fixed bugs with MULTISITE variables and swarm example

entrypoint/site-config.sh

@@ -26,7 +26,7 @@ if [ "$MULTISITE" = "yes" ] ; then
 	done
 	for var in $(cut -d '=' -f 1 "${NGINX_PREFIX}nginx.env") ; do
 		name=$(echo "$var")
-		check=$(echo "$name" | grep "^$1_")
+		check=$(echo "$name" | grep "^${1}_")
 		if [ "$check" != "" ] ; then
 			repl_name=$(echo "$name" | sed "s~${1}_~~")
 			repl_value=$(env | grep -E "^${name}=" | sed "s~^${name}=~~")
@@ -60,38 +60,34 @@ replace_in_file "${NGINX_PREFIX}server.conf" "%SERVER_TOKENS%" "$SERVER_TOKENS"
 # reverse proxy
 if [ "$USE_REVERSE_PROXY" = "yes" ] ; then
 	i=1
-	for var in $(compgen -e) ; do
+	for var in $(set | cut -d '=' -f 1 | grep "^REVERSE_PROXY_URL") ; do
-		check1=$(echo "$var" | grep "^REVERSE_PROXY_URL")
+		url=$(echo "$var")
-		check2=$(echo "$var" | grep "^${1}_REVERSE_PROXY_URL")
+		url_value=$(echo "${!var}")
-		if [ "$check1" != "" ] || [ "$check2" != "" ] ; then
+		host=$(echo "$var" | sed "s/URL/HOST/")
-			name=$(echo "$var")
+		host_value=$(echo "${!host}")
-			value=$(echo "${!var}")
+		custom_headers=$(echo "$var" | sed "s/URL/HEADERS/")
-			host=$(echo "$name" | sed "s/URL/HOST/")
+		custom_headers_value=$(echo "${!custom_headers}")
-			host_value=$(env | grep "^${host}=" | sed "s/${host}=//")
+		ws=$(echo "$var" | sed "s/URL/WS/")
-			custom_headers=$(echo "$name" | sed "s/URL/HEADERS/")
+		ws_value=$(echo "${!ws}")
-			custom_headers_value=$(env | grep "^${host}=" | sed "s/${host}=//")
+		cp "${NGINX_PREFIX}reverse-proxy.conf" "${NGINX_PREFIX}reverse-proxy-${i}.conf"
-			ws=$(echo "$name" | sed "s/URL/WS/")
+		replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_URL%" "$url_value"
-			ws_value=$(env | grep "^${ws}=" | sed "s/${ws}=//")
+		replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_HOST%" "$host_value"
-			cp "${NGINX_PREFIX}reverse-proxy.conf" "${NGINX_PREFIX}reverse-proxy-${i}.conf"
+		if [ "$custom_headers_value" != "" ] ; then
-			replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_URL%" "$value"
+		  	IFS_=$IFS
-			replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_HOST%" "$host_value"
+			IFS=';'
-			if [ "$custom_headers_value" != "" ] ; then
+			for header_value in $(echo "$custom_headers_value") ; do
-			  	IFS_=$IFS
+				replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_CUSTOM_HEADERS%" "more_set_headers $header_value;\n%REVERSE_PROXY_CUSTOM_HEADERS%"
-				IFS=';'
+			done
-				for header_value in $(echo "$custom_headers_value") ; do
+			IFS=$IFS_
-					replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_CUSTOM_HEADERS%" "more_set_headers $header_value;\n%REVERSE_PROXY_CUSTOM_HEADERS%"
-				done
-				IFS=$IFS_
-				replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_CUSTOM_HEADERS%" ""
-			fi
-			replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_HEADERS%" "include ${NGINX_PREFIX}reverse-proxy-headers.conf;"
-			if [ "$ws_value" = "yes" ] ; then
-				replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_WS%" "proxy_http_version 1.1;\nproxy_set_header Upgrade \$http_upgrade;\nproxy_set_header Connection \"Upgrade\";\n"
-			else
-				replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_WS%" ""
-			fi
-			i=$(($i + 1))
 		fi
+		replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_CUSTOM_HEADERS%" ""
+		replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_HEADERS%" "include ${NGINX_PREFIX}reverse-proxy-headers.conf;"
+		if [ "$ws_value" = "yes" ] ; then
+			replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_WS%" "proxy_http_version 1.1;\nproxy_set_header Upgrade \$http_upgrade;\nproxy_set_header Connection \"Upgrade\";\n"
+		else
+			replace_in_file "${NGINX_PREFIX}reverse-proxy-${i}.conf" "%REVERSE_PROXY_WS%" ""
+		fi
+		i=$(($i + 1))
 	done
 	replace_in_file "${NGINX_PREFIX}server.conf" "%USE_REVERSE_PROXY%" "include ${NGINX_PREFIX}reverse-proxy-*.conf;"
 else

