mirror of
https://github.com/dokku/dokku.git
synced 2025-12-16 12:07:45 +01:00
a4a229df3a
Also start it by default in the case where there are no apps at all, as that likely means this is a first-time installation.
187 lines
9.0 KiB
Bash
Executable File
187 lines
9.0 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
set -eo pipefail
|
|
[[ $DOKKU_TRACE ]] && set -x
|
|
source "$PLUGIN_CORE_AVAILABLE_PATH/common/functions"
|
|
source "$PLUGIN_CORE_AVAILABLE_PATH/common/property-functions"
|
|
source "$PLUGIN_AVAILABLE_PATH/config/functions"
|
|
source "$PLUGIN_AVAILABLE_PATH/nginx-vhosts/internal-functions"
|
|
|
|
fn-nginx-vhosts-migrate-env-vars() {
|
|
# @TODO: Remove this after a few versions
|
|
for app in $(dokku_apps "false" 2>/dev/null); do
|
|
nginx_port="$(config_get "$app" DOKKU_NGINX_PORT || true)"
|
|
nginx_ssl_port="$(config_get "$app" DOKKU_NGINX_SSL_PORT || true)"
|
|
if [[ -n "$nginx_port" ]] || [[ -n "$nginx_ssl_port" ]]; then
|
|
dokku_log_info1 "Migrating DOKKU_NGINX env variables. The following variables will be migrated"
|
|
dokku_log_info2 "DOKKU_NGINX_PORT -> DOKKU_PROXY_PORT"
|
|
dokku_log_info2 "DOKKU_NGINX_SSL_PORT -> DOKKU_PROXY_SSL_PORT"
|
|
fi
|
|
if [[ -n "$nginx_port" ]]; then
|
|
dokku_log_info1 "Migrating DOKKU_NGINX_PORT to DOKKU_PROXY_PORT for $app"
|
|
DOKKU_QUIET_OUTPUT=1 config_set --no-restart "$app" DOKKU_PROXY_PORT="$nginx_port"
|
|
DOKKU_QUIET_OUTPUT=1 config_unset --no-restart "$app" DOKKU_NGINX_PORT
|
|
fi
|
|
if [[ -n "$nginx_ssl_port" ]]; then
|
|
dokku_log_info1 "Migrating DOKKU_NGINX_SSL_PORT to DOKKU_PROXY_SSL_PORT for $app"
|
|
DOKKU_QUIET_OUTPUT=1 config_set --no-restart "$app" DOKKU_PROXY_SSL_PORT="$nginx_ssl_port"
|
|
DOKKU_QUIET_OUTPUT=1 config_unset --no-restart "$app" DOKKU_NGINX_SSL_PORT
|
|
fi
|
|
done
|
|
}
|
|
|
|
fn-nginx-vhosts-migrate-nginx-conf-sigil() {
|
|
if [[ "$(fn-plugin-property-get-default "nginx" "--global" "nginx-conf-sigil-migrated" "")" == "true" ]]; then
|
|
return
|
|
fi
|
|
|
|
fn-plugin-property-write "nginx" "--global" "nginx-conf-sigil-migrated" "true"
|
|
|
|
for APP in $(dokku_apps "false" 2>/dev/null); do
|
|
local DISABLE_CUSTOM_CONFIG="$(fn-nginx-computed-disable-custom-config "$APP")"
|
|
if [[ "$DISABLE_CUSTOM_CONFIG" == "true" ]]; then
|
|
continue
|
|
fi
|
|
|
|
local IMAGE_TAG="$(get_running_image_tag "$APP")"
|
|
local IMAGE=$(get_deploying_app_image_name "$APP" "$IMAGE_TAG")
|
|
