nginx-hardened.sh 790 B

123456789101112131415161718192021222324
  1. #!/bin/sh
  2. ##############################################
  3. # Nginx-Hardened Startup Script #
  4. ##############################################
  5. # Detect old version and upgrade
  6. Nginxchroothash=$(sha256sum /srv/nginxchroot/usr/sbin/nginx | awk '{print $1}')
  7. Nginxoutsidehash=$(sha256sum /usr/sbin/nginx | awk '{print $1}')
  8. if [ "$Nginxchroothash" != "$Nginxoutsidehash" ]
  9. then
  10. echo "New version of Nginx detected! Updating chroot before running."
  11. umount /srv/nginxchroot/tmp
  12. umount /srv/nginxchroot/var/run
  13. rm -rf /srv/nginxchroot
  14. wait
  15. /bin/sh -c "/usr/libexec/nginx-hardened-scripts/nginxchroot.sh"
  16. wait
  17. fi
  18. # Start Nginx inside of our chroot
  19. echo "Running Nginx..."
  20. chroot --userspec=http:http /srv/nginxchroot /usr/sbin/nginx -f /etc/nginx/nginx.conf