| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950 |
- #!/bin/sh
- # Nginx entrypoint script that processes environment variables in config
- set -e
- # Default domain name (can be overridden)
- DOMAIN_NAME="${DOMAIN_NAME:-default}"
- # Process the template config file (which is read-only mounted)
- # and create a processed version in a writable location
- PROCESSED_CONFIG="/tmp/nginx.conf"
- # Check if SSL certificates exist
- CERT_PATH="/etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem"
- KEY_PATH="/etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem"
- # Replace DOMAIN_NAME_PLACEHOLDER in the config file (if it exists)
- # If no placeholder, just copy the config
- if grep -q "DOMAIN_NAME_PLACEHOLDER" /etc/nginx/nginx.conf 2>/dev/null; then
- sed "s|DOMAIN_NAME_PLACEHOLDER|${DOMAIN_NAME}|g" /etc/nginx/nginx.conf > "$PROCESSED_CONFIG"
- else
- cp /etc/nginx/nginx.conf "$PROCESSED_CONFIG"
- fi
- # If certificates don't exist, just use the config as-is (should be no-ssl config)
- if [ ! -f "$CERT_PATH" ] || [ ! -f "$KEY_PATH" ]; then
- echo "WARNING: SSL certificates not found at $CERT_PATH"
- echo "Using HTTP-only configuration for ACME challenges."
- fi
- # Start nginx with auto-reload for certificate updates
- # Reload every 6 hours OR when certbot signals a renewal
- # Use the processed config file
- exec /bin/sh -c "
- # Watch for certbot reload signal
- (while :; do
- if [ -f /var/run/certbot-reload/reload ]; then
- echo 'Certificate renewed, reloading nginx...'
- nginx -s reload -c $PROCESSED_CONFIG
- rm -f /var/run/certbot-reload/reload
- fi
- sleep 60
- done) &
- # Periodic reload every 6 hours
- (while :; do sleep 6h & wait \${!}; nginx -s reload -c $PROCESSED_CONFIG; done) &
- # Start nginx with processed config
- nginx -c $PROCESSED_CONFIG -g 'daemon off;'
- "
|
