From a347a4ae65ec8e54fc15d012ad557de1035f4a12 Mon Sep 17 00:00:00 2001 From: Jamie Nguyen Date: Mon, 16 Jul 2018 11:25:08 +0100 Subject: Allow bind mounting in /cert.pem and /privkey.pem --- 2.4/docker-entrypoint.sh | 42 ++++++++++++++++++++++-------------------- 1 file changed, 22 insertions(+), 20 deletions(-) (limited to '2.4/docker-entrypoint.sh') diff --git a/2.4/docker-entrypoint.sh b/2.4/docker-entrypoint.sh index cff51eb..74da63b 100755 --- a/2.4/docker-entrypoint.sh +++ b/2.4/docker-entrypoint.sh @@ -74,25 +74,27 @@ if [ "x$ANONYMOUS_METHODS" != "x" ]; then fi fi -case "${SSL_CERT:-none}" in - "selfsigned") - # Generate self-signed SSL certificate. - # If SERVER_NAMES is given, use the first domain as the Common Name. - if [ ! -e /privkey.pem ] || [ ! -e /cert.pem ]; then - apk add --no-cache openssl - openssl req -x509 -newkey rsa:2048 -days 1000 -nodes \ - -keyout /privkey.pem -out /cert.pem -subj "/CN=${SERVER_NAME:-selfsigned}" - apk del --no-cache openssl - fi - # Enable SSL Apache modules. - for i in http2 ssl; do - sed -i -e "/^#LoadModule ${i}_module.*/s/^#//" "$HTTPD_PREFIX/conf/httpd.conf" - done - # Enable SSL vhost. - if [ -e /privkey.pem ] && [ -e /cert.pem ]; then - ln -s ../sites-available/default-ssl.conf "$HTTPD_PREFIX/conf/sites-enabled"; \ - fi - ;; -esac +# If specified, generate a selfsigned certificate. +if [ "${SSL_CERT:-none}" = "selfsigned" ]; then + # Generate self-signed SSL certificate. + # If SERVER_NAMES is given, use the first domain as the Common Name. + if [ ! -e /privkey.pem ] || [ ! -e /cert.pem ]; then + apk add --no-cache openssl + openssl req -x509 -newkey rsa:2048 -days 1000 -nodes \ + -keyout /privkey.pem -out /cert.pem -subj "/CN=${SERVER_NAME:-selfsigned}" + apk del --no-cache openssl + fi +fi + +# This will either be the self-signed certificate generated above or one that +# has been bind mounted in by the user. +if [ -e /privkey.pem ] && [ -e /cert.pem ]; then + # Enable SSL Apache modules. + for i in http2 ssl; do + sed -i -e "/^#LoadModule ${i}_module.*/s/^#//" "$HTTPD_PREFIX/conf/httpd.conf" + done + # Enable SSL vhost. + ln -s ../sites-available/default-ssl.conf "$HTTPD_PREFIX/conf/sites-enabled"; \ +fi exec "$@" -- cgit v1.2.3