Add auto-reload

Dockerfile

@@ -29,6 +29,7 @@ RUN \
   apk add --no-cache \
     fail2ban \
     gnupg \
+    inotify-tools \
     iptables-legacy \
     memcached \
     nginx-mod-http-brotli \

Dockerfile.aarch64

@@ -29,6 +29,7 @@ RUN \
   apk add --no-cache \
     fail2ban \
     gnupg \
+    inotify-tools \
     iptables-legacy \
     memcached \
     nginx-mod-http-brotli \

README.md

@@ -190,6 +190,7 @@ services:
       - EXTRA_DOMAINS= #optional
       - STAGING=false #optional
       - DISABLE_F2B= #optional
+      - SWAG_AUTORELOAD= #optional
     volumes:
       - /path/to/swag/config:/config
     ports:
@@ -218,6 +219,7 @@ docker run -d \
   -e EXTRA_DOMAINS= `#optional` \
   -e STAGING=false `#optional` \
   -e DISABLE_F2B= `#optional` \
+  -e SWAG_AUTORELOAD= `#optional` \
   -p 443:443 \
   -p 80:80 `#optional` \
   -v /path/to/swag/config:/config \
@@ -247,6 +249,7 @@ Containers are configured using parameters passed at runtime (such as those abov
 | `-e EXTRA_DOMAINS=` | Additional fully qualified domain names (comma separated, no spaces) ie. `example.net,subdomain.example.net,*.example.org` |
 | `-e STAGING=false` | Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes. |
 | `-e DISABLE_F2B=` | Set to `true` to disable the Fail2ban service in the container, if you're already running it elsewhere or using a different IPS. |
+| `-e SWAG_AUTORELOAD=` | Set to `true` to enable automatic reloading of nginx configs on change. Your filesystem must support inotify. This functionality was previous offered [via mod](https://github.com/linuxserver/docker-mods/tree/swag-auto-reload). |
 | `-v /config` | Persistent config files |
 | `--read-only=true` | Run container with a read-only filesystem. Please [read the docs](https://docs.linuxserver.io/misc/read-only/). |
 | `--cap-add=NET_ADMIN` | Required for fail2Ban to be able to modify iptables rules. |
@@ -417,6 +420,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
 
 ## Versions
 
+* **19.01.25:** - Add [Auto Reload](https://github.com/linuxserver/docker-mods/tree/swag-auto-reload) functionality to SWAG.
 * **17.12.24:** - Rebase to Alpine 3.21.
 * **21.10.24:** - Fix naming issue with Dynu plugin. If you are using Dynu, please make sure your credentials are set in /config/dns-conf/dynu.ini and your DNSPLUGIN variable is set to dynu (not dynudns).
 * **30.08.24:** - Fix zerossl cert revocation.

readme-vars.yml

@@ -38,6 +38,7 @@ opt_param_env_vars:
   - {env_var: "EXTRA_DOMAINS", env_value: "", desc: "Additional fully qualified domain names (comma separated, no spaces) ie. `example.net,subdomain.example.net,*.example.org`"}
   - {env_var: "STAGING", env_value: "false", desc: "Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes."}
   - {env_var: "DISABLE_F2B", env_value: "", desc: "Set to `true` to disable the Fail2ban service in the container, if you're already running it elsewhere or using a different IPS."}
+  - {env_var: "SWAG_AUTORELOAD", env_value: "", desc: "Set to `true` to enable automatic reloading of nginx configs on change. Your filesystem must support inotify. This functionality was previous offered [via mod](https://github.com/linuxserver/docker-mods/tree/swag-auto-reload)."}
 opt_param_usage_include_ports: true
 opt_param_ports:
   - {external_port: "80", internal_port: "80", port_desc: "HTTP port (required for HTTP validation and HTTP -> HTTPS redirect)"}
@@ -200,6 +201,7 @@ init_diagram: |
   "swag:latest" <- Base Images
 # changelog
 changelogs:
+  - {date: "19.01.25:", desc: "Add [Auto Reload](https://github.com/linuxserver/docker-mods/tree/swag-auto-reload) functionality to SWAG."}
   - {date: "17.12.24:", desc: "Rebase to Alpine 3.21."}
   - {date: "21.10.24:", desc: "Fix naming issue with Dynu plugin. If you are using Dynu, please make sure your credentials are set in /config/dns-conf/dynu.ini and your DNSPLUGIN variable is set to dynu (not dynudns)."}
   - {date: "30.08.24:", desc: "Fix zerossl cert revocation."}

root/etc/s6-overlay/s6-rc.d/svc-swag-auto-reload/run

@@ -0,0 +1,41 @@
+#!/usr/bin/with-contenv bash
+# shellcheck shell=bash
+
+if [[ ${SWAG_AUTORELOAD,,} == "true" ]]; then
+    if [[ -f "/etc/s6-overlay/s6-rc.d/svc-mod-swag-auto-reload/run" ]]; then
+        echo "ERROR: Legacy SWAG Auto Reload Mod detected, to use the built-in Auto Reload functionality please remove it from your container config."
+        sleep infinity
+    else
+        echo "Auto-reload: Watching the following files/folders for changes (excluding .sample, .swp, and .md files):"
+        echo "/config/nginx"
+        ACTIVE_WATCH=("/config/nginx")
+        for i in $(echo "${WATCHLIST}" | tr "|" " "); do
+            if [ -f "${i}" ] || [ -d "${i}" ]; then
+                echo "${i}"
+                ACTIVE_WATCH+=("${i}")
+            fi
+            done
+
+            function wait_for_changes {
+            inotifywait -rq \
+                --event modify,move,create,delete \
+                --excludei '\.(sample|md|swp)' \
+                "${ACTIVE_WATCH[@]}"
+            }
+
+            while wait_for_changes; do
+            NGINX_CONF=()
+            if ! grep -q "/config/nginx/nginx.conf" /etc/nginx/nginx.conf; then
+                NGINX_CONF=("-c" "/config/nginx/nginx.conf")
+            fi
+            if /usr/sbin/nginx "${NGINX_CONF[@]}" -t; then
+                echo "Changes to nginx config detected and the changes are valid, reloading nginx"
+                /usr/sbin/nginx "${NGINX_CONF[@]}" -s reload
+            else
+                echo "Changes to nginx config detected but the changes are not valid, skipping nginx reload. Please fix your config."
+            fi
+        done
+    fi
+else
+    sleep infinity
+fi

root/etc/s6-overlay/s6-rc.d/svc-swag-auto-reload/type

@@ -0,0 +1 @@
+longrun