From a347a4ae65ec8e54fc15d012ad557de1035f4a12 Mon Sep 17 00:00:00 2001 From: Jamie Nguyen Date: Mon, 16 Jul 2018 11:25:08 +0100 Subject: Allow bind mounting in /cert.pem and /privkey.pem --- 2.4/docker-entrypoint.sh | 42 ++++++++++++++++++++++-------------------- README.md | 9 ++++++++- 2 files changed, 30 insertions(+), 21 deletions(-) diff --git a/2.4/docker-entrypoint.sh b/2.4/docker-entrypoint.sh index cff51eb..74da63b 100755 --- a/2.4/docker-entrypoint.sh +++ b/2.4/docker-entrypoint.sh @@ -74,25 +74,27 @@ if [ "x$ANONYMOUS_METHODS" != "x" ]; then fi fi -case "${SSL_CERT:-none}" in - "selfsigned") - # Generate self-signed SSL certificate. - # If SERVER_NAMES is given, use the first domain as the Common Name. - if [ ! -e /privkey.pem ] || [ ! -e /cert.pem ]; then - apk add --no-cache openssl - openssl req -x509 -newkey rsa:2048 -days 1000 -nodes \ - -keyout /privkey.pem -out /cert.pem -subj "/CN=${SERVER_NAME:-selfsigned}" - apk del --no-cache openssl - fi - # Enable SSL Apache modules. - for i in http2 ssl; do - sed -i -e "/^#LoadModule ${i}_module.*/s/^#//" "$HTTPD_PREFIX/conf/httpd.conf" - done - # Enable SSL vhost. - if [ -e /privkey.pem ] && [ -e /cert.pem ]; then - ln -s ../sites-available/default-ssl.conf "$HTTPD_PREFIX/conf/sites-enabled"; \ - fi - ;; -esac +# If specified, generate a selfsigned certificate. +if [ "${SSL_CERT:-none}" = "selfsigned" ]; then + # Generate self-signed SSL certificate. + # If SERVER_NAMES is given, use the first domain as the Common Name. + if [ ! -e /privkey.pem ] || [ ! -e /cert.pem ]; then + apk add --no-cache openssl + openssl req -x509 -newkey rsa:2048 -days 1000 -nodes \ + -keyout /privkey.pem -out /cert.pem -subj "/CN=${SERVER_NAME:-selfsigned}" + apk del --no-cache openssl + fi +fi + +# This will either be the self-signed certificate generated above or one that +# has been bind mounted in by the user. +if [ -e /privkey.pem ] && [ -e /cert.pem ]; then + # Enable SSL Apache modules. + for i in http2 ssl; do + sed -i -e "/^#LoadModule ${i}_module.*/s/^#//" "$HTTPD_PREFIX/conf/httpd.conf" + done + # Enable SSL vhost. + ln -s ../sites-available/default-ssl.conf "$HTTPD_PREFIX/conf/sites-enabled"; \ +fi exec "$@" diff --git a/README.md b/README.md index 9bab72f..52b9f59 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,9 @@ This image runs an easily configurable WebDAV server with Apache. +You can configure the authentication type, the authentication of multiple +users, or to run with a self-signed SSL certificate. + * **Code repository:** https://github.com/BytemarkHosting/docker-webdav * **Where to file issues:** @@ -19,7 +22,8 @@ This image runs an easily configurable WebDAV server with Apache. ### Basic WebDAV server -This example starts a WebDAV server. +This example starts a WebDAV server on port 80. It can only be accessed by +a single username and password. When using unencrypted HTTP, use `Digest` authentication (instead of `Basic`) to avoid sending plaintext passwords in the clear. @@ -67,6 +71,9 @@ docker run --restart always -v /srv/dav:/var/lib/dav \ ``` +If you bind mount a certificate chain to `/cert.pem` and a private key to +`/privkey.pem`, the container will use that instead! + ### Authenticate multiple clients Specifying `USERNAME` and `PASSWORD` only supports a single user. If you want -- cgit v1.2.3