Commit 08299f1d authored by Michał 'rysiek' Woźniak's avatar Michał 'rysiek' Woźniak
Browse files

$PID_FILE, $WATCH_FILE, $DHPARAM_FILE now a thing

parent e48a1347
......@@ -21,6 +21,11 @@ The `NGINX_VERSION` build argument controls the `nginx` package version that is
- `NO_DHPARAM` (default: unset)
if set to string `"true"`, `dhparam` generation will be skipped entirely; this is *not* a good idea, and should be used only for internal/utility nginx instances that run behind another webserver with TLS support.
- `PID_FILE` (default: "`/var/run/nginx.pid`")
- `WATCH_FILE` (default: "`/srv/logs/nginx/logrotate`")
- `DHPARAM_FILE` (default: "`/etc/ssl/nginx/dhparam.pem`")
these control the locations where the `run.sh` script expects to find the `nginx` pidfile, the file to watch for logrotate signalling, and the SSL DH parameters files; these should reflect `nginx` config.
### Examples
......@@ -40,13 +45,13 @@ docker build --build-arg=NGINX_PACKAGE=nginx-extras --build-arg=NGINX_VERSION=1.
## Operation
Upon start it creates a dhparam file in `/etc/ssl/nginx/dhparam.pem` (if the file does not exist) and sets an `inotify` watch on `/srv/logs/nginx/logrotate`. Once the watch discovers that the watchfile has been modified, it sends the `USR1` signal to `nginx`, which causes it to reload the logfiles.
Upon start it creates a dhparam file in `$DHPARAM_FILE` (if the file does not exist) and sets an `inotify` watch on `$WATCH_FILE`. Once the watch discovers that the watchfile has been modified, it sends the `USR1` signal to `nginx`, which causes it to reload the logfiles.
Use by volume-mounting the watchfile in this container and in a container that logrotate runs in, and making sure logrotate touches/modifies that file, for instance by using the following in your logrotate config files:
```
postrotate
/bin/date > /srv/logs/nginx/logrotate
/bin/date > /srv/logs/nginx/logrotate # or whatever is in $WATCH_FILE
```
## ToDo
......
......@@ -23,13 +23,13 @@
# yes, this is dead-simple; just watch this file,
# and if it gets modified, send nginx the signal
WATCH_FILE="/srv/logs/nginx/logrotate"
[ -z $WATCH_FILE ] && WATCH_FILE="/srv/logs/nginx/logrotate"
# we need this for signal sending
PID_FILE="/var/run/nginx.pid"
[ -z $PID_FILE ] && PID_FILE="/var/run/nginx.pid"
# we need this for DHParram generation
DHPARAM_FILE="/etc/ssl/nginx/dhparam.pem"
# we need this for dhparam generation
[ -z $DHPARAM_FILE ] && DHPARAM_FILE="/etc/ssl/nginx/dhparam.pem"
# this waits for changes in $WATCH_FILE and sends nginx a USR1 signal to reload the logfiles
function watch_logfiles {
......@@ -80,4 +80,4 @@ sleep 1
# run nginx
echo "+-- starting nginx..."
exec /usr/sbin/nginx -g "daemon off;"
\ No newline at end of file
exec /usr/sbin/nginx -g "daemon off;"
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment