mirror of
https://github.com/jc21/nginx-proxy-manager.git
synced 2024-08-30 18:22:48 +00:00
Small refactor of user/groups and add checks during startup. Only use -x in bash scripts when DEBUG=true set in env vars
This commit is contained in:
parent
a1245bc161
commit
c432c34fb3
@ -12,6 +12,11 @@ export CYAN BLUE YELLOW RED RESET
|
|||||||
PUID=${PUID:-0}
|
PUID=${PUID:-0}
|
||||||
PGID=${PGID:-0}
|
PGID=${PGID:-0}
|
||||||
|
|
||||||
|
NPMUSER=npm
|
||||||
|
NPMGROUP=npm
|
||||||
|
NPMHOME=/tmp/npmuserhome
|
||||||
|
export NPMUSER NPMGROUP NPMHOME
|
||||||
|
|
||||||
if [[ "$PUID" -ne '0' ]] && [ "$PGID" = '0' ]; then
|
if [[ "$PUID" -ne '0' ]] && [ "$PGID" = '0' ]; then
|
||||||
# set group id to same as user id,
|
# set group id to same as user id,
|
||||||
# the user probably forgot to specify the group id and
|
# the user probably forgot to specify the group id and
|
||||||
@ -40,3 +45,10 @@ log_fatal () {
|
|||||||
/run/s6/basedir/bin/halt
|
/run/s6/basedir/bin/halt
|
||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# param $1: group_name
|
||||||
|
get_group_id () {
|
||||||
|
if [ "${1:-}" != '' ]; then
|
||||||
|
getent group "$1" | cut -d: -f3
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
# run nginx in foreground
|
# run nginx in foreground
|
||||||
daemon off;
|
daemon off;
|
||||||
pid /run/nginx/nginx.pid;
|
pid /run/nginx/nginx.pid;
|
||||||
user npmuser;
|
user npm;
|
||||||
|
|
||||||
# Set number of worker processes automatically based on number of CPU cores.
|
# Set number of worker processes automatically based on number of CPU cores.
|
||||||
worker_processes auto;
|
worker_processes auto;
|
||||||
|
@ -12,12 +12,12 @@ cd /app || exit 1
|
|||||||
log_info 'Starting backend ...'
|
log_info 'Starting backend ...'
|
||||||
|
|
||||||
if [ "${DEVELOPMENT:-}" = 'true' ]; then
|
if [ "${DEVELOPMENT:-}" = 'true' ]; then
|
||||||
s6-setuidgid npmuser yarn install
|
s6-setuidgid "$PUID:$PGID" yarn install
|
||||||
exec s6-setuidgid npmuser bash -c 'export HOME=/tmp/npmuserhome;node --max_old_space_size=250 --abort_on_uncaught_exception node_modules/nodemon/bin/nodemon.js'
|
exec s6-setuidgid "$PUID:$PGID" bash -c "export HOME=$NPMHOME;node --max_old_space_size=250 --abort_on_uncaught_exception node_modules/nodemon/bin/nodemon.js"
|
||||||
else
|
else
|
||||||
while :
|
while :
|
||||||
do
|
do
|
||||||
s6-setuidgid npmuser bash -c 'export HOME=/tmp/npmuserhome;node --abort_on_uncaught_exception --max_old_space_size=250 index.js'
|
s6-setuidgid "$PUID:$PGID" bash -c "export HOME=$NPMHOME;node --abort_on_uncaught_exception --max_old_space_size=250 index.js"
|
||||||
sleep 1
|
sleep 1
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
@ -8,14 +8,14 @@ set -e
|
|||||||
if [ "$DEVELOPMENT" = 'true' ]; then
|
if [ "$DEVELOPMENT" = 'true' ]; then
|
||||||
. /bin/common.sh
|
. /bin/common.sh
|
||||||
cd /app/frontend || exit 1
|
cd /app/frontend || exit 1
|
||||||
HOME=/tmp/npmuserhome
|
HOME=$NPMHOME
|
||||||
export HOME
|
export HOME
|
||||||
mkdir -p /app/frontend/dist
|
mkdir -p /app/frontend/dist
|
||||||
chown -R "$PUID:$PGID" /app/frontend/dist
|
chown -R "$PUID:$PGID" /app/frontend/dist
|
||||||
|
|
||||||
log_info 'Starting frontend ...'
|
log_info 'Starting frontend ...'
