diff --git a/applications/php/scripts/packages.sh b/applications/php/scripts/packages.sh index a09f2be..9e667b7 100644 --- a/applications/php/scripts/packages.sh +++ b/applications/php/scripts/packages.sh @@ -1,4 +1,4 @@ -${PHP_VERSION}-bcmath ${PHP_VERSION}-bz2 ${PHP_VERSION}-calendar ${PHP_VERSION}-cgi ${PHP_VERSION}-common ${PHP_VERSION}-ctype \ +composer ${PHP_VERSION}-bcmath ${PHP_VERSION}-bz2 ${PHP_VERSION}-calendar ${PHP_VERSION}-cgi ${PHP_VERSION}-common ${PHP_VERSION}-ctype \ ${PHP_VERSION}-curl ${PHP_VERSION}-dba ${PHP_VERSION}-dev ${PHP_VERSION}-doc ${PHP_VERSION}-dom ${PHP_VERSION}-embed ${PHP_VERSION}-enchant ${PHP_VERSION}-exif ${PHP_VERSION}-ffi \ ${PHP_VERSION}-fileinfo ${PHP_VERSION}-fpm ${PHP_VERSION}-ftp ${PHP_VERSION}-gd ${PHP_VERSION}-gettext ${PHP_VERSION}-gmp ${PHP_VERSION}-iconv ${PHP_VERSION}-imap ${PHP_VERSION}-intl \ ${PHP_VERSION}-ldap ${PHP_VERSION}-litespeed ${PHP_VERSION}-mbstring ${PHP_VERSION}-mysqli ${PHP_VERSION}-mysqlnd ${PHP_VERSION}-odbc ${PHP_VERSION}-opcache ${PHP_VERSION}-openssl \ diff --git a/applications/postgres/scripts/install.sh b/applications/postgres/scripts/install.sh index 5f4a1ef..e3682a7 100644 --- a/applications/postgres/scripts/install.sh +++ b/applications/postgres/scripts/install.sh @@ -1,9 +1,4 @@ -mkdir -p "/etc/phppgadmin" -[ -e "/etc/php" ] && rm -Rf "/etc/php" -[ -d "/etc/apache2/conf.d" ] && rm -Rf "/etc/apache2/conf.d"/* -[ -d "/tmp/etc/php" ] && mv -f "/tmp/etc/php" "/tmp/etc/${PHP_VERSION}" -[ -d "/etc/${PHP_VERSION}" ] && ln -sf "/etc/${PHP_VERSION}" "/etc/php" -git clone -q --depth 1 "https://github.com/phppgadmin/phppgadmin" "${WWW_ROOT_DIR}}" -cp -Rf "/tmp/etc/." "/etc/" +mkdir -p "/etc/phppgadmin" "${WWW_ROOT_DIR}" +git clone -q --depth 1 "https://github.com/phppgadmin/phppgadmin" "${WWW_ROOT_DIR}" cp -Rf "/usr/local/share/template-files/config/phppgadmin/config.php" "/etc/phppgadmin/config.php" ln -sf "/etc/phppgadmin/config.php" "${WWW_ROOT_DIR}}/conf/config.inc.php" diff --git a/applications/redis/config/redis/redis.conf b/applications/redis/config/redis/redis.conf new file mode 100644 index 0000000..c34e26a --- /dev/null +++ b/applications/redis/config/redis/redis.conf @@ -0,0 +1,8 @@ +# Redis conf file +port 6379 +unixsocket /run/redis.sock +unixsocketperm 770 +daemonize no +pidfile /tmp/redis.pid +dir REPLACE_DATABASE_DIR +save 3600 1 300 100 60 10000 diff --git a/applications/redis/scripts/commands.sh b/applications/redis/scripts/commands.sh index e69de29..5287142 100644 --- a/applications/redis/scripts/commands.sh +++ b/applications/redis/scripts/commands.sh @@ -0,0 +1,14 @@ +SERVICE_PORT="6379" + +EXEC_CMD_BIN="redis-server" # command to execute +EXEC_CMD_ARGS="$ETC_DIR/redis.conf" # command arguments + +sysctl vm.overcommit_memory=1 +echo madvise >/sys/kernel/mm/transparent_hugepage/enabled + +if [ -n "$root_user_name" ] && [ -n "$root_user_pass" ]; then + if ! grep -qs "$root_user_name" "$ETC_DIR/redis.conf"; then + echo 'user '$root_user_name' on +@all ~* >'$root_user_pass'' >>"$ETC_DIR/redis.conf" + fi +fi +grep -qs 'redis' /etc/passwd && chown -Rf redis. "$ETC_DIR" "$LOG_DIR" "$DATABASE_DIR" diff --git a/configs/nginx/nginx.conf b/configs/nginx/nginx.conf index e7006bb..b650733 100644 --- a/configs/nginx/nginx.conf +++ b/configs/nginx/nginx.conf @@ -12,43 +12,67 @@ events { http { include /etc/nginx/mime.types; default_type "text/html"; - access_log /data/logs/nginx/access.default.log; + access_log /data/logs/nginx/access.REPLACE_SERVER_NAME.log; sendfile on; keepalive_timeout 65; gzip on; map $http_upgrade $connection_upgrade { default upgrade; '' close; } disable_symlinks off; + root REPLACE_SERVER_WWW_DIR; server { - listen REPLACE_SERVER_PORT default_server; + listen REPLACE_SERVER_PORT; server_name REPLACE_SERVER_NAME; + root REPLACE_SERVER_WWW_DIR; + index index.php index.html index.cgi index.pl index.aspx index.txt index.json index.unknown.php index.default.php; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-XSS-Protection "1; mode=block" always; + add_header X-Content-Type-Options "nosniff" always; + add_header Referrer-Policy "no-referrer-when-downgrade" always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-src 'self' *; object-src 'self'" always; + proxy_intercept_errors off; + + location = /favicon.ico { + alias /usr/local/share/wwwroot/favicon.ico; + log_not_found off; + access_log off; + } + + location = /robots.txt { + alias /usr/local/share/wwwroot/robots.txt; + allow all; + log_not_found off; + access_log off; + } + + location ^~ /.well-known { + default_type "text/plain"; + root /usr/local/share/wwwroot/.well-known; + } + + location ^~ /health { + default_type "text/plain"; + allow all; + access_log off; + root /usr/local/share/wwwroot/health; + } + + location ^~ /health/txt { + default_type application/json; + allow all; + access_log off; + return 200 'ok'; + } - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location /health { - default_type text/html; - allow all; - access_log off; - return 200 'OK'; - } - - location /health/json { + location ^~ /health/json { default_type application/json; allow all; access_log off; return 200 '{"status":"OK"}'; } - - location /health/status { + + location ^~ /health/status { stub_status; } @@ -57,12 +81,55 @@ http { if (!-f $document_root$fastcgi_script_name) { return 404; } - fastcgi_param HTTP_PROXY ""; - fastcgi_pass 127.0.0.1:9000; - fastcgi_index index.php; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param HTTP_PROXY ""; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + fastcgi_param QUERY_STRING $query_string; + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_param SCRIPT_NAME $fastcgi_script_name; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param REQUEST_URI $request_uri; + fastcgi_param DOCUMENT_URI $document_uri; + fastcgi_param DOCUMENT_ROOT $document_root; + fastcgi_param SERVER_PROTOCOL $server_protocol; + fastcgi_param REQUEST_SCHEME $scheme; + fastcgi_param HTTPS $https if_not_empty; + fastcgi_param GATEWAY_INTERFACE CGI/1.1; + fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + fastcgi_param REMOTE_ADDR $remote_addr; + fastcgi_param REMOTE_PORT $remote_port; + fastcgi_param SERVER_ADDR $server_addr; + fastcgi_param SERVER_PORT $server_port; + fastcgi_param SERVER_NAME $server_name; + # PHP only, required if PHP was built with --enable-force-cgi-redirect + fastcgi_param REDIRECT_STATUS 200; + } + # location /cgi-bin { + # root /usr/local/share/wwwroot/cgi-bin; + # gzip off; + # fastcgi_pass unix:/var/run/fcgiwrap.socket; + # fastcgi_param HTTP_PROXY ""; + # fastcgi_param GATEWAY_INTERFACE CGI/1.1; + # fastcgi_param SERVER_SOFTWARE nginx; + # fastcgi_param QUERY_STRING $query_string; + # fastcgi_param REQUEST_METHOD $request_method; + # fastcgi_param CONTENT_TYPE $content_type; + # fastcgi_param CONTENT_LENGTH $content_length; + # fastcgi_param SCRIPT_NAME $fastcgi_script_name; + # fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + # fastcgi_param REQUEST_URI $request_uri; + # fastcgi_param DOCUMENT_URI $document_uri; + # fastcgi_param DOCUMENT_ROOT $document_root; + # fastcgi_param SERVER_PROTOCOL $server_protocol; + # fastcgi_param REMOTE_ADDR $remote_addr; + # fastcgi_param REMOTE_PORT $remote_port; + # fastcgi_param SERVER_ADDR $server_addr; + # fastcgi_param SERVER_PORT $server_port; + # fastcgi_param SERVER_NAME $server_name; +# } } include /etc/nginx/vhosts.d/*.conf; } diff --git a/configs/nginx/nginx.ssl.conf b/configs/nginx/nginx.ssl.conf new file mode 100644 index 0000000..2bdd6b8 --- /dev/null +++ b/configs/nginx/nginx.ssl.conf @@ -0,0 +1,131 @@ +# Default nginx configuration +user root; +worker_processes auto; +daemon off; +error_log /data/logs/nginx/nginx.log warn; +pid /run/nginx.pid; + +events { + worker_connections 1024; +} + +http { + include /etc/nginx/mime.types; + default_type "text/html"; + access_log /data/logs/nginx/access.default.log; + sendfile on; + keepalive_timeout 65; + gzip on; + map $http_upgrade $connection_upgrade { default upgrade; '' close; } + disable_symlinks off; + root REPLACE_SERVER_WWW_DIR; + + server { + listen REPLACE_SERVER_PORT; + server_name REPLACE_SERVER_NAME; + root REPLACE_SERVER_WWW_DIR; + index index.php index.cgi index.pl index.aspx index.txt index.json index.html index.unknown.php index.default.php; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-XSS-Protection "1; mode=block" always; + add_header X-Content-Type-Options "nosniff" always; + add_header Referrer-Policy "no-referrer-when-downgrade" always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-src 'self' *; object-src 'self'" always; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; + ssl_prefer_server_ciphers off; + ssl_certificate /etc/ssl/localhost.crt; + ssl_certificate_key /etc/ssl/localhost.key; + proxy_intercept_errors off; + + location ^~ /.well-known { + default_type "text/plain"; + root REPLACE_SERVER_WWW_DIR/.well-known; + } + + location ^~ = /favicon.ico { + log_not_found off; + access_log off; + } + + location ^~ = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ^~ /health { + default_type text/html; + allow all; + access_log off; + return 200 'OK'; + } + + location ^~ /health/json { + default_type application/json; + allow all; + access_log off; + return 200 '{"status":"OK"}'; + } + + location ^~ /health/status { + stub_status; + } + + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_param HTTP_PROXY ""; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + fastcgi_param QUERY_STRING $query_string; + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_param SCRIPT_NAME $fastcgi_script_name; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param REQUEST_URI $request_uri; + fastcgi_param DOCUMENT_URI $document_uri; + fastcgi_param DOCUMENT_ROOT $document_root; + fastcgi_param SERVER_PROTOCOL $server_protocol; + fastcgi_param REQUEST_SCHEME $scheme; + fastcgi_param HTTPS $https if_not_empty; + fastcgi_param GATEWAY_INTERFACE CGI/1.1; + fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + fastcgi_param REMOTE_ADDR $remote_addr; + fastcgi_param REMOTE_PORT $remote_port; + fastcgi_param SERVER_ADDR $server_addr; + fastcgi_param SERVER_PORT $server_port; + fastcgi_param SERVER_NAME $server_name; + # PHP only, required if PHP was built with --enable-force-cgi-redirect + fastcgi_param REDIRECT_STATUS 200; + + } + # location /cgi-bin { + # root /usr/local/share/wwwroot/cgi-bin; + # gzip off; + # fastcgi_pass unix:/var/run/fcgiwrap.socket; + # fastcgi_param HTTP_PROXY ""; + # fastcgi_param GATEWAY_INTERFACE CGI/1.1; + # fastcgi_param SERVER_SOFTWARE nginx; + # fastcgi_param QUERY_STRING $query_string; + # fastcgi_param REQUEST_METHOD $request_method; + # fastcgi_param CONTENT_TYPE $content_type; + # fastcgi_param CONTENT_LENGTH $content_length; + # fastcgi_param SCRIPT_NAME $fastcgi_script_name; + # fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + # fastcgi_param REQUEST_URI $request_uri; + # fastcgi_param DOCUMENT_URI $document_uri; + # fastcgi_param DOCUMENT_ROOT $document_root; + # fastcgi_param SERVER_PROTOCOL $server_protocol; + # fastcgi_param REMOTE_ADDR $remote_addr; + # fastcgi_param REMOTE_PORT $remote_port; + # fastcgi_param SERVER_ADDR $server_addr; + # fastcgi_param SERVER_PORT $server_port; + # fastcgi_param SERVER_NAME $server_name; +# } + } + include /etc/nginx/vhosts.d/*.conf; +} diff --git a/configs/nginx/vhosts.d/default.conf b/configs/nginx/vhosts.d/default.conf.sample similarity index 82% rename from configs/nginx/vhosts.d/default.conf rename to configs/nginx/vhosts.d/default.conf.sample index 1272ebe..1de7f80 100644 --- a/configs/nginx/vhosts.d/default.conf +++ b/configs/nginx/vhosts.d/default.conf.sample @@ -1,8 +1,8 @@ server { listen REPLACE_SERVER_PORT; server_name REPLACE_SERVER_NAME; - root REPLACE_SERVER_DIR; - index index.php index.cgi index.pl index.aspx awstats.pl index.txt index.json index.html index.unknown.php index.default.php; + root REPLACE_SERVER_WWW_DIR; + index index.php index.cgi index.pl index.aspx index.txt index.json index.html index.unknown.php index.default.php; proxy_intercept_errors off; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-XSS-Protection "1; mode=block" always; diff --git a/configs/nginx/vhosts.d/default.ssl.conf b/configs/nginx/vhosts.d/default.ssl.sample similarity index 89% rename from configs/nginx/vhosts.d/default.ssl.conf rename to configs/nginx/vhosts.d/default.ssl.sample index 2a35cb5..50089af 100644 --- a/configs/nginx/vhosts.d/default.ssl.conf +++ b/configs/nginx/vhosts.d/default.ssl.sample @@ -1,7 +1,7 @@ server { - listen REPLACE_SERVER_PORT ssl http2 default_server; + listen ssl http2 REPLACE_SERVER_PORT; server_name REPLACE_SERVER_NAME; - root REPLACE_SERVER_DIR; + root REPLACE_SERVER_WWW_DIR; index index.php index.cgi index.pl index.aspx awstats.pl index.txt index.json index.html index.unknown.php index.default.php; proxy_intercept_errors off; add_header X-Frame-Options "SAMEORIGIN" always; diff --git a/configs/phppgadmin/config.php b/configs/phppgadmin/config.php new file mode 100644 index 0000000..3f05918 --- /dev/null +++ b/configs/phppgadmin/config.php @@ -0,0 +1,52 @@ + diff --git a/configs/postgres/pg_hba.conf b/configs/postgres/pg_hba.conf new file mode 100644 index 0000000..dbe2565 --- /dev/null +++ b/configs/postgres/pg_hba.conf @@ -0,0 +1,9 @@ +# =================================================== +# PostgreSQL Client Authentication Configuration File +# =================================================== +# TYPE DATABASE USER ADDRESS METHOD +local all postgres peer +local all all trust +local all all md5 +host all all 0.0.0.0/0 md5 +host all all ::/0 md5 diff --git a/configs/postgres/postgresql.conf b/configs/postgres/postgresql.conf new file mode 100644 index 0000000..5fb4eb2 --- /dev/null +++ b/configs/postgres/postgresql.conf @@ -0,0 +1,263 @@ +# ----------------------------- +# CasjaysDev PostgreSQL configuration file +# ----------------------------- +# +#------------------------------------------------------------------------------ +# FILE LOCATIONS +#------------------------------------------------------------------------------ +data_directory = 'REPLACE_DATABASE_DIR' +#hba_file = 'ConfigDir/pg_hba.conf' +#ident_file = 'ConfigDir/pg_ident.conf' +#external_pid_file = '' + +#------------------------------------------------------------------------------ +# CONNECTIONS AND AUTHENTICATION +#------------------------------------------------------------------------------ +listen_addresses = '*' +port = 5432 +max_connections = 100 +unix_socket_directories = '/var/run/postgresql, /tmp' +#unix_socket_group = '' +unix_socket_permissions = 0777 +#bonjour = off +#bonjour_name = '' +#authentication_timeout = 1min +#password_encryption = on +#db_user_namespace = off +#krb_server_keyfile = '' +#krb_srvname = 'postgres' +#krb_caseins_users = off +#tcp_keepalives_idle = 0 +#tcp_keepalives_interval = 0 +#tcp_keepalives_count = 0 + +#------------------------------------------------------------------------------ +# SSL configuration +#------------------------------------------------------------------------------ +ssl = off +ssl_ca_file = '/etc/ssl/ca.crt' +ssl_key_file = '/etc/ssl/localhost.key' +ssl_cert_file = '/etc/ssl/localhost.crt' +ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers +ssl_prefer_server_ciphers = on +ssl_ecdh_curve = 'prime256v1' +ssl_min_protocol_version = 'TLSv1.2' +#ssl_max_protocol_version = '' +#ssl_dh_params_file = '' +#ssl_passphrase_command = '' +#ssl_passphrase_command_supports_reload = off + +#------------------------------------------------------------------------------ +# RESOURCE USAGE (except WAL) +#------------------------------------------------------------------------------ +shared_buffers = 32MB +#temp_buffers = 8MB +#work_mem = 1MB +#maintenance_work_mem = 16MB +#max_stack_depth = 2MB +#temp_file_limit = -1 +#max_files_per_process = 1000 +#shared_preload_libraries = '' +#vacuum_cost_delay = 0ms +#vacuum_cost_page_hit = 1 +#vacuum_cost_page_miss = 10 +#vacuum_cost_page_dirty = 20 +#vacuum_cost_limit = 200 +#bgwriter_delay = 200ms +#bgwriter_lru_maxpages = 100 +#bgwriter_lru_multiplier = 2.0 +#effective_io_concurrency = 1 + +#------------------------------------------------------------------------------ +# WRITE AHEAD LOG +#wal_level = minimal +#fsync = on +#synchronous_commit = on +#wal_sync_method = fsync +#full_page_writes = on +#wal_buffers = -1 +#wal_writer_delay = 200ms +#commit_delay = 0 +#commit_siblings = 5 +#checkpoint_segments = 3 +#checkpoint_timeout = 5min +#checkpoint_completion_target = 0.5 +#checkpoint_warning = 30s +#archive_mode = off +#archive_command = '' +#archive_timeout = 0 + +#------------------------------------------------------------------------------ +# REPLICATION +#------------------------------------------------------------------------------ +#max_wal_senders = 0 +#wal_keep_segments = 0 +#replication_timeout = 60s +#synchronous_standby_names = '' +#vacuum_defer_cleanup_age = 0 +#hot_standby = off +#max_standby_archive_delay = 30s +#max_standby_streaming_delay = 30s +#wal_receiver_status_interval = 10s +#hot_standby_feedback = off + +#------------------------------------------------------------------------------ +# QUERY TUNING +#------------------------------------------------------------------------------ +#enable_bitmapscan = on +#enable_hashagg = on +#enable_hashjoin = on +#enable_indexscan = on +#enable_indexonlyscan = on +#enable_material = on +#enable_mergejoin = on +#enable_nestloop = on +#enable_seqscan = on +#enable_sort = on +#enable_tidscan = on + +#seq_page_cost = 1.0 +#random_page_cost = 4.0 +#cpu_tuple_cost = 0.01 +#cpu_index_tuple_cost = 0.005 +#cpu_operator_cost = 0.0025 +#effective_cache_size = 128MB +#geqo = on +#geqo_threshold = 12 +#geqo_effort = 5 +#geqo_pool_size = 0 +#geqo_generations = 0 +#geqo_selection_bias = 2.0 +#geqo_seed = 0.0 +#default_statistics_target = 100 +#constraint_exclusion = partition +#cursor_tuple_fraction = 0.1 +#from_collapse_limit = 8 +#join_collapse_limit = 8 + +#------------------------------------------------------------------------------ +# ERROR REPORTING AND LOGGING +#------------------------------------------------------------------------------ +log_destination = 'stderr' +logging_collector = on +log_directory = '/data/logs/postgres' +log_filename = 'postgresql.log' +#log_file_mode = 0600 +log_truncate_on_rotation = on +log_rotation_age = 1d +log_rotation_size = 0 +#syslog_facility = 'LOCAL0' +#syslog_ident = 'postgres' +#event_source = 'PostgreSQL' +#client_min_messages = notice +#log_min_messages = warning +#log_min_error_statement = error +#log_min_duration_statement = -1 +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default +#log_hostname = off +#log_line_prefix = '' +#log_lock_waits = off +#log_statement = 'none' +#log_temp_files = -1 +log_timezone = 'US/Eastern' + +#------------------------------------------------------------------------------ +# RUNTIME STATISTICS +#------------------------------------------------------------------------------ +#track_activities = on +#track_counts = on +#track_io_timing = off +#track_functions = none +#track_activity_query_size = 1024 +#update_process_title = on +#stats_temp_directory = 'pg_stat_tmp' +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off +#log_statement_stats = off + +#------------------------------------------------------------------------------ +# AUTOVACUUM PARAMETERS +#------------------------------------------------------------------------------ +#autovacuum = on +#log_autovacuum_min_duration = -1 +#autovacuum_max_workers = 3 +#autovacuum_naptime = 1min +#autovacuum_vacuum_threshold = 50 +#autovacuum_analyze_threshold = 50 +#autovacuum_vacuum_scale_factor = 0.2 +#autovacuum_analyze_scale_factor = 0.1 +#autovacuum_freeze_max_age = 200000000 +#autovacuum_vacuum_cost_delay = 20ms +#autovacuum_vacuum_cost_limit = -1 + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ +#search_path = '"$user",public' +#default_tablespace = '' +#temp_tablespaces = '' +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 +#vacuum_freeze_min_age = 50000000 +#vacuum_freeze_table_age = 150000000 +#bytea_output = 'hex' +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_fuzzy_search_limit = 0 +datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +timezone = 'US/Eastern' +#extra_float_digits = 0 +#client_encoding = sql_ascii +lc_messages = 'en_US.UTF-8' +lc_monetary = 'en_US.UTF-8' +lc_numeric = 'en_US.UTF-8' +lc_time = 'en_US.UTF-8' +default_text_search_config = 'pg_catalog.english' +#dynamic_library_path = '$libdir' +#local_preload_libraries = '' + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 +#max_pred_locks_per_transaction = 64 + +#------------------------------------------------------------------------------ +# VERSION/PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ +#array_nulls = on +#backslash_quote = safe_encoding +#default_with_oids = off +#escape_string_warning = on +#lo_compat_privileges = off +#quote_all_identifiers = off +#sql_inheritance = on +#standard_conforming_strings = on +#synchronize_seqscans = on +#transform_null_equals = off + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ +#exit_on_error = off +#restart_after_crash = on + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ +# Add settings for extensions here diff --git a/init/00-mariadb.sh b/init/00-mariadb.sh new file mode 100644 index 0000000..da5c0a9 --- /dev/null +++ b/init/00-mariadb.sh @@ -0,0 +1,515 @@ +#!/usr/bin/env bash +# shellcheck shell=bash +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +##@Version : 202308221958-git +# @@Author : Jason Hempstead +# @@Contact : jason@casjaysdev.pro +# @@License : WTFPL +# @@ReadME : 00-mariadb.sh --help +# @@Copyright : Copyright: (c) 2023 Jason Hempstead, Casjays Developments +# @@Created : Tuesday, Aug 22, 2023 19:58 EDT +# @@File : 00-mariadb.sh +# @@Description : +# @@Changelog : New script +# @@TODO : Better documentation +# @@Other : +# @@Resource : +# @@Terminal App : no +# @@sudo/root : no +# @@Template : shell/bash +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# shellcheck disable=SC2016 +# shellcheck disable=SC2031 +# shellcheck disable=SC2120 +# shellcheck disable=SC2155 +# shellcheck disable=SC2199 +# shellcheck disable=SC2317 +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# https://www.gnu.org/software/bash/manual/html_node/The-Set-Builtin.html +[ "$DEBUGGER" = "on" ] && echo "Enabling debugging" && set -o pipefail -x$DEBUGGER_OPTIONS || set -o pipefail +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +printf '%s\n' "# - - - Initializing mysql - - - #" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +SERVICE_NAME="mysql" +SCRIPT_NAME="$(basename "$0" 2>/dev/null)" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +export PATH="/usr/local/etc/docker/bin:/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# run trap command on exit +trap 'retVal=$?;[ "$SERVICE_IS_RUNNING" != "true" ] && [ -f "$SERVICE_PID_FILE" ] && rm -Rf "$SERVICE_PID_FILE";exit $retVal' SIGINT SIGTERM EXIT +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# import the functions file +if [ -f "/usr/local/etc/docker/functions/entrypoint.sh" ]; then + . "/usr/local/etc/docker/functions/entrypoint.sh" +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# import variables +for set_env in "/root/env.sh" "/usr/local/etc/docker/env"/*.sh "/config/env"/*.sh; do + [ -f "$set_env" ] && . "$set_env" +done +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Custom functions + +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Reset environment before executing service +RESET_ENV="yes" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Show message before execute +PRE_EXEC_MESSAGE="" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# set the database directory +DATABASE_DIR="${DATABASE_DIR_MYSQL:-/data/db/mysql}" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Set webroot +WWW_DIR="/usr/share/webapps/mariadb" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Default predefined variables +DATA_DIR="/data" # set data directory +CONF_DIR="/config" # set config directory +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# set the containers etc directory +ETC_DIR="/etc/mysql" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +RUN_DIR="/run/init.d" # set scripts pid dir +LOG_DIR="/data/logs/mysql" # set log directory +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Set the working dir +WORK_DIR="" # set working directory +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Where to save passwords to +ROOT_FILE_PREFIX="/config/secure/auth/root" # directory to save username/password for root user +USER_FILE_PREFIX="/config/secure/auth/user" # directory to save username/password for normal user +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# root/admin user info password/random] +root_user_name="${MYSQL_ROOT_USER_NAME:-root}" # root user name +root_user_pass="${MYSQL_ROOT_PASS_WORD:-random}" # root user password +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Normal user info [password/random] +user_name="${MYSQL_USER_NAME:-}" # normal user name +user_pass="${MYSQL_USER_PASS_WORD:-}" # normal user password +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Overwrite variables from files +__file_exists_with_content "${USER_FILE_PREFIX}/${SERVICE_NAME}_name" && user_name="$(<"${USER_FILE_PREFIX}/${SERVICE_NAME}_name")" +__file_exists_with_content "${USER_FILE_PREFIX}/${SERVICE_NAME}_pass" && user_pass="$(<"${USER_FILE_PREFIX}/${SERVICE_NAME}_pass")" +__file_exists_with_content "${ROOT_FILE_PREFIX}/${SERVICE_NAME}_name" && root_user_name="$(<"${ROOT_FILE_PREFIX}/${SERVICE_NAME}_name")" +__file_exists_with_content "${ROOT_FILE_PREFIX}/${SERVICE_NAME}_pass" && root_user_pass="$(<"${ROOT_FILE_PREFIX}/${SERVICE_NAME}_pass")" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# port which service is listening on +SERVICE_PORT="3306" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# execute command variables +SERVICE_UID="0" # set the user id +SERVICE_USER="mysql" # execute command as another user +EXEC_CMD_BIN="mysqld" # command to execute +EXEC_CMD_ARGS="--user=$SERVICE_USER --datadir=$DATABASE_DIR" # command arguments +EXEC_PRE_SCRIPT="" # execute script before +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Is this service a web server +IS_WEB_SERVER="no" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Is this service a database server +IS_DATABASE_SERVICE="yes" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Additional predefined variables + +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Additional variables +DATABASE_CREATE="${DATABASE_CREATE:-}" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Specifiy custom directories to be created +ADD_APPLICATION_FILES="" +ADD_APPLICATION_DIRS="" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +APPLICATION_FILES="$LOG_DIR/mysql.log" +APPLICATION_DIRS="$RUN_DIR $ETC_DIR $CONF_DIR $LOG_DIR" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# define variables that need to be loaded into the service - escape quotes - var=\"value\",other=\"test\" +CMD_ENV="" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# use this function to update config files - IE: change port +__update_conf_files() { + local exitCode=0 # default exit code + local user="${SERVICE_USER:-root}" # specifiy different user + local runas="root" # run as a different user + local sysname="${SERVER_NAME:-$HOSTNAME}" # set hostname + + # delete files + #__rm "" + + # define actions + + # create default directories + for filedirs in $ADD_APPLICATION_DIRS $APPLICATION_DIRS; do + if [ -n "$filedirs" ] && [ ! -d "$filedirs" ]; then + ( + echo "Creating directory $filedirs with permissions 777" + mkdir -p "$filedirs" && chmod -Rf 777 "$filedirs" + ) |& tee -a "$LOG_DIR/init.txt" &>/dev/null + fi + done + # create default files + for application_files in $ADD_APPLICATION_FILES $APPLICATION_FILES; do + if [ -n "$application_files" ] && [ ! -e "$application_files" ]; then + ( + echo "Creating file $application_files with permissions 777" + touch "$application_files" && chmod -Rf 777 "$application_files" + ) |& tee -a "$LOG_DIR/init.txt" &>/dev/null + fi + done + # create directories if variable is yes" + if [ "$IS_WEB_SERVER" = "yes" ]; then + APPLICATION_DIRS="$APPLICATION_DIRS $WWW_DIR" + if [ ! -d "$WWW_DIR" ]; then + (echo "Creating directory $WWW_DIR with permissions 777" && mkdir -p "$WWW_DIR" && chmod -f 777 "$WWW_DIR") |& tee -a "$LOG_DIR/init.txt" &>/dev/null + fi + __initialize_web_health "$WWW_DIR" + fi + if [ "$IS_DATABASE_SERVICE" = "yes" ]; then + APPLICATION_DIRS="$APPLICATION_DIRS $DATABASE_DIR" + if [ ! -d "$DATABASE_DIR" ]; then + (echo "Creating directory $DATABASE_DIR with permissions 777" && mkdir -p "$DATABASE_DIR" && chmod -f 777 "$DATABASE_DIR") |& tee -a "$LOG_DIR/init.txt" &>/dev/null + fi + fi + # copy config files to system + __file_copy "$CONF_DIR/." "$ETC_DIR/" |& tee -a "$LOG_DIR/init.txt" &>/dev/null + # replace variables + # __replace "" "" "$ETC_DIR/mysql.conf" + # replace variables recursively + # __find_replace "" "" "$ETC_DIR/" + # replace defaults in ETC_DIR + __initialize_replace_variables "$ETC_DIR" + # custom commands + if [ ! -d "$DATABASE_DIR/mysql" ] || [ ! -f "$DATABASE_DIR/ibdata1" ]; then + mkdir -p "$DATABASE_DIR" && chown -Rf $user:$user "$DATABASE_DIR" + mysql_install_db --datadir=$DATABASE_DIR --user=$user 2>/dev/null + fi + + # unset unneeded variables + unset application_files filedirs + + return $exitCode +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# function to run before executing +__pre_execute() { + local exitCode=0 # default exit code + local user="${SERVICE_USER:-root}" # specifiy different user + local runas="root" # run as a different user + local sysname="${SERVER_NAME:-$HOSTNAME}" # set hostname + + # define commands + + # execute if directories is empty + #__is_dir_empty "" && true || false + + # create user if needed + # __create_service_user "$user" "/home/$user" "${USER_GID:-${USER_UID:-1000}" + # set user on files/folders + if [ -n "$user" ] && [ "$user" != "root" ]; then + if grep -s -q "$user:" "/etc/passwd"; then + for permissions in $ADD_APPLICATION_DIRS $APPLICATION_DIRS; do + if [ -n "$permissions" ] && [ -e "$permissions" ]; then + (chown -Rf $user:$user "$permissions" && echo "changed ownership on $permissions to $user") |& tee -a "$LOG_DIR/init.txt" &>/dev/null + fi + done + fi + fi + + # unset unneeded variables + unset filesperms filename + return $exitCode +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# function to run after executing +__post_execute() { + local exitCode=0 # default exit code + local user="${SERVICE_USER:-root}" # specifiy different user + local runas="root" # run as a different user + local sysname="${SERVER_NAME:-$HOSTNAME}" # set hostname + sleep 60 # how long to wait before executing + echo "Running post commands" # message + # execute commands + ( + if [ -f "$CONF_DIR/mysql/init.sh" ]; then + bash -c "$CONF_DIR/mysql/init.sh" + fi + if [ -n "$DATABASE_CREATE" ]; then + mysql -v -u $runas </dev/stderr >/dev/null + + return $exitCode +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# use this function to update config files - IE: change port +__pre_message() { + local exitCode=0 + [ -n "$user_name" ] && echo "username: $user_name" && echo "$user_name" >"${USER_FILE_PREFIX}/${SERVICE_NAME}_name" + [ -n "$user_pass" ] && echo "password: saved to ${USER_FILE_PREFIX}/${SERVICE_NAME}_pass" && echo "$user_pass" >"${USER_FILE_PREFIX}/${SERVICE_NAME}_pass" + [ -n "$root_user_name" ] && echo "root username: $root_user_name" && echo "$root_user_name" >"${ROOT_FILE_PREFIX}/${SERVICE_NAME}_name" + [ -n "$root_user_pass" ] && echo "root password: saved to ${ROOT_FILE_PREFIX}/${SERVICE_NAME}_pass" && echo "$root_user_pass" >"${ROOT_FILE_PREFIX}/${SERVICE_NAME}_pass" + + return $exitCode +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# use this function to setup ssl support +__update_ssl_conf() { + local exitCode=0 + local sysname="${SERVER_NAME:-$HOSTNAME}" # set hostname + + return $exitCode +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +__create_service_env() { + cat </dev/null +# ENV_WORKDIR="${ENV_WORKDIR:-$WORK_DIR}" # change to directory +# ENV_WWW_DIR="${ENV_WWW_DIR:-$WWW_DIR}" # set default web dir +# ENV_ETC_DIR="${ENV_ETC_DIR:-$ETC_DIR}" # set default etc dir +# ENV_DATA_DIR="${ENV_DATA_DIR:-$DATA_DIR}" # set default data dir +# ENV_CONF_DIR="${ENV_CONF_DIR:-$CONF_DIR}" # set default config dir +# ENV_DATABASE_DIR="${ENV_DATABASE_DIR:-$DATABASE_DIR}" # set database dir +# ENV_SERVICE_USER="${ENV_SERVICE_USER:-$SERVICE_USER}" # execute command as another user +# ENV_SERVICE_UID="${ENV_SERVICE_UID:-$SERVICE_UID}" # set the user id +# ENV_SERVICE_PORT="${ENV_SERVICE_PORT:-$SERVICE_PORT}" # port which service is listening on +# EXEC_PRE_SCRIPT="${ENV_EXEC_PRE_SCRIPT:-$EXEC_PRE_SCRIPT}" # execute before commands +# EXEC_CMD_BIN="${ENV_EXEC_CMD_BIN:-$EXEC_CMD_BIN}" # command to execute +# EXEC_CMD_ARGS="${ENV_EXEC_CMD_ARGS:-$EXEC_CMD_ARGS}" # command arguments +# EXEC_CMD_NAME="$(basename "$EXEC_CMD_BIN")" # set the binary name +# ENV_USER_NAME="${user_name:-$ENV_USER_NAME}" # +# ENV_USER_PASS="${user_pass:-$ENV_USER_PASS}" # +# ENV_ROOT_USER_NAME="${root_user_name:-$ENV_ROOT_USER_NAME}" # +# ENV_ROOT_USER_PASS="${root_user_pass:-$ENV_ROOT_USER_PASS}" # + +EOF + __file_exists_with_content "/config/env/${SERVICE_NAME:-$SCRIPT_NAME}.sh" || return 1 +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# script to start server +__run_start_script() { + local user="${SERVICE_USER:-root}" + local cmd="${EXEC_CMD_BIN:-}" + local args="${EXEC_CMD_ARGS:-}" + local name="${EXEC_CMD_NAME:-}" + local pre="${EXEC_PRE_SCRIPT:-}" + local workdir="${WORK_DIR:-$WORK_DIR}" + local lc_type="${LC_ALL:-${LC_CTYPE:-$LANG}}" + local home="${workdir//\/root/\/tmp\/docker}" + local path="/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin" + local sysname="${SERVER_NAME:-$HOSTNAME}" # set hostname + local message="" + if [ -z "$cmd" ]; then + __post_execute 2>"/dev/stderr" |& tee -a "$LOG_DIR/init.txt" &>/dev/null + echo "Initializing $SCRIPT_NAME has completed" + else + # ensure the command exists + if [ ! -x "$cmd" ]; then + echo "$name is not a valid executable" + exit 2 + fi + # set working directories + [ -z "$home" ] && home="${workdir:-/tmp/docker}" + [ "$home" = "/root" ] && home="/tmp/docker" + [ "$home" = "$workdir" ] && workdir="" + # create needed directories + [ -n "$home" ] && { [ -d "$home" ] || mkdir -p "$home"; } + [ -n "$workdir" ] && { [ -d "$workdir" ] || mkdir -p "$workdir" || workdir="/tmp"; } + [ -n "$workdir" ] && __cd "$workdir" || { [ -n "$home" ] && __cd "$home"; } || __cd "/tmp" + [ "$user" != "root " ] && [ -d "$home" ] && chmod -f 777 "$home" + [ "$user" != "root " ] && [ -d "$workdir" ] && chmod -f 777 "$workdir" + # check and exit if already running + if __proc_check "$name" || __proc_check "$cmd"; then + echo "$name is already running" >&2 + exit 0 + else + if [ -n "$pre" ] && [ -f "$pre" ]; then + cmd_exec="$pre $cmd $args" + message="Starting service: $name $args through $pre" + else + cmd_exec="$cmd $args" + message="Starting service: $name $args" + fi + echo "$message" + su_cmd touch "$SERVICE_PID_FILE" + __post_execute 2>"/dev/stderr" 2>&1 |& tee -a "$LOG_DIR/init.txt" &>/dev/null & + if [ "$RESET_ENV" = "yes" ]; then + su_cmd env -i HOME="$home" LC_CTYPE="$lc_type" PATH="$path" HOSTNAME="$sysname" USER="$user" ${CMD_ENV//,/ } sh -c "$cmd_exec" || return 10 + else + eval "$cmd_exec" || return 10 + fi + fi + fi +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# username and password actions +__run_secure_function() { + if [ -n "$user_name" ] || [ -n "$user_pass" ]; then + for filesperms in "${USER_FILE_PREFIX}"/*; do + if [ -e "$filesperms" ]; then + chmod -Rf 600 "$filesperms" + chown -Rf root:root "$filesperms" + fi + done |& tee -a "$LOG_DIR/init.txt" &>/dev/null + fi + if [ -n "$root_user_name" ] || [ -n "$root_user_pass" ]; then + for filesperms in "${ROOT_FILE_PREFIX}"/*; do + if [ -e "$filesperms" ]; then + chmod -Rf 600 "$filesperms" + chown -Rf root:root "$filesperms" + fi + done |& tee -a "$LOG_DIR/init.txt" &>/dev/null + fi +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# simple cd function +__cd() { mkdir -p "$1" && builtin cd "$1" || exit 1; } +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# process check functions +__pcheck() { [ -n "$(type -P pgrep 2>/dev/null)" ] && pgrep -x "$1" &>/dev/null && return 0 || return 10; } +__pgrep() { __pcheck "${1:-$EXEC_CMD_BIN}" || __ps aux 2>/dev/null | grep -Fw " ${1:-$EXEC_CMD_BIN}" | grep -qv ' grep' | grep '^' && return 0 || return 10; } +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# check if process is already running +__proc_check() { + cmd_bin="$(type -P "${1:-$EXEC_CMD_BIN}")" + cmd_name="$(basename "${cmd_bin:-$EXEC_CMD_NAME}")" + if __pgrep "$cmd_bin" || __pgrep "$cmd_name"; then + SERVICE_IS_RUNNING="true" + touch "$SERVICE_PID_FILE" + echo "$cmd_name is already running" + return 0 + else + return 1 + fi +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Allow ENV_ variable - Import env file +__file_exists_with_content"/config/env/${SERVICE_NAME:-$SCRIPT_NAME}.sh" && . "/config/env/${SERVICE_NAME:-$SCRIPT_NAME}.sh" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +SERVICE_EXIT_CODE=0 # default exit code +WORK_DIR="${ENV_WORKDIR:-$WORK_DIR}" # change to directory +WWW_DIR="${ENV_WWW_DIR:-$WWW_DIR}" # set default web dir +ETC_DIR="${ENV_ETC_DIR:-$ETC_DIR}" # set default etc dir +DATA_DIR="${ENV_DATA_DIR:-$DATA_DIR}" # set default data dir +CONF_DIR="${ENV_CONF_DIR:-$CONF_DIR}" # set default config dir +DATABASE_DIR="${ENV_DATABASE_DIR:-$DATABASE_DIR}" # set database dir +SERVICE_USER="${ENV_SERVICE_USER:-$SERVICE_USER}" # execute command as another user +SERVICE_UID="${ENV_SERVICE_UID:-$SERVICE_UID}" # set the user id +SERVICE_PORT="${ENV_SERVICE_PORT:-$SERVICE_PORT}" # port which service is listening on +PRE_EXEC_MESSAGE="${ENV_PRE_EXEC_MESSAGE:-$PRE_EXEC_MESSAGE}" # Show message before execute +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# application specific +EXEC_PRE_SCRIPT="${ENV_EXEC_PRE_SCRIPT:-$EXEC_PRE_SCRIPT}" # Pre +EXEC_CMD_BIN="${ENV_EXEC_CMD_BIN:-$EXEC_CMD_BIN}" # command to execute +EXEC_CMD_NAME="$(basename "$EXEC_CMD_BIN")" # set the binary name +SERVICE_PID_FILE="/run/init.d/$EXEC_CMD_NAME.pid" # set the pid file location +EXEC_CMD_ARGS="${ENV_EXEC_CMD_ARGS:-$EXEC_CMD_ARGS}" # command arguments +SERVICE_PID_NUMBER="$(__pgrep)" # check if running +EXEC_CMD_BIN="$(type -P "$EXEC_CMD_BIN" || echo "$EXEC_CMD_BIN")" # set full path +EXEC_PRE_SCRIPT="$(type -P "$EXEC_PRE_SCRIPT" || echo "$EXEC_PRE_SCRIPT")" # set full path +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# create auth directories +[ -n "$USER_FILE_PREFIX" ] && { [ -d "$USER_FILE_PREFIX" ] || mkdir -p "$USER_FILE_PREFIX"; } +[ -n "$ROOT_FILE_PREFIX" ] && { [ -d "$ROOT_FILE_PREFIX" ] || mkdir -p "$ROOT_FILE_PREFIX"; } +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +[ "$IS_WEB_SERVER" = "yes" ] && RESET_ENV="yes" +[ "$IS_DATABASE_SERVICE" = "yes" ] && RESET_ENV="no" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Allow per init script usernames and passwords +__file_exists_with_content "$ETC_DIR/auth/user/name" && user_name="$(<"$ETC_DIR/auth/user/name")" +__file_exists_with_content "$ETC_DIR/auth/user/pass" && user_pass="$(<"$ETC_DIR/auth/user/pass")" +__file_exists_with_content "$ETC_DIR/auth/root/name" && root_user_name="$(<"$ETC_DIR/auth/root/name")" +__file_exists_with_content "$ETC_DIR/auth/root/pass" && root_user_pass="$(<"$ETC_DIR/auth/root/pass")" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Allow setting initial users and passwords via environment +user_name="${user_name:-$ENV_USER_NAME}" +user_pass="${user_pass:-$ENV_USER_PASS}" +root_user_name="${root_user_name:-$ENV_ROOT_USER_NAME}" +root_user_pass="${root_user_pass:-$ENV_ROOT_USER_PASS}" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# set password to random if variable is random +if [ "$user_pass" = "random" ]; then + user_pass="$(__random_password)" +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +if [ "$root_user_pass" = "random" ]; then + root_user_pass="$(__random_password)" +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Allow variables via imports - Overwrite existing +[ -f "/config/env/${SERVICE_NAME:-$SCRIPT_NAME}.sh" ] && . "/config/env/${SERVICE_NAME:-$SCRIPT_NAME}.sh" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Only run check +if [ "$1" = "check" ]; then + __proc_check "$EXEC_CMD_NAME" || __proc_check "$EXEC_CMD_BIN" + exit $? +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# show message if env exists +if [ -n "$EXEC_CMD_BIN" ]; then + [ -n "$SERVICE_USER" ] && echo "Setting up service to run as $SERVICE_USER" || SERVICE_USER="root" + [ -n "$SERVICE_PORT" ] && echo "${EXEC_CMD_NAME:-$EXEC_CMD_BIN} will be running on $SERVICE_PORT" || SERVICE_PORT="" +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# set switch user command +if [ "$SERVICE_USER" = "root" ] || [ -z "$SERVICE_USER" ]; then + su_cmd() { eval "$*" || return 1; } +elif [ "$(builtin type -P gosu)" ]; then + su_cmd() { gosu $SERVICE_USER "$@" || return 1; } +elif [ "$(builtin type -P runuser)" ]; then + su_cmd() { runuser -u $SERVICE_USER "$@" || return 1; } +elif [ "$(builtin type -P sudo)" ]; then + su_cmd() { sudo -u $SERVICE_USER "$@" || return 1; } +elif [ "$(builtin type -P su)" ]; then + su_cmd() { su -s /bin/sh - $SERVICE_USER -c "$@" || return 1; } +else + echo "Can not switch to $SERVICE_USER: attempting to run as root" + su_cmd() { eval "$*" || return 1; } +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Change to working directory +[ -n "$WORK_DIR" ] && [ -n "$EXEC_CMD_BIN" ] && __cd "$WORK_DIR" && echo "Changed to $PWD" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# show init message +__pre_message +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Initialize ssl +__update_ssl_conf +__update_ssl_certs +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Updating config files +__create_service_env +__update_conf_files +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# run the pre execute commands +[ -n "$PRE_EXEC_MESSAGE" ] && echo "$PRE_EXEC_MESSAGE" +__pre_execute +__run_secure_function +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +__run_start_script "$@" |& tee -a "/data/logs/entrypoint.log" &>/dev/null +if [ "$?" -ne 0 ] && [ -n "$EXEC_CMD_BIN" ]; then + echo "Failed to execute: $EXEC_CMD_BIN $EXEC_CMD_ARGS" |& tee -a "/data/logs/entrypoint.log" "$LOG_DIR/init.txt" + SERVICE_EXIT_CODE=10 + SERVICE_IS_RUNNING="false" + rm -Rf "$SERVICE_PID_FILE" +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +exit $SERVICE_EXIT_CODE diff --git a/init/00-postgres.sh b/init/00-postgres.sh new file mode 100644 index 0000000..7c001ab --- /dev/null +++ b/init/00-postgres.sh @@ -0,0 +1,516 @@ +#!/usr/bin/env bash +# shellcheck shell=bash +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +##@Version : 202308222209-git +# @@Author : Jason Hempstead +# @@Contact : jason@casjaysdev.pro +# @@License : WTFPL +# @@ReadME : 00-postgres.sh --help +# @@Copyright : Copyright: (c) 2023 Jason Hempstead, Casjays Developments +# @@Created : Tuesday, Aug 22, 2023 22:09 EDT +# @@File : 00-postgres.sh +# @@Description : +# @@Changelog : New script +# @@TODO : Better documentation +# @@Other : +# @@Resource : +# @@Terminal App : no +# @@sudo/root : no +# @@Template : shell/bash +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# shellcheck disable=SC2016 +# shellcheck disable=SC2031 +# shellcheck disable=SC2120 +# shellcheck disable=SC2155 +# shellcheck disable=SC2199 +# shellcheck disable=SC2317 +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# https://www.gnu.org/software/bash/manual/html_node/The-Set-Builtin.html +[ "$DEBUGGER" = "on" ] && echo "Enabling debugging" && set -o pipefail -x$DEBUGGER_OPTIONS || set -o pipefail +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +printf '%s\n' "# - - - Initializing postgres - - - #" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +SERVICE_NAME="postgres" +SCRIPT_NAME="$(basename "$0" 2>/dev/null)" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +export PATH="/usr/local/etc/docker/bin:/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# run trap command on exit +trap 'retVal=$?;[ "$SERVICE_IS_RUNNING" != "true" ] && [ -f "$SERVICE_PID_FILE" ] && rm -Rf "$SERVICE_PID_FILE";exit $retVal' SIGINT SIGTERM EXIT +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# import the functions file +if [ -f "/usr/local/etc/docker/functions/entrypoint.sh" ]; then + . "/usr/local/etc/docker/functions/entrypoint.sh" +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# import variables +for set_env in "/root/env.sh" "/usr/local/etc/docker/env"/*.sh "/config/env"/*.sh; do + [ -f "$set_env" ] && . "$set_env" +done +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Custom functions + +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Reset environment before executing service +RESET_ENV="yes" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Show message before execute +PRE_EXEC_MESSAGE="" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# set the database directory +DATABASE_DIR="${DATABASE_DIR_POSTGRES:-/data/db/postgres}" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Set webroot +WWW_DIR="/usr/share/webapps/postgres" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Default predefined variables +DATA_DIR="/data" # set data directory +CONF_DIR="/config" # set config directory +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# set the containers etc directory +ETC_DIR="/etc/postgres" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +RUN_DIR="/run/init.d" # set scripts pid dir +LOG_DIR="/data/logs/postgres" # set log directory +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Set the working dir +WORK_DIR="" # set working directory +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Where to save passwords to +ROOT_FILE_PREFIX="/config/secure/auth/root" # directory to save username/password for root user +USER_FILE_PREFIX="/config/secure/auth/user" # directory to save username/password for normal user +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# root/admin user info password/random] +root_user_name="${POSTGRES_ROOT_USER_NAME:-}" # root user name +root_user_pass="${POSTGRES_ROOT_PASS_WORD:-}" # root user password +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Normal user info [password/random] +user_name="${POSTGRES_USER_NAME:-}" # normal user name +user_pass="${POSTGRES_USER_PASS_WORD:-}" # normal user password +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Overwrite variables from files +__file_exists_with_content "${USER_FILE_PREFIX}/${SERVICE_NAME}_name" && user_name="$(<"${USER_FILE_PREFIX}/${SERVICE_NAME}_name")" +__file_exists_with_content "${USER_FILE_PREFIX}/${SERVICE_NAME}_pass" && user_pass="$(<"${USER_FILE_PREFIX}/${SERVICE_NAME}_pass")" +__file_exists_with_content "${ROOT_FILE_PREFIX}/${SERVICE_NAME}_name" && root_user_name="$(<"${ROOT_FILE_PREFIX}/${SERVICE_NAME}_name")" +__file_exists_with_content "${ROOT_FILE_PREFIX}/${SERVICE_NAME}_pass" && root_user_pass="$(<"${ROOT_FILE_PREFIX}/${SERVICE_NAME}_pass")" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# port which service is listening on +SERVICE_PORT="5432" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# execute command variables +SERVICE_UID="0" # set the user id +SERVICE_USER="postgres" # execute command as another user +EXEC_CMD_BIN="postgres" # command to execute +EXEC_CMD_ARGS="-D $DATABASE_DIR" # command arguments +EXEC_PRE_SCRIPT="" # execute script before +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Is this service a web server +IS_WEB_SERVER="no" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Is this service a database server +IS_DATABASE_SERVICE="no" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Additional predefined variables + +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Additional variables +DATABASE_CREATE="${DATABASE_CREATE:-}" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Specifiy custom directories to be created +ADD_APPLICATION_FILES="" +ADD_APPLICATION_DIRS="" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +APPLICATION_FILES="$LOG_DIR/postgres.log" +APPLICATION_DIRS="$RUN_DIR $ETC_DIR $CONF_DIR $LOG_DIR" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# define variables that need to be loaded into the service - escape quotes - var=\"value\",other=\"test\" +CMD_ENV="" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# use this function to update config files - IE: change port +__update_conf_files() { + local exitCode=0 # default exit code + local user="${SERVICE_USER:-root}" # specifiy different user + local runas="root" # run as a different user + local sysname="${SERVER_NAME:-$HOSTNAME}" # set hostname + + # delete files + #__rm "" + + # define actions + + # create default directories + for filedirs in $ADD_APPLICATION_DIRS $APPLICATION_DIRS; do + if [ -n "$filedirs" ] && [ ! -d "$filedirs" ]; then + ( + echo "Creating directory $filedirs with permissions 777" + mkdir -p "$filedirs" && chmod -Rf 777 "$filedirs" + ) |& tee -a "$LOG_DIR/init.txt" &>/dev/null + fi + done + # create default files + for application_files in $ADD_APPLICATION_FILES $APPLICATION_FILES; do + if [ -n "$application_files" ] && [ ! -e "$application_files" ]; then + ( + echo "Creating file $application_files with permissions 777" + touch "$application_files" && chmod -Rf 777 "$application_files" + ) |& tee -a "$LOG_DIR/init.txt" &>/dev/null + fi + done + # create directories if variable is yes" + if [ "$IS_WEB_SERVER" = "yes" ]; then + APPLICATION_DIRS="$APPLICATION_DIRS $WWW_DIR" + if [ ! -d "$WWW_DIR" ]; then + (echo "Creating directory $WWW_DIR with permissions 777" && mkdir -p "$WWW_DIR" && chmod -f 777 "$WWW_DIR") |& tee -a "$LOG_DIR/init.txt" &>/dev/null + fi + __initialize_web_health "$WWW_DIR" + fi + if [ "$IS_DATABASE_SERVICE" = "yes" ]; then + APPLICATION_DIRS="$APPLICATION_DIRS $DATABASE_DIR" + if [ ! -d "$DATABASE_DIR" ]; then + (echo "Creating directory $DATABASE_DIR with permissions 777" && mkdir -p "$DATABASE_DIR" && chmod -f 777 "$DATABASE_DIR") |& tee -a "$LOG_DIR/init.txt" &>/dev/null + fi + fi + # copy config files to system + __file_copy "$CONF_DIR/." "$ETC_DIR/" |& tee -a "$LOG_DIR/init.txt" &>/dev/null + # replace variables + # __replace "" "" "$ETC_DIR/postgres.conf" + # replace variables recursively + # __find_replace "" "" "$ETC_DIR/" + # replace defaults in ETC_DIR + __initialize_replace_variables "$ETC_DIR" + # custom commands + if [ ! -s "$DATABASE_DIR/PG_VERSION" ]; then + sudo -u $user initdb --username="$user" -A md5 --pwfile="${ROOT_FILE_PREFIX}/${SERVICE_NAME}_pass" -D "$DATABASE_DIR" >/dev/null + fi + + chmod -f 0750 "$DATABASE_DIR" + __file_copy "$CONF_DIR/." "$DATABASE_DIR/" |& tee -a "$LOG_DIR/init.txt" &>/dev/null + # unset unneeded variables + unset application_files filedirs + + return $exitCode +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# function to run before executing +__pre_execute() { + local exitCode=0 # default exit code + local user="${SERVICE_USER:-root}" # specifiy different user + local runas="root" # run as a different user + local sysname="${SERVER_NAME:-$HOSTNAME}" # set hostname + + # define commands + + # execute if directories is empty + #__is_dir_empty "" && true || false + + # create user if needed + # __create_service_user "$user" "/home/$user" "${USER_GID:-${USER_UID:-1000}" + # set user on files/folders + if [ -n "$user" ] && [ "$user" != "root" ]; then + if grep -s -q "$user:" "/etc/passwd"; then + for permissions in $ADD_APPLICATION_DIRS $APPLICATION_DIRS; do + if [ -n "$permissions" ] && [ -e "$permissions" ]; then + (chown -Rf $user:$user "$permissions" && echo "changed ownership on $permissions to $user") |& tee -a "$LOG_DIR/init.txt" &>/dev/null + fi + done + fi + fi + + # unset unneeded variables + unset filesperms filename + return $exitCode +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# function to run after executing +__post_execute() { + local exitCode=0 # default exit code + local user="${SERVICE_USER:-root}" # specifiy different user + local runas="postgres" # run as a different user + local sysname="${SERVER_NAME:-$HOSTNAME}" # set hostname + sleep 60 # how long to wait before executing + echo "Running post commands" # message + # execute commands + ( + if [ -f "$CONF_DIR/postgres/init.sh" ]; then + bash -c "$CONF_DIR/postgres/init.sh" + fi + if [ -n "$DATABASE_CREATE" ]; then + sudo -u $runas psql -d template1 -U postgres -d template1 -U postgres <<-PGSQL_SCRIPT +CREATE DATABASE IF NOT EXISTS $DATABASE_CREATE; +PGSQL_SCRIPT + fi + if [ "$user_name" != "root" ] && [ -n "$user_name" ]; then + sudo -u $runas psql -d template1 -U postgres <<-PGSQL_SCRIPT +CREATE USER IF NOT EXISTS '$user_name'@'%' IDENTIFIED BY '$user_pass'; +PGSQL_SCRIPT + fi + if [ "$user_name" != "root" ] && [ -n "$DATABASE_CREATE" ]; then + sudo -u $runas psql -d template1 -U postgres <<-PGSQL_SCRIPT +GRANT ALL PRIVILEGES ON $DATABASE_CREATE.