ag-admin
/
OpenSlides
0
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

make local cert file location adjustable

This commit is contained in:
Adrian Richter 2021-11-11 15:17:38 +01:00
parent e9d0c07eb4
commit 84d38dc553
2 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
proxy/README.md
View File

@ -18,8 +18,9 @@ be set to avoid hitting rate limits.
Importantly, port 80 on the host must be forwarded to port 8001 on which caddy Importantly, port 80 on the host must be forwarded to port 8001 on which caddy
will answer the ACME-challenge during certificate retrieval. will answer the ACME-challenge during certificate retrieval.
Alternatively a locally generated certificate can be used by executing Alternatively a locally generated certificate can be used by setting
`make-localhost-cert.sh` before building the docker image (!) and setting `ENABLE_LOCAL_HTTPS=1 HTTPS_CERT_FILE=path/to/crt HTTPS_CERT_FILE=path/to/key`
`ENABLE_LOCAL_HTTPS=1`. This is mostly for dev setup purposes and is not useful and providing cert and key files at the specified location. This is mostly for
for a public domain as the cert is not issued by a trusted CA and therefore dev and testing setups and is not useful for a public domain as the cert is not
not trusted by browsers. If set, this overrules `ENABLE_AUTO_HTTPS`. issued by a trusted CA and therefore not trusted by browsers. If set, this
overrules `ENABLE_AUTO_HTTPS`.

6
proxy/entrypoint
View File

@ -4,6 +4,8 @@ set -e
config=/etc/caddy/config.json config=/etc/caddy/config.json
base=/caddy_base.json base=/caddy_base.json
HTTPS_CERT_FILE="${HTTPS_CERT_FILE:-/certs/cert.pem}"
HTTPS_KEY_FILE="${HTTPS_KEY_FILE:-/certs/key.pem}"
# set defaults in base # set defaults in base
ACTION_HOST="${ACTION_HOST:-backend}" ACTION_PORT="${ACTION_PORT:-9002}" \ ACTION_HOST="${ACTION_HOST:-backend}" ACTION_PORT="${ACTION_PORT:-9002}" \
@ -23,12 +25,12 @@ jq_write() {
### HTTPS ### ### HTTPS ###
if [ -n "$ENABLE_LOCAL_HTTPS" ]; then if [ -n "$ENABLE_LOCAL_HTTPS" ]; then
[ -f /certs/cert.pem ] && [ -f /certs/key.pem ] || { [ -f "$HTTPS_CERT_FILE" ] && [ -f "$HTTPS_KEY_FILE" ] || {
echo "ERROR: no local cert-files provided. Did you run make-localhost-cert.sh?" echo "ERROR: no local cert-files provided. Did you run make-localhost-cert.sh?"
exit 1 exit 1
} }
jq_write ".apps.http.servers.srv0.tls_connection_policies = [{ certificate_selection: { any_tag: [ \"cert0\" ] }}]" jq_write ".apps.http.servers.srv0.tls_connection_policies = [{ certificate_selection: { any_tag: [ \"cert0\" ] }}]"
jq_write ".apps.tls = { certificates: { load_files: [{ certificate: \"/certs/cert.pem\", key: \"/certs/key.pem\", tags: [ \"cert0\" ] }] }}" jq_write ".apps.tls = { certificates: { load_files: [{ certificate: \"$HTTPS_CERT_FILE\", key: \"$HTTPS_KEY_FILE\", tags: [ \"cert0\" ] }] }}"
else else
if [ -n "$ENABLE_AUTO_HTTPS" ]; then if [ -n "$ENABLE_AUTO_HTTPS" ]; then
if [ -n "$EXTERNAL_ADDRESS" ]; then if [ -n "$EXTERNAL_ADDRESS" ]; then