v4.0.0 (#93)

## Major updates
* **Breaking Change** configuration is now handled using a JSON file instead of `conf.sh`
* Using `jq` to query JSON configuration file
* Adding `ssl-conf-schema.json`

## Minor updates
* Removing bash config sample file

## Documentation updates
* Updating README with details of conf.json

## Build updates
* Removing latest tag from publish

Author: bfren

.github/workflows/publish.yml

@@ -64,11 +64,9 @@ jobs:
           push: true
           platforms: linux/amd64,linux/arm/v7,linux/arm64
           tags: |
-            bfren/nginx-proxy:latest
             bfren/nginx-proxy:${{ steps.version_major.outputs.contents }}
             bfren/nginx-proxy:${{ steps.version_minor.outputs.contents }}
             bfren/nginx-proxy:${{ steps.version.outputs.contents }}
-            ghcr.io/bfren/nginx-proxy:latest
             ghcr.io/bfren/nginx-proxy:${{ steps.version_major.outputs.contents }}
             ghcr.io/bfren/nginx-proxy:${{ steps.version_minor.outputs.contents }}
             ghcr.io/bfren/nginx-proxy:${{ steps.version.outputs.contents }}

README.md

@@ -7,6 +7,8 @@
 
 Nginx Proxy which uses [getssl](https://github.com/srvrco/getssl) to automate requesting and renewing SSL certificates via Let's Encrypt.  Certificates are checked for renewal every day - the last check can be viewed in the `/ssl` volume.
 
+As of v4, configuration is handled via a JSON file - see ssl-conf-sample.json for an example and ssl-conf-schema.json for the full file definition.
+
 ## Contents
 
 * [Ports](#ports)
@@ -25,11 +27,11 @@ For SSL certificate requests to work correctly, ports 80 and 443 need mapping fr
 
 ## Volumes
 
-| Volume   | Purpose                                                                                                                                                                                                                                                |
-| -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| `/www`   | *From base image.*                                                                                                                                                                                                                                     |
-| `/sites` | Nginx site configuration, auto-generated on first run based on `conf.sh`.  After they are generated, you can alter them to suit their needs.  Running `nginx-regenerate` will wipe them all and start again.                                           |
-| `/ssl`   | Contains auto-generated SSL configuration and certificates (for backup purposes).  Your `conf.sh` file should be stored in here for auto-configuration (see `ssl-conf-sample.sh`).  Certificate update log (`update.log`) will be created here weekly. |
+| Volume   | Purpose                                                                                                                                                                                                                                                   |
+| -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `/www`   | *From base image.*                                                                                                                                                                                                                                        |
+| `/sites` | Nginx site configuration, auto-generated on first run based on `conf.json`.  After they are generated, you can alter them to suit their needs.  Running `nginx-regenerate` will wipe them all and start again.                                            |
+| `/ssl`   | Contains auto-generated SSL configuration and certificates (for backup purposes).  Your `conf.json` file should be stored in here for auto-configuration (see `ssl-conf-sample.json`).  Certificate update log (`update.log`) will be created here daily. |
 
 ## Environment Variables
 
@@ -40,20 +42,20 @@ For SSL certificate requests to work correctly, ports 80 and 443 need mapping fr
 | `PROXY_LETS_ENCRYPT_EMAIL`           | A valid email address | Used by Lets Encrypt for notification emails.                                                                                                | *None* - **required** |
 | `PROXY_LETS_ENCRYPT_LIVE`            | 0 or 1                | Only set to 1 (to request live certificates) when your config is correct - Lets Encrypt rate limit certificate requests.                     | 0                     |
 | `PROXY_SSL_DHPARAM_BITS`             | A valid integer       | The size of your DHPARAM variables - adjust down only if you have limited processing resources.                                              | 4096                  |
-| `PROXY_SSL_REDIRECT_TO_CANONICAL`    | 0 or 1                | If 1, all requests will be redirected to the primary domain (defined in `conf.sh`).                                                          | 0                     |
+| `PROXY_SSL_REDIRECT_TO_CANONICAL`    | 0 or 1                | If 1, all requests will be redirected to the primary domain (defined in `conf.json`).                                                        | 0                     |
 | `PROXY_GETSSL_SKIP_HTTP_TOKEN_CHECK` | true or false         | Set to true to enable `getssl`'s [skip HTTP token check](https://github.com/srvrco/getssl/wiki/Config-variables#skip_http_token_checkfalse). | false                 |
 
