From 546d01ccac716f67a82ade806383976944cc9b61 Mon Sep 17 00:00:00 2001
From: nscuro <nscuro@protonmail.com>
Date: Mon, 23 Oct 2023 20:43:56 +0200
Subject: [PATCH] Fix NGINX failing to start when IPv6 is not available

This is a regression introduced in https://github.com/DependencyTrack/frontend/pull/427.

The original NGINX image has a mechanism to enable IPv6 when it's available: https://github.com/nginxinc/docker-nginx-unprivileged/blob/1.25.2/entrypoint/10-listen-on-ipv6-by-default.sh

 However, that mechanism is disabled when the `default.conf` file was modified (which we did).

 This commit copies the entrypoint script from the base image, and modifies it, to make it work with our custom `default.conf`.

 Fixes https://github.com/DependencyTrack/frontend/pull/427#issuecomment-1774900518

Signed-off-by: nscuro <nscuro@protonmail.com>
---
 .dockerignore                                 |  2 +-
 docker/Dockerfile.alpine                      |  2 +-
 .../10-listen-on-ipv6-by-default.sh           | 75 +++++++++++++++++++
 .../30-oidc-configuration.sh}                 |  0
 docker/etc/nginx/conf.d/default.conf          |  1 -
 5 files changed, 77 insertions(+), 3 deletions(-)
 create mode 100644 docker/docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
 rename docker/{docker-entrypoint.sh => docker-entrypoint.d/30-oidc-configuration.sh} (100%)

diff --git a/.dockerignore b/.dockerignore
index 879d5df0f..8b986a57e 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -11,4 +11,4 @@ node_modules/
 release.sh
 snapshot.sh
 !docker/etc/nginx/conf.d/default.conf
-!docker/docker-entrypoint.sh
+!docker/docker-entrypoint.d/*.sh
diff --git a/docker/Dockerfile.alpine b/docker/Dockerfile.alpine
index 59f1e7bc6..aca738a70 100644
--- a/docker/Dockerfile.alpine
+++ b/docker/Dockerfile.alpine
@@ -31,7 +31,7 @@ USER 101
 
 # Setup entrypoint
 COPY --chown=101:0 ./docker/etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf
-COPY ./docker/docker-entrypoint.sh /docker-entrypoint.d/30-oidc-configuration.sh
+COPY --chmod=755 ./docker/docker-entrypoint.d/ /docker-entrypoint.d/
 
 # Specify the container working directory
 WORKDIR ${APP_DIR}
diff --git a/docker/docker-entrypoint.d/10-listen-on-ipv6-by-default.sh b/docker/docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
new file mode 100644
index 000000000..b91e911f2
--- /dev/null
+++ b/docker/docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
@@ -0,0 +1,75 @@
+#!/bin/sh
+# vim:sw=4:ts=4:et
+
+# Copied and modified from:
+# https://github.com/nginxinc/docker-nginx-unprivileged/blob/1.25.2/entrypoint/10-listen-on-ipv6-by-default.sh
+
+set -e
+
+entrypoint_log() {
+    if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then
+        echo "$@"
+    fi
+}
+
+ME=$(basename $0)
+DEFAULT_CONF_FILE="etc/nginx/conf.d/default.conf"
+
+# check if we have ipv6 available
+if [ ! -f "/proc/net/if_inet6" ]; then
+    entrypoint_log "$ME: info: ipv6 not available"
+    exit 0
+fi
+
+if [ ! -f "/$DEFAULT_CONF_FILE" ]; then
+    entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE is not a file or does not exist"
+    exit 0
+fi
+
+# check if the file can be modified, e.g. not on a r/o filesystem
+touch /$DEFAULT_CONF_FILE 2>/dev/null || { entrypoint_log "$ME: info: can not modify /$DEFAULT_CONF_FILE (read-only file system?)"; exit 0; }
+
+# check if the file is already modified, e.g. on a container restart
+grep -q "listen  \[::]\:8080;" /$DEFAULT_CONF_FILE && { entrypoint_log "$ME: info: IPv6 listen already enabled"; exit 0; }
+
+if [ -f "/etc/os-release" ]; then
+    . /etc/os-release
+else
+    entrypoint_log "$ME: info: can not guess the operating system"
+    exit 0
+fi
+
+# Modified from original by nscuro:
+#   Do not check whether the default configuration file has been changed vs
+#   what is packaged with the distribution's installation. We customized the
+#   file and want the changes the applied regardless.
+
+#entrypoint_log "$ME: info: Getting the checksum of /$DEFAULT_CONF_FILE"
+#
+#case "$ID" in
+#    "debian")
+#        CHECKSUM=$(dpkg-query --show --showformat='${Conffiles}\n' nginx | grep $DEFAULT_CONF_FILE | cut -d' ' -f 3)
+#        echo "$CHECKSUM  /$DEFAULT_CONF_FILE" | md5sum -c - >/dev/null 2>&1 || {
+#            entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version"
+#            exit 0
+#        }
+#        ;;
+#    "alpine")
+#        CHECKSUM=$(apk manifest nginx 2>/dev/null| grep $DEFAULT_CONF_FILE | cut -d' ' -f 1 | cut -d ':' -f 2)
+#        echo "$CHECKSUM  /$DEFAULT_CONF_FILE" | sha1sum -c - >/dev/null 2>&1 || {
+#            entrypoint_log "$ME: info: /$DEFAULT_CONF_FILE differs from the packaged version"
+#            exit 0
+#        }
+#        ;;
+#    *)
+#        entrypoint_log "$ME: info: Unsupported distribution"
+#        exit 0
+#        ;;
+#esac
+
+# enable ipv6 on default.conf listen sockets
+sed -i -E 's,listen      8080;,listen      8080;\n  listen  [::]:8080;,' /$DEFAULT_CONF_FILE
+
+entrypoint_log "$ME: info: Enabled listen on IPv6 in /$DEFAULT_CONF_FILE"
+
+exit 0
diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.d/30-oidc-configuration.sh
similarity index 100%
rename from docker/docker-entrypoint.sh
rename to docker/docker-entrypoint.d/30-oidc-configuration.sh
diff --git a/docker/etc/nginx/conf.d/default.conf b/docker/etc/nginx/conf.d/default.conf
index b050df895..4b2346bfd 100644
--- a/docker/etc/nginx/conf.d/default.conf
+++ b/docker/etc/nginx/conf.d/default.conf
@@ -1,6 +1,5 @@
 server {
   listen      8080;
-  listen      [::]:8080;
   server_name _;
 
   location / {