From 9dbe8a770a7cb39224114a6282322f4cd5f0a4b8 Mon Sep 17 00:00:00 2001 From: bfren Date: Wed, 4 May 2022 12:09:20 +0100 Subject: [PATCH 01/28] Bumping version to 4.0.0 --- VERSION | 2 +- VERSION_MAJOR | 2 +- VERSION_MINOR | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/VERSION b/VERSION index 050ffa7..0c89fc9 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -3.3.13 \ No newline at end of file +4.0.0 \ No newline at end of file diff --git a/VERSION_MAJOR b/VERSION_MAJOR index e440e5c..bf0d87a 100644 --- a/VERSION_MAJOR +++ b/VERSION_MAJOR @@ -1 +1 @@ -3 \ No newline at end of file +4 \ No newline at end of file diff --git a/VERSION_MINOR b/VERSION_MINOR index f30101c..389f774 100644 --- a/VERSION_MINOR +++ b/VERSION_MINOR @@ -1 +1 @@ -3.3 \ No newline at end of file +4.0 \ No newline at end of file From 7ae1ae44ec23c95405a0eabf1865944da682f0c0 Mon Sep 17 00:00:00 2001 From: bfren Date: Wed, 4 May 2022 12:09:32 +0100 Subject: [PATCH 02/28] Removing latest tag from publish --- .github/workflows/publish.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index cf600cf..fbbbc5c 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -64,11 +64,9 @@ jobs: push: true platforms: linux/amd64,linux/arm/v7,linux/arm64 tags: | - bfren/nginx-proxy:latest bfren/nginx-proxy:${{ steps.version_major.outputs.contents }} bfren/nginx-proxy:${{ steps.version_minor.outputs.contents }} bfren/nginx-proxy:${{ steps.version.outputs.contents }} - ghcr.io/bfren/nginx-proxy:latest ghcr.io/bfren/nginx-proxy:${{ steps.version_major.outputs.contents }} ghcr.io/bfren/nginx-proxy:${{ steps.version_minor.outputs.contents }} ghcr.io/bfren/nginx-proxy:${{ steps.version.outputs.contents }} From ce2fb00119591ca7d79314cf8ef89b05fec0f0c9 Mon Sep 17 00:00:00 2001 From: bfren Date: Wed, 4 May 2022 12:09:49 +0100 Subject: [PATCH 03/28] Install jq package --- overlay/tmp/install | 1 + 1 file changed, 1 insertion(+) diff --git a/overlay/tmp/install b/overlay/tmp/install index 61714b7..4a4aae3 100644 --- a/overlay/tmp/install +++ b/overlay/tmp/install @@ -12,6 +12,7 @@ bf-echo "Installing packages..." apk add --no-cache \ bash \ curl \ + jq \ openssl bf-done From 40a059fcef9a09e7d18cb6b6a69ef7102f9a65bf Mon Sep 17 00:00:00 2001 From: bfren Date: Wed, 4 May 2022 12:10:15 +0100 Subject: [PATCH 04/28] Load domains config from JSON not bash --- overlay/usr/lib/bf/inc/proxy-check.sh | 2 +- overlay/usr/lib/bf/inc/proxy-load-conf.sh | 28 +++++++++++++++------ overlay/usr/lib/bf/inc/proxy-setup-nginx.sh | 25 +++++++++--------- 3 files changed, 34 insertions(+), 21 deletions(-) diff --git a/overlay/usr/lib/bf/inc/proxy-check.sh b/overlay/usr/lib/bf/inc/proxy-check.sh index c1425d8..82e8c91 100644 --- a/overlay/usr/lib/bf/inc/proxy-check.sh +++ b/overlay/usr/lib/bf/inc/proxy-check.sh @@ -22,7 +22,7 @@ fi #====================================================================================================================== -# Create arrays and include configuration. +# Load configuration (creates DOMAINS array). #====================================================================================================================== source ${BF_INC}/proxy-load-conf.sh diff --git a/overlay/usr/lib/bf/inc/proxy-load-conf.sh b/overlay/usr/lib/bf/inc/proxy-load-conf.sh index 05d45b9..6c4dd21 100644 --- a/overlay/usr/lib/bf/inc/proxy-load-conf.sh +++ b/overlay/usr/lib/bf/inc/proxy-load-conf.sh @@ -2,17 +2,29 @@ #====================================================================================================================== -# Create arrays and include configuration. +# Check JSON configuration file exists. #====================================================================================================================== -SSL_CONF=${PROXY_SSL}/conf.sh +SSL_CONF=${PROXY_SSL}/conf.json if [ ! -f ${SSL_CONF} ] ; then - bf-error "You must create ${SSL_CONF} - see ssl-conf-sample.sh." "inc/proxy-load-conf.sh" - exit 1 + + # if a <=v3 bash configuration file doesn't exist either, exit with an error + OLD_SSL_CONF=${PROXY_SSL}/conf.sh + if [ ! -f ${OLD_SSL_CONF} ] ; then + bf-error "You must create ${SSL_CONF} - see ssl-conf-sample.json." "inc/proxy-load-conf.sh" + exit 1 + fi + + # attempt to create the JSON configuration file from a <=v3 bash configuration file + ${PROXY_LIB}/convert "${OLD_SSL_CONF}" "${SSL_CONF}" + fi -declare -A DOMAINS -declare -A ALIASES -declare -A NGXCONF -source ${SSL_CONF} +#====================================================================================================================== +# Load JSON and create DOMAINS array by selecting primary keys. +#====================================================================================================================== + +CONF_JSON=`cat "${SSL_CONF}" | jq '.'` + +declare -a DOMAINS=(`jq -r '.domains[].primary' <<< "${CONF_JSON}"`) diff --git a/overlay/usr/lib/bf/inc/proxy-setup-nginx.sh b/overlay/usr/lib/bf/inc/proxy-setup-nginx.sh index a2b4b23..f435c46 100644 --- a/overlay/usr/lib/bf/inc/proxy-setup-nginx.sh +++ b/overlay/usr/lib/bf/inc/proxy-setup-nginx.sh @@ -5,10 +5,11 @@ # Set up Nginx. # # Arguments -# 1 Domain name -# 2 Upstream URL -# 3 Name of Domain Aliases array -# 4 Blank (regenerate) or 'custom' (keep) Nginx configuration file +# 1 0 for proxied domain, 1 for domain of the proxy server itself +# 2 Domain name +# 3 Upstream URL +# 4 Name of Domain Aliases array +# 5 Blank (regenerate) or 'custom' (keep) Nginx configuration file #====================================================================================================================== setup-nginx () { @@ -31,20 +32,20 @@ setup-nginx () { # check for existing configuration file if [ -f ${CONF} ] ; then - # if empty, remove config so it can be regenerated - if [ -z "${DOMAIN_NGXCONF}" ] ; then - bf-debug " removing and regnerating Nginx configuration" "inc/proxy-setup-nginx.sh" - rm ${CONF} - - # otherwise, leave file (allows custom config) - else + # if true, leave file (allows custom config) + if [ "${DOMAIN_NGXCONF}" = "true" ] ; then bf-debug " keeping existing configuration." "inc/proxy-setup-nginx.sh" return 0 + + # otherwise, remove config so it can be regenerated + else + bf-debug " removing and regnerating Nginx configuration" "inc/proxy-setup-nginx.sh" + rm ${CONF} fi else - # no need to do anything, be a good log citizen + # no need to remove anything, be a good log citizen bf-debug " generating