fixing bugs - run as GID 101 instead of 0, different permissions checks in swarm mode and disable including server confs in swarm mode
This commit is contained in:
parent
ba7524a419
commit
74417abc9c
|
@ -20,6 +20,6 @@ VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache /pr
|
|||
|
||||
EXPOSE 8080/tcp 8443/tcp
|
||||
|
||||
USER nginx
|
||||
USER nginx:nginx
|
||||
|
||||
ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"]
|
||||
|
|
|
@ -20,6 +20,6 @@ VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache /pr
|
|||
|
||||
EXPOSE 8080/tcp 8443/tcp
|
||||
|
||||
USER nginx
|
||||
USER nginx:nginx
|
||||
|
||||
ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"]
|
||||
|
|
|
@ -27,6 +27,6 @@ VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache /pr
|
|||
|
||||
EXPOSE 8080/tcp 8443/tcp
|
||||
|
||||
USER nginx
|
||||
USER nginx:nginx
|
||||
|
||||
ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"]
|
||||
|
|
|
@ -27,6 +27,6 @@ VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache /pr
|
|||
|
||||
EXPOSE 8080/tcp 8443/tcp
|
||||
|
||||
USER nginx
|
||||
USER nginx:nginx
|
||||
|
||||
ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"]
|
||||
|
|
|
@ -20,6 +20,6 @@ VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache /pr
|
|||
|
||||
EXPOSE 8080/tcp 8443/tcp
|
||||
|
||||
USER nginx
|
||||
USER nginx:nginx
|
||||
|
||||
ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"]
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
bla<p align="center">
|
||||
<p align="center">
|
||||
<img src="https://github.com/bunkerity/bunkerized-nginx/blob/master/logo.png?raw=true" width="425" />
|
||||
</p>
|
||||
|
||||
|
|
|
@ -53,7 +53,11 @@ if [ ! -f "/opt/installed" ] ; then
|
|||
echo "[*] Configuring bunkerized-nginx ..."
|
||||
|
||||
# check permissions
|
||||
/opt/entrypoint/permissions.sh
|
||||
if [ "$SWARM_MODE" = "no" ] ; then
|
||||
/opt/entrypoint/permissions.sh
|
||||
else
|
||||
/opt/entrypoint/permissions-swarm.sh
|
||||
fi
|
||||
if [ "$?" -ne 0 ] ; then
|
||||
exit 1
|
||||
fi
|
||||
|
|
|
@ -10,14 +10,18 @@
|
|||
cp /opt/confs/global/* /etc/nginx/
|
||||
|
||||
# include server block(s)
|
||||
if [ "$MULTISITE" = "yes" ] ; then
|
||||
includes=""
|
||||
for server in $SERVER_NAME ; do
|
||||
includes="${includes}include /etc/nginx/${server}/server.conf;\n"
|
||||
done
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%INCLUDE_SERVER%" "$includes"
|
||||
if [ "$SWARM_MODE" = "no" ] ; then
|
||||
if [ "$MULTISITE" = "yes" ] ; then
|
||||
includes=""
|
||||
for server in $SERVER_NAME ; do
|
||||
includes="${includes}include /etc/nginx/${server}/server.conf;\n"
|
||||
done
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%INCLUDE_SERVER%" "$includes"
|
||||
else
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%INCLUDE_SERVER%" "include /etc/nginx/server.conf;"
|
||||
fi
|
||||
else
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%INCLUDE_SERVER%" "include /etc/nginx/server.conf;"
|
||||
replace_in_file "/etc/nginx/nginx.conf" "%INCLUDE_SERVER%" ""
|
||||
fi
|
||||
|
||||
# setup default server block if multisite
|
||||
|
|
|
@ -0,0 +1,25 @@
|
|||
#!/bin/bash
|
||||
|
||||
# /etc/letsencrypt
|
||||
if [ ! -r "/etc/letsencrypt" ] || [ ! -x "/etc/letsencrypt" ] ; then
|
||||
echo "[!] WARNING - wrong permissions on /etc/letsencrypt"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# /www
|
||||
if [ ! -r "/www" ] || [ ! -x "/www" ] ; then
|
||||
echo "[!] ERROR - wrong permissions on /www"
|
||||
exit 2
|
||||
fi
|
||||
|
||||
# /etc/nginx
|
||||
if [ ! -r "/etc/nginx" ] || [ ! -x "/etc/nginx" ] ; then
|
||||
echo "[!] ERROR - wrong permissions on /etc/nginx"
|
||||
exit 3
|
||||
fi
|
||||
|
||||
# /acme-challenge
|
||||
if [ ! -r "/acme-challenge" ] || [ ! -x "/acme-challenge" ] ; then
|
||||
echo "[!] ERROR - wrong permissions on /acme-challenge"
|
||||
exit 4
|
||||
fi
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
# /etc/letsencrypt
|
||||
if [ ! -w "/etc/letsencrypt" ] || [ ! -r "/etc/letsencrypt" ] || [ ! -x "/etc/letsencrypt" ] ; then
|
||||
echo "[!] ERROR - wrong permissions on /etc/letsencrypt"
|
||||
echo "[!] WARNING - wrong permissions on /etc/letsencrypt"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
|
Loading…
Reference in New Issue