docker-letsencrypt-nginx-pr.../app/entrypoint.sh

#!/bin/bash
# shellcheck disable=SC2155

set -u

if [[ -n "${ACME_TOS_HASH:-}" ]]; then
    echo "Info: the ACME_TOS_HASH environment variable is no longer used by simp_le and has been deprecated."
    echo "simp_le now implicitly agree to the ACME CA ToS."
fi

DOCKER_PROVIDER=${DOCKER_PROVIDER:-docker}

case "${DOCKER_PROVIDER}" in
ecs|ECS)
    # AWS ECS. Enabled in /etc/ecs/ecs.config (http://docs.aws.amazon.com/AmazonECS/latest/developerguide/container-metadata.html)
    if [[ -n "${ECS_CONTAINER_METADATA_FILE:-}" ]]; then
      export CONTAINER_ID=$(grep ContainerID "${ECS_CONTAINER_METADATA_FILE}" | sed 's/.*: "\(.*\)",/\1/g')
    else
      echo "${DOCKER_PROVIDER} specified as 'ecs' but not available. See: http://docs.aws.amazon.com/AmazonECS/latest/developerguide/container-metadata.html"
      exit 1
    fi
    ;;
*)
    export CONTAINER_ID=$(sed -nE 's/^.+docker[\/-]([a-f0-9]{64}).*/\1/p' /proc/self/cgroup | head -n 1)
    ;;
esac

if [[ -z "$CONTAINER_ID" ]]; then
    echo "Error: can't get my container ID !" >&2
    exit 1
fi

function check_docker_socket {
    if [[ $DOCKER_HOST == unix://* ]]; then
        socket_file=${DOCKER_HOST#unix://}
        if [[ ! -S $socket_file ]]; then
            echo "Error: you need to share your Docker host socket with a volume at $socket_file" >&2
            echo "Typically you should run your container with: '-v /var/run/docker.sock:$socket_file:ro'" >&2
            exit 1
        fi
    fi
}

function check_writable_directory {
    local dir="$1"
    docker_api "/containers/$CONTAINER_ID/json" | jq ".Mounts[].Destination" | grep -q "^\"$dir\"$"
    if [[ $? -ne 0 ]]; then
        echo "Warning: '$dir' does not appear to be a mounted volume."
    fi
    if [[ ! -d "$dir" ]]; then
        echo "Error: can't access to '$dir' directory !" >&2
        echo "Check that '$dir' directory is declared as a writable volume." >&2
        exit 1
    fi
    touch $dir/.check_writable 2>/dev/null
    if [[ $? -ne 0 ]]; then
        echo "Error: can't write to the '$dir' directory !" >&2
        echo "Check that '$dir' directory is export as a writable volume." >&2
        exit 1
    fi
    rm -f $dir/.check_writable
}

function check_dh_group {
    local DHPARAM_BITS="${DHPARAM_BITS:-2048}"
    re='^[0-9]*$'
    if ! [[ "$DHPARAM_BITS" =~ $re ]] ; then
       echo "Error: invalid Diffie-Hellman size of $DHPARAM_BITS !" >&2
       exit 1
    fi
    if [[ ! -f /etc/nginx/certs/dhparam.pem ]]; then
        echo "Creating Diffie-Hellman group (can take several minutes...)"
        openssl dhparam -out /etc/nginx/certs/.dhparam.pem.tmp $DHPARAM_BITS
        mv /etc/nginx/certs/.dhparam.pem.tmp /etc/nginx/certs/dhparam.pem || exit 1
    fi
}

source /app/functions.sh

[[ $DEBUG == true ]] && set -x

if [[ "$*" == "/bin/bash /app/start.sh" ]]; then
    check_docker_socket
    if [[ -z "$(get_nginx_proxy_container)" ]]; then
        echo "Error: can't get nginx-proxy container ID !" >&2
        echo "Check that you are doing one of the following :" >&2
        echo -e "\t- Use the --volumes-from option to mount volumes from the nginx-proxy container." >&2
        echo -e "\t- Set the NGINX_PROXY_CONTAINER env var on the letsencrypt-companion container to the name of the nginx-proxy container." >&2
        echo -e "\t- Label the nginx-proxy container to use with 'com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy'." >&2
        exit 1
    elif [[ -z "$(get_docker_gen_container)" ]] && ! is_docker_gen_container "$(get_nginx_proxy_container)"; then
        echo "Error: can't get docker-gen container id !" >&2
        echo "If you are running a three containers setup, check that you are doing one of the following :" >&2
        echo -e "\t- Set the NGINX_DOCKER_GEN_CONTAINER env var on the letsencrypt-companion container to the name of the docker-gen container." >&2
        echo -e "\t- Label the docker-gen container to use with 'com.github.jrcs.letsencrypt_nginx_proxy_companion.docker_gen.'" >&2
        exit 1
    fi
    check_writable_directory '/etc/nginx/certs'
    check_writable_directory '/etc/nginx/vhost.d'
    check_writable_directory '/usr/share/nginx/html'
    check_dh_group
fi

