From 410961d43e7971e55558c38c5701d3e9175b74ca Mon Sep 17 00:00:00 2001 From: Asif Bacchus Date: Sat, 19 Oct 2019 17:44:52 -0600 Subject: [PATCH] add nginx scripts --- ab-nginx-php.params.template | 89 +++++++++++++ ab-nginx-php.sh | 249 +++++++++++++++++++++++++++++++++++ ab-nginx.params.template | 89 +++++++++++++ ab-nginx.sh | 249 +++++++++++++++++++++++++++++++++++ 4 files changed, 676 insertions(+) create mode 100644 ab-nginx-php.params.template create mode 100755 ab-nginx-php.sh create mode 100644 ab-nginx.params.template create mode 100755 ab-nginx.sh diff --git a/ab-nginx-php.params.template b/ab-nginx-php.params.template new file mode 100644 index 0000000..e1b5eef --- /dev/null +++ b/ab-nginx-php.params.template @@ -0,0 +1,89 @@ +##### +# Parameters for use by ab-nginx-php convenience script +# +# NOTE: 'TRUE', 'FALSE', 'ON' and 'OFF' MUST be in all CAPITALS! +# +# If you are not using the 'ab-nginx-php.sh' script file to start the container, +# then you don't have to do anything with this file. +##### + + +### Timezone +# This doesn't impact any functionality of the container, but it does make your +# logs easier to understand if they report the correct local time, right? +# (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) +TZ=Area/Location + + +### NGINX options +# Hostnames to which this instance of NGINX should answer: +# By default, this is set to '_' meaning 'match anything'. However, that won't +# work if you're using SSL certificates! Multiple hostnames must be space +# delimited. +# This is NOT required if you are supplying your own server blocks via +# 'SERVERS_DIR' +SERVER_NAMES="domain.tld www.domain.tld server.domain.tld alt.domain.tld" + +# Ports to expose on the HOST machine (container ALWAYS internally uses 80/443): +# If you need to use ports other than HTTP=80 and HTTPS=443, remember to set up +# your server blocks accordingly! See 'test_secured.conf.disabled' in the +# container if you need help. If you're using the 'test blocks', they +# automatically adjust for non-standard ports +# If you want to use the defaults, either leave these lines as-is, comment them +# out or just delete them. +HTTP_PORT=80 +HTTPS_PORT=443 + +# Access logging (global preference): +# Unless overridden in a server/location block, access logging will be handled +# according to this setting. Default is OFF. Choices are 'ON' or 'OFF'. Logs +# will be printed to the console so they are accessible via 'docker logs ...' +ACCESS_LOG=OFF + +### Content files +# Whatever you specify here will replace the default files in the container +# with your content/configurations. + +# Specify a directory containing your NGINX configurations (if any) +# Remember that these will be all be applied in the HTTP configuration +# context. +# Only files with a ".conf" extension will be loaded! If you want to disable a +# file, simply change it's extension (i.e. '.conf.disabled'). +CONFIG_DIR=$(pwd)/config/ + +# Specify a directory containing your NGINX server-block configurations (if any) +# If you are just serving static content from the 'webroot', you can use the +# hard-coded 'test blocks' in the container and specify a webroot with your +# files below. +# More likely, you will have your own server blocks. Remember, files are +# processed in order so consider starting file names with numbers +# (i.e. 00-first_server.conf, 05-second_server.conf) +# Only files with a ".conf" extension will be loaded! If you want to disable a +# file, simply change it's extension (i.e. '.conf.disabled'). +SERVERS_DIR=/home/user/server_blocks/ + +# Specify a directory that contains files for your 'webroot'. This includes +# things