Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added NGINX_ENABLED env variable allowing to disable internal nginx… #148

Closed
wants to merge 1 commit into from
Closed

Added NGINX_ENABLED env variable allowing to disable internal nginx… #148

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -573,6 +573,7 @@ Below is the complete list of parameters that can be set using environment varia
- **DB_USER**: The database user. Defaults to `root`
- **DB_PASS**: The database password. Defaults to no password
- **DB_POOL**: The database connection pool count. Defaults to `5`.
- **NGINX_ENABLED**: Start internal nginx server. Set to `false` and publish 8080 port to use external proxy server. Defaults to `true`.
- **NGINX_WORKERS**: The number of nginx workers to start. Defaults to `1`.
- **NGINX_MAX_UPLOAD_SIZE**: Maximum acceptable upload size. Defaults to `20m`.
- **NGINX_X_FORWARDED_PROTO**: Advanced configuration option for the `proxy_set_header X-Forwarded-Proto` setting in the redmine nginx vHost configuration. Defaults to `https` when `REDMINE_HTTPS` is `true`, else defaults to `$scheme`.
Expand Down
2 changes: 1 addition & 1 deletion assets/config/redmine/unicorn.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
# listen on both a Unix domain socket and a TCP port,
# we use a shorter backlog for quicker failover when busy
listen "{{REDMINE_INSTALL_DIR}}/tmp/sockets/redmine.socket", :backlog => 64
listen "127.0.0.1:8080", :tcp_nopush => true
listen {{UNICORN_LISTEN}}, :tcp_nopush => true

# nuke workers after 30 seconds instead of 60 seconds (the default)
timeout {{UNICORN_TIMEOUT}}
Expand Down
20 changes: 11 additions & 9 deletions assets/setup/install.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,19 +88,21 @@ ln -sf ${REDMINE_LOG_DIR}/redmine log
chmod -R u+rwX files tmp
chown -R ${REDMINE_USER}:${REDMINE_USER} ${REDMINE_INSTALL_DIR}

# disable default nginx configuration
rm -f /etc/nginx/sites-enabled/default
if [[ ${NGINX_ENABLED} == true ]]; then
# disable default nginx configuration
rm -f /etc/nginx/sites-enabled/default

# run nginx as ${REDMINE_USER} user
sed 's/user www-data/user '"${REDMINE_USER}"'/' -i /etc/nginx/nginx.conf
# run nginx as ${REDMINE_USER} user
sed 's/user www-data/user '"${REDMINE_USER}"'/' -i /etc/nginx/nginx.conf

# move nginx logs to ${REDMINE_LOG_DIR}/nginx
sed 's|access_log /var/log/nginx/access.log;|access_log '"${REDMINE_LOG_DIR}"'/nginx/access.log;|' -i /etc/nginx/nginx.conf
sed 's|error_log /var/log/nginx/error.log;|error_log '"${REDMINE_LOG_DIR}"'/nginx/error.log;|' -i /etc/nginx/nginx.conf
fi

# move supervisord.log file to ${REDMINE_LOG_DIR}/supervisor/
sed 's|^logfile=.*|logfile='"${REDMINE_LOG_DIR}"'/supervisor/supervisord.log ;|' -i /etc/supervisor/supervisord.conf

# move nginx logs to ${REDMINE_LOG_DIR}/nginx
sed 's|access_log /var/log/nginx/access.log;|access_log '"${REDMINE_LOG_DIR}"'/nginx/access.log;|' -i /etc/nginx/nginx.conf
sed 's|error_log /var/log/nginx/error.log;|error_log '"${REDMINE_LOG_DIR}"'/nginx/error.log;|' -i /etc/nginx/nginx.conf

# setup log rotation for redmine application logs
cat > /etc/logrotate.d/redmine <<EOF
${REDMINE_LOG_DIR}/redmine/*.log {
Expand Down Expand Up @@ -141,7 +143,7 @@ ${REDMINE_LOG_DIR}/supervisor/*.log {
EOF

