diff --git a/Dockerfile b/Dockerfile index 64e59c2..6a47732 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,11 +4,10 @@ MAINTAINER Chris Aubuchon RUN apk-install bash nginx ca-certificates -RUN mkdir -p /tmp/nginx /defaults +RUN mkdir -p /etc/nginx /tmp/nginx /defaults -ADD templates/ /consul-template/templates -ADD config.d/ /consul-template/config.d ADD defaults/ /defaults ADD scripts /scripts/ +ADD nginx/ /etc/nginx CMD ["/scripts/launch.sh"] diff --git a/config.d/consul.cfg b/config.d/consul.cfg deleted file mode 100644 index f4d8311..0000000 --- a/config.d/consul.cfg +++ /dev/null @@ -1,11 +0,0 @@ -template { - source = "/consul-template/templates/nginx.tmpl.in" - destination = "/consul-template/templates/nginx.tmpl" - command = "pkill -HUP consul-template || true" -} - -template { - source = "/consul-template/templates/nginx.tmpl" - destination = "/etc/nginx/nginx.conf" - command = "/scripts/nginx-run.sh || true" -} diff --git a/nginx/nginx.conf b/nginx/nginx.conf new file mode 100644 index 0000000..1e80f7b --- /dev/null +++ b/nginx/nginx.conf @@ -0,0 +1,15 @@ +worker_processes 1; + +events { + worker_connections 1024; +} + +http { + include mime.types; + default_type application/octet-stream; + + sendfile on; + keepalive_timeout 65; + + include /etc/nginx/conf/*.conf; +} diff --git a/scripts/launch.sh b/scripts/launch.sh index 29d52db..a215664 100755 --- a/scripts/launch.sh +++ b/scripts/launch.sh @@ -1,16 +1,53 @@ #!/bin/bash -set -e #set the DEBUG env variable to turn on debugging [[ -n "$DEBUG" ]] && set -x -# Required vars -NGINX_KV=${NGINX_KV:-nginx/template/default} -CONSUL_LOGLEVEL=${CONSUL_LOGLEVEL:-info} -CONSUL_SSL_VERIFY=${CONSUL_SSL_VERIFY:-true} +ctpid=0 + +hup_handler() { + generate_config + reload_consul_template +} + +term_handler() { + kill ${ctpid} + wait ${ctpid} + exit +} + +generate_config() { + for file in /etc/nginx/templates/*; do + fname="`basename ${file}`" + cat > /consul-template/config.d/${fname}.conf << EOF +template { + source = "${file}" + destination = "/etc/nginx/conf/${fname}.conf" + command = "/scripts/nginx-run.sh || true" +} +EOF + done +} + +reload_consul_template() { + if [ ${ctpid} -ne 0 ]; then + kill -HUP ${ctpid} + if [ $? -eq 0 ]; then + return + fi + fi + + consul-template -log-level ${CONSUL_LOGLEVEL} \ + -config /consul-template/config.d \ + ${ctvars} & + ctpid=$! +} + +trap hup_handler SIGHUP +trap term_handler SIGTERM SIGINT SIGQUIT -export NGINX_KV +CONSUL_LOGLEVEL=${CONSUL_LOGLEVEL:-info} # set up SSL if [ "$(ls -A /usr/local/share/ca-certificates)" ]; then # normally we'd use update-ca-certificates, but something about running it in @@ -19,44 +56,6 @@ if [ "$(ls -A /usr/local/share/ca-certificates)" ]; then cat /usr/local/share/ca-certificates/* >> /etc/ssl/certs/ca-certificates.crt fi -function usage { -cat < - (default not set) - - NGINX_AUTH_BASIC_KV Consul K/V path for nginx users - (default not set) - -Consul vars: - CONSUL_LOGLEVEL Set the consul-template log level - (default info) - - CONSUL_CONNECT URI for Consul agent - (default not set) - - CONSUL_SSL Connect to Consul using SSL - (default not set) - - CONSUL_SSL_VERIFY Verify Consul SSL connection - (default true) - - CONSUL_TOKEN Consul API token - (default not set) -USAGE -} - function config_auth { case ${NGINX_AUTH_TYPE} in basic) @@ -69,38 +68,19 @@ function config_auth { touch /etc/nginx/nginx-auth.conf } -function launch_consul_template { - vars=$@ - ctargs= - - if [ -n "${NGINX_AUTH_TYPE}" ]; then - config_auth - fi - - [[ -n "${CONSUL_CONNECT}" ]] && ctargs="${ctargs} -consul ${CONSUL_CONNECT}" - [[ -n "${CONSUL_SSL}" ]] && ctargs="${ctargs} -ssl" - [[ -n "${CONSUL_SSL}" ]] && ctargs="${ctargs} -ssl-verify=${CONSUL_SSL_VERIFY}" - [[ -n "${CONSUL_TOKEN}" ]] && ctargs="${ctargs} -token ${CONSUL_TOKEN}" - - # Create an empty nginx.tmpl so consul-template will start - touch /consul-template/templates/nginx.tmpl - - if [ -n "${NGINX_DEBUG}" ]; then - echo "Running consul template -once..." - consul-template -log-level ${CONSUL_LOGLEVEL} \ - -template /consul-template/templates/nginx.tmpl.in:/consul-template/templates/nginx.tmpl \ - ${ctargs} -once - - consul-template -log-level ${CONSUL_LOGLEVEL} \ - -config /consul-template/config.d \ - ${ctargs} -once ${vars} - /scripts/nginx-run.sh - else - echo "Starting consul template..." - exec consul-template -log-level ${CONSUL_LOGLEVEL} \ - -config /consul-template/config.d \ - ${ctargs} ${vars} - fi -} +if [ -n "${NGINX_AUTH_TYPE}" ]; then + config_auth +fi + +[[ -n "${CONSUL_CONNECT}" ]] && ctargs="${ctargs} -consul ${CONSUL_CONNECT}" +[[ -n "${CONSUL_SSL}" ]] && ctargs="${ctargs} -ssl" +[[ -n "${CONSUL_SSL}" ]] && ctargs="${ctargs} -ssl-verify=${CONSUL_SSL_VERIFY}" +[[ -n "${CONSUL_TOKEN}" ]] && ctargs="${ctargs} -token ${CONSUL_TOKEN}" + +generate_config +reload_consul_template -launch_consul_template $@ +while :; do + tail -f /dev/null & + wait $! +done diff --git a/templates/nginx.tmpl.in b/templates/nginx.tmpl.in deleted file mode 100644 index 630859f..0000000 --- a/templates/nginx.tmpl.in +++ /dev/null @@ -1,3 +0,0 @@ -{{ with $d := env "NGINX_KV" }} -{{ key $d }} -{{ end }}