like HTML, CSS, etc. +WEBROOT_DIR=/home/user/my_web_stuff/ + + +### SSL options: +# Enable HSTS only AFTER you've tested SSL implementation! Container sets the +# header to require SSL for 6 months! Subdomains are NOT included. +HSTS=FALSE + +# If 'FALSE' (default), NGINX will accept both TLS 1.2 and 1.3 connections. +# If 'TRUE', only TLS 1.3 connections will be accepted. +TLS13_ONLY=FALSE + +### Certificate files to be bind-mounted +# Remember, if you are mounting symlinks (like when using Let's Encrypt), you +# MUST specify the full path of the symlink so the target is resolved! +# DH (Diffie-Hellman Parameters file) is only required if using TLS 1.2 +SSL_CERT=/path/to/your/ssl-certificate/fullchain.pem +SSL_KEY=/path/to/your/ssl-private-key/privkey.pem +SSL_CHAIN=/path/to/your/ssl-certificate-chain/chain.pem +DH=/path/to/your/diffie-hellman-parameters-file/dhparam.pem + + +#EOF \ No newline at end of file diff --git a/ab-nginx-php.sh b/ab-nginx-php.sh new file mode 100755 index 0000000..ee8d049 --- /dev/null +++ b/ab-nginx-php.sh @@ -0,0 +1,249 @@ +#!/bin/sh + +# +### start ab-nginx-php container using params file variables +# + +# text formatting presets +cyan=$(tput setaf 6) +err=$(tput bold)$(tput setaf 1) +magenta=$(tput setaf 5) +norm=$(tput sgr0) +yellow=$(tput setaf 3) + + +### parameter defaults +container_name="ab-nginx-php" +shell=false +HTTP_PORT=80 +HTTPS_PORT=443 +unset CONFIG_DIR +unset SERVERS_DIR +unset WEBROOT_DIR +unset vmount + + +scriptHelp () { + printf "\n${magenta}%80s\n" | tr " " "-" + printf "${norm}This is a simple helper script so you can avoid lengthy typing when working\n" + printf "with the nginx container. The script reads the contents of 'ab-nginx-php.params'\n" + printf "and constructs various 'docker run' commands based on that file. The biggest\n" + printf "timesaver is working with certificates. If they are specified in params file,\n" + printf "the script will automatically bind-mount them so nginx serves content via SSL\n" + printf "by default.\n\n" + printf "If you run the script with no parameters, it will execute the container\n" + printf "'normally': Run in detached mode with nginx automatically launched and\n" + printf "logging to stdout. If you specified certificates, nginx will serve over SSL\n" + printf "by default.\n" + printf "Note: This container removes itself upon exit.\n\n" + printf "${magenta}The script has the following parameters:\n" + printf "${cyan}(parameter in cyan) ${yellow}(default in yellow)${norm}\n\n" + printf "${cyan}-n|--name${norm}\n" + printf "Change the name of the container. This is cosmetic and does not affect\n" + printf "operation in any way.\n" + printf "${yellow}(ab-nginx-php)${norm}\n\n" + printf "${cyan}-s|--shell${norm}\n" + printf "Enter the container using an interactive POSIX shell. This happens after\n" + printf "startup operations but *before* nginx is actually started. This is a great way\n" + printf "to see configuration changes possibly stopping nginx from starting normally.\n" + printf "${yellow}(off: run in detached mode)${norm}\n\n" + printf "${yellow}More information can be found at:\n" + printf "https://git.asifbacchus.app/ab-docker/ab-nginx-php/wiki\n" + printf "${magenta}%80s\n\n" | tr " " "-" + exit 0 +} + +### pre-requisite checks + +# is user root or in the docker group? +if [ ! "$( id -u )" -eq 0 ]; then + if ! id -Gn | grep docker > /dev/null; then + printf "${err}\nYou must either be root or in the 'docker' group to run this script since you must be able to actually start the container! Exiting.