From c03e7502b2d41e3bc9be83321f6058f7b767b0ce Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Tue, 13 Sep 2022 11:03:26 -0700 Subject: [PATCH] Multiple updates * Don't close FD 3 (it might be an inherited activate socket) * Implement workaround for cgroups2 * Improve ENV variables handling --- entrypoint/10-listen-on-ipv6-by-default.sh | 26 ++++++++++++------- entrypoint/20-envsubst-on-templates.sh | 12 ++++++--- entrypoint/30-tune-worker-processes.sh | 2 +- entrypoint/docker-entrypoint.sh | 24 ++++++++--------- .../10-listen-on-ipv6-by-default.sh | 26 ++++++++++++------- .../alpine-perl/20-envsubst-on-templates.sh | 12 ++++++--- .../alpine-perl/30-tune-worker-processes.sh | 2 +- mainline/alpine-perl/docker-entrypoint.sh | 24 ++++++++--------- .../10-listen-on-ipv6-by-default.sh | 26 ++++++++++++------- .../alpine-slim/20-envsubst-on-templates.sh | 12 ++++++--- .../alpine-slim/30-tune-worker-processes.sh | 2 +- mainline/alpine-slim/docker-entrypoint.sh | 24 ++++++++--------- .../alpine/10-listen-on-ipv6-by-default.sh | 26 ++++++++++++------- mainline/alpine/20-envsubst-on-templates.sh | 12 ++++++--- mainline/alpine/30-tune-worker-processes.sh | 2 +- mainline/alpine/docker-entrypoint.sh | 24 ++++++++--------- .../10-listen-on-ipv6-by-default.sh | 26 ++++++++++++------- .../debian-perl/20-envsubst-on-templates.sh | 12 ++++++--- .../debian-perl/30-tune-worker-processes.sh | 2 +- mainline/debian-perl/docker-entrypoint.sh | 24 ++++++++--------- .../debian/10-listen-on-ipv6-by-default.sh | 26 ++++++++++++------- mainline/debian/20-envsubst-on-templates.sh | 12 ++++++--- mainline/debian/30-tune-worker-processes.sh | 2 +- mainline/debian/docker-entrypoint.sh | 24 ++++++++--------- .../10-listen-on-ipv6-by-default.sh | 26 ++++++++++++------- .../alpine-perl/20-envsubst-on-templates.sh | 12 ++++++--- .../alpine-perl/30-tune-worker-processes.sh | 2 +- stable/alpine-perl/docker-entrypoint.sh | 24 ++++++++--------- .../10-listen-on-ipv6-by-default.sh | 26 ++++++++++++------- .../alpine-slim/20-envsubst-on-templates.sh | 12 ++++++--- .../alpine-slim/30-tune-worker-processes.sh | 2 +- stable/alpine-slim/docker-entrypoint.sh | 24 ++++++++--------- stable/alpine/10-listen-on-ipv6-by-default.sh | 26 ++++++++++++------- stable/alpine/20-envsubst-on-templates.sh | 12 ++++++--- stable/alpine/30-tune-worker-processes.sh | 2 +- stable/alpine/docker-entrypoint.sh | 24 ++++++++--------- .../10-listen-on-ipv6-by-default.sh | 26 ++++++++++++------- .../debian-perl/20-envsubst-on-templates.sh | 12 ++++++--- .../debian-perl/30-tune-worker-processes.sh | 2 +- stable/debian-perl/docker-entrypoint.sh | 24 ++++++++--------- stable/debian/10-listen-on-ipv6-by-default.sh | 26 ++++++++++++------- stable/debian/20-envsubst-on-templates.sh | 12 ++++++--- stable/debian/30-tune-worker-processes.sh | 2 +- stable/debian/docker-entrypoint.sh | 24 ++++++++--------- update.sh | 4 +-- 45 files changed, 420 insertions(+), 288 deletions(-) diff --git a/entrypoint/10-listen-on-ipv6-by-default.sh b/entrypoint/10-listen-on-ipv6-by-default.sh index b91e1e1..f6a9090 100755 --- a/entrypoint/10-listen-on-ipv6-by-default.sh +++ b/entrypoint/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:8080;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:8080;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 8080;,listen 8080;\n listen [::]:8080;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/entrypoint/20-envsubst-on-templates.sh b/entrypoint/20-envsubst-on-templates.sh index 4f33029..0cf8202 100755 --- a/entrypoint/20-envsubst-on-templates.sh +++ b/entrypoint/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/entrypoint/30-tune-worker-processes.sh b/entrypoint/30-tune-worker-processes.sh index 5650587..9aa42e9 100755 --- a/entrypoint/30-tune-worker-processes.sh +++ b/entrypoint/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/entrypoint/docker-entrypoint.sh b/entrypoint/docker-entrypoint.sh index 