#!/bin/sh set -e if [[ -z "$EXTERNAL_HTTP_PORT" ]] && [[ -z "$EXTERNAL_HTTPS_PORT" ]]; then echo "EXTERNAL_HTTP_PORT and EXTERNAL_HTTPS_PORT are not set. Aborting." exit 1 fi if [[ -f "/certs/key.pem" ]] && [[ -f "/certs/cert.pem" ]]; then certs_exists=1 fi if [[ -n "$EXTERNAL_HTTPS_PORT" ]] && [[ -z "$certs_exists" ]]; then echo "Configured https, but no certificates found. Aborting" exit 1 fi # config: https if [[ -n "$EXTERNAL_HTTPS_PORT" ]] ; then cat < /etc/caddy/endpoint https://:8001 { tls /certs/cert.pem /certs/key.pem EOF echo "Configured https" fi # config: http and no https if [[ -n "$EXTERNAL_HTTP_PORT" ]] && [[ -z "$EXTERNAL_HTTPS_PORT" ]] ; then echo "http://:8000 {" > /etc/caddy/endpoint echo "Configured http only" fi # config: https and additionally http -> create redirect-file if [[ -n "$EXTERNAL_HTTP_PORT" ]] && [[ -n "$EXTERNAL_HTTPS_PORT" ]] ; then cat < /etc/caddy/redirect http://:8000 { redir https://$INSTANCE_DOMAIN{uri} } EOF echo "Configured http to https redirect" fi # Add allowed hosts from $ALLOWED_HOSTS # If the variable is empty, all hosts are allowed. # The hosts are ORed, so the request is valid, if one host matches. # Example: ALLOWED_HOSTS="localhost:8000 127.0.0.1:8000" # # @invalid-host { # not { # header Host localhost:8000 # header Host 127.0.0.1:8000 # } # } # respond @invalid-host "Misdirected Request" 421 { # close # } if [[ ! -z "$ALLOWED_HOSTS" ]]; then cat < /etc/caddy/invalid_host @invalid-host { not { EOF for host in $ALLOWED_HOSTS; do echo " host $host" >> /etc/caddy/invalid_host done cat <> /etc/caddy/invalid_host } } respond @invalid-host "Misdirected Request" 421 { close } EOF echo "Configured allowed hosts: $ALLOWED_HOSTS" else echo "All hosts allowed" fi exec "$@"