# configure supervisord to start nginx
cat > /etc/supervisor/conf.d/nginx.conf <<EOF
[[ ${NGINX_ENABLED} == true ]] && cat > /etc/supervisor/conf.d/nginx.conf <<EOF
[program:nginx]
priority=20
directory=/tmp
Expand Down
127 changes: 73 additions & 54 deletions entrypoint.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ REDMINE_FETCH_COMMITS=${REDMINE_FETCH_COMMITS:-disable}
REDMINE_HTTPS_HSTS_ENABLED=${REDMINE_HTTPS_HSTS_ENABLED:-true}
REDMINE_HTTPS_HSTS_MAXAGE=${REDMINE_HTTPS_HSTS_MAXAGE:-31536000}

NGINX_ENABLED=${NGINX_ENABLED:-true}
NGINX_WORKERS=${NGINX_WORKERS:-1}
NGINX_MAX_UPLOAD_SIZE=${NGINX_MAX_UPLOAD_SIZE:-20m}

Expand All @@ -73,6 +74,12 @@ SSL_VERIFY_CLIENT=${SSL_VERIFY_CLIENT:-off}
UNICORN_WORKERS=${UNICORN_WORKERS:-2}
UNICORN_TIMEOUT=${UNICORN_TIMEOUT:-60}

if [[ ${NGINX_ENABLED} == true ]]; then
UNICORN_LISTEN="127.0.0.1:8080"
else
UNICORN_LISTEN="8080"
fi

# is a mysql or postgresql database linked?
# requires that the mysql or postgresql containers have exposed
# port 3306 and 5432 respectively.
Expand Down Expand Up @@ -208,7 +215,8 @@ chown -R ${REDMINE_USER}:${REDMINE_USER} ${REDMINE_DATA_DIR}/tmp/

# populate ${REDMINE_LOG_DIR}
mkdir -m 0755 -p ${REDMINE_LOG_DIR}/supervisor && chown -R root:root ${REDMINE_LOG_DIR}/supervisor
mkdir -m 0755 -p ${REDMINE_LOG_DIR}/nginx && chown -R ${REDMINE_USER}:${REDMINE_USER} ${REDMINE_LOG_DIR}/nginx
[[ ${NGINX_ENABLED} == true ]] && \
mkdir -m 0755 -p ${REDMINE_LOG_DIR}/nginx && chown -R ${REDMINE_USER}:${REDMINE_USER} ${REDMINE_LOG_DIR}/nginx
mkdir -m 0755 -p ${REDMINE_LOG_DIR}/redmine && chown -R ${REDMINE_USER}:${REDMINE_USER} ${REDMINE_LOG_DIR}/redmine

# fix permission and ownership of ${REDMINE_DATA_DIR}
Expand All @@ -221,37 +229,42 @@ chmod +x ${REDMINE_DATA_DIR}

cd ${REDMINE_INSTALL_DIR}

# copy configuration templates
case ${REDMINE_HTTPS} in
true)
if [[ -f ${SSL_CERTIFICATE_PATH} && -f ${SSL_KEY_PATH} ]]; then
cp ${SYSCONF_TEMPLATES_DIR}/nginx/redmine-ssl /etc/nginx/sites-enabled/redmine
else
echo "SSL keys and certificates were not found."
echo "Assuming that the container is running behind a HTTPS enabled load balancer."
cp ${SYSCONF_TEMPLATES_DIR}/nginx/redmine /etc/nginx/sites-enabled/redmine
fi
;;
*) cp ${SYSCONF_TEMPLATES_DIR}/nginx/redmine /etc/nginx/sites-enabled/redmine ;;
esac
if [[ ${NGINX_ENABLED} == true ]]; then

# copy configuration templates
case ${REDMINE_HTTPS} in
true)
if [[ -f ${SSL_CERTIFICATE_PATH} && -f ${SSL_KEY_PATH} ]]; then
cp ${SYSCONF_TEMPLATES_DIR}/nginx/redmine-ssl /etc/nginx/sites-enabled/redmine
else
echo "SSL keys and certificates were not found."
echo "Assuming that the container is running behind a HTTPS enabled load balancer."
cp ${SYSCONF_TEMPLATES_DIR}/nginx/redmine /etc/nginx/sites-enabled/redmine
fi
;;
*) cp ${SYSCONF_TEMPLATES_DIR}/nginx/redmine /etc/nginx/sites-enabled/redmine ;;
esac