default Nginx configuration" "inc/proxy-setup-nginx.sh" fi From 8a4033e02fa584bd0febc5e21bffb3bcc5d87eaa Mon Sep 17 00:00:00 2001 From: bfren Date: Wed, 4 May 2022 12:10:31 +0100 Subject: [PATCH 05/28] Init using JSON config --- overlay/usr/lib/bf/proxy/init | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/overlay/usr/lib/bf/proxy/init b/overlay/usr/lib/bf/proxy/init index 48d1dcc..530557b 100644 --- a/overlay/usr/lib/bf/proxy/init +++ b/overlay/usr/lib/bf/proxy/init @@ -42,6 +42,16 @@ setup-ssl ${PROXY_URI} "" bf-ok " . done." "proxy/init" +#====================================================================================================================== +# Gets a domain object from the JSON configuration. +# +# Arguments +# 1 Primary domain name to select +#====================================================================================================================== + +function get-domain() { jq --arg PRIMARY "${1}" '.domains[] | select(.primary == $PRIMARY)' <<< "${JSON_CONF}" ; } + + #====================================================================================================================== # Set up Nginx and SSL for each domain. #====================================================================================================================== @@ -49,9 +59,9 @@ bf-ok " . done." "proxy/init" bf-echo "Setting up domains..." "proxy/init" for DN in "${!DOMAINS[@]}" ; do - UP=${DOMAINS[${DN}]} # upstream server - AL=${ALIASES[${DN}]} # aliases - CF=${NGXCONF[${DN}]} # use default / custom Nginx config + UP=`get-domain "${DN}" | jq -r '.upstream'` # upstream server + AL=`get-domain "${DN}" | jq -r '.aliases[]'` # aliases + CF=`get-domain "${DN}" | jq -r '.custom == true'` # whether or not to use custom Nginx config bf-echo " .. ${DN}" "proxy/init" From a2670a433559149735a6bdbbecc978ea7774af7a Mon Sep 17 00:00:00 2001 From: bfren Date: Wed, 4 May 2022 12:43:19 +0100 Subject: [PATCH 06/28] Adding JSON schema and sample json --- README.md | 2 ++ ssl-conf-sample.json | 17 +++++++++++++++++ ssl-conf-schema.json | 42 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 61 insertions(+) create mode 100644 ssl-conf-sample.json create mode 100644 ssl-conf-schema.json diff --git a/README.md b/README.md index 5027359..0aebccb 100644 --- a/README.md +++ b/README.md @@ -7,6 +7,8 @@ Nginx Proxy which uses [getssl](https://github.com/srvrco/getssl) to automate requesting and renewing SSL certificates via Let's Encrypt. Certificates are checked for renewal every day - the last check can be viewed in the `/ssl` volume. +As of v4, configuration is handled via a JSON file - see ssl-conf-sample.json for an example and ssl-conf-schema.json for the full file definition. + ## Contents * [Ports](#ports) diff --git a/ssl-conf-sample.json b/ssl-conf-sample.json new file mode 100644 index 0000000..356d5ad --- /dev/null +++ b/ssl-conf-sample.json @@ -0,0 +1,17 @@ +{ + "$schema": "./ssl-conf-schema.json", + "domains": [ + { + "primary": "example.com", + "upstream": "http://example:5000", + "aliases": [ "www.example.com", "ex.com", "www.ex.com" ], + "custom": true + }, + { + "primary": "test.com", + "upstream": "http://test", + "aliases": [ "www.test.com", "fred.co.uk" ], + "custom": false + } + ] +} diff --git a/ssl-conf-schema.json b/ssl-conf-schema.json new file mode 100644 index 0000000..3b54a35 --- /dev/null +++ b/ssl-conf-schema.json @@ -0,0 +1,42 @@ +{ + "$id": "https://raw.githubusercontent.com/bfren/docker-nginx-proxy/main/ssl-conf-schema.json", + "$schema": "https://json-schema.org/draft-07/schema", + "description": "Docker Nginx Proxy Configuration Settings", + "type": "object", + "required": [ "domains" ], + "additionalProperties": false, + "properties": { + "domains": { + "type": "array", + "items": { "$ref": "#/$defs/domain" } + } + }, + "$defs": { + "domain": { + "type": "object", + "required": [ "primary", "upstream" ], + "additionalProperties": false, + "properties" : { + "primary": { + "type": "string", + "description": "Primary domain name, e.g. 'www.example.com'." + }, + "upstream": { + "type": "string", + "description": "Upstream server being proxied (include port), e.g. 'http://up:5000'." + }, + "aliases": { + "type": "array", + "description": "Aliases of the primary domain, e.g. 'example.com'.", + "items": { + "type": "string" + } + }, + "custom": { + "type": "boolean", + "description": "Whether or not to use custom Nginx configuration." + } + } + } + } +} From 011c28869a5b4eab1d09597dc8152d7a740c232a Mon Sep 17 00:00:00 2001 From: bfren Date: Wed, 4 May 2022 12:49:44 +0100 Subject: [PATCH 07/28] Removing convert from setup --- overlay/usr/lib/bf/inc/proxy-load-conf.sh | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/overlay/usr/lib/bf/inc/proxy-load-conf.sh b/overlay/usr/lib/bf/inc/proxy-load-conf.sh index 6c4dd21..0cccd53 100644 --- a/overlay/usr/lib/bf/inc/proxy-load-conf.sh +++ b/overlay/usr/lib/bf/inc/proxy-load-conf.sh @@ -7,17 +7,8 @@ SSL_CONF=${PROXY_SSL}/conf.json if [ ! -f ${SSL_CONF} ] ; then - - # if a <=v3 bash configuration file doesn't exist either, exit with an error - OLD_SSL_CONF=${PROXY_SSL}/conf.sh - if [ ! -f ${OLD_SSL_CONF} ] ; then - bf-error "You must create ${SSL_CONF} - see ssl-conf-sample.json." "inc/proxy-load-conf.sh" - exit 1 - fi - - # attempt to create the JSON configuration file from a <=v3 bash configuration file - ${PROXY_LIB}/convert "${OLD_SSL_CONF}" "${SSL_CONF}" - + bf-error "You must create ${SSL_CONF} - see ssl-conf-sample.json." "inc/proxy-load-conf.sh" + exit 1 fi From a3359e0471427c0d42064f743c90fbd7d48bd43e Mon Sep 17 00:00:00 2001 From: bfren Date: Wed, 4 May 2022 12:49:53 +0100 Subject: [PATCH 08/28] Using GitHub file as schema --- ssl-conf-sample.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl-conf-sample.json b/ssl-conf-sample.json index 356d5ad..2c345d2 100644 --- a/ssl-conf-sample.json +++ b/ssl-conf-sample.json @@ -1,5 +1,5 @@ { - "$schema": "./ssl-conf-schema.json", + "$schema": "https://raw.githubusercontent.com/bfren/docker-nginx-proxy/main/ssl-conf-schema.json", "domains": [ { "primary": "example.com", From fae4ec45fb6e1341828ccf4e02de923417f1758d Mon Sep 17 00:00:00 2001 From: bfren Date: Wed, 4 May 2022 12:55:14 +0100 Subject: [PATCH 09/28] Removing bash config sample file --- ssl-conf-sample.sh | 30 ------------------------------ 1 file changed, 30 deletions(-) delete mode 100644 ssl-conf-sample.sh diff --git a/ssl-conf-sample.sh b/ssl-conf-sample.sh deleted file mode 100644 index ad25f29..0000000 --- a/ssl-conf-sample.