nginx-kit/scripts/validate-docker.ps1

param(
	[string]$Image = "nginx:alpine"
)

$ErrorActionPreference = "Stop"

$repoRoot = Split-Path -Parent $PSScriptRoot

$serverSnippetConfig = @(
	"events {}"
	""
	"http {"
	"	include /etc/nginx/mime.types;"
	"	default_type application/octet-stream;"
	""
	"	include /etc/nginx/kit/http/gzip.conf;"
	"	include /etc/nginx/kit/http/websocket-map.conf;"
	""
	"	include /etc/nginx/kit/examples/example.com.conf;"
	"}"
) -join "\n"

$serverSnippetConfigShell = $serverSnippetConfig -replace "`n", "\\n"

$optionalSnippetConfig = @(
	"events {}"
	""
	"http {"
	"	include /etc/nginx/mime.types;"
	"	default_type application/octet-stream;"
	""
	"	server {"
	"		listen 8080;"
	"		include /etc/nginx/kit/security-legacy.conf;"
	""
	"		location /fastcgi {"
	"			include /etc/nginx/kit/fastcgi/hide-powered-by.conf;"
	"			include /etc/nginx/kit/fastcgi/timeout-300.conf;"
	"		}"
	""
	"		location /proxy {"
	"			include /etc/nginx/kit/proxy_pass/hide-powered-by.conf;"
	"		}"
	"	}"
	"}"
) -join "\n"

$optionalSnippetConfigShell = $optionalSnippetConfig -replace "`n", "\\n"

$advancedProxyConfig = @(
	"events {}"
	""
	"http {"
	"	include /etc/nginx/mime.types;"
	"	default_type application/octet-stream;"
	""
	"	include /etc/nginx/kit/http/log-format-upstream.conf;"
	""
	"	server {"
	"		include /etc/nginx/kit/listen/http.conf;"
	"		server_name streaming.example.com;"
	"		access_log /var/log/nginx/streaming.access.log upstream_timing;"
	""
	"		location /events/ {"
	"			include /etc/nginx/kit/proxy_pass/forwarded.conf;"
	"			include /etc/nginx/kit/proxy_pass/streaming.conf;"
	"			include /etc/nginx/kit/proxy_pass/timeout-300.conf;"
	"			proxy_pass http://127.0.0.1:9000;"
	"		}"
	""
	"		location /secure-upstream/ {"
	"			include /etc/nginx/kit/proxy_pass/forwarded.conf;"
	"			include /etc/nginx/kit/proxy_pass/https-upstream.conf;"
	"			proxy_pass https://example.com;"
	"		}"
	"	}"
	"}"
) -join "\n"

$advancedProxyConfigShell = $advancedProxyConfig -replace "`n", "\\n"

$modernHttp2Config = @(
	"events {}"
	""
	"http {"
	"	include /etc/nginx/mime.types;"
	"	default_type application/octet-stream;"
	""
	"	server {"
	"		include /etc/nginx/kit/listen/http.conf;"
	"		include /etc/nginx/kit/listen/https.conf;"
	"		include /etc/nginx/kit/listen/http2.conf;"
	"		include /etc/nginx/snippets/cert/mydomain.com.conf;"
	"		server_name modern.example.com;"
	"	}"
	"}"
) -join "\n"

$modernHttp2ConfigShell = $modernHttp2Config -replace "`n", "\\n"

$containerCommand = @(
	"set -eu"
	"apk add --no-cache openssl >/dev/null"
	"mkdir -p /etc/nginx/snippets/cert /etc/ssl/certimate /tmp/nginx-kit/snippets/cert /tmp/nginx-kit/examples/snippets/cert"
	"openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/ssl/certimate/example.com.key -out /etc/ssl/certimate/example.com.crt -subj '/CN=example.com' -days 1 >/dev/null 2>&1"
	"cp /etc/nginx/kit/templates/cert/example.com.conf /etc/nginx/snippets/cert/mydomain.com.conf"
	"cp /etc/nginx/kit/templates/cert/example.com.conf /tmp/nginx-kit/snippets/cert/mydomain.com.conf"
	"cp /etc/nginx/kit/templates/cert/example.com.conf /tmp/nginx-kit/examples/snippets/cert/mydomain.com.conf"
	"ln -s /etc/nginx/kit /tmp/nginx-kit/kit"
	"mkdir -p /tmp/nginx-kit/examples"
	"ln -s /etc/nginx/kit /tmp/nginx-kit/examples/kit"
	"cp /etc/nginx/kit/examples/reverse-proxy.nginx.conf /tmp/nginx-kit/examples/reverse-proxy.nginx.conf"
	"printf '%b' '$serverSnippetConfigShell' > /tmp/nginx-kit/server-snippet.nginx.conf"
	"printf '%b' '$optionalSnippetConfigShell' > /tmp/nginx-kit/optional-snippets.nginx.conf"
	"printf '%b' '$advancedProxyConfigShell' > /tmp/nginx-kit/advanced-proxy.nginx.conf"
	"printf '%b' '$modernHttp2ConfigShell' > /tmp/nginx-kit/modern-http2.nginx.conf"
	"echo 'Validating examples/example.com.conf'"
	"nginx -t -c /tmp/nginx-kit/server-snippet.nginx.conf"
	"echo 'Validating examples/reverse-proxy.nginx.conf'"
	"nginx -t -c /tmp/nginx-kit/examples/reverse-proxy.nginx.conf"
	"echo 'Validating optional security and hide-powered-by snippets'"
	"nginx -t -c /tmp/nginx-kit/optional-snippets.nginx.conf"
	"echo 'Validating optional upstream logging, streaming, and HTTPS-upstream snippets'"
	"nginx -t -c /tmp/nginx-kit/advanced-proxy.nginx.conf"
	"echo 'Validating modern http2 on snippets'"
	"nginx -t -c /tmp/nginx-kit/modern-http2.nginx.conf"
) -join "; "

docker run --rm `
	-v "${repoRoot}:/etc/nginx/kit:ro" `
	$Image sh -lc $containerCommand