| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950 |
- #!/bin/sh
- if [ ! -d /run/nginx ]; then
- mkdir -p /run/nginx
- mkdir -p /run/nginx/challenges
- chown -R nginx /run/nginx
- fi
-
- # cleanup and copy nginx configuration file from embedded template
- if [ -f /etc/nginx/conf.d/default.conf ]; then
- rm /etc/nginx/conf.d/default.conf
- fi
- cp /etc/templates/nginx.conf /etc/nginx/nginx.conf
-
- # handle preparing to run ssl
- if [ -n ENABLE_SSL ]; then
- NGINX_CONF_TEMPLATE=/etc/templates/nginx_site_ssl.conf
- if [ ! -f /data/ssl/cert.crt ] || [ ! -f /data/ssl/cert.key ]; then
- # we need to obtain certificates from ACME
- if [ ! -f /data/ssl/account.key ]; then
- # there is no account key so create one
- openssl genrsa 4096 > /data/ssl/account.key
- fi
-
- openssl genrsa 4096 > /data/ssl/cert.key
- openssl req -new -sha256 -key /data/ssl/cert.key -subj "/CN=$DOMAIN" > /data/ssl/domain.csr
-
- # we need to start nginx with special configuration file
- cp /etc/templates/nginx_site_letsencryptinit.conf /etc/nginx/conf.d/gitea.conf
- nginx -c /etc/nginx/nginx.conf -g 'daemon off;' &
- pid="$!"
-
- python3 -m acme_tiny --account-key /data/ssl/account.key --csr /data/ssl/domain.csr --acme-dir /run/nginx/challenges > /data/ssl/cert.crt
-
- if ! kill -s TERM "$pid" || ! wait "$pid"; then
- echo >&2 'nginx process failed while attempting to get certification'
- exit 1
- fi
- fi
- else
- NGINX_CONF_TEMPLATE=/etc/templates/nginx_site_nossl.conf
- fi
-
- # avoiding race condition and waiting for gitea configuration file to be prepared by its own startup script
- while [ ! -f /data/gitea/conf/app.ini ]; do
- echo "Gitea configuration is still not ready waiting 10 seconds..."
- sleep 10
- done
-
- GITEA_DOMAIN=${DOMAIN:-$(iniget /data/gitea/conf/app.ini server DOMAIN)}
- GITEA_DOMAIN=${GITEA_DOMAIN:-"localhost"} envsubst '${GITEA_DOMAIN}' < $NGINX_CONF_TEMPLATE > /etc/nginx/conf.d/gitea.conf
|