exec "$@"
First release 2015-12-31 18:50:25 +01:00			`#!/bin/bash`
Shell linting https://github.com/koalaman/shellcheck/wiki start.sh: Fix SC2173 on line 14. letsencrypt_service: Ignore SC2120 and SC1090. Fix SC1087 on line 54, SC2068 on lines 54 and 124. Fix SC2034 on lines 12, 13, 19 and 20. + use pushd / popd to change the CWD back to /etc/nginx/certs after simp_le execution. functions.sh: Ignore SC2155. Add the missing shebang. entrypoint.sh: Ignore SC2155. 2017-11-22 00:19:14 +01:00			`# shellcheck disable=SC2155`
First release 2015-12-31 18:50:25 +01:00
Add new DEBUG environment variable 2016-01-03 12:31:24 +01:00			`set -u`

Update simp_le to 0.7.0 This version implicitly and automatically agree to the ACME CA ToS. The code related to the ToS hash was consequently removed. 2018-01-11 21:45:54 +01:00			`if [[ -n "${ACME_TOS_HASH:-}" ]]; then`
Minor edits for coding style consistency 2018-02-08 23:57:50 +01:00			`echo "Info: the ACME_TOS_HASH environment variable is no longer used by simp_le and has been deprecated."`
			`echo "simp_le now implicitly agree to the ACME CA ToS."`
Update simp_le to 0.7.0 This version implicitly and automatically agree to the ACME CA ToS. The code related to the ToS hash was consequently removed. 2018-01-11 21:45:54 +01:00			`fi`

Modify to work with AWS ECS (#300) + add foundation for future support of other container management services 2018-01-14 21:45:17 +01:00			`DOCKER_PROVIDER=${DOCKER_PROVIDER:-docker}`

			`case "${DOCKER_PROVIDER}" in`
			`ecs\|ECS)`
			`# AWS ECS. Enabled in /etc/ecs/ecs.config (http://docs.aws.amazon.com/AmazonECS/latest/developerguide/container-metadata.html)`
			`if [[ -n "${ECS_CONTAINER_METADATA_FILE:-}" ]]; then`
			`export CONTAINER_ID=$(grep ContainerID "${ECS_CONTAINER_METADATA_FILE}" \| sed 's/.: "\(.\)",/\1/g')`
			`else`
			`echo "${DOCKER_PROVIDER} specified as 'ecs' but not available. See: http://docs.aws.amazon.com/AmazonECS/latest/developerguide/container-metadata.html"`
			`exit 1`
			`fi`
			`;;`
			`*)`
			`export CONTAINER_ID=$(sed -nE 's/^.+docker[\/-]([a-f0-9]{64}).*/\1/p' /proc/self/cgroup \| head -n 1)`
			`;;`
			`esac`
First release 2015-12-31 18:50:25 +01:00
			`if [[ -z "$CONTAINER_ID" ]]; then`
			`echo "Error: can't get my container ID !" >&2`
			`exit 1`
			`fi`

			`function check_docker_socket {`
Call docker API directly No need to have the docker binary 2016-01-06 19:33:16 +01:00			`if [[ $DOCKER_HOST == unix://* ]]; then`
			`socket_file=${DOCKER_HOST#unix://}`
			`if [[ ! -S $socket_file ]]; then`
Minor edits for coding style consistency 2018-02-08 23:57:50 +01:00			`echo "Error: you need to share your Docker host socket with a volume at $socket_file" >&2`
			`echo "Typically you should run your container with: '-v /var/run/docker.sock:$socket_file:ro'" >&2`
Call docker API directly No need to have the docker binary 2016-01-06 19:33:16 +01:00			`exit 1`
			`fi`
			`fi`
First release 2015-12-31 18:50:25 +01:00			`}`
Call docker API directly No need to have the docker binary 2016-01-06 19:33:16 +01:00
First release 2015-12-31 18:50:25 +01:00			`function check_writable_directory {`
			`local dir="$1"`
Use CONTAINER_ID instead of HOSTNAME variable when using docker_api 2017-02-13 19:11:53 +01:00			`docker_api "/containers/$CONTAINER_ID/json" \| jq ".Mounts[].Destination" \| grep -q "^\"$dir\"$"`
Warn if volumes don't appear to be setup correctly Assuming they're following a conventional setup, this will warn users that they likely didn't set their volumes up correctly. It's not an error though because they may have done something like mount the entire /etc/nginx directory. 2016-08-18 04:16:00 +02:00			`if [[ $? -ne 0 ]]; then`
			`echo "Warning: '$dir' does not appear to be a mounted volume."`
			`fi`
First release 2015-12-31 18:50:25 +01:00			`if [[ ! -d "$dir" ]]; then`
			`echo "Error: can't access to '$dir' directory !" >&2`
Fix log typo when checking writable directories 2018-02-10 00:11:24 +01:00			`echo "Check that '$dir' directory is declared as a writable volume." >&2`
First release 2015-12-31 18:50:25 +01:00			`exit 1`
			`fi`
			`touch $dir/.check_writable 2>/dev/null`
			`if [[ $? -ne 0 ]]; then`
			`echo "Error: can't write to the '$dir' directory !" >&2`
			`echo "Check that '$dir' directory is export as a writable volume." >&2`
			`exit 1`
			`fi`
			`rm -f $dir/.check_writable`
			`}`