* TO '$user_name'@'%'; +PGSQL_SCRIPT + elif [ "$user_name" = "root" ] && [ -n "$DATABASE_CREATE" ]; then + sudo -u $runas psql -d template1 -U postgres <<-PGSQL_SCRIPT +GRANT ALL PRIVILEGES ON $DATABASE_CREATE.* TO 'root'@'localhost'; +PGSQL_SCRIPT + fi + sudo -u $runas psql -d template1 -U postgres <<-PGSQL_SCRIPT +ALTER USER 'root'@'localhost' IDENTIFIED BY '$root_user_pass'; +FLUSH PRIVILEGES; +PGSQL_SCRIPT + ) 2>/dev/stderr >/dev/null + + return $exitCode +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# use this function to update config files - IE: change port +__pre_message() { + local exitCode=0 + [ -n "$user_name" ] && echo "username: $user_name" && echo "$user_name" >"${USER_FILE_PREFIX}/${SERVICE_NAME}_name" + [ -n "$user_pass" ] && echo "password: saved to ${USER_FILE_PREFIX}/${SERVICE_NAME}_pass" && echo "$user_pass" >"${USER_FILE_PREFIX}/${SERVICE_NAME}_pass" + [ -n "$root_user_name" ] && echo "root username: $root_user_name" && echo "$root_user_name" >"${ROOT_FILE_PREFIX}/${SERVICE_NAME}_name" + [ -n "$root_user_pass" ] && echo "root password: saved to ${ROOT_FILE_PREFIX}/${SERVICE_NAME}_pass" && echo "$root_user_pass" >"${ROOT_FILE_PREFIX}/${SERVICE_NAME}_pass" + + return $exitCode +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# use this function to setup ssl support +__update_ssl_conf() { + local exitCode=0 + local sysname="${SERVER_NAME:-$HOSTNAME}" # set hostname + + return $exitCode +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +__create_service_env() { + cat </dev/null +# ENV_WORKDIR="${ENV_WORKDIR:-$WORK_DIR}" # change to directory +# ENV_WWW_DIR="${ENV_WWW_DIR:-$WWW_DIR}" # set default web dir +# ENV_ETC_DIR="${ENV_ETC_DIR:-$ETC_DIR}" # set default etc dir +# ENV_DATA_DIR="${ENV_DATA_DIR:-$DATA_DIR}" # set default data dir +# ENV_CONF_DIR="${ENV_CONF_DIR:-$CONF_DIR}" # set default config dir +# ENV_DATABASE_DIR="${ENV_DATABASE_DIR:-$DATABASE_DIR}" # set database dir +# ENV_SERVICE_USER="${ENV_SERVICE_USER:-$SERVICE_USER}" # execute command as another user +# ENV_SERVICE_UID="${ENV_SERVICE_UID:-$SERVICE_UID}" # set the user id +# ENV_SERVICE_PORT="${ENV_SERVICE_PORT:-$SERVICE_PORT}" # port which service is listening on +# EXEC_PRE_SCRIPT="${ENV_EXEC_PRE_SCRIPT:-$EXEC_PRE_SCRIPT}" # execute before commands +# EXEC_CMD_BIN="${ENV_EXEC_CMD_BIN:-$EXEC_CMD_BIN}" # command to execute +# EXEC_CMD_ARGS="${ENV_EXEC_CMD_ARGS:-$EXEC_CMD_ARGS}" # command arguments +# EXEC_CMD_NAME="$(basename "$EXEC_CMD_BIN")" # set the binary name +# ENV_USER_NAME="${user_name:-$ENV_USER_NAME}" # +# ENV_USER_PASS="${user_pass:-$ENV_USER_PASS}" # +# ENV_ROOT_USER_NAME="${root_user_name:-$ENV_ROOT_USER_NAME}" # +# ENV_ROOT_USER_PASS="${root_user_pass:-$ENV_ROOT_USER_PASS}" # + +EOF + __file_exists_with_content "/config/env/${SERVICE_NAME:-$SCRIPT_NAME}.sh" || return 1 +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# script to start server +__run_start_script() { + local user="${SERVICE_USER:-root}" + local cmd="${EXEC_CMD_BIN:-}" + local args="${EXEC_CMD_ARGS:-}" + local name="${EXEC_CMD_NAME:-}" + local pre="${EXEC_PRE_SCRIPT:-}" + local workdir="${WORK_DIR:-$WORK_DIR}" + local lc_type="${LC_ALL:-${LC_CTYPE:-$LANG}}" + local home="${workdir//\/root/\/tmp\/docker}" + local path="/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin" + local sysname="${SERVER_NAME:-$HOSTNAME}" # set hostname + local message="" + if [ -z "$cmd" ]; then + __post_execute 2>"/dev/stderr" |& tee -a "$LOG_DIR/init.txt" &>/dev/null + echo "Initializing $SCRIPT_NAME has completed" + else + # ensure the command exists + if [ ! -x "$cmd" ]; then + echo "$name is not a valid executable" + exit 2 + fi + # set working directories + [ -z "$home" ] && home="${workdir:-/tmp/docker}" + [ "$home" = "/root" ] && home="/tmp/docker" + [ "$home" = "$workdir" ] && workdir="" + # create needed directories + [ -n "$home" ] && { [ -d "$home" ] || mkdir -p "$home"; } + [ -n "$workdir" ] && { [ -d "$workdir" ] || mkdir -p "$workdir" || workdir="/tmp"; } + [ -n "$workdir" ] && __cd "$workdir" || { [ -n "$home" ] && __cd "$home"; } || __cd "/tmp" + [ "$user" != "root " ] && [ -d "$home" ] && chmod -f 777 "$home" + [ "$user" != "root " ] && [ -d "$workdir" ] && chmod -f 777 "$workdir" + # check and exit if already running + if __proc_check "$name" || __proc_check "$cmd"; then + echo "$name is already running" >&2 + exit 0 + else + if [ -n "$pre" ] && [ -f "$pre" ]; then + cmd_exec="$pre $cmd $args" + message="Starting service: $name $args through $pre" + else + cmd_exec="$cmd $args" + message="Starting service: $name $args" + fi + echo "$message" + su_cmd touch "$SERVICE_PID_FILE" + __post_execute 2>"/dev/stderr" 2>&1 |& tee -a "$LOG_DIR/init.txt" &>/dev/null & + if [ "$RESET_ENV" = "yes" ]; then + su_cmd env -i HOME="$home" LC_CTYPE="$lc_type" PATH="$path" HOSTNAME="$sysname" USER="$user" ${CMD_ENV//,/ } sh -c "$cmd_exec" || return 10 + else + eval "$cmd_exec" || return 10 + fi + fi + fi +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# username and password actions +__run_secure_function() { + if [ -n "$user_name" ] || [ -n "$user_pass" ]; then + for filesperms in "${USER_FILE_PREFIX}"/*; do + if [ -e "$filesperms" ]; then + chmod -Rf 600 "$filesperms" + chown -Rf root:root "$filesperms" + fi + done |& tee -a "$LOG_DIR/init.txt" &>/dev/null + fi + if [ -n "$root_user_name" ] || [ -n "$root_user_pass" ]; then + for filesperms in "${ROOT_FILE_PREFIX}"/*; do + if [ -e "$filesperms" ]; then + chmod -Rf 600 "$filesperms" + chown -Rf root:root "$filesperms" + fi + done |& tee -a "$LOG_DIR/init.txt" &>/dev/null + fi +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# simple cd function +__cd() { mkdir -p "$1" && builtin cd "$1" || exit 1; } +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# process check functions +__pcheck() { [ -n "$(type -P pgrep 2>/dev/null)" ] && pgrep -x "$1" &>/dev/null && return 0 || return 10; } +__pgrep() { __pcheck "${1:-$EXEC_CMD_BIN}" || __ps aux 2>/dev/null | grep -Fw " ${1:-$EXEC_CMD_BIN}" | grep -qv ' grep' | grep '^' && return 0 || return 10; } +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# check if process is already running +__proc_check() { + cmd_bin="$(type -P "${1:-$EXEC_CMD_BIN}")" + cmd_name="$(basename "${cmd_bin:-$EXEC_CMD_NAME}")" + if __pgrep "$cmd_bin" || __pgrep "$cmd_name"; then + SERVICE_IS_RUNNING="true" + touch "$SERVICE_PID_FILE" + echo "$cmd_name is already running" + return 0 + else + return 1 + fi +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Allow ENV_ variable - Import env file +__file_exists_with_content"/config/env/${SERVICE_NAME:-$SCRIPT_NAME}.sh" && . "/config/env/${SERVICE_NAME:-$SCRIPT_NAME}.sh" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +SERVICE_EXIT_CODE=0 # default exit code +WORK_DIR="${ENV_WORKDIR:-$WORK_DIR}" # change to directory +WWW_DIR="${ENV_WWW_DIR:-$WWW_DIR}" # set default web dir +ETC_DIR="${ENV_ETC_DIR:-$ETC_DIR}" # set default etc dir +DATA_DIR="${ENV_DATA_DIR:-$DATA_DIR}" # set default data dir +CONF_DIR="${ENV_CONF_DIR:-$CONF_DIR}" # set default config dir +DATABASE_DIR="${ENV_DATABASE_DIR:-$DATABASE_DIR}" # set database dir +SERVICE_USER="${ENV_SERVICE_USER:-$SERVICE_USER}" # execute command as another user +SERVICE_UID="${ENV_SERVICE_UID:-$SERVICE_UID}" # set the user id +SERVICE_PORT="${ENV_SERVICE_PORT:-$SERVICE_PORT}" # port which service is listening on +PRE_EXEC_MESSAGE="${ENV_PRE_EXEC_MESSAGE:-$PRE_EXEC_MESSAGE}" # Show message before execute +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# application specific +EXEC_PRE_SCRIPT="${ENV_EXEC_PRE_SCRIPT:-$EXEC_PRE_SCRIPT}" # Pre +EXEC_CMD_BIN="${ENV_EXEC_CMD_BIN:-$EXEC_CMD_BIN}" # command to execute +EXEC_CMD_NAME="$(basename "$EXEC_CMD_BIN")" # set the binary name +SERVICE_PID_FILE="/run/init.d/$EXEC_CMD_NAME.pid" # set the pid file location +EXEC_CMD_ARGS="${ENV_EXEC_CMD_ARGS:-$EXEC_CMD_ARGS}" # command arguments +SERVICE_PID_NUMBER="$(__pgrep)" # check if running +EXEC_CMD_BIN="$(type -P "$EXEC_CMD_BIN" || echo "$EXEC_CMD_BIN")" # set full path +EXEC_PRE_SCRIPT="$(type -P "$EXEC_PRE_SCRIPT" || echo "$EXEC_PRE_SCRIPT")" # set full path +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# create auth directories +[ -n "$USER_FILE_PREFIX" ] && { [ -d "$USER_FILE_PREFIX" ] || mkdir -p "$USER_FILE_PREFIX"; } +[ -n "$ROOT_FILE_PREFIX" ] && { [ -d "$ROOT_FILE_PREFIX" ] || mkdir -p "$ROOT_FILE_PREFIX"; } +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +[ "$IS_WEB_SERVER" = "yes" ] && RESET_ENV="yes" +[ "$IS_DATABASE_SERVICE" = "yes" ] && RESET_ENV="no" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Allow per init script usernames and passwords +__file_exists_with_content "$ETC_DIR/auth/user/name" && user_name="$(<"$ETC_DIR/auth/user/name")" +__file_exists_with_content "$ETC_DIR/auth/user/pass" && user_pass="$(<"$ETC_DIR/auth/user/pass")" +__file_exists_with_content "$ETC_DIR/auth/root/name" && root_user_name="$(<"$ETC_DIR/auth/root/name")" +__file_exists_with_content "$ETC_DIR/auth/root/pass" && root_user_pass="$(<"$ETC_DIR/auth/root/pass")" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Allow setting initial users and passwords via environment +user_name="${user_name:-$ENV_USER_NAME}" +user_pass="${user_pass:-$ENV_USER_PASS}" +root_user_name="${root_user_name:-$ENV_ROOT_USER_NAME}" +root_user_pass="${root_user_pass:-$ENV_ROOT_USER_PASS}" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# set password to random if variable is random +if [ "$user_pass" = "random" ]; then + user_pass="$(__random_password)" +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +if [ "$root_user_pass" = "random" ]; then + root_user_pass="$(__random_password)" +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Allow variables via imports - Overwrite existing +[ -f "/config/env/${SERVICE_NAME:-$SCRIPT_NAME}.sh" ] && . "/config/env/${SERVICE_NAME:-$SCRIPT_NAME}.sh" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Only run check +if [ "$1" = "check" ]; then + __proc_check "$EXEC_CMD_NAME" || __proc_check "$EXEC_CMD_BIN" + exit $? +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# show message if env exists +if [ -n "$EXEC_CMD_BIN" ]; then + [ -n "$SERVICE_USER" ] && echo "Setting up service to run as $SERVICE_USER" || SERVICE_USER="root" + [ -n "$SERVICE_PORT" ] && echo "${EXEC_CMD_NAME:-$EXEC_CMD_BIN} will be running on $SERVICE_PORT" || SERVICE_PORT="" +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# set switch user command +if [ "$SERVICE_USER" = "root" ] || [ -z "$SERVICE_USER" ]; then + su_cmd() { eval "$*" || return 1; } +elif [ "$(builtin type -P gosu)" ]; then + su_cmd() { gosu $SERVICE_USER "$@" || return 1; } +elif [ "$(builtin type -P runuser)" ]; then + su_cmd() { runuser -u $SERVICE_USER "$@" || return 1; } +elif [ "$(builtin type -P sudo)" ]; then + su_cmd() { sudo -u $SERVICE_USER "$@" || return 1; } +elif [ "$(builtin type -P su)" ]; then + su_cmd() { su -s /bin/sh - $SERVICE_USER -c "$@" || return 1; } +else + echo "Can not switch to $SERVICE_USER: attempting to run as root" + su_cmd() { eval "$*" || return 1; } +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Change to working directory +[ -n "$WORK_DIR" ] && [ -n "$EXEC_CMD_BIN" ] && __cd "$WORK_DIR" && echo "Changed to $PWD" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# show init message +__pre_message +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Initialize ssl +__update_ssl_conf +__update_ssl_certs +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Updating config files +__create_service_env +__update_conf_files +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# run the pre execute commands +[ -n "$PRE_EXEC_MESSAGE" ] && echo "$PRE_EXEC_MESSAGE" +__pre_execute +__run_secure_function +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +__run_start_script "$@" |& tee -a "/data/logs/entrypoint.log" &>/dev/null +if [ "$?" -ne 0 ] && [ -n "$EXEC_CMD_BIN" ]; then + echo "Failed to execute: $EXEC_CMD_BIN $EXEC_CMD_ARGS" |& tee -a "/data/logs/entrypoint.log" "$LOG_DIR/init.txt" + SERVICE_EXIT_CODE=10 + SERVICE_IS_RUNNING="false" + rm -Rf "$SERVICE_PID_FILE" +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +exit $SERVICE_EXIT_CODE diff --git a/init/00-redis.sh b/init/00-redis.sh new file mode 100755 index 0000000..5a444d8 --- /dev/null +++ b/init/00-redis.sh @@ -0,0 +1,491 @@ +#!/usr/bin/env bash +# shellcheck shell=bash +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +##@Version : 202308221821-git +# @@Author : Jason Hempstead +# @@Contact : jason@casjaysdev.pro +# @@License : WTFPL +# @@ReadME : 00-redis.sh --help +# @@Copyright : Copyright: (c) 2023 Jason Hempstead, Casjays Developments +# @@Created : Tuesday, Aug 22, 2023 18:21 EDT +# @@File : 00-redis.sh +# @@Description : +# @@Changelog : New script +# @@TODO : Better documentation +# @@Other : +# @@Resource : +# @@Terminal App : no +# @@sudo/root : no +# @@Template : shell/bash +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# shellcheck disable=SC2016 +# shellcheck disable=SC2031 +# shellcheck disable=SC2120 +# shellcheck disable=SC2155 +# shellcheck disable=SC2199 +# shellcheck disable=SC2317 +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# https://www.gnu.org/software/bash/manual/html_node/The-Set-Builtin.html +[ "$DEBUGGER" = "on" ] && echo "Enabling debugging" && set -o pipefail -x$DEBUGGER_OPTIONS || set -o pipefail +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +printf '%s\n' "# - - - Initializing redis - - - #" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +SERVICE_NAME="redis" +SCRIPT_NAME="$(basename "$0" 2>/dev/null)" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +export PATH="/usr/local/etc/docker/bin:/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# run trap command on exit +trap 'retVal=$?;[ "$SERVICE_IS_RUNNING" != "true" ] && [ -f "$SERVICE_PID_FILE" ] && rm -Rf "$SERVICE_PID_FILE";exit $retVal' SIGINT SIGTERM EXIT +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# import the functions file +if [ -f "/usr/local/etc/docker/functions/entrypoint.sh" ]; then + . "/usr/local/etc/docker/functions/entrypoint.sh" +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# import variables +for set_env in "/root/env.sh" "/usr/local/etc/docker/env"/*.sh "/config/env"/*.sh; do + [ -f "$set_env" ] && . "$set_env" +done +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Custom functions + +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Reset environment before executing service +RESET_ENV="yes" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Show message before execute +PRE_EXEC_MESSAGE="" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# set the database directory +DATABASE_DIR="${DATABASE_DIR_REDIS:-/data/db/redis}" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Set webroot +WWW_DIR="/usr/share/webapps/redis" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Default predefined variables +DATA_DIR="/data" # set data directory +CONF_DIR="/config" # set config directory +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# set the containers etc directory +ETC_DIR="/etc/redis" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +RUN_DIR="/run/init.d" # set scripts pid dir +LOG_DIR="/data/logs/redis" # set log directory +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Set the working dir +WORK_DIR="" # set working directory +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Where to save passwords to +ROOT_FILE_PREFIX="/config/secure/auth/root" # directory to save username/password for root user +USER_FILE_PREFIX="/config/secure/auth/user" # directory to save username/password for normal user +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# root/admin user info password/random] +root_user_name="${REDIS_ROOT_USER_NAME:-root}" # root user name +root_user_pass="${REDIS_ROOT_PASS_WORD:-random}" # root user password +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Normal user info [password/random] +user_name="${REDIS_USER_NAME:-}" # normal user name +user_pass="${REDIS_USER_PASS_WORD:-}" # normal user password +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Overwrite variables from files +__file_exists_with_content "${USER_FILE_PREFIX}/${SERVICE_NAME}_name" && user_name="$(<"${USER_FILE_PREFIX}/${SERVICE_NAME}_name")" +__file_exists_with_content "${USER_FILE_PREFIX}/${SERVICE_NAME}_pass" && user_pass="$(<"${USER_FILE_PREFIX}/${SERVICE_NAME}_pass")" +__file_exists_with_content "${ROOT_FILE_PREFIX}/${SERVICE_NAME}_name" && root_user_name="$(<"${ROOT_FILE_PREFIX}/${SERVICE_NAME}_name")" +__file_exists_with_content "${ROOT_FILE_PREFIX}/${SERVICE_NAME}_pass" && root_user_pass="$(<"${ROOT_FILE_PREFIX}/${SERVICE_NAME}_pass")" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# port which service is listening on +SERVICE_PORT="6379" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# execute command variables +SERVICE_UID="0" # set the user id +SERVICE_USER="root" # execute command as another user +EXEC_CMD_BIN="redis" # command to execute +EXEC_CMD_ARGS="redis-server" # command arguments +EXEC_PRE_SCRIPT="$ETC_DIR/redis.conf" # execute script before +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Is this service a web server +IS_WEB_SERVER="no" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Is this service a database server +IS_DATABASE_SERVICE="yes" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Additional predefined variables + +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Additional variables + +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Specifiy custom directories to be created +ADD_APPLICATION_FILES="" +ADD_APPLICATION_DIRS="" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +APPLICATION_FILES="$LOG_DIR/redis.log" +APPLICATION_DIRS="$RUN_DIR $ETC_DIR $CONF_DIR $LOG_DIR" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# define variables that need to be loaded into the service - escape quotes - var=\"value\",other=\"test\" +CMD_ENV="" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# use this function to update config files - IE: change port +__update_conf_files() { + local exitCode=0 # default exit code + local user="${SERVICE_USER:-root}" # specifiy different user + local runas="root" # run as a different user + local sysname="${SERVER_NAME:-$HOSTNAME}" # set hostname + + # delete files + #__rm "" + + # define actions + + # create default directories + for filedirs in $ADD_APPLICATION_DIRS $APPLICATION_DIRS; do + if [ -n "$filedirs" ] && [ ! -d "$filedirs" ]; then + ( + echo "Creating directory $filedirs with permissions 777" + mkdir -p "$filedirs" && chmod -Rf 777 "$filedirs" + ) |& tee -a "$LOG_DIR/init.txt" &>/dev/null + fi + done + # create default files + for application_files in $ADD_APPLICATION_FILES $APPLICATION_FILES; do + if [ -n "$application_files" ] && [ ! -e "$application_files" ]; then + ( + echo "Creating file $application_files with permissions 777" + touch "$application_files" && chmod -Rf 777 "$application_files" + ) |& tee -a "$LOG_DIR/init.txt" &>/dev/null + fi + done + # create directories if variable is yes" + if [ "$IS_WEB_SERVER" = "yes" ]; then + APPLICATION_DIRS="$APPLICATION_DIRS $WWW_DIR" + if [ ! -d "$WWW_DIR" ]; then + (echo "Creating directory $WWW_DIR with permissions 777" && mkdir -p "$WWW_DIR" && chmod -f 777 "$WWW_DIR") |& tee -a "$LOG_DIR/init.txt" &>/dev/null + fi + __initialize_web_health "$WWW_DIR" + fi + if [ "$IS_DATABASE_SERVICE" = "yes" ]; then + APPLICATION_DIRS="$APPLICATION_DIRS $DATABASE_DIR" + if [ ! -d "$DATABASE_DIR" ]; then + (echo "Creating directory $DATABASE_DIR with permissions 777" && mkdir -p "$DATABASE_DIR" && chmod -f 777 "$DATABASE_DIR") |& tee -a "$LOG_DIR/init.txt" &>/dev/null + fi + fi + # copy config files to system + __file_copy "$CONF_DIR/." "$ETC_DIR/" |& tee -a "$LOG_DIR/init.txt" &>/dev/null + # replace variables + # __replace "" "" "$ETC_DIR/redis.conf" + # replace variables recursively + # __find_replace "" "" "$ETC_DIR/" + # replace defaults in ETC_DIR + __initialize_replace_variables "$ETC_DIR" + # custom commands + sysctl vm.overcommit_memory=1 + echo madvise >/sys/kernel/mm/transparent_hugepage/enabled + if [ -n "$root_user_name" ] && [ -n "$root_user_pass" ]; then + if ! grep -qs "$root_user_name" "$ETC_DIR/redis.conf"; then + echo 'user '$root_user_name' on +@all ~* >'$root_user_pass'' >>"$ETC_DIR/redis.conf" + fi + fi + grep -qs 'redis' /etc/passwd && chown -Rf redis. "$ETC_DIR" "$LOG_DIR" "$DATABASE_DIR" + + # unset unneeded variables + unset application_files filedirs + + return $exitCode +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# function to run before executing +__pre_execute() { + local exitCode=0 # default exit code + local user="${SERVICE_USER:-root}" # specifiy different user + local runas="root" # run as a different user + local sysname="${SERVER_NAME:-$HOSTNAME}" # set hostname + + # define commands + + # execute if directories is empty + #__is_dir_empty "" && true || false + + # create user if needed + # __create_service_user "$user" "/home/$user" "${USER_GID:-${USER_UID:-1000}" + # set user on files/folders + if [ -n "$user" ] && [ "$user" != "root" ]; then + if grep -s -q "$user:" "/etc/passwd"; then + for permissions in $ADD_APPLICATION_DIRS $APPLICATION_DIRS; do + if [ -n "$permissions" ] && [ -e "$permissions" ]; then + (chown -Rf $user:$user "$permissions" && echo "changed ownership on $permissions to $user") |& tee -a "$LOG_DIR/init.txt" &>/dev/null + fi + done + fi + fi + + # unset unneeded variables + unset filesperms filename + return $exitCode +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# function to run after executing +__post_execute() { + local exitCode=0 # default exit code + local user="${SERVICE_USER:-root}" # specifiy different user + local runas="root" # run as a different user + local sysname="${SERVER_NAME:-$HOSTNAME}" # set hostname + sleep 60 # how long to wait before executing + echo "Running post commands" # message + # execute commands + + return $exitCode +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# use this function to update config files - IE: change port +__pre_message() { + local exitCode=0 + [ -n "$user_name" ] && echo "username: $user_name" && echo "$user_name" >"${USER_FILE_PREFIX}/${SERVICE_NAME}_name" + [ -n "$user_pass" ] && echo "password: saved to ${USER_FILE_PREFIX}/${SERVICE_NAME}_pass" && echo "$user_pass" >"${USER_FILE_PREFIX}/${SERVICE_NAME}_pass" + [ -n "$root_user_name" ] && echo "root username: $root_user_name" && echo "$root_user_name" >"${ROOT_FILE_PREFIX}/${SERVICE_NAME}_name" + [ -n "$root_user_pass" ] && echo "root password: saved to ${ROOT_FILE_PREFIX}/${SERVICE_NAME}_pass" && echo "$root_user_pass" >"${ROOT_FILE_PREFIX}/${SERVICE_NAME}_pass" + + return $exitCode +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# use this function to setup ssl support +__update_ssl_conf() { + local exitCode=0 + local sysname="${SERVER_NAME:-$HOSTNAME}" # set hostname + + return $exitCode +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +__create_service_env() { + cat </dev/null +# ENV_WORKDIR="${ENV_WORKDIR:-$WORK_DIR}" # change to directory +# ENV_WWW_DIR="${ENV_WWW_DIR:-$WWW_DIR}" # set default web dir +# ENV_ETC_DIR="${ENV_ETC_DIR:-$ETC_DIR}" # set default etc dir +# ENV_DATA_DIR="${ENV_DATA_DIR:-$DATA_DIR}" # set default data dir +# ENV_CONF_DIR="${ENV_CONF_DIR:-$CONF_DIR}" # set default config dir +# ENV_DATABASE_DIR="${ENV_DATABASE_DIR:-$DATABASE_DIR}" # set database dir +# ENV_SERVICE_USER="${ENV_SERVICE_USER:-$SERVICE_USER}" # execute command as another user +# ENV_SERVICE_UID="${ENV_SERVICE_UID:-$SERVICE_UID}" # set the user id +# ENV_SERVICE_PORT="${ENV_SERVICE_PORT:-$SERVICE_PORT}" # port which service is listening on +# EXEC_PRE_SCRIPT="${ENV_EXEC_PRE_SCRIPT:-$EXEC_PRE_SCRIPT}" # execute before commands +# EXEC_CMD_BIN="${ENV_EXEC_CMD_BIN:-$EXEC_CMD_BIN}" # command to execute +# EXEC_CMD_ARGS="${ENV_EXEC_CMD_ARGS:-$EXEC_CMD_ARGS}" # command arguments +# EXEC_CMD_NAME="$(basename "$EXEC_CMD_BIN")" # set the binary name +# ENV_USER_NAME="${user_name:-$ENV_USER_NAME}" # +# ENV_USER_PASS="${user_pass:-$ENV_USER_PASS}" # +# ENV_ROOT_USER_NAME="${root_user_name:-$ENV_ROOT_USER_NAME}" # +# ENV_ROOT_USER_PASS="${root_user_pass:-$ENV_ROOT_USER_PASS}" # + +EOF + __file_exists_with_content "/config/env/${SERVICE_NAME:-$SCRIPT_NAME}.sh" || return 1 +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# script to start server +__run_start_script() { + local user="${SERVICE_USER:-root}" + local cmd="${EXEC_CMD_BIN:-}" + local args="${EXEC_CMD_ARGS:-}" + local name="${EXEC_CMD_NAME:-}" + local pre="${EXEC_PRE_SCRIPT:-}" + local workdir="${WORK_DIR:-$WORK_DIR}" + local lc_type="${LC_ALL:-${LC_CTYPE:-$LANG}}" + local home="${workdir//\/root/\/tmp\/docker}" + local path="/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin" + local sysname="${SERVER_NAME:-$HOSTNAME}" # set hostname + local message="" + if [ -z "$cmd" ]; then + __post_execute 2>"/dev/stderr" |& tee -a "$LOG_DIR/init.txt" &>/dev/null + echo "Initializing $SCRIPT_NAME has completed" + else + # ensure the command exists + if [ ! -x "$cmd" ]; then + echo "$name is not a valid executable" + exit 2 + fi + # set working directories + [ -z "$home" ] && home="${workdir:-/tmp/docker}" + [ "$home" = "/root" ] && home="/tmp/docker" + [ "$home" = "$workdir" ] && workdir="" + # create needed directories + [ -n "$home" ] && { [ -d "$home" ] || mkdir -p "$home"; } + [ -n "$workdir" ] && { [ -d "$workdir" ] || mkdir -p "$workdir" || workdir="/tmp"; } + [ -n "$workdir" ] && __cd "$workdir" || { [ -n "$home" ] && __cd "$home"; } || __cd "/tmp" + [ "$user" != "root " ] && [ -d "$home" ] && chmod -f 777 "$home" + [ "$user" != "root " ] && [ -d "$workdir" ] && chmod -f 777 "$workdir" + # check and exit if already running + if __proc_check "$name" || __proc_check "$cmd"; then + echo "$name is already running" >&2 + exit 0 + else + if [ -n "$pre" ] && [ -f "$pre" ]; then + cmd_exec="$pre $cmd $args" + message="Starting service: $name $args through $pre" + else + cmd_exec="$cmd $args" + message="Starting service: $name $args" + fi + echo "$message" + su_cmd touch "$SERVICE_PID_FILE" + __post_execute 2>"/dev/stderr" 2>&1 |& tee -a "$LOG_DIR/init.txt" &>/dev/null & + if [ "$RESET_ENV" = "yes" ]; then + su_cmd env -i HOME="$home" LC_CTYPE="$lc_type" PATH="$path" HOSTNAME="$sysname" USER="$user" ${CMD_ENV//,/ } sh -c "$cmd_exec" || return 10 + else + eval "$cmd_exec" || return 10 + fi + fi + fi +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# username and password actions +__run_secure_function() { + if [ -n "$user_name" ] || [ -n "$user_pass" ]; then + for filesperms in "${USER_FILE_PREFIX}"/*; do + if [ -e "$filesperms" ]; then + chmod -Rf 600 "$filesperms" + chown -Rf root:root "$filesperms" + fi + done |& tee -a "$LOG_DIR/init.txt" &>/dev/null + fi + if [ -n "$root_user_name" ] || [ -n "$root_user_pass" ]; then + for filesperms in "${ROOT_FILE_PREFIX}"/*; do + if [ -e "$filesperms" ]; then + chmod -Rf 600 "$filesperms" + chown -Rf root:root "$filesperms" + fi + done |& tee -a "$LOG_DIR/init.txt" &>/dev/null + fi +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# simple cd function +__cd() { mkdir -p "$1" && builtin cd "$1" || exit 1; } +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# process check functions +__pcheck() { [ -n "$(type -P pgrep 2>/dev/null)" ] && pgrep -x "$1" &>/dev/null && return 0 || return 10; } +__pgrep() { __pcheck "${1:-$EXEC_CMD_BIN}" || __ps aux 2>/dev/null | grep -Fw " ${1:-$EXEC_CMD_BIN}" | grep -qv ' grep' | grep '^' && return 0 || return 10; } +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# check if process is already running +__proc_check() { + cmd_bin="$(type -P "${1:-$EXEC_CMD_BIN}")" + cmd_name="$(basename "${cmd_bin:-$EXEC_CMD_NAME}")" + if __pgrep "$cmd_bin" || __pgrep "$cmd_name"; then + SERVICE_IS_RUNNING="true" + touch "$SERVICE_PID_FILE" + echo "$cmd_name is already running" + return 0 + else + return 1 + fi +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Allow ENV_ variable - Import env file +__file_exists_with_content"/config/env/${SERVICE_NAME:-$SCRIPT_NAME}.sh" && . "/config/env/${SERVICE_NAME:-$SCRIPT_NAME}.sh" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +SERVICE_EXIT_CODE=0 # default exit code +WORK_DIR="${ENV_WORKDIR:-$WORK_DIR}" # change to directory +WWW_DIR="${ENV_WWW_DIR:-$WWW_DIR}" # set default web dir +ETC_DIR="${ENV_ETC_DIR:-$ETC_DIR}" # set default etc dir +DATA_DIR="${ENV_DATA_DIR:-$DATA_DIR}" # set default data dir +CONF_DIR="${ENV_CONF_DIR:-$CONF_DIR}" # set default config dir +DATABASE_DIR="${ENV_DATABASE_DIR:-$DATABASE_DIR}" # set database dir +SERVICE_USER="${ENV_SERVICE_USER:-$SERVICE_USER}" # execute command as another user +SERVICE_UID="${ENV_SERVICE_UID:-$SERVICE_UID}" # set the user id +SERVICE_PORT="${ENV_SERVICE_PORT:-$SERVICE_PORT}" # port which service is listening on +PRE_EXEC_MESSAGE="${ENV_PRE_EXEC_MESSAGE:-$PRE_EXEC_MESSAGE}" # Show message before execute +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# application specific +EXEC_PRE_SCRIPT="${ENV_EXEC_PRE_SCRIPT:-$EXEC_PRE_SCRIPT}" # Pre +EXEC_CMD_BIN="${ENV_EXEC_CMD_BIN:-$EXEC_CMD_BIN}" # command to execute +EXEC_CMD_NAME="$(basename "$EXEC_CMD_BIN")" # set the binary name +SERVICE_PID_FILE="/run/init.d/$EXEC_CMD_NAME.pid" # set the pid file location +EXEC_CMD_ARGS="${ENV_EXEC_CMD_ARGS:-$EXEC_CMD_ARGS}" # command arguments +SERVICE_PID_NUMBER="$(__pgrep)" # check if running +EXEC_CMD_BIN="$(type -P "$EXEC_CMD_BIN" || echo "$EXEC_CMD_BIN")" # set full path +EXEC_PRE_SCRIPT="$(type -P "$EXEC_PRE_SCRIPT" || echo "$EXEC_PRE_SCRIPT")" # set full path +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# create auth directories +[ -n "$USER_FILE_PREFIX" ] && { [ -d "$USER_FILE_PREFIX" ] || mkdir -p "$USER_FILE_PREFIX"; } +[ -n "$ROOT_FILE_PREFIX" ] && { [ -d "$ROOT_FILE_PREFIX" ] || mkdir -p "$ROOT_FILE_PREFIX"; } +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +[ "$IS_WEB_SERVER" = "yes" ] && RESET_ENV="yes" +[ "$IS_DATABASE_SERVICE" = "yes" ] && RESET_ENV="no" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Allow per init script usernames and passwords +__file_exists_with_content "$ETC_DIR/auth/user/name" && user_name="$(<"$ETC_DIR/auth/user/name")" +__file_exists_with_content "$ETC_DIR/auth/user/pass" && user_pass="$(<"$ETC_DIR/auth/user/pass")" +__file_exists_with_content "$ETC_DIR/auth/root/name" && root_user_name="$(<"$ETC_DIR/auth/root/name")" +__file_exists_with_content "$ETC_DIR/auth/root/pass" && root_user_pass="$(<"$ETC_DIR/auth/root/pass")" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Allow setting initial users and passwords via environment +user_name="${user_name:-$ENV_USER_NAME}" +user_pass="${user_pass:-$ENV_USER_PASS}" +root_user_name="${root_user_name:-$ENV_ROOT_USER_NAME}" +root_user_pass="${root_user_pass:-$ENV_ROOT_USER_PASS}" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# set password to random if variable is random +if [ "$user_pass" = "random" ]; then + user_pass="$(__random_password)" +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +if [ "$root_user_pass" = "random" ]; then + root_user_pass="$(__random_password)" +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Allow variables via imports - Overwrite existing +[ -f "/config/env/${SERVICE_NAME:-$SCRIPT_NAME}.sh" ] && . "/config/env/${SERVICE_NAME:-$SCRIPT_NAME}.sh" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Only run check +if [ "$1" = "check" ]; then + __proc_check "$EXEC_CMD_NAME" || __proc_check "$EXEC_CMD_BIN" + exit $? +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# show message if env exists +if [ -n "$EXEC_CMD_BIN" ]; then + [ -n "$SERVICE_USER" ] && echo "Setting up service to run as $SERVICE_USER" || SERVICE_USER="root" + [ -n "$SERVICE_PORT" ] && echo "${EXEC_CMD_NAME:-$EXEC_CMD_BIN} will be running on $SERVICE_PORT" || SERVICE_PORT="" +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# set switch user command +if [ "$SERVICE_USER" = "root" ] || [ -z "$SERVICE_USER" ]; then + su_cmd() { eval "$*" || return 1; } +elif [ "$(builtin type -P gosu)" ]; then + su_cmd() { gosu $SERVICE_USER "$@" || return 1; } +elif [ "$(builtin type -P runuser)" ]; then + su_cmd() { runuser -u $SERVICE_USER "$@" || return 1; } +elif [ "$(builtin type -P sudo)" ]; then + su_cmd() { sudo -u $SERVICE_USER "$@" || return 1; } +elif [ "$(builtin type -P su)" ]; then + su_cmd() { su -s /bin/sh - $SERVICE_USER -c "$@" || return 1; } +else + echo "Can not switch to $SERVICE_USER: attempting to run as root" + su_cmd() { eval "$*" || return 1; } +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Change to working directory +[ -n "$WORK_DIR" ] && [ -n "$EXEC_CMD_BIN" ] && __cd "$WORK_DIR" && echo "Changed to $PWD" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# show init message +__pre_message +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Initialize ssl +__update_ssl_conf +__update_ssl_certs +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Updating config files +__create_service_env +__update_conf_files +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# run the pre execute commands +[ -n "$PRE_EXEC_MESSAGE" ] && echo "$PRE_EXEC_MESSAGE" +__pre_execute +__run_secure_function +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +__run_start_script "$@" |& tee -a "/data/logs/entrypoint.log" &>/dev/null +if [ "$?" -ne 0 ] && [ -n "$EXEC_CMD_BIN" ]; then + echo "Failed to execute: $EXEC_CMD_BIN $EXEC_CMD_ARGS" |& tee -a "/data/logs/entrypoint.log" "$LOG_DIR/init.txt" + SERVICE_EXIT_CODE=10 + SERVICE_IS_RUNNING="false" + rm -Rf "$SERVICE_PID_FILE" +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +exit $SERVICE_EXIT_CODE diff --git a/init/05-php-fpm.sh b/init/05-php-fpm.sh new file mode 100644 index 0000000..e6d6593 --- /dev/null +++ b/init/05-php-fpm.sh @@ -0,0 +1,485 @@ +#!