Эхлэл Бүгдийг харах Тусламж
Нэвтрэх
mirrors
/
nginx-proxy
-ын хуулбар https://github.com/nginx-proxy/nginx-proxy.git
2
0
Салаа 0
Файлууд
Мод: 0.9.2
Салаанууд Тагууд
nginx-proxy
/
generate-dhparam.sh

generate-dhparam.sh 2.0 KB
Байнгын холболт Түүх Анхны өгөгдөл

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253 
  1. #!/bin/bash -e
    2. 

  2. 

  3. # DHPARAM_BITS is the bit depth of the dhparam, or 4096 if unspecified
    4. 

  4. DHPARAM_BITS=${DHPARAM_BITS:-4096}
    5. 

  5. # DHPARAM_GENERATION=false skips dhparam generation
    6. 

  6. DHPARAM_GENERATION=${DHPARAM_GENERATION:-true}
    7. 

  7. 

  8. # If a dhparam file is not available, use the pre-generated one and generate a new one in the background.
    9. 

  9. # Note that /etc/nginx/dhparam is a volume, so this dhparam will persist restarts.
    10. 

  10. PREGEN_DHPARAM_FILE="/app/dhparam.pem.default"
    11. 

  11. DHPARAM_FILE="/etc/nginx/dhparam/dhparam.pem"
    12. 

  12. GEN_LOCKFILE="/tmp/dhparam_generating.lock"
    13. 

  13. 

  14. # The hash of the pregenerated dhparam file is used to check if the pregen dhparam is already in use
    15. 

  15. PREGEN_HASH=$(md5sum $PREGEN_DHPARAM_FILE | cut -d" " -f1)
    16. 

  16. if [[ -f $DHPARAM_FILE ]]; then
    17. 

  17.     CURRENT_HASH=$(md5sum $DHPARAM_FILE | cut -d" " -f1)
    18. 

  18.     if [[ $PREGEN_HASH != "$CURRENT_HASH" ]]; then
    19. 

  19.         # There is already a dhparam, and it's not the default
    20. 

  20.         echo "Custom dhparam.pem file found, generation skipped"
    21. 

  21.         exit 0
    22. 

  22.     fi
    23. 

  23. 

  24.     if [[ -f $GEN_LOCKFILE ]]; then
    25. 

  25.         # Generation is already in progress
    26. 

  26.         exit 0
    27. 

  27.     fi
    28. 

  28. fi
    29. 

  29. 

  30. if [[ $DHPARAM_GENERATION =~ ^[Ff][Aa][Ll][Ss][Ee]$ ]]; then
    31. 

  31.     echo "Skipping Diffie-Hellman parameters generation and Ignoring pre-generated dhparam.pem"
    32. 

  32.     exit 0
    33. 

  33. fi
    34. 

  34. 

  35. cat >&2 <<-EOT
    36. 

  36. WARNING: $DHPARAM_FILE was not found. A pre-generated dhparam.pem will be used for now while a new one
    37. 

  37. is being generated in the background.  Once the new dhparam.pem is in place, nginx will be reloaded.
    38. 

  38. EOT
    39. 

  39. 

  40. # Put the default dhparam file in place so we can start immediately
    41. 

  41. cp $PREGEN_DHPARAM_FILE $DHPARAM_FILE
    42. 

  42. touch $GEN_LOCKFILE
    43. 

  43. 

  44. # Generate a new dhparam in the background in a low priority and reload nginx when finished (grep removes the progress indicator).
    45. 

  45. (
    46. 

  46.     (
    47. 

  47.         nice -n +5 openssl dhparam -dsaparam -out $DHPARAM_FILE.tmp "$DHPARAM_BITS" 2>&1 \
    48. 

  48.         && mv $DHPARAM_FILE.tmp $DHPARAM_FILE \
    49. 

  49.         && echo "dhparam generation complete, reloading nginx" \
    50. 

  50.         && nginx -s reload
    51. 

  51.     ) | grep -vE '^[\.+]+'
    52. 

  52.     rm $GEN_LOCKFILE
    53. 

  53. ) & disown
    54.