Mirrors/dokku
1
0
Fork 0
mirror of https://github.com/dokku/dokku.git synced 2025-12-16 12:07:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
a1c768b9b335d827e43437c9b8147dc992c35fe2
dokku/plugins/nginx-vhosts/functions
Jose Diaz-Gonzalez a1c768b9b3 refactor: drop web installer in favor of setup via cli 
This makes the installation a bit more secure by ensuring a user does not accidentally expose a way for unauthorized users to add new ssh keys to the system.

Additionally, this removes the extra HOSTNAME file to make the initial install process easier (that file was not modifiable by any dokku commands.

Closes #2247
2021-08-07 16:36:41 -04:00

568 lines
22 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
set -eo pipefail
[[ $DOKKU_TRACE ]] && set -x
source "$PLUGIN_CORE_AVAILABLE_PATH/common/functions"
source "$PLUGIN_AVAILABLE_PATH/certs/functions"
source "$PLUGIN_AVAILABLE_PATH/config/functions"
source "$PLUGIN_AVAILABLE_PATH/nginx-vhosts/internal-functions"
fn-nginx-log-root() {
declare desc="get the nginx log root"
local NGINX_LOG_ROOT="/var/log/nginx"
fn-nginx-vhosts-uses-openresty && NGINX_LOG_ROOT="/var/log/openresty"
echo "$NGINX_LOG_ROOT"
}
fn-nginx-access-log-format() {
declare desc="get the configured access log format"
declare APP="$1"
fn-plugin-property-get-default "nginx" "$APP" "access-log-format" ""
}
fn-nginx-access-log-path() {
declare desc="get the configured access log path"
declare APP="$1"
local NGINX_LOG_ROOT="$(fn-nginx-log-root)"
fn-plugin-property-get-default "nginx" "$APP" "access-log-path" "${NGINX_LOG_ROOT}/${APP}-access.log"
}
fn-nginx-proxy-buffer-size() {
declare desc="get the configured proxy buffer size"
declare APP="$1"
fn-plugin-property-get-default "nginx" "$APP" "proxy-buffer-size" "$(fn-get-pagesize)"
}
fn-nginx-proxy-buffering() {
declare desc="get the configured proxy buffering"
declare APP="$1"
fn-plugin-property-get-default "nginx" "$APP" "proxy-buffering" "on"
}
fn-nginx-proxy-buffers() {
declare desc="get the configured proxy buffers"
declare APP="$1"
fn-plugin-property-get-default "nginx" "$APP" "proxy-buffers" "8 $(fn-get-pagesize)"
}
fn-nginx-proxy-busy-buffers-size() {
declare desc="get the configured proxy busy buffers size"
declare APP="$1"
fn-plugin-property-get-default "nginx" "$APP" "proxy-busy-buffers-size" "$(($(fn-get-pagesize) * 2))"
}
fn-nginx-proxy-read-timeout() {
declare desc="get the configured proxy read timeout"
declare APP="$1"
fn-plugin-property-get-default "nginx" "$APP" "proxy-read-timeout" "60s"
}
fn-nginx-client-max-body-size() {
declare desc="get the configured client max body size"
declare APP="$1"
fn-plugin-property-get-default "nginx" "$APP" "client-max-body-size" ""
}
fn-nginx-error-log-path() {
declare desc="get the configured access log path"
declare APP="$1"
local NGINX_LOG_ROOT="$(fn-nginx-log-root)"
fn-plugin-property-get-default "nginx" "$APP" "error-log-path" "${NGINX_LOG_ROOT}/${APP}-error.log"
}
get_nginx_location() {
declare desc="check that nginx is at the expected location and return it"
fn-nginx-vhosts-nginx-location
}
validate_nginx() {
declare desc="validate entire nginx config"
declare APP="${1:-}" FLAG="${2:-}"
local NGINX_LOCATION EXIT_CODE
NGINX_LOCATION=$(get_nginx_location)
if [[ -z "$NGINX_LOCATION" ]]; then
exit 1
fi
if [[ "$APP" == "--clean" ]]; then
APP=""
FLAG="--clean"
fi
set +e
sudo "$NGINX_LOCATION" -t >/dev/null 2>&1
EXIT_CODE=$?
