entrypoint: Monitor config dir for changes

We see a lot of crudges and hacks to notify nginx or the nginx container
informing it it needs to restart. While there certainly cases that
require manual control, for the most, this could be easily automated.

With inotify, we can recursively monitor /etc/nginx (or any directory
per config) for changes (currently, not monitoring for for access time
changes, e.g. reads or `touch` events). On an event, we sleep first for
(configurable) seconds, the default is 10, so that multiple updates
don't cause multiple restarts. E.g. copying 10 certificates into
/etc/nginx/certs, won't trigger 10 reloads.

The monitor will run indefinably, and can't be easily killed. This isn't
a problem however, as this is specifically a docker entry point and it
is fair to assume this will only ever be run under docker.

The current configuration won't change existing behavior, it needs to be
explicitly enabled.

Signed-off-by: Olliver Schinagl <[email protected]>

Author: oliv3r

Dockerfile-alpine.template

@@ -76,3 +76,5 @@ RUN set -x \
     && if [ -n "/etc/apk/keys/nginx_signing.rsa.pub" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \
 # Bring in curl and ca-certificates to make registering on DNS SD easier
     && apk add --no-cache curl ca-certificates
+# Add support for manually monitoring files to trigger server reloads
+    && apk add --no-cache inotify-tools

entrypoint/99-monitor-config-changes.sh

@@ -0,0 +1,39 @@
+#!/bin/sh
+# vim:sw=2:ts=2:sts=2:et
+
+set -eu
+if [ -n "${DEBUG_TRACE_SH:-}" ] && \
+   [ "${DEBUG_TRACE_SH:-}" != "${DEBUG_TRACE_SH#*"$(basename "${0}")"*}" ] || \
+   [ "${DEBUG_TRACE_SH:-}" = 'all' ]; then
+  set -x
+fi
+
+LC_ALL=C
+
+if [ -e "${NGINX_ENTRYPOINT_MONITOR_PID:='/run/nginx_monitor.pid'}" ] ||
+   [ -z "${NGINX_ENTRYPOINT_MONITOR_CONFIG=/etc/nginx}" ] || \
+   ! command -v inotifywait; then
+  exit 0
+fi
+
+echo "Monitoring for changes in '${NGINX_ENTRYPOINT_MONITOR_CONFIG}'"
+while true; do
+  inotifywait \
+    --recursive \
+    --event 'create' \
+    --event 'delete' \
+    --event 'modify' \
+    --event 'move' \
+    "${NGINX_ENTRYPOINT_MONITOR_CONFIG}"
+
+  sleep "${NGINX_ENTRYPOINT_MONITOR_DELAY:-10s}"
+
+  if nginx -t; then
+    nginx -s
+  else
+    logger -s -t 'nginx' -p 'local0.3''Refusing to reload config, config error'
+  fi
+done &
+echo "${!}" > "${NGINX_ENTRYPOINT_MONITOR_PID}"
+
+exit 0