File tree Expand file tree Collapse file tree 13 files changed +43
-42
lines changed Expand file tree Collapse file tree 13 files changed +43
-42
lines changed Original file line number Diff line number Diff line change @@ -7,11 +7,13 @@ RUN apk update \
7
7
&& apk add --update bash openjdk11-jre-headless~11.0 openssl3 py3-jinja2 py3-yaml\
8
8
&& rm -rf /var/cache/apk/*
9
9
10
- RUN mkdir -p /opt/certs
10
+ RUN mkdir -p /opt/scripts
11
11
12
- ADD *.sh /opt/certs/
13
- ADD create_configs.py /opt/certs/
14
- ADD cert.template /opt/certs/
15
- WORKDIR /opt/certs
12
+ COPY *.sh /opt/scripts
13
+ COPY create_configs.py /opt/scripts
14
+ COPY cert.template /opt/scripts
16
15
17
- CMD ["/opt/certs/run.sh" ]
16
+ WORKDIR /opt/scripts
17
+ ENV CERTDIR=/mnt/certs
18
+
19
+ CMD ["/opt/scripts/run.sh" ]
Original file line number Diff line number Diff line change @@ -83,11 +83,11 @@ Description of the fields:
83
83
| CN_as_SAN | Add CN as SAN in addition (required by many clients/browsers) - true/false (default: true) |
84
84
85
85
* Pull the docker image (from docker hub) or build locally with ` ./build_docker_image.sh `
86
- * Run the docker image - you need to mount the ` hosts.txt ` to ` /opt/certs /hosts.txt ` and a destination directory where the configs and certificates will be placed to ` /opt /certs/current ` - e.g.:
86
+ * Run the docker image - you need to mount the ` hosts.txt ` to ` /mnt/config /hosts.txt ` and a destination directory where the configs and certificates will be placed to ` /mnt /certs ` - e.g.:
87
87
``` bash
88
88
docker run --rm \
89
- -v $( pwd) /hosts.txt:/opt/certs /hosts.txt \
90
- -v $( pwd) /certs:/opt /certs/current \
89
+ -v $( pwd) /hosts.txt:/mnt/config /hosts.txt \
90
+ -v $( pwd) /certs:/mnt /certs \
91
91
schmitzi/openssl-alpine-j11:1.0.0
92
92
```
93
93
* The following optional parameters can be provided as environment variables using ` -e ` :
Original file line number Diff line number Diff line change 1
1
#! /usr/bin/env bash
2
2
3
- docker build ./scripts -t schmitzi/openssl-alpine-j11:1.2 .0 -f Dockerfile
3
+ docker build ./scripts -t schmitzi/openssl-alpine-j11:1.3 .0 -f Dockerfile
Original file line number Diff line number Diff line change 2
2
3
3
docker run --rm \
4
4
-e PASSWD=changeIt -e DAYS=389 -e DAYS_CA=3650 \
5
- -v $( pwd) /hosts.yml:/opt/certs /hosts.txt \
6
- -v $( pwd) /certs:/opt /certs/current \
7
- schmitzi/openssl-alpine-j11:1.2 .0
5
+ -v $( pwd) /hosts.yml:/mnt/config /hosts.txt \
6
+ -v $( pwd) /certs:/mnt /certs \
7
+ schmitzi/openssl-alpine-j11:1.3 .0
Original file line number Diff line number Diff line change 2
2
3
3
docker run --rm \
4
4
-e PREPARE_CSR_ONLY=yes \
5
- -v $( pwd) /hosts.yml:/opt/certs /hosts.txt \
6
- -v $( pwd) /certs:/opt /certs/current \
7
- schmitzi/openssl-alpine-j11:1.2 .0
5
+ -v $( pwd) /hosts.yml:/mnt/config /hosts.txt \
6
+ -v $( pwd) /certs:/mnt /certs \
7
+ schmitzi/openssl-alpine-j11:1.3 .0
Original file line number Diff line number Diff line change 2
2
3
3
docker run --rm \
4
4
-e CA_KEYPASSWD=xyz123 -e PASSWD=changeIt -e DAYS=389 -e DAYS_CA=3650 \
5
- -v $( pwd) /hosts.yml:/opt/certs /hosts.txt \
6
- -v $( pwd) /certs:/opt /certs/current \
7
- schmitzi/openssl-alpine-j11:1.2 .0
5
+ -v $( pwd) /hosts.yml:/mnt/config /hosts.txt \
6
