mirror of
https://github.com/cloudflare/redoctober.git
synced 2025-12-23 06:15:45 +00:00
f0610dfd75
* make docker: build a docker image for redoctober * add a convenient entrypoint to generate certificates out of the box * add detection based on RO_CERTS and RO_KEYS instead of detection based on the presence of RO_DATA, add RO_CERTS and RO_KEYS which are paths to the ceritificates and keys so we can generate them more effectively. Signed-off-by: Daniel Dao <dqminh@cloudflare.com> * dockerfile: bump golang to 1.7.1
36 lines
1.1 KiB
Bash
Executable File
36 lines
1.1 KiB
Bash
Executable File
#!/bin/sh
|
|
set -e
|
|
|
|
# if we are not bind mounting in certs or the user has not already generated certs
|
|
# create self-signed certs
|
|
if [ ! -f $RO_CERTS ] || [ ! -f $RO_KEYS ]; then
|
|
mkdir -p $RO_DATA
|
|
chmod 700 $RO_DATA
|
|
chown -R redoctober:redoctober $RO_DATA
|
|
|
|
# Generate private key with password "$RO_CERTPASSWD"
|
|
openssl genrsa -aes128 -passout pass:$RO_CERTPASSWD -out $RO_KEYS 2048
|
|
# Remove password from private key
|
|
openssl rsa -passin pass:$RO_CERTPASSWD -in $RO_KEYS -out $RO_KEYS
|
|
# Generate CSR (make sure the common name CN field matches your server
|
|
# address. It's set to "RO_COMMONNAME" environment variable here.)
|
|
openssl req -new -key $RO_KEYS -out $RO_DATA/server.csr -subj "/C=US/ST=California/L=Everywhere/CN=${RO_COMMONNAME}"
|
|
# Sign the CSR and create certificate
|
|
openssl x509 -req -days 365 -in $RO_DATA/server.csr -signkey $RO_KEYS -out $RO_CERTS
|
|
|
|
# Clean up
|
|
rm $RO_DATA/server.csr
|
|
chmod 600 $RO_CERTS $RO_KEYS
|
|
chown -R redoctober $RO_CERTS $RO_KEYS
|
|
|
|
echo
|
|
echo "Generated default certificates for RedOctobeer at $RO_CERTS and $RO_KEYS"
|
|
echo
|
|
fi
|
|
|
|
if [ "$1" = 'redoctober' ]; then
|
|
exec chpst -u redoctober "$@"
|
|
fi
|
|
|
|
exec "$@"
|