diff --git a/CHANGELOG.md b/CHANGELOG.md index 40b0fd2..4788fc9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +## 5.17.4 2022-03-11 + + ### Changed + - Sanity checks to be able to survive "warm" container restarts + + ## 5.17.3 2022-03-04 ### Changed diff --git a/install/etc/cont-init.d/10-nginx b/install/etc/cont-init.d/10-nginx index fad31c4..dbb1be1 100755 --- a/install/etc/cont-init.d/10-nginx +++ b/install/etc/cont-init.d/10-nginx @@ -15,415 +15,417 @@ if var_false "${ENABLE_NGINX}" ; then exit 0 fi -### Parse Configuration -sed -i "s##${NGINX_CLIENT_BODY_TIMEOUT}#g" /etc/nginx/nginx.conf -sed -i "s##${NGINX_GROUP}#g" /etc/nginx/nginx.conf -sed -i "s##${NGINX_KEEPALIVE_REQUESTS}#g" /etc/nginx/nginx.conf -sed -i "s##${NGINX_KEEPALIVE_TIMEOUT}#g" /etc/nginx/nginx.conf -sed -i "s##${NGINX_SEND_TIMEOUT}#g" /etc/nginx/nginx.conf -sed -i "s##${NGINX_UPLOAD_MAX_SIZE}#g" /etc/nginx/nginx.conf -sed -i "s##${NGINX_CLIENT_BODY_BUFFER_SIZE}#g" /etc/nginx/nginx.conf -sed -i "s##${NGINX_USER}#g" /etc/nginx/nginx.conf -sed -i "s##${NGINX_WORKER_CONNECTIONS}#g" /etc/nginx/nginx.conf -sed -i "s##${NGINX_WORKER_PROCESSES}#g" /etc/nginx/nginx.conf -sed -i "s##${NGINX_WORKER_RLIMIT_NOFILE}#g" /etc/nginx/nginx.conf -sed -i "s##${NGINX_FASTCGI_BUFFERS}#g" /etc/nginx/nginx.conf -sed -i "s##${NGINX_FASTCGI_BUFFER_SIZE}#g" /etc/nginx/nginx.conf -sed -i "s##${NGINX_LOG_ACCESS_FILE}#g" /etc/nginx/nginx.conf.d/logging.conf -sed -i "s##${NGINX_LOG_ACCESS_LOCATION}#g" /etc/nginx/nginx.conf.d/logging.conf -sed -i "s##${NGINX_LOG_ACCESS_FORMAT,,}#g" /etc/nginx/nginx.conf.d/logging.conf -sed -i "s##${NGINX_LOG_ERROR_FILE}#g" /etc/nginx/nginx.conf.d/logging.conf -sed -i "s##${NGINX_LOG_LEVEL_ERROR}#g" /etc/nginx/nginx.conf.d/logging.conf -sed -i "s##${NGINX_LOG_ERROR_LOCATION}#g" /etc/nginx/nginx.conf.d/logging.conf -sed -i "s##${NGINX_LOG_ERROR_FILE}#g" /etc/nginx/nginx.conf.d/logging.conf - -if var_false "${NGINX_ENABLE_BLOCK_BOTS}" ; then - sed -i "\#include /etc/nginx/nginx.conf.d/bot_blocker.conf;#d" /etc/nginx/nginx.conf -else - sed -i "\|### Don't edit past here|a\ \ \ \ \ include /etc/nginx/nginx.conf.d/blockbots/blockbots.conf;" /etc/nginx/conf.d/*.conf - sed -i "\|### Don't edit past here|a\ \ \ \ \ include /etc/nginx/nginx.conf.d/blockbots/ddos.conf;" /etc/nginx/conf.d/*.conf - if [ ! -f "/etc/nginx/nginx.conf.d/blockbots-custom/bad-referrer-words.conf" ]; then - cp -R /etc/nginx/nginx.conf.d/blockbots/bad-referrer-words.conf /etc/nginx/nginx.conf.d/blockbots-custom/ - fi - if [ ! -f "/etc/nginx/nginx.conf.d/blockbots-custom/blacklist-ips.conf" ]; then - cp -R /etc/nginx/nginx.conf.d/blockbots/blacklist-ips.conf /etc/nginx/nginx.conf.d/blockbots-custom/ - fi - if [ ! -f "/etc/nginx/nginx.conf.d/blockbots-custom/blacklist-user-agents.conf" ]; then - cp -R /etc/nginx/nginx.conf.d/blockbots/blacklist-user-agents.conf /etc/nginx/nginx.conf.d/blockbots-custom/ - fi - if [ ! -f "/etc/nginx/nginx.conf.d/blockbots-custom/custom-bad-referrers.conf" ]; then - cp -R /etc/nginx/nginx.conf.d/blockbots/custom-bad-referrers.conf /etc/nginx/nginx.conf.d/blockbots-custom/ - fi - if [ ! -f "/etc/nginx/nginx.conf.d/blockbots-custom/whitelist-ips.conf" ]; then - cp -R /etc/nginx/nginx.conf.d/blockbots/whitelist-ips.conf /etc/nginx/nginx.conf.d/blockbots-custom/ - fi - if [ ! -f "/etc/nginx/nginx.conf.d/blockbots-custom/whitelist-domains.conf" ]; then - cp -R /etc/nginx/nginx.conf.d/blockbots/whitelist-domains.conf /etc/nginx/nginx.conf.d/blockbots-custom/ - fi - if [ -d "/assets/nginx/blockbots-custom" ] ; then - print_notice "Detected Custom Bot Blocking configuration" - cp -R /assets/nginx/blockbots-custom/* /etc/nginx/nginx.conf.d/blockbots-custom/ - fi +if [ ! -f "/tmp/.container/container-restart" ] ; then + ### Parse Configuration + sed -i "s##${NGINX_CLIENT_BODY_TIMEOUT}#g" /etc/nginx/nginx.conf + sed -i "s##${NGINX_GROUP}#g" /etc/nginx/nginx.conf + sed -i "s##${NGINX_KEEPALIVE_REQUESTS}#g" /etc/nginx/nginx.conf + sed -i "s##${NGINX_KEEPALIVE_TIMEOUT}#g" /etc/nginx/nginx.conf + sed -i "s##${NGINX_SEND_TIMEOUT}#g" /etc/nginx/nginx.conf + sed -i "s##${NGINX_UPLOAD_MAX_SIZE}#g" /etc/nginx/nginx.conf + sed -i "s##${NGINX_CLIENT_BODY_BUFFER_SIZE}#g" /etc/nginx/nginx.conf + sed -i "s##${NGINX_USER}#g" /etc/nginx/nginx.conf + sed -i "s##${NGINX_WORKER_CONNECTIONS}#g" /etc/nginx/nginx.conf + sed -i "s##${NGINX_WORKER_PROCESSES}#g" /etc/nginx/nginx.conf + sed -i "s##${NGINX_WORKER_RLIMIT_NOFILE}#g" /etc/nginx/nginx.conf + sed -i "s##${NGINX_FASTCGI_BUFFERS}#g" /etc/nginx/nginx.conf + sed -i "s##${NGINX_FASTCGI_BUFFER_SIZE}#g" /etc/nginx/nginx.conf + sed -i "s##${NGINX_LOG_ACCESS_FILE}#g" /etc/nginx/nginx.conf.d/logging.conf + sed -i "s##${NGINX_LOG_ACCESS_LOCATION}#g" /etc/nginx/nginx.conf.d/logging.conf + sed -i "s##${NGINX_LOG_ACCESS_FORMAT,,}#g" /etc/nginx/nginx.conf.d/logging.conf + sed -i "s##${NGINX_LOG_ERROR_FILE}#g" /etc/nginx/nginx.conf.d/logging.conf + sed -i "s##${NGINX_LOG_LEVEL_ERROR}#g" /etc/nginx/nginx.conf.d/logging.conf + sed -i "s##${NGINX_LOG_ERROR_LOCATION}#g" /etc/nginx/nginx.conf.d/logging.conf + sed -i "s##${NGINX_LOG_ERROR_FILE}#g" /etc/nginx/nginx.conf.d/logging.conf + + if var_false "${NGINX_ENABLE_BLOCK_BOTS}" ; then + sed -i "\#include /etc/nginx/nginx.conf.d/bot_blocker.conf;#d" /etc/nginx/nginx.conf + else + sed -i "\|### Don't edit past here|a\ \ \ \ \ include /etc/nginx/nginx.conf.d/blockbots/blockbots.conf;" /etc/nginx/conf.d/*.conf + sed -i "\|### Don't edit past here|a\ \ \ \ \ include /etc/nginx/nginx.conf.d/blockbots/ddos.conf;" /etc/nginx/conf.d/*.conf + if [ ! -f "/etc/nginx/nginx.conf.d/blockbots-custom/bad-referrer-words.conf" ]; then + cp -R /etc/nginx/nginx.conf.d/blockbots/bad-referrer-words.conf /etc/nginx/nginx.conf.d/blockbots-custom/ + fi + if [ ! -f "/etc/nginx/nginx.conf.d/blockbots-custom/blacklist-ips.conf" ]; then + cp -R /etc/nginx/nginx.conf.d/blockbots/blacklist-ips.conf /etc/nginx/nginx.conf.d/blockbots-custom/ + fi + if [ ! -f "/etc/nginx/nginx.conf.d/blockbots-custom/blacklist-user-agents.conf" ]; then + cp -R /etc/nginx/nginx.conf.d/blockbots/blacklist-user-agents.conf /etc/nginx/nginx.conf.d/blockbots-custom/ + fi + if [ ! -f "/etc/nginx/nginx.conf.d/blockbots-custom/custom-bad-referrers.conf" ]; then + cp -R /etc/nginx/nginx.conf.d/blockbots/custom-bad-referrers.conf /etc/nginx/nginx.conf.d/blockbots-custom/ + fi + if [ ! -f "/etc/nginx/nginx.conf.d/blockbots-custom/whitelist-ips.conf" ]; then + cp -R /etc/nginx/nginx.conf.d/blockbots/whitelist-ips.conf /etc/nginx/nginx.conf.d/blockbots-custom/ + fi + if [ ! -f "/etc/nginx/nginx.conf.d/blockbots-custom/whitelist-domains.conf" ]; then + cp -R /etc/nginx/nginx.conf.d/blockbots/whitelist-domains.conf /etc/nginx/nginx.conf.d/blockbots-custom/ + fi + if [ -d "/assets/nginx/blockbots-custom" ] ; then + print_notice "Detected Custom Bot Blocking configuration" + cp -R /assets/nginx/blockbots-custom/* /etc/nginx/nginx.conf.d/blockbots-custom/ + fi - if [ -n "${NGINX_BLOCK_BOTS_WHITELIST_DOMAIN}" ]; then - whitelist_domains=$(echo "${NGINX_BLOCK_BOTS_WHITELIST_DOMAIN,,}" | tr "," "\n") - for wl_domain in $whitelist_domains - do - wl_domain_orig=${wl_domain} - wl_domain="$(echo $wl_domain | sed "s|\\.|\\\.|g" | sed "s|-|\\\-|g")" - if ! grep -q "${wl_domain_orig}" /etc/nginx/nginx.conf.d/blockbots-custom/whitelist-domains.conf ; then - print_debug "Adding '${wl_domain_orig}' domain to bot blocker whitelist" - echo '"~*(?:\b)'$(echo $wl_domain)'(?:\b)" 0;' $(echo " # ${wl_domain_orig} automatically added on") $(date +"%Y-%m-%d-%H:%M:%S") >> /etc/nginx/nginx.conf.d/blockbots-custom/whitelist-domains.conf - else - print_debug "Skipping '${wl_domain_orig}' to be added to bot blocker domain whitelist" - fi - done - fi + if [ -n "${NGINX_BLOCK_BOTS_WHITELIST_DOMAIN}" ]; then + whitelist_domains=$(echo "${NGINX_BLOCK_BOTS_WHITELIST_DOMAIN,,}" | tr "," "\n") + for wl_domain in $whitelist_domains + do + wl_domain_orig=${wl_domain} + wl_domain="$(echo $wl_domain | sed "s|\\.|\\\.|g" | sed "s|-|\\\-|g")" + if ! grep -q "${wl_domain_orig}" /etc/nginx/nginx.conf.d/blockbots-custom/whitelist-domains.conf ; then + print_debug "Adding '${wl_domain_orig}' domain to bot blocker whitelist" + echo '"~*(?:\b)'$(echo $wl_domain)'(?:\b)" 0;' $(echo " # ${wl_domain_orig} automatically added on") $(date +"%Y-%m-%d-%H:%M:%S") >> /etc/nginx/nginx.conf.d/blockbots-custom/whitelist-domains.conf + else + print_debug "Skipping '${wl_domain_orig}' to be added to bot blocker domain whitelist" + fi + done + fi - if [ -n "${NGINX_BLOCK_BOTS_WHITELIST_IP}" ]; then - whitelist_ips=$(echo "${NGINX_BLOCK_BOTS_WHITELIST_IP}" | tr "," "\n") - for wl_ip in $whitelist_ips - do - if ! grep -q "${wl_ip}" /etc/nginx/nginx.conf.d/blockbots-custom/whitelist-ips.conf ; then - print_debug "Adding IP: '${wl_ip}' to bot blocker whitelist" - echo "${wl_ip} 0; # Automatically added on $(date +"%Y-%m-%d-%H:%M:%S")" >> /etc/nginx/nginx.conf.d/blockbots-custom/whitelist-ips.conf - else - print_debug "Skipping IP: '${wl_ip}' from being added to bot blocker IP whitelist" + if [ -n "${NGINX_BLOCK_BOTS_WHITELIST_IP}" ]; then + whitelist_ips=$(echo "${NGINX_BLOCK_BOTS_WHITELIST_IP}" | tr "," "\n") + for wl_ip in $whitelist_ips + do + if ! grep -q "${wl_ip}" /etc/nginx/nginx.conf.d/blockbots-custom/whitelist-ips.conf ; then + print_debug "Adding IP: '${wl_ip}' to bot blocker whitelist" + echo "${wl_ip} 