set -e
if [[ "$EXIT_CODE" -eq "0" ]]; then
return
fi
if [[ -n "$APP" ]]; then
verify_app_name "$APP"
nginx_vhosts_validate_single_func "$APP" "$FLAG"
else
for app in $(dokku_apps); do
nginx_vhosts_validate_single_func "$app" "$FLAG"
done
fi
set +e
sudo "$NGINX_LOCATION" -t >/dev/null 2>&1
EXIT_CODE=$?
set -e
if [[ "$EXIT_CODE" -eq "0" ]]; then
return
fi
sudo "$NGINX_LOCATION" -t
exit $?
}
restart_nginx() {
declare desc="restart nginx for given distros"
fn-nginx-vhosts-nginx-init-cmd "reload"
}
nginx_logs() {
declare desc="display app nginx logs"
declare NGINX_LOGS_TYPE="${1#nginx:}" APP="$2"
local NGINX_LOGS_TYPE=${NGINX_LOGS_TYPE%-logs}
local NGINX_LOGS_PATH="$("fn-nginx-${NGINX_LOGS_TYPE}-log-path" "$APP")"
if [[ "$NGINX_LOGS_PATH" == "off" ]] || [[ "$NGINX_LOGS_PATH" == "/dev/null" ]]; then
dokku_log_fail "$NGINX_LOGS_TYPE logs are disabled for this app"
fi
if [[ $3 == "-t" ]]; then
local NGINX_LOGS_ARGS="-F"
else
local NGINX_LOGS_ARGS="-n 20"
fi
tail "$NGINX_LOGS_ARGS" "$NGINX_LOGS_PATH"
}
configure_nginx_ports() {
declare desc="configure nginx listening ports"
local APP=$1
local RAW_TCP_PORTS="$(get_app_raw_tcp_ports "$APP")"
local DOKKU_PROXY_PORT=$(config_get "$APP" DOKKU_PROXY_PORT)
local DOKKU_PROXY_SSL_PORT=$(config_get "$APP" DOKKU_PROXY_SSL_PORT)
local DOKKU_PROXY_PORT_MAP=$(config_get "$APP" DOKKU_PROXY_PORT_MAP)
local IS_APP_VHOST_ENABLED=true
local UPSTREAM_PORT="5000"
plugn trigger domains-vhost-enabled "$APP" 2>/dev/null || IS_APP_VHOST_ENABLED=false
if [[ -z "$DOKKU_PROXY_PORT" ]] && [[ -z "$RAW_TCP_PORTS" ]]; then
if [[ "$IS_APP_VHOST_ENABLED" == "false" ]]; then
dokku_log_info1 "no proxy port set. setting to random open high port"
local PROXY_PORT=$(get_available_port)
else
local PROXY_PORT=$(config_get --global DOKKU_PROXY_PORT)
PROXY_PORT=${PROXY_PORT:=80}
fi
DOKKU_QUIET_OUTPUT=1 config_set --no-restart "$APP" DOKKU_PROXY_PORT="$PROXY_PORT"
fi
if [[ -z "$DOKKU_PROXY_SSL_PORT" ]]; then
if (is_ssl_enabled "$APP"); then
local PROXY_SSL_PORT=$(config_get --global DOKKU_PROXY_SSL_PORT)
PROXY_SSL_PORT=${PROXY_SSL_PORT:=443}
if [[ -z "$RAW_TCP_PORTS" ]] && [[ "$IS_APP_VHOST_ENABLED" == "false" ]]; then
dokku_log_info1 "no proxy ssl port set. setting to random open high port"
PROXY_SSL_PORT=$(get_available_port)
fi
DOKKU_QUIET_OUTPUT=1 config_set --no-restart "$APP" DOKKU_PROXY_SSL_PORT="$PROXY_SSL_PORT"
fi
fi
if [[ -z "$DOKKU_PROXY_PORT_MAP" ]]; then
if [[ -n "$RAW_TCP_PORTS" ]]; then
local RAW_TCP_PORT
for RAW_TCP_PORT in $RAW_TCP_PORTS; do
local PROXY_PORT_MAP+=" http:${RAW_TCP_PORT}:${RAW_TCP_PORT} "
