Skip to content

Commit a40acb9

Browse files
oleksandr-ncoleksandr-nc
committed
move configs to "/run/harp" instead of "/"(root)
Signed-off-by: Oleksander Piskun <oleksandr2088@icloud.com>
1 parent 498d356 commit a40acb9

1 file changed

Lines changed: 40 additions & 29 deletions

File tree

start.sh

Lines changed: 40 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ set -e
77
# ----------------------------------------------------------------------------
88
# start.sh
99
# - Generates self-signed certificates for FRP Server and FRP Clients
10-
# - Generates /haproxy.cfg from haproxy.cfg.template
10+
# - Generates haproxy.cfg from haproxy.cfg.template (in /run/harp if available)
1111
# - Reads HP_SHARED_KEY or HP_SHARED_KEY_FILE
1212
# - Comments out HTTPS frontends if no /certs/cert.pem is found
1313
# - Starts FRP server (frps) on HP_FRP_ADDRESS
@@ -36,6 +36,17 @@ log() {
3636
fi
3737
}
3838

39+
# ----------------------------------------------------------------------------
40+
# Determine config directory - use /run/harp if available (for read-only rootfs)
41+
# If user mounted config files at root, use root paths for backward compatibility
42+
# ----------------------------------------------------------------------------
43+
CFG_DIR=""
44+
if [ -f "/haproxy.cfg" ] || [ -f "/frps.toml" ] || [ -f "/frpc-docker.toml" ]; then
45+
log "INFO: Found user-provided config file(s) at root, using root paths."
46+
elif [ -d "/run/harp" ] || mkdir -p /run/harp 2>/dev/null; then
47+
CFG_DIR="/run/harp"
48+
fi
49+
3950
# ----------------------------------------------------------------------------
4051
# Helper function to strip surrounding quotes from a string.
4152
# This is useful because users sometimes accidentally include quotes in
@@ -239,38 +250,38 @@ else
239250
fi
240251

241252
# ----------------------------------------------------------------------------
242-
# Generate final /haproxy.cfg if not already present
253+
# Generate final haproxy.cfg if not already present
243254
# ----------------------------------------------------------------------------
244-
if [ -f "/haproxy.cfg" ]; then
245-
log "INFO: /haproxy.cfg already present. Skipping config generation..."
255+
if [ -f "${CFG_DIR}/haproxy.cfg" ]; then
256+
log "INFO: ${CFG_DIR}/haproxy.cfg already present. Skipping config generation..."
246257
else
247-
log "INFO: Creating /haproxy.cfg from haproxy.cfg.template..."
258+
log "INFO: Creating ${CFG_DIR}/haproxy.cfg from haproxy.cfg.template..."
248259

249260
# Use envsubst to render the main configuration.
250-
envsubst < /haproxy.cfg.template > /haproxy.cfg
261+
envsubst < /haproxy.cfg.template > "${CFG_DIR}/haproxy.cfg"
251262

252263
# If we do not have a SSL cert for HAProxy, comment out the HTTPS frontends
253264
if [ -f "/certs/cert.pem" ]; then
254265
log "INFO: Found /certs/cert.pem, HTTPS frontends remain enabled."
255-
sed -i "/_HTTPS_FRONTEND_/ s|_HTTPS_FRONTEND_ ||g" /haproxy.cfg
266+
sed -i "/_HTTPS_FRONTEND_/ s|_HTTPS_FRONTEND_ ||g" "${CFG_DIR}/haproxy.cfg"
256267
chmod 644 /certs/cert.pem
257268
else
258269
log "INFO: No /certs/cert.pem found, disabling HTTPS frontends..."
259-
sed -i "/_HTTPS_FRONTEND_/ s|^|#|g" /haproxy.cfg
270+
sed -i "/_HTTPS_FRONTEND_/ s|^|#|g" "${CFG_DIR}/haproxy.cfg"
260271
fi
261272
fi
262273

263274
if [ "$HP_VERBOSE_START" -eq 1 ]; then
264-
log "INFO: Final /haproxy.cfg:"
265-
cat /haproxy.cfg
275+
log "INFO: Final ${CFG_DIR}/haproxy.cfg:"
276+
cat "${CFG_DIR}/haproxy.cfg"
266277
fi
267278