|
||||||
s6-setuidgid npmuser yarn install
|
s6-setuidgid "$PUID:$PGID" yarn install
|
||||||
exec s6-setuidgid npmuser yarn watch
|
exec s6-setuidgid "$PUID:$PGID" yarn watch
|
||||||
else
|
else
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
@ -6,4 +6,4 @@ set -e
|
|||||||
. /bin/common.sh
|
. /bin/common.sh
|
||||||
|
|
||||||
log_info 'Starting nginx ...'
|
log_info 'Starting nginx ...'
|
||||||
exec s6-setuidgid npmuser nginx
|
exec s6-setuidgid "$PUID:$PGID" nginx
|
||||||
|
@ -9,7 +9,11 @@ if [ "$(id -u)" != "0" ]; then
|
|||||||
log_fatal "This docker container must be run as root, do not specify a user.\nYou can specify PUID and PGID env vars to run processes as that user and group after initialization."
|
log_fatal "This docker container must be run as root, do not specify a user.\nYou can specify PUID and PGID env vars to run processes as that user and group after initialization."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
. /etc/s6-overlay/s6-rc.d/prepare/10-npmuser.sh
|
if [ "$DEBUG" = "true" ]; then
|
||||||
|
set -x
|
||||||
|
fi
|
||||||
|
|
||||||
|
. /etc/s6-overlay/s6-rc.d/prepare/10-usergroup.sh
|
||||||
. /etc/s6-overlay/s6-rc.d/prepare/20-paths.sh
|
. /etc/s6-overlay/s6-rc.d/prepare/20-paths.sh
|
||||||
. /etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh
|
. /etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh
|
||||||
. /etc/s6-overlay/s6-rc.d/prepare/40-dynamic.sh
|
. /etc/s6-overlay/s6-rc.d/prepare/40-dynamic.sh
|
||||||
|
@ -1,22 +0,0 @@
|
|||||||
#!/command/with-contenv bash
|
|
||||||
# shellcheck shell=bash
|
|
||||||
|
|
||||||
set -e
|
|
||||||
# verbose
|
|
||||||
set -x
|
|
||||||
|
|
||||||
log_info 'Configuring npmuser ...'
|
|
||||||
|
|
||||||
if id -u npmuser; then
|
|
||||||
# user already exists
|
|
||||||
usermod -u "$PUID" npmuser || exit 1
|
|
||||||
else
|
|
||||||
# Add npmuser user
|
|
||||||
useradd -o -u "$PUID" -U -d /tmp/npmuserhome -s /bin/false npmuser || exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
usermod -G "$PGID" npmuser || exit 1
|
|
||||||
groupmod -o -g "$PGID" npmuser || exit 1
|
|
||||||
# Home for npmuser
|
|
||||||
mkdir -p /tmp/npmuserhome
|
|
||||||
chown -R "$PUID:$PGID" /tmp/npmuserhome
|
|
40
docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/10-usergroup.sh
Executable file
40
docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/10-usergroup.sh
Executable file
@ -0,0 +1,40 @@
|
|||||||
|
#!/command/with-contenv bash
|
||||||
|
# shellcheck shell=bash
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
log_info "Configuring $NPMUSER user ..."
|
||||||
|
|
||||||
|
if id -u "$NPMUSER" 2>/dev/null; then
|
||||||
|
# user already exists
|
||||||
|
usermod -u "$PUID" "$NPMUSER"
|
||||||
|
else
|
||||||
|
# Add user
|
||||||
|
useradd -o -u "$PUID" -U -d "$NPMHOME" -s /bin/false "$NPMUSER"
|
||||||
|
fi
|
||||||
|
|
||||||
|
log_info "Configuring $NPMGROUP group ..."
|
||||||
|
if [ "$(get_group_id "$NPMGROUP")" = '' ]; then
|
||||||
|
# Add group. This will not set the id properly if it's already taken
|
||||||
|
groupadd -f -g "$PGID" "$NPMGROUP"
|
||||||
|
else
|
||||||
|
groupmod -o -g "$PGID" "$NPMGROUP"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Set the group ID and check it
|
||||||
|
groupmod -o -g "$PGID" "$NPMGROUP"
|
||||||
|
if [ "$(get_group_id "$NPMGROUP")" != "$PGID" ]; then
|
||||||
|
echo "ERROR: Unable to set group id properly"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Set the group against the user and check it
|
||||||
|
usermod -G "$PGID" "$NPMGROUP"
|
||||||
|
if [ "$(id -g "$NPMUSER")" != "$PGID" ] ; then
|
||||||
|
echo "ERROR: Unable to set group against the user properly"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Home for user
|
||||||
|
mkdir -p "$NPMHOME"
|
||||||
|
chown -R "$PUID:$PGID" "$NPMHOME"
|
@ -2,8 +2,6 @@
|
|||||||
# shellcheck shell=bash
|
# shellcheck shell=bash
|
||||||
|
|
||||||
set -e
|
set -e
|
||||||
# verbose
|
|
||||||
set -x
|
|
||||||
|
|
||||||
log_info 'Checking paths ...'