done
else
local PROXY_PORT=${PROXY_PORT:-$DOKKU_PROXY_PORT}
local PROXY_SSL_PORT=${PROXY_SSL_PORT:-$DOKKU_PROXY_SSL_PORT}
[[ -f "$DOKKU_ROOT/$APP/PORT.web.1" ]] && local UPSTREAM_PORT="$(<"$DOKKU_ROOT/$APP/PORT.web.1")"
if [[ -n "$PROXY_PORT" ]] && [[ -n "$PROXY_SSL_PORT" ]]; then
local PROXY_PORT_MAP+=" http:${PROXY_PORT}:$UPSTREAM_PORT https:${PROXY_SSL_PORT}:$UPSTREAM_PORT "
elif [[ -n "$PROXY_PORT" ]]; then
local PROXY_PORT_MAP+=" http:${PROXY_PORT}:$UPSTREAM_PORT "
fi
fi
if [[ -n "$PROXY_PORT_MAP" ]]; then
local PROXY_PORT_MAP="$(echo "$PROXY_PORT_MAP" | xargs)"
local PROXY_PORT_MAP+=" $(merge_dedupe_list "$(remove_val_from_list "$PORT_MAP" "$DOKKU_PROXY_PORT_MAP" " ")" " ") "
DOKKU_QUIET_OUTPUT=1 config_set --no-restart "$APP" DOKKU_PROXY_PORT_MAP="$PROXY_PORT_MAP"
fi
fi
}
validate_ssl_domains() {
declare desc="check configured domains against SSL cert contents and show warning if mismatched"
local APP=$1
local VHOST_PATH="$DOKKU_ROOT/$APP/VHOST"
local SSL_HOSTNAME=$(get_ssl_hostnames "$APP")
local SSL_HOSTNAME_REGEX=$(echo "$SSL_HOSTNAME" | xargs | sed 's|\.|\\.|g' | sed 's/\*/\[^\.\]\*/g' | sed 's/ /|/g')
if ! (grep -q -E "^${SSL_HOSTNAME_REGEX}$" "$VHOST_PATH" &>/dev/null); then
dokku_log_info1 "No matching configured domains for $APP found in SSL certificate. Your app will show as insecure in a browser if accessed via SSL"
dokku_log_info1 "Please add appropriate domains via the dokku domains command"
[[ -n "$NONSSL_VHOSTS" ]] && dokku_log_info1 "Configured domains for app:"
local domain
for domain in $(echo "$NONSSL_VHOSTS" | xargs); do
dokku_log_info2 "$domain"
done
[[ -n "$SSL_HOSTNAME" ]] && dokku_log_info1 "Domains found in SSL certificate:"
for domain in $(echo "$SSL_HOSTNAME" | xargs); do
dokku_log_info2 "$domain"
done
fi
}
get_custom_nginx_template() {
declare desc="attempts to copy custom nginx template from app image"
local APP="$1"
local DESTINATION_FILE="$2"
local IMAGE_TAG="$(get_running_image_tag "$APP")"
local IMAGE=$(get_deploying_app_image_name "$APP" "$IMAGE_TAG")
local NGINX_TEMPLATE_NAME="nginx.conf.sigil"
local DISABLE_CUSTOM_CONFIG="$(fn-plugin-property-get-default "nginx" "$APP" "disable-custom-config" "false")"
if [[ "$DISABLE_CUSTOM_CONFIG" == "true" ]]; then
return
fi
copy_from_image "$IMAGE" "$NGINX_TEMPLATE_NAME" "$DESTINATION_FILE" 2>/dev/null || true
}
is_tls13_available() {
declare desc="detects whether the installed nginx version has TLSv1.3 support"
local NGINX_VERSION="$1"
local MAJOR_VERSION MINOR_VERSION PATCH_VERSION
