diff --git a/Dockerfile-alpine-perl.template b/Dockerfile-alpine-perl.template index c4e064004..c8c56ae8a 100644 --- a/Dockerfile-alpine-perl.template +++ b/Dockerfile-alpine-perl.template @@ -66,6 +66,6 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi + && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/Dockerfile-alpine-slim.template b/Dockerfile-alpine-slim.template index 7c8347e90..4a88c230d 100644 --- a/Dockerfile-alpine-slim.template +++ b/Dockerfile-alpine-slim.template @@ -73,9 +73,9 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ + && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in gettext so we can get `envsubst`, then throw # the rest away. To do this, we need to install `gettext` # then move `envsubst` out of the way so `gettext` can diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index ba91fe6cc..9bff5ab81 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -71,8 +71,8 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ + && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in curl and ca-certificates to make registering on DNS SD easier && apk add --no-cache curl ca-certificates diff --git a/entrypoint/10-listen-on-ipv6-by-default.sh b/entrypoint/10-listen-on-ipv6-by-default.sh index b2655860d..f64d8cf63 100755 --- a/entrypoint/10-listen-on-ipv6-by-default.sh +++ b/entrypoint/10-listen-on-ipv6-by-default.sh @@ -1,62 +1,68 @@ #!/bin/sh -# vim:sw=4:ts=4:et +# vim:sw=2:ts=2:sts=2:et set -e entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi } -ME=$(basename $0) +ME=$(basename "$0") DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - entrypoint_log "$ME: info: ipv6 not available" - exit 0 + entrypoint_log "$ME: info: IPv6 is not available" + exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" - exit 0 + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { + entrypoint_log "$ME: info: Cannot modify /$DEFAULT_CONF_FILE (read-only file system?)" + exit 0 +} # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { + entrypoint_log "$ME: info: Listen on IPv6 is already enabled" + exit 0 +} if [ -f "/etc/os-release" ]; then - . /etc/os-release + . /etc/os-release else - entrypoint_log "$ME: info: can not guess the operating system" - exit 0 + entrypoint_log "$ME: info: Cannot guess the operating system" + exit 0 fi entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in - "debian") - CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - "alpine") - CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - *) - entrypoint_log "$ME: info: Unsupported distribution" - exit 0 - ;; +"debian") + CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + exit 0 + } + ;; +"alpine") + CHECKSUM=$(apk manifest nginx 2>/dev/null | grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + exit 0 + } + ;; +*) + entrypoint_log "$ME: info: Unsupported distribution" + exit 0 + ;; esac # enable ipv6 on default.conf listen sockets diff --git a/entrypoint/15-local-resolvers.envsh b/entrypoint/15-local-resolvers.envsh index 930621598..da963525b 100755 --- a/entrypoint/15-local-resolvers.envsh +++ b/entrypoint/15-local-resolvers.envsh @@ -8,4 +8,5 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 -export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +export NGINX_LOCAL_RESOLVERS diff --git a/entrypoint/20-envsubst-on-templates.sh b/entrypoint/20-envsubst-on-templates.sh index f3fb9fcb9..84af2cd69 100755 --- a/entrypoint/20-envsubst-on-templates.sh +++ b/entrypoint/20-envsubst-on-templates.sh @@ -1,13 +1,14 @@ #!/bin/sh +# vim:sw=2:ts=2:sts=2:et set -e -ME=$(basename $0) +ME=$(basename "$0") entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi } add_stream_block() { @@ -17,9 +18,12 @@ add_stream_block() { entrypoint_log "$ME: $conffile contains a stream block; include $stream_output_dir/*.conf to enable stream templates" else # check if the file can be modified, e.g. not on a r/o filesystem - touch "$conffile" 2>/dev/null || { entrypoint_log "$ME: info: can not modify $conffile (read-only file system?)"; exit 0; } - entrypoint_log "$ME: Appending stream block to $conffile to include $stream_output_dir/*.conf" - cat << END >> "$conffile" + touch "$conffile" 2>/dev/null || { + entrypoint_log "$ME: ERROR: can not modify $conffile (read-only file system?)" + exit 0 + } + entrypoint_log "$ME: info: Appending stream block to $conffile to include $stream_output_dir/*.conf" + cat <>"$conffile" # added by "$ME" on "$(date)" stream { include $stream_output_dir/*.conf; @@ -37,20 +41,21 @@ auto_envsubst() { local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) + + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" "$output_path" + entrypoint_log "$ME: info: Running envsubst on $template to $output_path" + envsubst "$defined_envs" <"$template" >"$output_path" done # Print the first file with the stream suffix, this will be false if there are none @@ -62,13 +67,13 @@ auto_envsubst() { fi add_stream_block find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$stream_output_dir/${relative_path%$stream_suffix}" + relative_path="${template#"$template_dir/"}" + output_path="$stream_output_dir/${relative_path%"$stream_suffix"}" subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$stream_output_dir/$subdir" - entrypoint_log "$ME: Running envsubst on $template to $output_path" - envsubst "$defined_envs" < "$template" > "$output_path" + entrypoint_log "$ME: info: Running envsubst on $template to $output_path" + envsubst "$defined_envs" <"$template" >"$output_path" done fi } diff --git a/entrypoint/30-tune-worker-processes.sh b/entrypoint/30-tune-worker-processes.sh index 9aa42e98d..527864380 100755 --- a/entrypoint/30-tune-worker-processes.sh +++ b/entrypoint/30-tune-worker-processes.sh @@ -4,17 +4,20 @@ set -eu LC_ALL=C -ME=$( basename "$0" ) +ME=$(basename "$0") PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 -touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } +touch /etc/nginx/nginx.conf 2>/dev/null || { + echo >&2 "$ME: ERROR: Cannot modify /etc/nginx/nginx.conf (read-only file system?)" + exit 0 +} ceildiv() { num=$1 div=$2 - echo $(( (num + div - 1) / div )) + echo $(((num + div - 1) / div)) } get_cpuset() { @@ -22,15 +25,15 @@ get_cpuset() { cpusetfile=$2 ncpu=0 [ -f "$cpusetroot/$cpusetfile" ] || return 1 - for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do + for token in $(tr ',' ' ' <"$cpusetroot/$cpusetfile"); do case "$token" in - *-*) - count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) - ncpu=$(( ncpu+count )) - ;; - *) - ncpu=$(( ncpu+1 )) - ;; + *-*) + count=$(seq $(echo "$token" | tr '-' ' ') | wc -l) + ncpu=$((ncpu + count)) + ;; + *) + ncpu=$((ncpu + 1)) + ;; esac done echo "$ncpu" @@ -41,11 +44,11 @@ get_quota() { ncpu=0 [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 - cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) - cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) + cfs_quota=$(cat "$cpuroot/cpu.cfs_quota_us") + cfs_period=$(cat "$cpuroot/cpu.cfs_period_us") [ "$cfs_quota" = "-1" ] && return 1 [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + ncpu=$(ceildiv "$cfs_quota" "$cfs_period") [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } @@ -54,11 +57,11 @@ get_quota_v2() { cpuroot=$1 ncpu=0 [ -f "$cpuroot/cpu.max" ] || return 1 - cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) - cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) + cfs_quota=$(cut -d' ' -f 1 <"$cpuroot/cpu.max") + cfs_period=$(cut -d' ' -f 2 <"$cpuroot/cpu.max") [ "$cfs_quota" = "max" ] && return 1 [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + ncpu=$(ceildiv "$cfs_quota" "$cfs_period") [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } @@ -74,59 +77,59 @@ get_cgroup_v1_path() { while IFS= read -r line; do case "$needle" in - "cpuset") - case "$line" in - *cpuset*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac + "cpuset") + case "$line" in + *cpuset*) + found=$(echo "$line" | cut -d ' ' -f 4,5) + break + ;; + esac + ;; + "cpu") + case "$line" in + *cpuset*) ;; + *cpu,cpuacct* | *cpuacct,cpu | *cpuacct* | *cpu*) + found=$(echo "$line" | cut -d ' ' -f 4,5) + break ;; - "cpu") - case "$line" in - *cpuset*) - ;; - *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac + esac + ;; esac - done << __EOF__ -$( grep -F -- '- cgroup ' /proc/self/mountinfo ) + done <<__EOF__ +$(grep -F -- '- cgroup ' /proc/self/mountinfo) __EOF__ while IFS= read -r line; do - controller=$( echo "$line" | cut -d: -f 2 ) + controller=$(echo "$line" | cut -d: -f 2) case "$needle" in - "cpuset") - case "$controller" in - cpuset) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac + "cpuset") + case "$controller" in + cpuset) + mountpoint=$(echo "$line" | cut -d: -f 3) + break ;; - "cpu") - case "$controller" in - cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac + esac + ;; + "cpu") + case "$controller" in + cpu,cpuacct | cpuacct,cpu | cpuacct | cpu) + mountpoint=$(echo "$line" | cut -d: -f 3) + break ;; + esac + ;; esac -done << __EOF__ -$( grep -F -- 'cpu' /proc/self/cgroup ) + done <<__EOF__ +$(grep -F -- 'cpu' /proc/self/cgroup) __EOF__ case "${found%% *}" in - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint") - foundroot="${found##* }" - ;; + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; esac echo "$foundroot" } @@ -140,49 +143,49 @@ get_cgroup_v2_path() { [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - done << __EOF__ -$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) + found=$(echo "$line" | cut -d ' ' -f 4,5) + done <<__EOF__ +$(grep -F -- '- cgroup2 ' /proc/self/mountinfo) __EOF__ while IFS= read -r line; do - mountpoint=$( echo "$line" | cut -d: -f 3 ) -done << __EOF__ -$( grep -F -- '0::' /proc/self/cgroup ) + mountpoint=$(echo "$line" | cut -d: -f 3) + done <<__EOF__ +$(grep -F -- '0::' /proc/self/cgroup) __EOF__ case "${found%% *}" in - "") - return 1 - ;; - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint" | /../*) - foundroot="${found##* }" - ;; + "") + return 1 + ;; + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint" | /../*) + foundroot="${found##* }" + ;; esac echo "$foundroot" } -ncpu_online=$( getconf _NPROCESSORS_ONLN ) +ncpu_online=$(getconf _NPROCESSORS_ONLN) ncpu_cpuset= ncpu_quota= ncpu_cpuset_v2= ncpu_quota_v2= -cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online -cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online - -ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ - "$ncpu_online" \ - "$ncpu_cpuset" \ - "$ncpu_quota" \ - "$ncpu_cpuset_v2" \ - "$ncpu_quota_v2" \ - | sort -n \ - | head -n 1 ) +cpuset=$(get_cgroup_v1_path "cpuset") && ncpu_cpuset=$(get_cpuset "$cpuset" "cpuset.effective_cpus") || ncpu_cpuset=$ncpu_online +cpu=$(get_cgroup_v1_path "cpu") && ncpu_quota=$(get_quota "$cpu") || ncpu_quota=$ncpu_online +cgroup_v2=$(get_cgroup_v2_path) && ncpu_cpuset_v2=$(get_cpuset "$cgroup_v2" "cpuset.cpus.effective") || ncpu_cpuset_v2=$ncpu_online +cgroup_v2=$(get_cgroup_v2_path) && ncpu_quota_v2=$(get_quota_v2 "$cgroup_v2") || ncpu_quota_v2=$ncpu_online + +ncpu=$(printf "%s\n%s\n%s\n%s\n%s\n" \ + "$ncpu_online" \ + "$ncpu_cpuset" \ + "$ncpu_quota" \ + "$ncpu_cpuset_v2" \ + "$ncpu_quota_v2" | + sort -n | + head -n 1) sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/entrypoint/docker-entrypoint.sh b/entrypoint/docker-entrypoint.sh index e201fe608..943656ffa 100755 --- a/entrypoint/docker-entrypoint.sh +++ b/entrypoint/docker-entrypoint.sh @@ -1,47 +1,47 @@ #!/bin/sh -# vim:sw=4:ts=4:et +# vim:sw=2:ts=2:sts=2:et set -e entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi } -if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" +if [ "$1" = "nginx" ] || [ "$1" = "nginx-debug" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then + entrypoint_log "$0: info: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do - case "$f" in - *.envsh) - if [ -x "$f" ]; then - entrypoint_log "$0: Sourcing $f"; - . "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *.sh) - if [ -x "$f" ]; then - entrypoint_log "$0: Launching $f"; - "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *) entrypoint_log "$0: Ignoring $f";; - esac - done + entrypoint_log "$0: info: Looking for shell scripts in /docker-entrypoint.d/" + find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do + case "$f" in + *.envsh) + if [ -x "$f" ]; then + entrypoint_log "$0: info: Sourcing $f" + . "$f" + else + # warn on shell scripts without exec bit + entrypoint_log "$0: info: Ignoring $f, not executable" + fi + ;; + *.sh) + if [ -x "$f" ]; then + entrypoint_log "$0: info: Launching $f" + "$f" + else + # warn on shell scripts without exec bit + entrypoint_log "$0: info: Ignoring $f, not executable" + fi + ;; + *) entrypoint_log "$0: info: Ignoring $f" ;; + esac + done - entrypoint_log "$0: Configuration complete; ready for start up" - else - entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" - fi + entrypoint_log "$0: info: Configuration complete; ready for start up" + else + entrypoint_log "$0: info: No files found in /docker-entrypoint.d/, skipping configuration" + fi fi exec "$@" diff --git a/mainline/alpine-perl/Dockerfile b/mainline/alpine-perl/Dockerfile index e392c742f..6119fbd07 100644 --- a/mainline/alpine-perl/Dockerfile +++ b/mainline/alpine-perl/Dockerfile @@ -77,6 +77,6 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi + && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh b/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh index b2655860d..f64d8cf63 100755 --- a/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh +++ b/mainline/alpine-slim/10-listen-on-ipv6-by-default.sh @@ -1,62 +1,68 @@ #!/bin/sh -# vim:sw=4:ts=4:et +# vim:sw=2:ts=2:sts=2:et set -e entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi } -ME=$(basename $0) +ME=$(basename "$0") DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - entrypoint_log "$ME: info: ipv6 not available" - exit 0 + entrypoint_log "$ME: info: IPv6 is not available" + exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" - exit 0 + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { + entrypoint_log "$ME: info: Cannot modify /$DEFAULT_CONF_FILE (read-only file system?)" + exit 0 +} # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { + entrypoint_log "$ME: info: Listen on IPv6 is already enabled" + exit 0 +} if [ -f "/etc/os-release" ]; then - . /etc/os-release + . /etc/os-release else - entrypoint_log "$ME: info: can not guess the operating system" - exit 0 + entrypoint_log "$ME: info: Cannot guess the operating system" + exit 0 fi entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in - "debian") - CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - "alpine") - CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - *) - entrypoint_log "$ME: info: Unsupported distribution" - exit 0 - ;; +"debian") + CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + exit 0 + } + ;; +"alpine") + CHECKSUM=$(apk manifest nginx 2>/dev/null | grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + exit 0 + } + ;; +*) + entrypoint_log "$ME: info: Unsupported distribution" + exit 0 + ;; esac # enable ipv6 on default.conf listen sockets diff --git a/mainline/alpine-slim/15-local-resolvers.envsh b/mainline/alpine-slim/15-local-resolvers.envsh index 930621598..da963525b 100755 --- a/mainline/alpine-slim/15-local-resolvers.envsh +++ b/mainline/alpine-slim/15-local-resolvers.envsh @@ -8,4 +8,5 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 -export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +export NGINX_LOCAL_RESOLVERS diff --git a/mainline/alpine-slim/20-envsubst-on-templates.sh b/mainline/alpine-slim/20-envsubst-on-templates.sh index f3fb9fcb9..84af2cd69 100755 --- a/mainline/alpine-slim/20-envsubst-on-templates.sh +++ b/mainline/alpine-slim/20-envsubst-on-templates.sh @@ -1,13 +1,14 @@ #!