# override default configuration templates with user templates
case ${REDMINE_HTTPS} in
true)
if [[ -f ${SSL_CERTIFICATE_PATH} && -f ${SSL_KEY_PATH} ]]; then
[[ -f ${USERCONF_TEMPLATES_DIR}/nginx/redmine-ssl ]] && cp ${USERCONF_TEMPLATES_DIR}/nginx/redmine-ssl /etc/nginx/sites-enabled/redmine
else
[[ -f ${USERCONF_TEMPLATES_DIR}/nginx/redmine ]] && cp ${USERCONF_TEMPLATES_DIR}/nginx/redmine /etc/nginx/sites-enabled/redmine
fi
;;
*) [[ -f ${USERCONF_TEMPLATES_DIR}/nginx/redmine ]] && cp ${USERCONF_TEMPLATES_DIR}/nginx/redmine /etc/nginx/sites-enabled/redmine ;;
esac
fi

sudo -HEu ${REDMINE_USER} cp ${SYSCONF_TEMPLATES_DIR}/redmine/database.yml config/database.yml
sudo -HEu ${REDMINE_USER} cp ${SYSCONF_TEMPLATES_DIR}/redmine/unicorn.rb config/unicorn.rb
[[ ${SMTP_ENABLED} == true ]] && \
sudo -HEu ${REDMINE_USER} cp ${SYSCONF_TEMPLATES_DIR}/redmine/smtp_settings.rb config/initializers/smtp_settings.rb
[[ ${MEMCACHE_ENABLED} == true ]] && \
sudo -HEu ${REDMINE_USER} cp ${SYSCONF_TEMPLATES_DIR}/redmine/additional_environment.rb config/additional_environment.rb

# override default configuration templates with user templates
case ${REDMINE_HTTPS} in
true)
if [[ -f ${SSL_CERTIFICATE_PATH} && -f ${SSL_KEY_PATH} ]]; then
[[ -f ${USERCONF_TEMPLATES_DIR}/nginx/redmine-ssl ]] && cp ${USERCONF_TEMPLATES_DIR}/nginx/redmine-ssl /etc/nginx/sites-enabled/redmine
else
[[ -f ${USERCONF_TEMPLATES_DIR}/nginx/redmine ]] && cp ${USERCONF_TEMPLATES_DIR}/nginx/redmine /etc/nginx/sites-enabled/redmine
fi
;;
*) [[ -f ${USERCONF_TEMPLATES_DIR}/nginx/redmine ]] && cp ${USERCONF_TEMPLATES_DIR}/nginx/redmine /etc/nginx/sites-enabled/redmine ;;
esac
[[ -f ${USERCONF_TEMPLATES_DIR}/redmine/database.yml ]] && sudo -HEu ${REDMINE_USER} cp ${USERCONF_TEMPLATES_DIR}/redmine/database.yml config/database.yml
[[ -f ${USERCONF_TEMPLATES_DIR}/redmine/unicorn.rb ]] && sudo -HEu ${REDMINE_USER} cp ${USERCONF_TEMPLATES_DIR}/redmine/unicorn.rb config/unicorn.rb
[[ ${SMTP_ENABLED} == true ]] && \
Expand Down Expand Up @@ -293,54 +306,60 @@ if [[ ${MEMCACHE_ENABLED} == true ]]; then
fi

