mirror of
https://github.com/blakeblackshear/frigate.git
synced 2024-12-23 19:11:14 +01:00
bccffe6670
* implement self signed cert and monitor/reload * move go2rtc upstream to separate file * add directory for ACME challenges * make certsync more resilient * add TLS docs * add jwt secret info to docs
44 lines
1.4 KiB
Plaintext
Executable File
44 lines
1.4 KiB
Plaintext
Executable File
#!/command/with-contenv bash
|
|
# shellcheck shell=bash
|
|
# Start the NGINX service
|
|
|
|
set -o errexit -o nounset -o pipefail
|
|
|
|
# Logs should be sent to stdout so that s6 can collect them
|
|
|
|
echo "[INFO] Starting NGINX..."
|
|
|
|
function set_worker_processes() {
|
|
# Capture number of assigned CPUs to calculate worker processes
|
|
local proc_count
|
|
|
|
if proc_count=$(nproc --all) && [[ $proc_count -gt 4 ]]; then
|
|
proc_count=4;
|
|
fi
|
|
|
|
# we need to catch any errors because sed will fail if user has bind mounted a custom nginx file
|
|
sed -i "s/worker_processes auto;/worker_processes ${proc_count};/" /usr/local/nginx/conf/nginx.conf || true
|
|
}
|
|
|
|
set_worker_processes
|
|
|
|
# ensure the directory for ACME challenges exists
|
|
mkdir -p /etc/letsencrypt/www
|
|
|
|
# Create self signed certs if needed
|
|
letsencrypt_path=/etc/letsencrypt/live/frigate
|
|
mkdir -p $letsencrypt_path
|
|
|
|
if [ ! \( -f "$letsencrypt_path/privkey.pem" -a -f "$letsencrypt_path/fullchain.pem" \) ]; then
|
|
echo "[INFO] No TLS certificate found. Generating a self signed certificate..."
|
|
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \
|
|
-subj "/O=FRIGATE DEFAULT CERT/CN=*" \
|
|
-keyout "$letsencrypt_path/privkey.pem" -out "$letsencrypt_path/fullchain.pem"
|
|
fi
|
|
|
|
# Replace the bash process with the NGINX process, redirecting stderr to stdout
|
|
exec 2>&1
|
|
exec \
|
|
s6-notifyoncheck -t 30000 -n 1 \
|
|
nginx
|