2021-03-15 14:17:07 +01:00
|
|
|
#!/bin/sh
|
|
|
|
|
|
|
|
set -e
|
|
|
|
|
2021-09-27 13:17:41 +02:00
|
|
|
config=/etc/caddy/config.json
|
|
|
|
base=/caddy_base.json
|
2021-11-11 15:17:38 +01:00
|
|
|
HTTPS_CERT_FILE="${HTTPS_CERT_FILE:-/certs/cert.pem}"
|
|
|
|
HTTPS_KEY_FILE="${HTTPS_KEY_FILE:-/certs/key.pem}"
|
2021-09-27 13:17:41 +02:00
|
|
|
|
2021-11-17 17:57:34 +01:00
|
|
|
cp $base $config
|
2021-12-22 12:42:46 +01:00
|
|
|
|
2021-09-27 13:17:41 +02:00
|
|
|
# set defaults in base
|
|
|
|
ACTION_HOST="${ACTION_HOST:-backend}" ACTION_PORT="${ACTION_PORT:-9002}" \
|
|
|
|
PRESENTER_HOST="${PRESENTER_HOST:-backend}" PRESENTER_PORT="${PRESENTER_PORT:-9003}" \
|
|
|
|
AUTOUPDATE_HOST="${AUTOUPDATE_HOST:-autoupdate}" AUTOUPDATE_PORT="${AUTOUPDATE_PORT:-9012}" \
|
2021-12-06 12:14:18 +01:00
|
|
|
ICC_HOST="${ICC_HOST:-icc}" ICC_PORT="${ICC_PORT:-9007}" \
|
2021-09-27 13:17:41 +02:00
|
|
|
AUTH_HOST="${AUTH_HOST:-auth}" AUTH_PORT="${AUTH_PORT:-9004}" \
|
|
|
|
MEDIA_HOST="${MEDIA_HOST:-media}" MEDIA_PORT="${MEDIA_PORT:-9006}" \
|
|
|
|
MANAGE_HOST="${MANAGE_HOST:-manage}" MANAGE_PORT="${MANAGE_PORT:-9008}" \
|
|
|
|
CLIENT_HOST="${CLIENT_HOST:-client}" CLIENT_PORT="${CLIENT_PORT:-9001}" \
|
2021-11-17 23:32:40 +01:00
|
|
|
VOTE_HOST="${VOTE_HOST:-vote}" VOTE_PORT="${VOTE_PORT:-9013}" \
|
2021-11-17 17:57:34 +01:00
|
|
|
envsubst < "$config" > "$config.out" && mv -f "$config.out" "$config"
|
2021-09-27 13:17:41 +02:00
|
|
|
|
|
|
|
jq_write() {
|
|
|
|
filter=$1
|
2021-11-17 17:57:34 +01:00
|
|
|
jq "$filter" "$config" > "$config.out" && mv -f "$config.out" "$config"
|
2021-09-27 13:17:41 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
### HTTPS ###
|
|
|
|
if [ -n "$ENABLE_LOCAL_HTTPS" ]; then
|
2021-11-11 15:17:38 +01:00
|
|
|
[ -f "$HTTPS_CERT_FILE" ] && [ -f "$HTTPS_KEY_FILE" ] || {
|
2021-09-27 13:17:41 +02:00
|
|
|
echo "ERROR: no local cert-files provided. Did you run make-localhost-cert.sh?"
|
|
|
|
exit 1
|
|
|
|
}
|
|
|
|
jq_write ".apps.http.servers.srv0.tls_connection_policies = [{ certificate_selection: { any_tag: [ \"cert0\" ] }}]"
|
2021-11-11 15:17:38 +01:00
|
|
|
jq_write ".apps.tls = { certificates: { load_files: [{ certificate: \"$HTTPS_CERT_FILE\", key: \"$HTTPS_KEY_FILE\", tags: [ \"cert0\" ] }] }}"
|
2021-03-15 14:17:07 +01:00
|
|
|
else
|
2021-09-27 13:17:41 +02:00
|
|
|
if [ -n "$ENABLE_AUTO_HTTPS" ]; then
|
|
|
|
if [ -n "$EXTERNAL_ADDRESS" ]; then
|
|
|
|
echo "INFO: For the automatic https to work ports 443 and 80 of the host must be
|
|
|
|
directed to 8000 and 8001 of this container"
|
|
|
|
jq_write "del(.apps.http.servers.srv0.automatic_https)" # disabled in base
|
|
|
|
jq_write ".apps.http.https_port = 8000"
|
|
|
|
jq_write ".apps.http.http_port = 8001"
|
|
|
|
jq_write ".apps.http.servers.srv0.routes[-1].match = [{ host: [\"$EXTERNAL_ADDRESS\"]}]"
|
|
|
|
|
|
|
|
if [ -n "$ACME_ENDPOINT" ]; then
|
|
|
|
jq_write ".apps.tls.automation.policies[0].issuers[0].ca = \"${ACME_ENDPOINT}\""
|
|
|
|
fi
|
|
|
|
else
|
|
|
|
echo "ERROR: EXTERNAL_ADDRESS needed for automatic HTTPS / cert generation"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
fi
|
2021-03-15 14:17:07 +01:00
|
|
|
fi
|
|
|
|
|
2021-12-22 12:42:46 +01:00
|
|
|
### ALLOWED HOSTS ###
|
|
|
|
if [ -n "$ALLOWED_HOSTS" ]; then
|
|
|
|
for host in $ALLOWED_HOSTS; do
|
2022-01-12 17:11:21 +01:00
|
|
|
jq_write ".apps.http.servers.srv0.routes[-2].match[0].not[0].header.Host += [\"$host\"]"
|
2021-12-22 12:42:46 +01:00
|
|
|
done
|
|
|
|
else
|
2022-01-12 17:11:21 +01:00
|
|
|
jq_write "del(.apps.http.servers.srv0.routes[-2])"
|
2021-12-22 12:42:46 +01:00
|
|
|
fi
|
|
|
|
|
2021-09-27 13:17:41 +02:00
|
|
|
exec "$@"
|