Critique my docker entrypoint sed to reload nginx

Posted on by

I need the nginx docker container to reload every 6 hours (for the Letsencrypt certificate renewal).

So I came up with this (hackish method):

# Dockerfile

FROM nginx:1.19.4-alpine

# replace the first empty line
RUN sed -i '1,/^$/{s/^$/nwhile :; do sleep 6h & wait ${!}; done &n/}' /docker-entrypoint.sh

So the first lines of docker-entrypoint.sh are changed from:

#!/bin/sh
# vim:sw=4:ts=4:et

set -e

to:

#!/bin/sh
# vim:sw=4:ts=4:et

while :; do sleep 6h & wait ${!}; done &

set -e

Why am I doing it this way? I’d like to keep close the official image and make minimum modifications of my own. This way it should be less stuff to maintain (unlike my own entry script).

I’m looking for some feedback regarding:

  1. I know it’s a hack. But I guess there’s almost no chance of the entry file to have no empty lines at some future point. What do you say?
  2. I’ve it tested with a shorter sleep and some echos and it works. Still, do you see any problems with it?
  3. When the docker stop commands sends a signal to PID 1 (nginx here), the sleep 6h process will also be killed and there is no side effect, like zombie process or anything else?
  4. A bit off topic: doesn’t nginx -s reload log anything? I haven’t managed to see a "reloaded" message in the docker logs. Not even with the supposedly debug mode: docker run -d nginx:latest 'nginx-debug' '-g' 'daemon off;'. Tried both ways:
docker exec -it ceff1757061f nginx -s reload
2020/11/11 22:12:48 [notice] 36#36: signal process started


docker exec -it ceff1757061f sh
/ # nginx -s reload
2020/11/11 22:13:13 [notice] 57#57: signal process started

Still no "reloaded" message in the nginx container log.

Thanks

Source: Docker Questions