examples/swarm/stack.yml

@@ -0,0 +1,97 @@
+version: '3.8'
+
+services:
+
+  autoconf:
+    image: bunkerity/bunkerized-nginx-autoconf
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - /shared/confs:/etc/nginx
+      - /shared/letsencrypt:/etc/letsencrypt
+      - /shared/acme-challenge:/acme-challenge
+    environment:
+      - SWARM_MODE=yes
+      - API_URI=/ChangeMeToSomethingHardToGuess # must match API_URI from nginx
+    networks:
+      - net_config
+    deploy:
+      replicas: 1
+      placement:
+        constraints:
+          - "node.role==manager"
+
+  nginx:
+    image: bunkerity/bunkerized-nginx
+    ports:
+      - published: 80
+        target: 8080
+        mode: host
+        protocol: tcp
+      - published: 443
+        target: 8443
+        mode: host
+        protocol: tcp
+    volumes:
+      - /shared/confs:/etc/nginx:ro
+      - /shared/letsencrypt:/etc/letsencrypt:ro
+      - /shared/acme-challenge:/acme-challenge:ro
+      - /shared/www:/www:ro
+    environment:
+      - SWARM_MODE=yes
+      - USE_API=yes
+      - API_URI=/ChangeMeToSomethingHardToGuess # must match API_URI from autoconf
+      - MULTISITE=yes
+      - SERVER_NAME=
+      - AUTO_LETS_ENCRYPT=yes
+      - REDIRECT_HTTP_TO_HTTPS=yes
+      - DISABLE_DEFAULT_SERVER=yes
+    networks:
+      - net_config
+      - net_services
+    deploy:
+      mode: global
+      placement:
+        constraints:
+          - "node.role==worker"
+      labels:
+        - "bunkerized-nginx.AUTOCONF"
+
+ app1:
+    image: php:fpm-alpine
+    volumes:
+      - /shared/www/app1.website.com:/www
+    networks:
+      - net_services
+    deploy:
+      replicas: 1
+      placement:
+        constraints:
+          - "node.role==worker"
+      labels:
+        - "bunkerized-nginx.SERVER_NAME=app1.website.com"
+        - "bunkerized-nginx.REMOTE_PHP=php"
+        - "bunkerized-nginx.REMOTE_PHP_PATH=/www"
+
+  app2:
+    image: phpmyadmin:apache
+    environment:
+      - PMA_ARBITRARY=1
+      - PMA_ABSOLUTE_URI=https://app2.website.com
+    networks:
+      - net_services
+    deploy:
+      replicas: 1
+      placement:
+        constraints:
+          - "node.role==worker"
+      labels:
+        - "bunkerized-nginx.SERVER_NAME=app2.website.com"
+        - "bunkerized-nginx.USE_REVERSE_PROXY=yes"
+        - "bunkerized-nginx.REVERSE_PROXY_URL=/"
+        - "bunkerized-nginx.REVERSE_PROXY_HOST=http://app2"
+
+networks:
+  net_config:
+    driver: overlay
+  net_services:
+    driver: overlay  

ui/Dockerfile

@@ -10,9 +10,6 @@ COPY entrypoint/* /opt/entrypoint/
 COPY ui/ /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
 
-# Fix CVE-2020-1971
-RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
-
 VOLUME /etc/nginx
 
 EXPOSE 5000

ui/Dockerfile-amd64

@@ -10,9 +10,6 @@ COPY entrypoint/* /opt/entrypoint/
 COPY ui/ /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
 
-# Fix CVE-2020-1971
-RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
-
 VOLUME /etc/nginx
 
 EXPOSE 5000

ui/Dockerfile-arm32v7

@@ -17,9 +17,6 @@ COPY entrypoint/* /opt/entrypoint/
 COPY ui/ /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
 
-# Fix CVE-2020-1971
-RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
-
 VOLUME /etc/nginx
 
 EXPOSE 5000

ui/Dockerfile-arm64v8

@@ -17,9 +17,6 @@ COPY entrypoint/* /opt/entrypoint/
 COPY ui/ /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
 
-# Fix CVE-2020-1971
-RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
-
 VOLUME /etc/nginx
 
 EXPOSE 5000

ui/Dockerfile-i386

@@ -10,9 +10,6 @@ COPY entrypoint/* /opt/entrypoint/
 COPY ui/ /opt/entrypoint/
 RUN chmod +x /opt/entrypoint/*.py /opt/entrypoint/*.sh
 
-# Fix CVE-2020-1971
-RUN apk add "libcrypto1.1>1.1.1g-r0" "libssl1.1>1.1.1g-r0"
-
 VOLUME /etc/nginx
 
 EXPOSE 5000