# configure nginx
sed 's/worker_processes .*/worker_processes '"${NGINX_WORKERS}"';/' -i /etc/nginx/nginx.conf
sed 's,{{REDMINE_INSTALL_DIR}},'"${REDMINE_INSTALL_DIR}"',g' -i /etc/nginx/sites-enabled/redmine
sed 's,{{REDMINE_LOG_DIR}},'"${REDMINE_LOG_DIR}"',g' -i /etc/nginx/sites-enabled/redmine
sed 's/{{REDMINE_PORT}}/'"${REDMINE_PORT}"'/' -i /etc/nginx/sites-enabled/redmine
sed 's/{{NGINX_MAX_UPLOAD_SIZE}}/'"${NGINX_MAX_UPLOAD_SIZE}"'/' -i /etc/nginx/sites-enabled/redmine
sed 's/{{NGINX_X_FORWARDED_PROTO}}/'"${NGINX_X_FORWARDED_PROTO}"'/' -i /etc/nginx/sites-enabled/redmine
sed 's,{{SSL_CERTIFICATE_PATH}},'"${SSL_CERTIFICATE_PATH}"',' -i /etc/nginx/sites-enabled/redmine
sed 's,{{SSL_KEY_PATH}},'"${SSL_KEY_PATH}"',' -i /etc/nginx/sites-enabled/redmine

# if dhparam path is valid, add to the config, otherwise remove the option
if [[ -r ${SSL_DHPARAM_PATH} ]]; then
sed 's,{{SSL_DHPARAM_PATH}},'"${SSL_DHPARAM_PATH}"',' -i /etc/nginx/sites-enabled/redmine
else
sed '/ssl_dhparam {{SSL_DHPARAM_PATH}};/d' -i /etc/nginx/sites-enabled/redmine
fi
if [[ ${NGINX_ENABLED} == true ]]; then
sed 's/worker_processes .*/worker_processes '"${NGINX_WORKERS}"';/' -i /etc/nginx/nginx.conf
sed 's,{{REDMINE_INSTALL_DIR}},'"${REDMINE_INSTALL_DIR}"',g' -i /etc/nginx/sites-enabled/redmine
sed 's,{{REDMINE_LOG_DIR}},'"${REDMINE_LOG_DIR}"',g' -i /etc/nginx/sites-enabled/redmine
sed 's/{{REDMINE_PORT}}/'"${REDMINE_PORT}"'/' -i /etc/nginx/sites-enabled/redmine
sed 's/{{NGINX_MAX_UPLOAD_SIZE}}/'"${NGINX_MAX_UPLOAD_SIZE}"'/' -i /etc/nginx/sites-enabled/redmine
sed 's/{{NGINX_X_FORWARDED_PROTO}}/'"${NGINX_X_FORWARDED_PROTO}"'/' -i /etc/nginx/sites-enabled/redmine
sed 's,{{SSL_CERTIFICATE_PATH}},'"${SSL_CERTIFICATE_PATH}"',' -i /etc/nginx/sites-enabled/redmine
sed 's,{{SSL_KEY_PATH}},'"${SSL_KEY_PATH}"',' -i /etc/nginx/sites-enabled/redmine

# if dhparam path is valid, add to the config, otherwise remove the option
if [[ -r ${SSL_DHPARAM_PATH} ]]; then
sed 's,{{SSL_DHPARAM_PATH}},'"${SSL_DHPARAM_PATH}"',' -i /etc/nginx/sites-enabled/redmine
else
sed '/ssl_dhparam {{SSL_DHPARAM_PATH}};/d' -i /etc/nginx/sites-enabled/redmine
fi

sed 's,{{SSL_VERIFY_CLIENT}},'"${SSL_VERIFY_CLIENT}"',' -i /etc/nginx/sites-enabled/redmine
if [[ -f /usr/local/share/ca-certificates/ca.crt ]]; then
sed 's,{{CA_CERTIFICATES_PATH}},'"${CA_CERTIFICATES_PATH}"',' -i /etc/nginx/sites-enabled/redmine
else
sed '/{{CA_CERTIFICATES_PATH}}/d' -i /etc/nginx/sites-enabled/redmine
fi
sed 's,{{SSL_VERIFY_CLIENT}},'"${SSL_VERIFY_CLIENT}"',' -i /etc/nginx/sites-enabled/redmine
if [[ -f /usr/local/share/ca-certificates/ca.crt ]]; then
sed 's,{{CA_CERTIFICATES_PATH}},'"${CA_CERTIFICATES_PATH}"',' -i /etc/nginx/sites-enabled/redmine
else
sed '/{{CA_CERTIFICATES_PATH}}/d' -i /etc/nginx/sites-enabled/redmine
fi

