#!/bin/sh set -e config=/etc/caddy/config.json base=/caddy_base.json HTTPS_CERT_FILE="${HTTPS_CERT_FILE:-/certs/cert.pem}" HTTPS_KEY_FILE="${HTTPS_KEY_FILE:-/certs/key.pem}" cp $base $config # set defaults in base ACTION_HOST="${ACTION_HOST:-backend}" ACTION_PORT="${ACTION_PORT:-9002}" \ PRESENTER_HOST="${PRESENTER_HOST:-backend}" PRESENTER_PORT="${PRESENTER_PORT:-9003}" \ AUTOUPDATE_HOST="${AUTOUPDATE_HOST:-autoupdate}" AUTOUPDATE_PORT="${AUTOUPDATE_PORT:-9012}" \ ICC_HOST="${ICC_HOST:-icc}" ICC_PORT="${ICC_PORT:-9013}" \ AUTH_HOST="${AUTH_HOST:-auth}" AUTH_PORT="${AUTH_PORT:-9004}" \ MEDIA_HOST="${MEDIA_HOST:-media}" MEDIA_PORT="${MEDIA_PORT:-9006}" \ MANAGE_HOST="${MANAGE_HOST:-manage}" MANAGE_PORT="${MANAGE_PORT:-9008}" \ CLIENT_HOST="${CLIENT_HOST:-client}" CLIENT_PORT="${CLIENT_PORT:-9001}" \ envsubst < "$config" > "$config.out" && mv -f "$config.out" "$config" jq_write() { filter=$1 jq "$filter" "$config" > "$config.out" && mv -f "$config.out" "$config" } ### HTTPS ### if [ -n "$ENABLE_LOCAL_HTTPS" ]; then [ -f "$HTTPS_CERT_FILE" ] && [ -f "$HTTPS_KEY_FILE" ] || { echo "ERROR: no local cert-files provided. Did you run make-localhost-cert.sh?" exit 1 } jq_write ".apps.http.servers.srv0.tls_connection_policies = [{ certificate_selection: { any_tag: [ \"cert0\" ] }}]" jq_write ".apps.tls = { certificates: { load_files: [{ certificate: \"$HTTPS_CERT_FILE\", key: \"$HTTPS_KEY_FILE\", tags: [ \"cert0\" ] }] }}" else if [ -n "$ENABLE_AUTO_HTTPS" ]; then if [ -n "$EXTERNAL_ADDRESS" ]; then echo "INFO: For the automatic https to work ports 443 and 80 of the host must be directed to 8000 and 8001 of this container" jq_write "del(.apps.http.servers.srv0.automatic_https)" # disabled in base jq_write ".apps.http.https_port = 8000" jq_write ".apps.http.http_port = 8001" jq_write ".apps.http.servers.srv0.routes[-1].match = [{ host: [\"$EXTERNAL_ADDRESS\"]}]" if [ -n "$ACME_ENDPOINT" ]; then jq_write ".apps.tls.automation.policies[0].issuers[0].ca = \"${ACME_ENDPOINT}\"" fi else echo "ERROR: EXTERNAL_ADDRESS needed for automatic HTTPS / cert generation" exit 1 fi fi fi exec "$@"