72d5cd9..c133974 100755 --- a/entrypoint/docker-entrypoint.sh +++ b/entrypoint/docker-entrypoint.sh @@ -3,35 +3,35 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh index b91e1e1..f6a9090 100755 --- a/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:8080;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:8080;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 8080;,listen 8080;\n listen [::]:8080;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/mainline/alpine-perl/20-envsubst-on-templates.sh b/mainline/alpine-perl/20-envsubst-on-templates.sh index 4f33029..0cf8202 100755 --- a/mainline/alpine-perl/20-envsubst-on-templates.sh +++ b/mainline/alpine-perl/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/mainline/alpine-perl/30-tune-worker-processes.sh b/mainline/alpine-perl/30-tune-worker-processes.sh index 5650587..9aa42e9 100755 --- a/mainline/alpine-perl/30-tune-worker-processes.sh +++ b/mainline/alpine-perl/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/mainline/alpine-perl/docker-entrypoint.sh b/mainline/alpine-perl/docker-entrypoint.sh index 72d5cd9..c133974 100755 --- a/mainline/alpine-perl/docker-entrypoint.sh +++ b/mainline/alpine-perl/docker-entrypoint.sh @@ -3,35 +3,35 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh b/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh index b91e1e1..f6a9090 100755 --- a/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:8080;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:8080;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 8080;,listen 8080;\n listen [::]:8080;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/mainline/alpine-slim/20-envsubst-on-templates.sh b/mainline/alpine-slim/20-envsubst-on-templates.sh index 4f33029..0cf8202 100755 --- a/mainline/alpine-slim/20-envsubst-on-templates.sh +++ b/mainline/alpine-slim/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/mainline/alpine-slim/30-tune-worker-processes.sh b/mainline/alpine-slim/30-tune-worker-processes.sh index 5650587..9aa42e9 100755 --- a/mainline/alpine-slim/30-tune-worker-processes.sh +++ b/mainline/alpine-slim/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/mainline/alpine-slim/docker-entrypoint.sh b/mainline/alpine-slim/docker-entrypoint.sh index 72d5cd9..c133974 100755 --- a/mainline/alpine-slim/docker-entrypoint.sh +++ b/mainline/alpine-slim/docker-entrypoint.sh @@ -3,35 +3,35 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/mainline/alpine/10-listen-on-ipv6-by-default.sh b/mainline/alpine/10-listen-on-ipv6-by-default.sh index b91e1e1..f6a9090 100755 --- a/mainline/alpine/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:8080;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:8080;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 8080;,listen 8080;\n listen [::]:8080;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/mainline/alpine/20-envsubst-on-templates.sh b/mainline/alpine/20-envsubst-on-templates.sh index 4f33029..0cf8202 100755 --- a/mainline/alpine/20-envsubst-on-templates.sh +++ b/mainline/alpine/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/mainline/alpine/30-tune-worker-processes.sh b/mainline/alpine/30-tune-worker-processes.sh index 5650587..9aa42e9 100755 --- a/mainline/alpine/30-tune-worker-processes.sh +++ b/mainline/alpine/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/mainline/alpine/docker-entrypoint.sh b/mainline/alpine/docker-entrypoint.sh index 72d5cd9..c133974 100755 --- a/mainline/alpine/docker-entrypoint.sh +++ b/mainline/alpine/docker-entrypoint.sh @@ -3,35 +3,35 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/mainline/debian-perl/10-listen-on-ipv6-by-default.sh b/mainline/debian-perl/10-listen-on-ipv6-by-default.sh index b91e1e1..f6a9090 100755 --- a/mainline/debian-perl/10-listen-on-ipv6-by-default.sh +++ b/mainline/debian-perl/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:8080;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:8080;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 