if [[ ${REDMINE_HTTPS_HSTS_ENABLED} == true ]]; then
sed 's/{{REDMINE_HTTPS_HSTS_MAXAGE}}/'"${REDMINE_HTTPS_HSTS_MAXAGE}"'/' -i /etc/nginx/sites-enabled/redmine
else
sed '/{{REDMINE_HTTPS_HSTS_MAXAGE}}/d' -i /etc/nginx/sites-enabled/redmine
if [[ ${REDMINE_HTTPS_HSTS_ENABLED} == true ]]; then
sed 's/{{REDMINE_HTTPS_HSTS_MAXAGE}}/'"${REDMINE_HTTPS_HSTS_MAXAGE}"'/' -i /etc/nginx/sites-enabled/redmine
else
sed '/{{REDMINE_HTTPS_HSTS_MAXAGE}}/d' -i /etc/nginx/sites-enabled/redmine
fi
fi

# configure unicorn
sudo -HEu ${REDMINE_USER} sed 's,{{REDMINE_INSTALL_DIR}},'"${REDMINE_INSTALL_DIR}"',g' -i config/unicorn.rb
sudo -HEu ${REDMINE_USER} sed 's/{{REDMINE_USER}}/'"${REDMINE_USER}"'/g' -i config/unicorn.rb
sudo -HEu ${REDMINE_USER} sed 's/{{UNICORN_WORKERS}}/'"${UNICORN_WORKERS}"'/' -i config/unicorn.rb
sudo -HEu ${REDMINE_USER} sed 's/{{UNICORN_TIMEOUT}}/'"${UNICORN_TIMEOUT}"'/' -i config/unicorn.rb
sudo -HEu ${REDMINE_USER} sed 's/{{UNICORN_LISTEN}}/'"${UNICORN_LISTEN}"'/' -i config/unicorn.rb

# configure relative_url_root
if [[ -n ${REDMINE_RELATIVE_URL_ROOT} ]]; then
sudo -HEu ${REDMINE_USER} cp -f ${SYSCONF_TEMPLATES_DIR}/redmine/config.ru config.ru
sudo -HEu ${REDMINE_USER} sed 's,{{REDMINE_RELATIVE_URL_ROOT}},'"${REDMINE_RELATIVE_URL_ROOT}"',' -i config/unicorn.rb
sed 's,# alias '"${REDMINE_INSTALL_DIR}"'/public,alias '"${REDMINE_INSTALL_DIR}"'/public,' -i /etc/nginx/sites-enabled/redmine
sed 's,{{REDMINE_RELATIVE_URL_ROOT}},'"${REDMINE_RELATIVE_URL_ROOT}"',' -i /etc/nginx/sites-enabled/redmine
if [[ ${NGINX_ENABLED} == true ]]; then
sed 's,# alias '"${REDMINE_INSTALL_DIR}"'/public,alias '"${REDMINE_INSTALL_DIR}"'/public,' -i /etc/nginx/sites-enabled/redmine
sed 's,{{REDMINE_RELATIVE_URL_ROOT}},'"${REDMINE_RELATIVE_URL_ROOT}"',' -i /etc/nginx/sites-enabled/redmine
fi
else
sudo -HEu ${REDMINE_USER} sed '/{{REDMINE_RELATIVE_URL_ROOT}}/d' -i config/unicorn.rb
sed 's,{{REDMINE_RELATIVE_URL_ROOT}},/,' -i /etc/nginx/sites-enabled/redmine
[[ ${NGINX_ENABLED} == true ]] && \
sed 's,{{REDMINE_RELATIVE_URL_ROOT}},/,' -i /etc/nginx/sites-enabled/redmine
fi

# disable ipv6 support
if [[ ! -f /proc/net/if_inet6 ]]; then
if [[ ! -f /proc/net/if_inet6 && ${NGINX_ENABLED} == true ]]; then
sed -e '/listen \[::\]:80/ s/^#*/#/' -i /etc/nginx/sites-enabled/redmine
sed -e '/listen \[::\]:443/ s/^#*/#/' -i /etc/nginx/sites-enabled/redmine
fi
Expand Down