copy_from_image "$IMAGE" "nginx.conf.sigil" "${DOKKU_LIB_ROOT}/data/nginx-vhosts/app-$APP/nginx.conf.sigil" 2>/dev/null || true
|
|
done
|
|
}
|
|
|
|
trigger-nginx-vhosts-install() {
|
|
declare desc="nginx-vhosts install trigger"
|
|
declare trigger="install"
|
|
|
|
fn-plugin-property-setup "nginx"
|
|
|
|
NGINX_BIN="$(fn-nginx-vhosts-nginx-location)"
|
|
NGINX_ROOT="/etc/nginx"
|
|
NGINX_LOG_ROOT="/var/log/nginx"
|
|
NGINX_INIT_NAME="nginx"
|
|
NGINX_SUDOERS_FILE="/etc/sudoers.d/dokku-nginx"
|
|
if fn-nginx-vhosts-uses-openresty; then
|
|
NGINX_ROOT="/usr/local/openresty/nginx/conf"
|
|
NGINX_LOG_ROOT="/var/log/openresty"
|
|
NGINX_INIT_NAME="openresty"
|
|
NGINX_SUDOERS_FILE="/etc/sudoers.d/dokku-openresty"
|
|
fi
|
|
|
|
local systemctl_path=/bin/systemctl
|
|
if [[ -x /usr/bin/systemctl ]]; then
|
|
systemctl_path=/usr/bin/systemctl
|
|
fi
|
|
|
|
local mode="0440"
|
|
case "$DOKKU_DISTRO" in
|
|
debian | raspbian)
|
|
if [[ -x "$systemctl_path" ]]; then
|
|
echo "%dokku ALL=(ALL) NOPASSWD:$systemctl_path enable $NGINX_INIT_NAME, $systemctl_path disable $NGINX_INIT_NAME, $systemctl_path reload $NGINX_INIT_NAME, $systemctl_path start $NGINX_INIT_NAME, $systemctl_path stop $NGINX_INIT_NAME, $systemctl_path is-active --quiet $NGINX_INIT_NAME, $NGINX_BIN -t, $NGINX_BIN -t -c *" >"$NGINX_SUDOERS_FILE"
|
|
else
|
|
echo "%dokku ALL=(ALL) NOPASSWD:/usr/sbin/invoke-rc.d $NGINX_INIT_NAME enable, /usr/sbin/invoke-rc.d $NGINX_INIT_NAME disable, /usr/sbin/invoke-rc.d $NGINX_INIT_NAME reload, /usr/sbin/invoke-rc.d $NGINX_INIT_NAME start, /usr/sbin/invoke-rc.d $NGINX_INIT_NAME stop, $NGINX_BIN -t, ${NGINX_BIN} -t -c *" >"$NGINX_SUDOERS_FILE"
|
|
fi
|
|
;;
|
|
|
|
ubuntu)
|
|
if [[ "$DOKKU_INIT_SYSTEM" == "sv" ]]; then
|
|
echo "%dokku ALL=(ALL) NOPASSWD:/usr/bin/sv enable $NGINX_INIT_NAME, /usr/bin/sv disable $NGINX_INIT_NAME, /usr/bin/sv reload $NGINX_INIT_NAME, /usr/bin/sv start $NGINX_INIT_NAME, /usr/bin/sv stop $NGINX_INIT_NAME, /usr/bin/sv status $NGINX_INIT_NAME, $NGINX_BIN -t, $NGINX_BIN -t -c *" >"$NGINX_SUDOERS_FILE"
|
|
elif [[ -x "$systemctl_path" ]]; then
|
|
echo "%dokku ALL=(ALL) NOPASSWD:$systemctl_path enable $NGINX_INIT_NAME, $systemctl_path disable $NGINX_INIT_NAME, $systemctl_path reload $NGINX_INIT_NAME, $systemctl_path start $NGINX_INIT_NAME, $systemctl_path stop $NGINX_INIT_NAME, $systemctl_path is-active --quiet $NGINX_INIT_NAME, $NGINX_BIN -t, $NGINX_BIN -t -c *" >"$NGINX_SUDOERS_FILE"