8080;,listen 8080;\n listen [::]:8080;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/mainline/debian-perl/20-envsubst-on-templates.sh b/mainline/debian-perl/20-envsubst-on-templates.sh index 4f33029..0cf8202 100755 --- a/mainline/debian-perl/20-envsubst-on-templates.sh +++ b/mainline/debian-perl/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/mainline/debian-perl/30-tune-worker-processes.sh b/mainline/debian-perl/30-tune-worker-processes.sh index 5650587..9aa42e9 100755 --- a/mainline/debian-perl/30-tune-worker-processes.sh +++ b/mainline/debian-perl/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/mainline/debian-perl/docker-entrypoint.sh b/mainline/debian-perl/docker-entrypoint.sh index 72d5cd9..c133974 100755 --- a/mainline/debian-perl/docker-entrypoint.sh +++ b/mainline/debian-perl/docker-entrypoint.sh @@ -3,35 +3,35 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/mainline/debian/10-listen-on-ipv6-by-default.sh b/mainline/debian/10-listen-on-ipv6-by-default.sh index b91e1e1..f6a9090 100755 --- a/mainline/debian/10-listen-on-ipv6-by-default.sh +++ b/mainline/debian/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:8080;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:8080;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 8080;,listen 8080;\n listen [::]:8080;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/mainline/debian/20-envsubst-on-templates.sh b/mainline/debian/20-envsubst-on-templates.sh index 4f33029..0cf8202 100755 --- a/mainline/debian/20-envsubst-on-templates.sh +++ b/mainline/debian/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/mainline/debian/30-tune-worker-processes.sh b/mainline/debian/30-tune-worker-processes.sh index 5650587..9aa42e9 100755 --- a/mainline/debian/30-tune-worker-processes.sh +++ b/mainline/debian/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/mainline/debian/docker-entrypoint.sh b/mainline/debian/docker-entrypoint.sh index 72d5cd9..c133974 100755 --- a/mainline/debian/docker-entrypoint.sh +++ b/mainline/debian/docker-entrypoint.sh @@ -3,35 +3,35 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh index b91e1e1..f6a9090 100755 --- a/stable/alpine-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine-perl/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:8080;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:8080;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 8080;,listen 8080;\n listen [::]:8080;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/stable/alpine-perl/20-envsubst-on-templates.sh b/stable/alpine-perl/20-envsubst-on-templates.sh index 4f33029..0cf8202 100755 --- a/stable/alpine-perl/20-envsubst-on-templates.sh +++ b/stable/alpine-perl/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/stable/alpine-perl/30-tune-worker-processes.sh b/stable/alpine-perl/30-tune-worker-processes.sh index 5650587..9aa42e9 100755 --- a/stable/alpine-perl/30-tune-worker-processes.sh +++ b/stable/alpine-perl/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/stable/alpine-perl/docker-entrypoint.sh b/stable/alpine-perl/docker-entrypoint.sh index 72d5cd9..c133974 100755 --- a/stable/alpine-perl/docker-entrypoint.sh +++ b/stable/alpine-perl/docker-entrypoint.sh @@ -3,35 +3,35 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/stable/alpine-slim/10-listen-on-ipv6-by-default.sh b/stable/alpine-slim/10-listen-on-ipv6-by-default.sh index b91e1e1..f6a9090 100755 --- a/stable/alpine-slim/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine-slim/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:8080;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:8080;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 8080;,listen 8080;\n listen [::]:8080;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/stable/alpine-slim/20-envsubst-on-templates.sh b/stable/alpine-slim/20-envsubst-on-templates.sh