forked from CommunityHoneyNetwork/CHN-Server
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnginx.run
72 lines (61 loc) · 2.16 KB
/
nginx.run
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
#!/bin/bash
set -x
set -o errexit
set -o nounset
trap "exit 130" SIGINT
trap "exit 137" SIGKILL
trap "exit 143" SIGTERM
PIDFILE=/var/run/nginx.pid
SERVER_BASE_URL=${SERVER_BASE_URL:-http://$(curl http://httpbin.org/ip | jq -r .origin)}
SERVER=$(echo ${SERVER_BASE_URL} | awk -F/ '{print $3}')
SERVER="${SERVER%%:*}"
# Should we be doing this this way?
# What should we do to cleanup in a container?
if [[ -f $PIDFILE ]]
then
rm $PIDFILE
fi
# In case the log dir is not there
mkdir -p /var/log/nginx
touch /var/log/nginx/error.log
# Check whether we can generate a certbot cert. No certbot for IPs
protocol=$(echo ${SERVER_BASE_URL} | awk -F: '{print $1}')
if [[ $protocol == "http" ]] || [[ $SERVER == "localhost" ]] || [[ $SERVER =~ ([0-9]{1,3}\.){3}[0-9]{1,3} ]]
then
CERTIFICATE_STRATEGY=${CERTIFICATE_STRATEGY:-SELFSIGNED}
else
CERTIFICATE_STRATEGY=${CERTIFICATE_STRATEGY:-CERTBOT}
fi
## Generate certificates here (or make sure they exist for BYO)
CERT_FILE="/tls/cert.pem"
KEY_FILE="/tls/key.pem"
case "${CERTIFICATE_STRATEGY}" in
"CERTBOT")
echo "Using CERTBOT to manage certificate"
ACME_SERVER=${ACME_SERVER:-https://acme-v02.api.letsencrypt.org/directory}
certbot certonly --standalone -n --register-unsafely-without-email \
--keep-until-expiring --agree-tos --domains ${SERVER} \
--server=${ACME_SERVER}
ln -sf /etc/letsencrypt/live/${SERVER}/fullchain.pem "${CERT_FILE}"
ln -sf /etc/letsencrypt/live/${SERVER}/privkey.pem "${KEY_FILE}"
;;
"SELFSIGNED")
echo "Generating self signed certificate"
openssl req -x509 -newkey rsa:4096 -keyout "${KEY_FILE}" \
-out "${CERT_FILE}" -nodes -days 365 -subj "/CN=${SERVER}"
;;
"BYO")
echo "Expecting cert.pem and key.pem to exist in /tls"
if [[ ! -e "${CERT_FILE}" ]]; then
echo "Missing ${CERT_FILE} in BYO strategy" 1>&1
exit 5
elif [[ ! -e "${KEY_FILE}" ]]; then
echo "Missing ${KEY_FILE} in BYO strategy" 1>&1
exit 5
fi
echo "BYO Certs are good!"
;;
esac
## Generate SSL configuration for NGINX
/usr/sbin/nginx -t
exec /usr/sbin/nginx