/bin/sh +# vim:sw=2:ts=2:sts=2:et set -e -ME=$(basename $0) +ME=$(basename "$0") entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi } add_stream_block() { @@ -17,9 +18,12 @@ add_stream_block() { entrypoint_log "$ME: $conffile contains a stream block; include $stream_output_dir/*.conf to enable stream templates" else # check if the file can be modified, e.g. not on a r/o filesystem - touch "$conffile" 2>/dev/null || { entrypoint_log "$ME: info: can not modify $conffile (read-only file system?)"; exit 0; } - entrypoint_log "$ME: Appending stream block to $conffile to include $stream_output_dir/*.conf" - cat << END >> "$conffile" + touch "$conffile" 2>/dev/null || { + entrypoint_log "$ME: ERROR: can not modify $conffile (read-only file system?)" + exit 0 + } + entrypoint_log "$ME: info: Appending stream block to $conffile to include $stream_output_dir/*.conf" + cat <>"$conffile" # added by "$ME" on "$(date)" stream { include $stream_output_dir/*.conf; @@ -37,20 +41,21 @@ auto_envsubst() { local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) + + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" "$output_path" + entrypoint_log "$ME: info: Running envsubst on $template to $output_path" + envsubst "$defined_envs" <"$template" >"$output_path" done # Print the first file with the stream suffix, this will be false if there are none @@ -62,13 +67,13 @@ auto_envsubst() { fi add_stream_block find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$stream_output_dir/${relative_path%$stream_suffix}" + relative_path="${template#"$template_dir/"}" + output_path="$stream_output_dir/${relative_path%"$stream_suffix"}" subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$stream_output_dir/$subdir" - entrypoint_log "$ME: Running envsubst on $template to $output_path" - envsubst "$defined_envs" < "$template" > "$output_path" + entrypoint_log "$ME: info: Running envsubst on $template to $output_path" + envsubst "$defined_envs" <"$template" >"$output_path" done fi } diff --git a/mainline/alpine-slim/30-tune-worker-processes.sh b/mainline/alpine-slim/30-tune-worker-processes.sh index 9aa42e98d..527864380 100755 --- a/mainline/alpine-slim/30-tune-worker-processes.sh +++ b/mainline/alpine-slim/30-tune-worker-processes.sh @@ -4,17 +4,20 @@ set -eu LC_ALL=C -ME=$( basename "$0" ) +ME=$(basename "$0") PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 -touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } +touch /etc/nginx/nginx.conf 2>/dev/null || { + echo >&2 "$ME: ERROR: Cannot modify /etc/nginx/nginx.conf (read-only file system?)" + exit 0 +} ceildiv() { num=$1 div=$2 - echo $(( (num + div - 1) / div )) + echo $(((num + div - 1) / div)) } get_cpuset() { @@ -22,15 +25,15 @@ get_cpuset() { cpusetfile=$2 ncpu=0 [ -f "$cpusetroot/$cpusetfile" ] || return 1 - for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do + for token in $(tr ',' ' ' <"$cpusetroot/$cpusetfile"); do case "$token" in - *-*) - count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) - ncpu=$(( ncpu+count )) - ;; - *) - ncpu=$(( ncpu+1 )) - ;; + *-*) + count=$(seq $(echo "$token" | tr '-' ' ') | wc -l) + ncpu=$((ncpu + count)) + ;; + *) + ncpu=$((ncpu + 1)) + ;; esac done echo "$ncpu" @@ -41,11 +44,11 @@ get_quota() { ncpu=0 [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 - cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) - cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) + cfs_quota=$(cat "$cpuroot/cpu.cfs_quota_us") + cfs_period=$(cat "$cpuroot/cpu.cfs_period_us") [ "$cfs_quota" = "-1" ] && return 1 [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + ncpu=$(ceildiv "$cfs_quota" "$cfs_period") [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } @@ -54,11 +57,11 @@ get_quota_v2() { cpuroot=$1 ncpu=0 [ -f "$cpuroot/cpu.max" ] || return 1 - cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) - cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) + cfs_quota=$(cut -d' ' -f 1 <"$cpuroot/cpu.max") + cfs_period=$(cut -d' ' -f 2 <"$cpuroot/cpu.max") [ "$cfs_quota" = "max" ] && return 1 [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + ncpu=$(ceildiv "$cfs_quota" "$cfs_period") [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } @@ -74,59 +77,59 @@ get_cgroup_v1_path() { while IFS= read -r line; do case "$needle" in - "cpuset") - case "$line" in - *cpuset*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac + "cpuset") + case "$line" in + *cpuset*) + found=$(echo "$line" | cut -d ' ' -f 4,5) + break + ;; + esac + ;; + "cpu") + case "$line" in + *cpuset*) ;; + *cpu,cpuacct* | *cpuacct,cpu | *cpuacct* | *cpu*) + found=$(echo "$line" | cut -d ' ' -f 4,5) + break ;; - "cpu") - case "$line" in - *cpuset*) - ;; - *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac + esac + ;; esac - done << __EOF__ -$( grep -F -- '- cgroup ' /proc/self/mountinfo ) + done <<__EOF__ +$(grep -F -- '- cgroup ' /proc/self/mountinfo) __EOF__ while IFS= read -r line; do - controller=$( echo "$line" | cut -d: -f 2 ) + controller=$(echo "$line" | cut -d: -f 2) case "$needle" in - "cpuset") - case "$controller" in - cpuset) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac + "cpuset") + case "$controller" in + cpuset) + mountpoint=$(echo "$line" | cut -d: -f 3) + break ;; - "cpu") - case "$controller" in - cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac + esac + ;; + "cpu") + case "$controller" in + cpu,cpuacct | cpuacct,cpu | cpuacct | cpu) + mountpoint=$(echo "$line" | cut -d: -f 3) + break ;; + esac + ;; esac -done << __EOF__ -$( grep -F -- 'cpu' /proc/self/cgroup ) + done <<__EOF__ +$(grep -F -- 'cpu' /proc/self/cgroup) __EOF__ case "${found%% *}" in - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint") - foundroot="${found##* }" - ;; + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; esac echo "$foundroot" } @@ -140,49 +143,49 @@ get_cgroup_v2_path() { [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - done << __EOF__ -$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) + found=$(echo "$line" | cut -d ' ' -f 4,5) + done <<__EOF__ +$(grep -F -- '- cgroup2 ' /proc/self/mountinfo) __EOF__ while IFS= read -r line; do - mountpoint=$( echo "$line" | cut -d: -f 3 ) -done << __EOF__ -$( grep -F -- '0::' /proc/self/cgroup ) + mountpoint=$(echo "$line" | cut -d: -f 3) + done <<__EOF__ +$(grep -F -- '0::' /proc/self/cgroup) __EOF__ case "${found%% *}" in - "") - return 1 - ;; - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint" | /../*) - foundroot="${found##* }" - ;; + "") + return 1 + ;; + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint" | /../*) + foundroot="${found##* }" + ;; esac echo "$foundroot" } -ncpu_online=$( getconf _NPROCESSORS_ONLN ) +ncpu_online=$(getconf _NPROCESSORS_ONLN) ncpu_cpuset= ncpu_quota= ncpu_cpuset_v2= ncpu_quota_v2= -cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online -cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online - -ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ - "$ncpu_online" \ - "$ncpu_cpuset" \ - "$ncpu_quota" \ - "$ncpu_cpuset_v2" \ - "$ncpu_quota_v2" \ - | sort -n \ - | head -n 1 ) +cpuset=$(get_cgroup_v1_path "cpuset") && ncpu_cpuset=$(get_cpuset "$cpuset" "cpuset.effective_cpus") || ncpu_cpuset=$ncpu_online +cpu=$(get_cgroup_v1_path "cpu") && ncpu_quota=$(get_quota "$cpu") || ncpu_quota=$ncpu_online +cgroup_v2=$(get_cgroup_v2_path) && ncpu_cpuset_v2=$(get_cpuset "$cgroup_v2" "cpuset.cpus.effective") || ncpu_cpuset_v2=$ncpu_online +cgroup_v2=$(get_cgroup_v2_path) && ncpu_quota_v2=$(get_quota_v2 "$cgroup_v2") || ncpu_quota_v2=$ncpu_online + +ncpu=$(printf "%s\n%s\n%s\n%s\n%s\n" \ + "$ncpu_online" \ + "$ncpu_cpuset" \ + "$ncpu_quota" \ + "$ncpu_cpuset_v2" \ + "$ncpu_quota_v2" | + sort -n | + head -n 1) sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/mainline/alpine-slim/Dockerfile b/mainline/alpine-slim/Dockerfile index b9133e069..9de2c8c75 100644 --- a/mainline/alpine-slim/Dockerfile +++ b/mainline/alpine-slim/Dockerfile @@ -79,9 +79,9 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ + && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in gettext so we can get `envsubst`, then throw # the rest away. To do this, we need to install `gettext` # then move `envsubst` out of the way so `gettext` can diff --git a/mainline/alpine-slim/docker-entrypoint.sh b/mainline/alpine-slim/docker-entrypoint.sh index e201fe608..943656ffa 100755 --- a/mainline/alpine-slim/docker-entrypoint.sh +++ b/mainline/alpine-slim/docker-entrypoint.sh @@ -1,47 +1,47 @@ #!