then
if [ $shell = true ]; then
# exec shell
printf "${cyan}\nRunning SHELL on %s (TLS 1.3)...${norm}\n" "$container_name"
docker run --rm -it --name ${container_name} \
--env-file ab-nginx-php.params \
$vmount \
-v "$SSL_CERT":/certs/fullchain.pem:ro \
-v "$SSL_KEY":/certs/privkey.pem:ro \
-v "$SSL_CHAIN":/certs/chain.pem:ro \
-p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \
docker.asifbacchus.app/nginx/ab-nginx-php:latest /bin/sh
else
# exec normally
printf "${cyan}\nRunning NGINX on %s (TLS 1.3)...${norm}\n" "$container_name"
docker run --rm -d --name ${container_name} \
--env-file ab-nginx-php.params \
$vmount \
-v "$SSL_CERT":/certs/fullchain.pem:ro \
-v "$SSL_KEY":/certs/privkey.pem:ro \
-v "$SSL_CHAIN":/certs/chain.pem:ro \
-p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \
--restart unless-stopped \
docker.asifbacchus.app/nginx/ab-nginx-php:latest
fi
fi
### exit gracefully
exit 0

89
ab-nginx.params.template Normal file
View File

@ -0,0 +1,89 @@
#####
# Parameters for use by ab-nginx convenience script
#
# NOTE: 'TRUE', 'FALSE', 'ON' and 'OFF' MUST be in all CAPITALS!
#
# If you are not using the 'ab-nginx.sh' script file to start the container,
# then you don't have to do anything with this file.
#####
### Timezone
# This doesn't impact any functionality of the container, but it does make your
# logs easier to understand if they report the correct local time, right?
# (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones)
TZ=Area/Location
### NGINX options
# Hostnames to which this instance of NGINX should answer:
# By default, this is set to '_' meaning 'match anything'. However, that won't
# work if you're using SSL certificates! Multiple hostnames must be space
# delimited.
# This is NOT required if you are supplying your own server blocks via
# 'SERVERS_DIR'
SERVER_NAMES="domain.tld www.domain.tld server.domain.tld alt.domain.tld"
