mirror of
https://github.com/dokku/dokku.git
synced 2025-12-29 00:25:08 +01:00
139 lines
5.2 KiB
Bash
Executable File
139 lines
5.2 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
set -eo pipefail; [[ $DOKKU_TRACE ]] && set -x
|
|
|
|
restart_nginx () {
|
|
case "$DOKKU_DISTRO" in
|
|
ubuntu)
|
|
sudo /etc/init.d/nginx reload > /dev/null
|
|
;;
|
|
|
|
opensuse)
|
|
sudo /sbin/service nginx reload > /dev/null
|
|
;;
|
|
esac
|
|
}
|
|
|
|
case "$1" in
|
|
nginx:build-config)
|
|
APP="$2"; DOKKU_APP_LISTEN_PORT="$3"; DOKKU_APP_LISTEN_IP="${4}"
|
|
VHOST_PATH="$DOKKU_ROOT/$APP/VHOST"
|
|
WILDCARD_SSL="$DOKKU_ROOT/tls"
|
|
SSL="$DOKKU_ROOT/$APP/tls"
|
|
|
|
if [[ -z "$DOKKU_APP_LISTEN_PORT" ]] && [[ -f "$DOKKU_ROOT/$APP/PORT" ]]; then
|
|
DOKKU_APP_LISTEN_PORT=$(< "$DOKKU_ROOT/$APP/PORT")
|
|
fi
|
|
if [[ -z "$DOKKU_APP_LISTEN_IP" ]] && [[ -f "$DOKKU_ROOT/$APP/IP" ]]; then
|
|
DOKKU_APP_LISTEN_IP=$(< "$DOKKU_ROOT/$APP/IP")
|
|
fi
|
|
|
|
[[ -f "$DOKKU_ROOT/ENV" ]] && source $DOKKU_ROOT/ENV
|
|
[[ -f "$DOKKU_ROOT/$APP/ENV" ]] && source $DOKKU_ROOT/$APP/ENV
|
|
|
|
if [[ ! -n "$NO_VHOST" ]] && [[ -f "$DOKKU_ROOT/$APP/VHOST" ]]; then
|
|
NONSSL_VHOSTS=$(cat $VHOST_PATH)
|
|
if [[ -e "$SSL/server.crt" ]] && [[ -e "$SSL/server.key" ]]; then
|
|
SSL_INUSE="$SSL"
|
|
SSL_DIRECTIVES=$(cat <<EOF
|
|
ssl_certificate $SSL_INUSE/server.crt;
|
|
ssl_certificate_key $SSL_INUSE/server.key;
|
|
EOF
|
|
)
|
|
elif [[ -e "$WILDCARD_SSL/server.crt" ]] && [[ -e "$WILDCARD_SSL/server.key" ]]; then
|
|
SSL_INUSE="$WILDCARD_SSL"
|
|
SSL_DIRECTIVES=""
|
|
fi
|
|
|
|
NGINX_CONF="$PLUGIN_PATH/nginx-vhosts/templates/nginx.conf"
|
|
SCHEME="http"
|
|
if [[ -n "$SSL_INUSE" ]]; then
|
|
NGINX_CONF="$PLUGIN_PATH/nginx-vhosts/templates/nginx.ssl.conf"
|
|
SCHEME="https"
|
|
|
|
SSL_HOSTNAME=$(openssl x509 -in $SSL_INUSE/server.crt -noout -subject | tr '/' '\n' | grep CN= | cut -c4-)
|
|
SSL_HOSTNAME=$(echo "$SSL_HOSTNAME" | sed 's|\.|\\.|g' | sed 's/\*/\.\*/g')
|
|
[[ -z "$(egrep ^"$SSL_HOSTNAME"$ $VHOST_PATH)" ]] && echo "$SSL_HOSTNAME" | sed 's/\\./\./g' >> $VHOST_PATH
|
|
|
|
SSL_HOSTNAME_ALT=$(openssl x509 -in $SSL_INUSE/server.crt -noout -text | grep --after-context=1 '509v3 Subject Alternative Name:' | tail -n 1 | sed -e "s/[[:space:]]*DNS://g" | tr ',' '\n' || true)
|
|
SSL_HOSTNAME_ALT=$(echo "$SSL_HOSTNAME_ALT" | sed 's|\.|\\.|g' | sed 's/\*/\.\*/g')
|
|
[[ -z "$(egrep ^"$SSL_HOSTNAME_ALT"$ $VHOST_PATH)" ]] && echo "$SSL_HOSTNAME_ALT" | sed 's/\\./\./g' >> $VHOST_PATH
|
|
|
|
SSL_VHOSTS=$(egrep "^${SSL_HOSTNAME}$|^${SSL_HOSTNAME_ALT}$" $VHOST_PATH || exit 0)
|
|
NONSSL_VHOSTS=$(egrep -v "^${SSL_HOSTNAME}$|^${SSL_HOSTNAME_ALT}$" $VHOST_PATH || exit 0)
|
|
|
|
while read line; do
|
|
echo "-----> Configuring SSL for $line..."
