92 lines
2.8 KiB
Bash
Executable File
92 lines
2.8 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
PYTHON="python3"
|
|
APP_DIR="/srv/app/wsgi"
|
|
USER_CONF_DIR="/srv/etc"
|
|
CERTBOT_DIR="/etc/letsencrypt"
|
|
HTTPD_CERT_DIR="/etc/httpd/certs"
|
|
|
|
# If user provide a django settings file, it will be copied to
|
|
# the django settings module.
|
|
# If no settings file is provided, the settings from djangos
|
|
# settings module will be copied to the users config dir, so
|
|
# he gets the defaults.
|
|
user_settings_file="${USER_CONF_DIR}/django/settings.py"
|
|
django_settings_file="${APP_DIR}/conf/settings.py"
|
|
if test -e "$user_settings_file" ; then
|
|
echo "Using django settings from $user_settings_file"
|
|
cp "$user_settings_file" "$django_settings_file"
|
|
else
|
|
echo "Installing default settings to $user_settings_file"
|
|
user_settings_dir=`dirname "$user_settings_file"`
|
|
mkdir -p "$user_settings_dir"
|
|
cp "$django_settings_file" "$user_settings_file"
|
|
fi
|
|
|
|
# If user wants it, we apply django database migrations.
|
|
case "${DJANGO_SYNCDB:-false}" in
|
|
true|yes|1)
|
|
$PYTHON "${APP_DIR}/manage.py" migrate
|
|
;;
|
|
false|no|0)
|
|
;;
|
|
*)
|
|
echo "DJANGO_DB_MASTER must be either true or false" >&2
|
|
exit 64
|
|
;;
|
|
esac
|
|
|
|
# If user provided a supported command in argv, run it instead of httpd.
|
|
case "$1" in
|
|
certbot)
|
|
shift
|
|
echo ""
|
|
echo "Running certbot..."
|
|
certbot run --no-eff-email --standalone --installer null --deploy-hook /usr/local/sbin/certbot-set-default.sh
|
|
exit $?
|
|
;;
|
|
django-createsuperuser)
|
|
echo ""
|
|
echo "Running djangos createsuperuser command..."
|
|
$PYTHON "${APP_DIR}/manage.py" createsuperuser
|
|
exit $?
|
|
;;
|
|
esac
|
|
|
|
# If user provide a ssl cert and key, it will be copied to
|
|
# the location were httpd looks for it.
|
|
# Or if certbot is managing certificates, use it.
|
|
certbot_cert_dir="${CERTBOT_DIR}/live/default"
|
|
if test -e "${USER_CONF_DIR}/certs/fullchain.pem" -a -e "${USER_CONF_DIR}/certs/privkey.pem" ; then
|
|
echo "Using X.509 certificate and key from $USER_CERT_DIR"
|
|
touch "${HTTPD_CERT_DIR}/privkey.pem"
|
|
chmod 600 "${HTTPD_CERT_DIR}/privkey.pem"
|
|
cat "${USER_CONF_DIR}/certs/privkey.pem" > "${HTTPD_CERT_DIR}/privkey.pem"
|
|
cat "${USER_CONF_DIR}/certs/fullchain.pem" > "${HTTPD_CERT_DIR}/fullchain.pem"
|
|
elif test -d "$certbot_cert_dir" ; then
|
|
echo "Using certbot"
|
|
certbot renew
|
|
/usr/local/sbin/certbot-deploy.sh
|
|
fi
|
|
|
|
# Remove left-overs from an incomplete shutdown previously.
|
|
rm -rf /run/httpd/* /tmp/httpd*
|
|
|
|
# If user wants it, a flag will tell httpd to enable status endpoints.
|
|
if test "$ENABLE_STATUS_ENDPOINTS" == "true" ; then
|
|
echo "Enabling server status endpoints"
|
|
set -- -DENABLE_STATUS_ENDPOINTS "$@"
|
|
fi
|
|
|
|
# If we have a ssl cert and key, a flag will tell httpd to enable HTTPS.
|
|
if test -e "${HTTPD_CERT_DIR}/fullchain.pem" -a -e "${HTTPD_CERT_DIR}/privkey.pem" ; then
|
|
echo "Enabling HTTPS"
|
|
set -- -DENABLE_HTTPS "$@"
|
|
fi
|
|
|
|
exec /usr/sbin/httpd \
|
|
-DFOREGROUND \
|
|
-c "LogLevel ${LOG_LEVEL:-error}" \
|
|
-c "ServerName ${HOSTNAME}" \
|
|
"$@"
|