diff --git a/.github/build-env.sh b/.github/build-env.sh index 030221b..c39fcba 100755 --- a/.github/build-env.sh +++ b/.github/build-env.sh @@ -1,2 +1 @@ -#BUILD_ARG_NGINX_VERSION=$(wget -qO- https://versions.flownative.io/projects/base/channels/stable/versions/nginx.txt) -export BUILD_ARG_NGINX_VERSION=1.14.0-0ubuntu1.7 +export BUILD_ARG_NGINX_VERSION=1.14.2-2+deb10u1 diff --git a/.github/workflows/docker.build.yaml b/.github/workflows/docker.build.yaml index 998f7b2..a7ed576 100644 --- a/.github/workflows/docker.build.yaml +++ b/.github/workflows/docker.build.yaml @@ -19,7 +19,7 @@ jobs: tag_ref: ${{ github.ref }} git_repository_url: https://github.com/${{ github.repository }} git_sha: ${{ github.sha }} - image_name: flownative/docker-beach-nginx/beach-nginx + image_name: flownative/docker-nginx/nginx registry_password: ${{ secrets.GITHUB_BOT_TOKEN }} - name: Dispatch diff --git a/.github/workflows/docker.nightly.yaml b/.github/workflows/docker.nightly.yaml index 375f48f..f021fac 100644 --- a/.github/workflows/docker.nightly.yaml +++ b/.github/workflows/docker.nightly.yaml @@ -21,7 +21,7 @@ jobs: uses: flownative/action-docker-build@v1 with: tag_ref: ${{ steps.latest_version.outputs.tag }} - image_name: flownative/docker-beach-nginx/beach-nginx + image_name: flownative/docker-nginx/nginx git_repository_url: https://github.com/${{ github.repository }} git_sha: ${{ github.sha }} registry_password: ${{ secrets.GITHUB_BOT_TOKEN }} diff --git a/.github/workflows/docker.release.yaml b/.github/workflows/docker.release.yaml index 7aac27c..a0abd88 100644 --- a/.github/workflows/docker.release.yaml +++ b/.github/workflows/docker.release.yaml @@ -38,7 +38,7 @@ jobs: source_registry_password: ${{ secrets.GITHUB_BOT_TOKEN }} source_registry_endpoint: https://docker.pkg.github.com/v2/ - target_image_name: eu.gcr.io/flownative-beach/beach-nginx + target_image_name: eu.gcr.io/flownative-beach/nginx target_registry_username: '_json_key' target_registry_password: ${{ secrets.GOOGLE_REGISTRY_PASSWORD }} target_registry_endpoint: https://eu.gcr.io/v2/ @@ -54,7 +54,7 @@ jobs: source_registry_password: ${{ secrets.GITHUB_BOT_TOKEN }} source_registry_endpoint: https://docker.pkg.github.com/v2/ - target_image_name: eu.gcr.io/flownative-beach-a7c8b2/beach-nginx + target_image_name: eu.gcr.io/flownative-beach-a7c8b2/nginx target_registry_username: '_json_key' target_registry_password: ${{ secrets.GOOGLE_REGISTRY_PASSWORD_A7C8B2 }} target_registry_endpoint: https://eu.gcr.io/v2/ @@ -74,7 +74,7 @@ jobs: source_registry_password: ${{ secrets.GITHUB_BOT_TOKEN }} source_registry_endpoint: https://docker.pkg.github.com/v2/ - target_image_name: flownative/beach-nginx + target_image_name: flownative/nginx target_registry_username: ${{ secrets.DOCKER_IO_REGISTRY_USER }} target_registry_password: ${{ secrets.DOCKER_IO_REGISTRY_PASSWORD }} target_registry_endpoint: https://index.docker.io/v1/ diff --git a/Dockerfile b/Dockerfile index f8f6a01..a4f8566 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM docker.pkg.github.com/flownative/docker-base/base:1 +FROM docker.pkg.github.com/flownative/docker-base/base:buster MAINTAINER Robert Lemke LABEL org.label-schema.name="Beach Nginx" @@ -7,36 +7,35 @@ LABEL org.label-schema.vendor="Flownative GmbH" # ----------------------------------------------------------------------------- # Nginx -# Latest versions: https://packages.ubuntu.com/bionic/nginx +# Latest versions: https://packages.debian.org/buster/nginx ARG NGINX_VERSION ENV NGINX_VERSION ${NGINX_VERSION} -# Create the beach user and group -RUN groupadd -r -g 1000 beach && \ - useradd -s /bin/bash -r -g beach -G beach -p "*" -u 1000 beach && \ - rm -f /var/log/* /etc/group~ /etc/gshadow~ - -# Note: we need nginx-extras for the chunkin and more headers module and apache2-utils for the htpasswd command -RUN apt-get update \ - && apt-get install \ - nginx-common=${NGINX_VERSION} \ - nginx-extras=${NGINX_VERSION} \ - && rm -rf /var/lib/apt/lists/* \ - && rm -rf /var/log/apt \ - && rm -rf /var/log/dpkg.log \ - && rm -rf /var/www \ +ENV FLOWNATIVE_LIB_PATH=/opt/flownative/lib \ + NGINX_BASE_PATH=/opt/flownative/nginx \ + PATH="/opt/flownative/nginx/bin:$PATH" \ + LOG_DEBUG=false + +COPY --from=docker.pkg.github.com/flownative/bash-library/bash-library:1 /lib $FLOWNATIVE_LIB_PATH + +# Note: We need nginx-extras for the chunkin and more headers module and apache2-utils for the htpasswd command. +# The gettext package provides "envsubst" for templating. +RUN install_packages \ + ca-certificates \ + nginx-common=${NGINX_VERSION} \ + nginx-extras=${NGINX_VERSION} \ + gettext \ + curl \ + procps \ && rm /etc/nginx/sites-available/default \ && rm /etc/nginx/sites-enabled/default -# Forward request and error logs to docker log collector -RUN ln -sf /dev/stdout /var/log/nginx/access.log && \ - ln -sf /dev/stderr /var/log/nginx/error.log +COPY root-files / +RUN /build.sh -COPY service-nginx.sh /etc/service/nginx/run -RUN chmod 755 /etc/service/nginx/run \ - && chown root:root /etc/service/nginx/run -COPY nginx.conf /etc/nginx/nginx.conf -COPY mime.types /etc/nginx/ +EXPOSE 8080 -EXPOSE 80 +USER 1000 +ENTRYPOINT [ "/entrypoint.sh" ] +CMD [ "/run.sh" ] diff --git a/LICENSE b/LICENSE index 5cdf844..6c1dbe1 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ The MIT License (MIT) -Copyright (c) 2015-2019 Robert Lemke, Flownative GmbH +Copyright (c) 2015-2020 Robert Lemke, Flownative GmbH Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index 1e0cd9c..08e3f40 100644 --- a/README.md +++ b/README.md @@ -9,10 +9,10 @@ of the tools as build arguments: ```bash docker build \ - --build-arg NGINX_VERSION=1.14.0-0ubuntu1.6 \ - -t flownative/beach-nginx:latest . + --build-arg NGINX_VERSION=1.14.2-2+deb10u1 \ + -t flownative/nginx:latest . ``` Check the latest stable release on the tool's respective websites: -- Nginx: https://packages.ubuntu.com/bionic/nginx +- Nginx: https://packages.debian.org/buster/nginx diff --git a/root-files/build.sh b/root-files/build.sh new file mode 100755 index 0000000..0453eea --- /dev/null +++ b/root-files/build.sh @@ -0,0 +1,35 @@ +#!