bfren · bfren · Sep 24, 2022 · Sep 24, 2022 · Sep 24, 2022 · Sep 24, 2022
diff --git a/Dockerfile b/Dockerfile
@@ -9,12 +9,12 @@ ARG BF_VERSION
 EXPOSE 443
 
 ENV \
+    # the base URI of the proxy server (will be used when SSL bindings fail)
     PROXY_URI= \
     # clean all config and certificates before doing anything else
     PROXY_CLEAN_INSTALL=0 \
     # used for renewal notification emails
     PROXY_LETS_ENCRYPT_EMAIL= \
-    # the base URI of the proxy server (will be used when SSL bindings fail)
     # set to 1 to use live instead of staging server
     PROXY_LETS_ENCRYPT_LIVE=0 \
     # enable automatic certificate updating
@@ -26,7 +26,14 @@ ENV \
     # canonical domain name redirection
     PROXY_SSL_REDIRECT_TO_CANONICAL=0 \
     # set to true to skip local HTTP token check
-    PROXY_GETSSL_SKIP_HTTP_TOKEN_CHECK="false"
+    PROXY_GETSSL_SKIP_HTTP_TOKEN_CHECK="false" \
+    # if both are set, on first startup will generate SSL config and request certs
+    PROXY_AUTO_PRIMARY= \
+    PROXY_AUTO_UPSTREAM= \
+    # optional - add aliases to the auto-generated conf.json on first startup
+    PROXY_AUTO_ALIASES= \
+    # optional - mark the Nginx config as custom so it isn't regenerated on future startups
+    PROXY_AUTO_CUSTOM=0
 
 COPY ./overlay /
 

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-5.0.16
+5.1.0
diff --git a/VERSION_MINOR b/VERSION_MINOR
@@ -1 +1 @@
-5.0
+5.1
diff --git a/overlay/etc/bf/init.d/20-env b/overlay/etc/bf/init.d/20-env
@@ -14,6 +14,7 @@ bf-env "PROXY_GETSSL" "${PROXY_LIB}/getssl"
 
 PROXY_SSL=/ssl
 bf-env "PROXY_SSL" ${PROXY_SSL}
+bf-env "PROXY_SSL_CONF" "${PROXY_SSL}/conf.json"
 bf-env "PROXY_SSL_DHPARAM" "${PROXY_SSL}/dhparam.pem"
 
 PROXY_SSL_CERTS=${PROXY_SSL}/certs

diff --git a/overlay/etc/bf/init.d/21-ssl → overlay/etc/bf/init.d/21-ssl-init b/overlay/etc/bf/init.d/21-ssl → overlay/etc/bf/init.d/21-ssl-init
@@ -20,6 +20,23 @@ if [ "${PROXY_CLEAN_INSTALL}" = "1" ] ; then
 fi
 
 
+#======================================================================================================================
+# If there is no SSL configuration file, and auto environment variables are set, generate config.
+#======================================================================================================================
+
+if [ ! -f "${PROXY_SSL_CONF}" ] && [ -n "${PROXY_AUTO_PRIMARY-}" ] && [ -n "${PROXY_AUTO_UPSTREAM-}" ] ; then
+
+    # generate conf
+    bf-echo "Generating conf.json using auto environment variables."
+    bf-esh ${BF_TEMPLATES}/conf.json.esh ${PROXY_SSL_CONF}
+    bf-env "PROXY_AUTO" "1"
+
+    # if there are aliases enable canonical redirection
+    [[ -n "${PROXY_AUTO_ALIASES}" ]] && bf-env "PROXY_SSL_REDIRECT_TO_CANONICAL" "1"
+
+fi
+
+
 #======================================================================================================================
 # Run initialisation script.
 #======================================================================================================================

