diff options
author | Jamie Nguyen <j@jamielinux.com> | 2018-07-16 11:25:08 +0100 |
---|---|---|
committer | Jamie Nguyen <j@jamielinux.com> | 2018-07-16 11:25:08 +0100 |
commit | a347a4ae65ec8e54fc15d012ad557de1035f4a12 (patch) | |
tree | 715b8459aba01b51160beedc18d0a580fa68a0e6 /2.4 | |
parent | 213fa1f8a37fb59163ab1bde931b2294d045363e (diff) | |
download | apache-a347a4ae65ec8e54fc15d012ad557de1035f4a12.tar.gz apache-a347a4ae65ec8e54fc15d012ad557de1035f4a12.tar.bz2 apache-a347a4ae65ec8e54fc15d012ad557de1035f4a12.tar.xz apache-a347a4ae65ec8e54fc15d012ad557de1035f4a12.zip |
Allow bind mounting in /cert.pem and /privkey.pem
Diffstat (limited to '2.4')
-rwxr-xr-x | 2.4/docker-entrypoint.sh | 42 |
1 files changed, 22 insertions, 20 deletions
diff --git a/2.4/docker-entrypoint.sh b/2.4/docker-entrypoint.sh index cff51eb..74da63b 100755 --- a/2.4/docker-entrypoint.sh +++ b/2.4/docker-entrypoint.sh @@ -74,25 +74,27 @@ if [ "x$ANONYMOUS_METHODS" != "x" ]; then fi fi -case "${SSL_CERT:-none}" in - "selfsigned") - # Generate self-signed SSL certificate. - # If SERVER_NAMES is given, use the first domain as the Common Name. - if [ ! -e /privkey.pem ] || [ ! -e /cert.pem ]; then - apk add --no-cache openssl - openssl req -x509 -newkey rsa:2048 -days 1000 -nodes \ - -keyout /privkey.pem -out /cert.pem -subj "/CN=${SERVER_NAME:-selfsigned}" - apk del --no-cache openssl - fi - # Enable SSL Apache modules. - for i in http2 ssl; do - sed -i -e "/^#LoadModule ${i}_module.*/s/^#//" "$HTTPD_PREFIX/conf/httpd.conf" - done - # Enable SSL vhost. - if [ -e /privkey.pem ] && [ -e /cert.pem ]; then - ln -s ../sites-available/default-ssl.conf "$HTTPD_PREFIX/conf/sites-enabled"; \ - fi - ;; -esac +# If specified, generate a selfsigned certificate. +if [ "${SSL_CERT:-none}" = "selfsigned" ]; then + # Generate self-signed SSL certificate. + # If SERVER_NAMES is given, use the first domain as the Common Name. + if [ ! -e /privkey.pem ] || [ ! -e /cert.pem ]; then + apk add --no-cache openssl + openssl req -x509 -newkey rsa:2048 -days 1000 -nodes \ + -keyout /privkey.pem -out /cert.pem -subj "/CN=${SERVER_NAME:-selfsigned}" + apk del --no-cache openssl + fi +fi + +# This will either be the self-signed certificate generated above or one that +# has been bind mounted in by the user. +if [ -e /privkey.pem ] && [ -e /cert.pem ]; then + # Enable SSL Apache modules. + for i in http2 ssl; do + sed -i -e "/^#LoadModule ${i}_module.*/s/^#//" "$HTTPD_PREFIX/conf/httpd.conf" + done + # Enable SSL vhost. + ln -s ../sites-available/default-ssl.conf "$HTTPD_PREFIX/conf/sites-enabled"; \ +fi exec "$@" |