268279
# ----------------------------------------------------------------------------
269280
# Prepare FRP configuration
270281
# ----------------------------------------------------------------------------
271-
if [ ! -f "/frps.toml" ]; then
282+
if [ ! -f "${CFG_DIR}/frps.toml" ]; then
272283
if [ "${HP_FRP_DISABLE_TLS}" != "true" ]; then
273-
cat <<EOF >/frps.toml
284+
cat <<EOF >"${CFG_DIR}/frps.toml"
274285
bindAddr = "${FRP_HOST}"
275286
bindPort = ${FRP_PORT}
276287
proxyBindAddr = "127.0.0.1"
@@ -280,7 +291,7 @@ transport.tls.certFile = "/certs/frp/server.crt"
280291
transport.tls.keyFile = "/certs/frp/server.key"
281292
transport.tls.trustedCaFile = "/certs/frp/ca.crt"
282293
283-
log.to = "/frps.log"
294+
log.to = "${CFG_DIR}/frps.log"
284295
log.level = "info"
285296
log.maxDays = 3
286297
@@ -296,14 +307,14 @@ path = "/frp_handler"
296307
ops = ["Login"]
297308
EOF
298309
else
299-
cat <<EOF >/frps.toml
310+
cat <<EOF >"${CFG_DIR}/frps.toml"
300311
bindAddr = "${FRP_HOST}"
301312
bindPort = ${FRP_PORT}
302313
proxyBindAddr = "127.0.0.1"
303314
304315
transport.tls.force = false
305316
306-
log.to = "/frps.log"
317+
log.to = "${CFG_DIR}/frps.log"
307318
log.level = "info"
308319
log.maxDays = 3
309320
@@ -319,13 +330,13 @@ path = "/frp_handler"
319330
ops = ["Login"]
320331
EOF
321332
fi
322-
log "INFO: FRP server configuration generated at /frps.toml."
333+
log "INFO: FRP server configuration generated at ${CFG_DIR}/frps.toml."
323334
if [ "$HP_VERBOSE_START" -eq 1 ]; then
324-
log "INFO: Generated /frps.toml:"
325-
cat /frps.toml
335+
log "INFO: Generated ${CFG_DIR}/frps.toml:"
336+
cat "${CFG_DIR}/frps.toml"
326337
fi
327338
else
328-
log "INFO: /frps.toml already exists. Skipping FRP server configuration generation..."
339+
log "INFO: ${CFG_DIR}/frps.toml already exists. Skipping FRP server configuration generation..."
329340
fi
330341

331342
# ----------------------------------------------------------------------------
@@ -334,10 +345,10 @@ fi
334345
if [ -e "/var/run/docker.sock" ]; then
335346
LOCAL_FRP_HOST="$FRP_HOST"
336347
[ "$LOCAL_FRP_HOST" = "0.0.0.0" ] && LOCAL_FRP_HOST="127.0.0.1"
337-
if [ ! -f "/frpc-docker.toml" ]; then
338-
log "INFO: Detected /var/run/docker.sock, generating /frpc-docker.toml configuration file..."
348+
if [ ! -f "${CFG_DIR}/frpc-docker.toml" ]; then
349+
log "INFO: Detected /var/run/docker.sock, generating ${CFG_DIR}/frpc-docker.toml configuration file..."
339350
if [ "${HP_FRP_DISABLE_TLS}" != "true" ]; then
340-
cat <<EOF >/frpc-docker.toml
351+
cat <<EOF >"${CFG_DIR}/frpc-docker.toml"
341352
serverAddr = "${LOCAL_FRP_HOST}"
342353
serverPort = ${FRP_PORT}
343354
@@ -358,7 +369,7 @@ type = "unix_domain_socket"
358369
unixPath = "/var/run/docker.sock"
359370
EOF
360371
else
361-
cat <<EOF >/frpc-docker.toml
372+
cat <<EOF >"${CFG_DIR}/frpc-docker.toml"
362373
serverAddr = "${LOCAL_FRP_HOST}"
363374
serverPort = ${FRP_PORT}
364375
@@ -376,11 +387,11 @@ unixPath = "/var/run/docker.sock"
376387
EOF
377388
fi
378389
if [ "$HP_VERBOSE_START" -eq 1 ]; then
379-
log "INFO: Generated /frpc-docker.toml:"
380-
cat /frpc-docker.toml
390+
log "INFO: Generated ${CFG_DIR}/frpc-docker.toml:"
391+
cat "${CFG_DIR}/frpc-docker.toml"
381392
fi
382393
else
383-
log "INFO: /frpc-docker.toml already exists. Skipping generation..."
394+
log "INFO: ${CFG_DIR}/frpc-docker.toml already exists. Skipping generation..."
384395
fi
385396
fi
386397

@@ -395,7 +406,7 @@ log "INFO: Waiting for SPOA port ${HP_SPOA_ADDRESS}..."
395406
wait_for_tcp "$SPOA_HOST" "$SPOA_PORT" "$HP_WAIT_SPOA" "$HP_WAIT_INTERVAL"
396407

397408
log "INFO: Starting FRP server on ${HP_FRP_ADDRESS}..."
398-
frps -c /frps.toml &
409+
frps -c "${CFG_DIR}/frps.toml" &
399410

400411
# Wait for FRP port to be listening before starting frpc
401412
LOCAL_FRP_HOST="$FRP_HOST"
@@ -405,8 +416,8 @@ wait_for_tcp "$LOCAL_FRP_HOST" "$FRP_PORT" "$HP_WAIT_FRP" "$HP_WAIT_INTERVAL"
405416

406417
if [ -e "/var/run/docker.sock" ]; then
407418
log "INFO: Starting FRP client for Docker Engine..."
408-
frpc -c /frpc-docker.toml &
419+
frpc -c "${CFG_DIR}/frpc-docker.toml" &
409420
fi
410421

411422
log "INFO: Starting HAProxy..."
412-
exec haproxy -f /haproxy.cfg -W -db
423+
exec haproxy -f "${CFG_DIR}/haproxy.cfg" -W -db

0 commit comments

Comments
 (0)