|
|
SSL_SERVER_NAME=$line
|
|
eval "cat <<< \"$(< $NGINX_CONF)\" >> $DOKKU_ROOT/$APP/nginx.conf"
|
|
done <<< "$SSL_VHOSTS"
|
|
fi
|
|
|
|
APP_NGINX_TEMPLATE="$DOKKU_ROOT/$APP/nginx.conf.template"
|
|
if [[ -f $APP_NGINX_TEMPLATE ]]; then
|
|
echo "-----> Overriding default nginx.conf with detected nginx.conf.template"
|
|
NGINX_CONF=$APP_NGINX_TEMPLATE
|
|
fi
|
|
|
|
xargs -i echo "-----> Configuring {}..." < $VHOST_PATH
|
|
# Include SSL_VHOSTS so we can redirect http to https on that hostname as well
|
|
NOSSL_SERVER_NAME=$(echo $NONSSL_VHOSTS $SSL_VHOSTS| tr '\n' ' ')
|
|
|
|
if [[ -n "$DOKKU_APP_LISTEN_PORT" ]] && [[ -n "$DOKKU_APP_LISTEN_IP" ]]; then
|
|
echo "-----> Creating $SCHEME nginx.conf"
|
|
echo "upstream $APP { server $DOKKU_APP_LISTEN_IP:$DOKKU_APP_LISTEN_PORT; }" > $DOKKU_ROOT/$APP/nginx.conf
|
|
eval "cat <<< \"$(< $NGINX_CONF)\" >> $DOKKU_ROOT/$APP/nginx.conf"
|
|
|
|
echo "-----> Running nginx-pre-reload"
|
|
pluginhook nginx-pre-reload $APP $DOKKU_APP_LISTEN_PORT $DOKKU_APP_LISTEN_IP
|
|
|
|
echo " Reloading nginx"
|
|
restart_nginx
|
|
fi
|
|
else
|
|
if [[ -f "$DOKKU_ROOT/$APP/VHOST" ]]; then
|
|
echo "-----> VHOST support disabled, deleting $APP/VHOST"
|
|
rm "$DOKKU_ROOT/$APP/VHOST"
|
|
fi
|
|
if [[ -f "$DOKKU_ROOT/$APP/nginx.conf" ]]; then
|
|
echo "-----> VHOST support disabled, deleting nginx.conf"
|
|
rm "$DOKKU_ROOT/$APP/nginx.conf"
|
|
|
|
echo "-----> VHOST support disabled, reloading nginx after nginx.conf deletion"
|
|
restart_nginx
|
|
fi
|
|
fi
|
|
;;
|
|
|
|
nginx:import-ssl)
|
|
[[ -z $2 ]] && echo "Please specify an app to run the command on" && exit 1
|
|
[[ ! -d "$DOKKU_ROOT/$2" ]] && echo "App $2 does not exist" && exit 1
|
|
[[ -t 0 ]] && echo "Tar archive containing server.crt and server.key expected on stdin" && exit 1
|
|
APP="$2"
|
|
|
|
TEMP_DIR=$(mktemp -d)
|
|
cd $TEMP_DIR
|
|
tar xvf - <&0
|
|
[[ ! -f "$TEMP_DIR/server.crt" ]] && echo "Tar archive missing server.crt" && exit 1
|
|
[[ ! -f "$TEMP_DIR/server.key" ]] && echo "Tar archive missing server.key" && exit 1
|
|
|
|
mkdir -p "$DOKKU_ROOT/$APP/tls"
|
|
mv "$TEMP_DIR/server.crt" "$DOKKU_ROOT/$APP/tls/server.crt"
|
|
mv "$TEMP_DIR/server.key" "$DOKKU_ROOT/$APP/tls/server.key"
|
|
cd $DOKKU_ROOT
|
|
rm -rf $TEMP_DIR
|
|
dokku nginx:build-config $APP
|
|
;;
|
|
|
|
help | nginx:help)
|
|
cat && cat<<EOF
|
|
nginx:import-ssl <app> Imports a tarball from stdin; should contain server.crt and server.key
|
|
nginx:build-config <app> (Re)builds nginx config for given app
|
|
EOF
|
|
;;
|
|
|
|
*)
|
|
exit $DOKKU_NOT_IMPLEMENTED_EXIT
|
|
;;
|
|
|
|
esac
|