local HAS_SUPPORT=false
MAJOR_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[1]}')
MINOR_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[2]}')
PATCH_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[3]}')
if [[ "$MAJOR_VERSION" -ge "2" ]]; then
HAS_SUPPORT=true
elif [[ "$MAJOR_VERSION" -eq "1" ]] && [[ "$MINOR_VERSION" -ge "13" ]]; then
HAS_SUPPORT=true
fi
echo $HAS_SUPPORT
}
is_spdy_enabled() {
declare desc="detects whether the installed nginx version has spdy support"
local NGINX_VERSION="$1"
local MAJOR_VERSION MINOR_VERSION PATCH_VERSION
local HAS_SUPPORT=true
MAJOR_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[1]}')
MINOR_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[2]}')
PATCH_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[3]}')
if [[ "$MAJOR_VERSION" -ge "2" ]]; then
HAS_SUPPORT=false
elif [[ "$MAJOR_VERSION" -eq "1" ]]; then
if [[ "$MINOR_VERSION" -ge "10" ]]; then
HAS_SUPPORT=false
elif [[ "$MINOR_VERSION" -ge "9" ]] && [[ "$PATCH_VERSION" -ge "5" ]]; then
HAS_SUPPORT=false
fi
fi
echo $HAS_SUPPORT
}
is_http2_push_enabled() {
declare desc="detects whether the installed nginx version has http2 push support"
local NGINX_VERSION="$1"
local MAJOR_VERSION MINOR_VERSION PATCH_VERSION
local HAS_SUPPORT=false
MAJOR_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[1]}')
MINOR_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[2]}')
PATCH_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[3]}')
if [[ "$MAJOR_VERSION" -ge "2" ]]; then
HAS_SUPPORT=true
elif [[ "$MAJOR_VERSION" -eq "1" ]]; then
if [[ "$MINOR_VERSION" -eq "13" ]] && [[ "$PATCH_VERSION" -ge "9" ]]; then
HAS_SUPPORT=true
elif [[ "$MINOR_VERSION" -ge "14" ]]; then
HAS_SUPPORT=true
fi
fi
echo $HAS_SUPPORT
}
is_http2_enabled() {
declare desc="detects whether the installed nginx version has http2 support"
local NGINX_VERSION="$1"
local MAJOR_VERSION MINOR_VERSION PATCH_VERSION
local HAS_SUPPORT=false
MAJOR_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[1]}')
MINOR_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[2]}')
PATCH_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[3]}')
if [[ "$MAJOR_VERSION" -ge "2" ]]; then
HAS_SUPPORT=true
elif [[ "$MAJOR_VERSION" -eq "1" ]]; then
if [[ "$MINOR_VERSION" -eq "11" ]] && [[ "$PATCH_VERSION" -ge "5" ]]; then
HAS_SUPPORT=true
elif [[ "$MINOR_VERSION" -ge "12" ]]; then
HAS_SUPPORT=true
fi
fi
echo $HAS_SUPPORT
}
is_grpc_enabled() {
declare desc="detects whether the installed nginx version has grpc support"
local NGINX_VERSION="$1"
