From c606dea993bf2b4470d8ece44af0ef5f4191d13e Mon Sep 17 00:00:00 2001 From: Robin Whittleton Date: Wed, 10 Feb 2021 18:35:57 +0100 Subject: [PATCH] Fix key generation in Docker MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We were generating the key in the Dockerfile, but then mounting the host’s web directory, which “obscured” (to quote the Docker docs) the directory in the container. We can move key generation to the container entrypoint, but only call it if the key doesn’t already exist to save time on container teardown / restart. --- vms/docker/Dockerfile | 4 +--- vms/docker/start-server.sh | 4 ++++ 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/vms/docker/Dockerfile b/vms/docker/Dockerfile index 46801563..abd69ed3 100644 --- a/vms/docker/Dockerfile +++ b/vms/docker/Dockerfile @@ -4,11 +4,9 @@ RUN apt-get update RUN DEBIAN_FRONTEND=noninteractive apt-get install -y composer php-fpm php-cli php-gd php-xml php-apcu php-mbstring php-intl apache2 apache2-utils libfcgi0ldbl task-spooler RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* -RUN mkdir -p /standardebooks.org/web/config/ssl +RUN mkdir -p /standardebooks.org/web RUN mkdir /var/log/local -RUN openssl req -x509 -nodes -days 99999 -newkey rsa:4096 -subj "/CN=standardebooks.test" -keyout /standardebooks.org/web/config/ssl/standardebooks.test.key -sha256 -out /standardebooks.org/web/config/ssl/standardebooks.test.crt - RUN a2enmod headers expires ssl rewrite proxy proxy_fcgi # Disable opcaching for dynamic PHP reloading diff --git a/vms/docker/start-server.sh b/vms/docker/start-server.sh index 39855336..5392213b 100755 --- a/vms/docker/start-server.sh +++ b/vms/docker/start-server.sh @@ -1,5 +1,9 @@ #!/bin/sh +if [ ! -f /standardebooks.org/web/config/ssl/standardebooks.test.crt ]; then + openssl req -x509 -nodes -days 99999 -newkey rsa:4096 -subj "/CN=standardebooks.test" -keyout /standardebooks.org/web/config/ssl/standardebooks.test.key -sha256 -out /standardebooks.org/web/config/ssl/standardebooks.test.crt +fi + cd /standardebooks.org/web composer install