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -#====================================================================================================================== -# This file should be modified to define domain arrays and then stored in /ssl/conf.sh -# -# DOMAINS is an associative array -# key: (string) primary domain name -# value: (string) upstream server -# -# ALIASES is an associative array -# key: (string) primary domain name - if it doesn't match one of the keys in DOMAINS, it will be ignored -# value: (string) alias domain names to be included in the SSL certificate, separated by a space -# -# NGXCONF is an optional associative array -# key: (string) primary domain name - if it doesn't match one of the keys in DOMAINS, it will be ignored -# value: (string) "custom" by convention - but if you set this to *anything*, Nginx config for this site won't be -# automatically regenerated, so you won't get new features and be responsible for maintaining it yourself -# -# These arrays will generate configuration files that will be stored in /sites and /ssl/certs -# After generation they can be modified to suit your needs - after modification, the container should be restarted -#====================================================================================================================== - -DOMAINS["example.com"]="http://example" -ALIASES["example.com"]="www.example.com ex.com www.ex.com" -NGXCONF["example.com"]="custom" - -DOMAINS["test.com"]="http://test" -ALIASES["test.com"]="www.test.com" -# no NGXCONF means Nginx configuration will be regenerated each time the container starts -# the advantage of this is you automatically get new features / bug fixes From 5bdeff33e24eeebefd905674484851c2c9cffc43 Mon Sep 17 00:00:00 2001 From: bfren Date: Wed, 4 May 2022 13:01:08 +0100 Subject: [PATCH 10/28] Updating loop --- overlay/usr/lib/bf/proxy/init | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/overlay/usr/lib/bf/proxy/init b/overlay/usr/lib/bf/proxy/init index 530557b..9f9873a 100644 --- a/overlay/usr/lib/bf/proxy/init +++ b/overlay/usr/lib/bf/proxy/init @@ -57,7 +57,7 @@ function get-domain() { jq --arg PRIMARY "${1}" '.domains[] | select(.primary == #====================================================================================================================== bf-echo "Setting up domains..." "proxy/init" -for DN in "${!DOMAINS[@]}" ; do +for DN in "${DOMAINS}" ; do UP=`get-domain "${DN}" | jq -r '.upstream'` # upstream server AL=`get-domain "${DN}" | jq -r '.aliases[]'` # aliases From 616d4cb7f1a5b8e2e24e55e645d3e4e494ce4c6a Mon Sep 17 00:00:00 2001 From: bfren Date: Wed, 4 May 2022 13:02:32 +0100 Subject: [PATCH 11/28] Updating loop --- overlay/usr/lib/bf/proxy/init | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/overlay/usr/lib/bf/proxy/init b/overlay/usr/lib/bf/proxy/init index 9f9873a..25f3b27 100644 --- a/overlay/usr/lib/bf/proxy/init +++ b/overlay/usr/lib/bf/proxy/init @@ -57,7 +57,7 @@ function get-domain() { jq --arg PRIMARY "${1}" '.domains[] | select(.primary == #====================================================================================================================== bf-echo "Setting up domains..." "proxy/init" -for DN in "${DOMAINS}" ; do +for DN in "${DOMAINS[@]}" ; do UP=`get-domain "${DN}" | jq -r '.upstream'` # upstream server AL=`get-domain "${DN}" | jq -r '.aliases[]'` # aliases From bfee653fccc5a3df40409ad2e41da13b38ce9d1f Mon Sep 17 00:00:00 2001 From: bfren Date: Wed, 4 May 2022 13:14:51 +0100 Subject: [PATCH 12/28] Using new conf in nginx-regenerate executable --- overlay/usr/bin/bf/nginx-regenerate | 5 +++-- overlay/usr/lib/bf/inc/proxy-load-conf.sh | 10 ++++++++++ overlay/usr/lib/bf/proxy/init | 10 ---------- 3 files changed, 13 insertions(+), 12 deletions(-) diff --git a/overlay/usr/bin/bf/nginx-regenerate b/overlay/usr/bin/bf/nginx-regenerate index ad9e487..0f95ea5 100644 --- a/overlay/usr/bin/bf/nginx-regenerate +++ b/overlay/usr/bin/bf/nginx-regenerate @@ -32,7 +32,7 @@ done bf-echo "Loading SSL configuration." source ${BF_INC}/proxy-load-conf.sh -bf-debug "Loaded: ${!DOMAINS[*]}." +bf-debug "Loaded: ${DOMAINS[@]}." #====================================================================================================================== @@ -54,7 +54,8 @@ for CFG in "${NGINX_CONFIGS[@]}" ; do bf-debug " .. ${STRIPPED}" # the domain has standard config - delete conf file - if [[ -z "${NGXCONF[${STRIPPED}]-}" ]] ; then + CUSTOM_CONF=`get-domain "${STRIPPED}" | jq -r '.custom == true'` + if [[ "${CUSTOM_CONF}" = "false" ]] ; then bf-debug " .. standard config: remove configuration file" rm -f ${PROXY_SITES}/${STRIPPED}.conf diff --git a/overlay/usr/lib/bf/inc/proxy-load-conf.sh b/overlay/usr/lib/bf/inc/proxy-load-conf.sh index 0cccd53..8487f84 100644 --- a/overlay/usr/lib/bf/inc/proxy-load-conf.sh +++ b/overlay/usr/lib/bf/inc/proxy-load-conf.sh @@ -19,3 +19,13 @@ fi CONF_JSON=`cat "${SSL_CONF}" | jq '.'` declare -a DOMAINS=(`jq -r '.domains[].primary' <<< "${CONF_JSON}"`) + + +#====================================================================================================================== +# Gets a domain object from the JSON configuration. +# +# Arguments +# 1 Primary domain name to select +#====================================================================================================================== + +function get-domain() { jq --arg PRIMARY "${1}" '.domains[] | select(.primary == $PRIMARY)' <<< "${JSON_CONF}" ; } diff --git a/overlay/usr/lib/bf/proxy/init b/overlay/usr/lib/bf/proxy/init index 25f3b27..9b4c6cc 100644 --- a/overlay/usr/lib/bf/proxy/init +++ b/overlay/usr/lib/bf/proxy/init @@ -42,16 +42,6 @@ setup-ssl ${PROXY_URI} "" bf-ok " . done." "proxy/init" -#====================================================================================================================== -# Gets a domain object from the JSON configuration. -# -# Arguments -# 1 Primary domain name to select -#====================================================================================================================== - -function get-domain() { jq --arg PRIMARY "${1}" '.domains[] | select(.primary == $PRIMARY)' <<< "${JSON_CONF}" ; } - - #====================================================================================================================== # Set