From a241ea4758faf1a308712e4fa9942b8028cbb911 Mon Sep 17 00:00:00 2001
From: Ilya Semenov <semenov@inetss.com>
Date: Thu, 21 Jul 2016 00:53:48 +0600
Subject: [PATCH 1/4] Support Dokku 0.5 proxy maps

---
 README.md                   |  8 +---
 nginx-pre-reload            | 73 +++++++++++++++++++------------------
 templates/nginx.conf.sigil  | 26 +++++++++++++
 templates/redirect.conf     |  6 ---
 templates/redirect.tls.conf | 11 ------
 5 files changed, 65 insertions(+), 59 deletions(-)
 create mode 100644 templates/nginx.conf.sigil
 delete mode 100644 templates/redirect.conf
 delete mode 100644 templates/redirect.tls.conf

diff --git a/README.md b/README.md
index c35d812..e60f742 100644
--- a/README.md
+++ b/README.md
@@ -2,16 +2,12 @@
 
 dokku-redirect is a plugin for [dokku][dokku] that gives the ability to set simple redirects for an application.
 
-This plugin only redirects one domain to another and does not handle complete URLs. If both domains are managed by dokku and are TLS enabled, then nginx configuration for https redirects will be handled automatically.
+This plugin only redirects one domain to another and does not handle complete URLs. If source domain is managed by dokku and is TLS enabled, then nginx configuration for https redirects will be handled automatically.
 
 ## Installation
 
 ```sh
-# dokku 0.3.26
-$ sudo git clone https://github.com/dokku/dokku-redirect.git /var/lib/dokku/plugins/redirect
-$ dokku plugins-install
-
-# dokku 0.4+
+# dokku 0.5+
 $ dokku plugin:install https://github.com/dokku/dokku-redirect.git
 ```
 
diff --git a/nginx-pre-reload b/nginx-pre-reload
index 103ba31..6ade66c 100755
--- a/nginx-pre-reload
+++ b/nginx-pre-reload
@@ -1,43 +1,44 @@
 #!/usr/bin/env bash
 set -eo pipefail; [[ $DOKKU_TRACE ]] && set -x
 
-PLUGIN_BASE_PATH="$PLUGIN_PATH"
-if [[ -n $DOKKU_API_VERSION ]]; then
-  PLUGIN_BASE_PATH="$PLUGIN_ENABLED_PATH"
-fi
-source "$PLUGIN_BASE_PATH/common/functions"
-source "$PLUGIN_BASE_PATH/certs/functions"
-source "$PLUGIN_BASE_PATH/config/functions"
+source "$PLUGIN_AVAILABLE_PATH/common/functions"
+source "$PLUGIN_AVAILABLE_PATH/certs/functions"
+source "$PLUGIN_AVAILABLE_PATH/config/functions"
+source "$PLUGIN_AVAILABLE_PATH/proxy/functions"
+source "$PLUGIN_AVAILABLE_PATH/nginx-vhosts/functions"
 
-APP="$1"; APP_ROOT="$DOKKU_ROOT/$APP"
-REDIRECT_FILE="$APP_ROOT/REDIRECTS"
-[[ ! -s $REDIRECT_FILE ]] && exit 0
+redirect_nginx_pre_load_trigger() {
+  declare desc="add nginx redirect servers"
+  local trigger="redirect_nginx_pre_load_trigger"
 
