refactor(entrypoint): remove export function
- never a need to export keypair, cert is always enough
This commit is contained in:
parent
c48e985d23
commit
a184866de3
@ -5,8 +5,27 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
# functions
|
# functions
|
||||||
|
certificateCheckEnabled() {
|
||||||
|
if [ "$httpsEnabled" != "TRUE" ]; then
|
||||||
|
printf "\nSSL/TLS not enabled. Please set LR_HTTPS=TRUE if you want to enable SSL/TLS.\n"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
certificateCheckExist() {
|
||||||
|
if [ -n "$(find /certs/ -type d -empty -print)" ]; then
|
||||||
|
printf "noexist"
|
||||||
|
elif ! [ -r "/certs/fullchain.pem" ]; then
|
||||||
|
printf "noread_certificate"
|
||||||
|
elif ! [ -r "/certs/privkey.pem" ]; then
|
||||||
|
printf "noread_key"
|
||||||
|
else
|
||||||
|
printf "ok"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
certificateGenerateNew() {
|
certificateGenerateNew() {
|
||||||
# generate self-signed certificate
|
# generate self-signed certificate and export as PFX
|
||||||
printf "\nGenerating new self-signed certificate:\n"
|
printf "\nGenerating new self-signed certificate:\n"
|
||||||
# shellcheck disable=SC3028
|
# shellcheck disable=SC3028
|
||||||
if [ -z "$CERT_HOSTNAME" ]; then export CERT_HOSTNAME="$HOSTNAME"; fi
|
if [ -z "$CERT_HOSTNAME" ]; then export CERT_HOSTNAME="$HOSTNAME"; fi
|
||||||
@ -14,18 +33,11 @@ certificateGenerateNew() {
|
|||||||
printf "\nUnable to generate certificate. Is your 'certs' directory writable by this container?\n\n"
|
printf "\nUnable to generate certificate. Is your 'certs' directory writable by this container?\n\n"
|
||||||
exit 55
|
exit 55
|
||||||
fi
|
fi
|
||||||
printf "Exporting pfx certificate..."
|
|
||||||
if ! openssl pkcs12 -export -in /certs/fullchain.pem -inkey /certs/privkey.pem -out "/certs/${CERT_HOSTNAME}.pfx" -name "LiveReload" -passout pass:cert1234; then
|
|
||||||
printf "\nUnable to export generated certificate as PFX.\n\n"
|
|
||||||
exit 56
|
|
||||||
fi
|
|
||||||
|
|
||||||
# print message to user
|
# print message to user
|
||||||
printf "\n\nA self-signed certificate has been generated and saved in the location mounted to '/certs' in this container.\n"
|
printf "\n\nA self-signed certificate has been generated and saved in the location mounted to '/certs' in this container.\n"
|
||||||
printf "The certificate and private key are PEM formatted with names 'fullchain.pem' and 'privkey.pem', respectively.\n"
|
printf "The certificate and private key are PEM formatted with names 'fullchain.pem' and 'privkey.pem', respectively.\n"
|
||||||
printf "If you need to import them to a Windows machine, please use the '%s.pfx' file with password 'cert1234'.\n\n" "$CERT_HOSTNAME"
|
printf "Remember to import 'fullchain.pem' to the trusted store on any client machines or you will get warnings.\n\n"
|
||||||
|
|
||||||
if [ "$1" != "noexit" ]; then exit 0; fi
|
|
||||||
}
|
}
|
||||||
|
|
||||||
certificateShow() {
|
certificateShow() {
|
||||||
@ -34,25 +46,11 @@ certificateShow() {
|
|||||||
exit 0
|
exit 0
|
||||||
}
|
}
|
||||||
|
|
||||||
certificateExport() {
|
|
||||||
certificateCheckEnabled
|
|
||||||
printf "\nExporting currently loaded certificate:\n"
|
|
||||||
exit 0
|
|
||||||
}
|
|
||||||
|
|
||||||
certificateCheckEnabled() {
|
|
||||||
if [ "$httpsEnabled" != "TRUE" ]; then
|
|
||||||
printf "\nSSL/TLS not enabled. Please set LR_HTTPS=TRUE if you want to enable SSL/TLS.\n"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
convertCaseUpper() {
|
convertCaseUpper() {
|
||||||
printf "%s" "$1" | tr "[:lower:]" "[:upper:]"
|
printf "%s" "$1" | tr "[:lower:]" "[:upper:]"
|
||||||
}
|
}
|
||||||
|
|
||||||
# default variable values
|
# default variable values
|
||||||
doCertExport=0
|
|
||||||
doCertNew=0
|
doCertNew=0
|