0; # Automatically added on $(date +"%Y-%m-%d-%H:%M:%S")" >> /etc/nginx/nginx.conf.d/blockbots-custom/whitelist-ips.conf + else + print_debug "Skipping IP: '${wl_ip}' from being added to bot blocker IP whitelist" + fi + done + fi + + if [ -n "${NGINX_BLOCK_BOTS}" ] ; then + if [[ "${NGINX_BLOCK_BOTS,}" == *"all" ]] ; then + NGINX_BLOCK_BOTS=ALL fi - done - fi - if [ -n "${NGINX_BLOCK_BOTS}" ] ; then - if [[ "${NGINX_BLOCK_BOTS,}" == *"all" ]] ; then - NGINX_BLOCK_BOTS=ALL - fi + IFS="," + for bot in $NGINX_BLOCK_BOTS + do + + case "${bot,,}" in + "all" ) + nginx_block_bots="adidxbot,aolbuild,bingbot,bingpreview,DoCoMo,duckduckgo,facebookexternalhit,facebookplatform,AdsBot-Google,Googlebot,Googlebot-Image,Googlebot-Mobile,Googlebot-News,Googlebot/Test,Googlebot-Video,Google-HTTP-Java-Client,LinkedInBot,Gravityscan,Jakarta\\ Commons,Kraken/0.1,teoma,msnbot,msnbot-media,SAMSUNG,Slackbot,Slackbot-LinkExpanding,slurp,TwitterBot,Wordpress,yahoo" + ;; + "aol" ) + nginx_block_bots="aolbuild,${nginx_block_bots}" + ;; + "bing" ) + nginx_block_bots="bingbot,bingpreview,${nginx_block_bots}" + ;; + "docomo" ) + nginx_block_bots="DoCoMo,${nginx_block_bots}" + ;; + "duckduckgo" ) + nginx_block_bots="duckduckgo,${nginx_block_bots}" + ;; + "facebook" ) + nginx_block_bots="developers.facebook.com,facebookexternalhit,facebookplatform,${nginx_block_bots}" + ;; + "google" ) + nginx_block_bots="AdsBot-Google,Googlebot,Googlebot-Image,Googlebot-Mobile,Googlebot-News,Googlebot/Test,Googlebot-Video,Google-HTTP-Java-Client,${nginx_block_bots}" + ;; + "linkedin" ) + nginx_block_bots="LinkedInBot,${nginx_block_bots}" + ;; + "misc" ) + nginx_block_bots="adidxbot,Gravityscan,'Jakarta\ Commons',Kraken/0.1,teoma,${nginx_block_bots}" + ;; + "msn" ) + nginx_block_bots="msnbot,msnbot-media,${nginx_block_bots}" + ;; + "samsung" ) + nginx_block_bots="SAMSUNG,${nginx_block_bots}" + ;; + "slack" ) + nginx_block_bots="Slackbot,Slackbot-LinkExpanding,${nginx_block_bots}" + ;; + "slurp" ) + nginx_block_bots="slurp,${nginx_block_bots}" + ;; + "twitter" ) + nginx_block_bots="TwitterBot,${nginx_block_bots}" + ;; + "wordpress" ) + nginx_block_bots="Wordpress,${nginx_block_bots}" + ;; + "yahoo" ) + nginx_block_bots="yahoo,${nginx_block_bots}" + ;; + * ) + nginx_block_bots="${bot},${nginx_block_bots}" + ;; + esac + done - IFS="," - for bot in $NGINX_BLOCK_BOTS - do - - case "${bot,,}" in - "all" ) - nginx_block_bots="adidxbot,aolbuild,bingbot,bingpreview,DoCoMo,duckduckgo,facebookexternalhit,facebookplatform,AdsBot-Google,Googlebot,Googlebot-Image,Googlebot-Mobile,Googlebot-News,Googlebot/Test,Googlebot-Video,Google-HTTP-Java-Client,LinkedInBot,Gravityscan,Jakarta\\ Commons,Kraken/0.1,teoma,msnbot,msnbot-media,SAMSUNG,Slackbot,Slackbot-LinkExpanding,slurp,TwitterBot,Wordpress,yahoo" - ;; - "aol" ) - nginx_block_bots="aolbuild,${nginx_block_bots}" - ;; - "bing" ) - nginx_block_bots="bingbot,bingpreview,${nginx_block_bots}" - ;; - "docomo" ) - nginx_block_bots="DoCoMo,${nginx_block_bots}" - ;; - "duckduckgo" ) - nginx_block_bots="duckduckgo,${nginx_block_bots}" - ;; - "facebook" ) - nginx_block_bots="developers.facebook.com,facebookexternalhit,facebookplatform,${nginx_block_bots}" - ;; - "google" ) - nginx_block_bots="AdsBot-Google,Googlebot,Googlebot-Image,Googlebot-Mobile,Googlebot-News,Googlebot/Test,Googlebot-Video,Google-HTTP-Java-Client,${nginx_block_bots}" - ;; - "linkedin" ) - nginx_block_bots="LinkedInBot,${nginx_block_bots}" - ;; - "misc" ) - nginx_block_bots="adidxbot,Gravityscan,'Jakarta\ Commons',Kraken/0.1,teoma,${nginx_block_bots}" - ;; - "msn" ) - nginx_block_bots="msnbot,msnbot-media,${nginx_block_bots}" - ;; - "samsung" ) - nginx_block_bots="SAMSUNG,${nginx_block_bots}" - ;; - "slack" ) - nginx_block_bots="Slackbot,Slackbot-LinkExpanding,${nginx_block_bots}" - ;; - "slurp" ) - nginx_block_bots="slurp,${nginx_block_bots}" - ;; - "twitter" ) - nginx_block_bots="TwitterBot,${nginx_block_bots}" - ;; - "wordpress" ) - nginx_block_bots="Wordpress,${nginx_block_bots}" - ;; - "yahoo" ) - nginx_block_bots="yahoo,${nginx_block_bots}" - ;; - * ) - nginx_block_bots="${bot},${nginx_block_bots}" - ;; - esac - done - - NGINX_BLOCK_BOTS_BLACKLIST_USER_AGENTS="${nginx_block_bots}" + NGINX_BLOCK_BOTS_BLACKLIST_USER_AGENTS="${nginx_block_bots}" + fi + if [ -n "${NGINX_BLOCK_BOTS_BLACKLIST_USER_AGENTS}" ]; then + IFS="," + for blacklist_ua in $NGINX_BLOCK_BOTS_BLACKLIST_USER_AGENTS + do + + blacklist_ua_orig="$(echo $blacklist_ua | sed "s|\\\||g")" + if ! grep -q "${blacklist_ua_orig}" /etc/nginx/nginx.conf.d/blockbots-custom/blacklist-user-agents.conf ; then + print_debug "Adding UA: '${blacklist_ua_orig}' to bot blocker blacklist" + echo '"~*(?:\b)'$(echo $blacklist_ua)'(?:\b)" 3; # '${blacklist_ua_orig}' Automatically added on '$(date +"%Y-%m-%d-%H:%M:%S") >> /etc/nginx/nginx.conf.d/blockbots-custom/blacklist-user-agents.conf + else + print_debug "Skipping UA: '${blacklist_ua_orig}' from being added to bot blocker blacklist" + fi + done + fi fi - if [ -n "${NGINX_BLOCK_BOTS_BLACKLIST_USER_AGENTS}" ]; then - IFS="," - for blacklist_ua in $NGINX_BLOCK_BOTS_BLACKLIST_USER_AGENTS - do - - blacklist_ua_orig="$(echo $blacklist_ua | sed "s|\\\||g")" - if ! grep -q "${blacklist_ua_orig}" /etc/nginx/nginx.conf.d/blockbots-custom/blacklist-user-agents.conf ; then - print_debug "Adding UA: '${blacklist_ua_orig}' to bot blocker blacklist" - echo '"~*(?:\b)'$(echo $blacklist_ua)'(?:\b)" 3; # '${blacklist_ua_orig}' Automatically added on '$(date +"%Y-%m-%d-%H:%M:%S") >> /etc/nginx/nginx.conf.d/blockbots-custom/blacklist-user-agents.conf - else - print_debug "Skipping UA: '${blacklist_ua_orig}' from being added to bot blocker blacklist" - fi - done + + if var_true "${NGINX_ENABLE_COMPRESSION_BROTLI}"; then + sed -i "s##${NGINX_COMPRESSION_BROTLI_LEVEL}#g" /etc/nginx/nginx.conf.d/compression_brotli.conf + sed -i "s##${NGINX_COMPRESSION_BROTLI_MIN_LENGTH}#g" /etc/nginx/nginx.conf.d/compression_brotli.conf + sed -i "s##${NGINX_COMPRESSION_BROTLI_TYPES}#g" /etc/nginx/nginx.conf.d/compression_brotli.conf + sed -i "s##${NGINX_COMPRESSION_BROTLI_WINDOW}#g" /etc/nginx/nginx.conf.d/compression_brotli.conf + else + sed -i "\#include/etc/nginx/nginx.conf.d/compression_brotli.conf;#d" /etc/nginx/nginx.conf fi -fi -if var_true "${NGINX_ENABLE_COMPRESSION_BROTLI}"; then - sed -i "s##${NGINX_COMPRESSION_BROTLI_LEVEL}#g" /etc/nginx/nginx.conf.d/compression_brotli.conf - sed -i "s##${NGINX_COMPRESSION_BROTLI_MIN_LENGTH}#g" /etc/nginx/nginx.conf.d/compression_brotli.conf - sed -i "s##${NGINX_COMPRESSION_BROTLI_TYPES}#g" /etc/nginx/nginx.conf.d/compression_brotli.conf - sed -i "s##${NGINX_COMPRESSION_BROTLI_WINDOW}#g" /etc/nginx/nginx.conf.d/compression_brotli.conf -else - sed -i "\#include/etc/nginx/nginx.conf.d/compression_brotli.conf;#d" /etc/nginx/nginx.conf -fi + if var_true "{$NGINX_ENABLE_COMPRESSION_GZIP}"; then + sed -i "s##${NGINX_COMPRESSION_GZIP_BUFFERS}#g" /etc/nginx/nginx.conf.d/compression_gzip.conf + sed -i "s##${NGINX_COMPRESSION_GZIP_DISABLE}#g" /etc/nginx/nginx.conf.d/compression_gzip.conf + sed -i "s##${NGINX_COMPRESSION_GZIP_HTTP_VERSION}#g" /etc/nginx/nginx.conf.d/compression_gzip.conf + sed -i "s##${NGINX_COMPRESSION_GZIP_LEVEL}#g" /etc/nginx/nginx.conf.d/compression_gzip.conf + sed -i "s##${NGINX_COMPRESSION_GZIP_MIN_LENGTH}#g" /etc/nginx/nginx.conf.d/compression_gzip.conf + sed -i "s##${NGINX_COMPRESSION_GZIP_PROXIED}#g" /etc/nginx/nginx.conf.d/compression_gzip.conf + sed -i "s##${NGINX_COMPRESSION_GZIP_TYPES}#g" /etc/nginx/nginx.conf.d/compression_gzip.conf + if var_false "$NGINX_COMPRESSION_GZIP_VARY"; then + sed -i "\#gzip_vary on;#d" /etc/nginx/nginx.conf.d/compression_gzip.conf + fi + else + sed -i "\#include /etc/nginx/nginx.conf.d/compression_gzip.conf;#d" /etc/nginx/nginx.conf + fi -if var_true "{$NGINX_ENABLE_COMPRESSION_GZIP}"; then - sed -i "s##${NGINX_COMPRESSION_GZIP_BUFFERS}#g" /etc/nginx/nginx.conf.d/compression_gzip.conf - sed -i "s##${NGINX_COMPRESSION_GZIP_DISABLE}#g" /etc/nginx/nginx.conf.d/compression_gzip.conf - sed -i "s##${NGINX_COMPRESSION_GZIP_HTTP_VERSION}#g" /etc/nginx/nginx.conf.d/compression_gzip.conf - sed -i "s##${NGINX_COMPRESSION_GZIP_LEVEL}#g" /etc/nginx/nginx.conf.d/compression_gzip.conf - sed -i "s##${NGINX_COMPRESSION_GZIP_MIN_LENGTH}#g" /etc/nginx/nginx.conf.d/compression_gzip.conf - sed -i "s##${NGINX_COMPRESSION_GZIP_PROXIED}#g" /etc/nginx/nginx.conf.d/compression_gzip.conf - sed -i "s##${NGINX_COMPRESSION_GZIP_TYPES}#g" /etc/nginx/nginx.conf.d/compression_gzip.conf - if var_false "$NGINX_COMPRESSION_GZIP_VARY"; then - sed -i "\#gzip_vary on;#d" /etc/nginx/nginx.conf.d/compression_gzip.conf + if var_true "${NGINX_ENABLE_DDOS_PROTECTION}"; then + sed -i "s##${NGINX_DDOS_CONNECTIONS_PER_IP}#g" /etc/nginx/nginx.conf.d/ddos_protection.conf + sed -i "s##${NGINX_DDOS_REQUESTS_PER_IP}#g" /etc/nginx/nginx.conf.d/ddos_protection.conf + else + sed -i "\#include /etc/nginx/nginx.conf.d/ddos_protection.conf;#d" /etc/nginx/nginx.conf fi -else - sed -i "\#include /etc/nginx/nginx.conf.d/compression_gzip.conf;#d" /etc/nginx/nginx.conf -fi -if var_true "${NGINX_ENABLE_DDOS_PROTECTION}"; then - sed -i "s##${NGINX_DDOS_CONNECTIONS_PER_IP}#g" /etc/nginx/nginx.conf.d/ddos_protection.conf - sed -i "s##${NGINX_DDOS_REQUESTS_PER_IP}#g" /etc/nginx/nginx.conf.d/ddos_protection.conf -else - sed -i "\#include /etc/nginx/nginx.conf.d/ddos_protection.conf;#d" /etc/nginx/nginx.conf -fi + if var_false "${NGINX_ENABLE_EPOLL}"; then + sed -i "\#use_epoll;#d" /etc/nginx/nginx.conf + fi -if var_false "${NGINX_ENABLE_EPOLL}"; then - sed -i "\#use_epoll;#d" /etc/nginx/nginx.conf -fi + if var_false "${NGINX_ENABLE_EXPLOIT_PROTECTION}"; then + sed -i "\#include /etc/nginx/nginx.conf.d/exploit_protection.conf;#d" /etc/nginx/nginx.conf + fi -if var_false "${NGINX_ENABLE_EXPLOIT_PROTECTION}"; then - sed -i "\#include /etc/nginx/nginx.conf.d/exploit_protection.conf;#d" /etc/nginx/nginx.conf -fi + if var_false "${NGINX_ENABLE_MULTI_ACCEPT}"; then + sed -i "\#multi_accept on;#d" /etc/nginx/nginx.conf + fi -if var_false "${NGINX_ENABLE_MULTI_ACCEPT}"; then - sed -i "\#multi_accept on;#d" /etc/nginx/nginx.conf -fi + if var_true "${NGINX_ENABLE_OPEN_FILE_CACHE}"; then + sed -i "s##${NGINX_OPEN_FILE_CACHE_MAX}#g" /etc/nginx/nginx.conf.d/open_file_cache.conf + sed -i "s##${NGINX_OPEN_FILE_CACHE_INACTIVE}#g" /etc/nginx/nginx.conf.d/open_file_cache.conf + sed -i "s##${NGINX_OPEN_FILE_CACHE_VALID}#g" /etc/nginx/nginx.conf.d/open_file_cache.conf + sed -i "s##${NGINX_OPEN_FILE_CACHE_MIN_USES}#g" /etc/nginx/nginx.conf.d/open_file_cache.conf + sed -i "\#open_file_cache_errors on;#d" /etc/nginx/nginx.conf.d/open_file_cache.conf + else + sed -i "\#include /etc/nginx/nginx.conf.d/open_file_cache.conf;#d" /etc/nginx/nginx.conf + fi -if var_true "${NGINX_ENABLE_OPEN_FILE_CACHE}"; then - sed -i "s##${NGINX_OPEN_FILE_CACHE_MAX}#g" /etc/nginx/nginx.conf.d/open_file_cache.conf - sed -i "s##${NGINX_OPEN_FILE_CACHE_INACTIVE}#g" /etc/nginx/nginx.conf.d/open_file_cache.conf - sed -i "s##${NGINX_OPEN_FILE_CACHE_VALID}#g" /etc/nginx/nginx.conf.d/open_file_cache.conf - sed -i "s##${NGINX_OPEN_FILE_CACHE_MIN_USES}#g" /etc/nginx/nginx.conf.d/open_file_cache.conf - sed -i "\#open_file_cache_errors on;#d" /etc/nginx/nginx.conf.d/open_file_cache.conf -else - sed -i "\#include /etc/nginx/nginx.conf.d/open_file_cache.conf;#d" /etc/nginx/nginx.conf -fi + if var_false "${NGINX_ENABLE_RESET_TIMEDOUT_CONNECTION}"; then + sed -i "\#reset_timedout_connection#d" /etc/nginx/nginx.conf + fi -if var_false "${NGINX_ENABLE_RESET_TIMEDOUT_CONNECTION}"; then - sed -i "\#reset_timedout_connection#d" /etc/nginx/nginx.conf -fi + if var_true "${NGINX_ENABLE_REVERSE_PROXY}"; then + sed -i "s##${NGINX_REAL_IP_HEADER}#g" /etc/nginx/nginx.conf.d/reverse_proxy.conf + sed -i "s##${NGINX_SET_REAL_IP_FROM}#g" /etc/nginx/nginx.conf.d/reverse_proxy.conf + else + sed -i "\#include /etc/nginx/nginx.conf.d/reverse_proxy.conf;#d" /etc/nginx/nginx.conf + fi -if var_true "${NGINX_ENABLE_REVERSE_PROXY}"; then - sed -i "s##${NGINX_REAL_IP_HEADER}#g" /etc/nginx/nginx.conf.d/reverse_proxy.conf - sed -i "s##${NGINX_SET_REAL_IP_FROM}#g" /etc/nginx/nginx.conf.d/reverse_proxy.conf -else - sed -i "\#include /etc/nginx/nginx.conf.d/reverse_proxy.conf;#d" /etc/nginx/nginx.conf -fi + if var_false "${NGINX_ENABLE_SENDFILE}"; then + sed -i "\#sendfile#d" /etc/nginx/nginx.conf + fi -if var_false "${NGINX_ENABLE_SENDFILE}"; then - sed -i "\#sendfile#d" /etc/nginx/nginx.conf -fi + if var_false "$${NGINX_ENABLE_SITE_OPTIMIZATION}"; then + sed -i "\#include /etc/nginx/nginx.conf.d/site_optimization.conf;#d" /etc/nginx/nginx.conf + fi -if var_false "$${NGINX_ENABLE_SITE_OPTIMIZATION}"; then - sed -i "\#include /etc/nginx/nginx.conf.d/site_optimization.conf;#d" /etc/nginx/nginx.conf -fi + if var_false "${NGINX_ENABLE_SERVER_TOKENS}"; then + sed -i "\#server_tokens off;#d" /etc/nginx/nginx.conf + sed -i "\#more_clear_headers Server;#d" /etc/nginx/nginx.conf + fi -if var_false "${NGINX_ENABLE_SERVER_TOKENS}"; then - sed -i "\#server_tokens off;#d" /etc/nginx/nginx.conf - sed -i "\#more_clear_headers Server;#d" /etc/nginx/nginx.conf -fi + if var_false "${NGINX_ENABLE_TCPNOPUSH}"; then + sed -i "\#tcp_nopush#d" /etc/nginx/nginx.conf + fi -if var_false "${NGINX_ENABLE_TCPNOPUSH}"; then - sed -i "\#tcp_nopush#d" /etc/nginx/nginx.conf -fi + if var_false "${NGINX_ENABLE_TCPNODELAY}"; then + sed -i "\#tcp_nodelay#d" /etc/nginx/nginx.conf + fi -if var_false "${NGINX_ENABLE_TCPNODELAY}"; then - sed -i "\#tcp_nodelay#d" /etc/nginx/nginx.conf -fi + if var_false "${ENABLE_ZABBIX}" || var_false "${CONTAINER_ENABLE_MONITORING}" ; then + sed -i "\#include /etc/nginx/nginx.conf.d/monitoring.conf;#d" /etc/nginx/nginx.conf + fi -if var_false "${ENABLE_ZABBIX}" || var_false "${CONTAINER_ENABLE_MONITORING}" ; then - sed -i "\#include /etc/nginx/nginx.conf.d/monitoring.conf;#d" /etc/nginx/nginx.conf -fi + case "${NGINX_MODE,,}" in + "maintenance" ) + print_warn "MAINTENANCE MODE ACTIVATED - THIS IMAGE WILL NOT SERVE PAGES" + mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.template + mv /etc/nginx/conf.d/maintenance.template /etc/nginx.conf.d/maintenance.conf + ;; + "normal" ) + : + ;; + "proxy" ) + sanity_var NGINX_PROXY_URL "No Proxy URL" + NGINX_ENABLE_CREATE_SAMPLE_HTML=FALSE + + print_notice "Proxy Mode Activated - Proxying all traffic to ${NGINX_PROXY_URL}" + sed -i "s##${NGINX_PROXY_URL}#g" /etc/nginx/conf.d/proxy.template + mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.template + mv /etc/nginx/conf.d/proxy.template /etc/nginx/conf.d/proxy.conf + ;; + "redirect" ) + sanity_var NGINX_REDIRECT_URL "No Redirect URL" + NGINX_ENABLE_CREATE_SAMPLE_HTML=FALSE + + sed -i "s#rewrite \^/(\.