|
|
elif [[ -x /usr/bin/sv ]]; then
|
|
echo "%dokku ALL=(ALL) NOPASSWD:/usr/bin/sv enable $NGINX_INIT_NAME, /usr/bin/sv disable $NGINX_INIT_NAME, /usr/bin/sv reload $NGINX_INIT_NAME, /usr/bin/sv start $NGINX_INIT_NAME, /usr/bin/sv stop $NGINX_INIT_NAME, /usr/bin/sv status $NGINX_INIT_NAME, $NGINX_BIN -t, $NGINX_BIN -t -c *" >"$NGINX_SUDOERS_FILE"
|
|
else
|
|
echo "%dokku ALL=(ALL) NOPASSWD:/etc/init.d/$NGINX_INIT_NAME enable, /etc/init.d/$NGINX_INIT_NAME disable, /etc/init.d/$NGINX_INIT_NAME reload, /etc/init.d/$NGINX_INIT_NAME start, /etc/init.d/$NGINX_INIT_NAME stop, $NGINX_BIN -t, $NGINX_BIN -t -c *" >"$NGINX_SUDOERS_FILE"
|
|
fi
|
|
;;
|
|
|
|
arch)
|
|
echo "%dokku ALL=(ALL) NOPASSWD:$systemctl_path enable $NGINX_INIT_NAME, $systemctl_path disable $NGINX_INIT_NAME, $systemctl_path reload $NGINX_INIT_NAME, $systemctl_path start $NGINX_INIT_NAME, $systemctl_path stop $NGINX_INIT_NAME, $systemctl_path is-active --quiet $NGINX_INIT_NAME, $NGINX_BIN -t, $NGINX_BIN -t -c *" >"$NGINX_SUDOERS_FILE"
|
|
;;
|
|
esac
|
|
|
|
chmod "$mode" "$NGINX_SUDOERS_FILE"
|
|
|
|
# if dhparam.pem has not been created, create it the first time
|
|
if [[ ! -f "$NGINX_ROOT/dhparam.pem" ]]; then
|
|
openssl dhparam -out "$NGINX_ROOT/dhparam.pem" 2048
|
|
fi
|
|
|
|
mkdir -p "$NGINX_ROOT/conf.d"
|
|
chown root:root "$NGINX_ROOT/dhparam.pem"
|
|
chown root:root "$NGINX_ROOT/conf.d"
|
|
# cat <<EOF >"$NGINX_ROOT/conf.d/dokku.conf"
|
|
local DOKKU_TEMPLATE="$PLUGIN_AVAILABLE_PATH/nginx-vhosts/templates/dokku.conf.sigil"
|
|
CUSTOM_DOKKU_TEMPLATE="$(plugn trigger nginx-dokku-template-source)"
|
|
if [[ -n "$CUSTOM_DOKKU_TEMPLATE" ]] && [[ -f "$CUSTOM_DOKKU_TEMPLATE" ]]; then
|
|
DOKKU_TEMPLATE="$CUSTOM_DOKKU_TEMPLATE"
|
|
fi
|
|
|
|
# Remove server_tokens directive from main nginx config if present (commented or uncommented)
|
|
if [[ -f "$NGINX_ROOT/nginx.conf" ]]; then
|
|
sed -i '/server_tokens/d' "$NGINX_ROOT/nginx.conf"
|
|
fi
|
|
|
|
sigil -f "$DOKKU_TEMPLATE" DOKKU_ROOT="$DOKKU_ROOT" NGINX_ROOT="$NGINX_ROOT" | cat -s >"$NGINX_ROOT/conf.d/dokku.conf"
|
|
|
|
# allow users to override their server_names_hash_bucket_size
|
|
if [[ ! -f "$NGINX_ROOT/conf.d/server_names_hash_bucket_size.conf" ]]; then
|
|
echo 'server_names_hash_bucket_size 512;' >|"$NGINX_ROOT/conf.d/server_names_hash_bucket_size.conf"
|
|
fi
|
|
|
|
# revert dokku group changes
|
|
mkdir -p "$NGINX_LOG_ROOT"
|
|
gpasswd -a dokku adm