\n${norm}" + exit 2 + fi +fi + +# does the params file exist? +if [ ! -f "./ab-nginx-php.params" ]; then + printf "${err}\nCannot find 'ab-nginx-php.params' file in the same directory as this script. Exiting.\n${norm}" + exit 3 +fi + +# read .params file +. ./ab-nginx-php.params + +# check for certs if using SSL +if [ "$SSL_CERT" ]; then + if [ ! -f "$SSL_CERT" ]; then + printf "${err}\nCannot find specified SSL certificate file. Exiting.${norm}\n" + exit 5 + fi + if [ ! -f "$SSL_KEY" ]; then + printf "${err}\nCannot find specified SSL private key file. Exiting.${norm}\n" + exit 5 + fi + if [ ! -f "$SSL_CHAIN" ]; then + printf "${err}\nCannot find specified SSL certificate chain file. Exiting.${norm}\n" + exit 5 + fi +fi + +# check for DHparam if using TLS1.2 +if [ "$TLS13_ONLY" = FALSE ]; then + if [ -z "$DH" ]; then + printf "${err}\nA DHparam file must be specified when using TLS 1.2. Exiting.${norm}\n" + exit 5 + elif [ ! -f "$DH" ]; then + printf "${err}\nCannot find specified DHparam file. Exiting.${norm}\n" + exit 5 + fi +fi + +# check if specified config directory exists +if [ "$CONFIG_DIR" ] && [ ! -d "$CONFIG_DIR" ]; then + printf "${err}\nCannot find specified configuration file directory. Exiting.${norm}\n" + exit 4 +fi + +# check if specified server-block directory exists +if [ "$SERVERS_DIR" ] && [ ! -d "$SERVERS_DIR" ]; then + printf "${err}\nCannot find specified server-block file directory. Exiting.${norm}\n" + exit 4 +fi + +# check if specified webroot directory exists +if [ "$WEBROOT_DIR" ] && [ ! -d "$WEBROOT_DIR" ]; then + printf "${err}\nCannot find specified webroot directory. Exiting.${norm}\n" + exit 4 +fi + +# set up volume mounts for config, servers, webroot +if [ -z "$CONFIG_DIR" ] && [ -z "$WEBROOT_DIR" ] && [ -z "$SERVERS_DIR" ]; then + vmount="" +elif [ "$CONFIG_DIR" ] && [ "$WEBROOT_DIR" ] && [ "$SERVERS_DIR" ]; then + vmount="-v $CONFIG_DIR:/etc/nginx/config/ -v $SERVERS_DIR:/etc/nginx/sites/ -v $WEBROOT_DIR:/usr/share/nginx/html/" +elif [ "$CONFIG_DIR" ] && [ "$SERVERS_DIR" ]; then + vmount="-v $CONFIG_DIR:/etc/nginx/config/ -v $SERVERS_DIR:/etc/nginx/sites/" +elif [ "$CONFIG_DIR" ] && [ "$WEBROOT_DIR" ]; then + vmount="-v $CONFIG_DIR:/etc/nginx/config/ -v $WEBROOT_DIR:/usr/share/nginx/html/" +elif [ "$SERVERS_DIR" ] && [ "$WEBROOT_DIR" ]; then + vmount="-v $SERVERS_DIR:/etc/nginx/sites/ -v $WEBROOT_DIR:/usr/share/nginx/html/" +elif [ "$CONFIG_DIR" ]; then + vmount="-v $CONFIG_DIR:/etc/nginx/config/" +elif [ "$SERVERS_DIR" ]; then + vmount="-v $SERVERS_DIR:/etc/nginx/sites/" +elif [ "$WEBROOT_DIR" ]; then + vmount="-v $WEBROOT_DIR:/usr/share/nginx/html/" +fi + + +# process startup parameters +while [ $# -gt 0 ]; do + case "$1" in + -h|-\?|--help) + # display help + scriptHelp + exit 0 + ;; + -s|--shell) + # start shell instead of default CMD + shell=true + ;; + -n|--name) + # container name + if [ -z "$2" ]; then + printf "${err}\nNo container name specified. Exiting.\n${norm}" + exit 1 + fi + container_name="$2" + shift + ;; + *) + printf "${err}\nUnknown option: %s\n" "$1" + printf "Use '--help' for valid options.\n\n${norm}" + exit 1 + ;; + esac + shift +done + + +# run without TLS +if [ -z "$SSL_CERT" ]; then + if [ $shell = true ]; then + # exec shell + printf "${cyan}\nRunning SHELL on %s...${norm}\n" "$container_name" + docker run --rm -it --name ${container_name} \ + --env-file ab-nginx-php.params \ + $vmount \ + -p ${HTTP_PORT}:80 \ + docker.asifbacchus.app/nginx/ab-nginx-php:latest /bin/sh + else + # exec normally + printf "${cyan}\nRunning NGINX on %s...