Refactor entrypoint to avoid issues with volumes

rootfs/Dockerfile

@@ -25,6 +25,25 @@ RUN clean-install \
 
 COPY . /
 
+# Fix permission during the build to avoid issues at runtime
+# with volumes (custom templates)
+RUN bash -eux -c ' \
+  writeDirs=( \
+    /etc/nginx/template \
+    /etc/ingress-controller/ssl \
+    /etc/ingress-controller/auth \
+    /var/log \
+    /var/log/nginx \
+    /tmp \
+  ); \
+  for dir in "${writeDirs[@]}"; do \
+    mkdir -p ${dir}; \
+    chown -R www-data.www-data ${dir}; \
+  done' \
+  && chown www-data.www-data /etc/nginx/nginx.conf \
+  && chown www-data.www-data /etc/nginx/opentracing.json \
+  && chown www-data.www-data /etc/nginx
+
 ENTRYPOINT ["/entrypoint.sh"]
 
 CMD ["/nginx-ingress-controller"]

rootfs/entrypoint.sh

@@ -16,32 +16,24 @@
 
 set -e
 
-mkdir -p /var/log/nginx
 echo 0 > /tmp/nginx.pid
+# fix directory permissions
 writeDirs=( \
-    /etc/nginx/template \
-    /etc/ingress-controller/ssl \
-    /etc/ingress-controller/auth \
-    /var/log \
-    /var/log/nginx \
-    /tmp \
+    /var/log
+    /var/log/nginx
+    /tmp
 );
-
-for dir in "${writeDirs[@]}"; do
+for dir in "${writeDirs[@]}";do
     mkdir -p ${dir};
     chown -R www-data.www-data ${dir};
 done
 
-ln -sf /dev/stdout /var/log/nginx/access.log
-ln -sf /dev/stderr /var/log/nginx/error.log
-
+ln -sf /dev/stdout /var/log/nginx/access.log 
+ln -sf /dev/stderr /var/log/nginx/error.log 
 chown www-data.www-data /var/log/nginx/*
-chown www-data.www-data /etc/nginx/nginx.conf
-chown www-data.www-data /etc/nginx/opentracing.json
-chown www-data.www-data /etc/nginx
 
 echo "Testing if setcap is supported..."
-if test 'setcap cap_net_bind_service=+ep /usr/sbin/nginx'; then
+if setcap cap_net_bind_service=+ep /usr/sbin/nginx; then
     echo "setcap is supported. Setting cap_net_bind_service=+ep to allow binding port lower than 1024 as non-root"
     setcap cap_net_bind_service=+ep    /usr/sbin/nginx
     setcap -v cap_net_bind_service=+ep /usr/sbin/nginx