-NGINX_CONF="$APP_ROOT/nginx.conf"
-TEMPLATE="$(dirname "$0")/templates/redirect.conf"
-TEMPLATE_TLS="$(dirname "$0")/templates/redirect.tls.conf"
-# shellcheck disable=SC2034
-NGINX_PORT=$(config_get "$APP" DOKKU_NGINX_PORT || true)
-# shellcheck disable=SC2034
-NGINX_SSL_PORT=$(config_get "$APP" DOKKU_NGINX_SSL_PORT || true)
-while read line; do
-  [[ -z "$line" ]] && continue
-  DOMAIN=$(echo "$line" | cut -d: -f1)
-  DEST=${line//[^:]*:/}
-  dokku_log_info1 "Configuring redirect for $DOMAIN to $DEST..."
-  eval "cat <<< \"$(< "$TEMPLATE")\" >> $NGINX_CONF"
+  local APP="$1"
+  local APP_ROOT="$DOKKU_ROOT/$APP"
+  local REDIRECT_FILE="$APP_ROOT/REDIRECTS"
+  [[ ! -s $REDIRECT_FILE ]] && exit 0
+
+  [[ "$(get_app_proxy_type "$APP")" == "nginx" ]] || exit 0
+
+  local NGINX_CONF="$APP_ROOT/nginx.conf"
+  local NGINX_TEMPLATE="$(dirname "$0")/templates/nginx.conf.sigil"
+  local PROXY_PORT_MAP=$(config_get "$APP" DOKKU_PROXY_PORT_MAP || true)
+  local NGINX_VERSION="$(nginx -v 2>&1 | cut -d'/' -f 2)"
+  local SPDY_SUPPORTED="$(is_spdy_enabled "$NGINX_VERSION")"
   if is_ssl_enabled "$APP"; then
-    SSL_HOSTNAME=$(get_ssl_hostnames "$APP")
-    [[ -n "$SSL_HOSTNAME" ]] && SSL_HOSTNAME_REGEX=$(echo "$SSL_HOSTNAME" | xargs | sed 's|\.|\\.|g' | sed 's/\*/\[^\.\]\*/g' | sed 's/ /|/g')
-    if echo "$DOMAIN" | egrep -q "^$SSL_HOSTNAME_REGEX$" && echo "$DEST" | egrep -q "^$SSL_HOSTNAME_REGEX$"; then
-      APP_SSL_PATH="$APP_ROOT/tls"
-      # shellcheck disable=SC2034
-      SSL_DIRECTIVES=$(cat <<EOF
-ssl_certificate     $APP_SSL_PATH/server.crt;
-ssl_certificate_key $APP_SSL_PATH/server.key;
-EOF
-)
-      eval "cat <<< \"$(< "$TEMPLATE_TLS")\" >> $NGINX_CONF"
-    fi
+    local APP_SSL_PATH="$DOKKU_ROOT/$APP/tls"
   fi
-done <<< "$(< "$REDIRECT_FILE")"
+
+  while read line; do
+    [[ -z "$line" ]] && continue
+    local DOMAIN=$(echo "$line" | cut -d: -f1)
+    local DEST_DOMAIN=${line//[^:]*:/}
+    dokku_log_info1 "Configuring redirect for $DOMAIN to $DEST..."
+    local SIGIL_PARAMS=(-f $NGINX_TEMPLATE APP="$APP" DOKKU_ROOT="$DOKKU_ROOT"
+          SPDY_SUPPORTED="$SPDY_SUPPORTED"
+          APP_SSL_PATH="$APP_SSL_PATH"
+          DOMAIN="$DOMAIN" DEST_DOMAIN="$DEST_DOMAIN"
+          PROXY_PORT_MAP="$PROXY_PORT_MAP")
+    sigil "${SIGIL_PARAMS[@]}" | cat -s >> "$NGINX_CONF"
+  done <<< "$(< "$REDIRECT_FILE")"
+}
+
+redirect_nginx_pre_load_trigger "$@"
diff --git a/templates/nginx.conf.sigil b/templates/nginx.conf.sigil
new file mode 100644
index 0000000..a10cd84
--- /dev/null
+++ b/templates/nginx.conf.sigil
@@ -0,0 +1,26 @@
+{{ range $port_map := .PROXY_PORT_MAP | split " " }}
+{{ $port_map_list := $port_map | split ":" }}
+{{ $scheme := index $port_map_list 0 }}
+{{ $listen_port := index $port_map_list 1 }}
+
+{{ if eq $scheme "http" }}
+server {
+  listen      [::]:{{ $listen_port }};
+  listen      {{ $listen_port }};
+  server_name {{ $.DOMAIN }};
+  access_log  off;
+  return 301  $scheme://{{ $.DEST_DOMAIN }}$request_uri;
+}
+{{ else if eq $scheme "https"}}
+server {
+  listen      [::]:{{ $listen_port }} ssl {{ if eq $.SPDY_SUPPORTED "true" }}spdy{{ else }}http2{{ end }};
+  listen      {{ $listen_port }} ssl {{ if eq $.SPDY_SUPPORTED "true" }}spdy{{ else }}http2{{ end }};
+  server_name {{ $.DOMAIN }};
+  access_log  off;
+
+  ssl_certificate     {{ $.APP_SSL_PATH }}/server.crt;
+  ssl_certificate_key {{ $.APP_SSL_PATH }}/server.key;
+
+  return 301  $scheme://{{ $.DEST_DOMAIN }}$request_uri;
+}
+{{ end }}{{ end }}
diff --git a/templates/redirect.conf b/templates/redirect.conf
deleted file mode 100644
index a547385..0000000
--- a/templates/redirect.conf
+++ /dev/null
@@ -1,6 +0,0 @@
-server {
-  listen      [::]:$NGINX_PORT;
-  listen      $NGINX_PORT;
-  server_name $DOMAIN;
-  return 301 \$scheme://$DEST\$request_uri;
-}
diff --git a/templates/redirect.tls.conf b/templates/redirect.tls.conf
deleted file mode 100644
index fb59999..0000000
--- a/templates/redirect.tls.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-server {
-  listen      [::]:$NGINX_SSL_PORT ssl spdy;
-  listen      $NGINX_SSL_PORT ssl spdy;
-  server_name $DOMAIN;
-$SSL_DIRECTIVES
-
-  keepalive_timeout   70;
-  add_header          Alternate-Protocol  $NGINX_SSL_PORT:npn-spdy/2;
-
-  return 301 \$scheme://$DEST\$request_uri;
-}