${norm}\n" "$container_name" + docker run --rm -d --name ${container_name} \ + --env-file ab-nginx-php.params \ + $vmount \ + -p ${HTTP_PORT}:80 \ + --restart unless-stopped \ + docker.asifbacchus.app/nginx/ab-nginx-php:latest + fi +# run with TLS1.2 +elif [ "$SSL_CERT" ] && [ "$TLS13_ONLY" = FALSE ]; then + if [ $shell = true ]; then + # exec shell + printf "${cyan}\nRunning SHELL on %s (TLS 1.2)...${norm}\n" "$container_name" + docker run --rm -it --name ${container_name} \ + --env-file ab-nginx-php.params \ + $vmount \ + -v "$SSL_CERT":/certs/fullchain.pem:ro \ + -v "$SSL_KEY":/certs/privkey.pem:ro \ + -v "$SSL_CHAIN":/certs/chain.pem:ro \ + -v "$DH":/certs/dhparam.pem:ro \ + -p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \ + docker.asifbacchus.app/nginx/ab-nginx-php:latest /bin/sh + else + # exec normally + printf "${cyan}\nRunning NGINX on %s (TLS 1.2)...${norm}\n" "$container_name" + docker run --rm -d --name ${container_name} \ + --env-file ab-nginx-php.params \ + $vmount \ + -v "$SSL_CERT":/certs/fullchain.pem:ro \ + -v "$SSL_KEY":/certs/privkey.pem:ro \ + -v "$SSL_CHAIN":/certs/chain.pem:ro \ + -v "$DH":/certs/dhparam.pem:ro \ + -p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \ + --restart unless-stopped \ + docker.asifbacchus.app/nginx/ab-nginx-php:latest + fi +# run with TLS1.3 +elif [ "$SSL_CERT" ] && [ "$TLS13_ONLY" = TRUE ]; then + if [ $shell = true ]; then + # exec shell + printf "${cyan}\nRunning SHELL on %s (TLS 1.3)...${norm}\n" "$container_name" + docker run --rm -it --name ${container_name} \ + --env-file ab-nginx-php.params \ + $vmount \ + -v "$SSL_CERT":/certs/fullchain.pem:ro \ + -v "$SSL_KEY":/certs/privkey.pem:ro \ + -v "$SSL_CHAIN":/certs/chain.pem:ro \ + -p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \ + docker.asifbacchus.app/nginx/ab-nginx-php:latest /bin/sh + else + # exec normally + printf "${cyan}\nRunning NGINX on %s (TLS 1.3)...${norm}\n" "$container_name" + docker run --rm -d --name ${container_name} \ + --env-file ab-nginx-php.params \ + $vmount \ + -v "$SSL_CERT":/certs/fullchain.pem:ro \ + -v "$SSL_KEY":/certs/privkey.pem:ro \ + -v "$SSL_CHAIN":/certs/chain.pem:ro \ + -p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \ + --restart unless-stopped \ + docker.asifbacchus.app/nginx/ab-nginx-php:latest + fi +fi + + +### exit gracefully +exit 0 \ No newline at end of file diff --git a/ab-nginx.params.template b/ab-nginx.params.template new file mode 100644 index 0000000..8949623 --- /dev/null +++ b/ab-nginx.params.template @@ -0,0 +1,89 @@ +##### +# Parameters for use by ab-nginx convenience script +# +# NOTE: 'TRUE', 'FALSE', 'ON' and 'OFF' MUST be in all CAPITALS! +# +# If you are not using the 'ab-nginx.sh' script file to start the container, +# then you don't have to do anything with this file. +##### + + +### Timezone +# This doesn't impact any functionality of the container, but it does make your +# logs easier to understand if they report the correct local time, right? +# (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) +TZ=Area/Location + + +### NGINX options +# Hostnames to which this instance of NGINX should answer: +# By default, this is set to '_' meaning 'match anything'. However, that won't +# work if you're using SSL certificates! Multiple hostnames must be space +# delimited. +# This is NOT required if you are supplying your own server blocks via +# 'SERVERS_DIR' +SERVER_NAMES="domain.tld www.domain.tld server.domain.tld alt.domain.tld" + +# Ports to expose on the HOST machine (container ALWAYS internally uses 80/443): +# If you need to use ports other than HTTP=80 and HTTPS=443, remember to set up +# your server blocks accordingly! See 'test_secured.conf.disabled' in the +# container if you need help. If you're using the 'test blocks', they +# automatically adjust for non-standard ports +# If you want to