index 4f33029..0cf8202 100755 --- a/stable/alpine-slim/20-envsubst-on-templates.sh +++ b/stable/alpine-slim/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/stable/alpine-slim/30-tune-worker-processes.sh b/stable/alpine-slim/30-tune-worker-processes.sh index 5650587..9aa42e9 100755 --- a/stable/alpine-slim/30-tune-worker-processes.sh +++ b/stable/alpine-slim/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/stable/alpine-slim/docker-entrypoint.sh b/stable/alpine-slim/docker-entrypoint.sh index 72d5cd9..c133974 100755 --- a/stable/alpine-slim/docker-entrypoint.sh +++ b/stable/alpine-slim/docker-entrypoint.sh @@ -3,35 +3,35 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/stable/alpine/10-listen-on-ipv6-by-default.sh b/stable/alpine/10-listen-on-ipv6-by-default.sh index b91e1e1..f6a9090 100755 --- a/stable/alpine/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:8080;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:8080;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 8080;,listen 8080;\n listen [::]:8080;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/stable/alpine/20-envsubst-on-templates.sh b/stable/alpine/20-envsubst-on-templates.sh index 4f33029..0cf8202 100755 --- a/stable/alpine/20-envsubst-on-templates.sh +++ b/stable/alpine/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/stable/alpine/30-tune-worker-processes.sh b/stable/alpine/30-tune-worker-processes.sh index 5650587..9aa42e9 100755 --- a/stable/alpine/30-tune-worker-processes.sh +++ b/stable/alpine/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/stable/alpine/docker-entrypoint.sh b/stable/alpine/docker-entrypoint.sh index 72d5cd9..c133974 100755 --- a/stable/alpine/docker-entrypoint.sh +++ b/stable/alpine/docker-entrypoint.sh @@ -3,35 +3,35 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/stable/debian-perl/10-listen-on-ipv6-by-default.sh b/stable/debian-perl/10-listen-on-ipv6-by-default.sh index b91e1e1..f6a9090 100755 --- a/stable/debian-perl/10-listen-on-ipv6-by-default.sh +++ b/stable/debian-perl/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:8080;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:8080;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 8080;,listen 8080;\n listen [::]:8080;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/stable/debian-perl/20-envsubst-on-templates.sh b/stable/debian-perl/20-envsubst-on-templates.sh index 4f33029..0cf8202 100755 --- a/stable/debian-perl/20-envsubst-on-templates.sh +++ b/stable/debian-perl/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/stable/debian-perl/30-tune-worker-processes.sh b/stable/debian-perl/30-tune-worker-processes.sh index 5650587..9aa42e9 100755 --- a/stable/debian-perl/30-tune-worker-processes.sh +++ b/stable/debian-perl/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/stable/debian-perl/docker-entrypoint.sh b/stable/debian-perl/docker-entrypoint.sh index 72d5cd9..c133974 100755 --- a/stable/debian-perl/docker-entrypoint.sh +++ b/stable/debian-perl/docker-entrypoint.sh @@ -3,35 +3,35 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/stable/debian/10-listen-on-ipv6-by-default.sh b/stable/debian/10-listen-on-ipv6-by-default.sh index b91e1e1..f6a9090 100755 --- a/stable/debian/10-listen-on-ipv6-by-default.sh +++ b/stable/debian/10-listen-on-ipv6-by-default.sh @@ -3,52 +3,58 @@ set -e +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + ME=$(basename $0) DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - echo >&3 "$ME: info: ipv6 not available" + entrypoint_log "$ME: info: ipv6 not available" exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:8080;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:8080;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } if [ -f "/etc/os-release" ]; then . /etc/os-release else - echo >&3 "$ME: info: can not guess the operating system" + entrypoint_log "$ME: info: can not guess the operating system" exit 