Add the CONFIG_JSON environment variable (#5)

* Add the CONFIG_JSON environment variable as an alternative to creating a file
intentionally-left-nil · Mar 27, 2024 · a2f6808 · a2f6808
1 parent 02ecaa6
commit a2f6808
Show file tree

Hide file tree

Showing 4 changed files with 54 additions and 12 deletions.
diff --git a/.github/workflows/e2e_test.yml b/.github/workflows/e2e_test.yml
@@ -8,13 +8,17 @@ on:
 
 jobs:
   test:
+    strategy:
+      fail-fast: false
+      matrix:
+        profile: ["proxy", "proxy2"]
     name: Test
     runs-on: "ubuntu-latest"
     steps:
       - uses: actions/checkout@v3
       - name: Run test server
         working-directory: ./test
-        run: docker compose up --build --detach --wait --wait-timeout 30
+        run: docker compose --profile ${{matrix.profile}} up --build --detach --wait --wait-timeout 60
       - name: querying http returns redirect
         run: |
           output=$(curl -s -o /dev/null -w "%{http_code}" http://localhost)
@@ -39,7 +43,7 @@ jobs:
           fi
       - name: Copy the SSL key
         working-directory: ./test
-        run: docker compose cp proxy:/etc/reverse_proxy/data/certs/localhost/fullchain.pem .
+        run: docker compose --profile ${{matrix.profile}} cp ${{matrix.profile}}:/etc/reverse_proxy/data/certs/localhost/fullchain.pem .
       - name: Querying the https route returns 200
         working-directory: ./test
         run: |

diff --git a/README.md b/README.md
@@ -53,6 +53,7 @@ So. that's basically it :)
 - `SKIP_RENEW_CERTS=1` - don't call acme --install-cronjob to renew the certificates
 - `SKIP_WRITE_NGINX_CONF=1` - that /etc/reverse_proxy/nginx.conf is not overriden during the config process
 - `DEBUG=1` - add verbose logging (set -x) to figure out what's going wrong
+- `CONFIG_JSON={...}` - Instead of using a config.json file, you can instead set it as an environment variable instead
 
 # Advanced configuration
 

diff --git a/bootstrap.sh b/bootstrap.sh
@@ -17,13 +17,22 @@ bootstrap_fn() {
     exit 1
   fi
 
-  # First, validate the config file
-  if [ ! -f "$config_file" ]; then
-    echo "Missing $config_file. Did you forget to mount the config file?"
+  if [ -z "${CONFIG_JSON:-}" ]; then
+    if [ -f "$config_file" ]; then
+      CONFIG_JSON=$(cat "$config_file")
+    else
+      echo "Missing $config_file. Did you forget to mount the config file?"
+      exit 1
+    fi
+  fi
+
+  echo "$CONFIG_JSON" | jq empty 2>/dev/null
+  if [ $? -ne 0 ]; then
+    echo "Failed to parse the config file"
     exit 1
   fi
 
-  num_domains=$(jq -e -r '.domains | length' "$config_file")
+  num_domains=$(echo "$CONFIG_JSON" | jq -e -r '.domains | length')
   if [ $? -ne 0 ] || [ "$num_domains" -lt 1 ]; then
     echo "No domains listed in the config"
     exit 1
@@ -39,9 +48,9 @@ bootstrap_fn() {
   else
     # Install acme.sh with the email in the config, ensure the account_thumbprint
     if [ ! -d "$acme_dir" ]; then
-      email=$(jq -e -r '.email' "$config_file")
+      email=$(echo "$CONFIG_JSON" | jq -e -r '.email')
       if [ $? -ne 0 ]; then
-        echo "$config_file is missing the email to use when registering the SSL certificates"
+        echo "The config is missing the email to use when registering the SSL certificates"
         exit 1
       fi
       echo "Installing acme.sh"
@@ -74,8 +83,8 @@ bootstrap_fn() {
     echo "Creating the self-signed certificate"
 
     mkdir -p "$cert_dir" || exit 1
-    subject=$(jq -e -r '.domains[0].name' "$config_file")
-    alt_names=$(jq -e -r '.domains | map([.name] + .aliases) | flatten | map("DNS:" + .) | join(",")' "$config_file")
+    subject=$(echo "$CONFIG_JSON" | jq -e -r '.domains[0].name')
+    alt_names=$(echo "$CONFIG_JSON" | jq -e -r '.domains | map([.name] + .aliases) | flatten | map("DNS:" + .) | join(",")')
     echo "subject: $subject"
     echo "alt_names: $alt_names"
     openssl req -x509 -newkey rsa:4096 -sha256 -days 365 -nodes \
@@ -85,7 +94,7 @@ bootstrap_fn() {
     -addext "subjectAltName=$alt_names" || exit 1
   fi
 
-  domains=$(jq -e -r '.domains[].name' "$config_file")
+  domains=$(echo "$CONFIG_JSON" | jq -e -r '.domains[].name')
   # Note that this script assumes that the config.json is trusted input
   # and the domain doesn't have e.g. ../../ in it
   for domain in $domains; do
@@ -105,7 +114,7 @@ bootstrap_fn() {
   cat /dev/null > "$data_dir/nginx_generated.conf"
   i=0
   while [ "$i" -lt "$num_domains" ]; do
-    domain_json=$(jq -e ".domains[$i]" "$config_file")
+    domain_json=$(echo "$CONFIG_JSON" | jq -e ".domains[$i]")
     domain=$(echo "$domain_json" | jq -e -r '.name')
     if [ $? -ne 0 ]; then
       echo "Failed to get the name for $domain_json"

diff --git a/test/docker-compose.yml b/test/docker-compose.yml
@@ -1,5 +1,7 @@
 services:
   proxy:
+    profiles:
+      - proxy
     build:
       context: ./reverse-proxy
     volumes:
@@ -19,8 +21,34 @@ services:
       timeout: 5s
       interval: 5s
       retries: 6
+  proxy2:
+    profiles:
+      - proxy2
+    build:
+      context: ./reverse-proxy
+    volumes:
+      - reverse-proxy-test:/etc/reverse_proxy/data
+    environment:
+      - SKIP_CREATE_CERTS=1
+      - SKIP_RENEW_CERTS=1
+      - DEBUG=1
+      - 'CONFIG_JSON={ "email": "test@example.com", "domains": [ { "name": "localhost", "dest": "http://hello:80" } ] }'
+
+    ports:
+      - 80:80
+      - 443:443
+    networks:
+      - web
+    healthcheck:
+      test: ['CMD-SHELL', 'curl -so /dev/null http://localhost/ || exit 1']
+      timeout: 5s
+      interval: 5s
+      retries: 6
 
   hello:
+    profiles:
+      - proxy
+      - proxy2
     image: nginxdemos/hello:plain-text
     networks:
       - web