docker-nginx-ssl/override/etc/s6-overlay/s6-rc.d/nginx/run

#!/command/with-contenv /bin/bash
# SPDX-FileCopyrightText: 2022 - 2024 Daniel Wolf <nephatrine@gmail.com>
#
# SPDX-License-Identifier: ISC

export HOME=/mnt/config/home
export DOMAINNAME=${SSLPRIMARY:-"example.net"}
export ADMINIP=${ADMINIP:-"127.0.0.1"}
export DNSADDR=${DNSADDR:-"8.8.8.8 8.8.4.4"}
export TRUSTSN=${TRUSTSN:-"192.168.0.0/16"}
export THISIP=$(/sbin/ifconfig | /bin/grep 'inet addr' | /usr/bin/head -1 | /usr/bin/tr ':' ' ' | /usr/bin/awk '{print $3}')
export THISSN=$(/sbin/ifconfig | /bin/grep 'inet addr' | /usr/bin/head -1 | /usr/bin/tr ':' ' ' | /usr/bin/awk '{print $7}')
export TRSTIP=$(/bin/ipcalc -n "$THISIP" "$THISSN" | /usr/bin/tr '=' ' ' | /usr/bin/awk '{print $2}')
export TRSTPF=$(/bin/ipcalc -p "$THISIP" "$THISSN" | /usr/bin/tr '=' ' ' | /usr/bin/awk '{print $2}')
export SSLPRIMARY=$(/bin/echo "$SSLDOMAINS" | /usr/bin/tr ',' ' ' | /usr/bin/awk '{print $1}')
export B_MODULI=${B_MODULI:-4096}

cd /mnt/config/home || exit 1

# Build Configuration

if [[ ! -d /mnt/config/etc/nginx.d ]]; then
  /command/s6-setuidgid guardian /bin/mkdir -p /mnt/config/etc/nginx.d
fi
for NGF in /etc/nginx/nginx.d/*; do
  NGE=/mnt/config/etc/nginx.d/$(/usr/bin/basename -- "$NGF")
  if [[ ! -f ${NGE} ]]; then
    /command/s6-setuidgid guardian /bin/cp "${NGF}" "${NGE}"
    /bin/sed -i -e "s/127.0.0.1/${ADMINIP}/g" "${NGE}"
    /bin/sed -i -e "s/example.net/${DOMAINNAME}/g" "${NGE}"
    /bin/sed -i -e "s~ip_from 192.168.0.0/16~ip_from ${TRSTIP}/${TRSTPF}~g" "${NGE}"
    /bin/sed -i -e "s~allow 192.168.0.0/16~allow ${TRUSTSN}~g" "${NGE}"
    if [[ -n "${SSLPRIMARY}" ]]; then
      /bin/sed -i -e 's/#NOSSL:/#/g' "${NGE}"
      /bin/sed -i -e 's/#SSL://g' "${NGE}"
    else
      /bin/sed -i -e 's/#NOSSL://g' "${NGE}"
      /bin/sed -i -e 's/#SSL:/#/g' "${NGE}"
    fi
  fi
done

if [[ ! -f /mnt/config/etc/nginx.conf ]]; then
  /command/s6-setuidgid guardian /bin/cp /etc/nginx/nginx.conf /mnt/config/etc/nginx.conf
  /bin/sed -i -e "s~8.8.8.8 8.8.4.4~${DNSADDR}~g" /mnt/config/etc/nginx.conf
  if [[ -n "${SSLPRIMARY}" ]]; then
    /bin/sed -i -e 's/#NOSSL:/#/g' /mnt/config/etc/nginx.conf
    /bin/sed -i -e 's/#SSL://g' /mnt/config/etc/nginx.conf
  else
    /bin/sed -i -e 's/#NOSSL://g' /mnt/config/etc/nginx.conf
    /bin/sed -i -e 's/#SSL:/#/g' /mnt/config/etc/nginx.conf
  fi
fi

if [[ -n "${SSLPRIMARY}" ]]; then
  if [[ ! -d /mnt/config/ssl ]]; then
    /command/s6-setuidgid guardian /bin/mkdir -p /mnt/config/ssl
    /command/s6-setuidgid guardian /bin/chmod 700 /mnt/config/ssl
  fi
  if [[ ! -f /mnt/config/ssl/dhparam.pem ]]; then
    /command/s6-setuidgid guardian /usr/bin/openssl dhparam -out /mnt/config/ssl/dhparam.pem "${B_MODULI}"
  fi
fi

if [[ ! -f /mnt/config/etc/mime.types ]]; then
  /command/s6-setuidgid guardian /bin/cp /etc/nginx/mime.types /mnt/config/etc/mime.types
fi

# Create Log Directory

if [[ ! -d /mnt/config/log ]]; then
  /command/s6-setuidgid guardian /bin/mkdir -p /mnt/config/log
fi
if [[ -f /mnt/config/log/nginx-access.log ]]; then
  /bin/chown guardian:users /mnt/config/log/nginx-access.log
else
  /command/s6-setuidgid guardian /bin/touch /mnt/config/log/nginx-access.log
fi
if [[ -f /mnt/config/log/nginx-error.log ]]; then
  /bin/chown guardian:users /mnt/config/log/nginx-error.log
else
  /command/s6-setuidgid guardian /bin/touch /mnt/config/log/nginx-error.log
fi
if [[ -f /var/log/nginx/error.log ]]; then
  /bin/cat /var/log/nginx/error.log | /command/s6-setuidgid guardian /usr/bin/tee -a /mnt/config/log/nginx-error.log
  /bin/rm -f /var/log/nginx/error.log
fi

# Create Web Directory

if [[ ! -d /mnt/config/www ]]; then
  /command/s6-setuidgid guardian /bin/mkdir -p /mnt/config/www/default
  if [[ -d /mnt/config/www ]]; then
    /command/s6-setuidgid guardian /bin/cp -Rn /var/www/html/* /mnt/config/www/default/
  fi
fi

# Start Service

if [[ -f /mnt/config/etc/nginx.conf ]]; then
  exec /usr/sbin/nginx -c /mnt/config/etc/nginx.conf;
else
  /bin/echo "** no config exists **"
  /bin/sleep 300
  exit 0
fi