# Ports to expose on the HOST machine (container ALWAYS internally uses 80/443):
# If you need to use ports other than HTTP=80 and HTTPS=443, remember to set up
# your server blocks accordingly! See 'test_secured.conf.disabled' in the
# container if you need help. If you're using the 'test blocks', they
# automatically adjust for non-standard ports
# If you want to use the defaults, either leave these lines as-is, comment them
# out or just delete them.
HTTP_PORT=80
HTTPS_PORT=443
# Access logging (global preference):
# Unless overridden in a server/location block, access logging will be handled
# according to this setting. Default is OFF. Choices are 'ON' or 'OFF'. Logs
# will be printed to the console so they are accessible via 'docker logs ...'
ACCESS_LOG=OFF
### Content files
# Whatever you specify here will replace the default files in the container
# with your content/configurations.
# Specify a directory containing your NGINX configurations (if any)
# Remember that these will be all be applied in the HTTP configuration
# context.
# Only files with a ".conf" extension will be loaded! If you want to disable a
# file, simply change it's extension (i.e. '.conf.disabled').
CONFIG_DIR=$(pwd)/config/
# Specify a directory containing your NGINX server-block configurations (if any)
# If you are just serving static content from the 'webroot', you can use the
# hard-coded 'test blocks' in the container and specify a webroot with your
# files below.
# More likely, you will have your own server blocks. Remember, files are
# processed in order so consider starting file names with numbers
# (i.e. 00-first_server.conf, 05-second_server.conf)
# Only files with a ".conf" extension will be loaded! If you want to disable a
# file, simply change it's extension (i.e. '.conf.disabled').
SERVERS_DIR=/home/user/server_blocks/
# Specify a directory that contains files for your 'webroot'. This includes
# things like HTML, CSS, etc.
WEBROOT_DIR=/home/user/my_web_stuff/
### SSL options:
# Enable HSTS only AFTER you've tested SSL implementation! Container sets the
# header to require SSL for 6 months! Subdomains are NOT included.
HSTS=FALSE
# If 'FALSE' (default), NGINX will accept both TLS 1.2 and 1.3 connections.
# If 'TRUE', only TLS 1.3 connections will be accepted.
TLS13_ONLY=FALSE
### Certificate files to be bind-mounted
# Remember, if you are mounting symlinks (like when using Let's Encrypt), you
# MUST specify the full path of the symlink so the target is resolved!
# DH (Diffie-Hellman Parameters file) is only required if using TLS 1.2
SSL_CERT=/path/to/your/ssl-certificate/fullchain.pem
SSL_KEY=/path/to/your/ssl-private-key/privkey.pem
SSL_CHAIN=/path/to/your/ssl-certificate-chain/chain.pem
DH=/path/to/your/diffie-hellman-parameters-file/dhparam.pem
#EOF

249
ab-nginx.sh Executable file
View File

@ -0,0 +1,249 @@
#!/bin/sh
#
### start ab-nginx container using params file variables
#
# text formatting presets
cyan=$(tput setaf 6)
err=$(tput bold)$(tput setaf 1)
magenta=$(tput setaf 5)
norm=$(tput sgr0)
yellow=$(tput setaf 3)
### parameter defaults
container_name="ab-nginx"
shell=false
HTTP_PORT=80
HTTPS_PORT=443
unset CONFIG_DIR
unset SERVERS_DIR
unset WEBROOT_DIR
unset vmount
scriptHelp () {
printf "\n${magenta}%80s\n" | tr " " "-"
printf "${norm}This is a simple helper script so you can avoid lengthy typing when working\n"
printf "with the nginx container. The script reads the contents of 'ab-nginx.params'\n"
printf "and constructs various 'docker run' commands based on that file. The biggest\n"
printf "timesaver is working with certificates. If they are specified in params file,\n"
printf "the script will automatically bind-mount them so nginx serves content via SSL\n"
printf "by default.\n\n"
printf "If you run the script with no parameters, it will execute the container\n"
printf "'normally': Run in detached mode with nginx automatically launched and\n"
printf "logging to stdout. If you specified certificates, nginx will serve over SSL\n"
printf "by default.\n"
printf "Note: This container removes itself upon exit.\n\n"
printf "${magenta}The script has the following parameters:\n"
printf "${cyan}(parameter in cyan) ${yellow}(default in yellow)${norm}\n\n"
printf "${cyan}-n|--name${norm}\n"
printf "Change the name of the container. This is cosmetic and does not affect\n"
printf "operation in any way.\n"
printf "${yellow}(ab-nginx)${norm}\n\n"
printf "${cyan}-s|--shell${norm}\n"
printf "Enter the container using an interactive POSIX shell. This happens after\n"
printf "startup operations but *before* nginx is actually started. This is a great way\n"
printf "to see configuration changes possibly stopping nginx from starting normally.\n"
printf "${yellow}(off: run in detached mode)${norm}\n\n"
printf "${yellow}More information can be found at:\n"
printf "https://git.asifbacchus.app/ab-docker/ab-nginx/wiki\n"
printf "${magenta}%80s\n\n" | tr " " "-"
exit 0
}
### pre-requisite checks
# is user root or in the docker group?
if [ ! "$( id -u )" -eq 0 ]; then
if ! id -Gn | grep docker > /dev/null; then
printf "${err}\nYou must either be root or in the 'docker' group to run this script since you must be able to actually start the container! Exiting.\n${norm}"
exit 2
fi
fi
# does the params file exist?
if [ ! -f "./ab-nginx.params" ]; then
