2017-08-02 01:38:20 +03:00
|
|
|
#!/bin/bash
|
2017-07-31 23:10:04 +03:00
|
|
|
|
|
|
|
|
# Render Nginx configuration template using values from Consul,
|
2017-08-02 01:38:20 +03:00
|
|
|
# but do not reload because Nginx has't started yet.
|
|
|
|
|
# Install key files for TLS auth in nginx
|
2017-07-31 23:10:04 +03:00
|
|
|
preStart() {
|
2017-08-02 01:38:20 +03:00
|
|
|
# Copy creds from env vars to files on disk
|
|
|
|
|
if [ -n ${!NGINX_CA_CRT} ] \
|
|
|
|
|
&& [ -n ${!NGINX_SERVER_KEY} ] \
|
|
|
|
|
&& [ -n ${!NGINX_SERVER_CRT} ]
|
|
|
|
|
then
|
|
|
|
|
local nginx_path=/etc/nginx/certs
|
|
|
|
|
mkdir -p $nginx_path
|
|
|
|
|
mkdir -p $nginx_path/ca
|
|
|
|
|
mkdir -p $nginx_path/server
|
|
|
|
|
echo -e "${NGINX_CA_CRT}" | tr '#' '\n' > $nginx_path/ca/ca.crt
|
|
|
|
|
echo -e "${NGINX_SERVER_KEY}" | tr '#' '\n' > $nginx_path/server/server.key
|
|
|
|
|
echo -e "${NGINX_SERVER_CRT}" | tr '#' '\n' > $nginx_path/server/server.crt
|
|
|
|
|
|
|
|
|
|
chmod 444 $nginx_path/ca/ca.crt
|
|
|
|
|
chmod 444 $nginx_path/server/server.key
|
|
|
|
|
chmod 444 $nginx_path/server/server.crt
|
|
|
|
|
fi
|
|
|
|
|
|
2017-07-31 23:10:04 +03:00
|
|
|
consul-template \
|
|
|
|
|
-once \
|
2017-08-03 23:09:12 +03:00
|
|
|
-consul-addr "localhost:8500" \
|
2017-07-31 23:10:04 +03:00
|
|
|
-template "/etc/nginx/nginx.conf.tmpl:/etc/nginx/nginx.conf"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Render Nginx configuration template using values from Consul,
|
|
|
|
|
# then gracefully reload Nginx
|
|
|
|
|
onChange() {
|
|
|
|
|
consul-template \
|
|
|
|
|
-once \
|
2017-08-03 23:09:12 +03:00
|
|
|
-consul-addr "localhost:8500" \
|
2017-07-31 23:10:04 +03:00
|
|
|
-template "/etc/nginx/nginx.conf.tmpl:/etc/nginx/nginx.conf:nginx -s reload"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
until
|
|
|
|
|
cmd=$1
|
|
|
|
|
if [ -z "$cmd" ]; then
|
|
|
|
|
onChange
|
|
|
|
|
fi
|
|
|
|
|
shift 1
|
|
|
|
|
$cmd "$@"
|
|
|
|
|
[ "$?" -ne 127 ]
|
|
|
|
|
do
|
|
|
|
|
onChange
|
|
|
|
|
exit
|
|
|
|
|
done
|
