ThatGuyJack/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2025-07-09 19:29:38 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Ownership script shakeup

Browse Source 
- Don't touch a file to determine if we need to run
- Instead, check ownership of each location and skip it if we are happy
- Keeping SKIP_CERTBOT_OWNERSHIP flag
- More vebose logging of outcomes
This commit is contained in:
Jamie Curnow
2025-07-09 20:30:27 +10:00
parent 304b38e82b
commit 4f9df893c8
1 changed files with 42 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh
View File

@ -8,35 +8,53 @@ log_info 'Setting ownership ...'
# root
chown root /tmp/nginx
# npm user and group
chown -R "$PUID:$PGID" /data
chown -R "$PUID:$PGID" /etc/letsencrypt
chown -R "$PUID:$PGID" /run/nginx
chown -R "$PUID:$PGID" /tmp/nginx
chown -R "$PUID:$PGID" /var/cache/nginx
chown -R "$PUID:$PGID" /var/lib/logrotate
chown -R "$PUID:$PGID" /var/lib/nginx
chown -R "$PUID:$PGID" /var/log/nginx
locations=(
"/data"
"/etc/letsencrypt"
"/run/nginx"
"/tmp/nginx"
"/var/cache/nginx"
"/var/lib/logrotate"
"/var/lib/nginx"
"/var/log/nginx"
"/etc/nginx/nginx"
"/etc/nginx/nginx.conf"
"/etc/nginx/conf.d"
)
# Don't chown entire /etc/nginx folder as this causes crashes on some systems
chown -R "$PUID:$PGID" /etc/nginx/nginx
chown -R "$PUID:$PGID" /etc/nginx/nginx.conf
chown -R "$PUID:$PGID" /etc/nginx/conf.d
chownit() {
local dir="$1"
local recursive="${2:-true}"
# Certbot directories - optimized approach
CERT_INIT_FLAG="/opt/certbot/.ownership_initialized"
local have
have="$(stat -c '%u:%g' "$dir")"
echo -n " $dir ... "
if [ ! -f "$CERT_INIT_FLAG" ] && [ "$SKIP_CERTBOT_OWNERSHIP" != "true" ]; then
# Prevents errors when installing python certbot plugins when non-root
log_info 'Changing ownership of /opt/certbot directories ...'
chown "$PUID:$PGID" /opt/certbot /opt/certbot/bin
if [ "$have" != "$PUID:$PGID" ]; then
if [ "$recursive" = 'true' ] && [ -d "$dir" ]; then
chown -R "$PUID:$PGID" "$dir"
else
chown "$PUID:$PGID" "$dir"
fi
echo "DONE"
else
echo "SKIPPED"
fi
}
for loc in "${locations[@]}"; do
chownit "$loc"
done
if [ "${SKIP_CERTBOT_OWNERSHIP:-}" != "true" ]; then
log_info 'Changing ownership of certbot directories, this may take some time ...'
chownit "/opt/certbot" false
chownit "/opt/certbot/bin" false
# Handle all site-packages directories efficiently
find /opt/certbot/lib -type d -name "site-packages" | while read -r SITE_PACKAGES_DIR; do
chown -R "$PUID:$PGID" "$SITE_PACKAGES_DIR"
chownit "$SITE_PACKAGES_DIR"
done
# Create a flag file to skip this step on subsequent runs
touch "$CERT_INIT_FLAG"
chown "$PUID:$PGID" "$CERT_INIT_FLAG"
else
log_info 'Skipping ownership change of certbot directories'
fi