printf "${err}\nCannot find 'ab-nginx.params' file in the same directory as this script. Exiting.\n${norm}"
exit 3
fi
# read .params file
. ./ab-nginx.params
# check for certs if using SSL
if [ "$SSL_CERT" ]; then
if [ ! -f "$SSL_CERT" ]; then
printf "${err}\nCannot find specified SSL certificate file. Exiting.${norm}\n"
exit 5
fi
if [ ! -f "$SSL_KEY" ]; then
printf "${err}\nCannot find specified SSL private key file. Exiting.${norm}\n"
exit 5
fi
if [ ! -f "$SSL_CHAIN" ]; then
printf "${err}\nCannot find specified SSL certificate chain file. Exiting.${norm}\n"
exit 5
fi
fi
# check for DHparam if using TLS1.2
if [ "$TLS13_ONLY" = FALSE ]; then
if [ -z "$DH" ]; then
printf "${err}\nA DHparam file must be specified when using TLS 1.2. Exiting.${norm}\n"
exit 5
elif [ ! -f "$DH" ]; then
printf "${err}\nCannot find specified DHparam file. Exiting.${norm}\n"
exit 5
fi
fi
# check if specified config directory exists
if [ "$CONFIG_DIR" ] && [ ! -d "$CONFIG_DIR" ]; then
printf "${err}\nCannot find specified configuration file directory. Exiting.${norm}\n"
exit 4
fi
# check if specified server-block directory exists
if [ "$SERVERS_DIR" ] && [ ! -d "$SERVERS_DIR" ]; then
printf "${err}\nCannot find specified server-block file directory. Exiting.${norm}\n"
exit 4
fi
# check if specified webroot directory exists
if [ "$WEBROOT_DIR" ] && [ ! -d "$WEBROOT_DIR" ]; then
printf "${err}\nCannot find specified webroot directory. Exiting.${norm}\n"
exit 4
fi
# set up volume mounts for config, servers, webroot
if [ -z "$CONFIG_DIR" ] && [ -z "$WEBROOT_DIR" ] && [ -z "$SERVERS_DIR" ]; then
vmount=""
elif [ "$CONFIG_DIR" ] && [ "$WEBROOT_DIR" ] && [ "$SERVERS_DIR" ]; then
vmount="-v $CONFIG_DIR:/etc/nginx/config/ -v $SERVERS_DIR:/etc/nginx/sites/ -v $WEBROOT_DIR:/usr/share/nginx/html/"
elif [ "$CONFIG_DIR" ] && [ "$SERVERS_DIR" ]; then
vmount="-v $CONFIG_DIR:/etc/nginx/config/ -v $SERVERS_DIR:/etc/nginx/sites/"
elif [ "$CONFIG_DIR" ] && [ "$WEBROOT_DIR" ]; then
vmount="-v $CONFIG_DIR:/etc/nginx/config/ -v $WEBROOT_DIR:/usr/share/nginx/html/"
elif [ "$SERVERS_DIR" ] && [ "$WEBROOT_DIR" ]; then
vmount="-v $SERVERS_DIR:/etc/nginx/sites/ -v $WEBROOT_DIR:/usr/share/nginx/html/"
elif [ "$CONFIG_DIR" ]; then
vmount="-v $CONFIG_DIR:/etc/nginx/config/"
elif [ "$SERVERS_DIR" ]; then
vmount="-v $SERVERS_DIR:/etc/nginx/sites/"
elif [ "$WEBROOT_DIR" ]; then
vmount="-v $WEBROOT_DIR:/usr/share/nginx/html/"
fi
# process startup parameters
while [ $# -gt 0 ]; do
case "$1" in
-h|-\?|--help)
# display help
scriptHelp
exit 0
;;
-s|--shell)
# start shell instead of default CMD
shell=true
;;
-n|--name)
# container name
if [ -z "$2" ]; then
printf "${err}\nNo container name specified. Exiting.\n${norm}"
exit 1
fi
container_name="$2"
shift
;;
*)
printf "${err}\nUnknown option: %s\n" "$1"
printf "Use '--help' for valid options.\n\n${norm}"
exit 1
;;
esac
shift
done
# run without TLS
if [ -z "$SSL_CERT" ]; then
if [ $shell = true ]; then
# exec shell
printf "${cyan}\nRunning SHELL on %s...${norm}\n" "$container_name"
docker run --rm -it --name ${container_name} \
--env-file ab-nginx.params \
$vmount \
-p ${HTTP_PORT}:80 \
docker.asifbacchus.app/nginx/ab-nginx:latest /bin/sh
else
# exec normally
printf "${cyan}\nRunning NGINX on %s...${norm}\n" "$container_name"
docker run --rm -d --name ${container_name} \
--env-file ab-nginx.params \
$vmount \
-p ${HTTP_PORT}:80 \
--restart unless-stopped \
docker.asifbacchus.app/nginx/ab-nginx:latest
fi
# run with TLS1.2
elif [ "$SSL_CERT" ] && [ "$TLS13_ONLY" = FALSE ]; then
if [ $shell = true ]; then
# exec shell
printf "${cyan}\nRunning SHELL on %s (TLS 1.2)...${norm}\n" "$container_name"
docker run --rm -it --name ${container_name} \
--env-file ab-nginx.params \
$vmount \
-v "$SSL_CERT":/certs/fullchain.pem:ro \
-v "$SSL_KEY":/certs/privkey.pem:ro \
-v "$SSL_CHAIN":/certs/chain.pem:ro \
-v "$DH":/certs/dhparam.pem:ro \
-p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \
docker.asifbacchus.app/nginx/ab-nginx:latest /bin/sh
else
# exec normally
printf "${cyan}\nRunning NGINX on %s (TLS 1.2)...${norm}\n" "$container_name"
docker run --rm -d --name ${container_name} \
--env-file ab-nginx.params \
$vmount \
-v "$SSL_CERT":/certs/fullchain.pem:ro \
-v "$SSL_KEY":/certs/privkey.pem:ro \
-v "$SSL_CHAIN":/certs/chain.pem:ro \
-v "$DH":/certs/dhparam.pem:ro \
-p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \
--restart unless-stopped \
docker.asifbacchus.app/nginx/ab-nginx:latest
fi
# run with TLS1.3
elif [ "$SSL_CERT" ] && [ "$TLS13_ONLY" = TRUE ]; then
if [ $shell = true ]; then
# exec shell
printf "${cyan}\nRunning SHELL on %s (TLS 1.3)...${norm}\n" "$container_name"
docker run --rm -it --name ${container_name} \
--env-file ab-nginx.params \
$vmount \
-v "$SSL_CERT":/certs/fullchain.pem:ro \
-v "$SSL_KEY":/certs/privkey.pem:ro \
-v "$SSL_CHAIN":/certs/chain.pem:ro \
-p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \
docker.asifbacchus.app/nginx/ab-nginx:latest /bin/sh
else
# exec normally
printf "${cyan}\nRunning NGINX on %s (TLS 1.3)...${norm}\n" "$container_name"
docker run --rm -d --name ${container_name} \
--env-file ab-nginx.params \
$vmount \
-v "$SSL_CERT":/certs/fullchain.pem:ro \
-v "$SSL_KEY":/certs/privkey.pem:ro \
-v "$SSL_CHAIN":/certs/chain.pem:ro \
-p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \
--restart unless-stopped \
docker.asifbacchus.app/nginx/ab-nginx:latest
fi
fi
### exit gracefully
exit 0