[fix] Handle missing VPN_DOMAIN safely in OpenVPN startup #572

Piyushkhobragade · Piyushkhobragade · commit 06ebe435d48f · 2026-03-28T12:45:18.000Z
Avoid container failure when VPN_DOMAIN is unset by logging a warning and exiting gracefully. Fixes #572
diff --git a/images/common/init_command.sh b/images/common/init_command.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 # OpenWISP common module init script
 set -e
 source utils.sh
@@ -29,7 +29,10 @@ elif [ "$MODULE_NAME" = 'freeradius' ]; then
 		source docker-entrypoint.sh -X
 	fi
 elif [ "$MODULE_NAME" = 'openvpn' ]; then
-	if [ -z "$VPN_DOMAIN" ]; then echo "VPN_DOMAIN is required" >if [ -z "$VPN_DOMAIN" ]; then echo "VPN_DOMAIN is required" >if [ -z "$VPN_DOMAIN" ]; then exit; fi2; exit 1; fi2; exit 1; fi
+        if [ -z "$VPN_DOMAIN" ]; then
+                echo "WARNING: VPN_DOMAIN not set, skipping OpenVPN setup" >&2
+                exit 0
+        fi
 	wait_nginx_services
 	openvpn_preconfig
 	openvpn_config
@@ -43,7 +46,7 @@ elif [ "$MODULE_NAME" = 'openvpn' ]; then
 	crond
 	# Schedule send topology script only when
 	# network topology module is enabled.
-	if [ "$USE_OPENWISP_TOPOLOGY" = "True" ]; then
+	if [ "$USE_OPENWISP_TOPOLOGY" == "True" ]; then
 		init_send_network_topology
 	fi
 	# Supervisor is used to start the service because OpenVPN
@@ -66,7 +69,7 @@ elif [ "$MODULE_NAME" = 'nginx' ]; then
 	# sentinel from the generated nginx.conf.
 	export NGINX_WORKER_RLIMIT_NOFILE="${NGINX_WORKER_RLIMIT_NOFILE:-__UNSET__}"
 	envsubst </etc/nginx/nginx.template.conf >/etc/nginx/nginx.conf
-	# Remove incomplete worker_rlimit_nofile directives if env var is unset or empty
+    # Remove incomplete worker_rlimit_nofile directives if env var is unset or empty
 	sed -i '/__UNSET__/d; /^worker_rlimit_nofile *$/d; /^[[:space:]]*$/d' /etc/nginx/nginx.conf
 	envsubst_create_config /etc/nginx/openwisp.internal.template.conf internal INTERNAL
 	if [ "$SSL_CERT_MODE" = 'Yes' ]; then
@@ -93,7 +96,7 @@ elif [ "$MODULE_NAME" = 'celery' ]; then
 			${OPENWISP_CELERY_NETWORK_COMMAND_FLAGS}
 	fi
 
-	if [ "$USE_OPENWISP_FIRMWARE" = "True" ] && [ "$USE_OPENWISP_CELERY_FIRMWARE" = "True" ]; then
+	if [[ "$USE_OPENWISP_FIRMWARE" == "True" && "$USE_OPENWISP_CELERY_FIRMWARE" == "True" ]]; then
 		echo "Starting the 'firmware_upgrader' celery worker"
 		celery -A openwisp worker -l ${DJANGO_LOG_LEVEL} --queues firmware_upgrader \
 			-n firmware_upgrader@%h --logfile /opt/openwisp/logs/celery_firmware_upgrader.log \
@@ -104,7 +107,7 @@ elif [ "$MODULE_NAME" = 'celery' ]; then
 	tail -f /opt/openwisp/logs/*
 elif [ "$MODULE_NAME" = 'celery_monitoring' ]; then
 	python services.py database redis dashboard
-	if [ "$USE_OPENWISP_MONITORING" = "True" ] && [ "$USE_OPENWISP_CELERY_MONITORING" = "True" ]; then
+	if [[ "$USE_OPENWISP_MONITORING" == "True" && "$USE_OPENWISP_CELERY_MONITORING" == 'True' ]]; then
 		echo "Starting the 'monitoring' celery worker"
 		celery -A openwisp worker -l ${DJANGO_LOG_LEVEL} --queues monitoring \
 			-n monitoring@%h --logfile /opt/openwisp/logs/celery_monitoring.log \
