From 69a2a27170f222220dcd5b468cd4c9c3f083ff54 Mon Sep 17 00:00:00 2001
From: Manuel de Brito Fontes <aledbf@gmail.com>
Date: Mon, 30 Jul 2018 16:10:40 -0400
Subject: [PATCH] Refactor entrypoint to avoid issues with volumes

---
 rootfs/Dockerfile    | 19 +++++++++++++++++++
 rootfs/entrypoint.sh | 24 ++++++++----------------
 2 files changed, 27 insertions(+), 16 deletions(-)

diff --git a/rootfs/Dockerfile b/rootfs/Dockerfile
index 947f3fe373..3add911643 100644
--- a/rootfs/Dockerfile
+++ b/rootfs/Dockerfile
@@ -25,6 +25,25 @@ RUN clean-install \
 
 COPY . /
 
+# Fix permission during the build to avoid issues at runtime
+# with volumes (custom templates)
+RUN bash -eux -c ' \
+  writeDirs=( \
+    /etc/nginx/template \
+    /etc/ingress-controller/ssl \
+    /etc/ingress-controller/auth \
+    /var/log \
+    /var/log/nginx \
+    /tmp \
+  ); \
+  for dir in "${writeDirs[@]}"; do \
+    mkdir -p ${dir}; \
+    chown -R www-data.www-data ${dir}; \
+  done' \
+  && chown www-data.www-data /etc/nginx/nginx.conf \
+  && chown www-data.www-data /etc/nginx/opentracing.json \
+  && chown www-data.www-data /etc/nginx
+
 ENTRYPOINT ["/entrypoint.sh"]
 
 CMD ["/nginx-ingress-controller"]
diff --git a/rootfs/entrypoint.sh b/rootfs/entrypoint.sh
index f617f51c9d..71b796165d 100755
--- a/rootfs/entrypoint.sh
+++ b/rootfs/entrypoint.sh
@@ -16,32 +16,24 @@
 
 set -e
 
-mkdir -p /var/log/nginx
 echo 0 > /tmp/nginx.pid
+# fix directory permissions
 writeDirs=( \
-    /etc/nginx/template \
-    /etc/ingress-controller/ssl \
-    /etc/ingress-controller/auth \
-    /var/log \
-    /var/log/nginx \
-    /tmp \
+    /var/log
+    /var/log/nginx
+    /tmp
 );
-
-for dir in "${writeDirs[@]}"; do
+for dir in "${writeDirs[@]}";do
     mkdir -p ${dir};
     chown -R www-data.www-data ${dir};
 done
 
-ln -sf /dev/stdout /var/log/nginx/access.log
-ln -sf /dev/stderr /var/log/nginx/error.log
-
+ln -sf /dev/stdout /var/log/nginx/access.log 
+ln -sf /dev/stderr /var/log/nginx/error.log 
 chown www-data.www-data /var/log/nginx/*
-chown www-data.www-data /etc/nginx/nginx.conf
-chown www-data.www-data /etc/nginx/opentracing.json
-chown www-data.www-data /etc/nginx
 
 echo "Testing if setcap is supported..."
-if test 'setcap cap_net_bind_service=+ep /usr/sbin/nginx'; then
+if setcap cap_net_bind_service=+ep /usr/sbin/nginx; then
     echo "setcap is supported. Setting cap_net_bind_service=+ep to allow binding port lower than 1024 as non-root"
     setcap cap_net_bind_service=+ep    /usr/sbin/nginx
     setcap -v cap_net_bind_service=+ep /usr/sbin/nginx