/bin/bash + +set -o errexit +set -o nounset +set -o pipefail + +mkdir -p \ + "${NGINX_BASE_PATH}/sbin" \ + "${NGINX_BASE_PATH}/etc" \ + "${NGINX_BASE_PATH}/tmp" \ + "${NGINX_BASE_PATH}/log" + +mv /etc/nginx/* "${NGINX_BASE_PATH}/etc/" +mv /usr/sbin/nginx "${NGINX_BASE_PATH}/sbin/" + +chown -R root:root "${NGINX_BASE_PATH}" +chmod -R g+rwX "${NGINX_BASE_PATH}" +chmod 664 "${NGINX_BASE_PATH}"/etc/*.conf + +# Forward request and error logs to docker log collector +ln -sf /dev/stdout "${NGINX_BASE_PATH}/log/access.log" +ln -sf /dev/stderr "${NGINX_BASE_PATH}/log/error.log" + +# Nginx will try to access /var/log/nginx once, before even reading its +# configuration file. This results in a "permission denied" error, if +# Nginx does not have access to the default directory. Therefore we +# create it, but don't use it: +mkdir -p /var/log/nginx +chown -R root:root /var/log/nginx +chmod -R g+rwX /var/log/nginx + +# For backwards-compatibility, create the /application/Web directory: +mkdir -p /application/Web +chown -R root:root /application/Web +chmod -R g+rwX /application/Web diff --git a/root-files/entrypoint.sh b/root-files/entrypoint.sh new file mode 100755 index 0000000..f3af9f3 --- /dev/null +++ b/root-files/entrypoint.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +set -o errexit +set -o nounset +set -o pipefail + +# Load lib +. "${FLOWNATIVE_LIB_PATH}/nginx.sh" +. "${FLOWNATIVE_LIB_PATH}/nginx-legacy.sh" + +eval "$(nginx_env)" +eval "$(nginx_legacy_env)" + +if [[ "$*" = *"/run.sh"* ]]; then + nginx_initialize + nginx_legacy_initialize +fi + +exec "$@" diff --git a/root-files/opt/flownative/lib/nginx-legacy.sh b/root-files/opt/flownative/lib/nginx-legacy.sh new file mode 100644 index 0000000..d2af567 --- /dev/null +++ b/root-files/opt/flownative/lib/nginx-legacy.sh @@ -0,0 +1,248 @@ +#!/bin/bash +# shellcheck disable=SC1090 + +# ======================================================================================= +# LIBRARY: NGINX LEGACY +# ======================================================================================= + +# This library provides full backwards-compatibility to the earlier nginx images +# based on BEACH_* environment variables. In the long run, the functionality found in +# here should be refactored into a cleaner, more universal approach. + +# Load helper lib + +. "${FLOWNATIVE_LIB_PATH}/log.sh" + +# --------------------------------------------------------------------------------------- +# nginx_legacy_env() - Load global environment variables for configuring Nginx +# +# @global NGINX_* The NGINX_ evnironment variables +# @return "export" statements which can be passed to eval() +# +nginx_legacy_env() { + cat <<"EOF" +export BEACH_APPLICATION_PATH=${BEACH_APPLICATION_PATH:-/application} +export BEACH_APPLICATION_PATH=${BEACH_APPLICATION_PATH%/} +export BEACH_FLOW_BASE_CONTEXT=${BEACH_FLOW_BASE_CONTEXT:-Production} +export BEACH_FLOW_SUB_CONTEXT=${BEACH_FLOW_SUB_CONTEXT:-} +if [ -z "${BEACH_FLOW_SUB_CONTEXT}" ]; then + export BEACH_FLOW_CONTEXT=${BEACH_FLOW_BASE_CONTEXT}/Beach/Instance +else + export BEACH_FLOW_CONTEXT=${BEACH_FLOW_BASE_CONTEXT}/Beach/${BEACH_FLOW_SUB_CONTEXT} +fi +export BEACH_FLOW_HTTP_TRUSTED_PROXIES=${BEACH_FLOW_HTTP_TRUSTED_PROXIES:-10.0.0.0/8} + +export BEACH_GOOGLE_CLOUD_STORAGE_TARGET_BUCKET=${BEACH_GOOGLE_CLOUD_STORAGE_TARGET_BUCKET:-} +if [ -z "${BEACH_GOOGLE_CLOUD_STORAGE_TARGET_BUCKET}" ]; then + export BEACH_GOOGLE_CLOUD_STORAGE_PUBLIC_BUCKET=${BEACH_GOOGLE_CLOUD_STORAGE_PUBLIC_BUCKET:-} +else + export