/usr/bin/env bash +# shellcheck shell=bash +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +##@Version : 202308221958-git +# @@Author : Jason Hempstead +# @@Contact : jason@casjaysdev.pro +# @@License : WTFPL +# @@ReadME : 05-php-fpm.sh --help +# @@Copyright : Copyright: (c) 2023 Jason Hempstead, Casjays Developments +# @@Created : Tuesday, Aug 22, 2023 19:58 EDT +# @@File : 05-php-fpm.sh +# @@Description : +# @@Changelog : New script +# @@TODO : Better documentation +# @@Other : +# @@Resource : +# @@Terminal App : no +# @@sudo/root : no +# @@Template : shell/bash +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# shellcheck disable=SC2016 +# shellcheck disable=SC2031 +# shellcheck disable=SC2120 +# shellcheck disable=SC2155 +# shellcheck disable=SC2199 +# shellcheck disable=SC2317 +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# https://www.gnu.org/software/bash/manual/html_node/The-Set-Builtin.html +[ "$DEBUGGER" = "on" ] && echo "Enabling debugging" && set -o pipefail -x$DEBUGGER_OPTIONS || set -o pipefail +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +printf '%s\n' "# - - - Initializing php - - - #" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +SERVICE_NAME="php" +SCRIPT_NAME="$(basename "$0" 2>/dev/null)" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +export PATH="/usr/local/etc/docker/bin:/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# run trap command on exit +trap 'retVal=$?;[ "$SERVICE_IS_RUNNING" != "true" ] && [ -f "$SERVICE_PID_FILE" ] && rm -Rf "$SERVICE_PID_FILE";exit $retVal' SIGINT SIGTERM EXIT +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# import the functions file +if [ -f "/usr/local/etc/docker/functions/entrypoint.sh" ]; then + . "/usr/local/etc/docker/functions/entrypoint.sh" +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# import variables +for set_env in "/root/env.sh" "/usr/local/etc/docker/env"/*.sh "/config/env"/*.sh; do + [ -f "$set_env" ] && . "$set_env" +done +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Custom functions + +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Reset environment before executing service +RESET_ENV="yes" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Show message before execute +PRE_EXEC_MESSAGE="" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# set the database directory +DATABASE_DIR="${DATABASE_DIR_PHP:-/data/db/php}" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Set webroot +WWW_DIR="/usr/share/webapps/php" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Default predefined variables +DATA_DIR="/data" # set data directory +CONF_DIR="/config" # set config directory +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# set the containers etc directory +ETC_DIR="/etc/php" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +RUN_DIR="/run/init.d" # set scripts pid dir +LOG_DIR="/data/logs/php" # set log directory +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Set the working dir +WORK_DIR="" # set working directory +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Where to save passwords to +ROOT_FILE_PREFIX="/config/secure/auth/root" # directory to save username/password for root user +USER_FILE_PREFIX="/config/secure/auth/user" # directory to save username/password for normal user +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# root/admin user info password/random] +root_user_name="${PHP_ROOT_USER_NAME:-}" # root user name +root_user_pass="${PHP_ROOT_PASS_WORD:-}" # root user password +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Normal user info [password/random] +user_name="${PHP_USER_NAME:-}" # normal user name +user_pass="${PHP_USER_PASS_WORD:-}" # normal user password +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Overwrite variables from files +__file_exists_with_content "${USER_FILE_PREFIX}/${SERVICE_NAME}_name" && user_name="$(<"${USER_FILE_PREFIX}/${SERVICE_NAME}_name")" +__file_exists_with_content "${USER_FILE_PREFIX}/${SERVICE_NAME}_pass" && user_pass="$(<"${USER_FILE_PREFIX}/${SERVICE_NAME}_pass")" +__file_exists_with_content "${ROOT_FILE_PREFIX}/${SERVICE_NAME}_name" && root_user_name="$(<"${ROOT_FILE_PREFIX}/${SERVICE_NAME}_name")" +__file_exists_with_content "${ROOT_FILE_PREFIX}/${SERVICE_NAME}_pass" && root_user_pass="$(<"${ROOT_FILE_PREFIX}/${SERVICE_NAME}_pass")" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# port which service is listening on +SERVICE_PORT="9000" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# execute command variables +SERVICE_UID="0" # set the user id +SERVICE_USER="nginx" # execute command as another user +EXEC_CMD_BIN="php-fpm" # command to execute +EXEC_CMD_ARGS="--allow-to-run-as-root --nodaemonize --fpm-config /etc/php/php-fpm.conf" # command arguments +EXEC_PRE_SCRIPT="" # execute script before +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Is this service a web server +IS_WEB_SERVER="no" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Is this service a database server +IS_DATABASE_SERVICE="no" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Additional predefined variables + +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Additional variables + +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Specifiy custom directories to be created +ADD_APPLICATION_FILES="" +ADD_APPLICATION_DIRS="" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +APPLICATION_FILES="$LOG_DIR/php.log" +APPLICATION_DIRS="$RUN_DIR $ETC_DIR $CONF_DIR $LOG_DIR" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# define variables that need to be loaded into the service - escape quotes - var=\"value\",other=\"test\" +CMD_ENV="" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# use this function to update config files - IE: change port +__update_conf_files() { + local exitCode=0 # default exit code + local user="${SERVICE_USER:-root}" # specifiy different user + local runas="root" # run as a different user + local sysname="${SERVER_NAME:-$HOSTNAME}" # set hostname + + # delete files + #__rm "" + + # define actions + + # create default directories + for filedirs in $ADD_APPLICATION_DIRS $APPLICATION_DIRS; do + if [ -n "$filedirs" ] && [ ! -d "$filedirs" ]; then + ( + echo "Creating directory $filedirs with permissions 777" + mkdir -p "$filedirs" && chmod -Rf 777 "$filedirs" + ) |& tee -a "$LOG_DIR/init.txt" &>/dev/null + fi + done + # create default files + for application_files in $ADD_APPLICATION_FILES $APPLICATION_FILES; do + if [ -n "$application_files" ] && [ ! -e "$application_files" ]; then + ( + echo "Creating file $application_files with permissions 777" + touch "$application_files" && chmod -Rf 777 "$application_files" + ) |& tee -a "$LOG_DIR/init.txt" &>/dev/null + fi + done + # create directories if variable is yes" + if [ "$IS_WEB_SERVER" = "yes" ]; then + APPLICATION_DIRS="$APPLICATION_DIRS $WWW_DIR" + if [ ! -d "$WWW_DIR" ]; then + (echo "Creating directory $WWW_DIR with permissions 777" && mkdir -p "$WWW_DIR" && chmod -f 777 "$WWW_DIR") |& tee -a "$LOG_DIR/init.txt" &>/dev/null + fi + __initialize_web_health "$WWW_DIR" + fi + if [ "$IS_DATABASE_SERVICE" = "yes" ]; then + APPLICATION_DIRS="$APPLICATION_DIRS $DATABASE_DIR" + if [ ! -d "$DATABASE_DIR" ]; then + (echo "Creating directory $DATABASE_DIR with permissions 777" && mkdir -p "$DATABASE_DIR" && chmod -f 777 "$DATABASE_DIR") |& tee -a "$LOG_DIR/init.txt" &>/dev/null + fi + fi + # copy config files to system + __file_copy "$CONF_DIR/." "$ETC_DIR/" |& tee -a "$LOG_DIR/init.txt" &>/dev/null + # replace variables + # __replace "" "" "$ETC_DIR/php.conf" + # replace variables recursively + # __find_replace "" "" "$ETC_DIR/" + # replace defaults in ETC_DIR + __initialize_replace_variables "$ETC_DIR" + # custom commands + sed -i 's|user.*=.*|user = '$user'|g' "$ETC_DIR"/*/www.conf + sed -i 's|group.*=.*|group = '$user'|g' "$ETC_DIR"/*/www.conf + + # unset unneeded variables + unset application_files filedirs + + return $exitCode +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# function to run before executing +__pre_execute() { + local exitCode=0 # default exit code + local user="${SERVICE_USER:-root}" # specifiy different user + local runas="root" # run as a different user + local sysname="${SERVER_NAME:-$HOSTNAME}" # set hostname + + # define commands + + # execute if directories is empty + #__is_dir_empty "" && true || false + + # create user if needed + # __create_service_user "$user" "/home/$user" "${USER_GID:-${USER_UID:-1000}" + # set user on files/folders + if [ -n "$user" ] && [ "$user" != "root" ]; then + if grep -s -q "$user:" "/etc/passwd"; then + for permissions in $ADD_APPLICATION_DIRS $APPLICATION_DIRS; do + if [ -n "$permissions" ] && [ -e "$permissions" ]; then + (chown -Rf $user:$user "$permissions" && echo "changed ownership on $permissions to $user") |& tee -a "$LOG_DIR/init.txt" &>/dev/null + fi + done + fi + fi + + # unset unneeded variables + unset filesperms filename + return $exitCode +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# function to run after executing +__post_execute() { + local exitCode=0 # default exit code + local user="${SERVICE_USER:-root}" # specifiy different user + local runas="root" # run as a different user + local sysname="${SERVER_NAME:-$HOSTNAME}" # set hostname + sleep 60 # how long to wait before executing + echo "Running post commands" # message + # execute commands + + return $exitCode +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# use this function to update config files - IE: change port +__pre_message() { + local exitCode=0 + [ -n "$user_name" ] && echo "username: $user_name" && echo "$user_name" >"${USER_FILE_PREFIX}/${SERVICE_NAME}_name" + [ -n "$user_pass" ] && echo "password: saved to ${USER_FILE_PREFIX}/${SERVICE_NAME}_pass" && echo "$user_pass" >"${USER_FILE_PREFIX}/${SERVICE_NAME}_pass" + [ -n "$root_user_name" ] && echo "root username: $root_user_name" && echo "$root_user_name" >"${ROOT_FILE_PREFIX}/${SERVICE_NAME}_name" + [ -n "$root_user_pass" ] && echo "root password: saved to ${ROOT_FILE_PREFIX}/${SERVICE_NAME}_pass" && echo "$root_user_pass" >"${ROOT_FILE_PREFIX}/${SERVICE_NAME}_pass" + + return $exitCode +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# use this function to setup ssl support +__update_ssl_conf() { + local exitCode=0 + local sysname="${SERVER_NAME:-$HOSTNAME}" # set hostname + + return $exitCode +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +__create_service_env() { + cat </dev/null +# ENV_WORKDIR="${ENV_WORKDIR:-$WORK_DIR}" # change to directory +# ENV_WWW_DIR="${ENV_WWW_DIR:-$WWW_DIR}" # set default web dir +# ENV_ETC_DIR="${ENV_ETC_DIR:-$ETC_DIR}" # set default etc dir +# ENV_DATA_DIR="${ENV_DATA_DIR:-$DATA_DIR}" # set default data dir +# ENV_CONF_DIR="${ENV_CONF_DIR:-$CONF_DIR}" # set default config dir +# ENV_DATABASE_DIR="${ENV_DATABASE_DIR:-$DATABASE_DIR}" # set database dir +# ENV_SERVICE_USER="${ENV_SERVICE_USER:-$SERVICE_USER}" # execute command as another user +# ENV_SERVICE_UID="${ENV_SERVICE_UID:-$SERVICE_UID}" # set the user id +# ENV_SERVICE_PORT="${ENV_SERVICE_PORT:-$SERVICE_PORT}" # port which service is listening on +# EXEC_PRE_SCRIPT="${ENV_EXEC_PRE_SCRIPT:-$EXEC_PRE_SCRIPT}" # execute before commands +# EXEC_CMD_BIN="${ENV_EXEC_CMD_BIN:-$EXEC_CMD_BIN}" # command to execute +# EXEC_CMD_ARGS="${ENV_EXEC_CMD_ARGS:-$EXEC_CMD_ARGS}" # command arguments +# EXEC_CMD_NAME="$(basename "$EXEC_CMD_BIN")" # set the binary name +# ENV_USER_NAME="${user_name:-$ENV_USER_NAME}" # +# ENV_USER_PASS="${user_pass:-$ENV_USER_PASS}" # +# ENV_ROOT_USER_NAME="${root_user_name:-$ENV_ROOT_USER_NAME}" # +# ENV_ROOT_USER_PASS="${root_user_pass:-$ENV_ROOT_USER_PASS}" # + +EOF + __file_exists_with_content "/config/env/${SERVICE_NAME:-$SCRIPT_NAME}.sh" || return 1 +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# script to start server +__run_start_script() { + local user="${SERVICE_USER:-root}" + local cmd="${EXEC_CMD_BIN:-}" + local args="${EXEC_CMD_ARGS:-}" + local name="${EXEC_CMD_NAME:-}" + local pre="${EXEC_PRE_SCRIPT:-}" + local workdir="${WORK_DIR:-$WORK_DIR}" + local lc_type="${LC_ALL:-${LC_CTYPE:-$LANG}}" + local home="${workdir//\/root/\/tmp\/docker}" + local path="/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin" + local sysname="${SERVER_NAME:-$HOSTNAME}" # set hostname + local message="" + if [ -z "$cmd" ]; then + __post_execute 2>"/dev/stderr" |& tee -a "$LOG_DIR/init.txt" &>/dev/null + echo "Initializing $SCRIPT_NAME has completed" + else + # ensure the command exists + if [ ! -x "$cmd" ]; then + echo "$name is not a valid executable" + exit 2 + fi + # set working directories + [ -z "$home" ] && home="${workdir:-/tmp/docker}" + [ "$home" = "/root" ] && home="/tmp/docker" + [ "$home" = "$workdir" ] && workdir="" + # create needed directories + [ -n "$home" ] && { [ -d "$home" ] || mkdir -p "$home"; } + [ -n "$workdir" ] && { [ -d "$workdir" ] || mkdir -p "$workdir" || workdir="/tmp"; } + [ -n "$workdir" ] && __cd "$workdir" || { [ -n "$home" ] && __cd "$home"; } || __cd "/tmp" + [ "$user" != "root " ] && [ -d "$home" ] && chmod -f 777 "$home" + [ "$user" != "root " ] && [ -d "$workdir" ] && chmod -f 777 "$workdir" + # check and exit if already running + if __proc_check "$name" || __proc_check "$cmd"; then + echo "$name is already running" >&2 + exit 0 + else + if [ -n "$pre" ] && [ -f "$pre" ]; then + cmd_exec="$pre $cmd $args" + message="Starting service: $name $args through $pre" + else + cmd_exec="$cmd $args" + message="Starting service: $name $args" + fi + echo "$message" + su_cmd touch "$SERVICE_PID_FILE" + __post_execute 2>"/dev/stderr" 2>&1 |& tee -a "$LOG_DIR/init.txt" &>/dev/null & + if [ "$RESET_ENV" = "yes" ]; then + su_cmd env -i HOME="$home" LC_CTYPE="$lc_type" PATH="$path" HOSTNAME="$sysname" USER="$user" ${CMD_ENV//,/ } sh -c "$cmd_exec" || return 10 + else + eval "$cmd_exec" || return 10 + fi + fi + fi +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# username and password actions +__run_secure_function() { + if [ -n "$user_name" ] || [ -n "$user_pass" ]; then + for filesperms in "${USER_FILE_PREFIX}"/*; do + if [ -e "$filesperms" ]; then + chmod -Rf 600 "$filesperms" + chown -Rf root:root "$filesperms" + fi + done |& tee -a "$LOG_DIR/init.txt" &>/dev/null + fi + if [ -n "$root_user_name" ] || [ -n "$root_user_pass" ]; then + for filesperms in "${ROOT_FILE_PREFIX}"/*; do + if [ -e "$filesperms" ]; then + chmod -Rf 600 "$filesperms" + chown -Rf root:root "$filesperms" + fi + done |& tee -a "$LOG_DIR/init.txt" &>/dev/null + fi +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# simple cd function +__cd() { mkdir -p "$1" && builtin cd "$1" || exit 1; } +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# process check functions +__pcheck() { [ -n "$(type -P pgrep 2>/dev/null)" ] && pgrep -x "$1" &>/dev/null && return 0 || return 10; } +__pgrep() { __pcheck "${1:-$EXEC_CMD_BIN}" || __ps aux 2>/dev/null | grep -Fw " ${1:-$EXEC_CMD_BIN}" | grep -qv ' grep' | grep '^' && return 0 || return 10; } +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# check if process is already running +__proc_check() { + cmd_bin="$(type -P "${1:-$EXEC_CMD_BIN}")" + cmd_name="$(basename "${cmd_bin:-$EXEC_CMD_NAME}")" + if __pgrep "$cmd_bin" || __pgrep "$cmd_name"; then + SERVICE_IS_RUNNING="true" + touch "$SERVICE_PID_FILE" + echo "$cmd_name is already running" + return 0 + else + return 1 + fi +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Allow ENV_ variable - Import env file +__file_exists_with_content"/config/env/${SERVICE_NAME:-$SCRIPT_NAME}.sh" && . "/config/env/${SERVICE_NAME:-$SCRIPT_NAME}.sh" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +SERVICE_EXIT_CODE=0 # default exit code +WORK_DIR="${ENV_WORKDIR:-$WORK_DIR}" # change to directory +WWW_DIR="${ENV_WWW_DIR:-$WWW_DIR}" # set default web dir +ETC_DIR="${ENV_ETC_DIR:-$ETC_DIR}" # set default etc dir +DATA_DIR="${ENV_DATA_DIR:-$DATA_DIR}" # set default data dir +CONF_DIR="${ENV_CONF_DIR:-$CONF_DIR}" # set default config dir +DATABASE_DIR="${ENV_DATABASE_DIR:-$DATABASE_DIR}" # set database dir +SERVICE_USER="${ENV_SERVICE_USER:-$SERVICE_USER}" # execute command as another user +SERVICE_UID="${ENV_SERVICE_UID:-$SERVICE_UID}" # set the user id +SERVICE_PORT="${ENV_SERVICE_PORT:-$SERVICE_PORT}" # port which service is listening on +PRE_EXEC_MESSAGE="${ENV_PRE_EXEC_MESSAGE:-$PRE_EXEC_MESSAGE}" # Show message before execute +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# application specific +EXEC_PRE_SCRIPT="${ENV_EXEC_PRE_SCRIPT:-$EXEC_PRE_SCRIPT}" # Pre +EXEC_CMD_BIN="${ENV_EXEC_CMD_BIN:-$EXEC_CMD_BIN}" # command to execute +EXEC_CMD_NAME="$(basename "$EXEC_CMD_BIN")" # set the binary name +SERVICE_PID_FILE="/run/init.d/$EXEC_CMD_NAME.pid" # set the pid file location +EXEC_CMD_ARGS="${ENV_EXEC_CMD_ARGS:-$EXEC_CMD_ARGS}" # command arguments +SERVICE_PID_NUMBER="$(__pgrep)" # check if running +EXEC_CMD_BIN="$(type -P "$EXEC_CMD_BIN" || echo "$EXEC_CMD_BIN")" # set full path +EXEC_PRE_SCRIPT="$(type -P "$EXEC_PRE_SCRIPT" || echo "$EXEC_PRE_SCRIPT")" # set full path +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# create auth directories +[ -n "$USER_FILE_PREFIX" ] && { [ -d "$USER_FILE_PREFIX" ] || mkdir -p "$USER_FILE_PREFIX"; } +[ -n "$ROOT_FILE_PREFIX" ] && { [ -d "$ROOT_FILE_PREFIX" ] || mkdir -p "$ROOT_FILE_PREFIX"; } +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +[ "$IS_WEB_SERVER" = "yes" ] && RESET_ENV="yes" +[ "$IS_DATABASE_SERVICE" = "yes" ] && RESET_ENV="no" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Allow per init script usernames and passwords +__file_exists_with_content "$ETC_DIR/auth/user/name" && user_name="$(<"$ETC_DIR/auth/user/name")" +__file_exists_with_content "$ETC_DIR/auth/user/pass" && user_pass="$(<"$ETC_DIR/auth/user/pass")" +__file_exists_with_content "$ETC_DIR/auth/root/name" && root_user_name="$(<"$ETC_DIR/auth/root/name")" +__file_exists_with_content "$ETC_DIR/auth/root/pass" && root_user_pass="$(<"$ETC_DIR/auth/root/pass")" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Allow setting initial users and passwords via environment +user_name="${user_name:-$ENV_USER_NAME}" +user_pass="${user_pass:-$ENV_USER_PASS}" +root_user_name="${root_user_name:-$ENV_ROOT_USER_NAME}" +root_user_pass="${root_user_pass:-$ENV_ROOT_USER_PASS}" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# set password to random if variable is random +if [ "$user_pass" = "random" ]; then + user_pass="$(__random_password)" +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +if [ "$root_user_pass" = "random" ]; then + root_user_pass="$(__random_password)" +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Allow variables via imports - Overwrite existing +[ -f "/config/env/${SERVICE_NAME:-$SCRIPT_NAME}.sh" ] && . "/config/env/${SERVICE_NAME:-$SCRIPT_NAME}.sh" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Only run check +if [ "$1" = "check" ]; then + __proc_check "$EXEC_CMD_NAME" || __proc_check "$EXEC_CMD_BIN" + exit $? +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# show message if env exists +if [ -n "$EXEC_CMD_BIN" ]; then + [ -n "$SERVICE_USER" ] && echo "Setting up service to run as $SERVICE_USER" || SERVICE_USER="root" + [ -n "$SERVICE_PORT" ] && echo "${EXEC_CMD_NAME:-$EXEC_CMD_BIN} will be running on $SERVICE_PORT" || SERVICE_PORT="" +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# set switch user command +if [ "$SERVICE_USER" = "root" ] || [ -z "$SERVICE_USER" ]; then + su_cmd() { eval "$*" || return 1; } +elif [ "$(builtin type -P gosu)" ]; then + su_cmd() { gosu $SERVICE_USER "$@" || return 1; } +elif [ "$(builtin type -P runuser)" ]; then + su_cmd() { runuser -u $SERVICE_USER "$@" || return 1; } +elif [ "$(builtin type -P sudo)" ]; then + su_cmd() { sudo -u $SERVICE_USER "$@" || return 1; } +elif [ "$(builtin type -P su)" ]; then + su_cmd() { su -s /bin/sh - $SERVICE_USER -c "$@" || return 1; } +else + echo "Can not switch to $SERVICE_USER: attempting to run as root" + su_cmd() { eval "$*" || return 1; } +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Change to working directory +[ -n "$WORK_DIR" ] && [ -n "$EXEC_CMD_BIN" ] && __cd "$WORK_DIR" && echo "Changed to $PWD" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# show init message +__pre_message +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Initialize ssl +__update_ssl_conf +__update_ssl_certs +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Updating config files +__create_service_env +__update_conf_files +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# run the pre execute commands +[ -n "$PRE_EXEC_MESSAGE" ] && echo "$PRE_EXEC_MESSAGE" +__pre_execute +__run_secure_function +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +__run_start_script "$@" |& tee -a "/data/logs/entrypoint.log" &>/dev/null +if [ "$?" -ne 0 ] && [ -n "$EXEC_CMD_BIN" ]; then + echo "Failed to execute: $EXEC_CMD_BIN $EXEC_CMD_ARGS" |& tee -a "/data/logs/entrypoint.log" "$LOG_DIR/init.txt" + SERVICE_EXIT_CODE=10 + SERVICE_IS_RUNNING="false" + rm -Rf "$SERVICE_PID_FILE" +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +exit $SERVICE_EXIT_CODE diff --git a/init/zz-nginx.sh b/init/zz-nginx.sh new file mode 100644 index 0000000..b377e94 --- /dev/null +++ b/init/zz-nginx.sh @@ -0,0 +1,489 @@ +#!/usr/bin/env bash +# shellcheck shell=bash +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +##@Version : 202308221957-git +# @@Author : Jason Hempstead +# @@Contact : jason@casjaysdev.pro +# @@License : WTFPL +# @@ReadME : zz-nginx.sh --help +# @@Copyright : Copyright: (c) 2023 Jason Hempstead, Casjays Developments +# @@Created : Tuesday, Aug 22, 2023 19:57 EDT +# @@File : zz-nginx.sh +# @@Description : +# @@Changelog : New script +# @@TODO : Better documentation +# @@Other : +# @@Resource : +# @@Terminal App : no +# @@sudo/root : no +# @@Template : shell/bash +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# shellcheck disable=SC2016 +# shellcheck disable=SC2031 +# shellcheck disable=SC2120 +# shellcheck disable=SC2155 +# shellcheck disable=SC2199 +# shellcheck disable=SC2317 +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# https://www.gnu.org/software/bash/manual/html_node/The-Set-Builtin.html +[ "$DEBUGGER" = "on" ] && echo "Enabling debugging" && set -o pipefail -x$DEBUGGER_OPTIONS || set -o pipefail +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +printf '%s\n' "# - - - Initializing nginx - - - #" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +SERVICE_NAME="nginx" +SCRIPT_NAME="$(basename "$0" 2>/dev/null)" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +export PATH="/usr/local/etc/docker/bin:/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# run trap command on exit +trap 'retVal=$?;[ "$SERVICE_IS_RUNNING" != "true" ] && [ -f "$SERVICE_PID_FILE" ] && rm -Rf "$SERVICE_PID_FILE";exit $retVal' SIGINT SIGTERM EXIT +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# import the functions file +if [ -f "/usr/local/etc/docker/functions/entrypoint.sh" ]; then + . "/usr/local/etc/docker/functions/entrypoint.sh" +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# import variables +for set_env in "/root/env.sh" "/usr/local/etc/docker/env"/*.sh "/config/env"/*.sh; do + [ -f "$set_env" ] && . "$set_env" +done +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Custom functions + +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Reset environment before executing service +RESET_ENV="yes" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Show message before execute +PRE_EXEC_MESSAGE="" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# set the database directory +DATABASE_DIR="${DATABASE_DIR_NGINX:-/data/db/nginx}" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Set webroot +WWW_DIR="/usr/share/webapps/nginx" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Default predefined variables +DATA_DIR="/data" # set data directory +CONF_DIR="/config" # set config directory +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# set the containers etc directory +ETC_DIR="/etc/nginx" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +RUN_DIR="/run/init.d" # set scripts pid dir +LOG_DIR="/data/logs/nginx" # set log directory +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Set the working dir +WORK_DIR="" # set working directory +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Where to save passwords to +ROOT_FILE_PREFIX="/config/secure/auth/root" # directory to save username/password for root user +USER_FILE_PREFIX="/config/secure/auth/user" # directory to save username/password for normal user +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# root/admin user info password/random] +root_user_name="${NGINX_ROOT_USER_NAME:-}" # root user name +root_user_pass="${NGINX_ROOT_PASS_WORD:-}" # root user password +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Normal user info [password/random] +user_name="${NGINX_USER_NAME:-}" # normal user name +user_pass="${NGINX_USER_PASS_WORD:-}" # normal user password +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Overwrite variables from files +__file_exists_with_content "${USER_FILE_PREFIX}/${SERVICE_NAME}_name" && user_name="$(<"${USER_FILE_PREFIX}/${SERVICE_NAME}_name")" +__file_exists_with_content "${USER_FILE_PREFIX}/${SERVICE_NAME}_pass" && user_pass="$(<"${USER_FILE_PREFIX}/${SERVICE_NAME}_pass")" +__file_exists_with_content "${ROOT_FILE_PREFIX}/${SERVICE_NAME}_name" && root_user_name="$(<"${ROOT_FILE_PREFIX}/${SERVICE_NAME}_name")" +__file_exists_with_content "${ROOT_FILE_PREFIX}/${SERVICE_NAME}_pass" && root_user_pass="$(<"${ROOT_FILE_PREFIX}/${SERVICE_NAME}_pass")" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# port which service is listening on +SERVICE_PORT="80" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# execute command variables +SERVICE_UID="0" # set the user id +SERVICE_USER="root" # execute command as another user +EXEC_CMD_BIN="nginx" # command to execute +EXEC_CMD_ARGS="-c $ETC_DIR/nginx.conf" # command arguments +EXEC_PRE_SCRIPT="" # execute script before +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Is this service a web server +IS_WEB_SERVER="yes" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Is this service a database server +IS_DATABASE_SERVICE="no" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Additional predefined variables + +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Additional variables + +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Specifiy custom directories to be created +ADD_APPLICATION_FILES="" +ADD_APPLICATION_DIRS="" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +APPLICATION_FILES="$LOG_DIR/nginx.log" +APPLICATION_DIRS="$RUN_DIR $ETC_DIR $CONF_DIR $LOG_DIR" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# define variables that need to be loaded into the service - escape quotes - var=\"value\",other=\"test\" +CMD_ENV="" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# use this function to update config files - IE: change port +__update_conf_files() { + local exitCode=0 # default exit code + local user="${SERVICE_USER:-root}" # specifiy different user + local runas="root" # run as a different user + local sysname="${SERVER_NAME:-$HOSTNAME}" # set hostname + local blowfish_pass="$(htpasswd -bnBC 10 "" password | tr -d ':\n' | sed 's/$2y/$2a/')" + # delete files + #__rm "" + + # define actions + + # create default directories + for filedirs in $ADD_APPLICATION_DIRS $APPLICATION_DIRS; do + if [ -n "$filedirs" ] && [ ! -d "$filedirs" ]; then + ( + echo "Creating directory $filedirs with permissions 777" + mkdir -p "$filedirs" && chmod -Rf 777 "$filedirs" + ) |& tee -a "$LOG_DIR/init.txt" &>/dev/null + fi + done + # create default files + for application_files in $ADD_APPLICATION_FILES $APPLICATION_FILES; do + if [ -n "$application_files" ] && [ ! -e "$application_files" ]; then + ( + echo "Creating file $application_files with permissions 777" + touch "$application_files" && chmod -Rf 777 "$application_files" + ) |& tee -a "$LOG_DIR/init.txt" &>/dev/null + fi + done + # create directories if variable is yes" + if [ "$IS_WEB_SERVER" = "yes" ]; then + APPLICATION_DIRS="$APPLICATION_DIRS $WWW_DIR" + if [ ! -d "$WWW_DIR" ]; then + (echo "Creating directory $WWW_DIR with permissions 777" && mkdir -p "$WWW_DIR" && chmod -f 777 "$WWW_DIR") |& tee -a "$LOG_DIR/init.txt" &>/dev/null + fi + __initialize_web_health "$WWW_DIR" + fi + if [ "$IS_DATABASE_SERVICE" = "yes" ]; then + APPLICATION_DIRS="$APPLICATION_DIRS $DATABASE_DIR" + if [ ! -d "$DATABASE_DIR" ]; then + (echo "Creating directory $DATABASE_DIR with permissions 777" && mkdir -p "$DATABASE_DIR" && chmod -f 777 "$DATABASE_DIR") |& tee -a "$LOG_DIR/init.txt" &>/dev/null + fi + fi + # copy config files to system + __file_copy "$CONF_DIR/." "$ETC_DIR/" |& tee -a "$LOG_DIR/init.txt" &>/dev/null + __file_copy "/config/phpmyadmin/." "/etc/phpmyadmin/" |& tee -a "$LOG_DIR/init.txt" &>/dev/null + # replace variables + sed -i 's|REPLACE_BLOWFISH_SECRECT|'$blowfish_pass'|g' /config/phpmyadmin/config.inc.php + # __replace "" "" "$ETC_DIR/nginx.conf" + # replace variables recursively + # __find_replace "" "" "$ETC_DIR/" + # replace defaults in ETC_DIR + __initialize_replace_variables "$ETC_DIR" + __initialize_replace_variables "/usr/local/share/wwwroot" + # custom commands + if [ ! -d "/config/phpmyadmin" ]; then + mkdir -p "/config/phpmyadmin" + __file_copy "/etc/phpmyadmin/." "/config/phpmyadmin/" |& tee -a "$LOG_DIR/init.txt" &>/dev/null + fi + # unset unneeded variables + unset application_files filedirs + + return $exitCode +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# function to run before executing +__pre_execute() { + local exitCode=0 # default exit code + local user="${SERVICE_USER:-root}" # specifiy different user + local runas="root" # run as a different user + local sysname="${SERVER_NAME:-$HOSTNAME}" # set hostname + + # define commands + + # execute if directories is empty + #__is_dir_empty "" && true || false + + # create user if needed + # __create_service_user "$user" "/home/$user" "${USER_GID:-${USER_UID:-1000}" + # set user on files/folders + if [ -n "$user" ] && [ "$user" != "root" ]; then + if grep -s -q "$user:" "/etc/passwd"; then + for permissions in $ADD_APPLICATION_DIRS $APPLICATION_DIRS; do + if [ -n "$permissions" ] && [ -e "$permissions" ]; then + (chown -Rf $user:$user "$permissions" && echo "changed ownership on $permissions to $user") |& tee -a "$LOG_DIR/init.txt" &>/dev/null + fi + done + fi + fi + + # unset unneeded variables + unset filesperms filename + return $exitCode +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# function to run after executing +__post_execute() { + local exitCode=0 # default exit code + local user="${SERVICE_USER:-root}" # specifiy different user + local runas="root" # run as a different user + local sysname="${SERVER_NAME:-$HOSTNAME}" # set hostname + sleep 60 # how long to wait before executing + echo "Running post commands" # message + # execute commands + + return $exitCode +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# use this function to update config files - IE: change port +__pre_message() { + local exitCode=0 + [ -n "$user_name" ] && echo "username: $user_name" && echo "$user_name" >"${USER_FILE_PREFIX}/${SERVICE_NAME}_name" + [ -n "$user_pass" ] && echo "password: saved to ${USER_FILE_PREFIX}/${SERVICE_NAME}_pass" && echo "$user_pass" >"${USER_FILE_PREFIX}/${SERVICE_NAME}_pass" + [ -n "$root_user_name" ] && echo "root username: $root_user_name" && echo "$root_user_name" >"${ROOT_FILE_PREFIX}/${SERVICE_NAME}_name" + [ -n "$root_user_pass" ] && echo "root password: saved to ${ROOT_FILE_PREFIX}/${SERVICE_NAME}_pass" && echo "$root_user_pass" >"${ROOT_FILE_PREFIX}/${SERVICE_NAME}_pass" + + return $exitCode +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# use this function to setup ssl support +__update_ssl_conf() { + local exitCode=0 + local sysname="${SERVER_NAME:-$HOSTNAME}" # set hostname + + return $exitCode +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +__create_service_env() { + cat </dev/null +# ENV_WORKDIR="${ENV_WORKDIR:-$WORK_DIR}" # change to directory +# ENV_WWW_DIR="${ENV_WWW_DIR:-$WWW_DIR}" # set default web dir +# ENV_ETC_DIR="${ENV_ETC_DIR:-$ETC_DIR}" # set default