Safer and flexible boolean env vars

- Don't touch a file to determine if we need to run
- Instead, check ownership of each location and skip it if we are happy
- Keeping SKIP_CERTBOT_OWNERSHIP flag
- More vebose logging of outcomes

.version

@@ -1 +1 @@
-2.12.5
+2.12.6

README.md

@@ -1,7 +1,7 @@
 <p align="center">
 	<img src="https://nginxproxymanager.com/github.png">
 	<br><br>
-	<img src="https://img.shields.io/badge/version-2.12.5-green.svg?style=for-the-badge">
+	<img src="https://img.shields.io/badge/version-2.12.6-green.svg?style=for-the-badge">
 	<a href="https://hub.docker.com/repository/docker/jc21/nginx-proxy-manager">
 		<img src="https://img.shields.io/docker/stars/jc21/nginx-proxy-manager.svg?style=for-the-badge">
 	</a>

docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/30-ownership.sh

@@ -8,37 +8,53 @@ log_info 'Setting ownership ...'
 # root
 chown root /tmp/nginx
 
-# npm user and group
-chown -R "$PUID:$PGID" /data
-chown -R "$PUID:$PGID" /etc/letsencrypt
-chown -R "$PUID:$PGID" /run/nginx
-chown -R "$PUID:$PGID" /tmp/nginx
-chown -R "$PUID:$PGID" /var/cache/nginx
-chown -R "$PUID:$PGID" /var/lib/logrotate
-chown -R "$PUID:$PGID" /var/lib/nginx
-chown -R "$PUID:$PGID" /var/log/nginx
+locations=(
+	"/data"
+	"/etc/letsencrypt"
+	"/run/nginx"
+	"/tmp/nginx"
+	"/var/cache/nginx"
+	"/var/lib/logrotate"
+	"/var/lib/nginx"
+	"/var/log/nginx"
+	"/etc/nginx/nginx"
+	"/etc/nginx/nginx.conf"
+	"/etc/nginx/conf.d"
+)
 
-# Don't chown entire /etc/nginx folder as this causes crashes on some systems
-chown -R "$PUID:$PGID" /etc/nginx/nginx
-chown -R "$PUID:$PGID" /etc/nginx/nginx.conf
-chown -R "$PUID:$PGID" /etc/nginx/conf.d
+chownit() {
+	local dir="$1"
+	local recursive="${2:-true}"
 
-# Certbot directories - optimized approach
-CERT_INIT_FLAG="/opt/certbot/.ownership_initialized"
+	local have
+	have="$(stat -c '%u:%g' "$dir")"
+	echo "- $dir ... "
 
-if [ ! -f "$CERT_INIT_FLAG" ]; then
-	# Prevents errors when installing python certbot plugins when non-root
-	if [ "$SKIP_CERTBOT_OWNERSHIP" != "true" ]; then
-		log_info 'Changing ownership of /opt/certbot directories ...'
-		chown "$PUID:$PGID" /opt/certbot /opt/certbot/bin
+	if [ "$have" != "$PUID:$PGID" ]; then
+		if [ "$recursive" = 'true' ] && [ -d "$dir" ]; then
+			chown -R "$PUID:$PGID" "$dir"
+		else
+			chown "$PUID:$PGID" "$dir"
+		fi
+		echo "    DONE"
+	else
+		echo "    SKIPPED"
 	fi
+}
+
+for loc in "${locations[@]}"; do
+	chownit "$loc"
+done
+
+if [ "$(is_true "${SKIP_CERTBOT_OWNERSHIP:-}")" = '1' ]; then
+	log_info 'Skipping ownership change of certbot directories'
+else
+	log_info 'Changing ownership of certbot directories, this may take some time ...'
+	chownit "/opt/certbot" false
+	chownit "/opt/certbot/bin" false
 
 	# Handle all site-packages directories efficiently
 	find /opt/certbot/lib -type d -name "site-packages" | while read -r SITE_PACKAGES_DIR; do
-		chown -R "$PUID:$PGID" "$SITE_PACKAGES_DIR"
+		chownit "$SITE_PACKAGES_DIR"
 	done
-
-	# Create a flag file to skip this step on subsequent runs
-	touch "$CERT_INIT_FLAG"
-	chown "$PUID:$PGID" "$CERT_INIT_FLAG"
 fi

docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/40-dynamic.sh

@@ -5,12 +5,9 @@ set -e
 
 log_info 'Dynamic resolvers ...'
 
-DISABLE_IPV6=$(echo "${DISABLE_IPV6:-}" | tr '[:upper:]' '[:lower:]')
-
 # Dynamically generate resolvers file, if resolver is IPv6, enclose in `[]`
 # thanks @tfmm
-if [ "$DISABLE_IPV6" == "true" ] || [ "$DISABLE_IPV6" == "on" ] || [ "$DISABLE_IPV6" == "1" ] || [ "$DISABLE_IPV6" == "yes" ];
-then
+if [ "$(is_true "$DISABLE_IPV6")" = '1' ]; then
 	echo resolver "$(awk 'BEGIN{ORS=" "} $1=="nameserver" { sub(/%.*$/,"",$2); print ($2 ~ ":")? "["$2"]": $2}' /etc/resolv.conf) ipv6=off valid=10s;" > /etc/nginx/conf.d/include/resolvers.conf
 else
 	echo resolver "$(awk 'BEGIN{ORS=" "} $1=="nameserver" { sub(/%.*$/,"",$2); print ($2 ~ ":")? "["$2"]": $2}' /etc/resolv.conf) valid=10s;" > /etc/nginx/conf.d/include/resolvers.conf

docker/rootfs/etc/s6-overlay/s6-rc.d/prepare/50-ipv6.sh

@@ -8,14 +8,11 @@ set -e
 
 log_info 'IPv6 ...'
 
-# Lowercase
-DISABLE_IPV6=$(echo "${DISABLE_IPV6:-}" | tr '[:upper:]' '[:lower:]')
-
 process_folder () {
 	FILES=$(find "$1" -type f -name "*.conf")
 	SED_REGEX=
 
-	if [ "$DISABLE_IPV6" == "true" ] || [ "$DISABLE_IPV6" == "on" ] || [ "$DISABLE_IPV6" == "1" ] || [ "$DISABLE_IPV6" == "yes" ]; then
+	if [ "$(is_true "$DISABLE_IPV6")" = '1' ]; then
 		# IPV6 is disabled
 		echo "Disabling IPV6 in hosts in: $1"
 		SED_REGEX='s/^([^#]*)listen \[::\]/\1#listen [::]/g'

docker/rootfs/usr/bin/common.sh

@@ -56,3 +56,13 @@ get_group_id () {
 		getent group "$1" | cut -d: -f3
 	fi
 }
+
+# param $1: value
+is_true () {
+	VAL=$(echo "${1:-}" | tr '[:upper:]' '[:lower:]')
+	if [ "$VAL" == 'true' ] || [ "$VAL" == 'on' ] || [ "$VAL" == '1' ] || [ "$VAL" == 'yes' ]; then
+		echo '1'
+	else
+		echo '0'
+	fi
+}