https-proxy/context/base/docker-entrypoint.d/20-certs.sh at f2fb3618d247cf25e8a751fc485cb30be42680c0 · reload/https-proxy · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
# shellcheck shell=sh

mkdir -p /cert /etc/nginx/include.d

CERT="/cert/${FIRST_VIRTUAL_HOST:-localhost}.crt"
CERT_KEY="/cert/${FIRST_VIRTUAL_HOST:-localhost}.key"
CA_CERT="/rootCA/rootCA.pem"
CA_KEY="/rootCA/rootCA-key.pem"

envsubst </etc/https-proxy/cert.cfg.template >/tmp/cert.cfg

for host in ${VIRTUAL_HOST:-localhost}; do
	echo "dns_name = $host" >>/tmp/cert.cfg
done

for ip_address in $(hostname -i); do
	echo "ip_address = $ip_address" >>/tmp/cert.cfg
done

certtool --generate-privkey --outfile "${CERT_KEY}"

if [ ! -r "${CA_CERT}" ] || [ ! -r "${CA_KEY}" ]; then
	certtool --generate-certificate --generate-self-signed --load-privkey "${CERT_KEY}" --template /tmp/cert.cfg --outfile "${CERT}"
else
	certtool --generate-request --load-privkey "${CERT_KEY}" --template /tmp/cert.cfg --outfile /tmp/request.pem
	certtool --generate-certificate --load-request /tmp/request.pem --load-ca-certificate "${CA_CERT}" --load-ca-privkey "${CA_KEY}" --template /tmp/cert.cfg --outfile "${CERT}"
fi

if [ -r "${CA_CERT}" ]; then
	cp "${CA_CERT}" /usr/local/share/ca-certificates/
	/usr/sbin/update-ca-certificates
fi

envsubst </etc/https-proxy/ssl.conf.template >/etc/nginx/include.d/ssl.conf