Commit be48cf13 authored by Michał 'rysiek' Woźniak's avatar Michał 'rysiek' Woźniak
Browse files

$PID_FILE, $WATCH_FILE, $DHPARAM_FILE now a thing

parent 4662b6b4
...@@ -16,15 +16,21 @@ The image is based on the [`openresty:stretch` docker hub image](https://hub.doc ...@@ -16,15 +16,21 @@ The image is based on the [`openresty:stretch` docker hub image](https://hub.doc
- `NO_DHPARAM` (default: unset) - `NO_DHPARAM` (default: unset)
if set to string `"true"`, `dhparam` generation will be skipped entirely; this is *not* a good idea, and should be used only for internal/utility nginx instances that run behind another webserver with TLS support. if set to string `"true"`, `dhparam` generation will be skipped entirely; this is *not* a good idea, and should be used only for internal/utility nginx instances that run behind another webserver with TLS support.
- `PID_FILE` (default: "`/usr/local/openresty/nginx/logs/nginx.pid`")
- `WATCH_FILE` (default: "`/usr/local/openresty/nginx/logs/logrotate`")
- `DHPARAM_FILE` (default: "`/etc/ssl/nginx/dhparam.pem`")
these control the locations where the `run.sh` script expects to find the `nginx` pidfile, the file to watch for logrotate signalling, and the SSL DH parameters files; these should reflect `nginx` config.
## Operation ## Operation
Upon start it creates a dhparam file in `/etc/ssl/nginx/dhparam.pem` (if the file does not exist) and sets an `inotify` watch on `/srv/logs/nginx/logrotate`. Once the watch discovers that the watchfile has been modified, it sends the `USR1` signal to `nginx`, which causes it to reload the logfiles. Upon start it creates a dhparam file in `$DHPARAM_FILE` (if the file does not exist) and sets an `inotify` watch on `$WATCH_FILE`. Once the watch discovers that the watchfile has been modified, it sends the `USR1` signal to `nginx`, which causes it to reload the logfiles.
Use by volume-mounting the watchfile in this container and in a container that logrotate runs in, and making sure logrotate touches/modifies that file, for instance by using the following in your logrotate config files: Use by volume-mounting the watchfile in this container and in a container that logrotate runs in, and making sure logrotate touches/modifies that file, for instance by using the following in your logrotate config files:
``` ```
postrotate postrotate
/bin/date > /srv/logs/nginx/logrotate /bin/date > /usr/local/openresty/nginx/logs/logrotate # or whatever is in $WATCH_FILE
``` ```
## ToDo ## ToDo
......
...@@ -23,13 +23,13 @@ ...@@ -23,13 +23,13 @@
# yes, this is dead-simple; just watch this file, # yes, this is dead-simple; just watch this file,
# and if it gets modified, send nginx the signal # and if it gets modified, send nginx the signal
WATCH_FILE="/usr/local/openresty/nginx/logs/logrotate" [ -z $WATCH_FILE ] && WATCH_FILE="/usr/local/openresty/nginx/logs/logrotate"
# we need this for signal sending # we need this for signal sending
PID_FILE="/usr/local/openresty/nginx/logs/nginx.pid" [ -z $PID_FILE ] && PID_FILE="/usr/local/openresty/nginx/logs/nginx.pid"
# we need this for DHParram generation # we need this for dhparam generation
DHPARAM_FILE="/etc/ssl/nginx/dhparam.pem" [ -z $DHPARAM_FILE ] && DHPARAM_FILE="/etc/ssl/nginx/dhparam.pem"
# this waits for changes in $WATCH_FILE and sends nginx a USR1 signal to reload the logfiles # this waits for changes in $WATCH_FILE and sends nginx a USR1 signal to reload the logfiles
function watch_logfiles { function watch_logfiles {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment