Home Explore Help
Sign In
libremind
/
nginx-hardened-preferences
Watch 1
Star 1
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
nginx-harden...
/
nginx-hardened.sh

nginx-hardened.sh 790 B
Permalink History Raw

123456789101112131415161718192021222324 
  1. #!/bin/sh
    2. 

  2. 

  3. ##############################################
    4. 

  4. # Nginx-Hardened Startup Script              #
    5. 

  5. ##############################################
    6. 

  6. 

  7. # Detect old version and upgrade
    8. 

  8. Nginxchroothash=$(sha256sum /srv/nginxchroot/usr/sbin/nginx | awk '{print $1}')
    9. 

  9. Nginxoutsidehash=$(sha256sum /usr/sbin/nginx | awk '{print $1}')
    10. 

  10. if [ "$Nginxchroothash" != "$Nginxoutsidehash" ]
    11. 

  11. then
    12. 

  12.     echo "New version of Nginx detected! Updating chroot before running."
    13. 

  13.     umount /srv/nginxchroot/tmp
    14. 

  14.     umount /srv/nginxchroot/var/run
    15. 

  15.     rm -rf /srv/nginxchroot
    16. 

  16.     wait
    17. 

  17.     /bin/sh -c "/usr/libexec/nginx-hardened-scripts/nginxchroot.sh"
    18. 

  18.     wait
    19. 

  19. fi
    20. 

  20. 

  21. # Start Nginx inside of our chroot
    22. 

  22. echo "Running Nginx..."
    23. 

  23. chroot --userspec=http:http /srv/nginxchroot /usr/sbin/nginx -f /etc/nginx/nginx.conf
    24. 

  24.