From e32b802afe0bf417eea0d3183844052f735055b1 Mon Sep 17 00:00:00 2001 From: Seth Grover Date: Thu, 13 Apr 2023 07:51:33 -0600 Subject: [PATCH] make sure htadmin/nginx auth files get created with correct ownership (idaholab/Malcolm#169) --- Dockerfiles/nginx.Dockerfile | 3 +-- htadmin/htadmin.sh | 36 +++++++++---------------- nginx/scripts/docker_entrypoint.sh | 5 ++-- shared/bin/service_check_passthrough.sh | 2 +- 4 files changed, 18 insertions(+), 28 deletions(-) diff --git a/Dockerfiles/nginx.Dockerfile b/Dockerfiles/nginx.Dockerfile index 5cd0060e1..31ca37f55 100644 --- a/Dockerfiles/nginx.Dockerfile +++ b/Dockerfiles/nginx.Dockerfile @@ -186,8 +186,7 @@ RUN set -x ; \ make -j$(getconf _NPROCESSORS_ONLN) ; \ make install ; \ rm -rf /etc/nginx/html/ ; \ - mkdir -p /etc/nginx/conf.d/ ; \ - mkdir -p /usr/share/nginx/html/ ; \ + mkdir -p /etc/nginx/conf.d/ /etc/nginx/auth/ /usr/share/nginx/html/ ; \ install -m644 html/index.html /usr/share/nginx/html/ ; \ install -m644 html/50x.html /usr/share/nginx/html/ ; \ install -m755 objs/nginx-debug /usr/sbin/nginx-debug ; \ diff --git a/htadmin/htadmin.sh b/htadmin/htadmin.sh index b1c5002c2..9bbbde6b2 100644 --- a/htadmin/htadmin.sh +++ b/htadmin/htadmin.sh @@ -1,32 +1,22 @@ #!/usr/bin/env bash -HTADMIN_ENABLED=${NGINX_BASIC_AUTH:-"true"} +if [[ "${NGINX_BASIC_AUTH:-true}" == "true" ]]; then -if [[ ! -f /var/www/htadmin/config/config.ini ]] && [[ -f /var/www/htadmin/default/config.ini ]]; then - mkdir -p /var/www/htadmin/config/ - cp /var/www/htadmin/default/config.ini /var/www/htadmin/config/config.ini -fi + if [[ ! -f /var/www/htadmin/config/config.ini ]] && [[ -f /var/www/htadmin/default/config.ini ]]; then + cp /var/www/htadmin/default/config.ini /var/www/htadmin/config/config.ini + [[ -n ${PUID} ]] && chown -f ${PUID} /var/www/htadmin/config/config.ini + [[ -n ${PGID} ]] && chown -f :${PGID} /var/www/htadmin/config/config.ini + fi -if [[ ! -f /var/www/htadmin/config/metadata ]] && [[ -f /var/www/htadmin/default/metadata ]]; then - mkdir -p /var/www/htadmin/config/ - cp /var/www/htadmin/default/metadata /var/www/htadmin/config/metadata -fi + if [[ ! -f /var/www/htadmin/config/metadata ]] && [[ -f /var/www/htadmin/default/metadata ]]; then + cp /var/www/htadmin/default/metadata /var/www/htadmin/config/metadata + [[ -n ${PUID} ]] && chown -f ${PUID} /var/www/htadmin/config/metadata + [[ -n ${PGID} ]] && chown -f :${PGID} /var/www/htadmin/config/metadata + fi -if [[ "$HTADMIN_ENABLED" == "true" ]]; then sleep 10 nginx -g "daemon off;" + else - mkdir -p /tmp/htadmin_disabled - pushd /tmp/htadmin_disabled >/dev/null 2>&1 && \ - cat << EOF > index.html - -
Basic Authentication Disabled
- -

Basic HTTP authentication has been disabled.

-

Refer to the Malcolm documentation for details on LDAP authentication.

- - -EOF - python3 -m http.server 80 - popd >/dev/null 2>&1 + /usr/local/bin/service_check_passthrough.sh -d -s htadmin -p 80 -f http fi diff --git a/nginx/scripts/docker_entrypoint.sh b/nginx/scripts/docker_entrypoint.sh index 5932d6fa1..95a7dd83a 100755 --- a/nginx/scripts/docker_entrypoint.sh +++ b/nginx/scripts/docker_entrypoint.sh @@ -238,8 +238,9 @@ EOF fi # basic vs. ldap if [[ ! -f /etc/nginx/auth/htpasswd ]] && [[ -f /tmp/auth/default/htpasswd ]]; then - mkdir -p /etc/nginx/auth/ - cp /tmp/auth/default/htpasswd /etc/nginx/auth/ + cp /tmp/auth/default/htpasswd /etc/nginx/auth/htpasswd + [[ -n ${PUID} ]] && chown -f ${PUID} /etc/nginx/auth/htpasswd + [[ -n ${PGID} ]] && chown -f :${PGID} /etc/nginx/auth/htpasswd rm -rf /tmp/auth/* || true fi diff --git a/shared/bin/service_check_passthrough.sh b/shared/bin/service_check_passthrough.sh index 769994c1b..80a3142e8 100755 --- a/shared/bin/service_check_passthrough.sh +++ b/shared/bin/service_check_passthrough.sh @@ -51,7 +51,7 @@ while getopts 'vds:p:f:' OPTION; do ;; ?) - echo "script usage: $(basename $0) [-v] [-i input]" >&2 + echo "script usage: $(basename $0) [-v (verbose)] [-d (disabled)] [-s ] [-p ] [-f ]" >&2 exit 1 ;; esac