0 fi -echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in "debian") CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; "alpine") CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" exit 0 } ;; *) - echo >&3 "$ME: info: Unsupported distribution" + entrypoint_log "$ME: info: Unsupported distribution" exit 0 ;; esac @@ -56,6 +62,6 @@ esac # enable ipv6 on default.conf listen sockets sed -i -E 's,listen 8080;,listen 8080;\n listen [::]:8080;,' /$DEFAULT_CONF_FILE -echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" +entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE" exit 0 diff --git a/stable/debian/20-envsubst-on-templates.sh b/stable/debian/20-envsubst-on-templates.sh index 4f33029..0cf8202 100755 --- a/stable/debian/20-envsubst-on-templates.sh +++ b/stable/debian/20-envsubst-on-templates.sh @@ -4,16 +4,22 @@ set -e ME=$(basename $0) +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} + auto_envsubst() { local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) + defined_envs=$(printf '${%s} ' $(xargs -0n1 -a /proc/self/environ sh -c 'echo "$@" | grep -oEm1 "^[^=]+"' --)); [ -d "$template_dir" ] || return 0 if [ ! -w "$output_dir" ]; then - echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" + entrypoint_log "$ME: ERROR: $template_dir exists, but $output_dir is not writable" return 0 fi find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do @@ -22,7 +28,7 @@ auto_envsubst() { subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$output_dir/$subdir" - echo >&3 "$ME: Running envsubst on $template to $output_path" + entrypoint_log "$ME: Running envsubst on $template to $output_path" envsubst "$defined_envs" < "$template" > "$output_path" done } diff --git a/stable/debian/30-tune-worker-processes.sh b/stable/debian/30-tune-worker-processes.sh index 5650587..9aa42e9 100755 --- a/stable/debian/30-tune-worker-processes.sh +++ b/stable/debian/30-tune-worker-processes.sh @@ -158,7 +158,7 @@ __EOF__ "/") foundroot="${found##* }$mountpoint" ;; - "$mountpoint") + "$mountpoint" | /../*) foundroot="${found##* }" ;; esac diff --git a/stable/debian/docker-entrypoint.sh b/stable/debian/docker-entrypoint.sh index 72d5cd9..c133974 100755 --- a/stable/debian/docker-entrypoint.sh +++ b/stable/debian/docker-entrypoint.sh @@ -3,35 +3,35 @@ set -e -if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - exec 3>&1 -else - exec 3>/dev/null -fi +entrypoint_log() { + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi +} if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - echo >&3 "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - echo >&3 "$0: Looking for shell scripts in /docker-entrypoint.d/" + entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do case "$f" in *.sh) if [ -x "$f" ]; then - echo >&3 "$0: Launching $f"; + entrypoint_log "$0: Launching $f"; "$f" else # warn on shell scripts without exec bit - echo >&3 "$0: Ignoring $f, not executable"; + entrypoint_log "$0: Ignoring $f, not executable"; fi ;; - *) echo >&3 "$0: Ignoring $f";; + *) entrypoint_log "$0: Ignoring $f";; esac done - echo >&3 "$0: Configuration complete; ready for start up" + entrypoint_log "$0: Configuration complete; ready for start up" else - echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration" + entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" fi fi diff --git a/update.sh b/update.sh index a1ae334..0503079 100755 --- a/update.sh +++ b/update.sh @@ -2,7 +2,7 @@ set -Eeuo pipefail shopt -s nullglob -cd "$(dirname "$(greadlink -f "$BASH_SOURCE")")" +cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" declare branches=( "stable" @@ -160,7 +160,7 @@ for branch in "${branches[@]}"; do packages=$(get_packages "$variant" "$branch") packagever=$(get_packagever "$variant" "$branch") - gsed -i \ + sed -i \ -e 's,%%ALPINE_VERSION%%,'"$alpinever"',' \ -e 's,%%DEBIAN_VERSION%%,'"$debianver"',' \ -e 's,%%NGINX_VERSION%%,'"$nginxver"',' \