Allow bind mounting in /cert.pem and /privkey.pem

6 years ago · a347a4ae65
parent 213fa1f8a3
commit a347a4ae65
2 changed files with 30 additions and 21 deletions
--- a/2.4/docker-entrypoint.sh
+++ b/2.4/docker-entrypoint.sh
@ -74,25 +74,27 @@ if [ "x$ANONYMOUS_METHODS" != "x" ]; then
    fi
 fi

-case "${SSL_CERT:-none}" in
-    "selfsigned")
-        # Generate self-signed SSL certificate.
-        # If SERVER_NAMES is given, use the first domain as the Common Name.
-        if [ ! -e /privkey.pem ] || [ ! -e /cert.pem ]; then
-            apk add --no-cache openssl
-            openssl req -x509 -newkey rsa:2048 -days 1000 -nodes \
-                -keyout /privkey.pem -out /cert.pem -subj "/CN=${SERVER_NAME:-selfsigned}"
-            apk del --no-cache openssl
-        fi
-        # Enable SSL Apache modules.
-        for i in http2 ssl; do
-            sed -i -e "/^#LoadModule ${i}_module.*/s/^#//" "$HTTPD_PREFIX/conf/httpd.conf"
-        done
-        # Enable SSL vhost.
-        if [ -e /privkey.pem ] && [ -e /cert.pem ]; then
-            ln -s ../sites-available/default-ssl.conf "$HTTPD_PREFIX/conf/sites-enabled"; \
-        fi
-        ;;
-esac
+# If specified, generate a selfsigned certificate.
+if [ "${SSL_CERT:-none}" = "selfsigned" ]; then
+    # Generate self-signed SSL certificate.
+    # If SERVER_NAMES is given, use the first domain as the Common Name.
+    if [ ! -e /privkey.pem ] || [ ! -e /cert.pem ]; then
+        apk add --no-cache openssl
+        openssl req -x509 -newkey rsa:2048 -days 1000 -nodes \
+            -keyout /privkey.pem -out /cert.pem -subj "/CN=${SERVER_NAME:-selfsigned}"
+        apk del --no-cache openssl
+    fi
+fi
+
+# This will either be the self-signed certificate generated above or one that
+# has been bind mounted in by the user.
+if [ -e /privkey.pem ] && [ -e /cert.pem ]; then
+    # Enable SSL Apache modules.
+    for i in http2 ssl; do
+        sed -i -e "/^#LoadModule ${i}_module.*/s/^#//" "$HTTPD_PREFIX/conf/httpd.conf"
+    done
+    # Enable SSL vhost.
+    ln -s ../sites-available/default-ssl.conf "$HTTPD_PREFIX/conf/sites-enabled"; \
+fi

 exec "$@"
--- a/README.md
+++ b/README.md
@ -6,6 +6,9 @@

 This image runs an easily configurable WebDAV server with Apache.

+You can configure the authentication type, the authentication of multiple
+users, or to run with a self-signed SSL certificate.
+
 * **Code repository:**
  https://github.com/BytemarkHosting/docker-webdav
 * **Where to file issues:**
@ -19,7 +22,8 @@ This image runs an easily configurable WebDAV server with Apache.

 ### Basic WebDAV server

-This example starts a WebDAV server.
+This example starts a WebDAV server on port 80. It can only be accessed by
+a single username and password.

 When using unencrypted HTTP, use `Digest` authentication (instead of `Basic`)
 to avoid sending plaintext passwords in the clear.
@ -67,6 +71,9 @@ docker run --restart always -v /srv/dav:/var/lib/dav \

 ```

+If you bind mount a certificate chain to `/cert.pem` and a private key to
+`/privkey.pem`, the container will use that instead!
+
 ### Authenticate multiple clients

 Specifying `USERNAME` and `PASSWORD` only supports a single user. If you want