Build nginx configs at container start time

getodk · Jun 25, 2024 · 76e2edd · 76e2edd
1 parent 25c36ce
commit 76e2edd
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 9 deletions.
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -77,8 +77,6 @@ services:
   nginx:
     build:
       context: .
-      args:
-        - OIDC_ENABLED=${OIDC_ENABLED:-false}
       dockerfile: nginx.dockerfile
     depends_on:
       - service
@@ -90,6 +88,13 @@ services:
       - SENTRY_ORG_SUBDOMAIN=${SENTRY_ORG_SUBDOMAIN:-o130137}
       - SENTRY_KEY=${SENTRY_KEY:-3cf75f54983e473da6bd07daddf0d2ee}
       - SENTRY_PROJECT=${SENTRY_PROJECT:-1298632}
+      - OIDC_ENABLED=${OIDC_ENABLED:-false}
+    volumes:
+      - ./files/local/customssl/:/etc/customssl/live/local/
+      - ./files/nginx/redirector.conf:/etc/nginx/conf.d/redirector.conf
+      - ./files/nginx/common-headers.conf:/usr/share/odk/nginx/common-headers.conf
+      - ./files/nginx/odk.conf.template:/usr/share/odk/nginx/odk.conf.template
+      - ./files/nginx/client-config.json.template:/usr/share/odk/nginx/client-config.json.template
     ports:
       - "${HTTP_PORT:-80}:80"
       - "${HTTPS_PORT:-443}:443"

diff --git a/files/nginx/setup-odk.sh b/files/nginx/setup-odk.sh
@@ -1,5 +1,15 @@
 #!/bin/bash
 
+
+echo "writing client config..."
+if [[ $OIDC_ENABLED != 'true' ]] && [[ $OIDC_ENABLED != 'false' ]]; then
+  echo 'OIDC_ENABLED must be either true or false'
+  exit 1
+fi
+
+envsubst < /usr/share/odk/nginx/client-config.json.template > /usr/share/nginx/html/client-config.json
+
+
 DH_PATH=/etc/dh/nginx.pem
 if [ "$SSL_TYPE" != "upstream" ] && [ ! -s "$DH_PATH" ]; then
   openssl dhparam -out "$DH_PATH" 2048
@@ -17,7 +27,6 @@ fi
 
 # start from fresh templates in case ssl type has changed
 echo "writing fresh nginx templates..."
-cp /usr/share/odk/nginx/redirector.conf /etc/nginx/conf.d/redirector.conf
 CNAME=$( [ "$SSL_TYPE" = "customssl" ] && echo "local" || echo "$DOMAIN") \
 envsubst '$SSL_TYPE $CNAME $SENTRY_ORG_SUBDOMAIN $SENTRY_KEY $SENTRY_PROJECT' \
   < /usr/share/odk/nginx/odk.conf.template \

diff --git a/nginx.dockerfile b/nginx.dockerfile
@@ -9,8 +9,6 @@ RUN apt-get update \
 COPY ./ ./
 RUN files/prebuild/write-version.sh
 RUN files/prebuild/build-frontend.sh
-ARG OIDC_ENABLED
-RUN files/prebuild/write-client-config.sh
 
 
 
@@ -22,16 +20,14 @@ EXPOSE 80
 EXPOSE 443
 
 VOLUME [ "/etc/dh", "/etc/selfsign", "/etc/nginx/conf.d" ]
-ENTRYPOINT [ "/bin/bash", "/scripts/setup-odk.sh" ]
 
 RUN apt-get update && apt-get install -y netcat-openbsd
 
 RUN mkdir -p /usr/share/odk/nginx/
 
 COPY files/nginx/setup-odk.sh /scripts/
-COPY files/local/customssl/*.pem /etc/customssl/live/local/
-COPY files/nginx/*.conf* /usr/share/odk/nginx/
 
 COPY --from=intermediate client/dist/ /usr/share/nginx/html
 COPY --from=intermediate /tmp/version.txt /usr/share/nginx/html
-COPY --from=intermediate /tmp/client-config.json /usr/share/nginx/html
+
+CMD [ "/bin/bash", "/scripts/setup-odk.sh" ]