local MAJOR_VERSION MINOR_VERSION PATCH_VERSION
local HAS_SUPPORT=false
MAJOR_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[1]}')
MINOR_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[2]}')
PATCH_VERSION=$(echo "$NGINX_VERSION" | awk '{split($0,a,"."); print a[3]}')
if [[ "$MAJOR_VERSION" -ge "2" ]]; then
HAS_SUPPORT=true
elif [[ "$MAJOR_VERSION" -eq "1" ]]; then
if [[ "$MINOR_VERSION" -eq "13" ]] && [[ "$PATCH_VERSION" -ge "10" ]]; then
HAS_SUPPORT=true
elif [[ "$MINOR_VERSION" -ge "14" ]]; then
HAS_SUPPORT=true
fi
fi
echo $HAS_SUPPORT
}
nginx_build_config() {
declare desc="build nginx config to proxy app containers using sigil"
declare APP="$1" DOKKU_APP_LISTEN_PORT="$2" DOKKU_APP_LISTEN_IP="$3"
local VHOST_PATH="$DOKKU_ROOT/$APP/VHOST"
local APP_URLS_PATH="$DOKKU_ROOT/$APP/URLS"
local NGINX_TEMPLATE_NAME="nginx.conf.sigil"
local NGINX_TEMPLATE="$PLUGIN_AVAILABLE_PATH/nginx-vhosts/templates/$NGINX_TEMPLATE_NAME"
local SCHEME=http
local NGINX_TEMPLATE_SOURCE="built-in"
local APP_SSL_PATH="$DOKKU_ROOT/$APP/tls"
local RAW_TCP_PORTS="$(get_app_raw_tcp_ports "$APP")"
local DOKKU_APP_LISTENERS
CUSTOM_NGINX_TEMPLATE="$(plugn trigger nginx-app-template-source "$APP" "app-config")"
if [[ -n "$CUSTOM_NGINX_TEMPLATE" ]]; then
NGINX_TEMPLATE="$CUSTOM_NGINX_TEMPLATE"
fi
local IS_APP_VHOST_ENABLED=true
plugn trigger domains-vhost-enabled "$APP" 2>/dev/null || IS_APP_VHOST_ENABLED=false
if [[ "$(plugn trigger proxy-is-enabled "$APP")" == "true" ]]; then
if [[ -z "$DOKKU_APP_LISTEN_PORT" ]] && [[ -z "$DOKKU_APP_LISTEN_IP" ]]; then
DOKKU_APP_LISTENERS="$(plugn trigger network-get-listeners "$APP" "web" | xargs)"
elif [[ -n "$DOKKU_APP_LISTEN_PORT" ]] && [[ -n "$DOKKU_APP_LISTEN_IP" ]]; then
local PASSED_LISTEN_IP_PORT=true
fi
# setup nginx listen ports
configure_nginx_ports "$APP"
local PROXY_PORT=$(config_get "$APP" DOKKU_PROXY_PORT)
local PROXY_SSL_PORT=$(config_get "$APP" DOKKU_PROXY_SSL_PORT)
local PROXY_PORT_MAP=$(config_get "$APP" DOKKU_PROXY_PORT_MAP)
local PORT_MAP
for PORT_MAP in $PROXY_PORT_MAP; do
local PROXY_UPSTREAM_PORT="$(awk -F ':' '{ print $3 }' <<<"$PORT_MAP")"
if [[ "$(is_val_in_list "$PROXY_UPSTREAM_PORT" "$PROXY_UPSTREAM_PORTS" " ")" == "false" ]]; then
local PROXY_UPSTREAM_PORTS+="$PROXY_UPSTREAM_PORT "
fi
done
local PROXY_UPSTREAM_PORTS="$(echo "$PROXY_UPSTREAM_PORTS" | xargs)"
local SSL_INUSE=
local NONSSL_VHOSTS=$(plugn trigger domains-list "$APP")
local NOSSL_SERVER_NAME=$(echo "$NONSSL_VHOSTS" | xargs)
if is_ssl_enabled "$APP"; then
local SSL_INUSE=true
local SCHEME=https
