FIX #1
This commit is contained in:
heinzel
@@ -1,8 +1,89 @@
|
||||
#!/bin/sh
|
||||
|
||||
PYTHON="python3"
|
||||
APP_DIR="/srv/app/wsgi"
|
||||
USER_CONF_DIR="/srv/etc"
|
||||
CERTBOT_DIR="/etc/letsencrypt"
|
||||
HTTPD_CERT_DIR="/etc/httpd/certs"
|
||||
|
||||
# If user provide a django settings file, it will be copied to
|
||||
# the django settings module.
|
||||
# If no settings file is provided, the settings from djangos
|
||||
# settings module will be copied to the users config dir, so
|
||||
# he gets the defaults.
|
||||
user_settings_file="${USER_CONF_DIR}/django/settings.py"
|
||||
django_settings_file="${APP_DIR}/conf/settings.py"
|
||||
if test -e "$user_settings_file" ; then
|
||||
echo "Using django settings from $user_settings_file"
|
||||
cp "$user_settings_file" "$django_settings_file"
|
||||
else
|
||||
echo "Installing default settings to $user_settings_file"
|
||||
user_settings_dir=`dirname "$user_settings_file"`
|
||||
mkdir -p "$user_settings_dir"
|
||||
cp "$django_settings_file" "$user_settings_file"
|
||||
fi
|
||||
|
||||
# If user wants it, we apply django database migrations.
|
||||
case "${DJANGO_SYNCDB:-false}" in
|
||||
true|yes|1)
|
||||
$PYTHON "${APP_DIR}/manage.py" migrate
|
||||
;;
|
||||
false|no|0)
|
||||
;;
|
||||
*)
|
||||
echo "DJANGO_DB_MASTER must be either true or false" >&2
|
||||
exit 64
|
||||
;;
|
||||
esac
|
||||
|
||||
# If user provided a supported command in argv, run it instead of httpd.
|
||||
case "$1" in
|
||||
certbot)
|
||||
shift
|
||||
echo ""
|
||||
echo "Running certbot..."
|
||||
certbot run --no-eff-email --standalone --installer null --deploy-hook /usr/local/sbin/certbot-set-default.sh
|
||||
exit $?
|
||||
;;
|
||||
django-createsuperuser)
|
||||
echo ""
|
||||
echo "Running djangos createsuperuser command..."
|
||||
$PYTHON "${APP_DIR}/manage.py" createsuperuser
|
||||
exit $?
|
||||
;;
|
||||
esac
|
||||
|
||||
# If user provide a ssl cert and key, it will be copied to
|
||||
# the location were httpd looks for it.
|
||||
# Or if certbot is managing certificates, use it.
|
||||
certbot_cert_dir="${CERTBOT_DIR}/live/default"
|
||||
if test -e "${USER_CONF_DIR}/certs/fullchain.pem" -a -e "${USER_CONF_DIR}/certs/privkey.pem" ; then
|
||||
echo "Using X.509 certificate and key from $USER_CERT_DIR"
|
||||
touch "${HTTPD_CERT_DIR}/privkey.pem"
|
||||
chmod 600 "${HTTPD_CERT_DIR}/privkey.pem"
|
||||
cat "${USER_CONF_DIR}/certs/privkey.pem" > "${HTTPD_CERT_DIR}/privkey.pem"
|
||||
cat "${USER_CONF_DIR}/certs/fullchain.pem" > "${HTTPD_CERT_DIR}/fullchain.pem"
|
||||
elif test -d "$certbot_cert_dir" ; then
|
||||
echo "Using certbot"
|
||||
certbot renew
|
||||
/usr/local/sbin/certbot-deploy.sh
|
||||
fi
|
||||
|
||||
# Remove left-overs from an incomplete shutdown previously.
|
||||
rm -rf /run/httpd/* /tmp/httpd*
|
||||
|
||||
# If user wants it, a flag will tell httpd to enable status endpoints.
|
||||
if test "$ENABLE_STATUS_ENDPOINTS" == "true" ; then
|
||||
echo "Enabling server status endpoints"
|
||||
set -- -DENABLE_STATUS_ENDPOINTS "$@"
|
||||
fi
|
||||
|
||||
# If we have a ssl cert and key, a flag will tell httpd to enable HTTPS.
|
||||
if test -e "${HTTPD_CERT_DIR}/fullchain.pem" -a -e "${HTTPD_CERT_DIR}/privkey.pem" ; then
|
||||
echo "Enabling HTTPS"
|
||||
set -- -DENABLE_HTTPS "$@"
|
||||
fi
|
||||
|
||||
exec /usr/sbin/httpd \
|
||||
-DFOREGROUND \
|
||||
-c "LogLevel ${LOG_LEVEL:-error}" \
|
||||
|
||||
Reference in New Issue
Block a user