use the defaults, either leave these lines as-is, comment them +# out or just delete them. +HTTP_PORT=80 +HTTPS_PORT=443 + +# Access logging (global preference): +# Unless overridden in a server/location block, access logging will be handled +# according to this setting. Default is OFF. Choices are 'ON' or 'OFF'. Logs +# will be printed to the console so they are accessible via 'docker logs ...' +ACCESS_LOG=OFF + +### Content files +# Whatever you specify here will replace the default files in the container +# with your content/configurations. + +# Specify a directory containing your NGINX configurations (if any) +# Remember that these will be all be applied in the HTTP configuration +# context. +# Only files with a ".conf" extension will be loaded! If you want to disable a +# file, simply change it's extension (i.e. '.conf.disabled'). +CONFIG_DIR=$(pwd)/config/ + +# Specify a directory containing your NGINX server-block configurations (if any) +# If you are just serving static content from the 'webroot', you can use the +# hard-coded 'test blocks' in the container and specify a webroot with your +# files below. +# More likely, you will have your own server blocks. Remember, files are +# processed in order so consider starting file names with numbers +# (i.e. 00-first_server.conf, 05-second_server.conf) +# Only files with a ".conf" extension will be loaded! If you want to disable a +# file, simply change it's extension (i.e. '.conf.disabled'). +SERVERS_DIR=/home/user/server_blocks/ + +# Specify a directory that contains files for your 'webroot'. This includes +# things like HTML, CSS, etc. +WEBROOT_DIR=/home/user/my_web_stuff/ + + +### SSL options: +# Enable HSTS only AFTER you've tested SSL implementation! Container sets the +# header to require SSL for 6 months! Subdomains are NOT included. +HSTS=FALSE + +# If 'FALSE' (default), NGINX will accept both TLS 1.2 and 1.3 connections. +# If 'TRUE', only TLS 1.3 connections will be accepted. +TLS13_ONLY=FALSE + +### Certificate files to be bind-mounted +# Remember, if you are mounting symlinks (like when using Let's Encrypt), you +# MUST specify the full path of the symlink so the target is resolved! +# DH (Diffie-Hellman Parameters file) is only required if using TLS 1.2 +SSL_CERT=/path/to/your/ssl-certificate/fullchain.pem +SSL_KEY=/path/to/your/ssl-private-key/privkey.pem +SSL_CHAIN=/path/to/your/ssl-certificate-chain/chain.pem +DH=/path/to/your/diffie-hellman-parameters-file/dhparam.pem + + +#EOF \ No newline at end of file diff --git a/ab-nginx.sh b/ab-nginx.sh new file mode 100755 index 0000000..b8750a0 --- /dev/null +++ b/ab-nginx.sh @@ -0,0 +1,249 @@ +#!/bin/sh + +# +### start ab-nginx container using params file variables +# + +# text formatting presets +cyan=$(tput setaf 6) +err=$(tput bold)$(tput setaf 1) +magenta=$(tput setaf 5) +norm=$(tput sgr0) +yellow=$(tput setaf 3) + + +### parameter defaults +container_name="ab-nginx" +shell=false +HTTP_PORT=80 +HTTPS_PORT=443 +unset CONFIG_DIR +unset SERVERS_DIR +unset WEBROOT_DIR +unset vmount + + +scriptHelp () { + printf "\n${magenta}%80s\n" | tr " " "-" + printf "${norm}This is a simple helper script so you can avoid lengthy typing when working\n" + printf "with the nginx container. The script reads the contents of 'ab-nginx.params'\n" + printf "and constructs various 'docker run' commands based on that file. The biggest\n" + printf "timesaver is working with certificates. If they are specified in params file,\n" + printf "the script will automatically bind-mount them so nginx serves content via SSL\n" + printf "by default.