autoconf - fix folders
This commit is contained in:
parent
2ea7331dad
commit
deb28c5991
|
@ -11,7 +11,7 @@ class Config :
|
|||
|
||||
def __jobs(self, type) :
|
||||
utils.log("[*] Starting jobs (type = " + type + ") ...")
|
||||
proc = subprocess.run(["/bin/su", "-c", "/opt/entrypoint/" + type + "-jobs.sh", "nginx"], capture_output=True)
|
||||
proc = subprocess.run(["/bin/su", "-c", "/opt/bunkerized-nginx/entrypoint/" + type + "-jobs.sh", "nginx"], capture_output=True)
|
||||
stdout = proc.stdout.decode("ascii")
|
||||
stderr = proc.stderr.decode("ascii")
|
||||
if len(stdout) > 1 :
|
||||
|
@ -56,7 +56,7 @@ class Config :
|
|||
f.write(k + "=" + v + "\n")
|
||||
|
||||
# Call the generator
|
||||
proc = subprocess.run(["/bin/su", "-c", "/opt/gen/main.py --settings /opt/settings.json --templates /opt/confs --output /etc/nginx --variables /tmp/variables.env", "nginx"], capture_output=True)
|
||||
proc = subprocess.run(["/bin/su", "-c", "/opt/bunkerized-nginx/gen/main.py --settings /opt/bunkerized-nginx/settings.json --templates /opt/bunkerized-nginx/confs --output /etc/nginx --variables /tmp/variables.env", "nginx"], capture_output=True)
|
||||
|
||||
# Print stdout/stderr
|
||||
stdout = proc.stdout.decode("ascii")
|
||||
|
|
|
@ -3,20 +3,21 @@ FROM alpine
|
|||
COPY autoconf/dependencies.sh /tmp
|
||||
RUN chmod +x /tmp/dependencies.sh && \
|
||||
/tmp/dependencies.sh && \
|
||||
rm -f /tmp/dependencies.sh
|
||||
rm -f /tmp/dependencies.sh && \
|
||||
mkdir /opt/bunkerized-nginx
|
||||
|
||||
COPY gen/ /opt/gen
|
||||
COPY entrypoint/ /opt/entrypoint
|
||||
COPY confs/global/ /opt/confs/global
|
||||
COPY confs/site/ /opt/confs/site
|
||||
COPY scripts/ /opt/scripts
|
||||
COPY settings.json /opt
|
||||
COPY gen/ /opt/bunkerized-nginx/gen
|
||||
COPY entrypoint/ /opt/bunkerized-nginx/entrypoint
|
||||
COPY confs/global/ /opt/bunkerized-nginx/confs/global
|
||||
COPY confs/site/ /opt/bunkerized-nginx/confs/site
|
||||
COPY scripts/ /opt/bunkerized-nginx/scripts
|
||||
COPY settings.json /opt/bunkerized-nginx/
|
||||
COPY misc/cron /etc/crontabs/nginx
|
||||
COPY autoconf/* /opt/entrypoint/
|
||||
COPY autoconf/* /opt/bunkerized-nginx/entrypoint/
|
||||
|
||||
COPY autoconf/prepare.sh /tmp
|
||||
RUN chmod +x /tmp/prepare.sh && \
|
||||
/tmp/prepare.sh && \
|
||||
rm -f /tmp/prepare.sh
|
||||
|
||||
ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"]
|
||||
ENTRYPOINT ["/opt/bunkerized-nginx/entrypoint/entrypoint.sh"]
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
echo "[*] Starting autoconf ..."
|
||||
|
||||
# check permissions
|
||||
su -s "/opt/entrypoint/permissions.sh" nginx
|
||||
su -s "/opt/bunkerized-nginx/entrypoint/permissions.sh" nginx
|
||||
if [ "$?" -ne 0 ] ; then
|
||||
exit 1
|
||||
fi
|
||||
|
@ -27,7 +27,7 @@ trap "trap_exit" TERM INT QUIT
|
|||
crond
|
||||
|
||||
# run autoconf app
|
||||
/opt/entrypoint/app.py &
|
||||
/opt/bunkerized-nginx/entrypoint/app.py &
|
||||
pid="$!"
