diff --git a/Dockerfile b/Dockerfile index 1448e8f..79a8686 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,13 +1,13 @@ FROM nginx:alpine RUN apk add --update --no-cache \ - openssl + openssl \ + curl -COPY generate_self_signed_ssl.sh /usr/local/bin/generate_self_signed_ssl.sh COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh EXPOSE 443 ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"] -CMD ["nginx", "-g", "daemon off;"] \ No newline at end of file +CMD ["nginx", "-g", "daemon off;"] diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index ad45979..b681761 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -1,5 +1,56 @@ #!/usr/bin/env sh -/usr/local/bin/generate_self_signed_ssl.sh +if [ -f /etc/ssl/cert.pem && -f /etc/ssl/key.pem ] || [ "${SKIP_SSL_GENERATE}" ]; then + echo "Skipping SSL certificate generation" +else + echo "Generating self-signed certificate" + + mkdir -p /etc/ssl + cd /etc/ssl + + openssl genrsa -des3 -passout pass:x -out key.pem ${SSL_KEY_LENGTH:-2048} + + cp key.pem key.pem.orig + + openssl rsa -passin pass:x -in key.pem.orig -out key.pem + + openssl req -new -key key.pem -out cert.csr -subj "/C=${SSL_C:-US}/ST=${SSL_ST:-NC}/L=${SSL_L:-Mars Hill}/O=${SSL_O:-Interrobang Consulting}/OU=${SSL_OU:-www}/CN=${SSL_CN:-interrobang.consulting}" + + openssl x509 -req -days ${SSL_DAYS:-3650} -in cert.csr -signkey key.pem -out cert.pem +fi + +if [ ! -f /.cloudflare_purged ] && [ -n "$CLOUDFLARE_KEY" ] && [ "$CLOUDFLARE_KEY" != "" ]; then + if [ -n "$CLOUDFLARE_EMAIL" ] && [ "$CLOUDFLARE_EMAIL" != "" ]; then + if [ -n "$CLOUDFLARE_PURGE_ALL" ] && [ "$CLOUDFLARE_PURGE_ALL" != "" ]; then + echo "purging entire cloudflare cache..." + curl -o - -s -w "%{http_code}\n" -X DELETE \ + "https://api.cloudflare.com/client/v4/zones/${CLOUDFLARE_ZONE}/purge_cache" \ + -H "X-Auth-Email: ${CLOUDFLARE_EMAIL}" \ + -H "X-Auth-Key: ${CLOUDFLARE_KEY}" \ + -H "Content-Type: application/json" \ + --data '{"purge_everything":true}' \ + + touch /.cloudflare_purged + + elif [ -n "$CLOUDFLARE_CLEAR_CACHE_URLS" ] && [ "$CLOUDFLARE_CLEAR_CACHE_URLS" != "" ]; then + echo "purging cloudflare cache for ${CLOUDFLARE_CLEAR_CACHE_URLS}..." + curl -o - -s -w "%{http_code}\n" -X DELETE \ + "https://api.cloudflare.com/client/v4/zones/${CLOUDFLARE_ZONE}/purge_cache" \ + -H "X-Auth-Email: ${CLOUDFLARE_EMAIL}" \ + -H "X-Auth-Key: ${CLOUDFLARE_KEY}" \ + -H "Content-Type: application/json" \ + --data "{\"files\":${CLOUDFLARE_CLEAR_CACHE_URLS}}" + + touch /.cloudflare_purged + + else + echo "CLOUDFLARE_PURGE_ALL or CLOUDFLARE_CLEAR_CACHE_URLS must be set to purge cache... skipping." + fi + else + echo "Found CLOUDFLARE_KEY without CLOUDFLARE_EMAIL. Both are required... not attempting cloudflare purge cache" + fi +else + echo "Skipping cloudflare cache purge" +fi exec "$@" \ No newline at end of file diff --git a/generate_self_signed_ssl.sh b/generate_self_signed_ssl.sh deleted file mode 100755 index 9ccd69c..0000000 --- a/generate_self_signed_ssl.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/usr/bin/env sh - -if [ -s /etc/ssl/ssl.crt ] || [ -s /etc/ssl/cert.pem ] || [ -s /etc/ssl/key.pem ] || [ -n "${SKIP_SSL_GENERATE}" ]; then - echo "Skipping SSL certificate generation" -else - echo "Generating self-signed certificate" - - mkdir -p /etc/ssl - cd /etc/ssl - - openssl genrsa -des3 -passout pass:x -out key.pem 2048 - - cp key.pem key.pem.orig - - openssl rsa -passin pass:x -in key.pem.orig -out key.pem - - openssl req -new -key key.pem -out cert.csr -subj "/C=US/ST=NC/L=Mars Hill/O=Interrobang Consulting/OU=www/CN=interrobang.consulting" - - openssl x509 -req -days 3650 -in cert.csr -signkey key.pem -out cert.pem -fi \ No newline at end of file diff --git a/readme.md b/readme.md new file mode 100644 index 0000000..f928022 --- /dev/null +++ b/readme.md @@ -0,0 +1,48 @@ +# interrobangc/nginx + +This is an nginx docker image that adds some features to [nginx:alpine](https://store.docker.com/images/nginx). + + +## SSL + +A self signed ssl certificate will be generate on startup unless the environmental variable `SKIP_SSL_GENERATE` is set or any of the following files exist: + +* `/etc/ssl/cert.pem` +* `/etc/ssl/key.pem` + + +### SSL ENV Variables + +* **SSL_KEY_LENGTH** (Default: `2048`) - Length of SSL key. + +* **SSL_C** (Default: `US`) - Country + +* **SSL_ST** (Default: `NC`) - State + +* **SSL_L** (Default: `Mars Hill`) - Locality + +* **SSL_O** (Default: `Interrobang Consulting`) - Organization Name + +* **SSL_OU** (Default: `www`) - Organizational Unit Name + +* **SSL_CN** (Default: `interrobang.consulting`) - Common Name + +* **SSL_DAYS** (Default: `3650`) - Days until generated certificate expires + + +## Clear Cloudflare Cache + +When the proper environmental variables are set, this image will handle purging cloudflare cache. It will only purge on initial startup, not on every restart of the container. + + +### Cloudflare Cache ENV Variables + +* **CLOUDFLARE_KEY** (Required) - User's cloudflare API key + +* **CLOUDFLARE_EMAIL** (Required) - User's cloudflare email + +* **CLOUDFLARE_ZONE** (Required) - Cloudflare zone to act on + +* **CLOUDFLARE_PURGE_ALL** - Purge all cache + +* **CLOUDFLARE_CLEAR_CACHE_URLS** - list of urls to clear. This should be a json representation as defined in [the cloudflare documentation](https://api.cloudflare.com/#zone-purge-individual-files-by-url).