\n\n" + printf "If you run the script with no parameters, it will execute the container\n" + printf "'normally': Run in detached mode with nginx automatically launched and\n" + printf "logging to stdout. If you specified certificates, nginx will serve over SSL\n" + printf "by default.\n" + printf "Note: This container removes itself upon exit.\n\n" + printf "${magenta}The script has the following parameters:\n" + printf "${cyan}(parameter in cyan) ${yellow}(default in yellow)${norm}\n\n" + printf "${cyan}-n|--name${norm}\n" + printf "Change the name of the container. This is cosmetic and does not affect\n" + printf "operation in any way.\n" + printf "${yellow}(ab-nginx)${norm}\n\n" + printf "${cyan}-s|--shell${norm}\n" + printf "Enter the container using an interactive POSIX shell. This happens after\n" + printf "startup operations but *before* nginx is actually started. This is a great way\n" + printf "to see configuration changes possibly stopping nginx from starting normally.\n" + printf "${yellow}(off: run in detached mode)${norm}\n\n" + printf "${yellow}More information can be found at:\n" + printf "https://git.asifbacchus.app/ab-docker/ab-nginx/wiki\n" + printf "${magenta}%80s\n\n" | tr " " "-" + exit 0 +} + +### pre-requisite checks + +# is user root or in the docker group? +if [ ! "$( id -u )" -eq 0 ]; then + if ! id -Gn | grep docker > /dev/null; then + printf "${err}\nYou must either be root or in the 'docker' group to run this script since you must be able to actually start the container! Exiting.\n${norm}" + exit 2 + fi +fi + +# does the params file exist? +if [ ! -f "./ab-nginx.params" ]; then + printf "${err}\nCannot find 'ab-nginx.params' file in the same directory as this script. Exiting.\n${norm}" + exit 3 +fi + +# read .params file +. ./ab-nginx.params + +# check for certs if using SSL +if [ "$SSL_CERT" ]; then + if [ ! -f "$SSL_CERT" ]; then + printf "${err}\nCannot find specified SSL certificate file. Exiting.${norm}\n" + exit 5 + fi + if [ ! -f "$SSL_KEY" ]; then + printf "${err}\nCannot find specified SSL private key file. Exiting.${norm}\n" + exit 5 + fi + if [ ! -f "$SSL_CHAIN" ]; then + printf "${err}\nCannot find specified SSL certificate chain file. Exiting.${norm}\n" + exit 5 + fi +fi + +# check for DHparam if using TLS1.2 +if [ "$TLS13_ONLY" = FALSE ]; then + if [ -z "$DH" ]; then + printf "${err}\nA DHparam file must be specified when using TLS 1.2. Exiting.${norm}\n" + exit 5 + elif [ ! -f "$DH" ]; then + printf "${err}\nCannot find specified DHparam file. Exiting.${norm}\n" + exit 5 + fi +fi + +# check if specified config directory exists +if [ "$CONFIG_DIR" ] && [ ! -d "$CONFIG_DIR" ]; then + printf "${err}\nCannot find specified configuration file directory. Exiting.${norm}\n" + exit 4 +fi + +# check if specified server-block directory exists +if [ "$SERVERS_DIR" ] && [ ! -d "$SERVERS_DIR" ]; then + printf "${err}\nCannot find specified server-block file directory. Exiting.${norm}\n" + exit 4 +fi + +# check if specified webroot directory exists +if [ "$WEBROOT_DIR" ] && [ ! -d "$WEBROOT_DIR" ]; then + printf "${err}\nCannot find specified webroot directory. Exiting.${norm}\n" + exit 4 +fi + +# set up volume mounts for config, servers, webroot +if [ -z "$CONFIG_DIR" ] && [ -z "$WEBROOT_DIR" ] && [ -z "$SERVERS_DIR" ]; then + vmount="" +elif [ "$CONFIG_DIR" ] && [ "$WEBROOT_DIR" ] && [ "$SERVERS_DIR" ]; then + vmount="-v $CONFIG_DIR:/etc/nginx/config/ -v $SERVERS_DIR:/etc/nginx/sites/ -v $WEBROOT_DIR:/usr/share/nginx/html/" +elif [ "$CONFIG_DIR" ] && [ "$SERVERS_DIR" ]; then + vmount="-v $CONFIG_DIR:/etc/nginx/config/ -v $SERVERS_DIR:/etc/nginx/sites/" +elif [ "$CONFIG_DIR" ] && [ "$WEBROOT_DIR" ]; then + vmount="-v $CONFIG_DIR:/etc/nginx/config/ -v $WEBROOT_DIR:/usr/share/nginx/html/" +elif [ "$SERVERS_DIR" ] && [ "$WEBROOT_DIR" ]; then + vmount="-v $SERVERS_DIR:/etc/nginx/sites/ -v $WEBROOT_DIR:/usr/share/nginx/html/" +elif [ "$CONFIG_DIR" ]; then + vmount="-v $CONFIG_DIR:/etc/nginx/config/" +elif [ "$SERVERS_DIR" ]; then + vmount="-v $SERVERS_DIR:/etc/nginx/sites/" +elif [ "$WEBROOT_DIR" ]; then + vmount="-v $WEBROOT_DIR:/usr/share/nginx/html/" +fi + + +# process startup parameters +while [ $# -gt 0 ]; do + case "$1" in + -h|-\?