dynamic reload of nginx by sending SIGHUP
This commit is contained in:
bunkerity
@@ -30,6 +30,9 @@ trap "trap_exit" TERM INT
|
||||
# trap SIGHUP
|
||||
function trap_reload() {
|
||||
echo "[*] Catched reload operation"
|
||||
if [ "$MULTISITE" = "yes" ] ; then
|
||||
/opt/entrypoint/multisite-config.sh
|
||||
fi
|
||||
if [ -f /tmp/nginx.pid ] ; then
|
||||
echo "[*] Reloading nginx ..."
|
||||
/usr/sbin/nginx -s reload
|
||||
@@ -53,6 +56,7 @@ if [ ! -f "/opt/installed" ] ; then
|
||||
/opt/entrypoint/site-config.sh "$server"
|
||||
echo "[*] Multi site - $server configuration done"
|
||||
done
|
||||
/opt/entrypoint/multisite-config.sh
|
||||
else
|
||||
/opt/entrypoint/site-config.sh
|
||||
echo "[*] Single site - $SERVER_NAME configuration done"
|
||||
@@ -67,13 +71,6 @@ chown -R root:nginx /etc/nginx/
|
||||
chmod -R 740 /etc/nginx/
|
||||
find /etc/nginx -type d -exec chmod 750 {} \;
|
||||
|
||||
# fix let's encrypt rights
|
||||
if [ "$AUTO_LETS_ENCRYPT" = "yes" ] ; then
|
||||
chown -R root:nginx /etc/letsencrypt
|
||||
chmod -R 740 /etc/letsencrypt
|
||||
find /etc/letsencrypt -type d -exec chmod 750 {} \;
|
||||
fi
|
||||
|
||||
# start rsyslogd
|
||||
rsyslogd
|
||||
|
||||
|
||||
42
entrypoint/multisite-config.sh
Normal file
42
entrypoint/multisite-config.sh
Normal file
@@ -0,0 +1,42 @@
|
||||
#!/bin/sh
|
||||
|
||||
# load default values
|
||||
. /opt/entrypoint/defaults.sh
|
||||
|
||||
# load some functions
|
||||
. /opt/entrypoint/utils.sh
|
||||
|
||||
# fix nginx configs rights (and modules through the symlink)
|
||||
chown -R root:nginx /etc/nginx/
|
||||
chmod -R 740 /etc/nginx/
|
||||
find /etc/nginx -type d -exec chmod 750 {} \;
|
||||
|
||||
if [ "$MULTISITE" = "yes" ] ; then
|
||||
servers=$(find /etc/nginx -name "server.conf" | cut -d '/' -f 4)
|
||||
for server in $servers ; do
|
||||
SERVER_PREFIX="/etc/nginx/${server}/"
|
||||
if grep "/etc/letsencrypt/live" ${SERVER_PREFIX}https.conf > /dev/null && [ ! -f /etc/letsencrypt/live/${server}/fullchain.pem ] ; then
|
||||
/opt/scripts/certbot-new.sh "$1" "$(cat ${SERVER_PREFIX}email-lets-encrypt.txt)"
|
||||
fi
|
||||
if grep "modsecurity.conf" ${SERVER_PREFIX}server.conf > /dev/null ; then
|
||||
modsec_custom=""
|
||||
if ls /modsec-confs/*.conf > /dev/null 2>&1 ; then
|
||||
modsec_custom="include /modsec-confs/*.conf\n"
|
||||
fi
|
||||
if ls /modsec-confs/${1}/*.conf > /dev/null 2>&1 ; then
|
||||
modsec_custom="${modsec_custom}include /modsec-confs/${server}/*.conf\n"
|
||||
fi
|
||||
replace_in_file "${SERVER_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CUSTOM_RULES%" "$modsec_custom"
|
||||
if grep "owasp-crs.conf" ${SERVER_PREFIX}modsecurity-rules.conf > /dev/null ; then
|
||||
modsec_crs_custom=""
|
||||
if ls /modsec-crs-confs/*.conf > /dev/null 2>&1 ; then
|
||||
modsec_crs_custom="include /modsec-crs-confs/*.conf\n"
|
||||
fi
|
||||
if ls /modsec-crs-confs/${1}/*.conf > /dev/null 2>&1 ; then
|
||||
modsec_crs_custom="${modsec_custom}include /modsec-crs-confs/${server}/*.conf\n"
|
||||
fi
|
||||
fi
|
||||
replace_in_file "${SERVER_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CUSTOM_CRS%" "$modsec_crs_custom"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
@@ -137,9 +137,6 @@ if [ "$REMOTE_PHP" != "" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_PHP%" "include ${NGINX_PREFIX}php.conf;"
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%FASTCGI_PATH%" "include ${NGINX_PREFIX}fastcgi.conf;"
|
||||
replace_in_file "${NGINX_PREFIX}php.conf" "%REMOTE_PHP%" "$REMOTE_PHP"
|
||||
if [ "$MULTISITE" = "yes" ] ; then
|
||||
cp /etc/nginx/fastcgi.conf ${NGINX_PREFIX}fastcgi.conf && chown root:nginx ${NGINX_PREFIX}fastcgi.conf
|
||||
fi
|
||||
replace_in_file "${NGINX_PREFIX}fastcgi.conf" "\$document_root" "${REMOTE_PHP_PATH}/"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_PHP%" ""
|
||||
@@ -322,11 +319,8 @@ if [ "$AUTO_LETS_ENCRYPT" = "yes" ] || [ "$USE_CUSTOM_HTTPS" = "yes" ] || [ "$GE
|
||||
FIRST_SERVER_NAME=$(echo "$SERVER_NAME" | cut -d " " -f 1)
|
||||
else
|
||||
FIRST_SERVER_NAME="$1"
|
||||
if [ ! -f /etc/letsencrypt/live/${1}/fullchain.pem ] ; then
|
||||
echo "[*] Performing Let's Encrypt challenge for $1 ..."
