ThatGuyJack/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2025-07-12 04:39:37 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Ownership script shakeup

Browse Source 
- Don't touch a file to determine if we need to run
- Instead, check ownership of each location and skip it if we are happy
- Keeping SKIP_CERTBOT_OWNERSHIP flag
- More vebose logging of outcomes
This commit is contained in:
Jamie Curnow
2025-07-09 20:30:27 +10:00
parent 304b38e82b
commit 4f9df893c8
1 changed files with 42 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh
View File

@ -8,35 +8,53 @@ log_info 'Setting ownership ...'
# root # root
chown root /tmp/nginx chown root /tmp/nginx
# npm user and group locations=(
chown -R "$PUID:$PGID" /data "/data"
chown -R "$PUID:$PGID" /etc/letsencrypt "/etc/letsencrypt"
chown -R "$PUID:$PGID" /run/nginx "/run/nginx"
chown -R "$PUID:$PGID" /tmp/nginx "/tmp/nginx"
chown -R "$PUID:$PGID" /var/cache/nginx "/var/cache/nginx"
chown -R "$PUID:$PGID" /var/lib/logrotate "/var/lib/logrotate"
chown -R "$PUID:$PGID" /var/lib/nginx "/var/lib/nginx"
chown -R "$PUID:$PGID" /var/log/nginx "/var/log/nginx"
"/etc/nginx/nginx"
"/etc/nginx/nginx.conf"
"/etc/nginx/conf.d"
)
# Don't chown entire /etc/nginx folder as this causes crashes on some systems chownit() {
chown -R "$PUID:$PGID" /etc/nginx/nginx local dir="$1"
chown -R "$PUID:$PGID" /etc/nginx/nginx.conf local recursive="${2:-true}"
chown -R "$PUID:$PGID" /etc/nginx/conf.d
# Certbot directories - optimized approach local have
CERT_INIT_FLAG="/opt/certbot/.ownership_initialized" have="$(stat -c '%u:%g' "$dir")"
echo -n " $dir ... "
if [ ! -f "$CERT_INIT_FLAG" ] && [ "$SKIP_CERTBOT_OWNERSHIP" != "true" ]; then if [ "$have" != "$PUID:$PGID" ]; then
# Prevents errors when installing python certbot plugins when non-root if [ "$recursive" = 'true' ] && [ -d "$dir" ]; then
log_info 'Changing ownership of /opt/certbot directories ...' chown -R "$PUID:$PGID" "$dir"
chown "$PUID:$PGID" /opt/certbot /opt/certbot/bin else
chown "$PUID:$PGID" "$dir"
fi
echo "DONE"
else
echo "SKIPPED"
fi
}
for loc in "${locations[@]}"; do
chownit "$loc"
done
if [ "${SKIP_CERTBOT_OWNERSHIP:-}" != "true" ]; then
log_info 'Changing ownership of certbot directories, this may take some time ...'
chownit "/opt/certbot" false
chownit "/opt/certbot/bin" false
# Handle all site-packages directories efficiently # Handle all site-packages directories efficiently
find /opt/certbot/lib -type d -name "site-packages" | while read -r SITE_PACKAGES_DIR; do find /opt/certbot/lib -type d -name "site-packages" | while read -r SITE_PACKAGES_DIR; do
chown -R "$PUID:$PGID" "$SITE_PACKAGES_DIR" chownit "$SITE_PACKAGES_DIR"
done done
else
# Create a flag file to skip this step on subsequent runs log_info 'Skipping ownership change of certbot directories'
touch "$CERT_INIT_FLAG"
chown "$PUID:$PGID" "$CERT_INIT_FLAG"
fi fi