\*) .*#rewrite ^/(\.\*) ${NGINX_REDIRECT_URL};#g" /etc/nginx/conf.d/redirect.template + + print_notice "Redirect Mode Activated - Redirecting all traffic to ${NGINX_REDIRECT_URL}" + mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.template + mv /etc/nginx/conf.d/redirect.template /etc/nginx/conf.d/redirect.conf + ;; + *) + : + ;; + esac -case "${NGINX_MODE,,}" in - "maintenance" ) - print_warn "MAINTENANCE MODE ACTIVATED - THIS IMAGE WILL NOT SERVE PAGES" - mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.template - mv /etc/nginx/conf.d/maintenance.template /etc/nginx.conf.d/maintenance.conf - ;; - "normal" ) - : - ;; - "proxy" ) - sanity_var NGINX_PROXY_URL "No Proxy URL" - NGINX_ENABLE_CREATE_SAMPLE_HTML=FALSE - - print_notice "Proxy Mode Activated - Proxying all traffic to ${NGINX_PROXY_URL}" - sed -i "s##${NGINX_PROXY_URL}#g" /etc/nginx/conf.d/proxy.template - mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.template - mv /etc/nginx/conf.d/proxy.template /etc/nginx/conf.d/proxy.conf - ;; - "redirect" ) - sanity_var NGINX_REDIRECT_URL "No Redirect URL" - NGINX_ENABLE_CREATE_SAMPLE_HTML=FALSE - - sed -i "s#rewrite \^/(\.\*) .*#rewrite ^/(\.\*) ${NGINX_REDIRECT_URL};#g" /etc/nginx/conf.d/redirect.template - - print_notice "Redirect Mode Activated - Redirecting all traffic to ${NGINX_REDIRECT_URL}" - mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.template - mv /etc/nginx/conf.d/redirect.template /etc/nginx/conf.d/redirect.conf - ;; - *) - : - ;; -esac - -if var_true "${NGINX_ENABLE_APPLICATION_CONFIGURATION}"; then - ## Configure default.conf - ### Map Authentication - case "${NGINX_AUTHENTICATION_TYPE}" in - "BASIC") - print_notice "Setting Basic Authentication" - user_num=$(printenv | sort | grep -c '\NGINX_AUTHENTICATION_BASIC_USER.*') - for ((i = 1; i <= user_num; i++)); do - basic_user=NGINX_AUTHENTICATION_BASIC_USER${i} - basic_pass=NGINX_AUTHENTICATION_BASIC_PASS${i} - print_warn "Creating User: ${!basic_user}" - htpasswd -b -n ${!basic_user:-$NGINX_AUTHENTICATION_BASIC_USER} ${!basic_pass:-$NGINX_AUTHENTICATION_BASIC_PASS} >>/etc/nginx/nginx.conf.d/authentication/basic_authorized_users - sed -i '/ server {/a\ \ \ auth_basic "'"${NGINX_AUTHENTICATION_TITLE}"'";\n\ \ \ auth_basic_user_file /etc/nginx/nginx.conf.d/authentication/basic_authorized_users;' /etc/nginx/conf.d/*.conf - done - ;; - "LDAP") - cat </etc/nginx/nginx.conf.d/authentication/ldap_configuration - ldap_server ldapserver { - url "$NGINX_AUTHENTICATION_LDAP_HOST/$NGINX_AUTHENTICATION_LDAP_BASE_DN?$NGINX_AUTHENTICATION_LDAP_ATTRIBUTE?$NGINX_AUTHENTICATION_LDAP_SCOPE?$NGINX_AUTHENTICATION_LDAP_FILTER"; - binddn "$NGINX_AUTHENTICATION_LDAP_BIND_DN"; - binddn_passwd $NGINX_AUTHENTICATION_LDAP_BIND_PW; - group_attribute $NGINX_AUTHENTICATION_LDAP_GROUP_ATTRIBUTE; - group_attribute_is_dn on; - require valid_user; - satisfy all; - } + if var_true "${NGINX_ENABLE_APPLICATION_CONFIGURATION}"; then + ## Configure default.conf + ### Map Authentication + case "${NGINX_AUTHENTICATION_TYPE}" in + "BASIC") + print_notice "Setting Basic Authentication" + user_num=$(printenv | sort | grep -c '\NGINX_AUTHENTICATION_BASIC_USER.*') + for ((i = 1; i <= user_num; i++)); do + basic_user=NGINX_AUTHENTICATION_BASIC_USER${i} + basic_pass=NGINX_AUTHENTICATION_BASIC_PASS${i} + print_warn "Creating User: ${!basic_user}" + htpasswd -b -n ${!basic_user:-$NGINX_AUTHENTICATION_BASIC_USER} ${!basic_pass:-$NGINX_AUTHENTICATION_BASIC_PASS} >>/etc/nginx/nginx.conf.d/authentication/basic_authorized_users + sed -i '/ server {/a\ \ \ auth_basic "'"${NGINX_AUTHENTICATION_TITLE}"'";\n\ \ \ auth_basic_user_file /etc/nginx/nginx.conf.d/authentication/basic_authorized_users;' /etc/nginx/conf.d/*.conf + done + ;; + "LDAP") + cat < /etc/nginx/nginx.conf.d/authentication/ldap_configuration + ldap_server ldapserver { + url "$NGINX_AUTHENTICATION_LDAP_HOST/$NGINX_AUTHENTICATION_LDAP_BASE_DN?$NGINX_AUTHENTICATION_LDAP_ATTRIBUTE?$NGINX_AUTHENTICATION_LDAP_SCOPE?