|
log_info 'Checking paths ...'
|
||||||
|
|
||||||
|
@ -2,15 +2,13 @@
|
|||||||
# shellcheck shell=bash
|
# shellcheck shell=bash
|
||||||
|
|
||||||
set -e
|
set -e
|
||||||
# verbose
|
|
||||||
set -x
|
|
||||||
|
|
||||||
log_info 'Setting ownership ...'
|
log_info 'Setting ownership ...'
|
||||||
|
|
||||||
# root
|
# root
|
||||||
chown root /tmp/nginx
|
chown root /tmp/nginx
|
||||||
|
|
||||||
# npmuser
|
# npm user and group
|
||||||
chown -R "$PUID:$PGID" /data
|
chown -R "$PUID:$PGID" /data
|
||||||
chown -R "$PUID:$PGID" /etc/letsencrypt
|
chown -R "$PUID:$PGID" /etc/letsencrypt
|
||||||
chown -R "$PUID:$PGID" /run/nginx
|
chown -R "$PUID:$PGID" /run/nginx
|
||||||
|
@ -2,8 +2,6 @@
|
|||||||
# shellcheck shell=bash
|
# shellcheck shell=bash
|
||||||
|
|
||||||
set -e
|
set -e
|
||||||
# verbose
|
|
||||||
set -x
|
|
||||||
|
|
||||||
log_info 'Dynamic resolvers ...'
|
log_info 'Dynamic resolvers ...'
|
||||||
|
|
||||||
|
@ -5,8 +5,6 @@
|
|||||||
# or disable ipv6 in all nginx configs based on this setting.
|
# or disable ipv6 in all nginx configs based on this setting.
|
||||||
|
|
||||||
set -e
|
set -e
|
||||||
# verbose
|
|
||||||
set -x
|
|
||||||
|
|
||||||
log_info 'IPv6 ...'
|
log_info 'IPv6 ...'
|
||||||
|
|
||||||
@ -33,7 +31,7 @@ process_folder () {
|
|||||||
sed -E -i "$SED_REGEX" "$FILE"
|
sed -E -i "$SED_REGEX" "$FILE"
|
||||||
done
|
done
|
||||||
|
|
||||||
# ensure the files are still owned by the npmuser
|
# ensure the files are still owned by the npm user
|
||||||
chown -R "$PUID:$PGID" "$1"
|
chown -R "$PUID:$PGID" "$1"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2,8 +2,6 @@
|
|||||||
# shellcheck shell=bash
|
# shellcheck shell=bash
|
||||||
|
|
||||||
set -e
|
set -e
|
||||||
# verbose
|
|
||||||
set -x
|
|
||||||
|
|
||||||
# in s6, environmental variables are written as text files for s6 to monitor
|
# in s6, environmental variables are written as text files for s6 to monitor
|
||||||
# search through full-path filenames for files ending in "__FILE"
|
# search through full-path filenames for files ending in "__FILE"
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
# shellcheck shell=bash
|
# shellcheck shell=bash
|
||||||
|
|
||||||
set -e
|
set -e
|
||||||
|
set +x
|
||||||
|
|
||||||
echo "
|
echo "
|
||||||
-------------------------------------
|
-------------------------------------
|
||||||
@ -11,7 +12,7 @@ echo "
|
|||||||
| |\ | __/| | | |
|
| |\ | __/| | | |
|
||||||
|_| \_|_| |_| |_|
|
|_| \_|_| |_| |_|
|
||||||
-------------------------------------
|
-------------------------------------
|
||||||
User ID: $PUID
|
User: $NPMUSER PUID:$PUID ID:$(id -u "$NPMUSER") GROUP:$(id -g "$NPMUSER")
|
||||||
Group ID: $PGID
|
Group: $NPMGROUP PGID:$PGID ID:$(get_group_id "$NPMGROUP")
|
||||||
-------------------------------------
|
-------------------------------------
|
||||||
"
|
"
|
||||||
|
Loading…
Reference in New Issue
Block a user