|
||||
|
||||
# wait while app is up
|
||||
|
|
|
@ -1,12 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
curl -Lo manifest-tool https://github.com/estesp/manifest-tool/releases/download/v1.0.3/manifest-tool-linux-amd64
|
||||
chmod +x manifest-tool
|
||||
|
||||
VERSION=$(cat VERSION | tr -d '\n')
|
||||
if [ "$SOURCE_BRANCH" = "dev" ] ; then
|
||||
./manifest-tool push from-args --ignore-missing --platforms linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 --template bunkerity/bunkerized-nginx-autoconf:dev-ARCHVARIANT --target bunkerity/bunkerized-nginx-autoconf:dev
|
||||
elif [ "$SOURCE_BRANCH" = "master" ] ; then
|
||||
./manifest-tool push from-args --ignore-missing --platforms linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 --template bunkerity/bunkerized-nginx-autoconf:ARCHVARIANT --target bunkerity/bunkerized-nginx-autoconf:${VERSION}
|
||||
./manifest-tool push from-args --ignore-missing --platforms linux/amd64,linux/386,linux/arm/v7,linux/arm64/v8 --template bunkerity/bunkerized-nginx-autoconf:ARCHVARIANT --target bunkerity/bunkerized-nginx-autoconf:latest
|
||||
fi
|
|
@ -1,5 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Register qemu-*-static for all supported processors except the
|
||||
# current one, but also remove all registered binfmt_misc before
|
||||
docker run --rm --privileged multiarch/qemu-user-static:register --reset
|
|
@ -5,13 +5,17 @@ addgroup -g 101 nginx
|
|||
adduser -h /var/cache/nginx -g nginx -s /bin/sh -G nginx -D -H -u 101 nginx
|
||||
|
||||
# prepare /opt
|
||||
chown -R root:nginx /opt
|
||||
find /opt -type f -exec chmod 0740 {} \;
|
||||
find /opt -type d -exec chmod 0750 {} \;
|
||||
chmod ugo+x /opt/entrypoint/* /opt/scripts/*
|
||||
chmod ugo+x /opt/gen/main.py
|
||||
chmod 770 /opt
|
||||
chmod 440 /opt/settings.json
|
||||
chown root:nginx /opt
|
||||
chmod 750 /opt
|
||||
|
||||
# prepare /opt/bunkerized-nginx
|
||||
chown -R root:nginx /opt/bunkerized-nginx
|
||||
find /opt/bunkerized-nginx -type f -exec chmod 0740 {} \;
|
||||
find /opt/bunkerized-nginx -type d -exec chmod 0750 {} \;
|
||||
chmod ugo+x /opt/bunkerized-nginx/entrypoint/* /opt/bunkerized-nginx/scripts/*
|
||||
chmod ugo+x /opt/bunkerized-nginx/gen/main.py
|
||||
chmod 770 /opt/bunkerized-nginx
|
||||
chmod 440 /opt/bunkerized-nginx/settings.json
|
||||
|
||||
# prepare /var/log
|
||||
ln -s /proc/1/fd/1 /var/log/jobs.log
|
||||
|
@ -29,16 +33,30 @@ mkdir /var/lib/letsencrypt
|
|||
chown root:nginx /var/lib/letsencrypt
|
||||
chmod 770 /var/lib/letsencrypt
|
||||
|
||||
# prepare /cache
|
||||
# prepare /opt/bunkerized-nginx/cache
|
||||
ln -s /cache /opt/bunkerized-nginx/cache
|
||||
mkdir /cache
|
||||
chown root:nginx /cache
|
||||
chmod 770 /cache
|
||||
|
||||
# prepare /acme-challenge
|
||||
ln -s /acme-challenge /opt/bunkerized-nginx/acme-challenge
|
||||
mkdir /acme-challenge
|
||||
chown root:nginx /acme-challenge
|
||||
chmod 770 /acme-challenge
|
||||
|
||||
# prepare /modsec-confs
|
||||
ln -s /modsec-confs /opt/bunkerized-nginx/modsec-confs
|
||||
mkdir /modsec-confs
|
||||
chown root:nginx /modsec-confs
|
||||
chmod 770 /modsec-confs
|
||||
|
||||
# prepare /modsec-crs-confs
|
||||
ln -s /modsec-crs-confs /opt/bunkerized-nginx/modsec-crs-confs
|
||||
mkdir /modsec-crs-confs
|
||||
chown root:nginx /modsec-crs-confs
|
||||
chmod 770 /modsec-crs-confs
|
||||
|
||||
# prepare /etc/crontabs/nginx
|
||||
chown root:nginx /etc/crontabs/nginx
|
||||
chmod 440 /etc/crontabs/nginx
|
||||
|
|
Loading…
Reference in New Issue