diff --git a/overlay/etc/bf/templates/conf.json.esh b/overlay/etc/bf/templates/conf.json.esh
@@ -0,0 +1,11 @@
+{
+    "$schema": "https://raw.githubusercontent.com/bfren/docker-nginx-proxy/main/ssl-conf-schema.json",
+    "domains": [
+        {
+            "primary": "<%= ${PROXY_AUTO_PRIMARY} %>",
+            "upstream": "<%= ${PROXY_AUTO_UPSTREAM} %>"<% if [ -n "${PROXY_AUTO_ALIASES-}" ] ; then %>,
+            "aliases": [ "<%= ${PROXY_AUTO_ALIASES// /\", \"} %>" ]<% fi ; if [ "${PROXY_AUTO_CUSTOM-}" = "1" ] ; then %>,
+            "custom": true<% fi %>
+        }
+    ]
+}
diff --git a/overlay/etc/s6-overlay/s6-rc.d/ssl-auto-request/dependencies b/overlay/etc/s6-overlay/s6-rc.d/ssl-auto-request/dependencies
@@ -0,0 +1 @@
+nginx
diff --git a/overlay/etc/s6-overlay/s6-rc.d/ssl-auto-request/finish b/overlay/etc/s6-overlay/s6-rc.d/ssl-auto-request/finish
@@ -0,0 +1,11 @@
+#!/command/with-contenv bash
+
+set -euo pipefail
+export BF_E="${PWD##*/}/$(basename ${0})"
+
+
+#======================================================================================================================
+# Show helpful log message.
+#======================================================================================================================
+
+bf-svc-finish
diff --git a/overlay/etc/s6-overlay/s6-rc.d/ssl-auto-request/run b/overlay/etc/s6-overlay/s6-rc.d/ssl-auto-request/run
@@ -0,0 +1,38 @@
+#!/command/with-contenv bash
+
+set -euo pipefail
+export BF_E="${PWD##*/}/$(basename ${0})"
+
+
+#======================================================================================================================
+# Run request executable and then disable the service.
+# First, wait until the Nginx service is running.
+#======================================================================================================================
+
+if [ "${PROXY_AUTO-}" = "1" ] ; then
+
+    if [ -n "$(pidof nginx)" ]; then
+
+        # run upgrade executable
+        bf-echo "Requesting SSL certificates using auto-generated conf.json."
+        ssl-request
+
+        # disable the auto request service
+        ssl-auto-request-disable
+
+    else
+
+        # wait 2s before exiting the service - S6 will keep restarting it until Nginx comes online
+        # on first run, it will disable this upgrade service itself
+        SLEEP=2
+        bf-debug "Waiting ${SLEEP}s for Nginx to come online..."
+        sleep ${SLEEP}
+
+    fi
+
+else
+
+    # disable the auto request service
+    ssl-auto-request-disable
+
+fi
diff --git a/overlay/etc/s6-overlay/s6-rc.d/ssl-auto-request/type b/overlay/etc/s6-overlay/s6-rc.d/ssl-auto-request/type
@@ -0,0 +1 @@
+longrun
diff --git a/overlay/etc/s6-overlay/s6-rc.d/user/contents.d/ssl-auto-request b/overlay/etc/s6-overlay/s6-rc.d/user/contents.d/ssl-auto-request
diff --git a/overlay/usr/bin/bf/ssl-auto-request-disable b/overlay/usr/bin/bf/ssl-auto-request-disable
@@ -0,0 +1,11 @@
+#!/command/with-contenv bash
+
+set -euo pipefail
+export BF_E=`basename ${0}`
+
+
+#======================================================================================================================
+# Use base executable to disable auto request service.
+#======================================================================================================================
+
+bf-svc-down ssl-auto-request
diff --git a/overlay/usr/lib/bf/inc/proxy-load-conf.sh b/overlay/usr/lib/bf/inc/proxy-load-conf.sh
@@ -5,9 +5,8 @@
 # Check JSON configuration file exists.
 #======================================================================================================================
 
-SSL_CONF=${PROXY_SSL}/conf.json
-if [ ! -f ${SSL_CONF} ] ; then
-    bf-error "You must create ${SSL_CONF} - see ssl-conf-sample.json." "inc/proxy-load-conf.sh"
+if [ ! -f "${PROXY_SSL_CONF}" ] ; then
+    bf-error "You must create ${PROXY_SSL_CONF} - see ssl-conf-sample.json." "inc/proxy-load-conf.sh"
     exit 1
 fi
 
@@ -16,7 +15,7 @@ fi
 # Load JSON and create DOMAINS array by selecting primary keys.
 #======================================================================================================================
 
-JSON=`cat "${SSL_CONF}" | jq '.'`
+JSON=`cat "${PROXY_SSL_CONF}" | jq '.'`
 
 declare -a DOMAINS=(`jq -r '.domains[].primary' <<< "${JSON}"`)