From a347a4ae65ec8e54fc15d012ad557de1035f4a12 Mon Sep 17 00:00:00 2001
From: Jamie Nguyen <j@jamielinux.com>
Date: Mon, 16 Jul 2018 11:25:08 +0100
Subject: Allow bind mounting in /cert.pem and /privkey.pem

---
 2.4/docker-entrypoint.sh | 42 ++++++++++++++++++++++--------------------
 README.md                |  9 ++++++++-
 2 files changed, 30 insertions(+), 21 deletions(-)

diff --git a/2.4/docker-entrypoint.sh b/2.4/docker-entrypoint.sh
index cff51eb..74da63b 100755
--- a/2.4/docker-entrypoint.sh
+++ b/2.4/docker-entrypoint.sh
@@ -74,25 +74,27 @@ if [ "x$ANONYMOUS_METHODS" != "x" ]; then
     fi
 fi
 
-case "${SSL_CERT:-none}" in
-    "selfsigned")
-        # Generate self-signed SSL certificate.
-        # If SERVER_NAMES is given, use the first domain as the Common Name.
-        if [ ! -e /privkey.pem ] || [ ! -e /cert.pem ]; then
-            apk add --no-cache openssl
-            openssl req -x509 -newkey rsa:2048 -days 1000 -nodes \
-                -keyout /privkey.pem -out /cert.pem -subj "/CN=${SERVER_NAME:-selfsigned}"
-            apk del --no-cache openssl
-        fi
-        # Enable SSL Apache modules.
-        for i in http2 ssl; do
-            sed -i -e "/^#LoadModule ${i}_module.*/s/^#//" "$HTTPD_PREFIX/conf/httpd.conf"
-        done
-        # Enable SSL vhost.
-        if [ -e /privkey.pem ] && [ -e /cert.pem ]; then
-            ln -s ../sites-available/default-ssl.conf "$HTTPD_PREFIX/conf/sites-enabled"; \
-        fi
-        ;;
-esac
+# If specified, generate a selfsigned certificate.
+if [ "${SSL_CERT:-none}" = "selfsigned" ]; then
+    # Generate self-signed SSL certificate.
+    # If SERVER_NAMES is given, use the first domain as the Common Name.
+    if [ ! -e /privkey.pem ] || [ ! -e /cert.pem ]; then
+        apk add --no-cache openssl
+        openssl req -x509 -newkey rsa:2048 -days 1000 -nodes \
+            -keyout /privkey.pem -out /cert.pem -subj "/CN=${SERVER_NAME:-selfsigned}"
+        apk del --no-cache openssl
+    fi
+fi
+
+# This will either be the self-signed certificate generated above or one that
+# has been bind mounted in by the user.
+if [ -e /privkey.pem ] && [ -e /cert.pem ]; then
+    # Enable SSL Apache modules.
+    for i in http2 ssl; do
+        sed -i -e "/^#LoadModule ${i}_module.*/s/^#//" "$HTTPD_PREFIX/conf/httpd.conf"
+    done
+    # Enable SSL vhost.
+    ln -s ../sites-available/default-ssl.conf "$HTTPD_PREFIX/conf/sites-enabled"; \
+fi
 
 exec "$@"
diff --git a/README.md b/README.md
index 9bab72f..52b9f59 100644
--- a/README.md
+++ b/README.md
@@ -6,6 +6,9 @@
 
 This image runs an easily configurable WebDAV server with Apache.
 
+You can configure the authentication type, the authentication of multiple
+users, or to run with a self-signed SSL certificate.
+
 * **Code repository:**
   https://github.com/BytemarkHosting/docker-webdav
 * **Where to file issues:**
@@ -19,7 +22,8 @@ This image runs an easily configurable WebDAV server with Apache.
 
 ### Basic WebDAV server
 
-This example starts a WebDAV server.
+This example starts a WebDAV server on port 80. It can only be accessed by
+a single username and password.
 
 When using unencrypted HTTP, use `Digest` authentication (instead of `Basic`)
 to avoid sending plaintext passwords in the clear.
@@ -67,6 +71,9 @@ docker run --restart always -v /srv/dav:/var/lib/dav \
 
 ```
 
+If you bind mount a certificate chain to `/cert.pem` and a private key to
+`/privkey.pem`, the container will use that instead!
+
 ### Authenticate multiple clients
 
 Specifying `USERNAME` and `PASSWORD` only supports a single user. If you want
-- 
cgit v1.2.1