Fixed unlink() error + cleaning up code and files.

10-listen-on-ipv6-by-default.sh

@@ -1,61 +0,0 @@
-#!/bin/sh
-# vim:sw=4:ts=4:et
-
-set -e
-
-ME=$(basename $0)
-DEFAULT_CONF_FILE="etc/nginx/conf.d/vh-default.conf"
-
-# check if we have ipv6 available
-if [ ! -f "/proc/net/if_inet6" ]; then
-    echo >&3 "$ME: info: ipv6 not available"
-    exit 0
-fi
-
-if [ ! -f "/$DEFAULT_CONF_FILE" ]; then
-    echo >&3 "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist"
-    exit 0
-fi
-
-# check if the file can be modified, e.g. not on a r/o filesystem
-touch /$DEFAULT_CONF_FILE 2>/dev/null || { echo >&3 "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; }
-
-# check if the file is already modified, e.g. on a container restart
-grep -q "listen  \[::]\:80;" /$DEFAULT_CONF_FILE && { echo >&3 "$ME: info: IPv6 listen already enabled"; exit 0; }
-
-if [ -f "/etc/os-release" ]; then
-    . /etc/os-release
-else
-    echo >&3 "$ME: info: can not guess the operating system"
-    exit 0
-fi
-
-echo >&3 "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE"
-
-case "$ID" in
-    "debian")
-        CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3)
-        echo "$CHECKSUM  /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || {
-            echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version"
-            exit 0
-        }
-        ;;
-    "alpine")
-        CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2)
-        echo "$CHECKSUM  /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || {
-            echo >&3 "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version"
-            exit 0
-        }
-        ;;
-    *)
-        echo >&3 "$ME: info: Unsupported distribution"
-        exit 0
-        ;;
-esac
-
-# enable ipv6 on default.conf listen sockets
-sed -i -E 's,listen       80;,listen       80;\n    listen  [::]:80;,' /$DEFAULT_CONF_FILE
-
-echo >&3 "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE"
-
-exit 0

Dockerfile

@@ -170,6 +170,9 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \
     && apk add --no-cache tzdata \
     && mkdir /docker-entrypoint.d \
     && apk add --no-cache curl ca-certificates \
+    # Create access and error logging
+    && touch /var/log/nginx/access.log \
+    && touch /var/log/nginx/error.log \ 
     # forward request and error logs to docker log collector
     && ln -sf /dev/stdout /var/log/nginx/access.log \
     && ln -sf /dev/stderr /var/log/nginx/error.log \
@@ -186,17 +189,21 @@ RUN GPG_KEYS=B0F4253373F8F6F510D42178520A9993A1C052F8 \
     && chown -R root:nginx /etc/letsencrypt \
     && touch /var/run/nginx.pid  \
     && chown nginx:nginx /var/run/nginx.pid \
-    && chmod 770 -R /etc/nginx \
+    && chmod 770 /var/run/nginx.pid \
+    && chown root:nginx /run \
+    && chmod 770 -R /run \
+    && chmod 755 /etc/nginx \
+    && chmod 755 -R /var/log/nginx \
     && chmod 770 -R /var/log/letsencrypt \
     && chmod 755 -R /usr/share/nginx \
+    && chmod 755 -R /etc/nginx/conf.d \
     && chmod 755 -R /var/www
 
 COPY nginx.conf /etc/nginx/nginx.conf
 COPY vh-default.conf /etc/nginx/conf.d/default.conf
 COPY docker-entrypoint.sh /
-COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d
-COPY 20-envsubst-on-templates.sh /docker-entrypoint.d
-COPY 30-tune-worker-processes.sh /docker-entrypoint.d
+COPY envsubst-on-templates.sh /docker-entrypoint.d
+COPY tune-worker-processes.sh /docker-entrypoint.d
 ENTRYPOINT ["/docker-entrypoint.sh"]
 USER nginx
 EXPOSE 80 443

docker-entrypoint.sh

@@ -29,7 +29,7 @@ if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then
             esac
         done
 
-        echo >&3 "$0: Configuration complete; ready for start up"
+        echo >&3 "$0: Entrypoint operations complete. Ready to accept connections."
     else
         echo >&3 "$0: No files found in /docker-entrypoint.d/, skipping configuration"
     fi