validate_ssl_domains "$APP"
local SSL_HOSTNAME=$(get_ssl_hostnames "$APP")
local SSL_HOSTNAME_REGEX=$(echo "$SSL_HOSTNAME" | xargs | sed 's|\.|\\.|g' | sed 's/\*/\[^\.\]\*/g' | sed 's/ /|/g')
if [[ "$IS_APP_VHOST_ENABLED" == "true" ]]; then
local SSL_VHOSTS=$(grep -E "^${SSL_HOSTNAME_REGEX}$" "$VHOST_PATH" || true)
else
local SSL_VHOSTS=$(<"$DOKKU_ROOT/VHOST")
fi
local SSL_SERVER_NAME
local host
for host in $SSL_VHOSTS; do
# SSL_SERVER_NAME should only contain items not in NOSSL_SERVER_NAME
if [[ ! $NOSSL_SERVER_NAME =~ (^|[[:space:]])$host($|[[:space:]]) ]]; then
SSL_SERVER_NAME="${host}${SSL_SERVER_NAME:+ $SSL_SERVER_NAME}"
fi
done
fi
local NGINX_LOCATION NGINX_VERSION SPDY_SUPPORTED TLS13_SUPPORTED HTTP2_SUPPORTED HTTP2_PUSH_SUPPORTED GRPC_SUPPORTED
NGINX_LOCATION=$(get_nginx_location)
if [[ -z "$NGINX_LOCATION" ]]; then
exit 1
fi
NGINX_VERSION="$("$NGINX_LOCATION" -v 2>&1 | cut -d'/' -f 2)"
SPDY_SUPPORTED="$(is_spdy_enabled "$NGINX_VERSION")"
TLS13_SUPPORTED="$(is_tls13_available "$NGINX_VERSION")"
HTTP2_SUPPORTED="$(is_http2_enabled "$NGINX_VERSION")"
HTTP2_PUSH_SUPPORTED="$(is_http2_push_enabled "$NGINX_VERSION")"
GRPC_SUPPORTED="$(is_grpc_enabled "$NGINX_VERSION")"
PROXY_PORT_MAP=$(echo "$PROXY_PORT_MAP" | xargs) # trailing spaces mess up default template
local NGINX_LOG_ROOT="$(fn-nginx-log-root)"
local NGINX_ACCESS_LOG_FORMAT="$(fn-nginx-access-log-format "$APP")"
local NGINX_ACCESS_LOG_PATH="$(fn-nginx-access-log-path "$APP")"
local NGINX_ERROR_LOG_PATH="$(fn-nginx-error-log-path "$APP")"
local CLIENT_MAX_BODY_SIZE="$(fn-nginx-client-max-body-size "$APP")"
local PROXY_READ_TIMEOUT="$(fn-nginx-proxy-read-timeout "$APP")"
local PROXY_BUFFER_SIZE="$(fn-nginx-proxy-buffer-size "$APP")"
local PROXY_BUFFERING="$(fn-nginx-proxy-buffering "$APP")"
local PROXY_BUFFERS="$(fn-nginx-proxy-buffers "$APP")"
local PROXY_BUSY_BUFFERS_SIZE="$(fn-nginx-proxy-busy-buffers-size "$APP")"
if [[ -z "$DOKKU_APP_LISTENERS" ]]; then
dokku_log_warn_quiet "No web listeners specified for $APP"
elif (is_deployed "$APP"); then
if [[ "$(plugn trigger network-get-static-listeners "$APP" "web")" == "" ]]; then
local IMAGE_TAG=$(get_running_image_tag "$APP")
local IMAGE=$(get_deploying_app_image_name "$APP" "$IMAGE_TAG" 2>/dev/null)
if ! verify_image "$IMAGE" 2>/dev/null; then
dokku_log_fail "Missing image for app"
fi
fi
local NGINX_BUILD_CONFIG_TMP_WORK_DIR=$(mktemp -d "/tmp/dokku-${DOKKU_PID}-${FUNCNAME[0]}.XXXXXX")
local NGINX_CONF=$(mktemp --tmpdir="${NGINX_BUILD_CONFIG_TMP_WORK_DIR}" "nginx.conf.XXXXXX")
