blob: 8acd56abcdf4b7559aa8f2cfef4d63abd450bed7 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
#!/bin/sh
_username="acme"
printf "\033[1;31m"
set -e
set -x
SERVICES="nginx renewal"
NGINX_LISTEN="${NGINX_LISTEN:-8080}"
FULL_NAME="${FULL_NAME:-Acme User}"
ACME_USER_SHELL="${ACME_USER_SHELL:-/bin/ash}"
ACME_USER_UID="${ACME_USER_UID:-3500}"
ACME_USER_GID="${ACME_USER_GID:-3500}"
NGINX_WORKER_PROCESSES="${NGINX_WORKER_PROCESSES:-1}"
NGINX_WORKER_CONNECTIONS="${NGINX_WORKER_CONNECTIONS:-1024}"
NGINX_AUTOINDEX="${NGINX_AUTOINDEX:-on}"
AWS_DEFAULT_REGION="${AWS_DEFAULT_REGION:-us-east-2}"
set +x
echo "Checking required variables..."
err=0
for var in ACME_DELEGATION_DOMAIN ACME_EMAIL DOMAINS ACMESH_FLAGS; do
eval val="\$$var"
#shellcheck disable=SC2154
echo "$var=$val"
if [ -z "$val" ] && ! [ "$var" = "ACMESH_FLAGS" ] ; then
err=1
fi
done
if [ $err -ne 0 ] ; then
echo "Please set environment variables"
printf '\033[0m'
exit 3;
fi
printf '\033[1;32m'
echo "all good"
printf "\033[0m"
# This is only run once in the container's lifetime unless /setup is removed
setup() {
if [ -e /setup ] ; then return ; fi
addgroup -g "${ACME_USER_GID}" "$_username"
adduser -h /var/acme --gecos "$FULL_NAME" -D -s "${ACME_USER_SHELL}" \
-u "${ACME_USER_UID}" -G "$_username" "$_username"
# passwd -u "$_username"
touch /setup
}
run_nginx() {
autoindex=on
if [ "$NGINX_AUTOINDEX" = "OFF" ] ; then
autoindex="off"
fi
cat > /etc/nginx/nginx.conf <<NGINX
worker_processes $NGINX_WORKER_PROCESSES;
error_log /dev/fd/2;
events {
worker_connections $NGINX_WORKER_CONNECTIONS;
}
http {
access_log /dev/fd/1;
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
gzip on;
server_tokens off;
server {
listen $NGINX_LISTEN; listen [::]:$NGINX_LISTEN;
root /var/www/acme;
location / {
autoindex $autoindex;
}
}
}
NGINX
mkdir -p /run/nginx
nginx -g 'daemon off;' &
}
run_renewal() {
/renewal.sh &
}
watchServices() {
interval="$1"; shift
while true ; do
for service in $SERVICES ; do
if ! pgrep "$service" >/dev/null ; then
echo "Service $service has stopped... quitting!"
exit 1
fi
done
sleep "$interval"
done
}
set -x
# MAIN / Actual entrypoint start
setup
chown -R acme:acme /var/acme /var/www/acme
for service in $SERVICES ; do
eval "run_$service"
done
su acme /setup.sh
# Bail out if a service stops, poll it every 30 seconds
set +x
watchServices 30
# or if you comment out the above, drop into a shell
# exec /bin/ash "$@"
|