up Nginx and SSL for each domain. #====================================================================================================================== From f205e4bbf50094036a55b17697ec3dbf72c3955f Mon Sep 17 00:00:00 2001 From: bfren Date: Wed, 4 May 2022 13:18:22 +0100 Subject: [PATCH 13/28] Using new conf in ssl-cleanup --- overlay/usr/bin/bf/ssl-cleanup | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/overlay/usr/bin/bf/ssl-cleanup b/overlay/usr/bin/bf/ssl-cleanup index a34d228..92ee600 100644 --- a/overlay/usr/bin/bf/ssl-cleanup +++ b/overlay/usr/bin/bf/ssl-cleanup @@ -57,7 +57,7 @@ remove () { bf-echo "Loading SSL configuration." source ${BF_INC}/proxy-load-conf.sh -bf-debug "Loaded: ${!DOMAINS[*]}." +bf-debug "Loaded: ${DOMAINS[@]}." #====================================================================================================================== @@ -105,7 +105,7 @@ for CFG in "${NGINX_CONFIGS[@]}" ; do # if STRIPPED is not the main PROXY_URI nor in the DOMAINS array, delete everything [[ "${PROXY_URI}" != "${STRIPPED}" ]] \ - && [[ ! " ${!DOMAINS[*]} " =~ " ${STRIPPED} " ]] \ + && [[ -z "`get-domain ${STRIPPED}`" ]] \ && remove "${PROXY_SITES}/${STRIPPED}" done From 1aa2fd2b230d5a2da7477e749db4339553091156 Mon Sep 17 00:00:00 2001 From: bfren Date: Wed, 4 May 2022 13:21:25 +0100 Subject: [PATCH 14/28] Updating JSON variable name --- overlay/usr/lib/bf/inc/proxy-load-conf.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/overlay/usr/lib/bf/inc/proxy-load-conf.sh b/overlay/usr/lib/bf/inc/proxy-load-conf.sh index 8487f84..3539c2b 100644 --- a/overlay/usr/lib/bf/inc/proxy-load-conf.sh +++ b/overlay/usr/lib/bf/inc/proxy-load-conf.sh @@ -16,9 +16,9 @@ fi # Load JSON and create DOMAINS array by selecting primary keys. #====================================================================================================================== -CONF_JSON=`cat "${SSL_CONF}" | jq '.'` +JSON=`cat "${SSL_CONF}" | jq '.'` -declare -a DOMAINS=(`jq -r '.domains[].primary' <<< "${CONF_JSON}"`) +declare -a DOMAINS=(`jq -r '.domains[].primary' <<< "${JSON}"`) #====================================================================================================================== @@ -28,4 +28,4 @@ declare -a DOMAINS=(`jq -r '.domains[].primary' <<< "${CONF_JSON}"`) # 1 Primary domain name to select #====================================================================================================================== -function get-domain() { jq --arg PRIMARY "${1}" '.domains[] | select(.primary == $PRIMARY)' <<< "${JSON_CONF}" ; } +function get-domain() { jq --arg PRIMARY "${1}" '.domains[] | select(.primary == $PRIMARY)' <<< "${JSON}" ; } From 2d31da3bae24b58b9a0ecd24b6adc8c7bc5b55ce Mon Sep 17 00:00:00 2001 From: bfren Date: Wed, 4 May 2022 13:29:54 +0100 Subject: [PATCH 15/28] Using helper functions to get config info --- overlay/usr/bin/bf/nginx-regenerate | 2 +- overlay/usr/lib/bf/inc/proxy-load-conf.sh | 4 ++++ overlay/usr/lib/bf/proxy/init | 6 +++--- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/overlay/usr/bin/bf/nginx-regenerate b/overlay/usr/bin/bf/nginx-regenerate index 0f95ea5..cc0d122 100644 --- a/overlay/usr/bin/bf/nginx-regenerate +++ b/overlay/usr/bin/bf/nginx-regenerate @@ -54,7 +54,7 @@ for CFG in "${NGINX_CONFIGS[@]}" ; do bf-debug " .. ${STRIPPED}" # the domain has standard config - delete conf file - CUSTOM_CONF=`get-domain "${STRIPPED}" | jq -r '.custom == true'` + CUSTOM_CONF=`get-custom "${STRIPPED}"` if [[ "${CUSTOM_CONF}" = "false" ]] ; then bf-debug " .. standard config: remove configuration file" diff --git a/overlay/usr/lib/bf/inc/proxy-load-conf.sh b/overlay/usr/lib/bf/inc/proxy-load-conf.sh index 3539c2b..7bc4f39 100644 --- a/overlay/usr/lib/bf/inc/proxy-load-conf.sh +++ b/overlay/usr/lib/bf/inc/proxy-load-conf.sh @@ -29,3 +29,7 @@ declare -a DOMAINS=(`jq -r '.domains[].primary' <<< "${JSON}"`) #====================================================================================================================== function get-domain() { jq --arg PRIMARY "${1}" '.domains[] | select(.primary == $PRIMARY)' <<< "${JSON}" ; } + +function get-upstream() { get-domain "${1}" | jq -r '.upstream' ; } +function get-aliases() { get-domain "${1}" | jq -r '.aliases[]?' ; } +function get-custom() { get-domain "${1}" | jq -r '.custom == true' ; } diff --git a/overlay/usr/lib/bf/proxy/init b/overlay/usr/lib/bf/proxy/init index 9b4c6cc..62ce850 100644 --- a/overlay/usr/lib/bf/proxy/init +++ b/overlay/usr/lib/bf/proxy/init @@ -49,9 +49,9 @@ bf-ok " . done." "proxy/init" bf-echo "Setting up domains..." "proxy/init" for DN in "${DOMAINS[@]}" ; do - UP=`get-domain "${DN}" | jq -r '.upstream'` # upstream server - AL=`get-domain "${DN}" | jq -r '.aliases[]'` # aliases - CF=`get-domain "${DN}" | jq -r '.custom == true'` # whether or not to use custom Nginx config + UP=`get-upstream` # upstream server + AL=`get-aliases` # aliases + CF=`get-custom` # whether or not to use custom Nginx config bf-echo " .. ${DN}" "proxy/init" From c3df56811ddcf7dd849c94ea8a04940547489882 Mon Sep 17 00:00:00 2001 From: bfren Date: Wed, 4 May 2022 13:43:22 +0100 Subject: [PATCH 16/28] Re-adding DN while getting info --- overlay/usr/lib/bf/proxy/init | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/overlay/usr/lib/bf/proxy/init b/overlay/usr/lib/bf/proxy/init index 62ce850..81e7198 100644 --- a/overlay/usr/lib/bf/proxy/init +++ b/overlay/usr/lib/bf/proxy/init @@ -49,14 +49,14 @@ bf-ok " . done." "proxy/init" bf-echo "Setting up domains..." "proxy/init" for DN in "${DOMAINS[@]}" ; do - UP=`get-upstream` # upstream server - AL=`get-aliases` # aliases - CF=`get-custom` # whether or not to use custom Nginx config + UP=`get-upstream ${DN}` # upstream server + AL=`get-aliases ${DN}` # aliases + CF=`get-custom ${DN}` # whether or not to use custom Nginx config bf-echo " .. ${DN}" "proxy/init" bf-echo " . Nginx..." "proxy/init" - setup-nginx 0 ${DN} "${UP}" "${AL}" "${CF}" + setup-nginx 0 ${DN} ${UP} "${AL}" ${CF} bf-echo " . SSL..." "proxy/init" setup-ssl ${DN} "${AL}" From fac4530b70e185f221187214f6916c036ee0df3d Mon Sep 17 00:00:00 2001 From: bfren Date: Wed, 4 May 2022 13:51:33 +0100 Subject: [PATCH 17/28] Using * to reference all items in array --- overlay/usr/bin/bf/nginx-regenerate | 2 +- overlay/usr/bin/bf/ssl-cleanup | 4 ++-- overlay/usr/lib/bf/inc/proxy-check.sh | 2 +- overlay/usr/lib/bf/proxy/init | 2 +- overlay/usr/lib/bf/proxy/request | 2 +- overlay/usr/lib/bf/proxy/update | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/overlay/usr/bin/bf/nginx-regenerate b/overlay/usr/bin/bf/nginx-regenerate index cc0d122..faaa7c2 100644 --- a/overlay/usr/bin/bf/nginx-regenerate +++ b/overlay/usr/bin/bf/nginx-regenerate @@ -32,7 +32,7 @@ done bf-echo "Loading SSL configuration." source ${BF_INC}/proxy-load-conf.sh -bf-debug "Loaded: ${DOMAINS[@]}." +bf-debug "Loaded: ${DOMAINS[*]}." #====================================================================================================================== diff --git a/overlay/usr/bin/bf/ssl-cleanup b/overlay/usr/bin/bf/ssl-cleanup index 92ee600..fb959e5 100644 --- a/overlay/usr/bin/bf/ssl-cleanup +++ b/overlay/usr/bin/bf/ssl-cleanup @@ -57,7 +57,7 @@ remove () { bf-echo "Loading SSL configuration." source ${BF_INC}/proxy-load-conf.sh -bf-debug "Loaded: ${DOMAINS[@]}." +bf-debug "Loaded: ${DOMAINS[*]}." #====================================================================================================================== @@ -79,7 +79,7 @@ for CFG in "${SSL_CONFIGS[@]}" ; do # if NAME is not the main PROXY_URI nor in the DOMAINS array, delete everything [[ "${PROXY_URI}" != "${NAME}" ]] \ - && [[ ! " ${!DOMAINS[*]} " =~ " ${NAME} " ]] \ + && [[ -z "`get-domain ${STRIPPED}`" ]] \ && remove "${PROXY_SSL_CERTS}/${NAME}" done diff --git a/overlay/usr/lib/bf/inc/proxy-check.sh b/overlay/usr/lib/bf/inc/proxy-check.sh index 82e8c91..b07b5ea 100644 --- a/overlay/usr/lib/bf/inc/proxy-check.sh +++ b/overlay/usr/lib/bf/inc/proxy-check.sh @@ -32,7 +32,7 @@ source ${BF_INC}/proxy-load-conf.sh # Check whether or not domains have been registered. #====================================================================================================================== -if [ "${#DOMAINS[@]}" = "0" ] ; then +if [ "${#DOMAINS[*]}" = "0" ] ; then bf-error "No domains have been registered for SSL - please add them to /ssl/conf.sh." "inc/proxy-check.sh" exit 1 fi diff --git a/overlay/usr/lib/bf/proxy/init b/overlay/usr/lib/bf/proxy/init index 81e7198..692a67e 100644 --- a/overlay/usr/lib/bf/proxy/init +++ b/overlay/usr/lib/bf/proxy/init @@ -47,7 +47,7 @@ bf-ok " . done." "proxy/init" #====================================================================================================================== bf-echo "Setting up domains..." "proxy/init" -for DN in "${DOMAINS[@]}" ; do +for DN in "${DOMAINS[*]}" ; do UP=`get-upstream ${DN}` # upstream server AL=`get-aliases ${DN}` # aliases diff --git a/overlay/usr/lib/bf/proxy/request b/overlay/usr/lib/bf/proxy/request index eef93ac..827f00b 100644 --- a/overlay/usr/lib/bf/proxy/request +++ b/overlay/usr/lib/bf/proxy/request @@ -39,7 +39,7 @@ bf-done "proxy/request" #====================================================================================================================== bf-echo "Requesting domain certificates..." "proxy/request" -for DN in "${!DOMAINS[@]}" ; do +for DN in "${DOMAINS[*]}" ; do bf-debug " .. ${DN}" "proxy/request" request "${DN}" done diff --git a/overlay/usr/lib/bf/proxy/update b/overlay/usr/lib/bf/proxy/update index a4d47d6..59efadd 100644 --- a/overlay/usr/lib/bf/proxy/update +++ b/overlay/usr/lib/bf/proxy/update @@ -30,5 +30,5 @@ bf-done "proxy/update" bf-echo "Updating pem files..." "proxy/update" create-pem ${PROXY_URI} -for DN in "${!DOMAINS[@]}" ; do create-pem "${DN}" ; done +for DN in "${DOMAINS[*]}" ; do create-pem "${DN}" ; done bf-done "proxy/update" From 058d2b66060f67024a6759a7871c018a06de7e37 Mon Sep 17 00:00:00 2001 From: bfren Date: Wed, 4 May 2022 13:52:09 +0100 Subject: [PATCH 18/28] Fixing ssl-cleanup --- overlay/usr/bin/bf/ssl-cleanup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/overlay/usr/bin/bf/ssl-cleanup b/overlay/usr/bin/bf/ssl-cleanup index fb959e5..1f01f60 100644 --- a/overlay/usr/bin/bf/ssl-cleanup +++ b/overlay/usr/bin/bf/ssl-cleanup @@ -79,7 +79,7 @@ for CFG in "${SSL_CONFIGS[@]}" ; do # if NAME is not the main PROXY_URI nor in the DOMAINS array, delete everything [[ "${PROXY_URI}" != "${NAME}" ]] \ - && [[ -z "`get-domain ${STRIPPED}`" ]] \ + && [[ -z "`get-domain ${NAME}`" ]] \ && remove "${PROXY_SSL_CERTS}/${NAME}" done From e980ea14bcdb74a0d23929b560bbc81db76d2e3e Mon Sep 17 00:00:00 2001 From: bfren Date: Wed, 4 May 2022 13:56:22 +0100 Subject: [PATCH 19/28] Fixing Domains loops --- overlay/usr/lib/bf/proxy/init | 2 +- overlay/usr/lib/bf/proxy/request | 2 +- overlay/usr/lib/bf/proxy/update | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/overlay/usr/lib/bf/proxy/init b/overlay/usr/lib/bf/proxy/init index 692a67e..81e7198 100644 --- a/overlay/usr/lib/bf/proxy/init +++ b/overlay/usr/lib/bf/proxy/init @@ -47,7 +47,7 @@ bf-ok " . done." "proxy/init" #====================================================================================================================== bf-echo "Setting up domains..." "proxy/init" -for DN in "${DOMAINS[*]}" ; do +for DN in "${DOMAINS[@]}" ; do UP=`get-upstream ${DN}` # upstream server AL=`get-aliases ${DN}` # aliases diff --git a/overlay/usr/lib/bf/proxy/request b/overlay/usr/lib/bf/proxy/request index 827f00b..972bb14 100644 --- a/overlay/usr/lib/bf/proxy/request +++ b/overlay/usr/lib/bf/proxy/request @@ -39,7 +39,7 @@ bf-done "proxy/request" #====================================================================================================================== bf-echo "Requesting domain certificates..." "proxy/request" -for DN in "${DOMAINS[*]}" ; do +for DN in "${DOMAINS[@]}" ; do bf-debug " .. ${DN}" "proxy/request" request "${DN}" done diff --git a/overlay/usr/lib/bf/proxy/update b/overlay/usr/lib/bf/proxy/update index 59efadd..ccc95a6 100644 --- a/overlay/usr/lib/bf/proxy/update +++ b/overlay/usr/lib/bf/proxy/update @@ -30,5 +30,5 @@ bf-done "proxy/update" bf-echo "Updating pem files..." "proxy/update" create-pem ${PROXY_URI} -for DN in "${DOMAINS[*]}" ; do create-pem "${DN}" ; done +for DN in "${DOMAINS[@]}" ; do create-pem "${DN}" ; done bf-done "proxy/update" From a3e14edf7ac4b680eeaf0d01f3d302948b734811 Mon Sep 17 00:00:00 2001 From: bfren Date: Wed, 4 May 2022 14:26:26 +0100 Subject: [PATCH 20/28] Updating site config template for new custom property --- overlay/etc/bf/templates/nginx-site.conf.esh | 30 ++++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/overlay/etc/bf/templates/nginx-site.conf.esh