 ## Helper Functions
 
-| Function              | Arguments | Description                                                                                                      |
-| --------------------- | --------- | ---------------------------------------------------------------------------------------------------------------- |
-| `nginx-regenerate`    | *None*    | Removes Nginx configuration files (in `/sites`) and regenerates based on `conf.sh`.                              |
-| `ssl-cleanup`         | *None*    | Removes SSL and Nginx configuration files and directories not defined in `conf.sh`.                              |
-| `ssl-init`            | *None*    | Initialises SSL configuration based on `conf.sh`.                                                                |
-| `ssl-regenerate`      | *None*    | Removes SSL configuration files (in `/ssl/certs`) and regenerates based on `conf.sh`.                            |
-| `ssl-regenerate-full` | *None*    | Removes SSL configuration files (in `/ssl/certs`), as well as DH parameters, and regenerates based on `conf.sh`. |
-| `ssl-request`         | *None*    | Requests SSL certificates from Lets Encrypt.                                                                     |
-| `ssl-update`          | *None*    | Attempts to update SSL certificates manually.                                                                    |
+| Function              | Arguments | Description                                                                                                                |
+| --------------------- | --------- | -------------------------------------------------------------------------------------------------------------------------- |
+| `nginx-regenerate`    | -f: force | Removes non-custom Nginx configuration files (in `/sites`) and regenerates based on `conf.json` (with force, removes all). |
+| `ssl-cleanup`         | -m: mode  | Removes SSL and Nginx configuration files and directories not defined in `conf.json` (mode 0 = dry run, 1 = live).         |
+| `ssl-init`            | *None*    | Initialises SSL configuration based on `conf.json`.                                                                        |
+| `ssl-regenerate`      | *None*    | Removes SSL configuration files (in `/ssl/certs`) and regenerates based on `conf.json`.                                    |
+| `ssl-regenerate-full` | *None*    | Removes SSL configuration files (in `/ssl/certs`), as well as DH parameters, and regenerates based on `conf.json`.         |
+| `ssl-request`         | *None*    | Requests SSL certificates from Lets Encrypt.                                                                               |
+| `ssl-update`          | *None*    | Attempts to update SSL certificates manually.                                                                              |
 
 ## Nginx Configuration Helpers
 

VERSION

@@ -1 +1 @@
-3.3.13
+4.0.0

VERSION_MAJOR

@@ -1 +1 @@
-3
+4

VERSION_MINOR

@@ -1 +1 @@
-3.3
+4.0

overlay/etc/bf/templates/nginx-proxy.conf.esh

@@ -4,7 +4,7 @@
 #
 # Use environment variable PROXY_URI to change this file.
 #
-# Copyright (c) 2021 bfren
+# Copyright (c) 2021-2022 bfren
 #======================================================================================================================
 
 #======================================================================================================================

