diff --git a/core/files/entrypoint.sh b/core/files/entrypoint.sh index aa4ab32..347c814 100755 --- a/core/files/entrypoint.sh +++ b/core/files/entrypoint.sh @@ -70,5 +70,22 @@ export NGINX_X_FORWARDED_FOR=${NGINX_X_FORWARDED_FOR:-false} export NGINX_SET_REAL_IP_FROM=${NGINX_SET_REAL_IP_FROM} export NGINX_CLIENT_MAX_BODY_SIZE=${NGINX_CLIENT_MAX_BODY_SIZE:-50M} -# start supervisord using the main configuration file so we have a socket interface -/usr/bin/supervisord -c /etc/supervisor/supervisord.conf +if [ -n "$KUBERNETES_SERVICE_HOST" ]; then + case "$CONTAINER_NAME" in + nginx*) + exec /entrypoint_k8s_nginx.sh + ;; + php*) + # Not ideal, but let supervisord manage the workers still + mv /etc/supervisor/conf.d/10-supervisor.conf{.k8s,} + /usr/bin/supervisord -c /etc/supervisor/supervisord.conf & + exec /entrypoint_k8s_fpm.sh + ;; + cron*) + exec /entrypoint_cron.sh + ;; + esac +else + # start supervisord using the main configuration file so we have a socket interface + /usr/bin/supervisord -c /etc/supervisor/supervisord.conf +fi diff --git a/core/files/entrypoint_cron.sh b/core/files/entrypoint_cron.sh index 66e5bf8..5a2640f 100755 --- a/core/files/entrypoint_cron.sh +++ b/core/files/entrypoint_cron.sh @@ -30,6 +30,11 @@ if [[ ! -p /tmp/cronlog ]]; then mkfifo -m 777 /tmp/cronlog fi +if [ -n "$KUBERNETES_SERVICE_HOST" ]; then + tail -f /tmp/cronlog & + exec cron -l -f +fi + # Build another fifo for the cron pipe if [[ ! -p /tmp/cronpipe ]]; then mkfifo /tmp/cronpipe diff --git a/core/files/entrypoint_fpm.sh b/core/files/entrypoint_fpm.sh index d2d2606..30d7469 100755 --- a/core/files/entrypoint_fpm.sh +++ b/core/files/entrypoint_fpm.sh @@ -30,6 +30,7 @@ change_php_vars() { sed -i "s|.*session.save_path = .*|session.save_path = '$(echo $REDIS_HOST | grep -E '^\w+://' || echo tcp://$REDIS_HOST):$REDIS_PORT?auth=${ESCAPED}'|" "$FILE" sed -i "s/session.sid_length = .*/session.sid_length = 64/" "$FILE" sed -i "s/session.use_strict_mode = .*/session.use_strict_mode = 1/" "$FILE" + sed -i "s|session.cookie_domain = .*|session.cookie_domain = ${BASE_URL}|" "$FILE" done for FILE in /etc/php/*/fpm/pool.d/www.conf @@ -59,9 +60,17 @@ change_php_vars() { echo "Configure PHP | Disabling 'pm.status_listen'" sed -i -E "s/^pm.status_listen =/;pm.status_listen =/" "$FILE" fi + if [[ -n "$PHP_FPM_SOCK_FILE" ]]; then + echo "Configure PHP | Setting 'listen' to ${PHP_FPM_SOCK_FILE}" + sed -i "/^listen =/s@=.*@= ${PHP_FPM_SOCK_FILE}@" "$FILE" + fi done } +if [ -n "${BASH_SOURCE[0]}" ]; then + return +fi + echo "Configure PHP | Change PHP values ..." && change_php_vars echo "Configure PHP | Starting PHP FPM" diff --git a/core/files/entrypoint_k8s_fpm.sh b/core/files/entrypoint_k8s_fpm.sh new file mode 100755 index 0000000..c12ec83 --- /dev/null +++ b/core/files/entrypoint_k8s_fpm.sh @@ -0,0 +1,26 @@ +#!/bin/bash -e + +source /entrypoint_nginx.sh +source /entrypoint_fpm.sh + +# Initialize MySQL +echo "INIT | Initialize MySQL ..." && init_mysql + +# Initialize MISP +echo "INIT | Initialize MISP files and configurations ..." && init_misp_data_files +echo "INIT | Update MISP app/files directory ..." && update_misp_data_files +echo "INIT | Enforce MISP permissions ..." && enforce_misp_data_permissions + +# Run configure MISP script +echo "INIT | Configure MISP installation ..." +/configure_misp.sh + +if [[ -x /custom/files/customize_misp.sh ]]; then + echo "INIT | Customize MISP installation ..." + /custom/files/customize_misp.sh +fi + +echo "Configure PHP | Change PHP values ..." && change_php_vars + +echo "Configure PHP | Starting PHP FPM" +exec /usr/sbin/php-fpm8.2 -R -F diff --git a/core/files/entrypoint_k8s_nginx.sh b/core/files/entrypoint_k8s_nginx.sh new file mode 100755 index 0000000..cc9634c --- /dev/null +++ b/core/files/entrypoint_k8s_nginx.sh @@ -0,0 +1,11 @@ +#!/bin/bash -e + +source /entrypoint_nginx.sh + +# Initialize nginx +echo "INIT | Initialize NGINX ..." && init_nginx +echo "INIT | Flip NGINX live ..." && flip_nginx true true + +# launch nginx as current shell process in container +exec nginx -g 'daemon off;' + diff --git a/core/files/entrypoint_nginx.sh b/core/files/entrypoint_nginx.sh index 2319be5..5fabe50 100755 --- a/core/files/entrypoint_nginx.sh +++ b/core/files/entrypoint_nginx.sh @@ -210,13 +210,19 @@ flip_nginx() { echo "... nginx docroot set to ${NGINX_DOC_ROOT}" sed -i "s|root.*var/www.*|root ${NGINX_DOC_ROOT};|" /etc/nginx/includes/misp - if [[ "$reload" = "true" ]]; then + if [[ "$reload" = "true" ]] && [[ -z "$KUBERNETES_SERVICE_HOST" ]]; then echo "... nginx reloaded" nginx -s reload fi } init_nginx() { + # Optional location of PHP-FPM sock file + if [[ -n "$PHP_FPM_SOCK_FILE" ]]; then + echo "... setting 'fastcgi_pass' to unix:${PHP_FPM_SOCK_FILE}" + sed -i "s@fastcgi_pass .*;@fastcgi_pass unix:${PHP_FPM_SOCK_FILE};@" /etc/nginx/includes/misp + fi + # Adjust timeouts echo "... adjusting 'fastcgi_read_timeout' to ${FASTCGI_READ_TIMEOUT}" sed -i "s/fastcgi_read_timeout .*;/fastcgi_read_timeout ${FASTCGI_READ_TIMEOUT};/" /etc/nginx/includes/misp @@ -356,6 +362,9 @@ init_nginx() { flip_nginx false false } +if [ -n "${BASH_SOURCE[0]}" ]; then + return +fi # Initialize MySQL echo "INIT | Initialize MySQL ..." && init_mysql diff --git a/core/files/etc/supervisor/conf.d/10-supervisor.conf.k8s b/core/files/etc/supervisor/conf.d/10-supervisor.conf.k8s new file mode 100644 index 0000000..aa929c2 --- /dev/null +++ b/core/files/etc/supervisor/conf.d/10-supervisor.conf.k8s @@ -0,0 +1,12 @@ +[supervisord] +nodaemon=true +user=root +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 + +[inet_http_server] +port=127.0.0.1:9001 +username=supervisor +password=supervisor