|
|
chgrp --quiet -R adm "$NGINX_LOG_ROOT"
|
|
gpasswd -M "$(grep -E ^dokku: /etc/group | awk -F ":" '{ print $4 }')" dokku
|
|
[[ -f /etc/logrotate.d/nginx ]] && sed -i -e 's/create 0640 www-data dokku/create 0640 www-data adm/g' /etc/logrotate.d/nginx
|
|
|
|
# Create nginx error templates
|
|
mkdir -p "${DOKKU_LIB_ROOT}/data/nginx-vhosts/dokku-errors"
|
|
chown -R "${DOKKU_SYSTEM_USER}:${DOKKU_SYSTEM_GROUP}" "${DOKKU_LIB_ROOT}/data/nginx-vhosts"
|
|
cp "${PLUGIN_CORE_AVAILABLE_PATH}/nginx-vhosts/templates/400-error.html" "${DOKKU_LIB_ROOT}/data/nginx-vhosts/dokku-errors/400-error.html"
|
|
cp "${PLUGIN_CORE_AVAILABLE_PATH}/nginx-vhosts/templates/404-error.html" "${DOKKU_LIB_ROOT}/data/nginx-vhosts/dokku-errors/404-error.html"
|
|
cp "${PLUGIN_CORE_AVAILABLE_PATH}/nginx-vhosts/templates/500-error.html" "${DOKKU_LIB_ROOT}/data/nginx-vhosts/dokku-errors/500-error.html"
|
|
cp "${PLUGIN_CORE_AVAILABLE_PATH}/nginx-vhosts/templates/502-error.html" "${DOKKU_LIB_ROOT}/data/nginx-vhosts/dokku-errors/502-error.html"
|
|
|
|
# patch broken nginx 1.8.0 logrotate
|
|
[[ -f /etc/logrotate.d/nginx ]] && sed -i -e 's/invoke-rc.d/service/g' /etc/logrotate.d/nginx
|
|
|
|
fn-nginx-vhosts-migrate-env-vars
|
|
fn-nginx-vhosts-migrate-nginx-conf-sigil
|
|
|
|
if [[ -f "${DOKKU_LIB_ROOT}/data/nginx-vhosts/nginx.stopped" ]]; then
|
|
rm -f "${DOKKU_LIB_ROOT}/data/nginx-vhosts/nginx.stopped"
|
|
fn-plugin-property-write "nginx" "--global" "proxy-status" "stopped"
|
|
fi
|
|
|
|
# avoid failing runit init calls on install
|
|
# the runit binaries are not yet available during dockerfile building
|
|
# and therefore both these calls will fail
|
|
if [[ -x /usr/bin/sv ]]; then
|
|
return
|
|
fi
|
|
|
|
# avoid starting nginx if it was stopped via the nginx:stop command
|
|
if [[ "$(fn-plugin-property-get "nginx" "--global" "proxy-status")" == "stopped" ]]; then
|
|
return
|
|
fi
|
|
|
|
# only start nginx if there is an app with the nginx proxy type
|
|
local start_nginx=false
|
|
local has_apps=false
|
|
for app in $(dokku_apps "false" 2>/dev/null); do
|
|
has_apps=true
|
|
if [[ "$(plugn trigger proxy-type "$app")" == "nginx" ]]; then
|
|
start_nginx=true
|
|
break
|
|
fi
|
|
done
|
|
|
|
if [[ "$start_nginx" == "false" ]] && [[ "$has_apps" == "true" ]]; then
|
|
return
|
|
fi
|
|
|
|
fn-nginx-vhosts-nginx-init-cmd start || fn-nginx-vhosts-nginx-init-cmd reload
|
|
}
|
|
|
|
trigger-nginx-vhosts-install "$@"
|