From cb934bb15d380931fcaebfcbb2f305407e4d2375 Mon Sep 17 00:00:00 2001
From: Ilya Semenov <semenov@inetss.com>
Date: Thu, 21 Jul 2016 12:48:25 +0600
Subject: [PATCH 2/4] shellcheck annotations

---
 nginx-pre-reload | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/nginx-pre-reload b/nginx-pre-reload
index 6ade66c..fedd4fa 100755
--- a/nginx-pre-reload
+++ b/nginx-pre-reload
@@ -8,7 +8,9 @@ source "$PLUGIN_AVAILABLE_PATH/proxy/functions"
 source "$PLUGIN_AVAILABLE_PATH/nginx-vhosts/functions"
 
 redirect_nginx_pre_load_trigger() {
+  # shellcheck disable=SC2034
   declare desc="add nginx redirect servers"
+  # shellcheck disable=SC2034
   local trigger="redirect_nginx_pre_load_trigger"
 
   local APP="$1"

From 7587650c88b723f1e91988c28af3232909247fcd Mon Sep 17 00:00:00 2001
From: Ilya Semenov <semenov@inetss.com>
Date: Thu, 21 Jul 2016 08:41:58 +0000
Subject: [PATCH 3/4] Prepend redirect rules rather than append

---
 nginx-pre-reload | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/nginx-pre-reload b/nginx-pre-reload
index fedd4fa..cf68d28 100755
--- a/nginx-pre-reload
+++ b/nginx-pre-reload
@@ -16,7 +16,7 @@ redirect_nginx_pre_load_trigger() {
   local APP="$1"
   local APP_ROOT="$DOKKU_ROOT/$APP"
   local REDIRECT_FILE="$APP_ROOT/REDIRECTS"
-  [[ ! -s $REDIRECT_FILE ]] && exit 0
+  [[ ! -s "$REDIRECT_FILE" ]] && exit 0
 
   [[ "$(get_app_proxy_type "$APP")" == "nginx" ]] || exit 0
 
@@ -29,6 +29,9 @@ redirect_nginx_pre_load_trigger() {
     local APP_SSL_PATH="$DOKKU_ROOT/$APP/tls"
   fi
 
+  local NGINX_CONF_PREPEND=$(mktemp)
+  trap "rm -f '$NGINX_CONF_PREPEND'" EXIT
+
   while read line; do
     [[ -z "$line" ]] && continue
     local DOMAIN=$(echo "$line" | cut -d: -f1)
@@ -39,8 +42,13 @@ redirect_nginx_pre_load_trigger() {
           APP_SSL_PATH="$APP_SSL_PATH"
           DOMAIN="$DOMAIN" DEST_DOMAIN="$DEST_DOMAIN"
           PROXY_PORT_MAP="$PROXY_PORT_MAP")
-    sigil "${SIGIL_PARAMS[@]}" | cat -s >> "$NGINX_CONF"
+    sigil "${SIGIL_PARAMS[@]}" | cat -s >> "$NGINX_CONF_PREPEND"
   done <<< "$(< "$REDIRECT_FILE")"
+
+  if [[ -s "$NGINX_CONF_PREPEND" ]]; then
+    cat "$NGINX_CONF" >> "$NGINX_CONF_PREPEND"
+    cat "$NGINX_CONF_PREPEND" > "$NGINX_CONF"
+  fi
 }
 
 redirect_nginx_pre_load_trigger "$@"

From 38c7f8ad030030325e804d4c6403930899ef60f2 Mon Sep 17 00:00:00 2001
From: Ilya Semenov <semenov@inetss.com>
Date: Thu, 21 Jul 2016 09:07:03 +0000
Subject: [PATCH 4/4] shellcheck annotation for trap

---
 nginx-pre-reload | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/nginx-pre-reload b/nginx-pre-reload
index cf68d28..cdff243 100755
--- a/nginx-pre-reload
+++ b/nginx-pre-reload
@@ -30,7 +30,8 @@ redirect_nginx_pre_load_trigger() {
   fi
 
   local NGINX_CONF_PREPEND=$(mktemp)
-  trap "rm -f '$NGINX_CONF_PREPEND'" EXIT
+  # shellcheck disable=SC2064
+  trap "rm -f \"$NGINX_CONF_PREPEND\"" EXIT
 
   while read line; do
     [[ -z "$line" ]] && continue