ag-admin/OpenSlides
0
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #6275 from peb-adr/https

Browse Source 
make local cert file location adjustable
This commit is contained in:
Sean 2021-11-11 15:46:36 +01:00 committed by GitHub
commit 3b798b8ce8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
proxy/README.md
View File

@ -18,8 +18,9 @@ be set to avoid hitting rate limits.
Importantly, port 80 on the host must be forwarded to port 8001 on which caddy Importantly, port 80 on the host must be forwarded to port 8001 on which caddy
will answer the ACME-challenge during certificate retrieval. will answer the ACME-challenge during certificate retrieval.
Alternatively a locally generated certificate can be used by executing Alternatively a locally generated certificate can be used by setting
`make-localhost-cert.sh` before building the docker image (!) and setting `ENABLE_LOCAL_HTTPS=1 HTTPS_CERT_FILE=path/to/crt HTTPS_CERT_FILE=path/to/key`
`ENABLE_LOCAL_HTTPS=1`. This is mostly for dev setup purposes and is not useful and providing cert and key files at the specified location. This is mostly for
for a public domain as the cert is not issued by a trusted CA and therefore dev and testing setups and is not useful for a public domain as the cert is not
not trusted by browsers. If set, this overrules `ENABLE_AUTO_HTTPS`. issued by a trusted CA and therefore not trusted by browsers. If set, this
overrules `ENABLE_AUTO_HTTPS`.

6
proxy/entrypoint
View File

@ -4,6 +4,8 @@ set -e
config=/etc/caddy/config.json config=/etc/caddy/config.json
base=/caddy_base.json base=/caddy_base.json
HTTPS_CERT_FILE="${HTTPS_CERT_FILE:-/certs/cert.pem}"
HTTPS_KEY_FILE="${HTTPS_KEY_FILE:-/certs/key.pem}"
# set defaults in base # set defaults in base
ACTION_HOST="${ACTION_HOST:-backend}" ACTION_PORT="${ACTION_PORT:-9002}" \ ACTION_HOST="${ACTION_HOST:-backend}" ACTION_PORT="${ACTION_PORT:-9002}" \
@ -23,12 +25,12 @@ jq_write() {
### HTTPS ### ### HTTPS ###
if [ -n "$ENABLE_LOCAL_HTTPS" ]; then if [ -n "$ENABLE_LOCAL_HTTPS" ]; then
[ -f /certs/cert.pem ] && [ -f /certs/key.pem ] || { [ -f "$HTTPS_CERT_FILE" ] && [ -f "$HTTPS_KEY_FILE" ] || {
echo "ERROR: no local cert-files provided. Did you run make-localhost-cert.sh?" echo "ERROR: no local cert-files provided. Did you run make-localhost-cert.sh?"
exit 1 exit 1
} }
jq_write ".apps.http.servers.srv0.tls_connection_policies = [{ certificate_selection: { any_tag: [ \"cert0\" ] }}]" jq_write ".apps.http.servers.srv0.tls_connection_policies = [{ certificate_selection: { any_tag: [ \"cert0\" ] }}]"
jq_write ".apps.tls = { certificates: { load_files: [{ certificate: \"/certs/cert.pem\", key: \"/certs/key.pem\", tags: [ \"cert0\" ] }] }}" jq_write ".apps.tls = { certificates: { load_files: [{ certificate: \"$HTTPS_CERT_FILE\", key: \"$HTTPS_KEY_FILE\", tags: [ \"cert0\" ] }] }}"
else else
if [ -n "$ENABLE_AUTO_HTTPS" ]; then if [ -n "$ENABLE_AUTO_HTTPS" ]; then
if [ -n "$EXTERNAL_ADDRESS" ]; then if [ -n "$EXTERNAL_ADDRESS" ]; then