I have a proxy container, which has an entrypoint script to create a self-signed certificate on startup if none is found - if not, the pod crashes on startup in kubernetes, so I cannot copy the real certificate in
So my question is two-fold;
1- There has GOT to be a better way to do that
2- If not, what on earth does ': No such file or directoryute 'sh mean - that is the only thing in the container logs.
Here is the Dockerfile:
FROM nginx:1-alpine
RUN chown -R nginx:nginx /var/cache/nginx
RUN chown -R nginx:nginx /var/log/nginx
RUN chown -R nginx:nginx /etc/nginx/conf.d
RUN touch /var/run/nginx.pid
RUN chown -R nginx:nginx /var/run/nginx.pid
COPY ./entrypoint.sh /custom-entrypoint.sh
RUN chmod +x /custom-entrypoint.sh
USER nginx
COPY service.conf /etc/nginx/conf.d/service.conf
COPY nginx.conf /etc/nginx/nginx.conf
COPY .keep *.include /etc/nginx/includes/
COPY 50x.html /usr/share/nginx/html/50x.html
COPY ./ssl/* /etc/nginx/cert/
ENTRYPOINT ["/custom-entrypoint.sh"]
CMD ["/docker-entrypoint.sh"]
CMD ["nginx", "-g", "daemon off;"]And the entrypoint script:
#!/usr/bin/env sh
set -e
if [ -f "/etc/nginx/cert/listener.key" ]; then
# Create a certificate if none exists - to prevent a crash
openssl req -x509 -nodes -days 365 \
-subj "/C=CA/ST=QC/O=Company, Inc./CN=example.com" \
-addext "subjectAltName=DNS:example.com" \
-newkey rsa:2048 \
-keyout /etc/nginx/cert/listener.key \
-out /etc/nginx/cert/listener.crt;
fi
exec "$@"Had this issue just now. Found that my entry point run.sh had CRLF (Windows) instead of just LF (Linux) line ends. Re-saved as LF, rebuild image, and it run as expected.