+ -v $( pwd) /certs:/mnt /certs \
7
+ schmitzi/openssl-alpine-j11:1.3 .0
Original file line number Diff line number Diff line change 2
2
3
3
docker run --rm \
4
4
-e PASSWD=changeIt -e DAYS=389 -e DAYS_CA=3650 \
5
- -v $( pwd) /hosts.json:/opt/certs /hosts.txt \
6
- -v $( pwd) /certs:/opt /certs/current \
7
- schmitzi/openssl-alpine-j11:1.2 .0
5
+ -v $( pwd) /hosts.json:/mnt/config /hosts.txt \
6
+ -v $( pwd) /certs:/mnt /certs \
7
+ schmitzi/openssl-alpine-j11:1.3 .0
Original file line number Diff line number Diff line change 2
2
3
3
docker run --rm \
4
4
-e PASSWD=changeIt -e DAYS=389 -e DAYS_CA=3650 \
5
- -v $( pwd) /hosts.yml:/opt/certs /hosts.txt \
6
- -v $( pwd) /certs:/opt /certs/current \
7
- schmitzi/openssl-alpine-j11:1.2 .0
5
+ -v $( pwd) /hosts.yml:/mnt/config /hosts.txt \
6
+ -v $( pwd) /certs:/mnt /certs \
7
+ schmitzi/openssl-alpine-j11:1.3 .0
Original file line number Diff line number Diff line change 1
1
#! /usr/bin/env bash
2
2
3
3
# Check if the provided CA Key is "encrypted" - using the first line of the ca-root.key file
4
- first_line=$( head -n 1 /opt /certs/current /ca-root.key)
4
+ first_line=$( head -n 1 /mnt /certs/ca-root.key)
5
5
6
6
# Check if the first line contains "ENCRYPTED"
7
7
if [[ " $first_line " == * " ENCRYPTED" * ]]; then
@@ -12,14 +12,14 @@ if [[ "$first_line" == *"ENCRYPTED"* ]]; then
12
12
fi
13
13
14
14
# Capture the modulus of the public certificate
15
- public_modulus=$( openssl x509 -modulus -noout -in /opt /certs/current /ca-root.crt 2> /dev/null | openssl md5)
15
+ public_modulus=$( openssl x509 -modulus -noout -in /mnt /certs/ca-root.crt 2> /dev/null | openssl md5)
16
16
17
17
if [[ -z " $CA_KEYPASSWD " ]]; then
18
18
# Capture the modulus of the private key
19
- private_modulus=$( openssl rsa -modulus -noout -in /opt /certs/current /ca-root.key 2> /dev/null | openssl md5)
19
+ private_modulus=$( openssl rsa -modulus -noout -in /mnt /certs/ca-root.key 2> /dev/null | openssl md5)
20
20
else
21
21
# Capture the modulus of the private key (with password)
22
- private_modulus=$( openssl rsa -modulus -noout -in /opt /certs/current /ca-root.key -passin pass:$CA_KEYPASSWD 2> /dev/null | openssl md5)
22
+ private_modulus=$( openssl rsa -modulus -noout -in /mnt /certs/ca-root.key -passin pass:$CA_KEYPASSWD 2> /dev/null | openssl md5)
23
23
fi
24
24
25
25
# Compare the two modulis
@@ -28,4 +28,4 @@ if [ "$public_modulus" != "$private_modulus" ]; then
28
28
exit 1
29
29
fi
30
30
31
- cat current/ ca-root.crt > current /ca-root.pem
31
+ cat /mnt/certs/ ca-root.crt > /mnt/certs /ca-root.pem
Original file line number Diff line number Diff line change 3
3
import yaml
4
4
5
5
# Read hosts input and extract global settings
6
- with open ('. /hosts.txt' ) as input_file :
6
+ with open ('/mnt/config /hosts.txt' ) as input_file :
7
7
hosts = yaml .load (input_file , Loader = yaml .FullLoader )
8
8
globals = hosts ['global' ] if 'global' in hosts else {}
9
9
18
18
19
19
output_filename = host ['fileName' ]+ '.cnf' if 'fileName' in host else host ['CN' ]+ '.cnf'
20
20
21
- with open ('./current /' + output_filename , "w" ) as out_file :
21
+ with open ('/mnt/certs /' + output_filename , "w" ) as out_file :
22
22
out_file .write (outputCertConfig )
You can’t perform that action at this time.
0 commit comments