123456789101112131415161718192021222324 |
- #!/bin/sh
- ##############################################
- # Nginx-Hardened Startup Script #
- ##############################################
- # Detect old version and upgrade
- Nginxchroothash=$(sha256sum /srv/nginxchroot/usr/sbin/nginx | awk '{print $1}')
- Nginxoutsidehash=$(sha256sum /usr/sbin/nginx | awk '{print $1}')
- if [ "$Nginxchroothash" != "$Nginxoutsidehash" ]
- then
- echo "New version of Nginx detected! Updating chroot before running."
- umount /srv/nginxchroot/tmp
- umount /srv/nginxchroot/var/run
- rm -rf /srv/nginxchroot
- wait
- /bin/sh -c "/usr/libexec/nginx-hardened-scripts/nginxchroot.sh"
- wait
- fi
- # Start Nginx inside of our chroot
- echo "Running Nginx..."
- chroot --userspec=http:http /srv/nginxchroot /usr/sbin/nginx -f /etc/nginx/nginx.conf
|