added sanity checks for /setup/systemd route

Author: Stan Yagolnitser

nginx.conf

@@ -121,9 +121,26 @@ http {
              alias /ca/ca.crt;
         }
 
-        location /setup {
+        location /setup/systemd {
             add_header "Content-type" "text/plain" always;
             return 200 '
+set -e 
+
+if [ ! -d /etc/systemd ]; then   
+   echo "Not a systemd system"
+   exit 1
+fi
+
+if [[ $EUID -ne 0 ]]; then
+   echo "Must be root to change system files"
+   exit 1
+fi
+
+if [[ $(systemctl is-active --quiet docker.service) -ne 0 ]]; then
+   echo "Docker service missing"
+   exit 1
+fi
+
 mkdir -p /etc/systemd/system/docker.service.d
 cat << EOD > /etc/systemd/system/docker.service.d/http-proxy.conf
 [Service]
@@ -132,19 +149,23 @@ EOD
 
 # Get the CA certificate from the proxy and make it a trusted root.
 curl $scheme://$http_host/ca.crt > /usr/share/ca-certificates/docker_registry_proxy.crt
-echo "docker_registry_proxy.crt" >> /etc/ca-certificates.conf
+if fgrep -q "docker_registry_proxy.crt" /etc/ca-certificates.conf ; then
+   echo "certificate refreshed"
+else
+   echo "docker_registry_proxy.crt" >> /etc/ca-certificates.conf
+fi
+
 update-ca-certificates --fresh
 
 # Reload systemd
 systemctl daemon-reload
 
 # Restart dockerd
 systemctl restart docker.service
+echo "Docker configured with HTTPS_PROXY=$scheme://$http_host/"
 ';
-        }
-
-        # @TODO: add a dynamic root path that generates instructions for usage on docker clients
-    }
+        } # end location /setup/systemd
+    } # end server
 
 
     # The caching layer