1
0

fix: stop enforcing html directory

warn instead of exiting when html directory is not accessible
This commit is contained in:
Nicolas Duchon 2024-10-28 08:36:12 +01:00
parent 3cb7df6fdd
commit 2c1b9a48ff

@ -27,7 +27,7 @@ function check_docker_socket {
fi fi
} }
function check_writable_directory { function check_dir_is_mounted_volume {
local dir="$1" local dir="$1"
if [[ $(get_self_cid) ]]; then if [[ $(get_self_cid) ]]; then
if ! docker_api "/containers/$(get_self_cid)/json" | jq ".Mounts[].Destination" | grep -q "^\"$dir\"$"; then if ! docker_api "/containers/$(get_self_cid)/json" | jq ".Mounts[].Destination" | grep -q "^\"$dir\"$"; then
@ -36,6 +36,13 @@ function check_writable_directory {
else else
echo "Warning: can't check if '$dir' is a mounted volume without self container ID." echo "Warning: can't check if '$dir' is a mounted volume without self container ID."
fi fi
}
function check_writable_directory {
local dir="$1"
check_dir_is_mounted_volume "$dir"
if [[ ! -d "$dir" ]]; then if [[ ! -d "$dir" ]]; then
echo "Error: can't access to '$dir' directory !" >&2 echo "Error: can't access to '$dir' directory !" >&2
echo "Check that '$dir' directory is declared as a writable volume." >&2 echo "Check that '$dir' directory is declared as a writable volume." >&2
@ -49,6 +56,18 @@ function check_writable_directory {
rm -f "$dir/.check_writable" rm -f "$dir/.check_writable"
} }
function warn_html_directory {
local dir='/usr/share/nginx/html'
check_dir_is_mounted_volume "$dir"
if [[ ! -d "$dir" ]] || ! touch "$dir/.check_writable" 2>/dev/null; then
echo "Warning: can't access or write to '$dir' directory. This will prevent HTML-01 challenges from working correctly."
echo "If you are only using DNS-01 challenges, you can ignore this warning, otherwise check that '$dir' is declared as a writable volume."
fi
rm -f "$dir/.check_writable"
}
function check_dh_group { function check_dh_group {
# DH params will be supplied for acme-companion here: # DH params will be supplied for acme-companion here:
local DHPARAM_FILE='/etc/nginx/certs/dhparam.pem' local DHPARAM_FILE='/etc/nginx/certs/dhparam.pem'
@ -176,7 +195,7 @@ if [[ "$*" == "/bin/bash /app/start.sh" ]]; then
check_writable_directory '/etc/nginx/certs' check_writable_directory '/etc/nginx/certs'
parse_true "${ACME_HTTP_CHALLENGE_LOCATION:=false}" && check_writable_directory '/etc/nginx/vhost.d' parse_true "${ACME_HTTP_CHALLENGE_LOCATION:=false}" && check_writable_directory '/etc/nginx/vhost.d'
check_writable_directory '/etc/acme.sh' check_writable_directory '/etc/acme.sh'
check_writable_directory '/usr/share/nginx/html' warn_html_directory
if [[ -f /app/letsencrypt_user_data ]]; then if [[ -f /app/letsencrypt_user_data ]]; then
check_writable_directory '/etc/nginx/vhost.d' check_writable_directory '/etc/nginx/vhost.d'
check_writable_directory '/etc/nginx/conf.d' check_writable_directory '/etc/nginx/conf.d'