From 8bc52f2cea91e9f5160ffd03bd715f18a753f96e Mon Sep 17 00:00:00 2001 From: Devin Christensen Date: Thu, 23 Jun 2022 10:10:43 -0600 Subject: [PATCH] add support for built-in unit tls --- docker/launch-netbox.sh | 69 +++++++++++++++++++++++++++++++---------- 1 file changed, 53 insertions(+), 16 deletions(-) diff --git a/docker/launch-netbox.sh b/docker/launch-netbox.sh index 09efdb5..59fbbd6 100755 --- a/docker/launch-netbox.sh +++ b/docker/launch-netbox.sh @@ -1,8 +1,35 @@ #!/bin/bash -UNIT_CONFIG="${UNIT_CONFIG-/etc/unit/nginx-unit.json}" UNIT_SOCKET="/opt/unit/unit.sock" +put_config() { + RET=$( + curl \ + --silent \ + --write-out '%{http_code}' \ + --request PUT \ + --data-binary "@$1" \ + --unix-socket $UNIT_SOCKET \ + http://localhost/$2 + ) + RET_BODY=${RET::-3} + RET_STATUS=$(echo $RET | tail -c 4) + + echo $RET + + if [ "$RET_STATUS" -ne "200" ]; then + echo "⚠️ Error: Failed to load configuration from $1" + ( echo "HTTP response status code is '$RET_STATUS'" + echo "$RET_BODY" + ) | sed 's/^/ /' + + kill "$(cat /opt/unit/unit.pid)" + return 1 + fi + + return 0 +} + load_configuration() { MAX_WAIT=10 WAIT_COUNT=0 @@ -22,27 +49,37 @@ load_configuration() { # this curl call will get a reply once unit is fully launched curl --silent --output /dev/null --request GET --unix-socket $UNIT_SOCKET http://localhost/ - echo "⚙️ Applying configuration from $UNIT_CONFIG" + if [[ -n "$UNIT_CONFIG" ]] && [[ -s "$UNIT_CONFIG" ]]; then + echo "⚠️ The UNIT_CONFIG environment variable is deprecated. All *.pem and *.json files in /etc/unit will be loaded automatically when UNIT_CONFIG is undefined." + echo "⚙️ Applying configuration from UNIT_CONFIG environment variable: $UNIT_CONFIG" + put_config $UNIT_CONFIG "config" || return 1 + else + echo "🔍 Looking for certificate bundles in /etc/unit/..." + for f in $(find /etc/unit/ -type f -name "*.pem"); do + echo "⚙️ Uploading certificates bundle: $f" + put_config $f "certificates/$(basename $f .pem)" || return 1 + done - RESP_CODE=$( - curl \ - --silent \ - --output /dev/null \ - --write-out '%{http_code}' \ - --request PUT \ - --data-binary "@${UNIT_CONFIG}" \ - --unix-socket $UNIT_SOCKET \ - http://localhost/config - ) - if [ "$RESP_CODE" != "200" ]; then - echo "⚠️ Could no load Unit configuration" - kill "$(cat /opt/unit/unit.pid)" - return 1 + echo "🔍 Looking for configuration snippets in /etc/unit/..." + for f in $(find /etc/unit/ -type f -name "*.json"); do + echo "⚙️ Applying configuration $f"; + put_config $f "config" || return 1 + done + + # warn on filetypes we don't know what to do with + for f in $(find /etc/unit/ -type f -not -name "*.json" -not -name "*.pem"); do + echo "↩️ Ignoring $f"; + done fi echo "✅ Unit configuration loaded successfully" } +if [ -n "$(ls -A /opt/unit/state)" ]; then + echo "💣 Clearing previous unit state from /opt/unit/state" + rm -r /opt/unit/state/* +fi + load_configuration & exec unitd \