#!/usr/bin/env bash set -eo pipefail [[ $DOKKU_TRACE ]] && set -x source "$PLUGIN_CORE_AVAILABLE_PATH/common/functions" source "$PLUGIN_AVAILABLE_PATH/certs/functions" source "$PLUGIN_AVAILABLE_PATH/config/functions" source "$PLUGIN_AVAILABLE_PATH/nginx-vhosts/internal-functions" fn-nginx-log-root() { declare desc="get the nginx log root" local NGINX_LOG_ROOT="/var/log/nginx" fn-nginx-vhosts-uses-openresty && NGINX_LOG_ROOT="/var/log/openresty" echo "$NGINX_LOG_ROOT" } fn-nginx-access-log-format() { declare desc="get the configured access log format" declare APP="$1" fn-plugin-property-get-default "nginx" "$APP" "access-log-format" "" } fn-nginx-access-log-path() { declare desc="get the configured access log path" declare APP="$1" local NGINX_LOG_ROOT="$(fn-nginx-log-root)" fn-plugin-property-get-default "nginx" "$APP" "access-log-path" "${NGINX_LOG_ROOT}/${APP}-access.log" } fn-nginx-proxy-buffer-size() { declare desc="get the configured proxy buffer size" declare APP="$1" fn-plugin-property-get-default "nginx" "$APP" "proxy-buffer-size" "$(fn-get-pagesize)" } fn-nginx-proxy-buffering() { declare desc="get the configured proxy buffering" declare APP="$1" fn-plugin-property-get-default "nginx" "$APP" "proxy-buffering" "on" } fn-nginx-proxy-buffers() { declare desc="get the configured proxy buffers" declare APP="$1" fn-plugin-property-get-default "nginx" "$APP" "proxy-buffers" "8 $(fn-get-pagesize)" } fn-nginx-proxy-busy-buffers-size() { declare desc="get the configured proxy busy buffers size" declare APP="$1" fn-plugin-property-get-default "nginx" "$APP" "proxy-busy-buffers-size" "$(($(fn-get-pagesize) * 2))" } fn-nginx-proxy-read-timeout() { declare desc="get the configured proxy read timeout" declare APP="$1" fn-plugin-property-get-default "nginx" "$APP" "proxy-read-timeout" "60s" } fn-nginx-client-max-body-size() { declare desc="get the configured client max body size" declare APP="$1" fn-plugin-property-get-default "nginx" "$APP" "client-max-body-size" "" } fn-nginx-error-log-path() { declare desc="get the configured access log path" declare APP="$1" local NGINX_LOG_ROOT="$(fn-nginx-log-root)" fn-plugin-property-get-default "nginx" "$APP" "error-log-path" "${NGINX_LOG_ROOT}/${APP}-error.log" } get_nginx_location() { declare desc="check that nginx is at the expected location and return it" fn-nginx-vhosts-nginx-location } validate_nginx() { declare desc="validate entire nginx config" declare APP="${1:-}" FLAG="${2:-}" local NGINX_LOCATION EXIT_CODE NGINX_LOCATION=$(get_nginx_location) if [[ -z "$NGINX_LOCATION" ]]; then exit 1 fi if [[ "$APP" == "--clean" ]]; then APP="" FLAG="--clean" fi set +e sudo "$NGINX_LOCATION" -t >/dev/null 2>&1 EXIT_CODE=$? set -e if [[ "$EXIT_CODE" -eq "0" ]]; then return fi if [[ -n "$APP" ]]; then verify_app_name "$APP" nginx_vhosts_validate_single_func "$APP" "$FLAG" else for app in $(dokku_apps "false"); do nginx_vhosts_validate_single_func "$app" "$FLAG" done fi set +e sudo "$NGINX_LOCATION" -t >/dev/null 2>&1 EXIT_CODE=$? set -e if [[ "$EXIT_CODE" -eq "0" ]]; then return fi sudo "$NGINX_LOCATION" -t exit $? } restart_nginx() { declare desc="restart nginx for given distros" local PROXY_ENABLED="$(plugn trigger proxy-is-enabled "$APP")" local PROXY_TYPE="$(plugn trigger proxy-type "$APP")" if [[ "$PROXY_ENABLED" == "true" ]] && [[ "$PROXY_TYPE" == "nginx" ]]; then fn-nginx-vhosts-nginx-init-cmd "reload" fi } nginx_logs() { declare desc="display app nginx logs" declare NGINX_LOGS_TYPE="${1#nginx:}" APP="$2" local NGINX_LOGS_TYPE=${NGINX_LOGS_TYPE%-logs} local NGINX_LOGS_PATH="$("fn-nginx-${NGINX_LOGS_TYPE}-log-path" "$APP")" if [[ "$NGINX_LOGS_PATH" == "off" ]] || [[ "$NGINX_LOGS_PATH" == "/dev/null" ]]; then dokku_log_fail "$NGINX_LOGS_TYPE logs are disabled for this app" fi if [[ $3 == "-t" ]]; then local NGINX_LOGS_ARGS="-F" else local NGINX_LOGS_ARGS="-n 20" fi tail "$NGINX_LOGS_ARGS" "$NGINX_LOGS_PATH" } validate_ssl_domains() { declare desc="check configured domains against SSL cert contents and show warning if mismatched" local APP=$1 local VHOST_PATH="$DOKKU_ROOT/$APP/VHOST" local SSL_HOSTNAME=$(get_ssl_hostnames "$APP") local SSL_HOSTNAME_REGEX=$(echo "$SSL_HOSTNAME" | xargs | sed 's|\.|\\.|g' | sed 's/\*/\[^\.\]\*/g' | sed 's/ /|/g') if ! (grep -q -E "^${SSL_HOSTNAME_REGEX}$" "$VHOST_PATH" &>/dev/null); then dokku_log_info1 "No matching configured domains for $APP found in SSL certificate. Your app will show as insecure in a browser if accessed via SSL" dokku_log_info1 "Please add appropriate domains via the dokku domains command" [[ -n "$NONSSL_VHOSTS" ]] && dokku_log_info1 "Configured domains for app:" local domain for domain in $(echo "$NONSSL_VHOSTS" | xargs); do dokku_log_info2 "$domain" done [[ -n "$SSL_HOSTNAME" ]] && dokku_log_info1 "Domains found in SSL certificate:" for domain in $(echo "$SSL_HOSTNAME" | xargs); do dokku_log_info2 "$domain" done fi } get_custom_nginx_template() { declare desc="attempts to copy custom nginx template from app image" local APP="$1" local DESTINATION_FILE="$2" local IMAGE_TAG="$(get_running_image_tag "$APP")" local IMAGE=$(get_deploying_app_image_name "$APP" "$IMAGE_TAG") local NGINX_TEMPLATE_NAME="nginx.conf.sigil" local DISABLE_CUSTOM_CONFIG="$(fn-plugin-property-get-default "nginx" "$APP" "disable-custom-config" "false")" if [[ "$DISABLE_CUSTOM_CONFIG" == "true" ]]; then return fi if [[ -f "${DOKKU_LIB_ROOT}/data/nginx-vhosts/app-$APP/nginx.conf.sigil.$DOKKU_PID.missing" ]]; then return fi if [[ -f "${DOKKU_LIB_ROOT}/data/nginx-vhosts/app-$APP/nginx.conf.sigil.$DOKKU_PID" ]]; then cp "${DOKKU_LIB_ROOT}/data/nginx-vhosts/app-$APP/nginx.conf.sigil.