mirror of
https://github.com/NginxProxyManager/nginx-proxy-manager.git
synced 2026-02-27 12:55:21 +00:00
7241869a9e
Replace unsafe `echo "$(sed ...)" > $FILE` with atomic temp-file write. The current pattern reads a file with sed inside a command substitution, then writes the result back via echo redirection. If sed reads an empty or momentarily unreadable file (e.g., NFS transient issue during container recreation by Watchtower or similar tools), it produces no output. The echo then writes exactly 1 byte (a newline) to the config file, silently destroying its contents. The fix writes sed output to a temp file first, checks it's non-empty with `[ -s ]`, then atomically replaces the original via `mv`. If sed produces empty output, the original file is preserved and a warning is logged to stderr.
43 lines
999 B
Bash
Executable File
43 lines
999 B
Bash
Executable File
#!/command/with-contenv bash
|
|
# shellcheck shell=bash
|
|
|
|
# This command reads the `DISABLE_IPV6` env var and will either enable
|
|
# or disable ipv6 in all nginx configs based on this setting.
|
|
|
|
set -e
|
|
|
|
log_info 'IPv6 ...'
|
|
|
|
process_folder () {
|
|
FILES=$(find "$1" -type f -name "*.conf")
|
|
SED_REGEX=
|
|
|
|
if [ "$(is_true "$DISABLE_IPV6")" = '1' ]; then
|
|
# IPV6 is disabled
|
|
echo "Disabling IPV6 in hosts in: $1"
|
|
SED_REGEX='s/^([^#]*)listen \[::\]/\1#listen [::]/g'
|
|
else
|
|
# IPV6 is enabled
|
|
echo "Enabling IPV6 in hosts in: $1"
|
|
SED_REGEX='s/^(\s*)#listen \[::\]/\1listen [::]/g'
|
|
fi
|
|
|
|
for FILE in $FILES
|
|
do
|
|
echo "- ${FILE}"
|
|
TMPFILE="${FILE}.tmp"
|
|
if sed -E "$SED_REGEX" "$FILE" > "$TMPFILE" && [ -s "$TMPFILE" ]; then
|
|
mv "$TMPFILE" "$FILE"
|
|
else
|
|
echo "WARNING: skipping ${FILE} — sed produced empty output" >&2
|
|
rm -f "$TMPFILE"
|
|
fi
|
|
done
|
|
|
|
# ensure the files are still owned by the npm user
|
|
chown -R "$PUID:$PGID" "$1"
|
|
}
|
|
|
|
process_folder /etc/nginx/conf.d
|
|
process_folder /data/nginx
|