BEACH_GOOGLE_CLOUD_STORAGE_PUBLIC_BUCKET=${BEACH_GOOGLE_CLOUD_STORAGE_TARGET_BUCKET} +fi +export BEACH_PERSISTENT_RESOURCES_FALLBACK_BASE_URI=${BEACH_PERSISTENT_RESOURCES_FALLBACK_BASE_URI:-} +export BEACH_PERSISTENT_RESOURCES_BASE_PATH=${BEACH_PERSISTENT_RESOURCES_BASE_PATH:-/_Resources/Persistent/} +export BEACH_PHP_FPM_HOST=${BEACH_PHP_FPM_HOST:-localhost} +export BEACH_PHP_FPM_PORT=${BEACH_PHP_FPM_PORT:-9000} +export BEACH_NGINX_MODE=${BEACH_NGINX_MODE:-Flow} +export BEACH_NGINX_STATUS_ENABLE=${BEACH_NGINX_STATUS_ENABLE:-true} +export BEACH_NGINX_STATUS_PORT=${BEACH_NGINX_STATUS_PORT:-8081} + +export BEACH_NGINX_CUSTOM_METRICS_ENABLE=${BEACH_NGINX_CUSTOM_METRICS_ENABLE:-false} +export BEACH_NGINX_CUSTOM_METRICS_SOURCE_PATH=${BEACH_NGINX_CUSTOM_METRICS_SOURCE_PATH:-/metrics} +export BEACH_NGINX_CUSTOM_METRICS_TARGET_PORT=${BEACH_NGINX_CUSTOM_METRICS_TARGET_PORT:-8082} + +export BEACH_NGINX_CUSTOM_ERROR_PAGE_TARGET=${BEACH_NGINX_CUSTOM_ERROR_PAGE_TARGET:-} +EOF +} + +# --------------------------------------------------------------------------------------- +# nginx_legacy_initialize() - Set up Nginx configuration an server block / site +# +# @global NGINX_* The NGINX_* environment variables +# @return void +# +nginx_legacy_initialize() { + info "Setting up Nginx site configuration ..." + + info "Nginx mode is ${BEACH_NGINX_MODE}" + + if [ "$BEACH_NGINX_MODE" == "Flow" ]; then + info "Enabling Flow site configuration ..." + cat > "${NGINX_CONF_PATH}/sites-enabled/site.conf" <<- EOM + +server { + listen *:8080 default_server; + + root ${BEACH_APPLICATION_PATH}/Web; + + client_max_body_size 500M; + + # allow .well-known/... in root + location ~ ^/\\.well-known/.+ { + allow all; + } + + # deny files starting with a dot (having "/." in the path) + location ~ /\\. { + deny all; + access_log off; + log_not_found off; + } + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + log_not_found off; + access_log off; + } + + add_header Via '\$hostname'; + + location ~ \\.php\$ { + include fastcgi_params; + + client_max_body_size 500M; + + fastcgi_pass ${BEACH_PHP_FPM_HOST}:${BEACH_PHP_FPM_PORT}; + fastcgi_index index.php; + +EOM + if [ -n "${BEACH_NGINX_CUSTOM_ERROR_PAGE_TARGET}" ]; then + info "Enabling custom error page pointing to ${BEACH_NGINX_CUSTOM_ERROR_PAGE_TARGET} ..." + cat >> "${NGINX_CONF_PATH}/sites-enabled/site.conf" <<- EOM + fastcgi_intercept_errors on; + error_page 500 501 502 503 ${BEACH_NGINX_CUSTOM_ERROR_PAGE_TARGET}; +EOM + fi + cat >> "${NGINX_CONF_PATH}/sites-enabled/site.conf" <<- EOM + fastcgi_param FLOW_CONTEXT ${BEACH_FLOW_CONTEXT}; + fastcgi_param FLOW_REWRITEURLS 1; + fastcgi_param FLOW_ROOTPATH ${BEACH_APPLICATION_PATH}; + fastcgi_param FLOW_HTTP_TRUSTED_PROXIES ${BEACH_FLOW_HTTP_TRUSTED_PROXIES}; + + fastcgi_split_path_info ^(.+\\.php)(.*)\$; + fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name; + fastcgi_param PATH_INFO \$fastcgi_path_info; + } +EOM + + if [ -n "${BEACH_GOOGLE_CLOUD_STORAGE_PUBLIC_BUCKET}" ]; then + cat >> "${NGINX_CONF_PATH}/sites-enabled/site.conf" <<- EOM + location ~* ^${BEACH_PERSISTENT_RESOURCES_BASE_PATH}([a-f0-9]+)/ { + resolver 8.8.8.8; + proxy_set_header Authorization ""; + proxy_pass http://storage.googleapis.com/${BEACH_GOOGLE_CLOUD_STORAGE_PUBLIC_BUCKET}/\$1\$is_args\$args; + } +EOM + elif [ -n "${BEACH_PERSISTENT_RESOURCES_FALLBACK_BASE_URI}" ]; then + cat >> "${NGINX_CONF_PATH}/sites-enabled/site.conf" <<- EOM + location ~* ^/_Resources/Persistent/(.