Эхлэл Бүгдийг харах Тусламж
Нэвтрэх
mirrors
/
nginx-proxy
-ын хуулбар https://github.com/nginx-proxy/nginx-proxy.git
2
0
Салаа 0
Файлууд
Мод: 391ca3e3b5
Салаанууд Тагууд
nginx-proxy
/
docker-entrypoint.sh

docker-entrypoint.sh 2.5 KB
Түүх Анхны өгөгдөл

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374 
  1. #!/bin/bash
    2. 

  2. set -e
    3. 

  3. 

  4. function _check_unix_socket() {
    5. 

  5. 	# Warn if the DOCKER_HOST socket does not exist
    6. 

  6. 	if [[ ${DOCKER_HOST} == unix://* ]]; then
    7. 

  7. 		local SOCKET_FILE="${DOCKER_HOST#unix://}"
    8. 

  8. 

  9. 		if [[ ! -S ${SOCKET_FILE} ]]; then
    10. 

  10. 			cat >&2 <<-EOT
    11. 

  11. 				ERROR: you need to share your Docker host socket with a volume at ${SOCKET_FILE}
    12. 

  12. 				Typically you should run your nginxproxy/nginx-proxy with: \`-v /var/run/docker.sock:${SOCKET_FILE}:ro\`
    13. 

  13. 				See the documentation at: https://github.com/nginx-proxy/nginx-proxy/#usage
    14. 

  14. 			EOT
    15. 

  15. 

  16. 			exit 1
    17. 

  17. 		fi
    18. 

  18. 	fi
    19. 

  19. }
    20. 

  20. 

  21. function _resolvers() {
    22. 

  22. 	# Compute the DNS resolvers for use in the templates - if the IP contains ":", it's IPv6 and must be enclosed in []
    23. 

  23. 	RESOLVERS=$(awk '$1 == "nameserver" {print ($2 ~ ":")? "["$2"]": $2}' ORS=' ' /etc/resolv.conf | sed 's/ *$//g'); export RESOLVERS
    24. 

  24. 

  25. 	SCOPED_IPV6_REGEX='\[fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}\]'
    26. 

  26. 

  27. 	if [[ -z ${RESOLVERS} ]]; then
    28. 

  28. 		echo 'Warning: unable to determine DNS resolvers for nginx' >&2
    29. 

  29. 		unset RESOLVERS
    30. 

  30. 	elif [[ ${RESOLVERS} =~ ${SCOPED_IPV6_REGEX} ]]; then
    31. 

  31. 		echo -n 'Warning: Scoped IPv6 addresses removed from resolvers: ' >&2
    32. 

  32. 		echo "${RESOLVERS}" | grep -Eo "$SCOPED_IPV6_REGEX" | paste -s -d ' ' >&2
    33. 

  33. 		RESOLVERS=$(echo "${RESOLVERS}" | sed -r "s/${SCOPED_IPV6_REGEX}//g" | xargs echo -n); export RESOLVERS
    34. 

  34. 	fi
    35. 

  35. }
    36. 

  36. 

  37. function _setup_dhparam() {
    38. 

  38. 	echo 'Setting up DH Parameters..'
    39. 

  39. 

  40. 	# DH params will be supplied for nginx here:
    41. 

  41. 	local DHPARAM_FILE='/etc/nginx/dhparam/dhparam.pem'
    42. 

  42. 

  43. 	# Should be 2048, 3072, or 4096 (default):
    44. 

  44. 	local FFDHE_GROUP="${DHPARAM_BITS:=4096}"
    45. 

  45. 

  46. 	# DH params may be provided by the user (rarely necessary)
    47. 

  47. 	if [[ -f ${DHPARAM_FILE} ]]; then
    48. 

  48. 		echo 'Warning: A custom dhparam.pem file was provided. Best practice is to use standardized RFC7919 DHE groups instead.' >&2
    49. 

  49. 		return 0
    50. 

  50. 	elif [[ ${DHPARAM_SKIP:=0} -eq 1 ]]; then
    51. 

  51. 		echo 'Skipping Diffie-Hellman parameters setup.'
    52. 

  52. 		return 0
    53. 

  53. 	elif [[ ! ${DHPARAM_BITS} =~ ^(2048|3072|4096)$ ]]; then
    54. 

  54. 		echo "ERROR: Unsupported DHPARAM_BITS size: ${DHPARAM_BITS}. Use: 2048, 3072, or 4096 (default)." >&2
    55. 

  55. 		exit 1
    56. 

  56. 	fi
    57. 

  57. 

  58. 	# Use an existing pre-generated DH group from RFC7919 (https://datatracker.ietf.org/doc/html/rfc7919#appendix-A):
    59. 

  59. 	local RFC7919_DHPARAM_FILE="/app/dhparam/ffdhe${FFDHE_GROUP}.pem"
    60. 

  60. 

  61. 	# Provide the DH params file to nginx:
    62. 

  62. 	cp "${RFC7919_DHPARAM_FILE}" "${DHPARAM_FILE}"
    63. 

  63. }
    64. 

  64. 

  65. # Run the init logic if the default CMD was provided
    66. 

  66. if [[ $* == 'forego start -r' ]]; then
    67. 

  67. 	_check_unix_socket
    68. 

  68. 

  69. 	_resolvers
    70. 

  70. 

  71. 	_setup_dhparam
    72. 

  72. fi
    73. 

  73. 

  74. exec "$@"
    75.