Automatically create Diffie-Hellman group 2016-01-05 14:03:22 +01:00			`function check_dh_group {`
Add ability to override default DH_PARAM_SIZE 2017-08-25 09:03:52 +02:00			`local DHPARAM_BITS="${DHPARAM_BITS:-2048}"`
			`re='^[0-9]*$'`
			`if ! [[ "$DHPARAM_BITS" =~ $re ]] ; then`
			`echo "Error: invalid Diffie-Hellman size of $DHPARAM_BITS !" >&2`
			`exit 1`
			`fi`
Automatically create Diffie-Hellman group 2016-01-05 14:03:22 +01:00			`if [[ ! -f /etc/nginx/certs/dhparam.pem ]]; then`
			`echo "Creating Diffie-Hellman group (can take several minutes...)"`
Add ability to override default DH_PARAM_SIZE 2017-08-25 09:03:52 +02:00			`openssl dhparam -out /etc/nginx/certs/.dhparam.pem.tmp $DHPARAM_BITS`
Automatically create Diffie-Hellman group 2016-01-05 14:03:22 +01:00			`mv /etc/nginx/certs/.dhparam.pem.tmp /etc/nginx/certs/dhparam.pem \|\| exit 1`
Call docker API directly No need to have the docker binary 2016-01-06 19:33:16 +01:00			`fi`
Automatically create Diffie-Hellman group 2016-01-05 14:03:22 +01:00			`}`

functions.lib -> functions.sh This way any editor can figure out the file type automatically. 2016-06-26 00:31:15 +02:00			`source /app/functions.sh`
Call docker API directly No need to have the docker binary 2016-01-06 19:33:16 +01:00
Add new DEBUG environment variable 2016-01-03 12:31:24 +01:00			`[[ $DEBUG == true ]] && set -x`
First release 2015-12-31 18:50:25 +01:00
			`if [[ "$*" == "/bin/bash /app/start.sh" ]]; then`
			`check_docker_socket`
Rework nginx-proxy and docker-gen cid acquisition Make #321 work with three containers setups too. 2018-02-09 00:27:14 +01:00			`if [[ -z "$(get_nginx_proxy_container)" ]]; then`
			`echo "Error: can't get nginx-proxy container ID !" >&2`
			`echo "Check that you are doing one of the following :" >&2`
			`echo -e "\t- Use the --volumes-from option to mount volumes from the nginx-proxy container." >&2`
			`echo -e "\t- Set the NGINX_PROXY_CONTAINER env var on the letsencrypt-companion container to the name of the nginx-proxy container." >&2`
			`echo -e "\t- Label the nginx-proxy container to use with 'com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy'." >&2`
			`exit 1`
Additional check for docker-gen 2018-02-09 10:38:44 +01:00			`elif [[ -z "$(get_docker_gen_container)" ]] && ! is_docker_gen_container "$(get_nginx_proxy_container)"; then`
			`echo "Error: can't get docker-gen container id !" >&2`
			`echo "If you are running a three containers setup, check that you are doing one of the following :" >&2`
			`echo -e "\t- Set the NGINX_DOCKER_GEN_CONTAINER env var on the letsencrypt-companion container to the name of the docker-gen container." >&2`
			`echo -e "\t- Label the docker-gen container to use with 'com.github.jrcs.letsencrypt_nginx_proxy_companion.docker_gen.'" >&2`
			`exit 1`
Allow to use the official nginx image and docker-gen in separate containers 2016-02-11 21:18:20 +01:00			`fi`
First release 2015-12-31 18:50:25 +01:00			`check_writable_directory '/etc/nginx/certs'`
Create location configurations automatically 2016-01-01 14:32:40 +01:00			`check_writable_directory '/etc/nginx/vhost.d'`
First release 2015-12-31 18:50:25 +01:00			`check_writable_directory '/usr/share/nginx/html'`
Automatically create Diffie-Hellman group 2016-01-05 14:03:22 +01:00			`check_dh_group`
First release 2015-12-31 18:50:25 +01:00			`fi`

			`exec "$@"`