diff options
Diffstat (limited to 'entrypoint.sh')
| -rwxr-xr-x | entrypoint.sh | 125 |
1 files changed, 125 insertions, 0 deletions
diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100755 index 0000000..8acd56a --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,125 @@ +#!/bin/sh +_username="acme" +printf "\033[1;31m" +set -e +set -x + +SERVICES="nginx renewal" +NGINX_LISTEN="${NGINX_LISTEN:-8080}" +FULL_NAME="${FULL_NAME:-Acme User}" + +ACME_USER_SHELL="${ACME_USER_SHELL:-/bin/ash}" +ACME_USER_UID="${ACME_USER_UID:-3500}" +ACME_USER_GID="${ACME_USER_GID:-3500}" + +NGINX_WORKER_PROCESSES="${NGINX_WORKER_PROCESSES:-1}" +NGINX_WORKER_CONNECTIONS="${NGINX_WORKER_CONNECTIONS:-1024}" +NGINX_AUTOINDEX="${NGINX_AUTOINDEX:-on}" + +AWS_DEFAULT_REGION="${AWS_DEFAULT_REGION:-us-east-2}" + +set +x + +echo "Checking required variables..." + +err=0 +for var in ACME_DELEGATION_DOMAIN ACME_EMAIL DOMAINS ACMESH_FLAGS; do + eval val="\$$var" + #shellcheck disable=SC2154 + echo "$var=$val" + if [ -z "$val" ] && ! [ "$var" = "ACMESH_FLAGS" ] ; then + err=1 + fi +done + +if [ $err -ne 0 ] ; then + echo "Please set environment variables" + printf '\033[0m' + exit 3; +fi + +printf '\033[1;32m' + +echo "all good" + +printf "\033[0m" + +# This is only run once in the container's lifetime unless /setup is removed +setup() { +if [ -e /setup ] ; then return ; fi + +addgroup -g "${ACME_USER_GID}" "$_username" +adduser -h /var/acme --gecos "$FULL_NAME" -D -s "${ACME_USER_SHELL}" \ + -u "${ACME_USER_UID}" -G "$_username" "$_username" +# passwd -u "$_username" + + +touch /setup +} + +run_nginx() { +autoindex=on +if [ "$NGINX_AUTOINDEX" = "OFF" ] ; then + autoindex="off" +fi + +cat > /etc/nginx/nginx.conf <<NGINX +worker_processes $NGINX_WORKER_PROCESSES; +error_log /dev/fd/2; +events { + worker_connections $NGINX_WORKER_CONNECTIONS; +} +http { + access_log /dev/fd/1; + include mime.types; + default_type application/octet-stream; + sendfile on; + keepalive_timeout 65; + gzip on; + server_tokens off; + server { + listen $NGINX_LISTEN; listen [::]:$NGINX_LISTEN; + root /var/www/acme; + + location / { + autoindex $autoindex; + } + } +} +NGINX + +mkdir -p /run/nginx +nginx -g 'daemon off;' & +} + +run_renewal() { + /renewal.sh & +} + +watchServices() { +interval="$1"; shift +while true ; do + for service in $SERVICES ; do + if ! pgrep "$service" >/dev/null ; then + echo "Service $service has stopped... quitting!" + exit 1 + fi + done + sleep "$interval" +done +} + +set -x +# MAIN / Actual entrypoint start +setup +chown -R acme:acme /var/acme /var/www/acme +for service in $SERVICES ; do + eval "run_$service" +done +su acme /setup.sh + +# Bail out if a service stops, poll it every 30 seconds +set +x +watchServices 30 +# or if you comment out the above, drop into a shell +# exec /bin/ash "$@" |