local CUSTOM_NGINX_TEMPLATE="$NGINX_BUILD_CONFIG_TMP_WORK_DIR/$NGINX_TEMPLATE_NAME"
# shellcheck disable=SC2086
trap "rm -rf '$NGINX_CONF' '$NGINX_BUILD_CONFIG_TMP_WORK_DIR' >/dev/null" RETURN INT TERM EXIT
get_custom_nginx_template "$APP" "$CUSTOM_NGINX_TEMPLATE" 2>/dev/null
if [[ -f "$CUSTOM_NGINX_TEMPLATE" ]]; then
dokku_log_info1 'Overriding default nginx.conf with detected nginx.conf.sigil'
local NGINX_TEMPLATE="$CUSTOM_NGINX_TEMPLATE"
local NGINX_TEMPLATE_SOURCE="app-supplied"
fi
local NGINX_BIND_ADDRESS_IP4="$(fn-plugin-property-get-default "nginx" "$APP" "bind-address-ipv4" "")"
local NGINX_BIND_ADDRESS_IP6="$(fn-plugin-property-get-default "nginx" "$APP" "bind-address-ipv6" "::")"
[[ -z "$NGINX_BIND_ADDRESS_IP6" ]] && NGINX_BIND_ADDRESS_IP6="::"
local PROXY_X_FORWARDED_FOR="$(fn-plugin-property-get-default "nginx" "$APP" "x-forwarded-for-value" "\$remote_addr")"
local PROXY_X_FORWARDED_PORT="$(fn-plugin-property-get-default "nginx" "$APP" "x-forwarded-port-value" "\$server_port")"
local PROXY_X_FORWARDED_PROTO="$(fn-plugin-property-get-default "nginx" "$APP" "x-forwarded-proto-value" "\$scheme")"
local PROXY_X_FORWARDED_SSL="$(fn-plugin-property-get-default "nginx" "$APP" "x-forwarded-ssl" "")"
eval "$(config_export app "$APP")"
local SIGIL_PARAMS=(-f "$NGINX_TEMPLATE" APP="$APP" DOKKU_ROOT="$DOKKU_ROOT"
NOSSL_SERVER_NAME="$NOSSL_SERVER_NAME"
# Deprecated: Remove this after a few versions
DOKKU_APP_LISTENERS="$DOKKU_APP_LISTENERS"
DOKKU_LIB_ROOT="$DOKKU_LIB_ROOT"
PASSED_LISTEN_IP_PORT="$PASSED_LISTEN_IP_PORT"
SPDY_SUPPORTED="$SPDY_SUPPORTED"
TLS13_SUPPORTED="$TLS13_SUPPORTED"
HTTP2_SUPPORTED="$HTTP2_SUPPORTED"
NGINX_LOG_ROOT="$NGINX_LOG_ROOT"
NGINX_ACCESS_LOG_FORMAT="$NGINX_ACCESS_LOG_FORMAT"
NGINX_ACCESS_LOG_PATH="$NGINX_ACCESS_LOG_PATH"
NGINX_ERROR_LOG_PATH="$NGINX_ERROR_LOG_PATH"
NGINX_BIND_ADDRESS_IP4="$NGINX_BIND_ADDRESS_IP4"
NGINX_BIND_ADDRESS_IP6="$NGINX_BIND_ADDRESS_IP6"
HTTP2_PUSH_SUPPORTED="$HTTP2_PUSH_SUPPORTED"
GRPC_SUPPORTED="$GRPC_SUPPORTED"
DOKKU_APP_LISTEN_PORT="$DOKKU_APP_LISTEN_PORT" DOKKU_APP_LISTEN_IP="$DOKKU_APP_LISTEN_IP"
APP_SSL_PATH="$APP_SSL_PATH" SSL_INUSE="$SSL_INUSE" SSL_SERVER_NAME="$SSL_SERVER_NAME"
CLIENT_MAX_BODY_SIZE="$CLIENT_MAX_BODY_SIZE"
PROXY_READ_TIMEOUT="$PROXY_READ_TIMEOUT"
PROXY_BUFFER_SIZE="$PROXY_BUFFER_SIZE"
PROXY_BUFFERING="$PROXY_BUFFERING"
PROXY_BUFFERS="$PROXY_BUFFERS"
PROXY_BUSY_BUFFERS_SIZE="$PROXY_BUSY_BUFFERS_SIZE"
# Deprecated: Remove this after a few versions
NGINX_PORT="$PROXY_PORT" NGINX_SSL_PORT="$PROXY_SSL_PORT"
