Add ability to purge cloudflare cache

Dockerfile

@@ -1,13 +1,13 @@
 FROM nginx:alpine
 
 RUN apk add --update --no-cache \
-        openssl
+        openssl \
+        curl
 
-COPY generate_self_signed_ssl.sh /usr/local/bin/generate_self_signed_ssl.sh
 COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
 
 EXPOSE 443
 
 ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
 
-CMD ["nginx", "-g", "daemon off;"]
+CMD ["nginx", "-g", "daemon off;"]

docker-entrypoint.sh

@@ -1,5 +1,56 @@
 #!/usr/bin/env sh
 
-/usr/local/bin/generate_self_signed_ssl.sh
+if [ -f /etc/ssl/cert.pem && -f /etc/ssl/key.pem ] || [ "${SKIP_SSL_GENERATE}" ]; then
+    echo "Skipping SSL certificate generation"
+else
+    echo "Generating self-signed certificate"
+
+    mkdir -p /etc/ssl
+    cd /etc/ssl
+
+    openssl genrsa -des3 -passout pass:x -out key.pem ${SSL_KEY_LENGTH:-2048}
+
+    cp key.pem key.pem.orig
+
+    openssl rsa -passin pass:x -in key.pem.orig -out key.pem
+
+    openssl req -new -key key.pem -out cert.csr -subj "/C=${SSL_C:-US}/ST=${SSL_ST:-NC}/L=${SSL_L:-Mars Hill}/O=${SSL_O:-Interrobang Consulting}/OU=${SSL_OU:-www}/CN=${SSL_CN:-interrobang.consulting}"
+
+    openssl x509 -req -days ${SSL_DAYS:-3650} -in cert.csr -signkey key.pem -out cert.pem
+fi
+
+if [ ! -f /.cloudflare_purged ] && [ -n "$CLOUDFLARE_KEY" ] && [ "$CLOUDFLARE_KEY" != "" ]; then
+    if [ -n "$CLOUDFLARE_EMAIL" ] && [ "$CLOUDFLARE_EMAIL" != "" ]; then
+        if [ -n "$CLOUDFLARE_PURGE_ALL" ] && [ "$CLOUDFLARE_PURGE_ALL" != "" ]; then
+            echo "purging entire cloudflare cache..."
+            curl -o - -s -w "%{http_code}\n" -X DELETE \
+                "https://api.cloudflare.com/client/v4/zones/${CLOUDFLARE_ZONE}/purge_cache" \
+                -H "X-Auth-Email: ${CLOUDFLARE_EMAIL}" \
+                -H "X-Auth-Key: ${CLOUDFLARE_KEY}" \
+                -H "Content-Type: application/json" \
+                --data '{"purge_everything":true}' \
+
+            touch /.cloudflare_purged
+
+        elif [ -n "$CLOUDFLARE_CLEAR_CACHE_URLS" ] && [ "$CLOUDFLARE_CLEAR_CACHE_URLS" != "" ]; then
+            echo "purging cloudflare cache for ${CLOUDFLARE_CLEAR_CACHE_URLS}..."
+            curl -o - -s -w "%{http_code}\n" -X DELETE \
+                "https://api.cloudflare.com/client/v4/zones/${CLOUDFLARE_ZONE}/purge_cache" \
+                -H "X-Auth-Email: ${CLOUDFLARE_EMAIL}" \
+                -H "X-Auth-Key: ${CLOUDFLARE_KEY}" \
+                -H "Content-Type: application/json" \
+                --data "{\"files\":${CLOUDFLARE_CLEAR_CACHE_URLS}}"
+
+            touch /.cloudflare_purged
+
+        else
+            echo "CLOUDFLARE_PURGE_ALL or CLOUDFLARE_CLEAR_CACHE_URLS must be set to purge cache... skipping."
+        fi
+    else
+        echo "Found CLOUDFLARE_KEY without CLOUDFLARE_EMAIL. Both are required... not attempting cloudflare purge cache"
+    fi
+else
+    echo "Skipping cloudflare cache purge"
+fi
 
 exec "$@"

readme.md

@@ -0,0 +1,48 @@
+# interrobangc/nginx
+
+This is an nginx docker image that adds some features to [nginx:alpine](https://store.docker.com/images/nginx).
+
+
+## SSL
+
+A self signed ssl certificate will be generate on startup unless the environmental variable `SKIP_SSL_GENERATE` is set or any of the following files exist:
+
+* `/etc/ssl/cert.pem`
+* `/etc/ssl/key.pem`
+
+
+### SSL ENV Variables
+
+* **SSL_KEY_LENGTH** (Default: `2048`) - Length of SSL key.
+
+* **SSL_C** (Default: `US`) - Country
+
+* **SSL_ST** (Default: `NC`) - State
+
+* **SSL_L** (Default: `Mars Hill`) - Locality
+
+* **SSL_O** (Default: `Interrobang Consulting`) - Organization Name
+
+* **SSL_OU** (Default: `www`) - Organizational Unit Name
+
+* **SSL_CN** (Default: `interrobang.consulting`) - Common Name
+
+* **SSL_DAYS** (Default: `3650`) - Days until generated certificate expires
+
+
+## Clear Cloudflare Cache
+
+When the proper environmental variables are set, this image will handle purging cloudflare cache. It will only purge on initial startup, not on every restart of the container.
+
+
+### Cloudflare Cache ENV Variables
+
+* **CLOUDFLARE_KEY** (Required) - User's cloudflare API key
+
+* **CLOUDFLARE_EMAIL** (Required) - User's cloudflare email
+
+* **CLOUDFLARE_ZONE** (Required) - Cloudflare zone to act on
+
+* **CLOUDFLARE_PURGE_ALL** - Purge all cache
+
+* **CLOUDFLARE_CLEAR_CACHE_URLS** - list of urls to clear. This should be a json representation as defined in [the cloudflare documentation](https://api.cloudflare.com/#zone-purge-individual-files-by-url).