mirror of
https://github.com/bunkerity/bunkerized-nginx
synced 2023-12-13 21:30:18 +01:00
templating - prepare integration for autoconf
This commit is contained in:
parent
a991b262ef
commit
e2f02ee91e
6 changed files with 68 additions and 71 deletions
|
@ -1,7 +1,6 @@
|
|||
from Config import Config
|
||||
import utils
|
||||
import os
|
||||
|
||||
class AutoConf :
|
||||
|
||||
def __init__(self, swarm, api) :
|
||||
|
|
|
@ -1,45 +1,26 @@
|
|||
FROM nginx:stable-alpine AS builder
|
||||
FROM nginx:1.20.0-alpine AS builder
|
||||
|
||||
FROM alpine
|
||||
|
||||
COPY --from=builder /etc/nginx/ /opt/confs/nginx
|
||||
|
||||
RUN apk add py3-pip apache2-utils bash certbot curl logrotate openssl && \
|
||||
pip3 install docker requests && \
|
||||
mkdir /opt/entrypoint && \
|
||||
mkdir -p /opt/confs/site && \
|
||||
mkdir -p /opt/confs/global && \
|
||||
mkdir /opt/scripts && \
|
||||
addgroup -g 101 nginx && \
|
||||
adduser -h /var/cache/nginx -g nginx -s /sbin/nologin -G nginx -D -H -u 101 nginx && \
|
||||
mkdir /etc/letsencrypt && \
|
||||
chown root:nginx /etc/letsencrypt && \
|
||||
chmod 770 /etc/letsencrypt && \
|
||||
mkdir /var/log/letsencrypt && \
|
||||
chown root:nginx /var/log/letsencrypt && \
|
||||
chmod 770 /var/log/letsencrypt && \
|
||||
mkdir /var/lib/letsencrypt && \
|
||||
chown root:nginx /var/lib/letsencrypt && \
|
||||
chmod 770 /var/lib/letsencrypt && \
|
||||
mkdir /cache && \
|
||||
chown root:nginx /cache && \
|
||||
chmod 770 /cache && \
|
||||
touch /var/log/jobs.log && \
|
||||
chown root:nginx /var/log/jobs.log && \
|
||||
chmod 770 /var/log/jobs.log && \
|
||||
chown -R root:nginx /opt/confs/nginx && \
|
||||
chmod -R 770 /opt/confs/nginx && \
|
||||
mkdir /acme-challenge && \
|
||||
chown root:nginx /acme-challenge && \
|
||||
chmod 770 /acme-challenge
|
||||
COPY autoconf/dependencies.sh /tmp
|
||||
RUN chmod +x /tmp/dependencies.sh && \
|
||||
/tmp/dependencies.sh && \
|
||||
rm -f /tmp/dependencies.sh
|
||||
|
||||
|
||||
COPY autoconf/misc/logrotate.conf /etc/logrotate.conf
|
||||
COPY scripts/* /opt/scripts/
|
||||
COPY confs/site/ /opt/confs/site
|
||||
COPY gen/ /opt/gen
|
||||
COPY entrypoint/ /opt/entrypoint
|
||||
COPY confs/global/ /opt/confs/global
|
||||
COPY entrypoint/* /opt/entrypoint/
|
||||
COPY confs/site/ /opt/confs/site
|
||||
COPY scripts/ /opt/scripts
|
||||
COPY settings.json /opt
|
||||
COPY misc/cron /etc/crontabs/nginx
|
||||
COPY autoconf/* /opt/entrypoint/
|
||||
RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh /opt/scripts/*.sh
|
||||
|
||||
COPY autoconf/prepare.sh /tmp
|
||||
RUN chmod +x /tmp/prepare.sh && \
|
||||
/tmp/prepare.sh && \
|
||||
rm -f /tmp/prepare.sh
|
||||
|
||||
ENTRYPOINT ["/opt/entrypoint/entrypoint.sh"]
|
||||
|
|
5
autoconf/dependencies.sh
Normal file
5
autoconf/dependencies.sh
Normal file
|
@ -0,0 +1,5 @@
|
|||
#!/bin/sh
|
||||
|
||||
# install dependencies
|
||||
apk add py3-pip bash certbot curl logrotate openssl
|
||||
pip3 install docker requests jinja2
|
|
@ -19,28 +19,19 @@ function trap_exit() {
|
|||
echo "[*] Catched stop operation"
|
||||
echo "[*] Stopping crond ..."
