Overhaul image.

.dockerignore

@@ -0,0 +1,5 @@
+.gitignore
+example/
+arch.txt
+buildx.sh
+readme.md

.gitignore

@@ -1,5 +1,2 @@
 arch.txt
 buildx.sh
-nginx.conf
-server.conf
-index.html

Dockerfile

@@ -1,11 +1,10 @@
 FROM alpine:latest
 
-RUN apk update && apk upgrade && apk add nginx gettext && \
-    rm -r /etc/nginx
+RUN apk add --upgrade --no-cache nginx gettext inotify-tools \
+ && mv /etc/nginx /etc/nginx.tmpl \
+ && touch /etc/envsubst.conf
 
 COPY start-nginx.sh /usr/local/bin/
-COPY environment_variables.txt /
 
-USER root
 ENTRYPOINT ["/bin/sh", "-c"]
 CMD ["start-nginx.sh"]

environment_variables.txt

@@ -1 +0,0 @@
-${DOMAIN_NAME}

readme.md

@@ -3,26 +3,23 @@
 A simple docker image for configuring nginx with environment variables.
 
 ## Usage
-This image does not ship with a default configuration.
-To get started place your nginx config in `/etc/nginx/nginx.conf`
-and your normal server configurations in `/etc/nginx/sites-enabled/`.
-
-Every configuration file in `/etc/nginx/sites-available/` will get
-passed to `envsubst` and written to `/etc/nginx/sites-enabled/`.
-
-To specify which variables to substitute place a file
-`/environment_variables.txt` in the docker container with all variables
-which should be passed to envsubst.
+Mount you whole nginx configuration into /etc/nginx.tmpl.
+The configuration files can contain environment variables compatible
+with `envsubst`, list these variables in a file `/etc/envsubst.conf`.
+Additionally, the server gets reloaded when a update to one of the
+referenced certificates happens.
 
 ## Minimal Example
 
 ```sh
-docker run \
-    -v "$PWD/nginx.conf":/etc/nginx/nginx.conf \
-    -v "$PWD/server.conf":/etc/nginx/sites-available/server.conf \
-    -v "$PWD/index.html":/var/www/html/index.html \
-    -e DOMAIN_NAME=localhost -p 80:80 \
-    redxef/nginx-envsubst:latest
+cd example
+docker run --rm -it \
+    -e DOMAIN_NAME=localhost \
+    -p 80:80 -p 443:443
+    -v "$PWD/nginx.conf:/etc/nginx.tmpl/nginx.conf" \
+    -v "$PWD/envsubst.conf:/etc/envsubst.conf" \
+    -v "$PWD/cert:/cert" \
+    redxef/nginx-envsubst
 ```
 
 ## Source

start-nginx.sh

@@ -1,35 +1,48 @@
 #!/usr/bin/env sh
 
-set -x
+pids=""
 
-enable_server() {
-    for name in "$@"; do
-        src_dir="/etc/nginx/sites-available"
-        dst_dir="/etc/nginx/sites-enabled"
-        mkdir -p "$dst_dir"
-        envsubst '${DOMAIN_NAME}' < "$src_dir/$name.conf" > "$dst_dir/$name.conf"
+run_prog() {
+    "$@" &
+    pids="$! $pids"
+}
+
+trap_sig() {
+    printf '%s' "$pids" | while IFS= read -r pid; do
+        echo "pid=$pid"
+        kill -s $1 $pid
     done
 }
 
-enable_ssh_server() {
-    for name in "$@"; do
-        src_dir="/etc/nginx/ssh-available"
-        dst_dir="/etc/nginx/ssh-enabled"
-        mkdir -p "$dst_dir"
-        envsubst '${DOMAIN_NAME}' < "$src_dir/$name.conf" > "$dst_dir/$name.conf"
+trap 'trap_sig TERM' SIGTERM
+
+srcdir=/etc/nginx.tmpl/
+dstdir=/etc/nginx/
+
+find "$srcdir" -type d | while read -r src_directory; do
+    dst_directory="$(echo "$src_directory" | sed "s|^$srcdir|$dstdir|")"
+    mkdir -p "$dst_directory"
+done
+
+find "$srcdir" -type f | while read -r src_file; do
+    dst_file="$(echo "$src_file" | sed "s|^$srcdir|$dstdir|")"
+    envsubst "$(cat /etc/envsubst.conf)" < "$src_file" > "$dst_file"
+done
+
+
+run_nginx() {
+    find "$dstdir"
+    nginx -g 'daemon off;'
+}
+
+run_inotifywait() {
+    while find "$dstdir" -type f -exec \
+        sed -En '/ssl_certificate/ s/^\s*ssl_certificate(_key)? (.*);.*$/\2/p' {} \; | sort | uniq | \
+        inotifywait --fromfile=-; do
+            nginx -s reload
     done
 }
 
-sub_env_vars="$(cat /environment_variables.txt)"
-
-echo "Enabling servers"
-(
-    cd "/etc/nginx/sites-available" || exit $?
-    test -d "../sites-enabled" || mkdir "../sites-enabled"
-    for f in *.conf; do
-        envsubst "$sub_env_vars" < "$f" > "../sites-enabled/$f"
-    done
-)
-
-echo "Starting nginx"
-exec nginx -g 'daemon off;' -c /etc/nginx/nginx.conf
+run_prog run_nginx
+run_prog run_inotifywait
+wait $pids