$NGINX_AUTHENTICATION_LDAP_FILTER"; + binddn "$NGINX_AUTHENTICATION_LDAP_BIND_DN"; + binddn_passwd $NGINX_AUTHENTICATION_LDAP_BIND_PW; + group_attribute $NGINX_AUTHENTICATION_LDAP_GROUP_ATTRIBUTE; + group_attribute_is_dn on; + require valid_user; + satisfy all; + } EOF - sed -i '/ server {/a\ \ \ auth_ldap "'"${NGINX_AUTHENTICATION_TITLE}"'";\n\ \ \ auth_ldap_servers ldapserver;' /etc/nginx/conf.d/*.conf - sed -i "\#include /etc/nginx/conf.d/#i\ \ \ \ include /etc/nginx/nginx.conf.d/authentication/ldap_configuration;" /etc/nginx/nginx.conf - ;; - "LLNG") - print_notice "Setting LLNG Authentication" - ### Create Upstream LLNG Hosts - if var_true "${NGINX_ENABLE_UPSTREAM_KEEPALIVE}" ; then - upstream_keepalive="keepalive ${NGINX_UPSTREAM_KEEPALIVE};" - fi - llng_upstream_hosts=$(echo "${NGINX_AUTHENTICATION_LLNG_HANDLER_HOST}" | tr "," "\n") - echo "upstream llng-upstream-pool {" >> /etc/nginx/nginx.conf.d/authentication/llng_upstream - echo " ${upstream_keepalive}" >> /etc/nginx/nginx.conf.d/authentication/llng_upstream - for host in $llng_upstream_hosts - do - if [[ ${host} != *":"* ]];then - llng_handler_listen_port=":${NGINX_AUTHENTICATION_LLNG_HANDLER_PORT}" - else - llng_handler_listen_port="" - fi - echo " server $host${llng_handler_listen_port} ${NGINX_UPSTREAM_OPTIONS};" >> /etc/nginx/nginx.conf.d/authentication/llng_upstream - done - echo "}" >> /etc/nginx/nginx.conf.d/authentication/llng_upstream - sed -i -e "/# Do not delete - Upstream Configuration/a\ \ \ \ include \/etc\/nginx\/nginx.conf.d\/authentication\/llng_upstream;" /etc/nginx/nginx.conf - sed -i -e "/# Do not delete - Upstream Configuration/a\ \ \ \ ### LLNG Authentication Multiple Handlers configuration" /etc/nginx/nginx.conf - sed -i "s##$NGINX_AUTHENTICATION_LLNG_HANDLER_PORT#g" /etc/nginx/nginx.conf.d/authentication/llng_location_block - - if [ ! -f "/etc/cont-init.d/20-php-fpm" ]; then - header_num=$(printenv | sort | grep -c '\NGINX_AUTHENTICATION_LLNG_ATTRIBUTE.*') - for ((i = 1; i <= header_num; i++)); do - headers=NGINX_AUTHENTICATION_LLNG_ATTRIBUTE${i} - IFS=',' read -r -a array <<<"${!headers}" - - print_notice "Updating Nginx to support recieving attribute from LLNG: '${array[0]}'" - - echo "fastcgi_param ${array[0]} \$${array[1]};" >>/etc/nginx/nginx.conf.d/authentication/llng_params - echo "auth_request_set \$${array[1]} \$${array[2]};" >>/etc/nginx/nginx.conf.d/authentication/llng_auth_request + sed -i '/ server {/a\ \ \ auth_ldap "'"${NGINX_AUTHENTICATION_TITLE}"'";\n\ \ \ auth_ldap_servers ldapserver;' /etc/nginx/conf.d/*.conf + sed -i "\#include /etc/nginx/conf.d/#i\ \ \ \ include /etc/nginx/nginx.conf.d/authentication/ldap_configuration;" /etc/nginx/nginx.conf + ;; + "LLNG") + print_notice "Setting LLNG Authentication" + ### Create Upstream LLNG Hosts + if var_true "${NGINX_ENABLE_UPSTREAM_KEEPALIVE}" ; then + upstream_keepalive="keepalive ${NGINX_UPSTREAM_KEEPALIVE};" + fi + llng_upstream_hosts=$(echo "${NGINX_AUTHENTICATION_LLNG_HANDLER_HOST}" | tr "," "\n") + echo "upstream llng-upstream-pool {" >> /etc/nginx/nginx.conf.d/authentication/llng_upstream + echo " ${upstream_keepalive}" >> /etc/nginx/nginx.conf.d/authentication/llng_upstream + for host in $llng_upstream_hosts + do + if [[ ${host} != *":"* ]];then + llng_handler_listen_port=":${NGINX_AUTHENTICATION_LLNG_HANDLER_PORT}" + else + llng_handler_listen_port="" + fi + echo " server $host${llng_handler_listen_port} ${NGINX_UPSTREAM_OPTIONS};" >> /etc/nginx/nginx.conf.d/authentication/llng_upstream done + echo "}" >> /etc/nginx/nginx.conf.d/authentication/llng_upstream + sed -i -e "/# Do not delete - Upstream Configuration/a\ \ \ \ include \/etc\/nginx\/nginx.conf.d\/authentication\/llng_upstream;" /etc/nginx/nginx.conf + sed -i -e "/# Do not delete - Upstream Configuration/a\ \ \ \ ### LLNG Authentication Multiple Handlers configuration" /etc/nginx/nginx.conf + sed -i "s##$NGINX_AUTHENTICATION_LLNG_HANDLER_PORT#g" /etc/nginx/nginx.conf.d/authentication/llng_location_block + + if [ ! -f "/etc/cont-init.d/20-php-fpm" ]; then + header_num=$(printenv | sort | grep -c '\NGINX_AUTHENTICATION_LLNG_ATTRIBUTE.