diff options
| author | Your Name <you@example.com> | 2026-02-18 15:12:32 +0800 |
|---|---|---|
| committer | Your Name <you@example.com> | 2026-02-18 15:12:32 +0800 |
| commit | c3a377a265d2ca92b8823be281fa0e487d30692b (patch) | |
| tree | 1d5b4213c65635ffdd82921b633eaaf5bebd2e60 /entrypoint.sh | |
| parent | b0572c958427ae6ad75109752e9741aab31ad65a (diff) | |
switch to rocky linux 10, add --init for zombie reaping, fix NAT setup
- base image alpine -> rockylinux:10 (cgit/fcgiwrap from EPEL)
- drop spawn-fcgi, use fcgiwrap -s directly
- add --init to reap zombie sshd-auth processes (PID exhaustion fix)
- replace ip addr/route networking with nft DNAT/SNAT/FORWARD rules
- add FORWARD accept rule that was missing for inbound DNAT traffic
Diffstat (limited to 'entrypoint.sh')
| -rw-r--r-- | entrypoint.sh | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/entrypoint.sh b/entrypoint.sh index 3e2dcc0..ba24e29 100644 --- a/entrypoint.sh +++ b/entrypoint.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | #!/bin/sh | 1 | #!/bin/bash |
| 2 | set -e | 2 | set -e |
| 3 | 3 | ||
| 4 | # Check cert matches domain, else clear and renew | 4 | # Check cert matches domain, else clear and renew |
| @@ -21,7 +21,8 @@ chmod 700 /git/.ssh | |||
| 21 | chmod 600 /git/.ssh/authorized_keys | 21 | chmod 600 /git/.ssh/authorized_keys |
| 22 | /usr/sbin/sshd | 22 | /usr/sbin/sshd |
| 23 | 23 | ||
| 24 | spawn-fcgi -s ${FCGI_SOCK} /usr/bin/fcgiwrap | 24 | fcgiwrap -s unix:${FCGI_SOCK} & |
| 25 | sleep 0.5 | ||
| 25 | chmod 666 ${FCGI_SOCK} | 26 | chmod 666 ${FCGI_SOCK} |
| 26 | 27 | ||
| 27 | exec caddy run --config /etc/caddy/Caddyfile --adapter caddyfile | 28 | exec caddy run --config /etc/caddy/Caddyfile --adapter caddyfile |