#!/bin/sh PYTHON="python3" APP_DIR="/srv/app/wsgi" USER_CONF_DIR="/srv/etc" CERTBOT_DIR="/etc/letsencrypt" HTTPD_CERT_DIR="/etc/httpd/certs" # If user provide a django settings file, it will be copied to # the django settings module. # If no settings file is provided, the settings from djangos # settings module will be copied to the users config dir, so # he gets the defaults. user_settings_file="${USER_CONF_DIR}/django/settings.py" django_settings_file="${APP_DIR}/conf/settings.py" if test -e "$user_settings_file" ; then echo "Using django settings from $user_settings_file" cp "$user_settings_file" "$django_settings_file" else echo "Installing default settings to $user_settings_file" user_settings_dir=`dirname "$user_settings_file"` mkdir -p "$user_settings_dir" cp "$django_settings_file" "$user_settings_file" fi # If user wants it, we apply django database migrations. case "${DJANGO_SYNCDB:-false}" in true|yes|1) $PYTHON "${APP_DIR}/manage.py" migrate ;; false|no|0) ;; *) echo "DJANGO_DB_MASTER must be either true or false" >&2 exit 64 ;; esac # If user provided a supported command in argv, run it instead of httpd. case "$1" in certbot) shift echo "" echo "Running certbot..." certbot run --no-eff-email --standalone --installer null --deploy-hook /usr/local/sbin/certbot-set-default.sh exit $? ;; django-createsuperuser) echo "" echo "Running djangos createsuperuser command..." $PYTHON "${APP_DIR}/manage.py" createsuperuser exit $? ;; esac # If user provide a ssl cert and key, it will be copied to # the location were httpd looks for it. # Or if certbot is managing certificates, use it. certbot_cert_dir="${CERTBOT_DIR}/live/default" if test -e "${USER_CONF_DIR}/certs/fullchain.pem" -a -e "${USER_CONF_DIR}/certs/privkey.pem" ; then echo "Using X.509 certificate and key from $USER_CERT_DIR" touch "${HTTPD_CERT_DIR}/privkey.pem" chmod 600 "${HTTPD_CERT_DIR}/privkey.pem" cat "${USER_CONF_DIR}/certs/privkey.pem" > "${HTTPD_CERT_DIR}/privkey.pem" cat "${USER_CONF_DIR}/certs/fullchain.pem" > "${HTTPD_CERT_DIR}/fullchain.pem" elif test -d "$certbot_cert_dir" ; then echo "Using certbot" certbot renew /usr/local/sbin/certbot-deploy.sh fi # Remove left-overs from an incomplete shutdown previously. rm -rf /run/httpd/* /tmp/httpd* # If user wants it, a flag will tell httpd to enable status endpoints. if test "$ENABLE_STATUS_ENDPOINTS" == "true" ; then echo "Enabling server status endpoints" set -- -DENABLE_STATUS_ENDPOINTS "$@" fi # If we have a ssl cert and key, a flag will tell httpd to enable HTTPS. if test -e "${HTTPD_CERT_DIR}/fullchain.pem" -a -e "${HTTPD_CERT_DIR}/privkey.pem" ; then echo "Enabling HTTPS" set -- -DENABLE_HTTPS "$@" fi exec /usr/sbin/httpd \ -DFOREGROUND \ -c "LogLevel ${LOG_LEVEL:-error}" \ -c "ServerName ${HOSTNAME}" \ "$@"