forked from iconoeugen/docker-nginx
-
Notifications
You must be signed in to change notification settings - Fork 0
/
entrypoint.sh
executable file
·99 lines (80 loc) · 2.89 KB
/
entrypoint.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
#!/bin/bash
set -o errexit
: ${DEBUG:=0}
[[ ${DEBUG} -eq 1 ]] && set -x
# Nginx server configuration
: ${PROXY_SENDFILE:=on}
: ${PROXY_TCP_NOPUSH:=off}
: ${PROXY_KEEP_ALIVE_TIMEOUT:=65}
# Enable HTTP proxy server
: ${PROXY_HTTP_ENABLED:=1}
# Enable HTTPS proxy server
: ${PROXY_HTTPS_ENABLED:=0}
: ${PROXY_SSL_DH_SIZE:=256}
: ${PROXY_SSL_DH_PATH:=/etc/nginx/certs/dh.pem}
: ${PROXY_SSL_KEY_PATH:=/etc/nginx/certs/cert.key}
: ${PROXY_SSL_CERT_PATH:=/etc/nginx/certs/cert.pem}
# Service name is mandatory
: ${SERVICE_NAME:?"Not defined"}
SERVICE_NAME=${SERVICE_NAME^^}
SERVICE_NAME=${SERVICE_NAME//-/_}
# Default protocol is http
: ${SERVICE_PROTO:=http}
# SERVICE_HOST is manadatory
SERVICE_HOST=${SERVICE_NAME}_SERVICE_HOST
SERVICE_HOST=${!SERVICE_HOST}
: ${SERVICE_HOST?"Not defined"}
# SERVICE_PORT is optional
SERVICE_PORT=${SERVICE_NAME}_SERVICE_PORT
SERVICE_PORT=${!SERVICE_PORT}
# Service remote address
SERVICE_ADDR="${SERVICE_HOST}${SERVICE_PORT:+:${SERVICE_PORT}}"
echo "Proxy service URL: ${SERVICE_PROTO}://${SERVICE_ADDR}"
[[ ${PROXY_HTTP_ENABLED} -ne 1 && ${PROXY_HTTPS_ENABLED} -ne 1 ]] \
&& >&2 echo "At least one of 'PROXY_HTTP_ENABLED' or 'PROXY_HTTPS_ENABLED' must be '1'!" \
&& exit 1
# Replace all set environment variables from in the current shell session.
# The environment variables present in the file but are unset will remain untouched.
# Replaced pattern is: ${<ENV_VAR>}
function substenv {
local in_file="$1"
local out_file="$2"
cp "${in_file}" "${out_file}"
compgen -v | while read var ; do
sed -i "s/\${$var}/$(echo ${!var} | sed -e 's/\\/\\\\/g' -e 's/\//\\\//g' -e 's/&/\\\&/g')/g" "${out_file}"
done
}
# Generate proxy config for nginx server
echo "Configure Nginx server."
substenv ${DOL_TMPL_DIR}/nginx.vh.proxy.conf.in /etc/nginx/conf.d/proxy.conf
# Configure HTTP server
if [[ ${PROXY_HTTP_ENABLED} -eq 1 ]] ; then
echo "Enable Nginx HTTP proxy server."
substenv ${DOL_TMPL_DIR}/nginx.vh.proxy-http.conf.in /etc/nginx/conf.d/proxy-http.conf
fi
# Configure HTTPS server
if [[ ${PROXY_HTTPS_ENABLED} -eq 1 ]] ; then
echo "Enable Nginx HTTPS proxy server."
substenv ${DOL_TMPL_DIR}/nginx.vh.proxy-https.conf.in /etc/nginx/conf.d/proxy-https.conf
if [ ! -e "${PROXY_SSL_DH_PATH}" ]
then
echo "Generating DH(${PROXY_SSL_DH_SIZE}): ${PROXY_SSL_DH_PATH}."
openssl dhparam -out "${PROXY_SSL_DH_PATH}" "${PROXY_SSL_DH_SIZE}"
fi
if [ ! -e "${PROXY_SSL_KEY_PATH}" ] || [ ! -e "${PROXY_SSL_CERT_PATH}" ]
then
echo "Generating self signed certificate."
openssl req -x509 -newkey rsa:4086 \
-subj "/C=XX/ST=XXXX/L=XXXX/O=XXXX/CN=localhost" \
-keyout "${PROXY_SSL_KEY_PATH}" \
-out "${PROXY_SSL_CERT_PATH}" \
-days 3650 -nodes -sha256
fi
fi
if [[ $# -ge 1 ]]; then
echo "$@"
exec $@
else
echo "Starting Nginx proxy server."
exec nginx -g "daemon off;"
fi