|
||||
EMAIL_LETS_ENCRYPT="${EMAIL_LETS_ENCRYPT-contact@$1}"
|
||||
/opt/scripts/certbot-new.sh "$1" "$EMAIL_LETS_ENCRYPT"
|
||||
fi
|
||||
EMAIL_LETS_ENCRYPT="${EMAIL_LETS_ENCRYPT-contact@$1}"
|
||||
echo -n "$EMAIL_LETS_ENCRYPT" > ${NGINX_PREFIX}email-lets-encrypt.txt
|
||||
fi
|
||||
replace_in_file "${NGINX_PREFIX}https.conf" "%HTTPS_CERT%" "/etc/letsencrypt/live/${FIRST_SERVER_NAME}/fullchain.pem"
|
||||
replace_in_file "${NGINX_PREFIX}https.conf" "%HTTPS_KEY%" "/etc/letsencrypt/live/${FIRST_SERVER_NAME}/privkey.pem"
|
||||
@@ -362,24 +356,22 @@ fi
|
||||
if [ "$USE_MODSECURITY" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}modsecurity.conf" "%MODSEC_RULES_FILE%" "${NGINX_PREFIX}/modsecurity-rules.conf"
|
||||
replace_in_file "${NGINX_PREFIX}server.conf" "%USE_MODSECURITY%" "include ${NGINX_PREFIX}modsecurity.conf;"
|
||||
modsec_custom=""
|
||||
if ls /modsec-confs/*.conf > /dev/null 2>&1 ; then
|
||||
modsec_custom="include /modsec-confs/*.conf\n"
|
||||
if [ "$MULTISITE" != "yes" ] ; then
|
||||
modsec_custom=""
|
||||
if ls /modsec-confs/*.conf > /dev/null 2>&1 ; then
|
||||
modsec_custom="include /modsec-confs/*.conf\n"
|
||||
fi
|
||||
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CUSTOM_RULES%" "$modsec_custom"
|
||||
fi
|
||||
if [ "$MULTISITE" = "yes" ] && ls /modsec-confs/${1}/*.conf > /dev/null 2>&1 ; then
|
||||
modsec_custom="${modsec_custom}include /modsec-confs/${1}/*.conf\n"
|
||||
fi
|
||||
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CUSTOM_RULES%" "$modsec_custom"
|
||||
if [ "$USE_MODSECURITY_CRS" = "yes" ] ; then
|
||||
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CRS%" "include /etc/nginx/owasp-crs.conf"
|
||||
modsec_crs_custom=""
|
||||
if ls /modsec-crs-confs/*.conf > /dev/null 2>&1 ; then
|
||||
modsec_crs_custom="include /modsec-crs-confs/*.conf\n"
|
||||
if [ "$MULTISITE" != "yes" ] ; then
|
||||
modsec_crs_custom=""
|
||||
if ls /modsec-crs-confs/*.conf > /dev/null 2>&1 ; then
|
||||
modsec_crs_custom="include /modsec-crs-confs/*.conf\n"
|
||||
fi
|
||||
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CUSTOM_CRS%" "$modsec_crs_custom"
|
||||
fi
|
||||
if [ "$MULTISITE" = "yes" ] && ls /modsec-crs-confs/${1}/*.conf > /dev/null 2>&1 ; then
|
||||
modsec_crs_custom="${modsec_custom}include /modsec-crs-confs/${1}/*.conf\n"
|
||||
fi
|
||||
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CUSTOM_CRS%" "$modsec_crs_custom"
|
||||
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CRS_RULES%" "include /etc/nginx/owasp-crs/*.conf"
|
||||
else
|
||||
replace_in_file "${NGINX_PREFIX}modsecurity-rules.conf" "%MODSECURITY_INCLUDE_CRS%" ""
|
||||
|
||||
Reference in New Issue
Block a user