$DOKKU_PID" "$DESTINATION_FILE" elif [[ -f "${DOKKU_LIB_ROOT}/data/nginx-vhosts/app-$APP/nginx.conf.sigil" ]]; then cp "${DOKKU_LIB_ROOT}/data/nginx-vhosts/app-$APP/nginx.conf.sigil" "$DESTINATION_FILE" fi } is_tls13_available() { declare desc="detects whether the installed nginx version has TLSv1.3 support" local NGINX_VERSION="$1" local MAJOR_VERSION MINOR_VERSION PATCH_VERSION local HAS_SUPPORT=false MAJOR_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[1]}') MINOR_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[2]}') PATCH_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[3]}') if [[ "$MAJOR_VERSION" -ge "2" ]]; then HAS_SUPPORT=true elif [[ "$MAJOR_VERSION" -eq "1" ]] && [[ "$MINOR_VERSION" -ge "13" ]]; then HAS_SUPPORT=true fi echo $HAS_SUPPORT } is_http2_push_enabled() { declare desc="detects whether the installed nginx version has http2 push support" local NGINX_VERSION="$1" local MAJOR_VERSION MINOR_VERSION PATCH_VERSION local HAS_SUPPORT=false MAJOR_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[1]}') MINOR_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[2]}') PATCH_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[3]}') if [[ "$MAJOR_VERSION" -ge "2" ]]; then HAS_SUPPORT=true elif [[ "$MAJOR_VERSION" -eq "1" ]]; then if [[ "$MINOR_VERSION" -eq "13" ]] && [[ "$PATCH_VERSION" -ge "9" ]]; then HAS_SUPPORT=true elif [[ "$MINOR_VERSION" -ge "14" ]]; then HAS_SUPPORT=true fi fi echo $HAS_SUPPORT } is_http2_enabled() { declare desc="detects whether the installed nginx version has http2 support" local NGINX_VERSION="$1" local MAJOR_VERSION MINOR_VERSION PATCH_VERSION local HAS_SUPPORT=false MAJOR_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[1]}') MINOR_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[2]}') PATCH_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[3]}') if [[ "$MAJOR_VERSION" -ge "2" ]]; then HAS_SUPPORT=true elif [[ "$MAJOR_VERSION" -eq "1" ]]; then if [[ "$MINOR_VERSION" -eq "11" ]] && [[ "$PATCH_VERSION" -ge "5" ]]; then HAS_SUPPORT=true elif [[ "$MINOR_VERSION" -ge "12" ]]; then HAS_SUPPORT=true fi fi echo $HAS_SUPPORT } is_grpc_enabled() { declare desc="detects whether the installed nginx version has grpc support" local NGINX_VERSION="$1" local MAJOR_VERSION MINOR_VERSION PATCH_VERSION local HAS_SUPPORT=false MAJOR_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[1]}') MINOR_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[2]}') PATCH_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[3]}') if [[ "$MAJOR_VERSION" -ge "2" ]]; then HAS_SUPPORT=true elif [[ "$MAJOR_VERSION" -eq "1" ]]; then if [[ "$MINOR_VERSION" -eq "13" ]] && [[ "$PATCH_VERSION" -ge "10" ]]; then HAS_SUPPORT=true elif [[ "$MINOR_VERSION" -ge "14" ]]; then HAS_SUPPORT=true fi fi echo $HAS_SUPPORT } nginx_build_config() { declare desc="build nginx config to proxy app containers using sigil" declare APP="$1" DOKKU_APP_LISTEN_PORT="$2" DOKKU_APP_LISTEN_IP="$3" local VHOST_PATH="$DOKKU_ROOT/$APP/VHOST" local NGINX_TEMPLATE_NAME="nginx.conf.sigil" local NGINX_TEMPLATE="$PLUGIN_AVAILABLE_PATH/nginx-vhosts/templates/$NGINX_TEMPLATE_NAME" local SCHEME=http local NGINX_TEMPLATE_SOURCE="built-in" local APP_SSL_PATH="$DOKKU_ROOT/$APP/tls" local RAW_TCP_PORTS="$(get_app_raw_tcp_ports "$APP")" local DOKKU_APP_LISTENERS CUSTOM_NGINX_TEMPLATE="$(plugn trigger nginx-app-template-source "$APP" "app-config")" if [[ -n "$CUSTOM_NGINX_TEMPLATE" ]]; then NGINX_TEMPLATE="$CUSTOM_NGINX_TEMPLATE" fi local IS_APP_VHOST_ENABLED=true plugn trigger domains-vhost-enabled "$APP" 2>/dev/null || IS_APP_VHOST_ENABLED=false local IS_SSL_ENABLED=false if [[ "$(plugn trigger certs-exists "$APP")" == "true" ]]; then IS_SSL_ENABLED=true fi if [[ "$(plugn trigger proxy-is-enabled "$APP")" == "true" ]]; then if [[ -z "$DOKKU_APP_LISTEN_PORT" ]] && [[ -z "$DOKKU_APP_LISTEN_IP" ]]; then DOKKU_APP_LISTENERS="$(plugn trigger network-get-listeners "$APP" "web" | xargs)" elif [[ -n "$DOKKU_APP_LISTEN_PORT" ]] && [[ -n "$DOKKU_APP_LISTEN_IP" ]]; then local PASSED_LISTEN_IP_PORT=true fi # setup nginx listen ports plugn trigger proxy-configure-ports "$APP" local PROXY_PORT=$(config_get "$APP" DOKKU_PROXY_PORT) local PROXY_SSL_PORT=$(config_get "$APP" DOKKU_PROXY_SSL_PORT) local PROXY_PORT_MAP=$(config_get "$APP" DOKKU_PROXY_PORT_MAP) local PORT_MAP proxy_port_map for PORT_MAP in $PROXY_PORT_MAP; do local PROXY_UPSTREAM_SCHEME="$(awk -F ':' '{ print $1 }' <<<"$PORT_MAP")" if [[ "$PROXY_UPSTREAM_SCHEME" == "https" ]] && [[ "$IS_SSL_ENABLED" == "false" ]]; then dokku_log_warn "Ignoring detected https port mapping without an accompanying ssl certificate (${PORT_MAP})" continue fi proxy_port_map="$proxy_port_map $PORT_MAP" local PROXY_UPSTREAM_PORT="$(awk -F ':' '{ print $3 }' <<<"$PORT_MAP")" if [[ "$(is_val_in_list "$PROXY_UPSTREAM_PORT" "$PROXY_UPSTREAM_PORTS" " ")" == "false" ]]; then local PROXY_UPSTREAM_PORTS+="$PROXY_UPSTREAM_PORT " fi done PROXY_PORT_MAP="$proxy_port_map" local PROXY_UPSTREAM_PORTS="$(echo "$PROXY_UPSTREAM_PORTS" | xargs)" local SSL_INUSE= local NONSSL_VHOSTS=$(plugn trigger domains-list "$APP") local NOSSL_SERVER_NAME=$(echo "$NONSSL_VHOSTS" | xargs) if [[ "$IS_SSL_ENABLED" == "true" ]]; then local SSL_INUSE=true local SCHEME=https validate_ssl_domains "$APP" local SSL_HOSTNAME=$(get_ssl_hostnames "$APP") local SSL_HOSTNAME_REGEX=$(echo "$SSL_HOSTNAME" | xargs | sed 's|\.|\\.|g' | sed 's/\*/\[^\.\]\*/g' | sed 's/ /|/g') if [[ "$IS_APP_VHOST_ENABLED" == "true" ]]; then local SSL_VHOSTS=$(grep -E "^${SSL_HOSTNAME_REGEX}$" "$VHOST_PATH" || true) else local SSL_VHOSTS=$(<"$DOKKU_ROOT/VHOST") fi local SSL_SERVER_NAME local host for host in $SSL_VHOSTS; do # SSL_SERVER_NAME should only contain items not in NOSSL_SERVER_NAME if [[ ! $NOSSL_SERVER_NAME =~ (^|[[:space:]])$host($|[[:space:]]) ]]; then SSL_SERVER_NAME="${host}${SSL_SERVER_NAME:+ $SSL_SERVER_NAME}" fi done fi local NGINX_LOCATION NGINX_VERSION SPDY_SUPPORTED TLS13_SUPPORTED HTTP2_SUPPORTED HTTP2_PUSH_SUPPORTED GRPC_SUPPORTED NGINX_LOCATION=$(get_nginx_location) if [[ -z "$NGINX_LOCATION" ]]; then exit 1 fi NGINX_VERSION="$("$NGINX_LOCATION" -v 2>&1 | cut -d'/' -f 2)" # DEPRECATED: Remove me at 1.0.0 SPDY_SUPPORTED="false" TLS13_SUPPORTED="$(is_tls13_available "$NGINX_VERSION")" HTTP2_SUPPORTED="$(is_http2_enabled "$NGINX_VERSION")" HTTP2_PUSH_SUPPORTED="$(is_http2_push_enabled "$NGINX_VERSION")" GRPC_SUPPORTED="$(is_grpc_enabled "$NGINX_VERSION")" PROXY_PORT_MAP=$(echo "$PROXY_PORT_MAP" | xargs) # trailing spaces mess up default template local NGINX_LOG_ROOT="$(fn-nginx-log-root)" local NGINX_ACCESS_LOG_FORMAT="$(fn-nginx-access-log-format "$APP")" local NGINX_ACCESS_LOG_PATH="$(fn-nginx-access-log-path "$APP")" local NGINX_ERROR_LOG_PATH="$(fn-nginx-error-log-path "$APP")" local CLIENT_MAX_BODY_SIZE="$(fn-nginx-client-max-body-size "$APP")" local PROXY_READ_TIMEOUT="$(fn-nginx-proxy-read-timeout "$APP")" local PROXY_BUFFER_SIZE="$(fn-nginx-proxy-buffer-size "$APP")" local PROXY_BUFFERING="$(fn-nginx-proxy-buffering "$APP")" local PROXY_BUFFERS="$(fn-nginx-proxy-buffers "$APP")" local PROXY_BUSY_BUFFERS_SIZE="$(fn-nginx-proxy-busy-buffers-size "$APP")" if [[ -z "$DOKKU_APP_LISTENERS" ]]; then dokku_log_warn_quiet "No web listeners specified for $APP" elif (is_deployed "$APP"); then if [[ "$(plugn trigger network-get-static-listeners "$APP" "web")" == "" ]]; then local IMAGE_TAG=$(get_running_image_tag "$APP") local IMAGE=$(get_deploying_app_image_name "$APP" "$IMAGE_TAG" 2>/dev/null) if ! verify_image "$IMAGE" 2>/dev/null; then dokku_log_fail "Missing image for app" fi fi local NGINX_BUILD_CONFIG_TMP_WORK_DIR=$(mktemp -d "/tmp/dokku-${DOKKU_PID}-${FUNCNAME[0]}.XXXXXX") local NGINX_CONF=$(mktemp --tmpdir="${NGINX_BUILD_CONFIG_TMP_WORK_DIR}" "nginx.conf.XXXXXX") local CUSTOM_NGINX_TEMPLATE="$NGINX_BUILD_CONFIG_TMP_WORK_DIR/$NGINX_TEMPLATE_NAME" trap "rm -rf '$NGINX_CONF' '$NGINX_BUILD_CONFIG_TMP_WORK_DIR' >/dev/null" RETURN INT TERM EXIT get_custom_nginx_template "$APP" "$CUSTOM_NGINX_TEMPLATE" 2>/dev/null if [[ -f "$CUSTOM_NGINX_TEMPLATE" ]]; then dokku_log_info1 'Overriding default nginx.conf with detected nginx.conf.sigil' local NGINX_TEMPLATE="$CUSTOM_NGINX_TEMPLATE" local NGINX_TEMPLATE_SOURCE="app-supplied" fi local NGINX_BIND_ADDRESS_IP4="$(fn-plugin-property-get-default "nginx" "$APP" "bind-address-ipv4" "")" local NGINX_BIND_ADDRESS_IP6="$(fn-plugin-property-get-default "nginx" "$APP" "bind-address-ipv6" "::")" [[ -z "$NGINX_BIND_ADDRESS_IP6" ]] && NGINX_BIND_ADDRESS_IP6="::" local PROXY_X_FORWARDED_FOR="$(fn-plugin-property-get-default "nginx" "$APP" "x-forwarded-for-value" "\$remote_addr")" local PROXY_X_FORWARDED_PORT="$(fn-plugin-property-get-default "nginx" "$APP" "x-forwarded-port-value" "\$server_port")" local PROXY_X_FORWARDED_PROTO="$(fn-plugin-property-get-default "nginx" "$APP" "x-forwarded-proto-value" "\$scheme")" local PROXY_X_FORWARDED_SSL="$(fn-plugin-property-get-default "nginx" "$APP" "x-forwarded-ssl" "")" eval "$(config_export app "$APP")" local SIGIL_PARAMS=(-f "$NGINX_TEMPLATE" APP="$APP" DOKKU_ROOT="$DOKKU_ROOT" NOSSL_SERVER_NAME="$NOSSL_SERVER_NAME" # Deprecated: Remove this after a few versions DOKKU_APP_LISTENERS="$DOKKU_APP_LISTENERS" DOKKU_LIB_ROOT="$DOKKU_LIB_ROOT" PASSED_LISTEN_IP_PORT="$PASSED_LISTEN_IP_PORT" SPDY_SUPPORTED="$SPDY_SUPPORTED" TLS13_SUPPORTED="$TLS13_SUPPORTED" HTTP2_SUPPORTED="$HTTP2_SUPPORTED" NGINX_LOG_ROOT="$NGINX_LOG_ROOT" NGINX_ACCESS_LOG_FORMAT="$NGINX_ACCESS_LOG_FORMAT" NGINX_ACCESS_LOG_PATH="$NGINX_ACCESS_LOG_PATH" NGINX_ERROR_LOG_PATH="$NGINX_ERROR_LOG_PATH" NGINX_BIND_ADDRESS_IP4="$NGINX_BIND_ADDRESS_IP4" NGINX_BIND_ADDRESS_IP6="$NGINX_BIND_ADDRESS_IP6" HTTP2_PUSH_SUPPORTED="$HTTP2_PUSH_SUPPORTED" GRPC_SUPPORTED="$GRPC_SUPPORTED" DOKKU_APP_LISTEN_PORT="$DOKKU_APP_LISTEN_PORT" DOKKU_APP_LISTEN_IP="$DOKKU_APP_LISTEN_IP" APP_SSL_PATH="$APP_SSL_PATH" SSL_INUSE="$SSL_INUSE" SSL_SERVER_NAME="$SSL_SERVER_NAME" CLIENT_MAX_BODY_SIZE="$CLIENT_MAX_BODY_SIZE" PROXY_READ_TIMEOUT="$PROXY_READ_TIMEOUT" PROXY_BUFFER_SIZE="$PROXY_BUFFER_SIZE" PROXY_BUFFERING="$PROXY_BUFFERING" PROXY_BUFFERS="$PROXY_BUFFERS" PROXY_BUSY_BUFFERS_SIZE="$PROXY_BUSY_BUFFERS_SIZE" # Deprecated: Remove this after a few versions NGINX_PORT="$PROXY_PORT" NGINX_SSL_PORT="$PROXY_SSL_PORT" PROXY_PORT="$PROXY_PORT" PROXY_SSL_PORT="$PROXY_SSL_PORT" RAW_TCP_PORTS="$RAW_TCP_PORTS" PROXY_PORT_MAP="$PROXY_PORT_MAP" PROXY_UPSTREAM_PORTS="$PROXY_UPSTREAM_PORTS" PROXY_X_FORWARDED_FOR="$PROXY_X_FORWARDED_FOR" PROXY_X_FORWARDED_PORT="$PROXY_X_FORWARDED_PORT" PROXY_X_FORWARDED_PROTO="$PROXY_X_FORWARDED_PROTO" PROXY_X_FORWARDED_SSL="$PROXY_X_FORWARDED_SSL") while read -r line || [[ -n "$line" ]]; do PROC_TYPE=${line%%=*} LISTENERS="$(plugn trigger network-get-listeners "$APP" "$PROC_TYPE" | xargs)" UPP_PROC_TYPE="${PROC_TYPE^^}" UPP_PROC_TYPE="${UPP_PROC_TYPE//-/_}" SIGIL_PARAMS+=("DOKKU_APP_${UPP_PROC_TYPE}_LISTENERS=$LISTENERS") done < <(plugn trigger ps-current-scale "$APP") if grep DOKKU_APP_LISTENERS "$NGINX_TEMPLATE"; then dokku_log_warn "Deprecated: Usage of DOKKU_APP_LISTENERS within nginx.conf.sigil templates is deprecated in favor of DOKKU_APP_WEB_LISTENERS" fi if grep NGINX_SSL_PORT "$NGINX_TEMPLATE"; then dokku_log_warn "Deprecated: Usage of NGINX_SSL_PORT within nginx.conf.sigil templates is deprecated in favor of PROXY_SSL_PORT" fi if grep NGINX_PORT "$NGINX_TEMPLATE"; then dokku_log_warn "Deprecated: Usage of NGINX_PORT within nginx.conf.sigil templates is deprecated in favor of PROXY_PORT" fi # execute sigil template processing xargs -i echo "-----> Configuring {}...(using $NGINX_TEMPLATE_SOURCE template)" <<<"$(echo "${SSL_VHOSTS}" "${NONSSL_VHOSTS}" | tr ' ' '\n' | sort -u)" sigil "${SIGIL_PARAMS[@]}" | cat -s >"$NGINX_CONF" dokku_log_info1 "Creating $SCHEME nginx.conf" mv "$NGINX_CONF" "$DOKKU_ROOT/$APP/nginx.conf" fn-nginx-vhosts-manage-hsts "$APP" "$SSL_INUSE" plugn trigger nginx-pre-reload "$APP" "$DOKKU_APP_LISTEN_PORT" "$DOKKU_APP_LISTEN_IP" dokku_log_verbose "Reloading nginx" validate_nginx && restart_nginx >/dev/null fi else # note because this clause is long. if the proxy is disabled: dokku_log_info1 "Nginx support is disabled for app ($APP)" if [[ -f "$DOKKU_ROOT/$APP/nginx.conf" ]]; then dokku_log_info1 "Deleting nginx.conf" rm "$DOKKU_ROOT/$APP/nginx.conf" if (is_deployed "$APP"); then dokku_log_info1 "Reloading nginx after nginx.conf deletion" validate_nginx && restart_nginx >/dev/null fi fi fi }