From 4fa974585c3db81c1d525bb311a1065a43ac661d Mon Sep 17 00:00:00 2001
From: Elliot Saba <staticfloat@gmail.com>
Date: Mon, 23 Mar 2020 17:24:15 -0700
Subject: [PATCH] Use `ps | grep` instead of `jobs | grep`

It appears that `jobs` won't track the nginx processes started from a
config reload, so let's use `ps` instead.  Also, set `reuseport` on all
listen interfaces in order to dodge kernels that don't like `nginx`
restarting quickly.
---
 src/Dockerfile                | 2 +-
 src/nginx_conf.d/certbot.conf | 4 ++--
 src/scripts/entrypoint.sh     | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/Dockerfile b/src/Dockerfile
index be8a4bc..5178874 100644
--- a/src/Dockerfile
+++ b/src/Dockerfile
@@ -8,7 +8,7 @@ EXPOSE 443
 # Do this apt/pip stuff all in one RUN command to avoid creating large
 # intermediate layers on non-squashable docker installs
 RUN apt update && \
-    apt install -y python python-dev libffi6 libffi-dev libssl-dev curl build-essential && \
+    apt install -y python python-dev libffi6 libffi-dev libssl-dev curl build-essential procps && \
     curl -L 'https://bootstrap.pypa.io/get-pip.py' | python && \
     pip install -U cffi certbot && \
     apt remove --purge -y python-dev build-essential libffi-dev libssl-dev curl && \
diff --git a/src/nginx_conf.d/certbot.conf b/src/nginx_conf.d/certbot.conf
index 80d06bc..a045362 100644
--- a/src/nginx_conf.d/certbot.conf
+++ b/src/nginx_conf.d/certbot.conf
@@ -1,7 +1,7 @@
 server {
     # Listen on plain old HTTP
-    listen 80 default_server;
-    listen [::]:80 default_server;
+    listen 80 default_server reuseport;
+    listen [::]:80 default_server reuseport;
 
     # Pass this particular URL off to certbot, to authenticate HTTPS certificates
     location '/.well-known/acme-challenge' {
diff --git a/src/scripts/entrypoint.sh b/src/scripts/entrypoint.sh
index 70c2982..7c902c8 100644
--- a/src/scripts/entrypoint.sh
+++ b/src/scripts/entrypoint.sh
@@ -31,7 +31,7 @@ while [ true ]; do
     # Make sure we do not run container empty (without nginx process).
     # If nginx quit for whatever reason then stop the container.
     # Leave the restart decision to the container orchestration.
-    if ! jobs | grep --quiet nginx ; then
+    if ! ps aux | grep --quiet nginx ; then
         exit 1
     fi