Mirrors/dokku
1
0
Fork 0
mirror of https://github.com/dokku/dokku.git synced 2025-12-29 00:25:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
17ec77073ad8202c0d336f2072d3e565334e8f95
dokku/plugins/nginx-vhosts/install
Jose Diaz-Gonzalez e423676b11 feat: make installs quieter 
This removes output from commands that otherwise should be silent - such as when not needing to migrate data.
2019-01-20 20:54:00 -05:00

117 lines
4.4 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
set -eo pipefail
[[ $DOKKU_TRACE ]] && set -x
source "$PLUGIN_CORE_AVAILABLE_PATH/common/functions"
source "$PLUGIN_AVAILABLE_PATH/config/functions"
case "$DOKKU_DISTRO" in
debian)
echo "%dokku ALL=(ALL) NOPASSWD:/usr/sbin/invoke-rc.d nginx reload, /usr/sbin/nginx -t, /usr/sbin/nginx -t -c *" >/etc/sudoers.d/dokku-nginx
;;
ubuntu)
echo "%dokku ALL=(ALL) NOPASSWD:/etc/init.d/nginx reload, /usr/sbin/nginx -t, /usr/sbin/nginx -t -c *" >/etc/sudoers.d/dokku-nginx
;;
opensuse)
echo "%dokku ALL=(ALL) NOPASSWD:/sbin/service nginx reload, /usr/sbin/nginx -t, /usr/sbin/nginx -t -c *" >/etc/sudoers.d/dokku-nginx
;;
arch)
echo "%dokku ALL=(ALL) NOPASSWD:/usr/bin/systemctl reload nginx, /usr/sbin/nginx -t, /usr/sbin/nginx -t -c *" >/etc/sudoers.d/dokku-nginx
;;
centos | rhel)
echo "%dokku ALL=(ALL) NOPASSWD:/usr/bin/systemctl reload nginx, /usr/sbin/nginx -t, /usr/sbin/nginx -t -c *" >/etc/sudoers.d/dokku-nginx
echo "Defaults:dokku !requiretty" >>/etc/sudoers.d/dokku-nginx
;;
esac
chmod 0440 /etc/sudoers.d/dokku-nginx
# if dhparam.pem has not been created, create it the first time
if [[ ! -f /etc/nginx/dhparam.pem ]]; then
openssl dhparam -out /etc/nginx/dhparam.pem 2048
fi
mkdir -p /etc/nginx/conf.d
chown root:root /etc/nginx/dhparam.pem
chown root:root /etc/nginx/conf.d
cat <<EOF >/etc/nginx/conf.d/dokku.conf
include $DOKKU_ROOT/*/nginx.conf;
server_tokens off;
# Settings from https://mozilla.github.io/server-side-tls/ssl-config-generator/
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 1d;
ssl_session_tickets on;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
EOF
# allow users to override their server_names_hash_bucket_size
if [[ ! -f /etc/nginx/conf.d/server_names_hash_bucket_size.conf ]]; then
echo 'server_names_hash_bucket_size 512;' >|/etc/nginx/conf.d/server_names_hash_bucket_size.conf
fi
# revert dokku group changes
gpasswd -a dokku adm
chgrp --quiet -R adm /var/log/nginx
gpasswd -M "$(egrep ^dokku: /etc/group | awk -F ":" '{ print $4 }')" dokku
[[ -f /etc/logrotate.d/nginx ]] && sed -i -e 's/create 0640 www-data dokku/create 0640 www-data adm/g' /etc/logrotate.d/nginx
# Create nginx error templates
mkdir -p "${DOKKU_LIB_ROOT}/data/nginx-vhosts/dokku-errors"
cp "${PLUGIN_CORE_AVAILABLE_PATH}/nginx-vhosts/templates/400-error.html" "${DOKKU_LIB_ROOT}/data/nginx-vhosts/dokku-errors/400-error.html"
cp "${PLUGIN_CORE_AVAILABLE_PATH}/nginx-vhosts/templates/404-error.html" "${DOKKU_LIB_ROOT}/data/nginx-vhosts/dokku-errors/404-error.html"
cp "${PLUGIN_CORE_AVAILABLE_PATH}/nginx-vhosts/templates/500-error.html" "${DOKKU_LIB_ROOT}/data/nginx-vhosts/dokku-errors/500-error.html"
# patch broken nginx 1.8.0 logrotate
[[ -f /etc/logrotate.d/nginx ]] && sed -i -e 's/invoke-rc.d/service/g' /etc/logrotate.d/nginx
# @TODO: Remove this after a few versions
for app in $(dokku_apps); do
nginx_port="$(config_get "$app" DOKKU_NGINX_PORT || true)"
nginx_ssl_port="$(config_get "$app" DOKKU_NGINX_SSL_PORT || true)"
if [[ -n "$nginx_port" ]] || [[ -n "$nginx_ssl_port" ]]; then
dokku_log_info1 "Migrating DOKKU_NGINX env variables. The following variables will be migrated"
dokku_log_info2 "DOKKU_NGINX_PORT -> DOKKU_PROXY_PORT"
dokku_log_info2 "DOKKU_NGINX_SSL_PORT -> DOKKU_PROXY_SSL_PORT"
fi
if [[ -n "$nginx_port" ]]; then
dokku_log_info1 "Migrating DOKKU_NGINX_PORT to DOKKU_PROXY_PORT for $app"
config_set --no-restart "$app" DOKKU_PROXY_PORT="$nginx_port"
config_unset --no-restart "$app" DOKKU_NGINX_PORT
fi
if [[ -n "$nginx_ssl_port" ]]; then
dokku_log_info1 "Migrating DOKKU_NGINX_SSL_PORT to DOKKU_PROXY_SSL_PORT for $app"
config_set --no-restart "$app" DOKKU_PROXY_SSL_PORT="$nginx_ssl_port"
config_unset --no-restart "$app" DOKKU_NGINX_SSL_PORT
fi
done
case "$DOKKU_DISTRO" in
debian)
NGINX_INIT="/usr/sbin/invoke-rc.d"
"$NGINX_INIT" nginx start || "$NGINX_INIT" nginx reload
;;
ubuntu)
NGINX_INIT="/etc/init.d/nginx"
"$NGINX_INIT" start || "$NGINX_INIT" reload
;;
opensuse)
NGINX_INIT="/sbin/service"
"$NGINX_INIT" nginx start || "$NGINX_INIT" nginx reload
;;
arch | centos | rhel)
NGINX_INIT="/usr/bin/systemctl"
"$NGINX_INIT" start nginx || "$NGINX_INIT" reload nginx
;;
esac
Reference in New Issue View Git Blame Copy Permalink