From 4ea891363fcc2812a2dc31e8a7ab3e2666511b7d Mon Sep 17 00:00:00 2001 From: Janne Koschinski <janne@kuschku.de> Date: Thu, 11 Feb 2021 18:27:05 +0100 Subject: [PATCH] Allow specifying tls keypair as base64 env variables --- Dockerfile | 4 ++++ src/docker-entrypoint.sh | 20 +++++++++++++++++--- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index b32c8df..2ceefb4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -123,8 +123,12 @@ ENV OIDENTD_CONF_FILE="" # Require SSL for remote (non-loopback) client connections. ENV SSL_REQUIRED="false" +# Specify the base64 encoded data for the SSL certificate. +ENV SSL_CERT_DATA="" # Specify the path to the SSL certificate. ENV SSL_CERT_FILE="" +# Specify the base64 encoded data for the SSL certificate. +ENV SSL_KEY_DATA="" # Specify the path to the SSL key. ENV SSL_KEY_FILE="" diff --git a/src/docker-entrypoint.sh b/src/docker-entrypoint.sh index f7ce10b..d247e02 100755 --- a/src/docker-entrypoint.sh +++ b/src/docker-entrypoint.sh @@ -6,7 +6,7 @@ declare -a quasselcore_args quasselcore_args+=( --configdir "${CONFIG_DIR}" ) - + # The address(es) quasselcore will listen on. # format: <address>[,<address>[,...]] if [[ "${QUASSEL_PORT}" != "4242" ]]; then @@ -14,7 +14,7 @@ if [[ "${QUASSEL_PORT}" != "4242" ]]; then --port "${QUASSEL_PORT}" ) fi - + # The port quasselcore will listen at. # format: port if [[ "${QUASSEL_LISTEN}" != "::,0.0.0.0" ]]; then @@ -58,7 +58,7 @@ if [[ "${IDENT_LISTEN}" != "::1,127.0.0.1" ]]; then --ident-listen "${IDENT_LISTEN}" ) fi - + # The port quasselcore will listen at for ident requests. Only meaningful with --ident-daemon. # format: port if [[ "${IDENT_PORT}" != "10113" ]]; then @@ -89,6 +89,13 @@ if [[ "${SSL_REQUIRED}" == "true" ]]; then ) fi +# Specify the path to the SSL certificate. +# format: base64 data +if [[ ! -z "${SSL_CERT_DATA}" ]]; then + echo "${SSL_CERT_DATA}" | base64 -d > /tls.crt + export SSL_CERT_FILE=/tls.crt +fi + # Specify the path to the SSL certificate. # format: path if [[ ! -z "${SSL_CERT_FILE}" ]]; then @@ -97,6 +104,13 @@ if [[ ! -z "${SSL_CERT_FILE}" ]]; then ) fi +# Specify the path to the SSL certificate. +# format: base64 data +if [[ ! -z "${SSL_KEY_DATA}" ]]; then + echo "${SSL_KEY_DATA}" | base64 -d > /tls.key + export SSL_KEY_FILE=/tls.key +fi + # Specify the path to the SSL key. # format: path if [[ ! -z "${SSL_KEY_FILE}" ]]; then -- GitLab