b/overlay/etc/bf/templates/nginx-site.conf.esh index a4cfef7..ec1b98d 100644 --- a/overlay/etc/bf/templates/nginx-site.conf.esh +++ b/overlay/etc/bf/templates/nginx-site.conf.esh @@ -1,17 +1,4 @@ -<% if [ -z "${DOMAIN_NGXCONF}" ] ; then -%> -#====================================================================================================================== -# WARNING: This file is generated. Do not make changes to this file. -# Changes will be overwritten the next time the container is started. -# -# To add server names or aliases please use /ssl/conf.sh (see ssl-conf-sample.sh). -# -# If you need a fully custom configuration then add the following to /ssl/conf.sh: -# NGXCONF["<%= "${DOMAIN_NAME}" %>"]="custom" -# This will stop this file being generated next time the container is started. -# -# Copyright (c) 2021 bfren -#====================================================================================================================== -<% else -%> +<% if [ "${DOMAIN_NGXCONF}" = "true" ] ; then -%> #====================================================================================================================== # You can make changes to this file. # @@ -27,7 +14,20 @@ # NGXCONF["<%= "${DOMAIN_NAME}" %>"]="" # This will cause this file to be regenerated next time the container is started. # -# Copyright (c) 2021 bfren +# Copyright (c) 2021-2022 bfren +#====================================================================================================================== +<% else -%> +#====================================================================================================================== +# WARNING: This file is generated. Do not make changes to this file. +# Changes will be overwritten the next time the container is started. +# +# To add server names or aliases please use /ssl/conf.sh (see ssl-conf-sample.sh). +# +# If you need a fully custom configuration then add the following to /ssl/conf.sh: +# NGXCONF["<%= "${DOMAIN_NAME}" %>"]="custom" +# This will stop this file being generated next time the container is started. +# +# Copyright (c) 2021-2022 bfren #====================================================================================================================== <% fi %> #====================================================================================================================== From 2c2dad64b53b097cab31bda5095735040d6dce16 Mon Sep 17 00:00:00 2001 From: bfren Date: Wed, 4 May 2022 14:30:42 +0100 Subject: [PATCH 21/28] Updating template comments --- overlay/etc/bf/templates/nginx-proxy.conf.esh | 2 +- overlay/etc/bf/templates/nginx-site.conf.esh | 10 ++++++---- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/overlay/etc/bf/templates/nginx-proxy.conf.esh b/overlay/etc/bf/templates/nginx-proxy.conf.esh index 9372824..52fd7d8 100644 --- a/overlay/etc/bf/templates/nginx-proxy.conf.esh +++ b/overlay/etc/bf/templates/nginx-proxy.conf.esh @@ -4,7 +4,7 @@ # # Use environment variable PROXY_URI to change this file. # -# Copyright (c) 2021 bfren +# Copyright (c) 2021-2022 bfren #====================================================================================================================== #====================================================================================================================== diff --git a/overlay/etc/bf/templates/nginx-site.conf.esh b/overlay/etc/bf/templates/nginx-site.conf.esh index ec1b98d..94be733 100644 --- a/overlay/etc/bf/templates/nginx-site.conf.esh +++ b/overlay/etc/bf/templates/nginx-site.conf.esh @@ -10,8 +10,9 @@ # d) custom configuration can be added to the /sites/<%= "${DOMAIN_NAME}" %>.d directory - # these are loaded as part of the HTTPS server block below # -# If you would like to return to using generated configuration then remove the following from /ssl/conf.sh: -# NGXCONF["<%= "${DOMAIN_NAME}" %>"]="" +# If you would like to return to using generated configuration then remove the following from /ssl/conf.json in the +# "<%= "${DOMAIN_NAME}" %>"" domain object: +# "custom": true # This will cause this file to be regenerated next time the container is started. # # Copyright (c) 2021-2022 bfren @@ -23,8 +24,9 @@ # # To add server names or aliases please use /ssl/conf.sh (see ssl-conf-sample.sh). # -# If you need a fully custom configuration then add the following to /ssl/conf.sh: -# NGXCONF["<%= "${DOMAIN_NAME}" %>"]="custom" +# If you need a fully custom configuration then add the following to /ssl/conf.shin the +# "<%= "${DOMAIN_NAME}" %>"" domain object: +# "custom": true # This will stop this file being generated next time the container is started. # # Copyright (c) 2021-2022 bfren From e82a320988099e02a956fc141f73c371378538e1 Mon Sep 17 00:00:00 2001 From: bfren Date: Wed, 4 May 2022 14:32:53 +0100 Subject: [PATCH 22/28] Updating config template comments --- overlay/etc/bf/templates/nginx-site.conf.esh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/overlay/etc/bf/templates/nginx-site.conf.esh b/overlay/etc/bf/templates/nginx-site.conf.esh index 94be733..33438cc 100644 --- a/overlay/etc/bf/templates/nginx-site.conf.esh +++ b/overlay/etc/bf/templates/nginx-site.conf.esh @@ -11,7 +11,7 @@ # these are loaded as part of the HTTPS server block below # # If you would like to return to using generated configuration then remove the following from /ssl/conf.json in the -# "<%= "${DOMAIN_NAME}" %>"" domain object: +# object where the primary domain is "<%= "${DOMAIN_NAME}" %>": # "custom": true # This will cause this file to be regenerated next time the container is started. # @@ -24,8 +24,8 @@ # # To add server names or aliases please use /ssl/conf.sh (see ssl-conf-sample.sh). # -# If you need a fully custom configuration then add the following to /ssl/conf.shin the -# "<%= "${DOMAIN_NAME}" %>"" domain object: +# If you need a fully custom configuration then add the following to /ssl/conf.json in the object where the primary +# domain is "<%= "${DOMAIN_NAME}" %>": # "custom": true # This will stop this file being generated next time the container is started. # From 5779005cf97c8e26ad4a0360e76922296324facd Mon Sep 17 00:00:00 2001 From: bfren Date: Wed, 4 May 2022 14:57:28 +0100 Subject: [PATCH 23/28] Fixing misleading log output --- overlay/usr/bin/bf/ssl-cleanup | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/overlay/usr/bin/bf/ssl-cleanup b/overlay/usr/bin/bf/ssl-cleanup index 1f01f60..1732a3a 100644 --- a/overlay/usr/bin/bf/ssl-cleanup +++ b/overlay/usr/bin/bf/ssl-cleanup @@ -42,9 +42,9 @@ esac remove () { if [ "${MODE}" = "0" ] ; then - bf-echo " .. will remove ${1}/*" + bf-echo " .. will remove ${1}*" elif [ "${MODE}" = "1" ] ; then - bf-echo " .. removing ${1}/*" + bf-echo " .. removing ${1}*" bf-rmrf ${1}* > /dev/null 2>&1 fi From 6c70e007bbf463b0d281e1e78f7876544805c948 Mon Sep 17 00:00:00 2001 From: bfren Date: Wed, 4 May 2022 15:06:11 +0100 Subject: [PATCH 24/28] Updating README --- README.md | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 0aebccb..96b0f53 100644 --- a/README.md +++ b/README.md @@ -27,11 +27,11 @@ For SSL certificate requests to work correctly, ports 80 and 443 need mapping fr ## Volumes -| Volume | Purpose | -| -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| `/www` | *From base image.