added default ssl cert

amd64.dockerfile

@@ -10,15 +10,16 @@
       apk --no-cache add \
         curl \
         tzdata \
-        shadow; \
+        shadow \
-      apk --no-cache upgrade; \
+        openssl; \
-      apk cache clear;
+      apk --no-cache upgrade;
 
   # :: prepare image
     RUN set -ex; \
       mkdir -p ${APP_ROOT}; \
       mkdir -p ${APP_ROOT}/etc; \
       mkdir -p ${APP_ROOT}/var; \
+      mkdir -p ${APP_ROOT}/ssl; \
       rm -f /etc/defaults/influxdb2/config.yml; \
       ln -s ${APP_ROOT}/etc/config.yml /etc/defaults/influxdb2/config.yml; \
       mv /entrypoint.sh /usr/local/bin;
@@ -47,4 +48,4 @@
 
 # :: Start
 	USER docker
-  ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
+  ENTRYPOINT ["/usr/local/bin/entrypoint.custom.sh"]

rootfs/influxdb/etc/config.yml

@@ -1,3 +1,4 @@
 bolt-path: /influxdb/var/influxd.bolt
 engine-path: /influxdb/var/engine
-nats-port: 4222
+tls-cert: "/influxdb/ssl/cert.pem"
+tls-key: "/influxdb/ssl/key.pem"

rootfs/usr/local/bin/entrypoint.custom.sh

@@ -0,0 +1,11 @@
+#!/bin/ash
+
+  if [ ! -f "${APP_ROOT}/ssl/cert.pem" ]; then
+    openssl req -x509 -newkey rsa:4096 -subj "/C=XX/ST=XX/L=XX/O=XX/OU=XX/CN=XX" \
+      -keyout "${APP_ROOT}/ssl/key.pem" \
+      -out "${APP_ROOT}/ssl/cert.pem" \
+      -days 3650 -nodes -sha256 &> /dev/null
+  fi
+
+  sed -i s#INFLUXD_TLS_CERT='' INFLUXD_TLS_KEY=''## /usr/local/bin/entrypoint.sh
+  /usr/local/bin/entrypoint.sh

rootfs/usr/local/bin/healthcheck.sh

@@ -1,2 +1,2 @@
 #!/bin/ash
-  curl --max-time 5 -kILs --fail http://localhost:8086/ping
+  curl --max-time 5 -kILs --fail https://localhost:8086/ping