/bin/sh -# vim:sw=4:ts=4:et +# vim:sw=2:ts=2:sts=2:et set -e entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi } -if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" +if [ "$1" = "nginx" ] || [ "$1" = "nginx-debug" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then + entrypoint_log "$0: info: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do - case "$f" in - *.envsh) - if [ -x "$f" ]; then - entrypoint_log "$0: Sourcing $f"; - . "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *.sh) - if [ -x "$f" ]; then - entrypoint_log "$0: Launching $f"; - "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *) entrypoint_log "$0: Ignoring $f";; - esac - done + entrypoint_log "$0: info: Looking for shell scripts in /docker-entrypoint.d/" + find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do + case "$f" in + *.envsh) + if [ -x "$f" ]; then + entrypoint_log "$0: info: Sourcing $f" + . "$f" + else + # warn on shell scripts without exec bit + entrypoint_log "$0: info: Ignoring $f, not executable" + fi + ;; + *.sh) + if [ -x "$f" ]; then + entrypoint_log "$0: info: Launching $f" + "$f" + else + # warn on shell scripts without exec bit + entrypoint_log "$0: info: Ignoring $f, not executable" + fi + ;; + *) entrypoint_log "$0: info: Ignoring $f" ;; + esac + done - entrypoint_log "$0: Configuration complete; ready for start up" - else - entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" - fi + entrypoint_log "$0: info: Configuration complete; ready for start up" + else + entrypoint_log "$0: info: No files found in /docker-entrypoint.d/, skipping configuration" + fi fi exec "$@" diff --git a/mainline/alpine/Dockerfile b/mainline/alpine/Dockerfile index f2c5c88df..58282e3eb 100644 --- a/mainline/alpine/Dockerfile +++ b/mainline/alpine/Dockerfile @@ -81,8 +81,8 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ + && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in curl and ca-certificates to make registering on DNS SD easier && apk add --no-cache curl ca-certificates diff --git a/mainline/debian/10-listen-on-ipv6-by-default.sh b/mainline/debian/10-listen-on-ipv6-by-default.sh index b2655860d..f64d8cf63 100755 --- a/mainline/debian/10-listen-on-ipv6-by-default.sh +++ b/mainline/debian/10-listen-on-ipv6-by-default.sh @@ -1,62 +1,68 @@ #!/bin/sh -# vim:sw=4:ts=4:et +# vim:sw=2:ts=2:sts=2:et set -e entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi } -ME=$(basename $0) +ME=$(basename "$0") DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - entrypoint_log "$ME: info: ipv6 not available" - exit 0 + entrypoint_log "$ME: info: IPv6 is not available" + exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" - exit 0 + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { + entrypoint_log "$ME: info: Cannot modify /$DEFAULT_CONF_FILE (read-only file system?)" + exit 0 +} # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { + entrypoint_log "$ME: info: Listen on IPv6 is already enabled" + exit 0 +} if [ -f "/etc/os-release" ]; then - . /etc/os-release + . /etc/os-release else - entrypoint_log "$ME: info: can not guess the operating system" - exit 0 + entrypoint_log "$ME: info: Cannot guess the operating system" + exit 0 fi entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in - "debian") - CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - "alpine") - CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - *) - entrypoint_log "$ME: info: Unsupported distribution" - exit 0 - ;; +"debian") + CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + exit 0 + } + ;; +"alpine") + CHECKSUM=$(apk manifest nginx 2>/dev/null | grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + exit 0 + } + ;; +*) + entrypoint_log "$ME: info: Unsupported distribution" + exit 0 + ;; esac # enable ipv6 on default.conf listen sockets diff --git a/mainline/debian/15-local-resolvers.envsh b/mainline/debian/15-local-resolvers.envsh index 930621598..da963525b 100755 --- a/mainline/debian/15-local-resolvers.envsh +++ b/mainline/debian/15-local-resolvers.envsh @@ -8,4 +8,5 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 -export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +export NGINX_LOCAL_RESOLVERS diff --git a/mainline/debian/20-envsubst-on-templates.sh b/mainline/debian/20-envsubst-on-templates.sh index f3fb9fcb9..84af2cd69 100755 --- a/mainline/debian/20-envsubst-on-templates.sh +++ b/mainline/debian/20-envsubst-on-templates.sh @@ -1,13 +1,14 @@ #!/bin/sh +# vim:sw=2:ts=2:sts=2:et set -e -ME=$(basename $0) +ME=$(basename "$0") entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi } add_stream_block() { @@ -17,9 +18,12 @@ add_stream_block() { entrypoint_log "$ME: $conffile contains a stream block; include $stream_output_dir/*.conf to enable stream templates" else # check if the file can be modified, e.g. not on a r/o filesystem - touch "$conffile" 2>/dev/null || { entrypoint_log "$ME: info: can not modify $conffile (read-only file system?)"; exit 0; } - entrypoint_log "$ME: Appending stream block to $conffile to include $stream_output_dir/*.conf" - cat << END >> "$conffile" + touch "$conffile" 2>/dev/null || { + entrypoint_log "$ME: ERROR: can not modify $conffile (read-only file system?)" + exit 0 + } + entrypoint_log "$ME: info: Appending stream block to $conffile to include $stream_output_dir/*.conf" + cat <>"$conffile" # added by "$ME" on "$(date)" stream { include $stream_output_dir/*.conf; @@ -37,20 +41,21 @@ auto_envsubst() { local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) + + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" "$output_path" + entrypoint_log "$ME: info: Running envsubst on $template to $output_path" + envsubst "$defined_envs" <"$template" >"$output_path" done # Print the first file with the stream suffix, this will be false if there are none @@ -62,13 +67,13 @@ auto_envsubst() { fi add_stream_block find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$stream_output_dir/${relative_path%$stream_suffix}" + relative_path="${template#"$template_dir/"}" + output_path="$stream_output_dir/${relative_path%"$stream_suffix"}" subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$stream_output_dir/$subdir" - entrypoint_log "$ME: Running envsubst on $template to $output_path" - envsubst "$defined_envs" < "$template" > "$output_path" + entrypoint_log "$ME: info: Running envsubst on $template to $output_path" + envsubst "$defined_envs" <"$template" >"$output_path" done fi } diff --git a/mainline/debian/30-tune-worker-processes.sh b/mainline/debian/30-tune-worker-processes.sh index 9aa42e98d..527864380 100755 --- a/mainline/debian/30-tune-worker-processes.sh +++ b/mainline/debian/30-tune-worker-processes.sh @@ -4,17 +4,20 @@ set -eu LC_ALL=C -ME=$( basename "$0" ) +ME=$(basename "$0") PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 -touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } +touch /etc/nginx/nginx.conf 2>/dev/null || { + echo >&2 "$ME: ERROR: Cannot modify /etc/nginx/nginx.conf (read-only file system?)" + exit 0 +} ceildiv() { num=$1 div=$2 - echo $(( (num + div - 1) / div )) + echo $(((num + div - 1) / div)) } get_cpuset() { @@ -22,15 +25,15 @@ get_cpuset() { cpusetfile=$2 ncpu=0 [ -f "$cpusetroot/$cpusetfile" ] || return 1 - for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do + for token in $(tr ',' ' ' <"$cpusetroot/$cpusetfile"); do case "$token" in - *-*) - count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) - ncpu=$(( ncpu+count )) - ;; - *) - ncpu=$(( ncpu+1 )) - ;; + *-*) + count=$(seq $(echo "$token" | tr '-' ' ') | wc -l) + ncpu=$((ncpu + count)) + ;; + *) + ncpu=$((ncpu + 1)) + ;; esac done echo "$ncpu" @@ -41,11 +44,11 @@ get_quota() { ncpu=0 [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 - cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) - cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) + cfs_quota=$(cat "$cpuroot/cpu.cfs_quota_us") + cfs_period=$(cat "$cpuroot/cpu.cfs_period_us") [ "$cfs_quota" = "-1" ] && return 1 [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + ncpu=$(ceildiv "$cfs_quota" "$cfs_period") [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } @@ -54,11 +57,11 @@ get_quota_v2() { cpuroot=$1 ncpu=0 [ -f "$cpuroot/cpu.max" ] || return 1 - cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) - cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) + cfs_quota=$(cut -d' ' -f 1 <"$cpuroot/cpu.max") + cfs_period=$(cut -d' ' -f 2 <"$cpuroot/cpu.max") [ "$cfs_quota" = "max" ] && return 1 [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + ncpu=$(ceildiv "$cfs_quota" "$cfs_period") [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } @@ -74,59 +77,59 @@ get_cgroup_v1_path() { while IFS= read -r line; do case "$needle" in - "cpuset") - case "$line" in - *cpuset*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac + "cpuset") + case "$line" in + *cpuset*) + found=$(echo "$line" | cut -d ' ' -f 4,5) + break + ;; + esac + ;; + "cpu") + case "$line" in + *cpuset*) ;; + *cpu,cpuacct* | *cpuacct,cpu | *cpuacct* | *cpu*) + found=$(echo "$line" | cut -d ' ' -f 4,5) + break ;; - "cpu") - case "$line" in - *cpuset*) - ;; - *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac + esac + ;; esac - done << __EOF__ -$( grep -F -- '- cgroup ' /proc/self/mountinfo ) + done <<__EOF__ +$(grep -F -- '- cgroup ' /proc/self/mountinfo) __EOF__ while IFS= read -r line; do - controller=$( echo "$line" | cut -d: -f 2 ) + controller=$(echo "$line" | cut -d: -f 2) case "$needle" in - "cpuset") - case "$controller" in - cpuset) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac + "cpuset") + case "$controller" in + cpuset) + mountpoint=$(echo "$line" | cut -d: -f 3) + break ;; - "cpu") - case "$controller" in - cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac + esac + ;; + "cpu") + case "$controller" in + cpu,cpuacct | cpuacct,cpu | cpuacct | cpu) + mountpoint=$(echo "$line" | cut -d: -f 3) + break ;; + esac + ;; esac -done << __EOF__ -$( grep -F -- 'cpu' /proc/self/cgroup ) + done <<__EOF__ +$(grep -F -- 'cpu' /proc/self/cgroup) __EOF__ case "${found%% *}" in - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint") - foundroot="${found##* }" - ;; + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; esac echo "$foundroot" } @@ -140,49 +143,49 @@ get_cgroup_v2_path() { [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - done << __EOF__ -$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) + found=$(echo "$line" | cut -d ' ' -f 4,5) + done <<__EOF__ +$(grep -F -- '- cgroup2 ' /proc/self/mountinfo) __EOF__ while IFS= read -r line; do - mountpoint=$( echo "$line" | cut -d: -f 3 ) -done << __EOF__ -$( grep -F -- '0::' /proc/self/cgroup ) + mountpoint=$(echo "$line" | cut -d: -f 3) + done <<__EOF__ +$(grep -F -- '0::' /proc/self/cgroup) __EOF__ case "${found%% *}" in - "") - return 1 - ;; - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint" | /../*) - foundroot="${found##* }" - ;; + "") + return 1 + ;; + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint" | /../*) + foundroot="${found##* }" + ;; esac echo "$foundroot" } -ncpu_online=$( getconf _NPROCESSORS_ONLN ) +ncpu_online=$(getconf _NPROCESSORS_ONLN) ncpu_cpuset= ncpu_quota= ncpu_cpuset_v2= ncpu_quota_v2= -cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online -cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online - -ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ - "$ncpu_online" \ - "$ncpu_cpuset" \ - "$ncpu_quota" \ - "$ncpu_cpuset_v2" \ - "$ncpu_quota_v2" \ - | sort -n \ - | head -n 1 ) +cpuset=$(get_cgroup_v1_path "cpuset") && ncpu_cpuset=$(get_cpuset "$cpuset" "cpuset.effective_cpus") || ncpu_cpuset=$ncpu_online +cpu=$(get_cgroup_v1_path "cpu") && ncpu_quota=$(get_quota "$cpu") || ncpu_quota=$ncpu_online +cgroup_v2=$(get_cgroup_v2_path) && ncpu_cpuset_v2=$(get_cpuset "$cgroup_v2" "cpuset.cpus.effective") || ncpu_cpuset_v2=$ncpu_online +cgroup_v2=$(get_cgroup_v2_path) && ncpu_quota_v2=$(get_quota_v2 "$cgroup_v2") || ncpu_quota_v2=$ncpu_online + +ncpu=$(printf "%s\n%s\n%s\n%s\n%s\n" \ + "$ncpu_online" \ + "$ncpu_cpuset" \ + "$ncpu_quota" \ + "$ncpu_cpuset_v2" \ + "$ncpu_quota_v2" | + sort -n | + head -n 1) sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/mainline/debian/docker-entrypoint.sh b/mainline/debian/docker-entrypoint.sh index e201fe608..943656ffa 100755 --- a/mainline/debian/docker-entrypoint.sh +++ b/mainline/debian/docker-entrypoint.sh @@ -1,47 +1,47 @@ #!/bin/sh -# vim:sw=4:ts=4:et +# vim:sw=2:ts=2:sts=2:et set -e entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi } -if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" +if [ "$1" = "nginx" ] || [ "$1" = "nginx-debug" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then + entrypoint_log "$0: info: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do - case "$f" in - *.envsh) - if [ -x "$f" ]; then - entrypoint_log "$0: Sourcing $f"; - . "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *.sh) - if [ -x "$f" ]; then - entrypoint_log "$0: Launching $f"; - "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *) entrypoint_log "$0: Ignoring $f";; - esac - done + entrypoint_log "$0: info: Looking for shell scripts in /docker-entrypoint.d/" + find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do + case "$f" in + *.envsh) + if [ -x "$f" ]; then + entrypoint_log "$0: info: Sourcing $f" + . "$f" + else + # warn on shell scripts without exec bit + entrypoint_log "$0: info: Ignoring $f, not executable" + fi + ;; + *.sh) + if [ -x "$f" ]; then + entrypoint_log "$0: info: Launching $f" + "$f" + else + # warn on shell scripts without exec bit + entrypoint_log "$0: info: Ignoring $f, not executable" + fi + ;; + *) entrypoint_log "$0: info: Ignoring $f" ;; + esac + done - entrypoint_log "$0: Configuration complete; ready for start up" - else - entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" - fi + entrypoint_log "$0: info: Configuration complete; ready for start up" + else + entrypoint_log "$0: info: No files found in /docker-entrypoint.d/, skipping configuration" + fi fi exec "$@" diff --git a/modules/echo/prebuild b/modules/echo/prebuild index cd2864b05..dae374ae5 100755 --- a/modules/echo/prebuild +++ b/modules/echo/prebuild @@ -1,4 +1,5 @@ #!/bin/sh +# vim:sw=2:ts=2:sts=2:et # if a module has a build dependency that is not in debian/alpine # use this script to fetch/build/install them diff --git a/stable/alpine-perl/Dockerfile b/stable/alpine-perl/Dockerfile index 633809b82..5e5b3af12 100644 --- a/stable/alpine-perl/Dockerfile +++ b/stable/alpine-perl/Dockerfile @@ -77,6 +77,6 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi + && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi diff --git a/stable/alpine-slim/10-listen-on-ipv6-by-default.sh b/stable/alpine-slim/10-listen-on-ipv6-by-default.sh index b2655860d..f64d8cf63 100755 --- a/stable/alpine-slim/10-listen-on-ipv6-by-default.sh +++ b/stable/alpine-slim/10-listen-on-ipv6-by-default.sh @@ -1,62 +1,68 @@ #!/bin/sh -# vim:sw=4:ts=4:et +# vim:sw=2:ts=2:sts=2:et set -e entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi } -ME=$(basename $0) +ME=$(basename "$0") DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - entrypoint_log "$ME: info: ipv6 not available" - exit 0 + entrypoint_log "$ME: info: IPv6 is not available" + exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" - exit 0 + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { + entrypoint_log "$ME: info: Cannot modify /$DEFAULT_CONF_FILE (read-only file system?)" + exit 0 +} # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { + entrypoint_log "$ME: info: Listen on IPv6 is already enabled" + exit 0 +} if [ -f "/etc/os-release" ]; then - . /etc/os-release + . /etc/os-release else - entrypoint_log "$ME: info: can not guess the operating system" - exit 0 + entrypoint_log "$ME: info: Cannot guess the operating system" + exit 0 fi entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in - "debian") - CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - "alpine") - CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - *) - entrypoint_log "$ME: info: Unsupported distribution" - exit 0 - ;; +"debian") + CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + exit 0 + } + ;; +"alpine") + CHECKSUM=$(apk manifest nginx 2>/dev/null | grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + exit 0 + } + ;; +*) + entrypoint_log "$ME: info: Unsupported distribution" + exit 0 + ;; esac # enable ipv6 on default.conf listen sockets diff --git a/stable/alpine-slim/15-local-resolvers.envsh b/stable/alpine-slim/15-local-resolvers.envsh index 930621598..da963525b 100755 --- a/stable/alpine-slim/15-local-resolvers.envsh +++ b/stable/alpine-slim/15-local-resolvers.envsh @@ -8,4 +8,5 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 -export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +export NGINX_LOCAL_RESOLVERS diff --git a/stable/alpine-slim/20-envsubst-on-templates.sh b/stable/alpine-slim/20-envsubst-on-templates.sh index f3fb9fcb9..84af2cd69 100755 --- a/stable/alpine-slim/20-envsubst-on-templates.sh +++ b/stable/alpine-slim/20-envsubst-on-templates.sh @@ -1,13 +1,14 @@ #!