v5.1.0 (#119)

Major updates
* Adding environment variables to auto generate SSL config and certs on first startup

Author: bfren

Dockerfile

@@ -9,12 +9,12 @@ ARG BF_VERSION
 EXPOSE 443
 
 ENV \
+    # the base URI of the proxy server (will be used when SSL bindings fail)
     PROXY_URI= \
     # clean all config and certificates before doing anything else
     PROXY_CLEAN_INSTALL=0 \
     # used for renewal notification emails
     PROXY_LETS_ENCRYPT_EMAIL= \
-    # the base URI of the proxy server (will be used when SSL bindings fail)
     # set to 1 to use live instead of staging server
     PROXY_LETS_ENCRYPT_LIVE=0 \
     # enable automatic certificate updating
@@ -26,7 +26,14 @@ ENV \
     # canonical domain name redirection
     PROXY_SSL_REDIRECT_TO_CANONICAL=0 \
     # set to true to skip local HTTP token check
-    PROXY_GETSSL_SKIP_HTTP_TOKEN_CHECK="false"
+    PROXY_GETSSL_SKIP_HTTP_TOKEN_CHECK="false" \
+    # if both are set, on first startup will generate SSL config and request certs
+    PROXY_AUTO_PRIMARY= \
+    PROXY_AUTO_UPSTREAM= \
+    # optional - add aliases to the auto-generated conf.json on first startup
+    PROXY_AUTO_ALIASES= \
+    # optional - mark the Nginx config as custom so it isn't regenerated on future startups
+    PROXY_AUTO_CUSTOM=0
 
 COPY ./overlay /
 

VERSION

@@ -1 +1 @@
-5.0.16
+5.1.0

VERSION_MINOR

@@ -1 +1 @@
-5.0
+5.1

overlay/etc/bf/init.d/20-env

@@ -14,6 +14,7 @@ bf-env "PROXY_GETSSL" "${PROXY_LIB}/getssl"
 
 PROXY_SSL=/ssl
 bf-env "PROXY_SSL" ${PROXY_SSL}
+bf-env "PROXY_SSL_CONF" "${PROXY_SSL}/conf.json"
 bf-env "PROXY_SSL_DHPARAM" "${PROXY_SSL}/dhparam.pem"
 
 PROXY_SSL_CERTS=${PROXY_SSL}/certs

overlay/etc/bf/init.d/21-ssl renamed to overlay/etc/bf/init.d/21-ssl-init

@@ -20,6 +20,23 @@ if [ "${PROXY_CLEAN_INSTALL}" = "1" ] ; then
 fi
 
 
+#======================================================================================================================
+# If there is no SSL configuration file, and auto environment variables are set, generate config.
+#======================================================================================================================
+
+if [ ! -f "${PROXY_SSL_CONF}" ] && [ -n "${PROXY_AUTO_PRIMARY-}" ] && [ -n "${PROXY_AUTO_UPSTREAM-}" ] ; then
+
+    # generate conf
+    bf-echo "Generating conf.json using auto environment variables."
+    bf-esh ${BF_TEMPLATES}/conf.json.esh ${PROXY_SSL_CONF}
+    bf-env "PROXY_AUTO" "1"
+
+    # if there are aliases enable canonical redirection
+    [[ -n "${PROXY_AUTO_ALIASES}" ]] && bf-env "PROXY_SSL_REDIRECT_TO_CANONICAL" "1"
+
+fi
+
+
 #======================================================================================================================
 # Run initialisation script.
 #======================================================================================================================

overlay/etc/bf/templates/conf.json.esh

@@ -0,0 +1,11 @@
+{
+    "$schema": "https://raw.githubusercontent.com/bfren/docker-nginx-proxy/main/ssl-conf-schema.json",
+    "domains": [
+        {
+            "primary": "<%= ${PROXY_AUTO_PRIMARY} %>",
+            "upstream": "<%= ${PROXY_AUTO_UPSTREAM} %>"<% if [ -n "${PROXY_AUTO_ALIASES-}" ] ; then %>,
+            "aliases": [ "<%= ${PROXY_AUTO_ALIASES// /\", \"} %>" ]<% fi ; if [ "${PROXY_AUTO_CUSTOM-}" = "1" ] ; then %>,
+            "custom": true<% fi %>
+        }
+    ]
+}

overlay/etc/s6-overlay/s6-rc.d/ssl-auto-request/dependencies

@@ -0,0 +1 @@
+nginx

overlay/etc/s6-overlay/s6-rc.d/ssl-auto-request/finish

@@ -0,0 +1,11 @@
+#!/command/with-contenv bash
+
+set -euo pipefail
+export BF_E="${PWD##*/}/$(basename ${0})"
+
+
+#======================================================================================================================
+# Show helpful log message.
+#======================================================================================================================
+
+bf-svc-finish

overlay/etc/s6-overlay/s6-rc.d/ssl-auto-request/run

@@ -0,0 +1,38 @@
+#!/command/with-contenv bash
+
+set -euo pipefail
+export BF_E="${PWD##*/}/$(basename ${0})"
+
+
+#======================================================================================================================
+# Run request executable and then disable the service.
+# First, wait until the Nginx service is running.
+#======================================================================================================================
+
+if [ "${PROXY_AUTO-}" = "1" ] ; then
+
+    if [ -n "$(pidof nginx)" ]; then
+
+        # run upgrade executable
+        bf-echo "Requesting SSL certificates using auto-generated conf.json."
+        ssl-request
+
+        # disable the auto request service
+        ssl-auto-request-disable
+
+    else
+
+        # wait 2s before exiting the service - S6 will keep restarting it until Nginx comes online
+        # on first run, it will disable this upgrade service itself
+        SLEEP=2
+        bf-debug "Waiting ${SLEEP}s for Nginx to come online..."
+        sleep ${SLEEP}
+
+    fi
+
+else
+
+    # disable the auto request service
+    ssl-auto-request-disable
+
+fi

overlay/etc/s6-overlay/s6-rc.d/ssl-auto-request/type

@@ -0,0 +1 @@
+longrun