From c3018b06cf43bfd4fe157a976d4eb5a0464cbde9 Mon Sep 17 00:00:00 2001
From: Matthew Wild <mwild1@gmail.com>
Date: Fri, 11 Dec 2020 16:47:31 +0000
Subject: [PATCH] Honour SNIKKET_TWEAK_HTTP/S_PORT variables

---
 cert-monitor.sh      |  9 +++++++--
 entrypoint.sh        |  9 +++++++--
 nginx/http.template  | 12 ++++++------
 nginx/https.template | 16 ++++++++--------
 4 files changed, 28 insertions(+), 18 deletions(-)

diff --git a/cert-monitor.sh b/cert-monitor.sh
index 761a82a..55c290f 100755
--- a/cert-monitor.sh
+++ b/cert-monitor.sh
@@ -2,11 +2,16 @@
 
 CERT_PATH="/snikket/letsencrypt/live/$SNIKKET_DOMAIN/cert.pem"
 
+export SNIKKET_TWEAK_HTTP_PORT=${SNIKKET_TWEAK_HTTP_PORT-80}
+export SNIKKET_TWEAK_HTTPS_PORT=${SNIKKET_TWEAK_HTTP_PORT-443}
+export SNIKKET_TWEAK_INTERNAL_HTTP_PORT=${SNIKKET_TWEAK_INTERNAL_HTTP_PORT-5280}
+
 while sleep 10; do
 	if test -f "$CERT_PATH"; then
 		for proto in http https; do
-			sed "s/SNIKKET_DOMAIN/$SNIKKET_DOMAIN/g" /etc/nginx/templates/$proto \
-			    > /etc/nginx/sites-enabled/$proto;
+			envsubst '$SNIKKET_DOMAIN $SNIKKET_TWEAK_HTTP_PORT $SNIKKET_TWEAK_HTTPS_PORT $SNIKKET_TWEAK_INTERNAL_HTTP_PORT' \
+			  < /etc/nginx/templates/$proto \
+			  > /etc/nginx/sites-enabled/$proto;
 		done
 		/usr/sbin/nginx -s reload
 		exit 0;
diff --git a/entrypoint.sh b/entrypoint.sh
index d30fd4c..872d5a7 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -2,11 +2,16 @@
 
 CERT_PATH="/snikket/letsencrypt/live/$SNIKKET_DOMAIN/cert.pem"
 
+export SNIKKET_TWEAK_HTTP_PORT=${SNIKKET_TWEAK_HTTP_PORT-80}
+export SNIKKET_TWEAK_HTTPS_PORT=${SNIKKET_TWEAK_HTTP_PORT-443}
+export SNIKKET_TWEAK_INTERNAL_HTTP_PORT=${SNIKKET_TWEAK_INTERNAL_HTTP_PORT-5280}
+
 if test -f "$CERT_PATH"; then
 	## Certs already exist - render and deploy configs
 	for proto in http https; do
-		sed "s/SNIKKET_DOMAIN/$SNIKKET_DOMAIN/g" /etc/nginx/templates/$proto \
-		    > /etc/nginx/sites-enabled/$proto;
+		envsubst '$SNIKKET_DOMAIN $SNIKKET_TWEAK_HTTP_PORT $SNIKKET_TWEAK_HTTPS_PORT $SNIKKET_TWEAK_INTERNAL_HTTP_PORT' \
+		  < /etc/nginx/templates/$proto \
+		  > /etc/nginx/sites-enabled/$proto;
 	done
 fi
 
diff --git a/nginx/http.template b/nginx/http.template
index c9cb52d..f87d62a 100644
--- a/nginx/http.template
+++ b/nginx/http.template
@@ -1,13 +1,13 @@
 server {
-    listen 80;
-    listen [::]:80;
+    listen ${SNIKKET_TWEAK_HTTP_PORT};
+    listen [::]:${SNIKKET_TWEAK_HTTP_PORT};
 
-    server_name SNIKKET_DOMAIN;
-    server_name groups.SNIKKET_DOMAIN;
-    server_name share.SNIKKET_DOMAIN;
+    server_name ${SNIKKET_DOMAIN};
+    server_name groups.${SNIKKET_DOMAIN};
+    server_name share.${SNIKKET_DOMAIN};
 
     location / {
-        proxy_pass http://localhost:5280/;
+        proxy_pass http://localhost:${SNIKKET_TWEAK_INTERNAL_HTTP_PORT}/;
         proxy_set_header  Host            $host;
         proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header  X-Forwarded-Proto http;
diff --git a/nginx/https.template b/nginx/https.template
index ce39e16..e7ea42d 100644
--- a/nginx/https.template
+++ b/nginx/https.template
@@ -1,9 +1,9 @@
 server {
-    listen 443 ssl;
-    listen [::]:443 ssl ipv6only=on;
+    listen ${SNIKKET_TWEAK_HTTPS_PORT} ssl;
+    listen [::]:${SNIKKET_TWEAK_HTTPS_PORT} ssl ipv6only=on;
 
-    ssl_certificate     /snikket/letsencrypt/live/SNIKKET_DOMAIN/fullchain.pem;
-    ssl_certificate_key /snikket/letsencrypt/live/SNIKKET_DOMAIN/privkey.pem;
+    ssl_certificate     /snikket/letsencrypt/live/${SNIKKET_DOMAIN}/fullchain.pem;
+    ssl_certificate_key /snikket/letsencrypt/live/${SNIKKET_DOMAIN}/privkey.pem;
 
     ssl_session_cache shared:le_nginx_SSL:1m;
     ssl_session_timeout 1440m;
@@ -11,12 +11,12 @@ server {
     ssl_prefer_server_ciphers on;
     ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";
 
-    server_name SNIKKET_DOMAIN;
-    server_name groups.SNIKKET_DOMAIN;
-    server_name share.SNIKKET_DOMAIN;
+    server_name ${SNIKKET_DOMAIN};
+    server_name groups.${SNIKKET_DOMAIN};
+    server_name share.${SNIKKET_DOMAIN};
 
     location / {
-        proxy_pass http://localhost:5280/;
+        proxy_pass http://localhost:${SNIKKET_TWEAK_INTERNAL_HTTP_PORT}/;
         proxy_set_header  Host            $host;
         proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header  X-Forwarded-Proto https;