Merge branch 'f_param_port' into develop

boxboat · Aug 1, 2018 · 6fc5543 · 6fc5543
2 parents 5eab599 + bdefb35
commit 6fc5543
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 12 deletions.
diff --git a/README.md b/README.md
@@ -21,6 +21,7 @@ This repository builds a Docker Image that protects an upstream server using [Ok
 
 - `COOKIE_NAME` - Defaults to `okta-jwt`. The name of the cookie that holds the Authorization Token
 - `INJECT_REFRESH_JS` - Defaults to `true`.  Set to `false` to disable injection of JavaScript that transparently refreshes Access Tokens when they are close to expiring
+- `LISTEN` - Defaults to `80`.  Specify another port to change the listening port number.  See [nginx listen](http://nginx.org/en/docs/http/ngx_http_core_module.html#listen) for options, such as TLS and unix sockets
 - `REQUEST_TIMEOUT` - Defaults to `5`.  Timeout for calling the Okta `token` endpoint to retrieve an Authorization Token
 - `SSO_PATH` - Defaults to `/sso/`. Path for SSO error and refresh endpoints.  Should include leading and trailing slash
 

diff --git a/stage/etc/nginx/templates/default.conf b/stage/etc/nginx/templates/default.conf
@@ -3,7 +3,7 @@ upstream auth_server {
 }
 
 server {
-    listen 80 default_server;
+    listen ${LISTEN};
     server_name _;
 
     # additional configuration for default_server

diff --git a/stage/usr/local/bin/run.sh b/stage/usr/local/bin/run.sh
@@ -39,11 +39,27 @@ if [ "$okta_verify_started" = "false" ]; then
 fi
 echo "okta-nginx started"
 
-# set SSO path
+# set SSO_PATH
 if [ -z "$SSO_PATH" ]; then
     export SSO_PATH="/sso/"
 fi
 export SSO_PATH=$(ensure_path "$SSO_PATH")
+# set LISTEN
+if [ -z "$LISTEN" ]; then
+    export LISTEN="80";
+fi
+# set PROXY_PASS
+if [ -z "$PROXY_PASS" ]; then
+    export PROXY_PASS="http://unix:/var/run/example-server.sock"
+    cp /etc/nginx/templates/example-server.conf /etc/nginx/conf.d/
+fi
+# set APP_REDIRECT_PATH
+export APP_REDIRECT_PATH=$(extract_path "$LOGIN_REDIRECT_URL")
+
+# stamp out default.conf template
+envsubst '${APP_REDIRECT_PATH},${LISTEN},${PROXY_PASS},${SSO_PATH}' \
+        < /etc/nginx/templates/default.conf \
+        > /etc/nginx/conf.d/default.conf
 
 # stamp out redirect-js.conf template
 if [ "$INJECT_REFRESH_JS" != "false" ]; then
@@ -54,16 +70,6 @@ if [ "$INJECT_REFRESH_JS" != "false" ]; then
             > /etc/nginx/includes/refresh-js.conf
 fi
 
-# stamp out default.conf template
-if [ -z "$PROXY_PASS" ]; then
-    export PROXY_PASS="http://unix:/var/run/example-server.sock"
-    cp /etc/nginx/templates/example-server.conf /etc/nginx/conf.d/
-fi
-export APP_REDIRECT_PATH=$(extract_path "$LOGIN_REDIRECT_URL")
-envsubst '${APP_REDIRECT_PATH},${PROXY_PASS},${SSO_PATH}' \
-        < /etc/nginx/templates/default.conf \
-        > /etc/nginx/conf.d/default.conf
-
 # start nginx
 nginx -g 'daemon off;' &
 nginx_pid=$!