NgixProxy_Pathfinder/scripts/pre-flight.sh

#!/bin/sh
set -e

echo "[Pre-Flight] Starting checks..."

# Check environment
if [ -z "$HOST_PUBLIC_IP" ]; then
    echo "[Pre-Flight] WARNING: HOST_PUBLIC_IP not set. DNS checks might be inaccurate."
fi

# Iterate site configs for DNS checks
for conf in /etc/nginx/conf.d/*.conf; do
    [ -e "$conf" ] || continue
    echo "[Pre-Flight] Checking config: $conf"
    
    # Simple extraction of server_name (naive, but works for standard configs)
    DOMAINS=$(grep -E "^\s*server_name\s+" "$conf" | sed -r 's/.*server_name\s+(.*);/\1/')
    
    for domain in $DOMAINS; do
        if [ "$domain" = "_" ] || [ "$domain" = "localhost" ]; then continue; fi
        
        echo "[Pre-Flight] Validating DNS for $domain..."
        RESOLVED_IP=$(dig +short "$domain" @1.1.1.1 | tail -n 1)
        
        if [ "$RESOLVED_IP" != "$HOST_PUBLIC_IP" ]; then
            echo "[Pre-Flight] WARNING: Domain $domain resolves to $RESOLVED_IP, expected $HOST_PUBLIC_IP"
        else
            echo "[Pre-Flight] DNS OK: $domain -> $RESOLVED_IP"
        fi
    done
done

# Run SSL Renewal Check (handles its own iteration)
echo "[Pre-Flight] Running SSL renewal check..."
/scripts/renew_ssl.sh

# Setup Daily Cron for Renewal (run at 01:00)
# ==============================================================================
# GIT SYNC & DYNAMIC CONFIG SETUP
# ==============================================================================
REPO_DIR="/opt/repo"
GIT_USER="gitea-deploy"
GIT_PASS="o3%21VV3H6qBg%5Erucv2UvF6mdK%24NWyNj%403"
GIT_REPO="git.itguys.com.br/joao.goncalves/NgixProxy_Pathfinder.git"
GIT_URL="https://${GIT_USER}:${GIT_PASS}@${GIT_REPO}"

echo "[Pre-Flight] Checking repository at $REPO_DIR..."

if [ ! -d "$REPO_DIR/.git" ]; then
    echo "[Pre-Flight] Repository not found. Cloning..."
    # Ensure dir exists
    mkdir -p "$REPO_DIR"
    # Clone
    git clone "$GIT_URL" "$REPO_DIR"
else
    echo "[Pre-Flight] Repository exists. Pulling latest..."
    cd "$REPO_DIR"
    git config --global --add safe.directory "$REPO_DIR"
    
    # Attempt pull, if fails (lock file or corruption), wipe and re-clone
    if ! git pull; then
        echo "[Pre-Flight] ERROR: Git pull failed (likely corrupt ref/lock). Re-cloning..."
        cd /
        rm -rf "$REPO_DIR"
        mkdir -p "$REPO_DIR"
        git clone "$GIT_URL" "$REPO_DIR"
    fi
fi

# SYMLINK SETUP
# We want Nginx to use the configs from the repo (dynamic) instead of the baked-in ones (static).
echo "[Pre-Flight] Setting up symlinks..."

# 1. conf.d (Sites)
if [ -d "$REPO_DIR/conf.d" ]; then
    echo "[Pre-Flight] Linking conf.d..."
    rm -rf /etc/nginx/conf.d
    ln -s "$REPO_DIR/conf.d" /etc/nginx/conf.d
fi

# 2. snippets (Optional, but good for consistency)
if [ -d "$REPO_DIR/snippets" ]; then
    echo "[Pre-Flight] Linking snippets..."
    rm -rf /etc/nginx/snippets
    ln -s "$REPO_DIR/snippets" /etc/nginx/snippets
fi

# 3. ModSecurity Rules (Optional)
if [ -d "$REPO_DIR/modsec_rules" ]; then
    echo "[Pre-Flight] Linking modsec_rules..."
    rm -rf /etc/nginx/custom_rules
    ln -s "$REPO_DIR/modsec_rules" /etc/nginx/custom_rules
fi


# Setup Daily Cron for Renewal (run at 01:00)
echo "0 1 * * * /scripts/renew_ssl.sh >> /var/log/nginx/ssl_renew.log 2>&1" >> /etc/crontabs/root

# Setup Git Sync Cron (Run every 5 minutes)
echo "*/5 * * * * /scripts/git_sync.sh >> /var/log/nginx/git_sync.log 2>&1" >> /etc/crontabs/root

# Start Crond in background
crond -b -l 8

echo "[Pre-Flight] Checks complete. Starting NGINX..."
exec "$@"