PROXY_PORT="$PROXY_PORT" PROXY_SSL_PORT="$PROXY_SSL_PORT" RAW_TCP_PORTS="$RAW_TCP_PORTS"
PROXY_PORT_MAP="$PROXY_PORT_MAP" PROXY_UPSTREAM_PORTS="$PROXY_UPSTREAM_PORTS"
PROXY_X_FORWARDED_FOR="$PROXY_X_FORWARDED_FOR"
PROXY_X_FORWARDED_PORT="$PROXY_X_FORWARDED_PORT"
PROXY_X_FORWARDED_PROTO="$PROXY_X_FORWARDED_PROTO"
PROXY_X_FORWARDED_SSL="$PROXY_X_FORWARDED_SSL")
while read -r line || [[ -n "$line" ]]; do
PROC_TYPE=${line%%=*}
LISTENERS="$(plugn trigger network-get-listeners "$APP" "$PROC_TYPE" | xargs)"
UPP_PROC_TYPE="${PROC_TYPE^^}"
UPP_PROC_TYPE="${UPP_PROC_TYPE//-/_}"
SIGIL_PARAMS+=("DOKKU_APP_${UPP_PROC_TYPE}_LISTENERS=$LISTENERS")
done < <(plugn trigger ps-current-scale "$APP")
if grep DOKKU_APP_LISTENERS "$NGINX_TEMPLATE"; then
dokku_log_warn "Deprecated: Usage of DOKKU_APP_LISTENERS within nginx.conf.sigil templates is deprecated in favor of DOKKU_APP_WEB_LISTENERS"
fi
if grep NGINX_SSL_PORT "$NGINX_TEMPLATE"; then
dokku_log_warn "Deprecated: Usage of NGINX_SSL_PORT within nginx.conf.sigil templates is deprecated in favor of PROXY_SSL_PORT"
fi
if grep NGINX_PORT "$NGINX_TEMPLATE"; then
dokku_log_warn "Deprecated: Usage of NGINX_PORT within nginx.conf.sigil templates is deprecated in favor of PROXY_PORT"
fi
# execute sigil template processing
xargs -i echo "-----> Configuring {}...(using $NGINX_TEMPLATE_SOURCE template)" <<<"$(echo "${SSL_VHOSTS}" "${NONSSL_VHOSTS}" | tr ' ' '\n' | sort -u)"
sigil "${SIGIL_PARAMS[@]}" | cat -s >"$NGINX_CONF"
dokku_log_info1 "Creating $SCHEME nginx.conf"
mv "$NGINX_CONF" "$DOKKU_ROOT/$APP/nginx.conf"
fn-nginx-vhosts-manage-hsts "$APP" "$SSL_INUSE"
plugn trigger nginx-pre-reload "$APP" "$DOKKU_APP_LISTEN_PORT" "$DOKKU_APP_LISTEN_IP"
dokku_log_verbose "Reloading nginx"
validate_nginx && restart_nginx >/dev/null
fi
if ([[ -n "$NONSSL_VHOSTS" ]] || [[ -n "$SSL_VHOSTS" ]]) && [[ "$IS_APP_VHOST_ENABLED" == "true" ]]; then
echo "# THIS FILE IS GENERATED BY DOKKU - DO NOT EDIT, YOUR CHANGES WILL BE OVERWRITTEN" >"$APP_URLS_PATH"
xargs -i echo "$SCHEME://{}" <<<"$(echo "${SSL_VHOSTS}" "${NONSSL_VHOSTS}" | tr ' ' '\n' | sort -u)" >>"$APP_URLS_PATH"
fi
else
# note because this clause is long. if the proxy is disabled:
dokku_log_info1 "nginx support is disabled for app ($APP)."
if [[ -f "$DOKKU_ROOT/$APP/nginx.conf" ]]; then
dokku_log_info1 "deleting nginx.conf"
rm "$DOKKU_ROOT/$APP/nginx.conf"
if (is_deployed "$APP"); then
dokku_log_info1 "reloading nginx after nginx.conf deletion"
validate_nginx && restart_nginx >/dev/null
fi
fi
fi
}
Reference in New Issue View Git Blame Copy Permalink