summaryrefslogtreecommitdiffstats
path: root/2.4/docker-entrypoint.sh
diff options
context:
space:
mode:
authorJamie Nguyen <j@jamielinux.com>2018-07-16 11:25:08 +0100
committerJamie Nguyen <j@jamielinux.com>2018-07-16 11:25:08 +0100
commita347a4ae65ec8e54fc15d012ad557de1035f4a12 (patch)
tree715b8459aba01b51160beedc18d0a580fa68a0e6 /2.4/docker-entrypoint.sh
parent213fa1f8a37fb59163ab1bde931b2294d045363e (diff)
downloadapache-a347a4ae65ec8e54fc15d012ad557de1035f4a12.tar.gz
apache-a347a4ae65ec8e54fc15d012ad557de1035f4a12.tar.bz2
apache-a347a4ae65ec8e54fc15d012ad557de1035f4a12.tar.xz
apache-a347a4ae65ec8e54fc15d012ad557de1035f4a12.zip
Allow bind mounting in /cert.pem and /privkey.pem
Diffstat (limited to '2.4/docker-entrypoint.sh')
-rwxr-xr-x2.4/docker-entrypoint.sh42
1 files changed, 22 insertions, 20 deletions
diff --git a/2.4/docker-entrypoint.sh b/2.4/docker-entrypoint.sh
index cff51eb..74da63b 100755
--- a/2.4/docker-entrypoint.sh
+++ b/2.4/docker-entrypoint.sh
@@ -74,25 +74,27 @@ if [ "x$ANONYMOUS_METHODS" != "x" ]; then
fi
fi
-case "${SSL_CERT:-none}" in
- "selfsigned")
- # Generate self-signed SSL certificate.
- # If SERVER_NAMES is given, use the first domain as the Common Name.
- if [ ! -e /privkey.pem ] || [ ! -e /cert.pem ]; then
- apk add --no-cache openssl
- openssl req -x509 -newkey rsa:2048 -days 1000 -nodes \
- -keyout /privkey.pem -out /cert.pem -subj "/CN=${SERVER_NAME:-selfsigned}"
- apk del --no-cache openssl
- fi
- # Enable SSL Apache modules.
- for i in http2 ssl; do
- sed -i -e "/^#LoadModule ${i}_module.*/s/^#//" "$HTTPD_PREFIX/conf/httpd.conf"
- done
- # Enable SSL vhost.
- if [ -e /privkey.pem ] && [ -e /cert.pem ]; then
- ln -s ../sites-available/default-ssl.conf "$HTTPD_PREFIX/conf/sites-enabled"; \
- fi
- ;;
-esac
+# If specified, generate a selfsigned certificate.
+if [ "${SSL_CERT:-none}" = "selfsigned" ]; then
+ # Generate self-signed SSL certificate.
+ # If SERVER_NAMES is given, use the first domain as the Common Name.
+ if [ ! -e /privkey.pem ] || [ ! -e /cert.pem ]; then
+ apk add --no-cache openssl
+ openssl req -x509 -newkey rsa:2048 -days 1000 -nodes \
+ -keyout /privkey.pem -out /cert.pem -subj "/CN=${SERVER_NAME:-selfsigned}"
+ apk del --no-cache openssl
+ fi
+fi
+
+# This will either be the self-signed certificate generated above or one that
+# has been bind mounted in by the user.
+if [ -e /privkey.pem ] && [ -e /cert.pem ]; then
+ # Enable SSL Apache modules.
+ for i in http2 ssl; do
+ sed -i -e "/^#LoadModule ${i}_module.*/s/^#//" "$HTTPD_PREFIX/conf/httpd.conf"
+ done
+ # Enable SSL vhost.
+ ln -s ../sites-available/default-ssl.conf "$HTTPD_PREFIX/conf/sites-enabled"; \
+fi
exec "$@"