make local cert file location adjustable
This commit is contained in:
parent
e9d0c07eb4
commit
84d38dc553
@ -18,8 +18,9 @@ be set to avoid hitting rate limits.
|
||||
Importantly, port 80 on the host must be forwarded to port 8001 on which caddy
|
||||
will answer the ACME-challenge during certificate retrieval.
|
||||
|
||||
Alternatively a locally generated certificate can be used by executing
|
||||
`make-localhost-cert.sh` before building the docker image (!) and setting
|
||||
`ENABLE_LOCAL_HTTPS=1`. This is mostly for dev setup purposes and is not useful
|
||||
for a public domain as the cert is not issued by a trusted CA and therefore
|
||||
not trusted by browsers. If set, this overrules `ENABLE_AUTO_HTTPS`.
|
||||
Alternatively a locally generated certificate can be used by setting
|
||||
`ENABLE_LOCAL_HTTPS=1 HTTPS_CERT_FILE=path/to/crt HTTPS_CERT_FILE=path/to/key`
|
||||
and providing cert and key files at the specified location. This is mostly for
|
||||
dev and testing setups and is not useful for a public domain as the cert is not
|
||||
issued by a trusted CA and therefore not trusted by browsers. If set, this
|
||||
overrules `ENABLE_AUTO_HTTPS`.
|
||||
|
@ -4,6 +4,8 @@ set -e
|
||||
|
||||
config=/etc/caddy/config.json
|
||||
base=/caddy_base.json
|
||||
HTTPS_CERT_FILE="${HTTPS_CERT_FILE:-/certs/cert.pem}"
|
||||
HTTPS_KEY_FILE="${HTTPS_KEY_FILE:-/certs/key.pem}"
|
||||
|
||||
# set defaults in base
|
||||
ACTION_HOST="${ACTION_HOST:-backend}" ACTION_PORT="${ACTION_PORT:-9002}" \
|
||||
@ -23,12 +25,12 @@ jq_write() {
|
||||
|
||||
### HTTPS ###
|
||||
if [ -n "$ENABLE_LOCAL_HTTPS" ]; then
|
||||
[ -f /certs/cert.pem ] && [ -f /certs/key.pem ] || {
|
||||
[ -f "$HTTPS_CERT_FILE" ] && [ -f "$HTTPS_KEY_FILE" ] || {
|
||||
echo "ERROR: no local cert-files provided. Did you run make-localhost-cert.sh?"
|
||||
exit 1
|
||||
}
|
||||
jq_write ".apps.http.servers.srv0.tls_connection_policies = [{ certificate_selection: { any_tag: [ \"cert0\" ] }}]"
|
||||
jq_write ".apps.tls = { certificates: { load_files: [{ certificate: \"/certs/cert.pem\", key: \"/certs/key.pem\", tags: [ \"cert0\" ] }] }}"
|
||||
jq_write ".apps.tls = { certificates: { load_files: [{ certificate: \"$HTTPS_CERT_FILE\", key: \"$HTTPS_KEY_FILE\", tags: [ \"cert0\" ] }] }}"
|
||||
else
|
||||
if [ -n "$ENABLE_AUTO_HTTPS" ]; then
|
||||
if [ -n "$EXTERNAL_ADDRESS" ]; then
|
||||
|
Loading…
Reference in New Issue
Block a user