paulmataruso/docker-zulip
1
0
Fork 0
mirror of https://github.com/zulip/docker-zulip.git synced 2025-11-15 19:31:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added ZULIP_CERTIFICATE_C/ST/L/O/CN env vars to support easier cert creation

Browse Source
This commit is contained in:
Alexander Trost
2015-10-20 19:17:35 +02:00
parent db9492e9af
commit 477f3b1acc
1 changed files with 22 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
entrypoint.sh
View File

@@ -136,16 +136,35 @@ zulipSetup(){
esac esac
if [ ! -z "$ZULIP_AUTO_GENERATE_CERTS" ] && [ "$ZULIP_AUTO_GENERATE_CERTS" == "True" ]; then if [ ! -z "$ZULIP_AUTO_GENERATE_CERTS" ] && [ "$ZULIP_AUTO_GENERATE_CERTS" == "True" ]; then
if [ ! -e "$DATA_DIR/certs/zulip.key" ] && [ ! -e "/etc/ssl/certs/zulip.combined-chain.crt" ]; then if [ ! -e "$DATA_DIR/certs/zulip.key" ] && [ ! -e "/etc/ssl/certs/zulip.combined-chain.crt" ]; then
echo "Certificates auto generation is true. Generating certificates ..." echo "Certificates generation is true. Generating certificates ..."
if [ -z "$ZULIP_CERTIFICATE_SUBJ" ]; then if [ -z "$ZULIP_CERTIFICATE_SUBJ" ]; then
export ZULIP_CERTIFICATE_SUBJ="/C=US/ST=Denial/L=Springfield/O=Dis/CN=$ZULIP_SETTINGS_EXTERNAL_HOST" if [ -z "$ZULIP_CERTIFICATE_C" ]; then
export ZULIP_CERTIFICATE_C="US"
fi
if [ -z "$ZULIP_CERTIFICATE_ST" ]; then
export ZULIP_CERTIFICATE_ST="Denial"
fi
if [ -z "$ZULIP_CERTIFICATE_L" ]; then
export ZULIP_CERTIFICATE_L="Springfield"
fi
if [ -z "$ZULIP_CERTIFICATE_O" ]; then
export ZULIP_CERTIFICATE_O="Dis"
fi
if [ -z "$ZULIP_CERTIFICATE_CN" ]; then
if [ -z "$ZULIP_SETTINGS_EXTERNAL_HOST" ]; then
echo "Certificates generation failed. Missing ZULIP_CERTIFICATE_CN and as backup ZULIP_SETTINGS_EXTERNAL_HOST not given."
exit 1
fi
export ZULIP_CERTIFICATE_CN="$ZULIP_SETTINGS_EXTERNAL_HOST"
fi
export ZULIP_CERTIFICATE_SUBJ="/C=$ZULIP_CERTIFICATE_C/ST=$ZULIP_CERTIFICATE_ST/L=$ZULIP_CERTIFICATE_L/O=$ZULIP_CERTIFICATE_O/CN=$ZULIP_CERTIFICATE_CN"
fi fi
openssl genrsa -des3 -passout pass:x -out /tmp/server.pass.key 4096 openssl genrsa -des3 -passout pass:x -out /tmp/server.pass.key 4096
openssl rsa -passin pass:x -in /tmp/server.pass.key -out "$DATA_DIR/certs/zulip.key" openssl rsa -passin pass:x -in /tmp/server.pass.key -out "$DATA_DIR/certs/zulip.key"
openssl req -new -nodes -subj "$ZULIP_CERTIFICATE_SUBJ" -key "$DATA_DIR/certs/zulip.key" -out /tmp/server.csr openssl req -new -nodes -subj "$ZULIP_CERTIFICATE_SUBJ" -key "$DATA_DIR/certs/zulip.key" -out /tmp/server.csr
openssl x509 -req -days 365 -in /tmp/server.csr -signkey "$DATA_DIR/certs/zulip.key" -out "$DATA_DIR/certs/zulip.combined-chain.crt" openssl x509 -req -days 365 -in /tmp/server.csr -signkey "$DATA_DIR/certs/zulip.key" -out "$DATA_DIR/certs/zulip.combined-chain.crt"
rm -f /tmp/server.csr /tmp/server.pass.key rm -f /tmp/server.csr /tmp/server.pass.key
echo "Certificates auto generation done." echo "Certificates generation done."
else else
echo "Certificates already exist. No need to generate them." echo "Certificates already exist. No need to generate them."
fi fi