*') + for ((i = 1; i <= header_num; i++)); do + headers=NGINX_AUTHENTICATION_LLNG_ATTRIBUTE${i} + IFS=',' read -r -a array <<<"${!headers}" + + print_notice "Updating Nginx to support recieving attribute from LLNG: '${array[0]}'" + + echo "fastcgi_param ${array[0]} \$${array[1]};" >>/etc/nginx/nginx.conf.d/authentication/llng_params + echo "auth_request_set \$${array[1]} \$${array[2]};" >>/etc/nginx/nginx.conf.d/authentication/llng_auth_request + done + + sed -i '/server {/a\ \ \ \ \ include /etc/nginx/nginx.conf.d/authentication/llng_location_block;' /etc/nginx/conf.d/*.conf + sed -i '/server {/a\ \ \ \ \ ### LLNG Authentication Checkpoint' /etc/nginx/conf.d/*.conf + sed -i '/location \/ {/a\ \ \ \ \ \ \ \ include /etc/nginx/nginx.conf.d/authentication/llng_auth_request;' /etc/nginx/conf.d/*.conf + sed -i '/location \/ {/a\ \ \ \ \ \ \ \ ### LLNG Authentication handler' /etc/nginx/conf.d/*.conf + else + print_debug "Skipping LLNG Authentication configuration until configured by PHP-FPM" + fi + ;; + "NONE") + : + ;; + *) + print_warn "Unknown NGINX_AUTHENTICATION_TYPE '${NGINX_AUTHENTICATION_TYPE}. Reverting to no/application authentication" + ;; + esac + + silent sed -i "s##${NGINX_WEBROOT}#g" /etc/nginx/conf.d/*.conf + silent sed -i "s##${NGINX_LISTEN_PORT}#g" /etc/nginx/conf.d/*.conf + silent sed -i "s##${NGINX_WEBROOT}#g" /etc/nginx/conf.d/*.template + silent sed -i "s##${NGINX_LISTEN_PORT}#g" /etc/nginx/conf.d/*.template + + if [[ -v NGINX_INCLUDE_CONFIGURATION ]]; then + sed -i "\|### Don't edit past here|a\ \ \ \ \ include ${NGINX_INCLUDE_CONFIGURATION};" /etc/nginx/conf.d/*.conf + fi - sed -i '/server {/a\ \ \ \ \ include /etc/nginx/nginx.conf.d/authentication/llng_location_block;' /etc/nginx/conf.d/*.conf - sed -i '/server {/a\ \ \ \ \ ### LLNG Authentication Checkpoint' /etc/nginx/conf.d/*.conf - sed -i '/location \/ {/a\ \ \ \ \ \ \ \ include /etc/nginx/nginx.conf.d/authentication/llng_auth_request;' /etc/nginx/conf.d/*.conf - sed -i '/location \/ {/a\ \ \ \ \ \ \ \ ### LLNG Authentication handler' /etc/nginx/conf.d/*.conf + ### Perform Nginx FastCGI reverse proxy modifications + if var_true "${NGINX_ENABLE_FASTCGI_HTTPS}"; then + print_notice "Enable Nginx FastCGI HTTPS Termination Support" + echo "fastcgi_param HTTPS 'on';" >>/etc/nginx/fastcgi_params + PROTOCOL="https://" else - print_debug "Skipping LLNG Authentication configuration until configured by PHP-FPM" + print_debug "Disable Nginx FastCGI HTTPS Termination Support" + echo "fastcgi_param HTTPS 'off';" >>/etc/nginx/fastcgi_params + PROTOCOL="http://" fi - ;; - "NONE") - : - ;; - *) - print_warn "Unknown NGINX_AUTHENTICATION_TYPE '${NGINX_AUTHENTICATION_TYPE}. Reverting to no/application authentication" - ;; - esac - - silent sed -i "s##${NGINX_WEBROOT}#g" /etc/nginx/conf.d/*.conf - silent sed -i "s##${NGINX_LISTEN_PORT}#g" /etc/nginx/conf.d/*.conf - silent sed -i "s##${NGINX_WEBROOT}#g" /etc/nginx/conf.d/*.template - silent sed -i "s##${NGINX_LISTEN_PORT}#g" /etc/nginx/conf.d/*.template - - if [[ -v NGINX_INCLUDE_CONFIGURATION ]]; then - sed -i "\|### Don't edit past here|a\ \ \ \ \ include ${NGINX_INCLUDE_CONFIGURATION};" /etc/nginx/conf.d/*.conf - fi - - ### Perform Nginx FastCGI reverse proxy modifications - if var_true "${NGINX_ENABLE_FASTCGI_HTTPS}"; then - print_notice "Enable Nginx FastCGI HTTPS Termination Support" - echo "fastcgi_param HTTPS 'on';" >>/etc/nginx/fastcgi_params - PROTOCOL="https://" else - print_debug "Disable Nginx FastCGI HTTPS Termination Support" - echo "fastcgi_param HTTPS 'off';" >>/etc/nginx/fastcgi_params - PROTOCOL="http://" + print_notice "Not configurating application / default.conf files" fi -else - print_notice "Not configurating application / default.conf files" -fi -### Set Stage for Future Development and Production Purposes -case "${STAGE,,}" in - "production" | "staging") - echo 'fastcgi_param STAGE "PRODUCTION";' >>/etc/nginx/fastcgi_params - ;; - "develop" | *) - echo 'fastcgi_param STAGE "DEVELOP";' >>/etc/nginx/fastcgi_params - ;; -esac - -#### Create Sample HTML File if doesn't exist -if var_true "${NGINX_ENABLE_CREATE_SAMPLE_HTML}" ; then - if [ ! -f "${NGINX_WEBROOT}/index.html" ]; then - print_notice "Creating sample index.html" - mkdir -p "${NGINX_WEBROOT}" - cat <"${NGINX_WEBROOT}"/index.html - - Default Page -

Container is working

- Congratulations! Your Nginx image is working. You are seeing this because you don't have an index.html file in your ${NGINX_WEBROOT} directory. - + ### Set Stage for Future Development and Production Purposes + case "${STAGE,,}" in + "production" | "staging") + echo 'fastcgi_param STAGE "PRODUCTION";' >>/etc/nginx/fastcgi_params + ;; + "develop" | *) + echo 'fastcgi_param STAGE "DEVELOP";' >>/etc/nginx/fastcgi_params + ;; + esac + + #### Create Sample HTML File if doesn't exist + if var_true "${NGINX_ENABLE_CREATE_SAMPLE_HTML}" ; then + if [ ! -f "${NGINX_WEBROOT}/index.html" ]; then + print_notice "Creating sample index.html" + mkdir -p "${NGINX_WEBROOT}" + cat <"${NGINX_WEBROOT}"/index.html + +Default Page +

Container is working

+Congratulations! Your Nginx image is working. You are seeing this because you don't have an index.html file in your ${NGINX_WEBROOT} directory. + EOF - chown -R "${NGINX_USER}":"${NGINX_GROUP}" "${NGINX_WEBROOT}" + chown -R "${NGINX_USER}":"${NGINX_GROUP}" "${NGINX_WEBROOT}" + fi fi fi