From 4fa974585c3db81c1d525bb311a1065a43ac661d Mon Sep 17 00:00:00 2001 From: Elliot Saba Date: Mon, 23 Mar 2020 17:24:15 -0700 Subject: [PATCH] Use `ps | grep` instead of `jobs | grep` It appears that `jobs` won't track the nginx processes started from a config reload, so let's use `ps` instead. Also, set `reuseport` on all listen interfaces in order to dodge kernels that don't like `nginx` restarting quickly. --- src/Dockerfile | 2 +- src/nginx_conf.d/certbot.conf | 4 ++-- src/scripts/entrypoint.sh | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Dockerfile b/src/Dockerfile index be8a4bc..5178874 100644 --- a/src/Dockerfile +++ b/src/Dockerfile @@ -8,7 +8,7 @@ EXPOSE 443 # Do this apt/pip stuff all in one RUN command to avoid creating large # intermediate layers on non-squashable docker installs RUN apt update && \ - apt install -y python python-dev libffi6 libffi-dev libssl-dev curl build-essential && \ + apt install -y python python-dev libffi6 libffi-dev libssl-dev curl build-essential procps && \ curl -L 'https://bootstrap.pypa.io/get-pip.py' | python && \ pip install -U cffi certbot && \ apt remove --purge -y python-dev build-essential libffi-dev libssl-dev curl && \ diff --git a/src/nginx_conf.d/certbot.conf b/src/nginx_conf.d/certbot.conf index 80d06bc..a045362 100644 --- a/src/nginx_conf.d/certbot.conf +++ b/src/nginx_conf.d/certbot.conf @@ -1,7 +1,7 @@ server { # Listen on plain old HTTP - listen 80 default_server; - listen [::]:80 default_server; + listen 80 default_server reuseport; + listen [::]:80 default_server reuseport; # Pass this particular URL off to certbot, to authenticate HTTPS certificates location '/.well-known/acme-challenge' { diff --git a/src/scripts/entrypoint.sh b/src/scripts/entrypoint.sh index 70c2982..7c902c8 100644 --- a/src/scripts/entrypoint.sh +++ b/src/scripts/entrypoint.sh @@ -31,7 +31,7 @@ while [ true ]; do # Make sure we do not run container empty (without nginx process). # If nginx quit for whatever reason then stop the container. # Leave the restart decision to the container orchestration. - if ! jobs | grep --quiet nginx ; then + if ! ps aux | grep --quiet nginx ; then exit 1 fi