external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(docker): fix ca entrypoint logic and healthcheck

Browse source 
With this commit, it is advised to `rm ./data/root_ca.crt ./data/*.pem`,
as new certificates and a root CA will be generated while utilizing the
step volume.

Closes #367

Signed-off-by: Kevin Morris <kevr@0cost.org>
This commit is contained in:
Kevin Morris 2022-08-13 23:17:53 -07:00
parent 6f7ac33166
commit d63615a994
No known key found for this signature in database
GPG key ID: F7E46DED420788F3
3 changed files with 34 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

40
docker/ca-entrypoint.sh
View file

@ -89,34 +89,26 @@ step_cert_request() {
chmod 666 /data/${1}.*.pem
}
if [ ! -f $DATA_ROOT_CA ]; then
if [ ! -d /root/.step/config ]; then
# Remove existing certs.
rm -vf /data/localhost.{cert,key}.pem /data/root_ca.crt
setup_step_ca
install_step_ca
start_step_ca
for host in $DATA_CERT_HOSTS; do
step_cert_request $host /data/${host}.cert.pem /data/${host}.key.pem
done
kill_step_ca
echo -n "WARN: Your certificates are being regenerated to resolve "
echo -n "an inconsistent step-ca state. You will need to re-import "
echo "the root CA certificate into your browser."
else
exec "$@"
fi
# For all hosts separated by spaces in $DATA_CERT_HOSTS, perform a check
# for their existence in /data and react accordingly.
for host in $DATA_CERT_HOSTS; do
if [ -f /data/${host}.cert.pem ] && [ -f /data/${host}.key.pem ]; then
# Found an override. Move on to running the service after
# printing a notification to the user.
echo "Found '${host}.{cert,key}.pem' override, skipping..."
echo -n "Note: If you need to regenerate certificates, run "
echo '`rm -f data/*.{cert,key}.pem` before starting this service.'
exec "$@"
else
# Otherwise, we had a missing cert or key, so remove both.
rm -f /data/${host}.cert.pem
rm -f /data/${host}.key.pem
fi
done
start_step_ca
for host in $DATA_CERT_HOSTS; do
step_cert_request $host /data/${host}.cert.pem /data/${host}.key.pem
done
kill_step_ca
# Set permissions to /data to rwx for everybody.
chmod 777 /data

4
docker/health/ca.sh
View file

@ -1,2 +1,2 @@
exec printf "" 2>>/dev/null >>/dev/tcp/127.0.0.1/8443
#!/bin/bash
exec curl -qkiI 'https://localhost:8443/'