*)$ { + access_log off; + expires max; + try_files \$uri @fallback; + } + + location @fallback { + set \$assetUri ${BEACH_PERSISTENT_RESOURCES_FALLBACK_BASE_URI}\$1; + add_header Via 'Beach Asset Fallback'; + resolver 8.8.8.8; + proxy_pass \$assetUri; + } +EOM + + fi + + cat >> "${NGINX_CONF_PATH}/sites-enabled/site.conf" <<- EOM + # everything is tried as file first, then passed on to index.php (i.e. Flow) + location / { + try_files \$uri /index.php?\$args; + } + + # for all static resources + location ~ ^/_Resources/Static/ { + access_log off; + expires max; + } +} +EOM + + else + info "Enabling default site configuration ..." + cat > "${NGINX_CONF_PATH}/sites-enabled/default.conf" <<- EOM +server { + listen *:8080 default_server; + + root /var/www/html; + + # deny files starting with a dot (having "/." in the path) + location ~ /\\. { + access_log off; + log_not_found off; + } +} +EOM + fi + + if [ "${BEACH_NGINX_STATUS_ENABLE}" == "true" ]; then + info "Enabling status endpoint /status on port ${BEACH_NGINX_STATUS_PORT} ..." + cat > "${NGINX_CONF_PATH}/sites-enabled/status.conf" <<- EOM +server { + + listen *:${BEACH_NGINX_STATUS_PORT}; + + location = /status { + stub_status; + allow all; + } + + location / { + deny all; + access_log off; + log_not_found off; + } +} +EOM + + if [ "${BEACH_NGINX_CUSTOM_METRICS_ENABLE}" == "true" ]; then + info "Enabling custom metrics endpoint on port ${BEACH_NGINX_CUSTOM_METRICS_TARGET_PORT} ..." + cat > "${NGINX_CONF_PATH}/sites-enabled/custom_metrics.conf" <<- EOM +server { + listen *:${BEACH_NGINX_CUSTOM_METRICS_TARGET_PORT}; + + root /application/Web; + + location ~ /\. { + deny all; + access_log off; + log_not_found off; + } + + location ${BEACH_NGINX_CUSTOM_METRICS_SOURCE_PATH} { + try_files \$uri /index.php?\$args; + } + + location ~ \\.php\$ { + include fastcgi_params; + + fastcgi_pass ${BEACH_PHP_FPM_HOST}:${BEACH_PHP_FPM_PORT}; + fastcgi_index index.php; + + fastcgi_param FLOW_CONTEXT ${BEACH_FLOW_CONTEXT}; + fastcgi_param FLOW_REWRITEURLS 1; + fastcgi_param FLOW_ROOTPATH ${BEACH_APPLICATION_PATH}; + fastcgi_param FLOW_HTTP_TRUSTED_PROXIES ${BEACH_FLOW_HTTP_TRUSTED_PROXIES}; + + fastcgi_param FLOWNATIVE_PROMETHEUS_ENABLE true; + + fastcgi_split_path_info ^(.+\\.php)(.*)\$; + fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name; + fastcgi_param PATH_INFO \$fastcgi_path_info; + } +} +EOM + + fi + fi +} diff --git a/root-files/opt/flownative/lib/nginx.sh b/root-files/opt/flownative/lib/nginx.sh new file mode 100755 index 0000000..59a6d39 --- /dev/null +++ b/root-files/opt/flownative/lib/nginx.sh @@ -0,0 +1,52 @@ +#!