* | -| `/sites` | Nginx site configuration, auto-generated on first run based on `conf.sh`. After they are generated, you can alter them to suit their needs. Running `nginx-regenerate` will wipe them all and start again. | -| `/ssl` | Contains auto-generated SSL configuration and certificates (for backup purposes). Your `conf.sh` file should be stored in here for auto-configuration (see `ssl-conf-sample.sh`). Certificate update log (`update.log`) will be created here weekly. | +| Volume | Purpose | +| -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `/www` | *From base image.* | +| `/sites` | Nginx site configuration, auto-generated on first run based on `conf.json`. After they are generated, you can alter them to suit their needs. Running `nginx-regenerate` will wipe them all and start again. | +| `/ssl` | Contains auto-generated SSL configuration and certificates (for backup purposes). Your `conf.json` file should be stored in here for auto-configuration (see `ssl-conf-sample.json`). Certificate update log (`update.log`) will be created here daily. | ## Environment Variables @@ -42,20 +42,20 @@ For SSL certificate requests to work correctly, ports 80 and 443 need mapping fr | `PROXY_LETS_ENCRYPT_EMAIL` | A valid email address | Used by Lets Encrypt for notification emails. | *None* - **required** | | `PROXY_LETS_ENCRYPT_LIVE` | 0 or 1 | Only set to 1 (to request live certificates) when your config is correct - Lets Encrypt rate limit certificate requests. | 0 | | `PROXY_SSL_DHPARAM_BITS` | A valid integer | The size of your DHPARAM variables - adjust down only if you have limited processing resources. | 4096 | -| `PROXY_SSL_REDIRECT_TO_CANONICAL` | 0 or 1 | If 1, all requests will be redirected to the primary domain (defined in `conf.sh`). | 0 | +| `PROXY_SSL_REDIRECT_TO_CANONICAL` | 0 or 1 | If 1, all requests will be redirected to the primary domain (defined in `conf.json`). | 0 | | `PROXY_GETSSL_SKIP_HTTP_TOKEN_CHECK` | true or false | Set to true to enable `getssl`'s [skip HTTP token check](https://github.com/srvrco/getssl/wiki/Config-variables#skip_http_token_checkfalse). | false | ## Helper Functions -| Function | Arguments | Description | -| --------------------- | --------- | ---------------------------------------------------------------------------------------------------------------- | -| `nginx-regenerate` | *None* | Removes Nginx configuration files (in `/sites`) and regenerates based on `conf.sh`. | -| `ssl-cleanup` | *None* | Removes SSL and Nginx configuration files and directories not defined in `conf.sh`. | -| `ssl-init` | *None* | Initialises SSL configuration based on `conf.sh`. | -| `ssl-regenerate` | *None* | Removes SSL configuration files (in `/ssl/certs`) and regenerates based on `conf.sh`. | -| `ssl-regenerate-full` | *None* | Removes SSL configuration files (in `/ssl/certs`), as well as DH parameters, and regenerates based on `conf.sh`. | -| `ssl-request` | *None* | Requests SSL certificates from Lets Encrypt. | -| `ssl-update` | *None* | Attempts to update SSL certificates manually. | +| Function | Arguments | Description | +| --------------------- | --------- | -------------------------------------------------------------------------------------------------------------------------- | +| `nginx-regenerate` | -f: force | Removes non-custom Nginx configuration files (in `/sites`) and regenerates based on `conf.json` (with force, removes all). | +| `ssl-cleanup` | -m: mode | Removes SSL and Nginx configuration files and directories not defined in `conf.json` (mode 0 = dry run, 1 = live). | +| `ssl-init` | *None* | Initialises SSL configuration based on `conf.json`. | +| `ssl-regenerate` | *None* | Removes SSL configuration files (in `/ssl/certs`) and regenerates based on `conf.json`. | +| `ssl-regenerate-full` | *None* | Removes SSL configuration files (in `/ssl/certs`), as well as DH parameters, and regenerates based on `conf.json`. | +| `ssl-request` | *None* | Requests SSL certificates from Lets Encrypt. | +| `ssl-update` | *None* | Attempts to update SSL certificates manually. | ## Nginx Configuration Helpers From e5d9308fcb924e56eaf6c8bac739d3dcf1d1c819 Mon Sep 17 00:00:00 2001 From: bfren Date: Wed, 4 May 2022 15:44:38 +0100 Subject: [PATCH 25/28] Build jq from source instead of using package --- overlay/tmp/install | 39 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 38 insertions(+), 1 deletion(-) diff --git a/overlay/tmp/install b/overlay/tmp/install index 4a4aae3..b90351b 100644 --- a/overlay/tmp/install +++ b/overlay/tmp/install @@ -4,6 +4,43 @@ set -euo pipefail export BF_E=`basename ${0}` +#====================================================================================================================== +# Build jq from source. +#====================================================================================================================== + +bf-echo "Installing build dependencies..." +apk add --no-cache --virtual .install \ + alpine-sdk \ + autoconf \ + automake \ + git \ + libtool \ + oniguruma-dev + +bf-echo "Cloning jq source..." +cd /tmp && \ + git clone https://github.com/stedolan/jq.git && \ + cd jq + +bf-echo "Configuring jq..." +autoreconf -fi +./configure \ + --prefix=/usr \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --localstatedir=/var \ + --disable-docs + +bf-echo "Installing jq..." +make +make install + +bf-echo "Removing jq installation..." +apk del .install + +bf-done + + #====================================================================================================================== # Install