44 lines
1.4 KiB
Bash
44 lines
1.4 KiB
Bash
#!/bin/sh
|
|
set -e
|
|
|
|
echo "[Pre-Flight] Starting checks..."
|
|
|
|
# Check environment
|
|
if [ -z "$HOST_PUBLIC_IP" ]; then
|
|
echo "[Pre-Flight] WARNING: HOST_PUBLIC_IP not set. DNS checks might be inaccurate."
|
|
fi
|
|
|
|
# Iterate site configs for DNS checks
|
|
for conf in /etc/nginx/conf.d/*.conf; do
|
|
[ -e "$conf" ] || continue
|
|
echo "[Pre-Flight] Checking config: $conf"
|
|
|
|
# Simple extraction of server_name (naive, but works for standard configs)
|
|
DOMAINS=$(grep -E "\s*server_name\s+" "$conf" | sed -r 's/.*server_name\s+(.*);/\1/')
|
|
|
|
for domain in $DOMAINS; do
|
|
if [ "$domain" = "_" ] || [ "$domain" = "localhost" ]; then continue; fi
|
|
|
|
echo "[Pre-Flight] Validating DNS for $domain..."
|
|
RESOLVED_IP=$(dig +short "$domain" @1.1.1.1 | tail -n 1)
|
|
|
|
if [ "$RESOLVED_IP" != "$HOST_PUBLIC_IP" ]; then
|
|
echo "[Pre-Flight] WARNING: Domain $domain resolves to $RESOLVED_IP, expected $HOST_PUBLIC_IP"
|
|
else
|
|
echo "[Pre-Flight] DNS OK: $domain -> $RESOLVED_IP"
|
|
fi
|
|
done
|
|
done
|
|
|
|
# Run SSL Renewal Check (handles its own iteration)
|
|
echo "[Pre-Flight] Running SSL renewal check..."
|
|
/scripts/renew_ssl.sh
|
|
|
|
# Setup Daily Cron for Renewal (run at 01:00)
|
|
echo "0 1 * * * /scripts/renew_ssl.sh >> /var/log/nginx/ssl_renew.log 2>&1" > /etc/crontabs/root
|
|
# Start Crond in background
|
|
crond -b -l 8
|
|
|
|
echo "[Pre-Flight] Checks complete. Starting NGINX..."
|
|
exec "$@"
|