/bin/bash +# shellcheck disable=SC1090 + +# ======================================================================================= +# LIBRARY: NGINX +# ======================================================================================= + +# Load helper lib + +. "${FLOWNATIVE_LIB_PATH}/log.sh" +. "${FLOWNATIVE_LIB_PATH}/validation.sh" + +# --------------------------------------------------------------------------------------- +# nginx_env() - Load global environment variables for configuring Nginx +# +# @global NGINX_* The NGINX_ evnironment variables +# @return "export" statements which can be passed to eval() +# +nginx_env() { + cat <<"EOF" +export NGINX_BASE_PATH="${NGINX_BASE_PATH}" +export NGINX_CONF_PATH="${NGINX_CONF_PATH:-${NGINX_BASE_PATH}/etc}" +export NGINX_TMP_PATH="${NGINX_TMP_PATH:-${NGINX_BASE_PATH}/tmp}" +export NGINX_LOG_PATH="${NGINX_LOG_PATH:-${NGINX_BASE_PATH}/log}" +EOF +} + +# --------------------------------------------------------------------------------------- +# nginx_conf_validate() - Validates configuration options passed as NGINX_* env vars +# +# @global NGINX_* The NGINX_* environment variables +# @return void +# +#nginx_conf_validate() { +# echo "" +#} + +# --------------------------------------------------------------------------------------- +# nginx_initialize() - Initialize Nginx configuration and check required files and dirs +# +# @global NGINX_* The NGINX_* environment variables +# @return void +# +nginx_initialize() { + info "Initializing Nginx ..." + +# nginx_conf_validate + + rm -f "${NGINX_TMP_PATH}/nginx.pid" + envsubst < "${NGINX_CONF_PATH}/nginx.conf.template" > "${NGINX_CONF_PATH}/nginx.conf" + mv "${NGINX_CONF_PATH}/mime.types.template" "${NGINX_CONF_PATH}/mime.types" +} diff --git a/mime.types b/root-files/opt/flownative/nginx/etc/mime.types.template similarity index 100% rename from mime.types rename to root-files/opt/flownative/nginx/etc/mime.types.template diff --git a/nginx.conf b/root-files/opt/flownative/nginx/etc/nginx.conf.template similarity index 71% rename from nginx.conf rename to root-files/opt/flownative/nginx/etc/nginx.conf.template index 8f77a24..23433e3 100644 --- a/nginx.conf +++ b/root-files/opt/flownative/nginx/etc/nginx.conf.template @@ -1,9 +1,8 @@ -user beach; +daemon off; worker_processes auto; -error_log stderr notice; - -pid /var/run/nginx.pid; +pid ${NGINX_TMP_PATH}/nginx.pid; +error_log ${NGINX_LOG_PATH}/error.log notice; events { multi_accept on; @@ -12,7 +11,13 @@ events { } http { - include /etc/nginx/mime.types; + client_body_temp_path "${NGINX_TMP_PATH}/client_body" 1 2; + proxy_temp_path "${NGINX_TMP_PATH}/proxy" 1 2; + fastcgi_temp_path "${NGINX_TMP_PATH}/fastcgi" 1 2; + scgi_temp_path "${NGINX_TMP_PATH}/scgi" 1 2; + uwsgi_temp_path "${NGINX_TMP_PATH}/uwsgi" 1 2; + + include ${NGINX_CONF_PATH}/mime.types; default_type application/octet-stream; sendfile on; @@ -52,7 +57,6 @@ http { server_tokens off; - include /etc/nginx/conf.d/*.conf; - include /etc/nginx/sites-enabled/*.conf; - include /etc/nginx/sites-enabled/*/*.conf; + include ${NGINX_CONF_PATH}/sites-enabled/*.conf; + include ${NGINX_CONF_PATH}/sites-enabled/*/*.conf; } diff --git a/root-files/run.sh b/root-files/run.sh new file mode 100755 index 0000000..bf758a5 --- /dev/null +++ b/root-files/run.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +set -o errexit +set -o nounset +set -o pipefail + +# Load library +. "${FLOWNATIVE_LIB_PATH}/nginx.sh" + +# Load Nginx environment variables +eval "$(nginx_env)" + +exec "${NGINX_BASE_PATH}/sbin/nginx" -c "${NGINX_CONF_PATH}/nginx.conf"