New directory structure

root/defaults/migrate.sh

@@ -0,0 +1,16 @@
+#!/usr/bin/with-contenv bash
+
+migrate(){
+    local OLD_LOCATION="${1}"
+    local NEW_LOCATION="${2}"
+
+    if [[ -f ${OLD_LOCATION} ]];then
+        echo "found ${OLD_LOCATION}"
+        if [[ ! -f ${NEW_LOCATION} ]];then
+            echo "moving to ${NEW_LOCATION}"
+            mv "${OLD_LOCATION}" "${NEW_LOCATION}"
+        else
+            echo "new file location already exists ${NEW_LOCATION}"
+        fi
+    fi
+}

root/defaults/nginx/nginx.conf.sample

@@ -36,7 +36,6 @@ http {
     # Name servers used to resolve names of upstream servers into addresses.
     # It's also needed when using tcpsocket and udpsocket in Lua modules.
     #resolver 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001;
-    include /config/nginx/resolver.conf;
 
     # Don't tell nginx version to the clients. Default is 'on'.
     server_tokens off;
@@ -87,8 +86,8 @@ http {
     include /config/nginx/site-confs/*.conf;
     #Removed lua. Do not remove this comment
 
-    # Uncomment to add the Geoip2 configs needed to geo block countries/cities.
-    #include /config/nginx/geoip2.conf;
+    # Include configs for http block.
+    include /config/nginx/http-confs/*.conf;
 }
 
 daemon off;

root/defaults/nginx/server-confs/ssl.conf.sample

@@ -1,4 +1,4 @@
-## Version 2021/10/24 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/master/root/defaults/ssl.conf
+## Version 2021/10/24 - Changelog: https://github.com/linuxserver/docker-baseimage-alpine-nginx/commits/master/root/defaults/nginx/server-confs/ssl.conf
 
 ### Mozilla Recommendations
 # generated 2021-10-16, Mozilla Guideline v5.6, nginx 1.20.1-r3, OpenSSL 1.1.1l-r0, intermediate configuration

root/defaults/nginx/site-confs/default.conf.sample

@@ -11,8 +11,7 @@ server {
     root $root;
     index index.html index.htm index.php;
 
-    # all ssl related config moved to ssl.conf
-    #include /config/nginx/ssl.conf;
+    include /config/nginx/server-confs/*.conf;
 
     set $htpasswd_file /config/nginx/.htpasswd;
     set $auth_basic "Restricted";

root/etc/cont-init.d/11-make-folders

@@ -0,0 +1,10 @@
+#!/usr/bin/with-contenv bash
+
+# make folders
+mkdir -p \
+    /config/{keys,php,www} \
+    /config/log/{nginx,php} \
+    /config/nginx/{http-confs,location-confs,server-confs,site-confs,subdomain-confs,subfolder-confs} \
+    /run \
+    /var/lib/nginx/tmp/client_body \
+    /var/tmp/nginx

root/etc/cont-init.d/12-migrate-confs

@@ -0,0 +1,8 @@
+#!/usr/bin/with-contenv bash
+
+# shellcheck source=/dev/null
+source /defaults/migrate.sh
+
+migrate "/config/nginx/site-confs/default" "/config/nginx/site-confs/default.conf"
+migrate "/config/nginx/resolver.conf" "/config/nginx/http-confs/resolver.conf"
+migrate "/config/nginx/ssl.conf" "/config/nginx/server-confs/ssl.conf"

root/etc/cont-init.d/13-copy-samples

@@ -0,0 +1,24 @@
+#!/usr/bin/with-contenv bash
+
+# copy samples
+cp \
+    /defaults/nginx/*.conf.sample \
+    /config/nginx/
+cp \
+    /defaults/nginx/http-confs/*.conf.sample \
+    /config/nginx/http-confs/
+cp \
+    /defaults/nginx/location-confs/*.conf.sample \
+    /config/nginx/location-confs/
+cp \
+    /defaults/nginx/server-confs/*.conf.sample \
+    /config/nginx/server-confs/
+cp \
+    /defaults/nginx/site-confs/*.conf.sample \
+    /config/nginx/site-confs/
+cp \
+    /defaults/nginx/subdomain-confs/*.conf.sample \
+    /config/nginx/subdomain-confs/
+cp \
+    /defaults/nginx/subfolder-confs/*.conf.sample \
+    /config/nginx/subfolder-confs/

root/etc/cont-init.d/14-enable-defaults

@@ -0,0 +1,9 @@
+#!/usr/bin/with-contenv bash
+
+# copy config files
+[[ ! -f /config/nginx/nginx.conf ]] && \
+    cp /defaults/nginx/nginx.conf.sample /config/nginx/nginx.conf
+[[ ! -f /config/nginx/site-confs/default.conf ]] && \
+    cp /defaults/nginx/site-confs/default.conf.sample /config/nginx/site-confs/default.conf
+[[ $(find /config/www -type f | wc -l) -eq 0 ]] && \
+    cp /defaults/www/index.html /config/www/index.html