|
||||
pkill -TERM crond
|
||||
echo "[*] Stopping python3 ..."
|
||||
echo "[*] Stopping autoconf ..."
|
||||
pkill -TERM python3
|
||||
pkill -TERM tail
|
||||
}
|
||||
trap "trap_exit" TERM INT QUIT
|
||||
|
||||
# remove old crontabs
|
||||
echo "" > /etc/crontabs/root
|
||||
|
||||
# setup logrotate
|
||||
touch /var/log/jobs.log
|
||||
echo "0 0 * * * /usr/sbin/logrotate -f /etc/logrotate.conf > /dev/null 2>&1" >> /etc/crontabs/root
|
||||
|
||||
# start cron
|
||||
crond
|
||||
|
||||
# run autoconf app
|
||||
/opt/entrypoint/app.py &
|
||||
|
||||
# display logs
|
||||
tail -F /var/log/jobs.log &
|
||||
pid="$!"
|
||||
|
||||
# wait while app is up
|
||||
wait "$pid"
|
||||
|
||||
# stop
|
||||
|
|
|
@ -1,23 +0,0 @@
|
|||
/var/log/*.log /var/log/letsencrypt/*.log {
|
||||
# compress old files using gzip
|
||||
compress
|
||||
|
||||
# rotate everyday
|
||||
daily
|
||||
|
||||
# remove old logs after X days
|
||||
maxage 7
|
||||
rotate 7
|
||||
|
||||
# no errors if a file is missing
|
||||
missingok
|
||||
|
||||
# disable mailing
|
||||
nomail
|
||||
|
||||
# mininum size of a logfile before rotating
|
||||
minsize 10M
|
||||
|
||||
# make a copy and truncate the files
|
||||
copytruncate
|
||||
}
|
44
autoconf/prepare.sh
Normal file
44
autoconf/prepare.sh
Normal file
|
@ -0,0 +1,44 @@
|
|||
#!/bin/sh
|
||||
|
||||
# create nginx user
|
||||
addgroup -g 101 nginx
|
||||
adduser -h /var/cache/nginx -g nginx -s /sbin/nologin -G nginx -D -H -u 101 nginx
|
||||
|
||||
# prepare /opt
|
||||
chown -R root:nginx /opt
|
||||
find /opt -type f -exec chmod 0740 {} \;
|
||||
find /opt -type d -exec chmod 0750 {} \;
|
||||
chmod ugo+x /opt/entrypoint/* /opt/scripts/*
|
||||
chmod ugo+x /opt/gen/main.py
|
||||
chmod 770 /opt
|
||||
chmod 440 /opt/settings.json
|
||||
|
||||
# prepare /var/log
|
||||
ln -s /proc/1/fd/1 /var/log/jobs.log
|
||||
mkdir /var/log/letsencrypt
|
||||
chown nginx:nginx /var/log/letsencrypt
|
||||
chmod 770 /var/log/letsencrypt
|
||||
|
||||
# prepare /etc/letsencrypt
|
||||
mkdir /etc/letsencrypt
|
||||
chown root:nginx /etc/letsencrypt
|
||||
chmod 770 /etc/letsencrypt
|
||||
|
||||
# prepare /var/lib/letsencrypt
|
||||
mkdir /var/lib/letsencrypt
|
||||
chown root:nginx /var/lib/letsencrypt
|
||||
chmod 770 /var/lib/letsencrypt
|
||||
|
||||
# prepare /cache
|
||||
mkdir /cache
|
||||
chown root:nginx /cache
|
||||
chmod 770 /cache
|
||||
|
||||
# prepare /acme-challenge
|
||||
mkdir /acme-challenge
|
||||
chown root:nginx /acme-challenge
|
||||
chmod 770 /acme-challenge
|
||||
|
||||
# prepare /etc/crontabs/nginx
|
||||
chown root:nginx /etc/crontabs/nginx
|
||||
chmod 440 /etc/crontabs/nginx
|
Loading…
Reference in a new issue