Honour SNIKKET_TWEAK_HTTP/S_PORT variables

cert-monitor.sh

@@ -2,11 +2,16 @@
 
 CERT_PATH="/snikket/letsencrypt/live/$SNIKKET_DOMAIN/cert.pem"
 
+export SNIKKET_TWEAK_HTTP_PORT=${SNIKKET_TWEAK_HTTP_PORT-80}
+export SNIKKET_TWEAK_HTTPS_PORT=${SNIKKET_TWEAK_HTTP_PORT-443}
+export SNIKKET_TWEAK_INTERNAL_HTTP_PORT=${SNIKKET_TWEAK_INTERNAL_HTTP_PORT-5280}
+
 while sleep 10; do
 	if test -f "$CERT_PATH"; then
 		for proto in http https; do
-			sed "s/SNIKKET_DOMAIN/$SNIKKET_DOMAIN/g" /etc/nginx/templates/$proto \
-			    > /etc/nginx/sites-enabled/$proto;
+			envsubst '$SNIKKET_DOMAIN $SNIKKET_TWEAK_HTTP_PORT $SNIKKET_TWEAK_HTTPS_PORT $SNIKKET_TWEAK_INTERNAL_HTTP_PORT' \
+			  < /etc/nginx/templates/$proto \
+			  > /etc/nginx/sites-enabled/$proto;
 		done
 		/usr/sbin/nginx -s reload
 		exit 0;

entrypoint.sh

@@ -2,11 +2,16 @@
 
 CERT_PATH="/snikket/letsencrypt/live/$SNIKKET_DOMAIN/cert.pem"
 
+export SNIKKET_TWEAK_HTTP_PORT=${SNIKKET_TWEAK_HTTP_PORT-80}
+export SNIKKET_TWEAK_HTTPS_PORT=${SNIKKET_TWEAK_HTTP_PORT-443}
+export SNIKKET_TWEAK_INTERNAL_HTTP_PORT=${SNIKKET_TWEAK_INTERNAL_HTTP_PORT-5280}
+
 if test -f "$CERT_PATH"; then
 	## Certs already exist - render and deploy configs
 	for proto in http https; do
-		sed "s/SNIKKET_DOMAIN/$SNIKKET_DOMAIN/g" /etc/nginx/templates/$proto \
-		    > /etc/nginx/sites-enabled/$proto;
+		envsubst '$SNIKKET_DOMAIN $SNIKKET_TWEAK_HTTP_PORT $SNIKKET_TWEAK_HTTPS_PORT $SNIKKET_TWEAK_INTERNAL_HTTP_PORT' \
+		  < /etc/nginx/templates/$proto \
+		  > /etc/nginx/sites-enabled/$proto;
 	done
 fi
 

nginx/http.template

@@ -1,13 +1,13 @@
 server {
-    listen 80;
-    listen [::]:80;
+    listen ${SNIKKET_TWEAK_HTTP_PORT};
+    listen [::]:${SNIKKET_TWEAK_HTTP_PORT};
 
-    server_name SNIKKET_DOMAIN;
-    server_name groups.SNIKKET_DOMAIN;
-    server_name share.SNIKKET_DOMAIN;
+    server_name ${SNIKKET_DOMAIN};
+    server_name groups.${SNIKKET_DOMAIN};
+    server_name share.${SNIKKET_DOMAIN};
 
     location / {
-        proxy_pass http://localhost:5280/;
+        proxy_pass http://localhost:${SNIKKET_TWEAK_INTERNAL_HTTP_PORT}/;
         proxy_set_header  Host            $host;
         proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header  X-Forwarded-Proto http;

nginx/https.template

@@ -1,9 +1,9 @@
 server {
-    listen 443 ssl;
-    listen [::]:443 ssl ipv6only=on;
+    listen ${SNIKKET_TWEAK_HTTPS_PORT} ssl;
+    listen [::]:${SNIKKET_TWEAK_HTTPS_PORT} ssl ipv6only=on;
 
-    ssl_certificate     /snikket/letsencrypt/live/SNIKKET_DOMAIN/fullchain.pem;
-    ssl_certificate_key /snikket/letsencrypt/live/SNIKKET_DOMAIN/privkey.pem;
+    ssl_certificate     /snikket/letsencrypt/live/${SNIKKET_DOMAIN}/fullchain.pem;
+    ssl_certificate_key /snikket/letsencrypt/live/${SNIKKET_DOMAIN}/privkey.pem;
 
     ssl_session_cache shared:le_nginx_SSL:1m;
     ssl_session_timeout 1440m;
@@ -11,12 +11,12 @@ server {
     ssl_prefer_server_ciphers on;
     ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";
 
-    server_name SNIKKET_DOMAIN;
-    server_name groups.SNIKKET_DOMAIN;
-    server_name share.SNIKKET_DOMAIN;
+    server_name ${SNIKKET_DOMAIN};
+    server_name groups.${SNIKKET_DOMAIN};
+    server_name share.${SNIKKET_DOMAIN};
 
     location / {
-        proxy_pass http://localhost:5280/;
+        proxy_pass http://localhost:${SNIKKET_TWEAK_INTERNAL_HTTP_PORT}/;
         proxy_set_header  Host            $host;
         proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header  X-Forwarded-Proto https;