-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-entrypoint
executable file
·126 lines (106 loc) · 4.53 KB
/
docker-entrypoint
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
#!/bin/sh
# Author: Satish Gaikwad <satish@satishweb.com>
set -e
if [ -f /run/secrets/DEBUG ]; then
export DEBUG=$(cat $i)
fi
if [ "$DEBUG" = "1" ]; then
set -x
BASH_CMD_FLAGS='-x'
fi
# Lets determine the OS flavor
OSF=$(cat /etc/os-release|grep -e '^ID=.*'|cut -d '=' -f 2)
UNBOUND_CONFIG_DIR=/etc/unbound
export UNBOUND_CONFIG_FILE=${UNBOUND_CONFIG_DIR}/unbound.conf
export UNBOUND_CONFIG_SAMPLE_FILE=/templates/unbound.sample.conf
export UNBOUND_ANCHOR_FILE=${UNBOUND_CONFIG_DIR}/keys/root.key
export UNBOUND_BLOCKED_HOSTS_FILE=${UNBOUND_CONFIG_DIR}/unbound.blocked.hosts
export UNBOUND_CUSTOM_HOSTS_FILE=${UNBOUND_CONFIG_DIR}/custom/custom.hosts
export ICANN_BUNDLE_FILE=${UNBOUND_CONFIG_DIR}/keys/icannbundle.pem
printf "|---------------------------------------------------------------------------------------------\n";
printf "| Starting Unbound DNS Cache Server\n"
export ${SOURCE_StevenBlack_Unified_Hosts:=true}
export ${SOURCE_StevenBlack_Fakenews:=true}
export ${SOURCE_StevenBlack_Gambling:=true}
export ${SOURCE_StevenBlack_Porn:=true}
export ${SOURCE_TheGreatWall_Default:=true}
export ${SOURCE_AdWars_Default:=true}
export ${SOURCE_VeleSila_Default:=true}
export ${SOURCE_Tiuxo_Default:=true}
# Load env vars
printf "| ENTRYPOINT: \033[0;31mLoading docker secrets if found...\033[0m\n"
for i in $(env|grep '/run/secrets')
do
varName=$(echo $i|awk -F '[=]' '{print $1}'|sed 's/_FILE//')
varFile=$(echo $i|awk -F '[=]' '{print $2}')
exportCmd="export $varName=$(cat $varFile)"
echo "${exportCmd}" >> /etc/profile
eval "${exportCmd}"
printf "| ENTRYPOINT: Exporting var: $varName\n"
done
# Lets copy default unbound config file
if [ ! -f ${UNBOUND_CONFIG_FILE} ]; then
cp -rf ${UNBOUND_CONFIG_SAMPLE_FILE} ${UNBOUND_CONFIG_FILE}
fi
# Lets create custom hosts file if not present
if [ ! -f ${UNBOUND_CUSTOM_HOSTS_FILE} ]; then
mkdir -p ${UNBOUND_CONFIG_DIR}/custom/
touch ${UNBOUND_CUSTOM_HOSTS_FILE}
fi
# lets generate config file by replacing all variables inside of it.
TMP_FILE=/tmp/unbound.conf
cp ${UNBOUND_CONFIG_FILE} ${TMP_FILE}
DOLLAR='$' envsubst < ${TMP_FILE} > ${UNBOUND_CONFIG_FILE}
rm ${TMP_FILE}
# Lets create keys folder if does not exists
if [ ! -d ${UNBOUND_CONFIG_DIR}/keys ]; then
mkdir -p ${UNBOUND_CONFIG_DIR}/keys
fi
# Lets download icannbundle.pem if it does not exists
if [ ! -f ${ICANN_BUNDLE_FILE} ]; then
curl https://data.iana.org/root-anchors/icannbundle.pem --output ${ICANN_BUNDLE_FILE} >/dev/null 2>&1
ln -s ${ICANN_BUNDLE_FILE} ${UNBOUND_CONFIG_DIR}/icannbundle.pem
ln -s ${ICANN_BUNDLE_FILE} /icannbundle.pem
fi
# Lets generate certificates if not created already
if [ ! -f ${UNBOUND_CONFIG_DIR}/unbound_control.pem ] || [ ! -f ${UNBOUND_CONFIG_DIR}/unbound_server.pem ]; then
printf "| ENTRYPOINT: Setting up unbound certificates...\n"
unbound-control-setup 2>&1 | sed 's/^/| ENTRYPOINT: Unbound: /g'
fi
# Lets create or validate root anchor key
unbound-anchor -a ${UNBOUND_ANCHOR_FILE} || echo
# We had to add echo to avoid exit due to unbound-anchor command failure.
# We have set -e set for this script
# Lets set correct permissions for files used by unbound
chown -Rf unbound:unbound ${UNBOUND_CONFIG_DIR} ${UNBOUND_CONFIG_DIR}/keys
chmod 644 ${UNBOUND_CONFIG_DIR}/*.conf
# Setup blocked hosts file if it does not exists
if [ ! -f ${UNBOUND_BLOCKED_HOSTS_FILE} ]; then
/bin/sh $BASH_CMD_FLAGS /scripts/update_blocked_hosts.sh "${UNBOUND_BLOCKED_HOSTS_FILE}" no-reload
fi
printf "| ENTRYPOINT: \033[0;31mStarting supervisord (which starts and monitors cron and unbound) \033[0m\n"
printf "|---------------------------------------------------------------------------------------------\n";
# Lets create cron script for updating host daily
if [ "$OSF" = "ubuntu" ]; then
rm -rf /etc/cron.daily/*
CRON_FILE=/etc/cron.daily/updatehosts
elif [ "$OSF" = "alpine" ]; then
CRON_FILE=/etc/periodic/daily/updatehosts
else
echo "Error: We support only alpine and ubuntu flavors right now"
sleep 1000000000
#exit 1
fi
printf "#!/bin/bash\nPATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin\n" > ${CRON_FILE}
printf ". /scripts/update_blocked_hosts.sh ${UNBOUND_BLOCKED_HOSTS_FILE}\n" >> ${CRON_FILE}
chmod +x ${CRON_FILE}
# Check if app-config is present
if [ -f /app-config ]; then
# We expect that app-config handles the launch of app command
echo "| ENTRYPOINT: Executing app-config..."
. /app-config "$@"
else
# Let default CMD run if app-config is missing
echo "| ENTRYPOINT: app-config was not available, running given parameters or default CMD..."
exec $@
fi