overlay/etc/bf/templates/nginx-site.conf.esh

@@ -1,17 +1,4 @@
-<% if [ -z "${DOMAIN_NGXCONF}" ] ; then -%>
-#======================================================================================================================
-# WARNING: This file is generated. Do not make changes to this file.
-# Changes will be overwritten the next time the container is started.
-#
-# To add server names or aliases please use /ssl/conf.sh (see ssl-conf-sample.sh).
-#
-# If you need a fully custom configuration then add the following to /ssl/conf.sh:
-#   NGXCONF["<%= "${DOMAIN_NAME}" %>"]="custom"
-# This will stop this file being generated next time the container is started.
-#
-# Copyright (c) 2021 bfren
-#======================================================================================================================
-<% else -%>
+<% if [ "${DOMAIN_NGXCONF}" = "true" ] ; then -%>
 #======================================================================================================================
 # You can make changes to this file.
 #
@@ -23,11 +10,26 @@
 #   d) custom configuration can be added to the /sites/<%= "${DOMAIN_NAME}" %>.d directory -
 #      these are loaded as part of the HTTPS server block below
 #
-# If you would like to return to using generated configuration then remove the following from /ssl/conf.sh:
-#   NGXCONF["<%= "${DOMAIN_NAME}" %>"]=""
+# If you would like to return to using generated configuration then remove the following from /ssl/conf.json in the
+# object where the primary domain is "<%= "${DOMAIN_NAME}" %>":
+#   "custom": true
 # This will cause this file to be regenerated next time the container is started.
 #
-# Copyright (c) 2021 bfren
+# Copyright (c) 2021-2022 bfren
+#======================================================================================================================
+<% else -%>
+#======================================================================================================================
+# WARNING: This file is generated. Do not make changes to this file.
+# Changes will be overwritten the next time the container is started.
+#
+# To add server names or aliases please use /ssl/conf.sh (see ssl-conf-sample.sh).
+#
+# If you need a fully custom configuration then add the following to /ssl/conf.json in the object where the primary
+# domain is "<%= "${DOMAIN_NAME}" %>":
+#   "custom": true
+# This will stop this file being generated next time the container is started.
+#
+# Copyright (c) 2021-2022 bfren
 #======================================================================================================================
 <% fi %>
 #======================================================================================================================

overlay/tmp/install

@@ -12,6 +12,7 @@ bf-echo "Installing packages..."
 apk add --no-cache \
     bash \
     curl \
+    jq \
     openssl
 bf-done
 

overlay/usr/bin/bf/nginx-regenerate

@@ -32,7 +32,7 @@ done
 
 bf-echo "Loading SSL configuration."
 source ${BF_INC}/proxy-load-conf.sh
-bf-debug "Loaded: ${!DOMAINS[*]}."
+bf-debug "Loaded: ${DOMAINS[*]}."
 
 
 #======================================================================================================================
@@ -54,7 +54,8 @@ for CFG in "${NGINX_CONFIGS[@]}" ; do
     bf-debug " .. ${STRIPPED}"
 
     # the domain has standard config - delete conf file
-    if [[ -z "${NGXCONF[${STRIPPED}]-}" ]] ; then
+    CUSTOM_CONF=`get-custom "${STRIPPED}"`
+    if [[ "${CUSTOM_CONF}" = "false" ]] ; then
 
         bf-debug " .. standard config: remove configuration file"
         rm -f ${PROXY_SITES}/${STRIPPED}.conf

overlay/usr/bin/bf/ssl-cleanup

@@ -42,9 +42,9 @@ esac
 remove () {
 
     if [ "${MODE}" = "0" ] ; then
-        bf-echo " .. will remove ${1}/*"
+        bf-echo " .. will remove ${1}*"
     elif [ "${MODE}" = "1" ] ; then
-        bf-echo " .. removing ${1}/*"
+        bf-echo " .. removing ${1}*"
         bf-rmrf ${1}* > /dev/null 2>&1
     fi
 
@@ -57,7 +57,7 @@ remove () {
 
 bf-echo "Loading SSL configuration."
 source ${BF_INC}/proxy-load-conf.sh
-bf-debug "Loaded: ${!DOMAINS[*]}."
+bf-debug "Loaded: ${DOMAINS[*]}."
 
 
 #======================================================================================================================
@@ -79,7 +79,7 @@ for CFG in "${SSL_CONFIGS[@]}" ; do
 
     # if NAME is not the main PROXY_URI nor in the DOMAINS array, delete everything
     [[ "${PROXY_URI}" != "${NAME}" ]] \
-        && [[ ! " ${!DOMAINS[*]} " =~ " ${NAME} " ]] \
+        && [[ -z "`get-domain ${NAME}`" ]] \
         && remove "${PROXY_SSL_CERTS}/${NAME}"
 
 done
@@ -105,7 +105,7 @@ for CFG in "${NGINX_CONFIGS[@]}" ; do
 
     # if STRIPPED is not the main PROXY_URI nor in the DOMAINS array, delete everything
     [[ "${PROXY_URI}" != "${STRIPPED}" ]] \
-        && [[ ! " ${!DOMAINS[*]} " =~ " ${STRIPPED} " ]] \
+        && [[ -z "`get-domain ${STRIPPED}`" ]] \
         && remove "${PROXY_SITES}/${STRIPPED}"
 
 done