#!/usr/bin/env python import os from subprocess import call from jinja2 import Template cookie_file = "/etc/nginx/cookies.conf" def print_to_file(content, filename): with open(filename, 'a') as content_file: content_file.write("\n".join(content.split('\\n'))) def render_nginx_config(env): with open('./nginx.conf', 'r') as content_file: content = content_file.read() template = Template(content) print_to_file(template.render(env), "/etc/nginx/nginx.conf") def generate_dh_param(): call(["openssl", "dhparam", "-out", "/etc/ssl/certs/dhparam.pem", "4096"]) def set_cookie_value(name, value): print_to_file("add_header Set-Cookie 'conjur_{0}={1}';".format(name, value), cookie_file) def read_env(): conjur_username = os.environ.get('CONJUR_USERNAME') conjur_password = os.environ.get('CONJUR_PASSWORD') if conjur_username: set_cookie_value('username', conjur_username) if conjur_password: set_cookie_value('password', conjur_password) conjur_appliance_url = os.environ.get('CONJUR_APPLIANCE_URL') conjur_appliance_ca = os.environ.get('CONJUR_APPLIANCE_CA') server_hostname = os.environ.get('SERVER_HOSTNAME', 'localhost') server_ssl_crt = os.environ.get('SERVER_SSL_CRT') server_ssl_key = os.environ.get('SERVER_SSL_KEY') dh_param = os.environ.get('DH_PARAM_PEM') server_ssl = False if server_ssl_crt and server_ssl_key: server_ssl = True print_to_file(server_ssl_key, "/etc/nginx/ssl.key") print_to_file(server_ssl_crt, "/etc/nginx/ssl.crt") if dh_param: print_to_file(dh_param, "/etc/ssl/certs/dhparam.pem") else: generate_dh_param() appliance_ca = False if conjur_appliance_ca: appliance_ca = True print_to_file(conjur_appliance_ca, "/etc/nginx/conjur.ca") env = { "server_ssl": server_ssl, "server_hostname": server_hostname, "appliance_ca": appliance_ca, "conjur_appliance_url": conjur_appliance_url } render_nginx_config(env) read_env() os.system('/usr/sbin/nginx -g "daemon off; error_log stderr info;"')