fix(entrypoint): fix permissions on generated certs
- set private key to be group readable - create chain.pem from fullchain.pem - generate dhparams for TLS1.2
This commit is contained in:
parent
81cfe975b4
commit
2dbcd4a845
@ -22,10 +22,20 @@ certificateGenerateNew() {
|
|||||||
printf "\nGenerating new self-signed certificate:\n"
|
printf "\nGenerating new self-signed certificate:\n"
|
||||||
# shellcheck disable=SC3028
|
# shellcheck disable=SC3028
|
||||||
if [ -z "$CERT_HOSTNAME" ]; then export CERT_HOSTNAME="$HOSTNAME"; fi
|
if [ -z "$CERT_HOSTNAME" ]; then export CERT_HOSTNAME="$HOSTNAME"; fi
|
||||||
|
# create placeholder files to set permissions
|
||||||
|
touch /certs/fullchain.pem && chmod 664 /certs/fullchain.pem
|
||||||
|
touch /certs/privkey.pem && chmod 640 /certs/privkey.pem
|
||||||
|
# generate certificate
|
||||||
if ! openssl req -new -x509 -days 365 -nodes -out /certs/fullchain.pem -keyout /certs/privkey.pem -config /etc/selfsigned.cnf; then
|
if ! openssl req -new -x509 -days 365 -nodes -out /certs/fullchain.pem -keyout /certs/privkey.pem -config /etc/selfsigned.cnf; then
|
||||||
printf "\nUnable to generate certificate. Is your 'certs' directory writable by this container?\n\n"
|
printf "\nUnable to generate certificate. Is your 'certs' directory writable by this container?\n\n"
|
||||||
exit 55
|
exit 55
|
||||||
fi
|
fi
|
||||||
|
cp /certs/fullchain.pem /certs/chain.pem
|
||||||
|
# generate dh-params for TLS1.2
|
||||||
|
if ! openssl dhparam -dsaparam -out /certs/dhparam.pem 4096; then
|
||||||
|
printf "\nUnable to generate dh-params. Is you 'certs' directory writable by this container?\n\n"
|
||||||
|
exit 56
|
||||||
|
fi
|
||||||
|
|
||||||
# print message to user
|
# print message to user
|
||||||
printf "\n\nA self-signed certificate has been generated and saved in the location mounted to '/certs' in this container.\n"
|
printf "\n\nA self-signed certificate has been generated and saved in the location mounted to '/certs' in this container.\n"
|
||||||
@ -161,6 +171,7 @@ exit 99
|
|||||||
# 52: unable to read certificate/chain
|
# 52: unable to read certificate/chain
|
||||||
# 53: unable to read private key
|
# 53: unable to read private key
|
||||||
# 55: unable to generate new certificate
|
# 55: unable to generate new certificate
|
||||||
|
# 56: unable to generate dh-params
|
||||||
# 99: code error
|
# 99: code error
|
||||||
|
|
||||||
#EOF
|
#EOF
|
||||||
|
Loading…
Reference in New Issue
Block a user