packages. #====================================================================================================================== @@ -12,7 +49,7 @@ bf-echo "Installing packages..." apk add --no-cache \ bash \ curl \ - jq \ + oniguruma \ openssl bf-done From 3f25437642eba4ee9843a25a619df60d4c83b5fd Mon Sep 17 00:00:00 2001 From: bfren Date: Wed, 4 May 2022 15:47:15 +0100 Subject: [PATCH 26/28] Build from jq fork instead of original --- overlay/tmp/install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/overlay/tmp/install b/overlay/tmp/install index b90351b..0d2a859 100644 --- a/overlay/tmp/install +++ b/overlay/tmp/install @@ -19,7 +19,7 @@ apk add --no-cache --virtual .install \ bf-echo "Cloning jq source..." cd /tmp && \ - git clone https://github.com/stedolan/jq.git && \ + git clone https://github.com/bfren/jq.git && \ cd jq bf-echo "Configuring jq..." From e4e7efaae7cd7a651adc05e54d31ef5ef4de6f75 Mon Sep 17 00:00:00 2001 From: bfren Date: Wed, 4 May 2022 16:26:42 +0100 Subject: [PATCH 27/28] Using gojq instead of jq --- overlay/tmp/install | 39 +---------------------- overlay/usr/lib/bf/inc/proxy-load-conf.sh | 12 +++---- 2 files changed, 7 insertions(+), 44 deletions(-) diff --git a/overlay/tmp/install b/overlay/tmp/install index 0d2a859..7994b37 100644 --- a/overlay/tmp/install +++ b/overlay/tmp/install @@ -4,43 +4,6 @@ set -euo pipefail export BF_E=`basename ${0}` -#====================================================================================================================== -# Build jq from source. -#====================================================================================================================== - -bf-echo "Installing build dependencies..." -apk add --no-cache --virtual .install \ - alpine-sdk \ - autoconf \ - automake \ - git \ - libtool \ - oniguruma-dev - -bf-echo "Cloning jq source..." -cd /tmp && \ - git clone https://github.com/bfren/jq.git && \ - cd jq - -bf-echo "Configuring jq..." -autoreconf -fi -./configure \ - --prefix=/usr \ - --sysconfdir=/etc \ - --mandir=/usr/share/man \ - --localstatedir=/var \ - --disable-docs - -bf-echo "Installing jq..." -make -make install - -bf-echo "Removing jq installation..." -apk del .install - -bf-done - - #====================================================================================================================== # Install packages. #====================================================================================================================== @@ -49,7 +12,7 @@ bf-echo "Installing packages..." apk add --no-cache \ bash \ curl \ - oniguruma \ + gojq \ openssl bf-done diff --git a/overlay/usr/lib/bf/inc/proxy-load-conf.sh b/overlay/usr/lib/bf/inc/proxy-load-conf.sh index 7bc4f39..7ed6354 100644 --- a/overlay/usr/lib/bf/inc/proxy-load-conf.sh +++ b/overlay/usr/lib/bf/inc/proxy-load-conf.sh @@ -16,9 +16,9 @@ fi # Load JSON and create DOMAINS array by selecting primary keys. #====================================================================================================================== -JSON=`cat "${SSL_CONF}" | jq '.'` +JSON=`cat "${SSL_CONF}" | gojq '.'` -declare -a DOMAINS=(`jq -r '.domains[].primary' <<< "${JSON}"`) +declare -a DOMAINS=(`gojq -r '.domains[].primary' <<< "${JSON}"`) #====================================================================================================================== @@ -28,8 +28,8 @@ declare -a DOMAINS=(`jq -r '.domains[].primary' <<< "${JSON}"`) # 1 Primary domain name to select #====================================================================================================================== -function get-domain() { jq --arg PRIMARY "${1}" '.domains[] | select(.primary == $PRIMARY)' <<< "${JSON}" ; } +function get-domain() { gojq --arg PRIMARY "${1}" '.domains[] | select(.primary == $PRIMARY)' <<< "${JSON}" ; } -function get-upstream() { get-domain "${1}" | jq -r '.upstream' ; } -function get-aliases() { get-domain "${1}" | jq -r '.aliases[]?' ; } -function get-custom() { get-domain "${1}" | jq -r '.custom == true' ; } +function get-upstream() { get-domain "${1}" | gojq -r '.upstream' ; } +function get-aliases() { get-domain "${1}" | gojq -r '.aliases[]?' ; } +function get-custom() { get-domain "${1}" | gojq -r '.custom == true' ; } From 78366c091d7dc0ece3536968d05184115723c4cb Mon Sep 17 00:00:00 2001 From: bfren Date: Wed, 4 May 2022 16:35:18 +0100 Subject: [PATCH 28/28] Reverting to jq --- overlay/tmp/install | 2 +- overlay/usr/lib/bf/inc/proxy-load-conf.sh | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/overlay/tmp/install b/overlay/tmp/install index 7994b37..4a4aae3 100644 --- a/overlay/tmp/install +++ b/overlay/tmp/install @@ -12,7 +12,7 @@ bf-echo "Installing packages..." apk add --no-cache \ bash \ curl \ - gojq \ + jq \ openssl bf-done diff --git a/overlay/usr/lib/bf/inc/proxy-load-conf.sh b/overlay/usr/lib/bf/inc/proxy-load-conf.sh index 7ed6354..7bc4f39 100644 --- a/overlay/usr/lib/bf/inc/proxy-load-conf.sh +++ b/overlay/usr/lib/bf/inc/proxy-load-conf.sh @@ -16,9 +16,9 @@ fi # Load JSON and create DOMAINS array by selecting primary keys. #====================================================================================================================== -JSON=`cat "${SSL_CONF}" | gojq '.'` +JSON=`cat "${SSL_CONF}" | jq '.'` -declare -a DOMAINS=(`gojq -r '.domains[].primary' <<< "${JSON}"`) +declare -a DOMAINS=(`jq -r '.domains[].primary' <<< "${JSON}"`) #====================================================================================================================== @@ -28,8 +28,8 @@ declare -a DOMAINS=(`gojq -r '.domains[].primary' <<< "${JSON}"`) # 1 Primary domain name to select #====================================================================================================================== -function get-domain() { gojq --arg PRIMARY "${1}" '.domains[] | select(.primary == $PRIMARY)' <<< "${JSON}" ; } +function get-domain() { jq --arg PRIMARY "${1}" '.domains[] | select(.primary == $PRIMARY)' <<< "${JSON}" ; } -function get-upstream() { get-domain "${1}" | gojq -r '.upstream' ; } -function get-aliases() { get-domain "${1}" | gojq -r '.aliases[]?' ; } -function get-custom() { get-domain "${1}" | gojq -r '.custom == true' ; } +function get-upstream() { get-domain "${1}" | jq -r '.upstream' ; } +function get-aliases() { get-domain "${1}" | jq -r '.aliases[]?' ; } +function get-custom() { get-domain "${1}" | jq -r '.custom == true' ; }