||||||
doCertShow=0
|
doCertShow=0
|
||||||
doServer=0
|
doServer=0
|
||||||
@ -73,13 +71,10 @@ new-cert)
|
|||||||
show-cert)
|
show-cert)
|
||||||
doCertShow=1
|
doCertShow=1
|
||||||
;;
|
;;
|
||||||
export-cert)
|
|
||||||
doCertExport=1
|
|
||||||
;;
|
|
||||||
*)
|
*)
|
||||||
# invalid or unknown option
|
# invalid or unknown option
|
||||||
printf "\nUnknown action requested: %s\n" "$1"
|
printf "\nUnknown action requested: %s\n" "$1"
|
||||||
printf "Valid actions: [listen | server | run | start] | shell | new-cert | show-cert | export-cert\n\n"
|
printf "Valid actions: [listen | server | run | start] | shell | new-cert | show-cert\n\n"
|
||||||
exit 1
|
exit 1
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
@ -91,23 +86,26 @@ if [ "$doServer" -eq 1 ]; then
|
|||||||
# https pre-flight check
|
# https pre-flight check
|
||||||
if [ "$httpsEnabled" = "TRUE" ]; then
|
if [ "$httpsEnabled" = "TRUE" ]; then
|
||||||
printf "[SSL/TLS mode enabled]\n"
|
printf "[SSL/TLS mode enabled]\n"
|
||||||
if [ -n "$(find /certs/ -type d -empty -print)" ]; then
|
certStatus="$(certificateCheckExist)"
|
||||||
|
case "$certStatus" in
|
||||||
|
noexist)
|
||||||
printf "[Generating certificate]\n"
|
printf "[Generating certificate]\n"
|
||||||
# certs directory is empty --> auto-generate certificates
|
certificateGenerateNew
|
||||||
certificateGenerateNew 'noexit'
|
;;
|
||||||
else
|
noread_certificate)
|
||||||
# certs directory contains certificates --> check if they can read
|
printf "[Checking mounted certificate]"
|
||||||
printf "[Checking mounted certificate]\n"
|
|
||||||
if ! [ -r "/certs/fullchain.pem" ]; then
|
|
||||||
printf "\nERROR: SSL/TLS mode selected but unable to read certificate!\n\n"
|
printf "\nERROR: SSL/TLS mode selected but unable to read certificate!\n\n"
|
||||||
exit 51
|
exit 51
|
||||||
fi
|
;;
|
||||||
if ! [ -r "/certs/privkey.pem" ]; then
|
noread_key)
|
||||||
|
printf "[Checking mounted certificate]"
|
||||||
printf "\nERROR: SSL/TLS mode selected but unable to read private key!\n\n"
|
printf "\nERROR: SSL/TLS mode selected but unable to read private key!\n\n"
|
||||||
exit 52
|
exit 52
|
||||||
fi
|
;;
|
||||||
fi
|
ok)
|
||||||
printf "[Certificate OK]\n"
|
printf "[Certificate OK]\n"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
fi
|
fi
|
||||||
exec node livereload.js
|
exec node livereload.js
|
||||||
exit "$?"
|
exit "$?"
|
||||||
@ -127,14 +125,14 @@ if [ "$doShell" -eq 1 ]; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# action: generate new self-signed certificate
|
# action: generate new self-signed certificate
|
||||||
if [ "$doCertNew" -eq 1 ]; then certificateGenerateNew; fi
|
if [ "$doCertNew" -eq 1 ]; then
|
||||||
|
certificateGenerateNew
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
# action: show loaded certificate
|
# action: show loaded certificate
|
||||||
if [ "$doCertShow" -eq 1 ]; then certificateShow; fi
|
if [ "$doCertShow" -eq 1 ]; then certificateShow; fi
|
||||||
|
|
||||||
# action: export loaded certificate
|
|
||||||
if [ "$doCertExport" -eq 1 ]; then certificateExport; fi
|
|
||||||
|
|
||||||
# failsafe exit - terminate with code 99: this code should never be executed!
|
# failsafe exit - terminate with code 99: this code should never be executed!
|
||||||
exit 99
|
exit 99
|
||||||
|
|
||||||
@ -146,7 +144,6 @@ exit 99
|
|||||||
# 51: unable to read certificate/chain
|
# 51: unable to read certificate/chain
|
||||||
# 52: unable to read private key
|
# 52: unable to read private key
|
||||||
# 55: unable to generate new certificate
|
# 55: unable to generate new certificate
|
||||||
# 56: unable to export certificate, likely write error
|
|
||||||
# 99: code error
|
# 99: code error
|
||||||
|
|
||||||
#EOF
|
#EOF
|
||||||
|
Loading…
Reference in New Issue
Block a user