|--help) + # display help + scriptHelp + exit 0 + ;; + -s|--shell) + # start shell instead of default CMD + shell=true + ;; + -n|--name) + # container name + if [ -z "$2" ]; then + printf "${err}\nNo container name specified. Exiting.\n${norm}" + exit 1 + fi + container_name="$2" + shift + ;; + *) + printf "${err}\nUnknown option: %s\n" "$1" + printf "Use '--help' for valid options.\n\n${norm}" + exit 1 + ;; + esac + shift +done + + +# run without TLS +if [ -z "$SSL_CERT" ]; then + if [ $shell = true ]; then + # exec shell + printf "${cyan}\nRunning SHELL on %s...${norm}\n" "$container_name" + docker run --rm -it --name ${container_name} \ + --env-file ab-nginx.params \ + $vmount \ + -p ${HTTP_PORT}:80 \ + docker.asifbacchus.app/nginx/ab-nginx:latest /bin/sh + else + # exec normally + printf "${cyan}\nRunning NGINX on %s...${norm}\n" "$container_name" + docker run --rm -d --name ${container_name} \ + --env-file ab-nginx.params \ + $vmount \ + -p ${HTTP_PORT}:80 \ + --restart unless-stopped \ + docker.asifbacchus.app/nginx/ab-nginx:latest + fi +# run with TLS1.2 +elif [ "$SSL_CERT" ] && [ "$TLS13_ONLY" = FALSE ]; then + if [ $shell = true ]; then + # exec shell + printf "${cyan}\nRunning SHELL on %s (TLS 1.2)...${norm}\n" "$container_name" + docker run --rm -it --name ${container_name} \ + --env-file ab-nginx.params \ + $vmount \ + -v "$SSL_CERT":/certs/fullchain.pem:ro \ + -v "$SSL_KEY":/certs/privkey.pem:ro \ + -v "$SSL_CHAIN":/certs/chain.pem:ro \ + -v "$DH":/certs/dhparam.pem:ro \ + -p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \ + docker.asifbacchus.app/nginx/ab-nginx:latest /bin/sh + else + # exec normally + printf "${cyan}\nRunning NGINX on %s (TLS 1.2)...${norm}\n" "$container_name" + docker run --rm -d --name ${container_name} \ + --env-file ab-nginx.params \ + $vmount \ + -v "$SSL_CERT":/certs/fullchain.pem:ro \ + -v "$SSL_KEY":/certs/privkey.pem:ro \ + -v "$SSL_CHAIN":/certs/chain.pem:ro \ + -v "$DH":/certs/dhparam.pem:ro \ + -p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \ + --restart unless-stopped \ + docker.asifbacchus.app/nginx/ab-nginx:latest + fi +# run with TLS1.3 +elif [ "$SSL_CERT" ] && [ "$TLS13_ONLY" = TRUE ]; then + if [ $shell = true ]; then + # exec shell + printf "${cyan}\nRunning SHELL on %s (TLS 1.3)...${norm}\n" "$container_name" + docker run --rm -it --name ${container_name} \ + --env-file ab-nginx.params \ + $vmount \ + -v "$SSL_CERT":/certs/fullchain.pem:ro \ + -v "$SSL_KEY":/certs/privkey.pem:ro \ + -v "$SSL_CHAIN":/certs/chain.pem:ro \ + -p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \ + docker.asifbacchus.app/nginx/ab-nginx:latest /bin/sh + else + # exec normally + printf "${cyan}\nRunning NGINX on %s (TLS 1.3)...${norm}\n" "$container_name" + docker run --rm -d --name ${container_name} \ + --env-file ab-nginx.params \ + $vmount \ + -v "$SSL_CERT":/certs/fullchain.pem:ro \ + -v "$SSL_KEY":/certs/privkey.pem:ro \ + -v "$SSL_CHAIN":/certs/chain.pem:ro \ + -p ${HTTP_PORT}:80 -p ${HTTPS_PORT}:443 \ + --restart unless-stopped \ + docker.asifbacchus.app/nginx/ab-nginx:latest + fi +fi + + +### exit gracefully +exit 0 \ No newline at end of file