etc dir +# ENV_DATA_DIR="${ENV_DATA_DIR:-$DATA_DIR}" # set default data dir +# ENV_CONF_DIR="${ENV_CONF_DIR:-$CONF_DIR}" # set default config dir +# ENV_DATABASE_DIR="${ENV_DATABASE_DIR:-$DATABASE_DIR}" # set database dir +# ENV_SERVICE_USER="${ENV_SERVICE_USER:-$SERVICE_USER}" # execute command as another user +# ENV_SERVICE_UID="${ENV_SERVICE_UID:-$SERVICE_UID}" # set the user id +# ENV_SERVICE_PORT="${ENV_SERVICE_PORT:-$SERVICE_PORT}" # port which service is listening on +# EXEC_PRE_SCRIPT="${ENV_EXEC_PRE_SCRIPT:-$EXEC_PRE_SCRIPT}" # execute before commands +# EXEC_CMD_BIN="${ENV_EXEC_CMD_BIN:-$EXEC_CMD_BIN}" # command to execute +# EXEC_CMD_ARGS="${ENV_EXEC_CMD_ARGS:-$EXEC_CMD_ARGS}" # command arguments +# EXEC_CMD_NAME="$(basename "$EXEC_CMD_BIN")" # set the binary name +# ENV_USER_NAME="${user_name:-$ENV_USER_NAME}" # +# ENV_USER_PASS="${user_pass:-$ENV_USER_PASS}" # +# ENV_ROOT_USER_NAME="${root_user_name:-$ENV_ROOT_USER_NAME}" # +# ENV_ROOT_USER_PASS="${root_user_pass:-$ENV_ROOT_USER_PASS}" # + +EOF + __file_exists_with_content "/config/env/${SERVICE_NAME:-$SCRIPT_NAME}.sh" || return 1 +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# script to start server +__run_start_script() { + local user="${SERVICE_USER:-root}" + local cmd="${EXEC_CMD_BIN:-}" + local args="${EXEC_CMD_ARGS:-}" + local name="${EXEC_CMD_NAME:-}" + local pre="${EXEC_PRE_SCRIPT:-}" + local workdir="${WORK_DIR:-$WORK_DIR}" + local lc_type="${LC_ALL:-${LC_CTYPE:-$LANG}}" + local home="${workdir//\/root/\/tmp\/docker}" + local path="/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin" + local sysname="${SERVER_NAME:-$HOSTNAME}" # set hostname + local message="" + if [ -z "$cmd" ]; then + __post_execute 2>"/dev/stderr" |& tee -a "$LOG_DIR/init.txt" &>/dev/null + echo "Initializing $SCRIPT_NAME has completed" + else + # ensure the command exists + if [ ! -x "$cmd" ]; then + echo "$name is not a valid executable" + exit 2 + fi + # set working directories + [ -z "$home" ] && home="${workdir:-/tmp/docker}" + [ "$home" = "/root" ] && home="/tmp/docker" + [ "$home" = "$workdir" ] && workdir="" + # create needed directories + [ -n "$home" ] && { [ -d "$home" ] || mkdir -p "$home"; } + [ -n "$workdir" ] && { [ -d "$workdir" ] || mkdir -p "$workdir" || workdir="/tmp"; } + [ -n "$workdir" ] && __cd "$workdir" || { [ -n "$home" ] && __cd "$home"; } || __cd "/tmp" + [ "$user" != "root " ] && [ -d "$home" ] && chmod -f 777 "$home" + [ "$user" != "root " ] && [ -d "$workdir" ] && chmod -f 777 "$workdir" + # check and exit if already running + if __proc_check "$name" || __proc_check "$cmd"; then + echo "$name is already running" >&2 + exit 0 + else + if [ -n "$pre" ] && [ -f "$pre" ]; then + cmd_exec="$pre $cmd $args" + message="Starting service: $name $args through $pre" + else + cmd_exec="$cmd $args" + message="Starting service: $name $args" + fi + echo "$message" + su_cmd touch "$SERVICE_PID_FILE" + __post_execute 2>"/dev/stderr" 2>&1 |& tee -a "$LOG_DIR/init.txt" &>/dev/null & + if [ "$RESET_ENV" = "yes" ]; then + su_cmd env -i HOME="$home" LC_CTYPE="$lc_type" PATH="$path" HOSTNAME="$sysname" USER="$user" ${CMD_ENV//,/ } sh -c "$cmd_exec" || return 10 + else + eval "$cmd_exec" || return 10 + fi + fi + fi +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# username and password actions +__run_secure_function() { + if [ -n "$user_name" ] || [ -n "$user_pass" ]; then + for filesperms in "${USER_FILE_PREFIX}"/*; do + if [ -e "$filesperms" ]; then + chmod -Rf 600 "$filesperms" + chown -Rf root:root "$filesperms" + fi + done |& tee -a "$LOG_DIR/init.txt" &>/dev/null + fi + if [ -n "$root_user_name" ] || [ -n "$root_user_pass" ]; then + for filesperms in "${ROOT_FILE_PREFIX}"/*; do + if [ -e "$filesperms" ]; then + chmod -Rf 600 "$filesperms" + chown -Rf root:root "$filesperms" + fi + done |& tee -a "$LOG_DIR/init.txt" &>/dev/null + fi +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# simple cd function +__cd() { mkdir -p "$1" && builtin cd "$1" || exit 1; } +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# process check functions +__pcheck() { [ -n "$(type -P pgrep 2>/dev/null)" ] && pgrep -x "$1" &>/dev/null && return 0 || return 10; } +__pgrep() { __pcheck "${1:-$EXEC_CMD_BIN}" || __ps aux 2>/dev/null | grep -Fw " ${1:-$EXEC_CMD_BIN}" | grep -qv ' grep' | grep '^' && return 0 || return 10; } +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# check if process is already running +__proc_check() { + cmd_bin="$(type -P "${1:-$EXEC_CMD_BIN}")" + cmd_name="$(basename "${cmd_bin:-$EXEC_CMD_NAME}")" + if __pgrep "$cmd_bin" || __pgrep "$cmd_name"; then + SERVICE_IS_RUNNING="true" + touch "$SERVICE_PID_FILE" + echo "$cmd_name is already running" + return 0 + else + return 1 + fi +} +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Allow ENV_ variable - Import env file +__file_exists_with_content"/config/env/${SERVICE_NAME:-$SCRIPT_NAME}.sh" && . "/config/env/${SERVICE_NAME:-$SCRIPT_NAME}.sh" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +SERVICE_EXIT_CODE=0 # default exit code +WORK_DIR="${ENV_WORKDIR:-$WORK_DIR}" # change to directory +WWW_DIR="${ENV_WWW_DIR:-$WWW_DIR}" # set default web dir +ETC_DIR="${ENV_ETC_DIR:-$ETC_DIR}" # set default etc dir +DATA_DIR="${ENV_DATA_DIR:-$DATA_DIR}" # set default data dir +CONF_DIR="${ENV_CONF_DIR:-$CONF_DIR}" # set default config dir +DATABASE_DIR="${ENV_DATABASE_DIR:-$DATABASE_DIR}" # set database dir +SERVICE_USER="${ENV_SERVICE_USER:-$SERVICE_USER}" # execute command as another user +SERVICE_UID="${ENV_SERVICE_UID:-$SERVICE_UID}" # set the user id +SERVICE_PORT="${ENV_SERVICE_PORT:-$SERVICE_PORT}" # port which service is listening on +PRE_EXEC_MESSAGE="${ENV_PRE_EXEC_MESSAGE:-$PRE_EXEC_MESSAGE}" # Show message before execute +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# application specific +EXEC_PRE_SCRIPT="${ENV_EXEC_PRE_SCRIPT:-$EXEC_PRE_SCRIPT}" # Pre +EXEC_CMD_BIN="${ENV_EXEC_CMD_BIN:-$EXEC_CMD_BIN}" # command to execute +EXEC_CMD_NAME="$(basename "$EXEC_CMD_BIN")" # set the binary name +SERVICE_PID_FILE="/run/init.d/$EXEC_CMD_NAME.pid" # set the pid file location +EXEC_CMD_ARGS="${ENV_EXEC_CMD_ARGS:-$EXEC_CMD_ARGS}" # command arguments +SERVICE_PID_NUMBER="$(__pgrep)" # check if running +EXEC_CMD_BIN="$(type -P "$EXEC_CMD_BIN" || echo "$EXEC_CMD_BIN")" # set full path +EXEC_PRE_SCRIPT="$(type -P "$EXEC_PRE_SCRIPT" || echo "$EXEC_PRE_SCRIPT")" # set full path +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# create auth directories +[ -n "$USER_FILE_PREFIX" ] && { [ -d "$USER_FILE_PREFIX" ] || mkdir -p "$USER_FILE_PREFIX"; } +[ -n "$ROOT_FILE_PREFIX" ] && { [ -d "$ROOT_FILE_PREFIX" ] || mkdir -p "$ROOT_FILE_PREFIX"; } +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +[ "$IS_WEB_SERVER" = "yes" ] && RESET_ENV="yes" +[ "$IS_DATABASE_SERVICE" = "yes" ] && RESET_ENV="no" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Allow per init script usernames and passwords +__file_exists_with_content "$ETC_DIR/auth/user/name" && user_name="$(<"$ETC_DIR/auth/user/name")" +__file_exists_with_content "$ETC_DIR/auth/user/pass" && user_pass="$(<"$ETC_DIR/auth/user/pass")" +__file_exists_with_content "$ETC_DIR/auth/root/name" && root_user_name="$(<"$ETC_DIR/auth/root/name")" +__file_exists_with_content "$ETC_DIR/auth/root/pass" && root_user_pass="$(<"$ETC_DIR/auth/root/pass")" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Allow setting initial users and passwords via environment +user_name="${user_name:-$ENV_USER_NAME}" +user_pass="${user_pass:-$ENV_USER_PASS}" +root_user_name="${root_user_name:-$ENV_ROOT_USER_NAME}" +root_user_pass="${root_user_pass:-$ENV_ROOT_USER_PASS}" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# set password to random if variable is random +if [ "$user_pass" = "random" ]; then + user_pass="$(__random_password)" +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +if [ "$root_user_pass" = "random" ]; then + root_user_pass="$(__random_password)" +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Allow variables via imports - Overwrite existing +[ -f "/config/env/${SERVICE_NAME:-$SCRIPT_NAME}.sh" ] && . "/config/env/${SERVICE_NAME:-$SCRIPT_NAME}.sh" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Only run check +if [ "$1" = "check" ]; then + __proc_check "$EXEC_CMD_NAME" || __proc_check "$EXEC_CMD_BIN" + exit $? +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# show message if env exists +if [ -n "$EXEC_CMD_BIN" ]; then + [ -n "$SERVICE_USER" ] && echo "Setting up service to run as $SERVICE_USER" || SERVICE_USER="root" + [ -n "$SERVICE_PORT" ] && echo "${EXEC_CMD_NAME:-$EXEC_CMD_BIN} will be running on $SERVICE_PORT" || SERVICE_PORT="" +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# set switch user command +if [ "$SERVICE_USER" = "root" ] || [ -z "$SERVICE_USER" ]; then + su_cmd() { eval "$*" || return 1; } +elif [ "$(builtin type -P gosu)" ]; then + su_cmd() { gosu $SERVICE_USER "$@" || return 1; } +elif [ "$(builtin type -P runuser)" ]; then + su_cmd() { runuser -u $SERVICE_USER "$@" || return 1; } +elif [ "$(builtin type -P sudo)" ]; then + su_cmd() { sudo -u $SERVICE_USER "$@" || return 1; } +elif [ "$(builtin type -P su)" ]; then + su_cmd() { su -s /bin/sh - $SERVICE_USER -c "$@" || return 1; } +else + echo "Can not switch to $SERVICE_USER: attempting to run as root" + su_cmd() { eval "$*" || return 1; } +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Change to working directory +[ -n "$WORK_DIR" ] && [ -n "$EXEC_CMD_BIN" ] && __cd "$WORK_DIR" && echo "Changed to $PWD" +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# show init message +__pre_message +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Initialize ssl +__update_ssl_conf +__update_ssl_certs +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Updating config files +__create_service_env +__update_conf_files +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# run the pre execute commands +[ -n "$PRE_EXEC_MESSAGE" ] && echo "$PRE_EXEC_MESSAGE" +__pre_execute +__run_secure_function +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +__run_start_script "$@" |& tee -a "/data/logs/entrypoint.log" &>/dev/null +if [ "$?" -ne 0 ] && [ -n "$EXEC_CMD_BIN" ]; then + echo "Failed to execute: $EXEC_CMD_BIN $EXEC_CMD_ARGS" |& tee -a "/data/logs/entrypoint.log" "$LOG_DIR/init.txt" + SERVICE_EXIT_CODE=10 + SERVICE_IS_RUNNING="false" + rm -Rf "$SERVICE_PID_FILE" +fi +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +exit $SERVICE_EXIT_CODE diff --git a/wwwroot/www/404.html b/wwwroot/404.html similarity index 100% rename from wwwroot/www/404.html rename to wwwroot/404.html diff --git a/wwwroot/www/cgi-bin/env.cgi b/wwwroot/cgi-bin/env.cgi similarity index 100% rename from wwwroot/www/cgi-bin/env.cgi rename to wwwroot/cgi-bin/env.cgi diff --git a/wwwroot/www/cgi-bin/env.php b/wwwroot/cgi-bin/env.php similarity index 100% rename from wwwroot/www/cgi-bin/env.php rename to wwwroot/cgi-bin/env.php diff --git a/wwwroot/www/cgi-bin/env.pl b/wwwroot/cgi-bin/env.pl similarity index 100% rename from wwwroot/www/cgi-bin/env.pl rename to wwwroot/cgi-bin/env.pl diff --git a/wwwroot/www/cgi-bin/env.py b/wwwroot/cgi-bin/env.py similarity index 100% rename from wwwroot/www/cgi-bin/env.py rename to wwwroot/cgi-bin/env.py diff --git a/wwwroot/www/cgi-bin/env.rb b/wwwroot/cgi-bin/env.rb similarity index 100% rename from wwwroot/www/cgi-bin/env.rb rename to wwwroot/cgi-bin/env.rb diff --git a/wwwroot/www/cgi-bin/printenv b/wwwroot/cgi-bin/printenv similarity index 100% rename from wwwroot/www/cgi-bin/printenv rename to wwwroot/cgi-bin/printenv diff --git a/wwwroot/www/cgi-bin/printenv.vbs b/wwwroot/cgi-bin/printenv.vbs similarity index 100% rename from wwwroot/www/cgi-bin/printenv.vbs rename to wwwroot/cgi-bin/printenv.vbs diff --git a/wwwroot/www/cgi-bin/printenv.wsf b/wwwroot/cgi-bin/printenv.wsf similarity index 100% rename from wwwroot/www/cgi-bin/printenv.wsf rename to wwwroot/cgi-bin/printenv.wsf diff --git a/wwwroot/www/cgi-bin/test-cgi b/wwwroot/cgi-bin/test-cgi similarity index 100% rename from wwwroot/www/cgi-bin/test-cgi rename to wwwroot/cgi-bin/test-cgi diff --git a/wwwroot/www/css/bootstrap.css b/wwwroot/css/bootstrap.css similarity index 100% rename from wwwroot/www/css/bootstrap.css rename to wwwroot/css/bootstrap.css diff --git a/wwwroot/www/css/bootstrap.min.css b/wwwroot/css/bootstrap.min.css similarity index 100% rename from wwwroot/www/css/bootstrap.min.css rename to wwwroot/css/bootstrap.min.css diff --git a/wwwroot/www/css/bs.plain.css b/wwwroot/css/bs.plain.css similarity index 100% rename from wwwroot/www/css/bs.plain.css rename to wwwroot/css/bs.plain.css diff --git a/wwwroot/www/css/cookieconsent.css b/wwwroot/css/cookieconsent.css similarity index 100% rename from wwwroot/www/css/cookieconsent.css rename to wwwroot/css/cookieconsent.css diff --git a/wwwroot/www/css/errorpages.css b/wwwroot/css/errorpages.css similarity index 100% rename from wwwroot/www/css/errorpages.css rename to wwwroot/css/errorpages.css diff --git a/wwwroot/www/css/index.css b/wwwroot/css/index.css similarity index 100% rename from wwwroot/www/css/index.css rename to wwwroot/css/index.css diff --git a/wwwroot/www/favicon.ico b/wwwroot/favicon.ico similarity index 100% rename from wwwroot/www/favicon.ico rename to wwwroot/favicon.ico diff --git a/wwwroot/www/health/health/index.json b/wwwroot/health/health/index.json similarity index 100% rename from wwwroot/www/health/health/index.json rename to wwwroot/health/health/index.json diff --git a/wwwroot/www/health/health/index.txt b/wwwroot/health/health/index.txt similarity index 100% rename from wwwroot/www/health/health/index.txt rename to wwwroot/health/health/index.txt diff --git a/wwwroot/www/health/index.json b/wwwroot/health/index.json similarity index 100% rename from wwwroot/www/health/index.json rename to wwwroot/health/index.json diff --git a/wwwroot/www/health/index.txt b/wwwroot/health/index.txt similarity index 100% rename from wwwroot/www/health/index.txt rename to wwwroot/health/index.txt diff --git a/wwwroot/www/images/403.png b/wwwroot/images/403.png similarity index 100% rename from wwwroot/www/images/403.png rename to wwwroot/images/403.png diff --git a/wwwroot/www/images/404.gif b/wwwroot/images/404.gif similarity index 100% rename from wwwroot/www/images/404.gif rename to wwwroot/images/404.gif diff --git a/wwwroot/www/images/bg.png b/wwwroot/images/bg.png similarity index 100% rename from wwwroot/www/images/bg.png rename to wwwroot/images/bg.png diff --git a/wwwroot/www/images/favicon.ico b/wwwroot/images/favicon.ico similarity index 100% rename from wwwroot/www/images/favicon.ico rename to wwwroot/images/favicon.ico diff --git a/wwwroot/www/images/icon.png b/wwwroot/images/icon.png similarity index 100% rename from wwwroot/www/images/icon.png rename to wwwroot/images/icon.png diff --git a/wwwroot/www/images/icon.svg b/wwwroot/images/icon.svg similarity index 100% rename from wwwroot/www/images/icon.svg rename to wwwroot/images/icon.svg diff --git a/wwwroot/www/index.php b/wwwroot/index.php similarity index 100% rename from wwwroot/www/index.php rename to wwwroot/index.php diff --git a/wwwroot/www/info.php b/wwwroot/info.php similarity index 100% rename from wwwroot/www/info.php rename to wwwroot/info.php diff --git a/wwwroot/www/js/app.js b/wwwroot/js/app.js similarity index 100% rename from wwwroot/www/js/app.js rename to wwwroot/js/app.js diff --git a/wwwroot/www/js/bootstrap.min.js b/wwwroot/js/bootstrap.min.js similarity index 100% rename from wwwroot/www/js/bootstrap.min.js rename to wwwroot/js/bootstrap.min.js diff --git a/wwwroot/www/js/errorpages/homepage.js b/wwwroot/js/errorpages/homepage.js similarity index 100% rename from wwwroot/www/js/errorpages/homepage.js rename to wwwroot/js/errorpages/homepage.js diff --git a/wwwroot/www/js/errorpages/isup.js b/wwwroot/js/errorpages/isup.js similarity index 100% rename from wwwroot/www/js/errorpages/isup.js rename to wwwroot/js/errorpages/isup.js diff --git a/wwwroot/www/js/errorpages/loaddomain.js b/wwwroot/js/errorpages/loaddomain.js similarity index 100% rename from wwwroot/www/js/errorpages/loaddomain.js rename to wwwroot/js/errorpages/loaddomain.js diff --git a/wwwroot/www/js/errorpages/scale.fix.js b/wwwroot/js/errorpages/scale.fix.js similarity index 100% rename from wwwroot/www/js/errorpages/scale.fix.js rename to wwwroot/js/errorpages/scale.fix.js diff --git a/wwwroot/www/js/jquery/default.js b/wwwroot/js/jquery/default.js similarity index 100% rename from wwwroot/www/js/jquery/default.js rename to wwwroot/js/jquery/default.js diff --git a/wwwroot/www/js/passprotect.min.js b/wwwroot/js/passprotect.min.js similarity index 100% rename from wwwroot/www/js/passprotect.min.js rename to wwwroot/js/passprotect.min.js diff --git a/wwwroot/www/robots.txt b/wwwroot/robots.txt similarity index 100% rename from wwwroot/www/robots.txt rename to wwwroot/robots.txt diff --git a/wwwroot/www/site.webmanifest b/wwwroot/site.webmanifest similarity index 100% rename from wwwroot/www/site.webmanifest rename to wwwroot/site.webmanifest