root/etc/cont-init.d/17-dhparams

@@ -2,7 +2,7 @@
 
 # copy pre-generated dhparams or generate if needed
 [[ ! -f /config/nginx/dhparams.pem ]] && \
-    cp /defaults/dhparams.pem /config/nginx/dhparams.pem
+    cp /defaults/nginx/dhparams.pem /config/nginx/dhparams.pem
 if ! grep -q 'PARAMETERS' "/config/nginx/dhparams.pem"; then
     curl -o /config/nginx/dhparams.pem -L "https://ssl-config.mozilla.org/ffdhe4096.txt"
 fi

root/etc/cont-init.d/17-nginx-confs

@@ -1,7 +1,7 @@
 #!/usr/bin/with-contenv bash
 
 # Set resolver, ignore ipv6 addresses
-if ! grep -q 'resolver' /config/nginx/resolver.conf; then
+if ! grep -q 'resolver' /config/nginx/http-confs/resolver.conf; then
     RESOLVERRAW=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf)
     for i in ${RESOLVERRAW}; do
         if [ $(awk -F ':' '{print NF-1}' <<< ${i}) -le 2 ]; then
@@ -12,5 +12,12 @@ if ! grep -q 'resolver' /config/nginx/resolver.conf; then
         RESOLVER="127.0.0.11"
     fi
     echo "Setting resolver to ${RESOLVER}"
-    echo -e "# This file is auto-generated only on first start, based on the container's /etc/resolv.conf file. Feel free to modify it as you wish.\n\nresolver ${RESOLVER} valid=30s;" > /config/nginx/resolver.conf
+    echo -e "# This file is auto-generated only on first start, based on the container's /etc/resolv.conf file. Feel free to modify it as you wish.\n\nresolver ${RESOLVER} valid=30s;" > /config/nginx/http-confs/resolver.conf
+fi
+
+# Set worker_processes
+if ! grep -q 'worker_processes' /config/nginx/worker_processes.conf; then
+    WORKER_PROCESSES=$(nproc)
+    echo "Setting worker_processes to ${WORKER_PROCESSES}"
+    echo -e "# This file is auto-generated only on first start, based on the cpu cores detected. Feel free to change it to any other number or to auto to let nginx handle it automatically.\n\nworker_processes ${WORKER_PROCESSES};" > /config/nginx/worker_processes.conf
 fi

root/etc/cont-init.d/19-worker_processes

@@ -1,8 +0,0 @@
-#!/usr/bin/with-contenv bash
-
-# Set worker_processes
-if ! grep -q 'worker_processes' /config/nginx/worker_processes.conf; then
-    WORKER_PROCESSES=$(nproc)
-    echo "Setting worker_processes to ${WORKER_PROCESSES}"
-    echo -e "# This file is auto-generated only on first start, based on the cpu cores detected. Feel free to change it to any other number or to auto to let nginx handle it automatically.\n\nworker_processes ${WORKER_PROCESSES};" > /config/nginx/worker_processes.conf
-fi

root/etc/cont-init.d/20-config

@@ -1,36 +0,0 @@
-#!/usr/bin/with-contenv bash
-
-# make our folders
-mkdir -p \
-    /config/{nginx/site-confs,www,log/nginx,keys,log/php,php} \
-    /run \
-    /var/lib/nginx/tmp/client_body \
-    /var/tmp/nginx
-
-# move default to default.conf
-[[ -f /config/nginx/site-confs/default && ! -f /config/nginx/site-confs/default.conf ]] && \
-    mv /config/nginx/site-confs/default /config/nginx/site-confs/default.conf
-
-# copy config files
-[[ ! -f /config/nginx/nginx.conf ]] && \
-    cp /defaults/nginx.conf /config/nginx/nginx.conf
-[[ ! -f /config/nginx/ssl.conf ]] && \
-    cp /defaults/ssl.conf /config/nginx/ssl.conf
-[[ ! -f /config/nginx/site-confs/default.conf ]] && \
-    cp /defaults/default.conf /config/nginx/site-confs/default.conf
-[[ $(find /config/www -type f | wc -l) -eq 0 ]] && \
-    cp /defaults/index.html /config/www/index.html
-
-# backwards compatibility for alpine >=3.14
-if [ ! -e /etc/nginx/conf.d ]; then
-    ln -s /etc/nginx/http.d /etc/nginx/conf.d
-fi
-
-# permissions
-chown -R abc:abc \
-    /config \
-    /var/lib/nginx \
-    /var/tmp/nginx
-chmod -R g+w \
-    /config/{nginx,www}
-chmod -R 644 /etc/logrotate.d

root/etc/cont-init.d/20-permissions

@@ -0,0 +1,10 @@
+#!/usr/bin/with-contenv bash
+
+# permissions
+chown -R abc:abc \
+    /config \
+    /var/lib/nginx \
+    /var/tmp/nginx
+chmod -R g+w \
+    /config/{nginx,www}
+chmod -R 644 /etc/logrotate.d