Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
bunkerweb/entrypoint/entrypoint.sh

165 lines
3.5 KiB
Bash
Raw Blame History

#!/bin/bash
# load default values
. ./opt/entrypoint/defaults.sh
echo "[*] Starting bunkerized-nginx ..."
# execute custom scripts if it's a customized image
for file in /entrypoint.d/* ; do
[ -f "$file" ] && [ -x "$file" ] && "$file"
done
# trap SIGTERM and SIGINT
function trap_exit() {
echo "[*] Catched stop operation"
echo "[*] Stopping crond ..."
pkill -TERM crond
if [ "$USE_FAIL2BAN" = "yes" ] ; then
echo "[*] Stopping fail2ban"
fail2ban-client stop > /dev/null
fi
echo "[*] Stopping nginx ..."
/usr/sbin/nginx -s stop
echo "[*] Stopping rsyslogd ..."
pkill -TERM rsyslogd
pkill -TERM tail
}
trap "trap_exit" TERM INT QUIT
# trap SIGHUP
function trap_reload() {
echo "[*] Catched reload operation"
if [ "$MULTISITE" = "yes" ] && [ "$SWARM_MODE" != "yes" ] ; then
/opt/entrypoint/multisite-config.sh
fi
if [ -f /tmp/nginx.pid ] ; then
echo "[*] Reloading nginx ..."
nginx -s reload
if [ $? -eq 0 ] ; then
echo "[*] Reload successfull"
else
echo "[!] Reload failed"
fi
else
echo "[!] Ignored reload operation because nginx is not running"
fi
}
trap "trap_reload" HUP
# do the configuration magic if needed
if [ ! -f "/opt/installed" ] ; then
echo "[*] Configuring bunkerized-nginx ..."
# check permissions
if [ "$SWARM_MODE" = "no" ] ; then
/opt/entrypoint/permissions.sh
else
/opt/entrypoint/permissions-swarm.sh
fi
if [ "$?" -ne 0 ] ; then
exit 1
fi
# logs config
/opt/entrypoint/logs.sh
# lua config
# TODO : move variables from /usr/local/lib/lua + multisite support ?
/opt/entrypoint/lua.sh
# fail2ban config
/opt/entrypoint/fail2ban.sh
# clamav config
/opt/entrypoint/clamav.sh
# start temp nginx to solve Let's Encrypt challenges if needed
/opt/entrypoint/nginx-temp.sh
# only do config if we are not in swarm mode
if [ "$SWARM_MODE" = "no" ] ; then
# global config
/opt/entrypoint/global-config.sh
# background jobs
/opt/entrypoint/jobs.sh
# multisite configs
if [ "$MULTISITE" = "yes" ] ; then
for server in $SERVER_NAME ; do
/opt/entrypoint/site-config.sh "$server"
echo "[*] Multi site - $server configuration done"
done
/opt/entrypoint/multisite-config.sh
# singlesite config
else
/opt/entrypoint/site-config.sh
echo "[*] Single site - $SERVER_NAME configuration done"
fi
fi
touch /opt/installed
else
echo "[*] Skipping configuration process"
fi
# start rsyslogd
rsyslogd -i /tmp/rsyslogd.pid
# start crond
crond
# wait until config has been generated if we are in swarm mode
if [ "$SWARM_MODE" = "yes" ] ; then
echo "[*] Waiting until config has been generated ..."
while [ ! -f "/etc/nginx/autoconf" ] ; do
sleep 1
done
fi
# stop temp config if needed
if [ -f "/tmp/nginx-temp.pid" ] ; then
nginx -c /tmp/nginx-temp.conf -s quit
fi
# run nginx
echo "[*] Running nginx ..."
nginx
if [ "$?" -eq 0 ] ; then
echo "[*] nginx successfully started !"
else
echo "[!] nginx failed to start"
fi
# list of log files to display
LOGS="/var/log/access.log /var/log/error.log /var/log/jobs.log /var/log/nginx/error.log /var/log/nginx/modsec_audit.log"
# start fail2ban
if [ "$USE_FAIL2BAN" = "yes" ] ; then
echo "[*] Running fail2ban ..."
fail2ban-server > /dev/null
LOGS="$LOGS /var/log/fail2ban.log"
fi
# autotest
if [ "$1" == "test" ] ; then
sleep 10
echo -n "autotest" > /www/index.html
check=$(curl "http://localhost:${HTTP_PORT}" 2> /dev/null)
if [ "$check" == "autotest" ] ; then
exit 0
fi
exit 1
fi
# display logs
tail -F $LOGS &
pid="$!"
while [ -f "/tmp/nginx.pid" ] ; do
wait "$pid"
done
# sigterm trapped
echo "[*] bunkerized-nginx stopped"
exit 0
Reference in New Issue View Git Blame Copy Permalink