/bin/sh +# vim:sw=2:ts=2:sts=2:et set -e -ME=$(basename $0) +ME=$(basename "$0") entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi } add_stream_block() { @@ -17,9 +18,12 @@ add_stream_block() { entrypoint_log "$ME: $conffile contains a stream block; include $stream_output_dir/*.conf to enable stream templates" else # check if the file can be modified, e.g. not on a r/o filesystem - touch "$conffile" 2>/dev/null || { entrypoint_log "$ME: info: can not modify $conffile (read-only file system?)"; exit 0; } - entrypoint_log "$ME: Appending stream block to $conffile to include $stream_output_dir/*.conf" - cat << END >> "$conffile" + touch "$conffile" 2>/dev/null || { + entrypoint_log "$ME: ERROR: can not modify $conffile (read-only file system?)" + exit 0 + } + entrypoint_log "$ME: info: Appending stream block to $conffile to include $stream_output_dir/*.conf" + cat <>"$conffile" # added by "$ME" on "$(date)" stream { include $stream_output_dir/*.conf; @@ -37,20 +41,21 @@ auto_envsubst() { local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) + + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" "$output_path" + entrypoint_log "$ME: info: Running envsubst on $template to $output_path" + envsubst "$defined_envs" <"$template" >"$output_path" done # Print the first file with the stream suffix, this will be false if there are none @@ -62,13 +67,13 @@ auto_envsubst() { fi add_stream_block find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$stream_output_dir/${relative_path%$stream_suffix}" + relative_path="${template#"$template_dir/"}" + output_path="$stream_output_dir/${relative_path%"$stream_suffix"}" subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$stream_output_dir/$subdir" - entrypoint_log "$ME: Running envsubst on $template to $output_path" - envsubst "$defined_envs" < "$template" > "$output_path" + entrypoint_log "$ME: info: Running envsubst on $template to $output_path" + envsubst "$defined_envs" <"$template" >"$output_path" done fi } diff --git a/stable/alpine-slim/30-tune-worker-processes.sh b/stable/alpine-slim/30-tune-worker-processes.sh index 9aa42e98d..527864380 100755 --- a/stable/alpine-slim/30-tune-worker-processes.sh +++ b/stable/alpine-slim/30-tune-worker-processes.sh @@ -4,17 +4,20 @@ set -eu LC_ALL=C -ME=$( basename "$0" ) +ME=$(basename "$0") PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 -touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } +touch /etc/nginx/nginx.conf 2>/dev/null || { + echo >&2 "$ME: ERROR: Cannot modify /etc/nginx/nginx.conf (read-only file system?)" + exit 0 +} ceildiv() { num=$1 div=$2 - echo $(( (num + div - 1) / div )) + echo $(((num + div - 1) / div)) } get_cpuset() { @@ -22,15 +25,15 @@ get_cpuset() { cpusetfile=$2 ncpu=0 [ -f "$cpusetroot/$cpusetfile" ] || return 1 - for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do + for token in $(tr ',' ' ' <"$cpusetroot/$cpusetfile"); do case "$token" in - *-*) - count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) - ncpu=$(( ncpu+count )) - ;; - *) - ncpu=$(( ncpu+1 )) - ;; + *-*) + count=$(seq $(echo "$token" | tr '-' ' ') | wc -l) + ncpu=$((ncpu + count)) + ;; + *) + ncpu=$((ncpu + 1)) + ;; esac done echo "$ncpu" @@ -41,11 +44,11 @@ get_quota() { ncpu=0 [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 - cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) - cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) + cfs_quota=$(cat "$cpuroot/cpu.cfs_quota_us") + cfs_period=$(cat "$cpuroot/cpu.cfs_period_us") [ "$cfs_quota" = "-1" ] && return 1 [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + ncpu=$(ceildiv "$cfs_quota" "$cfs_period") [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } @@ -54,11 +57,11 @@ get_quota_v2() { cpuroot=$1 ncpu=0 [ -f "$cpuroot/cpu.max" ] || return 1 - cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) - cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) + cfs_quota=$(cut -d' ' -f 1 <"$cpuroot/cpu.max") + cfs_period=$(cut -d' ' -f 2 <"$cpuroot/cpu.max") [ "$cfs_quota" = "max" ] && return 1 [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + ncpu=$(ceildiv "$cfs_quota" "$cfs_period") [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } @@ -74,59 +77,59 @@ get_cgroup_v1_path() { while IFS= read -r line; do case "$needle" in - "cpuset") - case "$line" in - *cpuset*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac + "cpuset") + case "$line" in + *cpuset*) + found=$(echo "$line" | cut -d ' ' -f 4,5) + break + ;; + esac + ;; + "cpu") + case "$line" in + *cpuset*) ;; + *cpu,cpuacct* | *cpuacct,cpu | *cpuacct* | *cpu*) + found=$(echo "$line" | cut -d ' ' -f 4,5) + break ;; - "cpu") - case "$line" in - *cpuset*) - ;; - *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac + esac + ;; esac - done << __EOF__ -$( grep -F -- '- cgroup ' /proc/self/mountinfo ) + done <<__EOF__ +$(grep -F -- '- cgroup ' /proc/self/mountinfo) __EOF__ while IFS= read -r line; do - controller=$( echo "$line" | cut -d: -f 2 ) + controller=$(echo "$line" | cut -d: -f 2) case "$needle" in - "cpuset") - case "$controller" in - cpuset) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac + "cpuset") + case "$controller" in + cpuset) + mountpoint=$(echo "$line" | cut -d: -f 3) + break ;; - "cpu") - case "$controller" in - cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac + esac + ;; + "cpu") + case "$controller" in + cpu,cpuacct | cpuacct,cpu | cpuacct | cpu) + mountpoint=$(echo "$line" | cut -d: -f 3) + break ;; + esac + ;; esac -done << __EOF__ -$( grep -F -- 'cpu' /proc/self/cgroup ) + done <<__EOF__ +$(grep -F -- 'cpu' /proc/self/cgroup) __EOF__ case "${found%% *}" in - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint") - foundroot="${found##* }" - ;; + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; esac echo "$foundroot" } @@ -140,49 +143,49 @@ get_cgroup_v2_path() { [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - done << __EOF__ -$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) + found=$(echo "$line" | cut -d ' ' -f 4,5) + done <<__EOF__ +$(grep -F -- '- cgroup2 ' /proc/self/mountinfo) __EOF__ while IFS= read -r line; do - mountpoint=$( echo "$line" | cut -d: -f 3 ) -done << __EOF__ -$( grep -F -- '0::' /proc/self/cgroup ) + mountpoint=$(echo "$line" | cut -d: -f 3) + done <<__EOF__ +$(grep -F -- '0::' /proc/self/cgroup) __EOF__ case "${found%% *}" in - "") - return 1 - ;; - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint" | /../*) - foundroot="${found##* }" - ;; + "") + return 1 + ;; + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint" | /../*) + foundroot="${found##* }" + ;; esac echo "$foundroot" } -ncpu_online=$( getconf _NPROCESSORS_ONLN ) +ncpu_online=$(getconf _NPROCESSORS_ONLN) ncpu_cpuset= ncpu_quota= ncpu_cpuset_v2= ncpu_quota_v2= -cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online -cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online - -ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ - "$ncpu_online" \ - "$ncpu_cpuset" \ - "$ncpu_quota" \ - "$ncpu_cpuset_v2" \ - "$ncpu_quota_v2" \ - | sort -n \ - | head -n 1 ) +cpuset=$(get_cgroup_v1_path "cpuset") && ncpu_cpuset=$(get_cpuset "$cpuset" "cpuset.effective_cpus") || ncpu_cpuset=$ncpu_online +cpu=$(get_cgroup_v1_path "cpu") && ncpu_quota=$(get_quota "$cpu") || ncpu_quota=$ncpu_online +cgroup_v2=$(get_cgroup_v2_path) && ncpu_cpuset_v2=$(get_cpuset "$cgroup_v2" "cpuset.cpus.effective") || ncpu_cpuset_v2=$ncpu_online +cgroup_v2=$(get_cgroup_v2_path) && ncpu_quota_v2=$(get_quota_v2 "$cgroup_v2") || ncpu_quota_v2=$ncpu_online + +ncpu=$(printf "%s\n%s\n%s\n%s\n%s\n" \ + "$ncpu_online" \ + "$ncpu_cpuset" \ + "$ncpu_quota" \ + "$ncpu_cpuset_v2" \ + "$ncpu_quota_v2" | + sort -n | + head -n 1) sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/stable/alpine-slim/Dockerfile b/stable/alpine-slim/Dockerfile index 875877566..1826029e6 100644 --- a/stable/alpine-slim/Dockerfile +++ b/stable/alpine-slim/Dockerfile @@ -79,9 +79,9 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ + && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in gettext so we can get `envsubst`, then throw # the rest away. To do this, we need to install `gettext` # then move `envsubst` out of the way so `gettext` can diff --git a/stable/alpine-slim/docker-entrypoint.sh b/stable/alpine-slim/docker-entrypoint.sh index e201fe608..943656ffa 100755 --- a/stable/alpine-slim/docker-entrypoint.sh +++ b/stable/alpine-slim/docker-entrypoint.sh @@ -1,47 +1,47 @@ #!