Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ddev-router should not accept hostnames it's not configured for, fixes …
- Loading branch information
Showing
8 changed files
with
85 additions
and
59 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,2 @@ | ||
nginx: nginx | ||
dockergen: docker-gen -watch -only-exposed --notify-output -notify "chmod ugo+x /gen-cert.sh && /gen-cert.sh && sleep 1 && nginx -s reload" /app/gen-cert.sh.tmpl /gen-cert.sh | ||
dockergen: docker-gen -watch -only-exposed --notify-output -notify "bash /gen-cert-and-nginx-config.sh" /app/gen-cert-and-nginx-config.sh.tmpl /gen-cert-and-nginx-config.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
#!/bin/bash | ||
|
||
# This gets prprocessed by docker-gen into a script which generates needed | ||
# mkcert certs and updates the nginx configs for all projects | ||
|
||
set -eu -o pipefail | ||
|
||
hostnames='{{ range $host, $containers := groupByMulti $ "Env.VIRTUAL_HOST" "," }}{{ trim $host }} {{ end }}' | ||
echo "Processing certs and nginx for hostnames: $hostnames" | ||
|
||
# To redirect invalid hostnames, we need a list of http ports and https ports | ||
httpports='80 | ||
{{ range $port, $containers := groupByMulti $ "Env.HTTP_EXPOSE" "," }}{{ trim $port }} | ||
{{ end }}' | ||
echo "${httpports}" >/tmp/httpports.txt | ||
httpsports='443 | ||
{{ range $port, $containers := groupByMulti $ "Env.HTTPS_EXPOSE" "," }}{{ trim $port }} | ||
{{ end }}' | ||
echo "${httpsports}" >/tmp/httpsports.txt | ||
|
||
# Convert the lists into unique sets of listen directives in /tmp | ||
awk -F: '$0 != "" {printf "\tlisten %s;\n", $1;}' /tmp/httpports.txt | sort -u >/tmp/http_ports.conf | ||
awk -F: '$0 != "" {printf "\tlisten %s ssl http2;\n", $1;}' /tmp/httpsports.txt | sort -u >/tmp/https_ports.conf | ||
|
||
|
||
if [ ! -z "${USE_LETSENCRYPT:-}" ]; then | ||
for host in ${hostnames}; do | ||
# certbot challenge can fail for many reasons, but don't let it break everything | ||
certbot --nginx certonly -n --domain "${host}" --agree-tos --email "${LETSENCRYPT_EMAIL:-}" || true | ||
done | ||
fi | ||
|
||
mkcert -cert-file /etc/nginx/certs/master.crt -key-file /etc/nginx/certs/master.key $hostnames 127.0.0.1 localhost "*.ddev.site" | ||
|
||
# This is not recursive, as it executes completely different instructions. | ||
# It's important for the nginx config creation and the nginx reload to take place after all cert | ||
# activities are completed. | ||
docker-gen -only-exposed -notify-output -notify "sleep 1 && nginx -s reload" /app/nginx.tmpl /etc/nginx/conf.d/default.conf |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters