make local cert file location adjustable
This commit is contained in:
parent
e9d0c07eb4
commit
84d38dc553
@ -18,8 +18,9 @@ be set to avoid hitting rate limits.
|
|||||||
Importantly, port 80 on the host must be forwarded to port 8001 on which caddy
|
Importantly, port 80 on the host must be forwarded to port 8001 on which caddy
|
||||||
will answer the ACME-challenge during certificate retrieval.
|
will answer the ACME-challenge during certificate retrieval.
|
||||||
|
|
||||||
Alternatively a locally generated certificate can be used by executing
|
Alternatively a locally generated certificate can be used by setting
|
||||||
`make-localhost-cert.sh` before building the docker image (!) and setting
|
`ENABLE_LOCAL_HTTPS=1 HTTPS_CERT_FILE=path/to/crt HTTPS_CERT_FILE=path/to/key`
|
||||||
`ENABLE_LOCAL_HTTPS=1`. This is mostly for dev setup purposes and is not useful
|
and providing cert and key files at the specified location. This is mostly for
|
||||||
for a public domain as the cert is not issued by a trusted CA and therefore
|
dev and testing setups and is not useful for a public domain as the cert is not
|
||||||
not trusted by browsers. If set, this overrules `ENABLE_AUTO_HTTPS`.
|
issued by a trusted CA and therefore not trusted by browsers. If set, this
|
||||||
|
overrules `ENABLE_AUTO_HTTPS`.
|
||||||
|
@ -4,6 +4,8 @@ set -e
|
|||||||
|
|
||||||
config=/etc/caddy/config.json
|
config=/etc/caddy/config.json
|
||||||
base=/caddy_base.json
|
base=/caddy_base.json
|
||||||
|
HTTPS_CERT_FILE="${HTTPS_CERT_FILE:-/certs/cert.pem}"
|
||||||
|
HTTPS_KEY_FILE="${HTTPS_KEY_FILE:-/certs/key.pem}"
|
||||||
|
|
||||||
# set defaults in base
|
# set defaults in base
|
||||||
ACTION_HOST="${ACTION_HOST:-backend}" ACTION_PORT="${ACTION_PORT:-9002}" \
|
ACTION_HOST="${ACTION_HOST:-backend}" ACTION_PORT="${ACTION_PORT:-9002}" \
|
||||||
@ -23,12 +25,12 @@ jq_write() {
|
|||||||
|
|
||||||
### HTTPS ###
|
### HTTPS ###
|
||||||
if [ -n "$ENABLE_LOCAL_HTTPS" ]; then
|
if [ -n "$ENABLE_LOCAL_HTTPS" ]; then
|
||||||
[ -f /certs/cert.pem ] && [ -f /certs/key.pem ] || {
|
[ -f "$HTTPS_CERT_FILE" ] && [ -f "$HTTPS_KEY_FILE" ] || {
|
||||||
echo "ERROR: no local cert-files provided. Did you run make-localhost-cert.sh?"
|
echo "ERROR: no local cert-files provided. Did you run make-localhost-cert.sh?"
|
||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
jq_write ".apps.http.servers.srv0.tls_connection_policies = [{ certificate_selection: { any_tag: [ \"cert0\" ] }}]"
|
jq_write ".apps.http.servers.srv0.tls_connection_policies = [{ certificate_selection: { any_tag: [ \"cert0\" ] }}]"
|
||||||
jq_write ".apps.tls = { certificates: { load_files: [{ certificate: \"/certs/cert.pem\", key: \"/certs/key.pem\", tags: [ \"cert0\" ] }] }}"
|
jq_write ".apps.tls = { certificates: { load_files: [{ certificate: \"$HTTPS_CERT_FILE\", key: \"$HTTPS_KEY_FILE\", tags: [ \"cert0\" ] }] }}"
|
||||||
else
|
else
|
||||||
if [ -n "$ENABLE_AUTO_HTTPS" ]; then
|
if [ -n "$ENABLE_AUTO_HTTPS" ]; then
|
||||||
if [ -n "$EXTERNAL_ADDRESS" ]; then
|
if [ -n "$EXTERNAL_ADDRESS" ]; then
|
||||||
|
Loading…
Reference in New Issue
Block a user