/bin/sh -# vim:sw=4:ts=4:et +# vim:sw=2:ts=2:sts=2:et set -e entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi } -if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" +if [ "$1" = "nginx" ] || [ "$1" = "nginx-debug" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then + entrypoint_log "$0: info: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do - case "$f" in - *.envsh) - if [ -x "$f" ]; then - entrypoint_log "$0: Sourcing $f"; - . "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *.sh) - if [ -x "$f" ]; then - entrypoint_log "$0: Launching $f"; - "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *) entrypoint_log "$0: Ignoring $f";; - esac - done + entrypoint_log "$0: info: Looking for shell scripts in /docker-entrypoint.d/" + find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do + case "$f" in + *.envsh) + if [ -x "$f" ]; then + entrypoint_log "$0: info: Sourcing $f" + . "$f" + else + # warn on shell scripts without exec bit + entrypoint_log "$0: info: Ignoring $f, not executable" + fi + ;; + *.sh) + if [ -x "$f" ]; then + entrypoint_log "$0: info: Launching $f" + "$f" + else + # warn on shell scripts without exec bit + entrypoint_log "$0: info: Ignoring $f, not executable" + fi + ;; + *) entrypoint_log "$0: info: Ignoring $f" ;; + esac + done - entrypoint_log "$0: Configuration complete; ready for start up" - else - entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" - fi + entrypoint_log "$0: info: Configuration complete; ready for start up" + else + entrypoint_log "$0: info: No files found in /docker-entrypoint.d/, skipping configuration" + fi fi exec "$@" diff --git a/stable/alpine/Dockerfile b/stable/alpine/Dockerfile index b703af15e..629e1755d 100644 --- a/stable/alpine/Dockerfile +++ b/stable/alpine/Dockerfile @@ -81,8 +81,8 @@ RUN set -x \ # remove checksum deps && apk del --no-network .checksum-deps \ # if we have leftovers from building, let's purge them (including extra, unnecessary build deps) - && if [ -n "$tempDir" ]; then rm -rf "$tempDir"; fi \ - && if [ -n "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ - && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ + && if [ -f "$tempDir" ]; then rm -rf "$tempDir"; fi \ + && if [ -f "/etc/apk/keys/abuild-key.rsa.pub" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \ + && if [ -f "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \ # Bring in curl and ca-certificates to make registering on DNS SD easier && apk add --no-cache curl ca-certificates diff --git a/stable/debian/10-listen-on-ipv6-by-default.sh b/stable/debian/10-listen-on-ipv6-by-default.sh index b2655860d..f64d8cf63 100755 --- a/stable/debian/10-listen-on-ipv6-by-default.sh +++ b/stable/debian/10-listen-on-ipv6-by-default.sh @@ -1,62 +1,68 @@ #!/bin/sh -# vim:sw=4:ts=4:et +# vim:sw=2:ts=2:sts=2:et set -e entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi } -ME=$(basename $0) +ME=$(basename "$0") DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf" # check if we have ipv6 available if [ ! -f "/proc/net/if_inet6" ]; then - entrypoint_log "$ME: info: ipv6 not available" - exit 0 + entrypoint_log "$ME: info: IPv6 is not available" + exit 0 fi if [ ! -f "/$DEFAULT_CONF_FILE" ]; then - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" - exit 0 + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist" + exit 0 fi # check if the file can be modified, e.g. not on a r/o filesystem -touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; } +touch /$DEFAULT_CONF_FILE 2>/dev/null || { + entrypoint_log "$ME: info: Cannot modify /$DEFAULT_CONF_FILE (read-only file system?)" + exit 0 +} # check if the file is already modified, e.g. on a container restart -grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; } +grep -q "listen \[::]\:80;" /$DEFAULT_CONF_FILE && { + entrypoint_log "$ME: info: Listen on IPv6 is already enabled" + exit 0 +} if [ -f "/etc/os-release" ]; then - . /etc/os-release + . /etc/os-release else - entrypoint_log "$ME: info: can not guess the operating system" - exit 0 + entrypoint_log "$ME: info: Cannot guess the operating system" + exit 0 fi entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE" case "$ID" in - "debian") - CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - "alpine") - CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) - echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { - entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" - exit 0 - } - ;; - *) - entrypoint_log "$ME: info: Unsupported distribution" - exit 0 - ;; +"debian") + CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || { + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + exit 0 + } + ;; +"alpine") + CHECKSUM=$(apk manifest nginx 2>/dev/null | grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2) + echo "$CHECKSUM /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || { + entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version" + exit 0 + } + ;; +*) + entrypoint_log "$ME: info: Unsupported distribution" + exit 0 + ;; esac # enable ipv6 on default.conf listen sockets diff --git a/stable/debian/15-local-resolvers.envsh b/stable/debian/15-local-resolvers.envsh index 930621598..da963525b 100755 --- a/stable/debian/15-local-resolvers.envsh +++ b/stable/debian/15-local-resolvers.envsh @@ -8,4 +8,5 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_LOCAL_RESOLVERS:-}" ] || return 0 -export NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +NGINX_LOCAL_RESOLVERS=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) +export NGINX_LOCAL_RESOLVERS diff --git a/stable/debian/20-envsubst-on-templates.sh b/stable/debian/20-envsubst-on-templates.sh index f3fb9fcb9..84af2cd69 100755 --- a/stable/debian/20-envsubst-on-templates.sh +++ b/stable/debian/20-envsubst-on-templates.sh @@ -1,13 +1,14 @@ #!/bin/sh +# vim:sw=2:ts=2:sts=2:et set -e -ME=$(basename $0) +ME=$(basename "$0") entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi } add_stream_block() { @@ -17,9 +18,12 @@ add_stream_block() { entrypoint_log "$ME: $conffile contains a stream block; include $stream_output_dir/*.conf to enable stream templates" else # check if the file can be modified, e.g. not on a r/o filesystem - touch "$conffile" 2>/dev/null || { entrypoint_log "$ME: info: can not modify $conffile (read-only file system?)"; exit 0; } - entrypoint_log "$ME: Appending stream block to $conffile to include $stream_output_dir/*.conf" - cat << END >> "$conffile" + touch "$conffile" 2>/dev/null || { + entrypoint_log "$ME: ERROR: can not modify $conffile (read-only file system?)" + exit 0 + } + entrypoint_log "$ME: info: Appending stream block to $conffile to include $stream_output_dir/*.conf" + cat <>"$conffile" # added by "$ME" on "$(date)" stream { include $stream_output_dir/*.conf; @@ -37,20 +41,21 @@ auto_envsubst() { local filter="${NGINX_ENVSUBST_FILTER:-}" local template defined_envs relative_path output_path subdir - defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" < /dev/null )) + + defined_envs=$(printf '${%s} ' $(awk "END { for (name in ENVIRON) { print ( name ~ /${filter}/ ) ? name : \"\" } }" "$output_path" + entrypoint_log "$ME: info: Running envsubst on $template to $output_path" + envsubst "$defined_envs" <"$template" >"$output_path" done # Print the first file with the stream suffix, this will be false if there are none @@ -62,13 +67,13 @@ auto_envsubst() { fi add_stream_block find "$template_dir" -follow -type f -name "*$stream_suffix" -print | while read -r template; do - relative_path="${template#$template_dir/}" - output_path="$stream_output_dir/${relative_path%$stream_suffix}" + relative_path="${template#"$template_dir/"}" + output_path="$stream_output_dir/${relative_path%"$stream_suffix"}" subdir=$(dirname "$relative_path") # create a subdirectory where the template file exists mkdir -p "$stream_output_dir/$subdir" - entrypoint_log "$ME: Running envsubst on $template to $output_path" - envsubst "$defined_envs" < "$template" > "$output_path" + entrypoint_log "$ME: info: Running envsubst on $template to $output_path" + envsubst "$defined_envs" <"$template" >"$output_path" done fi } diff --git a/stable/debian/30-tune-worker-processes.sh b/stable/debian/30-tune-worker-processes.sh index 9aa42e98d..527864380 100755 --- a/stable/debian/30-tune-worker-processes.sh +++ b/stable/debian/30-tune-worker-processes.sh @@ -4,17 +4,20 @@ set -eu LC_ALL=C -ME=$( basename "$0" ) +ME=$(basename "$0") PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin [ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 -touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } +touch /etc/nginx/nginx.conf 2>/dev/null || { + echo >&2 "$ME: ERROR: Cannot modify /etc/nginx/nginx.conf (read-only file system?)" + exit 0 +} ceildiv() { num=$1 div=$2 - echo $(( (num + div - 1) / div )) + echo $(((num + div - 1) / div)) } get_cpuset() { @@ -22,15 +25,15 @@ get_cpuset() { cpusetfile=$2 ncpu=0 [ -f "$cpusetroot/$cpusetfile" ] || return 1 - for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do + for token in $(tr ',' ' ' <"$cpusetroot/$cpusetfile"); do case "$token" in - *-*) - count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) - ncpu=$(( ncpu+count )) - ;; - *) - ncpu=$(( ncpu+1 )) - ;; + *-*) + count=$(seq $(echo "$token" | tr '-' ' ') | wc -l) + ncpu=$((ncpu + count)) + ;; + *) + ncpu=$((ncpu + 1)) + ;; esac done echo "$ncpu" @@ -41,11 +44,11 @@ get_quota() { ncpu=0 [ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 [ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 - cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) - cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) + cfs_quota=$(cat "$cpuroot/cpu.cfs_quota_us") + cfs_period=$(cat "$cpuroot/cpu.cfs_period_us") [ "$cfs_quota" = "-1" ] && return 1 [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + ncpu=$(ceildiv "$cfs_quota" "$cfs_period") [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } @@ -54,11 +57,11 @@ get_quota_v2() { cpuroot=$1 ncpu=0 [ -f "$cpuroot/cpu.max" ] || return 1 - cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) - cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) + cfs_quota=$(cut -d' ' -f 1 <"$cpuroot/cpu.max") + cfs_period=$(cut -d' ' -f 2 <"$cpuroot/cpu.max") [ "$cfs_quota" = "max" ] && return 1 [ "$cfs_period" = "0" ] && return 1 - ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) + ncpu=$(ceildiv "$cfs_quota" "$cfs_period") [ "$ncpu" -gt 0 ] || return 1 echo "$ncpu" } @@ -74,59 +77,59 @@ get_cgroup_v1_path() { while IFS= read -r line; do case "$needle" in - "cpuset") - case "$line" in - *cpuset*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac + "cpuset") + case "$line" in + *cpuset*) + found=$(echo "$line" | cut -d ' ' -f 4,5) + break + ;; + esac + ;; + "cpu") + case "$line" in + *cpuset*) ;; + *cpu,cpuacct* | *cpuacct,cpu | *cpuacct* | *cpu*) + found=$(echo "$line" | cut -d ' ' -f 4,5) + break ;; - "cpu") - case "$line" in - *cpuset*) - ;; - *cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - break - ;; - esac + esac + ;; esac - done << __EOF__ -$( grep -F -- '- cgroup ' /proc/self/mountinfo ) + done <<__EOF__ +$(grep -F -- '- cgroup ' /proc/self/mountinfo) __EOF__ while IFS= read -r line; do - controller=$( echo "$line" | cut -d: -f 2 ) + controller=$(echo "$line" | cut -d: -f 2) case "$needle" in - "cpuset") - case "$controller" in - cpuset) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac + "cpuset") + case "$controller" in + cpuset) + mountpoint=$(echo "$line" | cut -d: -f 3) + break ;; - "cpu") - case "$controller" in - cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) - mountpoint=$( echo "$line" | cut -d: -f 3 ) - break - ;; - esac + esac + ;; + "cpu") + case "$controller" in + cpu,cpuacct | cpuacct,cpu | cpuacct | cpu) + mountpoint=$(echo "$line" | cut -d: -f 3) + break ;; + esac + ;; esac -done << __EOF__ -$( grep -F -- 'cpu' /proc/self/cgroup ) + done <<__EOF__ +$(grep -F -- 'cpu' /proc/self/cgroup) __EOF__ case "${found%% *}" in - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint") - foundroot="${found##* }" - ;; + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint") + foundroot="${found##* }" + ;; esac echo "$foundroot" } @@ -140,49 +143,49 @@ get_cgroup_v2_path() { [ -r "/proc/self/cgroup" ] || return 1 while IFS= read -r line; do - found=$( echo "$line" | cut -d ' ' -f 4,5 ) - done << __EOF__ -$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) + found=$(echo "$line" | cut -d ' ' -f 4,5) + done <<__EOF__ +$(grep -F -- '- cgroup2 ' /proc/self/mountinfo) __EOF__ while IFS= read -r line; do - mountpoint=$( echo "$line" | cut -d: -f 3 ) -done << __EOF__ -$( grep -F -- '0::' /proc/self/cgroup ) + mountpoint=$(echo "$line" | cut -d: -f 3) + done <<__EOF__ +$(grep -F -- '0::' /proc/self/cgroup) __EOF__ case "${found%% *}" in - "") - return 1 - ;; - "/") - foundroot="${found##* }$mountpoint" - ;; - "$mountpoint" | /../*) - foundroot="${found##* }" - ;; + "") + return 1 + ;; + "/") + foundroot="${found##* }$mountpoint" + ;; + "$mountpoint" | /../*) + foundroot="${found##* }" + ;; esac echo "$foundroot" } -ncpu_online=$( getconf _NPROCESSORS_ONLN ) +ncpu_online=$(getconf _NPROCESSORS_ONLN) ncpu_cpuset= ncpu_quota= ncpu_cpuset_v2= ncpu_quota_v2= -cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online -cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online -cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online - -ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ - "$ncpu_online" \ - "$ncpu_cpuset" \ - "$ncpu_quota" \ - "$ncpu_cpuset_v2" \ - "$ncpu_quota_v2" \ - | sort -n \ - | head -n 1 ) +cpuset=$(get_cgroup_v1_path "cpuset") && ncpu_cpuset=$(get_cpuset "$cpuset" "cpuset.effective_cpus") || ncpu_cpuset=$ncpu_online +cpu=$(get_cgroup_v1_path "cpu") && ncpu_quota=$(get_quota "$cpu") || ncpu_quota=$ncpu_online +cgroup_v2=$(get_cgroup_v2_path) && ncpu_cpuset_v2=$(get_cpuset "$cgroup_v2" "cpuset.cpus.effective") || ncpu_cpuset_v2=$ncpu_online +cgroup_v2=$(get_cgroup_v2_path) && ncpu_quota_v2=$(get_quota_v2 "$cgroup_v2") || ncpu_quota_v2=$ncpu_online + +ncpu=$(printf "%s\n%s\n%s\n%s\n%s\n" \ + "$ncpu_online" \ + "$ncpu_cpuset" \ + "$ncpu_quota" \ + "$ncpu_cpuset_v2" \ + "$ncpu_quota_v2" | + sort -n | + head -n 1) sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf diff --git a/stable/debian/docker-entrypoint.sh b/stable/debian/docker-entrypoint.sh index e201fe608..943656ffa 100755 --- a/stable/debian/docker-entrypoint.sh +++ b/stable/debian/docker-entrypoint.sh @@ -1,47 +1,47 @@ #!/bin/sh -# vim:sw=4:ts=4:et +# vim:sw=2:ts=2:sts=2:et set -e entrypoint_log() { - if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then - echo "$@" - fi + if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then + echo "$@" + fi } -if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then - if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then - entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" +if [ "$1" = "nginx" ] || [ "$1" = "nginx-debug" ]; then + if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then + entrypoint_log "$0: info: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" - entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/" - find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do - case "$f" in - *.envsh) - if [ -x "$f" ]; then - entrypoint_log "$0: Sourcing $f"; - . "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *.sh) - if [ -x "$f" ]; then - entrypoint_log "$0: Launching $f"; - "$f" - else - # warn on shell scripts without exec bit - entrypoint_log "$0: Ignoring $f, not executable"; - fi - ;; - *) entrypoint_log "$0: Ignoring $f";; - esac - done + entrypoint_log "$0: info: Looking for shell scripts in /docker-entrypoint.d/" + find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do + case "$f" in + *.envsh) + if [ -x "$f" ]; then + entrypoint_log "$0: info: Sourcing $f" + . "$f" + else + # warn on shell scripts without exec bit + entrypoint_log "$0: info: Ignoring $f, not executable" + fi + ;; + *.sh) + if [ -x "$f" ]; then + entrypoint_log "$0: info: Launching $f" + "$f" + else + # warn on shell scripts without exec bit + entrypoint_log "$0: info: Ignoring $f, not executable" + fi + ;; + *) entrypoint_log "$0: info: Ignoring $f" ;; + esac + done - entrypoint_log "$0: Configuration complete; ready for start up" - else - entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration" - fi + entrypoint_log "$0: info: Configuration complete; ready for start up" + else + entrypoint_log "$0: info: No files found in /docker-entrypoint.d/, skipping configuration" + fi fi exec "$@" diff --git a/update.sh b/update.sh index 269b35362..9965de5cc 100755 --- a/update.sh +++ b/update.sh @@ -1,4 +1,6 @@ #!/usr/bin/env bash +# vim:sw=4:ts=4:sts=4:et + set -Eeuo pipefail shopt -s nullglob @@ -120,27 +122,27 @@ get_packagever() { [ "${distro}" = "debian" ] && suffix="~${debianver}" - echo ${pkg[$branch]}${suffix} + echo "${pkg[$branch]}${suffix}" } get_buildtarget() { local distro="$1" case "$distro" in - alpine-slim) - echo base - ;; - alpine-perl) - echo module-perl - ;; - alpine) - echo module-geoip module-image-filter module-njs module-xslt - ;; - debian) - echo "\$nginxPackages" - ;; - debian-perl) - echo "nginx-module-perl=\${NGINX_VERSION}-\${PKG_RELEASE}" - ;; + alpine-slim) + echo base + ;; + alpine-perl) + echo module-perl + ;; + alpine) + echo module-geoip module-image-filter module-njs module-xslt + ;; + debian) + echo "\$nginxPackages" + ;; + debian-perl) + echo "nginx-module-perl=\${NGINX_VERSION}-\${PKG_RELEASE}" + ;; esac } @@ -194,12 +196,11 @@ for branch in "${branches[@]}"; do -e 's,%%PKGOSSCHECKSUM%%,'"$pkgosschecksumver"',' \ -e 's,%%BUILDTARGET%%,'"$buildtarget"',' \ "$dir/Dockerfile" - done for variant in \ alpine-slim \ - debian; do \ + debian; do echo "$branch: $variant entrypoint scripts" dir="$branch/$variant" cp -a entrypoint/*.sh "$dir/"